Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
X-XSS-Protection
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Robots-Tag
Request-Context
X-Dns-Prefetch-Control
Server-Timing
X-Ws-Request-Id
X-Server
X-AH-Environment
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-LiteSpeed-Cache
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Pingback
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-Vhost
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-WebKit-CSP
X-Response-Time
X-Akam-SW-Version
X-Readtime
Accept-CH
Xkey
X-HW
X-Country
X-Ac
Content-Location
X-Application-Context
X-Webkit-CSP
Accept-Ch-Lifetime
X-Language
X-Template
MS-Author-Via
Rating
X-Cloud-Trace-Context
X-Url
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Varnish-TTL
X-Trace
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-Cnection
X-Origin-Cache
Accept-CH-Lifetime
X-Rack-Cache
X-ASPNET-VERSION
Accept-Ch
X-D2id
X-Exp-Id
Arr-Disable-Session-Affinity
X-Use-Magma
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
Verso
X-Country-Code
X-VARITI-CCR
X-Goog-Hash
X-Cached
X-Server-Name
X-Vcap-Request-Id
X-Powered-By-Plesk
X-Navigation-Version
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-FastCGI-Cache
X-Buckets
X-Fastly-Request-ID
X-ORACLE-DMS-ECID
X-Middleton-Response
X-Sol
Pagespeed
Display
X-Middleton-Display
Response
RTSS
X-Ttl
Access-Control-Request-Method
X-Cache-TTL
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-NF-Request-ID
X-Dw-Request-Base-Id
Public-Key-Pins
X-Upstream
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ruxit-Js-Agent
X-Edge
S
X-Kinsta-Cache
X-LLID
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Px
Realpath
SPRequestDuration
SPIisLatency
X-TTL
X-Accel-Expires
SPRequestGuid
X-SharePointHealthScore
X-ECACHE
X-T
X-Jurisdiction
X-Oneagent-Js-Injection
X-HP-Webp
X-Mid
X-MCACHE
X-Forwarded-Proto
X-PressLabs-Stats
X-Edge-Location-Klb
X-Mg-S
X-Release
Charset
X-Content-Security-Policy-Report-Only
X-Correlation-Id
X-Recruiting
X-Shield-Request-Id
X-Litespeed-Cache
Edge-Cache-Tag
TP-Cache
TP-L2-Cache
X-DynaTrace
Pinterest-Generated-By
Pinterest-Version
X-Ezoic-Cdn
X-Pinterest-Rid
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Id
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Content-Digest
X-Request-Received
Filters
X-Request-Processing-Time
Cache-Tags
Server-Node
X-Logged-In
Alternate-Protocol
Content-MD5
Nginx-Cache
Front-End-Https
X-Forwarded-For
X-ORACLE-DMS-RID
X-Cache-Key
Server-Name
X-Origin-Upstream-Status
X-WebKit-CSP-Report-Only
X-XRDS-LOCATION
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
