Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
Request-Context
X-Robots-Tag
Server-Timing
X-Ws-Request-Id
X-AH-Environment
X-Server
X-Ua-Compatible
X-Hacker
X-Age
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Server-Powered-By
X-Proxy-Cache
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Vhost
X-Amz-Version-Id
NEL
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
X-Server-Id
X-CST
Allow
X-Node
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Readtime
X-Response-Time
X-Akam-SW-Version
Accept-CH
X-Webkit-CSP
X-WebKit-CSP
Xkey
X-HW
Accept-Ch-Lifetime
X-Country
X-Ac
Content-Location
X-Application-Context
X-Language
X-Template
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Url
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-GitHub-Request-Id
Fastly-Restarts
X-Content-Type
X-ASPNET-VERSION
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-D2id
X-Cdn-Fetch
X-Use-Magma
X-Kinja
X-Kinja-Server
X-Country-Code
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
Arr-Disable-Session-Affinity
Verso
X-Goog-Hash
X-VARITI-CCR
Accept-Ch
Accept-CH-Lifetime
X-FastCGI-Cache
X-Server-Name
X-Vcap-Request-Id
X-Cached
X-Navigation-Version
Cache-Tag
X-Powered-By-Plesk
X-Client-IP
X-Amz-Rid
X-Buckets
X-Abt-Application-Version
Service-Worker-Allowed
X-ORACLE-DMS-ECID
X-Fastly-Request-ID
RTSS
X-Sol
Display
X-Middleton-Response
X-Middleton-Display
Response
Pagespeed
Access-Control-Request-Method
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-Ttl
X-Cache-TTL
X-NF-Request-ID
Public-Key-Pins
X-Dw-Request-Base-Id
X-Upstream
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
X-Px
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-TTL
Realpath
X-Ruxit-Js-Agent
X-Edge-Location-Klb
X-Oneagent-Js-Injection
X-Server-ID
SPIisLatency
SPRequestDuration
X-Accel-Expires
X-ECACHE
X-SharePointHealthScore
SPRequestGuid
X-HP-Webp
X-Jurisdiction
X-T
X-Mid
X-MCACHE
X-PressLabs-Stats
X-Forwarded-Proto
X-Content-Security-Policy-Report-Only
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Shield-Request-Id
X-Correlation-Id
Charset
X-Recruiting
X-DynaTrace
Edge-Cache-Tag
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Mg-S
X-Release
TP-Cache
TP-L2-Cache
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Ezoic-Cdn
X-Content-Digest
X-Id
Filters
X-Request-Received
X-Request-Processing-Time
X-Cache-Key
Nginx-Cache
X-ORACLE-DMS-RID
Server-Node
X-Logged-In
Alternate-Protocol
Front-End-Https
Cache-Tags
Content-MD5
TCN
X-Forwarded-For
X-Origin-Upstream-Status
X-XRDS-Location
X-Litespeed-Cache
Server-Name
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
