Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Link
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-Envoy-Upstream-Service-Time
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Akamai-Path-Stats
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Age
X-Robots-Tag
X-Server
X-Amz-Request-Id
X-AH-Environment
X-Proxy-Cache
X-Amz-Id-2
Host-Header
X-UA-Device
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Ua-Compatible
Allow
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-Aws-Lambda-Call-Status
Cf-Edge-Cache
X-CST
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
Content-Location
Rating
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
Accept-Ch
X-Url
Accept-Ch-Lifetime
X-Country
X-Ruxit-JS-Agent
Fastly-Restarts
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-Vname
X-TtlSet
X-PC
RTSS
Edge-Control
X-Varnish-TTL
X-Amz-Server-Side-Encryption
X-VARITI-CCR
X-Server-Name
X-ESI
X-FastCGI-Cache
Cache-Tag
X-ASPNET-VERSION
X-Content-Type
X-Vcap-Request-Id
X-B3-TraceId
X-Dw-Request-Base-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Edge
X-Amz-Rid
X-Px
Public-Key-Pins
X-D2id
X-Cnection
X-Ser
X-Ac
X-Navigation-Version
Display
X-Powered-By-Plesk
X-Middleton-Display
X-Sol
Verso
Pagespeed
X-Element-Page-Cache
X-Abt-Application-Version
X-Client-IP
X-RateLimit-Remaining
X-Version
X-Content-Security-Policy-Report-Only
X-Litespeed-Cache
Arr-Disable-Session-Affinity
X-Cache-TTL
X-GitHub-Request-Id
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
X-Middleton-Response
Response
X-Ttl
X-Goog-Hash
Access-Control-Request-Method
SPRequestDuration
SPIisLatency
X-Cached
X-Kinsta-Cache
X-SharePointHealthScore
SPRequestGuid
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-SID
X-Edge-Location-Klb
X-Powered-CMS
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Correlation-Id
X-TTL
Edge-Cache-Tag
X-LLID
X-Upstream
X-Forwarded-For
X-NWS-LOG-UUID
Content-MD5
X-Cache-Key
Nginx-Cache
X-RateLimit-Limit
X-Id
X-Shield-Request-Id
X-MSEdge-Ref
X-WebKit-CSP-Report-Only
X-ECACHE
TCN
Mrf-Cache-Status
MRF-Tech
X-TEC-API-ORIGIN
X-Recruiting
X-T
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Ruxit-Js-Agent
S
X-B3-TraceId-Primal
X-Content-Digest
X-Daa-Tunnel
X-Mg-S
X-Ua-Device
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-DataDome
X-Accel-Expires
X-Grace
TP-L2-Cache
TP-Cache
X-DynaTrace
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
MicrosoftSharePointTeamServices
X-HS-Cache-Config
X-Request-Received
X-Request-Processing-Time
X-Ezoic-Cdn
X-Ua-Browser
Front-End-Https
X-Yandex-Sdch-Disable
X-Ab
Server-Node
X-Content
Filters
X-Protected-By
X-PressLabs-Stats
X-Origin-Server
X-Distributor
MS-Author-Via
X-Hits
X-ORACLE-DMS-ECID
X-Mcache
Fastcgi-Cache
X-ORACLE-DMS-RID
X-Geo-Country
