Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
P3p
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-UA-Device
X-AH-Environment
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
X-LiteSpeed-Cache
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Host
X-Server-Id
Cf-Railgun
X-Backend-Server
X-Node
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
Content-Location
Rating
X-Country
X-B3-TraceId
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
X-Content-Type
Allow
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Varnish-TTL
X-FastCGI-Cache
X-ESI
X-Server-Name
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-Rack-Cache
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-Language
X-MS-InvokeApp
X-Upstream
X-GitHub-Request-Id
MS-Author-Via
X-Amz-Rid
X-Vcap-Request-Id
Public-Key-Pins
X-Aws-Lambda-Call-Status
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Template
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cnection
X-Origin-Cache
X-Px
Arr-Disable-Session-Affinity
X-Country-Code
RTSS
Access-Control-Request-Method
X-Navigation-Version
X-Goog-Hash
X-Powered-By-Plesk
X-NF-Request-ID
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
Accept-Ch
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Version
X-Powered-CMS
Pagespeed
X-Sol
X-Middleton-Display
Display
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-SID
AR-Request-ID
X-Amz-Server-Side-Encryption
X-Middleton-Response
Response
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-MSEdge-Ref
X-LLID
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
Nginx-Cache
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-TTL
X-Protected-By
X-Shield-Request-Id
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-T
TCN
X-Buckets
S
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Mg-S
Content-MD5
X-RateLimit-Remaining
X-Id
X-Aspnetmvc-Version
Edge-Cache-Tag
X-Mid
Fastcgi-Cache
Realpath
X-CST
SPRequestDuration
SPIisLatency
Front-End-Https
X-MCACHE
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Filters
X-Pinterest-Rid
Pinterest-Version
X-Ttl
Pinterest-Generated-By
Server-Node
X-Ua-Browser
X-Ab
X-Content
X-Correlation-Id
X-DynaTrace
Server-Name
X-NWS-LOG-UUID
X-Parallel-Accel
X-Frontend
SPRequestGuid
X-SharePointHealthScore
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Ezoic-Cdn
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-ECACHE
X-Hits
Alternate-Protocol
X-Ser
X-Content-Options
X-Tt-Trace-Tag
X-Tt-Trace-Host
MicrosoftSharePointTeamServices
X-Page-Id
Cache-Tags
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cleartype
Charset
Host
X-Git-Hash
X-Fastly-Request-Id
