Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
X-Ua-Compatible
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
X-Dns-Prefetch-Control
Keep-Alive
X-Robots-Tag
Request-Context
Server-Timing
X-Ws-Request-Id
X-Server
X-AH-Environment
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-LiteSpeed-Cache
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Pingback
X-Device
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-Vhost
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
X-CST
NEL
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-WebKit-CSP
X-Response-Time
X-Akam-SW-Version
X-Readtime
Xkey
Accept-CH
X-HW
Accept-Ch-Lifetime
X-Country
X-Ac
Content-Location
X-Application-Context
X-Webkit-CSP
X-Language
X-Template
MS-Author-Via
Rating
X-Cloud-Trace-Context
X-Url
X-Cache-Lookup
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-B3-TraceId
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
X-ESI
Accept-Ch
X-MS-InvokeApp
X-Varnish-TTL
X-Trace
X-GitHub-Request-Id
Fastly-Restarts
X-Content-Type
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-ASPNET-VERSION
X-D2id
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
Arr-Disable-Session-Affinity
Verso
X-Country-Code
X-VARITI-CCR
X-Goog-Hash
X-Cached
Accept-CH-Lifetime
X-Server-Name
X-FastCGI-Cache
X-Vcap-Request-Id
X-Navigation-Version
X-Powered-By-Plesk
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-Buckets
X-Fastly-Request-ID
X-ORACLE-DMS-ECID
X-Middleton-Display
Pagespeed
Display
Response
X-Middleton-Response
X-Sol
RTSS
Access-Control-Request-Method
X-Cache-TTL
X-Element-Page-Cache
X-MSEdge-Ref
X-Powered-CMS
X-Ruxit-Js-Agent
X-NF-Request-ID
X-Dw-Request-Base-Id
Public-Key-Pins
X-Ttl
X-Upstream
X-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
X-Edge
X-TTL
X-Kinsta-Cache
X-LLID
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Px
Realpath
SPIisLatency
SPRequestDuration
X-Accel-Expires
SPRequestGuid
X-SharePointHealthScore
X-T
X-HP-Webp
X-Oneagent-Js-Injection
X-Jurisdiction
X-ECACHE
X-MCACHE
X-Forwarded-Proto
X-PressLabs-Stats
X-Mid
X-Edge-Location-Klb
X-Mg-S
X-Content-Security-Policy-Report-Only
X-Release
Charset
X-Correlation-Id
X-Recruiting
X-Shield-Request-Id
X-Litespeed-Cache
Edge-Cache-Tag
X-Ezoic-Cdn
TP-L2-Cache
TP-Cache
Pinterest-Version
Pinterest-Generated-By
X-DynaTrace
X-Pinterest-Rid
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Id
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Content-Digest
X-Request-Processing-Time
X-Request-Received
Filters
Cache-Tags
Server-Node
Alternate-Protocol
X-Logged-In
Content-MD5
Nginx-Cache
Front-End-Https
