Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Accept-Ranges
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
Access-Control-Allow-Origin
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
EagleId
Keep-Alive
Request-Context
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
X-Proxy-Cache
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
X-Dispatcher
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Cache-Spec
X-Device
X-WebKit-CSP
Allow
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Aws-Lambda-Call-Status
X-CST
Surrogate-Control
X-Backend-Server
Request-Id
X-Server-Id
Accept-CH
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Cf-Edge-Cache
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-Trace
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Vname
X-PC
X-TtlSet
X-MS-InvokeApp
X-Rack-Cache
X-Varnish-TTL
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-ESI
X-Content-Type
X-VARITI-CCR
X-B3-TraceId
Accept-Ch
Cache-Tag
X-Vcap-Request-Id
X-Amz-Rid
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Ac
X-Cnection
X-Dw-Request-Base-Id
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Px
X-RateLimit-Remaining
X-Element-Page-Cache
X-D2id
Verso
X-Navigation-Version
X-Client-IP
X-Abt-Application-Version
X-Cache-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
Display
X-Middleton-Display
X-Sol
X-Ser
Pagespeed
X-Version
X-Edge
X-Country-Code
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Middleton-Response
Response
X-FastCGI-Cache
Access-Control-Request-Method
X-NF-Request-ID
X-Goog-Hash
X-Correlation-Id
X-Ruxit-Js-Agent
AR-ATIME
AR-SID
X-Kinsta-Cache
AR-CACHE
AR-Request-ID
AR-PoweredBy
X-Upstream
X-Webkit-Csp
X-TTL
X-Edge-Location-Klb
SPRequestDuration
X-Ttl
SPIisLatency
X-RateLimit-Limit
X-NWS-LOG-UUID
X-LLID
X-Cached
X-Cache-Key
X-Powered-CMS
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Litespeed-Cache
Nginx-Cache
Edge-Cache-Tag
TCN
SPRequestGuid
X-SharePointHealthScore
X-Forwarded-For
Mrf-Cache-Status
MRF-Tech
MS-Author-Via
X-MSEdge-Ref
Content-MD5
X-Id
X-Shield-Request-Id
X-T
X-Content-Security-Policy-Report-Only
X-B3-TraceId-Primal
X-Daa-Tunnel
X-Server-ID
X-Recruiting
X-DataDome
S
X-Mg-S
X-Ua-Device
X-Content-Digest
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Protected-By
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-SRCache-Store-Status
X-Frontend
X-SRCache-Fetch-Status
MicrosoftSharePointTeamServices
X-HS-Content-Id
X-Ua-Browser
X-Ezoic-Cdn
X-HS-Hub-Id
X-HS-Cache-Config
X-Ab
X-Content
Server-Node
X-HS-Combine-CSS
Front-End-Https
X-Yandex-Sdch-Disable
X-Request-Received
X-Request-Processing-Time
X-Accel-Expires
X-Grace
Filters
Fastcgi-Cache
X-Mid
X-PressLabs-Stats
X-ECACHE
X-Hits
X-Geo-Country
X-ORACLE-DMS-ECID
X-Distributor
X-Origin-Server
TP-L2-Cache
TP-Cache
