Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
P3p
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-UA-Device
X-Proxy-Cache
X-Server-Powered-By
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dns-Prefetch-Control
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Ruxit-JS-Agent
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Rating
X-Country
X-B3-TraceId
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Cloud-Trace-Context
X-Ac
X-Content-Type
X-TtlSet
X-Vname
X-PC
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-FastCGI-Cache
X-ESI
X-Server-Name
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Aws-Lambda-Call-Status
X-Upstream
MS-Author-Via
X-GitHub-Request-Id
X-Vcap-Request-Id
X-MS-InvokeApp
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-ORACLE-DMS-ECID
X-Cnection
X-ORACLE-DMS-RID
X-Px
X-Navigation-Version
X-Country-Code
RTSS
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Build
X-Goog-Hash
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-NF-Request-ID
Accept-Ch
X-Origin-Cache
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Powered-CMS
AR-CACHE
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
X-Version
X-Middleton-Display
Display
X-Sol
Pagespeed
Response
X-Middleton-Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
Nginx-Cache
X-TTL
X-Protected-By
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-RateLimit-Remaining
TCN
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Shield-Request-Id
X-T
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Id
Content-MD5
S
X-Aspnetmvc-Version
Edge-Cache-Tag
Fastcgi-Cache
X-Mid
Realpath
X-CST
SPRequestDuration
X-Language
Front-End-Https
SPIisLatency
X-Recruiting
Filters
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Request-Received
X-Request-Processing-Time
X-MCACHE
X-Ttl
Server-Node
Server-Name
X-Frontend
X-Content
X-Ab
X-Ua-Browser
X-DynaTrace
X-NWS-LOG-UUID
X-Yandex-Sdch-Disable
X-HS-Content-Id
X-HS-Cache-Config
X-Correlation-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Ser
SPRequestGuid
X-SharePointHealthScore
X-Ezoic-Cdn
X-ECACHE
X-Hits
X-Template
X-Parallel-Accel
Fusion-Content-Id
Alternate-Protocol
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Component-Id
X-Cache-Key
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cache-Tags
X-Content-Options
MicrosoftSharePointTeamServices
Charset
X-B3-Sampled
X-Page-Id
Cleartype
X-Kong-Proxy-Latency
Host
X-Kong-Upstream-Latency
X-Git-Hash
X-Www-Served-By
X-Fastly-Request-Id
X-Ruxit-Js-Agent
X-Geo-Country
X-Daa-Tunnel
X-DIS-Request-ID
X-Amzn-Trace-Id
X-Webkit-CSP
X-Content-Digest
X-Debug-Info
X-Amz-Replication-Status
X-Ratelimit-Limit
Filterid
X-Varnish-Age
X-XRDS-LOCATION
X-Accel-Expires
X-Hostname
X-AppVersion
X-Az
X-Activity-Id
X-VCache
X-FB-Debug
X-Forwarded-Proto
X-Grace
X-Upgrade-Enabled
X-Rid
TP-L2-Cache
Cross-Origin-Opener-Policy
X-WebKit-CSP-Report-Only
X-Origin-Server
TP-Cache
Access-Control-Allow-Method
ServerID
X-N
X-Nginx-Upstream-Cache-Status
X-F-Cache
X-Mobile-URL
X-LB-Cache
X-Route-Name
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Request-Guid
X-Whom
X-App-Environment
