Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Cf-Request-Id
Link
CF-Cache-Status
CF-RAY
ETag
Pragma
X-XSS-Protection
Expect-CT
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-AspNet-Version
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
P3p
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
X-Check
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-Envoy-Upstream-Service-Time
X-CONTENT-TYPE-OPTIONS
Status
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-CDN
X-AspNetMvc-Version
Upgrade
X-XSS-PROTECTION
X-Via
CF-Ray
Access-Control-Max-Age
Server-Timing
X-Akamai-Path-Stats
X-Ws-Request-Id
X-Cache-Group
X-Turbo-Charged-By
Keep-Alive
Request-Context
X-Backend
EagleId
X-Dns-Prefetch-Control
X-Robots-Tag
X-Age
X-Server
X-Amz-Request-Id
X-AH-Environment
Host-Header
X-Amz-Id-2
X-Proxy-Cache
X-UA-Device
X-Hacker
Grace
X-Rq
X-Server-Powered-By
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Ua-Compatible
Allow
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Nginx-Cache-Status
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Cache-Spec
Cf-Railgun
X-Host
X-Page-Speed
X-Node
X-Server-Id
X-Aws-Lambda-Call-Status
Cf-Edge-Cache
X-CST
X-Pingback
Surrogate-Control
Request-Id
X-Backend-Server
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Cache-Lookup
X-HW
Xkey
X-Application-Context
Accept-CH-Lifetime
Content-Location
Rating
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Trace
X-Country
X-Ruxit-JS-Agent
X-Url
Fastly-Restarts
Accept-Ch
Accept-Ch-Lifetime
X-MS-InvokeApp
X-Rack-Cache
X-Mod-Pagespeed
X-Clacks-Overhead
X-TtlSet
X-Vname
X-PC
RTSS
Edge-Control
X-Varnish-TTL
X-VARITI-CCR
X-Amz-Server-Side-Encryption
X-Server-Name
X-FastCGI-Cache
Cache-Tag
X-ASPNET-VERSION
X-Vcap-Request-Id
X-B3-TraceId
X-ESI
X-Content-Type
X-Dw-Request-Base-Id
X-Edge
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Amz-Rid
X-Px
Public-Key-Pins
X-D2id
X-Cnection
X-Ser
X-Navigation-Version
X-Ac
Display
X-Middleton-Display
Pagespeed
X-Sol
X-Powered-By-Plesk
Verso
X-Abt-Application-Version
X-Element-Page-Cache
X-Client-IP
X-Version
X-Ttl
Arr-Disable-Session-Affinity
X-Litespeed-Cache
X-Content-Security-Policy-Report-Only
X-Cache-TTL
X-GitHub-Request-Id
X-RateLimit-Remaining
X-Country-Code
Service-Worker-Allowed
X-NF-Request-ID
Response
X-Middleton-Response
X-Goog-Hash
SPIisLatency
SPRequestDuration
Access-Control-Request-Method
X-Cached
X-Kinsta-Cache
X-Correlation-Id
AR-Request-ID
AR-PoweredBy
AR-SID
AR-ATIME
AR-CACHE
X-Edge-Location-Klb
SPRequestGuid
X-SharePointHealthScore
X-Powered-CMS
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-LLID
X-Upstream
Edge-Cache-Tag
X-Forwarded-For
X-NWS-LOG-UUID
Content-MD5
X-Cache-Key
Nginx-Cache
X-Id
X-TTL
X-Shield-Request-Id
X-MSEdge-Ref
X-RateLimit-Limit
X-ECACHE
X-WebKit-CSP-Report-Only
TCN
MRF-Tech
Mrf-Cache-Status
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-T