X-Amzn-Trace-Id
TCN
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-Origin-Server
X-Grace
X-Fastcgi-Cache
X-Contextid
X-Geo-Country
X-Amz-Replication-Status
X-Rid
X-F-Cache
Host
X-Activity-Id
X-Az
X-AppVersion
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-CACHE
X-Goog-Generation
X-Goog-Metageneration
X-HS-Hub-Id
Cleartype
X-GUploader-UploadID
X-HS-Cache-Config
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-HS-Content-Id
X-HS-Combine-CSS
X-Hostname
X-Www-Served-By
X-Protected-By
X-RateLimit-Remaining
X-Frontend
X-Webkit-Csp
X-Server-ID
X-LB-Cache
Section-Io-Cache
X-Debug-Info
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
MicrosoftSharePointTeamServices
X-Ser
X-XRDS-Location
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Page-Id
X-Git-Hash
X-Cache-Age
Accept-Charset
X-Varnish-Age
X-Aspnetmvc-Version
X-Upgrade-Enabled
X-Respond-Thread
X-Hits
X-NWS-LOG-UUID
X-DIS-Request-ID
X-Microsite
X-Request-Handler-Origin-Region
X-VCache
ServerID
X-Source
X-Mobile-URL
Paypal-Debug-Id
X-Varnish-Backend
X-Content-Options
X-B-Cache
X-Signature
X-Varnish-Grace
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Payment
X-Flags
X-FB-Debug
Access-Control-Allow-Method
X-Providence-Cookie
X-Route-Name
X-Request-Guid
Nel
X-Is-Crawler
X-Aspnet-Duration-Ms
Healthy
X-TT
X-B3-Sampled
X-Whom
X-N
Viewport
X-Daa-Tunnel
X-Cache-Action
Node
X-App-Environment
X-CACHE-GROUP
X-Seen-By
X-AOL-HN
X-Type
X-Load-Cache
Version
Fastcgi-Useragent
MS-CV
DC
X-Mobile
X-Cache-Expired-At
DynaTrace
Filterid
X-Yandex-Sdch-Disable
X-HTML-Minification-Powered-By
X-Distributor
X-IPLB-Instance
X-Ab
X-Cache-Control
SRV
Retry-After
X-Original-Request-Id
X-Response-Served-From
X-FireWall-Port
X-Instance
X-Real-IP
X-Jobs
X-Tt-Trace-Tag
NGB
X-Tt-Trace-Host
X-Tumblr-User
X-Debug
X-Varnish-Server
X-UUID
X-Tumblr-Pixel-1
X-Proxy-Cache-Status
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-RemovedCookies
X-ProcessESI
X-Region
X-IPS-LoggedIn
X-Device-Type
X-Content-Powered-By
X-Proxy
X-Debug-IsConnected
Refresh
X-Debug-IsPreview
Frame-Options
Ms-Operation-Id
X-RTag
X-Cache-Time
X-Cacheable-TTL
VIX-Pulpo-Node
X-Accel-Buffering
Access-Control-Request-Headers
VIX-Pulpo-Upstream-Status
X-Page-View
Uber-Trace-Id
X-Cluster-Name
X-B
X-Adobe-Content
X-User-Agent
X-Adobe-Loc
X-Framework
X-G
X-Oracle-Dms-Rid
Cache
X-Wix-Request-Id
X-FW-Type
X-Zen-Fury
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Dynamic
Countrycode
X-App-Version
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Time
Section-Io-Origin-Status
Section-Io-Id
X-RateLimit-Limit
X-Cache-Hit