X-Varnish-Grace
X-TT
Viewport
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Seen-By
X-Type
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Generation
Node
X-Tb
X-FW-Static
X-FW-Server
X-FW-Type
X-FW-Dynamic
DC
Paypal-Debug-Id
X-Distributor
X-FW-Hash
X-FW-Serve
Payment
X-Server-ID
X-App-Server
X-User-Agent
Fastcgi-Useragent
X-NGENIX-Cache
Accept-Charset
Country
X-Cache-Control
X-Origin-Upstream-Status
X-Wix-Request-Id
X-DataDome
X-Cache-Rule
X-Litespeed-Cache
X-Logged-In
Version
X-Via-JSL
X-Drupal-Cache-Tags
Referer-Policy
X-Cache-Age
X-Cluster-Name
X-Varnish-Backend
X-Ratelimit-Reset
Refresh
X-Microsite
X-Request-Handler-Origin-Region
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-B-Cache
X-Load-Cache
X-Signature
Cache-Status
X-Original-Request-Id
SD-X-WS
X-Node-Name
X-Response-Served-From
VIX-Pulpo-Upstream-Status
X-Contextid
X-Buckets
VIX-Pulpo-Node
X-Tec-Api-Root
X-Real-IP
X-Tec-Api-Version
X-Mobile
X-Tec-Api-Origin
X-Page-View
X-Cacheable-TTL
NGB
Access-Control-Request-Headers
X-B
X-Rendered-As
X-Debug
X-Is-Bot
X-Jobs
Amp-Access-Control-Allow-Source-Origin
X-Cache-Expired-At
X-Device-Type
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Vgn-Hpd-Reason
X-Instance
X-Rule
X-ProcessESI
X-Revision
X-Proxy-Cache-Status
X-Proxy
X-RemovedCookies
X-UUID
Surrogate-Key
X-Cache-Action
Akamai-GRN
X-Fastly-Request-ID
X-IPLB-Instance
X-Drupal-Cache-Contexts
X-Cache-Time
X-Framework
X-Debug-IsConnected
X-Debug-IsPreview
X-FW-Version
X-Fastcgi-Cache
X-G
CF-IPCountry
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
SID
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
DynaTrace
X-Oracle-Dms-Rid
X-Azure-Ref
X-Oracle-Dms-Ecid
Liferay-Portal
X-Presslabs-Stats
X-PressLabs-Stats
X-Nginx-Cache
GEO-INFO
X-Accel-Buffering
X-Source
Count-Hit
X-Ms-Version
X-Ms-Request-Id
X-Oneagent-Js-Injection
Uber-Trace-Id
Frame-Options
Healthy
X-Cache-Operation
X-APP-VERSION
X-RTag
Ms-Operation-Id
MS-CV
X-Cache-NGX
X-EdgeConnect-Cache-Status
X-Zen-Fury
X-CDN-Forward
X-XRDS-Location
Xserver
Countrycode
X-Varnish-Server
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Backend-Name
X-Environment-Context
X-Mode
X-L-Path
X-Cache-Hit
Ec-Rule-Version
Cross-Origin-Window-Policy
X-IPS-LoggedIn
Protected
X-Servername
X-Forwarded-Host
X-Region
Meta-Geo
X-Rewrite-Enabled
X-RN-RSRV
X-UPSTREAM-Address
X-Content-Powered-By
X-JoinUs
X-Cache-TTL-Remaining
X-SaId
Backend
X-Ratelimit-Remaining
X-Extlb
X-Detected-As
Decoy-Debug-Key
X-Redis-Cache
X-Debug-Cache
X-Cache-Server
Decoy-Debug-Status
X-Hosted-By
X-Cache-Grace
Eomportal-Instance
X-Generation-Time
Decoy-Debug-TTL
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-Origin-Date
X-ApacheServer
X-Sql-Duration-Ms
X-Sql-Count
X-Site-Version
X-Content-Age
Fastly-SSL
X-ShopId
X-ShardId
X-Shopify-Stage
Country-Code
X-Alternate-Cache-Key
Apigw-Requestid
Cache-Name
X-Human
X-Format
X-FB-TRIP-ID
X-PHP-Backend
X-PERF
X-Sorting-Hat-ShopId
Url
X-ServerID
X-Adobe-Content
X-Adobe-Loc
X-Sorting-Hat-PodId
X-Uri
X-Status
X-Via-Fastly
X-Varnish-Beresp-Grace
X-NCache
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
X-Section
X-No-Session
