Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Link
Accept-Ranges
CF-RAY
ETag
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Content-Encoding
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-CDN
X-AspNetMvc-Version
P3p
X-Request-ID
Upgrade
X-Via
CF-Ray
X-Ws-Request-Id
Access-Control-Max-Age
Server-Timing
EagleId
X-Cache-Group
Keep-Alive
X-Turbo-Charged-By
Request-Context
X-Age
X-UA-Device
X-Server-Powered-By
X-Proxy-Cache
X-Backend
X-AH-Environment
X-Robots-Tag
X-Hacker
Report-To
X-Amz-Request-Id
Host-Header
X-Server
X-Amz-Id-2
Grace
X-LiteSpeed-Cache
X-Rq
X-Nginx-Cache-Status
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Page-Speed
X-Vhost
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Amz-Version-Id
X-Ua-Compatible
X-Pingback
X-Dns-Prefetch-Control
X-Dispatcher
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Cache-Spec
X-Host
X-Server-Id
Cf-Railgun
X-Node
X-Backend-Server
Accept-CH
X-Readtime
Surrogate-Control
X-Akam-SW-Version
Request-Id
X-Response-Time
X-HW
Xkey
X-Ruxit-JS-Agent
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Content-Location
Rating
X-Country
X-B3-TraceId
Accept-Ch-Lifetime
Accept-CH-Lifetime
X-Cache-Lookup
X-Cloud-Trace-Context
X-Trace
X-Url
X-Ac
X-Content-Type
X-PC
X-TtlSet
X-Vname
Allow
X-Clacks-Overhead
X-Mod-Pagespeed
Edge-Control
X-Varnish-TTL
X-ESI
X-FastCGI-Cache
X-Server-Name
Fastly-Restarts
Cache-Tag
Service-Worker-Allowed
X-Aws-Lambda-Call-Status
X-VARITI-CCR
X-Rack-Cache
X-Element-Page-Cache
Verso
X-Upstream
MS-Author-Via
X-GitHub-Request-Id
X-MS-InvokeApp
X-Amz-Rid
X-Vcap-Request-Id
Public-Key-Pins
X-Dw-Request-Base-Id
X-Cached
X-Client-IP
X-D2id
X-Abt-Application-Version
X-Cache-TTL
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Px
X-Navigation-Version
RTSS
X-Country-Code
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Powered-By-Plesk
X-NF-Request-ID
X-Exp-Id
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Goog-Hash
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Origin-Cache
Accept-Ch
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Powered-CMS
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
AR-CACHE
X-Version
X-Sol
Display
X-Middleton-Display
Pagespeed
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-LLID
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
Nginx-Cache
X-TTL
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Protected-By
TCN
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-T
X-Shield-Request-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Id
S
X-RateLimit-Remaining
Content-MD5
X-Aspnetmvc-Version
Edge-Cache-Tag
Fastcgi-Cache
X-Mid
SPIisLatency
SPRequestDuration
Front-End-Https
X-CST
X-Language
Realpath
X-Recruiting
X-Request-Received
X-Request-Processing-Time
