Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Link
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Request-ID
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-UA-Device
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Dns-Prefetch-Control
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Pingback
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
NEL
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Accept-CH
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
Xkey
Accept-Ch-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Application-Context
Content-Location
Rating
X-Country
X-B3-TraceId
X-Cache-Lookup
X-Cloud-Trace-Context
X-Url
X-Trace
X-Ac
X-Content-Type
Accept-CH-Lifetime
X-TtlSet
X-PC
X-Vname
X-Varnish-TTL
Allow
X-Mod-Pagespeed
X-Clacks-Overhead
Edge-Control
X-Language
Cache-Tag
X-Server-Name
Fastly-Restarts
X-ESI
X-FastCGI-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Template
X-Upstream
X-MS-InvokeApp
X-GitHub-Request-Id
Accept-Ch
MS-Author-Via
X-Amz-Rid
X-Vcap-Request-Id
Public-Key-Pins
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Aws-Lambda-Call-Status
X-Cache-TTL
X-Origin-Cache
X-Cnection
X-Px
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Powered-By-Plesk
X-Goog-Hash
X-Navigation-Version
RTSS
X-NF-Request-ID
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Version
X-Powered-CMS
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
Display
Pagespeed
X-Middleton-Display
X-Sol
AR-CACHE
X-Amz-Server-Side-Encryption
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-SID
Response
X-Middleton-Response
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-MSEdge-Ref
X-Buckets
X-LLID
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
X-TTL
Nginx-Cache
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Shield-Request-Id
X-Protected-By
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-T
TCN
X-RateLimit-Remaining
S
X-Content-Security-Policy-Report-Only
Content-MD5
X-Aspnetmvc-Version
X-Mg-S
X-Id
X-Forwarded-For
Realpath
X-MCACHE
X-Mid
Fastcgi-Cache
Edge-Cache-Tag
SPIisLatency
SPRequestDuration
Front-End-Https
X-CST
X-Recruiting
X-Request-Processing-Time
X-Request-Received
X-Pinterest-Rid
Filters
Pinterest-Version
Pinterest-Generated-By
Server-Node
X-DynaTrace
X-Ab
X-Ua-Browser
X-Content
X-Correlation-Id
Server-Name
X-Parallel-Accel
X-Frontend
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
X-Ttl
Fusion-Template-Id
Fusion-Source
X-NWS-LOG-UUID
X-ECACHE
SPRequestGuid
X-SharePointHealthScore
X-Ezoic-Cdn
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Cache-Key
Alternate-Protocol
X-Hits
X-Ser
X-Content-Options
X-Tt-Trace-Host
X-Tt-Trace-Tag
Cache-Tags