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Device-Class
Mn-Server-Ip
X-NewRelic-App-Data
Cache-Tv-Group
Property-Id
Selected-Fe
TWC-Connection-Speed
X-Tid
X-Timing-Wait
X-Access
Section-Io-Cache
X-Proxy-Build
X-PCL
X-Origin-Hint
X-NYM-Debug-Backend
X-OCL
X-ProxyCache-Status
X-ProxyCache-Key
X-Pubstack
X-BYPASS-REASON
X-Cache-Type
X-Hyper-Cache
X-Akamai-Edgescape
X-Cluster-Node
X-Varnishpool
X-Microcachable
X-Cache-Host
X-Say-TTL
X-Hl-Ver
X-Web-Node
X-Say-Cacheable
LB
WPO-Cache-Message
X-SayCDN-TTL
X-Server-W
WPO-Cache-Status
X-Storage
X-UA-Device-Type
Content-Disposition
Azure-SiteName
Azure-InstanceId
X-RateLimit-Limit
Azure-RegionName
Azure-SlotName
X-Soup
X-TIME
DB-Nickname
X-Be
Content-Secure-Policy
X-R9-Blue-Green-Version
Azure-Version
X-Trace-Id
CDN-Cache
CDN-CachedAt
X-Ua
X-Generated-By
CDN-PullZone
CDN-Uid
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-RequestId
X-Azure-Ref-OriginShield
X-LSADC-Cache
OT-Force-Account-Verify
X-CLOUD-TRACE-CONTEXT
X-Webkit-Csp
SRV
X-Cached-By
Source
X-Dc
X-Nginx-Cache-Key
X-Bc-Bl
Cache
Retry-After
X-SRV
X-LAGOON
X-TT-LOGID
X-Auto-Login
X-Unique-Id
X-Origin-TTL
X-Origin-CC
Mime-Version
X-Cache-Remote
Cache-Hits
X-Varnish-Hits
X-Platform-Server
Xet-Cookie
X-Loop
HostName
X-App-Version
X-GEO
X-TNCMS
X-Varnish-Hostname
X-Xfnlog-Site
X-ECache
X-S-Maxage
Onion-Location
ServedBy
X-Akamai-Transformed
X-CSRF-Token
X-Amz-Meta-S3cmd-Attrs
X-Cache-Tags
X-Cdn
X-HTML-Minification-Powered-By
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
X-Tumblr-Pixel-2
Web-Mar-Node
X-Correlation-ID
Upgrade-Insecure-Requests
Webserver
X-EC-Lua
X-Proto
X-Request-Time
From-Origin
X-AOL-HN
WP-Super-Cache
X-Tenant
X-Endurance-Cache-Level
N-Cache
X-Request-Host
X-Time
X-AWS-Id
X-Cache-Var
X-VWS-Id
X-Cache-Var-Map
X-LJ-Flow-ID
X-Time-Microsecs
X-FireWall-Port
X-GG-Cache-Date
X-Origin-Response-Time
X-Edge-Location
X-Cache-Enabled
X-Handled-By
X-Mg-Request-UUID
X-Application
X-Ig-Push-State
Vix-Hermes-Req-Id
X-A
DCR-Decision-By
X-Ftr-Request-Id
V-Age
Surrogated-Key
X-A-Wwc
X-Via-NSCOPI
Sslversion
X-ND-Cache
X-Aed
X-Forwarded-Path
X-Aicache-OS
X-NAPM-TraceId
A
X-ARC
X-Ckpd-Fst-Backend
Nel
Rendered-Blocks
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-NE
X-A-Dam
X-Cluster
X-Conf
X-Destination
X-Developer
X-A-Dcw
X-A-Ccd
X-B-Cookie
X-Connection-Hash
X-D
X-External-Request-Id
Pramga
Expiry
Fastcgi-X-Cache-Version
CloudFront-Viewer-Country
X-TIM-N
X-V-Cache
X-SRCache-Key
X-Slack-Backend
X-Orig-Expires
X-SD-PageType
X-Session-Fingerprint
X-Shop-Environment
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
DCR-Processing-Time-Ms
Xc-Version
X-Labrador-Cache-Channel
X-PHP-Host
X-B3-SpanId
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
Meta-Geo-Continent
X-ScT
X-S-Cookie
X-Processor
X-PBS-Appsvrname
X-Planisys-CDN-TTL
X-NWS-UUID-VERIFY
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-A-Dgt
X-PAYTM-SRV-ID
X-Rojux
BehaviorPad-Version
X-S
Mobile-Detection-Method
Odigeo-Trace-Id
Redirect-Candidate
X-MP-GENERATED-AT
Svr
DSUID
True-Client-Country-4JS
Origin
Gh-Request-Id
Host-ID
Wxu-Next-Region
Fastcgi-Cache-TTL
Wxu-Next-Commit
Wxu-Next-Hostname
User-Cache-Control
