Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Link
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
P3p
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-UA-Device
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
X-LiteSpeed-Cache
Grace
X-Dns-Prefetch-Control
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Device
X-Dispatcher
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Server-Id
X-Host
Cf-Railgun
X-Backend-Server
X-Node
X-Readtime
Accept-CH
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Application-Context
Content-Location
Accept-Ch-Lifetime
Rating
X-Country
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
X-Language
X-Url
X-Trace
Accept-CH-Lifetime
X-Ac
X-Content-Type
X-Template
Allow
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-Mod-Pagespeed
X-Clacks-Overhead
Edge-Control
Cache-Tag
Fastly-Restarts
X-Server-Name
X-FastCGI-Cache
X-ESI
Service-Worker-Allowed
X-Rack-Cache
X-VARITI-CCR
X-Element-Page-Cache
Verso
X-MS-InvokeApp
X-GitHub-Request-Id
X-Upstream
MS-Author-Via
X-Amz-Rid
Public-Key-Pins
X-Vcap-Request-Id
X-Buckets
X-Cached
X-Dw-Request-Base-Id
Accept-Ch
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Aws-Lambda-Call-Status
X-Cache-TTL
X-Origin-Cache
X-Cnection
X-Px
Arr-Disable-Session-Affinity
X-Country-Code
X-Navigation-Version
X-Powered-By-Plesk
X-Goog-Hash
Access-Control-Request-Method
RTSS
X-NF-Request-ID
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Version
X-Powered-CMS
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
Pagespeed
X-Sol
X-Middleton-Display
Display
X-Amz-Server-Side-Encryption
X-SRCache-Store-Status
X-Middleton-Response
Response
X-SRCache-Fetch-Status
AR-Request-ID
X-MSEdge-Ref
AR-PoweredBy
AR-SID
AR-ATIME
AR-CACHE
X-LLID
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
Nginx-Cache
Mrf-Cache-Status
X-B3-TraceId-Primal
X-TTL
MRF-Tech
X-Shield-Request-Id
X-Protected-By
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-T
S
TCN
X-Content-Security-Policy-Report-Only
Content-MD5
X-Mg-S
X-RateLimit-Remaining
X-Id
X-Forwarded-For
X-Aspnetmvc-Version
Realpath
X-MCACHE
X-CST
X-Mid
Fastcgi-Cache
Edge-Cache-Tag
SPIisLatency
SPRequestDuration
Front-End-Https
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Filters
Server-Node
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Ttl
X-Content
X-Ab
X-Ua-Browser
X-Parallel-Accel
X-Correlation-Id
X-DynaTrace
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Server-Name
SPRequestGuid
X-SharePointHealthScore
Fusion-Deployment-Id
X-NWS-LOG-UUID
X-Frontend
X-Ezoic-Cdn
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-ECACHE
Alternate-Protocol
X-Yandex-Sdch-Disable
X-Hits
X-Content-Options
