Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
CF-Cache-Status
Link
CF-RAY
ETag
Pragma
Expect-CT
X-XSS-Protection
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Runtime
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-Iinfo
Feature-Policy
X-Content-Security-Policy
X-Envoy-Upstream-Service-Time
Content-Encoding
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CONTENT-TYPE-OPTIONS
X-AspNetMvc-Version
X-CDN
Upgrade
X-Via
X-XSS-PROTECTION
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Ws-Request-Id
X-Cache-Group
X-Dns-Prefetch-Control
X-Turbo-Charged-By
Keep-Alive
X-Akamai-Path-Stats
X-Backend
Request-Context
EagleId
X-Age
X-Robots-Tag
X-Server
X-AH-Environment
X-Amz-Request-Id
X-UA-Device
Host-Header
X-Proxy-Cache
X-Amz-Id-2
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Dispatcher
Allow
X-Ua-Compatible
CONTENT-SECURITY-POLICY
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Nginx-Cache-Status
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-OneAgent-JS-Injection
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-Aws-Lambda-Call-Status
X-CST
X-Pingback
Request-Id
Surrogate-Control
Cf-Edge-Cache
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
Accept-CH-Lifetime
X-Application-Context
Content-Location
X-ASPNET-VERSION
Rating
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-Trace
X-EdgeConnect-Origin-MEX-Latency
X-Url
Fastly-Restarts
X-Country
Accept-Ch
X-MS-InvokeApp
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-Rack-Cache
X-Mod-Pagespeed
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
RTSS
Edge-Control
X-VARITI-CCR
X-Server-Name
X-ESI
X-Amz-Server-Side-Encryption
X-Varnish-TTL
Cache-Tag
X-B3-TraceId
X-Content-Type
X-Vcap-Request-Id
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
X-Amz-Rid
X-Dw-Request-Base-Id
X-Px
Public-Key-Pins
X-Cnection
X-FastCGI-Cache
X-Edge
X-D2id
X-Ac
X-Ser
X-Navigation-Version
X-Element-Page-Cache
Verso
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
X-Sol
Pagespeed
X-Middleton-Display
Display
X-RateLimit-Remaining
X-Version
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Country-Code
X-Ttl
Service-Worker-Allowed
X-Cache-TTL
X-Content-Security-Policy-Report-Only
X-Middleton-Response
X-NF-Request-ID
Response
X-Goog-Hash
Access-Control-Request-Method
SPRequestDuration
X-Correlation-Id
SPIisLatency
X-Kinsta-Cache
X-Cached
AR-PoweredBy
AR-Request-ID
AR-SID
AR-CACHE
AR-ATIME
X-Edge-Location-Klb
SPRequestGuid
X-SharePointHealthScore
X-Ruxit-Js-Agent
X-Powered-CMS
X-Upstream
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-LLID
Edge-Cache-Tag
X-NWS-LOG-UUID
X-Forwarded-For
X-Cache-Key
Nginx-Cache
X-Litespeed-Cache
Content-MD5
X-TTL
X-MSEdge-Ref
X-RateLimit-Limit
X-Shield-Request-Id
X-Id
MRF-Tech
Mrf-Cache-Status
TCN
X-T
X-Recruiting
S
X-B3-TraceId-Primal
X-ECACHE
X-Daa-Tunnel
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Content-Digest