X-Amzn-Trace-Id
X-Grace
X-Origin-Server
X-Hostname
X-Geo-Country
X-Contextid
X-F-Cache
X-RateLimit-Remaining
X-Rid
X-Amz-Replication-Status
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Protected-By
X-Az
Host
X-Activity-Id
X-AppVersion
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Cleartype
X-GUploader-UploadID
X-Www-Served-By
X-HS-Content-Id
X-HS-Hub-Id
X-WebKit-CSP-Report-Only
X-HS-Cache-Config
X-HS-Combine-CSS
X-Frontend
Section-Io-Cache
X-Debug-Info
X-LB-Cache
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
MicrosoftSharePointTeamServices
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
X-Ser
X-Git-Hash
X-Aspnetmvc-Version
X-Page-Id
X-NWS-LOG-UUID
X-Cache-Age
X-XRDS-LOCATION
Accept-Charset
X-Respond-Thread
X-Upgrade-Enabled
X-Varnish-Age
X-Source
X-VCache
X-Content-Options
X-DIS-Request-ID
X-Fastcgi-Cache
X-Hits
X-Mobile-URL
ServerID
Paypal-Debug-Id
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Varnish-Backend
X-B-Cache
X-Varnish-Grace
Access-Control-Allow-Method
X-CACHE-GROUP
X-Signature
X-Daa-Tunnel
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Healthy
Payment
X-Route-Name
X-Aspnet-Duration-Ms
X-Cache-Action
X-FB-Debug
X-Is-Crawler
Viewport
X-Providence-Cookie
X-Flags
X-Request-Guid
X-B3-Sampled
X-Whom
X-TT
X-Request-Handler-Origin-Region
X-Microsite
X-N
X-AOL-HN
Node
X-App-Environment
X-Seen-By
Version
X-Type
X-Load-Cache
Fastcgi-Useragent
X-Mobile
DC
MS-CV
DynaTrace
X-Cache-Expired-At
X-Yandex-Sdch-Disable
X-HTML-Minification-Powered-By
X-Distributor
Filterid
X-Cache-Control
SRV
Retry-After
X-IPLB-Instance
X-Tt-Trace-Host
X-Tt-Trace-Tag
Frame-Options
X-Ab
X-Response-Served-From
X-Original-Request-Id
X-Real-IP
X-Instance
X-UUID
X-User-Agent
Nel
X-Varnish-Server
X-Tumblr-Pixel
X-RemovedCookies
X-IPS-LoggedIn
X-ProcessESI
X-Proxy-Cache-Status
NGB
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Adobe-Content
X-Debug-IsPreview
X-Debug-IsConnected
X-Content-Powered-By
X-Device-Type
X-Jobs
X-RTag
X-Region
X-Proxy
Access-Control-Request-Headers
X-Cluster-Name
X-Adobe-Loc
Ms-Operation-Id
VIX-Pulpo-Node
Uber-Trace-Id
X-Page-View
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-B
X-Cacheable-TTL
Refresh
X-FireWall-Port
X-Framework
X-Debug
X-G
X-Accel-Buffering
Cache
X-Wix-Request-Id
X-FW-Serve
X-FW-Static
X-FW-Hash
X-FW-Dynamic
X-RateLimit-Limit
X-FW-Type
X-FW-Server
X-Zen-Fury
Countrycode
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Vgn-Hpd-Reason
X-Time
X-App-Version
X-Oracle-Dms-Rid
Cache-Status
X-Nginx-Cache
X-NGENIX-Cache
Surrogate-Key
X-Cache-Hit
X-Mg-Request-UUID