X-Recruiting
X-Ruxit-Js-Agent
S
X-Content-Digest
X-B3-TraceId-Primal
X-Daa-Tunnel
X-Mg-S
X-Ua-Device
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
TP-L2-Cache
TP-Cache
X-Accel-Expires
X-Grace
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-DynaTrace
X-Frontend
X-Request-Received
X-Ezoic-Cdn
X-Request-Processing-Time
MicrosoftSharePointTeamServices
Front-End-Https
X-Ab
X-Content
X-DataDome
X-Yandex-Sdch-Disable
X-Ua-Browser
Filters
Server-Node
X-Protected-By
X-Origin-Server
X-Distributor
X-PressLabs-Stats
MS-Author-Via
X-Hits
Fastcgi-Cache
X-Geo-Country
X-LB-Cache
X-Mid
X-Webkit-Csp
X-Request-Handler-Origin-Region
X-Microsite
X-ORACLE-DMS-ECID
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Amzn-Trace-Id
X-ORACLE-DMS-RID
Cleartype
Charset
X-Git-Hash
Host
X-F-Cache
X-Debug-Info
X-Mcache
X-B3-Sampled
Cross-Origin-Opener-Policy
X-Page-Id
X-Forwarded-Proto
X-Ratelimit-Reset
X-Cache-Age
Cache-Status
X-Seen-By
X-Fastly-Request-Id
Realpath
X-DIS-Request-ID
X-Webkit-CSP
X-AppVersion
X-Az
X-Activity-Id
X-Server-ID
Access-Control-Allow-Method
X-Www-Served-By
Accept-Charset
ServerID
Filterid
X-Aspnetmvc-Version
X-Nginx-Upstream-Cache-Status
X-Varnish-Age
Cache-Tags
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Content-Options
Permissions-Policy
X-Cluster-Name
X-Rid
Retry-After
X-Type
X-FB-Debug
X-Varnish-Backend
X-App-Environment
X-Oracle-Dms-Ecid
Server-Name
Country
X-Varnish-Grace
X-Tb
X-User-Agent
Viewport
X-Oracle-Dms-Rid
X-B-Cache
X-Request-Guid
X-Providence-Cookie
X-Is-Crawler
X-Flags
X-Signature
X-Drupal-Cache-Tags
X-Route-Name
X-Wix-Request-Id
DC
X-MCACHE
Paypal-Debug-Id
X-Aspnet-Duration-Ms
X-Goog-Generation
X-Language
Node
X-Upgrade-Enabled
X-Goog-Metageneration
X-GUploader-UploadID
X-B
X-Goog-Storage-Class
X-TT
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Whom
X-VCache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Cache
Fastcgi-Useragent
X-Amz-Meta-S3cmd-Attrs
X-Mobile-URL
X-Debug
X-NWS-UUID-VERIFY
Protected
X-N
X-Cache-NGX
X-Amz-Replication-Status
X-Logged-In
Payment
X-XRDS-LOCATION
Amp-Access-Control-Allow-Source-Origin
X-Midtier
WPO-Cache-Status
X-XRDS-Location
WPO-Cache-Message
Surrogate-Key
X-Load-Cache
X-Via-JSL
X-Cache-Control
Count-Hit
X-Contextid
Healthy
X-Node-Name
X-Restarts
Alternate-Protocol
X-Mobile
X-NGENIX-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Server
Content-Disposition
X-Proxy
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
Refresh
Akamai-GRN
X-Zen-Fury
X-Revision
X-Ratelimit-Remaining
X-Cache-Time
X-G
X-Jobs
Url
X-Real-IP
X-Servername
X-UUID
Uber-Trace-Id
X-Akamai-Request-ID2
X-Adobe-Content
X-Adobe-Loc
X-Datadome
X-Page-View
X-Cache-TTL-Remaining
X-Http-Reason
NGB
X-Instance
X-Framework
VIX-Pulpo-Node
X-Drupal-Cache-Contexts
X-Cache-Grace
VIX-Pulpo-Upstream-Status
X-Cacheable-TTL
X-Debug-IsConnected
X-Debug-IsPreview
X-Proxy-Cache-Status
