Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
X-XSS-Protection
ETag
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Cache-Status
X-Check
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-CDN
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Report-To
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
X-Age
X-UA-Device
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Server
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
Grace
X-Rq
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
X-Nginx-Cache-Status
NEL
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Ua-Compatible
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pingback
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Accept-CH
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Dns-Prefetch-Control
Request-Id
X-Response-Time
X-HW
X-Application-Context
Xkey
Content-Location
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-B3-TraceId
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Country
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Cache-Lookup
X-Trace
X-Url
Allow
X-Content-Type
X-Ac
X-PC
X-Vname
X-TtlSet
X-Aws-Lambda-Call-Status
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
X-Server-Name
Fastly-Restarts
X-ESI
X-Mod-Pagespeed
Cache-Tag
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-FastCGI-Cache
Verso
MS-Author-Via
X-Element-Page-Cache
X-Upstream
X-Vcap-Request-Id
X-Amz-Rid
X-MS-InvokeApp
Public-Key-Pins
X-GitHub-Request-Id
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-Abt-Application-Version
X-Cache-TTL
X-D2id
RTSS
X-Cnection
X-Px
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Navigation-Version
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-Country-Code
X-NF-Request-ID
X-Goog-Hash
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-TTL
AR-Request-ID
Display
X-Sol
AR-PoweredBy
AR-SID
X-Middleton-Display
AR-CACHE
AR-ATIME
Pagespeed
X-Powered-CMS
X-Version
X-Origin-Cache
X-Middleton-Response
Response
X-LLID
X-MSEdge-Ref
X-CST
Nginx-Cache
TCN
X-Edge-Location-Klb
X-RateLimit-Remaining
X-Kinsta-Cache
X-Amz-Server-Side-Encryption
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Edge
X-Protected-By
X-SRCache-Store-Status
X-T
X-SRCache-Fetch-Status
X-HP-Trace-Id
X-Jurisdiction
X-Forwarded-For
X-HP-Webp
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-Mg-S
X-Id
X-Aspnetmvc-Version
X-Language
Edge-Cache-Tag
S
Content-MD5
SPIisLatency
X-Ruxit-Js-Agent
SPRequestDuration
Front-End-Https
Fastcgi-Cache
X-Mid
Realpath
X-Request-Received
Server-Node
X-Request-Processing-Time
Pinterest-Version
X-Pinterest-Rid
Filters
Pinterest-Generated-By
X-Recruiting
X-Frontend
Server-Name
X-Cache-Key
X-Ab
X-Content
X-Ua-Browser
X-Ser
X-Correlation-Id
X-MCACHE
X-NWS-LOG-UUID