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Filters
X-Ttl
Server-Node
X-MCACHE
X-Ab
Server-Name
X-Ua-Browser
X-Content
X-DynaTrace
X-Frontend
X-Correlation-Id
X-NWS-LOG-UUID
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-Ser
X-SharePointHealthScore
SPRequestGuid
X-Ezoic-Cdn
X-Hits
X-ECACHE
X-Template
X-Parallel-Accel
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Alternate-Protocol
Fusion-Deployment-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Content-Options
X-Kong-Proxy-Latency
Cache-Tags
MicrosoftSharePointTeamServices
X-Kong-Upstream-Latency
X-Page-Id
Cleartype
Host
Charset
X-B3-Sampled
X-Www-Served-By
X-Git-Hash
X-Fastly-Request-Id
X-Cache-Key
X-Ruxit-Js-Agent
X-Geo-Country
X-Daa-Tunnel
X-Debug-Info
X-DIS-Request-ID
X-Webkit-CSP
X-Amzn-Trace-Id
X-Ratelimit-Limit
X-Content-Digest
X-Amz-Replication-Status
X-XRDS-LOCATION
X-Varnish-Age
Filterid
X-Accel-Expires
X-AppVersion
X-Activity-Id
X-Hostname
X-Az
X-Forwarded-Proto
X-VCache
X-FB-Debug
X-Upgrade-Enabled
TP-L2-Cache
TP-Cache
X-Grace
X-WebKit-CSP-Report-Only
X-Origin-Server
X-Rid
Cross-Origin-Opener-Policy
Access-Control-Allow-Method
X-Nginx-Upstream-Cache-Status
ServerID
X-N
X-F-Cache
X-Mobile-URL
X-LB-Cache
X-Route-Name
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-Request-Guid
X-Aspnet-Duration-Ms
X-Whom
X-TT
X-App-Environment
X-Varnish-Grace
Viewport
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Tb
X-GUploader-UploadID
X-Seen-By
X-Goog-Stored-Content-Encoding
X-Type
X-FW-Hash
X-Distributor
Payment
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Static
Node
X-FW-Dynamic
X-Server-ID
DC
Paypal-Debug-Id
X-App-Server
X-User-Agent
Fastcgi-Useragent
X-NGENIX-Cache
Country
Accept-Charset
X-Origin-Upstream-Status
X-Wix-Request-Id
X-Cache-Control
X-DataDome
X-Cache-Rule
X-Litespeed-Cache
X-Logged-In
Version
X-Via-JSL
Referer-Policy
X-Drupal-Cache-Tags
X-Cache-Age
X-Ratelimit-Reset
X-Load-Cache
X-B-Cache
X-Varnish-Backend
X-Cluster-Name
X-Browser-Type
X-Signature
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Refresh
X-Request-Handler-Origin-Region
X-Microsite
X-Contextid
Cache-Status
SD-X-WS
X-Original-Request-Id
X-Response-Served-From
X-Node-Name
X-Buckets
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Real-IP
X-Cache-Expired-At
X-Mobile
X-Rendered-As
X-Tec-Api-Origin
X-Page-View
X-Tec-Api-Version
X-Tec-Api-Root
X-Vgn-Hpd-Reason
X-Is-Bot
X-Cacheable-TTL
X-Jobs
X-Proxy-Cache-Status
X-Debug
X-B
Access-Control-Request-Headers
NGB
X-ProcessESI
X-Revision
X-Proxy
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-IPLB-Instance
X-Instance
X-RemovedCookies
X-Rule
X-Device-Type
X-UUID
X-Fastly-Request-ID
Surrogate-Key
X-Cache-Action
Akamai-GRN
X-Drupal-Cache-Contexts
X-Cache-Time
X-Debug-IsConnected
X-Debug-IsPreview
X-Framework
