Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
Request-Context
X-Robots-Tag
Server-Timing
X-Ws-Request-Id
X-AH-Environment
X-Server
X-Ua-Compatible
X-Hacker
X-Age
X-Turbo-Charged-By
X-Server-Powered-By
X-Proxy-Cache
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Railgun
X-Vhost
X-Amz-Version-Id
X-Server-Id
NEL
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH
X-WebKit-CSP
X-Readtime
X-Response-Time
X-Akam-SW-Version
X-Webkit-CSP
Xkey
X-HW
X-Country
X-Ac
X-Application-Context
Content-Location
X-Language
Accept-Ch-Lifetime
X-Template
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Url
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
Accept-CH-Lifetime
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-ASPNET-VERSION
X-Cnection
X-Rack-Cache
X-Origin-Cache
X-D2id
X-Country-Code
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
Verso
X-Cdn-Fetch
X-Goog-Hash
Arr-Disable-Session-Affinity
X-VARITI-CCR
X-FastCGI-Cache
X-Vcap-Request-Id
X-Cached
X-Navigation-Version
X-Server-Name
Cache-Tag
X-Powered-By-Plesk
X-Buckets
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-ORACLE-DMS-ECID
Accept-Ch
X-Fastly-Request-ID
RTSS
X-Middleton-Response
X-Sol
Pagespeed
X-Middleton-Display
Response
Display
X-Cache-TTL
Access-Control-Request-Method
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-Ttl
X-NF-Request-ID
Public-Key-Pins
X-Dw-Request-Base-Id
X-Upstream
X-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
X-Edge
X-Kinsta-Cache
X-LLID
X-Px
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-TTL
X-Edge-Location-Klb
X-Ruxit-Js-Agent
Realpath
X-Oneagent-Js-Injection
SPRequestDuration
SPIisLatency
X-Accel-Expires
X-ECACHE
SPRequestGuid
X-SharePointHealthScore
X-T
X-HP-Webp
X-Jurisdiction
X-MCACHE
X-Mid
X-PressLabs-Stats
X-Forwarded-Proto
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-Kraken-Loop-Name
X-Correlation-Id
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Server-Lifecycle-Phase
Charset
X-Recruiting
Edge-Cache-Tag
X-DynaTrace
X-Mg-S
X-Release
TP-Cache
TP-L2-Cache
Fastcgi-Cache
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Amz-Server-Side-Encryption
X-Ezoic-Cdn
X-Content-Digest
X-Id
Filters
X-Request-Processing-Time
X-Server-ID
X-Request-Received
X-Cache-Key
Nginx-Cache
X-ORACLE-DMS-RID
Server-Node
Alternate-Protocol
Front-End-Https
X-Logged-In
Cache-Tags
Content-MD5
TCN
X-Forwarded-For
X-Origin-Upstream-Status
X-XRDS-Location
X-Litespeed-Cache
Server-Name
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
X-Amzn-Trace-Id
X-Grace
X-Origin-Server
X-Hostname