X-Template
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-DynaTrace
X-Yandex-Sdch-Disable
X-Ezoic-Cdn
X-SharePointHealthScore
X-Hits
SPRequestGuid
X-ECACHE
X-Parallel-Accel
X-Ttl
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
MicrosoftSharePointTeamServices
X-Tt-Trace-Host
X-Tt-Trace-Tag
Cache-Tags
X-Page-Id
Charset
Host
Cleartype
X-Git-Hash
X-B3-Sampled
X-Www-Served-By
X-Daa-Tunnel
X-Debug-Info
X-Geo-Country
Alternate-Protocol
X-Content-Options
X-DIS-Request-ID
Accept-Ch
X-Ratelimit-Limit
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Deployment-Id
X-Content-Digest
X-Amzn-Trace-Id
X-Hostname
Cross-Origin-Opener-Policy
Filterid
X-Amz-Replication-Status
X-Varnish-Age
X-Az
X-AppVersion
X-Grace
X-DataDome
X-Activity-Id
ServerID
X-F-Cache
X-FB-Debug
X-Upgrade-Enabled
X-N
X-Accel-Expires
X-Nginx-Upstream-Cache-Status
X-WebKit-CSP-Report-Only
X-VCache
X-Rid
X-Fastly-Request-Id
X-Forwarded-Proto
X-Mobile-URL
X-Request-Guid
X-Aspnet-Duration-Ms
X-Route-Name
X-Flags
X-Providence-Cookie
X-Origin-Server
X-Is-Crawler
X-Server-ID
X-Type
X-LB-Cache
Access-Control-Allow-Method
X-TT
X-Seen-By
X-Whom
X-Tb
Payment
X-Varnish-Grace
X-App-Environment
Viewport
X-FW-Type
X-FW-Dynamic
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-FW-Hash
X-Goog-Generation
X-FW-Static
X-FW-Server
X-FW-Serve
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-User-Agent
Node
Fastcgi-Useragent
X-Distributor
Paypal-Debug-Id
X-Ratelimit-Reset
DC
X-Wix-Request-Id
TP-L2-Cache
Accept-Charset
TP-Cache
X-XRDS-LOCATION
X-Fastly-Request-ID
Country
X-App-Server
X-Litespeed-Cache
X-Cache-Rule
X-Webkit-Csp
X-Tec-Api-Origin
X-Cache-Control
X-Tec-Api-Version
X-Tec-Api-Root
X-Via-JSL
X-NGENIX-Cache
X-Fastcgi-Cache
X-Cluster-Name
X-Drupal-Cache-Tags
Version
X-Microsite
X-Contextid
X-Cache-Age
X-Buckets
X-Request-Handler-Origin-Region
X-Signature
X-B-Cache
Referer-Policy
X-Origin-Upstream-Status
Amp-Access-Control-Allow-Source-Origin
Cache-Status
X-Logged-In
X-Node-Name
Refresh
X-Oracle-Dms-Ecid
X-Erf-Bev-Bev-Is-Generated
X-Oracle-Dms-Rid
X-Erf-Bev-Bev
X-Response-Served-From
X-Browser-Type
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
SD-X-WS
X-Mobile
X-Load-Cache
X-Cache-Expired-At
X-Is-Bot
X-Rendered-As
X-Vgn-Hpd-Reason
X-IPLB-Instance
X-Real-IP
X-Page-View
X-RemovedCookies
X-Cacheable-TTL
X-B
X-ProcessESI
X-Jobs
Access-Control-Request-Headers
X-Proxy-Cache-Status
X-Revision
NGB
X-Proxy
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Action
X-Debug
X-Device-Type
X-Rule
X-Instance
X-Varnish-Backend
X-UUID
X-Drupal-Cache-Contexts
Surrogate-Key
X-Framework
X-G
Akamai-GRN
X-FW-Version
X-Debug-IsConnected
X-Cache-Time
X-Debug-IsPreview
CF-IPCountry
X-Accel-Buffering
SID
X-Presslabs-Stats
GEO-INFO
