Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
Request-Context
X-Robots-Tag
Server-Timing
X-Ws-Request-Id
X-Server
X-AH-Environment
X-Hacker
X-Age
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Server-Powered-By
X-Proxy-Cache
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Vhost
X-Amz-Version-Id
NEL
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
X-Server-Id
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Readtime
X-Response-Time
Accept-CH
X-Akam-SW-Version
X-Webkit-CSP
X-WebKit-CSP
Xkey
X-HW
X-Country
Accept-Ch-Lifetime
X-Ac
X-Application-Context
Content-Location
X-Language
X-Template
MS-Author-Via
Rating
X-Cloud-Trace-Context
X-Url
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-ASPNET-VERSION
X-Cnection
X-Rack-Cache
X-Origin-Cache
X-Country-Code
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Goog-Hash
Arr-Disable-Session-Affinity
X-VARITI-CCR
X-D2id
Verso
Accept-CH-Lifetime
X-FastCGI-Cache
Accept-Ch
X-Server-Name
X-Vcap-Request-Id
X-Cached
Cache-Tag
X-Powered-By-Plesk
X-Buckets
X-Navigation-Version
X-Abt-Application-Version
X-Client-IP
X-Amz-Rid
Service-Worker-Allowed
X-ORACLE-DMS-ECID
X-Fastly-Request-ID
X-Ttl
RTSS
X-Middleton-Display
X-Middleton-Response
Display
Pagespeed
Response
X-Sol
Access-Control-Request-Method
X-Element-Page-Cache
X-MSEdge-Ref
X-Powered-CMS
X-Cache-TTL
Public-Key-Pins
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Upstream
X-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
X-Px
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
Realpath
X-Edge-Location-Klb
X-Ruxit-Js-Agent
X-Oneagent-Js-Injection
SPIisLatency
SPRequestDuration
X-Accel-Expires
X-ECACHE
X-Server-ID
SPRequestGuid
X-SharePointHealthScore
X-Jurisdiction
X-HP-Webp
X-T
X-Mid
X-MCACHE
X-TTL
X-Forwarded-Proto
X-PressLabs-Stats
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-Instrumentation
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Correlation-Id
X-Server-Lifecycle-Phase
Charset
X-DynaTrace
Edge-Cache-Tag
Pinterest-Generated-By
X-Pinterest-Rid
X-Recruiting
Pinterest-Version
X-Mg-S
TP-L2-Cache
TP-Cache
X-Release
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Ezoic-Cdn
X-Content-Digest
X-Id
Filters
X-Request-Received
X-Request-Processing-Time
X-Cache-Key
X-ORACLE-DMS-RID
Alternate-Protocol
Server-Node
X-Logged-In
Front-End-Https
Nginx-Cache
Cache-Tags
Content-MD5
X-Forwarded-For
TCN
X-Litespeed-Cache
X-XRDS-Location
X-Origin-Upstream-Status
Server-Name
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-Amzn-Trace-Id
X-Grace
X-Origin-Server
X-Hostname
X-Geo-Country
X-Contextid