Amp-Access-Control-Allow-Source-Origin
X-G
X-Fastcgi-Cache
X-FW-Version
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
CF-IPCountry
SID
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
DynaTrace
Liferay-Portal
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-Azure-Ref
X-Presslabs-Stats
X-PressLabs-Stats
GEO-INFO
X-Nginx-Cache
X-Accel-Buffering
X-Source
X-Ms-Request-Id
X-Ms-Version
X-Ratelimit-Remaining
Count-Hit
X-Oneagent-Js-Injection
Healthy
Uber-Trace-Id
Frame-Options
Ms-Operation-Id
MS-CV
X-RTag
X-APP-VERSION
X-Cache-Operation
X-Cache-NGX
X-EdgeConnect-Cache-Status
X-CDN-Forward
X-XRDS-Location
X-Zen-Fury
Xserver
Countrycode
X-Cache-Hit
X-Tumblr-Pixel
X-Tumblr-User
X-Environment-Context
X-Tumblr-Pixel-1
X-L-Path
X-Varnish-Server
X-Tumblr-Pixel-0
X-Mode
X-Backend-Name
Ec-Rule-Version
Protected
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Region
X-Servername
X-Forwarded-Host
X-Cache-TTL-Remaining
Meta-Geo
X-SaId
X-Content-Powered-By
X-UPSTREAM-Address
X-Rewrite-Enabled
X-RN-RSRV
X-JoinUs
Backend
X-Tid
X-Detected-As
X-Sql-Duration-Ms
X-Sorting-Hat-ShopId
X-Sql-Count
X-Uri
X-ShardId
X-Cache-Grace
Eomportal-Instance
X-Alternate-Cache-Key
Decoy-Debug-Status
X-Proxied
X-Adobe-Content
X-Extlb
Country-Code
Apigw-Requestid
X-Adobe-Loc
X-Generation-Time
X-Zipkin-Id
Decoy-Debug-TTL
X-Debug-Cache
X-Hosted-By
X-ShopId
X-Sorting-Hat-PodId
X-Routing-Service
X-Redis-Cache
X-Cache-Server
X-Shopify-Stage
Decoy-Debug-Key
Fastly-SSL
X-Status
Mn-Server-Ip
Cache-Name
X-Content-Age
X-Hyper-Cache
X-ServerID
X-Site-Version
X-ApacheServer
X-Human
X-Origin-Date
X-PERF
X-NCache
X-FB-TRIP-ID
X-No-Session
X-Varnish-Beresp-Grace
X-Via-Fastly
Url
X-PHP-Backend
Section-Io-Cache
X-Format
X-OCL
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Selected-Fe
Property-Id
X-ProxyCache-Key
X-Microcachable
Cache-Tv-Group
X-Proxy-Build
X-ProxyCache-Status
X-Section
X-Cluster-Node
X-NYM-Debug-Backend
X-Pubstack
TWC-Locale-Group
X-Access
X-Akamai-Edgescape
Webcakes-Region
Webcakes-App-Version
X-Timing-Wait
Webcakes-App-Name
TWC-Privacy
X-UA-Device-Type
X-BYPASS-REASON
X-NewRelic-App-Data
X-Storage
X-PCL
X-Origin-Hint
X-Cache-Type
X-Cache-Host
TWC-GeoIP-LatLong
X-Server-W
X-R9-Blue-Green-Version
X-Hl-Ver
X-Web-Node
X-Varnishpool
X-SayCDN-TTL
LB
WPO-Cache-Status
WPO-Cache-Message
X-Say-TTL
X-Say-Cacheable
X-Soup
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
X-RateLimit-Limit
X-Be
DB-Nickname
X-TIME
CDN-Cache
CDN-CachedAt
Content-Secure-Policy
CDN-Uid
Azure-RegionName
Azure-Version
Azure-SiteName
Azure-InstanceId
CDN-RequestId
Content-Disposition
Azure-SlotName
X-Ua
X-Trace-Id
X-Azure-Ref-OriginShield
X-Generated-By
X-LSADC-Cache
OT-Force-Account-Verify
X-Webkit-Csp
SRV
X-Cached-By
X-Dc
X-SRV
X-Nginx-Cache-Key
Source
X-Bc-Bl
Cache
