Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Ua-Compatible
Access-Control-Expose-Headers
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
X-Robots-Tag
Server-Timing
Request-Context
X-Server
X-Ws-Request-Id
X-AH-Environment
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-LiteSpeed-Cache
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
X-Pingback
EagleEye-TraceId
X-Vhost
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-WebKit-CSP
X-Response-Time
X-Akam-SW-Version
X-Readtime
Accept-CH
Xkey
X-HW
X-Country
Accept-Ch-Lifetime
X-Webkit-CSP
X-Ac
Content-Location
X-Application-Context
X-Language
X-Template
Rating
MS-Author-Via
X-Ruxit-JS-Agent
X-Url
X-Cloud-Trace-Context
X-Cache-Lookup
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-GitHub-Request-Id
X-Content-Type
X-ASPNET-VERSION
Fastly-Restarts
X-Cnection
Accept-Ch
X-Origin-Cache
X-Rack-Cache
X-D2id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Use-Magma
Arr-Disable-Session-Affinity
X-Country-Code
Verso
X-Goog-Hash
X-VARITI-CCR
Accept-CH-Lifetime
X-Cached
X-Server-Name
X-Vcap-Request-Id
X-Powered-By-Plesk
X-Navigation-Version
Cache-Tag
X-Amz-Rid
X-Client-IP
X-Abt-Application-Version
Service-Worker-Allowed
X-Buckets
X-Fastly-Request-ID
X-FastCGI-Cache
X-Middleton-Display
Display
Pagespeed
Response
X-Middleton-Response
X-Sol
X-ORACLE-DMS-ECID
X-Ttl
RTSS
Access-Control-Request-Method
X-Element-Page-Cache
X-MSEdge-Ref
X-Powered-CMS
X-NF-Request-ID
X-Cache-TTL
X-Dw-Request-Base-Id
X-Upstream
Public-Key-Pins
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Ruxit-Js-Agent
Realpath
SPIisLatency
X-Oneagent-Js-Injection
SPRequestDuration
X-Accel-Expires
X-SharePointHealthScore
SPRequestGuid
X-Px
X-HP-Webp
X-ECACHE
X-Jurisdiction
X-T
X-TTL
X-Correlation-Id
X-Mid
X-Forwarded-Proto
X-MCACHE
X-Edge-Location-Klb
X-Release
X-PressLabs-Stats
X-Mg-S
Charset
X-Litespeed-Cache
X-Content-Security-Policy-Report-Only
X-Recruiting
X-Shield-Request-Id
TP-Cache
TP-L2-Cache
Edge-Cache-Tag
X-Ezoic-Cdn
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Fastcgi-Cache
X-DynaTrace
X-Amz-Server-Side-Encryption
X-ORACLE-DMS-RID
X-Id
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Content-Digest
X-Kraken-Routeconfig-Destination
X-Instrumentation
Filters
X-Request-Processing-Time
X-Request-Received
Cache-Tags
Alternate-Protocol
Content-MD5
X-Logged-In
Server-Node
Front-End-Https
X-Forwarded-For
Nginx-Cache
Server-Name
X-Cache-Key
X-Origin-Upstream-Status
X-WebKit-CSP-Report-Only
X-Amzn-Trace-Id
X-Fastcgi-Cache
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
TCN
