Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-Envoy-Upstream-Service-Time
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Akamai-Path-Stats
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Dns-Prefetch-Control
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
Host-Header
X-Amz-Id-2
X-Proxy-Cache
X-UA-Device
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Ua-Compatible
Allow
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-Aws-Lambda-Call-Status
Cf-Edge-Cache
X-CST
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
Content-Location
Rating
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
Accept-Ch
X-Url
Accept-Ch-Lifetime
X-Country
X-Ruxit-JS-Agent
Fastly-Restarts
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-Vname
X-TtlSet
X-PC
RTSS
Edge-Control
X-VARITI-CCR
X-Amz-Server-Side-Encryption
X-Varnish-TTL
X-Server-Name
X-ESI
Cache-Tag
X-ASPNET-VERSION
X-Content-Type
X-B3-TraceId
X-Vcap-Request-Id
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-Amz-Rid
X-Edge
X-Px
Public-Key-Pins
X-D2id
X-Cnection
X-Ser
X-Navigation-Version
X-Ac
X-Powered-By-Plesk
X-Sol
Display
X-Middleton-Display
Pagespeed
Verso
X-Element-Page-Cache
X-Abt-Application-Version
X-Client-IP
X-RateLimit-Remaining
X-Version
Arr-Disable-Session-Affinity
X-Litespeed-Cache
X-Content-Security-Policy-Report-Only
X-Cache-TTL
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-Middleton-Response
Response
X-Ttl
X-NF-Request-ID
X-Goog-Hash
SPIisLatency
SPRequestDuration
Access-Control-Request-Method
X-Cached
X-Kinsta-Cache
X-Correlation-Id
SPRequestGuid
X-SharePointHealthScore
AR-CACHE
AR-PoweredBy
X-Edge-Location-Klb
AR-ATIME
AR-Request-ID
AR-SID
X-Powered-CMS
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Upstream
Edge-Cache-Tag
X-LLID
X-TTL
X-Forwarded-For
X-NWS-LOG-UUID
Content-MD5
X-Cache-Key
X-RateLimit-Limit
Nginx-Cache
X-Id
X-Shield-Request-Id
X-MSEdge-Ref
X-ECACHE
MRF-Tech
Mrf-Cache-Status
X-WebKit-CSP-Report-Only
TCN
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Recruiting
X-Ruxit-Js-Agent
X-T
S
X-B3-TraceId-Primal
X-Daa-Tunnel
X-Content-Digest
X-Mg-S
X-Ua-Device
X-SRCache-Store-Status
X-Jurisdiction
X-SRCache-Fetch-Status
X-HP-Trace-Id
X-HP-Webp
X-DataDome
TP-L2-Cache
TP-Cache
X-Grace
X-Accel-Expires
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-DynaTrace
MicrosoftSharePointTeamServices
X-Frontend
X-Ezoic-Cdn
Front-End-Https
X-Yandex-Sdch-Disable
X-Ua-Browser
X-Content
Filters
Server-Node
X-Ab
X-Request-Received
X-Request-Processing-Time
X-Protected-By
X-Server-ID
X-PressLabs-Stats
X-Distributor
X-Origin-Server
MS-Author-Via
Fastcgi-Cache
X-Hits
X-Mcache
X-Geo-Country
X-Mid
X-Webkit-Csp
X-LB-Cache
X-Request-Handler-Origin-Region
X-ORACLE-DMS-ECID
X-Microsite
