Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Accept-Ranges
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Report-To
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
P3p
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
EagleId
Keep-Alive
Request-Context
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
X-Rq
Grace
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Vhost
X-Amz-Version-Id
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
X-Dispatcher
X-Akamai-Path-Stats
EagleEye-TraceId
X-WebKit-CSP
X-Nginx-Cache-Status
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Cache-Spec
X-Device
Cf-Railgun
X-Page-Speed
Allow
X-Host
X-Node
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
X-CST
Surrogate-Control
X-Backend-Server
Request-Id
Accept-CH
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
X-Cloud-Trace-Context
Accept-CH-Lifetime
Rating
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Cf-Edge-Cache
X-Url
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-MS-InvokeApp
X-Rack-Cache
X-Server-Name
X-Varnish-TTL
X-Clacks-Overhead
X-Ruxit-JS-Agent
Edge-Control
RTSS
X-Content-Type
X-ESI
X-B3-TraceId
X-VARITI-CCR
Accept-Ch
X-Vcap-Request-Id
Cache-Tag
X-Px
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Amz-Rid
X-Ac
Public-Key-Pins
X-Cnection
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Amz-Server-Side-Encryption
X-RateLimit-Remaining
X-D2id
Verso
X-Navigation-Version
X-Cache-TTL
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
Service-Worker-Allowed
X-Ruxit-Js-Agent
X-FastCGI-Cache
Display
X-Sol
Pagespeed
X-Middleton-Display
X-Ser
X-Version
X-GitHub-Request-Id
X-Country-Code
Arr-Disable-Session-Affinity
X-TTL
X-Edge
X-Middleton-Response
Response
X-NF-Request-ID
Access-Control-Request-Method
X-Goog-Hash
X-Correlation-Id
X-Upstream
AR-CACHE
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
X-Webkit-Csp
X-Kinsta-Cache
X-Edge-Location-Klb
SPIisLatency
SPRequestDuration
X-Cached
X-RateLimit-Limit
X-LLID
X-NWS-LOG-UUID
X-Cache-Key
Nginx-Cache
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Powered-CMS
X-Litespeed-Cache
Edge-Cache-Tag
MS-Author-Via
X-Ttl
X-Forwarded-For
Mrf-Cache-Status
MRF-Tech
X-SharePointHealthScore
SPRequestGuid
X-MSEdge-Ref
TCN
Content-MD5
X-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-B3-TraceId-Primal
X-T
X-Daa-Tunnel
X-Recruiting
X-Mg-S
S
X-Ua-Device
X-Content-Digest
X-Protected-By
X-HP-Trace-Id
X-HP-Webp
X-DataDome
X-Jurisdiction
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Ezoic-Cdn
X-Frontend
X-Content
X-HS-Cache-Config
X-Ua-Browser
X-Ab
X-HS-Hub-Id
X-Yandex-Sdch-Disable
X-HS-Content-Id
Server-Node
MicrosoftSharePointTeamServices
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
Front-End-Https
Filters
X-Grace
X-Accel-Expires
X-Server-ID
