Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
P3p
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-UA-Device
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dns-Prefetch-Control
X-Dispatcher
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Ruxit-JS-Agent
X-Application-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
Rating
X-Country
X-B3-TraceId
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
X-Content-Type
X-TtlSet
X-Vname
X-PC
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-FastCGI-Cache
X-Server-Name
Fastly-Restarts
Cache-Tag
X-VARITI-CCR
X-Aws-Lambda-Call-Status
Service-Worker-Allowed
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Upstream
MS-Author-Via
X-GitHub-Request-Id
X-MS-InvokeApp
X-Vcap-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-D2id
X-Cache-TTL
X-Abt-Application-Version
X-Client-IP
X-Cnection
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Px
X-Navigation-Version
RTSS
X-Country-Code
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-NF-Request-ID
X-GoogleNews-Bot
X-Exp-Id
X-Goog-Hash
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
Accept-Ch
X-Origin-Cache
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
AR-SID
X-Powered-CMS
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-Request-ID
X-Version
Display
X-Middleton-Display
Pagespeed
X-Sol
Response
X-Middleton-Response
X-TTL
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
Nginx-Cache
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Protected-By
TCN
X-Jurisdiction
X-HP-Trace-Id
X-T
X-HP-Webp
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Id
X-RateLimit-Remaining
Content-MD5
S
X-Aspnetmvc-Version
Edge-Cache-Tag
Fastcgi-Cache
X-Mid
SPIisLatency
Front-End-Https
SPRequestDuration
Realpath
X-Language
X-CST
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
Filters
Server-Node
Server-Name
X-Ua-Browser
X-Ab
X-Content
X-Frontend
X-Correlation-Id
X-MCACHE
X-NWS-LOG-UUID
X-ECACHE
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-DynaTrace
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Ser
SPRequestGuid
X-Ttl
X-SharePointHealthScore
X-Ezoic-Cdn
X-Hits
X-Template
X-Parallel-Accel
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Alternate-Protocol
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Kong-Proxy-Latency
MicrosoftSharePointTeamServices
X-Content-Options
Cache-Tags
X-Kong-Upstream-Latency
X-Page-Id
X-B3-Sampled
Cleartype
Host
Charset
X-Fastly-Request-Id
X-Www-Served-By
X-Git-Hash
X-Cache-Key
X-Ruxit-Js-Agent
X-Geo-Country
X-Daa-Tunnel
X-Debug-Info
X-DIS-Request-ID
X-Amzn-Trace-Id
X-Webkit-CSP
X-Ratelimit-Limit
X-Content-Digest
X-Amz-Replication-Status
X-Varnish-Age
Filterid
X-XRDS-LOCATION
X-Accel-Expires
X-AppVersion
X-Az
X-Activity-Id
X-Hostname
X-VCache
X-FB-Debug
X-Forwarded-Proto
X-Upgrade-Enabled
TP-L2-Cache
X-Grace
TP-Cache
X-Rid
X-Origin-Server
X-WebKit-CSP-Report-Only
Cross-Origin-Opener-Policy
Access-Control-Allow-Method
ServerID
X-N
X-Nginx-Upstream-Cache-Status
X-F-Cache
X-LB-Cache
X-Mobile-URL
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-TT
X-Whom
X-Varnish-Grace
