Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
X-CONTENT-TYPE-OPTIONS
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Rq
Grace
X-Dns-Prefetch-Control
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
X-Dispatcher
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Nginx-Cache-Status
Allow
X-Cache-Spec
X-Device
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Server-Id
X-Aws-Lambda-Call-Status
X-CST
Surrogate-Control
Accept-CH
Request-Id
X-Backend-Server
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
X-Application-Context
Xkey
Accept-CH-Lifetime
Cf-Edge-Cache
Content-Location
X-ASPNET-VERSION
X-Cloud-Trace-Context
Rating
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-Url
X-EdgeConnect-MidMile-RTT
Fastly-Restarts
X-Country
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-MS-InvokeApp
X-Vname
X-PC
X-TtlSet
X-Rack-Cache
X-Ruxit-JS-Agent
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Varnish-TTL
X-ESI
X-VARITI-CCR
X-Content-Type
Cache-Tag
X-Vcap-Request-Id
X-B3-TraceId
X-Exp-Id
X-Amz-Rid
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Dw-Request-Base-Id
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Cnection
X-Ac
X-Px
X-D2id
X-Element-Page-Cache
Verso
X-Navigation-Version
X-RateLimit-Remaining
Accept-Ch
X-Abt-Application-Version
X-Client-IP
X-Cache-TTL
X-Powered-By-Plesk
X-FastCGI-Cache
X-Middleton-Display
Display
X-Sol
Pagespeed
Service-Worker-Allowed
X-Ser
X-Edge
X-Version
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
X-Ruxit-Js-Agent
Response
X-Middleton-Response
Access-Control-Request-Method
X-NF-Request-ID
X-Goog-Hash
X-Correlation-Id
X-Ttl
AR-Request-ID
AR-CACHE
AR-SID
AR-PoweredBy
X-Kinsta-Cache
AR-ATIME
X-Upstream
X-Edge-Location-Klb
SPIisLatency
SPRequestDuration
X-Webkit-Csp
X-TTL
X-NWS-LOG-UUID
X-LLID
X-Cached
X-Powered-CMS
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
Nginx-Cache
Edge-Cache-Tag
X-RateLimit-Limit
SPRequestGuid
X-SharePointHealthScore
TCN
X-Cache-Key
X-Forwarded-For
X-Litespeed-Cache
MRF-Tech
Mrf-Cache-Status
X-MSEdge-Ref
Content-MD5
MS-Author-Via
X-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-T
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Recruiting
S
X-Mg-S
X-Content-Digest
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Protected-By
X-Ua-Device
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Frontend
X-Ezoic-Cdn
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
MicrosoftSharePointTeamServices
X-DataDome
X-Content
X-Ua-Browser
X-HS-Combine-CSS
Server-Node
X-Ab
X-Request-Processing-Time
X-Request-Received
Front-End-Https
X-Accel-Expires
X-Grace
X-Yandex-Sdch-Disable
X-ORACLE-DMS-ECID
Filters
X-ORACLE-DMS-RID
X-ECACHE
Fastcgi-Cache
X-Server-ID
X-Mid
X-Hits
X-Origin-Server
TP-L2-Cache
X-PressLabs-Stats