X-Cache-Key
X-Ser
X-Tt-Trace-Host
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
X-Page-Id
Cache-Tags
X-Git-Hash
X-B3-Sampled
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Host
Cleartype
Charset
X-Accel-Expires
X-Www-Served-By
X-Ruxit-Js-Agent
X-Daa-Tunnel
X-Content-Digest
X-Amz-Replication-Status
X-Geo-Country
Filterid
X-Amzn-Trace-Id
X-DIS-Request-ID
X-Fastly-Request-Id
TP-Cache
TP-L2-Cache
X-Forwarded-Proto
X-VCache
X-Varnish-Age
X-Az
X-Debug-Info
X-Activity-Id
X-Hostname
X-AppVersion
X-Upgrade-Enabled
X-Rid
X-FB-Debug
X-N
X-XRDS-LOCATION
X-Origin-Server
Access-Control-Allow-Method
X-Grace
X-LB-Cache
X-Nginx-Upstream-Cache-Status
ServerID
Cross-Origin-Opener-Policy
X-F-Cache
X-Mobile-URL
X-Request-Guid
X-Route-Name
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Flags
X-Is-Crawler
X-Ratelimit-Limit
X-Whom
X-TT
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Origin-Upstream-Status
X-Varnish-Grace
X-Tb
X-App-Environment
X-WebKit-CSP-Report-Only
Viewport
X-App-Server
X-Distributor
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
Payment
X-FW-Dynamic
X-FW-Serve
Paypal-Debug-Id
DC
X-NGENIX-Cache
X-Server-ID
Node
X-Seen-By
X-Type
Fastcgi-Useragent
X-Cache-Control
X-Request-Handler-Origin-Region
X-Microsite
X-User-Agent
X-Logged-In
Accept-Charset
Country
X-Cache-Rule
X-Cache-Age
X-Litespeed-Cache
X-Wix-Request-Id
X-Fastcgi-Cache
X-DataDome
Version
X-Fastly-Request-ID
X-Webkit-CSP
X-Varnish-Backend
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Drupal-Cache-Tags
Referer-Policy
X-Load-Cache
X-Node-Name
X-Via-JSL
X-PressLabs-Stats
Refresh
X-Oracle-Dms-Ecid
X-Cache-Action
X-Cluster-Name
X-Oracle-Dms-Rid
Amp-Access-Control-Allow-Source-Origin
X-IPLB-Instance
Cache-Status
X-Original-Request-Id
X-Response-Served-From
X-Contextid
X-B-Cache
SD-X-WS
Access-Control-Request-Headers
X-Mobile
X-Signature
X-Proxy-Cache-Status
X-Page-View
X-Cacheable-TTL
X-Is-Bot
X-Real-IP
X-Jobs
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Vgn-Hpd-Reason
X-Rendered-As
VIX-Pulpo-Node
X-Revision
X-Debug
VIX-Pulpo-Upstream-Status
X-Cache-Expired-At
NGB
X-B
X-RemovedCookies
X-UUID
X-ProcessESI
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Rule
X-Device-Type
X-Proxy
Akamai-GRN
Surrogate-Key
X-Framework
X-G
X-Drupal-Cache-Contexts
X-Instance
X-Cache-Time
X-Debug-IsConnected
X-Debug-IsPreview
X-FW-Version
CF-IPCountry
DynaTrace
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
SID
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Liferay-Portal
X-Azure-Ref
Healthy
X-XRDS-Location
X-Nginx-Cache
X-Source
X-Ms-Request-Id
X-Ms-Version
X-Ratelimit-Reset
Frame-Options
Ms-Operation-Id
MS-CV
X-RTag
X-CDN-Forward
Count-Hit
