Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
Access-Control-Allow-Origin
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
P3p
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
Keep-Alive
EagleId
Request-Context
X-Age
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Akamai-Path-Stats
X-Vhost
X-Ua-Compatible
X-Amz-Version-Id
X-LiteSpeed-Cache
CONTENT-SECURITY-POLICY
X-Dispatcher
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-Cache-Spec
X-Device
X-WebKit-CSP
Allow
Cf-Railgun
X-Page-Speed
X-Host
X-Node
X-Pingback
X-Aws-Lambda-Call-Status
X-Server-Id
X-CST
Surrogate-Control
X-Backend-Server
Request-Id
Accept-CH
X-Akam-SW-Version
X-Readtime
X-Cache-Lookup
X-HW
X-Response-Time
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Cf-Edge-Cache
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-Trace
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch-Lifetime
X-Country
Fastly-Restarts
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-MS-InvokeApp
X-Rack-Cache
X-Varnish-TTL
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-ESI
X-Content-Type
X-VARITI-CCR
X-B3-TraceId
Accept-Ch
Cache-Tag
X-Vcap-Request-Id
X-Amz-Rid
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Ac
X-Dw-Request-Base-Id
Public-Key-Pins
X-Cnection
X-Amz-Server-Side-Encryption
X-Px
X-RateLimit-Remaining
X-Element-Page-Cache
X-D2id
Verso
X-Navigation-Version
X-Client-IP
X-Abt-Application-Version
X-Cache-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
X-Sol
Display
Pagespeed
X-Middleton-Display
X-Ser
X-FastCGI-Cache
X-Version
X-Edge
X-Country-Code
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Response
X-Middleton-Response
X-NF-Request-ID
Access-Control-Request-Method
X-Goog-Hash
X-Ruxit-Js-Agent
AR-CACHE
AR-SID
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Kinsta-Cache
X-Upstream
X-Webkit-Csp
X-TTL
X-Correlation-Id
X-Edge-Location-Klb
SPRequestDuration
SPIisLatency
X-Ttl
X-RateLimit-Limit
X-Cached
X-LLID
X-NWS-LOG-UUID
X-Cache-Key
X-Powered-CMS
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
Nginx-Cache
X-Litespeed-Cache
Edge-Cache-Tag
TCN
SPRequestGuid
X-SharePointHealthScore
X-Forwarded-For
MRF-Tech
Mrf-Cache-Status
X-MSEdge-Ref
MS-Author-Via
Content-MD5
X-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-T
X-Daa-Tunnel
X-B3-TraceId-Primal
X-Recruiting
X-DataDome
S
X-Mg-S
X-Content-Digest
X-Ua-Device
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Protected-By
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Frontend
X-Ab
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
X-Content
X-Ua-Browser
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
Server-Node
X-Yandex-Sdch-Disable
X-HS-Combine-CSS
X-Request-Received
Front-End-Https
X-Accel-Expires
X-Request-Processing-Time
X-Grace
Filters
X-Server-ID
X-ORACLE-DMS-ECID
X-Mid
X-ORACLE-DMS-RID