X-WebKit-CSP-Report-Only
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Mg-S
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Ua-Device
X-DataDome
X-Accel-Expires
X-Grace
X-Protected-By
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
MicrosoftSharePointTeamServices
MS-Author-Via
X-Frontend
X-Ezoic-Cdn
X-DynaTrace
X-Ab
X-Request-Received
X-Request-Processing-Time
X-Ua-Browser
TP-Cache
TP-L2-Cache
X-Content
X-Yandex-Sdch-Disable
Server-Node
Filters
Front-End-Https
X-PressLabs-Stats
X-Origin-Server
X-Distributor
X-Server-ID
Fastcgi-Cache
X-ORACLE-DMS-ECID
X-Geo-Country
X-Mid
X-Hits
X-ORACLE-DMS-RID
X-Request-Handler-Origin-Region
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-LB-Cache
X-Microsite
X-Amzn-Trace-Id
Charset
X-Oneagent-Js-Injection
X-Debug-Info
Host
X-Webkit-Csp
Cleartype
X-Page-Id
X-Fastly-Request-Id
Cross-Origin-Opener-Policy
X-Git-Hash
X-F-Cache
X-Ratelimit-Reset
X-B3-Sampled
X-Forwarded-Proto
X-Cache-Age
X-DIS-Request-ID
Realpath
X-Mcache
Cache-Status
X-Seen-By
Access-Control-Allow-Method
X-Www-Served-By
X-Activity-Id
X-AppVersion
X-Az
ServerID
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Webkit-CSP
Accept-Charset
Filterid
Cache-Tags
X-Varnish-Age
X-Cluster-Name
X-Nginx-Upstream-Cache-Status
X-Aspnetmvc-Version
X-Content-Options
X-Rid
X-Type
Retry-After
X-Language
X-FB-Debug
X-App-Environment
Server-Name
X-Kong-Upstream-Latency
Country
X-Kong-Proxy-Latency
X-User-Agent
X-Varnish-Backend
X-Tb
Viewport
X-Drupal-Cache-Tags
X-Upgrade-Enabled
DC
Node
X-Varnish-Grace
Paypal-Debug-Id
X-B-Cache
X-Wix-Request-Id
X-TT
X-Whom
X-Signature
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
X-Oracle-Dms-Ecid
X-Goog-Storage-Class
Permissions-Policy
X-Origin-Cache
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Route-Name
X-B
X-VCache
X-Request-Guid
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-Providence-Cookie
X-Mobile-URL
X-Oracle-Dms-Rid
X-MCACHE
X-NWS-UUID-VERIFY
Protected
X-Debug
Fastcgi-Useragent
X-XRDS-LOCATION
X-Amz-Meta-S3cmd-Attrs
X-Amz-Replication-Status
X-N
X-Cache-NGX
X-Logged-In
Payment
X-Via-JSL
WPO-Cache-Status
X-Load-Cache
Surrogate-Key
WPO-Cache-Message
X-Cache-Control
X-XRDS-Location
Amp-Access-Control-Allow-Source-Origin
X-Contextid
Count-Hit
Healthy
X-Node-Name
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-FW-Server
X-FW-Serve
X-FW-Static
X-FW-Type
X-FW-Hash
X-Mobile
X-FW-Dynamic
X-Template
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
X-Midtier
Refresh
X-Restarts
Alternate-Protocol
X-NGENIX-Cache
X-Proxy
Akamai-GRN
X-Cache-Time
X-Jobs
X-Revision
Url
X-G
Content-Disposition
Uber-Trace-Id
X-Real-IP
X-UUID
X-Akamai-Request-ID2
X-Zen-Fury
X-Framework
X-Adobe-Content
VIX-Pulpo-Upstream-Status
X-Proxy-Cache-Status
X-Cache-TTL-Remaining
X-Rendered-As
X-Debug-IsConnected
NGB
X-Servername
X-Is-Bot
X-Drupal-Cache-Contexts
X-Device-Type
X-Cacheable-TTL
VIX-Pulpo-Node
X-Debug-IsPreview