X-RateLimit-Remaining
X-GUploader-UploadID
Host
X-Amz-Replication-Status
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-F-Cache
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Rid
X-Protected-By
X-Www-Served-By
Cleartype
X-WebKit-CSP-Report-Only
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Az
X-AppVersion
X-Activity-Id
X-HS-Combine-CSS
X-Frontend
X-Debug-Info
Section-Io-Cache
X-LB-Cache
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
MicrosoftSharePointTeamServices
AR-PoweredBy
AR-ATIME
Ar-Sid
AR-Request-ID
AR-CACHE
X-Ser
X-Page-Id
X-Git-Hash
X-Aspnetmvc-Version
X-Cache-Age
X-XRDS-LOCATION
Accept-Charset
X-NWS-LOG-UUID
X-Respond-Thread
X-VCache
X-Source
X-Varnish-Age
X-Upgrade-Enabled
X-DIS-Request-ID
X-Content-Options
X-Hits
X-Tec-Api-Version
X-Tec-Api-Origin
X-Mobile-URL
X-Tec-Api-Root
X-Varnish-Grace
X-CACHE-GROUP
ServerID
Paypal-Debug-Id
X-Fastcgi-Cache
X-B-Cache
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-Signature
X-Kong-Proxy-Latency
X-Varnish-Backend
X-Is-Crawler
X-Route-Name
X-Flags
X-Request-Guid
X-Providence-Cookie
X-Aspnet-Duration-Ms
Healthy
X-B3-Sampled
Payment
X-Cache-Action
X-TT
X-FB-Debug
X-Whom
X-Microsite
X-Daa-Tunnel
Viewport
X-Request-Handler-Origin-Region
Node
X-N
X-App-Environment
X-AOL-HN
X-Seen-By
Version
X-Type
Fastcgi-Useragent
X-Load-Cache
X-Mobile
DynaTrace
DC
MS-CV
X-Cache-Expired-At
X-HTML-Minification-Powered-By
X-Yandex-Sdch-Disable
X-Ab
Filterid
X-Distributor
SRV
Retry-After
X-Cache-Control
X-IPLB-Instance
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Response-Served-From
Frame-Options
X-Original-Request-Id
Nel
X-Real-IP
X-UUID
NGB
X-Proxy-Cache-Status
X-IPS-LoggedIn
X-User-Agent
X-Adobe-Content
X-ProcessESI
X-Region
X-RemovedCookies
X-Varnish-Server
X-Jobs
X-Instance
X-Adobe-Loc
X-Debug-IsConnected
X-Debug-IsPreview
X-Device-Type
Access-Control-Request-Headers
X-Content-Powered-By
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Proxy
X-Page-View
X-Cluster-Name
X-B
Refresh
X-Tumblr-User
X-FireWall-Port
Uber-Trace-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cacheable-TTL
Ms-Operation-Id
X-Cache-Time
X-Framework
X-RTag
X-G
X-Accel-Buffering
X-Debug
Cache
X-Wix-Request-Id
X-Zen-Fury
X-RateLimit-Limit
X-FW-Hash
X-FW-Serve
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-FW-Server
X-FW-Dynamic
X-FW-Type
X-FW-Static
Countrycode
Section-Io-Id
Section-Origin-Responded
X-Vgn-Hpd-Reason
X-Time
X-App-Version
X-Oracle-Dms-Rid
Cache-Status
X-Nginx-Cache
X-NGENIX-Cache
Surrogate-Key
X-Cache-Hit
X-Azure-Ref
X-Mg-Request-UUID
X-Rendered-As
X-Is-Bot
Country
