Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
Request-Context
Server-Timing
X-Robots-Tag
X-Ws-Request-Id
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Vhost
X-Amz-Version-Id
X-Server-Id
NEL
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH
X-WebKit-CSP
X-Readtime
X-Response-Time
X-Akam-SW-Version
X-Webkit-CSP
Xkey
X-HW
X-Country
X-Ac
X-Application-Context
Content-Location
X-Language
Accept-Ch-Lifetime
X-Template
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Url
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Mod-Pagespeed
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
X-B3-TraceId
X-ESI
X-MS-InvokeApp
X-Varnish-TTL
X-Trace
Accept-CH-Lifetime
X-GitHub-Request-Id
Fastly-Restarts
X-Content-Type
X-ASPNET-VERSION
X-Cnection
X-Rack-Cache
X-Origin-Cache
X-FastCGI-Cache
X-D2id
Arr-Disable-Session-Affinity
X-Country-Code
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Revision
X-Use-Magma
Verso
X-Goog-Hash
X-VARITI-CCR
X-Server-Name
X-Cached
X-Vcap-Request-Id
X-Navigation-Version
X-Powered-By-Plesk
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
X-Buckets
Service-Worker-Allowed
X-ORACLE-DMS-ECID
Accept-Ch
X-Fastly-Request-ID
RTSS
X-Middleton-Response
X-Middleton-Display
X-Sol
Response
Display
Pagespeed
X-Cache-TTL
Access-Control-Request-Method
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-Ttl
X-NF-Request-ID
Public-Key-Pins
X-Dw-Request-Base-Id
X-Upstream
X-Ruxit-Js-Agent
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
X-Edge
X-LLID
X-Kinsta-Cache
X-Px
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-TTL
Realpath
X-Edge-Location-Klb
X-Oneagent-Js-Injection
SPIisLatency
SPRequestDuration
X-Accel-Expires
X-SharePointHealthScore
SPRequestGuid
X-ECACHE
X-HP-Webp
X-Jurisdiction
X-T
X-PressLabs-Stats
X-Mid
X-MCACHE
X-Forwarded-Proto
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-Correlation-Id
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Instrumentation
Charset
X-Recruiting
X-DynaTrace
Pinterest-Generated-By
Edge-Cache-Tag
X-Pinterest-Rid
X-Mg-S
Pinterest-Version
TP-L2-Cache
X-Release
TP-Cache
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Ezoic-Cdn
X-Content-Digest
X-Request-Received
X-Id
X-Server-ID
X-Request-Processing-Time
X-Cache-Key
Nginx-Cache
Filters
Server-Node
X-Logged-In
Alternate-Protocol
Front-End-Https
Cache-Tags
X-ORACLE-DMS-RID
Content-MD5
TCN
X-Forwarded-For
X-Origin-Upstream-Status
X-Litespeed-Cache
Server-Name
X-XRDS-Location
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
X-Amzn-Trace-Id
X-Origin-Server
X-Grace
