Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
X-Robots-Tag
Server-Timing
Request-Context
X-Server
X-AH-Environment
X-Ws-Request-Id
X-Ua-Compatible
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-UA-Device
X-LiteSpeed-Cache
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Device
X-Pingback
X-Server-Id
EagleEye-TraceId
X-Vhost
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Railgun
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Akam-SW-Version
X-Readtime
Accept-CH
Xkey
X-HW
X-Country
X-Ac
Content-Location
X-Application-Context
X-Language
Accept-Ch-Lifetime
X-Webkit-CSP
Rating
X-Template
MS-Author-Via
X-Ruxit-JS-Agent
X-Url
X-Cloud-Trace-Context
X-Cache-Lookup
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-GitHub-Request-Id
Accept-CH-Lifetime
X-Content-Type
Fastly-Restarts
X-ASPNET-VERSION
X-Cnection
Accept-Ch
X-Origin-Cache
X-Rack-Cache
X-D2id
Arr-Disable-Session-Affinity
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Cdn-Fetch
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja-Revision
Verso
X-Country-Code
X-Goog-Hash
X-VARITI-CCR
X-Cached
X-Server-Name
X-Vcap-Request-Id
X-Powered-By-Plesk
X-Navigation-Version
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-Fastly-Request-ID
X-Buckets
X-FastCGI-Cache
X-Sol
Response
X-Middleton-Response
X-Middleton-Display
Display
Pagespeed
X-ORACLE-DMS-ECID
RTSS
Access-Control-Request-Method
X-Element-Page-Cache
X-MSEdge-Ref
X-Cache-TTL
X-Powered-CMS
X-Ttl
X-NF-Request-ID
X-Dw-Request-Base-Id
Public-Key-Pins
X-Upstream
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Ruxit-Js-Agent
X-TTL
X-Oneagent-Js-Injection
Realpath
SPRequestDuration
SPIisLatency
X-Accel-Expires
SPRequestGuid
X-SharePointHealthScore
X-Px
X-ECACHE
X-T
X-HP-Webp
X-Jurisdiction
X-Forwarded-Proto
X-MCACHE
X-Mid
X-Correlation-Id
X-Release
X-PressLabs-Stats
X-Edge-Location-Klb
X-Mg-S
X-Litespeed-Cache
Charset
X-Content-Security-Policy-Report-Only
X-Recruiting
X-Shield-Request-Id
X-Ezoic-Cdn
Edge-Cache-Tag
TP-L2-Cache
TP-Cache
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-DynaTrace
X-ORACLE-DMS-RID
X-Id
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Content-Digest
X-Request-Received
Filters
X-Request-Processing-Time
Cache-Tags
X-Logged-In
Alternate-Protocol
Content-MD5
Server-Node
Front-End-Https
Nginx-Cache
X-Forwarded-For
Server-Name
X-WebKit-CSP-Report-Only
X-Cache-Key
X-Origin-Upstream-Status
X-Amzn-Trace-Id
X-Fastcgi-Cache
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
TCN
X-Origin-Server
AR-PoweredBy
Ar-Sid
AR-ATIME
AR-CACHE
AR-Request-ID
X-Grace
X-XRDS-LOCATION
X-Contextid
X-Amz-Replication-Status
X-Geo-Country
X-Rid
X-F-Cache
X-Activity-Id
X-Az
X-AppVersion
Host
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Cache-Config
X-Goog-Stored-Content-Encoding
X-HS-Content-Id
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-HS-Combine-CSS