X-Drupal-Cache-Tags
X-CDN-Forward
S-Cnection
X-Cache-Rule
X-Ms-Version
X-Ms-Request-Id
X-EdgeConnect-Cache-Status
X-App-Server
X-TA-CDN-Provider
Eomportal-Instance
X-Node-Name
SD-X-WS
Referer-Policy
Liferay-Portal
X-L-Path
X-Environment-Context
X-Drupal-Cache-Contexts
X-Proxy-Build
X-RN-RSRV
X-SaId
X-Cache-Operation
X-UPSTREAM-Address
X-JoinUs
X-ES-SERVER
X-Timing-Wait
Selected-Fe
Meta-Geo
X-Varnishpool
X-Storefront-Renderer-Rendered
X-PHP-Backend
Amp-Access-Control-Allow-Source-Origin
X-Alternate-Cache-Key
X-Xfnlog-Site
X-No-Session
X-Via-Fastly
X-Varnish-Hostname
From-Origin
X-GG-Cache-Date
X-TNCMS
X-Cache-TTL-Remaining
X-S-Maxage
X-Loop
X-Yottaa-Optimizations
X-ShardId
X-ShopId
X-Yottaa-Metrics
X-Shopify-Stage
X-Request-Time
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
ServedBy
X-Pubstack
X-Endurance-Cache-Level
Azure-InstanceId
X-ProxyCache-Status
X-BYPASS-REASON
X-Cache-Server
X-Adobe-Source
X-AWS-Id
Protected
CF-IPCountry
X-Backend-Host
X-VWS-Id
X-R9-Blue-Green-Version
Azure-RegionName
X-LJ-Flow-ID
Azure-SlotName
Azure-Version
Cache-Name
X-Varnish-Beresp-Grace
X-ProxyCache-Key
X-LAGOON
Azure-SiteName
X-Handled-By
X-Human
Property-Id
Fastly-SSL
Country-Code
Webcakes-App-Version
Cache-Tv-Group
TWC-Privacy
Webcakes-App-Name
TWC-Locale-Group
TWC-Connection-Speed
TWC-GeoIP-Country
Akamai-GRN
TWC-Device-Class
TWC-GeoIP-LatLong
Webcakes-Region
Apigw-Requestid
X-Hl-Ver
X-OCL
X-Status
X-NYM-Debug-Backend
X-Say-TTL
X-SayCDN-TTL
X-Server-W
X-RCS-CacheZone
X-PCL
X-Origin-Hint
X-Origin-Date
X-Proto
X-Say-Cacheable
X-Rule
X-Be
X-Tumblr-Pixel-2
X-Sql-Count
X-ApacheServer
X-Access
X-Backend-Name
X-PERF
X-Cache-PHP
X-Labrador-Cache-Channel
X-UA-Device-Type
X-Format
X-Sql-Duration-Ms
X-PHP-Host
X-FB-TRIP-ID
X-Section
X-Akamai-Edgescape
Decoy-Debug-Status
Decoy-Debug-Key
Xserver
Decoy-Debug-TTL
Mn-Server-Ip
AMP-Access-Control-Allow-Source-Origin
X-Hosted-By
X-Hyper-Cache
X-Uri
X-Revision
X-Webkit-Csp
X-Redis-Cache
X-Web-Node
X-Ua-Device
X-Trace-Id
X-B3-SpanId
X-WA-Info
X-Cache-Type
X-FW-Version
X-Cached-By
X-MP-GENERATED-AT
X-Content-Age
X-ATG-Version
X-Time-Microsecs
X-Dc
X-CSRF-Token
X-ServerID
X-Soup
X-Aws-Lambda-Call-Status
X-Cache-Enabled
X-Akamai-Transformed
X-Edge-Location
Backend
X-Tumblr-Pixel-3
X-Mode
X-TT-LOGID
X-Datadome
X-Microcachable
X-Detected-As
X-Info
X-Parallel-Accel
X-Bc-Bl
X-CS
X-Azure-Ref-OriginShield
X-Varnish-Beresp-Status
GEO-INFO
X-Varnish-Cache-Hits
OT-Force-Account-Verify
Count-Hit
X-Cache-NGX
X-Generation-Time
X-Cluster-Node
X-Cache-Host
Who
X-Varnish-Hits
Web-Mar-Node
X-Debug-Cache
X-Zipkin-Id
X-Storage
X-Proxied
