Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
P3p
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-UA-Device
X-Age
Report-To
X-Proxy-Cache
X-Server-Powered-By
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
NEL
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dns-Prefetch-Control
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Spec
X-Host
X-Server-Id
Accept-CH
Cf-Railgun
X-Backend-Server
X-Node
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Application-Context
Content-Location
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Ruxit-JS-Agent
X-Country
X-B3-TraceId
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-Cache-Lookup
X-Trace
X-Url
X-Ac
X-Content-Type
X-PC
X-Vname
X-TtlSet
Allow
X-Clacks-Overhead
X-Mod-Pagespeed
X-Varnish-TTL
Edge-Control
X-ESI
X-Server-Name
Fastly-Restarts
X-Aws-Lambda-Call-Status
Cache-Tag
X-FastCGI-Cache
X-VARITI-CCR
X-Rack-Cache
Service-Worker-Allowed
Verso
X-Element-Page-Cache
X-Upstream
MS-Author-Via
X-MS-InvokeApp
X-Vcap-Request-Id
X-GitHub-Request-Id
X-Amz-Rid
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-D2id
X-Cache-TTL
X-Abt-Application-Version
X-Client-IP
X-Cnection
X-ORACLE-DMS-ECID
X-Px
X-ORACLE-DMS-RID
RTSS
X-Navigation-Version
X-Country-Code
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Cdn-Fetch
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Exp-Id
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Powered-By-Plesk
X-NF-Request-ID
X-Goog-Hash
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Origin-Cache
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-SID
AR-ATIME
X-Powered-CMS
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Version
Response
X-Middleton-Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-Edge-Location-Klb
X-Kinsta-Cache
Nginx-Cache
X-SRCache-Fetch-Status
Accept-Ch
X-SRCache-Store-Status
X-Edge
X-TTL
Mrf-Cache-Status
X-B3-TraceId-Primal
TCN
MRF-Tech
X-Protected-By
X-T
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-RateLimit-Remaining
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Id
S
Content-MD5
Edge-Cache-Tag
X-Aspnetmvc-Version
X-CST
SPIisLatency
Fastcgi-Cache
SPRequestDuration
X-Language
X-Mid
Front-End-Https
Realpath
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Filters
X-Ttl
Server-Node
Pinterest-Version
X-Pinterest-Rid
X-DynaTrace
Pinterest-Generated-By
X-MCACHE
Server-Name
X-Frontend
X-Content
X-Ab
X-Ua-Browser
X-Correlation-Id
X-HS-Content-Id
X-Ser
X-HS-Cache-Config
X-HS-Hub-Id
X-NWS-LOG-UUID
X-Ruxit-Js-Agent
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-SharePointHealthScore
X-Ezoic-Cdn
SPRequestGuid
X-Template
X-Hits
X-ECACHE
X-Parallel-Accel
X-Cache-Key
Alternate-Protocol
X-Tt-Trace-Tag
MicrosoftSharePointTeamServices