X-ORACLE-DMS-RID
X-Tt-Trace-Host
X-Tt-Trace-Tag
Charset
X-Amzn-Trace-Id
Host
X-Git-Hash
X-Debug-Info
X-B3-Sampled
X-F-Cache
Cross-Origin-Opener-Policy
Cleartype
X-Forwarded-Proto
X-Page-Id
X-Cache-Age
Cache-Status
Realpath
X-Seen-By
X-Fastly-Request-Id
X-DIS-Request-ID
X-Webkit-CSP
Access-Control-Allow-Method
X-Az
X-AppVersion
X-Activity-Id
X-Www-Served-By
X-Ratelimit-Reset
Accept-Charset
X-Aspnetmvc-Version
X-Nginx-Upstream-Cache-Status
Filterid
Cache-Tags
X-Varnish-Age
ServerID
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Content-Options
X-Cluster-Name
Permissions-Policy
X-Rid
Retry-After
X-Type
X-FB-Debug
X-App-Environment
X-Varnish-Backend
X-Oracle-Dms-Ecid
Server-Name
X-Tb
X-Oracle-Dms-Rid
X-Varnish-Grace
Country
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Request-Guid
X-User-Agent
X-Route-Name
X-Flags
Node
X-B-Cache
X-Upgrade-Enabled
Viewport
X-Drupal-Cache-Tags
X-Language
X-Goog-Generation
X-Wix-Request-Id
X-Signature
X-TT
X-B
X-Whom
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
DC
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Amz-Meta-S3cmd-Attrs
X-VCache
Paypal-Debug-Id
Fastcgi-Useragent
X-Origin-Cache
X-Debug
X-Mobile-URL
X-NWS-UUID-VERIFY
Protected
X-N
X-Amz-Replication-Status
X-Cache-NGX
X-Logged-In
Payment
X-XRDS-LOCATION
Surrogate-Key
X-Load-Cache
WPO-Cache-Status
WPO-Cache-Message
Amp-Access-Control-Allow-Source-Origin
X-Midtier
X-MCACHE
X-Via-JSL
X-Cache-Control
Count-Hit
X-Contextid
Healthy
X-Node-Name
Alternate-Protocol
X-Erf-Bev-Bev-Is-Generated
X-Restarts
X-Mobile
X-NGENIX-Cache
X-Erf-Bev-Bev
X-Browser-Type
X-XRDS-Location
X-Proxy
Content-Disposition
X-FW-Dynamic
X-FW-Hash
X-Response-Served-From
X-Original-Request-Id
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Server
SD-X-WS
Akamai-GRN
X-Zen-Fury
X-Jobs
Url
X-G
Refresh
X-Revision
Uber-Trace-Id
X-Servername
X-Adobe-Content
X-Cache-TTL-Remaining
X-Page-View
X-Framework
X-Akamai-Request-ID2
X-Cache-Time
X-Adobe-Loc
X-Real-IP
X-UUID
X-Device-Type
X-Cacheable-TTL
VIX-Pulpo-Node
X-Debug-IsPreview
X-Http-Reason
VIX-Pulpo-Upstream-Status
X-Debug-IsConnected
X-Mg-Request-UUID
X-Drupal-Cache-Contexts
Access-Control-Request-Headers
X-Varnish-Server
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Is-Bot
X-Template
X-Rendered-As
X-Proxy-Cache-Status
X-Cache-Grace
X-Instance
NGB
X-Environment-Context
X-L-Path
X-HTML-Minification-Powered-By
X-ECache
X-Hostname
X-B3-Traceid
X-IPLB-Instance
X-Source
X-EdgeConnect-Cache-Status
Version
Frame-Options
X-Oneagent-Js-Injection
Accept-Language
Countrycode
Referer-Policy
MS-CV
Ms-Operation-Id
X-RTag
X-Fastly-Request-ID
X-Datadome
Liferay-Portal
X-Ratelimit-Remaining
X-Trace-Id
X-NYM-Debug-Backend
X-App-Server
X-Cache-Expired-At
X-Cache-Rule
From-Origin