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
AR-Request-ID
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-ATIME
X-XRDS-LOCATION
X-Origin-Server
X-Contextid
X-Grace
X-Amz-Replication-Status
X-Geo-Country
X-AppVersion
X-F-Cache
Host
X-Activity-Id
X-Az
X-HS-Content-Id
X-HS-Hub-Id
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Rid
X-GUploader-UploadID
X-HS-Cache-Config
X-HS-Combine-CSS
X-Server-ID
Cleartype
X-Hostname
X-Www-Served-By
X-Frontend
X-RateLimit-Remaining
X-Protected-By
Section-Io-Cache
X-LB-Cache
X-XRDS-Location
X-Debug-Info
X-Ser
MicrosoftSharePointTeamServices
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Aspnetmvc-Version
X-Request-Handler-Origin-Region
X-Microsite
X-Page-Id
X-Git-Hash
X-Cache-Age
Accept-Charset
X-Varnish-Age
X-Respond-Thread
X-Source
X-Upgrade-Enabled
X-DIS-Request-ID
Nel
X-Hits
X-VCache
X-Mobile-URL
X-Tec-Api-Origin
X-Content-Options
X-Tec-Api-Version
X-Tec-Api-Root
X-NWS-LOG-UUID
Paypal-Debug-Id
X-Varnish-Grace
ServerID
X-Varnish-Backend
X-CACHE-GROUP
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Request-Guid
X-B-Cache
X-Signature
X-Flags
X-Whom
X-N
Payment
Access-Control-Allow-Method
Healthy
X-FB-Debug
X-B3-Sampled
X-App-Environment
X-TT
X-Cache-Action
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Node
X-Seen-By
Viewport
X-AOL-HN
X-Daa-Tunnel
X-Type
X-Load-Cache
Fastcgi-Useragent
Version
MS-CV
X-Mobile
DC
X-Cache-Expired-At
X-Webkit-Csp
Filterid
X-HTML-Minification-Powered-By
X-Distributor
DynaTrace
X-IPLB-Instance
X-Cache-Control
SRV
X-Yandex-Sdch-Disable
X-Ab
X-FireWall-Port
Retry-After
X-Original-Request-Id
X-Response-Served-From
X-Real-IP
X-Debug
X-RemovedCookies
X-Tt-Trace-Tag
X-Jobs
X-ProcessESI
X-Proxy-Cache-Status
Refresh
NGB
X-UUID
X-Tt-Trace-Host
X-Varnish-Server
X-Accel-Buffering
X-Device-Type
X-Debug-IsConnected
Ms-Operation-Id
X-Content-Powered-By
X-Debug-IsPreview
X-Instance
X-Region
X-Page-View
X-RTag
X-IPS-LoggedIn
X-Proxy
X-B
X-Cacheable-TTL
X-Tumblr-Pixel-1
Uber-Trace-Id
Frame-Options
Access-Control-Request-Headers
X-Tumblr-User
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel-0
X-Framework
X-Tumblr-Pixel
Cache
X-Cluster-Name
X-Adobe-Content
X-Cache-Time
X-Adobe-Loc
X-G
X-Wix-Request-Id
X-User-Agent
X-Zen-Fury
X-FW-Type
X-FW-Server
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Static
Countrycode
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-Cache-Hit
X-App-Version
X-Time
X-RateLimit-Limit
X-Vgn-Hpd-Reason
Cache-Status
Surrogate-Key
X-Nginx-Cache
X-NGENIX-Cache
Eomportal-Instance
X-Drupal-Cache-Tags
X-Rendered-As
X-Azure-Ref
Country
X-Is-Bot