X-Tt-Trace-Host
Fusion-Source
Fusion-Deployment-Id
Fusion-Template-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Fusion-Content-Source
X-Page-Id
Fusion-Content-Id
Fusion-Component-Id
Cache-Tags
Charset
Cleartype
Host
X-Git-Hash
X-Www-Served-By
X-B3-Sampled
X-Content-Options
X-Geo-Country
X-Debug-Info
X-Daa-Tunnel
X-DIS-Request-ID
X-Amzn-Trace-Id
X-Ratelimit-Limit
X-Fastly-Request-Id
X-Hostname
X-Content-Digest
X-Amz-Replication-Status
X-Varnish-Age
X-XRDS-LOCATION
Filterid
X-Az
X-AppVersion
X-Activity-Id
Cross-Origin-Opener-Policy
X-Upgrade-Enabled
X-FB-Debug
X-Accel-Expires
X-Grace
X-WebKit-CSP-Report-Only
X-N
X-VCache
X-Forwarded-Proto
X-F-Cache
X-Rid
X-Nginx-Upstream-Cache-Status
ServerID
Access-Control-Allow-Method
X-Origin-Server
TP-Cache
TP-L2-Cache
X-Mobile-URL
X-Providence-Cookie
X-Request-Guid
X-Is-Crawler
X-Flags
X-LB-Cache
X-Aspnet-Duration-Ms
X-Route-Name
X-Whom
X-TT
X-Varnish-Grace
X-App-Environment
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
Viewport
X-Seen-By
X-Tb
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Type
Node
X-FW-Serve
Payment
X-Distributor
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-FW-Type
X-FW-Static
Paypal-Debug-Id
X-Server-ID
DC
X-User-Agent
X-App-Server
X-DataDome
Fastcgi-Useragent
Country
Accept-Charset
X-Wix-Request-Id
X-NGENIX-Cache
X-Cache-Control
X-Cache-Rule
X-Origin-Upstream-Status
X-Litespeed-Cache
X-Ratelimit-Reset
X-Fastcgi-Cache
Version
X-Via-JSL
X-Request-Handler-Origin-Region
X-Microsite
X-Logged-In
X-Drupal-Cache-Tags
Referer-Policy
X-Tec-Api-Origin
X-Fastly-Request-ID
X-Tec-Api-Root
X-Tec-Api-Version
X-Cluster-Name
X-Webkit-Csp
X-Cache-Age
X-Webkit-CSP
X-B-Cache
X-Signature
X-Buckets
X-Contextid
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
Refresh
X-Varnish-Backend
X-Load-Cache
Cache-Status
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
X-Response-Served-From
VIX-Pulpo-Node
SD-X-WS
X-Rendered-As
X-Is-Bot
X-Real-IP
X-Page-View
X-Node-Name
X-Mobile
X-Proxy-Cache-Status
X-Jobs
X-Cacheable-TTL
X-Vgn-Hpd-Reason
X-B
NGB
X-Cache-Expired-At
X-Debug
Access-Control-Request-Headers
X-ProcessESI
X-Proxy
X-RemovedCookies
X-Device-Type
X-Revision
X-UUID
X-Yottaa-Metrics
X-IPLB-Instance
X-Rule
X-Instance
X-Yottaa-Optimizations
Surrogate-Key
X-Cache-Action
X-Framework
X-Cache-Time
X-Debug-IsConnected
X-Debug-IsPreview
X-Drupal-Cache-Contexts
Akamai-GRN
X-G
Amp-Access-Control-Allow-Source-Origin
X-FW-Version
CF-IPCountry
X-Air-Source
SID
X-Air-Trace-Id
X-Air-Hostname
X-Azure-Ref
X-Oracle-Dms-Ecid
X-Oracle-Dms-Rid
X-Accel-Buffering
X-Presslabs-Stats
Liferay-Portal
X-Nginx-Cache
DynaTrace
GEO-INFO
X-PressLabs-Stats
X-Source
X-Ms-Request-Id
Count-Hit
X-Ratelimit-Remaining
X-Ms-Version
X-Oneagent-Js-Injection
