Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
X-XSS-Protection
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Robots-Tag
X-Dns-Prefetch-Control
Request-Context
Server-Timing
X-Ws-Request-Id
X-Server
X-AH-Environment
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Pingback
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
Cf-Railgun
X-Vhost
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Akam-SW-Version
X-Readtime
Xkey
Accept-CH
X-HW
Accept-Ch-Lifetime
X-Country
X-Ac
Content-Location
X-Application-Context
X-Webkit-CSP
X-Language
X-Template
MS-Author-Via
Rating
X-Cloud-Trace-Context
X-Url
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
Accept-Ch
X-Varnish-TTL
X-GitHub-Request-Id
X-Trace
X-Content-Type
Fastly-Restarts
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-ASPNET-VERSION
X-D2id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Revision
X-Cdn-Fetch
Arr-Disable-Session-Affinity
X-Kinja
X-Kinja-Server
X-Exp-Id
X-Kinja-Build
X-Exp-Variant
X-Country-Code
Verso
X-VARITI-CCR
X-Goog-Hash
X-Cached
Accept-CH-Lifetime
X-Server-Name
X-FastCGI-Cache
X-Vcap-Request-Id
X-Navigation-Version
X-Powered-By-Plesk
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-Buckets
X-Fastly-Request-ID
X-ORACLE-DMS-ECID
Pagespeed
X-Middleton-Display
Response
X-Middleton-Response
X-Sol
Display
RTSS
Access-Control-Request-Method
X-Cache-TTL
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-NF-Request-ID
X-Dw-Request-Base-Id
Public-Key-Pins
X-Ttl
X-Upstream
X-Version
X-Litespeed-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ruxit-Js-Agent
X-Edge
S
X-TTL
X-Kinsta-Cache
X-LLID
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Px
Realpath
SPIisLatency
SPRequestDuration
X-Accel-Expires
SPRequestGuid
X-SharePointHealthScore
X-ECACHE
X-Oneagent-Js-Injection
X-HP-Webp
X-Jurisdiction
X-T
X-MCACHE
X-Forwarded-Proto
X-Mid
X-PressLabs-Stats
X-Edge-Location-Klb
X-Mg-S
X-Release
X-Content-Security-Policy-Report-Only
X-Correlation-Id
Charset
X-Shield-Request-Id
X-Recruiting
TP-Cache
TP-L2-Cache
Edge-Cache-Tag
Pinterest-Generated-By
X-Pinterest-Rid
X-Ezoic-Cdn
Pinterest-Version
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Id
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Content-Digest
X-Kraken-Routeconfig-Destination
Filters
X-Request-Processing-Time
X-Request-Received
X-DynaTrace
Server-Node
X-Logged-In
Cache-Tags
Alternate-Protocol
Nginx-Cache
Content-MD5
Front-End-Https
X-Forwarded-For
X-ORACLE-DMS-RID
Server-Name
X-Origin-Upstream-Status
X-XRDS-LOCATION
X-WebKit-CSP-Report-Only
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
X-Amzn-Trace-Id
Fusion-Content-Id
X-Cache-Key
X-Origin-Server
X-Grace
X-Geo-Country
X-Contextid
X-Amz-Replication-Status
X-Rid
TCN
X-F-Cache
X-Activity-Id
Host
X-Az
X-AppVersion
AR-Request-ID
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-ATIME
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Metageneration
Cleartype
X-Goog-Storage-Class
X-Goog-Generation
X-HS-Combine-CSS
X-Protected-By
X-Www-Served-By
X-Frontend
X-Server-ID
