Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-UA-Device
X-Amz-Id-2
X-Hacker
X-Rq
Grace
X-Dns-Prefetch-Control
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
X-Dispatcher
CONTENT-SECURITY-POLICY
X-WebKit-CSP
EagleEye-TraceId
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
Allow
X-Cache-Spec
X-Device
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
X-CST
Surrogate-Control
Accept-CH
Request-Id
X-Backend-Server
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
Xkey
X-Application-Context
Accept-CH-Lifetime
Content-Location
Cf-Edge-Cache
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
X-Trace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Url
Fastly-Restarts
X-Country
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-MS-InvokeApp
X-PC
X-Vname
X-TtlSet
X-Rack-Cache
X-Ruxit-JS-Agent
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Varnish-TTL
X-ESI
X-B3-TraceId
X-VARITI-CCR
X-Content-Type
Cache-Tag
X-Vcap-Request-Id
X-Cdn-Fetch
X-Amz-Rid
X-Exp-Variant
X-Exp-Id
X-Use-Magma
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Dw-Request-Base-Id
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Cnection
X-Ac
X-Px
X-D2id
X-Element-Page-Cache
Verso
X-Navigation-Version
X-RateLimit-Remaining
Accept-Ch
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
X-Cache-TTL
X-FastCGI-Cache
Pagespeed
Display
X-Sol
X-Middleton-Display
Service-Worker-Allowed
X-Edge
X-Ser
X-Version
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
X-Country-Code
X-Ruxit-Js-Agent
Response
X-Middleton-Response
Access-Control-Request-Method
X-NF-Request-ID
X-Goog-Hash
X-Correlation-Id
X-Ttl
X-Kinsta-Cache
AR-CACHE
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
X-Upstream
X-Edge-Location-Klb
SPIisLatency
SPRequestDuration
X-Webkit-Csp
X-Ua-Device
X-TTL
X-NWS-LOG-UUID
X-LLID
X-Cached
X-Powered-CMS
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
Edge-Cache-Tag
Nginx-Cache
X-RateLimit-Limit
X-SharePointHealthScore
SPRequestGuid
TCN
X-Cache-Key
X-Forwarded-For
X-Litespeed-Cache
MRF-Tech
Mrf-Cache-Status
X-MSEdge-Ref
Content-MD5
MS-Author-Via
X-B3-TraceId-Primal
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Id
X-Daa-Tunnel
X-T
X-Recruiting
S
X-Mg-S
X-Content-Digest
X-DataDome
X-Protected-By
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Frontend
X-Ezoic-Cdn
MicrosoftSharePointTeamServices
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Ua-Browser
X-HS-Combine-CSS
X-Ab
X-Content
Server-Node
X-Request-Processing-Time
X-Request-Received
X-Accel-Expires
Front-End-Https
X-Grace
X-Yandex-Sdch-Disable
Filters
X-ECACHE
X-Mid
Fastcgi-Cache
X-Server-ID
X-ORACLE-DMS-ECID
X-Hits
X-ORACLE-DMS-RID
X-Origin-Server
X-Geo-Country
TP-L2-Cache
X-Distributor
X-PressLabs-Stats
TP-Cache
X-Debug-Info