X-Li-Fabric
X-Owner
X-Policy
X-Proxy-Upstream
X-Origin-Time
X-Origin-Expires
X-Nyt-Route
X-Old-Content-Length
X-Request-URI
X-Scheme
X-SVT-ORM-VERSION
X-Viewer-Country
X-Webstats-RespID
X-SVT-ORM-RULES
X-Sucuri-ID
X-Server-IP
X-Sucuri-Cache
X-NodeID
X-Mvc-Supplant-Cachable
X-Date
X-Forwarded-Site
X-Gdpr
X-Cdn-Srv
X-Cache-Date
X-Block-Status
X-Cache-Bucket
X-Gen-Mode
X-Geo-Header
X-Location
X-Men
X-LI-UUID
X-Li-Pop
X-Hash
X-Hnp-Log
X-Accel-Expires-Debug
X-Epic-Correlation-Id
Cmsid
X-Reqid
CacheControlHeader
Fastly-Drupal-Html
Cmstype
X-Magnolia-Registration
AKAMAI
Server-Info
X-Zone
X-M-Reqid
X-Adobe-Source
X-Locale
X-Qnm-Cache
X-M-Log
X-Device-Os
X-Datadog-Trace-Id
X-Esi-Check
X-Developers
X-Fastly-Cache
X-Datadog-Sampling-Priority
X-Fetched-On
X-Gamma-Serve
X-Fastly-Backend
X-Eu-Site
X-Cache-Info
X-Branch-Name
X-Bip
X-Backend-State
Web-Mar-Region
X-Cache-Id
X-Generated-On
X-Csrf-Jwt
X-Core-Mission
X-CGP
X-Cdn-Origin
X-Datadog-Parent-Id
X-HS-Content-Campaign-Id
X-Skip-Cache
X-Sn-Servicetimems
X-Served-From
X-Rocket-Nginx-Serving-Static
X-Request-Start
X-Thanos
X-TrackingId
X-VServer
X-Backend-TTL
X-VarnishDD-TTL
X-Varnish-Beresp-Status
X-UnsetCookies
X-Req
X-Region-Sid
We-Hiring
X-CACHE-KEY
X-HN
X-Gzip
X-GeoIP-City
X-Irp-Debug
X-Level-Front-Cache
X-RCS-CacheZone
X-RateLimit-Limit-Second
X-Platform
AMP-Access-Control-Allow-Source-Origin
X-GeoIP
X-RateLimit-Remaining-Second
Locid
Machine
Mail-Subject
L5d-Success-Class
Apple-News-Services-Parsed-Url
HA-Ipaddr
L
State
Ssr
Release
PFcat
Arc-Country
CDCHOST
Apple-News-Services-Request-Url
Server-Host
Ha-Gx-Prefs
Apple-News-Services-Host
Apple-News-Services-Handled
X-VC-Cache
Environment
X-GeoIP-Country-Code
X-Qloud-Router
X-Pod-Name
Memcached
X-DefElseHash
X-Worker
Origin-CC
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Variation
X-VG-TLSProxy
X-Core-Value
X-DefHash
X-Has-Esi
Platform
X-Origin
X-FC-Vary-Parameters
X-JWT-State
X-Is-Gdpr
X-Envoy-Decorator-Operation
X-Node-Id
X-Varnish-CookieHashed-On
X-GeoIP-Region-Code
Adler-Geo
X-DPWN-IS-SECURE
NM-Fastcgi-Cache
Fastly-GeoIP-CountryCode
X-Sigma
X-ATG-Version
X-Cache-Debug
X-TH-Server
Thinkindot-CacheControl-Type
X-Sigma-Backend
X-Storefront-Renderer-Rendered
X-Thinkindot-L3
Thinkindot-Control
TDXMobile
Thinkindot-CacheControl
Cf-Device-Type
Origin-EX
X-Response-By
X-Rocket-Build-Number
X-Amzn-Remapped-Content-Length
Traceparent
Is-Eu
X-Xrds-Location
Fastly-SIE
Fastly-SWR
X-Loc
X-Mvc-Supplant-OutputCached
X-BBC-Edge-Cache-Status
X-Rebelmouse-Cache-Control
X-NU-AKA-ACS-Version
X-Rebelmouse-Surrogate-Control
Req-Svc-Chain
S-Rt
X-Ua-Device
X-Tx-Id
NGX
X-CS
Magicmarker
X-LB-ID
X-NC
X-Cache-Config
X-API-Version
X-TraceId
X-Up
CDN
X-Varnish-Beresp-Ttl
X-Akamai-Request-ID2
X-Http-Reason
X-Generated-In
X-Datadome
Kp-EeAlive
Pics-Label
Memory
X-Trace-ID
X-Tt-Logid
Time
X-Restarts
Ms-Author-Via
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
Edge-Cache
X-Cache-Backend
X-Wix-Viewer-Type
X-DW
X-RPM
X-Edge-Pop
X-RPS
X-RSL
X-Optimistic-Header
X-DSS
X-Action
Candidate-Md5Url
Env
X-DB
X-DI
Datacenter
WebServer
X-Refresh
X-Varnish-Ttl
Accept-Language
X-LB-NoCache
GeoIp-Country-Code