X-LB-Cache
X-Mid
X-Webkit-Csp
X-Request-Handler-Origin-Region
X-Microsite
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Amzn-Trace-Id
Charset
Host
Cleartype
X-Debug-Info
X-F-Cache
X-Git-Hash
X-Page-Id
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Forwarded-Proto
X-Cache-Age
Cache-Status
X-Seen-By
X-Fastly-Request-Id
Realpath
X-Webkit-CSP
X-DIS-Request-ID
Access-Control-Allow-Method
X-Activity-Id
X-AppVersion
X-Az
X-Server-ID
X-Www-Served-By
X-Ratelimit-Reset
Accept-Charset
ServerID
X-Aspnetmvc-Version
X-Nginx-Upstream-Cache-Status
Filterid
X-Varnish-Age
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Cache-Tags
X-Cluster-Name
X-Rid
Permissions-Policy
X-Content-Options
X-Type
Retry-After
X-FB-Debug
X-Varnish-Backend
Server-Name
Country
X-User-Agent
X-App-Environment
Viewport
X-Varnish-Grace
X-Providence-Cookie
X-Is-Crawler
DC
X-Route-Name
X-Signature
Paypal-Debug-Id
X-Request-Guid
X-B-Cache
X-Drupal-Cache-Tags
X-Aspnet-Duration-Ms
X-Wix-Request-Id
X-Tb
X-Flags
Node
X-Language
X-TT
X-Whom
X-B
X-Amz-Meta-S3cmd-Attrs
X-Upgrade-Enabled
X-Kong-Proxy-Latency
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-VCache
X-Kong-Upstream-Latency
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Origin-Cache
Fastcgi-Useragent
X-Debug
X-Mobile-URL
X-NWS-UUID-VERIFY
Protected
X-Oracle-Dms-Ecid
X-Amz-Replication-Status
X-Cache-NGX
X-Logged-In
X-N
X-Oracle-Dms-Rid
Payment
X-XRDS-LOCATION
X-Load-Cache
X-Midtier
WPO-Cache-Status
Surrogate-Key
WPO-Cache-Message
Amp-Access-Control-Allow-Source-Origin
X-MCACHE
X-Cache-Control
X-Contextid
X-Via-JSL
Count-Hit
Healthy
X-Node-Name
Alternate-Protocol
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Restarts
X-Browser-Type
X-XRDS-Location
X-NGENIX-Cache
X-FW-Hash
X-FW-Dynamic
X-FW-Server
Content-Disposition
X-FW-Static
X-Proxy
X-FW-Serve
X-FW-Type
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
Refresh
Akamai-GRN
Url
X-G
X-Zen-Fury
X-Jobs
X-Cache-Time
X-Revision
X-Page-View
X-Servername
X-Akamai-Request-ID2
X-Adobe-Loc
X-Real-IP
Uber-Trace-Id
X-Adobe-Content
X-UUID
X-Cache-TTL-Remaining
VIX-Pulpo-Node
X-Debug-IsConnected
X-Debug-IsPreview
X-Cache-Grace
X-Http-Reason
X-Device-Type
X-Framework
X-Drupal-Cache-Contexts
X-Proxy-Cache-Status
X-Instance
NGB
X-Is-Bot
X-Rendered-As
X-Cacheable-TTL
X-Template
X-Mg-Request-UUID
VIX-Pulpo-Upstream-Status
X-Yottaa-Optimizations
X-Varnish-Server
Access-Control-Request-Headers
X-Yottaa-Metrics
X-HTML-Minification-Powered-By
X-IPLB-Instance
X-Environment-Context
X-L-Path
X-ECache
X-Hostname
X-B3-Traceid
Version
X-Source
X-EdgeConnect-Cache-Status
Frame-Options
MS-CV
Countrycode
Accept-Language
X-RTag
Ms-Operation-Id
X-Oneagent-Js-Injection
X-Datadome
X-Fastly-Request-ID
Liferay-Portal
Referer-Policy
X-Ratelimit-Remaining