X-WebKit-CSP-Report-Only
X-Geo-Country
X-Hostname
X-Contextid
X-Rid
Cleartype
X-Amz-Replication-Status
Host
X-F-Cache
X-RateLimit-Remaining
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Metageneration
X-AppVersion
X-Activity-Id
X-Az
X-HS-Hub-Id
X-HS-Content-Id
X-Protected-By
X-Www-Served-By
X-HS-Cache-Config
X-HS-Combine-CSS
X-Debug-Info
X-Frontend
Section-Io-Cache
X-LB-Cache
MicrosoftSharePointTeamServices
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
AR-CACHE
AR-PoweredBy
AR-ATIME
Ar-Sid
AR-Request-ID
X-Ser
X-Page-Id
X-Git-Hash
X-Aspnetmvc-Version
X-NWS-LOG-UUID
X-Cache-Age
X-XRDS-LOCATION
Accept-Charset
X-Upgrade-Enabled
X-Varnish-Age
X-Respond-Thread
X-Hits
X-Source
X-DIS-Request-ID
X-Content-Options
X-Tec-Api-Root
X-Tec-Api-Origin
ServerID
X-Tec-Api-Version
X-VCache
Paypal-Debug-Id
X-Mobile-URL
X-CACHE-GROUP
X-Varnish-Backend
X-Varnish-Grace
X-B-Cache
X-Signature
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-B3-Sampled
X-Aspnet-Duration-Ms
X-Providence-Cookie
Healthy
Viewport
Access-Control-Allow-Method
X-Is-Crawler
X-Request-Guid
X-Flags
X-Route-Name
X-Cache-Action
X-FB-Debug
Payment
X-Daa-Tunnel
X-Microsite
X-TT
X-Whom
X-N
X-Request-Handler-Origin-Region
Node
X-AOL-HN
X-App-Environment
X-Seen-By
X-Type
Version
X-Load-Cache
Fastcgi-Useragent
X-Mobile
DC
X-Fastcgi-Cache
MS-CV
DynaTrace
X-Yandex-Sdch-Disable
X-Cache-Expired-At
X-Ab
X-HTML-Minification-Powered-By
Filterid
X-Distributor
X-Cache-Control
Retry-After
X-IPLB-Instance
SRV
X-Response-Served-From
X-Original-Request-Id
Frame-Options
X-Instance
X-UUID
X-User-Agent
Nel
X-Tt-Trace-Tag
X-RemovedCookies
X-Tt-Trace-Host
X-Tumblr-Pixel
NGB
X-Tumblr-Pixel-0
X-IPS-LoggedIn
X-ProcessESI
X-Tumblr-User
X-Proxy-Cache-Status
X-Tumblr-Pixel-1
X-Adobe-Loc
X-Debug-IsPreview
X-Cluster-Name
X-Content-Powered-By
X-Debug-IsConnected
X-FireWall-Port
X-Adobe-Content
X-Varnish-Server
X-Real-IP
X-Proxy
X-RTag
X-Cacheable-TTL
VIX-Pulpo-Node
Uber-Trace-Id
X-Device-Type
X-Region
X-Cache-Time
Access-Control-Request-Headers
Ms-Operation-Id
VIX-Pulpo-Upstream-Status
X-Page-View
X-B
X-Jobs
X-Debug
Refresh
X-Framework
X-Accel-Buffering
X-G
Cache
X-Wix-Request-Id
X-Zen-Fury
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-RateLimit-Limit
Section-Io-Id
X-Vgn-Hpd-Reason
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Countrycode
X-Oracle-Dms-Rid
Cache-Status
X-NGENIX-Cache
X-Nginx-Cache
X-Cache-Hit
X-Mg-Request-UUID
X-App-Version
Surrogate-Key
X-Time
X-Azure-Ref
X-CDN-Forward
Country
X-Rendered-As
X-Is-Bot
X-Drupal-Cache-Tags
S-Cnection
X-EdgeConnect-Cache-Status
X-Ms-Version
