Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
P3p
X-Drupal-Dynamic-Cache
X-CDN
X-Request-ID
X-AspNetMvc-Version
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
X-Age
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
Report-To
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
X-Ua-Compatible
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Pingback
NEL
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
X-Host
X-Server-Id
Accept-CH
Cf-Railgun
X-Node
X-Backend-Server
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Content-Location
Rating
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Country
X-B3-TraceId
X-Cloud-Trace-Context
Accept-CH-Lifetime
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-Vname
X-TtlSet
X-PC
Allow
X-Varnish-TTL
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-ESI
X-Server-Name
Fastly-Restarts
Cache-Tag
X-Aws-Lambda-Call-Status
X-FastCGI-Cache
Service-Worker-Allowed
X-VARITI-CCR
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-Vcap-Request-Id
X-GitHub-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Cached
X-Dw-Request-Base-Id
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-Px
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
RTSS
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Country-Code
Access-Control-Request-Method
X-Powered-By-Plesk
X-Exp-Id
X-Cdn-Fetch
X-NF-Request-ID
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Goog-Hash
X-Origin-Cache
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
AR-PoweredBy
AR-Request-ID
X-Powered-CMS
AR-SID
AR-CACHE
AR-ATIME
X-Version
X-Sol
Pagespeed
X-Middleton-Display
Display
Response
X-Middleton-Response
X-Amz-Server-Side-Encryption
Accept-Ch
X-LLID
X-MSEdge-Ref
X-TTL
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
Nginx-Cache
Mrf-Cache-Status
TCN
X-B3-TraceId-Primal
MRF-Tech
X-Protected-By
X-RateLimit-Remaining
X-Jurisdiction
X-T
X-HP-Webp
X-HP-Trace-Id
X-Forwarded-For
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Mg-S
X-Id
S
Content-MD5
Edge-Cache-Tag
X-Language
Fastcgi-Cache
SPRequestDuration
X-Mid
SPIisLatency
Front-End-Https
Realpath
X-CST
X-Recruiting
X-Request-Processing-Time
X-Request-Received
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-DynaTrace
Filters
Server-Node
X-MCACHE
Server-Name
X-Frontend
X-Content
X-Ab
X-Ua-Browser
X-Ruxit-Js-Agent
X-Correlation-Id
X-Ttl
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Ser
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-NWS-LOG-UUID
X-ECACHE
SPRequestGuid
X-Ezoic-Cdn
X-SharePointHealthScore
X-Template
X-Cache-Key
X-Hits
X-Parallel-Accel
Fusion-Component-Id
Alternate-Protocol
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