X-Vgn-Hpd-Reason
Surrogate-Key
Cache-Status
X-Nginx-Cache
X-NGENIX-Cache
X-TA-CDN-Provider
Country
X-Drupal-Cache-Tags
X-Is-Bot
X-Rendered-As
AMP-Access-Control-Allow-Source-Origin
Eomportal-Instance
X-App-Server
X-Azure-Ref
X-EdgeConnect-Cache-Status
X-Mg-Request-UUID
S-Cnection
X-Ms-Request-Id
X-Ms-Version
X-CDN-Forward
X-Cache-Rule
Referer-Policy
X-Drupal-Cache-Contexts
Liferay-Portal
SD-X-WS
X-Node-Name
X-Timing-Wait
X-Varnishpool
X-JoinUs
CF-IPCountry
Meta-Geo
X-ES-SERVER
X-Rule
X-Proxy-Build
X-SaId
From-Origin
X-RN-RSRV
Selected-Fe
X-UPSTREAM-Address
X-Tumblr-Pixel-2
Protected
X-Environment-Context
X-Cache-TTL-Remaining
ServedBy
X-L-Path
X-Pubstack
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-TNCMS
X-Via-Fastly
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Xfnlog-Site
X-Shopify-Stage
X-ShardId
X-Endurance-Cache-Level
X-Cache-Server
X-Backend-Host
X-Handled-By
X-Loop
X-R9-Blue-Green-Version
X-PHP-Backend
X-No-Session
X-Alternate-Cache-Key
X-ShopId
Xserver
X-Server-W
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-LJ-Flow-ID
Fastly-SSL
Akamai-GRN
Cache-Name
Cache-Tv-Group
Country-Code
TWC-Locale-Group
TWC-Privacy
X-Origin-Hint
X-PCL
X-OCL
X-NYM-Debug-Backend
X-LAGOON
X-Cache-PHP
X-Proto
Webcakes-App-Version
Webcakes-App-Name
Webcakes-Region
X-AWS-Id
X-Be
X-VWS-Id
Property-Id
Azure-SlotName
Azure-Version
X-S-Maxage
X-Request-Time
Azure-RegionName
Azure-SiteName
X-Varnish-Hostname
Azure-InstanceId
X-Backend-Name
X-ProxyCache-Status
X-Format
X-Section
X-ProxyCache-Key
X-RCS-CacheZone
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
X-Human
X-Access
X-Origin-Date
X-Hl-Ver
Decoy-Debug-TTL
X-Cache-Operation
Decoy-Debug-Status
Decoy-Debug-Key
Apigw-Requestid
X-Status
X-BYPASS-REASON
X-Adobe-Source
X-PHP-Host
X-Labrador-Cache-Channel
X-Akamai-Edgescape
X-ApacheServer
X-Hyper-Cache
X-UA-Device-Type
X-Dc
Mn-Server-Ip
X-Sql-Duration-Ms
X-FB-TRIP-ID
X-Varnish-Beresp-Grace
X-GG-Cache-Date
X-Sql-Count
X-PERF
X-Uri
X-Hosted-By
X-Redis-Cache
X-Cached-By
X-Web-Node
X-MP-GENERATED-AT
X-Trace-Id
X-WA-Info
X-ATG-Version
X-Content-Age
X-Ua-Device
X-FW-Version
X-B3-SpanId
X-Revision
X-CSRF-Token
X-Cache-Enabled
X-Soup
X-Time-Microsecs
X-ServerID
X-Edge-Location
X-SRV
X-Tumblr-Pixel-3
X-Datadome
Amp-Access-Control-Allow-Source-Origin
X-Cache-Type
X-Mode
Backend
X-CS
X-Info
X-Bc-Bl
X-TT-LOGID
Who
X-Microcachable
X-CACHE-KEY
X-Cache-NGX
X-Akamai-Transformed
X-Aws-Lambda-Call-Status
X-Varnish-Beresp-Status
X-Detected-As
X-Unique-ID
X-Azure-Ref-OriginShield
X-Debug-Cache
X-Proxied
X-Cache-Host
X-Routing-Service
X-Storage
X-Zipkin-Id
X-Platform