X-Mg-Request-UUID
X-Template
X-Rendered-As
X-Is-Bot
Access-Control-Request-Headers
X-Varnish-Server
X-Yottaa-Optimizations
X-Device-Type
X-Yottaa-Metrics
X-HTML-Minification-Powered-By
X-Environment-Context
X-Hostname
X-L-Path
X-ECache
X-IPLB-Instance
X-Source
X-B3-Traceid
Version
X-EdgeConnect-Cache-Status
Ms-Operation-Id
X-RTag
X-Oneagent-Js-Injection
Frame-Options
MS-CV
Referer-Policy
X-Fastly-Request-ID
Accept-Language
Countrycode
Liferay-Portal
X-Trace-Id
X-NYM-Debug-Backend
X-Cache-Hit
X-App-Server
From-Origin
X-Cache-Rule
X-Cache-Expired-At
Cross-Origin-Window-Policy
X-Vgn-Hpd-Reason
Backend
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-APP-VERSION
X-Tumblr-Pixel
X-COUNTRY
X-Hosted-By
X-IPS-LoggedIn
X-Nginx-Cache
X-Ratelimit-Limit
X-FW-Version
Content-Secure-Policy
X-Unique-Id
WP-Super-Cache
Meta-Geo
Section-Io-Cache
X-Cache-Server
CF-IPCountry
X-RN-RSRV
X-Status
X-UPSTREAM-Address
Upgrade-Insecure-Requests
Load-Balancing
X-OCL
X-No-Session
X-PCL
X-Cache-Enabled
X-Generation-Time
X-FB-TRIP-ID
X-PHP-Host
X-Labrador-Cache-Channel
X-Redis-Cache
X-Ua
Azure-Version
X-Cluster-Node
Fastly-SSL
Apigw-Requestid
X-Uri
X-Varnish-Cache-Hits
X-AWS-Id
Azure-SiteName
Azure-InstanceId
X-Sql-Duration-Ms
Azure-RegionName
X-Via-Fastly
Azure-SlotName
TWC-Connection-Speed
X-RemovedCookies
TWC-GeoIP-LatLong
X-Format
X-UA-Device-Type
X-Akamai-Edgescape
X-Access
X-Sql-Count
X-Be
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-Region
X-Request-Time
X-PHP-Backend
X-Section
S-Rt
Property-Id
Mn-Server-Ip
X-VWS-Id
X-Origin-Date
TWC-Device-Class
X-AOL-HN
X-ProcessESI
X-Region
X-Origin-Hint
X-Server-W
X-LJ-Flow-ID
TWC-GeoIP-Country
X-Content-Age
X-Mode
X-Debug-Cache
X-Forwarded-Host
X-Generated-By
X-Content-Powered-By
X-Human
X-Cache-Host
Locale
Eomportal-Instance
X-Adobe-Source
X-ApacheServer
X-Locale
X-Cms-Context
X-PERF
X-Xfnlog-Site
X-Urbn-Site-Id
X-JoinUs
X-SaId
X-VC-Cache
X-Urbn-Context-Path
X-Storage
X-Say-Cacheable
X-Platform-Server
X-Say-TTL
X-SayCDN-TTL
X-Site-Version
X-Nginx-Cache-Key
X-GG-Cache-Date
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-ShopId
X-Varnishpool
X-Web-Node
X-GeoCode
X-Extlb
X-Detected-As
X-BYPASS-REASON
X-Cache-Tags
X-Cache-Type
X-GeoCountry
X-Handled-By
X-Proxied
X-ProxyCache-Key
X-ProxyCache-Status
X-Routing-Service
X-Zipkin-Id
X-NewRelic-App-Data
X-Tid
X-Backend-Name
X-Hl-Ver
X-Edge-Location
X-Storefront-Renderer-Rendered
Cache-Tv-Group
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-RequestId
X-Proxy-Build
X-Timing-Wait
CDN-Cache
Ec-Rule-Version
CDN-CachedAt
CDN-Uid
Selected-Fe
X-Proto
ServedBy
X-ServerID
Fastly-Drupal-Html
Webserver
X-Cache-Action
X-Dc
Web-Mar-Node
X-CDN-Forward
X-LSADC-Cache
Onion-Location
X-GEO
SRV
X-Parallel-Accel
X-Cached-By
X-Varnish-Hostname
X-Hyper-Cache
X-Cache-Remote
Mime-Version
X-App-Version
Cache-Hits
X-Magnolia-Registration
X-IPLB-Request-ID
X-Fastcgi-Cache