Cache-Tags
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
MicrosoftSharePointTeamServices
X-Page-Id
X-B3-Sampled
Cleartype
Charset
Host
X-Content-Options
X-Www-Served-By
X-Git-Hash
X-Geo-Country
X-DIS-Request-ID
X-Debug-Info
X-Amzn-Trace-Id
X-Daa-Tunnel
X-Hostname
X-Amz-Replication-Status
X-Content-Digest
X-Varnish-Age
X-Fastly-Request-Id
Filterid
X-Activity-Id
X-Ratelimit-Limit
X-Az
X-AppVersion
X-Upgrade-Enabled
X-VCache
X-Accel-Expires
X-FB-Debug
X-Forwarded-Proto
Cross-Origin-Opener-Policy
X-XRDS-LOCATION
X-N
X-Grace
X-Rid
X-Nginx-Upstream-Cache-Status
X-Origin-Server
TP-L2-Cache
X-WebKit-CSP-Report-Only
ServerID
Access-Control-Allow-Method
X-F-Cache
TP-Cache
X-Mobile-URL
X-Request-Guid
X-Route-Name
X-Providence-Cookie
X-LB-Cache
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-Server-ID
X-Whom
X-TT
X-Type
X-App-Environment
Viewport
X-Varnish-Grace
X-Seen-By
X-Goog-Stored-Content-Length
X-Tb
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Node
X-Distributor
X-FW-Hash
Payment
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Dynamic
X-FW-Serve
DC
Paypal-Debug-Id
X-App-Server
X-User-Agent
Fastcgi-Useragent
X-Wix-Request-Id
Country
X-DataDome
Accept-Charset
X-NGENIX-Cache
X-Cache-Control
X-Litespeed-Cache
X-Origin-Upstream-Status
X-Fastcgi-Cache
X-Cache-Rule
X-Fastly-Request-ID
X-Webkit-Csp
Version
X-Logged-In
X-Via-JSL
X-Webkit-CSP
X-Drupal-Cache-Tags
Referer-Policy
X-Request-Handler-Origin-Region
X-Microsite
X-Ratelimit-Reset
X-Tec-Api-Root
X-Cluster-Name
X-Tec-Api-Origin
X-Cache-Age
X-Tec-Api-Version
X-Signature
X-Erf-Bev-Bev-Is-Generated
X-B-Cache
X-Erf-Bev-Bev
X-Buckets
X-Browser-Type
Refresh
X-Contextid
Cache-Status
X-Load-Cache
X-Varnish-Backend
X-Original-Request-Id
X-Node-Name
VIX-Pulpo-Upstream-Status
SD-X-WS
X-Response-Served-From
VIX-Pulpo-Node
X-Page-View
X-Rendered-As
X-Cache-Expired-At
X-Vgn-Hpd-Reason
X-Is-Bot
X-Real-IP
X-Mobile
X-Cacheable-TTL
X-Jobs
X-Proxy-Cache-Status
NGB
Access-Control-Request-Headers
X-B
X-Debug
Amp-Access-Control-Allow-Source-Origin
X-Instance
X-Revision
X-Device-Type
X-IPLB-Instance
X-RemovedCookies
X-UUID
X-Rule
X-ProcessESI
X-Yottaa-Metrics
X-Proxy
X-Yottaa-Optimizations
Akamai-GRN
X-Drupal-Cache-Contexts
Surrogate-Key
X-Cache-Action
X-Debug-IsConnected
X-Cache-Time
X-Debug-IsPreview
X-Framework
X-FW-Version
X-G
X-Air-Hostname
CF-IPCountry
X-Air-Source
X-Air-Trace-Id
SID
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
DynaTrace
X-Azure-Ref
X-PressLabs-Stats
X-TEC-API-VERSION
X-TEC-API-ROOT
Liferay-Portal
X-Oneagent-Js-Injection
X-TEC-API-ORIGIN
X-Accel-Buffering
X-Nginx-Cache
X-Source
X-Ms-Request-Id
X-Ms-Version
GEO-INFO
Count-Hit
X-Presslabs-Stats
Uber-Trace-Id
Frame-Options
X-XRDS-Location