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-ECACHE
Fastcgi-Cache
X-Mid
X-Geo-Country
X-Hits
X-Pinterest-Rid
Pinterest-Version
X-PressLabs-Stats
X-Origin-Server
Pinterest-Generated-By
TP-L2-Cache
TP-Cache
X-Debug-Info
X-Distributor
X-Ratelimit-Reset
X-Amzn-Trace-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
Charset
Cleartype
X-Page-Id
Host
X-F-Cache
X-Git-Hash
X-Www-Served-By
X-B3-Sampled
X-DynaTrace
X-DIS-Request-ID
Cross-Origin-Opener-Policy
X-LB-Cache
X-Forwarded-Proto
Cache-Tags
ServerID
X-Cache-Age
Access-Control-Allow-Method
X-Seen-By
X-Microsite
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Request-Handler-Origin-Region
X-Aspnetmvc-Version
X-Language
X-Az
X-MCACHE
X-Cluster-Name
Server-Name
X-Activity-Id
X-AppVersion
Accept-Charset
X-Varnish-Age
X-WebKit-CSP-Report-Only
Realpath
Filterid
X-Type
X-Rid
Cache-Status
X-Content-Options
X-Mobile-URL
X-App-Environment
X-XRDS-LOCATION
X-Via-JSL
X-Origin-Cache
X-Oracle-Dms-Ecid
X-Upgrade-Enabled
X-Varnish-Grace
Node
X-Oracle-Dms-Rid
X-User-Agent
Country
Viewport
X-Tb
X-Wix-Request-Id
X-FB-Debug
X-Signature
DC
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-B-Cache
X-Aspnet-Duration-Ms
X-Drupal-Cache-Tags
X-Request-Guid
Paypal-Debug-Id
X-Flags
X-NWS-UUID-VERIFY
Protected
X-Whom
X-TT
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Nginx-Upstream-Cache-Status
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-VCache
Fastcgi-Useragent
Retry-After
X-Varnish-Backend
X-Fastly-Request-Id
X-Fastly-Request-ID
X-Cache-NGX
Payment
X-Contextid
X-B
X-Amz-Replication-Status
X-Fastcgi-Cache
X-Debug
X-Template
X-N
X-Logged-In
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
WPO-Cache-Status
WPO-Cache-Message
X-FW-Dynamic
X-FW-Hash
X-Load-Cache
Surrogate-Key
X-Hostname
X-Cache-Control
X-Parallel-Accel
X-XRDS-Location
X-Node-Name
Amp-Access-Control-Allow-Source-Origin
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
X-Trace-Id
Refresh
Akamai-GRN
X-Erf-Bev-Bev
X-Browser-Type
X-Proxy
X-Erf-Bev-Bev-Is-Generated
X-G
X-Amz-Meta-S3cmd-Attrs
X-Is-Bot
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Real-IP
Healthy
X-Zen-Fury
X-Mobile
X-Akamai-Request-ID2
Count-Hit
X-Revision
X-UUID
X-Rendered-As
X-Cache-Time
X-Http-Reason
X-Page-View
X-Cache-TTL-Remaining
X-Jobs
Uber-Trace-Id
X-Cacheable-TTL
NGB
X-Yottaa-Metrics
X-Framework
X-Drupal-Cache-Contexts
X-Device-Type
X-Debug-IsPreview
Content-Disposition
X-Debug-IsConnected
X-Instance
X-Yottaa-Optimizations
Alternate-Protocol
X-Adobe-Loc
X-Adobe-Content
X-Cache-Rule
X-Proxy-Cache-Status
X-IPLB-Instance
X-Vgn-Hpd-Reason
From-Origin
Access-Control-Request-Headers
X-Source
Url
X-B3-Traceid
X-Servername
X-Cache-Grace
Version
X-Cache-Expired-At
X-Oneagent-Js-Injection
X-Mcache
Accept-Language
Permissions-Policy
X-Varnish-Server
X-Cache-Hit
Referer-Policy
