Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
Link
CF-Cache-Status
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Request-ID
X-Content-Security-Policy
X-Iinfo
Status
Feature-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
Access-Control-Max-Age
X-Ws-Request-Id
Server-Timing
EagleId
Keep-Alive
X-Cache-Group
X-Turbo-Charged-By
Request-Context
X-Age
X-Proxy-Cache
X-Server-Powered-By
X-AH-Environment
X-UA-Device
X-Backend
X-Hacker
X-Robots-Tag
Report-To
X-Amz-Request-Id
Host-Header
X-LiteSpeed-Cache
X-Server
X-Amz-Id-2
X-Dns-Prefetch-Control
Grace
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-Amz-Version-Id
X-Ua-Compatible
X-OneAgent-JS-Injection
X-Device
X-Pingback
X-Dispatcher
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
NEL
X-Host
X-Server-Id
X-Backend-Server
X-Node
Cf-Railgun
Accept-CH
X-Readtime
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-Response-Time
X-HW
X-Language
Xkey
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Application-Context
Content-Location
X-Template
X-Ruxit-JS-Agent
Rating
X-Country
Accept-Ch-Lifetime
X-B3-TraceId
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Cache-Lookup
X-Ac
X-Url
Allow
X-Content-Type
X-Trace
X-Buckets
X-PC
X-TtlSet
X-Vname
X-Mod-Pagespeed
X-Varnish-TTL
X-Clacks-Overhead
Edge-Control
X-FastCGI-Cache
X-ESI
Cache-Tag
Fastly-Restarts
X-Rack-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Server-Name
X-Element-Page-Cache
Verso
X-GitHub-Request-Id
X-MS-InvokeApp
X-Amz-Rid
X-Upstream
MS-Author-Via
X-Vcap-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-D2id
X-Client-IP
X-Cached
X-Abt-Application-Version
X-Origin-Cache
X-Cache-TTL
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Arr-Disable-Session-Affinity
X-Cnection
X-Country-Code
X-Px
X-Goog-Hash
X-Powered-By-Plesk
X-Navigation-Version
Access-Control-Request-Method
X-Instrumentation
X-Aws-Lambda-Call-Status
X-NF-Request-ID
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Version
Accept-Ch
RTSS
X-Amz-Server-Side-Encryption
X-Powered-CMS
Pagespeed
Display
X-Middleton-Display
X-Sol
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Response
X-Middleton-Response
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-MSEdge-Ref
X-LLID
X-Edge
X-Kinsta-Cache
X-Edge-Location-Klb
X-CST
Nginx-Cache
X-Shield-Request-Id
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
AR-Request-ID
AR-ATIME
AR-SID
AR-CACHE
AR-PoweredBy
S
X-HP-Webp
Content-MD5
X-Jurisdiction
X-HP-Trace-Id
X-T
X-RateLimit-Remaining
X-Protected-By
X-Forwarded-For
TCN
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Id
X-TTL
X-Mid
X-Aspnetmvc-Version
X-MCACHE
Fastcgi-Cache
X-Ttl
Realpath
Front-End-Https
X-Parallel-Accel
SPIisLatency
SPRequestDuration
Edge-Cache-Tag