X-Forwarded-For
X-ORACLE-DMS-RID
X-Cache-Key
Server-Name
X-Origin-Upstream-Status
X-WebKit-CSP-Report-Only
X-XRDS-LOCATION
Fusion-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
X-Amzn-Trace-Id
Fusion-Content-Source
Fusion-Component-Id
X-Origin-Server
X-Grace
X-Contextid
X-Geo-Country
Nel
TCN
X-F-Cache
X-Amz-Replication-Status
X-Az
X-AppVersion
X-Rid
X-Activity-Id
Host
Ar-Sid
AR-Request-ID
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
Cleartype
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Hostname
X-HS-Combine-CSS
X-Protected-By
X-Www-Served-By
X-Frontend
X-Webkit-Csp
X-Server-ID
Section-Io-Cache
X-LB-Cache
X-Debug-Info
X-Fastcgi-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-RateLimit-Remaining
MicrosoftSharePointTeamServices
X-Ser
X-XRDS-Location
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Page-Id
X-Cache-Age
X-Git-Hash
Accept-Charset
X-Varnish-Age
X-Aspnetmvc-Version
X-Hits
X-Respond-Thread
X-NWS-LOG-UUID
X-Upgrade-Enabled
X-VCache
X-Source
X-Microsite
ServerID
X-Request-Handler-Origin-Region
X-Mobile-URL
Paypal-Debug-Id
X-DIS-Request-ID
X-Content-Options
X-Varnish-Backend
X-Varnish-Grace
X-Signature
X-B-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Request-Guid
Healthy
Access-Control-Allow-Method
X-Route-Name
X-Is-Crawler
Payment
X-Flags
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-FB-Debug
X-TT
X-Whom
X-B3-Sampled
X-Cache-Action
X-Daa-Tunnel
X-N
Viewport
X-App-Environment
Node
X-CACHE-GROUP
X-Seen-By
X-AOL-HN
X-Type
X-Load-Cache
Fastcgi-Useragent
Version
MS-CV
DC
X-Mobile
X-Cache-Expired-At
DynaTrace
Filterid
X-HTML-Minification-Powered-By
X-Yandex-Sdch-Disable
X-IPLB-Instance
X-Distributor
X-Ab
SRV
X-Cache-Control
Retry-After
X-Response-Served-From
X-FireWall-Port
X-Original-Request-Id
X-Real-IP
X-Instance
X-Tumblr-User
X-ProcessESI
X-Debug
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Jobs
X-RemovedCookies
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Proxy-Cache-Status
NGB
X-Varnish-Server
X-Tumblr-Pixel-1
X-UUID
X-Device-Type
Ms-Operation-Id
X-Debug-IsConnected
X-Debug-IsPreview
Frame-Options
Refresh
X-Proxy
X-RTag
X-IPS-LoggedIn
X-Region
X-Content-Powered-By
X-Page-View
X-Cacheable-TTL
X-Cache-Time
VIX-Pulpo-Node
Uber-Trace-Id
VIX-Pulpo-Upstream-Status
X-Accel-Buffering
X-B
X-Cluster-Name
X-User-Agent
X-Framework
Cache
X-Adobe-Content
X-Adobe-Loc
Access-Control-Request-Headers
X-G
X-Oracle-Dms-Rid
X-Wix-Request-Id
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Dynamic
X-FW-Static
X-Zen-Fury
Countrycode
X-App-Version
Section-Origin-Responded
X-Time