X-Geo-Country
X-Contextid
X-Amz-Replication-Status
X-F-Cache
X-Rid
X-Protected-By
Host
X-GUploader-UploadID
X-Az
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Activity-Id
X-AppVersion
Cleartype
X-Www-Served-By
X-WebKit-CSP-Report-Only
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-RateLimit-Remaining
X-Frontend
X-Debug-Info
Section-Io-Cache
X-LB-Cache
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
AR-PoweredBy
Ar-Sid
AR-CACHE
MicrosoftSharePointTeamServices
AR-Request-ID
AR-ATIME
X-Ser
X-Page-Id
X-Aspnetmvc-Version
X-Cache-Age
X-NWS-LOG-UUID
X-Git-Hash
X-XRDS-LOCATION
Accept-Charset
X-Upgrade-Enabled
X-Varnish-Age
X-Source
X-Respond-Thread
X-VCache
X-Content-Options
X-DIS-Request-ID
X-Fastcgi-Cache
X-Hits
X-Tec-Api-Root
X-Tec-Api-Origin
ServerID
X-Mobile-URL
X-Tec-Api-Version
X-Varnish-Backend
X-Signature
X-B-Cache
Paypal-Debug-Id
Access-Control-Allow-Method
X-CACHE-GROUP
X-Varnish-Grace
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Providence-Cookie
X-Request-Guid
Viewport
X-B3-Sampled
X-Route-Name
X-Cache-Action
Payment
X-Is-Crawler
X-Aspnet-Duration-Ms
X-FB-Debug
X-Flags
Healthy
X-Whom
X-TT
X-Daa-Tunnel
X-Request-Handler-Origin-Region
X-Microsite
X-N
X-AOL-HN
Node
X-App-Environment
X-Seen-By
X-Type
Version
X-Load-Cache
Fastcgi-Useragent
X-Mobile
MS-CV
DynaTrace
DC
X-Yandex-Sdch-Disable
X-Ab
X-Cache-Expired-At
X-HTML-Minification-Powered-By
Filterid
X-Distributor
SRV
X-Cache-Control
Retry-After
X-IPLB-Instance
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Original-Request-Id
Frame-Options
X-Response-Served-From
Nel
X-UUID
X-Real-IP
X-User-Agent
X-Instance
X-Tumblr-Pixel-1
X-Tumblr-User
NGB
X-Varnish-Server
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-IPS-LoggedIn
X-RemovedCookies
X-ProcessESI
X-Proxy-Cache-Status
Ms-Operation-Id
X-FireWall-Port
Access-Control-Request-Headers
X-Cluster-Name
X-Device-Type
X-Debug-IsPreview
X-Jobs
X-Region
X-RTag
X-Debug-IsConnected
X-Content-Powered-By
X-Adobe-Content
X-Adobe-Loc
VIX-Pulpo-Node
Uber-Trace-Id
X-Proxy
VIX-Pulpo-Upstream-Status
X-B
Refresh
X-Page-View
X-Cache-Time
X-Cacheable-TTL
X-Debug
X-Accel-Buffering
X-Framework
X-G
Cache
X-Wix-Request-Id
X-FW-Static
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Type
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Countrycode
Section-Io-Id
Section-Io-Origin-Status
X-Zen-Fury
X-Vgn-Hpd-Reason
X-Time
X-Oracle-Dms-Rid
X-RateLimit-Limit
Cache-Status
X-Nginx-Cache
X-NGENIX-Cache
X-Cache-Hit
Surrogate-Key
X-Mg-Request-UUID
X-Azure-Ref
X-App-Version
X-Rendered-As
X-Is-Bot
Country
X-CDN-Forward
