Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
Request-Context
X-Robots-Tag
Server-Timing
X-Ws-Request-Id
X-Server
X-AH-Environment
X-Ua-Compatible
X-Hacker
X-Age
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Server-Powered-By
X-Proxy-Cache
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Railgun
X-Vhost
X-Amz-Version-Id
X-Server-Id
NEL
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH
X-WebKit-CSP
X-Readtime
X-Response-Time
X-Akam-SW-Version
X-Webkit-CSP
Xkey
X-HW
X-Country
X-Ac
X-Application-Context
Content-Location
X-Language
Accept-Ch-Lifetime
MS-Author-Via
X-Template
X-Cloud-Trace-Context
Rating
X-Url
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-MS-InvokeApp
X-Varnish-TTL
X-ESI
X-Trace
X-GitHub-Request-Id
Accept-CH-Lifetime
X-Content-Type
Fastly-Restarts
X-ASPNET-VERSION
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-D2id
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
X-Country-Code
Arr-Disable-Session-Affinity
X-Goog-Hash
Verso
X-VARITI-CCR
X-FastCGI-Cache
X-Server-Name
X-Vcap-Request-Id
X-Cached
X-Navigation-Version
Cache-Tag
X-Powered-By-Plesk
X-Client-IP
X-Buckets
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-Fastly-Request-ID
X-ORACLE-DMS-ECID
Accept-Ch
X-Ttl
RTSS
X-Sol
X-Middleton-Response
Pagespeed
Display
X-Middleton-Display
Response
X-Cache-TTL
Access-Control-Request-Method
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-NF-Request-ID
Public-Key-Pins
X-Dw-Request-Base-Id
X-Upstream
X-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
X-Px
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
Realpath
X-Edge-Location-Klb
X-Ruxit-Js-Agent
X-Oneagent-Js-Injection
X-Accel-Expires
SPRequestDuration
X-ECACHE
SPIisLatency
X-T
X-HP-Webp
X-Jurisdiction
X-SharePointHealthScore
SPRequestGuid
X-MCACHE
X-Mid
X-TTL
X-Forwarded-Proto
X-PressLabs-Stats
X-Content-Security-Policy-Report-Only
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Shield-Request-Id
X-Kraken-Routeconfig-Destination
X-Correlation-Id
Charset
X-Recruiting
X-DynaTrace
Edge-Cache-Tag
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Mg-S
X-Release
TP-Cache
TP-L2-Cache
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Ezoic-Cdn
X-Content-Digest
X-Id
X-Request-Processing-Time
X-Request-Received
Filters
X-Server-ID
X-Cache-Key
Nginx-Cache
Server-Node
Front-End-Https
Alternate-Protocol
X-ORACLE-DMS-RID
X-Logged-In
Cache-Tags
TCN
Content-MD5
X-Forwarded-For
X-Origin-Upstream-Status
X-Litespeed-Cache
X-XRDS-Location
Server-Name
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-Amzn-Trace-Id
