Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
X-XSS-Protection
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
X-Dns-Prefetch-Control
Keep-Alive
X-Robots-Tag
Request-Context
Server-Timing
X-Ws-Request-Id
X-Server
X-AH-Environment
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-LiteSpeed-Cache
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Pingback
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-Vhost
X-Host
X-OneAgent-JS-Injection
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-WebKit-CSP
X-Response-Time
X-Akam-SW-Version
X-Readtime
Accept-CH
Xkey
X-Webkit-CSP
X-HW
Accept-Ch-Lifetime
X-Country
X-Ac
Content-Location
X-Application-Context
X-Language
X-Template
MS-Author-Via
Rating
X-Cloud-Trace-Context
X-Url
X-Cache-Lookup
X-Mod-Pagespeed
X-B3-TraceId
X-Ruxit-JS-Agent
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Varnish-TTL
X-Trace
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-ASPNET-VERSION
Accept-Ch
X-D2id
X-Exp-Id
X-Exp-Variant
X-Kinja
Arr-Disable-Session-Affinity
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-GoogleNews-Bot
Verso
X-Country-Code
X-VARITI-CCR
X-Goog-Hash
X-Cached
Accept-CH-Lifetime
X-Server-Name
X-Vcap-Request-Id
X-Powered-By-Plesk
X-Navigation-Version
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
X-FastCGI-Cache
Service-Worker-Allowed
X-Buckets
X-Fastly-Request-ID
X-ORACLE-DMS-ECID
X-Middleton-Response
Response
Pagespeed
Display
X-Middleton-Display
X-Sol
RTSS
Access-Control-Request-Method
X-Ttl
X-Cache-TTL
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-Ruxit-Js-Agent
X-NF-Request-ID
X-Dw-Request-Base-Id
Public-Key-Pins
X-Upstream
X-Oneagent-Js-Injection
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Px
Realpath
SPIisLatency
SPRequestDuration
X-TTL
X-Accel-Expires
SPRequestGuid
X-SharePointHealthScore
X-ECACHE
X-HP-Webp
X-Jurisdiction
X-T
X-Forwarded-Proto
X-Mid
X-MCACHE
X-PressLabs-Stats
X-Edge-Location-Klb
X-Mg-S
X-Release
X-Content-Security-Policy-Report-Only
Charset
X-Correlation-Id
X-Recruiting
X-Shield-Request-Id
X-Litespeed-Cache
TP-Cache
TP-L2-Cache
Edge-Cache-Tag
X-DynaTrace
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Ezoic-Cdn
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Id
X-Content-Digest
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Request-Received
Filters
X-Request-Processing-Time
Cache-Tags
X-Logged-In
Server-Node
Alternate-Protocol
Content-MD5
Nginx-Cache
Front-End-Https
X-Forwarded-For
X-ORACLE-DMS-RID
Server-Name
X-Cache-Key
X-Origin-Upstream-Status
X-WebKit-CSP-Report-Only
X-XRDS-LOCATION
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
X-Amzn-Trace-Id
TCN
Fusion-Component-Id
X-Origin-Server
X-Grace
X-Fastcgi-Cache
X-Geo-Country
X-Contextid
X-Amz-Replication-Status
X-F-Cache
X-Rid
X-Activity-Id
Host
X-AppVersion
X-Az
AR-Request-ID
Ar-Sid
AR-PoweredBy
AR-CACHE
AR-ATIME
X-HS-Content-Id
X-HS-Hub-Id
Cleartype
X-HS-Cache-Config
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Hostname
X-HS-Combine-CSS
X-Www-Served-By
X-Protected-By
X-RateLimit-Remaining
X-Frontend