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Uber-Trace-Id
X-Cache-Operation
Frame-Options
X-Cache-NGX
X-APP-VERSION
X-RTag
Healthy
Ms-Operation-Id
MS-CV
X-EdgeConnect-Cache-Status
X-XRDS-Location
X-Zen-Fury
X-CDN-Forward
X-Cache-Hit
Protected
Countrycode
X-Tumblr-Pixel-1
X-Environment-Context
X-Backend-Name
X-Tumblr-Pixel
Xserver
X-L-Path
X-Tumblr-Pixel-0
X-Tumblr-User
X-Varnish-Server
Cross-Origin-Window-Policy
Ec-Rule-Version
X-IPS-LoggedIn
X-Mode
X-Forwarded-Host
X-Cache-TTL-Remaining
X-Servername
X-RN-RSRV
X-Rewrite-Enabled
X-UPSTREAM-Address
X-Region
Meta-Geo
X-Adobe-Loc
X-RateLimit-Limit
X-Tid
X-Hyper-Cache
X-JoinUs
X-Adobe-Content
Backend
X-Detected-As
X-SaId
Section-Io-Cache
Eomportal-Instance
LB
Country-Code
X-Cache-Server
X-Alternate-Cache-Key
X-Hosted-By
X-Debug-Cache
X-Cache-Grace
Apigw-Requestid
X-Generation-Time
X-Redis-Cache
Decoy-Debug-Status
X-Content-Age
Decoy-Debug-Key
Decoy-Debug-TTL
X-Uri
X-Shopify-Stage
X-ShopId
X-ShardId
X-Content-Powered-By
X-Sql-Duration-Ms
X-Sorting-Hat-ShopId
X-Sql-Count
X-Sorting-Hat-PodId
X-No-Session
X-Via-Fastly
X-Human
X-ServerID
X-Site-Version
Fastly-SSL
Cache-Name
Url
X-Origin-Date
X-FB-TRIP-ID
X-PHP-Backend
X-Varnish-Beresp-Grace
X-ProxyCache-Key
X-ProxyCache-Status
X-PERF
X-Server-W
X-Proxy-Build
X-Storage
X-Pubstack
X-Cluster-Node
X-BYPASS-REASON
X-Status
Selected-Fe
Mn-Server-Ip
Cache-Tv-Group
X-Akamai-Edgescape
X-NewRelic-App-Data
X-ApacheServer
X-Cache-Host
Content-Disposition
X-Format
X-PCL
X-NYM-Debug-Backend
X-OCL
X-Microcachable
X-NCache
X-UA-Device-Type
X-Timing-Wait
X-Origin-Hint
TWC-GeoIP-Country
X-Say-TTL
CDN-EdgeStorageId
CDN-PullZone
TWC-GeoIP-LatLong
X-Say-Cacheable
X-Web-Node
Property-Id
X-Varnishpool
CDN-RequestId
TWC-Locale-Group
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Version
X-Cache-Type
X-Routing-Service
X-Proxied
CDN-RequestCountryCode
X-Hl-Ver
X-Extlb
X-Section
CDN-CachedAt
X-R9-Blue-Green-Version
CDN-Uid
X-Zipkin-Id
CDN-Cache
Webcakes-Region
X-Access
X-SayCDN-TTL
TWC-Privacy
Webcakes-App-Name
X-Trace-Id
Azure-SlotName
X-TIME
Azure-RegionName
X-Azure-Ref-OriginShield
Content-Secure-Policy
Azure-Version
Azure-InstanceId
Azure-SiteName
X-Soup
X-Be
X-Generated-By
DB-Nickname
X-Ua
WPO-Cache-Message
X-LSADC-Cache
WPO-Cache-Status
OT-Force-Account-Verify
X-Dc
X-Nginx-Cache-Key
Retry-After
X-Cached-By
X-Bc-Bl
Source
SRV
X-Unique-Id
Cache
X-SRV
X-TT-LOGID
X-Platform-Server
X-LAGOON
X-Cache-Remote
X-Auto-Login
HostName
Cache-Hits
X-Akamai-Transformed
X-GEO
X-Origin-CC
X-ECache
X-Loop
X-Varnish-Hostname
X-TNCMS
X-Cache-Tags
ServedBy
X-Origin-TTL
X-HTML-Minification-Powered-By
X-App-Version
X-CSRF-Token
X-S-Maxage
Onion-Location
X-Varnish-Hits
Mime-Version
X-Cdn
X-Xfnlog-Site
X-Varnish-Cache-Hits
