Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Ua-Compatible
Access-Control-Expose-Headers
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
X-Robots-Tag
Server-Timing
Request-Context
X-Server
X-Ws-Request-Id
X-AH-Environment
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-LiteSpeed-Cache
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
X-Pingback
EagleEye-TraceId
X-Vhost
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-WebKit-CSP
X-Response-Time
X-Akam-SW-Version
X-Readtime
Accept-CH
Xkey
X-HW
X-Country
Accept-Ch-Lifetime
X-Webkit-CSP
X-Ac
Content-Location
X-Application-Context
X-Language
X-Template
Rating
MS-Author-Via
X-Ruxit-JS-Agent
X-Url
X-Cloud-Trace-Context
X-Cache-Lookup
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-ASPNET-VERSION
X-Cnection
Accept-Ch
X-Origin-Cache
X-Rack-Cache
X-D2id
X-Kinja-Server
X-Cdn-Fetch
X-Kinja
Arr-Disable-Session-Affinity
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-GoogleNews-Bot
Verso
X-Country-Code
X-VARITI-CCR
X-Goog-Hash
Accept-CH-Lifetime
X-Cached
X-Server-Name
X-Vcap-Request-Id
X-Powered-By-Plesk
X-Navigation-Version
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-Fastly-Request-ID
X-Buckets
X-FastCGI-Cache
Display
X-Middleton-Display
X-Middleton-Response
X-Sol
Pagespeed
Response
X-ORACLE-DMS-ECID
X-Ttl
RTSS
Access-Control-Request-Method
X-Element-Page-Cache
X-MSEdge-Ref
X-Powered-CMS
X-NF-Request-ID
X-Cache-TTL
X-Dw-Request-Base-Id
X-Upstream
Public-Key-Pins
X-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Ruxit-Js-Agent
X-Oneagent-Js-Injection
SPRequestDuration
Realpath
SPIisLatency
X-Accel-Expires
X-SharePointHealthScore
SPRequestGuid
X-Px
X-HP-Webp
X-ECACHE
X-T
X-Jurisdiction
X-TTL
X-Mid
X-Forwarded-Proto
X-MCACHE
X-Correlation-Id
X-Edge-Location-Klb
X-PressLabs-Stats
X-Release
X-Mg-S
X-Litespeed-Cache
Charset
X-Content-Security-Policy-Report-Only
X-Recruiting
X-Shield-Request-Id
TP-Cache
Edge-Cache-Tag
TP-L2-Cache
X-Ezoic-Cdn
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-DynaTrace
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-ORACLE-DMS-RID
X-Id
X-Kraken-Loop-Name
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Content-Digest
X-Request-Processing-Time
X-Request-Received
Filters
Cache-Tags
Server-Node
Content-MD5
Alternate-Protocol
X-Logged-In
Front-End-Https
Nginx-Cache
X-Forwarded-For
Server-Name
X-Cache-Key
X-Origin-Upstream-Status
X-Amzn-Trace-Id
X-Fastcgi-Cache
X-WebKit-CSP-Report-Only
Fusion-Content-Source
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
TCN
X-Origin-Server
Ar-Sid
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
X-XRDS-LOCATION
X-Grace
X-Contextid
X-Amz-Replication-Status
X-Geo-Country
X-Rid
X-F-Cache
X-Az
Host
X-AppVersion
X-Activity-Id
X-Server-ID
X-Goog-Metageneration
X-HS-Hub-Id
X-HS-Content-Id
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-HS-Cache-Config
Cleartype
X-HS-Combine-CSS
X-Hostname
X-Www-Served-By
X-Frontend
X-Protected-By
X-RateLimit-Remaining
Section-Io-Cache
X-XRDS-Location
X-LB-Cache
X-Debug-Info
X-Ser
MicrosoftSharePointTeamServices