X-Server-ID
Section-Io-Cache
X-LB-Cache
X-Debug-Info
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
MicrosoftSharePointTeamServices
X-Ser
X-XRDS-Location
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Page-Id
X-Cache-Age
X-Git-Hash
Accept-Charset
X-Varnish-Age
X-Aspnetmvc-Version
X-Upgrade-Enabled
X-NWS-LOG-UUID
X-Hits
X-Respond-Thread
X-Source
X-DIS-Request-ID
ServerID
X-Request-Handler-Origin-Region
X-Microsite
X-VCache
X-Mobile-URL
Paypal-Debug-Id
X-Content-Options
X-Varnish-Backend
X-Signature
X-B-Cache
X-Varnish-Grace
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-FB-Debug
X-Aspnet-Duration-Ms
Payment
X-Flags
X-Is-Crawler
X-Route-Name
X-Request-Guid
X-Providence-Cookie
Access-Control-Allow-Method
Healthy
Nel
X-Whom
X-TT
X-B3-Sampled
X-Daa-Tunnel
Viewport
X-N
X-Cache-Action
Node
X-App-Environment
X-CACHE-GROUP
X-Seen-By
X-AOL-HN
X-Type
X-Load-Cache
Version
Fastcgi-Useragent
MS-CV
X-Mobile
DC
DynaTrace
X-Cache-Expired-At
Filterid
X-HTML-Minification-Powered-By
X-IPLB-Instance
X-Distributor
X-Webkit-Csp
X-Ab
X-Yandex-Sdch-Disable
X-Cache-Control
SRV
Retry-After
X-FireWall-Port
X-Response-Served-From
X-Original-Request-Id
X-Instance
X-Real-IP
X-Debug
NGB
X-Proxy-Cache-Status
X-ProcessESI
X-Varnish-Server
X-Tumblr-User
X-Jobs
X-Tumblr-Pixel-0
X-UUID
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-RemovedCookies
X-Content-Powered-By
X-Debug-IsPreview
X-Debug-IsConnected
X-Device-Type
Refresh
X-Proxy
X-RTag
Frame-Options
Ms-Operation-Id
X-Region
X-IPS-LoggedIn
X-Cacheable-TTL
X-Cluster-Name
X-Cache-Time
Uber-Trace-Id
X-Page-View
X-B
VIX-Pulpo-Upstream-Status
Access-Control-Request-Headers
X-Accel-Buffering
VIX-Pulpo-Node
X-User-Agent
X-Framework
X-Adobe-Loc
X-Adobe-Content
X-G
X-Oracle-Dms-Rid
X-Wix-Request-Id
Cache
X-FW-Serve
X-FW-Dynamic
X-Zen-Fury
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Hash
Countrycode
X-App-Version
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Time
X-RateLimit-Limit
X-Cache-Hit
X-Vgn-Hpd-Reason
Cache-Status
Surrogate-Key
X-Nginx-Cache
X-TA-CDN-Provider
X-NGENIX-Cache
X-Drupal-Cache-Tags
Country
X-Is-Bot
X-Rendered-As
AMP-Access-Control-Allow-Source-Origin
Eomportal-Instance
X-Azure-Ref
X-App-Server
X-EdgeConnect-Cache-Status
X-Mg-Request-UUID
S-Cnection
X-Ms-Request-Id
X-Ms-Version
X-Cache-Rule
Referer-Policy
X-CDN-Forward
X-Drupal-Cache-Contexts
Liferay-Portal
SD-X-WS
X-Node-Name
X-RN-RSRV
Meta-Geo
X-Tumblr-Pixel-2
From-Origin
X-JoinUs
X-UPSTREAM-Address
X-Varnishpool
X-Timing-Wait
X-ES-SERVER
X-Rule
X-SaId
Selected-Fe
X-Proxy-Build
X-Yottaa-Metrics
X-Environment-Context
X-Yottaa-Optimizations
X-L-Path
X-Cache-TTL-Remaining
X-Backend-Host
X-TNCMS
X-No-Session
X-Storefront-Renderer-Rendered
X-Endurance-Cache-Level
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Handled-By
X-ShopId
X-Pubstack
X-R9-Blue-Green-Version
Xserver
ServedBy
Protected
X-Cache-Server
X-Alternate-Cache-Key
X-Loop
X-ShardId
X-Via-Fastly
X-Xfnlog-Site
X-PHP-Backend
X-Shopify-Stage
Webcakes-App-Version
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
X-LJ-Flow-ID