X-Www-Served-By
X-B3-Sampled
X-Cache-Key
X-Ruxit-Js-Agent
X-Daa-Tunnel
X-Accel-Expires
X-Geo-Country
X-Content-Digest
X-DIS-Request-ID
X-Amzn-Trace-Id
X-Amz-Replication-Status
Filterid
X-XRDS-LOCATION
X-Debug-Info
X-Varnish-Age
TP-Cache
TP-L2-Cache
X-Hostname
X-Az
X-Activity-Id
X-AppVersion
X-Forwarded-Proto
X-VCache
X-Upgrade-Enabled
X-FB-Debug
X-Rid
X-Grace
X-Origin-Server
Access-Control-Allow-Method
Cross-Origin-Opener-Policy
X-N
X-Ratelimit-Limit
X-Nginx-Upstream-Cache-Status
X-WebKit-CSP-Report-Only
X-LB-Cache
X-F-Cache
X-Mobile-URL
ServerID
X-Is-Crawler
X-Flags
X-Providence-Cookie
X-Route-Name
X-Request-Guid
X-Aspnet-Duration-Ms
X-Whom
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-TT
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Varnish-Grace
X-Tb
Viewport
X-App-Environment
X-FW-Type
X-FW-Static
X-FW-Server
Node
Payment
X-Origin-Upstream-Status
X-App-Server
X-FW-Hash
X-FW-Dynamic
X-Distributor
X-FW-Serve
DC
X-Server-ID
X-Seen-By
Paypal-Debug-Id
X-Type
X-NGENIX-Cache
X-User-Agent
Fastcgi-Useragent
X-Cache-Control
Accept-Charset
Country
X-Logged-In
X-Microsite
X-Request-Handler-Origin-Region
X-Wix-Request-Id
X-Cache-Rule
X-Litespeed-Cache
X-Cache-Age
Version
X-Webkit-CSP
X-Via-JSL
X-Drupal-Cache-Tags
X-Varnish-Backend
Referer-Policy
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-DataDome
X-Load-Cache
X-Node-Name
Refresh
X-Cluster-Name
X-Contextid
X-Mobile
X-Signature
X-B-Cache
X-Tec-Api-Root
Cache-Status
X-Cache-Action
X-Tec-Api-Origin
X-Original-Request-Id
X-Response-Served-From
Access-Control-Request-Headers
X-Tec-Api-Version
SD-X-WS
X-Real-IP
X-Cacheable-TTL
X-Cache-Expired-At
X-Page-View
X-Proxy-Cache-Status
X-Jobs
X-Is-Bot
X-Rendered-As
X-IPLB-Instance
X-Vgn-Hpd-Reason
NGB
X-ProcessESI
VIX-Pulpo-Node
X-Debug
X-RemovedCookies
X-UUID
X-B
VIX-Pulpo-Upstream-Status
X-Revision
X-Device-Type
X-Instance
X-Yottaa-Optimizations
X-Rule
X-Proxy
X-Yottaa-Metrics
X-Framework
X-G
Akamai-GRN
X-Cache-Time
X-Drupal-Cache-Contexts
X-Fastly-Request-ID
Surrogate-Key
X-Debug-IsPreview
X-Debug-IsConnected
CF-IPCountry
Amp-Access-Control-Allow-Source-Origin
X-Fastcgi-Cache
X-FW-Version
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
SID
DynaTrace
X-TEC-API-ORIGIN
X-Ratelimit-Reset
X-TEC-API-ROOT
X-TEC-API-VERSION
Liferay-Portal
X-PressLabs-Stats
X-Azure-Ref
Healthy
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Presslabs-Stats
X-Nginx-Cache
X-Source
Frame-Options
X-Ms-Version
X-Ms-Request-Id
GEO-INFO
Count-Hit
MS-CV
X-RTag
Ms-Operation-Id
X-Cache-Operation
X-Oneagent-Js-Injection
X-APP-VERSION
Uber-Trace-Id
X-Accel-Buffering
Xserver
X-Tumblr-Pixel-0
X-L-Path
X-CDN-Forward