X-Origin-Server
X-Grace
X-Geo-Country
X-Hostname
X-Amz-Replication-Status
X-F-Cache
X-RateLimit-Remaining
X-Contextid
X-Rid
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Metageneration
X-Activity-Id
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Protected-By
X-AppVersion
Cleartype
X-Az
X-Www-Served-By
X-WebKit-CSP-Report-Only
Host
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Frontend
X-Debug-Info
Section-Io-Cache
X-LB-Cache
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
AR-Request-ID
Ar-Sid
AR-PoweredBy
AR-CACHE
AR-ATIME
MicrosoftSharePointTeamServices
X-Ser
X-Git-Hash
X-Aspnetmvc-Version
X-Cache-Age
X-Page-Id
X-XRDS-LOCATION
X-NWS-LOG-UUID
Accept-Charset
X-Varnish-Age
X-Upgrade-Enabled
X-Source
X-VCache
X-Respond-Thread
X-Content-Options
X-DIS-Request-ID
X-Hits
Paypal-Debug-Id
X-Fastcgi-Cache
X-Mobile-URL
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
ServerID
X-Signature
X-Varnish-Backend
X-B-Cache
X-CACHE-GROUP
Access-Control-Allow-Method
X-Aspnet-Duration-Ms
Healthy
X-Request-Guid
X-Route-Name
Viewport
X-Cache-Action
X-Is-Crawler
X-Flags
X-FB-Debug
X-Providence-Cookie
X-Varnish-Grace
X-B3-Sampled
Payment
X-TT
X-N
X-Request-Handler-Origin-Region
X-Kong-Upstream-Latency
X-Whom
X-Kong-Proxy-Latency
X-Daa-Tunnel
X-Microsite
X-AOL-HN
Node
X-Seen-By
X-App-Environment
X-Type
Version
X-Load-Cache
Fastcgi-Useragent
X-Mobile
DC
MS-CV
DynaTrace
X-Yandex-Sdch-Disable
X-Ab
X-Cache-Expired-At
X-HTML-Minification-Powered-By
Filterid
X-Distributor
SRV
Retry-After
X-Cache-Control
X-IPLB-Instance
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Original-Request-Id
X-Response-Served-From
Frame-Options
Nel
X-UUID
X-Instance
X-Real-IP
NGB
X-Tumblr-Pixel-1
X-Tumblr-User
X-RemovedCookies
X-Varnish-Server
X-ProcessESI
X-Tumblr-Pixel-0
X-Proxy-Cache-Status
X-Tumblr-Pixel
Access-Control-Request-Headers
X-FireWall-Port
X-RTag
X-Debug-IsPreview
X-Proxy
X-IPS-LoggedIn
X-Debug-IsConnected
X-User-Agent
X-Adobe-Content
X-Adobe-Loc
X-Region
Ms-Operation-Id
X-Cluster-Name
X-Device-Type
X-Jobs
X-Page-View
X-Content-Powered-By
X-Cacheable-TTL
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Refresh
X-B
X-Cache-Time
X-Debug
Uber-Trace-Id
X-Framework
X-G
X-Accel-Buffering
Cache
X-Wix-Request-Id
X-FW-Dynamic
X-FW-Server
X-Zen-Fury
X-RateLimit-Limit
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Type
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
X-Vgn-Hpd-Reason
Countrycode
X-Oracle-Dms-Rid
Cache-Status
X-NGENIX-Cache
X-Cache-Hit
X-Nginx-Cache
X-Mg-Request-UUID
X-Time
Surrogate-Key