Upgrade-Insecure-Requests
Xet-Cookie
X-Amz-Meta-S3cmd-Attrs
From-Origin
Webserver
X-Tumblr-Pixel-2
X-Request-Time
X-Tumblr-Pixel-3
X-AOL-HN
Web-Mar-Node
X-Time
X-Proto
WP-Super-Cache
X-EC-Lua
X-Request-Host
N-Cache
X-Tenant
X-NWS-UUID-VERIFY
X-Endurance-Cache-Level
X-Cache-Enabled
X-FireWall-Port
X-Time-Microsecs
X-GG-Cache-Date
X-Handled-By
X-Origin-Response-Time
X-LJ-Flow-ID
X-Cache-Var-Map
AMP-Access-Control-Allow-Source-Origin
X-Cache-Var
X-Edge-Location
X-B3-SpanId
X-VWS-Id
X-AWS-Id
Pramga
User-Cache-Control
Odigeo-Trace-Id
V-Age
Mobile-Detection-Method
Redirect-Candidate
X-Vtex-Remote-Cache
Rendered-Blocks
Surrogated-Key
Vix-Hermes-Req-Id
Sslversion
X-Planisys-CDN-TTL
Meta-Geo-Continent
A
X-S-Cookie
X-S
X-ScT
X-SD-PageType
X-Shop-Environment
X-Session-Fingerprint
Xc-Version
X-Rojux
DCR-Processing-Time-Ms
Expiry
DCR-Decision-By
BehaviorPad-Version
X-Processor
X-A
Fastcgi-X-Cache-Version
X-Aed
X-V-Cache
X-Slack-Backend
X-Connection-Hash
X-Vdms-Path
X-Vdms-Version
X-Ckpd-Fst-Backend
X-VG-WebCache
X-NAPM-TraceId
X-TIM-N
X-Ig-Push-State
X-Forwarded-Path
X-Hnp-Log
X-Ftr-Request-Id
X-External-Request-Id
X-Developer
X-SRCache-Key
X-D
X-Destination
X-ND-Cache
X-Orig-Expires
X-Gen-Mode
X-Aicache-OS
X-Planisys-CDN-Rules
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Application
X-ARC
X-CF-Lambda-Fn
X-PAYTM-SRV-ID
X-CF-Lambda-Version
X-Cache-NE
X-Block-Status
X-Planisys-CDN-Cache
X-PBS-Appsvrname
X-B-Cookie
X-Vtex-Processado-Em
X-Conf
X-Mg-Request-UUID
X-Correlation-ID
Nel
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Reqid
X-PHP-Host
CloudFront-Viewer-Country
X-MP-GENERATED-AT
X-Labrador-Cache-Channel
X-Adobe-Source
Gh-Request-Id
X-Location
X-Mvc-Supplant-Cachable
X-Men
X-NodeID
X-Origin-Expires
Cmstype
Cmsid
X-Proxy-Upstream
DSUID
X-LI-UUID
X-Origin-Time
X-Nyt-Route
X-Li-Fabric
X-Cache-Date
Svr
State
X-Cache-Bucket
X-Via-NSCOPI
X-Accel-Expires-Debug
True-Client-Country-4JS
X-Cluster
X-Date
X-Hash
CDCHOST
Host-ID
X-Geo-Header
X-Gdpr
X-Fastly-Cache
X-Forwarded-Site
X-Li-Pop
X-Old-Content-Length
X-Sucuri-Cache
X-Sucuri-ID
Arc-Country
AKAMAI
X-Scheme
X-Request-URI
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Epic-Correlation-Id
X-Backend-TTL
CacheControlHeader
X-Viewer-Country
X-Magnolia-Registration
X-Server-IP
Environment
X-VarnishDD-TTL
X-Core-Value
X-CGP
X-Cdn-Srv
X-Cdn-Origin
X-Region-Sid
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Device-Os
X-Envoy-Decorator-Operation
X-VG-TLSProxy
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-VServer
X-Cache-Id
Wxu-Next-Hostname
Wxu-Next-Region
X-RateLimit-Remaining-Second
Wxu-Next-Commit
Web-Mar-Region
X-Cache-Info
X-RateLimit-Limit-Second
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Branch-Name
X-Backend-State