X-Ratelimit-Reset
X-DynaTrace
Pinterest-Generated-By
X-Pinterest-Rid
X-Amzn-Trace-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
Pinterest-Version
Charset
Cleartype
Host
X-Page-Id
X-DIS-Request-ID
X-F-Cache
X-Git-Hash
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Www-Served-By
X-LB-Cache
X-Forwarded-Proto
X-Request-Handler-Origin-Region
X-Microsite
Access-Control-Allow-Method
ServerID
X-Cache-Age
Cache-Tags
X-Seen-By
X-AppVersion
X-Az
X-Activity-Id
X-Language
X-Cluster-Name
X-Kong-Upstream-Latency
Cache-Status
X-WebKit-CSP-Report-Only
X-Kong-Proxy-Latency
Realpath
Accept-Charset
X-Varnish-Age
X-Aspnetmvc-Version
Filterid
Server-Name
X-Oracle-Dms-Ecid
X-Rid
X-Oracle-Dms-Rid
X-Content-Options
X-Type
X-App-Environment
X-Nginx-Upstream-Cache-Status
X-Upgrade-Enabled
Viewport
X-Varnish-Grace
X-Mobile-URL
Country
X-Tb
X-User-Agent
X-Origin-Cache
X-FB-Debug
Node
X-Drupal-Cache-Tags
X-Flags
X-B-Cache
Paypal-Debug-Id
DC
X-Is-Crawler
X-Route-Name
X-Whom
X-Wix-Request-Id
X-Signature
X-XRDS-LOCATION
X-Request-Guid
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-NWS-UUID-VERIFY
Retry-After
X-TT
X-VCache
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Protected
Fastcgi-Useragent
X-Via-JSL
X-Varnish-Backend
X-MCACHE
X-Fastly-Request-ID
X-Cache-NGX
X-Amz-Replication-Status
X-B
Payment
X-Mcache
X-Debug
X-Contextid
X-N
X-Fastly-Request-Id
X-Logged-In
X-Fastcgi-Cache
X-Template
X-Load-Cache
WPO-Cache-Status
WPO-Cache-Message
X-FW-Type
X-XRDS-Location
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Server
Surrogate-Key
X-Cache-Control
Amp-Access-Control-Allow-Source-Origin
Count-Hit
X-Trace-Id
X-Node-Name
X-Hostname
X-Amz-Meta-S3cmd-Attrs
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
Content-Disposition
X-Proxy
Akamai-GRN
Refresh
Healthy
X-Revision
X-Rendered-As
X-Jobs
X-Cache-Time
X-Is-Bot
X-UUID
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Uber-Trace-Id
X-G
X-Page-View
X-Akamai-Request-ID2
X-Mobile
X-Framework
X-Cacheable-TTL
Alternate-Protocol
X-Cache-TTL-Remaining
X-Real-IP
X-Zen-Fury
X-Adobe-Content
X-Yottaa-Optimizations
X-Drupal-Cache-Contexts
X-Adobe-Loc
X-Http-Reason
NGB
X-Proxy-Cache-Status
X-Debug-IsPreview
X-Device-Type
X-Debug-IsConnected
X-Yottaa-Metrics
Access-Control-Request-Headers
X-Instance
X-IPLB-Instance
Permissions-Policy
Url
X-Parallel-Accel
X-Source
X-Servername
X-Cache-Rule
From-Origin
X-COUNTRY
Version
X-Cache-Grace
X-Vgn-Hpd-Reason
X-ECache
X-Varnish-Server
X-B3-Traceid
Accept-Language
X-Cache-Hit
X-Environment-Context
X-Cache-Expired-At
X-Mg-Request-UUID
X-L-Path
X-Restarts
X-NGENIX-Cache
X-EdgeConnect-Cache-Status
Referer-Policy
X-Oneagent-Js-Injection
Countrycode
X-RTag
MS-CV
Ms-Operation-Id
X-Ratelimit-Remaining
X-App-Server
X-FW-Version
Cross-Origin-Window-Policy