Cleartype
X-Hostname
X-Frontend
X-Www-Served-By
X-Protected-By
Section-Io-Cache
X-Debug-Info
X-XRDS-Location
X-LB-Cache
X-Ser
MicrosoftSharePointTeamServices
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-RateLimit-Remaining
X-Browser-Type
X-Aspnetmvc-Version
X-Page-Id
X-Microsite
X-Request-Handler-Origin-Region
X-Git-Hash
X-Cache-Age
X-Varnish-Age
Accept-Charset
X-Respond-Thread
X-Hits
X-Source
X-Upgrade-Enabled
X-DIS-Request-ID
Nel
ServerID
Paypal-Debug-Id
X-Mobile-URL
X-VCache
X-Tec-Api-Version
X-Tec-Api-Root
X-Content-Options
X-Tec-Api-Origin
X-Varnish-Backend
X-CACHE-GROUP
X-Signature
X-NWS-LOG-UUID
X-Varnish-Grace
X-B-Cache
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Route-Name
Healthy
Access-Control-Allow-Method
X-Whom
X-FB-Debug
X-N
Payment
X-B3-Sampled
X-App-Environment
X-Kong-Proxy-Latency
X-TT
X-Kong-Upstream-Latency
X-Cache-Action
Viewport
X-Seen-By
Node
X-AOL-HN
X-Type
X-Daa-Tunnel
X-Load-Cache
Fastcgi-Useragent
X-Server-ID
Version
MS-CV
DC
X-Mobile
X-Webkit-Csp
X-Cache-Expired-At
Filterid
X-IPLB-Instance
X-HTML-Minification-Powered-By
X-Distributor
DynaTrace
X-Yandex-Sdch-Disable
X-Cache-Control
SRV
X-FireWall-Port
Retry-After
X-Original-Request-Id
X-Ab
X-Response-Served-From
X-Instance
X-Real-IP
X-Debug
NGB
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Accel-Buffering
X-Jobs
X-RemovedCookies
X-Proxy-Cache-Status
X-Tumblr-User
X-Tumblr-Pixel
X-UUID
X-ProcessESI
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Varnish-Server
X-Debug-IsPreview
X-Content-Powered-By
X-Device-Type
Ms-Operation-Id
X-IPS-LoggedIn
X-Debug-IsConnected
X-Region
X-Proxy
Refresh
X-RTag
X-Page-View
Uber-Trace-Id
X-Cacheable-TTL
X-Framework
Frame-Options
VIX-Pulpo-Node
Cache
X-Cluster-Name
X-Cache-Time
Access-Control-Request-Headers
VIX-Pulpo-Upstream-Status
X-B
X-Adobe-Content
X-Adobe-Loc
X-G
X-User-Agent
X-Wix-Request-Id
X-FW-Dynamic
X-FW-Serve
X-FW-Type
X-FW-Server
X-FW-Static
X-FW-Hash
X-Zen-Fury
Countrycode
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
X-Cache-Hit
X-Time
X-Vgn-Hpd-Reason
Cache-Status
Surrogate-Key
X-Nginx-Cache
X-App-Version
Eomportal-Instance
X-NGENIX-Cache
X-Drupal-Cache-Tags
Country
X-Is-Bot
X-Azure-Ref
X-Rendered-As
X-RateLimit-Limit
X-EdgeConnect-Cache-Status
X-App-Server
X-TA-CDN-Provider
X-Mg-Request-UUID
S-Cnection
X-Oracle-Dms-Rid
CF-IPCountry
X-Drupal-Cache-Contexts
X-Ms-Request-Id
X-Rule
X-Ms-Version
X-CDN-Forward
X-Cache-Rule
Referer-Policy
AMP-Access-Control-Allow-Source-Origin
Liferay-Portal
Meta-Geo
X-RN-RSRV
X-UPSTREAM-Address
SD-X-WS
X-Tumblr-Pixel-2
X-ES-SERVER
X-Varnishpool
X-Timing-Wait
X-JoinUs
Selected-Fe
X-SaId
From-Origin
X-Proxy-Build
X-ShopId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
ServedBy
Protected
X-Endurance-Cache-Level
X-Cache-Server
X-Alternate-Cache-Key
X-Handled-By
Country-Code
X-PHP-Backend
X-Pubstack
X-No-Session