X-Tumblr-User
X-Tumblr-Pixel-1
Countrycode
X-Environment-Context
X-Cache-Hit
X-Tumblr-Pixel
X-EdgeConnect-Cache-Status
X-XRDS-Location
X-Varnish-Server
X-Zen-Fury
Ec-Rule-Version
X-Region
X-Backend-Name
X-Servername
X-Forwarded-Host
Cross-Origin-Window-Policy
Backend
X-IPS-LoggedIn
X-Content-Powered-By
X-Cache-NGX
Section-Io-Cache
X-Mode
X-Ratelimit-Remaining
X-Cache-TTL-Remaining
Protected
Meta-Geo
X-Cache-Type
X-UPSTREAM-Address
X-JoinUs
X-SaId
X-Detected-As
X-RN-RSRV
X-Cache-Grace
X-Human
X-Varnish-Beresp-Grace
X-Sorting-Hat-ShopId
X-Generation-Time
Country-Code
X-Alternate-Cache-Key
Eomportal-Instance
X-Redis-Cache
X-Rewrite-Enabled
Decoy-Debug-TTL
X-Cache-Server
Decoy-Debug-Status
Decoy-Debug-Key
X-Hosted-By
X-ShopId
X-Tid
X-Sorting-Hat-PodId
X-Sql-Duration-Ms
X-Shopify-Stage
X-ShardId
Apigw-Requestid
X-Sql-Count
X-Debug-Cache
X-Uri
X-Origin-Date
X-Storage
X-Site-Version
X-Status
X-ProxyCache-Key
X-No-Session
X-Soup
Url
X-ProxyCache-Status
Mn-Server-Ip
X-NCache
X-BYPASS-REASON
X-PERF
X-FB-TRIP-ID
X-ServerID
X-PHP-Backend
Cache-Name
X-Via-Fastly
Fastly-SSL
X-Microcachable
X-ApacheServer
X-UA-Device-Type
Cache-Tv-Group
TWC-Connection-Speed
X-Proxy-Build
Property-Id
X-Origin-Hint
DB-Nickname
Selected-Fe
X-Format
X-Say-TTL
X-Web-Node
X-Say-Cacheable
X-NYM-Debug-Backend
X-SayCDN-TTL
X-Cache-Host
X-Timing-Wait
X-PCL
X-Server-W
X-Akamai-Edgescape
X-Adobe-Loc
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-OCL
TWC-Privacy
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Device-Class
X-Adobe-Content
X-NewRelic-App-Data
X-R9-Blue-Green-Version
X-Cluster-Node
X-Section
X-Routing-Service
X-Extlb
X-Access
X-Zipkin-Id
X-Pubstack
Azure-InstanceId
X-Proxied
X-Varnishpool
OT-Force-Account-Verify
X-Content-Age
X-Hl-Ver
Azure-SlotName
Azure-RegionName
Azure-SiteName
Azure-Version
Content-Secure-Policy
X-Be
X-RateLimit-Limit
X-Ua
X-LSADC-Cache
SRV
X-Hyper-Cache
CDN-Cache
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
CDN-Uid
CDN-CachedAt
X-Azure-Ref-OriginShield
X-Generated-By
X-Webkit-Csp
X-Trace-Id
X-TIME
Content-Disposition
Source
X-Cached-By
X-Unique-Id
X-SRV
X-Dc
LB
WPO-Cache-Status
WPO-Cache-Message
Cache
X-Nginx-Cache-Key
X-Bc-Bl
X-App-Version
X-LAGOON
X-HTML-Minification-Powered-By
Cache-Hits
X-Auto-Login
Retry-After
X-Varnish-Hits
X-Origin-TTL
Xet-Cookie
X-Amz-Meta-S3cmd-Attrs
X-Origin-CC
X-Loop
X-Varnish-Hostname
X-TNCMS
X-TT-LOGID
X-Akamai-Transformed
X-GEO
Onion-Location
Mime-Version
X-S-Maxage
HostName
X-ECache
X-Platform-Server
X-Xfnlog-Site
X-Tumblr-Pixel-3
X-Cdn
X-Tumblr-Pixel-2
X-Cache-Var
Web-Mar-Node
X-Cache-Var-Map
X-CSRF-Token
X-Proto
X-Time
X-Cache-Tags