X-Adobe-Loc
X-Yottaa-Metrics
X-Instance
X-Yottaa-Optimizations
X-Http-Reason
X-Trace-Id
X-Hostname
Access-Control-Request-Headers
X-Page-View
X-Cache-Grace
X-Varnish-Server
X-Mg-Request-UUID
X-IPLB-Instance
X-Environment-Context
X-L-Path
Version
X-Source
X-COUNTRY
X-EdgeConnect-Cache-Status
X-ECache
X-HTML-Minification-Powered-By
X-B3-Traceid
Accept-Language
X-RTag
Frame-Options
MS-CV
Ms-Operation-Id
Countrycode
X-Fastly-Request-ID
From-Origin
X-Datadome
X-Cache-Hit
X-Cache-Expired-At
X-NYM-Debug-Backend
Liferay-Portal
X-Cache-Rule
X-Fastcgi-Cache
Referer-Policy
X-Vgn-Hpd-Reason
X-Ratelimit-Remaining
X-App-Server
Cross-Origin-Window-Policy
Backend
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-IPS-LoggedIn
X-FW-Version
X-APP-VERSION
Content-Secure-Policy
X-Hosted-By
X-Unique-Id
Upgrade-Insecure-Requests
X-UPSTREAM-Address
Meta-Geo
X-Cache-Server
X-RN-RSRV
X-Ratelimit-Limit
X-Nginx-Cache
X-OCL
X-Generation-Time
Section-Io-Cache
X-Redis-Cache
X-PCL
X-FB-TRIP-ID
X-Cache-Enabled
X-No-Session
X-Ua
WP-Super-Cache
Webcakes-App-Name
X-Origin-Hint
X-PHP-Backend
X-Via-Fastly
X-Origin-Date
X-Format
X-Be
X-Cluster-Node
X-ProcessESI
X-Varnish-Cache-Hits
X-Request-Time
X-Server-W
X-Section
X-UA-Device-Type
X-Uri
X-Region
X-RemovedCookies
X-AOL-HN
X-Akamai-Edgescape
Azure-Version
Mn-Server-Ip
Property-Id
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
TWC-Connection-Speed
TWC-Device-Class
Webcakes-Region
X-Access
Webcakes-App-Version
TWC-Privacy
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Apigw-Requestid
TWC-Locale-Group
X-NewRelic-App-Data
CF-IPCountry
X-Mode
X-BYPASS-REASON
X-Cache-Host
X-Sql-Duration-Ms
X-Debug-Cache
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Sql-Count
X-ApacheServer
X-Storage
S-Rt
Locale
X-SayCDN-TTL
X-Say-TTL
X-PHP-Host
X-Labrador-Cache-Channel
X-Say-Cacheable
X-Parallel-Accel
X-Content-Powered-By
X-Nginx-Cache-Key
X-ProxyCache-Key
X-Xfnlog-Site
X-PERF
Fastly-SSL
X-Human
X-ProxyCache-Status
X-Generated-By
X-Content-Age
Eomportal-Instance
X-Zipkin-Id
X-Web-Node
X-Proxied
X-Adobe-Source
X-AWS-Id
X-Varnishpool
X-LJ-Flow-ID
X-Backend-Name
X-Hl-Ver
X-JoinUs
X-ServerID
X-Platform-Server
X-Extlb
X-Detected-As
X-Cache-Type
X-Locale
X-Forwarded-Host
X-SaId
X-VC-Cache
X-Routing-Service
X-Cms-Context
X-Cache-Tags
X-VWS-Id
X-Alternate-Cache-Key
Cache-Tv-Group
X-Status
X-ShopId
X-ShardId
X-Site-Version
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Tid
X-Cache-Action
X-GG-Cache-Date
X-Handled-By
Ec-Rule-Version
CDN-CachedAt
CDN-Cache
CDN-Uid
CDN-EdgeStorageId
CDN-RequestId
CDN-PullZone
Load-Balancing
CDN-RequestCountryCode
X-Timing-Wait
X-Proxy-Build
Selected-Fe
X-Edge-Location
ServedBy
X-Storefront-Renderer-Rendered
X-Dc
X-GeoCode
X-CDN-Forward
X-GeoCountry
X-Proto
SRV
X-LSADC-Cache
Web-Mar-Node
Fastly-Drupal-Html
X-Hyper-Cache
Webserver
Onion-Location
X-App-Version
X-Rule
X-Cached-By
X-Cache-Remote
Mime-Version
X-GEO