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Aspnetmvc-Version
X-Page-Id
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Age
X-Git-Hash
X-Varnish-Age
Accept-Charset
X-Respond-Thread
X-Upgrade-Enabled
X-Source
X-Hits
X-DIS-Request-ID
ServerID
Nel
X-Mobile-URL
X-VCache
Paypal-Debug-Id
X-NWS-LOG-UUID
X-Content-Options
X-Tec-Api-Version
X-Tec-Api-Origin
X-Varnish-Backend
X-Tec-Api-Root
X-Signature
X-CACHE-GROUP
X-Varnish-Grace
X-B-Cache
X-Aspnet-Duration-Ms
X-Request-Guid
X-Flags
X-Is-Crawler
X-Route-Name
X-Providence-Cookie
Payment
Healthy
Access-Control-Allow-Method
X-FB-Debug
X-N
X-Whom
X-TT
X-Kong-Proxy-Latency
X-App-Environment
X-Kong-Upstream-Latency
X-B3-Sampled
X-Cache-Action
Viewport
Node
X-Seen-By
X-Daa-Tunnel
X-AOL-HN
X-Type
X-Load-Cache
Fastcgi-Useragent
Version
MS-CV
DC
X-Mobile
X-Webkit-Csp
X-Cache-Expired-At
Filterid
X-IPLB-Instance
X-Distributor
X-HTML-Minification-Powered-By
DynaTrace
X-Yandex-Sdch-Disable
X-Cache-Control
SRV
X-Ab
Retry-After
X-FireWall-Port
X-Original-Request-Id
X-Response-Served-From
X-Real-IP
X-Debug
X-Instance
NGB
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-ProcessESI
X-Proxy-Cache-Status
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Jobs
X-Varnish-Server
X-Accel-Buffering
X-UUID
X-Tumblr-User
X-RemovedCookies
Refresh
X-Tumblr-Pixel
X-Debug-IsPreview
X-Debug-IsConnected
X-Device-Type
X-RTag
X-Page-View
X-Content-Powered-By
X-Region
X-IPS-LoggedIn
X-Proxy
Ms-Operation-Id
Cache
Uber-Trace-Id
X-B
X-Cache-Time
X-Cluster-Name
Frame-Options
VIX-Pulpo-Upstream-Status
X-Framework
VIX-Pulpo-Node
Access-Control-Request-Headers
X-Cacheable-TTL
X-Adobe-Content
X-Adobe-Loc
X-G
X-User-Agent
X-Wix-Request-Id
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-FW-Static
X-Zen-Fury
X-FW-Hash
X-FW-Type
Countrycode
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-App-Version
X-Cache-Hit
X-Time
X-Vgn-Hpd-Reason
X-RateLimit-Limit
Cache-Status
Surrogate-Key
X-Nginx-Cache
X-NGENIX-Cache
Eomportal-Instance
X-Drupal-Cache-Tags
Country
X-Is-Bot
X-Azure-Ref
X-Rendered-As
X-EdgeConnect-Cache-Status
X-App-Server
X-TA-CDN-Provider
X-Mg-Request-UUID
S-Cnection
X-Oracle-Dms-Rid
X-Rule
X-Drupal-Cache-Contexts
X-Ms-Request-Id
CF-IPCountry
X-Ms-Version
X-CDN-Forward
X-Cache-Rule
Referer-Policy
Liferay-Portal
AMP-Access-Control-Allow-Source-Origin
Selected-Fe
X-SaId
X-RN-RSRV
X-JoinUs
SD-X-WS
X-ES-SERVER
X-UPSTREAM-Address
X-Proxy-Build
Meta-Geo
From-Origin
X-Varnishpool
X-Tumblr-Pixel-2
X-Timing-Wait
Country-Code
X-Handled-By
X-Sorting-Hat-ShopId
X-Endurance-Cache-Level
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Yottaa-Optimizations
X-TNCMS
X-Xfnlog-Site
X-Via-Fastly
X-Yottaa-Metrics
X-Shopify-Stage
X-ShopId
X-PHP-Backend
X-Pubstack
ServedBy
Protected
X-Alternate-Cache-Key
X-No-Session
X-ShardId
X-Loop
X-Backend-Host
X-R9-Blue-Green-Version
X-Cache-TTL-Remaining
X-Cache-Server
X-Node-Name
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
TWC-Locale-Group
Webcakes-Region
X-Cache-PHP
X-Be
X-AWS-Id
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Fastly-SSL