X-NYM-Debug-Backend
X-Trace-Id
X-Cache-Hit
X-Cache-Rule
X-App-Server
X-Cache-Expired-At
From-Origin
Cross-Origin-Window-Policy
X-Vgn-Hpd-Reason
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-COUNTRY
Backend
X-IPS-LoggedIn
X-Hosted-By
X-Nginx-Cache
X-Unique-Id
Content-Secure-Policy
X-FW-Version
Load-Balancing
X-RN-RSRV
X-Cache-Server
X-UPSTREAM-Address
Upgrade-Insecure-Requests
Section-Io-Cache
CF-IPCountry
Meta-Geo
WP-Super-Cache
X-No-Session
X-APP-VERSION
X-Status
X-PCL
X-ProcessESI
X-RemovedCookies
X-FB-TRIP-ID
X-Generation-Time
X-OCL
X-Ua
Webcakes-App-Name
Webcakes-Region
X-Be
X-UA-Device-Type
X-Cache-Enabled
X-Section
S-Rt
X-Server-W
TWC-Privacy
Webcakes-App-Version
TWC-GeoIP-LatLong
X-AOL-HN
X-Access
X-Sql-Count
TWC-Device-Class
X-Sql-Duration-Ms
TWC-Locale-Group
X-Akamai-Edgescape
X-Varnish-Cache-Hits
X-VWS-Id
X-Redis-Cache
X-Labrador-Cache-Channel
X-PHP-Host
X-PHP-Backend
X-Origin-Date
Mn-Server-Ip
TWC-GeoIP-Country
X-LJ-Flow-ID
X-Region
X-AWS-Id
X-Cluster-Node
X-Via-Fastly
Property-Id
Apigw-Requestid
X-Request-Time
Fastly-SSL
X-Format
X-Origin-Hint
TWC-Connection-Speed
X-Mode
X-Content-Age
X-ProxyCache-Key
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-SiteName
X-ProxyCache-Status
X-Cms-Context
X-Site-Version
X-Say-TTL
X-Say-Cacheable
Azure-Version
X-Content-Powered-By
Eomportal-Instance
X-Locale
X-Human
Locale
X-Nginx-Cache-Key
X-PERF
X-Debug-Cache
X-Forwarded-Host
X-Generated-By
X-Platform-Server
X-Storage
X-SayCDN-TTL
X-Urbn-Context-Path
X-Adobe-Source
X-Alternate-Cache-Key
X-Urbn-Site-Id
X-Uri
X-ApacheServer
X-Xfnlog-Site
X-Cache-Host
X-BYPASS-REASON
X-VC-Cache
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Cache-Tags
X-Shopify-Stage
X-ShardId
X-ShopId
X-Extlb
X-Zipkin-Id
X-JoinUs
X-SaId
X-Hl-Ver
X-GeoCountry
X-GeoCode
X-Proxied
X-Varnishpool
X-Routing-Service
X-GG-Cache-Date
X-ServerID
X-NewRelic-App-Data
X-Tid
X-Cache-Type
X-Web-Node
X-Handled-By
X-Backend-Name
X-Detected-As
Cache-Tv-Group
X-Storefront-Renderer-Rendered
X-Dc
X-Edge-Location
Selected-Fe
X-Proxy-Build
X-Proto
X-Timing-Wait
Ec-Rule-Version
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-Cache
CDN-RequestId
CDN-CachedAt
CDN-PullZone
CDN-Uid
ServedBy
Webserver
X-Cache-Action
X-App-Version
Fastly-Drupal-Html
Web-Mar-Node
X-Ratelimit-Limit
X-CDN-Forward
X-LSADC-Cache
Onion-Location
X-GEO
SRV
X-Parallel-Accel
X-Varnish-Hostname
X-Cached-By
X-IPLB-Request-ID
Cache-Hits
X-Hyper-Cache
X-Magnolia-Registration
X-Fastcgi-Cache
X-Cache-Remote
X-Cluster
X-Cdn
X-Cache-Operation
SID
Mime-Version
X-Rewrite-Enabled
X-Rule
X-Air-Hostname
X-Soup
X-Air-Source
X-Envoy-Decorator-Operation
X-Air-Trace-Id
X-Tt-Logid
X-Origin-TTL
X-Origin-CC
X-Varnish-Hits
Xserver
LB
X-Pubstack
X-SRV
Xet-Cookie
X-Accel-Buffering
X-Reqid
X-Microcachable