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Ua-Device
X-Cache-NGX
X-Oneagent-Js-Injection
Count-Hit
Uber-Trace-Id
X-APP-VERSION
X-Cache-Operation
X-Azure-Ref
X-Source
X-Nginx-Cache
DynaTrace
X-Ms-Request-Id
X-Zen-Fury
X-Ms-Version
X-XRDS-Location
X-EdgeConnect-Cache-Status
Protected
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Liferay-Portal
X-TEC-API-ROOT
X-PressLabs-Stats
Frame-Options
WPO-Cache-Status
X-RTag
WPO-Cache-Message
X-Trace-Id
MS-CV
X-CDN-Forward
Ms-Operation-Id
X-Cache-Hit
Healthy
X-Servername
X-Backend-Name
Ec-Rule-Version
Countrycode
X-Hyper-Cache
X-RateLimit-Limit
X-Cache-TTL-Remaining
X-IPS-LoggedIn
X-Tumblr-User
X-L-Path
Cross-Origin-Window-Policy
Xserver
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Environment-Context
X-Tumblr-Pixel
X-Ratelimit-Remaining
X-Adobe-Content
Backend
X-Mode
X-Varnish-Server
Content-Disposition
X-Adobe-Loc
X-Content-Age
X-JoinUs
X-UPSTREAM-Address
LB
X-Tid
Meta-Geo
X-Detected-As
X-SaId
X-RN-RSRV
X-Rewrite-Enabled
X-Generation-Time
X-Cache-Server
X-Format
X-Alternate-Cache-Key
Decoy-Debug-Status
Apigw-Requestid
X-Cache-Grace
X-Redis-Cache
Country-Code
Decoy-Debug-Key
Eomportal-Instance
Decoy-Debug-TTL
X-Hosted-By
X-Region
X-Uri
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Sql-Count
X-Shopify-Stage
X-Sql-Duration-Ms
X-ShopId
X-ShardId
X-Access
X-Microcachable
X-ServerID
X-Extlb
CDN-Cache
Cache-Name
X-NCache
X-No-Session
X-Debug-Cache
X-PCL
Url
X-TIME
X-OCL
CDN-CachedAt
CDN-PullZone
Fastly-SSL
X-Via-Fastly
X-Varnish-Beresp-Grace
Mn-Server-Ip
X-UA-Device-Type
X-Zipkin-Id
X-Human
CDN-RequestCountryCode
X-Forwarded-Host
CDN-RequestId
X-PERF
CDN-Uid
CDN-EdgeStorageId
X-Origin-Date
X-Routing-Service
X-ApacheServer
X-FB-TRIP-ID
X-Status
X-PHP-Backend
X-Site-Version
X-Section
X-Proxied
TWC-Connection-Speed
X-Cache-Type
X-Akamai-Edgescape
Property-Id
X-NYM-Debug-Backend
X-BYPASS-REASON
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
Cache-Tv-Group
TWC-GeoIP-LatLong
X-Cache-Host
X-Server-W
X-Say-Cacheable
X-Web-Node
X-Storage
X-Timing-Wait
X-Say-TTL
X-Proxy-Build
X-Content-Powered-By
X-Generated-By
X-Origin-Hint
Selected-Fe
X-ProxyCache-Status
X-ProxyCache-Key
X-SayCDN-TTL
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
Webcakes-Region
X-Pubstack
X-Cluster-Node
X-Be
X-Hl-Ver
X-R9-Blue-Green-Version
X-Varnishpool
X-Soup
Section-Io-Cache
Retry-After
Azure-InstanceId
Azure-SiteName
Content-Secure-Policy
Azure-RegionName
X-LSADC-Cache
X-Nginx-Cache-Key
Azure-Version
Azure-SlotName
X-NewRelic-App-Data
X-Ua
X-Webkit-CSP
X-Unique-Id
DB-Nickname
X-Cache-Remote
X-Cached-By
OT-Force-Account-Verify
X-Dc
X-Platform-Server
X-Bc-Bl
X-Azure-Ref-OriginShield
Cache
X-Xfnlog-Site
X-Auto-Login
Source
X-Akamai-Transformed
X-Cache-Tags
X-GEO
X-TT-LOGID
Upgrade-Insecure-Requests