X-ORACLE-DMS-RID
X-Debug-Info
Pinterest-Generated-By
Pinterest-Version
X-DynaTrace
X-Pinterest-Rid
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Amzn-Trace-Id
Charset
Host
X-B3-Sampled
X-DIS-Request-ID
X-Page-Id
Cleartype
X-Git-Hash
X-Ratelimit-Reset
X-F-Cache
Cross-Origin-Opener-Policy
X-Www-Served-By
X-LB-Cache
X-Forwarded-Proto
X-Microsite
X-Request-Handler-Origin-Region
Access-Control-Allow-Method
X-Cache-Age
Cache-Tags
ServerID
X-Seen-By
X-Aspnetmvc-Version
X-Az
X-Oracle-Dms-Ecid
X-Cluster-Name
X-AppVersion
X-Activity-Id
X-Kong-Proxy-Latency
X-Oracle-Dms-Rid
X-Kong-Upstream-Latency
X-Varnish-Age
Cache-Status
X-Language
Accept-Charset
Server-Name
Realpath
X-Rid
X-Type
Filterid
X-Content-Options
X-Fastcgi-Cache
X-App-Environment
X-WebKit-CSP-Report-Only
X-Mobile-URL
X-VCache
X-Varnish-Grace
X-Upgrade-Enabled
Node
X-Origin-Cache
X-Nginx-Upstream-Cache-Status
X-FB-Debug
X-Fastly-Request-ID
X-Tb
X-MCACHE
Country
X-Wix-Request-Id
X-Request-Guid
X-Whom
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Route-Name
X-Is-Crawler
X-NWS-UUID-VERIFY
X-Flags
X-User-Agent
Viewport
X-TT
X-Via-JSL
X-Drupal-Cache-Tags
X-Signature
X-B-Cache
Protected
Paypal-Debug-Id
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
DC
Retry-After
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Varnish-Backend
Fastcgi-Useragent
X-XRDS-LOCATION
X-Cache-NGX
X-B
X-Amz-Replication-Status
Payment
X-Contextid
X-Debug
X-Logged-In
X-Webkit-CSP
X-N
X-Load-Cache
WPO-Cache-Status
WPO-Cache-Message
X-Template
X-FW-Static
X-FW-Type
Amp-Access-Control-Allow-Source-Origin
X-FW-Server
X-FW-Serve
X-FW-Dynamic
Surrogate-Key
X-FW-Hash
X-Fastly-Request-Id
X-Mcache
X-Cache-Control
X-Node-Name
X-Hostname
X-XRDS-Location
Count-Hit
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Amz-Meta-S3cmd-Attrs
X-Response-Served-From
SD-X-WS
Healthy
Akamai-GRN
X-Original-Request-Id
X-Proxy
X-Jobs
X-UUID
X-Revision
X-Real-IP
Content-Disposition
X-Cache-TTL-Remaining
VIX-Pulpo-Upstream-Status
Refresh
X-Zen-Fury
X-Akamai-Request-ID2
VIX-Pulpo-Node
Uber-Trace-Id
X-G
X-Is-Bot
X-Cacheable-TTL
X-Rendered-As
X-Parallel-Accel
X-Cache-Time
X-Framework
X-Http-Reason
X-Page-View
X-Mobile
X-Adobe-Loc
X-Device-Type
X-Debug-IsConnected
X-Adobe-Content
Alternate-Protocol
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Debug-IsPreview
X-Drupal-Cache-Contexts
Access-Control-Request-Headers
X-Trace-Id
X-Instance
X-Proxy-Cache-Status
X-IPLB-Instance
NGB
Url
Permissions-Policy
X-ECache
From-Origin
X-Servername
X-Cache-Rule
X-Source
X-B3-Traceid
X-Vgn-Hpd-Reason
Version
X-Cache-Grace
X-Varnish-Server
X-Oneagent-Js-Injection
Accept-Language
X-Cache-Expired-At
X-L-Path
X-Environment-Context
X-Mg-Request-UUID
X-Cache-Hit
Referer-Policy
X-EdgeConnect-Cache-Status
X-Restarts
X-NGENIX-Cache
Countrycode
X-RTag