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Filters
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Server-Node
Fusion-Component-Id
Fusion-Content-Id
X-Ab
X-Content
X-Ua-Browser
X-DynaTrace
X-SharePointHealthScore
SPRequestGuid
X-Correlation-Id
X-Ezoic-Cdn
X-Ruxit-Js-Agent
Alternate-Protocol
Server-Name
X-Accel-Expires
X-NWS-LOG-UUID
X-Frontend
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Hits
X-Yandex-Sdch-Disable
X-Cache-Key
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-ECACHE
X-Content-Options
Cache-Tags
Host
MicrosoftSharePointTeamServices
X-Git-Hash
X-Page-Id
Cleartype
Charset
X-Fastly-Request-Id
X-Server-ID
X-Www-Served-By
X-B3-Sampled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Geo-Country
X-Content-Digest
X-Amz-Replication-Status
X-Ser
TP-Cache
TP-L2-Cache
Filterid
X-Forwarded-Proto
X-Hostname
X-Varnish-Age
X-VCache
X-Amzn-Trace-Id
X-Az
X-AppVersion
X-Activity-Id
X-Daa-Tunnel
X-XRDS-LOCATION
X-Rid
X-Debug-Info
X-DIS-Request-ID
X-Origin-Server
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Grace
X-N
X-Microsite
X-Request-Handler-Origin-Region
X-LB-Cache
X-Origin-Upstream-Status
X-FB-Debug
X-WebKit-CSP-Report-Only
ServerID
X-Nginx-Upstream-Cache-Status
X-Mobile-URL
X-Whom
X-Request-Guid
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-TT
X-F-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-NGENIX-Cache
X-Goog-Generation
X-Goog-Metageneration
X-App-Server
X-App-Environment
X-Varnish-Grace
Cross-Origin-Opener-Policy
Viewport
X-Distributor
Payment
X-Tb
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Dynamic
Paypal-Debug-Id
DC
X-FW-Hash
X-FW-Serve
Node
X-Logged-In
X-Cache-Control
X-Seen-By
Fastcgi-Useragent
X-PressLabs-Stats
X-Type
X-Oneagent-Js-Injection
X-User-Agent
X-Cache-Age
Country
Accept-Charset
X-Ratelimit-Limit
X-Cache-Rule
X-Varnish-Backend
Version
X-Webkit-CSP
X-Node-Name
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-DataDome
X-Erf-Bev-Bev
X-Webkit-Csp
X-Wix-Request-Id
X-Load-Cache
X-Cache-Action
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-IPLB-Instance
X-Via-JSL
Refresh
X-Original-Request-Id
Cache-Status
X-Response-Served-From
SD-X-WS
Referer-Policy
Access-Control-Request-Headers
X-Drupal-Cache-Tags
X-Real-IP
X-Cacheable-TTL
X-Jobs
Amp-Access-Control-Allow-Source-Origin
X-Page-View
X-Is-Bot
NGB
X-RemovedCookies
X-Proxy-Cache-Status
X-Vgn-Hpd-Reason
X-UUID
X-Rendered-As
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Revision
X-B
X-Debug
X-Contextid
X-ProcessESI
X-Cluster-Name
X-Proxy
DynaTrace
X-Rule
X-B-Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Expired-At
X-Signature
X-Drupal-Cache-Contexts
X-Device-Type
Liferay-Portal
X-Fastly-Request-ID
X-Instance
Akamai-GRN
Surrogate-Key
X-Mobile
X-G
X-Cache-Time
X-Framework
X-Debug-IsPreview