MicrosoftSharePointTeamServices
X-Kong-Proxy-Latency
X-Page-Id
X-Ruxit-Js-Agent
Host
X-Kong-Upstream-Latency
X-B3-Sampled
X-Git-Hash
Charset
Cleartype
X-Www-Served-By
X-Accel-Expires
X-Daa-Tunnel
X-Content-Digest
X-Geo-Country
X-DIS-Request-ID
X-Amz-Replication-Status
X-Amzn-Trace-Id
Filterid
X-VCache
X-Varnish-Age
TP-L2-Cache
X-Debug-Info
X-Forwarded-Proto
TP-Cache
X-Hostname
X-AppVersion
X-Az
X-Fastly-Request-Id
X-Activity-Id
X-Upgrade-Enabled
X-FB-Debug
X-Rid
X-N
Access-Control-Allow-Method
X-Origin-Server
X-Nginx-Upstream-Cache-Status
X-Grace
Cross-Origin-Opener-Policy
X-LB-Cache
ServerID
X-F-Cache
X-Mobile-URL
X-XRDS-LOCATION
X-Providence-Cookie
X-Request-Guid
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Route-Name
X-Server-ID
X-Whom
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Ratelimit-Limit
X-Goog-Storage-Class
X-Goog-Metageneration
X-Origin-Upstream-Status
X-TT
X-Goog-Generation
X-App-Environment
X-Varnish-Grace
X-Tb
Viewport
X-App-Server
X-FW-Serve
X-FW-Server
X-WebKit-CSP-Report-Only
X-FW-Type
X-FW-Hash
X-FW-Dynamic
Payment
X-Distributor
Node
X-FW-Static
X-Seen-By
DC
X-Type
X-NGENIX-Cache
Paypal-Debug-Id
Fastcgi-Useragent
X-Cache-Control
X-User-Agent
X-Microsite
X-Request-Handler-Origin-Region
Accept-Charset
Country
X-Litespeed-Cache
X-Logged-In
X-Fastcgi-Cache
X-Cache-Rule
X-Wix-Request-Id
X-Webkit-CSP
X-Fastly-Request-ID
X-Cache-Age
Version
X-DataDome
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Referer-Policy
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Backend
X-Browser-Type
X-Drupal-Cache-Tags
X-Node-Name
X-Via-JSL
X-Load-Cache
Refresh
Cache-Status
X-Cluster-Name
X-Mobile
X-Signature
X-B-Cache
X-Original-Request-Id
X-Response-Served-From
X-Cache-Action
SD-X-WS
Access-Control-Request-Headers
X-Contextid
X-Cacheable-TTL
X-Real-IP
X-Rendered-As
X-IPLB-Instance
X-Vgn-Hpd-Reason
X-Proxy-Cache-Status
X-Page-View
X-Cache-Expired-At
X-Is-Bot
X-Jobs
X-PressLabs-Stats
VIX-Pulpo-Node
X-Revision
X-UUID
X-RemovedCookies
X-ProcessESI
X-B
X-Debug
VIX-Pulpo-Upstream-Status
NGB
X-Yottaa-Optimizations
Akamai-GRN
X-Instance
X-Device-Type
X-Yottaa-Metrics
X-Rule
X-Proxy
Surrogate-Key
X-Framework
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-G
X-Drupal-Cache-Contexts
X-Cache-Time
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Debug-IsPreview
X-Debug-IsConnected
X-TEC-API-ROOT
X-Air-Hostname
X-FW-Version
X-Air-Source
X-Air-Trace-Id
CF-IPCountry
DynaTrace
SID
X-XRDS-Location
Liferay-Portal
X-Azure-Ref
Healthy
X-Ratelimit-Reset
X-CDN-Forward
X-Oneagent-Js-Injection
X-Nginx-Cache
X-Ms-Request-Id
X-Ms-Version
X-Source
Frame-Options
X-RTag
MS-CV
Ms-Operation-Id
GEO-INFO
Count-Hit
X-Cache-Operation