Property-Id
TWC-Device-Class
TWC-Connection-Speed
Xserver
X-LAGOON
X-LJ-Flow-ID
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-Version
X-Human
X-Varnish-Hostname
X-S-Maxage
X-Request-Time
Azure-InstanceId
X-VWS-Id
X-Origin-Hint
X-OCL
X-NYM-Debug-Backend
X-Proto
X-Say-Cacheable
X-Server-W
X-SayCDN-TTL
X-Say-TTL
Cache-Tv-Group
X-PCL
Cache-Name
X-L-Path
X-Environment-Context
Akamai-GRN
X-Redis-Cache
X-Section
X-Sql-Count
X-Access
X-Backend-Name
X-PHP-Host
X-Hl-Ver
X-Format
X-Hyper-Cache
X-Labrador-Cache-Channel
X-Status
X-Origin-Date
X-RCS-CacheZone
X-Sql-Duration-Ms
X-ProxyCache-Key
X-BYPASS-REASON
X-ProxyCache-Status
Apigw-Requestid
X-Cache-Operation
Mn-Server-Ip
X-FB-TRIP-ID
X-PERF
X-Hosted-By
X-Cached-By
X-Varnish-Beresp-Grace
X-GG-Cache-Date
X-ApacheServer
X-Uri
X-Akamai-Edgescape
X-UA-Device-Type
X-Adobe-Source
X-Web-Node
X-MP-GENERATED-AT
X-Content-Age
X-Trace-Id
X-Ua-Device
X-WA-Info
Amp-Access-Control-Allow-Source-Origin
X-ATG-Version
X-Dc
X-B3-SpanId
X-FW-Version
X-Revision
X-Cache-Enabled
X-CSRF-Token
X-Soup
X-Edge-Location
X-Mode
Backend
X-ServerID
X-Time-Microsecs
X-Cache-Type
X-Info
X-Tumblr-Pixel-3
X-SRV
Who
X-CACHE-KEY
X-Bc-Bl
X-CS
X-Cache-NGX
X-TT-LOGID
X-Microcachable
X-Varnish-Beresp-Status
X-Akamai-Transformed
X-Detected-As
X-Debug-Cache
X-Platform
X-Storage
X-Proxied
X-Aws-Lambda-Call-Status
X-Datadome
X-Routing-Service
X-Azure-Ref-OriginShield
X-Zipkin-Id
Web-Mar-Node
X-Cache-Host
X-Unique-ID
X-Amzn-Remapped-Content-Length
X-Generation-Time
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Varnish-Cache-Hits
X-Via-JSL
X-APP-VERSION
X-DataDome
DataCenter
X-Extlb
X-B3-Traceid
X-Locale
X-Varnish-Hits
Server-Info
OT-Force-Account-Verify
X-Cluster-Node
Cross-Origin-Opener-Policy
X-Varnish-Beresp-Ttl
GEO-INFO
X-Parallel-Accel
Count-Hit
X-Site-Version
X-Origin-CC
X-Origin-TTL
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-VG-WebServer
X-Vtex-Processado-Em
CDN-RequestCountryCode
Apple-News-Services-Request-Url
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestId
BehaviorPad-Version
CDCHOST
DCR-Decision-By
CDN-Cache
Fastcgi-X-Cache-Version
Fastly-Backend-Name
M-TraceId
Host-ID
Expiry
MD5-Digest
A
Content-Disposition
Apple-News-Services-Handled
X-Vtex-Remote-Cache
DCR-Processing-Time-Ms
CDN-Uid
X-ARC
X-Geo-Header
X-Generated-On
X-Session-Fingerprint
X-Service
X-Level-Front-Cache
X-From
X-External-Request-Id
X-Core-Value
X-Connection-Hash
X-D
X-Destination
X-Developer
X-ScT
X-Location
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Processor
X-Proxy-Upstream
X-Ratelimit-Reset
X-Request-URI
X-Rewrite-Enabled
X-NAPM-TraceId
X-S-Cookie
X-S
X-Rojux
X-Cms-Context
X-CF-Lambda-Version
T-Server
Surrogated-Key
X-A
X-A-Dam
X-A-Dcw
Rendered-Blocks
X-Varnish-Url
X-Vdms-Path
X-Vdms-Version
Meta-Geo-Continent
Mobile-Detection-Method
Odigeo-Trace-Id
X-A-Dgt
X-A-Wwc
X-Bip
X-BCube-Filmed-By
X-Cache-Bucket
X-Cache-NE
X-CF-Lambda-Fn
X-B-Cookie
X-SRCache-Key
X-Aed
X-Application
X-Thanos
X-Sucuri-ID
X-VG-WebCache
X-A-Ccd
X-Air-Trace-Id
X-Air-Source
X-TEC-API-ROOT
X-TEC-API-VERSION
X-EC-Lua