X-CACHE-KEY
Webserver
X-Cache-Remote
X-Varnish-Cache-Hits
Upgrade-Insecure-Requests
X-Edge-Location
X-Endurance-Cache-Level
X-Tenant
X-Time-Microsecs
X-Request-Time
X-VWS-Id
ServedBy
X-AWS-Id
X-LJ-Flow-ID
X-EC-Lua
N-Cache
X-GG-Cache-Date
X-AOL-HN
CloudFront-Viewer-Country
X-M-Log
X-M-Reqid
AMP-Access-Control-Allow-Source-Origin
X-Mg-Request-UUID
X-Request-Host
X-Qnm-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-PHP-Host
X-Labrador-Cache-Channel
From-Origin
X-FireWall-Port
WP-Super-Cache
X-B3-SpanId
X-Via-NSCOPI
Expiry
X-SD-PageType
X-Gen-Mode
L
X-Hnp-Log
X-ScT
X-Processor
X-Slack-Backend
X-Session-Fingerprint
X-Shop-Environment
V-Age
X-ND-Cache
X-NAPM-TraceId
Fastcgi-X-Cache-Version
User-Cache-Control
X-A
X-Ig-Push-State
Pramga
DSUID
Redirect-Candidate
Rendered-Blocks
X-Origin-Response-Time
BehaviorPad-Version
X-PAYTM-SRV-ID
X-PBS-Appsvrname
Odigeo-Trace-Id
DCR-Processing-Time-Ms
CDCHOST
Origin
X-Planisys-CDN-TTL
A
Meta-Geo-Continent
X-Planisys-CDN-Rules
Mobile-Detection-Method
X-Rojux
X-S
Surrogated-Key
DCR-Decision-By
X-Ftr-Request-Id
X-Planisys-CDN-Cache
X-Orig-Expires
Sslversion
X-S-Cookie
Xc-Version
Nel
X-Correlation-ID
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-V-Cache
X-Conf
X-A-Wwc
X-Connection-Hash
X-D
X-Aed
X-Application
X-ARC
X-TIM-N
X-B-Cookie
X-Destination
X-Cache-Date
X-Cache-NE
X-Developer
X-SVT-ORM-VERSION
X-External-Request-Id
X-SRCache-Key
X-CF-Lambda-Fn
X-Vdms-Version
X-A-Dam
X-A-Ccd
X-Block-Status
X-Forwarded-Path
X-CF-Lambda-Version
X-Vdms-Path
X-RCS-CacheZone
X-Ckpd-Fst-Backend
X-SVT-ORM-RULES
X-A-Dcw
X-Cluster
X-VG-WebCache
X-A-Dgt
X-Handled-By
X-Locale
X-MP-GENERATED-AT
X-Cache-Info
X-Cache-Bucket
PFcat
Release
X-Origin-Time
X-Cdn-Srv
X-Li-Fabric
X-Core-Mission
Host-ID
X-Li-Pop
X-LI-UUID
Origin-EX
Origin-CC
X-Owner
X-Men
X-Fetched-On
Vix-Hermes-Req-Id
X-Fastly-Cache
X-Epic-Correlation-Id
X-NodeID
X-Device-Os
Wxu-Next-Commit
X-HN
X-Geo-Header
X-Gdpr
X-Hash
Wxu-Next-Region
Wxu-Next-Hostname
True-Client-Country-4JS
X-Accel-Expires-Debug
X-Location
Ssr
X-Date
X-Old-Content-Length
Gh-Request-Id
State
X-Forwarded-Site
X-Nyt-Route
Traceparent
X-Aicache-OS
X-Mvc-Supplant-Cachable
Svr
X-Origin-Expires
X-Rocket-Nginx-Serving-Static
Cmstype
X-Zone
X-Sucuri-ID
X-Webstats-RespID
Cmsid
AKAMAI
X-VarnishDD-TTL
X-Varnish-Beresp-Status
Arc-Country
CacheControlHeader
X-Scheme
X-Sucuri-Cache
X-Policy
X-Skip-Cache
X-VServer
Fastcgi-Cache-TTL
X-Server-IP
X-Storefront-Renderer-Rendered
X-Proxy-Upstream
X-Served-From
X-VC-Cache
X-Varnish-Ttl
Fastly-Drupal-Html
Environment
Server-Info
X-NWS-UUID-VERIFY
X-Core-Value
X-RateLimit-Limit-Second
X-Datadog-Parent-Id
X-Esi-Check