X-HTML-Minification-Powered-By
X-Tumblr-User
Liferay-Portal
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-NYM-Debug-Backend
X-Cache-Action
Frame-Options
Backend
X-ProcessESI
X-APP-VERSION
X-RemovedCookies
CF-IPCountry
Content-Secure-Policy
WP-Super-Cache
X-OCL
Meta-Geo
X-UPSTREAM-Address
Section-Io-Cache
X-Cache-Server
X-Nginx-Cache
X-RN-RSRV
Upgrade-Insecure-Requests
X-PCL
X-Redis-Cache
X-Hyper-Cache
X-Cache-Enabled
X-Cluster-Node
X-Content-Age
Ec-Rule-Version
X-Section
X-Access
Cache-Tv-Group
X-FB-TRIP-ID
X-Detected-As
X-No-Session
X-Generation-Time
Apigw-Requestid
X-Format
X-Ua
Mn-Server-Ip
Property-Id
S-Rt
TWC-Connection-Speed
X-Storage
X-Sql-Duration-Ms
X-Site-Version
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-InstanceId
TWC-Device-Class
X-Sql-Count
X-ApacheServer
X-SayCDN-TTL
X-Origin-Hint
X-Human
X-Hosted-By
X-Say-TTL
X-PERF
X-Request-Time
X-Region
X-Say-Cacheable
X-PHP-Backend
X-Generated-By
X-Be
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Version
Webcakes-Region
X-Server-W
X-UA-Device-Type
X-AOL-HN
X-Akamai-Edgescape
TWC-GeoIP-Country
Azure-Version
X-Via-Fastly
X-Mode
X-Uri
X-Web-Node
X-Varnish-Cache-Hits
Fastly-SSL
CDN-Cache
CDN-CachedAt
X-BYPASS-REASON
X-Cache-Host
CDN-EdgeStorageId
X-Cache-Tags
CDN-RequestId
X-Xfnlog-Site
Eomportal-Instance
Webserver
CDN-Uid
CDN-RequestCountryCode
X-Content-Powered-By
CDN-PullZone
X-Unique-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Status
X-Nginx-Cache-Key
X-Origin-Date
Locale
X-Platform-Server
X-Debug-Cache
X-Rule
X-ProxyCache-Status
X-ProxyCache-Key
X-SaId
X-ShopId
X-ShardId
X-Varnishpool
X-Proxied
X-Adobe-Source
X-JoinUs
X-Hl-Ver
X-Extlb
X-Shopify-Stage
X-Cache-Type
X-Backend-Name
X-ServerID
X-TT-LOGID
X-Routing-Service
X-Alternate-Cache-Key
X-Forwarded-Host
X-Zipkin-Id
X-Sorting-Hat-PodId
X-Tid
X-Sorting-Hat-ShopId
X-Handled-By
X-Datadome
X-Webkit-CSP
X-Proxy-Build
X-Timing-Wait
ServedBy
Selected-Fe
X-GG-Cache-Date
X-Locale
X-PHP-Host
X-Labrador-Cache-Channel
X-Dc
X-NewRelic-App-Data
X-Accel-Buffering
X-Cache-Operation
X-AWS-Id
X-VWS-Id
X-Cache-Remote
X-LJ-Flow-ID
X-VC-Cache
SID
X-Ratelimit-Limit
X-LSADC-Cache
X-Rewrite-Enabled
Xserver
X-Cached-By
X-TA-CDN-Provider
X-Pubstack
X-Soup
Fastly-Drupal-Html
Mime-Version
X-Proto
X-Edge-Location
X-Storefront-Renderer-Rendered
X-CDN-Forward
X-Midtier
Web-Mar-Node
X-Buckets
X-Cms-Context
X-GEO
SRV
Onion-Location
X-Reqid
Decoy-Debug-TTL
Decoy-Debug-Status
X-Request-Host
Decoy-Debug-Key
LB
X-Microcachable
X-Varnish-Hostname
Country-Code
X-App-Version
X-Origin-TTL
Server-Info
X-Origin-CC
Load-Balancing
Cache-Hits
X-GeoCode
X-GeoCountry
Xet-Cookie
X-Ms-Request-Id
X-Cluster
X-Ms-Version
X-SRV
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-Varnish-Hits
X-NCache
X-Magnolia-Registration
DynaTrace