S-Cnection
X-Drupal-Cache-Tags
X-Cache-Rule
X-EdgeConnect-Cache-Status
X-App-Server
Eomportal-Instance
X-Ms-Request-Id
X-TA-CDN-Provider
X-Ms-Version
X-Node-Name
SD-X-WS
Referer-Policy
Liferay-Portal
X-Drupal-Cache-Contexts
X-L-Path
X-Environment-Context
X-Proxy-Build
X-Tumblr-Pixel-2
X-Timing-Wait
Selected-Fe
X-UPSTREAM-Address
X-RN-RSRV
X-JoinUs
X-SaId
X-Cache-Operation
X-ES-SERVER
Meta-Geo
Azure-InstanceId
X-S-Maxage
X-Request-Time
Azure-SlotName
X-Cache-TTL-Remaining
X-Endurance-Cache-Level
X-Cache-Server
Azure-Version
From-Origin
X-GG-Cache-Date
X-Alternate-Cache-Key
Azure-SiteName
X-Backend-Host
Azure-RegionName
X-Yottaa-Metrics
CF-IPCountry
X-Sorting-Hat-ShopId
X-Varnishpool
X-Varnish-Hostname
X-Yottaa-Optimizations
X-ShardId
X-ShopId
X-Via-Fastly
X-Xfnlog-Site
X-Sorting-Hat-PodId
X-Shopify-Stage
X-No-Session
X-TNCMS
X-PHP-Backend
Amp-Access-Control-Allow-Source-Origin
X-Storefront-Renderer-Rendered
X-Loop
Protected
Webcakes-App-Name
Webcakes-App-Version
Akamai-GRN
TWC-GeoIP-Country
X-VWS-Id
Webcakes-Region
ServedBy
TWC-Connection-Speed
X-Adobe-Source
X-AWS-Id
Property-Id
X-Be
X-PCL
TWC-Device-Class
Fastly-SSL
TWC-Locale-Group
X-BYPASS-REASON
X-Server-W
X-ProxyCache-Status
X-LAGOON
X-R9-Blue-Green-Version
TWC-GeoIP-LatLong
X-Pubstack
X-LJ-Flow-ID
TWC-Privacy
X-Proto
X-ProxyCache-Key
X-Origin-Hint
Cache-Name
Cache-Tv-Group
X-Handled-By
X-OCL
X-NYM-Debug-Backend
Decoy-Debug-Status
Decoy-Debug-Key
Country-Code
Apigw-Requestid
Decoy-Debug-TTL
X-Section
X-Varnish-Beresp-Grace
X-SayCDN-TTL
X-Say-TTL
X-Origin-Date
X-RCS-CacheZone
X-Status
X-Rule
X-Access
X-Say-Cacheable
X-Format
X-Hl-Ver
X-Backend-Name
X-Human
X-Sql-Duration-Ms
X-PERF
X-PHP-Host
X-ApacheServer
X-Sql-Count
X-FB-TRIP-ID
X-Cache-PHP
X-Labrador-Cache-Channel
X-UA-Device-Type
X-Akamai-Edgescape
Xserver
AMP-Access-Control-Allow-Source-Origin
Mn-Server-Ip
X-Hosted-By
X-Uri
X-Hyper-Cache
X-Revision
X-Webkit-Csp
X-Redis-Cache
X-Ua-Device
X-Web-Node
X-Trace-Id
X-B3-SpanId
X-MP-GENERATED-AT
X-WA-Info
X-FW-Version
X-Cache-Type
X-ATG-Version
X-Content-Age
X-Cached-By
X-Time-Microsecs
X-CSRF-Token
X-Dc
X-ServerID
X-Aws-Lambda-Call-Status
X-Tumblr-Pixel-3
X-Cache-Enabled
X-Soup
X-Edge-Location
Backend
X-Akamai-Transformed
X-TT-LOGID
X-Mode
X-Datadome
X-CS
X-APP-VERSION
X-Info
X-Microcachable
X-Parallel-Accel
X-Detected-As
X-Bc-Bl
X-Azure-Ref-OriginShield
X-Varnish-Cache-Hits
X-SRV
GEO-INFO
X-Cluster-Node
Count-Hit
X-Cache-Host
X-Varnish-Beresp-Status
Web-Mar-Node
X-Generation-Time
X-Cache-NGX
OT-Force-Account-Verify
X-Debug-Cache
Who
X-Varnish-Hits
X-Amzn-RequestId