X-TT-LOGID
X-Xrds-Location
Cache
Country-Code
Server-Info
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
DB-Nickname
X-Tumblr-Pixel-2
Source
X-CSRF-Token
X-Buckets
X-TA-CDN-Provider
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Request-Host
X-Via-NSCOPI
X-Tx-Id
X-Origin-Response-Time
X-Endurance-Cache-Level
Lang
X-Epic-Correlation-Id
Host-ID
Meta-Geo-Continent
X-Ftr-Request-Id
X-Vdms-Path
Odigeo-Trace-Id
NM-Fastcgi-Cache
Mobile-Detection-Method
X-VG-WebCache
MD5-Digest
X-Vdms-Version
X-Ec-GeoHdr
Cmstype
BehaviorPad-Version
X-Vtex-Remote-Cache
Cache-Key
A
X-Skip-Cache
X-Forwarded-Path
Xc-Version
Candidate-Md5Url
X-Vtex-Processado-Em
DCR-Decision-By
DCR-Processing-Time-Ms
Expiry
Cmsid
Pramga
Cdncip
Cdnsip
Fastcgi-X-Cache-Version
X-SRCache-Key
X-BCube-Filmed-By
X-Cache-NE
X-Cdn-Srv
X-CF-Lambda-Fn
X-B-Cookie
X-ARC
X-S-Cookie
X-AK-Request-ID
X-S
X-Application
X-CF-Lambda-Version
X-Conf
X-Destination
X-Ig-Push-State
X-Orig-Expires
X-NAPM-TraceId
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Rojux
X-Connection-Hash
X-Processor
X-Aed
X-A-Wwc
Surrogated-Key
T-Server
X-D
X-Shop-Environment
Sslversion
Rendered-Blocks
X-Ec-Fail
X-TrackingId
X-TIM-N
X-Tenant
X-A
X-Session-Fingerprint
X-ScT
X-Hash
X-A-Dcw
X-A-Dgt
X-SD-PageType
X-External-Request-Id
X-Geo-Header
X-Developer
X-A-Ccd
X-User
X-A-Dam
X-Newrelic-Synthetics
Datacenter
X-B3-SpanId
DynaTrace
X-Ms-Version
X-Ms-Request-Id
X-Cache-Status-Check
X-Time
X-Developers
X-Device-Os
Platform
X-DefHash
X-DefElseHash
Environment
X-Bc-Bl
Server-Host
X-DPWN-IS-SECURE
X-Sigma
Wxu-Next-Commit
X-SVT-ORM-VERSION
X-Varnish-Ttl
Producers
X-Variation
X-Esi-Check
X-Cache-Backend
Memcached
X-Varnish-CookieHashed-On
X-Ckpd-Fst-Backend
X-Cache-Id
X-Origin-Time
X-Scheme
X-CacheTTL
Kp-EeAlive
Is-Eu
X-Varnish-Remaining-TTL
X-Amzn-Remapped-Content-Length
X-Nyt-Route
X-Varnish-CookieINHashed-On
X-Core-Value
X-SB
X-Core-Mission
X-NodeID
X-Sigma-Backend
X-Rocket-Build-Number
X-HS-Content-Campaign-Id
X-GeoIP
Wxu-Next-Region
X-Worker
X-Ad-Defer-Variation
X-TNCMS
Mail-Subject
XM
X-SVT-ORM-RULES
X-SplitTest
X-Has-Esi
X-Gzip
We-Hiring
X-Wix-Viewer-Type
State
X-Origin
X-JWT-State
Adler-Geo
X-Fetched-On
X-Loop
AKAMAI
Wxu-Next-Hostname
X-Azure-Ref
X-Origin-Expires
X-V-Cache
X-Irp-Debug
X-Is-Gdpr
X-Gdpr
X-NCache
X-RCS-CacheZone
Web-Mar-Region
X-Pod-Name
X-Cache-Date
X-Branch-Name
X-Aicache-OS
X-Auto-Login
X-SIPLIST1
X-Cache-Info
X-BBC-Edge-Cache-Status
X-Served-From
X-Platform
X-Sn-Servicetimems
X-Slack-Backend
X-Block-Status
X-Cache-Bucket
X-Datadog-Trace-Id
X-GeoIP-City
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Generated-On
X-Gen-Mode
X-Request-URI
X-Region-Sid
X-Gamma-Serve
X-Loc
X-HN
X-Level-Front-Cache
X-Qloud-Router
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-LAGOON