X-Debug-IsConnected
X-Fastcgi-Cache
X-FW-Version
CF-IPCountry
Healthy
X-Azure-Ref
X-Source
X-TEC-API-ORIGIN
X-Air-Hostname
X-Air-Trace-Id
X-TEC-API-ROOT
X-Air-Source
X-TEC-API-VERSION
X-Ms-Request-Id
X-Ms-Version
SID
X-XRDS-Location
Frame-Options
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
Ms-Operation-Id
MS-CV
X-RTag
X-Cache-Hit
X-APP-VERSION
Section-Io-Cache
X-Tumblr-Pixel-0
X-CDN-Forward
X-Tumblr-User
X-Tumblr-Pixel-1
X-Nginx-Cache
X-Tumblr-Pixel
Countrycode
X-Environment-Context
X-Varnish-Server
X-L-Path
Xserver
Count-Hit
X-Cache-Operation
GEO-INFO
X-Region
X-Servername
Uber-Trace-Id
X-Forwarded-Host
X-Content-Powered-By
X-EdgeConnect-Cache-Status
X-Backend-Name
X-Mode
X-Accel-Buffering
Cross-Origin-Window-Policy
Backend
X-IPS-LoggedIn
X-Adobe-Content
X-Adobe-Loc
X-Litespeed-Cache
Ec-Rule-Version
X-Zen-Fury
X-JoinUs
X-RN-RSRV
X-SaId
Meta-Geo
X-UPSTREAM-Address
X-Cache-Grace
X-Cache-Server
X-Redis-Cache
Eomportal-Instance
X-ShardId
X-Debug-Cache
X-Hosted-By
X-Alternate-Cache-Key
X-Generation-Time
X-Human
X-Cache-Type
X-Microcachable
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Varnish-Beresp-Grace
X-Shopify-Stage
X-ShopId
X-Detected-As
X-Uri
X-Status
Apigw-Requestid
X-Storage
X-Cache-TTL-Remaining
X-PHP-Backend
X-BYPASS-REASON
Country-Code
X-ProxyCache-Status
X-FB-TRIP-ID
X-Site-Version
Cache-Name
Url
X-Sql-Duration-Ms
X-NCache
X-Origin-Date
X-No-Session
X-ProxyCache-Key
Cache-Tv-Group
Decoy-Debug-Status
X-ServerID
X-Sql-Count
Decoy-Debug-Key
X-Via-Fastly
Decoy-Debug-TTL
TWC-Connection-Speed
Webcakes-Region
Property-Id
Selected-Fe
TWC-GeoIP-Country
TWC-Locale-Group
X-UA-Device-Type
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
TWC-Device-Class
X-Cache-Host
X-Web-Node
X-Ratelimit-Reset
X-Say-TTL
X-Proxy-Build
X-OCL
X-PCL
X-Origin-Hint
X-Akamai-Edgescape
X-SayCDN-TTL
Protected
X-Format
Mn-Server-Ip
Fastly-SSL
X-Say-Cacheable
X-Timing-Wait
OT-Force-Account-Verify
X-Routing-Service
X-Proxied
X-Server-W
X-Section
X-PERF
X-NYM-Debug-Backend
X-Pubstack
X-Hl-Ver
X-R9-Blue-Green-Version
DB-Nickname
X-ApacheServer
X-Zipkin-Id
X-Extlb
X-Varnishpool
X-Access
Azure-RegionName
Azure-InstanceId
X-Azure-Ref-OriginShield
Azure-SiteName
Azure-Version
Azure-SlotName
X-LSADC-Cache
X-Cluster-Node
X-Be
X-Tid
Content-Secure-Policy
X-Rewrite-Enabled
Source
X-RateLimit-Limit
X-Cache-NGX
X-Soup
X-Ua
X-SRV
X-Content-Age
X-HTML-Minification-Powered-By
X-NewRelic-App-Data
X-Time
X-Amz-Meta-S3cmd-Attrs
X-Cached-By
Content-Disposition
X-Cache-Var
X-Cache-Var-Map
X-Presslabs-Stats
SRV
X-ECache
X-Dc
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-PullZone
Cache
X-LAGOON
X-Generated-By
CDN-Cache
CDN-RequestId
X-Unique-Id
CDN-Uid
X-Loop
X-Hyper-Cache
X-TNCMS
X-Varnish-Hits
X-Varnish-Hostname
X-Bc-Bl
X-S-Maxage