Fastcgi-Cache
X-PressLabs-Stats
X-ECACHE
X-Hits
X-Geo-Country
X-Origin-Server
TP-L2-Cache
X-Distributor
TP-Cache
X-Debug-Info
X-DynaTrace
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Amzn-Trace-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
Charset
Cleartype
Host
X-Page-Id
X-F-Cache
X-B3-Sampled
X-Git-Hash
X-DIS-Request-ID
X-Ratelimit-Reset
Cross-Origin-Opener-Policy
X-Www-Served-By
X-Forwarded-Proto
X-LB-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Cache-Age
Cache-Tags
ServerID
Access-Control-Allow-Method
X-Seen-By
X-Aspnetmvc-Version
X-Activity-Id
X-Cluster-Name
X-AppVersion
X-Az
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Varnish-Age
X-Language
Cache-Status
Accept-Charset
Server-Name
Realpath
Filterid
X-Type
X-Rid
X-Content-Options
X-App-Environment
X-VCache
X-Mobile-URL
X-WebKit-CSP-Report-Only
X-Oracle-Dms-Ecid
X-Nginx-Upstream-Cache-Status
Node
X-Origin-Cache
Country
X-Oracle-Dms-Rid
Viewport
X-Fastly-Request-ID
X-Varnish-Grace
X-Upgrade-Enabled
X-Tb
X-FB-Debug
X-User-Agent
X-Wix-Request-Id
X-MCACHE
X-Aspnet-Duration-Ms
DC
X-B-Cache
X-Signature
X-Whom
X-Flags
X-Route-Name
X-Request-Guid
X-Is-Crawler
X-Providence-Cookie
X-Drupal-Cache-Tags
Paypal-Debug-Id
X-NWS-UUID-VERIFY
X-Via-JSL
Protected
X-TT
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
Retry-After
X-Varnish-Backend
Fastcgi-Useragent
X-XRDS-LOCATION
X-Cache-NGX
X-B
X-Amz-Replication-Status
Payment
X-Fastcgi-Cache
X-Contextid
X-Debug
X-Webkit-CSP
X-Logged-In
X-N
WPO-Cache-Status
X-Template
X-Load-Cache
WPO-Cache-Message
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-FW-Type
X-FW-Server
X-FW-Static
X-Fastly-Request-Id
X-Mcache
Amp-Access-Control-Allow-Source-Origin
Surrogate-Key
X-Cache-Control
X-Node-Name
X-Hostname
Count-Hit
X-XRDS-Location
X-Browser-Type
X-Amz-Meta-S3cmd-Attrs
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
SD-X-WS
Akamai-GRN
X-Original-Request-Id
X-Response-Served-From
Healthy
X-Proxy
Refresh
X-Jobs
X-Cache-TTL-Remaining
X-Real-IP
X-Revision
X-Zen-Fury
X-Akamai-Request-ID2
X-UUID
X-G
X-Rendered-As
X-Is-Bot
VIX-Pulpo-Node
Uber-Trace-Id
Content-Disposition
X-Cache-Time
VIX-Pulpo-Upstream-Status
X-Framework
X-Http-Reason
X-Parallel-Accel
X-Mobile
X-Page-View
X-Cacheable-TTL
X-Drupal-Cache-Contexts
X-Adobe-Loc
X-Instance
X-Adobe-Content
NGB
X-Debug-IsPreview
X-Proxy-Cache-Status
X-Device-Type
X-Debug-IsConnected
X-Yottaa-Metrics
X-Yottaa-Optimizations
Alternate-Protocol
X-Trace-Id
Access-Control-Request-Headers
X-IPLB-Instance
Url
From-Origin
X-Servername
X-Cache-Rule
Permissions-Policy
X-Source
X-ECache
X-B3-Traceid
X-Vgn-Hpd-Reason
Version
X-Cache-Grace
X-Varnish-Server
X-Cache-Expired-At
X-Oneagent-Js-Injection
Accept-Language
X-Cache-Hit
X-Environment-Context
X-Mg-Request-UUID
X-L-Path
Referer-Policy
X-EdgeConnect-Cache-Status
X-Restarts