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Cache-Hit
X-Vgn-Hpd-Reason
Surrogate-Key
X-Nginx-Cache
Cache-Status
X-TA-CDN-Provider
X-NGENIX-Cache
X-Drupal-Cache-Tags
X-RateLimit-Limit
Country
X-Rendered-As
X-Is-Bot
Eomportal-Instance
AMP-Access-Control-Allow-Source-Origin
X-Azure-Ref
X-App-Server
S-Cnection
X-Mg-Request-UUID
X-EdgeConnect-Cache-Status
X-Ms-Request-Id
X-Ms-Version
X-Drupal-Cache-Contexts
Referer-Policy
X-CDN-Forward
X-Cache-Rule
Liferay-Portal
SD-X-WS
X-Varnishpool
X-Node-Name
X-JoinUs
X-ES-SERVER
X-Rule
X-Proxy-Build
Selected-Fe
X-UPSTREAM-Address
X-SaId
From-Origin
X-Timing-Wait
Meta-Geo
X-Tumblr-Pixel-2
X-RN-RSRV
X-Yottaa-Metrics
X-Via-Fastly
X-Cache-TTL-Remaining
X-Environment-Context
X-Yottaa-Optimizations
X-Xfnlog-Site
X-L-Path
X-Cache-Server
X-ShopId
X-ShardId
X-R9-Blue-Green-Version
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-TNCMS
X-Storefront-Renderer-Rendered
X-Pubstack
X-PHP-Backend
X-Alternate-Cache-Key
ServedBy
X-Backend-Host
X-Endurance-Cache-Level
X-No-Session
X-Loop
Protected
X-Shopify-Stage
Xserver
CF-IPCountry
X-VWS-Id
TWC-Connection-Speed
Akamai-GRN
TWC-Locale-Group
X-AWS-Id
Azure-SlotName
Azure-SiteName
Azure-RegionName
Cache-Name
Country-Code
Webcakes-App-Name
TWC-Privacy
X-Server-W
Property-Id
X-LJ-Flow-ID
Webcakes-Region
Fastly-SSL
Webcakes-App-Version
Azure-Version
Azure-InstanceId
X-S-Maxage
X-OCL
X-NYM-Debug-Backend
TWC-GeoIP-Country
X-PCL
X-Varnish-Hostname
X-Origin-Hint
X-Handled-By
X-Request-Time
X-Be
X-Proto
TWC-Device-Class
X-LAGOON
TWC-GeoIP-LatLong
X-Hl-Ver
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Format
X-Status
X-Section
Apigw-Requestid
X-ProxyCache-Key
X-ProxyCache-Status
X-SayCDN-TTL
X-Cache-PHP
X-Backend-Name
X-RCS-CacheZone
X-Access
Cache-Tv-Group
X-BYPASS-REASON
X-Say-TTL
X-Say-Cacheable
X-Origin-Date
X-ApacheServer
X-Hyper-Cache
X-FB-TRIP-ID
X-PERF
X-Akamai-Edgescape
Mn-Server-Ip
X-GG-Cache-Date
X-Human
X-Dc
X-Cache-Operation
X-Sql-Count
X-Sql-Duration-Ms
X-UA-Device-Type
X-Hosted-By
X-PHP-Host
X-Adobe-Source
X-Labrador-Cache-Channel
X-Varnish-Beresp-Grace
X-Uri
X-Redis-Cache
X-Web-Node
X-Cached-By
X-MP-GENERATED-AT
X-WA-Info
X-Trace-Id
X-ATG-Version
X-FW-Version
X-Content-Age
X-Ua-Device
X-Revision
X-B3-SpanId
X-CSRF-Token
X-Cache-Enabled
X-Soup
X-Edge-Location
X-ServerID
X-Time-Microsecs
X-Datadome
X-Cache-Type
Amp-Access-Control-Allow-Source-Origin
X-Mode
X-Tumblr-Pixel-3
X-SRV
X-CS
Backend
X-Info
X-Bc-Bl
Who
X-CACHE-KEY
X-TT-LOGID
X-Microcachable
X-Akamai-Transformed
X-Cache-NGX
X-Detected-As
X-Aws-Lambda-Call-Status
X-Unique-ID
X-Azure-Ref-OriginShield
X-Debug-Cache
X-Proxied