X-EdgeConnect-Cache-Status
X-TA-CDN-Provider
X-App-Server
X-Mg-Request-UUID
S-Cnection
X-Oracle-Dms-Rid
X-Rule
X-Ms-Version
X-Drupal-Cache-Contexts
X-Ms-Request-Id
X-Cache-Rule
CF-IPCountry
Referer-Policy
AMP-Access-Control-Allow-Source-Origin
Liferay-Portal
X-CDN-Forward
X-Varnishpool
X-Timing-Wait
X-UPSTREAM-Address
Meta-Geo
X-RN-RSRV
X-ES-SERVER
X-JoinUs
From-Origin
X-SaId
SD-X-WS
Selected-Fe
X-Proxy-Build
X-TNCMS
X-Alternate-Cache-Key
ServedBy
X-ShopId
X-R9-Blue-Green-Version
X-ShardId
X-Endurance-Cache-Level
X-Loop
X-Cache-TTL-Remaining
X-PHP-Backend
X-No-Session
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Xfnlog-Site
X-Storefront-Renderer-Rendered
Country-Code
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Sorting-Hat-ShopId
X-Via-Fastly
X-Cache-Server
X-Node-Name
Decoy-Debug-Key
Decoy-Debug-TTL
X-SayCDN-TTL
Cache-Tv-Group
Fastly-SSL
Cache-Name
Xserver
X-VWS-Id
X-Environment-Context
X-L-Path
Akamai-GRN
X-Say-TTL
Protected
X-OCL
X-LJ-Flow-ID
X-LAGOON
X-Handled-By
X-Cache-PHP
X-Be
X-Pubstack
X-PCL
X-AWS-Id
X-Backend-Host
X-Say-Cacheable
Decoy-Debug-Status
X-Varnish-Hostname
X-S-Maxage
X-Human
X-Request-Time
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
Azure-SiteName
X-RCS-CacheZone
Property-Id
X-Redis-Cache
TWC-Privacy
TWC-Connection-Speed
Webcakes-App-Version
X-NYM-Debug-Backend
X-Origin-Date
X-Labrador-Cache-Channel
X-Hyper-Cache
X-Hl-Ver
X-Origin-Hint
X-Access
X-ProxyCache-Status
Webcakes-Region
X-Proto
X-PHP-Host
Webcakes-App-Name
TWC-Device-Class
Azure-Version
X-Sql-Duration-Ms
X-BYPASS-REASON
X-Status
X-Tumblr-Pixel-2
Azure-SlotName
X-ProxyCache-Key
Apigw-Requestid
X-Cache-Operation
X-Section
X-Server-W
X-Sql-Count
Azure-RegionName
Azure-InstanceId
X-Format
X-FB-TRIP-ID
X-Backend-Name
X-Akamai-Edgescape
X-Cached-By
X-Varnish-Beresp-Grace
X-Adobe-Source
X-ApacheServer
X-PERF
X-GG-Cache-Date
Mn-Server-Ip
X-Hosted-By
X-Uri
X-UA-Device-Type
X-Web-Node
X-WA-Info
X-Ua-Device
Amp-Access-Control-Allow-Source-Origin
X-MP-GENERATED-AT
X-Trace-Id
X-Content-Age
X-ATG-Version
X-Dc
X-B3-SpanId
X-Cache-Enabled
X-FW-Version
X-Revision
X-CSRF-Token
X-Soup
X-Edge-Location
X-Time-Microsecs
X-Mode
Backend
X-ServerID
X-Cache-Type
X-Info
X-CACHE-KEY
Who
X-SRV
X-Bc-Bl
X-CS
X-Tumblr-Pixel-3
X-TT-LOGID
X-Varnish-Beresp-Status
X-Cache-NGX
X-Microcachable
X-Detected-As
X-Akamai-Transformed
X-Debug-Cache
X-Storage
X-Proxied
X-Aws-Lambda-Call-Status
X-Routing-Service
X-Zipkin-Id
X-Platform
X-Azure-Ref-OriginShield
X-Datadome
X-Cache-Host
X-Unique-ID
Web-Mar-Node
X-APP-VERSION
X-Via-JSL
X-Varnish-Cache-Hits
X-DataDome