Countrycode
X-NGENIX-Cache
Ms-Operation-Id
MS-CV
X-RTag
X-App-Server
X-FW-Version
Cross-Origin-Window-Policy
X-Cache-Action
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-IPS-LoggedIn
X-COUNTRY
Liferay-Portal
Backend
X-NYM-Debug-Backend
X-HTML-Minification-Powered-By
Frame-Options
X-RemovedCookies
X-ProcessESI
X-Nginx-Cache
Content-Secure-Policy
CF-IPCountry
WP-Super-Cache
X-Hyper-Cache
Section-Io-Cache
Meta-Geo
X-UPSTREAM-Address
X-Section
X-OCL
X-RN-RSRV
X-Cache-Server
X-Redis-Cache
X-PCL
X-Format
Upgrade-Insecure-Requests
X-Access
TWC-GeoIP-LatLong
X-Cache-Enabled
X-Origin-Hint
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Connection-Speed
X-Cluster-Node
Mn-Server-Ip
X-Detected-As
Property-Id
X-Generation-Time
TWC-Device-Class
Cache-Tv-Group
X-No-Session
X-PERF
X-Ratelimit-Remaining
X-ApacheServer
Webcakes-Region
X-FB-TRIP-ID
X-Content-Age
Ec-Rule-Version
Webcakes-App-Name
Webcakes-App-Version
X-Region
Apigw-Requestid
TWC-Privacy
X-Ua
Azure-SlotName
Azure-InstanceId
Azure-SiteName
Azure-RegionName
Azure-Version
Fastly-SSL
X-Say-Cacheable
X-AOL-HN
X-Say-TTL
X-SayCDN-TTL
X-Server-W
X-Request-Time
X-Be
X-Hosted-By
X-Generated-By
X-Human
X-Origin-Date
X-PHP-Backend
X-Site-Version
X-Sql-Count
X-Via-Fastly
X-Web-Node
X-Varnish-Cache-Hits
X-Uri
X-UA-Device-Type
X-Storage
X-Status
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Sql-Duration-Ms
X-Xfnlog-Site
S-Rt
X-Akamai-Edgescape
X-Mode
X-Rule
CDN-RequestId
CDN-Uid
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-CachedAt
X-Forwarded-Host
CDN-PullZone
Eomportal-Instance
X-Cache-Host
X-BYPASS-REASON
Webserver
X-Unique-Id
X-Cache-Tags
CDN-Cache
X-Cache-Type
X-Content-Powered-By
X-Debug-Cache
X-Platform-Server
X-ProxyCache-Key
X-Nginx-Cache-Key
X-ProxyCache-Status
X-Shopify-Stage
X-Hl-Ver
X-Sorting-Hat-PodId
X-Varnishpool
X-Backend-Name
X-Adobe-Source
X-Alternate-Cache-Key
X-Zipkin-Id
X-ShopId
X-Routing-Service
X-ServerID
X-SaId
X-Sorting-Hat-ShopId
X-Extlb
X-ShardId
X-JoinUs
X-Tid
X-Proxied
X-Handled-By
X-Proxy-Build
X-TT-LOGID
Selected-Fe
ServedBy
X-Timing-Wait
X-Cache-Operation
X-GG-Cache-Date
X-PHP-Host
X-Labrador-Cache-Channel
X-APP-VERSION
X-Locale
X-Accel-Buffering
X-Cache-Remote
X-Dc
X-LJ-Flow-ID
Xserver
X-AWS-Id
X-VWS-Id
X-App-Version
X-Rewrite-Enabled
X-LSADC-Cache
X-VC-Cache
X-NewRelic-App-Data
SID
X-Soup
X-CDN-Forward
X-Cached-By
X-Pubstack
SRV
X-Proto
Web-Mar-Node
X-Buckets
X-Edge-Location
Fastly-Drupal-Html
LB
X-Datadome
X-Storefront-Renderer-Rendered
X-TA-CDN-Provider
X-GEO
Country-Code
X-Reqid
X-Cms-Context
Decoy-Debug-TTL
Onion-Location
X-Request-Host
Mime-Version
Decoy-Debug-Status
Decoy-Debug-Key
X-Microcachable
X-Ratelimit-Limit
X-Varnish-Hostname
X-Midtier
X-Origin-CC
Server-Info
X-Origin-TTL
Cache-Hits
X-GeoCode
X-GeoCountry
Load-Balancing
X-Ms-Request-Id
X-Ms-Version
X-Cluster
