Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
P3p
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
X-Age
Report-To
X-Proxy-Cache
X-Server-Powered-By
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
NEL
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dns-Prefetch-Control
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
X-Host
X-Server-Id
Accept-CH
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
Rating
X-Country
X-B3-TraceId
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-Vname
X-TtlSet
X-PC
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Server-Name
X-ESI
Fastly-Restarts
X-Aws-Lambda-Call-Status
Cache-Tag
X-FastCGI-Cache
X-VARITI-CCR
Service-Worker-Allowed
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Upstream
MS-Author-Via
X-Vcap-Request-Id
X-MS-InvokeApp
X-GitHub-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Client-IP
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Px
RTSS
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Powered-By-Plesk
X-NF-Request-ID
X-Goog-Hash
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Origin-Cache
AR-ATIME
AR-PoweredBy
AR-CACHE
AR-SID
X-Powered-CMS
AR-Request-ID
X-Sol
X-Version
Pagespeed
Display
X-Middleton-Display
X-Middleton-Response
Response
X-TTL
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-Kinsta-Cache
X-Edge-Location-Klb
Nginx-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Accept-Ch
X-Edge
MRF-Tech
X-B3-TraceId-Primal
TCN
Mrf-Cache-Status
X-Protected-By
X-T
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Shield-Request-Id
X-RateLimit-Remaining
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Id
S
Content-MD5
Edge-Cache-Tag
X-Aspnetmvc-Version
X-CST
SPRequestDuration
X-Language
Fastcgi-Cache
SPIisLatency
X-Mid
Front-End-Https
Realpath
X-Recruiting
X-Request-Processing-Time
X-Request-Received
Pinterest-Version
Filters
Pinterest-Generated-By
X-Pinterest-Rid
Server-Node
X-MCACHE
Server-Name
X-Frontend
X-Content
X-Ab
X-Ua-Browser
X-DynaTrace
X-Correlation-Id
X-Ser
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Ttl
X-Ezoic-Cdn
SPRequestGuid
X-SharePointHealthScore
X-Template
X-Hits
X-ECACHE
X-Parallel-Accel
X-Cache-Key
Alternate-Protocol
X-Tt-Trace-Tag
X-Tt-Trace-Host
MicrosoftSharePointTeamServices
Cache-Tags
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
X-Kong-Upstream-Latency
X-Page-Id
X-Kong-Proxy-Latency
Cleartype
X-B3-Sampled
Host
Charset
X-Git-Hash
X-Www-Served-By
X-Content-Options
X-Geo-Country
X-Debug-Info
X-Daa-Tunnel
X-DIS-Request-ID
X-Amzn-Trace-Id
X-Ratelimit-Limit
X-Fastly-Request-Id
X-Hostname
X-Content-Digest
X-Amz-Replication-Status
X-Varnish-Age
X-XRDS-LOCATION
Filterid
X-Az
X-Activity-Id
X-AppVersion
X-FB-Debug
X-VCache
X-Upgrade-Enabled
Cross-Origin-Opener-Policy
X-Accel-Expires
X-Grace
X-WebKit-CSP-Report-Only
X-N
X-Forwarded-Proto
X-Origin-Server
X-F-Cache
X-Rid
ServerID
X-Nginx-Upstream-Cache-Status
Access-Control-Allow-Method
TP-Cache
TP-L2-Cache
X-Mobile-URL
X-Route-Name
X-Request-Guid
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-Providence-Cookie
X-LB-Cache
X-Whom
X-TT
Viewport
X-Seen-By
X-Varnish-Grace
X-App-Environment