Ms-Operation-Id
MS-CV
X-App-Server
X-FW-Version
Cross-Origin-Window-Policy
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cache-Action
X-Tumblr-Pixel-1
X-Tumblr-User
X-IPS-LoggedIn
Backend
X-HTML-Minification-Powered-By
X-NYM-Debug-Backend
X-COUNTRY
Frame-Options
Liferay-Portal
X-RemovedCookies
X-Nginx-Cache
X-ProcessESI
WP-Super-Cache
CF-IPCountry
Section-Io-Cache
X-Hyper-Cache
X-Access
X-Cache-Server
X-Format
Upgrade-Insecure-Requests
X-RN-RSRV
X-OCL
X-Section
Meta-Geo
X-PCL
X-Redis-Cache
X-UPSTREAM-Address
X-ApacheServer
X-Ratelimit-Remaining
Mn-Server-Ip
X-Detected-As
Cache-Tv-Group
X-Cache-Enabled
Ec-Rule-Version
X-FB-TRIP-ID
X-Region
Apigw-Requestid
X-Content-Age
X-PERF
X-No-Session
X-Generation-Time
Content-Secure-Policy
Property-Id
S-Rt
X-Varnish-Cache-Hits
X-Via-Fastly
TWC-Connection-Speed
X-Uri
X-Xfnlog-Site
X-UA-Device-Type
X-Web-Node
X-Sql-Count
X-Origin-Hint
X-Origin-Date
X-PHP-Backend
X-Request-Time
X-Say-TTL
X-Say-Cacheable
X-Human
Webcakes-App-Version
X-Cluster-Node
X-Be
X-AOL-HN
X-Generated-By
X-Hosted-By
Webcakes-Region
X-SayCDN-TTL
X-Site-Version
X-Ua
X-Storage
Locale
Fastly-SSL
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Status
X-Sql-Duration-Ms
TWC-Privacy
Webcakes-App-Name
TWC-Locale-Group
X-Urbn-Site-Id
X-Urbn-Context-Path
TWC-Device-Class
X-Akamai-Edgescape
X-Rule
X-Mode
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
X-ProxyCache-Key
X-Nginx-Cache-Key
X-Cache-Tags
X-BYPASS-REASON
Webserver
X-Cache-Type
X-Content-Powered-By
Azure-Version
Eomportal-Instance
X-Debug-Cache
X-Platform-Server
X-ProxyCache-Status
Azure-InstanceId
Azure-SlotName
Azure-RegionName
X-Server-W
Azure-SiteName
X-Forwarded-Host
X-Unique-Id
X-Hl-Ver
X-JoinUs
X-Sorting-Hat-ShopId
X-Adobe-Source
X-Tid
X-Zipkin-Id
X-Cache-Host
X-Varnishpool
X-Extlb
X-Sorting-Hat-PodId
X-Backend-Name
X-ServerID
X-SaId
X-Routing-Service
X-Alternate-Cache-Key
X-ShardId
X-Proxied
X-Shopify-Stage
X-ShopId
X-Handled-By
X-Timing-Wait
X-Proxy-Build
X-TT-LOGID
Selected-Fe
ServedBy
X-Cache-Operation
X-Accel-Buffering
X-GG-Cache-Date
X-APP-VERSION
X-Labrador-Cache-Channel
X-PHP-Host
X-Locale
X-Cache-Remote
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
Xserver
X-App-Version
X-LSADC-Cache
X-Rewrite-Enabled
X-NewRelic-App-Data
X-VC-Cache
X-CDN-Forward
X-Cached-By
SID
X-Soup
SRV
X-Dc
X-Proto
X-Buckets
X-Edge-Location
X-Pubstack
Fastly-Drupal-Html
Mime-Version
Web-Mar-Node
LB
X-Datadome
X-TA-CDN-Provider
X-Storefront-Renderer-Rendered
X-Reqid
X-Cms-Context
X-GEO
Country-Code
X-Request-Host
Onion-Location
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Microcachable
X-Ratelimit-Limit
X-Varnish-Hostname
Server-Info
X-Origin-CC
X-Midtier
X-Origin-TTL
X-GeoCountry
Cache-Hits
X-GeoCode
Load-Balancing
X-Ms-Request-Id
X-Ms-Version
X-Cluster