X-Proxied
X-Routing-Service
X-Storage
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
Cross-Origin-Opener-Policy
X-Zipkin-Id
X-Platform
X-Unique-ID
DataCenter
X-B3-Traceid
X-Extlb
X-Servername
X-Varnish-Beresp-Ttl
X-Via-JSL
X-Locale
X-Origin-TTL
Server-Info
X-Origin-CC
X-Air-Source
CDN-RequestCountryCode
X-Processor
X-Proxy-Upstream
X-Air-Hostname
X-Request-URI
CDN-PullZone
Rendered-Blocks
CDN-Uid
CDN-RequestId
DCR-Decision-By
SID
X-Ratelimit-Reset
Content-Disposition
Odigeo-Trace-Id
X-PBS-Appsvrname
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
Fastcgi-X-Cache-Version
BehaviorPad-Version
Apple-News-Services-Handled
X-NAPM-TraceId
A
Fastly-Backend-Name
Host-ID
Req-Svc-Chain
Expiry
X-Location
Meta-Geo-Continent
X-PAYTM-SRV-ID
Mobile-Detection-Method
X-Magnolia-Registration
CDN-EdgeStorageId
MD5-Digest
CDN-CachedAt
DCR-Processing-Time-Ms
CDCHOST
CDN-Cache
M-TraceId
X-Air-Trace-Id
X-From
X-Epic-Correlation-Id
X-DataDome
X-ARC
X-B-Cookie
X-Vdms-Path
X-BCube-Filmed-By
X-Geo-Header
X-External-Request-Id
X-A-Dcw
X-Sucuri-ID
X-A-Dgt
X-A-Wwc
X-Aicache-OS
X-Aed
X-Vdms-Version
X-Cache-Bucket
X-Connection-Hash
X-Cms-Context
X-Core-Value
X-Developer
X-D
X-Destination
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-VG-WebServer
X-VG-WebCache
X-Cache-NE
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-SRCache-Key
X-Application
Surrogated-Key
X-S-Cookie
X-S
X-TEC-API-ROOT
State
X-ScT
X-Service
X-A-Dam
X-Session-Fingerprint
X-TEC-API-VERSION
X-TEC-API-ORIGIN
T-Server
X-Rewrite-Enabled
X-A
X-A-Ccd
X-Rojux
X-CACHE-KEY
Upgrade-Insecure-Requests
X-Tb
X-Developers
Cmstype
Fastcgi-Cache-TTL
X-Gamma-Serve
Path
X-Cache-Debug
X-Clientip
Server-Host
X-Generated-On
X-Date
Pagetype
Pics-Label
X-Level-Front-Cache
PFcat
Esi-Enabled
X-JWT-State
X-Hash
Location
L
Kp-EeAlive
X-Accel-Expires-Debug
X-GoCache-CacheStatus
Memcached
UCS
X-Has-Esi
X-Envoy-Decorator-Operation
X-HN
Fastly-SIE
X-Branch-Name
Fastly-Drupal-HTML
Fastly-SWR
X-Is-Gdpr
X-Backend-State
X-Bip
Gh-Request-Id
Origin
X-NU-AKA-ACS-Version
X-Platform-Server
X-Varnish-Url
X-Sigma-Backend
X-Rebelmouse-Surrogate-Control
X-VG-TLSProxy
X-Minions-Version
X-EC-Lua
X-Thanos
X-Origin
X-TrackingId
X-Var-Ttl
X-Rebelmouse-Cache-Control
AKAMAI
X-VarnishDD-TTL
X-Varnish-Ttl
CacheControlHeader
X-Req
X-AIR-PT
X-Rocket-Build-Number
X-VHOST
X-Scheme
X-Sigma
Cache-Host
Cmsid
X-Request-UUID
X-Cache-Grace
User-Cache-Control
X-Site-Version
True-Client-Country-4JS
X-Fmm-Version
X-HP-Trace-Id
TDXMobile
Svr
X-Forwarded-Site
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Wxu-Next-Region