X-Cache-Hit
X-Vgn-Hpd-Reason
Cross-Origin-Window-Policy
Backend
X-Tumblr-Pixel
X-Tumblr-User
X-COUNTRY
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-IPS-LoggedIn
X-Hosted-By
X-Nginx-Cache
X-Unique-Id
X-FW-Version
Section-Io-Cache
X-RN-RSRV
WP-Super-Cache
X-Status
Load-Balancing
Upgrade-Insecure-Requests
X-UPSTREAM-Address
X-Cache-Server
Meta-Geo
X-Cache-Enabled
X-RemovedCookies
X-FB-TRIP-ID
X-Labrador-Cache-Channel
X-OCL
X-PCL
X-Redis-Cache
X-No-Session
Content-Secure-Policy
X-ProcessESI
X-PHP-Host
CF-IPCountry
X-Fastcgi-Cache
X-APP-VERSION
X-Section
X-Uri
X-Access
X-AOL-HN
X-LJ-Flow-ID
X-Akamai-Edgescape
X-Content-Age
X-UA-Device-Type
X-Ua
Fastly-SSL
X-Sql-Duration-Ms
Apigw-Requestid
X-Sql-Count
X-AWS-Id
S-Rt
Mn-Server-Ip
X-Origin-Date
X-PHP-Backend
X-VWS-Id
X-Via-Fastly
X-Mode
X-Be
X-Request-Time
X-Region
X-Shopify-Stage
X-Sorting-Hat-PodId
Azure-SlotName
X-ShopId
X-Sorting-Hat-ShopId
X-Nginx-Cache-Key
TWC-Connection-Speed
X-Alternate-Cache-Key
Azure-Version
Property-Id
X-ShardId
TWC-Device-Class
Locale
X-Say-TTL
X-Say-Cacheable
X-Xfnlog-Site
Azure-InstanceId
Azure-RegionName
X-GG-Cache-Date
X-Storage
X-Cache-Tags
X-Cms-Context
X-Human
X-Content-Powered-By
X-Format
X-Cluster-Node
TWC-GeoIP-Country
Webcakes-Region
X-SayCDN-TTL
X-Platform-Server
Webcakes-App-Version
Webcakes-App-Name
X-Debug-Cache
X-Adobe-Source
X-ProxyCache-Status
X-ProxyCache-Key
X-Varnish-Cache-Hits
X-Generated-By
X-BYPASS-REASON
X-Urbn-Site-Id
X-Site-Version
X-Urbn-Context-Path
Azure-SiteName
X-Origin-Hint
Eomportal-Instance
X-ApacheServer
X-PERF
X-Forwarded-Host
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Server-W
TWC-Privacy
X-Generation-Time
X-NewRelic-App-Data
X-Detected-As
X-Extlb
X-GeoCode
X-Cache-Host
X-ServerID
X-Cache-Type
X-Hl-Ver
X-GeoCountry
X-Zipkin-Id
X-Locale
X-Tid
X-Proxied
X-Routing-Service
X-Varnishpool
X-Web-Node
X-VC-Cache
X-Storefront-Renderer-Rendered
X-Handled-By
X-Edge-Location
Cache-Tv-Group
X-Backend-Name
X-SaId
X-Proxy-Build
X-JoinUs
CDN-PullZone
Selected-Fe
X-Timing-Wait
Ec-Rule-Version
CDN-RequestId
CDN-RequestCountryCode
X-Proto
CDN-Cache
CDN-Uid
CDN-CachedAt
CDN-EdgeStorageId
X-App-Version
ServedBy
Webserver
X-Dc
X-Cache-Action
Fastly-Drupal-Html
X-Ratelimit-Limit
X-CDN-Forward
X-LSADC-Cache
Web-Mar-Node
X-GEO
SRV
Onion-Location
X-Parallel-Accel
X-Cached-By
X-Varnish-Hostname
Mime-Version
Cache-Hits
X-Hyper-Cache
X-IPLB-Request-ID
X-Cache-Remote
X-Magnolia-Registration
X-Rule
X-Cdn
X-Cluster
X-Cache-Operation
X-Rewrite-Enabled
SID
X-Envoy-Decorator-Operation
X-Tt-Logid
X-Soup
X-Air-Source
X-Air-Trace-Id
X-Origin-TTL
X-Origin-CC
X-Air-Hostname
X-Varnish-Hits
LB
Xserver
X-SRV
X-Accel-Buffering
X-Reqid
Xet-Cookie
X-Microcachable
X-TT-LOGID
X-Pubstack
Cache
DB-Nickname