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Xet-Cookie
X-MP-GENERATED-AT
X-NCache
X-B3-SpanId
X-Varnish-Hits
X-CSRF-Token
X-RCS-CacheZone
X-Bc-Bl
DynaTrace
X-Air-Source
X-Envoy-Decorator-Operation
X-Air-Hostname
X-Air-Trace-Id
X-Tx-Id
X-Origin-Response-Time
X-Varnish-Beresp-Grace
X-Endurance-Cache-Level
X-Magnolia-Registration
Cache-Name
X-R9-Blue-Green-Version
Wxu-Next-Hostname
DB-Nickname
Rendered-Blocks
Sslversion
Wxu-Next-Commit
Cmstype
Surrogated-Key
T-Server
Apple-News-Services-Host
DCR-Decision-By
Lang
Cmsid
Meta-Geo-Continent
Cdnsip
Apple-News-Services-Handled
Fastcgi-X-Cache-Version
Host-ID
Expiry
A
DCR-Processing-Time-Ms
NM-Fastcgi-Cache
Odigeo-Trace-Id
Apple-News-Services-Parsed-Url
Cdncip
Apple-News-Services-Request-Url
BehaviorPad-Version
Mobile-Detection-Method
Pramga
X-Developers
X-Processor
X-PBS-Appsvrname
X-Rojux
X-S
X-ScT
X-S-Cookie
X-PAYTM-SRV-ID
X-Orig-Expires
X-HS-Content-Campaign-Id
X-Hash
X-Ig-Push-State
X-LAGOON
X-NodeID
X-NAPM-TraceId
X-SD-PageType
X-Session-Fingerprint
X-VG-WebCache
X-Vdms-Version
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Webstats-RespID
X-Vdms-Path
X-User
X-SRCache-Key
X-Shop-Environment
X-Tenant
X-TIM-N
X-TrackingId
X-Gzip
X-Geo-Header
X-ARC
X-Application
X-B-Cookie
X-Cache-Id
X-Cdn-Srv
X-Cache-NE
X-AK-Request-ID
X-Aed
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Wwc
X-A-Dgt
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Esi-Check
X-Epic-Correlation-Id
X-External-Request-Id
X-Forwarded-Path
X-Ftr-Request-Id
X-From
X-Ec-GeoHdr
X-Ec-Fail
X-Connection-Hash
X-Conf
X-D
X-Destination
X-Developer
Wxu-Next-Region
X-Cache-Bucket
X-Azure-Ref
X-Time
X-SRV
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Via-NSCOPI
X-Scheme
X-Gen-Mode
X-Gdpr
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Server-IP
X-Fetched-On
Memcached
Machine
Vix-Hermes-Req-Id
Is-Eu
X-Rocket-Build-Number
V-Age
User-Cache-Control
Locid
X-SB
X-Planisys-CDN-Cache
X-Fmm-Version
X-Origin-Time
X-Hnp-Log
X-Has-Esi
X-Location
X-JWT-State
X-Is-Gdpr
Svr
X-Irp-Debug
State
Server-Host
X-Loop
Platform
X-GeoIP
X-Origin
X-Nyt-Route
Producers
X-Men
X-Mvc-Supplant-Cachable
X-Node-Id
X-Origin-Expires
X-Fastly-Cache
X-Worker
X-DefElseHash
AKAMAI
X-Wix-Viewer-Type
X-WADP-Cache
X-Varnish-Remaining-TTL
X-VG-TLSProxy
Fastly-GeoIP-CountryCode
Adler-Geo
Source
X-Cache-Info
X-Request-URI
X-Block-Status
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Core-Value
X-Core-Mission
X-Varnish-CookieINHashed-On
X-DefHash
X-Slack-Backend
X-DPWN-IS-SECURE
X-SVT-ORM-RULES
Environment
X-Ec-Custom-Error
X-Sigma
X-Sigma-Backend
X-Device-Os
X-SVT-ORM-VERSION
X-V-Cache
X-TNCMS
X-Variation
X-Varnish-CookieHashed-On
X-ZONE
X-Cdn-Origin
X-Cache-Date
X-Branch-Name
X-Cache-Backend
X-Forwarded-Site
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Generated-On