X-App-Version
Country
X-CDN-Forward
X-Rendered-As
X-Azure-Ref
X-Is-Bot
X-Drupal-Cache-Tags
Eomportal-Instance
X-Cache-Rule
X-EdgeConnect-Cache-Status
X-App-Server
X-TA-CDN-Provider
S-Cnection
X-Node-Name
X-Ms-Version
X-Ms-Request-Id
Referer-Policy
SD-X-WS
Liferay-Portal
X-L-Path
X-Environment-Context
X-Drupal-Cache-Contexts
X-SaId
From-Origin
X-ES-SERVER
X-Cache-Operation
X-JoinUs
X-RN-RSRV
Meta-Geo
X-UPSTREAM-Address
X-Varnishpool
X-Tumblr-Pixel-2
X-Via-Fastly
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
ServedBy
X-S-Maxage
X-Loop
X-Xfnlog-Site
Selected-Fe
X-Handled-By
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
CF-IPCountry
Protected
X-Pubstack
X-Endurance-Cache-Level
X-GG-Cache-Date
X-Sorting-Hat-PodId
X-R9-Blue-Green-Version
X-Cache-TTL-Remaining
Azure-Version
X-Yottaa-Optimizations
X-Shopify-Stage
X-ShardId
X-Proxy-Build
Amp-Access-Control-Allow-Source-Origin
X-ShopId
X-Yottaa-Metrics
X-Timing-Wait
X-Storefront-Renderer-Rendered
X-TNCMS
X-Adobe-Source
X-Varnish-Hostname
Cache-Tv-Group
X-Cache-Server
X-PCL
X-Request-Time
Akamai-GRN
X-OCL
Cache-Name
X-Varnish-Beresp-Grace
Fastly-SSL
X-NYM-Debug-Backend
X-PHP-Backend
X-Human
X-No-Session
X-LAGOON
Property-Id
Country-Code
Webcakes-App-Version
TWC-GeoIP-Country
X-Status
X-Access
Decoy-Debug-TTL
Decoy-Debug-Status
Apigw-Requestid
TWC-Locale-Group
TWC-Privacy
Decoy-Debug-Key
TWC-GeoIP-LatLong
TWC-Device-Class
Webcakes-App-Name
Webcakes-Region
X-Section
X-Server-W
X-ProxyCache-Key
X-Say-TTL
X-Say-Cacheable
X-Origin-Hint
X-VWS-Id
X-Proto
X-ProxyCache-Status
TWC-Connection-Speed
X-RCS-CacheZone
X-LJ-Flow-ID
X-SayCDN-TTL
X-BYPASS-REASON
X-Format
X-Be
X-AWS-Id
X-Backend-Host
X-Sql-Count
X-Sql-Duration-Ms
AMP-Access-Control-Allow-Source-Origin
X-PHP-Host
X-Cache-PHP
X-PERF
X-Labrador-Cache-Channel
X-Hl-Ver
X-ApacheServer
X-Origin-Date
X-Hyper-Cache
X-Uri
X-Hosted-By
X-UA-Device-Type
X-Akamai-Edgescape
Mn-Server-Ip
X-Rule
Xserver
X-Backend-Name
X-Redis-Cache
X-Webkit-Csp
X-FB-TRIP-ID
X-Web-Node
X-Revision
X-Ua-Device
X-Trace-Id
X-B3-SpanId
X-WA-Info
X-Cache-Type
X-ATG-Version
X-FW-Version
X-Content-Age
X-MP-GENERATED-AT
X-Cached-By
X-Dc
X-Time-Microsecs
X-Tumblr-Pixel-3
X-Aws-Lambda-Call-Status
X-CSRF-Token
X-Soup
X-Edge-Location
X-Akamai-Transformed
Backend
X-ServerID
X-Cache-Enabled
X-Mode
X-TT-LOGID
X-Datadome
X-CS
X-Bc-Bl
X-Detected-As
X-APP-VERSION
X-Microcachable
X-Info
X-Varnish-Beresp-Status
X-Parallel-Accel
X-Varnish-Cache-Hits
OT-Force-Account-Verify
Count-Hit
X-Azure-Ref-OriginShield
X-SRV
X-Cache-Host
X-Cluster-Node
GEO-INFO
X-Cache-NGX
Web-Mar-Node
