Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
Request-Context
X-Robots-Tag
X-Ws-Request-Id
Server-Timing
X-AH-Environment
X-Server
X-Ua-Compatible
X-Hacker
X-Age
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Server-Powered-By
X-Proxy-Cache
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Amz-Version-Id
X-Vhost
X-Server-Id
NEL
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
X-WebKit-CSP
X-Readtime
X-Response-Time
X-Akam-SW-Version
X-Webkit-CSP
Xkey
X-HW
X-Country
X-Ac
X-Application-Context
Content-Location
X-Language
Accept-Ch-Lifetime
X-Template
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Url
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-MS-InvokeApp
X-ESI
X-Varnish-TTL
X-Trace
X-GitHub-Request-Id
Accept-CH-Lifetime
Fastly-Restarts
X-Content-Type
X-ASPNET-VERSION
X-Cnection
X-Rack-Cache
X-Origin-Cache
X-FastCGI-Cache
X-D2id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Country-Code
Arr-Disable-Session-Affinity
X-Goog-Hash
Verso
X-VARITI-CCR
X-Server-Name
X-Vcap-Request-Id
X-Cached
X-Navigation-Version
X-Powered-By-Plesk
Cache-Tag
X-Client-IP
X-Buckets
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
Accept-Ch
X-Fastly-Request-ID
X-ORACLE-DMS-ECID
RTSS
X-Middleton-Response
Pagespeed
Display
Response
X-Sol
X-Middleton-Display
X-Cache-TTL
Access-Control-Request-Method
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-Ttl
X-NF-Request-ID
Public-Key-Pins
X-Dw-Request-Base-Id
X-Upstream
X-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
X-Px
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-TTL
Realpath
X-Ruxit-Js-Agent
X-Edge-Location-Klb
X-Oneagent-Js-Injection
X-Accel-Expires
SPRequestDuration
SPIisLatency
X-ECACHE
X-Jurisdiction
X-HP-Webp
SPRequestGuid
X-SharePointHealthScore
X-T
X-MCACHE
X-Mid
X-Forwarded-Proto
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-PressLabs-Stats
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Instrumentation
X-Correlation-Id
X-Kraken-Loop-Name
X-Recruiting
Charset
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-DynaTrace
Edge-Cache-Tag
X-Mg-S
TP-Cache
TP-L2-Cache
X-Release
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Ezoic-Cdn
X-Content-Digest
X-Id
Filters
X-Server-ID
X-Request-Received
X-Request-Processing-Time
X-Cache-Key
Nginx-Cache
Server-Node
X-Logged-In
Cache-Tags
Front-End-Https
Alternate-Protocol
X-ORACLE-DMS-RID
Content-MD5
TCN
X-Forwarded-For
X-Origin-Upstream-Status
X-Litespeed-Cache
Server-Name
X-XRDS-Location
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
X-Amzn-Trace-Id
X-Origin-Server
