Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Accept-Ranges
CF-Cache-Status
Link
ETag
CF-RAY
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Report-To
NEL
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
CF-Ray
X-Cache-Status
X-Generator
X-Cacheable
X-Check
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
Feature-Policy
X-Iinfo
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
P3p
Status
X-CONTENT-TYPE-OPTIONS
X-CDN
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Upgrade
X-Via
X-XSS-PROTECTION
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
X-Cache-Group
X-Turbo-Charged-By
X-Backend
EagleId
Keep-Alive
Request-Context
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-UA-Device
X-Proxy-Cache
Host-Header
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Dns-Prefetch-Control
Grace
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Vhost
X-Ua-Compatible
CONTENT-SECURITY-POLICY
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Dispatcher
EagleEye-TraceId
X-Nginx-Cache-Status
X-Akamai-Path-Stats
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Cache-Spec
Cf-Railgun
X-Device
X-Page-Speed
Allow
X-Host
X-Node
X-Pingback
X-Aws-Lambda-Call-Status
X-CST
Surrogate-Control
X-Backend-Server
Accept-CH
Request-Id
X-Server-Id
X-Akam-SW-Version
X-Readtime
X-HW
X-Cache-Lookup
X-Response-Time
X-Application-Context
Xkey
Content-Location
X-ASPNET-VERSION
Accept-CH-Lifetime
Rating
X-Cloud-Trace-Context
X-Trace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Cf-Edge-Cache
X-Url
X-Country
Fastly-Restarts
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-PC
X-TtlSet
X-Vname
X-MS-InvokeApp
X-Rack-Cache
X-Server-Name
X-Clacks-Overhead
Edge-Control
RTSS
X-Content-Type
X-Varnish-TTL
X-ESI
X-B3-TraceId
X-VARITI-CCR
Cache-Tag
X-Vcap-Request-Id
X-Px
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-Kinja-Revision
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Amz-Rid
X-Ac
Public-Key-Pins
X-Cnection
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-RateLimit-Remaining
Accept-Ch
X-Amz-Server-Side-Encryption
Verso
X-D2id
X-Abt-Application-Version
X-Navigation-Version
X-Client-IP
X-Powered-By-Plesk
X-Cache-TTL
Service-Worker-Allowed
X-Ser
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Country-Code
X-GitHub-Request-Id
X-Version
Arr-Disable-Session-Affinity
X-Edge
X-FastCGI-Cache
Response
Access-Control-Request-Method
X-Middleton-Response
X-NF-Request-ID
X-Goog-Hash
X-Ruxit-Js-Agent
X-Correlation-Id
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Upstream
X-Kinsta-Cache
X-Webkit-Csp
X-TTL
X-Edge-Location-Klb
X-Ttl
SPIisLatency
SPRequestDuration
X-Cached
X-RateLimit-Limit
X-LLID
X-NWS-LOG-UUID
X-Cache-Key
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Litespeed-Cache
Nginx-Cache
X-Powered-CMS
Edge-Cache-Tag
MS-Author-Via
TCN
SPRequestGuid
X-Forwarded-For
MRF-Tech
X-SharePointHealthScore
Mrf-Cache-Status
X-MSEdge-Ref
Content-MD5
X-Id