X-Varnish-Cache-Hits
X-Generation-Time
Web-Mar-Node
DataCenter
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Via-JSL
Cross-Origin-Opener-Policy
OT-Force-Account-Verify
X-Cluster-Node
X-Varnish-Hits
X-Parallel-Accel
Count-Hit
X-Varnish-Beresp-Ttl
X-APP-VERSION
X-Locale
Server-Info
X-Extlb
Geo-Info
X-Origin-TTL
X-Origin-CC
X-B3-Traceid
X-Air-Source
X-Air-Trace-Id
X-Cms-Context
X-Connection-Hash
CDN-RequestId
X-Level-Front-Cache
CDCHOST
X-Air-Hostname
X-Location
CDN-CachedAt
CDN-EdgeStorageId
X-Cache-NE
CDN-PullZone
X-CF-Lambda-Fn
X-CF-Lambda-Version
Host-ID
CDN-Cache
X-S-Cookie
X-NAPM-TraceId
CDN-Uid
BehaviorPad-Version
X-Generated-On
X-ScT
A
X-Geo-Header
X-Developer
X-Destination
DCR-Decision-By
X-D
X-From
Content-Disposition
X-Core-Value
Apple-News-Services-Request-Url
Fastly-Backend-Name
X-External-Request-Id
DCR-Processing-Time-Ms
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Expiry
Fastcgi-X-Cache-Version
X-Magnolia-Registration
X-Rewrite-Enabled
X-AIR-PT
X-Proxy-Upstream
X-Vtex-Remote-Cache
X-A-Dgt
X-Vtex-Processado-Em
X-A-Wwc
Rendered-Blocks
X-ARC
X-Thanos
X-PAYTM-SRV-ID
X-Application
X-Aed
X-A-Dcw
X-VG-WebServer
T-Server
X-A-Ccd
X-A
X-Vdms-Path
X-Vdms-Version
Surrogated-Key
X-A-Dam
X-PBS-Appsvrname
X-Varnish-Url
X-VG-WebCache
X-Processor
Odigeo-Trace-Id
X-Ratelimit-Reset
X-SRCache-Key
X-Session-Fingerprint
X-Bip
X-Sucuri-ID
X-BCube-Filmed-By
X-B-Cookie
X-Service
X-Request-URI
X-Rojux
X-S
M-TraceId
CDN-RequestCountryCode
X-Cache-Bucket
Meta-Geo-Continent
MD5-Digest
Mobile-Detection-Method
X-TX-ID
GEO-INFO
X-Tb
X-Site-Version
Path
Cmsid
Gh-Request-Id
X-Developers
Esi-Enabled
Location
X-Cache-Debug
State
X-Backend-State
Pagetype
X-Branch-Name
Pics-Label
Server-Host
X-Date
Memcached
X-Epic-Correlation-Id
PFcat
X-Aicache-OS
X-Accel-Expires-Debug
Cmstype
Fastly-SIE
Fastly-SWR
X-Clientip
X-Has-Esi
X-Cluster
X-Rebelmouse-Cache-Control
X-EC-Lua
X-JWT-State
X-Is-Gdpr
Req-Svc-Chain
X-Scheme
X-Var-Ttl
UCS
X-TrackingId
CacheControlHeader
Cache-Host
X-Origin
X-NU-AKA-ACS-Version
X-Request-UUID
X-Hash
X-HN
X-Req
X-GoCache-CacheStatus
Ec-Rule-Version
AKAMAI
X-Platform-Server
X-Rebelmouse-Surrogate-Control
X-Envoy-Decorator-Operation
X-Served-From
X-VG-TLSProxy
X-Gamma-Serve
X-VarnishDD-TTL
Upgrade-Insecure-Requests
X-DataDome
X-Pass-Why
User-Cache-Control
Fastly-Drupal-HTML
Fastcgi-Cache-TTL
Kp-EeAlive
X-Thinkindot-L3
X-Viewer-Country
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
Vix-Hermes-Req-Id
Wxu-Next-Region
X-Policy
X-WADP-Cache
X-RateLimit-Limit-Second
X-Variation
X-VC-Cache
X-RateLimit-Remaining-Second
Origin
X-Generated-In