Onion-Location
X-App-Version
Retry-After
X-Origin-TTL
X-Auto-Login
X-Origin-CC
X-Trace-Id
X-Tumblr-Pixel-2
X-GEO
X-TT-LOGID
Webserver
X-Tumblr-Pixel-3
X-Proto
Cache-Hits
Web-Mar-Node
X-Nginx-Cache-Key
Xet-Cookie
X-Tenant
X-Time-Microsecs
X-Qnm-Cache
X-M-Log
X-Endurance-Cache-Level
X-M-Reqid
X-Cdn
X-Akamai-Transformed
X-Edge-Location
Mime-Version
X-GG-Cache-Date
X-VWS-Id
X-LJ-Flow-ID
LB
X-AWS-Id
X-Platform-Server
CloudFront-Viewer-Country
X-CSRF-Token
X-Mg-Request-UUID
X-Amz-Apigw-Id
X-Labrador-Cache-Channel
X-CACHE-KEY
X-Amzn-RequestId
X-PHP-Host
HostName
N-Cache
X-Xfnlog-Site
X-Cache-Tags
X-RCS-CacheZone
X-Varnish-Cache-Hits
X-Handled-By
X-Storefront-Renderer-Rendered
X-Locale
Upgrade-Insecure-Requests
X-Adobe-Source
WPO-Cache-Message
ServedBy
X-Origin-Response-Time
X-TIME
WPO-Cache-Status
X-Request-Time
X-AOL-HN
X-B3-SpanId
X-Cache-Remote
X-VC-Cache
X-S-Cookie
X-S
X-Ftr-Request-Id
X-A-Wwc
X-B-Cookie
X-Destination
X-A-Dgt
X-Rojux
X-Forwarded-Path
X-Request-Host
X-A
X-A-Ccd
Surrogated-Key
X-A-Dcw
X-A-Dam
X-Cache-Date
X-PBS-Appsvrname
DCR-Decision-By
X-Aed
X-Ig-Push-State
X-Orig-Expires
A
BehaviorPad-Version
X-Cache-NE
X-External-Request-Id
Expiry
Fastcgi-X-Cache-Version
X-NAPM-TraceId
X-ND-Cache
DCR-Processing-Time-Ms
DSUID
Meta-Geo-Continent
Mobile-Detection-Method
X-Planisys-CDN-Cache
Rendered-Blocks
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Developer
State
Redirect-Candidate
X-ARC
X-PAYTM-SRV-ID
Odigeo-Trace-Id
X-Application
Origin
Pramga
X-Processor
X-ScT
X-Ckpd-Fst-Backend
X-Vdms-Path
X-Vdms-Version
X-CF-Lambda-Version
X-V-Cache
X-SVT-ORM-VERSION
X-TIM-N
X-CF-Lambda-Fn
X-Reqid
X-VG-WebCache
X-Connection-Hash
X-ATG-Version
X-D
X-Conf
Xc-Version
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-SVT-ORM-RULES
X-Cluster
X-SD-PageType
Nel
X-Session-Fingerprint
X-SRCache-Key
X-Slack-Backend
X-Shop-Environment
Server-Info
X-Correlation-ID
X-Via-NSCOPI
Environment
X-MP-GENERATED-AT
X-Men
X-Mvc-Supplant-Cachable
X-Scheme
X-Server-IP
Fastcgi-Cache-TTL
X-Fetched-On
Wxu-Next-Hostname
X-Device-Os
X-Nyt-Route
Datacenter
Wxu-Next-Commit
X-Location
X-Rocket-Nginx-Serving-Static
X-VServer
X-Li-Fabric
X-Date
X-Gdpr
V-Age
X-Served-From
X-Hash
X-Geo-Header
Release
Vix-Hermes-Req-Id
User-Cache-Control
Cmsid
X-Li-Pop
X-LI-UUID
Host-ID
L
X-Forwarded-Site
X-Cache-Info
Gh-Request-Id
Cmstype
X-Varnish-Beresp-Status
X-Old-Content-Length
X-Owner
X-Hnp-Log
X-Accel-Expires-Debug
From-Origin
X-Cache-Bucket
X-Sucuri-ID
X-Sucuri-Cache
X-Epic-Correlation-Id
X-Proxy-Upstream
X-Policy
X-Gen-Mode
X-Skip-Cache
X-Block-Status
X-Origin-Expires
X-Origin-Time
CacheControlHeader
Wxu-Next-Region
X-Core-Mission
X-VG-TLSProxy
AKAMAI
X-Fastly-Cache
AMP-Access-Control-Allow-Source-Origin
Thinkindot-CacheControl-Type
X-Bip
Web-Mar-Region