Viewport
X-App-Environment
X-Seen-By
X-Tb
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Distributor
Node
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-FW-Type
Payment
X-FW-Server
X-Type
X-FW-Static
Paypal-Debug-Id
X-Server-ID
DC
X-App-Server
X-User-Agent
Fastcgi-Useragent
Country
X-NGENIX-Cache
Accept-Charset
X-Origin-Upstream-Status
X-Wix-Request-Id
X-Cache-Control
X-Cache-Rule
X-Litespeed-Cache
X-Logged-In
Version
X-Via-JSL
X-Drupal-Cache-Tags
X-DataDome
X-Cache-Age
Referer-Policy
X-Ratelimit-Reset
X-Load-Cache
X-Request-Handler-Origin-Region
X-Cluster-Name
X-Varnish-Backend
Refresh
X-Signature
X-B-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Microsite
X-Contextid
X-Node-Name
VIX-Pulpo-Node
SD-X-WS
X-Response-Served-From
VIX-Pulpo-Upstream-Status
Cache-Status
X-Original-Request-Id
X-Buckets
X-Vgn-Hpd-Reason
X-Rendered-As
X-Page-View
X-Mobile
X-Is-Bot
X-Cache-Expired-At
X-Real-IP
X-Proxy-Cache-Status
Access-Control-Request-Headers
X-Jobs
X-B
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
NGB
X-Cacheable-TTL
X-Debug
X-Yottaa-Optimizations
X-RemovedCookies
X-Proxy
X-IPLB-Instance
X-Device-Type
X-ProcessESI
X-Instance
X-Yottaa-Metrics
X-Revision
X-UUID
X-Rule
X-Drupal-Cache-Contexts
Surrogate-Key
X-Fastly-Request-ID
X-Cache-Action
X-Cache-Time
X-Debug-IsConnected
X-Debug-IsPreview
X-Framework
Akamai-GRN
Amp-Access-Control-Allow-Source-Origin
X-FW-Version
X-G
X-Fastcgi-Cache
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
CF-IPCountry
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
SID
DynaTrace
X-Azure-Ref
Liferay-Portal
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-PressLabs-Stats
GEO-INFO
X-Nginx-Cache
X-Presslabs-Stats
X-Source
X-Accel-Buffering
X-Ms-Version
X-Ratelimit-Remaining
X-Ms-Request-Id
X-Oneagent-Js-Injection
Count-Hit
Healthy
Uber-Trace-Id
Frame-Options
X-RTag
X-Cache-Operation
MS-CV
Ms-Operation-Id
X-APP-VERSION
X-Cache-NGX
X-EdgeConnect-Cache-Status
X-XRDS-Location
X-CDN-Forward
X-Zen-Fury
Countrycode
X-Cache-Hit
X-Environment-Context
Xserver
X-Varnish-Server
X-Tumblr-Pixel
X-Tumblr-User
X-L-Path
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Mode
X-Backend-Name
Protected
Cross-Origin-Window-Policy
Ec-Rule-Version
X-IPS-LoggedIn
X-Forwarded-Host
X-Servername
X-Region
X-Cache-TTL-Remaining
Meta-Geo
X-Tid
X-RN-RSRV
X-Detected-As
X-SaId
X-JoinUs
X-Rewrite-Enabled
X-UPSTREAM-Address
Backend
X-Content-Powered-By
X-Hosted-By
X-Sql-Duration-Ms
X-Routing-Service
X-Adobe-Loc
X-Proxied
X-Generation-Time
X-Cache-Grace
Apigw-Requestid
X-Redis-Cache
X-Uri
X-Sql-Count
X-Zipkin-Id
X-ShopId
X-Shopify-Stage
Eomportal-Instance
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Adobe-Content
X-Alternate-Cache-Key
X-ShardId
X-Extlb
X-Sorting-Hat-ShopId
X-Debug-Cache
X-Cache-Server
X-Sorting-Hat-PodId
Country-Code
X-Hyper-Cache
Fastly-SSL
X-PERF
X-PHP-Backend
X-Origin-Date
X-No-Session
X-Human
X-NCache
X-Via-Fastly
X-Varnish-Beresp-Grace
X-ApacheServer
X-Site-Version
X-FB-TRIP-ID
X-ServerID
X-Content-Age
Cache-Name
Url
Section-Io-Cache
Webcakes-App-Version
X-Pubstack
TWC-Privacy
Webcakes-Region