X-Generated-By
X-Csrf-Jwt
X-Li-Fabric
X-Li-Pop
X-Forwarded-Site
X-Fmm-Version
X-Device-Os
X-DPWN-IS-SECURE
X-Eu-Site
X-Fastly-Backend
X-Fastly-Cache
X-LI-UUID
X-Men
X-Request-Host
X-Origin-Expires
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Owner
X-Cache-Grace
X-Cache-Info
X-Clara-WADP
X-CGP
X-Micro-Cache
X-Cache-Tags
L
Adler-Geo
X-Sigma-Backend
X-Sigma
X-Varnish-Ttl
L5d-Success-Class
Source
Mail-Subject
PB-RID
PB-PID
NGX
Is-Eu
X-Rocket-Build-Number
DSUID
C-Via
Cf-Device-Type
Arc-Version
Arc-Country
HA-Ipaddr
Ha-Gx-Prefs
X-Minions-Version
Platform
NM-Fastcgi-Cache
Thinkindot-CacheControl
Svr
Thinkindot-CacheControl-Type
Thinkindot-Control
True-Client-Country-4JS
X-Amz-Meta-S3cmd-Attrs
TDXMobile
X-VHOST
X-Servername
X-NWS-UUID-VERIFY
SID
Webserver
X-FC-Vary-Parameters
X-Forwarded-Host
X-Varnish-CookieHashed-On
X-HS-Content-Campaign-Id
X-Qloud-Router
X-Varnish-CookieINHashed-On
Cache-Key
X-Esi-Check
X-Old-Content-Length
X-PF-Uncompressing
X-Irp-Debug
X-GeoIP-City
X-GeoIP
X-Slack-Backend
X-Gzip
My-App
X-Mvc-Supplant-Cachable
X-Gen-Mode
X-SIPLIST1
X-Varnish-Remaining-TTL
X-User
X-Hnp-Log
X-Skip-Cache
X-Nginx-Cache-Key
X-Fetched-On
X-Block-Status
X-VServer
X-Loc
Locid
IsBot
X-Cache-Id
X-Wikidot-Backend
Release
VNS-Age
V-Age
VNS-Cache
Sever-Int
Server-Ext
Server-Hostname
X-Via-NSCOPI
X-Wikidot-Static-Cache
CPC-Cache
X-DefHash
X-DefElseHash
CPC-Age
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Ratelimit-Limit
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Url
Tcn
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
S-Rt
X-Ua
X-Via-Popv
X-Orig-Expires
X-Shop-Environment
X-Tenant
X-TraceId
X-PJAX-URL
X-Via-Poph
X-Forwarded-Path
X-Vc
Cache-Hits
X-Via-Popn
X-Mvc-Supplant-OutputCached
Powered-By-ChinaCache
X-CLOUD-TRACE-CONTEXT
Cross-Origin-Window-Policy
MIME-Version
NtCoent-Length
X-OVcl-Cache
X-OVcl
X-Refresh
X-Geo
X-ZONE
DB-Nickname
Content-Secure-Policy
X-Unique-Id
X-Ratelimit-Remaining
X-HP-Trace-Id
X-Ftr-Request-Id
X-Cache-Ttl
Cf-Bgj
XServer
X-Backend-TTL
X-LB-ID
X-Internal-Host
Magicmarker
Memory
X-Conf
X-NC
Time
X-ID
X-Zone
Geoip-Latitude
X-NCache
GeoIp-Country-Code
X-Srv
X-BBC-Edge-Cache-Status
WebServer
HostName
Server-ID
X-Method
X-Worker
X-Dispatcher-Server
X-Ckpd-Fst-Backend
X-GEO
X-Auto-Login
X-Servedbyhost
X-TIME
X-IP
X-V-Cache
X-NewRelic-App-Data
X-LSADC-Cache
Hostname
Ssr
X-Render-Time
X-Li-Proto
X-Rocket-Nginx-Serving-Static
X-Platform-Processor
LB
X-Tb-Optimization-Total-Bytes-Saved
X-Nc
X-Platform-Router
X-Qnm-Cache
X-Platform-Cluster
X-M-Log
X-M-Reqid
X-Newrelic-Synthetics
X-SD-PageType
X-Vcl-Version
X-Wa
X-Trv-Group