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Tb
X-Goog-Stored-Content-Length
X-Type
X-GUploader-UploadID
X-FW-Hash
X-FW-Dynamic
Node
X-FW-Serve
X-Distributor
X-FW-Static
Payment
X-FW-Server
X-FW-Type
DC
X-Server-ID
Paypal-Debug-Id
X-User-Agent
X-App-Server
Fastcgi-Useragent
X-Wix-Request-Id
Country
Accept-Charset
X-Cache-Control
X-NGENIX-Cache
X-DataDome
X-Cache-Rule
X-Origin-Upstream-Status
X-Litespeed-Cache
X-Fastcgi-Cache
Version
X-Ratelimit-Reset
X-Logged-In
X-Microsite
X-Request-Handler-Origin-Region
X-Via-JSL
Referer-Policy
X-Drupal-Cache-Tags
X-Fastly-Request-ID
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Webkit-Csp
X-Cluster-Name
X-Cache-Age
X-Webkit-CSP
X-Signature
X-B-Cache
X-Contextid
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Buckets
X-Erf-Bev-Bev
Refresh
X-Load-Cache
Cache-Status
X-Varnish-Backend
X-Response-Served-From
VIX-Pulpo-Node
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
X-Node-Name
SD-X-WS
X-Vgn-Hpd-Reason
X-Is-Bot
X-Rendered-As
X-Mobile
X-Cache-Expired-At
X-Page-View
X-Real-IP
X-B
NGB
X-Debug
X-Cacheable-TTL
X-Jobs
Access-Control-Request-Headers
X-Proxy-Cache-Status
X-Revision
X-Instance
X-IPLB-Instance
X-RemovedCookies
X-Yottaa-Optimizations
X-Proxy
X-UUID
X-ProcessESI
X-Yottaa-Metrics
X-Rule
X-Device-Type
X-Cache-Action
X-Drupal-Cache-Contexts
Surrogate-Key
Akamai-GRN
X-Cache-Time
X-Debug-IsPreview
X-Framework
X-Debug-IsConnected
X-FW-Version
Amp-Access-Control-Allow-Source-Origin
X-G
CF-IPCountry
X-Air-Hostname
SID
X-Air-Source
X-Air-Trace-Id
DynaTrace
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Azure-Ref
X-Accel-Buffering
X-Nginx-Cache
X-Presslabs-Stats
Liferay-Portal
GEO-INFO
X-PressLabs-Stats
X-Source
Count-Hit
X-Ms-Version
X-Ratelimit-Remaining
X-Ms-Request-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Uber-Trace-Id
X-Oneagent-Js-Injection
X-Cache-Operation
Frame-Options
X-Cache-NGX
X-RTag
Ms-Operation-Id
MS-CV
Healthy
X-APP-VERSION
X-EdgeConnect-Cache-Status
X-Zen-Fury
X-XRDS-Location
X-Cache-Hit
X-CDN-Forward
Protected
Countrycode
X-Backend-Name
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Mode
X-Tumblr-Pixel-1
X-Varnish-Server
Xserver
X-Tumblr-User
X-Environment-Context
X-L-Path
Cross-Origin-Window-Policy
Ec-Rule-Version
X-IPS-LoggedIn
X-Cache-TTL-Remaining
X-Servername
X-Forwarded-Host
X-Tid
X-Detected-As
Meta-Geo
X-Region
X-JoinUs
Backend
X-UPSTREAM-Address
X-RN-RSRV
X-Adobe-Content
X-Rewrite-Enabled
X-Adobe-Loc
X-RateLimit-Limit
X-Hyper-Cache
X-SaId
Section-Io-Cache
X-Debug-Cache
LB
X-Redis-Cache
Country-Code
X-Shopify-Stage
X-Hosted-By
X-ShopId
Decoy-Debug-Key
X-ShardId
X-Cache-Server
X-Extlb
X-Generation-Time
X-Content-Age
X-Cache-Grace
Apigw-Requestid
X-Uri
X-Routing-Service
Decoy-Debug-TTL
X-Proxied
Eomportal-Instance
X-Sql-Count
X-Sql-Duration-Ms
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Content-Powered-By
X-Alternate-Cache-Key
Decoy-Debug-Status
X-Zipkin-Id
Url
X-ApacheServer
Fastly-SSL
X-Origin-Date
X-PHP-Backend
X-PERF
X-Via-Fastly
Cache-Name
X-Site-Version
X-ServerID
X-No-Session
X-Varnish-Beresp-Grace
X-FB-TRIP-ID
X-NCache
X-Human
X-Format
X-Microcachable
X-Storage
Mn-Server-Ip
X-Timing-Wait
Selected-Fe