X-Grace
X-Geo-Country
X-Hostname
X-WebKit-CSP-Report-Only
X-Contextid
X-Amz-Replication-Status
X-RateLimit-Remaining
X-F-Cache
X-AppVersion
X-Protected-By
Cleartype
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Rid
X-Az
X-Goog-Storage-Class
X-Activity-Id
Host
X-Www-Served-By
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Frontend
X-Debug-Info
Section-Io-Cache
X-LB-Cache
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Ar-Sid
AR-PoweredBy
AR-CACHE
AR-ATIME
MicrosoftSharePointTeamServices
AR-Request-ID
X-Ser
X-Git-Hash
X-Aspnetmvc-Version
X-Cache-Age
X-Page-Id
X-NWS-LOG-UUID
X-XRDS-LOCATION
Accept-Charset
X-Varnish-Age
X-Upgrade-Enabled
X-Respond-Thread
X-VCache
X-Source
X-Content-Options
X-Hits
X-DIS-Request-ID
ServerID
X-Mobile-URL
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
Paypal-Debug-Id
X-CACHE-GROUP
X-Varnish-Backend
X-B-Cache
X-Signature
X-Varnish-Grace
Access-Control-Allow-Method
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-B3-Sampled
Healthy
Viewport
X-Cache-Action
X-Request-Guid
X-Flags
X-Is-Crawler
X-FB-Debug
X-Route-Name
Payment
X-TT
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Daa-Tunnel
X-Whom
X-Microsite
X-Request-Handler-Origin-Region
X-N
X-AOL-HN
Node
X-App-Environment
X-Seen-By
X-Type
Version
Fastcgi-Useragent
X-Load-Cache
X-Mobile
X-Fastcgi-Cache
DC
MS-CV
DynaTrace
X-Yandex-Sdch-Disable
X-Cache-Expired-At
X-Ab
X-HTML-Minification-Powered-By
Filterid
X-Distributor
SRV
Retry-After
X-Cache-Control
X-IPLB-Instance
X-Tt-Trace-Tag
X-Response-Served-From
X-Original-Request-Id
X-Tt-Trace-Host
X-Real-IP
Nel
Frame-Options
X-UUID
X-Instance
X-RemovedCookies
X-Tumblr-Pixel-0
X-Varnish-Server
X-Tumblr-User
X-Tumblr-Pixel-1
X-Proxy-Cache-Status
X-Tumblr-Pixel
X-ProcessESI
NGB
X-User-Agent
X-Adobe-Content
Access-Control-Request-Headers
X-Adobe-Loc
Ms-Operation-Id
X-Debug-IsPreview
X-Region
X-Jobs
X-IPS-LoggedIn
X-RTag
X-Proxy
X-Debug-IsConnected
X-FireWall-Port
X-Cacheable-TTL
X-Cache-Time
X-Cluster-Name
Refresh
X-Device-Type
X-B
VIX-Pulpo-Upstream-Status
X-Page-View
Uber-Trace-Id
VIX-Pulpo-Node
X-Content-Powered-By
X-Debug
X-Framework
X-G
X-Accel-Buffering
Cache
X-Wix-Request-Id
X-FW-Type
X-Zen-Fury
X-FW-Dynamic
X-FW-Static
X-RateLimit-Limit
X-FW-Serve
X-FW-Hash
X-FW-Server
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Vgn-Hpd-Reason
Countrycode
X-Oracle-Dms-Rid
Cache-Status
X-NGENIX-Cache
X-Nginx-Cache
X-Cache-Hit
X-Mg-Request-UUID
X-App-Version
Surrogate-Key
X-Time
X-Is-Bot
X-CDN-Forward
Country
X-Rendered-As
X-Azure-Ref
X-Drupal-Cache-Tags
X-Cache-Rule
X-App-Server