X-Cache-Operation
X-RTag
MS-CV
Ms-Operation-Id
X-Cache-NGX
Healthy
X-CDN-Forward
X-APP-VERSION
X-EdgeConnect-Cache-Status
X-Zen-Fury
Countrycode
Xserver
X-Cache-Hit
X-Environment-Context
X-Tumblr-Pixel-0
X-L-Path
X-Tumblr-User
X-Tumblr-Pixel-1
X-Varnish-Server
X-Tumblr-Pixel
X-Mode
X-Backend-Name
Ec-Rule-Version
Cross-Origin-Window-Policy
Protected
X-IPS-LoggedIn
X-RateLimit-Limit
X-Ratelimit-Remaining
X-Region
X-Cache-TTL-Remaining
X-Servername
X-Forwarded-Host
X-SaId
Meta-Geo
X-Tid
X-JoinUs
X-Rewrite-Enabled
X-Detected-As
X-RN-RSRV
X-UPSTREAM-Address
Backend
X-Extlb
X-Cache-Server
X-ShopId
Decoy-Debug-Status
Country-Code
Decoy-Debug-Key
LB
X-Generation-Time
X-Content-Age
Decoy-Debug-TTL
X-Debug-Cache
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Sql-Count
X-Hosted-By
X-Shopify-Stage
X-Adobe-Loc
X-Routing-Service
X-Zipkin-Id
X-Cache-Grace
X-Hyper-Cache
X-Redis-Cache
X-Uri
X-Sql-Duration-Ms
X-Adobe-Content
X-Proxied
Eomportal-Instance
X-ShardId
Apigw-Requestid
X-Alternate-Cache-Key
X-Content-Powered-By
X-ApacheServer
Url
Fastly-SSL
Mn-Server-Ip
X-PHP-Backend
X-Status
X-PERF
X-FB-TRIP-ID
X-Via-Fastly
X-Varnish-Beresp-Grace
X-Format
X-ServerID
X-Origin-Date
X-Site-Version
X-Human
X-NCache
Section-Io-Cache
Cache-Name
X-No-Session
Selected-Fe
TWC-Connection-Speed
X-Access
X-Microcachable
X-Storage
X-PCL
X-Section
Cache-Tv-Group
TWC-Device-Class
X-Timing-Wait
X-OCL
X-UA-Device-Type
Property-Id
X-Server-W
X-Cache-Host
X-BYPASS-REASON
X-Proxy-Build
X-Origin-Hint
X-NYM-Debug-Backend
X-Cluster-Node
X-Cache-Type
X-ProxyCache-Key
X-Akamai-Edgescape
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
X-Pubstack
X-ProxyCache-Status
Webcakes-Region
TWC-GeoIP-Country
Webcakes-App-Version
X-NewRelic-App-Data
CDN-CachedAt
CDN-Cache
CDN-EdgeStorageId
CDN-RequestId
CDN-Uid
X-Hl-Ver
CDN-PullZone
X-SayCDN-TTL
X-Varnishpool
X-R9-Blue-Green-Version
X-Web-Node
X-Say-Cacheable
X-Say-TTL
Content-Disposition
CDN-RequestCountryCode
Azure-SiteName
Azure-SlotName
Azure-RegionName
X-Soup
X-Generated-By
X-Be
Azure-Version
X-Azure-Ref-OriginShield
WPO-Cache-Message
DB-Nickname
WPO-Cache-Status
Content-Secure-Policy
Azure-InstanceId
X-Ua
X-Trace-Id
X-TIME
X-LSADC-Cache
OT-Force-Account-Verify
X-Nginx-Cache-Key
X-Cached-By
Source
X-Dc
SRV
X-TT-LOGID
Retry-After
X-Bc-Bl
Cache
X-Unique-Id
X-LAGOON
X-Auto-Login
X-SRV
X-Platform-Server
X-Cache-Remote
X-Cdn
Cache-Hits
X-Varnish-Hits
X-Xfnlog-Site
X-Akamai-Transformed
X-App-Version
X-TNCMS
X-Loop
X-Varnish-Hostname
X-Origin-CC
X-Origin-TTL
HostName
X-HTML-Minification-Powered-By
X-GEO
Onion-Location
X-S-Maxage
X-Cache-Tags
ServedBy
Xet-Cookie
Mime-Version
X-CSRF-Token
X-Amz-Meta-S3cmd-Attrs
X-Time
Upgrade-Insecure-Requests