X-Ms-Request-Id
X-Cache-Rule
Eomportal-Instance
X-TA-CDN-Provider
X-App-Server
Referer-Policy
SD-X-WS
X-Node-Name
Liferay-Portal
X-Drupal-Cache-Contexts
From-Origin
X-ES-SERVER
Meta-Geo
X-L-Path
X-JoinUs
X-SaId
X-Environment-Context
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-Cache-Operation
X-RN-RSRV
Amp-Access-Control-Allow-Source-Origin
X-Pubstack
X-Request-Time
X-No-Session
ServedBy
Azure-Version
X-Endurance-Cache-Level
X-Backend-Host
Azure-InstanceId
X-Cache-TTL-Remaining
Azure-RegionName
Azure-SiteName
X-GG-Cache-Date
Azure-SlotName
X-Cache-Server
X-Handled-By
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-Via-Fastly
X-Varnish-Hostname
CF-IPCountry
X-S-Maxage
X-Varnishpool
TWC-Privacy
Webcakes-App-Name
Cache-Tv-Group
TWC-Connection-Speed
X-PCL
TWC-Locale-Group
X-Origin-Hint
X-BYPASS-REASON
TWC-GeoIP-LatLong
X-Be
Webcakes-Region
X-Proto
X-Sorting-Hat-PodId
X-Adobe-Source
X-Sorting-Hat-ShopId
X-TNCMS
X-Alternate-Cache-Key
X-Varnish-Beresp-Grace
X-Shopify-Stage
X-AWS-Id
X-Server-W
Webcakes-App-Version
X-PHP-Backend
X-LAGOON
Property-Id
TWC-Device-Class
X-ShardId
X-OCL
Protected
X-Loop
X-ProxyCache-Key
X-LJ-Flow-ID
X-ShopId
X-NYM-Debug-Backend
X-Storefront-Renderer-Rendered
Akamai-GRN
X-Yottaa-Optimizations
Fastly-SSL
X-ProxyCache-Status
TWC-GeoIP-Country
X-Human
X-VWS-Id
X-Yottaa-Metrics
X-Timing-Wait
Decoy-Debug-Status
Selected-Fe
Decoy-Debug-TTL
Decoy-Debug-Key
Cache-Name
X-Proxy-Build
Apigw-Requestid
X-Say-TTL
X-Format
X-Status
X-RCS-CacheZone
X-Say-Cacheable
X-Backend-Name
X-Rule
X-Access
X-SayCDN-TTL
X-Section
X-Labrador-Cache-Channel
X-Sql-Count
X-ApacheServer
X-Sql-Duration-Ms
X-Hl-Ver
X-PERF
X-Origin-Date
X-FB-TRIP-ID
X-UA-Device-Type
X-PHP-Host
X-Akamai-Edgescape
Mn-Server-Ip
AMP-Access-Control-Allow-Source-Origin
Country-Code
X-Hosted-By
X-Uri
X-Cache-PHP
X-Hyper-Cache
X-Revision
X-Redis-Cache
X-Webkit-Csp
X-Web-Node
X-Ua-Device
X-Trace-Id
X-B3-SpanId
Xserver
X-MP-GENERATED-AT
X-B3-Traceid
X-ATG-Version
X-Cache-Type
X-WA-Info
X-Content-Age
X-Cached-By
X-FW-Version
X-Dc
X-ServerID
X-Time-Microsecs
X-Aws-Lambda-Call-Status
X-Soup
X-Tumblr-Pixel-3
X-Cache-Enabled
X-CSRF-Token
X-Akamai-Transformed
X-Edge-Location
Backend
X-Mode
X-Datadome
X-Microcachable
X-APP-VERSION
X-Info
X-Detected-As
X-TT-LOGID
X-Bc-Bl
X-CS
X-Varnish-Beresp-Status
X-Azure-Ref-OriginShield
X-Parallel-Accel
X-Varnish-Cache-Hits
Count-Hit
X-Cluster-Node
X-SRV
GEO-INFO
OT-Force-Account-Verify
X-Cache-Host
X-Generation-Time
Web-Mar-Node
Who
X-Varnish-Hits
X-Debug-Cache
X-Routing-Service
X-Storage
X-Amzn-RequestId
X-Proxied