X-Cache-Operation
X-Varnish-Hostname
Cache-Hits
X-Rewrite-Enabled
X-Soup
X-TT-LOGID
SID
X-Cluster
Xet-Cookie
X-Magnolia-Registration
X-Cdn
Xserver
X-Pubstack
X-Origin-CC
X-Origin-TTL
X-SRV
X-Accel-Buffering
X-Varnish-Ttl
X-Varnish-Hits
LB
X-Air-Source
X-IPLB-Request-ID
X-Air-Trace-Id
X-Air-Hostname
X-Envoy-Decorator-Operation
X-Reqid
Server-Info
Country-Code
X-Microcachable
X-TA-CDN-Provider
X-Tumblr-Pixel-3
X-Tt-Logid
X-Tumblr-Pixel-2
X-Buckets
X-MP-GENERATED-AT
Cache
Decoy-Debug-Status
Decoy-Debug-Key
DB-Nickname
Decoy-Debug-TTL
X-Request-Host
Source
X-CSRF-Token
X-Newrelic-Synthetics
X-Ms-Request-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Ms-Version
X-B3-SpanId
X-Origin-Response-Time
X-Endurance-Cache-Level
X-Via-NSCOPI
A
Meta-Geo-Continent
Cdncip
BehaviorPad-Version
MD5-Digest
Host-ID
DCR-Decision-By
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
Cmstype
Mobile-Detection-Method
Lang
Cdnsip
Cmsid
Expiry
X-Conf
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Processor
X-Rojux
X-S-Cookie
X-S
X-Orig-Expires
X-NAPM-TraceId
X-Geo-Header
X-Ftr-Request-Id
X-Gzip
X-Hash
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-ScT
X-SD-PageType
X-Vdms-Version
X-Vdms-Path
X-VG-WebCache
X-Vtex-Processado-Em
Xc-Version
X-Vtex-Remote-Cache
X-User
X-TrackingId
X-Shop-Environment
X-Session-Fingerprint
X-SRCache-Key
X-Tenant
X-TIM-N
X-Forwarded-Path
X-External-Request-Id
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Aed
X-Application
X-AK-Request-ID
X-A-Dam
X-A
Pramga
Odigeo-Trace-Id
Rendered-Blocks
Sslversion
T-Server
Surrogated-Key
X-ARC
X-B-Cookie
X-Developer
X-Destination
X-Ec-Fail
X-Ec-GeoHdr
X-Esi-Check
X-Epic-Correlation-Id
X-D
X-Connection-Hash
X-Cache-NE
X-Cache-Id
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
NM-Fastcgi-Cache
X-A-Ccd
X-NCache
X-Time
X-Bc-Bl
X-Tx-Id
X-RCS-CacheZone
X-Clara-WADP
Is-Eu
X-Ckpd-Fst-Backend
Machine
X-CacheTTL
X-Core-Mission
X-Core-Value
X-Device-Os
Fastly-GeoIP-CountryCode
X-Developers
X-DefHash
X-DefElseHash
X-Cache-Info
X-Cache-Bucket
Server-Host
State
Producers
Platform
Memcached
We-Hiring
Wxu-Next-Commit
X-Amzn-Remapped-Content-Length
X-Cache-Backend
X-DPWN-IS-SECURE
Wxu-Next-Region
Wxu-Next-Hostname
Mail-Subject
X-Azure-Ref
X-SVT-ORM-VERSION
X-V-Cache
X-SVT-ORM-RULES
X-Sigma-Backend
X-Server-IP
X-Sigma
X-Variation
X-Varnish-CookieHashed-On
X-WADP-Cache
X-Worker
X-Via-Ucdn
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Scheme
X-SB
X-GeoIP
X-Irp-Debug
X-Gdpr
X-Fmm-Version
X-Fastly-Cache
X-Fetched-On
X-Mvc-Supplant-Cachable
X-Node-Id
X-Origin-Time
X-Rocket-Build-Number
X-Origin-Expires
X-Nyt-Route
X-NodeID
Environment
X-Origin
AKAMAI
Adler-Geo
X-Skip-Cache
Cache-Name
X-Block-Status
X-Branch-Name
X-BBC-Edge-Cache-Status
X-Auto-Login
Kp-EeAlive
Apple-News-Services-Host
Apple-News-Services-Handled
Cache-Key
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-RateLimit-Limit-Second
X-Request-URI