X-Hnp-Log
X-RateLimit-Remaining-Second
X-Forwarded-Site
X-Fmm-Version
Vix-Hermes-Req-Id
X-Node-Id
X-Policy
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-CGP
X-Clara-WADP
X-Csrf-Jwt
X-Pool
X-Dispatcher-Number
X-Eu-Site
X-Fastly-Cache
X-Rocket-Nginx-Serving-Static
X-Minions-Version
X-Mvc-Supplant-Cachable
HostName
X-Ec-Custom-Error
X-Cdn-Origin
X-Thinkindot-L3
L5d-Success-Class
Apple-News-Services-Host
L
IsBot
HA-Ipaddr
Ohc-File-Size
Machine
Apple-News-Services-Handled
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Varnish-Beresp-Grace
NGX
X-WADP-Cache
N-Cache
Apple-News-Services-Parsed-Url
Ha-Gx-Prefs
X-Viewer-Country
CDCHOST
V-Age
X-Via-Ucdn
CloudFront-Viewer-Country
X-VG-TLSProxy
X-VServer
Fastcgi-Cache-TTL
X-VarnishDD-TTL
Gh-Request-Id
Fastly-SWR
Fastly-SIE
Apple-News-Services-Request-Url
Fastly-GeoIP-CountryCode
Cluster
Origin
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Svr
Redirect-Candidate
Origin-CC
Ssr
X-ZONE
TDXMobile
X-Proxy-Cache-Info
User-Cache-Control
Traceparent
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Planisys-CDN-Cache
Sever-Int
PFcat
CPC-Cache
CPC-Age
Origin-EX
X-AIR-PT
Server-Hostname
VNS-Age
Server-Ext
Release
VNS-Cache
Req-Svc-Chain
X-Correlation-ID
Cache-Name
Fastly-Backend-Name
X-R9-Blue-Green-Version
X-WA-Info
X-Httpd
DSUID
X-Optimistic-Header
X-Owner
X-Server-IP
X-Scale
GEO-INFO
CDN
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Refresh
Pics-Label
X-EC-Lua
X-Micro-Cache
X-CS
X-VC
X-CACHE-KEY
X-Ah-Environment
X-Webstats-RespID
X-From
Path
X-Cache-ASPX
X-Parent-Response-Time
X-Contensis-Viewer-Groups
Ms-Author-Via
X-Edge-Pop
X-Srv
X-LB-NoCache
Cache-Host
Ngx.Var.Host
X-Location
Servername
X-Varnish-Authentication
X-NC
X-Tb-Optimization-Total-Bytes-Saved
X-RateLimit-Reset
X-Servedbyhost
Locid
Env
X-Mvc-Supplant-OutputCached
XkeyRZ
X-Proxy-CacheRZ
Lb
X-TIME
X-Udemy-Cache-App-Namespace
X-Via-Poph
X-Amz-Meta-Cb-Modifiedtime
X-Via-Popn
X-Response-By
X-Varnish-Beresp-TTL
X-Generated-In
Arc-Country
X-Via-Popv
X-TraceId
X-Men
Ohc-Cache-HIT
X-Old-Content-Length
X-Clientip
ITXSESSIONID
X-API-Version
Time
Memory
X-Akamai-Transformed
AMP-Access-Control-Allow-Source-Origin
X-Accel-Expires-Debug
Client
X-HA-Backend
GeoIp-Country-Code
X-S-Maxage
X-DW
X-DSS
X-RPM
X-RSL
X-DI
X-Date
X-DB
X-RPS
True-Client-IP
X-Vc
X-Cs
X-VHOST
X-TRACE-ID
Geoip-Latitude
X-VCL-Version
X-Trace-ID
X-GeoIP-Country-Code
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-GeoIP-Region-Code
Server-ID
X-Dmc
X-URL
FSS-Cache
Hostname
X-Render-Time
X-Cache-Debug
X-Presslabs-Stats
X-MSEdge-Features
X-MSEdge-Flight
X-Fpc
X-Api-Version
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-DynaTrace-JS-Agent
X-Zone
X-DC
X-INCAP-ABP
X-FireWall-Port
X-Gateway-Request-Id
X-Gateway-Cache-Key