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-NCache
Xet-Cookie
X-CSRF-Token
X-B3-SpanId
X-Varnish-Hits
X-RCS-CacheZone
DynaTrace
X-Bc-Bl
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Envoy-Decorator-Operation
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
Cache-Name
X-R9-Blue-Green-Version
X-Origin-Response-Time
X-Magnolia-Registration
X-Varnish-Beresp-Grace
X-Tx-Id
X-Endurance-Cache-Level
Expiry
Lang
Meta-Geo-Continent
Fastcgi-X-Cache-Version
Rendered-Blocks
Sslversion
Surrogated-Key
T-Server
X-Processor
Pramga
NM-Fastcgi-Cache
Odigeo-Trace-Id
Mobile-Detection-Method
Cdncip
A
Apple-News-Services-Handled
Apple-News-Services-Host
X-S
X-S-Cookie
X-Session-Fingerprint
X-SD-PageType
X-ScT
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cmstype
DB-Nickname
DCR-Decision-By
Cmsid
Cdnsip
BehaviorPad-Version
X-Rojux
Wxu-Next-Commit
DCR-Processing-Time-Ms
X-A
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Esi-Check
X-External-Request-Id
X-Ec-Fail
X-Developers
X-Connection-Hash
X-D
X-Destination
X-Developer
X-NodeID
X-Forwarded-Path
X-Hash
X-HS-Content-Campaign-Id
X-Ig-Push-State
X-LAGOON
X-Gzip
X-Geo-Header
X-NAPM-TraceId
X-From
X-Ftr-Request-Id
X-Conf
X-CF-Lambda-Version
X-A-Dgt
X-A-Wwc
X-Aed
X-AK-Request-ID
X-A-Dcw
X-A-Dam
Wxu-Next-Region
X-Shop-Environment
X-A-Ccd
X-PBS-Appsvrname
X-Application
X-Cache-Id
X-Cache-NE
X-Cdn-Srv
X-CF-Lambda-Fn
X-Orig-Expires
X-Cache-Bucket
X-ARC
X-PAYTM-SRV-ID
X-B-Cookie
Wxu-Next-Hostname
Host-ID
X-Time
X-Azure-Ref
X-TrackingId
X-Vdms-Version
X-Vdms-Path
X-Webstats-RespID
X-VG-WebCache
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-User
X-TIM-N
X-Tenant
X-SRCache-Key
X-SRV
Xc-Version
X-Via-NSCOPI
X-Planisys-CDN-Cache
X-Viewer-Country
Server-Host
X-Pod-Name
X-Request-URI
Producers
Platform
X-Origin-Time
X-Amzn-Remapped-Content-Length
X-V-Cache
X-Varnish-CookieHashed-On
X-Variation
State
Web-Mar-Region
X-Origin-Expires
We-Hiring
Vix-Hermes-Req-Id
X-Sigma
X-Varnish-Remaining-TTL
X-Planisys-CDN-Rules
X-VG-TLSProxy
Svr
X-Varnish-CookieINHashed-On
X-Planisys-CDN-TTL
User-Cache-Control
X-Cache-Info
X-Gen-Mode
X-GeoIP
X-Has-Esi
X-Gdpr
X-Fmm-Version
X-Fetched-On
X-Node-Id
X-Hnp-Log
X-Irp-Debug
X-Loop
X-Location
X-Men
X-Mvc-Supplant-Cachable
X-Is-Gdpr
X-JWT-State
X-Fastly-Cache
X-Nyt-Route
X-WADP-Cache
X-Core-Mission
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Cache-Backend
X-Origin
X-Core-Value
X-DefElseHash
X-Ec-Custom-Error
X-Worker
X-DPWN-IS-SECURE
X-Device-Os
X-DefHash
X-Wix-Viewer-Type
X-Block-Status
V-Age
Fastly-GeoIP-CountryCode
X-TNCMS
Environment
Is-Eu
X-SB
Machine
Locid
X-Rocket-Build-Number
X-SVT-ORM-VERSION
Adler-Geo
Source
AKAMAI
X-SVT-ORM-RULES
X-Sigma-Backend
X-Scheme
Mail-Subject
X-Slack-Backend
Memcached
X-Server-IP
X-ZONE
CloudFront-Viewer-Country
Cluster
X-Rocket-Nginx-Serving-Static
HostName
X-Generated-On