X-Shield-Request-Id
X-B3-TraceId-Primal
X-T
X-Content-Security-Policy-Report-Only
X-Server-ID
X-Daa-Tunnel
X-Recruiting
X-Mg-S
S
X-Ua-Device
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Content-Digest
X-Protected-By
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-SRCache-Fetch-Status
X-DataDome
X-SRCache-Store-Status
X-Frontend
X-Ezoic-Cdn
Server-Node
X-Yandex-Sdch-Disable
X-Ab
X-Content
X-Ua-Browser
X-HS-Hub-Id
Front-End-Https
X-HS-Cache-Config
X-HS-Content-Id
X-Request-Processing-Time
X-Request-Received
MicrosoftSharePointTeamServices
X-Grace
X-HS-Combine-CSS
X-Accel-Expires
X-ECACHE
Filters
X-Mid
Fastcgi-Cache
X-Geo-Country
X-ORACLE-DMS-ECID
X-Hits
X-ORACLE-DMS-RID
X-Origin-Server
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Distributor
X-Debug-Info
TP-L2-Cache
TP-Cache
X-Tt-Trace-Host
X-Tt-Trace-Tag
Charset
X-PressLabs-Stats
Cleartype
X-Amzn-Trace-Id
X-Ratelimit-Reset
Host
X-Page-Id
X-F-Cache
X-Git-Hash
X-DIS-Request-ID
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Www-Served-By
X-DynaTrace
X-LB-Cache
X-Forwarded-Proto
X-Cache-Age
Cache-Tags
Access-Control-Allow-Method
X-Seen-By
ServerID
X-Request-Handler-Origin-Region
X-Oracle-Dms-Ecid
X-Aspnetmvc-Version
X-Kong-Proxy-Latency
X-Language
X-Kong-Upstream-Latency
X-Microsite
X-Cluster-Name
Server-Name
X-Oracle-Dms-Rid
X-Varnish-Age
Accept-Charset
Realpath
X-Az
X-AppVersion
X-Activity-Id
Filterid
X-Rid
Cache-Status
X-Type
X-Mobile-URL
X-App-Environment
X-Content-Options
X-Fastcgi-Cache
X-WebKit-CSP-Report-Only
X-Origin-Cache
X-Via-JSL
X-Upgrade-Enabled
X-Varnish-Grace
X-Fastly-Request-ID
Viewport
X-FB-Debug
Node
X-User-Agent
X-MCACHE
X-Tb
Country
X-Wix-Request-Id
X-Providence-Cookie
X-Is-Crawler
X-Request-Guid
X-Aspnet-Duration-Ms
X-Whom
Protected
X-Flags
X-Drupal-Cache-Tags
X-B-Cache
X-Signature
X-Route-Name
X-TT
DC
Paypal-Debug-Id
X-NWS-UUID-VERIFY
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Generation
X-VCache
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Nginx-Upstream-Cache-Status
Fastcgi-Useragent
Retry-After
X-Varnish-Backend
X-XRDS-LOCATION
X-Cache-NGX
X-B
Payment
X-Contextid
X-Amz-Replication-Status
X-Debug
X-XRDS-Location
X-N
X-Template
X-Logged-In
WPO-Cache-Message
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
WPO-Cache-Status
X-FW-Server
Amp-Access-Control-Allow-Source-Origin
X-Load-Cache
X-Fastly-Request-Id
Surrogate-Key
X-Hostname
X-Parallel-Accel
X-Node-Name
X-Cache-Control
X-Mcache
X-Browser-Type
Count-Hit
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Original-Request-Id
SD-X-WS
X-Response-Served-From
Healthy
Refresh
Uber-Trace-Id
VIX-Pulpo-Node
X-Revision
X-Is-Bot
X-Jobs
X-Proxy
X-Real-IP
VIX-Pulpo-Upstream-Status
X-G
X-Cache-Time
X-Zen-Fury
X-Rendered-As
X-Akamai-Request-ID2
X-Mobile
X-UUID
X-Page-View
X-Http-Reason
X-Framework
X-Cacheable-TTL
X-Cache-TTL-Remaining
Akamai-GRN
X-Yottaa-Metrics
NGB
X-Yottaa-Optimizations
X-Amz-Meta-S3cmd-Attrs
X-Debug-IsConnected