X-Distributor
TP-Cache
X-Geo-Country
X-Ratelimit-Reset
X-Debug-Info
X-DynaTrace
X-Tt-Trace-Host
Pinterest-Generated-By
X-Tt-Trace-Tag
X-Pinterest-Rid
X-Amzn-Trace-Id
Pinterest-Version
Charset
Cleartype
X-Page-Id
Host
X-DIS-Request-ID
X-F-Cache
X-Git-Hash
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Www-Served-By
X-LB-Cache
X-Request-Handler-Origin-Region
X-Forwarded-Proto
X-Microsite
Access-Control-Allow-Method
X-Cache-Age
ServerID
Cache-Tags
X-Seen-By
X-Activity-Id
X-AppVersion
X-Az
X-Language
X-WebKit-CSP-Report-Only
X-Cluster-Name
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Realpath
Accept-Charset
Cache-Status
X-Varnish-Age
X-MCACHE
Server-Name
Filterid
X-Aspnetmvc-Version
X-Rid
X-Type
X-Content-Options
X-App-Environment
X-Nginx-Upstream-Cache-Status
X-Upgrade-Enabled
X-Varnish-Grace
Country
X-Mobile-URL
Viewport
X-Tb
X-FB-Debug
Node
X-User-Agent
X-Origin-Cache
X-B-Cache
X-Route-Name
X-Request-Guid
X-Wix-Request-Id
X-Whom
DC
X-Signature
X-Drupal-Cache-Tags
X-Flags
X-Is-Crawler
X-XRDS-LOCATION
X-Providence-Cookie
Paypal-Debug-Id
X-Aspnet-Duration-Ms
X-NWS-UUID-VERIFY
X-TT
Retry-After
X-Goog-Storage-Class
X-Oracle-Dms-Ecid
Protected
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-VCache
X-Goog-Stored-Content-Length
X-Varnish-Backend
X-Oracle-Dms-Rid
X-Via-JSL
Fastcgi-Useragent
X-Fastly-Request-ID
X-Cache-NGX
X-B
X-Amz-Replication-Status
Payment
X-Contextid
X-Debug
X-N
X-Fastly-Request-Id
X-Logged-In
X-Fastcgi-Cache
X-Template
WPO-Cache-Status
WPO-Cache-Message
X-Load-Cache
X-XRDS-Location
X-FW-Static
X-FW-Type
Surrogate-Key
X-FW-Dynamic
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Cache-Control
X-B3-Traceid
Count-Hit
X-Trace-Id
Amp-Access-Control-Allow-Source-Origin
X-Amz-Meta-S3cmd-Attrs
X-Hostname
X-Node-Name
X-Mcache
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
X-Proxy
Akamai-GRN
Refresh
Healthy
VIX-Pulpo-Upstream-Status
Uber-Trace-Id
X-UUID
X-Rendered-As
X-Revision
Content-Disposition
VIX-Pulpo-Node
X-Real-IP
X-Is-Bot
X-G
X-Jobs
X-Cache-Time
X-Cacheable-TTL
Alternate-Protocol
X-Zen-Fury
X-Framework
X-Cache-TTL-Remaining
X-Page-View
X-Akamai-Request-ID2
X-Mobile
X-Adobe-Loc
X-Http-Reason
X-Yottaa-Metrics
X-Debug-IsPreview
NGB
X-Debug-IsConnected
X-Adobe-Content
X-Device-Type
X-Yottaa-Optimizations
X-Drupal-Cache-Contexts
X-Proxy-Cache-Status
Access-Control-Request-Headers
X-Instance
X-IPLB-Instance
Permissions-Policy
X-Parallel-Accel
Url
X-Servername
X-Source
From-Origin
X-Cache-Rule
Version
X-Cache-Grace
X-COUNTRY
X-Vgn-Hpd-Reason
X-ECache
X-Varnish-Server
Accept-Language
X-Environment-Context
X-L-Path
X-Mg-Request-UUID
X-Cache-Hit
X-Cache-Expired-At
X-EdgeConnect-Cache-Status
X-NGENIX-Cache
X-Restarts
Referer-Policy
X-Oneagent-Js-Injection
MS-CV
X-RTag
Ms-Operation-Id