ServedBy
X-Cdn
X-LAGOON
From-Origin
SRV
X-Origin-CC
X-Varnish-Cache-Hits
X-Origin-TTL
X-Request-Time
X-AOL-HN
Xet-Cookie
Mime-Version
Cache-Hits
X-Varnish-Hits
X-Varnish-Hostname
HostName
X-HTML-Minification-Powered-By
X-Request-Host
X-NWS-UUID-VERIFY
X-EC-Lua
X-SRV
X-S-Maxage
WP-Super-Cache
X-TNCMS
Onion-Location
X-Loop
Webserver
X-CSRF-Token
X-FireWall-Port
X-ECache
X-Tumblr-Pixel-2
X-Handled-By
X-Tumblr-Pixel-3
Web-Mar-Node
X-Cache-Enabled
X-Xrds-Location
X-Proto
X-B3-SpanId
X-Endurance-Cache-Level
X-App-Version
X-Time
X-Akamai-Request-ID2
X-Http-Reason
Nel
S-Rt
X-Correlation-ID
X-Adobe-Source
X-Tenant
X-RCS-CacheZone
X-Origin-Response-Time
X-Reqid
N-Cache
X-PAYTM-SRV-ID
X-Orig-Expires
X-B-Cookie
DCR-Decision-By
X-Hnp-Log
BehaviorPad-Version
X-Ig-Push-State
X-ND-Cache
X-GG-Cache-Date
A
X-External-Request-Id
User-Cache-Control
V-Age
Vix-Hermes-Req-Id
X-Block-Status
X-Cache-NE
X-CF-Lambda-Fn
Sslversion
Surrogated-Key
X-CF-Lambda-Version
X-A
X-A-Ccd
X-Backend-TTL
X-Application
X-ARC
X-Aed
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Ckpd-Fst-Backend
X-Cluster
X-PBS-Appsvrname
X-Epic-Correlation-Id
X-Developer
X-Forwarded-Path
X-Ftr-Request-Id
X-Gen-Mode
Expiry
Fastcgi-X-Cache-Version
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
X-Connection-Hash
X-Conf
Redirect-Candidate
X-D
X-Destination
Odigeo-Trace-Id
Pramga
DCR-Processing-Time-Ms
X-NAPM-TraceId
X-VG-WebCache
X-Vdms-Version
X-Vdms-Path
X-S-Cookie
X-S
X-Vtex-Processado-Em
X-Rojux
X-V-Cache
X-ScT
X-SRCache-Key
X-Slack-Backend
X-Amz-Meta-S3cmd-Attrs
X-Shop-Environment
X-Session-Fingerprint
X-SD-PageType
X-TIM-N
X-Vtex-Remote-Cache
X-VWS-Id
X-AWS-Id
X-Planisys-CDN-Rules
X-Processor
X-Planisys-CDN-TTL
X-LJ-Flow-ID
Xc-Version
X-Planisys-CDN-Cache
X-Magnolia-Registration
Server-Info
X-MP-GENERATED-AT
X-Time-Microsecs
X-Edge-Location
X-Device-Os
X-Sucuri-ID
X-Geo-Header
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
DSUID
X-Accel-Expires-Debug
Host-ID
X-Forwarded-Site
Gh-Request-Id
X-Aicache-OS
X-Fetched-On
X-Date
X-Fastly-Cache
Fastcgi-Cache-TTL
X-Sucuri-Cache
Origin-CC
Svr
X-Viewer-Country
X-Webstats-RespID
X-VServer
X-Cdn-Srv
Traceparent
X-Cache-Info
X-Cache-Date
State
X-Cache-Bucket
Origin-EX
True-Client-Country-4JS
X-Fastly-Backend
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-VG-TLSProxy
Origin
X-Gdpr
X-Locale
X-Proxy-Upstream
X-Nyt-Route
X-Old-Content-Length
X-Policy
X-Origin
AKAMAI
X-Men
X-Scheme
X-NodeID
X-Mg-Request-UUID
X-Location
X-Rocket-Nginx-Serving-Static
X-LI-UUID
X-Li-Pop
X-Request-URI
X-Mvc-Supplant-Cachable
X-Li-Fabric
Apple-News-Services-Handled
X-Server-IP
CacheControlHeader
X-Origin-Expires
CDCHOST
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Arc-Country
X-Origin-Time
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