X-Debug-IsPreview
X-Instance
X-Proxy-Cache-Status
Alternate-Protocol
X-Drupal-Cache-Contexts
X-Device-Type
X-Adobe-Loc
Content-Disposition
X-Cache-Rule
Access-Control-Request-Headers
X-Adobe-Content
From-Origin
X-Vgn-Hpd-Reason
X-IPLB-Instance
X-Trace-Id
Url
X-Source
X-Servername
X-B3-Traceid
Version
X-Cache-Grace
X-Cache-Expired-At
X-Oneagent-Js-Injection
X-Cache-Hit
Permissions-Policy
Accept-Language
X-Varnish-Server
X-L-Path
X-Environment-Context
Referer-Policy
X-Mg-Request-UUID
Countrycode
X-FW-Version
X-EdgeConnect-Cache-Status
X-Restarts
X-App-Server
Cross-Origin-Window-Policy
X-Cache-Action
X-NGENIX-Cache
X-ECache
Ms-Operation-Id
X-IPS-LoggedIn
MS-CV
X-RTag
X-Tumblr-Pixel-0
Backend
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-COUNTRY
Liferay-Portal
X-RemovedCookies
X-ProcessESI
CF-IPCountry
X-Hyper-Cache
X-Nginx-Cache
X-NYM-Debug-Backend
X-HTML-Minification-Powered-By
Frame-Options
Content-Secure-Policy
X-Redis-Cache
X-RN-RSRV
Meta-Geo
Ec-Rule-Version
X-UPSTREAM-Address
X-Ratelimit-Remaining
X-Rule
WP-Super-Cache
Upgrade-Insecure-Requests
X-PCL
Apigw-Requestid
X-OCL
X-Cache-Enabled
X-Cluster-Node
X-FB-TRIP-ID
X-Detected-As
X-Content-Age
X-No-Session
Section-Io-Cache
X-Cache-Server
X-Server-W
X-Site-Version
Locale
X-Say-TTL
X-Say-Cacheable
X-Sql-Count
X-Sql-Duration-Ms
X-Urbn-Context-Path
X-Urbn-Site-Id
X-UA-Device-Type
X-Mode
X-Storage
X-Request-Time
X-PHP-Backend
Azure-Version
Azure-SlotName
Cache-Tv-Group
X-AOL-HN
X-Akamai-Edgescape
Azure-SiteName
Azure-RegionName
X-Human
X-Origin-Date
X-Hosted-By
X-Generated-By
Azure-InstanceId
X-Uri
X-SayCDN-TTL
Webcakes-App-Version
X-Varnish-Cache-Hits
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Access
X-ApacheServer
X-Unique-Id
X-Section
X-Region
X-PERF
X-Format
X-Origin-Hint
TWC-GeoIP-Country
X-TT-LOGID
Property-Id
Mn-Server-Ip
X-Web-Node
X-Via-Fastly
TWC-Device-Class
TWC-Connection-Speed
X-Content-Powered-By
X-Cache-Type
X-Debug-Cache
CDN-EdgeStorageId
X-Forwarded-Host
X-Xfnlog-Site
Webserver
X-Cache-Tags
X-BYPASS-REASON
X-Be
Fastly-SSL
X-Webkit-CSP
CDN-PullZone
CDN-RequestCountryCode
X-Platform-Server
X-ProxyCache-Key
X-ProxyCache-Status
CDN-CachedAt
CDN-RequestId
X-Status
CDN-Uid
X-Cache-Host
CDN-Cache
X-Nginx-Cache-Key
S-Rt
X-Backend-Name
X-Alternate-Cache-Key
X-JoinUs
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Zipkin-Id
X-Tid
X-Varnishpool
X-Ua
X-Shopify-Stage
X-ShopId
X-Proxied
X-Generation-Time
X-Routing-Service
X-SaId
X-ShardId
X-ServerID
X-Extlb
X-Hl-Ver
Eomportal-Instance
X-Adobe-Source
X-Accel-Buffering
X-Cache-Operation
X-Timing-Wait
Selected-Fe
X-Proxy-Build
X-NewRelic-App-Data
ServedBy
X-Cache-Remote
X-Handled-By
X-PHP-Host
X-Datadome
X-Labrador-Cache-Channel
X-Locale
X-GG-Cache-Date
X-Rewrite-Enabled
X-APP-VERSION
Xserver
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
SID
X-LSADC-Cache
X-Soup
X-Pubstack
X-App-Version
X-VC-Cache
SRV
X-Cached-By
LB
X-Buckets
X-CDN-Forward
X-Dc
Fastly-Drupal-Html