X-Akamai-Edgescape
X-BYPASS-REASON
X-UA-Device-Type
TWC-Locale-Group
X-Cache-Host
Selected-Fe
Property-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Mn-Server-Ip
X-Cache-Type
X-Origin-Hint
X-OCL
X-NYM-Debug-Backend
X-PCL
X-Proxy-Build
X-ProxyCache-Status
X-ProxyCache-Key
X-Microcachable
X-Server-W
X-Format
X-Cluster-Node
X-Timing-Wait
X-NewRelic-App-Data
X-Status
X-Storage
Cache-Tv-Group
Webcakes-App-Name
X-Section
WPO-Cache-Message
WPO-Cache-Status
X-Varnishpool
LB
X-Access
X-Web-Node
X-SayCDN-TTL
X-Hl-Ver
X-Say-Cacheable
X-R9-Blue-Green-Version
X-Say-TTL
CDN-EdgeStorageId
CDN-CachedAt
Azure-InstanceId
Content-Disposition
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
X-Be
X-RateLimit-Limit
Azure-RegionName
X-Soup
Content-Secure-Policy
DB-Nickname
CDN-Cache
Azure-Version
X-TIME
CDN-Uid
Azure-SiteName
Azure-SlotName
X-Trace-Id
X-Generated-By
X-Azure-Ref-OriginShield
X-Ua
X-LSADC-Cache
OT-Force-Account-Verify
SRV
X-Webkit-Csp
X-Cached-By
X-Dc
X-TT-LOGID
X-SRV
Source
X-Nginx-Cache-Key
X-Bc-Bl
X-Unique-Id
Cache
Retry-After
X-LAGOON
X-Auto-Login
X-Origin-CC
X-Cache-Remote
X-Origin-TTL
X-Platform-Server
Xet-Cookie
X-Varnish-Hits
Cache-Hits
Mime-Version
X-Akamai-Transformed
X-Varnish-Hostname
HostName
X-App-Version
X-Loop
X-HTML-Minification-Powered-By
X-TNCMS
X-Xfnlog-Site
X-GEO
Onion-Location
X-S-Maxage
X-CSRF-Token
X-Amz-Meta-S3cmd-Attrs
X-Cache-Tags
ServedBy
X-Cdn
X-Tumblr-Pixel-2
X-Varnish-Cache-Hits
Upgrade-Insecure-Requests
X-Tumblr-Pixel-3
Web-Mar-Node
X-Request-Time
X-CLOUD-TRACE-CONTEXT
X-EC-Lua
X-Proto
Webserver
X-AOL-HN
From-Origin
X-Request-Host
X-Endurance-Cache-Level
X-Time
X-Tenant
X-CACHE-KEY
N-Cache
WP-Super-Cache
X-VWS-Id
X-LJ-Flow-ID
X-Cache-Var-Map
X-AWS-Id
X-Cache-Var
X-ECache
X-Time-Microsecs
X-B3-SpanId
X-FireWall-Port
X-GG-Cache-Date
X-Edge-Location
X-Cache-Enabled
X-Origin-Response-Time
AMP-Access-Control-Allow-Source-Origin
X-Handled-By
X-Mg-Request-UUID
X-ScT
X-S
X-S-Cookie
X-Planisys-CDN-TTL
Odigeo-Trace-Id
Pramga
Redirect-Candidate
Rendered-Blocks
X-Planisys-CDN-Rules
Mobile-Detection-Method
X-Processor
X-SD-PageType
Meta-Geo-Continent
X-Rojux
Expiry
X-Vdms-Path
X-V-Cache
X-TIM-N
X-Vdms-Version
X-VG-WebCache
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-SRCache-Key
A
DCR-Decision-By
DCR-Processing-Time-Ms
Sslversion
BehaviorPad-Version
X-Session-Fingerprint
X-Slack-Backend
X-Shop-Environment
Fastcgi-X-Cache-Version
X-Orig-Expires
X-Application
X-ARC
X-Destination
X-Developer
X-Aicache-OS
X-A-Dgt
X-External-Request-Id
X-Aed
X-D
X-Connection-Hash
X-Cache-NE
X-CF-Lambda-Fn
X-Ckpd-Fst-Backend
X-Block-Status
X-B-Cookie
X-Conf
X-Cluster
X-Forwarded-Path
X-A-Dcw
X-CF-Lambda-Version
X-ND-Cache
X-NAPM-TraceId
User-Cache-Control
Surrogated-Key
X-PBS-Appsvrname
X-PAYTM-SRV-ID
V-Age
Vix-Hermes-Req-Id
X-Gen-Mode
X-Ftr-Request-Id
X-A-Dam
X-Hnp-Log
X-Ig-Push-State
X-A
X-A-Ccd
X-Planisys-CDN-Cache
X-A-Wwc
X-NWS-UUID-VERIFY
CloudFront-Viewer-Country
X-PHP-Host
X-Amz-Apigw-Id
X-Labrador-Cache-Channel
X-Amzn-RequestId
Nel
X-Correlation-ID
X-Via-NSCOPI
X-MP-GENERATED-AT
Host-ID
Origin
X-Date
X-Fastly-Cache
X-Gdpr