X-Environment-Context
X-L-Path
X-Mg-Request-UUID
X-EdgeConnect-Cache-Status
X-App-Server
X-FW-Version
Countrycode
X-Restarts
X-RTag
Ms-Operation-Id
MS-CV
X-Cache-Action
Cross-Origin-Window-Policy
X-NGENIX-Cache
X-ECache
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-IPS-LoggedIn
Backend
X-COUNTRY
X-NYM-Debug-Backend
X-ProcessESI
X-RemovedCookies
Liferay-Portal
X-Hyper-Cache
X-Nginx-Cache
Content-Secure-Policy
CF-IPCountry
X-HTML-Minification-Powered-By
Frame-Options
X-UPSTREAM-Address
WP-Super-Cache
X-OCL
X-Ratelimit-Remaining
Meta-Geo
X-RN-RSRV
X-Rule
Ec-Rule-Version
Upgrade-Insecure-Requests
X-Cache-Server
X-Redis-Cache
X-PCL
X-Content-Age
Section-Io-Cache
X-Detected-As
Apigw-Requestid
X-FB-TRIP-ID
X-Generation-Time
X-No-Session
X-Section
X-Format
X-Ua
X-Cache-Enabled
X-Access
X-Cluster-Node
X-Mode
X-Sql-Count
X-AOL-HN
S-Rt
X-Server-W
X-Akamai-Edgescape
X-Site-Version
X-Urbn-Site-Id
Cache-Tv-Group
X-UA-Device-Type
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-SiteName
X-Sql-Duration-Ms
X-Urbn-Context-Path
Mn-Server-Ip
Fastly-SSL
X-Via-Fastly
X-Varnish-Cache-Hits
X-Be
X-Uri
Locale
TWC-Connection-Speed
Property-Id
X-ApacheServer
X-Origin-Hint
X-Generated-By
X-Unique-Id
TWC-GeoIP-Country
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Request-Time
TWC-Device-Class
X-Hosted-By
Azure-Version
X-Say-TTL
X-SayCDN-TTL
X-Origin-Date
X-Say-Cacheable
X-PHP-Backend
X-PERF
X-ProxyCache-Status
X-ProxyCache-Key
CDN-EdgeStorageId
CDN-PullZone
X-Storage
CDN-CachedAt
CDN-Cache
X-Platform-Server
X-Human
CDN-Uid
X-Debug-Cache
X-Status
X-Cache-Type
X-Cache-Tags
X-BYPASS-REASON
X-Region
X-Xfnlog-Site
CDN-RequestId
X-Web-Node
Eomportal-Instance
X-Forwarded-Host
CDN-RequestCountryCode
X-Cache-Host
X-TT-LOGID
X-Webkit-CSP
X-Backend-Name
X-ShardId
X-ShopId
X-Shopify-Stage
X-ServerID
X-Proxied
X-Routing-Service
X-SaId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Extlb
X-Sorting-Hat-ShopId
X-Content-Powered-By
X-Varnishpool
X-Zipkin-Id
Webserver
X-Tid
X-Nginx-Cache-Key
X-JoinUs
X-Hl-Ver
X-Adobe-Source
X-Cache-Operation
X-Accel-Buffering
X-Proxy-Build
Selected-Fe
X-Handled-By
X-Timing-Wait
ServedBy
X-NewRelic-App-Data
X-PHP-Host
X-Locale
X-Labrador-Cache-Channel
X-Datadome
X-GG-Cache-Date
X-Cache-Remote
X-APP-VERSION
X-Rewrite-Enabled
Xserver
X-Dc
X-VWS-Id
X-AWS-Id
SID
X-LJ-Flow-ID
X-Pubstack
X-App-Version
X-VC-Cache
X-Soup
X-LSADC-Cache
SRV
X-Cached-By
LB
X-Buckets
X-CDN-Forward
X-Proto
Web-Mar-Node
Country-Code
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Edge-Location
X-Storefront-Renderer-Rendered
X-Reqid
X-Request-Host
Fastly-Drupal-Html
X-Microcachable
Mime-Version
X-Ratelimit-Limit
Onion-Location
X-TA-CDN-Provider
X-GEO
X-Cms-Context
X-Origin-TTL
X-Origin-CC
Server-Info
X-Ms-Request-Id
X-Ms-Version
X-Varnish-Hostname
Xet-Cookie