X-Platform
X-Routing-Service
Cross-Origin-Opener-Policy
X-Unique-ID
X-SRV
X-APP-VERSION
X-Amzn-RequestId
X-Varnish-Beresp-Ttl
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-B3-Traceid
X-Servername
X-Extlb
DataCenter
X-Via-JSL
X-Locale
X-Origin-TTL
X-Origin-CC
Server-Info
X-PAYTM-SRV-ID
X-Ratelimit-Reset
Req-Svc-Chain
M-TraceId
Odigeo-Trace-Id
MD5-Digest
Rendered-Blocks
X-Magnolia-Registration
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Proxy-Upstream
X-Processor
X-Application
X-Epic-Correlation-Id
Mobile-Detection-Method
Meta-Geo-Continent
X-PBS-Appsvrname
X-A-Dcw
CDN-Cache
CDN-CachedAt
X-From
CDCHOST
Cache-Host
X-ARC
T-Server
Fastcgi-X-Cache-Version
Expiry
CDN-RequestId
DCR-Decision-By
CDN-Uid
CDN-RequestCountryCode
DCR-Processing-Time-Ms
CDN-EdgeStorageId
CDN-PullZone
BehaviorPad-Version
Apple-News-Services-Request-Url
X-External-Request-Id
X-NAPM-TraceId
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Aed
State
A
Host-ID
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Surrogated-Key
X-A-Ccd
X-A
X-Aicache-OS
X-B-Cookie
X-Cache-Bucket
X-Thanos
X-DataDome
X-Cache-NE
X-Sucuri-ID
X-SRCache-Key
X-Service
X-Session-Fingerprint
X-BCube-Filmed-By
X-Bip
X-CF-Lambda-Fn
X-Vdms-Path
X-Vtex-Remote-Cache
X-Connection-Hash
X-Destination
X-D
X-Vtex-Processado-Em
X-CF-Lambda-Version
X-Vdms-Version
X-VG-WebCache
X-VG-WebServer
X-ScT
X-Developer
X-S
X-S-Cookie
X-Rojux
X-Request-URI
X-Rewrite-Enabled
X-TEC-API-VERSION
X-Cache-Ttl
X-TEC-API-ROOT
Upgrade-Insecure-Requests
X-TEC-API-ORIGIN
SID
X-CACHE-KEY
X-Tb
Fastly-SWR
X-Scheme
Cmsid
X-Req
X-Level-Front-Cache
X-Envoy-Decorator-Operation
Fastly-SIE
Fastly-Backend-Name
X-Location
Content-Disposition
X-Clientip
UCS
Esi-Enabled
Fastly-Drupal-HTML
X-Generated-On
Pics-Label
X-GoCache-CacheStatus
X-Rebelmouse-Surrogate-Control
X-Date
PFcat
Path
Origin
Memcached
X-Core-Value
L
Kp-EeAlive
X-Gamma-Serve
X-Geo-Header
X-HN
X-AIR-PT
X-Hash
X-Cms-Context
Cmstype
X-NU-AKA-ACS-Version
X-Platform-Server
X-EC-Lua
X-Rocket-Build-Number
X-Varnish-Ttl
X-Var-Ttl
X-VHOST
X-Cache-Debug
X-Branch-Name
X-TrackingId
X-Backend-State
X-Minions-Version
X-Sigma
X-Served-From
X-Request-UUID
X-VarnishDD-TTL
X-Varnish-Url
X-VG-TLSProxy
X-Sigma-Backend
X-Accel-Expires-Debug
X-Rebelmouse-Cache-Control
User-Cache-Control
Source
X-Site-Version
X-Cache-Grace
Server-Host
X-Developers
X-Csrf-Jwt
X-Device-Os
Platform
PB-RID
X-DPWN-IS-SECURE
X-Cluster
X-Eu-Site
X-CGP
X-Fmm-Version
True-Client-Country-4JS
X-Fastly-Cache
X-Fastly-Backend
PB-PID
X-Cache-Tags
X-Clara-WADP
We-Hiring
Svr
Vix-Hermes-Req-Id
X-Generated-By
X-Cache-Info