X-Viewer-Country
X-Cache-Info
X-Device-Os
X-VC-Cache
X-Cache-Tags
X-WADP-Cache
X-Csrf-Jwt
X-Cluster
X-Clara-WADP
X-CGP
X-DPWN-IS-SECURE
X-Variation
Wxu-Next-Commit
We-Hiring
X-Fastly-Backend
X-Fastly-Cache
Wxu-Next-Hostname
X-Generated-By
X-Eu-Site
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Vix-Hermes-Req-Id
X-Served-From
L5d-Success-Class
X-LI-UUID
DSUID
X-Li-Fabric
X-Li-Pop
X-Men
S-Rt
X-Ua
Is-Eu
Ec-Rule-Version
Arc-Country
Ha-Gx-Prefs
Adler-Geo
Arc-Version
HA-Ipaddr
X-Loc
C-Via
Mail-Subject
Source
X-Origin-Expires
X-RateLimit-Limit-Second
NM-Fastcgi-Cache
X-RateLimit-Remaining-Second
X-Amz-Meta-S3cmd-Attrs
PB-PID
Platform
PB-RID
NGX
X-Generated-In
X-Request-Host
Cf-Device-Type
X-Policy
X-Ratelimit-Limit
X-Forwarded-Host
X-NWS-UUID-VERIFY
X-Via-NSCOPI
X-Tenant
X-Shop-Environment
Url
X-Wikidot-Static-Cache
X-Forwarded-Path
X-Orig-Expires
X-Wikidot-Backend
X-VServer
X-Hnp-Log
X-Gzip
X-SIPLIST1
X-Skip-Cache
X-Slack-Backend
X-Owner
X-FC-Vary-Parameters
X-GeoIP
X-GeoIP-City
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Fetched-On
X-Old-Content-Length
X-DefHash
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Irp-Debug
X-Esi-Check
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-User
X-Gen-Mode
X-Micro-Cache
X-Cache-Id
V-Age
Server-Ext
VNS-Age
VNS-Cache
Locid
Cross-Origin-Window-Policy
Server-Hostname
Cache-Key
Sever-Int
CPC-Age
Release
CPC-Cache
NtCoent-Length
X-Block-Status
My-App
IsBot
X-DefElseHash
Webserver
Powered-By-ChinaCache
Content-Secure-Policy
X-PF-Uncompressing
Cache-Hits
X-Planisys-CDN-Rules
X-TX-ID
X-HS-Content-Campaign-Id
X-Qloud-Router
X-Planisys-CDN-TTL
X-Unique-Id
X-Planisys-CDN-Cache
X-Zone
X-Pass-Why
X-Ftr-Request-Id
X-Via-Popv
X-Via-Popn
X-Mvc-Supplant-OutputCached
Geo-Info
X-Via-Poph
MIME-Version
X-Ratelimit-Remaining
X-Cache-Ttl
X-Vc
X-PJAX-URL
X-Internal-Host
X-Conf
X-Srv
X-GEO
XServer
X-BBC-Edge-Cache-Status
X-OVcl-Cache
X-NC
X-OVcl
X-Refresh
X-ID
X-LB-ID
X-Servedbyhost
X-Ckpd-Fst-Backend
X-Worker
Cf-Bgj
X-Backend-TTL
X-TraceId
WebServer
Magicmarker
DB-Nickname
Server-ID
X-Auto-Login
X-NCache
X-LSADC-Cache
Time
X-TIME
X-Geo
X-V-Cache
X-DC
Memory
X-ZONE
HostName
Geoip-Latitude
X-Render-Time
GeoIp-Country-Code
X-Method
X-Traceid
X-Dispatcher-Server
X-Rocket-Nginx-Serving-Static
Tcn
X-NewRelic-App-Data
X-Wa
X-Platform-Processor
Hostname
X-Platform-Router
X-M-Log
X-Tx-Id
X-Platform-Cluster
X-Qnm-Cache
X-M-Reqid
X-Newrelic-Synthetics
X-Tb-Optimization-Total-Bytes-Saved
X-IP
Ssr
X-CLOUD-TRACE-CONTEXT
X-Cache-Remote
Resin-Trace
X-App
X-SD-PageType
LB