Property-Id
X-OCL
X-PCL
X-Cache-Type
Cache-Tv-Group
X-Origin-Hint
X-Cache-Host
X-Server-W
X-Status
TWC-Connection-Speed
TWC-Device-Class
X-ProxyCache-Key
X-UA-Device-Type
Webcakes-App-Version
Webcakes-Region
X-Proxy-Build
X-Akamai-Edgescape
X-ProxyCache-Status
X-Pubstack
TWC-GeoIP-Country
X-NYM-Debug-Backend
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
X-Cluster-Node
X-BYPASS-REASON
Webcakes-App-Name
X-NewRelic-App-Data
Content-Disposition
X-Say-Cacheable
X-Say-TTL
X-Hl-Ver
X-Section
X-Access
X-Web-Node
X-Trace-Id
X-R9-Blue-Green-Version
CDN-Uid
X-Varnishpool
CDN-Cache
X-SayCDN-TTL
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
Azure-SiteName
X-Azure-Ref-OriginShield
Azure-SlotName
X-TIME
Content-Secure-Policy
Azure-InstanceId
X-Generated-By
Azure-Version
X-Soup
X-Be
Azure-RegionName
X-Ua
DB-Nickname
X-LSADC-Cache
WPO-Cache-Message
WPO-Cache-Status
OT-Force-Account-Verify
X-Dc
Retry-After
X-Nginx-Cache-Key
X-Cached-By
X-TT-LOGID
X-Bc-Bl
SRV
Source
X-Unique-Id
Cache
X-SRV
X-Platform-Server
X-LAGOON
X-Auto-Login
X-Cache-Remote
X-Xfnlog-Site
Cache-Hits
X-Akamai-Transformed
X-Varnish-Hits
HostName
X-GEO
X-Loop
ServedBy
X-HTML-Minification-Powered-By
X-Cache-Tags
X-ECache
X-Varnish-Hostname
X-Origin-CC
X-TNCMS
X-Origin-TTL
Mime-Version
X-CSRF-Token
X-App-Version
Onion-Location
X-Cdn
X-S-Maxage
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
X-Amz-Meta-S3cmd-Attrs
From-Origin
X-Request-Time
Xet-Cookie
Web-Mar-Node
X-Tumblr-Pixel-3
Webserver
X-Tumblr-Pixel-2
X-AOL-HN
WP-Super-Cache
X-Time
X-Request-Host
X-Proto
X-EC-Lua
X-B3-SpanId
N-Cache
X-Tenant
X-NWS-UUID-VERIFY
X-Endurance-Cache-Level
X-Cache-Enabled
X-VWS-Id
X-FireWall-Port
X-AWS-Id
X-LJ-Flow-ID
X-Time-Microsecs
X-Handled-By
X-GG-Cache-Date
AMP-Access-Control-Allow-Source-Origin
X-Cache-Var
X-Cache-Var-Map
X-Edge-Location
X-Origin-Response-Time
X-Ig-Push-State
X-A-Ccd
X-NAPM-TraceId
X-ND-Cache
V-Age
Vix-Hermes-Req-Id
X-A-Dcw
X-A-Dam
X-A
X-Orig-Expires
X-A-Dgt
User-Cache-Control
X-A-Wwc
X-CF-Lambda-Version
X-Application
Meta-Geo-Continent
X-Ckpd-Fst-Backend
X-Cluster
X-D
X-Connection-Hash
X-Conf
Mobile-Detection-Method
X-CF-Lambda-Fn
Redirect-Candidate
Rendered-Blocks
X-B-Cookie
Pramga
X-Block-Status
Odigeo-Trace-Id
X-Cache-NE
X-Destination
Fastcgi-X-Cache-Version
X-Forwarded-Path
X-External-Request-Id
X-ARC
BehaviorPad-Version
X-Ftr-Request-Id
X-Gen-Mode
A
DCR-Decision-By
X-Aed
Expiry
Sslversion
X-PAYTM-SRV-ID
X-Developer
X-Aicache-OS
DCR-Processing-Time-Ms
Surrogated-Key
X-Hnp-Log
X-Planisys-CDN-Cache
X-Via-NSCOPI
X-S
X-Correlation-ID
X-S-Cookie
X-Vtex-Processado-Em
X-Vdms-Path
X-Vdms-Version
X-SRCache-Key
X-Slack-Backend
X-VG-WebCache
X-Mg-Request-UUID
X-Rojux
Xc-Version
X-ScT
X-Shop-Environment
X-Vtex-Remote-Cache
X-TIM-N
X-PBS-Appsvrname
X-Session-Fingerprint
X-Planisys-CDN-Rules
Nel
X-Processor
X-SD-PageType
X-V-Cache
X-Planisys-CDN-TTL
X-Reqid
X-Magnolia-Registration
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Adobe-Source
X-PHP-Host
X-Labrador-Cache-Channel
CloudFront-Viewer-Country
X-MP-GENERATED-AT
X-Fastly-Cache
X-Sucuri-ID
X-Cache-Date
CacheControlHeader
X-SVT-ORM-RULES
X-Cdn-Srv
X-Forwarded-Site
Origin
X-SVT-ORM-VERSION