X-Cluster
X-Rule
SID
X-Cdn
X-Cache-Operation
X-SRV
X-Rewrite-Enabled
X-Tt-Logid
X-Air-Hostname
X-Air-Trace-Id
X-Envoy-Decorator-Operation
X-Soup
X-Air-Source
X-Origin-CC
X-Varnish-Hits
X-Origin-TTL
LB
Xserver
X-Pubstack
X-Accel-Buffering
Xet-Cookie
X-TT-LOGID
X-Microcachable
X-Reqid
Country-Code
X-Tumblr-Pixel-2
DB-Nickname
Cache
X-Tumblr-Pixel-3
Server-Info
Source
X-MP-GENERATED-AT
X-Buckets
X-TA-CDN-Provider
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Amz-Apigw-Id
X-Request-Host
X-Via-NSCOPI
X-CSRF-Token
X-Amzn-RequestId
X-Origin-Response-Time
X-Endurance-Cache-Level
X-Tx-Id
X-B3-SpanId
Surrogated-Key
X-Vtex-Remote-Cache
Rendered-Blocks
NM-Fastcgi-Cache
Pramga
X-Vtex-Processado-Em
Odigeo-Trace-Id
Sslversion
DCR-Decision-By
T-Server
Cdnsip
Cmsid
Cdncip
Candidate-Md5Url
A
BehaviorPad-Version
Cache-Key
Cmstype
DCR-Processing-Time-Ms
X-Skip-Cache
Meta-Geo-Continent
Mobile-Detection-Method
MD5-Digest
Lang
Expiry
Fastcgi-X-Cache-Version
Host-ID
Xc-Version
X-Connection-Hash
X-Ftr-Request-Id
X-Shop-Environment
X-Geo-Header
X-Gzip
X-Hash
X-Forwarded-Path
X-External-Request-Id
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Esi-Check
X-HS-Content-Campaign-Id
X-Ig-Push-State
X-SD-PageType
X-Rojux
X-S
X-S-Cookie
X-ScT
X-Processor
X-Session-Fingerprint
X-NAPM-TraceId
X-Orig-Expires
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Developer
X-Destination
X-User
X-A-Dgt
X-Aed
X-AK-Request-ID
X-TIM-N
X-Vdms-Path
X-A-Dcw
X-Vdms-Version
X-A
X-A-Ccd
X-A-Dam
X-Tenant
X-Application
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-SRCache-Key
X-Conf
X-D
X-Cdn-Srv
X-Cache-NE
X-ARC
X-B-Cookie
X-BCube-Filmed-By
X-Cache-Id
X-VG-WebCache
X-A-Wwc
X-Newrelic-Synthetics
Datacenter
DynaTrace
X-Ms-Version
X-Cache-Status-Check
X-Ms-Request-Id
X-Varnish-CookieINHashed-On
X-CacheTTL
X-Cache-Backend
X-Varnish-CookieHashed-On
X-Cache-Info
X-Core-Mission
X-DefElseHash
X-DefHash
X-Core-Value
X-Varnish-Remaining-TTL
X-Clara-WADP
X-Ckpd-Fst-Backend
X-Ad-Defer-Variation
Platform
Producers
X-WADP-Cache
Memcached
Kp-EeAlive
Machine
Server-Host
State
Wxu-Next-Region
X-Amzn-Remapped-Content-Length
Wxu-Next-Hostname
Wxu-Next-Commit
X-Varnish-Ttl
X-Via-Ucdn
X-Bc-Bl
X-DPWN-IS-SECURE
X-Origin-Time
X-SVT-ORM-VERSION
X-Origin-Expires
X-Origin
X-NodeID
X-Nyt-Route
X-SVT-ORM-RULES
X-RateLimit-Limit-Second
X-Sigma
X-Sigma-Backend
X-Scheme
X-SB
X-RateLimit-Remaining-Second
X-Rocket-Build-Number
X-Node-Id
X-TNCMS
X-V-Cache
X-Fetched-On
X-Variation
X-Fastly-Cache
X-Device-Os
Is-Eu
X-Fmm-Version
X-Gdpr
X-TrackingId
X-Loop
X-JWT-State
X-Is-Gdpr
X-GeoIP
X-Has-Esi
X-Developers
X-Cache-Bucket
X-Worker
Adler-Geo
Environment
X-Azure-Ref
VNS-Cache
X-SplitTest
Fastly-GeoIP-CountryCode
We-Hiring
VNS-Age
CPC-Cache
AKAMAI
X-Wix-Viewer-Type
XM
Mail-Subject
CPC-Age
X-RCS-CacheZone
X-NCache
X-Varnish-Beresp-Grace
X-Gen-Mode
X-Gamma-Serve
X-Forwarded-Site
X-Ec-Custom-Error