X-CSRF-Token
X-B3-SpanId
X-Bc-Bl
X-Envoy-Decorator-Operation
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Air-Hostname
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Air-Trace-Id
X-Air-Source
X-Endurance-Cache-Level
Cache-Name
X-Origin-Response-Time
X-Varnish-Beresp-Grace
X-RCS-CacheZone
X-R9-Blue-Green-Version
X-A-Dgt
T-Server
X-A-Dam
X-A
X-A-Wwc
X-A-Ccd
X-A-Dcw
X-ARC
X-Cache-Id
X-Cache-NE
X-Cdn-Srv
X-CF-Lambda-Fn
X-Cache-Bucket
X-B-Cookie
X-AK-Request-ID
X-Application
Surrogated-Key
X-Aed
Odigeo-Trace-Id
Cmstype
DB-Nickname
DCR-Decision-By
DCR-Processing-Time-Ms
Cmsid
Cdnsip
A
BehaviorPad-Version
Cdncip
Expiry
Fastcgi-X-Cache-Version
X-CF-Lambda-Version
Pramga
Rendered-Blocks
NM-Fastcgi-Cache
Mobile-Detection-Method
Host-ID
Lang
Meta-Geo-Continent
Sslversion
X-Destination
X-SD-PageType
X-Session-Fingerprint
X-Shop-Environment
X-SRCache-Key
X-ScT
X-S-Cookie
X-Processor
X-Rojux
X-S
X-Tenant
X-TIM-N
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Webstats-RespID
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-TrackingId
X-User
X-Vdms-Path
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Epic-Correlation-Id
X-Esi-Check
X-External-Request-Id
X-Forwarded-Path
X-Ec-GeoHdr
X-Ec-Fail
X-Connection-Hash
X-D
X-Developer
X-From
X-Ftr-Request-Id
X-NAPM-TraceId
X-NodeID
X-Orig-Expires
X-LAGOON
X-Ig-Push-State
X-Geo-Header
X-Hash
X-HS-Content-Campaign-Id
X-Conf
X-Gzip
X-Tx-Id
Source
X-Amzn-Remapped-Content-Length
X-Variation
X-V-Cache
Producers
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Block-Status
X-Cache-Backend
X-Clara-WADP
X-Core-Mission
X-Ckpd-Fst-Backend
X-SVT-ORM-RULES
X-Cache-Info
X-SVT-ORM-VERSION
X-VG-TLSProxy
X-Azure-Ref
Svr
X-Viewer-Country
User-Cache-Control
State
X-WADP-Cache
Server-Host
X-Wix-Viewer-Type
V-Age
Vix-Hermes-Req-Id
Wxu-Next-Region
X-Core-Value
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
Web-Mar-Region
X-Worker
X-DefElseHash
X-SB
X-Location
X-Loop
X-JWT-State
X-Is-Gdpr
X-Hnp-Log
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Node-Id
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Rocket-Build-Number
X-Planisys-CDN-Cache
X-Origin-Time
X-Nyt-Route
X-Origin
X-Has-Esi
X-GeoIP
X-Device-Os
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Developers
X-Sigma-Backend
Platform
X-DefHash
X-Sigma
X-Time
X-Gdpr
X-Gen-Mode
X-Server-IP
X-Fmm-Version
X-Fastly-Cache
X-Fetched-On
X-Slack-Backend
X-TNCMS
Is-Eu
Cache
Apple-News-Services-Parsed-Url
Machine
Mail-Subject
Memcached
Adler-Geo
Apple-News-Services-Request-Url
Apple-News-Services-Handled
CDN
Apple-News-Services-Host
AKAMAI
Fastly-GeoIP-CountryCode
Environment
X-ZONE
X-Via-NSCOPI
X-Varnish-Ttl
X-BBC-Edge-Cache-Status
Origin-CC
X-RateLimit-Limit-Second
X-Thinkindot-L3
Origin
X-Branch-Name
X-Region-Sid