X-Hostname
Section-Io-Cache
X-LB-Cache
X-Debug-Info
X-Fastcgi-Cache
X-RateLimit-Remaining
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
MicrosoftSharePointTeamServices
X-Ser
X-XRDS-Location
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Page-Id
X-Cache-Age
X-Git-Hash
Accept-Charset
X-Varnish-Age
X-Aspnetmvc-Version
X-Hits
X-NWS-LOG-UUID
X-Respond-Thread
X-Upgrade-Enabled
X-Source
X-DIS-Request-ID
ServerID
X-VCache
X-Request-Handler-Origin-Region
X-Microsite
Paypal-Debug-Id
X-Mobile-URL
X-Content-Options
X-Varnish-Backend
X-Signature
X-Varnish-Grace
X-B-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Nel
Payment
X-Aspnet-Duration-Ms
X-FB-Debug
X-Providence-Cookie
X-Request-Guid
X-Flags
Healthy
X-Route-Name
X-Is-Crawler
Access-Control-Allow-Method
X-Whom
X-TT
X-B3-Sampled
X-Cache-Action
Viewport
X-Daa-Tunnel
X-N
Node
X-App-Environment
X-CACHE-GROUP
X-Seen-By
X-AOL-HN
X-Type
X-Load-Cache
Fastcgi-Useragent
Version
MS-CV
X-Mobile
DC
DynaTrace
X-Cache-Expired-At
Filterid
X-Yandex-Sdch-Disable
X-HTML-Minification-Powered-By
X-Distributor
X-IPLB-Instance
X-Ab
X-Webkit-Csp
X-Cache-Control
SRV
Retry-After
X-FireWall-Port
X-Response-Served-From
X-Original-Request-Id
X-Real-IP
X-Instance
X-Debug
X-Jobs
X-Tt-Trace-Host
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
NGB
X-Tt-Trace-Tag
X-UUID
X-Tumblr-Pixel
X-Varnish-Server
X-ProcessESI
X-RemovedCookies
X-Proxy-Cache-Status
X-Debug-IsPreview
X-Content-Powered-By
X-Device-Type
Ms-Operation-Id
X-RTag
Frame-Options
X-IPS-LoggedIn
Refresh
X-Debug-IsConnected
X-Region
X-Proxy
Uber-Trace-Id
X-Accel-Buffering
X-B
X-Cache-Time
X-Cacheable-TTL
X-Cluster-Name
Access-Control-Request-Headers
X-Page-View
X-Framework
X-User-Agent
X-Adobe-Content
X-Adobe-Loc
Cache
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-G
X-Oracle-Dms-Rid
X-Wix-Request-Id
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Dynamic
X-Zen-Fury
Countrycode
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-App-Version
X-Time
X-Cache-Hit
X-Vgn-Hpd-Reason
Cache-Status
Surrogate-Key
X-Nginx-Cache
X-TA-CDN-Provider
X-NGENIX-Cache
X-Drupal-Cache-Tags
X-RateLimit-Limit
Country
X-Rendered-As
X-Is-Bot
Eomportal-Instance
AMP-Access-Control-Allow-Source-Origin
X-Azure-Ref
X-App-Server
S-Cnection
X-Mg-Request-UUID
X-EdgeConnect-Cache-Status
X-Ms-Request-Id
X-Ms-Version
X-Drupal-Cache-Contexts
X-CDN-Forward
Referer-Policy
X-Cache-Rule
Liferay-Portal
X-Node-Name
SD-X-WS
X-JoinUs
Selected-Fe
X-Rule
X-ES-SERVER
X-Proxy-Build
X-Varnishpool
From-Origin
X-Timing-Wait
X-Tumblr-Pixel-2
Meta-Geo
X-UPSTREAM-Address
CF-IPCountry
X-RN-RSRV
X-SaId
X-Xfnlog-Site
X-L-Path
X-Environment-Context
X-Yottaa-Metrics
X-Cache-TTL-Remaining
X-Yottaa-Optimizations
X-Endurance-Cache-Level
X-Shopify-Stage
X-ShardId
X-R9-Blue-Green-Version
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-TNCMS
X-Storefront-Renderer-Rendered
X-PHP-Backend
X-No-Session
X-Alternate-Cache-Key
X-Via-Fastly
X-Backend-Host
X-Cache-Server
X-Loop
X-Handled-By
Protected
X-ShopId
Xserver
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