X-GeoIP
Thinkindot-Control
TDXMobile
X-Branch-Name
Svr
X-Esi-Check
Traceparent
Thinkindot-CacheControl
X-Cache-Config
X-Fastly-Backend
X-Cache-Debug
X-BBC-Edge-Cache-Status
X-Core-Value
X-Datadog-Trace-Id
We-Hiring
X-TH-Server
X-Aicache-OS
True-Client-Country-4JS
X-Datadog-Parent-Id
X-Gamma-Serve
X-Generated-On
X-Level-Front-Cache
Apple-News-Services-Host
Apple-News-Services-Handled
X-Datadog-Sampling-Priority
X-VarnishDD-TTL
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-NodeID
Candidate-Md5Url
X-Developers
X-Sigma
X-Sigma-Backend
X-Cdn-Origin
X-Region-Sid
X-Sn-Servicetimems
X-Req
X-Thanos
X-Thinkindot-L3
X-TrackingId
X-Ratelimit-Remaining
X-Platform
Server-Host
X-Rocket-Build-Number
PFcat
X-HN
X-HS-Content-Campaign-Id
CDCHOST
X-Gzip
Origin-CC
X-GeoIP-City
Req-Svc-Chain
Origin-EX
X-Viewer-Country
Arc-Country
X-Request-Start
X-Magnolia-Registration
Fastly-GeoIP-CountryCode
Locid
Machine
X-Cache-Id
X-Irp-Debug
Mail-Subject
X-DPWN-IS-SECURE
X-DefHash
X-DefElseHash
X-Request-URI
X-Worker
Fastly-SIE
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Fastly-SWR
NGX
X-Webstats-RespID
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Envoy-Decorator-Operation
X-Variation
X-UnsetCookies
X-JWT-State
X-Loc
X-Is-Gdpr
X-Has-Esi
X-FC-Vary-Parameters
X-NU-AKA-ACS-Version
X-Origin
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Qloud-Router
X-Pod-Name
X-Eu-Site
X-CGP
Ha-Gx-Prefs
Cf-Device-Type
NM-Fastcgi-Cache
Adler-Geo
HA-Ipaddr
Is-Eu
Memcached
Platform
L5d-Success-Class
X-Backend-State
X-Amzn-Remapped-Content-Length
X-Csrf-Jwt
X-EC-Lua
X-FireWall-Port
X-Xrds-Location
Fastly-Drupal-Html
Sslversion
X-Node-Id
X-Cdn-Srv
WWW-Authenticate
X-Tx-Id
X-Zone
CDN
X-CLOUD-TRACE-CONTEXT
X-CS
Esi-Enabled
X-Mvc-Supplant-OutputCached
On-Server
X-Response-By
Ssr
X-NC
X-API-Version
X-Up
X-LB-ID
WP-Super-Cache
Pics-Label
X-Generated-In
X-Vc
X-Tt-Logid
X-Varnish-Beresp-Ttl
Ms-Author-Via
C-Via
X-Service
Time
X-Refresh
Memory
X-Trace-ID
X-Datadome
X-Cache-PHP
NtCoent-Length
X-Edge-Pop
X-Cache-Enabled
X-Backend-TTL
X-LB-NoCache
X-TraceId
X-TA-CDN-Provider
X-DynaTrace-JS-Agent
X-Via-Popv
X-Via-Popn
GeoIp-Country-Code
X-Tb-Optimization-Total-Bytes-Saved
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Via-Poph
Env
X-NWS-UUID-VERIFY
X-Varnish-Ttl
X-Dynatrace
Magicmarker
X-Varnish-Beresp-TTL
X-Cache-Status-Check
X-Parent-Response-Time
X-Render-Time
X-Optimistic-Header
X-DC
X-Info
X-ZONE
X-Restarts
X-Cs
X-Ua-Device
X-Esi
Kp-EeAlive
X-Servedbyhost
X-CacheTTL
X-AIR-PT
WebServer
X-Unique-ID
S-Rt
X-TX-ID
X-MSEdge-Features
X-Wix-Viewer-Type
X-DI
X-MSEdge-Flight
X-DB
X-DW
X-RPS
X-RPM
Edge-Cache
X-RSL
X-Cache-Backend
Server-ID
X-Action
X-DSS
X-Srv
X-Clientip
X-Oss-Server-Time
UCS
X-Oss-Request-Id
X-Oss-Object-Type
HIT
Cache-Host