CloudFront-Viewer-Country
X-Via-NSCOPI
Environment
X-BBC-Edge-Cache-Status
X-Platform
X-Restarts
X-Owner
X-Backend-State
X-Sn-Servicetimems
X-Cache-Id
X-Region-Sid
X-Cdn-Origin
X-Branch-Name
X-RateLimit-Limit-Second
X-Is-Gdpr
X-JWT-State
X-FC-Vary-Parameters
X-Has-Esi
X-Cache-Debug
X-Node-Id
X-RateLimit-Remaining-Second
X-Req
X-Core-Mission
X-Eu-Site
X-Storefront-Renderer-Rendered
X-Hash
X-Envoy-Decorator-Operation
X-Developers
X-TH-Server
X-HN
X-Gzip
X-Gamma-Serve
X-GeoIP-City
X-GeoIP
X-Generated-On
X-Skip-Cache
X-PHP-Host
X-Sigma
X-Thinkindot-L3
X-HS-Content-Campaign-Id
X-VarnishDD-TTL
X-Csrf-Jwt
X-Core-Value
X-Sigma-Backend
X-CGP
X-Level-Front-Cache
X-Varnish-Beresp-Status
X-Labrador-Cache-Channel
X-Served-From
X-Datadog-Trace-Id
X-Irp-Debug
X-Datadog-Sampling-Priority
X-TrackingId
X-Datadog-Parent-Id
X-Rocket-Build-Number
X-Esi-Check
Magicmarker
TDXMobile
Thinkindot-CacheControl
Machine
Thinkindot-CacheControl-Type
Ssr
X-Amz-Apigw-Id
X-Varnish-Beresp-Ttl
Req-Svc-Chain
Mail-Subject
Cmstype
Server-Host
Release
Thinkindot-Control
Ha-Gx-Prefs
HA-Ipaddr
Fastly-Drupal-Html
Fastly-GeoIP-CountryCode
X-ATG-Version
Cmsid
Locid
Web-Mar-Region
L
L5d-Success-Class
PFcat
X-Amzn-RequestId
We-Hiring
X-UnsetCookies
Adler-Geo
X-Pod-Name
X-Tx-Id
Cf-Device-Type
X-Zone
X-DefHash
X-Cache-Var
X-Response-By
X-Rebelmouse-Surrogate-Control
X-Variation
X-Varnish-CookieHashed-On
X-Worker
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Rebelmouse-Cache-Control
X-Qloud-Router
Platform
Kp-EeAlive
Is-Eu
X-DefElseHash
X-DPWN-IS-SECURE
X-NU-AKA-ACS-Version
X-Loc
Fastly-SIE
Fastly-SWR
X-Cache-Var-Map
X-Amzn-Remapped-Content-Length
Memcached
NM-Fastcgi-Cache
X-TraceId
Accept-Language
X-Mvc-Supplant-OutputCached
X-VC-Cache
X-RSL
X-Wix-Viewer-Type
X-NC
NGX
X-RPS
Edge-Cache
AMP-Access-Control-Allow-Source-Origin
X-Cache-Backend
X-DB
X-DW
X-DSS
X-Action
X-RPM
X-DI
X-CS
CDN
X-Request-Start
X-Up
X-Srv
Ms-Author-Via
X-Bip
X-LB-NoCache
X-Optimistic-Header
Pics-Label
X-Generated-In
X-Thanos
X-Trace-ID
X-CacheTTL
X-Minions-Version
X-LB-ID
X-Qnm-Cache
X-M-Log
X-M-Reqid
X-Tb-Optimization-Total-Bytes-Saved
X-Urbn-Context-Path
Env
Time
Locale
X-Urbn-Site-Id
X-API-Version
X-Tt-Logid
Memory
X-Refresh
X-Varnish-Ttl
X-Cache-Config
WebServer
X-Edge-Pop
X-Via-Poph
X-Via-Popn
GeoIp-Country-Code
X-Via-Popv
Datacenter
X-TA-CDN-Provider
X-Ec-Fail
X-DC
X-CACHE-KEY
X-Ec-GeoHdr
X-HA-Backend
X-User
X-DynaTrace-JS-Agent
X-Parent-Response-Time
Server-ID
Candidate-Md5Url
X-Servedbyhost
X-Esi
NtCoent-Length
X-Vc
X-Dynatrace
X-MSEdge-Flight
X-ZONE
X-MSEdge-Features
X-CLOUD-TRACE-CONTEXT
X-Cs
Cdncip
On-Server
Cdnsip
X-AK-Request-ID
WWW-Authenticate
X-TX-ID
X-Datadome
X-VCL-Version
My-App
Geoip-Latitude
X-Clara-WADP
X-Varnish-Beresp-TTL
Cluster
X-WADP-Cache