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
OT-Force-Account-Verify
X-Generation-Time
X-B3-Traceid
X-Extlb
Server-Info
X-Locale
X-Varnish-Hits
DataCenter
Cross-Origin-Opener-Policy
X-Varnish-Beresp-Ttl
X-Cluster-Node
X-Site-Version
X-Parallel-Accel
X-Origin-TTL
GEO-INFO
Count-Hit
X-Origin-CC
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
CDN-Uid
DCR-Decision-By
DCR-Processing-Time-Ms
Content-Disposition
X-Geo-Header
CDN-Cache
X-Generated-On
CDN-RequestId
Apple-News-Services-Request-Url
X-Varnish-Url
X-NAPM-TraceId
X-Vdms-Path
X-PAYTM-SRV-ID
X-PBS-Appsvrname
Geo-Info
Apple-News-Services-Handled
X-Level-Front-Cache
BehaviorPad-Version
Expiry
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
CDCHOST
X-External-Request-Id
X-Cache-Bucket
X-Bip
X-BCube-Filmed-By
X-Cache-NE
T-Server
X-CF-Lambda-Fn
Surrogated-Key
X-B-Cookie
X-ARC
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A
X-A-Wwc
X-Application
X-Aed
X-CF-Lambda-Version
Rendered-Blocks
M-TraceId
MD5-Digest
X-Developer
X-EC-Lua
Host-ID
Fastly-Backend-Name
X-From
Meta-Geo-Continent
Mobile-Detection-Method
X-Connection-Hash
X-Cms-Context
X-Core-Value
X-D
X-Destination
Odigeo-Trace-Id
Fastcgi-X-Cache-Version
A
X-Ratelimit-Reset
X-Vdms-Version
X-AIR-PT
X-S-Cookie
X-ScT
X-Service
X-Cache-Ttl
X-S
X-Rojux
X-VG-WebCache
X-TEC-API-VERSION
X-A-Dgt
X-Rewrite-Enabled
X-Thanos
X-TEC-API-ROOT
X-Request-URI
X-TEC-API-ORIGIN
X-VG-WebServer
X-Air-Hostname
X-Processor
X-SRCache-Key
X-Air-Source
X-Air-Trace-Id
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Magnolia-Registration
X-Session-Fingerprint
X-Sucuri-ID
X-Proxy-Upstream
User-Cache-Control
X-Pass-Why
X-Tb
Location
X-Branch-Name
X-Envoy-Decorator-Operation
X-Developers
X-Fastly-Cache
Memcached
Ec-Rule-Version
X-Forwarded-Site
UCS
Esi-Enabled
Fastly-SWR
X-Generated-By
X-Served-From
X-Gamma-Serve
X-Fmm-Version
X-Cache-Debug
X-Varnish-Ttl
Pics-Label
PFcat
Req-Svc-Chain
X-Clientip
X-Clara-WADP
X-Aicache-OS
Cache-Host
X-Accel-Expires-Debug
X-WADP-Cache
X-Date
X-Cache-Info
X-Backend-State
X-Scheme
Path
Pagetype
Server-Host
Fastly-SIE
State
X-Rebelmouse-Cache-Control
AKAMAI
X-Req
X-JWT-State
X-Request-UUID
X-Request-Host
X-Is-Gdpr
X-Location
X-Men
X-TrackingId
X-Cluster
X-Platform-Server
X-Var-Ttl
X-NU-AKA-ACS-Version
X-VarnishDD-TTL
X-Micro-Cache
X-Amz-Meta-S3cmd-Attrs
X-VG-TLSProxy
X-Rebelmouse-Surrogate-Control
Cmsid
X-Has-Esi
Cmstype
X-Hash
X-GoCache-CacheStatus
X-HN
X-Epic-Correlation-Id
X-Servername
Upgrade-Insecure-Requests
X-RateLimit-Limit-Second
X-Owner
X-Block-Status
X-Mvc-Supplant-Cachable
X-VC-Cache
X-Policy
X-Cache-Id
X-Cache-Grace