X-EdgeConnect-Cache-Status
Eomportal-Instance
S-Cnection
X-TA-CDN-Provider
X-Ms-Version
X-Ms-Request-Id
X-Node-Name
Referer-Policy
SD-X-WS
Liferay-Portal
X-Drupal-Cache-Contexts
X-L-Path
X-Environment-Context
X-Cache-Operation
X-RN-RSRV
X-Tumblr-Pixel-2
X-Timing-Wait
Meta-Geo
X-Proxy-Build
X-SaId
X-UPSTREAM-Address
X-Varnishpool
X-ES-SERVER
X-JoinUs
From-Origin
Selected-Fe
X-Xfnlog-Site
X-Via-Fastly
X-Loop
ServedBy
X-Handled-By
X-Cache-TTL-Remaining
X-PHP-Backend
Azure-InstanceId
Protected
Azure-RegionName
Azure-SiteName
X-Yottaa-Metrics
Azure-Version
Azure-SlotName
X-GG-Cache-Date
X-TNCMS
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Backend-Host
Amp-Access-Control-Allow-Source-Origin
X-Alternate-Cache-Key
X-Varnish-Hostname
X-Shopify-Stage
X-ShopId
X-S-Maxage
X-Request-Time
X-Endurance-Cache-Level
X-R9-Blue-Green-Version
X-ShardId
X-Pubstack
CF-IPCountry
X-Storefront-Renderer-Rendered
X-Yottaa-Optimizations
X-Server-W
X-VWS-Id
X-LAGOON
X-LJ-Flow-ID
Webcakes-App-Version
X-Adobe-Source
Property-Id
X-Human
Fastly-SSL
X-Varnish-Beresp-Grace
Cache-Tv-Group
Cache-Name
Akamai-GRN
X-Cache-Server
Webcakes-App-Name
Webcakes-Region
X-OCL
X-NYM-Debug-Backend
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
X-No-Session
X-AWS-Id
TWC-Privacy
X-PCL
X-Origin-Hint
TWC-Locale-Group
Apigw-Requestid
Country-Code
X-BYPASS-REASON
X-Say-Cacheable
X-SayCDN-TTL
Decoy-Debug-Key
X-Say-TTL
X-RCS-CacheZone
Decoy-Debug-Status
X-ProxyCache-Key
X-Access
X-ProxyCache-Status
X-Proto
X-Format
X-Be
Decoy-Debug-TTL
X-Status
X-Section
X-Akamai-Edgescape
Mn-Server-Ip
X-ApacheServer
X-Cache-PHP
X-FB-TRIP-ID
AMP-Access-Control-Allow-Source-Origin
X-Hl-Ver
X-Labrador-Cache-Channel
X-Origin-Date
X-Sql-Duration-Ms
X-PERF
X-Sql-Count
X-PHP-Host
X-UA-Device-Type
X-Rule
X-Uri
X-Hyper-Cache
X-Hosted-By
X-Redis-Cache
X-Revision
X-Backend-Name
X-Webkit-Csp
X-Ua-Device
X-Web-Node
X-Trace-Id
Xserver
X-B3-SpanId
X-WA-Info
X-ATG-Version
X-Cache-Type
X-FW-Version
X-Content-Age
X-MP-GENERATED-AT
X-Cached-By
X-Dc
X-Time-Microsecs
X-Aws-Lambda-Call-Status
X-Tumblr-Pixel-3
X-Soup
X-Cache-Enabled
X-ServerID
Backend
X-Akamai-Transformed
X-Edge-Location
X-CSRF-Token
X-Mode
X-TT-LOGID
X-Cdn
X-Datadome
X-CS
X-Info
X-Microcachable
X-Bc-Bl
X-Parallel-Accel
X-Detected-As
X-APP-VERSION
X-Varnish-Beresp-Status
X-Varnish-Cache-Hits
OT-Force-Account-Verify
X-SRV
X-Cluster-Node
GEO-INFO
Count-Hit
X-Cache-Host
X-Azure-Ref-OriginShield
X-Cache-NGX
Web-Mar-Node
X-Generation-Time
X-Varnish-Hits
Who
X-Debug-Cache
X-Amzn-RequestId
X-Proxied
X-Amzn-Remapped-Content-Length