Wxu-Next-Region
Wxu-Next-Commit
X-Forwarded-Site
Wxu-Next-Hostname
X-Generated-In
X-Origin-Expires
AKAMAI
Arc-Country
Adler-Geo
Pagetype
X-Origin
Arc-Version
C-Via
DSUID
X-Loc
X-Micro-Cache
CacheControlHeader
X-Viewer-Country
X-Owner
X-HP-Trace-Id
X-Request-Host
X-Variation
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Amz-Meta-S3cmd-Attrs
X-RateLimit-Remaining-Second
S-Rt
X-VC-Cache
X-Policy
X-RateLimit-Limit-Second
X-WADP-Cache
X-Men
L5d-Success-Class
Ec-Rule-Version
Is-Eu
X-JWT-State
Location
Mail-Subject
NM-Fastcgi-Cache
NGX
X-Has-Esi
HA-Ipaddr
X-Is-Gdpr
X-LI-UUID
X-Li-Fabric
X-Li-Pop
Gh-Request-Id
Ha-Gx-Prefs
Fastcgi-Cache-TTL
X-NWS-UUID-VERIFY
X-Forwarded-Host
X-Shop-Environment
X-User
X-Varnish-CookieINHashed-On
X-Wikidot-Backend
X-Tenant
X-Varnish-CookieHashed-On
X-Forwarded-Path
X-Wikidot-Static-Cache
X-VServer
Url
X-Via-NSCOPI
X-Orig-Expires
X-Varnish-Remaining-TTL
X-DefHash
X-Nginx-Cache-Key
X-Irp-Debug
X-Gen-Mode
X-Fetched-On
X-Hnp-Log
X-GeoIP
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gzip
X-GeoIP-City
X-FC-Vary-Parameters
X-Mvc-Supplant-Cachable
X-SIPLIST1
X-Skip-Cache
X-Slack-Backend
X-Qloud-Router
X-PF-Uncompressing
X-Old-Content-Length
X-DefElseHash
X-Esi-Check
X-Thinkindot-L3
X-Cache-Id
TDXMobile
My-App
Thinkindot-CacheControl
Cache-Key
Thinkindot-Control
Cf-Device-Type
Cross-Origin-Window-Policy
Server-Ext
Server-Hostname
Release
Sever-Int
V-Age
Thinkindot-CacheControl-Type
IsBot
NtCoent-Length
Locid
CPC-Age
CPC-Cache
VNS-Age
VNS-Cache
X-Block-Status
X-Ua
Webserver
X-Planisys-CDN-Cache
Powered-By-ChinaCache
X-TX-ID
Cache-Hits
Content-Secure-Policy
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Zone
X-Srv
X-Pass-Why
X-Ratelimit-Limit
X-Via-Popv
X-Ftr-Request-Id
X-Via-Popn
X-Vc
X-HS-Content-Campaign-Id
Geo-Info
X-Mvc-Supplant-OutputCached
X-Via-Poph
MIME-Version
X-Conf
X-PJAX-URL
X-Internal-Host
X-Unique-Id
XServer
X-GEO
X-Refresh
X-OVcl-Cache
X-BBC-Edge-Cache-Status
X-OVcl
X-ID
Cf-Bgj
X-NC
X-Ckpd-Fst-Backend
X-LB-ID
X-Servedbyhost
X-TraceId
WebServer
X-Backend-TTL
X-Worker
DB-Nickname
Time
X-Ratelimit-Remaining
Memory
X-NCache
Magicmarker
Server-ID
X-Auto-Login
X-V-Cache
X-DC
X-LSADC-Cache
X-Geo
X-TIME
X-ZONE
HostName
X-Method
X-Dispatcher-Server
X-Rocket-Nginx-Serving-Static
GeoIp-Country-Code
X-Traceid
Geoip-Latitude
X-NewRelic-App-Data
Tcn
X-Platform-Cluster
Hostname
X-Wa
X-Tx-Id
X-Render-Time
X-Platform-Processor
X-Platform-Router
X-Cache-Remote
Ssr
X-CLOUD-TRACE-CONTEXT
X-App
X-SD-PageType
Resin-Trace
X-M-Reqid
X-IP
X-M-Log
X-Qnm-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Newrelic-Synthetics