X-Varnish-Cache-Hits
X-Request-Time
X-Tumblr-Pixel-3
Web-Mar-Node
X-Tumblr-Pixel-2
X-EC-Lua
From-Origin
Webserver
X-AOL-HN
X-Proto
WP-Super-Cache
X-Request-Host
N-Cache
X-ECache
X-Tenant
X-Endurance-Cache-Level
X-FireWall-Port
X-Cache-Var-Map
X-VWS-Id
X-B3-SpanId
X-Cache-Var
X-LJ-Flow-ID
X-AWS-Id
Nel
X-Cache-Enabled
X-Time-Microsecs
X-Correlation-ID
X-GG-Cache-Date
X-Edge-Location
X-Origin-Response-Time
X-Handled-By
X-NWS-UUID-VERIFY
Xc-Version
X-A-Wwc
X-SRCache-Key
X-Forwarded-Path
X-Vtex-Remote-Cache
X-Developer
X-External-Request-Id
X-Cache-NE
X-Slack-Backend
X-A-Dgt
X-Vtex-Processado-Em
X-A-Dcw
X-Ftr-Request-Id
X-Session-Fingerprint
X-VG-WebCache
X-Shop-Environment
X-Aed
X-Aicache-OS
X-V-Cache
X-Cluster
X-Conf
X-Ckpd-Fst-Backend
X-CF-Lambda-Version
X-Vdms-Version
X-Vdms-Path
X-Connection-Hash
X-D
X-SD-PageType
X-TIM-N
X-Application
X-Destination
X-ARC
X-B-Cookie
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
X-ScT
Expiry
Odigeo-Trace-Id
Mobile-Detection-Method
Pramga
X-ND-Cache
Rendered-Blocks
Redirect-Candidate
X-NAPM-TraceId
X-Processor
Meta-Geo-Continent
X-Orig-Expires
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
X-PBS-Appsvrname
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
DCR-Decision-By
X-Planisys-CDN-Rules
Sslversion
Surrogated-Key
X-S-Cookie
X-S
X-Hnp-Log
X-A
X-A-Ccd
X-A-Dam
X-Gen-Mode
X-Mg-Request-UUID
X-Ig-Push-State
User-Cache-Control
X-Via-NSCOPI
BehaviorPad-Version
X-Rojux
V-Age
X-Block-Status
Vix-Hermes-Req-Id
A
CloudFront-Viewer-Country
X-Amz-Apigw-Id
X-Amzn-RequestId
X-MP-GENERATED-AT
X-PHP-Host
X-Labrador-Cache-Channel
X-Men
State
X-RCS-CacheZone
Svr
X-LI-UUID
X-Request-URI
True-Client-Country-4JS
X-Location
X-Mvc-Supplant-Cachable
Origin
X-Old-Content-Length
X-Origin-Expires
X-Origin-Time
Fastcgi-Cache-TTL
Gh-Request-Id
Host-ID
X-Li-Pop
X-Proxy-Upstream
X-Nyt-Route
X-Policy
X-NodeID
Wxu-Next-Hostname
X-Webstats-RespID
X-Accel-Expires-Debug
X-Forwarded-Site
X-Sucuri-ID
X-Fastly-Cache
X-SVT-ORM-RULES
X-Cache-Bucket
X-Cache-Date
X-Date
X-SVT-ORM-VERSION
X-Backend-TTL
X-Epic-Correlation-Id
X-Hash
Wxu-Next-Region
X-Viewer-Country
Wxu-Next-Commit
X-Geo-Header
X-Scheme
X-Sucuri-Cache
X-Gdpr
X-Server-IP
X-Li-Fabric
X-Cdn-Srv
CacheControlHeader
X-Reqid
Arc-Country
Cmsid
AKAMAI
AMP-Access-Control-Allow-Source-Origin
X-Adobe-Source
DSUID
X-Magnolia-Registration
Cmstype
CDCHOST
Environment
X-Developers
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Apple-News-Services-Parsed-Url
X-Eu-Site
Apple-News-Services-Host
X-Esi-Check
X-Datadog-Parent-Id
Apple-News-Services-Request-Url
X-Envoy-Decorator-Operation
X-Device-Os
X-Cache-Info
X-Branch-Name
X-Cache-Debug
X-Backend-State
X-Origin
X-VG-TLSProxy
X-Rocket-Nginx-Serving-Static