Cross-Origin-Opener-Policy
X-Zipkin-Id
X-Routing-Service
X-Amz-Apigw-Id
X-Storage
X-Platform
X-Varnish-Beresp-Ttl
X-B3-Traceid
X-Extlb
DataCenter
X-Unique-ID
X-Servername
X-Origin-CC
X-DataDome
X-Origin-TTL
X-Locale
Server-Info
X-A-Dgt
X-A-Wwc
X-A
Req-Svc-Chain
Apple-News-Services-Parsed-Url
A
Rendered-Blocks
Apple-News-Services-Host
State
Surrogated-Key
X-A-Dam
X-A-Ccd
Apple-News-Services-Request-Url
T-Server
X-A-Dcw
X-BCube-Filmed-By
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-NE
BehaviorPad-Version
X-Cms-Context
X-Connection-Hash
SID
Odigeo-Trace-Id
X-D
X-Core-Value
X-Air-Hostname
X-Air-Source
X-ARC
X-Application
X-Aicache-OS
X-Aed
X-B-Cookie
X-Destination
X-Air-Trace-Id
X-Cache-Bucket
X-Bip
X-Developer
CDN-CachedAt
Expiry
X-Vtex-Remote-Cache
X-Request-URI
Content-Disposition
Fastcgi-X-Cache-Version
Cache-Host
M-TraceId
X-Session-Fingerprint
X-S-Cookie
X-Ratelimit-Reset
MD5-Digest
X-Vtex-Processado-Em
X-VG-WebServer
DCR-Processing-Time-Ms
DCR-Decision-By
Host-ID
X-Thanos
X-Sucuri-ID
X-SRCache-Key
X-Rewrite-Enabled
X-VG-WebCache
X-ScT
X-Vdms-Version
X-Vdms-Path
X-Proxy-Upstream
X-Via-JSL
CDCHOST
X-Geo-Header
X-Rojux
CDN-Cache
X-Service
X-Generated-On
Meta-Geo-Continent
Mobile-Detection-Method
X-Epic-Correlation-Id
X-External-Request-Id
X-From
Apple-News-Services-Handled
CDN-EdgeStorageId
X-PAYTM-SRV-ID
CDN-Uid
X-PBS-Appsvrname
X-S
X-Processor
CDN-RequestId
X-NAPM-TraceId
X-Level-Front-Cache
CDN-PullZone
X-Location
Fastly-Backend-Name
CDN-RequestCountryCode
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Tb
Upgrade-Insecure-Requests
X-CACHE-KEY
X-TEC-API-ORIGIN
Fastly-Drupal-HTML
Location
Path
Memcached
Origin
PFcat
L
Fastly-SWR
Kp-EeAlive
Fastly-SIE
X-Has-Esi
X-Req
X-Request-UUID
X-VG-TLSProxy
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Origin
X-Platform-Server
X-VarnishDD-TTL
X-Varnish-Url
X-Served-From
X-Scheme
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-Var-Ttl
X-TrackingId
X-NU-AKA-ACS-Version
X-Minions-Version
X-Cache-Debug
X-Clientip
X-Date
X-Branch-Name
X-Backend-State
Server-Host
X-Accel-Expires-Debug
X-Developers
X-Envoy-Decorator-Operation
X-Is-Gdpr
X-JWT-State
X-HN
X-Hash
X-Gamma-Serve
X-GoCache-CacheStatus
Pics-Label
X-AIR-PT
X-Magnolia-Registration
Cmsid
Fastcgi-Cache-TTL
X-VHOST
X-Varnish-Ttl
AKAMAI
Cmstype
CacheControlHeader
Esi-Enabled
X-Cache-Grace
X-Site-Version
User-Cache-Control
Wxu-Next-Hostname
X-Generated-By
X-Thinkindot-L3
X-SVT-ORM-RULES
X-Forwarded-Site
X-Ua
X-HP-Trace-Id
Wxu-Next-Commit
X-SVT-ORM-VERSION
X-Variation
Thinkindot-CacheControl
TDXMobile
Svr