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Environment
X-Correlation-ID
X-Nyt-Route
X-NodeID
X-Gdpr
X-Li-Proto
X-Origin-Time
X-Cache-Config
X-BBC-Origin-Response-Status
X-VCL-Version
X-API-Version
Ohc-File-Size
X-HITS
X-MSEdge-Flight
X-Pod-Name
Cluster
X-Trv-Group
X-Nc
X-Dynatrace
X-CACHE-AGE
X-Via-Ucdn
X-Server-IP
X-MSEdge-Features
X-Via-CDN
X-Vcl-Version
X-Edge-Pop
X-Origin-Response-Time
X-Node-Id
Candidate-Md5Url
X-LI-Proto
Datacenter
Cf-Ipcountry
X-DynaTrace-JS-Agent
X-Cache-Var
X-Varnish-Beresp-TTL
Env
X-APP
X-Cache-Var-Map
X-Akamai-Pragma-Client-IP
X-ServerName
X-ND-Cache
X-Wix-Viewer-Type
X-Reqid
X-ElasticPress-Query
Web-Mar-Region
X-Webkit-CSP-Report-Only
X-HostName
X-WA
N-Cache
CF-Cached-On
X-HS-Status
Sid
Proxy-Connection
CDN
GeoIP-Country-Code
GeoIP-Latitude
VivaBuild
X-FTR-Request-ID
X-Dynatrace-Js-Agent
Rt-Fastcgi-Cache
Viewtype
X-Cs
Machine
Server-Id
Servername
Onion-Location
X-Cdn-Forward
X-NGINX-Cache
X-Varnish-Cacheable
WWW-Authenticate
Cdn
X-Fastly-Backend-Reqs
X-EIG-Tracking-Id
X-Check-Cacheable
On-Server
WZWS-RAY
X-URL
X-VC
X-Lb-Id
X-ServedByHost
FSS-Cache
X-CSRF-TOKEN
X-Esi
Ohc-Cache-HIT
X-Xrds-Location
X-Fpc
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Via-PopV
X-Pjax-Url
X-Via-PopN
X-Fastly-Request-Id
X-Via-PopH
X-Content
X-Ua-Browser
X-Cache-Backend
X-Swa-Ws
X-Request-Start
X-TIM-N
X-Tid
Mime-Version
Cteonnt-Length
URI
X-SN
Shield-Pop
Redirect-Candidate
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-AB
X-MG-S
CountryCode
X-SERVER-NAME
X-FTR-Cache-Status
X-FTR-DC
X-Oss-Hash-Crc64ecma
X-FTR-Realm
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
Xc-Version
X-FTR-Backend-Server
Server-Ttl
X-Webkit-Csp-Report-Only
Tracecode
X-Cache-ASPX
X-Air-Pt
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Pf-Uncompressing
CACHE
X-Swift-Error
X-FORWARDED-FOR
X-Up
X-CCM
WP-Super-Cache
X-StackifyID
X-LiteSpeed-Cache-Control
Ohc-Response-Time
X-Acquia-Application-Trace
X-Action
X-SB
X-DB
X-RPS
X-RSL
X-RPM
X-DW
X-DI
X-DSS
X-Fastly-Cache-Hits
X-Cache-Date
X-ElasticPress-Search
X-CUA
X-Acquia-Purge-Tags
Warning
X-Snapshot-Date
X-Webstats-RespID
X-Acquia-Application-UUID
X-Amz-Meta-Cb-Modifiedtime
Is-Us
X-Acquia-Site
X-Yottaa-OS
X-Dw-Trace-Id
X-FTR-Expires
Xet-Cookie
Lb
X-Sn-Servicetimems
X-Edge-POP
X-TH-Server
Pramga
X-Cdn-Origin
Vha6-Origin
X-Cache-Status-Check
X-Apw-Hits
X-Apw-Access-Token
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Mg-Request-Id
X-Hcs-Proxy-Type
X-Apw-Access-Object
X-Apw-Access-Action
ServerName
X-C
X-MiniProfiler-Ids
X-Tt-Logid
X-Pad
X-Region-Sid
SR-User-Adfree
Instruction