X-GeoIP-City
X-Datadog-Trace-Id
X-Gamma-Serve
X-Pod-Name
HA-Ipaddr
L5d-Success-Class
PFcat
Ha-Gx-Prefs
CDCHOST
X-Viewer-Country
X-VServer
X-CGP
X-Csrf-Jwt
X-VarnishDD-TTL
L
MD5-Digest
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Eu-Site
X-HN
X-Thinkindot-L3
X-Sn-Servicetimems
X-BBC-Edge-Cache-Status
X-Pool
X-Qloud-Router
X-Platform
X-Old-Content-Length
X-Loc
X-Minions-Version
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
HostName
X-Skip-Cache
X-Served-From
X-Rocket-Nginx-Serving-Static
X-Region-Sid
X-Response-By
X-Level-Front-Cache
X-Policy
Thinkindot-CacheControl-Type
Thinkindot-Control
Traceparent
Thinkindot-CacheControl
Gh-Request-Id
CloudFront-Viewer-Country
Kp-EeAlive
Fastly-SWR
Fastly-SIE
Arc-Country
Cache
Redirect-Candidate
Web-Mar-Region
Fastcgi-Cache-TTL
We-Hiring
X-Aicache-OS
TDXMobile
Origin
N-Cache
X-Auto-Login
Req-Svc-Chain
Origin-CC
X-Amzn-Remapped-Content-Length
Origin-EX
Mail-Subject
Release
Ssr
X-Tec-Api-Origin
X-Tec-Api-Version
CDN
X-Srv
X-Tec-Api-Root
X-Xrds-Location
X-Parent-Response-Time
DSUID
X-Optimistic-Header
X-RPS
X-Proxy-Upstream
X-CS
X-Proxy-Cache-Info
NGX
X-Httpd
X-RPM
X-RSL
Cluster
X-DI
X-CacheTTL
X-DB
X-DSS
X-Dispatcher-Number
X-DW
IsBot
Server-Ext
X-TraceId
X-Accel-Expires-Debug
Server-Hostname
X-Owner
X-EC-Lua
X-Scale
X-Refresh
X-SIPLIST1
Sever-Int
Pics-Label
X-WP-CF-Super-Cache
X-VC
X-WP-CF-Super-Cache-Cache-Control
X-Date
X-Tb-Optimization-Total-Bytes-Saved
X-NC
X-GeoIP-Country-Code
X-LB-NoCache
Time
Memory
Env
X-Tt-Logid
X-GeoIP-Region-Code
Servername
X-Ah-Environment
X-Via-Ucdn
X-Akamai-Transformed
X-TIME
Ms-Author-Via
AMP-Access-Control-Allow-Source-Origin
GEO-INFO
X-Udemy-Cache-App-Namespace
X-IPLB-Request-ID
X-Mvc-Supplant-OutputCached
Ohc-File-Size
X-RateLimit-Reset
X-Cache-Debug
X-Edge-Pop
X-Newrelic-Synthetics
X-Wikidot-Backend
X-Ad-Defer-Variation
Cache-Key
Candidate-Md5Url
X-Wikidot-Static-Cache
X-BCube-Filmed-By
X-API-Version
X-Varnish-Ttl
Geo-Info
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
CPC-Cache
VNS-Age
CPC-Age
X-Amz-Meta-Cb-Modifiedtime
VNS-Cache
X-Servedbyhost
X-Via-Popn
XM
X-SplitTest
CacheControlHeader
X-Via-Popv
X-Via-Poph
X-Generated-In
Datacenter
X-HA-Backend
X-WA-Info
True-Client-Country-4JS
X-Action
GeoIp-Country-Code
X-TH-Server
X-S-Maxage
X-Contensis-Viewer-Groups
ITXSESSIONID
X-Cache-ASPX
Fastly-Backend-Name
X-Cache-Status-Check
X-DC
X-Varnish-Authentication
X-Micro-Cache
X-Backend-TTL
Client
Path
X-VCL-Version
FSS-Cache
X-Vc
Geoip-Latitude
X-AIR-PT
Server-ID
X-CACHE-KEY
X-Varnish-Beresp-TTL
X-VHOST
Cache-Host
Edge-Cache
X-Trace-ID
X-Req
X-Provided-By
X-Cs
My-App
Hostname
X-Presslabs-Stats
Ngx.Var.Host
Lb
Ohc-Cache-HIT
True-Client-IP
X-Zone
X-Fpc
X-Dynatrace
X-Origin-Upstream-Status
NtCoent-Length
X-Webkit-Csp-Report-Only
X-Proxy-CacheRZ
XkeyRZ
X-Up