X-Generation-Time
X-Debug-Cache
X-Varnish-Hits
Who
X-Amzn-RequestId
X-Storage
X-Routing-Service
X-Zipkin-Id
X-Amzn-Remapped-Content-Length
Cross-Origin-Opener-Policy
X-Amz-Apigw-Id
X-Proxied
X-Platform
X-Varnish-Beresp-Ttl
X-Servername
DataCenter
X-B3-Traceid
X-Extlb
X-Unique-ID
X-Locale
X-Origin-CC
Server-Info
X-Origin-TTL
X-DataDome
X-Destination
A
X-Developer
X-Epic-Correlation-Id
X-VG-WebCache
Apple-News-Services-Handled
Apple-News-Services-Host
X-Core-Value
BehaviorPad-Version
X-D
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-External-Request-Id
X-VG-WebServer
X-S-Cookie
X-A-Ccd
X-Geo-Header
X-Vtex-Processado-Em
X-A
X-ScT
X-From
State
X-Vdms-Version
X-A-Dcw
X-A-Dam
M-TraceId
X-Vdms-Path
X-Connection-Hash
X-Cms-Context
Expiry
Fastcgi-X-Cache-Version
X-Bip
X-Cache-Bucket
DCR-Decision-By
DCR-Processing-Time-Ms
Fastly-Backend-Name
X-BCube-Filmed-By
X-Aicache-OS
Host-ID
X-Application
X-ARC
X-B-Cookie
X-Cache-NE
X-CF-Lambda-Fn
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
CDCHOST
Cache-Host
X-A-Dgt
CDN-PullZone
CDN-RequestCountryCode
X-CF-Lambda-Version
Content-Disposition
X-A-Wwc
CDN-Uid
CDN-RequestId
Surrogated-Key
X-Generated-On
X-Via-JSL
X-Vtex-Remote-Cache
Mobile-Detection-Method
X-PAYTM-SRV-ID
Rendered-Blocks
X-Aed
Meta-Geo-Continent
X-Sucuri-ID
X-SRCache-Key
SID
X-PBS-Appsvrname
T-Server
X-Rewrite-Enabled
X-Rojux
X-S
X-Service
X-Request-URI
Odigeo-Trace-Id
X-Processor
X-Proxy-Upstream
X-Session-Fingerprint
X-Ratelimit-Reset
X-Location
X-NAPM-TraceId
X-Thanos
Req-Svc-Chain
MD5-Digest
X-Level-Front-Cache
X-TEC-API-ROOT
X-Tb
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-CACHE-KEY
Fastly-SIE
Origin
X-Varnish-Url
Path
Cmsid
Fastly-SWR
X-Air-Trace-Id
X-Backend-State
X-Platform-Server
PFcat
X-Has-Esi
Cmstype
X-JWT-State
X-Accel-Expires-Debug
X-Req
X-Magnolia-Registration
Fastcgi-Cache-TTL
X-Rebelmouse-Surrogate-Control
X-Cache-Debug
X-VarnishDD-TTL
Fastly-Drupal-HTML
X-Request-UUID
X-Rebelmouse-Cache-Control
X-Clientip
Location
X-Minions-Version
X-HN
X-Gamma-Serve
X-VHOST
X-Developers
L
X-Served-From
Server-Host
X-Envoy-Decorator-Operation
X-AIR-PT
X-Date
AKAMAI
X-Origin
X-GoCache-CacheStatus
X-Air-Hostname
X-Air-Source
X-NU-AKA-ACS-Version
X-Varnish-Ttl
X-Is-Gdpr
X-VG-TLSProxy
X-Scheme
Pics-Label
X-TrackingId
User-Cache-Control
X-Cache-Grace
X-Site-Version
Upgrade-Insecure-Requests
Thinkindot-Control
True-Client-Country-4JS
Vix-Hermes-Req-Id
UCS
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Svr
TDXMobile
X-Li-Pop
X-Sigma
X-Sigma-Backend
X-Rocket-Build-Number
X-Request-Host