X-Oneagent-Js-Injection
GEO-INFO
X-Cache-Operation
X-APP-VERSION
X-Cache-Hit
X-EdgeConnect-Cache-Status
X-Environment-Context
X-L-Path
Uber-Trace-Id
Countrycode
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Varnish-Server
Xserver
X-Accel-Buffering
X-Region
X-Backend-Name
X-Mode
X-Servername
X-Zen-Fury
Ec-Rule-Version
X-Forwarded-Host
Section-Io-Cache
X-Content-Powered-By
X-Presslabs-Stats
X-IPS-LoggedIn
Backend
Cross-Origin-Window-Policy
X-Cache-NGX
X-RN-RSRV
Meta-Geo
X-UPSTREAM-Address
X-JoinUs
X-SaId
X-Detected-As
Protected
Eomportal-Instance
X-Generation-Time
X-Hosted-By
X-Zipkin-Id
X-Routing-Service
Country-Code
X-ShardId
X-Debug-Cache
X-Cache-Server
X-Sql-Count
X-Alternate-Cache-Key
X-Proxied
X-Extlb
X-Shopify-Stage
X-Redis-Cache
X-Uri
X-Varnish-Beresp-Grace
X-Sorting-Hat-PodId
X-Sql-Duration-Ms
X-Cache-Grace
X-ShopId
X-Tid
X-Cache-Type
X-Sorting-Hat-ShopId
X-Human
X-ServerID
Apigw-Requestid
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Origin-Date
DB-Nickname
Cache-Name
X-PHP-Backend
X-Cache-TTL-Remaining
Cache-Tv-Group
Url
X-BYPASS-REASON
X-No-Session
X-Status
X-Adobe-Content
X-Adobe-Loc
X-ProxyCache-Key
Mn-Server-Ip
X-UA-Device-Type
X-Via-Fastly
X-Rewrite-Enabled
X-Microcachable
X-NCache
X-FB-TRIP-ID
X-Site-Version
X-ProxyCache-Status
X-Say-Cacheable
X-PCL
X-Say-TTL
X-SayCDN-TTL
X-OCL
Selected-Fe
X-Timing-Wait
X-Proxy-Build
X-Web-Node
X-Akamai-Edgescape
X-Cache-Host
X-Server-W
X-Format
TWC-Privacy
X-Origin-Hint
TWC-GeoIP-LatLong
Webcakes-App-Name
X-Soup
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Device-Class
Property-Id
TWC-Connection-Speed
Fastly-SSL
X-Storage
X-Hl-Ver
X-Pubstack
X-PERF
X-Varnishpool
X-R9-Blue-Green-Version
X-Section
X-NYM-Debug-Backend
X-Access
OT-Force-Account-Verify
X-ApacheServer
Azure-SiteName
Azure-Version
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Content-Secure-Policy
X-Content-Age
X-Be
X-RateLimit-Limit
X-Cluster-Node
X-Ratelimit-Remaining
X-Ua
X-LSADC-Cache
X-Azure-Ref-OriginShield
X-NewRelic-App-Data
CDN-CachedAt
X-Hyper-Cache
CDN-Cache
SRV
CDN-EdgeStorageId
CDN-PullZone
Source
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
X-Generated-By
X-Cached-By
X-Webkit-Csp
Content-Disposition
X-Unique-Id
X-SRV
Cache
X-TT-LOGID
X-HTML-Minification-Powered-By
X-Nginx-Cache-Key
LB
X-Bc-Bl
X-App-Version
X-LAGOON
Xet-Cookie
X-Time
X-Dc
X-Amz-Meta-S3cmd-Attrs
X-Auto-Login
X-Trace-Id
WPO-Cache-Message
X-Origin-TTL
WPO-Cache-Status
Retry-After
X-Varnish-Hostname
X-Origin-CC
X-Varnish-Hits
X-Loop
X-TNCMS
X-S-Maxage
Onion-Location
X-GEO
X-Cache-Var
Cache-Hits
X-Cache-Var-Map
X-Akamai-Transformed
X-TIME
Mime-Version
X-ECache
X-Platform-Server
X-Tumblr-Pixel-3
HostName