X-Via-Popv
X-Via-Popn
X-Vc
X-Via-Poph
X-DynaTrace-JS-Agent
WWW-Authenticate
On-Server
X-Varnish-Beresp-TTL
Esi-Enabled
X-CacheTTL
X-TA-CDN-Provider
X-Srv
X-Minions-Version
X-DC
X-Parent-Response-Time
X-Cs
X-Esi
X-HA-Backend
X-Urbn-Context-Path
Locale
X-Dynatrace
X-Urbn-Site-Id
X-Service
C-Via
X-Servedbyhost
X-Unique-ID
X-MSEdge-Flight
X-TX-ID
X-MSEdge-Features
X-Newrelic-Synthetics
Server-ID
X-Ec-GeoHdr
X-Ec-Fail
X-User
X-Cache-PHP
X-ZONE
X-Li-Proto
X-FPC
X-Cache-Ttl
X-Cache-Status-Check
X-VCL-Version
X-LiteSpeed-Cache-Control
X-App
X-Render-Time
X-URL
X-B3-Spanid
X-Fpc
X-LI-Proto
Cdnsip
Cdncip
Test
X-Vcl-Version
X-Webkit-Csp-Report-Only
X-AK-Request-ID
X-Traceid
Geoip-Latitude
My-App
Server-Id
Cluster
Proxy-Connection
X-Webkit-CSP-Report-Only
X-NODE
X-Pass-Why
Geo-Info
X-Var-Ttl
X-CUA
Tracecode
X-WADP-Cache
X-Fmm-Version
Resin-Trace
X-Clara-WADP
X-Mcache
X-Clientip
T-Server
M-TraceId
X-Info
X-LiteSpeed-Tag
Tcn
X-AIR-PT
DataCenter
UCS
Cache-Host
Lang
HIT
Cf-Int-Pingora-Origin-Digest
Fastly-Drupal-HTML
X-Fragments
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-From
X-Oss-Object-Type
Lfy
X-Oss-Request-Id
X-CSRF-TOKEN
X-ServedByHost
Target-Params
X-Geo
S-Cnection
X-Ha-Backend
X-ID
Hostname
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
GeoIP-Country-Code
Hit
X-RAMCache
X-Pad
Ohc-File-Size
X-HostName
X-Dynatrace-Js-Agent
X-VC
X-ElasticPress-Query
MIME-Version
Fastly-Backend-Name
X-Edge-POP
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Cdn-Forward
ENV
X-Micro-Cache
User-Agent
Permissions-Policy
Section-Origin-Responded
X-Proxy-Cache-Info
X-Api-Version
X-Provided-By
X-Httpd
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Release
Section-Io-Id
X-Check-Cacheable
X-BBC-Origin-Response-Status
X-Edge-Cache
X-NGINX-Cache
Load-Balancing
X-Backend-Host
Producers
X-APP
X-HS-Status
X-Lb-Nocache
X-BCube-Filmed-By
X-ServerName
WZWS-RAY
Servername
X-Ucs
X-Fastly-Backend-Reqs
X-Cache-CFC
X-UP
Uri
PICS-Label
FSS-Cache
ServerName
URI
EpKe-Alive
X-GoCache-CacheStatus
X-TRACE-ID
Lb
X-Udemy-Cache-App-Namespace
Cache-Key
Path
Server-Ttl
X-SB
Cdn
X-Swift-Error
X-Pool
X-RateLimit-Reset
X-Lb-Id
VNS-Cache
X-Cdn-Request-ID
VNS-Age
X-Amz-Meta-Cb-Modifiedtime
Cteonnt-Length
Cneonction
CPC-Cache
CPC-Age
Ohc-Cache-HIT
X-Nc
X-Fastly-Cache-Hits
X-WA-Info
X-WA
X-B3-ParentSpanId
X-Dw-Trace-Id
X-Platform-Cluster
X-Ec-Custom-Error
X-Akamai-Request-ID
X-Apw-Access-Object
X-Apw-Access-Action
X-Platform-Router
X-Platform-Processor
X-Apw-Access-Token
X-Akamai-ERPolicy
X-Contensis-Viewer-Groups
X-Snapshot-Date
X-Cache-ASPX
X-Apw-Hits
X-Akamai-ERRuleID
Shield-Pop
X-Acquia-Purge-Tags
X-Acquia-Site
X-ES-SERVER
X-Newrelic-App-Data
X-Wikidot-Backend
Vha6-Origin
X-Acquia-Application-UUID
X-Vcache
CF-Cached-On
X-Yottaa-OS
Cf-Ipcountry
X-Acquia-Application-Trace
X-Wikidot-Static-Cache
Sid
X-Cache-Ngx
X-Air-Pt
X-SIPLIST1
X-Cms-Context
X-Cache-Expires
X-Akamai-Pragma-Client-IP
X-Scale
X-Shopify-Generated-Cart-Token
Req-ID
IsBot
X-Varnish-Authentication
X-Te-Count
X-Te-Duration-Ms
X-Http-Duration-Ms
X-Http-Count
CountryCode
Pagetype
X-Logging-Id
X-CacheKey
X-PJAX-URL
X-Sentry-ID
Ngx
X-Last-Modified
X-UA