Gh-Request-Id
X-Forwarded-Site
X-Epic-Correlation-Id
X-Cdn-Srv
Svr
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Accel-Expires-Debug
X-Geo-Header
X-Cache-Date
X-Cache-Bucket
State
True-Client-Country-4JS
X-Li-Pop
X-Scheme
X-Server-IP
X-Request-URI
X-RCS-CacheZone
X-Proxy-Upstream
X-Sucuri-Cache
X-Sucuri-ID
X-Webstats-RespID
X-Viewer-Country
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Policy
Server-Info
X-Location
X-Men
X-LI-UUID
Fastcgi-Cache-TTL
X-Li-Fabric
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Owner
X-Origin-Time
X-Origin-Expires
X-Old-Content-Length
X-Hash
X-NodeID
X-Adobe-Source
CacheControlHeader
X-Reqid
DSUID
AKAMAI
X-Magnolia-Registration
Cmstype
Arc-Country
Cmsid
Fastly-Drupal-Html
CDCHOST
X-Locale
X-Qnm-Cache
Environment
X-M-Log
X-M-Reqid
X-Core-Value
X-Csrf-Jwt
X-Datadog-Sampling-Priority
X-Device-Os
X-Datadog-Trace-Id
X-Core-Mission
X-Datadog-Parent-Id
X-Cdn-Origin
X-Backend-State
X-Bip
X-VServer
X-Datadome
X-Backend-TTL
X-Branch-Name
X-Cache-Debug
X-CGP
X-VarnishDD-TTL
X-Envoy-Decorator-Operation
X-Cache-Info
X-Cache-Id
X-Varnish-Beresp-Status
X-Fastly-Backend
X-Skip-Cache
X-Served-From
X-Sn-Servicetimems
X-Level-Front-Cache
X-TH-Server
X-Rocket-Nginx-Serving-Static
X-Request-Start
X-Platform
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Region-Sid
X-Req
X-Irp-Debug
X-HS-Content-Campaign-Id
X-TrackingId
X-Gamma-Serve
X-Fetched-On
X-Eu-Site
X-Esi-Check
X-Generated-On
X-GeoIP
X-Thanos
X-HN
X-Gzip
X-GeoIP-City
X-UnsetCookies
X-VG-TLSProxy
L
Origin-EX
Release
HA-Ipaddr
L5d-Success-Class
Machine
Traceparent
Mail-Subject
Ssr
Origin-CC
We-Hiring
PFcat
Web-Mar-Region
Server-Host
Ha-Gx-Prefs
X-Zone
X-VC-Cache
X-Thinkindot-L3
Apple-News-Services-Handled
X-DefElseHash
X-Variation
X-DefHash
Apple-News-Services-Request-Url
NM-Fastcgi-Cache
X-DPWN-IS-SECURE
X-FC-Vary-Parameters
X-Developers
Req-Svc-Chain
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Is-Gdpr
Fastly-SWR
X-Response-By
X-Rocket-Build-Number
X-Rebelmouse-Surrogate-Control
Fastly-SIE
X-Pod-Name
Fastly-GeoIP-CountryCode
X-Rebelmouse-Cache-Control
X-Sigma
X-Sigma-Backend
X-JWT-State
Memcached
Adler-Geo
Locid
X-Storefront-Renderer-Rendered
X-NU-AKA-ACS-Version
X-Node-Id
Is-Eu
X-Has-Esi
Platform
X-Amzn-Remapped-Content-Length
X-ATG-Version
Thinkindot-CacheControl-Type
X-Origin
X-BBC-Edge-Cache-Status
X-Qloud-Router
X-Worker
Thinkindot-Control
TDXMobile
Thinkindot-CacheControl
X-Varnish-CookieINHashed-On
X-GeoIP-Country-Code
X-Varnish-CookieHashed-On
X-GeoIP-Region-Code
Cf-Device-Type
X-Varnish-Remaining-TTL
X-Xrds-Location
X-CS
X-Loc
S-Rt
NGX
X-Mvc-Supplant-OutputCached
X-Ua-Device
X-API-Version
X-NC
X-Cache-Config
X-LB-ID
X-Up
X-Tx-Id
X-TraceId
X-Restarts
X-Varnish-Beresp-Ttl
CDN
X-Generated-In
X-Akamai-Request-ID2
X-Http-Reason
Magicmarker
Memory
X-Trace-ID
Ms-Author-Via
Kp-EeAlive
Pics-Label
Time
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
X-Wix-Viewer-Type
X-Cache-Backend
Edge-Cache
X-Optimistic-Header
X-RSL
X-Via-Popn
X-DI
X-DSS
Datacenter
X-DB
X-Edge-Pop
Env
X-Action
X-RPM
X-DW
X-RPS
X-Via-Poph
Candidate-Md5Url
X-Via-Popv
X-Dynatrace