X-Routing-Service
X-Storage
X-Cache-Host
X-Zipkin-Id
X-Varnish-Beresp-Status
X-Platform
X-Varnish-Cache-Hits
Web-Mar-Node
X-Generation-Time
DataCenter
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Via-JSL
Cross-Origin-Opener-Policy
OT-Force-Account-Verify
X-Parallel-Accel
X-Cluster-Node
X-Varnish-Hits
X-Extlb
X-Locale
X-APP-VERSION
Server-Info
Geo-Info
X-B3-Traceid
X-Origin-CC
Count-Hit
X-Origin-TTL
X-Service
X-Core-Value
X-From
X-Location
CDN-Uid
X-Air-Hostname
X-Destination
X-Air-Trace-Id
X-Air-Source
X-NAPM-TraceId
CDN-EdgeStorageId
X-CF-Lambda-Fn
CDN-PullZone
X-Varnish-Beresp-Ttl
CDN-RequestCountryCode
Apple-News-Services-Request-Url
X-CF-Lambda-Version
X-Connection-Hash
X-Cms-Context
Host-ID
X-Magnolia-Registration
A
BehaviorPad-Version
X-D
Apple-News-Services-Handled
DCR-Processing-Time-Ms
X-SRCache-Key
X-Generated-On
Apple-News-Services-Host
CDN-Cache
X-Geo-Header
Expiry
Fastcgi-X-Cache-Version
X-External-Request-Id
X-Session-Fingerprint
X-Level-Front-Cache
Fastly-Backend-Name
Content-Disposition
CDCHOST
X-Developer
DCR-Decision-By
CDN-CachedAt
Apple-News-Services-Parsed-Url
X-PBS-Appsvrname
X-Vdms-Path
T-Server
X-B-Cookie
X-A-Dcw
X-BCube-Filmed-By
Odigeo-Trace-Id
Mobile-Detection-Method
Surrogated-Key
X-Bip
X-Request-URI
X-Processor
X-ARC
X-Ratelimit-Reset
X-A-Wwc
X-AIR-PT
X-A-Dgt
X-Vtex-Remote-Cache
X-Aed
X-Varnish-Url
X-Application
Rendered-Blocks
X-Vtex-Processado-Em
Meta-Geo-Continent
X-A-Dam
X-S
X-S-Cookie
X-Rojux
X-Proxy-Upstream
X-VG-WebServer
M-TraceId
X-VG-WebCache
X-PAYTM-SRV-ID
X-Cache-NE
X-ScT
CDN-RequestId
X-A-Ccd
X-Sucuri-ID
X-Thanos
X-Rewrite-Enabled
X-Cache-Bucket
MD5-Digest
X-Vdms-Version
X-A
GEO-INFO
X-Tb
X-TX-ID
X-Site-Version
Cmstype
UCS
X-Envoy-Decorator-Operation
Cmsid
X-Developers
X-Backend-State
Memcached
Fastly-SIE
X-Branch-Name
Fastly-SWR
X-Cache-Debug
X-Clientip
Gh-Request-Id
State
Esi-Enabled
Pagetype
Pics-Label
X-Aicache-OS
Server-Host
PFcat
Location
Path
X-Date
X-Accel-Expires-Debug
X-Hash
X-JWT-State
X-Scheme
X-Is-Gdpr
X-HN
X-Has-Esi
X-Rebelmouse-Surrogate-Control
Req-Svc-Chain
X-Rebelmouse-Cache-Control
X-Origin
X-NU-AKA-ACS-Version
Cache-Host
X-Epic-Correlation-Id
X-VarnishDD-TTL
X-GoCache-CacheStatus
X-Request-UUID
X-TrackingId
X-Platform-Server
X-VG-TLSProxy
X-Var-Ttl
AKAMAI
X-EC-Lua
X-Gamma-Serve
X-Cluster
X-Req
Ec-Rule-Version
CacheControlHeader
X-DataDome
X-Ratelimit-Limit
X-Pass-Why
Upgrade-Insecure-Requests
User-Cache-Control
Tcn
Kp-EeAlive
X-Variation
Fastly-Drupal-HTML
Vix-Hermes-Req-Id
Wxu-Next-Hostname
Wxu-Next-Commit
X-Policy
We-Hiring
X-RateLimit-Limit-Second
Fastcgi-Cache-TTL
L
X-VC-Cache