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Platform
X-Cache-NGX
Cross-Origin-Opener-Policy
X-Zipkin-Id
X-Varnish-Beresp-Ttl
X-Extlb
X-Unique-ID
DataCenter
X-Via-JSL
X-Servername
X-Locale
X-Origin-TTL
Server-Info
X-Origin-CC
X-DataDome
Fastcgi-X-Cache-Version
Host-ID
X-CF-Lambda-Version
X-Cms-Context
X-CF-Lambda-Fn
Content-Disposition
X-Cache-Bucket
X-Aed
Fastly-Backend-Name
X-B-Cookie
DCR-Decision-By
X-Magnolia-Registration
DCR-Processing-Time-Ms
X-Aicache-OS
X-Application
X-BCube-Filmed-By
X-ARC
X-Cache-NE
Surrogated-Key
CDN-EdgeStorageId
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
CDN-PullZone
Apple-News-Services-Handled
Apple-News-Services-Host
Meta-Geo-Continent
BehaviorPad-Version
Cache-Host
CDCHOST
M-TraceId
CDN-CachedAt
MD5-Digest
Mobile-Detection-Method
Odigeo-Trace-Id
X-A
T-Server
X-A-Ccd
X-A-Dam
X-A-Dgt
X-A-Dcw
CDN-Cache
CDN-Uid
A
CDN-RequestCountryCode
CDN-RequestId
Rendered-Blocks
Req-Svc-Chain
X-A-Wwc
X-Epic-Correlation-Id
X-SRCache-Key
X-Connection-Hash
X-Sucuri-ID
X-Vdms-Version
X-Request-URI
X-Generated-On
X-Geo-Header
X-Vdms-Path
X-Level-Front-Cache
X-PBS-Appsvrname
X-NAPM-TraceId
X-Location
X-Vtex-Remote-Cache
X-Proxy-Upstream
X-Processor
X-Session-Fingerprint
X-Rewrite-Enabled
X-S-Cookie
X-Developer
X-Destination
X-D
X-ScT
X-Core-Value
X-S
X-Vtex-Processado-Em
X-From
Expiry
X-External-Request-Id
X-Rojux
X-VG-WebServer
X-VG-WebCache
X-PAYTM-SRV-ID
X-TEC-API-VERSION
X-Tb
X-CACHE-KEY
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Upgrade-Insecure-Requests
SID
X-Service
Fastly-Drupal-HTML
X-Sigma
X-VG-TLSProxy
X-Served-From
Memcached
Fastcgi-Cache-TTL
Location
Fastly-SIE
X-TrackingId
X-Var-Ttl
Kp-EeAlive
X-VarnishDD-TTL
X-Thanos
Gh-Request-Id
X-Varnish-Url
X-Sigma-Backend
Fastly-SWR
L
X-Rebelmouse-Cache-Control
X-HN
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-Minions-Version
X-GoCache-CacheStatus
X-Gamma-Serve
X-Developers
X-Branch-Name
X-Bip
X-Envoy-Decorator-Operation
X-Backend-State
X-NU-AKA-ACS-Version
X-Origin
Path
PFcat
Pagetype
Origin
X-Request-UUID
Pics-Label
X-Req
State
X-Platform-Server
X-Ratelimit-Reset
Server-Host
X-Rebelmouse-Surrogate-Control
X-Rocket-Build-Number
X-Cache-Debug
X-Air-Source
X-Air-Trace-Id
CacheControlHeader
X-Air-Hostname
X-Varnish-Ttl
AKAMAI
X-VHOST
X-AIR-PT
Esi-Enabled
User-Cache-Control
X-Cache-Grace
X-Site-Version
Source
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Amz-Meta-S3cmd-Attrs
X-CGP
X-Clara-WADP
X-Clientip
TDXMobile
Thinkindot-CacheControl
X-Cache-Tags
X-Cache-Info
X-Accel-Expires-Debug
X-Cluster
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