X-Magnolia-Registration
X-TEC-API-ORIGIN
X-Air-Hostname
X-AIR-PT
X-Cache-Ttl
Geo-Info
User-Cache-Control
X-Tb
X-Pass-Why
X-Micro-Cache
X-Platform-Server
UCS
X-Origin
X-NU-AKA-ACS-Version
Server-Host
Ec-Rule-Version
X-Request-UUID
X-Scheme
Memcached
Location
X-Served-From
X-Request-Host
X-Req
X-Varnish-Ttl
X-Rebelmouse-Cache-Control
Pics-Label
PFcat
Pagetype
Path
X-Men
X-Is-Gdpr
X-Gamma-Serve
X-Generated-By
X-Date
X-GoCache-CacheStatus
X-Forwarded-Site
X-Developers
X-Fastly-Cache
X-Cluster
X-Envoy-Decorator-Operation
X-Fmm-Version
X-Has-Esi
X-Clientip
X-Backend-State
X-TrackingId
X-JWT-State
X-Aicache-OS
X-Branch-Name
X-Cache-Debug
X-Clara-WADP
X-Hash
X-HN
X-Cache-Info
X-Accel-Expires-Debug
X-Rebelmouse-Surrogate-Control
Esi-Enabled
Cmstype
Fastly-SIE
Fastly-SWR
Req-Svc-Chain
X-VarnishDD-TTL
CacheControlHeader
X-WADP-Cache
Cmsid
X-Amz-Meta-S3cmd-Attrs
Cache-Host
X-VG-TLSProxy
X-Var-Ttl
AKAMAI
Gh-Request-Id
State
X-Epic-Correlation-Id
Upgrade-Insecure-Requests
X-Servername
Fastcgi-Cache-TTL
X-Irp-Debug
X-Esi-Check
Cache-Key
X-Block-Status
C-Via
X-Eu-Site
X-Sigma
X-Wikidot-Backend
X-Fastly-Backend
Cf-Device-Type
X-Minions-Version
X-Mvc-Supplant-Cachable
X-LI-UUID
X-Li-Pop
X-Sigma-Backend
Arc-Version
X-Li-Fabric
X-Wikidot-Static-Cache
X-Cache-Id
My-App
L
X-Device-Os
X-Gzip
Origin
X-Gen-Mode
X-Generated-In
X-Csrf-Jwt
Adler-Geo
X-CGP
Fastly-Drupal-HTML
X-Cache-Grace
Arc-Country
X-Hnp-Log
X-Cache-Tags
X-Rocket-Build-Number
Kp-EeAlive
X-DPWN-IS-SECURE
X-HS-Content-Campaign-Id
Wxu-Next-Region
DSUID
Platform
PB-RID
PB-PID
X-Thinkindot-L3
X-RateLimit-Limit-Second
Svr
X-VC-Cache
X-Policy
NM-Fastcgi-Cache
NGX
X-SVT-ORM-RULES
L5d-Success-Class
X-SVT-ORM-VERSION
Is-Eu
X-Slack-Backend
HA-Ipaddr
X-Variation
Mail-Subject
Ha-Gx-Prefs
X-TX-ID
X-RateLimit-Remaining-Second
X-Old-Content-Length
Vix-Hermes-Req-Id
TDXMobile
X-Viewer-Country
We-Hiring
Wxu-Next-Hostname
Wxu-Next-Commit
X-Owner
X-Origin-Expires
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
True-Client-Country-4JS
Source
Webserver
X-NWS-UUID-VERIFY
X-Varnish-CookieINHashed-On
X-Skip-Cache
X-SIPLIST1
X-Qloud-Router
X-VServer
X-FC-Vary-Parameters
X-Nginx-Cache-Key
X-Varnish-Remaining-TTL
X-PF-Uncompressing
X-Varnish-CookieHashed-On
X-Forwarded-Host
X-Planisys-CDN-Rules
X-Ratelimit-Limit
X-GeoIP-City
X-Via-NSCOPI
X-User
X-Loc
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-GeoIP
X-Fetched-On
CPC-Cache
V-Age
SID
X-DefHash
Locid
X-DefElseHash
CPC-Age
VNS-Age
Server-Ext
Server-Hostname
VNS-Cache
Release
IsBot
Sever-Int
Tcn
Url
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Mvc-Supplant-OutputCached
X-CLOUD-TRACE-CONTEXT
X-Forwarded-Path
X-Vc
NtCoent-Length
X-Via-Popn
Powered-By-ChinaCache
X-Tenant
X-Shop-Environment
X-Orig-Expires
X-Ua
S-Rt
X-Via-Popv
X-OVcl-Cache
Cache-Hits
X-OVcl
X-Via-Poph
X-TraceId
X-PJAX-URL
X-Ratelimit-Remaining
Cross-Origin-Window-Policy
X-Refresh
DB-Nickname
MIME-Version
Cf-Bgj
X-Unique-Id
XServer
X-Backend-TTL
X-Ftr-Request-Id
Magicmarker
X-ID
X-ZONE
X-Zone
Memory
X-Geo
X-LB-ID
X-Internal-Host
Content-Secure-Policy
X-NC
Time
X-Conf
X-Srv
X-GEO