Mime-Version
X-Edge-Location
Web-Mar-Node
Country-Code
Decoy-Debug-TTL
X-Reqid
X-Request-Host
Decoy-Debug-Status
Decoy-Debug-Key
X-Proto
X-GEO
X-Storefront-Renderer-Rendered
X-Microcachable
X-Ratelimit-Limit
X-Cms-Context
Server-Info
X-Origin-CC
X-Varnish-Hostname
X-Origin-TTL
X-TA-CDN-Provider
Onion-Location
X-Ms-Request-Id
X-Ms-Version
Cache-Hits
Xet-Cookie
X-NCache
X-B3-SpanId
X-GeoCountry
X-GeoCode
X-CSRF-Token
Load-Balancing
X-Cluster
X-Tumblr-Pixel-3
X-Bc-Bl
X-SRV
DynaTrace
X-Tumblr-Pixel-2
X-Varnish-Hits
X-MP-GENERATED-AT
X-Midtier
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-R9-Blue-Green-Version
Cache-Name
X-Varnish-Beresp-Grace
X-RCS-CacheZone
X-Tx-Id
X-Origin-Response-Time
X-Endurance-Cache-Level
X-Envoy-Decorator-Operation
Lang
X-Vtex-Processado-Em
X-VG-WebCache
Meta-Geo-Continent
Host-ID
X-Vtex-Remote-Cache
BehaviorPad-Version
Cdnsip
Cmsid
Cdncip
X-Vdms-Version
A
Cmstype
DB-Nickname
Expiry
X-Webstats-RespID
Xc-Version
DCR-Processing-Time-Ms
DCR-Decision-By
Fastcgi-X-Cache-Version
X-Processor
X-Epic-Correlation-Id
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Ec-Fail
X-Ec-GeoHdr
X-A
X-Esi-Check
X-From
X-Ftr-Request-Id
X-Forwarded-Path
T-Server
X-External-Request-Id
X-Developer
X-Destination
X-Cache-Id
X-Aed
X-AK-Request-ID
X-Application
X-ARC
X-Cache-Bucket
X-Cache-NE
X-CF-Lambda-Fn
X-Connection-Hash
X-D
X-A-Dgt
X-Conf
X-CF-Lambda-Version
Surrogated-Key
X-Gzip
X-SD-PageType
X-Session-Fingerprint
NM-Fastcgi-Cache
X-ScT
X-S-Cookie
Odigeo-Trace-Id
X-Shop-Environment
Mobile-Detection-Method
X-TrackingId
X-User
X-TIM-N
X-Tenant
X-SRCache-Key
X-S
Pramga
X-NAPM-TraceId
X-NodeID
X-Men
X-LAGOON
X-Hash
X-Ig-Push-State
X-Orig-Expires
X-PAYTM-SRV-ID
X-B-Cookie
X-Rojux
Rendered-Blocks
Sslversion
X-PBS-Appsvrname
X-Vdms-Path
X-A-Wwc
X-Magnolia-Registration
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Via-NSCOPI
X-Azure-Ref
X-Varnish-Ttl
X-Fastly-Cache
X-HS-Content-Campaign-Id
X-Irp-Debug
X-DPWN-IS-SECURE
X-Loop
X-Device-Os
X-Fetched-On
X-Hnp-Log
X-Gdpr
X-Gen-Mode
X-DefHash
X-GeoIP
X-Fmm-Version
X-Geo-Header
X-Clara-WADP
V-Age
Vix-Hermes-Req-Id
We-Hiring
User-Cache-Control
Svr
Producers
State
Web-Mar-Region
X-Block-Status
X-Mvc-Supplant-Cachable
X-Core-Mission
X-Ckpd-Fst-Backend
X-Cdn-Srv
X-Cache-Backend
X-Cache-Info
X-DefElseHash
X-Nyt-Route
X-Varnish-Remaining-TTL
X-VG-TLSProxy
X-Viewer-Country
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-V-Cache
X-Variation
X-WADP-Cache
X-Wix-Viewer-Type
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
X-TNCMS
X-SVT-ORM-VERSION
X-Origin-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Origin-Expires
X-Origin
Platform
X-Old-Content-Length
X-Request-URI
X-Rocket-Build-Number
X-Sigma-Backend
X-Slack-Backend
X-SVT-ORM-RULES
X-Sigma
X-Server-IP
X-SB
X-Scheme
X-Node-Id
X-Planisys-CDN-TTL
Mail-Subject
Memcached
Is-Eu
Machine
Environment
Fastly-GeoIP-CountryCode
Adler-Geo
Source
X-Cache-Date
X-DW
X-Worker
X-DI
X-DSS
X-Time