True-Client-Country-4JS
UCS
Vix-Hermes-Req-Id
Wxu-Next-Region
X-Device-Os
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Owner
X-HP-Trace-Id
X-Micro-Cache
X-Scheme
X-Thinkindot-L3
X-WADP-Cache
X-Viewer-Country
X-VC-Cache
X-Variation
X-Loc
X-LI-UUID
X-Eu-Site
X-Fastly-Cache
X-DPWN-IS-SECURE
X-Ua
X-Date
X-Fmm-Version
X-Generated-By
X-Li-Pop
X-Li-Fabric
X-Hash
X-Generated-In
X-Csrf-Jwt
X-Policy
Platform
HA-Ipaddr
Arc-Country
Cmsid
Svr
Cf-Device-Type
Is-Eu
NGX
Mail-Subject
NM-Fastcgi-Cache
Adler-Geo
L5d-Success-Class
Cmstype
Ha-Gx-Prefs
Ec-Rule-Version
X-Forwarded-Host
X-NWS-UUID-VERIFY
S-Rt
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Forwarded-Path
X-GeoIP
X-Gzip
X-Hnp-Log
IsBot
X-Wikidot-Static-Cache
X-Irp-Debug
X-Orig-Expires
Cache-Key
X-Gen-Mode
X-Tenant
X-Esi-Check
C-Via
Arc-Version
X-Fastly-Backend
X-FC-Vary-Parameters
X-Wikidot-Backend
X-Forwarded-Site
X-Fetched-On
X-Shop-Environment
Locid
X-VServer
X-SVT-ORM-RULES
X-Slack-Backend
X-SIPLIST1
X-EC-Lua
X-SVT-ORM-VERSION
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
CPC-Age
NtCoent-Length
X-User
X-Request-Host
X-Qloud-Router
X-Old-Content-Length
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Varnish-CookieINHashed-On
X-Via-NSCOPI
X-Origin-Expires
CPC-Cache
X-PF-Uncompressing
DSUID
X-Men
X-Skip-Cache
VNS-Cache
VNS-Age
Server-Hostname
PB-RID
PB-PID
X-Cache-Id
X-Block-Status
V-Age
Server-Ext
X-DefElseHash
My-App
Sever-Int
X-DefHash
Cross-Origin-Window-Policy
Webserver
X-Unique-Id
X-Planisys-CDN-TTL
X-GeoIP-City
X-TX-ID
Cache-Hits
X-Planisys-CDN-Rules
Url
X-HS-Content-Campaign-Id
X-Planisys-CDN-Cache
Content-Secure-Policy
Release
Powered-By-ChinaCache
XServer
X-Pass-Why
MIME-Version
X-Mvc-Supplant-OutputCached
X-PJAX-URL
X-Ftr-Request-Id
X-Vc
Geo-Info
X-Ratelimit-Limit
X-Via-Popv
X-Conf
X-Via-Poph
X-Srv
X-Via-Popn
X-Cache-Ttl
X-Internal-Host
X-Zone
X-GEO
X-NC
X-OVcl-Cache
X-BBC-Edge-Cache-Status
X-OVcl
X-TIME
X-Refresh
X-ID
X-Servedbyhost
Cf-Bgj
X-Ckpd-Fst-Backend
X-Worker
X-Backend-TTL
WebServer
X-TraceId
Magicmarker
X-Auto-Login
X-LB-ID
DB-Nickname
Server-ID
X-Ratelimit-Remaining
X-NCache
Geoip-Latitude
GeoIp-Country-Code
X-LSADC-Cache
X-Geo
Memory
Time
X-V-Cache
X-DC
X-ZONE
X-Dispatcher-Server
X-Rocket-Nginx-Serving-Static
X-Render-Time
X-Method
X-Traceid
HostName
Tcn
X-M-Reqid
X-Wa
Hostname
X-Tx-Id
X-Platform-Cluster
X-M-Log
X-Newrelic-Synthetics
X-Platform-Router
X-Platform-Processor
X-Qnm-Cache
X-NewRelic-App-Data
X-IP
Ssr
X-Tb-Optimization-Total-Bytes-Saved
Resin-Trace
X-CLOUD-TRACE-CONTEXT
X-App
X-Cache-Remote