X-Refresh
WebServer
Accept-Language
X-Varnish-Ttl
GeoIp-Country-Code
X-LB-NoCache
X-DynaTrace-JS-Agent
X-Tt-Logid
X-Minions-Version
WWW-Authenticate
X-Vc
On-Server
X-Varnish-Beresp-TTL
X-CacheTTL
X-DC
X-HA-Backend
X-TA-CDN-Provider
Esi-Enabled
X-Parent-Response-Time
X-TX-ID
X-Esi
X-Srv
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-MSEdge-Flight
C-Via
X-Servedbyhost
X-ZONE
X-Service
X-MSEdge-Features
X-Unique-ID
X-Newrelic-Synthetics
X-Cs
X-Cache-PHP
X-Ec-GeoHdr
X-Ec-Fail
X-User
Server-ID
X-Li-Proto
X-Mcache
X-Render-Time
X-VCL-Version
X-LiteSpeed-Cache-Control
X-FPC
X-App
X-Cache-Ttl
X-Cache-Status-Check
X-URL
X-LI-Proto
Test
X-Fpc
X-Webkit-Csp-Report-Only
Cdnsip
X-Vcl-Version
Cdncip
X-AK-Request-ID
X-Pass-Why
X-Traceid
X-Clara-WADP
X-Fmm-Version
Geoip-Latitude
My-App
X-WADP-Cache
X-B3-Spanid
Server-Id
Cluster
X-NODE
Geo-Info
Proxy-Connection
X-Webkit-CSP-Report-Only
X-CUA
Tracecode
X-Var-Ttl
Resin-Trace
Tcn
X-LiteSpeed-Tag
X-From
X-AIR-PT
T-Server
M-TraceId
Lfy
X-Clientip
X-Info
DataCenter
Cf-Int-Pingora-Origin-Digest
Fastly-Drupal-HTML
X-Fragments
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
HIT
Lang
UCS
X-ServedByHost
X-Oss-Server-Time
Cache-Host
X-CSRF-TOKEN
S-Cnection
X-Ha-Backend
Target-Params
X-ID
X-VC
X-Geo
Hostname
X-Cdn-Forward
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Ohc-File-Size
Hit
X-RAMCache
X-Pad
X-HostName
GeoIP-Country-Code
X-Dynatrace-Js-Agent
X-ElasticPress-Query
X-Micro-Cache
MIME-Version
Fastly-Backend-Name
X-Check-Cacheable
X-Via-PopV
User-Agent
X-Via-PopN
ENV
X-Via-PopH
X-Edge-POP
X-Provided-By
Load-Balancing
X-Proxy-Cache-Info
X-Lb-Nocache
X-Api-Version
X-Backend-Host
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-Httpd
X-Release
X-NGINX-Cache
X-Edge-Cache
X-BBC-Origin-Response-Status
Permissions-Policy
X-Fastly-Backend-Reqs
X-Ucs
X-ServerName
Producers
X-APP
PICS-Label
ServerName
X-BCube-Filmed-By
WZWS-RAY
X-HS-Status
FSS-Cache
X-GoCache-CacheStatus
Servername
Uri
X-UP
EpKe-Alive
X-SB
URI
X-Cache-CFC
Lb
X-TRACE-ID
X-Platform-Router
X-Platform-Processor
X-Swift-Error
X-Pool
Server-Ttl
X-Udemy-Cache-App-Namespace
X-Platform-Cluster
X-Lb-Id
CPC-Cache
Cteonnt-Length
X-WA
X-B3-ParentSpanId
Cneonction
X-Nc
X-WA-Info
CPC-Age
Ohc-Cache-HIT
X-Amz-Meta-Cb-Modifiedtime
VNS-Cache
VNS-Age
Cdn
Cache-Key
X-Fastly-Cache-Hits
X-RateLimit-Reset
X-Cdn-Request-ID
Path
X-Dw-Trace-Id
X-Scale
X-Wikidot-Backend
X-Shopify-Generated-Cart-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Wikidot-Static-Cache
X-Akamai-ERPolicy
X-Akamai-Request-ID
X-Newrelic-App-Data
X-Acquia-Site
Cf-Ipcountry
X-Ec-Custom-Error
X-ES-SERVER
X-Akamai-ERRuleID
X-Vcache
X-Acquia-Purge-Tags
Shield-Pop
X-Apw-Hits
X-Contensis-Viewer-Groups
X-Snapshot-Date
X-Yottaa-OS
CF-Cached-On
X-Apw-Access-Token
X-Cache-ASPX
Vha6-Origin
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Sid
X-Air-Pt
X-Cache-Ngx
X-Cache-Expires
X-Logging-Id
Req-ID
Pagetype
X-Akamai-Pragma-Client-IP
X-PJAX-URL
X-UA
X-CacheKey
X-Sentry-ID
X-Te-Count
X-Http-Duration-Ms
X-Http-Count
X-Te-Duration-Ms
X-Last-Modified
X-Varnish-Authentication
CountryCode
Ngx
X-Cms-Context