X-Unique-Id
Retry-After
X-TT-LOGID
X-LAGOON
X-Auto-Login
X-Cache-Remote
X-Origin-TTL
X-Platform-Server
X-Origin-CC
X-Varnish-Hits
Xet-Cookie
Cache-Hits
Mime-Version
X-HTML-Minification-Powered-By
X-GEO
X-TNCMS
X-Loop
X-Varnish-Hostname
X-App-Version
X-Xfnlog-Site
HostName
X-Akamai-Transformed
Onion-Location
X-ECache
X-S-Maxage
X-Cdn
X-CSRF-Token
ServedBy
X-Amz-Meta-S3cmd-Attrs
X-Cache-Tags
X-Tumblr-Pixel-2
X-Varnish-Cache-Hits
X-Tumblr-Pixel-3
Web-Mar-Node
Upgrade-Insecure-Requests
X-CLOUD-TRACE-CONTEXT
X-Proto
X-Request-Time
X-EC-Lua
Webserver
X-AOL-HN
From-Origin
X-Endurance-Cache-Level
X-Time
WP-Super-Cache
X-Request-Host
X-Tenant
X-CACHE-KEY
N-Cache
X-AWS-Id
X-Cache-Var
X-VWS-Id
X-Cache-Var-Map
X-LJ-Flow-ID
X-GG-Cache-Date
X-FireWall-Port
X-Time-Microsecs
X-Origin-Response-Time
AMP-Access-Control-Allow-Source-Origin
X-Cache-Enabled
X-Edge-Location
X-Mg-Request-UUID
X-Handled-By
X-Forwarded-Path
X-NAPM-TraceId
X-A
X-Aed
X-A-Ccd
X-External-Request-Id
X-Ftr-Request-Id
X-Developer
A
User-Cache-Control
X-Labrador-Cache-Channel
X-Correlation-ID
Vix-Hermes-Req-Id
Expiry
X-Ig-Push-State
X-Gen-Mode
X-Destination
X-Hnp-Log
V-Age
Xc-Version
X-A-Dgt
X-Cache-NE
Nel
X-A-Dcw
X-Block-Status
X-B-Cookie
X-ARC
X-Vtex-Remote-Cache
X-Aicache-OS
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-B3-SpanId
X-Application
X-D
X-Connection-Hash
X-Conf
X-Ckpd-Fst-Backend
X-Vtex-Processado-Em
X-Cluster
X-A-Dam
X-ND-Cache
X-ScT
X-SD-PageType
Meta-Geo-Continent
X-Session-Fingerprint
Mobile-Detection-Method
X-VG-WebCache
X-Rojux
X-S
X-S-Cookie
X-PHP-Host
X-Shop-Environment
X-Slack-Backend
X-V-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Vdms-Path
X-TIM-N
CloudFront-Viewer-Country
X-SRCache-Key
X-Vdms-Version
DCR-Decision-By
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
Odigeo-Trace-Id
BehaviorPad-Version
Rendered-Blocks
X-Orig-Expires
X-A-Wwc
Sslversion
Surrogated-Key
X-Via-NSCOPI
X-PBS-Appsvrname
X-PAYTM-SRV-ID
Redirect-Candidate
X-Processor
Pramga
X-Planisys-CDN-Cache
X-NWS-UUID-VERIFY
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-MP-GENERATED-AT
True-Client-Country-4JS
Fastcgi-Cache-TTL
Svr
Wxu-Next-Hostname
Origin
Wxu-Next-Region
Host-ID
Gh-Request-Id
Wxu-Next-Commit
State
X-Li-Pop
X-Proxy-Upstream
X-RCS-CacheZone
X-Request-URI
X-Policy
X-Owner
X-Origin-Expires
X-Origin-Time
X-Scheme
X-Server-IP
X-Viewer-Country
X-Webstats-RespID
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sucuri-Cache
X-Sucuri-ID
X-Old-Content-Length
X-Nyt-Route
X-Fastly-Cache
X-Forwarded-Site
X-Gdpr
X-Date
X-Cdn-Srv
X-Cache-Bucket
X-Cache-Date
X-Geo-Header
X-Hash
X-Mvc-Supplant-Cachable
X-NodeID
X-Men
X-Location
X-Li-Fabric
X-LI-UUID
X-Accel-Expires-Debug
X-Epic-Correlation-Id
AKAMAI
Cmsid
Fastly-Drupal-Html
X-Reqid
CacheControlHeader