X-Cache-TTL-Remaining
X-Loop
X-Backend-Host
X-R9-Blue-Green-Version
X-TNCMS
X-Storefront-Renderer-Rendered
X-Yottaa-Optimizations
X-Via-Fastly
X-Xfnlog-Site
X-Yottaa-Metrics
X-Sorting-Hat-ShopId
Decoy-Debug-TTL
Fastly-SSL
Property-Id
Xserver
Decoy-Debug-Key
Akamai-GRN
X-L-Path
X-LAGOON
Cache-Name
Cache-Tv-Group
X-Request-Time
X-Human
Decoy-Debug-Status
X-Varnish-Hostname
Webcakes-Region
Webcakes-App-Version
X-Node-Name
X-Cache-PHP
X-AWS-Id
X-Be
Webcakes-App-Name
TWC-Privacy
TWC-Connection-Speed
X-LJ-Flow-ID
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-S-Maxage
X-Environment-Context
Azure-RegionName
X-Say-TTL
X-SayCDN-TTL
X-Proto
Azure-InstanceId
X-Origin-Hint
X-VWS-Id
X-PCL
X-Say-Cacheable
X-NYM-Debug-Backend
X-OCL
Azure-Version
Azure-SiteName
Azure-SlotName
X-Server-W
X-Redis-Cache
X-Sql-Count
X-Backend-Name
X-RCS-CacheZone
X-Status
X-Section
X-Access
X-Sql-Duration-Ms
X-ProxyCache-Status
X-Hl-Ver
X-PHP-Host
Apigw-Requestid
X-Hyper-Cache
X-Labrador-Cache-Channel
X-BYPASS-REASON
X-Origin-Date
X-ProxyCache-Key
X-Format
X-Cache-Operation
X-FB-TRIP-ID
X-Akamai-Edgescape
X-Varnish-Beresp-Grace
X-Uri
X-GG-Cache-Date
X-Hosted-By
X-Cached-By
X-UA-Device-Type
Mn-Server-Ip
X-Adobe-Source
X-PERF
X-ApacheServer
X-Web-Node
X-Content-Age
X-WA-Info
X-MP-GENERATED-AT
X-Trace-Id
X-Ua-Device
X-Dc
X-ATG-Version
Amp-Access-Control-Allow-Source-Origin
X-FW-Version
X-B3-SpanId
X-Cache-Enabled
X-Revision
X-Soup
X-CSRF-Token
X-SRV
X-Edge-Location
X-Time-Microsecs
Backend
X-Mode
X-ServerID
X-Cache-Type
X-Info
X-Tumblr-Pixel-3
Who
X-CACHE-KEY
X-Bc-Bl
X-CS
X-APP-VERSION
X-Varnish-Beresp-Status
X-Cache-NGX
X-TT-LOGID
X-Microcachable
X-Akamai-Transformed
X-Debug-Cache
X-Detected-As
X-Storage
X-Datadome
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-Azure-Ref-OriginShield
X-Aws-Lambda-Call-Status
X-Platform
X-Cache-Host
Web-Mar-Node
X-Varnish-Cache-Hits
X-Generation-Time
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Via-JSL
X-DataDome
X-Cluster-Node
OT-Force-Account-Verify
X-Varnish-Hits
X-Unique-ID
Server-Info
X-Extlb
X-B3-Traceid
DataCenter
X-Varnish-Beresp-Ttl
Cross-Origin-Opener-Policy
X-Locale
X-Parallel-Accel
X-Origin-TTL
Count-Hit
GEO-INFO
X-Origin-CC
Surrogated-Key
Fastcgi-X-Cache-Version
X-Air-Hostname
M-TraceId
Fastly-Backend-Name
Rendered-Blocks
X-Air-Trace-Id
X-Air-Source
Odigeo-Trace-Id
X-Magnolia-Registration
MD5-Digest
X-Core-Value
Meta-Geo-Continent
X-Developer
X-D
X-Destination
Mobile-Detection-Method
Host-ID
CDN-RequestId
BehaviorPad-Version
X-BCube-Filmed-By
Apple-News-Services-Request-Url
X-B-Cookie
X-ARC
CDN-Cache
CDCHOST
X-Application
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-Bucket
A
Apple-News-Services-Handled
X-Bip
CDN-CachedAt
CDN-EdgeStorageId
DCR-Decision-By
X-A-Ccd
X-A-Dam
DCR-Processing-Time-Ms
X-A
X-Connection-Hash
T-Server
X-A-Dcw
X-Cms-Context
CDN-Uid
CDN-RequestCountryCode