Webcakes-App-Name
X-AWS-Id
Webcakes-Region
Webcakes-App-Version
TWC-Device-Class
Country-Code
Cache-Tv-Group
Cache-Name
Fastly-SSL
Property-Id
TWC-Connection-Speed
ServedBy
X-Be
X-LJ-Flow-ID
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
X-Request-Time
X-Varnish-Hostname
X-S-Maxage
X-VWS-Id
X-Server-W
X-OCL
X-NYM-Debug-Backend
Akamai-GRN
X-Origin-Hint
X-PCL
X-Pubstack
X-Proto
X-LAGOON
Azure-Version
X-RCS-CacheZone
X-Say-Cacheable
X-Say-TTL
X-Hl-Ver
X-Format
X-Backend-Name
X-Cache-PHP
X-SayCDN-TTL
X-Section
X-ProxyCache-Key
X-ProxyCache-Status
X-Human
X-Cache-Operation
X-Status
X-BYPASS-REASON
X-Access
X-Origin-Date
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-GG-Cache-Date
X-FB-TRIP-ID
Apigw-Requestid
X-Akamai-Edgescape
X-Sql-Count
X-ApacheServer
X-Sql-Duration-Ms
Mn-Server-Ip
X-Dc
X-PERF
X-UA-Device-Type
X-PHP-Host
X-Adobe-Source
X-Varnish-Beresp-Grace
X-Hyper-Cache
X-Labrador-Cache-Channel
X-Uri
X-Hosted-By
X-Redis-Cache
X-Cached-By
X-Web-Node
X-WA-Info
X-Trace-Id
X-MP-GENERATED-AT
X-ATG-Version
X-Ua-Device
X-FW-Version
X-CACHE-KEY
X-Content-Age
X-Revision
X-B3-SpanId
X-CSRF-Token
X-Cache-Enabled
X-Soup
X-ServerID
X-Edge-Location
X-Time-Microsecs
X-Datadome
X-Tumblr-Pixel-3
X-Mode
X-SRV
Amp-Access-Control-Allow-Source-Origin
X-Cache-Type
Backend
X-CS
X-Info
X-Bc-Bl
X-Microcachable
X-TT-LOGID
Who
X-Akamai-Transformed
X-Aws-Lambda-Call-Status
X-Varnish-Beresp-Status
X-Detected-As
X-Cache-NGX
X-Debug-Cache
X-Azure-Ref-OriginShield
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-Platform
X-Storage
X-Cache-Host
DataCenter
X-Generation-Time
X-Varnish-Cache-Hits
Web-Mar-Node
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Unique-ID
X-Via-JSL
X-Parallel-Accel
X-Varnish-Hits
OT-Force-Account-Verify
X-Cluster-Node
Cross-Origin-Opener-Policy
Count-Hit
X-Extlb
X-Locale
X-APP-VERSION
Server-Info
Geo-Info
X-Origin-CC
X-Origin-TTL
X-B3-Traceid
X-NAPM-TraceId
X-Varnish-Beresp-Ttl
CDN-RequestCountryCode
X-CF-Lambda-Fn
X-CF-Lambda-Version
Host-ID
X-Cache-NE
Expiry
X-From
X-Developer
CDN-Uid
CDCHOST
X-Destination
DCR-Processing-Time-Ms
DCR-Decision-By
A
Content-Disposition
BehaviorPad-Version
X-External-Request-Id
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
CDN-Cache
X-Generated-On
CDN-PullZone
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Core-Value
X-Location
X-Connection-Hash
X-Magnolia-Registration
X-Level-Front-Cache
X-D
X-Geo-Header
Fastcgi-X-Cache-Version
Fastly-Backend-Name
CDN-EdgeStorageId
CDN-CachedAt
X-Cms-Context
X-S-Cookie
X-B-Cookie
X-VG-WebServer
X-ARC
X-VG-WebCache
X-A-Dgt
X-Rewrite-Enabled
Surrogated-Key
X-S
X-Vtex-Remote-Cache
X-Rojux
X-Vtex-Processado-Em
X-A-Wwc
X-SRCache-Key
X-Sucuri-ID
Rendered-Blocks
X-AIR-PT
X-Aed
X-Proxy-Upstream
X-Thanos
X-Vdms-Version
X-Processor
X-Vdms-Path
X-Application
X-Varnish-Url
X-A-Dcw
X-A-Dam
T-Server
CDN-RequestId
X-PBS-Appsvrname
X-Ratelimit-Reset
X-A-Ccd
X-PAYTM-SRV-ID
MD5-Digest
X-A
X-ScT
Meta-Geo-Continent
X-BCube-Filmed-By
Odigeo-Trace-Id
X-Service
X-Cache-Bucket
X-Bip
Mobile-Detection-Method
M-TraceId
X-Session-Fingerprint