X-Wikidot-Static-Cache
Apple-News-Services-Handled
X-Block-Status
X-Branch-Name
X-SIPLIST1
X-BBC-Edge-Cache-Status
X-VarnishDD-TTL
CloudFront-Viewer-Country
X-Auto-Login
X-Cache-Date
CDCHOST
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Apple-News-Services-Host
X-Datadog-Parent-Id
Apple-News-Services-Parsed-Url
X-Cdn-Origin
Apple-News-Services-Request-Url
X-Generated-On
X-Irp-Debug
X-Proxy-Upstream
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-Proxy-Cache-Info
X-Pool
X-Pod-Name
X-Policy
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Served-From
X-Slack-Backend
X-Sn-Servicetimems
X-Rocket-Nginx-Serving-Static
X-Request-URI
Redirect-Candidate
X-Thinkindot-L3
X-Platform
X-LAGOON
X-Level-Front-Cache
X-Aicache-OS
X-Httpd
X-HN
X-Hnp-Log
X-Loc
X-Minions-Version
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Time
X-Mvc-Supplant-Cachable
Fastly-Backend-Name
X-GeoIP-City
X-Dispatcher-Number
X-VServer
TDXMobile
Gh-Request-Id
Svr
X-ZONE
Ssr
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
V-Age
Vix-Hermes-Req-Id
User-Cache-Control
Traceparent
Thinkindot-Control
X-Viewer-Country
Server-Hostname
Server-Ext
Ohc-File-Size
N-Cache
Fastly-SIE
L
IsBot
Fastly-SWR
NGX
Fastcgi-Cache-TTL
Release
Req-Svc-Chain
PFcat
Origin-EX
Origin
Origin-CC
Web-Mar-Region
Sever-Int
Cluster
X-VG-TLSProxy
X-Wikidot-Backend
X-Xrds-Location
Cache-Name
CDN
X-EC-Lua
X-WA-Info
X-Optimistic-Header
X-Micro-Cache
X-Eu-Site
DSUID
Ha-Gx-Prefs
X-Scale
X-CGP
X-Server-IP
X-Csrf-Jwt
HA-Ipaddr
L5d-Success-Class
X-R9-Blue-Green-Version
X-Owner
X-AIR-PT
GEO-INFO
HostName
X-WP-CF-Super-Cache
X-Refresh
X-CS
Pics-Label
X-Parent-Response-Time
X-WP-CF-Super-Cache-Cache-Control
X-CACHE-KEY
X-URL
X-Contensis-Viewer-Groups
Path
X-NC
X-Ah-Environment
X-Cache-ASPX
X-From
X-Webstats-RespID
X-Tb-Optimization-Total-Bytes-Saved
Ms-Author-Via
X-VC
X-TIME
Ngx.Var.Host
Env
X-Location
X-LB-NoCache
X-Varnish-Authentication
Cache-Host
Servername
X-Udemy-Cache-App-Namespace
X-Mvc-Supplant-OutputCached
Locid
X-Servedbyhost
X-Edge-Pop
XkeyRZ
X-Correlation-ID
Lb
X-Proxy-CacheRZ
X-Via-Poph
X-Srv
X-Via-Popv
X-Amz-Meta-Cb-Modifiedtime
X-Men
Memory
X-TraceId
X-Via-Popn
Arc-Country
X-Response-By
Time
Ohc-Cache-HIT
X-Clientip
GeoIp-Country-Code
X-Old-Content-Length
X-Presslabs-Stats
ITXSESSIONID
X-Varnish-Beresp-TTL
X-Trace-ID
X-Generated-In
X-API-Version
X-Akamai-Transformed
AMP-Access-Control-Allow-Source-Origin
X-Vc
X-S-Maxage
True-Client-IP
X-Accel-Expires-Debug
X-HA-Backend
X-DSS
X-DW
X-RSL
X-RPM
X-RPS
Client
X-Date
X-RateLimit-Reset
X-DB
X-DI
X-VCL-Version
X-Cs
Hostname
X-VHOST
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Geoip-Latitude
Server-ID
X-DC
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Render-Time
X-Api-Version
FSS-Cache
X-MSEdge-Flight
X-Fpc
X-Cache-Debug
X-Dmc
X-MSEdge-Features
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Component-Id