X-App-Server
X-Ratelimit-Remaining
X-FW-Version
Countrycode
Cross-Origin-Window-Policy
Liferay-Portal
X-IPS-LoggedIn
X-Datadome
X-Tumblr-User
X-HTML-Minification-Powered-By
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Cache-Action
X-NYM-Debug-Backend
Frame-Options
Backend
X-ProcessESI
X-APP-VERSION
X-RemovedCookies
Content-Secure-Policy
CF-IPCountry
WP-Super-Cache
Meta-Geo
X-UPSTREAM-Address
Upgrade-Insecure-Requests
Section-Io-Cache
X-PCL
X-OCL
X-Hyper-Cache
X-Cache-Server
X-Redis-Cache
X-RN-RSRV
X-Nginx-Cache
X-No-Session
X-Content-Age
X-Section
X-Cache-Enabled
Ec-Rule-Version
X-Detected-As
Cache-Tv-Group
X-Format
X-Access
X-Cluster-Node
X-Generation-Time
X-FB-TRIP-ID
X-Ua
Apigw-Requestid
X-PHP-Backend
TWC-Connection-Speed
TWC-Device-Class
X-Request-Time
X-Origin-Date
S-Rt
Azure-RegionName
Azure-InstanceId
Webserver
Azure-SiteName
Azure-SlotName
X-Server-W
Azure-Version
X-Site-Version
X-Human
X-Sql-Duration-Ms
TWC-GeoIP-Country
X-Storage
X-Hosted-By
X-Sql-Count
Mn-Server-Ip
Property-Id
X-Generated-By
X-Origin-Hint
X-Be
X-SayCDN-TTL
X-Web-Node
X-Via-Fastly
Webcakes-Region
TWC-Locale-Group
X-Region
X-PERF
X-Say-Cacheable
X-ApacheServer
X-Akamai-Edgescape
Fastly-SSL
X-Say-TTL
X-Mode
X-AOL-HN
X-Varnish-Cache-Hits
X-UA-Device-Type
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
X-Uri
CDN-RequestId
CDN-RequestCountryCode
Eomportal-Instance
CDN-Uid
X-Rule
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
X-Xfnlog-Site
X-Urbn-Context-Path
X-Nginx-Cache-Key
X-Unique-Id
X-Cache-Host
X-Cache-Tags
X-Debug-Cache
X-Content-Powered-By
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
X-Platform-Server
X-Urbn-Site-Id
Locale
X-Status
X-Extlb
X-SaId
X-ServerID
X-JoinUs
X-Cache-Type
X-Hl-Ver
X-Alternate-Cache-Key
X-Routing-Service
X-Backend-Name
X-Varnishpool
X-Tid
X-Sorting-Hat-ShopId
X-Forwarded-Host
X-TT-LOGID
X-Adobe-Source
X-Zipkin-Id
X-Sorting-Hat-PodId
X-Proxied
X-ShardId
X-ShopId
X-Shopify-Stage
X-Handled-By
X-Webkit-CSP
X-Timing-Wait
X-Proxy-Build
ServedBy
Selected-Fe
X-PHP-Host
X-GG-Cache-Date
X-Labrador-Cache-Channel
X-Locale
X-Accel-Buffering
X-Cache-Operation
X-VWS-Id
X-LJ-Flow-ID
X-NewRelic-App-Data
X-AWS-Id
X-Cache-Remote
X-VC-Cache
SID
X-LSADC-Cache
X-Rewrite-Enabled
X-Ratelimit-Limit
X-Dc
Xserver
X-Cached-By
X-Soup
X-TA-CDN-Provider
X-Pubstack
Fastly-Drupal-Html
Mime-Version
X-Proto
X-Midtier
X-Storefront-Renderer-Rendered
X-Edge-Location
X-CDN-Forward
Web-Mar-Node
X-Buckets
X-GEO
SRV
X-Cms-Context
X-Reqid
Onion-Location
Country-Code
Decoy-Debug-Key
Decoy-Debug-Status
X-Request-Host
Decoy-Debug-TTL
LB
X-Microcachable
X-Varnish-Hostname
X-App-Version
X-GeoCode
Load-Balancing
X-GeoCountry
Cache-Hits
X-Origin-TTL
X-Origin-CC
Server-Info
Xet-Cookie
X-Ms-Request-Id
X-Ms-Version
X-Cluster