Web-Mar-Node
X-Tumblr-Pixel-2
X-Cdn
X-Proto
X-CSRF-Token
X-Time-Microsecs
X-Xfnlog-Site
X-Tenant
X-Endurance-Cache-Level
X-M-Log
Webserver
X-Qnm-Cache
X-M-Reqid
X-Cache-Remote
X-LJ-Flow-ID
X-Edge-Location
X-Cache-Tags
X-AWS-Id
X-VWS-Id
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
X-GG-Cache-Date
N-Cache
CloudFront-Viewer-Country
X-Request-Time
ServedBy
X-B3-SpanId
X-AOL-HN
X-Mg-Request-UUID
X-PHP-Host
X-Labrador-Cache-Channel
X-Amzn-RequestId
X-Amz-Apigw-Id
X-CACHE-KEY
X-RCS-CacheZone
X-Request-Host
X-Via-NSCOPI
X-EC-Lua
X-External-Request-Id
Meta-Geo-Continent
X-Session-Fingerprint
X-SD-PageType
X-ScT
X-Rojux
X-S
X-S-Cookie
X-Shop-Environment
X-Aed
Odigeo-Trace-Id
X-SRCache-Key
X-Developer
X-Slack-Backend
DCR-Decision-By
X-A-Ccd
Mobile-Detection-Method
X-ND-Cache
Origin
X-Forwarded-Path
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Locale
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
X-Origin-Response-Time
X-Application
X-Gen-Mode
Nel
X-Ftr-Request-Id
X-Handled-By
X-SVT-ORM-RULES
X-B-Cookie
DSUID
Expiry
X-Processor
X-ARC
DCR-Processing-Time-Ms
X-Correlation-ID
X-Ckpd-Fst-Backend
X-Hnp-Log
X-A-Dcw
X-Cluster
X-Conf
X-SVT-ORM-VERSION
Xc-Version
X-Connection-Hash
Surrogated-Key
X-CF-Lambda-Version
User-Cache-Control
A
X-Ig-Push-State
X-Cache-Date
X-Block-Status
X-CF-Lambda-Fn
X-Cache-NE
X-A
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-V-Cache
X-A-Dam
Pramga
X-NAPM-TraceId
X-A-Wwc
BehaviorPad-Version
X-Destination
X-TIM-N
X-Vdms-Path
Redirect-Candidate
Rendered-Blocks
X-D
X-A-Dgt
X-VG-WebCache
X-Vdms-Version
X-Orig-Expires
X-MP-GENERATED-AT
From-Origin
X-FireWall-Port
X-Storefront-Renderer-Rendered
Fastcgi-Cache-TTL
X-Hash
CacheControlHeader
X-Li-Fabric
Cmstype
Cmsid
Origin-CC
X-Cache-Info
State
X-Core-Mission
Release
Traceparent
Vix-Hermes-Req-Id
X-Aicache-OS
X-Accel-Expires-Debug
X-Cache-Bucket
X-Date
Origin-EX
Host-ID
Gh-Request-Id
X-Gdpr
X-Forwarded-Site
X-Fetched-On
X-Device-Os
X-Epic-Correlation-Id
X-Fastly-Cache
X-Geo-Header
X-Origin-Time
X-Proxy-Upstream
V-Age
X-Zone
X-Policy
X-Sucuri-Cache
X-Owner
X-VC-Cache
X-Skip-Cache
Wxu-Next-Region
X-Served-From
X-Server-IP
X-Varnish-Beresp-Status
Wxu-Next-Hostname
X-Scheme
Sslversion
X-Rocket-Nginx-Serving-Static
X-VServer
X-Origin-Expires
X-Webstats-RespID
X-LI-UUID
X-Location
X-Li-Pop
AKAMAI
CDCHOST
L
X-Men
X-Mvc-Supplant-Cachable
X-Old-Content-Length
X-Sucuri-ID
Wxu-Next-Commit
Arc-Country
WP-Super-Cache
X-Nyt-Route
Server-Info
AMP-Access-Control-Allow-Source-Origin
X-Adobe-Source
X-Reqid
Environment
X-ATG-Version
Locid
X-Cache-Id
X-Cdn-Origin
PFcat
Ssr
X-Bip
X-HN
X-Developers
X-BBC-Edge-Cache-Status
X-NodeID
X-VarnishDD-TTL
X-Cdn-Srv
X-Cache-Debug