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Cache-Hits
X-NCache
X-MP-GENERATED-AT
X-Cluster
Load-Balancing
X-CSRF-Token
X-B3-SpanId
X-GeoCountry
X-GeoCode
X-Tec-Api-Version
DynaTrace
X-Bc-Bl
X-Tec-Api-Origin
X-Tec-Api-Root
X-Air-Hostname
X-Air-Trace-Id
X-SRV
X-Air-Source
X-Varnish-Hits
X-Amz-Apigw-Id
X-R9-Blue-Green-Version
X-Midtier
X-Amzn-RequestId
X-Varnish-Beresp-Grace
Cache-Name
X-RCS-CacheZone
X-Endurance-Cache-Level
X-Envoy-Decorator-Operation
X-Azure-Ref
Rendered-Blocks
Sslversion
Odigeo-Trace-Id
X-A
X-A-Ccd
Pramga
Surrogated-Key
T-Server
DB-Nickname
Cmsid
Cmstype
Cdnsip
Cdncip
A
BehaviorPad-Version
DCR-Decision-By
DCR-Processing-Time-Ms
Meta-Geo-Continent
Mobile-Detection-Method
Lang
Host-ID
Expiry
Fastcgi-X-Cache-Version
NM-Fastcgi-Cache
X-External-Request-Id
X-Processor
X-PBS-Appsvrname
X-Rojux
X-S
X-ScT
X-S-Cookie
X-PAYTM-SRV-ID
X-Orig-Expires
X-LAGOON
X-Ig-Push-State
X-Men
X-NAPM-TraceId
X-NodeID
X-SD-PageType
X-Session-Fingerprint
X-VG-WebCache
X-Vdms-Version
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Webstats-RespID
X-Vdms-Path
X-User
X-SRCache-Key
X-Shop-Environment
X-Tenant
X-TIM-N
X-TrackingId
X-HS-Content-Campaign-Id
X-Hash
X-Cache-Bucket
X-B-Cookie
X-Cache-Id
X-Cache-NE
X-CF-Lambda-Fn
X-Cdn-Srv
X-ARC
X-Application
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Aed
X-AK-Request-ID
X-CF-Lambda-Version
X-Conf
X-From
X-Forwarded-Path
X-Ftr-Request-Id
X-Geo-Header
X-Gzip
X-Esi-Check
X-Epic-Correlation-Id
X-Destination
X-D
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-A-Dam
X-Connection-Hash
X-Magnolia-Registration
X-Via-NSCOPI
X-Origin-Response-Time
Platform
X-Location
X-Loop
X-Mvc-Supplant-Cachable
X-Planisys-CDN-TTL
Producers
Server-Host
X-Irp-Debug
X-Is-Gdpr
X-JWT-State
X-Node-Id
X-Nyt-Route
X-Block-Status
X-Planisys-CDN-Cache
Memcached
Mail-Subject
X-Origin-Expires
X-Origin
X-Hnp-Log
X-Planisys-CDN-Rules
X-Old-Content-Length
Machine
State
X-DefElseHash
X-DefHash
X-Device-Os
X-DPWN-IS-SECURE
X-Amzn-Remapped-Content-Length
X-Core-Value
X-Cache-Backend
X-Cache-Info
X-Ckpd-Fst-Backend
X-Clara-WADP
Web-Mar-Region
We-Hiring
X-Gen-Mode
Svr
X-GeoIP
Is-Eu
X-Gdpr
X-Fmm-Version
Vix-Hermes-Req-Id
V-Age
User-Cache-Control
X-Fastly-Cache
X-Has-Esi
X-Origin-Time
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
AKAMAI
Adler-Geo
X-VG-TLSProxy
X-Variation
X-V-Cache
X-Sigma
X-Sigma-Backend
X-Slack-Backend
X-TNCMS
X-Viewer-Country
X-WADP-Cache
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Developers
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Wix-Viewer-Type
X-Worker
Apple-News-Services-Handled
Apple-News-Services-Host
X-Tx-Id
X-Varnish-CookieHashed-On
Fastly-GeoIP-CountryCode
X-SB
Environment
X-Rocket-Build-Number
X-Scheme
X-Request-URI
X-Server-IP
CDN
Source
Locid
X-DB
X-Proxy-Upstream
X-Platform
X-DSS
X-Pool
X-Datadog-Trace-Id