X-Auto-Login
X-Served-From
X-Forwarded-Site
X-Proxy-Upstream
Arc-Country
X-GeoIP-City
Origin-EX
Fastcgi-Cache-TTL
MD5-Digest
X-Cache-Date
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Sn-Servicetimems
X-Response-By
Cluster
X-Datadog-Parent-Id
X-Level-Front-Cache
X-Scheme
X-Men
X-Minions-Version
X-Httpd
CloudFront-Viewer-Country
X-Loc
X-Cdn-Origin
X-Origin-Expires
X-Aicache-OS
X-Policy
X-Pool
Traceparent
X-Pod-Name
Fastly-SIE
Req-Svc-Chain
Thinkindot-Control
Thinkindot-CacheControl-Type
X-VServer
X-Rebelmouse-Cache-Control
X-Gamma-Serve
TDXMobile
Ssr
Thinkindot-CacheControl
X-Qloud-Router
Locid
X-Rocket-Nginx-Serving-Static
Redirect-Candidate
X-Generated-On
N-Cache
X-Request-URI
Fastly-SWR
X-Skip-Cache
Gh-Request-Id
X-Platform
X-RateLimit-Remaining-Second
Kp-EeAlive
X-Rebelmouse-Surrogate-Control
Release
X-Proxy-Cache-Info
X-Parent-Response-Time
X-HN
CDCHOST
X-VarnishDD-TTL
X-Optimistic-Header
PFcat
HostName
X-Eu-Site
L5d-Success-Class
HA-Ipaddr
NGX
Ha-Gx-Prefs
X-Dispatcher-Number
X-Old-Content-Length
DSUID
L
X-Csrf-Jwt
X-CGP
X-TraceId
X-CS
Sever-Int
IsBot
X-Refresh
X-Owner
X-RSL
X-Scale
X-RPS
X-RPM
Server-Ext
X-NC
Server-Hostname
X-SIPLIST1
X-Via-Ucdn
X-DI
X-DSS
X-EC-Lua
X-DW
X-DB
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-CacheTTL
AMP-Access-Control-Allow-Source-Origin
X-TIME
X-Srv
X-Date
X-Accel-Expires-Debug
Pics-Label
X-VC
Time
X-IPLB-Request-ID
Memory
Env
X-Tb-Optimization-Total-Bytes-Saved
Ohc-File-Size
X-Tt-Logid
X-Mvc-Supplant-OutputCached
X-LB-NoCache
Servername
X-GeoIP-Country-Code
X-Edge-Pop
X-Newrelic-Synthetics
X-GeoIP-Region-Code
X-Ah-Environment
Ms-Author-Via
X-Akamai-Transformed
X-Udemy-Cache-App-Namespace
GEO-INFO
X-CACHE-KEY
X-BCube-Filmed-By
X-Generated-In
X-Wikidot-Static-Cache
X-Amz-Meta-Cb-Modifiedtime
X-Wikidot-Backend
Datacenter
X-Ad-Defer-Variation
Candidate-Md5Url
X-Cache-Debug
Cache-Key
GeoIp-Country-Code
X-SplitTest
X-Via-Poph
X-Cache-ASPX
VNS-Cache
X-API-Version
CPC-Cache
Geo-Info
XM
X-Via-Popv
VNS-Age
CPC-Age
X-Via-Popn
X-Contensis-Viewer-Groups
X-Xrds-Location
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Source
X-Servedbyhost
Fastly-Backend-Name
CacheControlHeader
X-S-Maxage
X-Varnish-Authentication
X-WA-Info
ITXSESSIONID
X-Cache-Status-Check
X-TH-Server
Path
X-Micro-Cache
X-HA-Backend
Geoip-Latitude
X-Action
X-Presslabs-Stats
True-Client-Country-4JS
X-Vc
X-RateLimit-Reset
X-VCL-Version
X-AIR-PT
X-Backend-TTL
Client
Cache-Host
Lb
Ohc-Cache-HIT
Server-ID
FSS-Cache
X-Varnish-Beresp-TTL
X-Cs
Hostname
X-VHOST
Edge-Cache
True-Client-IP
X-Req
X-DC
X-Trace-ID
Ngx.Var.Host
X-Provided-By
My-App
X-Api-Version
X-Fpc
NtCoent-Length
XkeyRZ
X-Proxy-CacheRZ
X-Clientip
X-FireWall-Port
X-Zone
X-TX-ID
X-Origin-Upstream-Status
X-Dynatrace
X-Pass-Why
X-Webkit-Csp-Report-Only
Powered-By