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
Environment
X-Correlation-ID
X-Li-Proto
X-VCL-Version
X-BBC-Origin-Response-Status
LB
X-NodeID
Ohc-File-Size
X-Nc
Cluster
X-Server-IP
X-Origin-Time
X-Trv-Group
X-Cache-Config
X-MSEdge-Features
X-Via-Ucdn
X-API-Version
X-Gdpr
X-Nyt-Route
X-MSEdge-Flight
X-HITS
X-Dynatrace
X-CACHE-AGE
X-Via-CDN
X-Webkit-CSP-Report-Only
X-Vcl-Version
Candidate-Md5Url
X-Edge-Pop
X-Pod-Name
Datacenter
X-LI-Proto
X-Node-Id
X-Origin-Response-Time
Cf-Ipcountry
X-DynaTrace-JS-Agent
Env
X-Cache-Var-Map
X-Varnish-Beresp-TTL
X-Cache-Var
X-APP
X-ServerName
X-Akamai-Pragma-Client-IP
X-Wix-Viewer-Type
X-ND-Cache
N-Cache
X-ElasticPress-Query
X-Reqid
X-HostName
Web-Mar-Region
X-WA
CF-Cached-On
X-HS-Status
Sid
GeoIP-Latitude
X-FTR-Request-ID
GeoIP-Country-Code
Viewtype
VivaBuild
Rt-Fastcgi-Cache
Proxy-Connection
X-Cs
Cdn
Machine
X-Dynatrace-Js-Agent
Servername
Server-Id
CDN
X-Cdn-Forward
X-NGINX-Cache
WWW-Authenticate
X-Varnish-Cacheable
X-Fastly-Backend-Reqs
X-EIG-Tracking-Id
X-URL
X-Check-Cacheable
X-Pjax-Url
FSS-Cache
Onion-Location
On-Server
X-Lb-Id
X-ServedByHost
WZWS-RAY
X-Xrds-Location
X-Esi
Ohc-Cache-HIT
X-CSRF-TOKEN
X-Swa-Ws
X-VC
X-Cache-Backend
X-Fpc
X-Fastly-Request-Id
X-IN-APIGATEWAY
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-IN-APIGATEWAYSSL
X-Content
X-Ua-Browser
X-SN
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Request-Start
Mime-Version
URI
X-Oss-Object-Type
X-Oss-Request-Id
Redirect-Candidate
Shield-Pop
X-Oss-Server-Time
Cteonnt-Length
X-TIM-N
X-FTR-Cache-Status
CountryCode
X-AB
X-Country-Code-Real
X-FTR-Balancer
Server-Ttl
X-FTR-Backend-Server
X-FTR-Backend
Xc-Version
X-FTR-DC
X-FTR-Realm
X-MG-S
X-Tid
X-CCM
X-FORWARDED-FOR
X-Swift-Error
X-Varnish-Authentication
X-Cache-ASPX
X-Up
X-Air-Pt
X-Contensis-Viewer-Groups
Tracecode
Lb
CACHE
X-RSL
Ohc-Response-Time
X-DW
X-RPM
X-RPS
X-Fastly-Cache-Hits
Vha6-Origin
X-DB
X-Action
X-DI
X-DSS
X-CUA
X-Snapshot-Date
X-Acquia-Site
X-Acquia-Application-Trace
WP-Super-Cache
X-Yottaa-OS
X-Dw-Trace-Id
X-Pf-Uncompressing
X-Webstats-RespID
X-SB
X-FTR-Expires
X-Cache-Date
X-Acquia-Purge-Tags
X-ElasticPress-Search
X-LiteSpeed-Cache-Control
X-Acquia-Application-UUID
X-StackifyID
Pramga
Is-Us
Xet-Cookie
Warning
X-Sn-Servicetimems
X-Cdn-Origin
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Status-Check
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Action
X-Region-Sid
Instruction
SR-User-Adfree
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-MiniProfiler-Ids
X-Pad
X-Tt-Logid
X-TH-Server
X-C
X-Hcs-Proxy-Type
X-Mg-Request-Id
ServerName