X-SD-PageType
LB
X-Datadog-Trace-Id
Environment
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Correlation-ID
X-NodeID
X-Li-Proto
X-Origin-Time
X-API-Version
X-Cache-Config
X-BBC-Origin-Response-Status
X-Gdpr
X-Nyt-Route
X-VCL-Version
Ohc-File-Size
X-CACHE-AGE
X-Trv-Group
X-Server-IP
X-HITS
X-Via-Ucdn
X-MSEdge-Features
X-Pod-Name
X-Nc
X-MSEdge-Flight
X-Dynatrace
Cluster
X-Vcl-Version
X-Via-CDN
Candidate-Md5Url
X-LI-Proto
X-Edge-Pop
X-Origin-Response-Time
X-Node-Id
Datacenter
X-DynaTrace-JS-Agent
Cf-Ipcountry
X-Varnish-Beresp-TTL
X-APP
Env
X-Cache-Var
X-Cache-Var-Map
X-Akamai-Pragma-Client-IP
X-ServerName
X-ElasticPress-Query
X-Wix-Viewer-Type
Web-Mar-Region
X-ND-Cache
X-Reqid
X-Webkit-CSP-Report-Only
X-HostName
N-Cache
CF-Cached-On
X-WA
Sid
CDN
X-Dynatrace-Js-Agent
X-HS-Status
X-FTR-Request-ID
Proxy-Connection
VivaBuild
Rt-Fastcgi-Cache
Viewtype
X-Cs
Machine
Servername
GeoIP-Country-Code
GeoIP-Latitude
Server-Id
X-Cdn-Forward
Onion-Location
X-Varnish-Cacheable
X-Lb-Id
X-Fastly-Backend-Reqs
Cdn
WWW-Authenticate
X-EIG-Tracking-Id
X-NGINX-Cache
X-CSRF-TOKEN
On-Server
X-ServedByHost
FSS-Cache
WZWS-RAY
X-URL
X-Check-Cacheable
X-Esi
CountryCode
Ohc-Cache-HIT
X-Xrds-Location
X-FORWARDED-FOR
X-Cache-Backend
X-Via-PopN
X-Via-PopV
X-Pjax-Url
X-Ua-Browser
X-Via-PopH
X-Fastly-Request-Id
X-IN-APIGATEWAY
X-Content
X-Fpc
X-VC
X-IN-APIGATEWAYSSL
X-Swa-Ws
X-SN
X-Oss-Object-Type
X-FTR-Backend-Server
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-FTR-Backend
X-Country-Code-Real
Mime-Version
Cteonnt-Length
X-Oss-Storage-Class
Xc-Version
Shield-Pop
X-MG-S
X-TIM-N
X-Oss-Request-Id
Server-Ttl
URI
X-FTR-Balancer
Redirect-Candidate
X-FTR-Cache-Status
X-Tid
X-FTR-Realm
X-AB
X-FTR-DC
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-ASPX
Tracecode
X-Up
CACHE
X-Air-Pt
X-CCM
X-Swift-Error
X-Request-Start
X-RPM
X-DW
Xet-Cookie
X-RSL
X-StackifyID
X-RPS
X-DSS
X-Acquia-Site
X-Acquia-Application-Trace
X-DB
X-Action
X-Acquia-Application-UUID
Pramga
X-Amz-Meta-Cb-Modifiedtime
X-DI
Vha6-Origin
X-Cache-Date
Is-Us
X-Acquia-Purge-Tags
Warning
X-Yottaa-OS
X-Pf-Uncompressing
X-Dw-Trace-Id
X-CUA
X-FTR-Expires
X-Snapshot-Date
X-LiteSpeed-Cache-Control
X-ElasticPress-Search
Ohc-Response-Time
X-Webstats-RespID
X-SB
X-Fastly-Cache-Hits
WP-Super-Cache
Lb
X-Cdn-Origin
X-Region-Sid
X-Sn-Servicetimems
X-Apw-Access-Action
X-Apw-Access-Object
Instruction
X-Apw-Hits
X-Apw-Access-Token
X-Cache-Status-Check
X-CCDN-CacheTTL
X-Pad
X-C
X-TH-Server
X-MiniProfiler-Ids
SR-User-Adfree
ServerName
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Mg-Request-Id
X-Tt-Logid