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Viewer-Country
X-WADP-Cache
X-VC-Cache
X-Variation
X-Thinkindot-L3
X-Var-Ttl
X-Owner
X-Origin-Expires
X-Fastly-Cache
X-Fmm-Version
X-Fastly-Backend
X-DPWN-IS-SECURE
X-Clara-WADP
X-Cluster
X-Forwarded-Site
X-Generated-By
X-Men
X-Micro-Cache
X-Loc
X-LI-UUID
X-Hash
X-Li-Fabric
X-Branch-Name
X-Cache-Info
NGX
Adler-Geo
Ec-Rule-Version
X-Ua
Esi-Enabled
Memcached
S-Rt
X-HP-Trace-Id
Source
Gh-Request-Id
PB-PID
Pagetype
C-Via
Kp-EeAlive
CacheControlHeader
Cf-Device-Type
PB-RID
Arc-Version
Is-Eu
Arc-Country
Platform
DSUID
X-Forwarded-Host
X-Gen-Mode
X-Generated-In
Cross-Origin-Window-Policy
X-DefElseHash
X-Csrf-Jwt
Cache-Key
X-GeoIP-City
X-DefHash
X-Esi-Check
X-Device-Os
X-Eu-Site
X-Amz-Meta-S3cmd-Attrs
X-Via-NSCOPI
X-VServer
X-NWS-UUID-VERIFY
NtCoent-Length
X-Varnish-Remaining-TTL
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Tenant
X-Shop-Environment
X-Orig-Expires
X-Forwarded-Path
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Nginx-Cache-Key
X-Old-Content-Length
X-CGP
X-Hnp-Log
X-Gzip
X-Policy
X-Qloud-Router
X-User
X-Slack-Backend
X-Skip-Cache
X-SIPLIST1
X-Goog-Meta-Goog-Reserved-File-Mtime
X-EC-Lua
Server-Hostname
Locid
We-Hiring
VNS-Age
VNS-Cache
L5d-Success-Class
IsBot
Wxu-Next-Commit
HA-Ipaddr
Sever-Int
Mail-Subject
Release
Server-Ext
CPC-Cache
NM-Fastcgi-Cache
X-Cache-Tags
CPC-Age
My-App
Wxu-Next-Region
Ha-Gx-Prefs
X-Block-Status
Wxu-Next-Hostname
V-Age
X-Cache-Id
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Planisys-CDN-TTL
X-GeoIP
Url
X-TX-ID
X-PF-Uncompressing
Cache-Hits
Powered-By-ChinaCache
Webserver
Content-Secure-Policy
X-FC-Vary-Parameters
X-Unique-Id
X-Fetched-On
X-Pass-Why
X-Zone
X-Via-Poph
X-Ftr-Request-Id
X-Via-Popn
X-PJAX-URL
X-Ratelimit-Limit
Geo-Info
MIME-Version
X-Via-Popv
X-Internal-Host
X-Mvc-Supplant-OutputCached
X-Conf
X-Cache-Ttl
X-Srv
X-Vc
X-GEO
XServer
X-TIME
X-Refresh
X-OVcl
X-OVcl-Cache
X-BBC-Edge-Cache-Status
X-NC
X-ID
Cf-Bgj
X-Servedbyhost
X-Worker
X-Backend-TTL
WebServer
X-TraceId
X-NCache
DB-Nickname
X-Ratelimit-Remaining
X-Ckpd-Fst-Backend
X-Auto-Login
Server-ID
X-LB-ID
Magicmarker
X-LSADC-Cache
X-DC
X-Geo
Time
Memory
X-ZONE
HostName
Geoip-Latitude
X-Dispatcher-Server
X-Method
X-Rocket-Nginx-Serving-Static
X-Render-Time
GeoIp-Country-Code
X-V-Cache
X-Traceid
X-NewRelic-App-Data
Tcn
X-M-Log
X-M-Reqid
X-Tx-Id
Hostname
X-Wa
X-Qnm-Cache
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Newrelic-Synthetics
Ssr
Resin-Trace
X-Tb-Optimization-Total-Bytes-Saved
X-CLOUD-TRACE-CONTEXT
X-IP
X-App
X-SD-PageType
LB
X-Cache-Remote
Environment