X-Cache-Id
X-GeoIP-Region-Code
X-Fastly-Backend
X-Core-Mission
X-CGP
X-GeoIP-Country-Code
X-Cdn-Origin
X-Csrf-Jwt
X-VServer
X-RateLimit-Remaining-Second
X-Region-Sid
X-RateLimit-Limit-Second
X-Qnm-Cache
X-TH-Server
X-Platform
X-Storefront-Renderer-Rendered
X-Req
X-Served-From
X-Skip-Cache
X-Sn-Servicetimems
X-M-Log
X-Request-Start
X-M-Reqid
X-Owner
X-TrackingId
X-GeoIP-City
X-Gzip
X-GeoIP
X-Generated-On
X-Fetched-On
X-Gamma-Serve
X-HN
X-HS-Content-Campaign-Id
X-Varnish-Beresp-Status
X-UnsetCookies
X-VarnishDD-TTL
X-Locale
X-Irp-Debug
X-Level-Front-Cache
Apple-News-Services-Handled
X-Core-Value
Release
Origin-EX
Server-Host
Ssr
We-Hiring
Traceparent
Origin-CC
Mail-Subject
HA-Ipaddr
Ha-Gx-Prefs
L
L5d-Success-Class
Machine
Locid
Web-Mar-Region
PFcat
Server-Info
Fastly-Drupal-Html
X-Xrds-Location
X-Amzn-Remapped-Content-Length
X-Varnish-CookieINHashed-On
X-FC-Vary-Parameters
X-Thanos
X-Worker
X-Sigma-Backend
X-Pod-Name
Thinkindot-CacheControl
X-DefHash
TDXMobile
X-DPWN-IS-SECURE
X-Qloud-Router
Is-Eu
Platform
Memcached
X-Varnish-CookieHashed-On
NM-Fastcgi-Cache
X-VC-Cache
X-Node-Id
X-NU-AKA-ACS-Version
X-Varnish-Remaining-TTL
X-Zone
X-Variation
X-Has-Esi
X-DefElseHash
Cf-Device-Type
X-Is-Gdpr
X-JWT-State
X-Thinkindot-L3
X-Sigma
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Response-By
X-Bip
Req-Svc-Chain
S-Rt
X-BBC-Edge-Cache-Status
Fastly-GeoIP-CountryCode
X-ATG-Version
Thinkindot-CacheControl-Type
Adler-Geo
X-Rocket-Build-Number
Thinkindot-Control
Fastly-SIE
Fastly-SWR
X-Ua-Device
X-Varnish-Beresp-Ttl
Magicmarker
X-Loc
X-Mvc-Supplant-OutputCached
NGX
X-CLOUD-TRACE-CONTEXT
X-CS
X-Tx-Id
X-Http-Reason
X-API-Version
X-Cache-Config
X-Up
X-LB-ID
X-Restarts
X-NC
X-Akamai-Request-ID2
X-TraceId
X-CACHE-KEY
Ms-Author-Via
X-Trace-ID
Kp-EeAlive
CDN
Pics-Label
X-Generated-In
X-Wix-Viewer-Type
Time
X-RSL
X-DW
X-DSS
X-DI
Memory
X-RPM
X-Cache-Backend
Edge-Cache
X-Action
X-RPS
X-LB-NoCache
X-DB
X-Tb-Optimization-Total-Bytes-Saved
WebServer
X-Refresh
Datacenter
X-Optimistic-Header
X-Via-Poph
Env
X-Via-Popn
Candidate-Md5Url
X-Via-Popv
NtCoent-Length
X-Varnish-Ttl
X-Edge-Pop
X-Tt-Logid
Accept-Language
X-Datadome
GeoIp-Country-Code
X-CacheTTL
X-Minions-Version
X-DynaTrace-JS-Agent
X-Srv
WWW-Authenticate
X-DC
On-Server
X-Vc
X-HA-Backend
Esi-Enabled
X-Esi
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-MSEdge-Features
Server-ID
X-Unique-ID
X-ZONE
X-TX-ID
X-Servedbyhost
X-MSEdge-Flight
X-Cs
X-Parent-Response-Time
X-Varnish-Beresp-TTL
C-Via
X-User
X-Service
X-Ec-GeoHdr
X-Ec-Fail
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-Cache-PHP
X-VCL-Version
X-App
X-Li-Proto
X-Cache-Ttl
X-Dynatrace
X-URL
X-Fpc
X-LI-Proto
X-Webkit-Csp-Report-Only
Cdncip
X-Render-Time