X-Varnish-Hits
X-Tumblr-Pixel-3
X-SRV
X-Tumblr-Pixel-2
X-MP-GENERATED-AT
X-Magnolia-Registration
X-NCache
X-Air-Hostname
X-Bc-Bl
X-Air-Trace-Id
DynaTrace
X-B3-SpanId
X-Air-Source
X-CSRF-Token
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Envoy-Decorator-Operation
X-R9-Blue-Green-Version
Cache-Name
X-RCS-CacheZone
X-Endurance-Cache-Level
X-Origin-Response-Time
X-Varnish-Beresp-Grace
X-Gzip
Cdnsip
X-Hash
X-Geo-Header
X-A-Dgt
NM-Fastcgi-Cache
Cdncip
Cmsid
DCR-Decision-By
DB-Nickname
X-NAPM-TraceId
DCR-Processing-Time-Ms
X-NodeID
Cmstype
X-LAGOON
X-Ig-Push-State
X-A-Dcw
X-A-Dam
X-Ftr-Request-Id
X-HS-Content-Campaign-Id
X-Aed
X-Connection-Hash
X-Conf
A
X-D
X-B-Cookie
X-Cache-Bucket
X-Cache-Id
X-Cache-NE
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Destination
X-Developer
X-External-Request-Id
X-Esi-Check
BehaviorPad-Version
X-A-Wwc
X-Forwarded-Path
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-ARC
X-Application
X-AK-Request-ID
X-Ec-Fail
X-From
X-A
X-User
Lang
Sslversion
Rendered-Blocks
X-TrackingId
X-TIM-N
X-SRCache-Key
Host-ID
X-A-Ccd
X-Tenant
X-Vdms-Path
X-Vdms-Version
X-Webstats-RespID
Meta-Geo-Continent
Mobile-Detection-Method
Xc-Version
X-Azure-Ref
Odigeo-Trace-Id
Pramga
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
T-Server
Surrogated-Key
Fastcgi-X-Cache-Version
X-Processor
X-S
Expiry
X-PBS-Appsvrname
X-Orig-Expires
X-PAYTM-SRV-ID
X-S-Cookie
X-Rojux
X-Session-Fingerprint
X-Shop-Environment
X-ScT
X-SD-PageType
X-Tx-Id
Source
V-Age
X-Amzn-Remapped-Content-Length
Vix-Hermes-Req-Id
Wxu-Next-Hostname
User-Cache-Control
Wxu-Next-Region
Wxu-Next-Commit
Platform
Web-Mar-Region
Svr
Producers
X-Block-Status
State
X-Cache-Backend
We-Hiring
Server-Host
X-Gdpr
X-Server-IP
X-Scheme
X-Sigma
X-Sigma-Backend
X-Slack-Backend
X-SB
X-Rocket-Build-Number
X-Origin-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Viewer-Country
X-VG-TLSProxy
X-WADP-Cache
X-Wix-Viewer-Type
X-Worker
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-TNCMS
X-V-Cache
X-Variation
X-Varnish-CookieHashed-On
X-Origin-Expires
X-Origin
X-Device-Os
X-Developers
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Fastly-Cache
X-DefHash
X-DefElseHash
X-Ckpd-Fst-Backend
X-Clara-WADP
X-Core-Mission
X-Core-Value
X-Fetched-On
X-Fmm-Version
X-Loop
X-Location
X-Mvc-Supplant-Cachable
X-Node-Id
X-Nyt-Route
X-JWT-State
X-Is-Gdpr
X-Gen-Mode
X-Has-Esi
X-Hnp-Log
X-Irp-Debug
X-Cache-Info
X-GeoIP
Fastly-GeoIP-CountryCode
Environment
AKAMAI
Adler-Geo
X-Time
Is-Eu
Cache
Mail-Subject
Machine
Memcached
Apple-News-Services-Request-Url
CDN
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Via-NSCOPI
X-ZONE
X-Varnish-Ttl
X-Auto-Login
X-Cache-Date
X-VServer
X-Minions-Version
X-Qloud-Router
X-Men
X-BBC-Edge-Cache-Status
X-Branch-Name
X-Cdn-Origin
X-Httpd