X-Proxy-Cache-Info
X-DI
X-Datadog-Parent-Id
X-Cdn-Origin
X-CGP
X-Ec-Custom-Error
X-Pod-Name
X-Branch-Name
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Csrf-Jwt
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Qloud-Router
X-Core-Mission
X-Datadog-Sampling-Priority
X-DW
X-Httpd
HostName
X-HN
X-RSL
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Loc
X-Minions-Version
X-Sn-Servicetimems
X-Level-Front-Cache
X-GeoIP-City
X-Rebelmouse-Cache-Control
X-VarnishDD-TTL
X-Fetched-On
X-Eu-Site
X-Time
X-Forwarded-Site
X-Gamma-Serve
X-RPS
X-Generated-On
X-RPM
X-Rocket-Nginx-Serving-Static
X-Response-By
X-Policy
Fastcgi-Cache-TTL
Fastly-SIE
N-Cache
Req-Svc-Chain
CDCHOST
Cluster
Fastly-SWR
Gh-Request-Id
L
L5d-Success-Class
Kp-EeAlive
Traceparent
Ha-Gx-Prefs
HA-Ipaddr
Arc-Country
X-Aicache-OS
Origin-EX
Origin-CC
X-Auto-Login
PFcat
X-BBC-Edge-Cache-Status
Redirect-Candidate
X-TraceId
X-CS
Thinkindot-Control
X-VServer
Cache
Ssr
Thinkindot-CacheControl
TDXMobile
X-TIME
X-Cache-Date
X-EC-Lua
Release
X-Served-From
X-Thinkindot-L3
Origin
X-Date
Thinkindot-CacheControl-Type
X-Accel-Expires-Debug
CloudFront-Viewer-Country
X-Skip-Cache
X-Optimistic-Header
MD5-Digest
AMP-Access-Control-Allow-Source-Origin
X-Parent-Response-Time
X-Owner
X-GeoIP-Country-Code
X-GeoIP-Region-Code
NGX
GEO-INFO
X-NC
DSUID
X-CacheTTL
X-ZONE
X-VC
Pics-Label
X-Dispatcher-Number
X-Akamai-Transformed
X-Srv
Servername
Sever-Int
X-Via-Ucdn
Server-Hostname
X-SIPLIST1
X-LB-NoCache
IsBot
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Refresh
X-Ah-Environment
X-Scale
Server-Ext
X-Udemy-Cache-App-Namespace
Ms-Author-Via
X-API-Version
X-Edge-Pop
Env
Memory
X-Generated-In
X-Mvc-Supplant-OutputCached
X-Cache-Debug
Time
Fusion-Component-Id
X-Newrelic-Synthetics
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
X-Wikidot-Static-Cache
X-Wikidot-Backend
Ohc-File-Size
Geo-Info
CacheControlHeader
X-Varnish-Ttl
X-Xrds-Location
X-Tt-Logid
X-Action
X-TH-Server
Cache-Key
GeoIp-Country-Code
Datacenter
X-Via-Popv
X-Amz-Meta-Cb-Modifiedtime
Candidate-Md5Url
X-Ad-Defer-Variation
X-BCube-Filmed-By
True-Client-Country-4JS
X-IPLB-Request-ID
X-Via-Popn
X-Via-Poph
X-Backend-TTL
CPC-Age
X-Contensis-Viewer-Groups
X-Cache-ASPX
CPC-Cache
VNS-Age
XM
X-SplitTest
VNS-Cache
X-Servedbyhost
X-HA-Backend
X-RateLimit-Reset
X-Varnish-Authentication
X-S-Maxage
X-Presslabs-Stats
X-WA-Info
ITXSESSIONID
Geoip-Latitude
Client
FSS-Cache
Fastly-Backend-Name
X-Vc
X-Provided-By
Server-ID
Edge-Cache
X-Req
X-Micro-Cache
Path
X-Varnish-Beresp-TTL
X-VCL-Version
X-Dynatrace
X-Cache-Status-Check
X-VHOST
X-AIR-PT
My-App
X-CACHE-KEY
X-DC
X-Trace-ID
X-Zone
Cache-Host
Hostname
X-Cs
X-Pass-Why
X-Origin-Upstream-Status
Ohc-Cache-HIT
X-Up
X-TX-ID
Ngx.Var.Host
DataCenter
Lb
X-Fpc
True-Client-IP
NtCoent-Length
X-FireWall-Port
X-Webkit-Csp-Report-Only
X-LB-ID