Tcn
GEO-INFO
X-TX-ID
X-Site-Version
X-Tb
X-Accel-Expires-Debug
Server-Host
UCS
Cmsid
Cmstype
X-Envoy-Decorator-Operation
X-Date
Gh-Request-Id
Fastly-SWR
Fastly-SIE
X-Branch-Name
Memcached
X-Cache-Debug
X-Clientip
X-Backend-State
Pagetype
Pics-Label
X-Aicache-OS
X-Epic-Correlation-Id
PFcat
Location
Path
Esi-Enabled
X-Developers
Req-Svc-Chain
X-Request-URI
X-EC-Lua
X-Servername
X-Request-UUID
X-TrackingId
X-JWT-State
X-Platform-Server
X-NU-AKA-ACS-Version
X-Scheme
CacheControlHeader
X-VG-TLSProxy
X-Cluster
X-VarnishDD-TTL
X-Served-From
X-Origin
X-HN
X-Is-Gdpr
AKAMAI
X-Rebelmouse-Cache-Control
Ec-Rule-Version
X-Ratelimit-Limit
State
X-Var-Ttl
Cache-Host
X-Gamma-Serve
X-Rebelmouse-Surrogate-Control
X-Req
X-GoCache-CacheStatus
X-Hash
X-Has-Esi
User-Cache-Control
Upgrade-Insecure-Requests
X-DataDome
X-Pass-Why
X-Policy
X-WADP-Cache
X-Thinkindot-L3
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
X-Variation
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Request-Host
X-VC-Cache
X-Cache-Grace
X-Generated-In
X-Generated-By
X-Li-Fabric
X-Csrf-Jwt
X-Li-Pop
X-Forwarded-Site
X-Device-Os
X-Fastly-Backend
X-Eu-Site
X-DPWN-IS-SECURE
X-Fastly-Cache
X-Fmm-Version
X-LI-UUID
X-Men
X-Owner
X-Cache-Info
L
Kp-EeAlive
Fastly-Drupal-HTML
Origin
X-Origin-Expires
X-Micro-Cache
X-Clara-WADP
X-CGP
X-Cache-Tags
Fastcgi-Cache-TTL
Adler-Geo
Arc-Version
NM-Fastcgi-Cache
NGX
PB-PID
PB-RID
Arc-Country
DSUID
C-Via
Mail-Subject
HA-Ipaddr
Ha-Gx-Prefs
Is-Eu
L5d-Success-Class
Cf-Device-Type
X-Minions-Version
X-Amz-Meta-S3cmd-Attrs
Platform
X-Varnish-Ttl
Thinkindot-Control
Thinkindot-CacheControl
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
Source
True-Client-Country-4JS
TDXMobile
Thinkindot-CacheControl-Type
X-VHOST
X-NWS-UUID-VERIFY
SID
Webserver
X-Old-Content-Length
X-Gen-Mode
X-DefElseHash
X-DefHash
X-Via-NSCOPI
CPC-Cache
X-GeoIP-City
CPC-Age
X-Gzip
X-Mvc-Supplant-Cachable
X-Forwarded-Host
X-Ratelimit-Remaining
X-HS-Content-Campaign-Id
V-Age
X-Fetched-On
X-FC-Vary-Parameters
X-Esi-Check
X-Irp-Debug
Cache-Key
X-Hnp-Log
X-Nginx-Cache-Key
X-VServer
X-Skip-Cache
X-Slack-Backend
Server-Hostname
X-SIPLIST1
X-Wikidot-Static-Cache
X-PF-Uncompressing
Server-Ext
Sever-Int
Svr
Vix-Hermes-Req-Id
X-User
VNS-Age
VNS-Cache
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Wikidot-Backend
Release
Locid
X-GeoIP
X-Qloud-Router
X-Viewer-Country
X-Cache-Id
IsBot
X-Block-Status
X-Varnish-Remaining-TTL
My-App
X-Loc
Url
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Planisys-CDN-TTL
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
S-Rt
X-Ua
X-PJAX-URL
X-Via-Popv
X-TraceId
X-Vc
X-Via-Poph
X-Orig-Expires
X-Tenant
X-Shop-Environment
X-Forwarded-Path
Cache-Hits
X-Unique-Id
X-Mvc-Supplant-OutputCached
Powered-By-ChinaCache
X-Via-Popn
X-CLOUD-TRACE-CONTEXT
Cross-Origin-Window-Policy
X-OVcl-Cache
X-OVcl
X-Refresh
NtCoent-Length
DB-Nickname
X-ZONE
Content-Secure-Policy
MIME-Version
Cf-Bgj
X-HP-Trace-Id
X-Cache-Ttl
X-Ftr-Request-Id
XServer
X-Backend-TTL
X-Internal-Host
Memory
Time
X-NC
Magicmarker
X-Geo
X-LB-ID
X-Conf
X-Zone