X-MP-GENERATED-AT
Country-Code
Server-Info
X-Xrds-Location
X-CSRF-Token
Source
X-Buckets
X-Tumblr-Pixel-3
X-TA-CDN-Provider
X-Tumblr-Pixel-2
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Request-Host
X-Via-NSCOPI
X-B3-SpanId
X-Endurance-Cache-Level
X-Tx-Id
X-Origin-Response-Time
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Ec-Fail
X-Geo-Header
X-HS-Content-Campaign-Id
X-Hash
X-Amzn-RequestId
X-Amz-Apigw-Id
Surrogated-Key
X-Ig-Push-State
T-Server
X-Gzip
DynaTrace
X-External-Request-Id
X-Forwarded-Path
X-Ftr-Request-Id
Host-ID
A
X-Esi-Check
X-D
X-A-Wwc
X-Cache-NE
X-A-Dgt
X-Cdn-Srv
X-Cache-Id
X-BCube-Filmed-By
X-Application
X-ARC
X-B-Cookie
X-Aed
X-CF-Lambda-Fn
X-CF-Lambda-Version
Sslversion
X-Destination
X-Developer
X-A-Ccd
X-Skip-Cache
X-Connection-Hash
X-A-Dcw
X-A-Dam
X-Conf
X-A
X-Processor
X-Tenant
DCR-Processing-Time-Ms
X-TIM-N
NM-Fastcgi-Cache
X-TrackingId
DCR-Decision-By
X-SRCache-Key
X-Session-Fingerprint
X-Shop-Environment
Cmsid
X-Time
X-User
Mobile-Detection-Method
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Fastcgi-X-Cache-Version
Lang
Xc-Version
X-VG-WebCache
X-Vdms-Version
Meta-Geo-Continent
Expiry
MD5-Digest
X-Vdms-Path
X-SD-PageType
Cmstype
Cdnsip
X-Orig-Expires
X-NAPM-TraceId
X-AK-Request-ID
X-ScT
Cdncip
X-PAYTM-SRV-ID
X-PBS-Appsvrname
Pramga
Cache-Key
Candidate-Md5Url
X-Newrelic-Synthetics
Odigeo-Trace-Id
X-S-Cookie
X-S
Rendered-Blocks
BehaviorPad-Version
X-Rojux
X-Ms-Request-Id
X-Ms-Version
X-Cache-Status-Check
Is-Eu
Kp-EeAlive
Machine
X-Ad-Defer-Variation
Memcached
Platform
State
Wxu-Next-Region
Wxu-Next-Hostname
Producers
Wxu-Next-Commit
Server-Host
X-GeoIP
X-Sigma
X-Sigma-Backend
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Scheme
X-SB
X-Origin-Expires
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rocket-Build-Number
X-TNCMS
X-V-Cache
X-Wix-Viewer-Type
X-Worker
X-SplitTest
XM
X-WADP-Cache
X-Varnish-Remaining-TTL
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Origin
X-NodeID
X-Core-Value
X-DefElseHash
X-Developers
X-Device-Os
X-Core-Mission
X-Clara-WADP
X-Cache-Bucket
X-Cache-Info
X-CacheTTL
X-Ckpd-Fst-Backend
X-DPWN-IS-SECURE
X-Fastly-Cache
X-JWT-State
X-Loop
X-Mvc-Supplant-Cachable
X-Node-Id
X-Is-Gdpr
X-Irp-Debug
X-Fetched-On
X-Fmm-Version
X-Has-Esi
X-Bc-Bl
X-DefHash
Fastly-GeoIP-CountryCode
Environment
X-Varnish-Ttl
Adler-Geo
AKAMAI
Datacenter
X-RCS-CacheZone
X-NCache
X-Azure-Ref
X-Gamma-Serve
X-Gdpr
X-Loc
X-Hnp-Log
X-Forwarded-Site
X-Gen-Mode
X-Level-Front-Cache
X-GeoIP-City
X-Eu-Site
X-LAGOON
Ohc-File-Size
X-HN
X-Generated-On
X-Datadog-Trace-Id
X-Cache-Backend
X-Cache-Date
X-Branch-Name
X-Block-Status
X-Amzn-Remapped-Content-Length
X-BBC-Edge-Cache-Status
X-Cdn-Origin
X-CGP
X-Minions-Version
X-Dispatcher-Number