X-TNCMS
X-Served-From
Web-Mar-Region
CDCHOST
V-Age
Vix-Hermes-Req-Id
DynaTrace
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-LAGOON
X-Wix-Viewer-Type
X-Aicache-OS
X-R9-Blue-Green-Version
X-Rocket-Nginx-Serving-Static
X-Qloud-Router
X-CGP
X-Forwarded-Site
X-Gen-Mode
X-VG-TLSProxy
X-Eu-Site
X-BCube-Filmed-By
X-Ec-Custom-Error
X-Minions-Version
X-Generated-On
X-Hnp-Log
X-Httpd
X-HN
X-Level-Front-Cache
X-GeoIP-City
X-Loc
X-Dispatcher-Number
X-Planisys-CDN-Cache
X-Pod-Name
Candidate-Md5Url
X-Policy
X-Pool
User-Cache-Control
X-Proxy-Cache-Info
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Platform
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Proxy-Upstream
X-Viewer-Country
Origin-CC
Origin-EX
Origin
X-Is-Gdpr
X-Thinkindot-L3
CloudFront-Viewer-Country
X-Cache-Status-Check
Release
Req-Svc-Chain
Redirect-Candidate
X-Loop
X-JWT-State
N-Cache
X-Wikidot-Backend
IsBot
L
X-VarnishDD-TTL
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
X-Wikidot-Static-Cache
X-Has-Esi
Fastly-SWR
Cluster
Gh-Request-Id
Datacenter
PFcat
Thinkindot-CacheControl
Ssr
TDXMobile
X-SIPLIST1
Traceparent
Thinkindot-CacheControl-Type
Fastcgi-Cache-TTL
Svr
Fastly-SIE
Thinkindot-Control
X-Varnish-Beresp-Grace
CDN
X-Slack-Backend
X-Ad-Defer-Variation
Server-Hostname
X-SplitTest
Sever-Int
X-Cdn-Origin
X-Sn-Servicetimems
X-Owner
XM
CPC-Age
DSUID
X-Optimistic-Header
X-Region-Sid
X-Gamma-Serve
GEO-INFO
X-Cache-Date
VNS-Age
NGX
HostName
X-Xrds-Location
X-Scale
X-VServer
CPC-Cache
Server-Ext
VNS-Cache
Ohc-File-Size
X-From
Fastly-Backend-Name
X-Refresh
X-WP-CF-Super-Cache-Cache-Control
X-Parent-Response-Time
X-WA-Info
X-Webstats-RespID
Pics-Label
X-WP-CF-Super-Cache
X-ZONE
X-AIR-PT
X-Location
X-VC
X-CS
X-Micro-Cache
X-EC-Lua
X-CACHE-KEY
X-Tb-Optimization-Total-Bytes-Saved
Locid
Servername
X-Ah-Environment
X-Cache-ASPX
Env
X-NC
X-LB-NoCache
X-Contensis-Viewer-Groups
X-Edge-Pop
X-TIME
Ms-Author-Via
X-Mvc-Supplant-OutputCached
Arc-Country
X-Servedbyhost
X-Udemy-Cache-App-Namespace
Path
X-Response-By
X-Varnish-Authentication
X-Srv
X-Men
AMP-Access-Control-Allow-Source-Origin
X-Old-Content-Length
X-Amz-Meta-Cb-Modifiedtime
Ngx.Var.Host
X-Generated-In
X-TraceId
Cache-Host
Lb
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Via-Poph
Memory
X-DB
Time
X-RPM
X-DI
X-RSL
X-RPS
X-Via-Popv
X-Via-Popn
X-DW
X-DSS
Ohc-Cache-HIT
GeoIp-Country-Code
X-Accel-Expires-Debug
X-HA-Backend
X-S-Maxage
X-API-Version
X-Akamai-Transformed
X-Varnish-Beresp-TTL
ITXSESSIONID
X-Date
XkeyRZ
X-Proxy-CacheRZ
X-RateLimit-Reset
X-Vc
X-Clientip
X-VCL-Version
X-GeoIP-Region-Code
True-Client-IP
Client
X-Cs
X-GeoIP-Country-Code
X-Cache-Debug
X-Zone
X-Api-Version
FSS-Cache
Geoip-Latitude
Hostname
X-VHOST
Server-ID
X-DC
X-Trace-ID
Fusion-Content-Id
Fusion-Component-Id
X-URL
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
X-Dmc
CacheControlHeader
X-Presslabs-Stats
X-Correlation-ID
X-Fpc
X-FireWall-Port