X-Azure-Ref
X-CDN-Forward
X-Rendered-As
Country
X-Is-Bot
X-Drupal-Cache-Tags
X-TA-CDN-Provider
S-Cnection
X-Ms-Version
X-App-Server
X-Cache-Rule
Eomportal-Instance
X-Ms-Request-Id
X-EdgeConnect-Cache-Status
X-Node-Name
Referer-Policy
SD-X-WS
Liferay-Portal
X-Environment-Context
X-Drupal-Cache-Contexts
X-L-Path
X-JoinUs
X-SaId
Meta-Geo
X-ES-SERVER
X-Proxy-Build
Selected-Fe
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-RN-RSRV
X-Cache-Operation
X-Varnishpool
X-Timing-Wait
From-Origin
Protected
X-ShardId
X-S-Maxage
X-Cache-TTL-Remaining
Azure-SlotName
Azure-Version
X-GG-Cache-Date
X-Cache-Server
X-Alternate-Cache-Key
X-Endurance-Cache-Level
Azure-InstanceId
X-Backend-Host
Azure-SiteName
Azure-RegionName
X-Handled-By
X-Shopify-Stage
X-Yottaa-Metrics
X-R9-Blue-Green-Version
X-Yottaa-Optimizations
X-Pubstack
X-PHP-Backend
X-Via-Fastly
Amp-Access-Control-Allow-Source-Origin
X-TNCMS
X-Varnish-Hostname
X-Storefront-Renderer-Rendered
X-Request-Time
X-Xfnlog-Site
CF-IPCountry
X-Loop
X-No-Session
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Adobe-Source
X-PCL
TWC-GeoIP-LatLong
Property-Id
TWC-Device-Class
ServedBy
X-Proto
TWC-GeoIP-Country
Fastly-SSL
X-ProxyCache-Key
TWC-Privacy
Webcakes-App-Name
Cache-Name
X-ProxyCache-Status
TWC-Locale-Group
Cache-Tv-Group
Webcakes-App-Version
Akamai-GRN
Webcakes-Region
X-AWS-Id
X-Human
X-BYPASS-REASON
TWC-Connection-Speed
X-OCL
X-NYM-Debug-Backend
X-Be
X-Server-W
X-VWS-Id
X-Varnish-Beresp-Grace
X-LJ-Flow-ID
X-LAGOON
X-Origin-Hint
X-Hl-Ver
Country-Code
Decoy-Debug-Status
X-Rule
Decoy-Debug-TTL
X-SayCDN-TTL
Decoy-Debug-Key
X-Say-TTL
X-Status
X-Origin-Date
X-Backend-Name
X-Say-Cacheable
X-RCS-CacheZone
X-Access
X-Section
X-Format
Apigw-Requestid
X-UA-Device-Type
X-PHP-Host
X-PERF
X-Cache-PHP
X-ApacheServer
X-FB-TRIP-ID
X-Sql-Duration-Ms
X-Sql-Count
X-Labrador-Cache-Channel
X-Akamai-Edgescape
Xserver
Mn-Server-Ip
AMP-Access-Control-Allow-Source-Origin
X-Hyper-Cache
X-Uri
X-Hosted-By
X-Revision
X-Redis-Cache
X-Webkit-Csp
X-Ua-Device
X-Web-Node
X-Trace-Id
X-B3-SpanId
X-MP-GENERATED-AT
X-WA-Info
X-ATG-Version
X-Cache-Type
X-FW-Version
X-Content-Age
X-Cached-By
X-CSRF-Token
X-Dc
X-Time-Microsecs
X-ServerID
X-Soup
X-Tumblr-Pixel-3
X-Aws-Lambda-Call-Status
X-Cache-Enabled
Backend
X-Edge-Location
X-Akamai-Transformed
X-TT-LOGID
X-Mode
X-Datadome
X-CS
X-Info
X-Detected-As
X-Parallel-Accel
X-Bc-Bl
X-Microcachable
X-Varnish-Cache-Hits
X-Azure-Ref-OriginShield
X-Varnish-Beresp-Status
X-Cluster-Node
Count-Hit
OT-Force-Account-Verify
GEO-INFO
X-Cache-Host
Web-Mar-Node
X-Cache-NGX
X-Generation-Time
Who
X-Varnish-Hits
X-Debug-Cache