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Csrf-Jwt
X-Ec-Custom-Error
X-Planisys-CDN-Cache
X-Via-Ucdn
X-VServer
HostName
X-VG-TLSProxy
X-VarnishDD-TTL
X-Varnish-Beresp-Grace
X-ZONE
CPC-Age
CPC-Cache
Fastly-Backend-Name
Redirect-Candidate
We-Hiring
VNS-Cache
Mail-Subject
VNS-Age
X-Thinkindot-L3
X-Sn-Servicetimems
X-Platform
X-Policy
X-Qloud-Router
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Origin-Time
X-Aicache-OS
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-SIPLIST1
X-Slack-Backend
X-Served-From
X-Rocket-Nginx-Serving-Static
X-Region-Sid
X-Request-URI
X-Nyt-Route
X-Pool
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
TDXMobile
Origin-CC
Origin
NGX
Fastcgi-Cache-TTL
V-Age
Vix-Hermes-Req-Id
User-Cache-Control
Fastly-SIE
Traceparent
Apple-News-Services-Host
Origin-EX
Server-Ext
CloudFront-Viewer-Country
Req-Svc-Chain
CDCHOST
Release
Server-Hostname
PFcat
Apple-News-Services-Parsed-Url
Svr
Apple-News-Services-Request-Url
Ssr
Sever-Int
Apple-News-Services-Handled
N-Cache
IsBot
Fastly-SWR
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
L
X-AIR-PT
Cache-Name
X-Scale
X-Auto-Login
X-WA-Info
Cluster
X-Micro-Cache
X-Viewer-Country
X-Server-IP
Gh-Request-Id
X-Httpd
DSUID
X-Wikidot-Backend
X-Proxy-Cache-Info
X-Wikidot-Static-Cache
Web-Mar-Region
X-Pod-Name
X-Proxy-Upstream
X-Optimistic-Header
X-Owner
X-R9-Blue-Green-Version
GEO-INFO
X-WP-CF-Super-Cache-Cache-Control
X-Refresh
X-VC
Pics-Label
CDN
X-EC-Lua
X-WP-CF-Super-Cache
X-CS
X-CACHE-KEY
X-Webstats-RespID
X-From
X-Contensis-Viewer-Groups
Path
X-Ah-Environment
X-Parent-Response-Time
X-Cache-ASPX
Ms-Author-Via
X-Tb-Optimization-Total-Bytes-Saved
X-NC
Cache-Host
Ngx.Var.Host
Servername
X-Location
Env
X-Mvc-Supplant-OutputCached
X-Varnish-Authentication
X-LB-NoCache
X-Srv
X-RateLimit-Reset
X-Servedbyhost
Locid
X-Edge-Pop
XkeyRZ
Lb
X-Correlation-ID
X-Proxy-CacheRZ
X-TIME
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Cb-Modifiedtime
X-Via-Popn
X-Response-By
X-TraceId
X-Varnish-Beresp-TTL
X-Via-Poph
X-Men
X-Via-Popv
X-Generated-In
Arc-Country
Ohc-Cache-HIT
Time
X-Clientip
Memory
ITXSESSIONID
X-Old-Content-Length
AMP-Access-Control-Allow-Source-Origin
X-Akamai-Transformed
X-API-Version
X-DW
X-DB
X-HA-Backend
X-Date
Client
X-DSS
X-Accel-Expires-Debug
X-RPS
X-RPM
X-RSL
GeoIp-Country-Code
X-DI
X-S-Maxage
X-VCL-Version
True-Client-IP
X-Vc
X-VHOST
X-Cs
X-Dmc
Geoip-Latitude
X-TRACE-ID
X-Trace-ID
X-DC
X-GeoIP-Region-Code
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
Server-ID
X-GeoIP-Country-Code
X-URL
X-Api-Version
X-Fpc
FSS-Cache
X-Presslabs-Stats
Hostname
X-Cache-Debug
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
X-Zone
X-MSEdge-Features
X-MSEdge-Flight
X-DynaTrace-JS-Agent
X-Render-Time
X-Gateway-Request-Id
Powered-By