True-Client-Country-4JS
X-Cache-Config
X-Branch-Name
Apple-News-Services-Request-Url
Svr
X-Thinkindot-L3
X-Region-Sid
X-Gamma-Serve
X-Req
X-Request-Start
X-Fastly-Backend
X-Rocket-Build-Number
X-Platform
X-Generated-On
X-Irp-Debug
X-Level-Front-Cache
X-HS-Content-Campaign-Id
X-Node-Id
X-GeoIP
X-GeoIP-City
X-Sigma
X-Esi-Check
X-Datadog-Sampling-Priority
X-Viewer-Country
X-Datadog-Parent-Id
X-Core-Value
Apple-News-Services-Host
Apple-News-Services-Handled
X-VG-TLSProxy
X-Datadog-Trace-Id
X-Sn-Servicetimems
X-Sigma-Backend
X-TH-Server
X-Thanos
X-TrackingId
Apple-News-Services-Parsed-Url
X-Gzip
TDXMobile
We-Hiring
Thinkindot-CacheControl
Fastly-Drupal-Html
Thinkindot-Control
Thinkindot-CacheControl-Type
Mail-Subject
Web-Mar-Region
Fastly-GeoIP-CountryCode
Req-Svc-Chain
Machine
Server-Host
X-Magnolia-Registration
X-NWS-UUID-VERIFY
X-NU-AKA-ACS-Version
Platform
X-DPWN-IS-SECURE
X-DefElseHash
X-DefHash
X-Origin
NGX
Cf-Device-Type
Is-Eu
X-Has-Esi
Fastly-SWR
X-Is-Gdpr
X-FC-Vary-Parameters
NM-Fastcgi-Cache
Adler-Geo
Memcached
X-JWT-State
X-Loc
X-Rebelmouse-Surrogate-Control
X-CGP
X-Csrf-Jwt
X-Backend-State
L5d-Success-Class
HA-Ipaddr
X-Envoy-Decorator-Operation
X-Eu-Site
X-Amzn-Remapped-Content-Length
X-Request-URI
X-UnsetCookies
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Ha-Gx-Prefs
X-Pod-Name
X-Variation
X-Response-By
Fastly-SIE
X-Rebelmouse-Cache-Control
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Qloud-Router
X-Worker
X-Varnish-Remaining-TTL
X-Xrds-Location
X-Cache-Enabled
Datacenter
X-CS
X-Tx-Id
X-Mvc-Supplant-OutputCached
X-Ua-Device
X-Varnish-Beresp-Ttl
X-Trace-ID
X-Backend-TTL
X-NC
X-LB-ID
X-CLOUD-TRACE-CONTEXT
Candidate-Md5Url
X-Up
X-Esi
X-API-Version
CDN
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Pics-Label
X-Tb-Optimization-Total-Bytes-Saved
On-Server
Ms-Author-Via
WWW-Authenticate
Magicmarker
X-Vc
X-Generated-In
X-Datadome
Time
Memory
Esi-Enabled
X-LB-NoCache
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-DynaTrace-JS-Agent
X-TraceId
S-Rt
Env
X-Restarts
X-DC
Kp-EeAlive
NtCoent-Length
X-Edge-Pop
X-TA-CDN-Provider
WebServer
X-Refresh
X-Optimistic-Header
X-Tt-Logid
X-Dynatrace
X-Varnish-Ttl
GeoIp-Country-Code
X-Parent-Response-Time
C-Via
X-Service
X-DSS
X-Action
X-DI
X-DB
Edge-Cache
X-Cache-PHP
X-Cache-Backend
X-CacheTTL
X-RPS
X-Wix-Viewer-Type
X-RPM
X-DW
X-RSL
X-Varnish-Beresp-TTL
X-Akamai-Request-ID2
X-Http-Reason
X-Servedbyhost
X-Srv
Server-ID
X-Minions-Version
X-Unique-ID
X-Render-Time
X-MSEdge-Flight
X-Cache-Status-Check
X-TX-ID
X-MSEdge-Features
X-Newrelic-Synthetics
X-Cs
X-Webkit-Csp-Report-Only
X-HA-Backend
X-ZONE
Accept-Language
X-VCL-Version
X-Info
X-App
X-Traceid
X-LI-Proto
X-Fpc
X-Li-Proto