N-Cache
X-Policy
X-Region-Sid
X-Response-By
X-Rocket-Nginx-Serving-Static
X-Pool
X-Proxy-Cache-Info
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Proxy-Upstream
X-Pod-Name
X-Platform
X-Forwarded-Site
X-Skip-Cache
X-Sn-Servicetimems
Arc-Country
X-Served-From
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Thinkindot-L3
X-Aicache-OS
Kp-EeAlive
Ssr
MD5-Digest
X-Generated-On
Gh-Request-Id
TDXMobile
X-Gamma-Serve
Thinkindot-Control
Thinkindot-CacheControl-Type
Locid
X-Loc
Origin
X-Level-Front-Cache
X-GeoIP-City
Origin-CC
Origin-EX
Req-Svc-Chain
Release
Redirect-Candidate
X-Request-URI
Thinkindot-CacheControl
Fastly-SWR
Fastly-SIE
Cluster
CloudFront-Viewer-Country
X-RateLimit-Limit-Second
Fastcgi-Cache-TTL
Traceparent
X-RateLimit-Remaining-Second
X-Parent-Response-Time
X-CacheTTL
DSUID
Ha-Gx-Prefs
X-Csrf-Jwt
NGX
HA-Ipaddr
X-CGP
PFcat
X-Eu-Site
X-Dispatcher-Number
X-Optimistic-Header
X-Old-Content-Length
X-HN
X-VarnishDD-TTL
HostName
L
L5d-Success-Class
CDCHOST
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-CS
X-NC
AMP-Access-Control-Allow-Source-Origin
X-Owner
X-WP-CF-Super-Cache-Cache-Control
X-Via-Ucdn
X-TraceId
X-DW
X-WP-CF-Super-Cache
X-SIPLIST1
Server-Ext
IsBot
X-Scale
Sever-Int
X-EC-Lua
X-DI
X-Refresh
X-DSS
X-RPM
X-RPS
X-RSL
X-DB
Server-Hostname
X-TIME
X-Srv
X-IPLB-Request-ID
Pics-Label
X-VC
X-Tb-Optimization-Total-Bytes-Saved
Memory
Time
X-Accel-Expires-Debug
Env
X-Date
Ohc-File-Size
Servername
X-LB-NoCache
X-Mvc-Supplant-OutputCached
X-Ah-Environment
X-GeoIP-Region-Code
X-Tt-Logid
X-Newrelic-Synthetics
X-Edge-Pop
X-GeoIP-Country-Code
Ms-Author-Via
X-Udemy-Cache-App-Namespace
GEO-INFO
X-Akamai-Transformed
Cache-Key
Candidate-Md5Url
X-BCube-Filmed-By
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-CACHE-KEY
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Debug
X-Ad-Defer-Variation
Datacenter
X-Generated-In
X-API-Version
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-SplitTest
GeoIp-Country-Code
X-Via-Poph
VNS-Cache
CPC-Cache
Geo-Info
CPC-Age
VNS-Age
XM
X-Via-Popv
X-Via-Popn
X-Xrds-Location
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Content-Source
X-Varnish-Authentication
X-HA-Backend
X-Servedbyhost
ITXSESSIONID
Fastly-Backend-Name
X-WA-Info
CacheControlHeader
X-S-Maxage
X-Cache-Status-Check
X-Micro-Cache
X-Action
True-Client-Country-4JS
Path
X-Presslabs-Stats
X-TH-Server
X-RateLimit-Reset
X-Vc
X-DC
X-Backend-TTL
X-AIR-PT
Geoip-Latitude
X-VCL-Version
Client
Cache-Host
Server-ID
Lb
FSS-Cache
Ohc-Cache-HIT
Hostname
X-VHOST
X-Varnish-Beresp-TTL
X-Cs
True-Client-IP
Ngx.Var.Host
Edge-Cache
X-Req
X-Trace-ID
X-Provided-By
My-App
X-Api-Version
XkeyRZ
X-Proxy-CacheRZ
X-TX-ID
X-Clientip
X-Fpc
X-FireWall-Port
X-Zone
NtCoent-Length
X-Dynatrace
X-Origin-Upstream-Status
Powered-By