X-Webstats-RespID
X-Esi-Check
X-Eu-Site
X-Req
X-Request-Start
X-Platform
X-Level-Front-Cache
X-Policy
X-Irp-Debug
X-Storefront-Renderer-Rendered
X-Locale
X-Rocket-Nginx-Serving-Static
We-Hiring
X-Skip-Cache
X-Sn-Servicetimems
X-Origin
X-HS-Content-Campaign-Id
X-HN
X-UnsetCookies
X-Gamma-Serve
X-Fetched-On
X-Varnish-Beresp-Status
X-Fastly-Backend
X-TrackingId
X-Generated-On
X-Gzip
X-TH-Server
X-GeoIP-City
X-GeoIP
X-RCS-CacheZone
X-Served-From
X-Core-Mission
X-Varnish-Ttl
Traceparent
HA-Ipaddr
Origin
L
Server-Info
L5d-Success-Class
Machine
Mail-Subject
Ssr
Fastly-Drupal-Html
Release
PFcat
Fastcgi-Cache-TTL
Server-Host
Origin-EX
Origin-CC
Ha-Gx-Prefs
S-Rt
X-CACHE-KEY
Fastly-SIE
X-Is-Gdpr
Is-Eu
X-JWT-State
NM-Fastcgi-Cache
X-Qnm-Cache
X-DPWN-IS-SECURE
Platform
X-FC-Vary-Parameters
X-Node-Id
Memcached
X-Has-Esi
Locid
X-M-Reqid
X-Varnish-Remaining-TTL
X-Worker
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Variation
Apple-News-Services-Handled
Apple-News-Services-Host
Fastly-GeoIP-CountryCode
Req-Svc-Chain
X-BBC-Edge-Cache-Status
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Thinkindot-L3
X-Rocket-Build-Number
X-Qloud-Router
Cf-Device-Type
X-M-Log
X-Developers
X-Owner
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Sigma
X-Sigma-Backend
X-Response-By
Adler-Geo
X-NU-AKA-ACS-Version
Fastly-SWR
X-ATG-Version
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-VC-Cache
X-Amzn-Remapped-Content-Length
X-Cache-Debug
X-DefHash
TDXMobile
Thinkindot-Control
X-DefElseHash
X-Xrds-Location
X-Zone
X-Thanos
X-Bip
NGX
X-Loc
X-Pod-Name
X-Mvc-Supplant-OutputCached
X-Akamai-Request-ID2
X-Http-Reason
X-Ua-Device
X-Varnish-Beresp-Ttl
X-NC
X-Restarts
X-CLOUD-TRACE-CONTEXT
X-LB-ID
X-Up
X-CS
X-TraceId
Magicmarker
X-API-Version
X-Tx-Id
X-Cache-Config
Kp-EeAlive
CDN
X-Generated-In
X-RSL
Edge-Cache
X-RPM
X-Cache-Backend
Time
X-RPS
X-Wix-Viewer-Type
X-Trace-ID
X-Action
X-DI
X-DSS
Memory
X-DW
Ms-Author-Via
Pics-Label
X-DB
X-Tb-Optimization-Total-Bytes-Saved
Env
X-Via-Popv
X-Via-Popn
X-Via-Poph
Accept-Language
X-LB-NoCache
X-Refresh
X-Edge-Pop
X-Tt-Logid
X-Optimistic-Header
Datacenter
Candidate-Md5Url
GeoIp-Country-Code
X-Minions-Version
WebServer
NtCoent-Length
X-CacheTTL
X-Datadome
X-HA-Backend
X-DynaTrace-JS-Agent
X-Srv
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
On-Server
WWW-Authenticate
X-Vc
X-DC
X-ZONE
X-TX-ID
X-MSEdge-Flight
X-MSEdge-Features
X-Esi
X-Varnish-Beresp-TTL
Esi-Enabled
X-Cs
X-Parent-Response-Time
Server-ID
X-User
X-Unique-ID
X-Servedbyhost
X-Ec-Fail
X-Ec-GeoHdr
X-Service
C-Via
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-Cache-PHP
X-Li-Proto
Cdncip
X-Cache-Ttl
X-FPC
X-AK-Request-ID
Cdnsip
X-VCL-Version
X-App
X-B3-Spanid
X-URL
X-Dynatrace
Test
X-Vcl-Version
Geoip-Latitude