Xserver
Uber-Trace-Id
X-Accel-Buffering
X-APP-VERSION
X-EdgeConnect-Cache-Status
X-Tumblr-User
X-Cache-Hit
X-Tumblr-Pixel
X-L-Path
X-Tumblr-Pixel-0
Countrycode
X-Tumblr-Pixel-1
X-Varnish-Server
X-Environment-Context
X-Presslabs-Stats
X-Region
X-Backend-Name
X-Zen-Fury
X-Mode
X-Forwarded-Host
X-Servername
Cross-Origin-Window-Policy
Ec-Rule-Version
X-IPS-LoggedIn
Backend
X-Content-Powered-By
X-Cache-NGX
Section-Io-Cache
X-JoinUs
X-UPSTREAM-Address
X-RN-RSRV
X-Cache-Type
X-Detected-As
X-SaId
Meta-Geo
Apigw-Requestid
Decoy-Debug-Key
X-Cache-TTL-Remaining
X-ApacheServer
X-Alternate-Cache-Key
DB-Nickname
X-Cache-Server
X-Extlb
Mn-Server-Ip
Decoy-Debug-TTL
Eomportal-Instance
X-Cache-Grace
X-Debug-Cache
Protected
Decoy-Debug-Status
X-Sorting-Hat-PodId
Country-Code
X-Rewrite-Enabled
X-Proxied
X-PERF
X-NCache
X-Sql-Count
X-Sql-Duration-Ms
X-Routing-Service
X-Uri
X-Redis-Cache
X-Status
X-Varnish-Beresp-Grace
X-Sorting-Hat-ShopId
X-Tid
X-ShopId
X-Hosted-By
X-Zipkin-Id
X-Generation-Time
X-Shopify-Stage
X-Human
X-ShardId
X-ProxyCache-Status
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
X-UA-Device-Type
X-ProxyCache-Key
TWC-Privacy
TWC-Device-Class
TWC-Connection-Speed
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-RateLimit-Limit
X-Format
TWC-Locale-Group
Url
X-Site-Version
X-Origin-Date
X-Origin-Hint
X-Via-Fastly
X-Storage
X-No-Session
X-Microcachable
Cache-Name
X-PHP-Backend
X-Soup
X-BYPASS-REASON
X-ServerID
X-FB-TRIP-ID
Fastly-SSL
Cache-Tv-Group
X-Web-Node
X-Access
X-Timing-Wait
X-NYM-Debug-Backend
X-OCL
X-PCL
X-Server-W
X-Say-TTL
X-SayCDN-TTL
X-Section
X-Cache-Host
Selected-Fe
X-Adobe-Content
X-Proxy-Build
X-Akamai-Edgescape
X-Say-Cacheable
X-Adobe-Loc
X-Cluster-Node
X-Content-Age
X-NewRelic-App-Data
X-R9-Blue-Green-Version
X-Hl-Ver
X-Pubstack
OT-Force-Account-Verify
X-Varnishpool
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-InstanceId
Content-Secure-Policy
SRV
X-Be
X-Ua
X-LSADC-Cache
X-Webkit-Csp
X-Azure-Ref-OriginShield
CDN-Uid
CDN-RequestId
X-Hyper-Cache
CDN-CachedAt
CDN-PullZone
CDN-RequestCountryCode
CDN-Cache
CDN-EdgeStorageId
Source
X-Cached-By
X-Generated-By
Content-Disposition
Cache
LB
X-Unique-Id
X-App-Version
X-Ratelimit-Remaining
X-SRV
X-Nginx-Cache-Key
WPO-Cache-Status
X-LAGOON
WPO-Cache-Message
X-Bc-Bl
X-HTML-Minification-Powered-By
X-TT-LOGID
Xet-Cookie
X-Varnish-Hits
X-Dc
Cache-Hits
X-Auto-Login
X-Origin-CC
X-Origin-TTL
X-Time
X-TNCMS
X-Loop
X-Varnish-Hostname
X-Amz-Meta-S3cmd-Attrs
X-Trace-Id
X-TIME
X-Akamai-Transformed
Onion-Location
Retry-After
X-S-Maxage
X-GEO
X-Cache-Var
Mime-Version
X-Cache-Var-Map
X-Cdn
X-Platform-Server
HostName
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Web-Mar-Node