X-Unique-ID
X-Zipkin-Id
X-Proxied
X-Amzn-Remapped-Content-Length
X-Storage
X-Amzn-RequestId
X-Routing-Service
X-Amz-Apigw-Id
X-Platform
Cross-Origin-Opener-Policy
X-SRV
X-APP-VERSION
X-Varnish-Beresp-Ttl
X-Extlb
X-B3-Traceid
DataCenter
X-Servername
X-Via-JSL
X-Origin-CC
X-Locale
Server-Info
X-Origin-TTL
X-DataDome
DCR-Decision-By
Content-Disposition
DCR-Processing-Time-Ms
X-B-Cookie
X-ARC
M-TraceId
X-Bip
X-BCube-Filmed-By
MD5-Digest
Host-ID
X-Air-Hostname
X-Air-Source
X-CF-Lambda-Fn
Fastly-Backend-Name
X-CF-Lambda-Version
Fastcgi-X-Cache-Version
X-Air-Trace-Id
Expiry
X-Cache-NE
X-Magnolia-Registration
X-Application
X-Cache-Bucket
CDN-Uid
BehaviorPad-Version
Surrogated-Key
T-Server
X-A
X-A-Dam
X-A-Ccd
A
State
X-Cms-Context
Apple-News-Services-Request-Url
Apple-News-Services-Host
Req-Svc-Chain
Apple-News-Services-Handled
Rendered-Blocks
Cache-Host
X-A-Dcw
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestId
Apple-News-Services-Parsed-Url
Mobile-Detection-Method
Odigeo-Trace-Id
X-Aicache-OS
CDN-EdgeStorageId
CDCHOST
X-A-Dgt
CDN-Cache
X-A-Wwc
X-Aed
CDN-CachedAt
Meta-Geo-Continent
X-From
X-PBS-Appsvrname
X-Sucuri-ID
X-Processor
X-Proxy-Upstream
X-PAYTM-SRV-ID
X-Thanos
X-Vdms-Path
X-Location
X-NAPM-TraceId
X-Connection-Hash
X-Ratelimit-Reset
X-Rojux
X-S
X-S-Cookie
X-ScT
X-Rewrite-Enabled
X-Service
X-SRCache-Key
X-Session-Fingerprint
X-Request-URI
X-Vdms-Version
X-Level-Front-Cache
X-External-Request-Id
X-VG-WebCache
X-Vtex-Processado-Em
X-Developer
X-Generated-On
X-Cache-Ttl
X-Epic-Correlation-Id
X-Vtex-Remote-Cache
SID
X-Geo-Header
X-Destination
X-VG-WebServer
X-D
X-Core-Value
X-Tb
Upgrade-Insecure-Requests
X-TEC-API-ORIGIN
X-CACHE-KEY
X-TEC-API-VERSION
X-TEC-API-ROOT
Pagetype
X-Sigma
Gh-Request-Id
X-Served-From
Kp-EeAlive
Path
X-Varnish-Url
Memcached
X-VarnishDD-TTL
Location
X-Var-Ttl
X-VG-TLSProxy
L
Origin
X-TrackingId
X-Sigma-Backend
UCS
X-GoCache-CacheStatus
X-Backend-State
X-Has-Esi
X-Hash
X-Is-Gdpr
X-HN
X-Gamma-Serve
Fastly-SWR
X-Date
X-Clientip
X-Developers
X-Envoy-Decorator-Operation
X-Branch-Name
X-JWT-State
X-Accel-Expires-Debug
X-Request-UUID
Server-Host
X-Rocket-Build-Number
Pics-Label
PFcat
X-Req
X-Rebelmouse-Surrogate-Control
X-NU-AKA-ACS-Version
X-Minions-Version
X-Origin
X-Platform-Server
X-Rebelmouse-Cache-Control
X-Scheme
X-Cache-Debug
Cmsid
Cmstype
X-VHOST
CacheControlHeader
X-EC-Lua
AKAMAI
X-Varnish-Ttl
Esi-Enabled
X-AIR-PT
Fastcgi-Cache-TTL
Fastly-SIE
Fastly-Drupal-HTML
User-Cache-Control
Source
X-Cache-Grace
X-Site-Version
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
Wxu-Next-Region
X-Viewer-Country
X-Cluster