Ha-Gx-Prefs
X-TH-Server
X-Adobe-Source
X-UnsetCookies
X-Generated-On
HA-Ipaddr
X-GeoIP
X-Request-URI
X-Viewer-Country
X-Sn-Servicetimems
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-RateLimit-Remaining-Second
X-Fastly-Backend
Fastly-GeoIP-CountryCode
X-Developers
X-Bip
X-Envoy-Decorator-Operation
X-Branch-Name
X-Cache-Config
X-Cache-Debug
X-Level-Front-Cache
X-Cdn-Origin
X-BBC-Edge-Cache-Status
X-TrackingId
X-Gamma-Serve
X-VG-TLSProxy
X-Cache-Id
X-Thanos
X-Thinkindot-L3
X-ATG-Version
X-Eu-Site
X-Csrf-Jwt
Web-Mar-Region
Locid
Apple-News-Services-Handled
Apple-News-Services-Host
Req-Svc-Chain
X-HS-Content-Campaign-Id
X-Reqid
Server-Host
X-Backend-State
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Mail-Subject
X-Irp-Debug
X-CGP
X-Region-Sid
X-Req
We-Hiring
Machine
X-Request-Start
X-Platform
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-GeoIP-City
X-Gzip
X-Sigma-Backend
X-Sigma
X-Node-Id
TDXMobile
X-Cache-Enabled
L5d-Success-Class
X-Rocket-Build-Number
X-Magnolia-Registration
X-Qloud-Router
NM-Fastcgi-Cache
Memcached
X-Rebelmouse-Cache-Control
NGX
Fastly-SWR
X-DefHash
X-DefElseHash
Is-Eu
X-Pod-Name
X-DPWN-IS-SECURE
Fastly-SIE
X-JWT-State
X-Variation
X-Origin
X-Is-Gdpr
Adler-Geo
X-Response-By
X-Amzn-Remapped-Content-Length
X-NU-AKA-ACS-Version
X-Has-Esi
X-Loc
Platform
X-Worker
Cf-Device-Type
X-FC-Vary-Parameters
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Rebelmouse-Surrogate-Control
X-Varnish-CookieHashed-On
X-Xrds-Location
X-Backend-TTL
X-Mvc-Supplant-OutputCached
X-Datadome
X-Ua-Device
X-CS
X-API-Version
X-CLOUD-TRACE-CONTEXT
X-NC
X-GeoIP-Region-Code
X-Up
X-LB-ID
X-GeoIP-Country-Code
X-Tx-Id
Candidate-Md5Url
X-Varnish-Beresp-Ttl
CDN
X-Generated-In
Datacenter
X-DynaTrace-JS-Agent
X-TraceId
S-Rt
Pics-Label
Magicmarker
Ms-Author-Via
X-Trace-ID
X-Tb-Optimization-Total-Bytes-Saved
X-Tt-Logid
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Vc
NtCoent-Length
On-Server
X-Restarts
Kp-EeAlive
X-Edge-Pop
WWW-Authenticate
Env
Esi-Enabled
Memory
GeoIp-Country-Code
X-Optimistic-Header
Time
X-LB-NoCache
WebServer
X-Akamai-Request-ID2
X-Http-Reason
X-Refresh
X-DI
Edge-Cache
X-Cache-Backend
X-DW
X-RPS
X-RPM
X-RSL
X-Wix-Viewer-Type
X-DSS
X-DB
X-Varnish-Beresp-TTL
X-Action
X-TA-CDN-Provider
X-CacheTTL
C-Via
X-DC
X-Service
X-Dynatrace
X-TX-ID
X-Cache-PHP
X-Esi
X-Minions-Version
X-Newrelic-Synthetics
X-Cs
X-Parent-Response-Time
X-Srv
X-Unique-ID
X-MSEdge-Features
Accept-Language
X-MSEdge-Flight
X-HA-Backend
X-Servedbyhost
X-Render-Time
X-Cache-Status-Check
Server-ID
X-ZONE
X-Li-Proto
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Cache-Ttl
X-FPC
X-App
X-Ec-Fail