X-AIR-PT
X-Cache-Ttl
X-Urbn-Site-Id
X-Urbn-Context-Path
Proxy-Connection
X-URL
Locale
X-Ec-Fail
X-User
X-FPC
Test
X-Ec-GeoHdr
X-Clientip
X-LiteSpeed-Cache-Control
X-Oss-Request-Id
X-Oss-Object-Type
UCS
X-Oss-Storage-Class
Server-Id
HIT
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-B3-Spanid
X-Vcl-Version
Cache-Host
X-NODE
X-Webkit-CSP-Report-Only
S-Cnection
Geo-Info
Tcn
X-Pass-Why
X-AK-Request-ID
Cdncip
M-TraceId
Cdnsip
Cluster
My-App
Resin-Trace
X-Clara-WADP
User-Agent
X-LiteSpeed-Tag
X-Micro-Cache
X-WADP-Cache
X-Fmm-Version
Fastly-Drupal-HTML
Cf-Int-Pingora-Origin-Digest
Fastly-Backend-Name
X-HostName
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Lb
Section-Origin-Responded
X-CSRF-TOKEN
Tracecode
Geoip-Latitude
X-CUA
GeoIP-Country-Code
X-Var-Ttl
X-ServedByHost
X-Backend-Host
X-ID
X-Ha-Backend
X-Pad
X-Dynatrace-Js-Agent
Hostname
X-Edge-POP
X-BBC-Origin-Response-Status
Ohc-File-Size
T-Server
Hit
X-APP
X-BCube-Filmed-By
X-Release
Lfy
X-From
X-Geo
X-ElasticPress-Query
X-Fragments
Lang
X-Cdn-Forward
X-RAMCache
MIME-Version
X-Via-PopN
X-Via-PopV
ENV
X-Check-Cacheable
X-Via-PopH
X-Edge-Cache
Target-Params
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-ES-SERVER
X-NGINX-Cache
X-WA-Info
X-HS-Status
VNS-Age
VNS-Cache
X-WA
X-Api-Version
CPC-Cache
EpKe-Alive
CPC-Age
Cache-Key
Path
X-Amz-Meta-Cb-Modifiedtime
Load-Balancing
X-Ucs
X-Fastly-Backend-Reqs
X-ServerName
Servername
URI
DataCenter
X-VC
X-FORWARDED-FOR
X-GoCache-CacheStatus
X-Mcache
Uri
X-UP
Pagetype
Cteonnt-Length
X-PJAX-URL
X-Cms-Context
Shield-Pop
X-Wikidot-Static-Cache
X-Fastly-Cache-Hits
X-Wikidot-Backend
X-Dw-Trace-Id
Srv
X-TRACE-ID
Cneonction
X-Lb-Id
X-Proxy-Cache-Info
Cdn
X-B3-ParentSpanId
X-Akamai-Pragma-Client-IP
X-Swift-Error
X-RateLimit-Reset
X-Lb-Nocache
MD5-Digest
X-Nc
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
FSS-Cache
X-Cdn-Request-ID
PICS-Label
X-Via-Ucdn
WZWS-RAY
X-CCDN-CacheTTL
X-Httpd
Ohc-Cache-HIT
Permissions-Policy
X-Apw-Access-Object
X-Acquia-Site
X-Yottaa-OS
X-Acquia-Purge-Tags
Producers
IsBot
X-Udemy-Cache-App-Namespace
X-Acquia-Application-Trace
X-Apw-Access-Token
X-Acquia-Application-UUID
Sever-Int
X-Newrelic-App-Data
Vha6-Origin
ServerName
CF-Cached-On
X-VG-WebServer
X-Snapshot-Date
X-Contensis-Viewer-Groups
X-Akamai-ERRuleID
X-Apw-Access-Action
X-Cache-ASPX
Server-Hostname
Server-Ext
Cf-Ipcountry
X-SIPLIST1
X-Akamai-ERPolicy
X-Apw-Hits
Server-Ttl
X-Air-Pt
Sid
X-Cache-Ngx
X-Provided-By
X-Logging-Id
W
X-B3-Parentspanid
X-Cache-Expires
X-SB
GeoIP-Latitude
X-Miniprofiler-Ids
X-CacheKey
X-Varnish-Authentication
Req-ID
X-Te-Duration-Ms
X-Te-Count
X-Http-Duration-Ms
Ngx
X-Sentry-ID
X-Last-Modified
X-Http-Count
CountryCode
X-UA