X-FPC
XkeyRZ
X-Clientip
X-Proxy-CacheRZ
X-Api-Version
X-Varnish-Beresp-Ttl
Test
Powered-By
X-LI-UUID
OT-Force-Account-Verify
X-Li-Fabric
X-Traceid
X-Li-Pop
X-NGINX-Cache
X-B3-Spanid
Cf-Int-Pingora-Origin-Digest
X-Cdn-Request-ID
X-ND-Cache
X-UnsetCookies
X-CSRF-TOKEN
X-Correlation-ID
User-Agent
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Node
X-Beluga-Cache-Status
X-Beluga-Trace
X-Vcl-Version
X-Beluga-Status
X-CUA
X-Time-Microsecs
X-Webkit-CSP-Report-Only
X-MSEdge-Flight
X-Geo
Server-Id
WZWS-RAY
Proxy-Connection
X-Fragments
X-RAMCache
X-Dmc
Tracecode
X-MSEdge-Features
Target-Params
Cf-Device-Type
X-CLOUD-TRACE-CONTEXT
X-Azure-Ref-OriginShield
X-URL
X-Render-Time
X-B3-Traceid-Primal
X-Sucuri-ID
X-Sucuri-Cache
X-INCAP-ABP
X-Fastly-Backend
Resin-Trace
X-FC-Vary-Parameters
Lfy
MIME-Version
X-HS-Status
X-ServedByHost
Uri
X-Ha-Backend
X-Via-PopH
X-Var-Ttl
X-Platform-Processor
X-Platform-Cluster
X-Via-PopV
X-Via-PopN
X-Platform-Router
X-ATG-Version
GeoIP-Country-Code
Fastly-Drupal-HTML
GeoIP-Latitude
Sid
Srvid
Tcn
X-PX
X-Check-Cacheable
X-M-Reqid
X-Qnm-Cache
Rip
X-CCDN-CacheTTL
X-NU-AKA-ACS-Version
X-Fetch-By
X-LI-Proto
X-M-Log
X-DynaTrace-JS-Agent
X-Li-Proto
X-Varnish-Beresp-Status
X-Alfa-Service
ENV
X-Gateway-Cache-Key
X-CCDN-Origin-Time
X-Proxy-Cache-Hk
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Hcs-Proxy-Type
X-Gateway-Request-Id
Epwk-X-Cache
X-Service
C-Via
X-Akamai-Pragma-Client-IP
X-TRACE-ID
Magicmarker
Tube-Return
Tube-Got-Eval
Click-Count-Error
Click-Count-Action-Start
X-Backend-Host
Tube-Get-Contents
Tube-Got-Results
X-Fastly-Backend-Reqs
Esi-Enabled
X-Backend-State
HIT
X-Cdn-Forward
X-Esi
Cdn
XServer
X-Request-Start
X-Edge-POP
On-Server
X-Cache-Expires
X-Cache-CFC
Srv
X-Srcache-Fetch-Status
X-MG-S
X-Srcache-Store-Status
X-LiteSpeed-Cache-Control
X-ElasticPress-Query
X-App
X-Yottaa-OS
Section-Io-Origin-Time-Seconds
PICS-Label
X-Lb-Nocache
X-Newrelic-App-Data
CF-Cached-On
ServerName
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
X-Thanos
Server-Ttl
X-APP
X-Bip
Inserted-Into-Cache-At
X-Iplb-Instance
X-Acquia-Purge-Tags
X-BBC-Origin-Response-Status
X-Iplb-Request-Id
D-Url-Rewrites
X-Acquia-Site
Wpo-Cache-Status
Cf-Ipcountry
X-Serial
X-Vcache
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Wpo-Cache-Message
X-Nc
Warning
Servedby
X-HostName
X-IN-APIGATEWAY
X-B3-Parentspanid
Cneonction
X-Snapshot-Date
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Ngx
Fastcgi-Cache-Ttl
X-Request-Url
X-Litespeed-Cache-Control
X-Cache-Config
X-IN-APIGATEWAYSSL
X-CF-Powered-By
CountryCode
M-TraceId
X-Dw-Trace-Id
X-Swift-Error
X-Shopify-Generated-Cart-Token
X-Akamai-Request-ID
X-LiteSpeed-Tag
Content-Script-Type
Content-Style-Type
X-Request-URL
X-Akamai-ERPolicy
X-Dist-Code
X-Storefront-Renderer-Verified
X-Th-Server
X-Back
X-Release
X-Akamai-ERRuleID