X-Fmm-Version
Esi-Enabled
X-App
X-Fpc
Tracecode
X-CUA
X-LI-Proto
X-Var-Ttl
X-Cache-Ttl
X-Pass-Why
X-URL
X-Unique-ID
X-Webkit-Csp-Report-Only
X-From
T-Server
X-Li-Proto
X-Service
C-Via
Lfy
X-Cache-PHP
X-Traceid
DataCenter
X-Fragments
X-B3-Spanid
X-FPC
Lang
X-Newrelic-Synthetics
Fastly-Drupal-HTML
X-NODE
Cf-Int-Pingora-Origin-Digest
X-Webkit-CSP-Report-Only
Test
Geo-Info
Target-Params
X-Vcl-Version
X-VC
X-Mcache
M-TraceId
X-Cache-Status-Check
X-WP-CF-Super-Cache
Proxy-Connection
Resin-Trace
X-WP-CF-Super-Cache-Cache-Control
X-Render-Time
X-CSRF-TOKEN
X-Provided-By
X-LiteSpeed-Cache-Control
X-RAMCache
X-Api-Version
Server-Id
X-Ha-Backend
Hostname
Permissions-Policy
X-COUNTRY
X-ID
MIME-Version
GeoIP-Country-Code
X-Clientip
X-Httpd
X-Proxy-Cache-Info
X-Via-PopH
X-ServedByHost
X-Via-PopN
Hit
Servername
WZWS-RAY
X-NGINX-Cache
X-Via-PopV
X-Geo
X-Dynatrace-Js-Agent
X-SB
Producers
FSS-Cache
X-Edge-POP
X-Pad
X-Cdn-Forward
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Storage-Class
X-Edge-Cache
X-LiteSpeed-Tag
X-Oss-Server-Time
X-Udemy-Cache-App-Namespace
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Pool
Cache-Host
ENV
X-Fastly-Backend-Reqs
HIT
UCS
Section-Origin-Responded
X-Scale
Section-Io-Origin-Time-Seconds
X-Info
Section-Io-Id
X-Ucs
X-Ec-Custom-Error
Section-Io-Origin-Status
S-Cnection
X-ElasticPress-Query
X-AIR-PT
X-Check-Cacheable
X-HS-Status
X-Cache-CFC
X-Acquia-Application-Trace
ServerName
X-Acquia-Purge-Tags
Uri
X-Acquia-Application-UUID
PICS-Label
X-Lb-Id
X-Lb-Nocache
X-UP
Server-Ext
MD5-Digest
Server-Hostname
X-Cache-Expires
Sever-Int
X-Acquia-Site
X-BBC-Origin-Response-Status
URI
X-GoCache-CacheStatus
X-Srcache-Store-Status
Ohc-File-Size
X-Srcache-Fetch-Status
User-Agent
Cteonnt-Length
X-Dispatcher-Number
IsBot
X-SIPLIST1
X-Via-Ucdn
Server-Ttl
Fastly-Backend-Name
X-Micro-Cache
X-RateLimit-Reset
X-Nc
X-Fastly-Cache-Hits
Tcn
X-Cdn-Request-ID
X-Swift-Error
Cneonction
X-Release
X-Dw-Trace-Id
X-Vcache
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Newrelic-App-Data
X-Backend-Host
X-Cms-Context
X-Fetch-By
CF-Cached-On
Vha6-Origin
X-Yottaa-OS
Wpo-Cache-Status
Wpo-Cache-Message
X-B3-ParentSpanId
Ngx
Cf-Ipcountry
Load-Balancing
X-ServerName
X-HostName
X-Cache-Ngx
X-Air-Pt
Sid
X-B3-Parentspanid
X-Akamai-Pragma-Client-IP
X-APP
Shield-Pop
X-BCube-Filmed-By
X-Contensis-Viewer-Groups
X-IN-APIGATEWAYSSL
X-Litespeed-Cache-Control
X-UA
X-Cache-ASPX
Req-ID
Inserted-Into-Cache-At
X-Via-CDN
X-IN-APIGATEWAY
X-CacheKey
X-Logging-Id
X-Http-Duration-Ms
X-Http-Count
X-Te-Count
X-Snapshot-Date
X-Te-Duration-Ms
X-Last-Modified
X-Sentry-ID
X-Apw-Access-Action
X-Varnish-Authentication
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
CountryCode
EpKe-Alive
X-Akamai-Request-ID
X-Shopify-Generated-Cart-Token