X-VarnishDD-TTL
X-Branch-Name
HA-Ipaddr
HostName
X-Eu-Site
Ha-Gx-Prefs
Fastly-SIE
X-Core-Value
X-Csrf-Jwt
X-Pool
X-CGP
Gh-Request-Id
X-Platform
X-Datadog-Parent-Id
X-DB
Fastly-SWR
X-Datadog-Trace-Id
X-Forwarded-Site
X-Datadog-Sampling-Priority
X-Cdn-Origin
X-Policy
X-Loc
X-Location
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Rebelmouse-Surrogate-Control
Cluster
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Proxy-Cache-Info
X-Qloud-Router
CloudFront-Viewer-Country
X-Minions-Version
AKAMAI
X-Response-By
X-Has-Esi
X-RSL
X-Served-From
X-GeoIP-City
X-Sn-Servicetimems
X-Skip-Cache
X-HN
X-RPS
X-Is-Gdpr
X-JWT-State
X-Rocket-Nginx-Serving-Static
X-RPM
X-Httpd
X-Gamma-Serve
X-VServer
X-Ec-Custom-Error
Kp-EeAlive
Origin-CC
X-Developers
Origin
Redirect-Candidate
Origin-EX
X-Aicache-OS
L
Cache
Req-Svc-Chain
X-Pod-Name
PFcat
Release
X-Amzn-Remapped-Content-Length
CDCHOST
X-Auto-Login
L5d-Success-Class
N-Cache
Traceparent
Arc-Country
Server-Host
X-BBC-Edge-Cache-Status
Locid
CDN
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-CS
MD5-Digest
Ssr
X-Thinkindot-L3
Fastcgi-Cache-TTL
X-TIME
X-Accel-Expires-Debug
Thinkindot-Control
X-Generated-On
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
NGX
X-EC-Lua
TDXMobile
X-Level-Front-Cache
DSUID
X-Optimistic-Header
X-Date
X-Parent-Response-Time
X-TraceId
X-Dispatcher-Number
X-CacheTTL
X-Srv
X-ZONE
X-GeoIP-Country-Code
Pics-Label
X-NC
X-Owner
X-Akamai-Transformed
X-GeoIP-Region-Code
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Udemy-Cache-App-Namespace
GEO-INFO
X-VC
X-Ah-Environment
X-LB-NoCache
X-Via-Ucdn
X-SIPLIST1
Server-Hostname
Env
Server-Ext
IsBot
X-API-Version
Servername
X-Scale
Sever-Int
Ms-Author-Via
X-Tb-Optimization-Total-Bytes-Saved
X-RateLimit-Reset
X-Mvc-Supplant-OutputCached
X-Cache-Debug
X-Refresh
X-Generated-In
Memory
Time
AMP-Access-Control-Allow-Source-Origin
Fusion-Content-Source
X-Newrelic-Synthetics
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
X-Presslabs-Stats
Fusion-Template-Id
CacheControlHeader
X-Wikidot-Backend
X-Edge-Pop
Geo-Info
X-Wikidot-Static-Cache
X-Xrds-Location
X-Tt-Logid
X-Via-Popv
Candidate-Md5Url
X-Ad-Defer-Variation
X-BCube-Filmed-By
Cache-Key
X-Servedbyhost
X-TH-Server
X-Via-Poph
X-Via-Popn
Datacenter
Ohc-File-Size
X-Action
X-IPLB-Request-ID
True-Client-Country-4JS
GeoIp-Country-Code
VNS-Cache
X-HA-Backend
X-S-Maxage
VNS-Age
XM
CPC-Age
X-Cache-ASPX
X-Amz-Meta-Cb-Modifiedtime
X-Backend-TTL
X-Contensis-Viewer-Groups
X-Trace-ID
CPC-Cache
X-SplitTest
FSS-Cache
X-DC
Client
ITXSESSIONID
X-Varnish-Authentication
X-WA-Info
X-VCL-Version
Path
Geoip-Latitude
X-Vc
Edge-Cache
X-Varnish-Beresp-TTL
X-Req
X-Micro-Cache
X-Dynatrace
X-Provided-By
Server-ID
Fastly-Backend-Name
X-Cache-Status-Check
X-VHOST
My-App
X-CACHE-KEY
X-AIR-PT
X-Zone
Hostname
X-Cs
Cache-Host
X-Origin-Upstream-Status
Ohc-Cache-HIT
X-Pass-Why
X-Up
Ngx.Var.Host
X-Fpc
DataCenter
Lb
True-Client-IP
NtCoent-Length
X-Webkit-Csp-Report-Only