Cmstype
X-Adobe-Source
X-Magnolia-Registration
CDCHOST
DSUID
Arc-Country
X-Locale
Server-Info
X-Qnm-Cache
Environment
X-M-Reqid
X-M-Log
X-Varnish-Ttl
X-HS-Content-Campaign-Id
X-Gzip
X-HN
X-GeoIP-City
X-Platform
X-RateLimit-Limit-Second
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
We-Hiring
Web-Mar-Region
X-Level-Front-Cache
X-GeoIP
Apple-News-Services-Handled
X-Irp-Debug
X-Bip
X-Developers
X-Cdn-Origin
X-Device-Os
X-Envoy-Decorator-Operation
X-CGP
X-Datadog-Trace-Id
X-Core-Value
X-Csrf-Jwt
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Cache-Info
X-Cache-Id
X-Core-Mission
X-Fetched-On
X-Backend-State
X-Gamma-Serve
X-Fastly-Backend
X-Branch-Name
X-Cache-Debug
X-Esi-Check
X-Eu-Site
X-Generated-On
X-RateLimit-Remaining-Second
Release
X-TH-Server
X-Thanos
L
X-VG-TLSProxy
X-VServer
X-Skip-Cache
X-Sn-Servicetimems
PFcat
X-TrackingId
X-Varnish-Beresp-Status
Machine
Mail-Subject
Locid
L5d-Success-Class
Origin-EX
Origin-CC
X-UnsetCookies
X-VarnishDD-TTL
HA-Ipaddr
X-Backend-TTL
X-Rocket-Nginx-Serving-Static
X-Request-Start
X-Req
Traceparent
X-Region-Sid
Server-Host
X-Served-From
Ssr
Ha-Gx-Prefs
X-Zone
X-VC-Cache
X-DefHash
X-DefElseHash
X-GeoIP-Region-Code
X-Worker
X-GeoIP-Country-Code
X-DPWN-IS-SECURE
X-Origin
X-Thinkindot-L3
X-Sigma-Backend
X-NU-AKA-ACS-Version
X-Node-Id
X-Sigma
X-Pod-Name
X-Qloud-Router
X-Response-By
X-Rocket-Build-Number
X-JWT-State
X-Is-Gdpr
X-Variation
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-FC-Vary-Parameters
X-Rebelmouse-Surrogate-Control
X-Storefront-Renderer-Rendered
X-Has-Esi
X-Varnish-Remaining-TTL
X-Rebelmouse-Cache-Control
Platform
Cf-Device-Type
Thinkindot-CacheControl-Type
NM-Fastcgi-Cache
Thinkindot-CacheControl
TDXMobile
Adler-Geo
X-BBC-Edge-Cache-Status
Fastly-GeoIP-CountryCode
Req-Svc-Chain
Fastly-SIE
Thinkindot-Control
X-ATG-Version
Is-Eu
X-Amzn-Remapped-Content-Length
Memcached
Fastly-SWR
X-Xrds-Location
S-Rt
NGX
X-Mvc-Supplant-OutputCached
X-Loc
X-Ua-Device
Magicmarker
X-LB-ID
X-Cache-Config
X-API-Version
X-Up
X-CS
X-NC
X-TraceId
X-Tx-Id
X-Varnish-Beresp-Ttl
X-Restarts
X-Generated-In
CDN
X-Akamai-Request-ID2
X-Http-Reason
X-Datadome
X-Trace-ID
X-Tt-Logid
Ms-Author-Via
Memory
Pics-Label
Kp-EeAlive
Time
X-Tb-Optimization-Total-Bytes-Saved
NtCoent-Length
X-RSL
Edge-Cache
X-Via-Popn
Datacenter
X-Via-Popv
X-Cache-Backend
X-RPM
X-Optimistic-Header
X-DSS
X-DI
X-DB
X-Action
X-Wix-Viewer-Type
Candidate-Md5Url
X-DW
Env
X-Via-Poph
X-RPS
X-Edge-Pop
X-Refresh
WebServer
X-LB-NoCache
Accept-Language
GeoIp-Country-Code
X-DynaTrace-JS-Agent
WWW-Authenticate
X-Vc
X-Minions-Version
On-Server
X-Varnish-Beresp-TTL
X-DC
X-CacheTTL
Esi-Enabled
X-HA-Backend
X-TA-CDN-Provider
X-Parent-Response-Time
X-TX-ID
X-Cs
X-Esi
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Srv
X-Dynatrace