X-WADP-Cache
X-RateLimit-Remaining-Second
X-Viewer-Country
Wxu-Next-Region
X-Cache-Info
X-Generated-In
X-Generated-By
X-Li-Fabric
X-Li-Pop
X-Csrf-Jwt
X-Forwarded-Site
X-Device-Os
X-Fastly-Backend
X-Eu-Site
X-DPWN-IS-SECURE
X-Fastly-Cache
X-Fmm-Version
X-LI-UUID
X-Men
X-Cache-Grace
X-Served-From
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-Owner
X-Cache-Tags
Origin
X-Micro-Cache
X-Clara-WADP
X-CGP
X-Origin-Expires
X-Request-Host
Adler-Geo
NGX
Mail-Subject
X-Sigma-Backend
NM-Fastcgi-Cache
Source
X-Varnish-Ttl
Platform
PB-RID
X-Sigma
L5d-Success-Class
Arc-Version
DSUID
Cf-Device-Type
Arc-Country
X-Rocket-Build-Number
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
X-VHOST
PB-PID
Thinkindot-CacheControl
TDXMobile
Thinkindot-Control
X-Minions-Version
True-Client-Country-4JS
Svr
Thinkindot-CacheControl-Type
X-Amz-Meta-S3cmd-Attrs
X-Servername
X-NWS-UUID-VERIFY
SID
X-Old-Content-Length
X-Forwarded-Host
X-Fetched-On
X-HS-Content-Campaign-Id
X-Irp-Debug
X-FC-Vary-Parameters
Cache-Key
C-Via
My-App
X-PF-Uncompressing
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-GeoIP-City
X-Slack-Backend
X-Gzip
X-Mvc-Supplant-Cachable
X-SIPLIST1
X-GeoIP
X-Gen-Mode
X-Hnp-Log
CPC-Age
X-Varnish-CookieHashed-On
X-User
V-Age
X-Nginx-Cache-Key
X-Esi-Check
CPC-Cache
Release
X-Block-Status
X-Cache-Id
X-VServer
Locid
X-Wikidot-Backend
Server-Ext
VNS-Cache
VNS-Age
Sever-Int
Server-Hostname
X-Wikidot-Static-Cache
Webserver
IsBot
X-Loc
X-Qloud-Router
X-Via-NSCOPI
X-DefElseHash
X-DefHash
X-Ratelimit-Remaining
X-Planisys-CDN-Rules
X-Skip-Cache
Url
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
S-Rt
X-Ua
X-Mvc-Supplant-OutputCached
X-PJAX-URL
X-Orig-Expires
X-Vc
X-Via-Popn
X-Via-Popv
Powered-By-ChinaCache
X-Shop-Environment
Cache-Hits
X-Via-Poph
X-Tenant
X-Forwarded-Path
X-TraceId
X-CLOUD-TRACE-CONTEXT
Cross-Origin-Window-Policy
MIME-Version
X-OVcl
NtCoent-Length
X-OVcl-Cache
X-Refresh
X-Geo
X-Unique-Id
X-Cache-Ttl
DB-Nickname
Content-Secure-Policy
X-HP-Trace-Id
X-Ftr-Request-Id
X-ZONE
Cf-Bgj
XServer
X-Backend-TTL
X-Internal-Host
X-LB-ID
X-Conf
Time
Memory
Magicmarker
X-NC
X-ID
X-Zone
GeoIp-Country-Code
X-Srv
X-BBC-Edge-Cache-Status
Geoip-Latitude
X-NCache
WebServer
HostName
X-Worker
X-Dispatcher-Server
X-Ckpd-Fst-Backend
X-Method
Server-ID
X-GEO
X-TIME
X-Auto-Login
X-Servedbyhost
X-NewRelic-App-Data
X-V-Cache
X-LSADC-Cache
X-IP
X-Li-Proto
X-Render-Time
X-Rocket-Nginx-Serving-Static
Hostname
Ssr
X-Platform-Router
X-Tb-Optimization-Total-Bytes-Saved
X-Platform-Cluster
X-Platform-Processor
X-M-Reqid
X-Qnm-Cache
X-M-Log
LB
X-Nc
X-Newrelic-Synthetics
X-Trv-Group