Cache-Tv-Group
Cache-Name
Country-Code
Webcakes-Region
Fastly-SSL
Akamai-GRN
X-AWS-Id
X-Server-W
X-Origin-Hint
X-Be
Azure-Version
X-Varnish-Hostname
X-Cache-PHP
X-Request-Time
X-S-Maxage
X-PCL
Azure-SlotName
X-Proto
Azure-InstanceId
Azure-SiteName
X-OCL
TWC-Privacy
X-LAGOON
X-VWS-Id
Azure-RegionName
X-NYM-Debug-Backend
X-RCS-CacheZone
Decoy-Debug-TTL
X-SayCDN-TTL
Decoy-Debug-Status
X-Hl-Ver
X-Section
X-Format
X-Say-Cacheable
X-ProxyCache-Key
X-Backend-Name
X-Cache-Operation
X-BYPASS-REASON
X-Origin-Date
Decoy-Debug-Key
X-Human
X-Say-TTL
X-Access
X-ProxyCache-Status
Apigw-Requestid
X-Status
X-Akamai-Edgescape
X-Labrador-Cache-Channel
X-Hyper-Cache
X-FB-TRIP-ID
X-ApacheServer
X-UA-Device-Type
X-Dc
X-PERF
X-Adobe-Source
X-Varnish-Beresp-Grace
X-PHP-Host
X-GG-Cache-Date
X-Sql-Count
X-Sql-Duration-Ms
CF-IPCountry
Mn-Server-Ip
X-Hosted-By
X-Uri
X-Redis-Cache
X-Cached-By
X-Web-Node
X-MP-GENERATED-AT
X-WA-Info
X-Trace-Id
X-ATG-Version
X-FW-Version
X-Ua-Device
X-Content-Age
X-B3-SpanId
X-Revision
X-CSRF-Token
X-Soup
X-Cache-Enabled
X-Time-Microsecs
X-ServerID
X-Edge-Location
X-Mode
X-Datadome
X-Cache-Type
X-Tumblr-Pixel-3
Amp-Access-Control-Allow-Source-Origin
Backend
X-CS
X-Info
X-Bc-Bl
X-TT-LOGID
X-SRV
X-CACHE-KEY
X-Microcachable
Who
X-Cache-NGX
X-Varnish-Beresp-Status
X-Detected-As
X-Aws-Lambda-Call-Status
X-Akamai-Transformed
X-Azure-Ref-OriginShield
X-Debug-Cache
X-Unique-ID
X-Proxied
X-Cache-Host
X-Routing-Service
X-Platform
X-Zipkin-Id
X-Storage
X-Varnish-Cache-Hits
X-Generation-Time
Web-Mar-Node
DataCenter
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Via-JSL
OT-Force-Account-Verify
Cross-Origin-Opener-Policy
X-Parallel-Accel
X-Varnish-Hits
X-Cluster-Node
X-Varnish-Beresp-Ttl
X-Extlb
Server-Info
Count-Hit
X-APP-VERSION
X-Locale
Geo-Info
X-B3-Traceid
X-Origin-CC
X-Origin-TTL
CDN-Uid
DCR-Decision-By
DCR-Processing-Time-Ms
Content-Disposition
CDN-RequestCountryCode
Fastly-Backend-Name
X-Geo-Header
M-TraceId
Host-ID
CDN-PullZone
Fastcgi-X-Cache-Version
Expiry
X-Vdms-Version
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
A
X-Level-Front-Cache
X-NAPM-TraceId
Apple-News-Services-Request-Url
X-Generated-On
X-Location
CDN-CachedAt
CDN-Cache
CDCHOST
BehaviorPad-Version
CDN-EdgeStorageId
Mobile-Detection-Method
X-Cache-Bucket
X-Cache-NE
X-CF-Lambda-Fn
X-Bip
X-BCube-Filmed-By
X-ARC
X-B-Cookie
X-CF-Lambda-Version
X-Cms-Context
X-VG-WebCache
X-D
X-Destination
X-Developer
X-Core-Value
X-Connection-Hash
X-VG-WebServer
X-Application
X-Aed
Rendered-Blocks
X-Vtex-Processado-Em
Surrogated-Key
X-Vtex-Remote-Cache
Odigeo-Trace-Id
Meta-Geo-Continent
X-Magnolia-Registration
T-Server
X-From
X-A-Dgt
X-A-Wwc
X-External-Request-Id
X-A-Dcw
X-A-Dam
X-A
X-A-Ccd
MD5-Digest
CDN-RequestId
X-PBS-Appsvrname
X-Proxy-Upstream
X-ScT
X-PAYTM-SRV-ID
X-AIR-PT
X-S-Cookie
X-S
X-Request-URI
X-Rewrite-Enabled
X-Processor
X-Rojux
X-Thanos
X-Session-Fingerprint
X-Sucuri-ID
X-Air-Trace-Id
X-Service
X-Varnish-Url
X-Air-Source
X-Air-Hostname
X-Vdms-Path
X-SRCache-Key
X-Ratelimit-Reset
GEO-INFO
X-Tb
X-TX-ID
X-Site-Version
X-Accel-Expires-Debug