Cdnsip
X-AK-Request-ID
Test
X-Cache-Status-Check
X-FPC
X-Traceid
X-LiteSpeed-Cache-Control
X-Fmm-Version
X-WADP-Cache
X-Vcl-Version
Geoip-Latitude
Cluster
Geo-Info
My-App
X-B3-Spanid
X-Clara-WADP
Proxy-Connection
X-NODE
X-Pass-Why
X-Webkit-CSP-Report-Only
X-Var-Ttl
X-CUA
Tracecode
Fastly-Drupal-HTML
X-Mcache
Resin-Trace
T-Server
Server-Id
X-From
M-TraceId
Cf-Int-Pingora-Origin-Digest
Lfy
DataCenter
Lang
X-Fragments
X-Clientip
X-Info
X-CSRF-TOKEN
X-AIR-PT
Target-Params
X-Geo
X-VC
UCS
X-Oss-Hash-Crc64ecma
X-ID
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-LiteSpeed-Tag
HIT
X-Ha-Backend
X-ServedByHost
Cache-Host
Hostname
MIME-Version
X-RAMCache
X-Pad
S-Cnection
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Hit
GeoIP-Country-Code
X-Dynatrace-Js-Agent
X-Via-PopN
X-Via-PopH
X-Via-PopV
X-Cdn-Forward
ENV
Tcn
X-Edge-POP
Ohc-File-Size
Permissions-Policy
X-HS-Status
X-Check-Cacheable
X-Micro-Cache
X-Httpd
Fastly-Backend-Name
X-NGINX-Cache
X-Proxy-Cache-Info
X-Provided-By
User-Agent
Section-Io-Origin-Status
X-Edge-Cache
Section-Io-Id
X-ElasticPress-Query
X-Api-Version
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Load-Balancing
Servername
WZWS-RAY
X-Fastly-Backend-Reqs
X-Ucs
Producers
X-ServerName
X-Backend-Host
X-BBC-Origin-Response-Status
X-Release
X-HostName
ServerName
X-GoCache-CacheStatus
PICS-Label
FSS-Cache
X-SB
X-APP
X-Cache-CFC
X-BCube-Filmed-By
Uri
URI
X-Lb-Nocache
X-UP
X-TRACE-ID
X-Lb-Id
X-Udemy-Cache-App-Namespace
Server-Ttl
Ohc-Cache-HIT
X-RateLimit-Reset
Cdn
X-Swift-Error
X-Pool
X-Acquia-Application-Trace
EpKe-Alive
X-Platform-Processor
X-Acquia-Application-UUID
Cteonnt-Length
X-Platform-Router
X-Nc
Cneonction
X-Platform-Cluster
X-Cdn-Request-ID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Fastly-Cache-Hits
X-Dw-Trace-Id
VNS-Cache
VNS-Age
X-Apw-Access-Action
Cache-Key
X-Apw-Access-Token
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Apw-Access-Object
X-Amz-Meta-Cb-Modifiedtime
X-Apw-Hits
X-Newrelic-App-Data
CF-Cached-On
X-Cache-ASPX
Shield-Pop
X-Contensis-Viewer-Groups
X-Snapshot-Date
X-Yottaa-OS
X-B3-ParentSpanId
X-Scale
Vha6-Origin
X-Ec-Custom-Error
X-Vcache
Cf-Ipcountry
CPC-Cache
X-WA
X-WA-Info
Path
Wpo-Cache-Status
Wpo-Cache-Message
CPC-Age
Sid
X-Air-Pt
X-Cache-Ngx
Lb
MD5-Digest
Server-Ext
IsBot
X-Shopify-Generated-Cart-Token
X-Varnish-Authentication
X-CacheKey
Server-Hostname
Sever-Int
X-IN-APIGATEWAYSSL
X-SIPLIST1
X-IN-APIGATEWAY
X-Dispatcher-Number
X-B3-Parentspanid
X-Cache-Expires
X-UA
X-Akamai-Pragma-Client-IP
X-Sentry-ID
X-Te-Count
Ngx
X-Last-Modified
X-Http-Count
X-Logging-Id
X-ES-SERVER
X-Wikidot-Backend
X-Akamai-Request-ID
X-Te-Duration-Ms
Req-ID
CountryCode
X-Wikidot-Static-Cache
X-Http-Duration-Ms