Host-ID
CDCHOST
X-Origin-Time
X-Viewer-Country
Fastcgi-Cache-TTL
Arc-Country
X-Date
Cmstype
X-Cache-Bucket
X-Sucuri-Cache
Gh-Request-Id
Cmsid
DSUID
X-Gdpr
X-Nyt-Route
X-Li-Fabric
X-Li-Pop
AKAMAI
Wxu-Next-Commit
X-Old-Content-Length
X-RCS-CacheZone
X-LI-UUID
Wxu-Next-Region
X-Mvc-Supplant-Cachable
X-NodeID
X-Men
X-Proxy-Upstream
Wxu-Next-Hostname
X-Location
X-Policy
True-Client-Country-4JS
X-Geo-Header
X-Accel-Expires-Debug
X-Scheme
Svr
X-Webstats-RespID
X-Server-IP
State
X-Origin-Expires
X-Backend-TTL
X-Epic-Correlation-Id
X-Request-URI
X-Hash
Environment
X-Cache-Id
X-Varnish-Beresp-Status
X-VarnishDD-TTL
X-Rocket-Nginx-Serving-Static
X-GeoIP-Country-Code
X-Cache-Info
X-VServer
X-Backend-State
X-GeoIP-Region-Code
X-Branch-Name
X-VG-TLSProxy
X-Origin
X-Cache-Debug
X-Eu-Site
X-HN
X-Request-Start
X-HS-Content-Campaign-Id
X-Gzip
X-GeoIP-City
X-Gamma-Serve
X-Generated-On
X-GeoIP
X-Req
X-Region-Sid
X-Locale
X-Platform
Web-Mar-Region
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Irp-Debug
X-Level-Front-Cache
X-Served-From
X-Fetched-On
X-Core-Value
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Core-Mission
X-CGP
X-TrackingId
X-TH-Server
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Esi-Check
X-Skip-Cache
X-Fastly-Backend
X-Envoy-Decorator-Operation
X-Sn-Servicetimems
X-Storefront-Renderer-Rendered
X-Device-Os
X-UnsetCookies
X-Cdn-Origin
Server-Info
PFcat
Machine
Ssr
Server-Host
Fastly-Drupal-Html
Origin-EX
Origin-CC
Release
L5d-Success-Class
Mail-Subject
Ha-Gx-Prefs
Traceparent
We-Hiring
L
HA-Ipaddr
X-CACHE-KEY
S-Rt
X-Node-Id
X-NU-AKA-ACS-Version
X-Owner
X-DefElseHash
X-DefHash
X-JWT-State
X-FC-Vary-Parameters
X-DPWN-IS-SECURE
X-Developers
Adler-Geo
X-Is-Gdpr
X-Has-Esi
Cf-Device-Type
X-Rebelmouse-Cache-Control
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Worker
Fastly-GeoIP-CountryCode
Req-Svc-Chain
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-BBC-Edge-Cache-Status
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Rebelmouse-Surrogate-Control
Fastly-SIE
X-VC-Cache
X-Qloud-Router
X-Response-By
X-Qnm-Cache
X-Variation
X-Thinkindot-L3
X-M-Log
X-M-Reqid
X-Pod-Name
X-Varnish-CookieHashed-On
X-ATG-Version
Platform
NM-Fastcgi-Cache
Memcached
X-Amzn-Remapped-Content-Length
TDXMobile
Fastly-SWR
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Locid
Thinkindot-Control
Is-Eu
X-CS
X-Xrds-Location
X-Bip
X-Http-Reason
X-Zone
X-Loc
X-Mvc-Supplant-OutputCached
X-Thanos
NGX
X-Akamai-Request-ID2
X-Ua-Device
X-Varnish-Beresp-Ttl
X-NC
X-LB-ID
X-CLOUD-TRACE-CONTEXT
X-Up
X-API-Version
Magicmarker
X-Restarts
X-TraceId
X-Tx-Id
CDN
Kp-EeAlive
X-Datadome
X-Generated-In
X-Cache-Config
Edge-Cache
X-Wix-Viewer-Type
X-RSL
Time
X-Cache-Backend
Pics-Label
X-Action
Ms-Author-Via
X-RPS
Memory
X-DB
X-DI
X-RPM
X-DSS
X-Trace-ID
X-DW
X-Tb-Optimization-Total-Bytes-Saved
Accept-Language
X-Via-Poph
X-Via-Popn
X-Refresh
X-Optimistic-Header
X-Edge-Pop
Env
X-Via-Popv
X-LB-NoCache
Datacenter
WebServer
X-CacheTTL
GeoIp-Country-Code
Candidate-Md5Url
X-Minions-Version
X-Varnish-Ttl
NtCoent-Length
X-Tt-Logid
X-HA-Backend
X-Srv
X-DynaTrace-JS-Agent
WWW-Authenticate
Locale
On-Server
X-Urbn-Site-Id
X-Vc
X-DC
X-Urbn-Context-Path