X-Up
X-NGINX-Cache
X-PX
X-B3-Spanid
X-LB-ID
X-FPC
DataCenter
X-Varnish-Beresp-Ttl
X-CSRF-TOKEN
Test
X-Traceid
Cf-Int-Pingora-Origin-Digest
X-MSEdge-Flight
X-Li-Pop
X-Cdn-Request-ID
X-LI-UUID
X-MSEdge-Features
X-Li-Fabric
X-Dmc
OT-Force-Account-Verify
X-Correlation-ID
X-Beluga-Node
Server-Id
X-INCAP-ABP
X-ND-Cache
X-HS-Status
X-Beluga-Trace
X-UnsetCookies
X-Beluga-Record
X-Beluga-Status
X-Vcl-Version
X-Render-Time
X-Beluga-Response-Time
User-Agent
X-Beluga-Cache-Status
X-Webkit-CSP-Report-Only
X-CUA
Proxy-Connection
X-Ha-Backend
X-Time-Microsecs
Rip
C-Via
WZWS-RAY
X-CLOUD-TRACE-CONTEXT
X-Check-Cacheable
X-Alfa-Service
X-RAMCache
X-Service
Tube-Return
Srvid
X-Via-PopV
Click-Count-Error
Click-Count-Action-Start
Tube-Get-Contents
Tube-Got-Eval
Tube-Got-Results
X-Via-PopN
X-Via-PopH
X-Platform-Processor
X-URL
X-Platform-Cluster
X-Platform-Router
X-ServedByHost
Cf-Device-Type
X-Fragments
Tracecode
Target-Params
X-Geo
X-Azure-Ref-OriginShield
X-Sucuri-Cache
X-Gateway-Skip-Cache
Uri
X-Sucuri-ID
X-Gateway-Request-Id
X-Var-Ttl
Resin-Trace
GeoIP-Country-Code
Lfy
X-FC-Vary-Parameters
X-Fastly-Backend
X-ATG-Version
GeoIP-Latitude
X-Gateway-Cache-Key
Sid
Esi-Enabled
X-Gateway-Cache-Status
X-Akamai-Pragma-Client-IP
MIME-Version
X-CCDN-Origin-Time
X-CCDN-CacheTTL
HIT
X-Fastly-Backend-Reqs
X-Hcs-Proxy-Type
X-LiteSpeed-Cache-Control
X-Proxy-Cache-Hk
X-Qnm-Cache
X-M-Reqid
X-M-Log
X-Fetch-By
Epwk-X-Cache
X-LI-Proto
Srv
Fastly-Drupal-HTML
X-TRACE-ID
X-Cdn-Forward
X-Backend-Host
X-Li-Proto
Magicmarker
X-NU-AKA-ACS-Version
X-DynaTrace-JS-Agent
X-Varnish-Beresp-Status
On-Server
ENV
X-ID
X-Esi
Cdn
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
XServer
X-Cache-Expires
X-APP
X-B3-Traceid-Primal
Section-Io-Origin-Status
X-Edge-POP
X-App
Section-Io-Id
ServerName
X-Backend-State
X-Lb-Nocache
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-MG-S
Tcn
Inserted-Into-Cache-At
X-ElasticPress-Query
CF-Cached-On
PICS-Label
X-Request-Start
X-Newrelic-App-Data
Server-Ttl
X-Cache-CFC
X-Yottaa-OS
X-Vercel-Id
X-Acquia-Purge-Tags
D-Url-Rewrites
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Iplb-Request-Id
X-Iplb-Instance
X-Thanos
X-Vcache
X-Nc
Cf-Ipcountry
Wpo-Cache-Status
X-BBC-Origin-Response-Status
X-Vercel-Cache
X-Serial
X-Bip
Wpo-Cache-Message
Warning
Servedby
X-HostName
X-Litespeed-Cache-Control
X-Shopify-Generated-Cart-Token
Fastcgi-Cache-Ttl
X-LiteSpeed-Tag
Cneonction
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
X-IN-APIGATEWAY
X-B3-Parentspanid
X-IN-APIGATEWAYSSL
X-Swift-Error
X-Wp-Cf-Super-Cache-Cache-Control
Ngx
X-Snapshot-Date
X-Back
Content-Style-Type
X-Th-Server
X-Storefront-Renderer-Verified
X-CF-Powered-By
Content-Script-Type
X-Dw-Trace-Id
X-Dist-Code
X-Request-Url
X-Release
CountryCode
X-Akamai-Request-ID
X-Request-URL