X-Cdn-Origin
X-CGP
X-Cache-Date
Origin-EX
X-GeoIP-City
Ha-Gx-Prefs
X-Policy
X-BBC-Edge-Cache-Status
L
Cache
MD5-Digest
X-Branch-Name
Arc-Country
X-Proxy-Cache-Info
N-Cache
X-Csrf-Jwt
X-RateLimit-Remaining-Second
X-Eu-Site
X-RateLimit-Limit-Second
X-HN
X-Old-Content-Length
X-Gamma-Serve
X-Datadog-Trace-Id
X-Skip-Cache
X-Thinkindot-L3
X-Xrds-Location
CDCHOST
Origin
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Origin-CC
X-Auto-Login
Traceparent
X-VarnishDD-TTL
Req-Svc-Chain
Kp-EeAlive
X-Minions-Version
X-Rebelmouse-Surrogate-Control
Gh-Request-Id
PFcat
Thinkindot-Control
Thinkindot-CacheControl-Type
Ssr
X-Qloud-Router
X-Pool
X-Served-From
X-Rebelmouse-Cache-Control
Thinkindot-CacheControl
TDXMobile
X-Platform
X-Forwarded-Site
X-Sn-Servicetimems
X-Srv
X-Proxy-Upstream
X-Loc
X-Response-By
X-Aicache-OS
L5d-Success-Class
X-VServer
HA-Ipaddr
X-Httpd
Redirect-Candidate
X-Level-Front-Cache
X-Region-Sid
Fastly-SWR
Fastly-SIE
Release
Fastcgi-Cache-TTL
CDN
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-CS
X-Parent-Response-Time
X-RSL
X-Dispatcher-Number
X-DW
X-Optimistic-Header
NGX
DSUID
X-DB
X-CacheTTL
X-DSS
X-RPM
X-DI
X-RPS
X-SIPLIST1
Pics-Label
X-Via-Ucdn
X-TraceId
X-Owner
Server-Ext
X-VC
X-Scale
IsBot
X-WP-CF-Super-Cache-Cache-Control
Server-Hostname
X-EC-Lua
X-WP-CF-Super-Cache
X-Date
X-Refresh
X-Accel-Expires-Debug
Sever-Int
X-Tb-Optimization-Total-Bytes-Saved
Time
X-Ah-Environment
X-Tt-Logid
X-GeoIP-Country-Code
Servername
Memory
X-GeoIP-Region-Code
X-NC
X-LB-NoCache
X-TIME
X-Udemy-Cache-App-Namespace
GEO-INFO
X-Akamai-Transformed
AMP-Access-Control-Allow-Source-Origin
Ms-Author-Via
X-Mvc-Supplant-OutputCached
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Cache-Debug
Env
X-Newrelic-Synthetics
X-RateLimit-Reset
Ohc-File-Size
X-Edge-Pop
X-IPLB-Request-ID
X-Amz-Meta-Cb-Modifiedtime
X-Varnish-Ttl
Geo-Info
X-API-Version
Datacenter
X-Ad-Defer-Variation
Cache-Key
Candidate-Md5Url
X-BCube-Filmed-By
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Deployment-Id
CacheControlHeader
CPC-Cache
VNS-Age
X-Servedbyhost
X-Contensis-Viewer-Groups
XM
X-SplitTest
VNS-Cache
X-Cache-ASPX
X-Via-Popn
CPC-Age
X-Generated-In
X-Via-Poph
X-Via-Popv
X-HA-Backend
X-S-Maxage
X-TH-Server
X-WA-Info
Fastly-Backend-Name
X-Action
ITXSESSIONID
X-Varnish-Authentication
True-Client-Country-4JS
GeoIp-Country-Code
X-Backend-TTL
X-Cache-Status-Check
X-Micro-Cache
Path
Client
X-VCL-Version
X-Vc
Server-ID
FSS-Cache
Geoip-Latitude
X-CACHE-KEY
X-AIR-PT
X-Varnish-Beresp-TTL
X-VHOST
X-DC
Edge-Cache
Cache-Host
X-Req
X-Trace-ID
X-Provided-By
X-Cs
X-Presslabs-Stats
Lb
X-Correlation-ID
My-App
Hostname
Ngx.Var.Host
Ohc-Cache-HIT
X-Zone
True-Client-IP
X-Fpc
X-Origin-Upstream-Status
X-Dynatrace
X-Api-Version
NtCoent-Length
X-FireWall-Port
X-Proxy-CacheRZ
X-Clientip
X-Webkit-Csp-Report-Only
XkeyRZ
X-Pass-Why