X-ID
X-NCache
Geoip-Latitude
X-Srv
X-BBC-Edge-Cache-Status
GeoIp-Country-Code
HostName
X-GEO
WebServer
X-Ckpd-Fst-Backend
X-Dispatcher-Server
X-Method
X-Worker
X-Auto-Login
Server-ID
X-Servedbyhost
X-TIME
X-Dynatrace
X-V-Cache
X-IP
X-NewRelic-App-Data
X-LSADC-Cache
Hostname
X-Render-Time
X-Li-Proto
X-Rocket-Nginx-Serving-Static
Ssr
X-Tb-Optimization-Total-Bytes-Saved
X-M-Log
X-M-Reqid
LB
X-Qnm-Cache
X-Nc
X-HostName
X-Newrelic-Synthetics
X-Platform-Router
X-Wa
X-Trv-Group
Resin-Trace
X-SD-PageType
X-Cache-Remote
X-Traceid
X-Platform-Cluster
X-Platform-Processor
X-DC
X-Vcl-Version
X-Correlation-ID
X-Tx-Id
X-Node-Id
X-Datadog-Parent-Id
X-APP
Environment
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-App
Ohc-File-Size
X-CACHE-AGE
X-Origin-Time
X-API-Version
X-Nyt-Route
X-Cache-Config
X-Origin-Response-Time
X-Gdpr
X-HITS
Env
X-MSEdge-Features
X-Via-CDN
X-MSEdge-Flight
X-BBC-Origin-Response-Status
X-NodeID
X-DynaTrace-JS-Agent
X-Varnish-Beresp-TTL
X-FTR-Request-ID
Cluster
X-Pod-Name
X-Reqid
X-Via-Ucdn
X-Server-IP
X-VCL-Version
X-Edge-Pop
X-WA
Cf-Ipcountry
X-ServerName
Sid
X-ElasticPress-Query
CF-Cached-On
Candidate-Md5Url
Datacenter
X-Wix-Viewer-Type
X-LI-Proto
Viewtype
VivaBuild
Rt-Fastcgi-Cache
X-ND-Cache
X-Cache-Var
X-Cache-Var-Map
X-Cdn-Forward
Web-Mar-Region
X-HS-Status
Machine
N-Cache
Server-Id
CDN
X-Akamai-Pragma-Client-IP
X-ServedByHost
X-Cs
FSS-Cache
On-Server
X-Dynatrace-Js-Agent
GeoIP-Latitude
X-Webkit-CSP-Report-Only
GeoIP-Country-Code
Proxy-Connection
X-NGINX-Cache
WWW-Authenticate
X-EIG-Tracking-Id
X-Check-Cacheable
Onion-Location
X-Lb-Id
WZWS-RAY
Cdn
Servername
X-Varnish-Cacheable
X-CCM
X-Swa-Ws
X-FTR-Realm
X-FTR-DC
X-Oss-Hash-Crc64ecma
X-FTR-Cache-Status
Xc-Version
X-URL
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-Esi
X-Xrds-Location
X-CSRF-TOKEN
Ohc-Cache-HIT
X-Cache-Backend
X-Via-PopN
X-Via-PopH
X-Fastly-Request-Id
X-VC
Mime-Version
X-Via-PopV
X-Fastly-Backend-Reqs
X-Pjax-Url
X-IN-APIGATEWAY
Tracecode
X-IN-APIGATEWAYSSL
X-CUA
URI
CountryCode
Cteonnt-Length
X-SN
X-Swift-Error
Instruction
CACHE
SR-User-Adfree
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-ASPX
X-Air-Pt
X-FTR-Expires
X-Dw-Trace-Id
X-Request-Start
Redirect-Candidate
X-FORWARDED-FOR
X-Fpc
X-StackifyID
X-Tid
Warning
X-TIM-N
X-Region-Sid
X-Up
X-RSL
Xet-Cookie
X-Fastly-Cache-Hits
X-DI
X-DB
X-Action
Shield-Pop
X-DSS
X-DW
X-RPM
Ohc-Response-Time
ServerName
X-RPS
WP-Super-Cache
X-Depends-On
X-SB
X-Webstats-RespID
X-ElasticPress-Search
X-Yottaa-OS
X-Snapshot-Date
X-LiteSpeed-Cache-Control
X-UnsetCookies
X-Pf-Uncompressing
Server-Ttl
X-Provided-By
X-Apw-Access-Object
X-Apw-Access-Action
X-C
X-Apw-Access-Token
X-Mg-Request-Id
X-Amz-Meta-Cb-Modifiedtime
X-FPC
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Apw-Hits
X-Cache-Status-Check
X-CCDN-CacheTTL
X-Cache-Expires
X-MiniProfiler-Ids
X-Tt-Logid
W
X-Pad
Lfy
Content-Script-Type
Content-Style-Type
X-Acquia-Application-Trace
X-Acquia-Application-UUID
CloudFront-Viewer-Country
X-Matched-Rule
Vha6-Origin
X-Core-Mission
X-Acquia-Purge-Tags
X-Acquia-Site
X-TH-Server