CacheControlHeader
Powered-By
X-Gateway-Cache-Status
X-Webkit-Csp-Report-Only
X-Service
NtCoent-Length
X-Gateway-Skip-Cache
C-Via
Rip
X-TX-ID
X-M-Reqid
Tube-Got-Results
X-TH-Server
Tube-Return
X-B3-Spanid
True-Client-Country-4JS
X-Qnm-Cache
X-Action
Tube-Get-Contents
Click-Count-Error
X-PX
HIT
Click-Count-Action-Start
Tube-Got-Eval
X-M-Log
X-Traceid
X-Backend-TTL
On-Server
Test
Tcn
Esi-Enabled
X-NGINX-Cache
X-HS-Status
X-Cdn-Request-ID
Edge-Cache
X-Alfa-Service
X-CSRF-TOKEN
X-FPC
Cdn
X-Pass-Why
X-Beluga-Trace
X-Beluga-Record
X-Req
User-Agent
Geo-Info
X-Beluga-Cache-Status
X-Check-Cacheable
Server-Id
X-Vcl-Version
X-Beluga-Node
OT-Force-Account-Verify
X-Beluga-Response-Time
X-Beluga-Status
X-Akamai-Pragma-Client-IP
X-Origin-Upstream-Status
X-Proxy-Cache-Hk
GeoIP-Country-Code
X-Edge-Origin-Shield-Bytes
X-Edge-Origin-Shield-Region
My-App
Uri
GeoIP-Latitude
Resin-Trace
X-Via-PopV
Srv
Proxy-Connection
Srvid
Cf-Int-Pingora-Origin-Digest
X-Via-PopN
X-Ha-Backend
X-Via-PopH
X-CLOUD-TRACE-CONTEXT
MIME-Version
X-Up
Sid
X-APP
M-TraceId
X-Webkit-CSP-Report-Only
Epwk-X-Cache
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Provided-By
X-Varnish-Beresp-Ttl
X-App
X-LB-ID
DT-Hot-News
X-ServedByHost
X-Cdn-Forward
WebServer
X-Fastly-Backend-Reqs
X-Backend-Host
ENV
X-LI-Proto
Server-Ttl
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Esi
Warning
X-UnsetCookies
X-Geo
X-Nc
X-RAMCache
X-Thanos
True-Client-Ip
X-Bip
X-Fetch-By
X-Lb-Nocache
XServer
X-B3-Traceid-Primal
ServerName
X-Edge-POP
X-HostName
X-Akamai-Request-ID
PICS-Label
X-CF-Powered-By
WZWS-RAY
X-Newrelic-App-Data
X-ElasticPress-Query
X-Vercel-Cache
X-HITS
CF-Cached-On
X-Vercel-Id
X-ND-Cache
Section-Io-Id
Section-Io-Origin-Status
X-Time-Microsecs
X-Request-Url
X-Request-Start
X-Serial
X-Yottaa-OS
Section-Io-Origin-Time-Seconds
X-Dw-Trace-Id
Section-Origin-Responded
Fastly-Drupal-HTML
X-LiteSpeed-Cache-Control
DataCenter
Cf-Device-Type
Inserted-Into-Cache-At
X-CUA
X-Iplb-Instance
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Cc-Via
X-Vcache
Dt-Hot-News
D-Url-Rewrites
X-Iplb-Request-Id
Cdn-Uid
Cdn-Requestid
Cdn-Requestcountrycode
Servedby
Wp-Super-Cache
Cdn-Pullzone
Cdn-Cachedat
Cdn-Edgestorageid
Cdn-Cache
X-Snapshot-Date
Magicmarker
Vha6-Origin
X-Wp-Cf-Super-Cache-Cache-Control
X-LiteSpeed-Tag
X-MiniProfiler-Ids
X-Request-URL
Content-Script-Type
X-Sucuri-Cache
Content-Style-Type
X-Back
X-Th-Server
X-Sucuri-ID
CountryCode
X-BBC-Origin-Response-Status
X-Dist-Code
X-Azure-Ref-OriginShield
X-Var-Ttl
X-Platform-Router
X-Platform-Processor
Tracecode
X-ATG-Version
Target-Params
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Fastly-Backend
X-Release
X-Platform-Cluster
X-Storefront-Renderer-Verified
X-Fragments
X-FC-Vary-Parameters
X-Wp-Cf-Super-Cache