X-Correlation-ID
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-API-Version
X-Gdpr
X-Nyt-Route
X-NodeID
X-Origin-Time
X-Datadog-Sampling-Priority
X-Li-Proto
X-BBC-Origin-Response-Status
X-VCL-Version
Ohc-File-Size
X-Server-IP
X-Trv-Group
X-MSEdge-Flight
X-Pod-Name
Cluster
X-CACHE-AGE
X-HITS
X-MSEdge-Features
X-Dynatrace
X-Via-Ucdn
X-Nc
X-Cache-Config
Candidate-Md5Url
X-Vcl-Version
X-Edge-Pop
X-LI-Proto
X-Origin-Response-Time
X-Via-CDN
X-Node-Id
Cf-Ipcountry
Datacenter
X-DynaTrace-JS-Agent
X-APP
Env
X-Cache-Var-Map
X-Varnish-Beresp-TTL
X-Cache-Var
X-ServerName
X-Esi
X-Akamai-Pragma-Client-IP
N-Cache
X-Reqid
X-Wix-Viewer-Type
X-ElasticPress-Query
X-ND-Cache
Web-Mar-Region
X-HostName
X-Webkit-CSP-Report-Only
CF-Cached-On
X-WA
Sid
Viewtype
CDN
VivaBuild
X-FTR-Request-ID
Rt-Fastcgi-Cache
X-HS-Status
X-Dynatrace-Js-Agent
X-Cs
GeoIP-Country-Code
Proxy-Connection
GeoIP-Latitude
Servername
Machine
Server-Id
Onion-Location
X-Cdn-Forward
X-NGINX-Cache
Cdn
X-Fastly-Backend-Reqs
X-Varnish-Cacheable
X-EIG-Tracking-Id
X-FORWARDED-FOR
FSS-Cache
WWW-Authenticate
X-Lb-Id
On-Server
X-ServedByHost
X-Check-Cacheable
WZWS-RAY
X-URL
X-CSRF-TOKEN
Ohc-Cache-HIT
X-Xrds-Location
X-Via-PopH
X-Via-PopN
X-Ua-Browser
X-VC
X-Swa-Ws
X-Content
X-Fpc
X-IN-APIGATEWAY
X-Cache-Backend
X-Pjax-Url
X-IN-APIGATEWAYSSL
X-Fastly-Request-Id
X-Via-PopV
X-SN
X-Country-Code-Real
X-Request-Start
X-Tid
X-TIM-N
Redirect-Candidate
Shield-Pop
URI
Mime-Version
Cteonnt-Length
X-FTR-Backend
X-Oss-Server-Time
X-Oss-Storage-Class
X-AB
X-Oss-Request-Id
Server-Ttl
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-MG-S
CountryCode
X-FTR-Cache-Status
Xc-Version
X-FTR-Backend-Server
X-Up
X-Swift-Error
CACHE
X-Contensis-Viewer-Groups
X-CCM
X-Varnish-Authentication
X-Cache-ASPX
X-Air-Pt
Tracecode
X-Snapshot-Date
X-LiteSpeed-Cache-Control
Xet-Cookie
Vha6-Origin
Ohc-Response-Time
Pramga
X-Action
Is-Us
X-DB
X-RSL
X-SB
X-StackifyID
X-RPS
X-RPM
X-DI
X-DSS
X-DW
X-FTR-Expires
X-Fastly-Cache-Hits
X-Cache-Date
WP-Super-Cache
X-Webkit-Csp-Report-Only
X-Pf-Uncompressing
X-CUA
X-Yottaa-OS
X-Dw-Trace-Id
X-ElasticPress-Search
X-Amz-Meta-Cb-Modifiedtime
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Warning
X-Acquia-Purge-Tags
X-Acquia-Site
X-Webstats-RespID
Lb
X-Sn-Servicetimems
X-Edge-POP
X-MiniProfiler-Ids
X-Cdn-Origin
X-CCDN-CacheTTL
X-TH-Server
X-Pad
X-Tt-Logid
X-Cache-Status-Check
X-Apw-Access-Token
X-C
X-Apw-Hits
X-Apw-Access-Object
Instruction
X-Apw-Access-Action
X-Region-Sid
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
ServerName
X-Mg-Request-Id
SR-User-Adfree