X-Generated-In
X-NWS-UUID-VERIFY
Vix-Hermes-Req-Id
TDXMobile
Thinkindot-CacheControl
True-Client-Country-4JS
Thinkindot-Control
X-Amz-Meta-S3cmd-Attrs
X-Forwarded-Site
X-Csrf-Jwt
X-Generated-By
Thinkindot-CacheControl-Type
S-Rt
X-WADP-Cache
X-RateLimit-Remaining-Second
X-Eu-Site
X-RateLimit-Limit-Second
X-Origin-Expires
X-Device-Os
X-DPWN-IS-SECURE
X-Cache-Info
X-Fastly-Backend
X-CGP
X-Request-Host
X-Cache-Tags
X-Ua
X-Fastly-Cache
X-VC-Cache
X-Clara-WADP
X-Policy
X-Fmm-Version
Svr
PB-PID
X-Li-Pop
X-Owner
PB-RID
X-Li-Fabric
X-Variation
Ec-Rule-Version
X-LI-UUID
Cf-Device-Type
X-Micro-Cache
Mail-Subject
DSUID
X-Men
X-Loc
NM-Fastcgi-Cache
NGX
X-HP-Trace-Id
C-Via
X-SVT-ORM-RULES
Platform
X-SVT-ORM-VERSION
Ha-Gx-Prefs
Is-Eu
X-Thinkindot-L3
L5d-Success-Class
Arc-Version
Arc-Country
Adler-Geo
HA-Ipaddr
X-Forwarded-Host
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Old-Content-Length
X-Nginx-Cache-Key
X-DefElseHash
X-DefHash
X-Fetched-On
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gzip
X-Gen-Mode
X-GeoIP-City
X-GeoIP
X-PF-Uncompressing
Url
X-Hnp-Log
X-Via-NSCOPI
X-Tenant
X-FC-Vary-Parameters
X-Esi-Check
X-Shop-Environment
X-Irp-Debug
X-Forwarded-Path
X-Orig-Expires
X-Mvc-Supplant-Cachable
X-Block-Status
Cache-Key
X-Varnish-Remaining-TTL
VNS-Age
VNS-Cache
X-VServer
X-Skip-Cache
V-Age
X-Varnish-CookieINHashed-On
X-SIPLIST1
X-Varnish-CookieHashed-On
Server-Ext
Server-Hostname
Sever-Int
Release
Cross-Origin-Window-Policy
My-App
X-Slack-Backend
CPC-Cache
CPC-Age
Locid
NtCoent-Length
X-User
IsBot
X-Cache-Id
X-Qloud-Router
Webserver
Cache-Hits
X-TX-ID
X-Planisys-CDN-TTL
Powered-By-ChinaCache
X-Srv
X-Planisys-CDN-Cache
X-HS-Content-Campaign-Id
X-Planisys-CDN-Rules
X-Pass-Why
X-Zone
X-Ratelimit-Limit
X-Vc
Geo-Info
X-Via-Popv
X-Via-Popn
X-Ftr-Request-Id
MIME-Version
Content-Secure-Policy
X-Via-Poph
X-Mvc-Supplant-OutputCached
X-Internal-Host
X-Unique-Id
X-PJAX-URL
X-Refresh
X-Conf
XServer
X-GEO
X-OVcl-Cache
X-BBC-Edge-Cache-Status
X-OVcl
X-ID
X-Servedbyhost
Cf-Bgj
X-LB-ID
X-Worker
X-NC
X-Ckpd-Fst-Backend
WebServer
X-Backend-TTL
X-TraceId
Memory
Server-ID
DB-Nickname
X-NCache
Magicmarker
X-Ratelimit-Remaining
X-Auto-Login
Time
X-LSADC-Cache
X-DC
X-Geo
X-TIME
X-V-Cache
HostName
X-ZONE
X-Dispatcher-Server
X-Render-Time
X-Traceid
GeoIp-Country-Code
Geoip-Latitude
X-Rocket-Nginx-Serving-Static
X-Method
X-NewRelic-App-Data
Tcn
X-Platform-Cluster
X-M-Reqid
X-Platform-Processor
X-Platform-Router
X-Qnm-Cache
X-M-Log
X-Wa
Hostname
X-Tx-Id
X-Cache-Remote
X-Newrelic-Synthetics
X-Tb-Optimization-Total-Bytes-Saved
X-SD-PageType
Resin-Trace
X-IP
X-App
Ssr