WebServer
X-NCache
GeoIp-Country-Code
X-BBC-Edge-Cache-Status
Geoip-Latitude
X-Dispatcher-Server
X-Method
HostName
X-Servedbyhost
X-Worker
X-Ckpd-Fst-Backend
X-HP-Trace-Id
X-TIME
Server-ID
X-IP
X-Auto-Login
X-NewRelic-App-Data
Ssr
Hostname
X-LSADC-Cache
X-V-Cache
X-DC
X-M-Log
X-M-Reqid
X-Render-Time
LB
X-Nc
X-Qnm-Cache
X-Li-Proto
X-Rocket-Nginx-Serving-Static
X-Newrelic-Synthetics
X-Tx-Id
X-Platform-Processor
X-Trv-Group
X-Platform-Cluster
X-Wa
X-Tb-Optimization-Total-Bytes-Saved
X-Traceid
X-Platform-Router
Resin-Trace
X-App
X-Node-Id
X-SD-PageType
X-Cache-Remote
X-Vcl-Version
Ohc-File-Size
X-APP
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Dynatrace
X-HITS
X-Via-CDN
X-MSEdge-Flight
X-MSEdge-Features
X-Origin-Response-Time
X-VCL-Version
Env
Environment
X-CACHE-AGE
X-VHOST
X-API-Version
X-BBC-Origin-Response-Status
X-Cache-Config
X-Via-Ucdn
X-Origin-Time
X-Gdpr
Datacenter
X-Reqid
X-HostName
X-NodeID
X-FTR-Request-ID
X-Nyt-Route
X-DynaTrace-JS-Agent
Sid
X-ServerName
X-Varnish-Beresp-TTL
X-Server-IP
CF-Cached-On
X-Pod-Name
X-Edge-Pop
X-WA
Cluster
X-Correlation-ID
X-Wix-Viewer-Type
Viewtype
Cf-Ipcountry
Rt-Fastcgi-Cache
Candidate-Md5Url
X-ElasticPress-Query
X-LI-Proto
X-ND-Cache
VivaBuild
X-Cdn-Forward
Machine
X-HS-Status
Web-Mar-Region
N-Cache
X-Akamai-Pragma-Client-IP
X-Cache-Var-Map
X-Cache-Var
X-Cs
On-Server
FSS-Cache
CDN
X-ServedByHost
Server-Id
X-Dynatrace-Js-Agent
GeoIP-Country-Code
X-Webkit-CSP-Report-Only
X-NGINX-Cache
Proxy-Connection
GeoIP-Latitude
X-Lb-Id
Servername
Cdn
X-Pjax-Url
WZWS-RAY
X-Check-Cacheable
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-CCM
X-Oss-Object-Type
X-Oss-Request-Id
Xc-Version
X-Oss-Server-Time
X-FTR-Realm
X-FTR-DC
X-Country-Code-Real
X-URL
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Swa-Ws
X-FTR-Backend
X-Xrds-Location
X-Esi
X-CSRF-TOKEN
Ohc-Cache-HIT
X-Via-PopN
X-Via-PopH
X-Varnish-Cacheable
X-Cache-Backend
Onion-Location
WWW-Authenticate
X-EIG-Tracking-Id
X-IN-APIGATEWAY
X-VC
X-IN-APIGATEWAYSSL
Tracecode
X-Via-PopV
X-Fastly-Request-Id
X-Fastly-Backend-Reqs
URI
X-Swift-Error
Cteonnt-Length
CountryCode
Mime-Version
X-SN
X-CUA
SR-User-Adfree
X-FORWARDED-FOR
X-Varnish-Authentication
X-Region-Sid
X-Contensis-Viewer-Groups
Instruction
X-Air-Pt
X-FTR-Expires
X-Cache-ASPX
CACHE
X-Fpc
WP-Super-Cache
X-Fastly-Cache-Hits
Warning
Ohc-Response-Time
Shield-Pop
X-TIM-N
X-Pf-Uncompressing
X-DI
X-RPS
X-RSL
X-Dw-Trace-Id
X-RPM
X-Yottaa-OS
X-DSS
Server-Ttl
X-UnsetCookies
X-DB
Redirect-Candidate
X-LiteSpeed-Cache-Control
X-SB
X-DW
X-Webstats-RespID
X-Action
X-Depends-On
X-Snapshot-Date
X-Request-Start
X-StackifyID
X-Tid
X-ElasticPress-Search
X-Provided-By
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-C
X-TH-Server
X-Cache-Expires
X-Apw-Hits
X-Cache-Status-Check
X-Up
Xet-Cookie
X-Mg-Request-Id
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Matched-Rule
X-MiniProfiler-Ids
ServerName
Vha6-Origin
Content-Style-Type
Content-Script-Type
X-Pad
CloudFront-Viewer-Country
Lfy
W
X-Acquia-Site
X-Core-Mission
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Tt-Logid