X-Oss-Hash-Crc64ecma
X-VCL-Version
X-Oss-Storage-Class
X-LI-Proto
X-Newrelic-Synthetics
X-FPC
X-App
X-Minions-Version
Proxy-Connection
X-Cache-Ttl
X-Li-Proto
S-Cnection
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-LiteSpeed-Cache-Control
X-URL
Section-Io-Id
Lb
X-B3-Spanid
X-Webkit-Csp-Report-Only
Server-Id
X-HA-Backend
Test
X-Fpc
X-Traceid
X-Http-Reason
X-Akamai-Request-ID2
User-Agent
X-Vcl-Version
Fastly-Backend-Name
X-Micro-Cache
X-NODE
X-Webkit-CSP-Report-Only
Geo-Info
X-Backend-Host
Tcn
Accept-Language
X-Pass-Why
X-CSRF-TOKEN
X-BCube-Filmed-By
X-User
X-Pad
X-Release
X-Ec-GeoHdr
X-Ec-Fail
X-ES-SERVER
Cf-Int-Pingora-Origin-Digest
X-Check-Cacheable
X-APP
X-HostName
Resin-Trace
Locale
Hostname
X-LiteSpeed-Tag
X-Urbn-Site-Id
X-Urbn-Context-Path
Fastly-Drupal-HTML
CPC-Age
X-ServedByHost
X-Ha-Backend
X-Amz-Meta-Cb-Modifiedtime
VNS-Cache
EpKe-Alive
X-ID
VNS-Age
CPC-Cache
Cache-Key
X-BBC-Origin-Response-Status
Path
X-Dynatrace-Js-Agent
X-B3-Traceid
X-Via-PopN
X-Clara-WADP
X-Via-PopV
X-WADP-Cache
X-Fmm-Version
X-AK-Request-ID
M-TraceId
Cdnsip
X-NGINX-Cache
X-WA-Info
Hit
Cdncip
X-Akamai-Pragma-Client-IP
Srv
Ohc-File-Size
X-WA
GeoIP-Country-Code
X-Via-PopH
X-Geo
Pagetype
X-Cdn-Forward
X-Wikidot-Static-Cache
X-Wikidot-Backend
MIME-Version
X-ElasticPress-Query
X-PJAX-URL
My-App
Shield-Pop
ENV
Cluster
X-Cms-Context
Geoip-Latitude
X-Edge-POP
X-Edge-Cache
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CUA
Load-Balancing
X-Api-Version
Tracecode
X-From
X-Var-Ttl
MD5-Digest
X-Via-Ucdn
Lfy
X-HS-Status
X-VG-WebServer
T-Server
X-ServerName
X-UP
X-Ucs
X-Fastly-Cache-Hits
URI
WZWS-RAY
X-Mcache
Servername
X-GoCache-CacheStatus
X-Cache-Expires
X-Fragments
X-Fastly-Backend-Reqs
Lang
Sever-Int
X-RAMCache
X-SIPLIST1
X-Lb-Id
W
Server-Hostname
Server-Ext
IsBot
X-TRACE-ID
Sid
X-Dw-Trace-Id
X-VC
X-WP-CF-Super-Cache
Target-Params
X-WP-CF-Super-Cache-Cache-Control
Ohc-Cache-HIT
Cdn
Cneonction
PICS-Label
X-RateLimit-Reset
Cteonnt-Length
X-B3-ParentSpanId
X-Nc
X-Provided-By
X-Cdn-Request-ID
CF-Cached-On
X-Via-CDN
X-Yottaa-OS
X-Last-Modified
X-Acquia-Application-Trace
X-Newrelic-App-Data
X-Platform-Router
Cf-Ipcountry
HitType
X-Akamai-Request-ID
X-Platform-Cluster
X-Platform-Processor
X-Swift-Error
Vha6-Origin
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Snapshot-Date
Server-Ttl
X-Acquia-Site
Dnion-Transfer-Encoding
X-Acquia-Purge-Tags
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Hits
X-Acquia-Application-UUID
X-Cc-Via
X-Cache-Ngx
X-Air-Pt
X-Te-Count
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Uri
X-Te-Duration-Ms
X-Http-Duration-Ms
X-Http-Count
X-Sentry-ID
X-Logging-Id
CountryCode
Req-ID
X-CacheKey
X-UA
X-Varnish-Authentication
X-HTML-Edge-Cache
FSS-Cache
X-B3-Parentspanid
X-Miniprofiler-Ids
X-Lb-Nocache
Ngx