X-ZONE
X-TX-ID
X-Esi
X-Varnish-Beresp-TTL
X-MSEdge-Features
Esi-Enabled
X-MSEdge-Flight
X-Parent-Response-Time
X-Ec-GeoHdr
X-Dynatrace
X-Ec-Fail
X-User
Server-ID
X-Unique-ID
X-Servedbyhost
X-Cs
C-Via
X-Service
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-Cache-PHP
X-Li-Proto
X-AK-Request-ID
X-VCL-Version
X-App
Cdncip
Cdnsip
X-Cache-Ttl
X-FPC
X-URL
X-Clara-WADP
My-App
X-Vcl-Version
Cluster
Geoip-Latitude
X-Fmm-Version
X-Render-Time
X-Fpc
X-Webkit-Csp-Report-Only
X-LI-Proto
Test
X-Cache-Status-Check
X-WADP-Cache
X-Traceid
X-LiteSpeed-Cache-Control
Tracecode
X-Var-Ttl
X-B3-Spanid
Geo-Info
X-CUA
X-NODE
X-Webkit-CSP-Report-Only
Proxy-Connection
X-Pass-Why
T-Server
X-From
Lfy
Cf-Int-Pingora-Origin-Digest
DataCenter
Server-Id
Fastly-Drupal-HTML
X-Mcache
M-TraceId
Lang
Resin-Trace
X-Fragments
X-VC
X-ServedByHost
X-LiteSpeed-Tag
X-Clientip
Target-Params
X-Info
X-CSRF-TOKEN
X-AIR-PT
X-Ha-Backend
X-WP-CF-Super-Cache
UCS
Cache-Host
X-Oss-Server-Time
X-Oss-Storage-Class
X-Geo
X-ID
X-WP-CF-Super-Cache-Cache-Control
X-Oss-Request-Id
X-Oss-Object-Type
HIT
X-Oss-Hash-Crc64ecma
Hostname
MIME-Version
X-Cdn-Forward
GeoIP-Country-Code
Hit
X-Pad
S-Cnection
X-RAMCache
X-Provided-By
X-Dynatrace-Js-Agent
X-Httpd
X-Proxy-Cache-Info
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-Edge-POP
Permissions-Policy
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Tcn
Ohc-File-Size
Section-Io-Origin-Status
Section-Io-Id
ENV
Fastly-Backend-Name
User-Agent
X-Edge-Cache
X-Micro-Cache
X-NGINX-Cache
Load-Balancing
X-Api-Version
Producers
X-Check-Cacheable
X-HS-Status
X-ElasticPress-Query
WZWS-RAY
X-Cache-CFC
X-SB
X-Lb-Nocache
X-Ucs
PICS-Label
X-Backend-Host
X-ServerName
Servername
ServerName
X-Fastly-Backend-Reqs
X-Release
X-BBC-Origin-Response-Status
X-HostName
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-UP
X-BCube-Filmed-By
Wpo-Cache-Message
X-Acquia-Purge-Tags
URI
X-Acquia-Site
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Pool
X-Udemy-Cache-App-Namespace
Uri
FSS-Cache
X-APP
Wpo-Cache-Status
X-GoCache-CacheStatus
X-TRACE-ID
X-Nc
X-Ec-Custom-Error
Cteonnt-Length
Cdn
X-Fastly-Cache-Hits
Ohc-Cache-HIT
Server-Ttl
X-Swift-Error
X-RateLimit-Reset
X-Cdn-Request-ID
X-Lb-Id
EpKe-Alive
Cneonction
X-Scale
X-Dw-Trace-Id
X-B3-ParentSpanId
VNS-Cache
X-Amz-Meta-Cb-Modifiedtime
IsBot
MD5-Digest
Server-Hostname
Server-Ext
CF-Cached-On
X-Litespeed-Cache-Control
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Shield-Pop
CPC-Age
Cache-Key
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Snapshot-Date
X-Cache-Expires
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Sever-Int
X-SIPLIST1
X-Vcache
X-WA-Info
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Dispatcher-Number
X-Apw-Access-Action
Vha6-Origin
Path
X-B3-Parentspanid
VNS-Age
X-Newrelic-App-Data
CPC-Cache
Cf-Ipcountry
X-Yottaa-OS
X-WA
Lb
X-Cache-Ngx
Sid
X-Air-Pt
X-Shopify-Generated-Cart-Token
X-Te-Count
X-CacheKey
X-Wikidot-Backend
X-Akamai-Pragma-Client-IP
Ngx
X-Sentry-ID
CountryCode
Req-ID
X-Http-Count
X-Http-Duration-Ms
X-Wikidot-Static-Cache
X-UA
X-Varnish-Authentication
X-ES-SERVER
X-Last-Modified
X-Logging-Id
X-Te-Duration-Ms
X-Akamai-Request-ID