X-Webkit-Csp-Report-Only
X-Pass-Why
X-Up
X-NGINX-Cache
X-Varnish-Beresp-Ttl
X-PX
X-FPC
X-B3-Spanid
DataCenter
X-Traceid
X-LB-ID
X-CSRF-TOKEN
Test
Cf-Int-Pingora-Origin-Digest
X-MSEdge-Features
X-LI-UUID
X-Li-Fabric
X-Cdn-Request-ID
X-Dmc
X-MSEdge-Flight
X-Li-Pop
X-Correlation-ID
OT-Force-Account-Verify
X-UnsetCookies
Server-Id
X-INCAP-ABP
X-Webkit-CSP-Report-Only
X-ND-Cache
X-Beluga-Node
X-Vcl-Version
X-Beluga-Cache-Status
User-Agent
X-Beluga-Record
X-Render-Time
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Trace
X-HS-Status
Rip
X-CUA
X-Time-Microsecs
Proxy-Connection
C-Via
WZWS-RAY
X-Check-Cacheable
X-CLOUD-TRACE-CONTEXT
X-RAMCache
X-Service
GeoIP-Latitude
X-Alfa-Service
X-Via-PopH
X-Platform-Cluster
X-Platform-Processor
X-Ha-Backend
X-Gateway-Cache-Key
Tube-Got-Results
X-Platform-Router
X-Via-PopN
X-Via-PopV
Tube-Return
X-ServedByHost
X-URL
X-Gateway-Request-Id
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-B3-Traceid-Primal
Tube-Got-Eval
Cf-Device-Type
Target-Params
Tracecode
Click-Count-Action-Start
Tube-Get-Contents
X-Fragments
Click-Count-Error
Srvid
X-Azure-Ref-OriginShield
X-Geo
Sid
GeoIP-Country-Code
X-Fastly-Backend
X-FC-Vary-Parameters
Uri
X-Sucuri-Cache
Esi-Enabled
X-Sucuri-ID
Resin-Trace
X-Var-Ttl
X-ATG-Version
Lfy
X-Akamai-Pragma-Client-IP
MIME-Version
X-Qnm-Cache
HIT
X-M-Reqid
X-Proxy-Cache-Hk
X-Hcs-Proxy-Type
X-M-Log
Srv
X-LI-Proto
X-Fetch-By
On-Server
X-Fastly-Backend-Reqs
X-DynaTrace-JS-Agent
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Epwk-X-Cache
X-Cdn-Forward
X-LiteSpeed-Cache-Control
X-TRACE-ID
Fastly-Drupal-HTML
X-Backend-Host
ENV
X-Varnish-Beresp-Status
Magicmarker
X-NU-AKA-ACS-Version
X-Li-Proto
X-Esi
Cdn
X-App
X-Backend-State
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-APP
Section-Io-Origin-Status
Section-Io-Id
XServer
X-Edge-POP
X-Cache-Expires
ServerName
X-Lb-Nocache
X-Srcache-Fetch-Status
X-MG-S
X-Srcache-Store-Status
CF-Cached-On
Tcn
X-Newrelic-App-Data
X-ElasticPress-Query
X-Cache-CFC
Inserted-Into-Cache-At
Server-Ttl
X-Request-Start
X-Yottaa-OS
CountryCode
PICS-Label
X-Thanos
Cf-Ipcountry
D-Url-Rewrites
Wpo-Cache-Message
X-Iplb-Instance
Wpo-Cache-Status
X-BBC-Origin-Response-Status
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Iplb-Request-Id
X-Serial
X-Vcache
X-Nc
X-Bip
Servedby
Warning
X-HostName
Hit
X-Fastly-Cache-Hits
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Vercel-Cache
X-Vercel-Id
X-Shopify-Generated-Cart-Token
X-IN-APIGATEWAYSSL
X-Litespeed-Cache-Control
Cneonction
Ngx
X-IN-APIGATEWAY
X-B3-Parentspanid
X-Akamai-Request-ID
X-LiteSpeed-Tag
X-Swift-Error
X-Snapshot-Date
X-Request-Url
X-Back
X-Th-Server
X-Storefront-Renderer-Verified
X-CF-Powered-By
Content-Style-Type
Content-Script-Type
X-Dist-Code
X-Release
X-Dw-Trace-Id
X-Request-URL