X-Vcl-Version
X-SD-PageType
X-Traceid
X-Cache-Remote
X-DC
Resin-Trace
X-Wa
X-Correlation-ID
Environment
X-Datadog-Parent-Id
X-APP
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Node-Id
X-Tx-Id
X-App
Ohc-File-Size
X-CACHE-AGE
X-API-Version
X-Origin-Time
X-Nyt-Route
X-Origin-Response-Time
X-Cache-Config
X-Gdpr
X-HITS
Env
X-MSEdge-Features
X-MSEdge-Flight
X-BBC-Origin-Response-Status
X-Via-CDN
X-Dynatrace
X-NodeID
X-ServerName
X-DynaTrace-JS-Agent
X-Via-Ucdn
X-FTR-Request-ID
X-Pod-Name
Cluster
X-Varnish-Beresp-TTL
X-VCL-Version
X-WA
X-Server-IP
X-Edge-Pop
X-Reqid
X-HostName
Cf-Ipcountry
Sid
CF-Cached-On
X-ElasticPress-Query
Candidate-Md5Url
Datacenter
X-Wix-Viewer-Type
X-LI-Proto
Rt-Fastcgi-Cache
Viewtype
X-ND-Cache
VivaBuild
X-Cache-Var
X-Cdn-Forward
X-Cache-Var-Map
Web-Mar-Region
Machine
X-HS-Status
N-Cache
X-Akamai-Pragma-Client-IP
X-ServedByHost
X-Cs
X-Dynatrace-Js-Agent
CDN
FSS-Cache
Server-Id
On-Server
GeoIP-Country-Code
Cdn
Servername
X-Webkit-CSP-Report-Only
GeoIP-Latitude
Proxy-Connection
X-NGINX-Cache
X-EIG-Tracking-Id
X-Lb-Id
WWW-Authenticate
X-Varnish-Cacheable
WZWS-RAY
X-Check-Cacheable
Onion-Location
X-CCM
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
Xc-Version
X-URL
X-Oss-Hash-Crc64ecma
X-FTR-DC
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Swa-Ws
X-FTR-Realm
X-Xrds-Location
X-Esi
Ohc-Cache-HIT
X-CSRF-TOKEN
X-Fastly-Request-Id
X-VC
X-Via-PopH
X-Via-PopV
Tracecode
X-Cache-Backend
X-Via-PopN
X-Fastly-Backend-Reqs
X-IN-APIGATEWAY
X-Pjax-Url
X-IN-APIGATEWAYSSL
X-Swift-Error
X-SN
URI
CountryCode
Mime-Version
X-CUA
Cteonnt-Length
X-Contensis-Viewer-Groups
X-FORWARDED-FOR
X-Varnish-Authentication
SR-User-Adfree
X-Air-Pt
Instruction
CACHE
Redirect-Candidate
X-Dw-Trace-Id
X-Fpc
X-Cache-ASPX
X-FTR-Expires
X-TIM-N
X-Region-Sid
X-Request-Start
X-Tid
X-StackifyID
X-DI
X-DW
X-Action
X-RPM
X-DSS
Shield-Pop
X-RSL
X-Up
X-RPS
Xet-Cookie
Ohc-Response-Time
X-DB
X-Fastly-Cache-Hits
WP-Super-Cache
X-SB
X-Depends-On
X-Yottaa-OS
X-LiteSpeed-Cache-Control
Server-Ttl
X-UnsetCookies
X-Pf-Uncompressing
X-Webstats-RespID
X-ElasticPress-Search
Warning
X-Snapshot-Date
X-Provided-By
X-Mg-Request-Id
X-Apw-Access-Object
X-Apw-Access-Action
X-FPC
X-Amz-Meta-Cb-Modifiedtime
X-Hcs-Proxy-Type
X-C
X-Cache-Expires
X-Apw-Hits
X-Apw-Access-Token
X-CCDN-CacheTTL
X-Cache-Status-Check
X-CCDN-Origin-Time
X-MiniProfiler-Ids
X-Acquia-Application-Trace
X-Pad
X-Tt-Logid
W
Lfy
Content-Script-Type
Content-Style-Type
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
CloudFront-Viewer-Country
X-Matched-Rule
Vha6-Origin
ServerName
X-Acquia-Site
X-Core-Mission
X-TH-Server