X-Fpc
X-WADP-Cache
My-App
X-Webkit-Csp-Report-Only
X-Fmm-Version
X-Cache-Status-Check
X-Clara-WADP
X-LI-Proto
X-Render-Time
Cluster
X-Traceid
X-LiteSpeed-Cache-Control
Geo-Info
X-CUA
Tracecode
X-Var-Ttl
Proxy-Connection
X-Webkit-CSP-Report-Only
X-NODE
X-Pass-Why
T-Server
Server-Id
Lfy
Cf-Int-Pingora-Origin-Digest
DataCenter
X-Mcache
Fastly-Drupal-HTML
M-TraceId
X-From
Lang
Resin-Trace
X-Fragments
X-VC
X-ServedByHost
X-Clientip
X-LiteSpeed-Tag
Target-Params
X-AIR-PT
X-Info
X-CSRF-TOKEN
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Ha-Backend
X-Oss-Server-Time
X-Geo
X-Oss-Request-Id
UCS
Cache-Host
X-Oss-Object-Type
X-ID
X-Oss-Hash-Crc64ecma
HIT
X-Oss-Storage-Class
Hostname
X-Cdn-Forward
MIME-Version
X-RAMCache
Hit
X-Pad
GeoIP-Country-Code
S-Cnection
X-Provided-By
X-Dynatrace-Js-Agent
X-Via-PopV
X-Via-PopH
Section-Io-Origin-Time-Seconds
ENV
Section-Io-Origin-Status
X-Proxy-Cache-Info
Tcn
X-Edge-POP
Ohc-File-Size
X-Httpd
Permissions-Policy
Section-Origin-Responded
X-Via-PopN
Section-Io-Id
X-Edge-Cache
X-Check-Cacheable
X-ElasticPress-Query
WZWS-RAY
User-Agent
Fastly-Backend-Name
X-HS-Status
Load-Balancing
X-Api-Version
Producers
X-Micro-Cache
X-NGINX-Cache
X-Fastly-Backend-Reqs
X-BBC-Origin-Response-Status
X-SB
Servername
X-Cache-CFC
X-Ucs
X-Lb-Nocache
X-ServerName
PICS-Label
X-Backend-Host
X-Release
X-HostName
X-Acquia-Application-Trace
X-UP
X-GoCache-CacheStatus
Uri
FSS-Cache
X-Platform-Cluster
X-BCube-Filmed-By
ServerName
Wpo-Cache-Message
X-Pool
X-Udemy-Cache-App-Namespace
Wpo-Cache-Status
X-Platform-Processor
URI
X-Acquia-Site
X-Platform-Router
X-APP
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-TRACE-ID
EpKe-Alive
Ohc-Cache-HIT
X-Scale
X-Swift-Error
Cteonnt-Length
X-Cdn-Request-ID
X-Ec-Custom-Error
Cneonction
X-Fastly-Cache-Hits
X-RateLimit-Reset
Cdn
X-Lb-Id
X-Nc
Server-Ttl
X-Dw-Trace-Id
IsBot
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Vha6-Origin
X-Snapshot-Date
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-IN-APIGATEWAY
Cf-Ipcountry
X-Cache-Expires
X-Dispatcher-Number
X-Yottaa-OS
Shield-Pop
X-Newrelic-App-Data
X-IN-APIGATEWAYSSL
X-SIPLIST1
Path
X-WA-Info
X-WA
X-Vcache
X-Litespeed-Cache-Control
Cache-Key
X-Apw-Hits
Server-Ext
Server-Hostname
CF-Cached-On
VNS-Cache
VNS-Age
MD5-Digest
CPC-Age
CPC-Cache
X-Apw-Access-Token
Sever-Int
X-Amz-Meta-Cb-Modifiedtime
X-Apw-Access-Object
X-Apw-Access-Action
X-B3-ParentSpanId
X-B3-Parentspanid
X-Cache-Ngx
Lb
Sid
X-Air-Pt
X-Shopify-Generated-Cart-Token
CountryCode
X-Logging-Id
X-CacheKey
X-UA
X-ES-SERVER
X-Varnish-Authentication
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Akamai-Pragma-Client-IP
Req-ID
X-Te-Count
X-Te-Duration-Ms
X-Last-Modified
X-Http-Duration-Ms
X-Http-Count
X-Sentry-ID
Ngx
X-Akamai-Request-ID