X-FireWall-Port
X-LB-ID
X-TX-ID
X-Clientip
X-Proxy-CacheRZ
X-Traceid
XkeyRZ
X-Webkit-CSP-Report-Only
Powered-By
X-LI-UUID
X-Li-Pop
Test
X-Varnish-Beresp-Ttl
X-FPC
OT-Force-Account-Verify
X-Li-Fabric
X-B3-Spanid
Cf-Int-Pingora-Origin-Digest
X-NGINX-Cache
X-Api-Version
X-ND-Cache
X-CSRF-TOKEN
X-UnsetCookies
X-Cdn-Request-ID
X-Correlation-ID
X-Beluga-Response-Time
User-Agent
X-Beluga-Trace
X-Beluga-Node
X-Beluga-Status
X-Beluga-Cache-Status
X-Beluga-Record
X-CUA
X-Time-Microsecs
Tracecode
WZWS-RAY
X-Dmc
X-Fragments
Resin-Trace
X-RAMCache
X-MSEdge-Features
Server-Id
Cf-Device-Type
Proxy-Connection
X-MSEdge-Flight
X-Vcl-Version
Target-Params
X-Azure-Ref-OriginShield
X-CLOUD-TRACE-CONTEXT
Uri
X-Platform-Processor
GeoIP-Country-Code
GeoIP-Latitude
X-B3-Traceid-Primal
X-Fastly-Backend
X-ATG-Version
X-Sucuri-Cache
X-Render-Time
X-Via-PopN
X-Var-Ttl
X-Sucuri-ID
X-HS-Status
X-Ha-Backend
X-URL
X-Via-PopV
X-Platform-Cluster
X-Platform-Router
X-Via-PopH
X-FC-Vary-Parameters
Lfy
X-Geo
X-ServedByHost
Rip
C-Via
X-INCAP-ABP
Sid
Srvid
MIME-Version
X-PX
X-M-Reqid
X-Hcs-Proxy-Type
X-Proxy-Cache-Hk
Epwk-X-Cache
X-LI-Proto
X-M-Log
X-Alfa-Service
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Qnm-Cache
Tube-Got-Results
X-Gateway-Cache-Status
X-Fetch-By
X-Gateway-Cache-Key
Tube-Return
Tube-Got-Eval
X-Gateway-Skip-Cache
X-DynaTrace-JS-Agent
X-NU-AKA-ACS-Version
X-Li-Proto
X-Varnish-Beresp-Status
X-Service
Tube-Get-Contents
X-Gateway-Request-Id
Click-Count-Error
Click-Count-Action-Start
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
Cdn
Fastly-Drupal-HTML
X-TRACE-ID
X-Fastly-Backend-Reqs
Esi-Enabled
ENV
X-Edge-POP
Magicmarker
X-Backend-State
X-Backend-Host
X-Cdn-Forward
X-Esi
X-Cache-Ttl
On-Server
HIT
X-Cache-Expires
XServer
X-Request-Start
X-App
X-Cache-CFC
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-MG-S
X-LiteSpeed-Cache-Control
Srv
Tcn
ServerName
Section-Io-Origin-Status
X-Newrelic-App-Data
Section-Io-Id
PICS-Label
X-Lb-Nocache
X-Thanos
X-ElasticPress-Query
X-Bip
CF-Cached-On
Server-Ttl
Section-Io-Origin-Time-Seconds
X-Yottaa-OS
Section-Origin-Responded
D-Url-Rewrites
X-APP
X-Acquia-Application-UUID
X-Iplb-Request-Id
X-BBC-Origin-Response-Status
X-Acquia-Purge-Tags
X-Acquia-Site
X-Vcache
X-Iplb-Instance
Cf-Ipcountry
Wpo-Cache-Status
Wpo-Cache-Message
Inserted-Into-Cache-At
X-Acquia-Application-Trace
X-Serial
X-Nc
Servedby
Warning
X-HostName
Content-Script-Type
X-Dist-Code
Content-Style-Type
X-Cache-Config
X-Akamai-Request-ID
X-UA
True-Client-Ip
X-Dw-Trace-Id
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache-Hits
X-Back
Fastcgi-Cache-Ttl
X-Release
Hit
X-Akamai-ERRuleID
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-B3-Parentspanid
X-Litespeed-Cache-Control
Cneonction
Ngx
X-Storefront-Renderer-Verified
X-CF-Powered-By
X-Th-Server
X-Request-URL
X-Shopify-Generated-Cart-Token
X-LiteSpeed-Tag
X-Akamai-ERPolicy
X-Swift-Error
M-TraceId
X-Request-Url
CountryCode
X-Snapshot-Date