X-Xfnlog-Site
X-CSRF-Token
X-Proto
X-Qnm-Cache
X-Edge-Location
X-Time-Microsecs
X-Cache-Remote
X-Tenant
Webserver
X-Endurance-Cache-Level
X-Cache-Tags
X-M-Reqid
X-M-Log
X-AWS-Id
X-LJ-Flow-ID
Upgrade-Insecure-Requests
X-VWS-Id
X-B3-SpanId
X-Varnish-Cache-Hits
ServedBy
N-Cache
X-ECache
X-GG-Cache-Date
X-Request-Time
CloudFront-Viewer-Country
X-AOL-HN
X-EC-Lua
X-Mg-Request-UUID
X-PHP-Host
X-Labrador-Cache-Channel
X-RCS-CacheZone
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Correlation-ID
X-Request-Host
Nel
X-Via-NSCOPI
X-FireWall-Port
X-V-Cache
X-TIM-N
X-Vdms-Path
X-A
X-Vdms-Version
Wxu-Next-Commit
X-SVT-ORM-VERSION
User-Cache-Control
Wxu-Next-Region
V-Age
X-VG-WebCache
Wxu-Next-Hostname
Rendered-Blocks
Expiry
Fastcgi-X-Cache-Version
L
Meta-Geo-Continent
A
DSUID
CDCHOST
BehaviorPad-Version
DCR-Processing-Time-Ms
Mobile-Detection-Method
WP-Super-Cache
Sslversion
Surrogated-Key
X-Vtex-Remote-Cache
DCR-Decision-By
Redirect-Candidate
Odigeo-Trace-Id
Xc-Version
Origin
X-Vtex-Processado-Em
X-Shop-Environment
X-SD-PageType
X-ScT
X-S-Cookie
X-S
X-Gen-Mode
X-Ftr-Request-Id
X-Destination
X-Developer
X-External-Request-Id
X-Forwarded-Path
X-Rojux
X-Processor
X-Origin-Response-Time
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Orig-Expires
X-ND-Cache
X-Hnp-Log
X-Ig-Push-State
X-Planisys-CDN-TTL
X-NAPM-TraceId
X-D
X-Connection-Hash
X-SRCache-Key
X-Application
X-ARC
X-Slack-Backend
X-Aed
X-A-Wwc
X-A-Dam
X-SVT-ORM-RULES
X-A-Dcw
X-A-Dgt
X-Planisys-CDN-Rules
X-Session-Fingerprint
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-Cluster
X-Conf
X-CF-Lambda-Fn
X-Cache-NE
X-B-Cookie
X-Block-Status
X-Cache-Date
X-A-Ccd
Pramga
From-Origin
X-Locale
X-Handled-By
X-MP-GENERATED-AT
X-Cdn-Srv
X-Cache-Debug
X-Varnish-Beresp-Status
X-Cache-Info
X-Date
X-Fastly-Cache
X-Fetched-On
X-Epic-Correlation-Id
X-Device-Os
X-Aicache-OS
X-Developers
X-Core-Mission
Vix-Hermes-Req-Id
Release
Ssr
PFcat
Origin-EX
Origin-CC
State
Svr
X-Forwarded-Site
X-VarnishDD-TTL
True-Client-Country-4JS
Traceparent
X-Accel-Expires-Debug
X-Geo-Header
X-Sucuri-Cache
X-Policy
X-Sucuri-ID
X-Owner
X-Origin-Time
X-Storefront-Renderer-Rendered
X-Proxy-Upstream
X-Server-IP
X-Skip-Cache
X-Served-From
X-Scheme
X-Rocket-Nginx-Serving-Static
X-Origin-Expires
X-Old-Content-Length
X-Li-Fabric
X-Li-Pop
X-HN
X-Hash
Locid
X-LI-UUID
X-Location
X-Nyt-Route
X-NodeID
X-Mvc-Supplant-Cachable
X-Men
X-Gdpr
X-Cache-Bucket
X-VServer
Apple-News-Services-Handled
AKAMAI
X-Webstats-RespID
Gh-Request-Id
Fastcgi-Cache-TTL
Host-ID
Apple-News-Services-Host
Arc-Country
CacheControlHeader
Cmsid
Cmstype
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Server-Info
X-Zone
X-VC-Cache
Environment