X-Request-UUID
Fastly-SIE
X-VG-TLSProxy
X-Req
Fastly-SWR
Cache-Host
X-Rebelmouse-Surrogate-Control
Esi-Enabled
UCS
Path
Pagetype
X-VarnishDD-TTL
PFcat
Pics-Label
X-Gamma-Serve
Server-Host
X-EC-Lua
X-Served-From
Memcached
Gh-Request-Id
X-Has-Esi
X-Hash
X-GoCache-CacheStatus
Location
X-Scheme
Cmsid
X-HN
Cmstype
X-Platform-Server
Ec-Rule-Version
X-Developers
X-TrackingId
X-Cluster
AKAMAI
X-Cache-Debug
Req-Svc-Chain
X-NU-AKA-ACS-Version
X-Branch-Name
X-Date
X-Backend-State
X-Rebelmouse-Cache-Control
X-Clientip
X-Is-Gdpr
State
X-Envoy-Decorator-Operation
X-Aicache-OS
X-Var-Ttl
X-Epic-Correlation-Id
X-Origin
X-JWT-State
CacheControlHeader
X-DataDome
X-Pass-Why
User-Cache-Control
Upgrade-Insecure-Requests
X-Sigma
X-Viewer-Country
Thinkindot-CacheControl
X-Clara-WADP
Svr
TDXMobile
X-Csrf-Jwt
X-Sigma-Backend
Thinkindot-Control
Thinkindot-CacheControl-Type
True-Client-Country-4JS
X-Fmm-Version
X-Thinkindot-L3
X-Device-Os
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-DPWN-IS-SECURE
We-Hiring
X-Fastly-Backend
X-Cache-Info
X-Cache-Tags
X-Variation
X-Cache-Grace
X-Forwarded-Site
X-Fastly-Cache
Vix-Hermes-Req-Id
X-Eu-Site
X-CGP
Mail-Subject
X-Micro-Cache
X-Men
Fastcgi-Cache-TTL
X-Rocket-Build-Number
X-Li-Pop
X-Amz-Meta-S3cmd-Attrs
X-Request-Host
X-Owner
DSUID
Fastly-Drupal-HTML
X-LI-UUID
X-RateLimit-Limit-Second
Arc-Country
C-Via
X-RateLimit-Remaining-Second
X-Policy
Cf-Device-Type
Adler-Geo
X-Minions-Version
Ha-Gx-Prefs
HA-Ipaddr
PB-PID
X-Varnish-Ttl
NM-Fastcgi-Cache
NGX
PB-RID
Platform
X-VHOST
X-VC-Cache
X-Generated-By
X-Generated-In
X-WADP-Cache
Origin
Is-Eu
Kp-EeAlive
L5d-Success-Class
Source
X-Origin-Expires
X-Li-Fabric
L
Arc-Version
X-Servername
Webserver
X-NWS-UUID-VERIFY
SID
X-Varnish-Remaining-TTL
X-Old-Content-Length
X-Nginx-Cache-Key
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Mvc-Supplant-Cachable
X-Esi-Check
X-FC-Vary-Parameters
X-Gzip
X-Hnp-Log
X-Fetched-On
X-GeoIP-City
X-GeoIP
X-Forwarded-Host
X-SIPLIST1
X-Skip-Cache
X-DefHash
X-User
X-Gen-Mode
X-Irp-Debug
X-Slack-Backend
X-HS-Content-Campaign-Id
X-PF-Uncompressing
X-VServer
Locid
X-Wikidot-Backend
Release
Server-Hostname
Sever-Int
IsBot
X-Wikidot-Static-Cache
Cache-Key
My-App
CPC-Age
X-Loc
CPC-Cache
V-Age
Server-Ext
VNS-Cache
X-Block-Status
X-Via-NSCOPI
X-Cache-Id
X-DefElseHash
VNS-Age
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Ratelimit-Limit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Planisys-CDN-Rules
X-Qloud-Router
Url
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Tcn
X-Ua
X-TEC-API-ROOT
S-Rt
Powered-By-ChinaCache
X-PJAX-URL
X-Mvc-Supplant-OutputCached
X-Tenant
X-Shop-Environment
X-Via-Poph
X-Vc
X-Orig-Expires
X-Via-Popn
X-Forwarded-Path
X-Via-Popv
Cache-Hits
X-CLOUD-TRACE-CONTEXT
Cross-Origin-Window-Policy
X-OVcl
NtCoent-Length
MIME-Version
X-OVcl-Cache
X-Refresh
X-TraceId
X-Geo
X-Ratelimit-Remaining
X-HP-Trace-Id
X-ZONE
X-Ftr-Request-Id
X-Srv
DB-Nickname
Content-Secure-Policy
X-Cache-Ttl
X-Unique-Id
Cf-Bgj
X-Backend-TTL
XServer
Memory
X-Conf
Magicmarker
X-NC
X-LB-ID
Time
X-Internal-Host
X-ID
X-Zone