X-Cache-Remote
X-DC
X-Traceid
Resin-Trace
X-Correlation-ID
X-App
Environment
X-Tx-Id
X-APP
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Node-Id
X-Datadog-Sampling-Priority
Ohc-File-Size
X-Origin-Time
X-API-Version
X-Gdpr
X-HITS
X-Nyt-Route
X-CACHE-AGE
X-Cache-Config
X-Dynatrace
X-MSEdge-Features
X-Origin-Response-Time
X-MSEdge-Flight
X-Via-CDN
X-ServerName
X-NodeID
X-BBC-Origin-Response-Status
Env
X-DynaTrace-JS-Agent
X-VCL-Version
X-Reqid
X-FTR-Request-ID
X-Pod-Name
Cluster
X-WA
X-Server-IP
X-Edge-Pop
X-Via-Ucdn
X-HostName
Cf-Ipcountry
Sid
CF-Cached-On
X-ElasticPress-Query
X-Varnish-Beresp-TTL
Candidate-Md5Url
Datacenter
X-HS-Status
X-Wix-Viewer-Type
X-LI-Proto
X-ND-Cache
Rt-Fastcgi-Cache
VivaBuild
Viewtype
X-Cdn-Forward
X-Cache-Var-Map
X-Cache-Var
Web-Mar-Region
Machine
N-Cache
X-ServedByHost
X-Akamai-Pragma-Client-IP
X-Cs
X-Dynatrace-Js-Agent
CDN
FSS-Cache
Server-Id
On-Server
GeoIP-Country-Code
Cdn
Servername
X-Webkit-CSP-Report-Only
GeoIP-Latitude
Proxy-Connection
X-NGINX-Cache
X-EIG-Tracking-Id
X-Lb-Id
WWW-Authenticate
X-Varnish-Cacheable
WZWS-RAY
X-Check-Cacheable
Onion-Location
X-CCM
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
Xc-Version
X-URL
X-Oss-Hash-Crc64ecma
X-FTR-DC
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Swa-Ws
X-FTR-Realm
X-Xrds-Location
X-Esi
Ohc-Cache-HIT
X-CSRF-TOKEN
X-Via-PopH
X-VC
X-Via-PopN
X-Fastly-Request-Id
X-Via-PopV
Tracecode
Cteonnt-Length
X-Cache-Backend
X-Fastly-Backend-Reqs
X-Pjax-Url
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
CACHE
URI
CountryCode
X-SN
X-Swift-Error
X-CUA
Mime-Version
X-Contensis-Viewer-Groups
X-Air-Pt
X-Varnish-Authentication
X-FORWARDED-FOR
SR-User-Adfree
X-Region-Sid
X-FTR-Expires
Redirect-Candidate
X-Dw-Trace-Id
X-Fpc
Instruction
X-Request-Start
X-Tid
X-StackifyID
X-Cache-ASPX
X-TIM-N
X-DW
X-DI
X-Action
X-Up
X-DSS
X-RPS
Shield-Pop
X-RPM
X-RSL
Xet-Cookie
X-DB
Ohc-Response-Time
X-Fastly-Cache-Hits
WP-Super-Cache
X-SB
X-Depends-On
X-Yottaa-OS
X-LiteSpeed-Cache-Control
Server-Ttl
X-UnsetCookies
X-Pf-Uncompressing
X-Webstats-RespID
X-ElasticPress-Search
Warning
X-Snapshot-Date
X-Provided-By
X-Mg-Request-Id
X-Apw-Access-Object
X-Apw-Access-Action
X-FPC
X-Amz-Meta-Cb-Modifiedtime
X-Hcs-Proxy-Type
X-C
X-Cache-Expires
X-Apw-Hits
X-Apw-Access-Token
X-CCDN-CacheTTL
X-Cache-Status-Check
X-CCDN-Origin-Time
X-MiniProfiler-Ids
X-Acquia-Application-Trace
X-Pad
X-Tt-Logid
W
Lfy
Content-Script-Type
Content-Style-Type
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
CloudFront-Viewer-Country
X-Matched-Rule
Vha6-Origin
ServerName
X-Acquia-Site
X-Core-Mission
X-TH-Server