X-Generated-In
X-Origin-Expires
X-Old-Content-Length
X-Minions-Version
X-Viewer-Country
X-Origin
X-SVT-ORM-RULES
Origin
X-Gzip
X-Variation
X-Gen-Mode
X-Thinkindot-L3
X-Slack-Backend
My-App
X-Sigma-Backend
Fastly-Drupal-HTML
X-Eu-Site
Fastcgi-Cache-TTL
X-Irp-Debug
X-Sigma
X-Esi-Check
Kp-EeAlive
X-DPWN-IS-SECURE
X-Device-Os
X-Rocket-Build-Number
X-Hnp-Log
X-Fastly-Backend
X-CGP
X-RateLimit-Remaining-Second
X-HS-Content-Campaign-Id
X-SVT-ORM-VERSION
X-Wikidot-Backend
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Csrf-Jwt
L
X-Wikidot-Static-Cache
X-Cache-Tags
Wxu-Next-Region
Thinkindot-CacheControl
TDXMobile
Svr
Thinkindot-CacheControl-Type
Thinkindot-Control
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
Is-Eu
Platform
PB-PID
NM-Fastcgi-Cache
NGX
L5d-Success-Class
Mail-Subject
True-Client-Country-4JS
DSUID
We-Hiring
Adler-Geo
X-TX-ID
Wxu-Next-Hostname
Wxu-Next-Commit
PB-RID
Arc-Country
Cache-Key
CacheControlHeader
Arc-Version
Vix-Hermes-Req-Id
C-Via
Cf-Device-Type
Source
X-NWS-UUID-VERIFY
Webserver
VNS-Cache
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Via-NSCOPI
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-PF-Uncompressing
X-Forwarded-Host
X-Varnish-CookieHashed-On
X-User
X-GeoIP-City
CPC-Cache
CPC-Age
X-GeoIP
X-Planisys-CDN-TTL
X-Skip-Cache
X-SIPLIST1
X-Qloud-Router
X-FC-Vary-Parameters
X-Fetched-On
X-Loc
Server-Ext
Sever-Int
Release
X-DefHash
X-DefElseHash
X-Nginx-Cache-Key
VNS-Age
Server-Hostname
IsBot
V-Age
X-Ratelimit-Limit
X-VServer
Locid
SID
Tcn
X-Goog-Meta-Goog-Reserved-File-Mtime
Url
X-Mvc-Supplant-OutputCached
X-CLOUD-TRACE-CONTEXT
X-OVcl-Cache
X-OVcl
S-Rt
X-Vc
X-Orig-Expires
X-Shop-Environment
X-Tenant
X-Forwarded-Path
Powered-By-ChinaCache
X-Via-Popn
X-Via-Popv
NtCoent-Length
X-Via-Poph
Cache-Hits
X-TraceId
X-Ua
X-Unique-Id
Cf-Bgj
X-Ratelimit-Remaining
X-Refresh
DB-Nickname
Cross-Origin-Window-Policy
X-PJAX-URL
MIME-Version
X-Backend-TTL
XServer
X-Ftr-Request-Id
Magicmarker
X-Zone
X-ZONE
X-ID
Time
Content-Secure-Policy
X-NC
X-Geo
X-GEO
Memory
X-Internal-Host
X-LB-ID
X-Conf
WebServer
X-Srv
X-Dispatcher-Server
X-NCache
GeoIp-Country-Code
Geoip-Latitude
X-BBC-Edge-Cache-Status
X-Method
HostName
X-HP-Trace-Id
Server-ID
X-Worker
X-Servedbyhost
X-Ckpd-Fst-Backend
X-TIME
X-IP
X-NewRelic-App-Data
Ssr
Hostname
X-DC
X-V-Cache
X-LSADC-Cache
X-Auto-Login
LB
X-Li-Proto
X-Rocket-Nginx-Serving-Static
X-Tx-Id
X-Newrelic-Synthetics
X-Qnm-Cache
X-Platform-Router
X-Wa
X-Traceid
X-Trv-Group
X-Platform-Cluster
X-Render-Time
X-Tb-Optimization-Total-Bytes-Saved
X-Nc
X-M-Reqid
X-Platform-Processor
X-M-Log
X-SD-PageType
X-Cache-Remote