X-Up
X-TX-ID
X-Webkit-CSP-Report-Only
X-PX
X-Traceid
Powered-By
DataCenter
X-LB-ID
X-FPC
X-Varnish-Beresp-Ttl
X-B3-Spanid
Test
X-NGINX-Cache
Cf-Int-Pingora-Origin-Digest
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Cdn-Request-ID
X-CSRF-TOKEN
OT-Force-Account-Verify
X-Beluga-Response-Time
X-Beluga-Record
WZWS-RAY
X-Beluga-Status
X-Beluga-Trace
X-UnsetCookies
X-ND-Cache
X-Dmc
X-Beluga-Node
X-MSEdge-Features
X-MSEdge-Flight
X-Vcl-Version
User-Agent
X-Beluga-Cache-Status
Proxy-Connection
X-CUA
Server-Id
X-INCAP-ABP
X-Time-Microsecs
X-Render-Time
X-TRACE-ID
X-CLOUD-TRACE-CONTEXT
C-Via
X-URL
X-Platform-Processor
GeoIP-Latitude
X-B3-Traceid-Primal
X-Via-PopV
X-HS-Status
X-Platform-Cluster
X-Via-PopN
GeoIP-Country-Code
X-Platform-Router
Tracecode
MIME-Version
X-Via-PopH
X-Ha-Backend
X-Fragments
X-RAMCache
Rip
Srvid
Cf-Device-Type
Target-Params
X-Geo
X-Azure-Ref-OriginShield
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
X-Fastly-Backend
Tube-Return
Tube-Got-Eval
X-Gateway-Cache-Key
Uri
X-Sucuri-Cache
Resin-Trace
X-FC-Vary-Parameters
Tube-Got-Results
Lfy
X-Var-Ttl
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
Click-Count-Error
X-Gateway-Request-Id
Tube-Get-Contents
X-ATG-Version
X-ServedByHost
X-Service
Click-Count-Action-Start
X-Sucuri-ID
Sid
X-Proxy-Cache-Hk
Epwk-X-Cache
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Fetch-By
HIT
Esi-Enabled
ENV
X-Qnm-Cache
X-LI-Proto
X-M-Reqid
X-M-Log
X-Alfa-Service
X-CCDN-Origin-Time
Fastly-Drupal-HTML
Cdn
X-Backend-Host
On-Server
Section-Origin-Responded
X-Li-Proto
X-Varnish-Beresp-Status
X-DynaTrace-JS-Agent
Section-Io-Origin-Status
Section-Io-Id
Magicmarker
X-NU-AKA-ACS-Version
X-Fastly-Backend-Reqs
Section-Io-Origin-Time-Seconds
Srv
X-Esi
X-LiteSpeed-Cache-Control
X-Cache-Expires
XServer
X-Edge-POP
X-App
X-Backend-State
X-Cdn-Forward
X-MG-S
X-Srcache-Store-Status
X-Srcache-Fetch-Status
ServerName
X-Nc
X-Cache-CFC
PICS-Label
CF-Cached-On
X-Yottaa-OS
Tcn
Inserted-Into-Cache-At
X-APP
X-Lb-Nocache
X-Request-Start
X-ElasticPress-Query
Server-Ttl
X-Newrelic-App-Data
D-Url-Rewrites
Cf-Ipcountry
X-Acquia-Site
X-Acquia-Purge-Tags
X-Iplb-Request-Id
X-Iplb-Instance
X-Thanos
X-BBC-Origin-Response-Status
X-Acquia-Application-UUID
X-Bip
Wpo-Cache-Message
X-Acquia-Application-Trace
Wpo-Cache-Status
X-Serial
Warning
X-HostName
Servedby
Fastcgi-Cache-Ttl
X-Vercel-Cache
X-Vercel-Id
True-Client-Ip
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
X-Akamai-Request-ID
X-Th-Server
Cneonction
X-Litespeed-Cache-Control
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Ngx
X-Snapshot-Date
X-Request-Url
X-Dist-Code
X-Release
X-B3-Parentspanid
CountryCode
X-Back
X-LiteSpeed-Tag
X-Storefront-Renderer-Verified
X-CF-Powered-By
Content-Style-Type
Content-Script-Type
X-Swift-Error
X-Shopify-Generated-Cart-Token
X-Dw-Trace-Id
X-Request-URL