X-INCAP-ABP
X-Zone
X-FireWall-Port
X-DynaTrace-JS-Agent
X-TRACE-ID
X-Service
X-Gateway-Cache-Key
X-Gateway-Cache-Status
Rip
X-Webkit-Csp-Report-Only
CacheControlHeader
NtCoent-Length
C-Via
Powered-By
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-TX-ID
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-TH-Server
Click-Count-Error
Tube-Got-Eval
True-Client-Country-4JS
Tube-Got-Results
X-PX
X-Action
Click-Count-Action-Start
Tube-Get-Contents
Tube-Return
Esi-Enabled
X-B3-Spanid
X-CSRF-TOKEN
On-Server
Test
X-Backend-TTL
HIT
X-Traceid
Tcn
X-NGINX-Cache
Edge-Cache
X-Alfa-Service
X-FPC
X-Cdn-Request-ID
X-Pass-Why
X-Esi
OT-Force-Account-Verify
X-Beluga-Trace
X-Check-Cacheable
X-Beluga-Record
X-Beluga-Cache-Status
User-Agent
X-Req
Geo-Info
X-Beluga-Node
X-Beluga-Status
X-Vcl-Version
X-HS-Status
Server-Id
X-Beluga-Response-Time
X-Origin-Upstream-Status
X-Edge-Origin-Shield-Bytes
X-Akamai-Pragma-Client-IP
Uri
X-Proxy-Cache-Hk
X-Edge-Origin-Shield-Region
My-App
GeoIP-Latitude
Cdn
Resin-Trace
Srv
X-Ha-Backend
X-Via-PopV
X-Via-PopH
X-Via-PopN
Proxy-Connection
Srvid
Cf-Int-Pingora-Origin-Digest
GeoIP-Country-Code
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-Ttl
M-TraceId
X-Up
X-APP
Sid
X-Webkit-CSP-Report-Only
X-CCDN-CacheTTL
Epwk-X-Cache
X-Hcs-Proxy-Type
MIME-Version
X-ServedByHost
X-CCDN-Origin-Time
X-Provided-By
DT-Hot-News
X-LB-ID
X-App
WebServer
X-Cdn-Forward
X-Backend-Host
X-Fastly-Backend-Reqs
ENV
X-LI-UUID
Server-Ttl
X-Li-Pop
X-Li-Fabric
X-Edge-POP
X-LI-Proto
Warning
X-Fetch-By
X-RAMCache
X-UnsetCookies
X-Geo
XServer
X-Lb-Nocache
X-Bip
X-Thanos
ServerName
X-B3-Traceid-Primal
X-Akamai-Request-ID
X-HostName
X-Nc
True-Client-Ip
X-CF-Powered-By
X-ElasticPress-Query
WZWS-RAY
PICS-Label
X-Newrelic-App-Data
CF-Cached-On
X-Vercel-Id
X-Vercel-Cache
X-HITS
X-ND-Cache
Section-Io-Id
X-Yottaa-OS
X-Time-Microsecs
X-Serial
X-Request-Url
X-Request-Start
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Cc-Via
Section-Origin-Responded
X-Dw-Trace-Id
Fastly-Drupal-HTML
X-LiteSpeed-Cache-Control
DataCenter
Inserted-Into-Cache-At
Cf-Device-Type
X-CUA
X-Iplb-Instance
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Vcache
D-Url-Rewrites
X-Iplb-Request-Id
Dt-Hot-News
X-Air-Pt
Cdn-Edgestorageid
Cdn-Uid
Cdn-Requestid
Servedby
Wp-Super-Cache
Cdn-Pullzone
Cdn-Cache
Cdn-Requestcountrycode
Cdn-Cachedat
X-Snapshot-Date
X-MiniProfiler-Ids
Vha6-Origin
X-Wp-Cf-Super-Cache-Cache-Control
X-LiteSpeed-Tag
Hit
X-Request-URL
Content-Script-Type
X-Sucuri-Cache
Content-Style-Type
X-Back
X-Th-Server
X-Sucuri-ID
CountryCode
X-BBC-Origin-Response-Status
X-Dist-Code
X-Azure-Ref-OriginShield
X-Var-Ttl
X-Platform-Router
X-Platform-Processor
Tracecode
X-ATG-Version
Target-Params
Fastcgi-Cache-Ttl
X-Fastly-Cache-Hits
X-Fastly-Backend
X-Release
X-Platform-Cluster
X-Storefront-Renderer-Verified
X-Fragments
X-FC-Vary-Parameters
X-Wp-Cf-Super-Cache