X-App
X-Vcl-Version
Resin-Trace
X-Node-Id
Ohc-File-Size
X-APP
Env
X-Via-CDN
X-Origin-Response-Time
X-MSEdge-Features
X-MSEdge-Flight
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Environment
X-Dynatrace
X-VCL-Version
X-HITS
X-CACHE-AGE
X-VHOST
X-Via-Ucdn
X-Cache-Config
X-Reqid
X-FTR-Request-ID
Datacenter
X-HostName
X-BBC-Origin-Response-Status
X-NodeID
X-ServerName
Sid
X-Origin-Time
X-Gdpr
CF-Cached-On
X-Nyt-Route
X-Server-IP
X-WA
Cluster
X-API-Version
X-Varnish-Beresp-TTL
X-Correlation-ID
X-DynaTrace-JS-Agent
VivaBuild
Viewtype
X-LI-Proto
Rt-Fastcgi-Cache
X-ElasticPress-Query
Candidate-Md5Url
X-Wix-Viewer-Type
X-Pod-Name
Cf-Ipcountry
X-Edge-Pop
X-ND-Cache
X-Cdn-Forward
Machine
X-HS-Status
X-Cache-Var-Map
X-Cache-Var
Web-Mar-Region
N-Cache
X-Akamai-Pragma-Client-IP
X-Cs
X-Dynatrace-Js-Agent
FSS-Cache
X-ServedByHost
Server-Id
CDN
On-Server
Proxy-Connection
GeoIP-Latitude
GeoIP-Country-Code
X-NGINX-Cache
X-Webkit-CSP-Report-Only
X-Pjax-Url
WZWS-RAY
X-Oss-Storage-Class
X-FTR-DC
X-Check-Cacheable
Cdn
Servername
X-FTR-Cache-Status
X-FTR-Balancer
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Lb-Id
X-Oss-Server-Time
X-Oss-Object-Type
Xc-Version
X-CCM
X-Country-Code-Real
X-URL
X-FTR-Backend
X-Swa-Ws
X-FTR-Backend-Server
X-FTR-Realm
X-Xrds-Location
Ohc-Cache-HIT
X-CSRF-TOKEN
X-Esi
X-Fastly-Request-Id
X-VC
Tracecode
X-EIG-Tracking-Id
X-Fastly-Backend-Reqs
X-Via-PopN
X-Via-PopV
X-Via-PopH
WWW-Authenticate
X-Varnish-Cacheable
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Cache-Backend
CountryCode
URI
X-Swift-Error
Onion-Location
X-SN
X-CUA
Cteonnt-Length
Mime-Version
X-FORWARDED-FOR
X-Cache-ASPX
X-Region-Sid
Instruction
SR-User-Adfree
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-FTR-Expires
X-Fpc
X-Air-Pt
CACHE
Shield-Pop
X-Dw-Trace-Id
X-Action
X-DB
X-Depends-On
X-Yottaa-OS
X-Fastly-Cache-Hits
X-UnsetCookies
Ohc-Response-Time
X-DI
Server-Ttl
X-DSS
X-Request-Start
X-StackifyID
X-Tid
X-TIM-N
Redirect-Candidate
X-RSL
X-DW
X-RPM
X-RPS
Warning
X-ElasticPress-Search
X-LiteSpeed-Cache-Control
X-Pf-Uncompressing
X-Snapshot-Date
X-Webstats-RespID
X-SB
WP-Super-Cache
X-Provided-By
X-Apw-Access-Object
X-Apw-Access-Token
X-Cache-Expires
X-Acquia-Purge-Tags
X-Apw-Hits
X-Matched-Rule
X-Apw-Access-Action
X-Up
Xet-Cookie
X-MiniProfiler-Ids
CloudFront-Viewer-Country
Content-Script-Type
X-Core-Mission
X-Cache-Status-Check
X-Hcs-Proxy-Type
W
X-TH-Server
X-Tt-Logid
X-Pad
X-Acquia-Application-UUID
Lfy
X-CCDN-Origin-Time
X-Acquia-Site
Content-Style-Type
X-Mg-Request-Id
X-CCDN-CacheTTL
X-C
ServerName
Vha6-Origin
X-Acquia-Application-Trace