X-CLOUD-TRACE-CONTEXT
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Environment
X-Correlation-ID
LB
X-Gdpr
X-Nyt-Route
X-Origin-Time
X-NodeID
X-Cache-Config
X-Li-Proto
X-VCL-Version
X-BBC-Origin-Response-Status
X-API-Version
X-Nc
Ohc-File-Size
X-Trv-Group
X-Server-IP
X-MSEdge-Features
Cluster
X-Via-Ucdn
X-Pod-Name
X-Edge-Pop
X-MSEdge-Flight
X-HITS
X-CACHE-AGE
X-Webkit-CSP-Report-Only
X-Origin-Response-Time
X-Dynatrace
X-DynaTrace-JS-Agent
Candidate-Md5Url
X-Node-Id
X-Vcl-Version
X-Via-CDN
Datacenter
X-LI-Proto
Cf-Ipcountry
Env
X-APP
X-NODE
X-Cache-Var-Map
X-Cache-Var
X-Varnish-Beresp-TTL
X-ServerName
X-Akamai-Pragma-Client-IP
X-ND-Cache
X-ElasticPress-Query
X-Wix-Viewer-Type
Web-Mar-Region
X-Reqid
N-Cache
X-HostName
CF-Cached-On
X-HS-Status
X-WA
Sid
GeoIP-Country-Code
Proxy-Connection
GeoIP-Latitude
VivaBuild
Rt-Fastcgi-Cache
Viewtype
X-FTR-Request-ID
X-Cs
CDN
Machine
Servername
Cdn
Server-Id
X-Dynatrace-Js-Agent
X-AB
X-Cdn-Forward
Onion-Location
WWW-Authenticate
X-Fastly-Backend-Reqs
X-NGINX-Cache
X-EIG-Tracking-Id
X-Varnish-Cacheable
X-Lb-Id
X-ServedByHost
X-Pjax-Url
FSS-Cache
On-Server
WZWS-RAY
X-URL
X-Check-Cacheable
X-CSRF-TOKEN
X-Esi
X-Xrds-Location
Ohc-Cache-HIT
X-Fpc
X-Cache-Backend
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-VC
X-Swa-Ws
X-IN-APIGATEWAYSSL
X-Fastly-Request-Id
X-IN-APIGATEWAY
X-Ua-Browser
X-Content
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Country-Code-Real
X-MG-S
Xc-Version
X-FTR-Realm
Cteonnt-Length
X-TIM-N
URI
X-Oss-Server-Time
CountryCode
Shield-Pop
X-Request-Start
X-Tid
X-FTR-DC
Mime-Version
X-Oss-Storage-Class
Redirect-Candidate
X-Oss-Request-Id
Server-Ttl
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-SN
X-Cache-ASPX
X-FORWARDED-FOR
X-Contensis-Viewer-Groups
X-Air-Pt
X-Up
Tracecode
X-CCM
X-Varnish-Authentication
CACHE
X-Swift-Error
Lb
X-RPM
X-RSL
X-RPS
X-DW
X-Action
X-ElasticPress-Search
X-DB
X-DI
X-DSS
X-Webstats-RespID
X-CUA
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Site
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Date
X-Acquia-Application-Trace
Pramga
X-Pf-Uncompressing
X-StackifyID
X-FTR-Expires
Xet-Cookie
Is-Us
X-Snapshot-Date
Warning
X-SB
X-Fastly-Cache-Hits
X-Pad
X-LiteSpeed-Cache-Control
X-Dw-Trace-Id
Ohc-Response-Time
X-Yottaa-OS
WP-Super-Cache
Vha6-Origin
X-Hcs-Proxy-Type
X-MiniProfiler-Ids
Instruction
X-Cdn-Origin
X-Apw-Access-Action
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Sn-Servicetimems
X-Apw-Hits
X-Mg-Request-Id
ServerName
X-Region-Sid
X-C
X-Tt-Logid
X-TH-Server
X-Cache-Status-Check
X-Apw-Access-Token
SR-User-Adfree
X-Apw-Access-Object