X-Sn-Servicetimems
X-Branch-Name
X-Req
X-Cache-Config
X-Node-Id
X-Cdn-Origin
X-Eu-Site
X-BBC-Edge-Cache-Status
X-Cache-Id
X-Envoy-Decorator-Operation
X-Thinkindot-L3
X-Adobe-Source
X-Request-Start
X-Sigma-Backend
Fastly-Drupal-Html
HA-Ipaddr
X-ATG-Version
X-UnsetCookies
X-Csrf-Jwt
X-Rocket-Build-Number
X-TrackingId
X-Generated-On
Mail-Subject
X-Gamma-Serve
X-GeoIP
X-GeoIP-City
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Gzip
Ha-Gx-Prefs
X-Level-Front-Cache
X-Datadog-Parent-Id
X-Core-Value
X-Sigma
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Fastly-Backend
X-Esi-Check
Machine
X-Thanos
X-Bip
Server-Host
X-Pod-Name
X-CGP
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
L5d-Success-Class
X-RateLimit-Limit-Second
X-Reqid
Thinkindot-Control
X-RateLimit-Remaining-Second
X-Viewer-Country
X-Region-Sid
TDXMobile
X-Platform
X-Request-URI
Fastly-GeoIP-CountryCode
X-TH-Server
X-Backend-State
X-VG-TLSProxy
Req-Svc-Chain
We-Hiring
Web-Mar-Region
X-Xrds-Location
X-Cache-Enabled
X-NWS-UUID-VERIFY
X-Magnolia-Registration
X-CS
X-Variation
X-DefHash
X-DefElseHash
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
AMP-Access-Control-Allow-Source-Origin
X-Has-Esi
X-Is-Gdpr
Platform
X-JWT-State
X-FC-Vary-Parameters
X-Worker
X-DPWN-IS-SECURE
Cf-Device-Type
X-Qloud-Router
X-Loc
Memcached
Fastly-SWR
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Amzn-Remapped-Content-Length
X-Tx-Id
X-Varnish-CookieINHashed-On
X-NU-AKA-ACS-Version
X-Origin
X-Response-By
Adler-Geo
Fastly-SIE
Is-Eu
X-CACHE-KEY
NM-Fastcgi-Cache
NGX
X-Ua-Device
X-Varnish-Beresp-Ttl
X-Trace-ID
Datacenter
X-Esi
X-Mvc-Supplant-OutputCached
X-Backend-TTL
X-CLOUD-TRACE-CONTEXT
X-GeoIP-Country-Code
X-API-Version
X-Up
Candidate-Md5Url
Pics-Label
X-NC
X-GeoIP-Region-Code
X-LB-ID
Magicmarker
CDN
X-Generated-In
Ms-Author-Via
X-Datadome
On-Server
X-Tb-Optimization-Total-Bytes-Saved
X-Vc
X-LB-NoCache
WWW-Authenticate
S-Rt
X-DynaTrace-JS-Agent
WebServer
X-DC
X-Restarts
Esi-Enabled
Memory
X-TA-CDN-Provider
Env
X-Via-Poph
X-Via-Popn
Time
X-Via-Popv
Kp-EeAlive
X-TraceId
X-Tt-Logid
X-Refresh
NtCoent-Length
X-Optimistic-Header
X-Edge-Pop
X-DW
X-Parent-Response-Time
X-RPM
X-Service
X-Action
X-RPS
GeoIp-Country-Code
X-DSS
X-RSL
X-Cache-Backend
X-DB
X-Wix-Viewer-Type
Edge-Cache
C-Via
X-DI
X-CacheTTL
X-Akamai-Request-ID2
X-Http-Reason
X-Cache-PHP
X-Servedbyhost
X-Srv
X-Minions-Version
X-Varnish-Beresp-TTL
X-Unique-ID
X-Newrelic-Synthetics
Server-ID
X-MSEdge-Flight
X-MSEdge-Features
X-Webkit-Csp-Report-Only
X-Cache-Status-Check
X-HA-Backend
X-Render-Time
Accept-Language
X-ZONE
X-TX-ID
X-Cs
X-Dynatrace
X-VCL-Version
X-Cache-Ttl
X-Varnish-Ttl
X-Fpc
X-App
X-Traceid
X-LI-Proto
X-Urbn-Site-Id