X-Webkit-Csp-Report-Only
X-Gateway-Skip-Cache
X-Service
NtCoent-Length
C-Via
X-FireWall-Port
X-Gateway-Cache-Key
X-Gateway-Cache-Status
X-INCAP-ABP
CacheControlHeader
Rip
X-TX-ID
Click-Count-Error
X-TH-Server
X-PX
X-Action
True-Client-Country-4JS
Click-Count-Action-Start
Tube-Got-Eval
Tube-Get-Contents
Tube-Got-Results
Tube-Return
Esi-Enabled
X-B3-Spanid
X-M-Reqid
X-Backend-TTL
X-M-Log
X-Traceid
Test
Tcn
On-Server
HIT
X-Qnm-Cache
X-NGINX-Cache
X-Cdn-Request-ID
Edge-Cache
X-HS-Status
X-CSRF-TOKEN
X-Alfa-Service
X-FPC
Cdn
X-Pass-Why
X-Beluga-Status
X-Beluga-Trace
Server-Id
User-Agent
Geo-Info
X-Req
OT-Force-Account-Verify
X-Beluga-Cache-Status
X-Beluga-Node
X-Beluga-Response-Time
X-Beluga-Record
X-Vcl-Version
X-Origin-Upstream-Status
X-Akamai-Pragma-Client-IP
GeoIP-Country-Code
X-Edge-Origin-Shield-Region
X-Edge-Origin-Shield-Bytes
My-App
X-Proxy-Cache-Hk
X-Check-Cacheable
Uri
GeoIP-Latitude
Proxy-Connection
Cf-Int-Pingora-Origin-Digest
Srvid
Resin-Trace
X-Via-PopN
Srv
X-Via-PopV
X-Ha-Backend
X-Via-PopH
X-CLOUD-TRACE-CONTEXT
Sid
M-TraceId
X-APP
X-Up
X-Webkit-CSP-Report-Only
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-App
Epwk-X-Cache
X-Varnish-Beresp-Ttl
X-ServedByHost
DT-Hot-News
X-Provided-By
MIME-Version
X-LB-ID
X-Cdn-Forward
WebServer
X-LI-Proto
X-Li-Pop
Server-Ttl
X-LI-UUID
X-Backend-Host
ENV
X-Li-Fabric
X-Fastly-Backend-Reqs
Warning
X-Esi
X-Lb-Nocache
ServerName
X-RAMCache
X-B3-Traceid-Primal
True-Client-Ip
X-Bip
XServer
X-Edge-POP
X-UnsetCookies
X-Fetch-By
X-Thanos
X-Geo
X-HostName
CF-Cached-On
Section-Io-Origin-Status
Section-Io-Id
X-CF-Powered-By
WZWS-RAY
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Request-Start
X-HITS
X-Time-Microsecs
X-ElasticPress-Query
X-Cc-Via
X-Newrelic-App-Data
X-Akamai-Request-ID
X-Yottaa-OS
X-Request-Url
PICS-Label
X-Dw-Trace-Id
X-ND-Cache
X-Serial
X-Nc
Fastly-Drupal-HTML
X-LiteSpeed-Cache-Control
DataCenter
X-Vercel-Id
Inserted-Into-Cache-At
X-IN-APIGATEWAYSSL
X-Vercel-Cache
Dt-Hot-News
X-IN-APIGATEWAY
Cf-Device-Type
D-Url-Rewrites
X-Iplb-Request-Id
X-Iplb-Instance
X-Vcache
X-CUA
Cdn-Uid
Cdn-Pullzone
Cdn-Cache
Cdn-Requestcountrycode
Cdn-Requestid
Servedby
Cdn-Cachedat
Wp-Super-Cache
Cdn-Edgestorageid
X-Platform-Processor
X-ATG-Version
CountryCode
Vha6-Origin
X-LiteSpeed-Tag
X-MiniProfiler-Ids
Magicmarker
X-BBC-Origin-Response-Status
X-Release
X-Dist-Code
X-Platform-Router
X-Azure-Ref-OriginShield
Content-Script-Type
X-Storefront-Renderer-Verified
X-FC-Vary-Parameters
X-Fastly-Backend
X-Var-Ttl
X-Request-URL
Target-Params
X-Sucuri-ID
X-Fragments
X-Th-Server
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache-Cache-Control
X-Sucuri-Cache
X-Platform-Cluster
X-Wp-Cf-Super-Cache
X-Fastly-Cache-Hits
X-Back
Content-Style-Type
Tracecode