X-MSEdge-Flight
X-Render-Time
X-MSEdge-Features
NtCoent-Length
X-Action
X-TH-Server
X-TX-ID
True-Client-Country-4JS
X-Backend-TTL
X-INCAP-ABP
X-Traceid
X-Webkit-Csp-Report-Only
Powered-By
X-DynaTrace-JS-Agent
X-NGINX-Cache
X-Service
Rip
C-Via
X-Gateway-Cache-Key
X-PX
X-Gateway-Cache-Status
X-Gateway-Request-Id
X-Gateway-Skip-Cache
X-B3-Spanid
X-CSRF-TOKEN
X-M-Reqid
Edge-Cache
X-Qnm-Cache
Tube-Got-Eval
Tube-Get-Contents
Click-Count-Error
Tube-Got-Results
Tube-Return
HIT
Esi-Enabled
Click-Count-Action-Start
X-Pass-Why
Geo-Info
X-Req
Test
X-M-Log
Tcn
X-TRACE-ID
On-Server
My-App
X-Cdn-Request-ID
X-FPC
X-Origin-Upstream-Status
X-Akamai-Pragma-Client-IP
X-Beluga-Cache-Status
User-Agent
X-HS-Status
Uri
X-Beluga-Node
X-Beluga-Response-Time
Server-Id
X-Webkit-CSP-Report-Only
X-Alfa-Service
X-Beluga-Status
X-Beluga-Record
X-Beluga-Trace
X-Vcl-Version
OT-Force-Account-Verify
X-Check-Cacheable
X-Via-PopH
X-Up
X-Via-PopN
X-Ha-Backend
Cf-Int-Pingora-Origin-Digest
X-Provided-By
X-Via-PopV
Sid
GeoIP-Country-Code
Srvid
X-Edge-Origin-Shield-Bytes
X-Proxy-Cache-Hk
Proxy-Connection
GeoIP-Latitude
X-LB-ID
Resin-Trace
X-Varnish-Beresp-Ttl
Cdn
WebServer
X-Edge-Origin-Shield-Region
X-CLOUD-TRACE-CONTEXT
X-APP
MIME-Version
M-TraceId
X-Hcs-Proxy-Type
X-ServedByHost
X-CCDN-Origin-Time
Epwk-X-Cache
X-CCDN-CacheTTL
X-Li-Fabric
X-LI-UUID
X-LI-Proto
Srv
X-RAMCache
X-Li-Pop
X-UnsetCookies
DataCenter
X-Cdn-Forward
X-Geo
X-ND-Cache
ENV
X-Time-Microsecs
X-App
X-Fetch-By
X-Cache-Ttl
X-Backend-Host
WZWS-RAY
Warning
X-ID
X-LiteSpeed-Cache-Control
X-Esi
X-Fastly-Backend-Reqs
X-B3-Traceid-Primal
Cf-Device-Type
X-CUA
ServerName
XServer
X-Serial
X-Lb-Nocache
Server-Ttl
X-Edge-POP
X-MG-S
Dt-Hot-News
Fastly-Drupal-HTML
X-HostName
X-Fragments
CF-Cached-On
X-CF-Powered-By
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-ElasticPress-Query
X-ATG-Version
X-Request-Url
X-Yottaa-OS
X-Azure-Ref-OriginShield
Target-Params
X-Thanos
X-Platform-Router
X-HITS
X-Bip
X-Akamai-Request-ID
Tracecode
PICS-Label
DT-Hot-News
X-Newrelic-App-Data
X-Dw-Trace-Id
X-Platform-Processor
X-Nc
X-Platform-Cluster
X-Vcache
Cf-Ipcountry
X-Fastly-Backend
X-LiteSpeed-Tag
X-Cc-Via
Inserted-Into-Cache-At
X-Iplb-Instance
True-Client-Ip
X-Sucuri-Cache
X-Iplb-Request-Id
X-Sucuri-ID
Lfy
X-FC-Vary-Parameters
X-Request-Start
D-Url-Rewrites
X-Var-Ttl
Cdn-Uid
Servedby
Cdn-Requestcountrycode
Cdn-Edgestorageid
Cdn-Cachedat
Wp-Super-Cache
Cdn-Cache
Cdn-Requestid
Cdn-Pullzone
X-Storefront-Renderer-Verified
X-Dist-Code
X-BBC-Origin-Response-Status
X-Th-Server
X-Release
Vha6-Origin
X-Cache-Expires
X-Snapshot-Date
X-MiniProfiler-Ids
X-NU-AKA-ACS-Version
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Vercel-Id
X-Vercel-Cache
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache
Content-Script-Type
CountryCode
Fastcgi-Cache-Ttl
X-Wp-Cf-Super-Cache-Cache-Control
Ngx
X-Back
X-Varnish-Beresp-Status
Content-Style-Type
X-Request-URL
Cneonction