Geoip-Latitude
X-NCache
GeoIp-Country-Code
X-BBC-Edge-Cache-Status
HostName
WebServer
X-Servedbyhost
X-Worker
X-Ckpd-Fst-Backend
Server-ID
X-Method
X-Dispatcher-Server
X-GEO
X-Auto-Login
X-TIME
X-NewRelic-App-Data
X-IP
X-LSADC-Cache
X-V-Cache
Hostname
X-Render-Time
X-Li-Proto
X-Rocket-Nginx-Serving-Static
Ssr
X-Traceid
X-Qnm-Cache
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
LB
X-M-Reqid
X-Nc
X-M-Log
X-Newrelic-Synthetics
X-Wa
X-Trv-Group
X-Vcl-Version
X-DC
X-Cache-Remote
Resin-Trace
X-SD-PageType
X-Tb-Optimization-Total-Bytes-Saved
X-Correlation-ID
X-Node-Id
Environment
X-APP
X-App
X-Tx-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Cf-Ipcountry
Ohc-File-Size
X-Cache-Config
X-Origin-Response-Time
X-Origin-Time
X-Gdpr
X-ServerName
X-BBC-Origin-Response-Status
X-CACHE-AGE
X-API-Version
X-HITS
X-Via-CDN
Env
X-MSEdge-Flight
X-NodeID
X-Dynatrace
X-MSEdge-Features
X-Nyt-Route
X-DynaTrace-JS-Agent
X-VCL-Version
X-FTR-Request-ID
Cluster
X-Server-IP
X-Edge-Pop
X-Pod-Name
X-WA
X-Reqid
X-HostName
Sid
X-Varnish-Beresp-TTL
X-Via-Ucdn
Candidate-Md5Url
CF-Cached-On
Datacenter
Viewtype
X-LI-Proto
X-ElasticPress-Query
X-ND-Cache
Rt-Fastcgi-Cache
VivaBuild
X-HS-Status
X-Wix-Viewer-Type
X-Cache-Var-Map
X-Cdn-Forward
X-Cache-Var
Machine
Web-Mar-Region
N-Cache
X-Akamai-Pragma-Client-IP
X-Cs
X-Dynatrace-Js-Agent
On-Server
FSS-Cache
Server-Id
CDN
X-ServedByHost
Cdn
GeoIP-Country-Code
Proxy-Connection
GeoIP-Latitude
X-NGINX-Cache
Servername
X-Webkit-CSP-Report-Only
X-EIG-Tracking-Id
X-Lb-Id
WWW-Authenticate
Onion-Location
WZWS-RAY
X-Check-Cacheable
X-Varnish-Cacheable
X-CCM
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
Xc-Version
X-URL
X-Oss-Hash-Crc64ecma
X-FTR-DC
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Swa-Ws
X-FTR-Realm
X-Xrds-Location
X-Esi
Ohc-Cache-HIT
X-CSRF-TOKEN
X-Via-PopH
X-VC
X-Via-PopN
X-Fastly-Request-Id
X-Via-PopV
Tracecode
Cteonnt-Length
X-Cache-Backend
X-Fastly-Backend-Reqs
X-IN-APIGATEWAYSSL
X-Pjax-Url
X-IN-APIGATEWAY
CACHE
URI
X-SN
X-Swift-Error
X-CUA
CountryCode
X-Fpc
Mime-Version
X-Contensis-Viewer-Groups
X-Varnish-Authentication
SR-User-Adfree
X-Air-Pt
X-Region-Sid
X-Request-Start
X-FTR-Expires
Redirect-Candidate
X-Dw-Trace-Id
X-FORWARDED-FOR
X-StackifyID
Instruction
X-Tid
X-TIM-N
X-Cache-ASPX
X-DW
X-DI
X-Action
X-Up
X-DSS
X-RPS
Shield-Pop
X-RPM
X-RSL
Xet-Cookie
X-DB
Ohc-Response-Time
X-Fastly-Cache-Hits
WP-Super-Cache
X-UnsetCookies
X-Depends-On
X-ElasticPress-Search
X-Yottaa-OS
X-Webstats-RespID
X-SB
X-Snapshot-Date
X-Pf-Uncompressing
Server-Ttl
X-LiteSpeed-Cache-Control
Warning
X-Provided-By
X-Apw-Access-Object
X-Apw-Access-Action
X-Cache-Expires
X-Apw-Access-Token
X-Hcs-Proxy-Type
X-Mg-Request-Id
X-Amz-Meta-Cb-Modifiedtime
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Apw-Hits
X-Cache-Status-Check
X-C
X-MiniProfiler-Ids
X-Acquia-Application-Trace
X-Pad
X-Tt-Logid
W
Lfy
Content-Script-Type
Content-Style-Type
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
CloudFront-Viewer-Country
X-Matched-Rule
Vha6-Origin
ServerName
X-Acquia-Site
X-Core-Mission
X-TH-Server