Thinkindot-CacheControl-Type
Thinkindot-Control
S-Rt
UCS
True-Client-Country-4JS
Vix-Hermes-Req-Id
X-Request-Host
X-Men
X-Micro-Cache
X-Origin-Expires
X-Cluster
X-Loc
X-LI-UUID
X-DPWN-IS-SECURE
X-Li-Pop
X-Device-Os
X-Fastly-Backend
X-Clara-WADP
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Li-Fabric
X-Fmm-Version
X-VC-Cache
X-Owner
X-Cache-Info
X-Fastly-Cache
Source
Wxu-Next-Region
PB-PID
Arc-Version
PB-RID
Arc-Country
Platform
Is-Eu
C-Via
Cf-Device-Type
X-WADP-Cache
NGX
NM-Fastcgi-Cache
DSUID
Pagetype
Ec-Rule-Version
Adler-Geo
X-Viewer-Country
Gh-Request-Id
NtCoent-Length
X-Forwarded-Host
X-Shop-Environment
L5d-Success-Class
X-Old-Content-Length
X-Nginx-Cache-Key
Locid
X-Csrf-Jwt
X-Gzip
X-CGP
X-Wikidot-Static-Cache
X-Cache-Tags
CPC-Age
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Amz-Meta-S3cmd-Attrs
X-DefElseHash
X-Eu-Site
X-GeoIP-City
X-Hnp-Log
X-Esi-Check
HA-Ipaddr
Url
X-NWS-UUID-VERIFY
X-Forwarded-Path
Ha-Gx-Prefs
X-Fetched-On
X-Orig-Expires
X-DefHash
IsBot
CPC-Cache
X-Block-Status
VNS-Age
Release
X-User
VNS-Cache
We-Hiring
X-Slack-Backend
X-Generated-In
V-Age
X-VServer
Sever-Int
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Via-NSCOPI
Server-Ext
Server-Hostname
X-Tenant
X-Skip-Cache
X-Policy
X-Varnish-Remaining-TTL
X-Wikidot-Backend
X-GeoIP
Mail-Subject
X-Cache-Id
X-Qloud-Router
Cross-Origin-Window-Policy
X-Gen-Mode
X-SIPLIST1
My-App
Cache-Key
X-EC-Lua
Webserver
X-Irp-Debug
Content-Secure-Policy
X-HS-Content-Campaign-Id
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Cache-Hits
X-PF-Uncompressing
X-Unique-Id
X-TX-ID
X-FC-Vary-Parameters
X-Mvc-Supplant-Cachable
Powered-By-ChinaCache
XServer
X-Pass-Why
X-Zone
X-Vc
MIME-Version
Geo-Info
X-Ratelimit-Limit
X-Ftr-Request-Id
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-PJAX-URL
X-Mvc-Supplant-OutputCached
X-Srv
X-Internal-Host
X-Conf
X-Cache-Ttl
X-GEO
X-TIME
X-NC
X-OVcl-Cache
X-OVcl
X-Refresh
X-BBC-Edge-Cache-Status
X-ID
Cf-Bgj
X-Ckpd-Fst-Backend
X-Worker
X-Servedbyhost
WebServer
X-Backend-TTL
X-TraceId
Magicmarker
DB-Nickname
Server-ID
X-Ratelimit-Remaining
X-LB-ID
X-Auto-Login
X-NCache
X-DC
X-V-Cache
X-Geo
Geoip-Latitude
Time
Memory
GeoIp-Country-Code
X-LSADC-Cache
X-ZONE
HostName
X-Traceid
X-Method
X-Dispatcher-Server
X-Rocket-Nginx-Serving-Static
X-Render-Time
Tcn
X-NewRelic-App-Data
X-Platform-Processor
X-M-Log
X-M-Reqid
X-Platform-Cluster
Hostname
X-Platform-Router
X-Tx-Id
X-Newrelic-Synthetics
X-Qnm-Cache
X-Wa
X-SD-PageType
X-Tb-Optimization-Total-Bytes-Saved
X-IP
X-App
X-CLOUD-TRACE-CONTEXT
Ssr
X-Cache-Remote
Resin-Trace
LB