X-Unique-ID
C-Via
X-Servedbyhost
X-MSEdge-Features
X-MSEdge-Flight
X-ZONE
X-Service
X-Newrelic-Synthetics
X-Cache-PHP
X-Ec-GeoHdr
X-User
X-Ec-Fail
Server-ID
X-Li-Proto
X-FPC
X-Cache-Status-Check
X-VCL-Version
X-App
X-Render-Time
X-Cache-Ttl
X-LiteSpeed-Cache-Control
X-URL
X-B3-Spanid
Test
X-Vcl-Version
Cdnsip
X-LI-Proto
X-AK-Request-ID
X-Webkit-Csp-Report-Only
Cdncip
X-Fpc
X-Traceid
X-Pass-Why
Cluster
X-Fmm-Version
X-Clara-WADP
Server-Id
X-WADP-Cache
My-App
Geoip-Latitude
X-Webkit-CSP-Report-Only
Geo-Info
X-NODE
Proxy-Connection
Tracecode
X-CUA
X-Var-Ttl
Resin-Trace
X-Mcache
Lfy
Tcn
X-Clientip
T-Server
X-Info
M-TraceId
X-LiteSpeed-Tag
X-AIR-PT
X-From
DataCenter
X-Fragments
Fastly-Drupal-HTML
Lang
HIT
UCS
Cache-Host
X-ServedByHost
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Cf-Int-Pingora-Origin-Digest
X-Oss-Storage-Class
X-CSRF-TOKEN
Target-Params
S-Cnection
X-Ha-Backend
X-Geo
X-VC
X-ID
X-Cdn-Forward
Hostname
X-HostName
Hit
Ohc-File-Size
GeoIP-Country-Code
X-WP-CF-Super-Cache
X-RAMCache
X-WP-CF-Super-Cache-Cache-Control
X-Pad
X-Dynatrace-Js-Agent
X-Micro-Cache
MIME-Version
X-Via-PopV
Fastly-Backend-Name
X-Via-PopN
X-ElasticPress-Query
X-Check-Cacheable
X-Via-PopH
User-Agent
X-Edge-POP
ENV
X-Api-Version
X-Lb-Nocache
Load-Balancing
X-Release
Permissions-Policy
X-Edge-Cache
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-Backend-Host
X-Provided-By
X-Httpd
X-BBC-Origin-Response-Status
X-Proxy-Cache-Info
X-NGINX-Cache
X-Fastly-Backend-Reqs
X-Ucs
X-ServerName
X-APP
X-BCube-Filmed-By
PICS-Label
Producers
X-HS-Status
Servername
WZWS-RAY
X-GoCache-CacheStatus
X-Cache-CFC
EpKe-Alive
X-SB
X-UP
Uri
ServerName
FSS-Cache
URI
Lb
X-TRACE-ID
X-RateLimit-Reset
X-Amz-Meta-Cb-Modifiedtime
X-Lb-Id
X-B3-ParentSpanId
X-Swift-Error
X-WA
Ohc-Cache-HIT
Cteonnt-Length
X-Fastly-Cache-Hits
CPC-Age
CPC-Cache
X-Udemy-Cache-App-Namespace
Cache-Key
X-Platform-Processor
X-Platform-Cluster
Path
X-Pool
X-Nc
Cneonction
X-Platform-Router
X-Cdn-Request-ID
Server-Ttl
X-WA-Info
Cdn
VNS-Cache
VNS-Age
X-Dw-Trace-Id
X-Akamai-Request-ID
X-Ec-Custom-Error
X-Acquia-Application-Trace
X-Akamai-ERPolicy
X-Acquia-Application-UUID
X-Akamai-ERRuleID
X-Scale
X-Acquia-Site
X-Acquia-Purge-Tags
X-Shopify-Generated-Cart-Token
Vha6-Origin
X-Vcache
CF-Cached-On
X-Apw-Hits
X-Apw-Access-Token
X-Newrelic-App-Data
Shield-Pop
X-Contensis-Viewer-Groups
Cf-Ipcountry
X-Yottaa-OS
X-Cache-ASPX
X-Snapshot-Date
X-Apw-Access-Object
X-Wikidot-Backend
X-ES-SERVER
X-Wikidot-Static-Cache
X-Apw-Access-Action
Sid
X-Cache-Ngx
X-Air-Pt
IsBot
Pagetype
X-Cache-Expires
X-SIPLIST1
X-PJAX-URL
X-Te-Count
X-Te-Duration-Ms
X-Http-Duration-Ms
X-Http-Count
Ngx
X-Sentry-ID
CountryCode
Req-ID
X-Logging-Id
X-Cms-Context
X-Last-Modified
X-CacheKey
X-Akamai-Pragma-Client-IP
X-UA
X-Varnish-Authentication