Locale
Proxy-Connection
X-Urbn-Context-Path
X-URL
X-AIR-PT
X-User
X-Ec-Fail
Test
X-Ec-GeoHdr
X-Li-Proto
X-Info
X-LiteSpeed-Cache-Control
X-Clientip
X-FPC
X-NODE
X-Webkit-CSP-Report-Only
X-Vcl-Version
Tcn
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Cache-Host
HIT
Server-Id
UCS
X-Oss-Request-Id
X-B3-Spanid
X-Oss-Server-Time
Geo-Info
X-Oss-Storage-Class
X-AK-Request-ID
S-Cnection
M-TraceId
Cdnsip
Cdncip
X-Pass-Why
X-WADP-Cache
X-Clara-WADP
X-HostName
Cf-Int-Pingora-Origin-Digest
Fastly-Drupal-HTML
X-Fmm-Version
My-App
Cluster
X-LiteSpeed-Tag
X-CSRF-TOKEN
X-Ha-Backend
X-Micro-Cache
GeoIP-Country-Code
User-Agent
X-CUA
X-ID
Geoip-Latitude
Resin-Trace
Fastly-Backend-Name
X-Var-Ttl
Tracecode
Hostname
X-Dynatrace-Js-Agent
X-Pad
Lfy
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Backend-Host
Ohc-File-Size
X-Edge-POP
Hit
Section-Origin-Responded
Section-Io-Origin-Status
X-ServedByHost
X-From
T-Server
X-Release
X-Geo
Lb
X-Via-PopN
X-Via-PopV
X-Via-PopH
Lang
X-Fragments
X-RAMCache
X-BCube-Filmed-By
ENV
X-Check-Cacheable
X-APP
MIME-Version
X-ElasticPress-Query
X-BBC-Origin-Response-Status
X-HS-Status
X-Edge-Cache
Load-Balancing
X-NGINX-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Target-Params
X-Api-Version
X-Cdn-Forward
X-ServerName
CPC-Cache
X-Amz-Meta-Cb-Modifiedtime
CPC-Age
VNS-Cache
X-Ucs
Servername
VNS-Age
Path
EpKe-Alive
URI
X-WA
X-WA-Info
X-Fastly-Backend-Reqs
Cache-Key
X-ES-SERVER
X-VC
DataCenter
X-FORWARDED-FOR
X-Mcache
X-UP
Cteonnt-Length
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-GoCache-CacheStatus
X-Fastly-Cache-Hits
Uri
X-TRACE-ID
Pagetype
Cdn
X-Cdn-Request-ID
X-Lb-Id
Ohc-Cache-HIT
X-Swift-Error
X-Lb-Nocache
X-Httpd
PICS-Label
X-Cms-Context
X-PJAX-URL
Cneonction
X-B3-ParentSpanId
WZWS-RAY
X-RateLimit-Reset
X-Nc
Shield-Pop
Permissions-Policy
FSS-Cache
X-Proxy-Cache-Info
X-Dw-Trace-Id
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Newrelic-App-Data
X-Acquia-Site
Srv
Cf-Ipcountry
X-Acquia-Application-Trace
X-Akamai-ERRuleID
X-Udemy-Cache-App-Namespace
X-Via-Ucdn
Producers
X-Hcs-Proxy-Type
X-Yottaa-OS
X-Snapshot-Date
X-Contensis-Viewer-Groups
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Hits
X-Cache-ASPX
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Vha6-Origin
X-Akamai-ERPolicy
Server-Ttl
CF-Cached-On
MD5-Digest
X-Akamai-Pragma-Client-IP
ServerName
X-Cache-Ngx
X-Air-Pt
Sid
X-Provided-By
X-SB
X-Last-Modified
GeoIP-Latitude
X-Te-Duration-Ms
IsBot
X-Logging-Id
W
Sever-Int
X-B3-Parentspanid
X-SIPLIST1
X-Miniprofiler-Ids
X-Varnish-Authentication
X-VG-WebServer
X-CacheKey
Server-Hostname
Ngx
X-Http-Count
X-Http-Duration-Ms
X-Sentry-ID
CountryCode
Server-Ext
X-UA
Req-ID
X-Te-Count