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
Environment
X-Correlation-ID
X-NodeID
X-Nyt-Route
X-Origin-Time
X-API-Version
X-Gdpr
X-Li-Proto
X-VCL-Version
X-BBC-Origin-Response-Status
Ohc-File-Size
X-Dynatrace
X-MSEdge-Flight
X-MSEdge-Features
X-Trv-Group
X-HITS
X-Via-Ucdn
X-Nc
X-Cache-Config
Cluster
X-Server-IP
X-CACHE-AGE
X-Pod-Name
X-URL
X-Vcl-Version
X-Origin-Response-Time
X-Edge-Pop
X-Node-Id
X-Via-CDN
Datacenter
Candidate-Md5Url
X-LI-Proto
Cf-Ipcountry
X-DynaTrace-JS-Agent
X-Varnish-Beresp-TTL
X-Cache-Var-Map
X-APP
X-Cache-Var
Env
X-ServerName
X-Akamai-Pragma-Client-IP
X-Esi
Web-Mar-Region
X-Reqid
X-Wix-Viewer-Type
X-ElasticPress-Query
X-ND-Cache
N-Cache
X-Webkit-CSP-Report-Only
X-HostName
CF-Cached-On
X-WA
Sid
Viewtype
X-HS-Status
CDN
Rt-Fastcgi-Cache
VivaBuild
X-Dynatrace-Js-Agent
X-FTR-Request-ID
X-COUNTRY
X-Cs
Proxy-Connection
GeoIP-Latitude
GeoIP-Country-Code
Machine
Servername
Server-Id
Onion-Location
X-Cdn-Forward
X-Varnish-Cacheable
X-NGINX-Cache
X-CSRF-TOKEN
X-EIG-Tracking-Id
X-Fastly-Backend-Reqs
Cdn
X-FORWARDED-FOR
X-Lb-Id
X-Check-Cacheable
WWW-Authenticate
On-Server
X-ServedByHost
FSS-Cache
WZWS-RAY
Ohc-Cache-HIT
X-Xrds-Location
X-Via-PopN
X-Via-PopV
X-Ua-Browser
X-Fastly-Request-Id
X-Via-PopH
X-Swa-Ws
X-IN-APIGATEWAYSSL
X-Pjax-Url
X-Fpc
X-Content
X-IN-APIGATEWAY
X-Cache-Backend
X-VC
X-SN
X-FTR-Balancer
Cteonnt-Length
X-Oss-Server-Time
X-Country-Code-Real
CountryCode
URI
Mime-Version
X-Tid
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-FTR-Backend-Server
X-Oss-Storage-Class
X-FTR-Cache-Status
X-Oss-Request-Id
X-Request-Start
X-FTR-DC
Redirect-Candidate
Xc-Version
X-FTR-Backend
X-FTR-Realm
Server-Ttl
X-TIM-N
X-AB
Shield-Pop
X-MG-S
X-Presslabs-Stats
X-CCM
X-Up
X-Air-Pt
Tracecode
X-Cache-ASPX
X-Swift-Error
X-Contensis-Viewer-Groups
CACHE
X-Varnish-Authentication
X-RPM
X-RPS
X-FTR-Expires
X-DW
X-RSL
Ohc-Response-Time
X-DB
X-Action
X-DI
X-DSS
X-Fastly-Cache-Hits
Vha6-Origin
WP-Super-Cache
X-Pf-Uncompressing
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Pramga
Is-Us
X-Yottaa-OS
Xet-Cookie
X-ElasticPress-Search
Warning
X-Snapshot-Date
X-LiteSpeed-Cache-Control
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Date
X-CUA
X-StackifyID
X-Acquia-Site
X-Dw-Trace-Id
X-SB
X-Webstats-RespID
Lb
X-Sn-Servicetimems
X-Cdn-Origin
X-Edge-POP
X-CCDN-CacheTTL
X-Region-Sid
X-Apw-Access-Action
SR-User-Adfree
X-Apw-Access-Object
X-Apw-Access-Token
X-Cache-Status-Check
X-Apw-Hits
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-MiniProfiler-Ids
X-Pad
X-Tt-Logid
X-TH-Server
X-C
X-Mg-Request-Id
Instruction
ServerName