X-Api-Version
X-Pass-Why
X-Clientip
X-FireWall-Port
X-TX-ID
DataCenter
X-Traceid
Powered-By
X-Webkit-CSP-Report-Only
X-PX
X-LB-ID
X-Cdn-Request-ID
Test
X-B3-Spanid
X-Varnish-Beresp-Ttl
X-FPC
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
X-Li-Pop
X-Li-Fabric
X-CSRF-TOKEN
X-LI-UUID
X-Correlation-ID
OT-Force-Account-Verify
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Node
WZWS-RAY
User-Agent
X-Beluga-Cache-Status
X-ND-Cache
X-Dmc
X-Beluga-Record
X-UnsetCookies
X-Beluga-Trace
X-CUA
Proxy-Connection
X-Time-Microsecs
X-MSEdge-Features
X-MSEdge-Flight
Server-Id
X-Vcl-Version
X-CLOUD-TRACE-CONTEXT
X-HS-Status
Srvid
X-RAMCache
C-Via
X-Platform-Router
Rip
X-Via-PopV
X-TRACE-ID
X-INCAP-ABP
X-URL
X-Platform-Cluster
Cf-Device-Type
X-Ha-Backend
X-Platform-Processor
X-Via-PopN
X-Via-PopH
Tracecode
X-Render-Time
X-Fragments
GeoIP-Country-Code
GeoIP-Latitude
Target-Params
X-B3-Traceid-Primal
X-Geo
X-Azure-Ref-OriginShield
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
X-ATG-Version
X-Gateway-Cache-Status
X-FC-Vary-Parameters
X-Sucuri-Cache
X-ServedByHost
Sid
X-Gateway-Request-Id
Uri
X-Gateway-Skip-Cache
X-Var-Ttl
X-Service
X-Fastly-Backend
X-Gateway-Cache-Key
Resin-Trace
Lfy
X-Sucuri-ID
Tube-Got-Eval
Tube-Got-Results
Tube-Get-Contents
Click-Count-Action-Start
Tube-Return
Click-Count-Error
MIME-Version
X-Alfa-Service
X-M-Log
X-M-Reqid
X-Qnm-Cache
Esi-Enabled
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Fetch-By
X-LI-Proto
Epwk-X-Cache
X-Proxy-Cache-Hk
Cdn
Fastly-Drupal-HTML
X-NU-AKA-ACS-Version
X-Li-Proto
X-Fastly-Backend-Reqs
Section-Io-Origin-Status
On-Server
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-DynaTrace-JS-Agent
Srv
HIT
X-Backend-Host
X-Varnish-Beresp-Status
Magicmarker
ENV
X-LiteSpeed-Cache-Control
X-Esi
X-Backend-State
XServer
X-App
X-Cdn-Forward
X-Cache-Expires
X-Edge-POP
X-Srcache-Fetch-Status
X-MG-S
X-Srcache-Store-Status
PICS-Label
X-Cache-CFC
X-Yottaa-OS
X-APP
Tcn
X-Lb-Nocache
Server-Ttl
ServerName
X-Nc
X-Newrelic-App-Data
X-ElasticPress-Query
X-Request-Start
CF-Cached-On
D-Url-Rewrites
X-Acquia-Application-Trace
X-Thanos
X-Bip
X-Acquia-Application-UUID
Cf-Ipcountry
X-Iplb-Request-Id
X-Iplb-Instance
X-Acquia-Purge-Tags
X-Acquia-Site
Inserted-Into-Cache-At
Wpo-Cache-Status
X-BBC-Origin-Response-Status
Wpo-Cache-Message
X-Serial
Servedby
X-HostName
Warning
X-Swift-Error
X-Vercel-Id
X-Vercel-Cache
X-Shopify-Generated-Cart-Token
True-Client-Ip
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-LiteSpeed-Tag
X-IN-APIGATEWAY
X-Release
X-Storefront-Renderer-Verified
X-CF-Powered-By
CountryCode
X-Th-Server
Content-Style-Type
X-Back
X-Dw-Trace-Id
X-Dist-Code
X-Request-Url
X-Akamai-Request-ID
X-IN-APIGATEWAYSSL
Content-Script-Type
X-Litespeed-Cache-Control
X-Request-URL
X-Snapshot-Date
Ngx
Cneonction
X-B3-Parentspanid