X-Ec-GeoHdr
X-VCL-Version
X-User
X-URL
X-B3-Spanid
Proxy-Connection
X-Fpc
X-LI-Proto
Server-Id
X-Pass-Why
Test
X-Webkit-Csp-Report-Only
X-Vcl-Version
X-Info
X-AIR-PT
X-Traceid
X-LiteSpeed-Cache-Control
X-Clientip
X-NODE
X-Webkit-CSP-Report-Only
Tcn
Geo-Info
Cdnsip
Cache-Host
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
HIT
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
UCS
X-AK-Request-ID
Cdncip
X-WADP-Cache
Geoip-Latitude
My-App
M-TraceId
Cluster
X-Fmm-Version
X-Clara-WADP
S-Cnection
X-CUA
X-Var-Ttl
X-ServedByHost
Fastly-Drupal-HTML
Tracecode
Cf-Int-Pingora-Origin-Digest
X-HostName
Resin-Trace
X-LiteSpeed-Tag
X-Cdn-Forward
X-CSRF-TOKEN
T-Server
User-Agent
X-Micro-Cache
X-Ha-Backend
X-ID
Fastly-Backend-Name
X-From
Lfy
Hostname
X-Pad
X-Fragments
Lang
Hit
X-RAMCache
GeoIP-Country-Code
X-Backend-Host
Section-Io-Id
Ohc-File-Size
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Release
Section-Origin-Responded
X-Mcache
Lb
X-Geo
DataCenter
X-Dynatrace-Js-Agent
X-BCube-Filmed-By
X-Check-Cacheable
X-Edge-POP
X-APP
MIME-Version
X-Via-PopV
X-Via-PopN
X-Via-PopH
Target-Params
X-BBC-Origin-Response-Status
ENV
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-ElasticPress-Query
X-VC
Load-Balancing
X-HS-Status
X-NGINX-Cache
X-Api-Version
X-Edge-Cache
Path
EpKe-Alive
X-Ucs
X-WA
X-Fastly-Backend-Reqs
X-WA-Info
Cache-Key
CPC-Age
CPC-Cache
VNS-Cache
VNS-Age
X-Amz-Meta-Cb-Modifiedtime
X-Lb-Nocache
URI
X-ServerName
Uri
PICS-Label
X-ES-SERVER
X-Httpd
Servername
FSS-Cache
X-Wikidot-Static-Cache
X-GoCache-CacheStatus
X-Wikidot-Backend
X-Proxy-Cache-Info
Permissions-Policy
X-Fastly-Cache-Hits
X-UP
X-TRACE-ID
X-Akamai-ERRuleID
Producers
Cdn
WZWS-RAY
X-Akamai-ERPolicy
ServerName
X-Lb-Id
X-RateLimit-Reset
X-Cms-Context
Pagetype
X-Provided-By
Shield-Pop
X-Nc
Cteonnt-Length
Cneonction
Ohc-Cache-HIT
X-PJAX-URL
X-Cdn-Request-ID
X-B3-ParentSpanId
X-Dw-Trace-Id
X-CCDN-Origin-Time
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Cf-Ipcountry
X-CCDN-CacheTTL
X-Cache-ASPX
X-Newrelic-App-Data
X-Pool
X-SB
X-Cache-CFC
X-Apw-Hits
Server-Ttl
X-Apw-Access-Token
X-Apw-Access-Object
CF-Cached-On
X-Hcs-Proxy-Type
X-Apw-Access-Action
X-Vcache
X-Via-Ucdn
X-Acquia-Site
X-Contensis-Viewer-Groups
X-Swift-Error
X-Snapshot-Date
MD5-Digest
X-Akamai-Pragma-Client-IP
X-Yottaa-OS
Srv
Vha6-Origin
X-Cache-Ngx
Sid
X-Air-Pt
X-Last-Modified
X-SIPLIST1
CountryCode
X-VG-WebServer
X-Miniprofiler-Ids
Req-ID
X-CacheKey
X-UA
X-Udemy-Cache-App-Namespace
Server-Ext
X-B3-Parentspanid
W
X-Sentry-ID
Ngx
X-Varnish-Authentication
X-Http-Count
X-Http-Duration-Ms
Server-Hostname
X-Logging-Id
Sever-Int
X-Te-Duration-Ms
X-Te-Count
IsBot