CDN-PullZone
X-Aed
X-A-Wwc
X-A-Dgt
Content-Disposition
Expiry
X-Level-Front-Cache
X-Location
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Rewrite-Enabled
X-Varnish-Url
X-Ratelimit-Limit
X-Rojux
X-VG-WebServer
X-NAPM-TraceId
X-PBS-Appsvrname
X-Proxy-Upstream
X-Vdms-Version
X-PAYTM-SRV-ID
X-VG-WebCache
X-AIR-PT
X-Ratelimit-Reset
X-Processor
X-S
X-Session-Fingerprint
X-From
X-Request-URI
X-SRCache-Key
X-Sucuri-ID
X-Thanos
X-External-Request-Id
X-EC-Lua
X-Vdms-Path
Geo-Info
X-ScT
X-S-Cookie
X-Geo-Header
X-Generated-On
X-Service
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Site-Version
User-Cache-Control
X-Tb
X-TEC-API-VERSION
X-Pass-Why
X-Var-Ttl
X-Accel-Expires-Debug
X-TrackingId
UCS
My-App
Cache-Host
Req-Svc-Chain
Memcached
X-Epic-Correlation-Id
State
Pagetype
Path
X-Aicache-OS
X-VG-TLSProxy
X-WADP-Cache
Server-Host
PFcat
Pics-Label
X-VarnishDD-TTL
X-Request-UUID
X-Hash
X-Has-Esi
X-HN
X-Is-Gdpr
X-Clientip
X-JWT-State
X-Date
X-GoCache-CacheStatus
X-Fastly-Cache
X-Developers
X-Fmm-Version
X-Forwarded-Site
X-Generated-By
X-Gamma-Serve
Location
X-Men
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Req
X-Request-Host
X-Backend-State
X-Envoy-Decorator-Operation
X-Branch-Name
X-Platform-Server
X-Clara-WADP
X-Micro-Cache
X-NU-AKA-ACS-Version
X-Origin
X-Cache-Debug
X-Cache-Info
X-Served-From
Cmsid
Fastly-SWR
X-Amz-Meta-S3cmd-Attrs
Cmstype
Fastly-SIE
Esi-Enabled
X-Varnish-Ttl
Gh-Request-Id
CacheControlHeader
X-Cluster
Ec-Rule-Version
X-Servername
Upgrade-Insecure-Requests
X-Variation
X-Csrf-Jwt
X-Thinkindot-L3
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Ratelimit-Remaining
Cache-Key
Cf-Device-Type
X-Cache-Tags
X-Block-Status
Adler-Geo
AKAMAI
Arc-Country
Arc-Version
X-VC-Cache
X-Minions-Version
C-Via
X-Old-Content-Length
X-Device-Os
X-Cache-Id
X-CGP
X-Eu-Site
X-Irp-Debug
X-Policy
X-HS-Content-Campaign-Id
X-Hnp-Log
X-TX-ID
X-Li-Fabric
X-Mvc-Supplant-Cachable
X-Owner
X-LI-UUID
X-Li-Pop
X-Sigma-Backend
X-Gzip
X-Rocket-Build-Number
X-Fastly-Backend
X-Esi-Check
X-Slack-Backend
X-Scheme
X-Sigma
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Generated-In
X-Gen-Mode
X-DPWN-IS-SECURE
X-Cache-Grace
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
L
X-Wikidot-Static-Cache
HA-Ipaddr
L5d-Success-Class
X-Wikidot-Backend
True-Client-Country-4JS
TDXMobile
NGX
PB-RID
PB-PID
Ha-Gx-Prefs
Kp-EeAlive
Fastly-Drupal-HTML
NM-Fastcgi-Cache
Fastcgi-Cache-TTL
Platform
Mail-Subject
Is-Eu
Wxu-Next-Hostname
X-Viewer-Country
We-Hiring
X-Origin-Expires
Origin
DSUID
Vix-Hermes-Req-Id
Wxu-Next-Region
Wxu-Next-Commit
Webserver
Source
X-Fetched-On
X-FC-Vary-Parameters
Server-Hostname
X-SIPLIST1
Server-Ext
Release
X-Via-NSCOPI
Locid
X-GeoIP
X-GeoIP-City
SID
CPC-Age
X-Nginx-Cache-Key
X-Qloud-Router
X-Skip-Cache
CPC-Cache
X-Forwarded-Host
Svr
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Sever-Int
X-Varnish-Remaining-TTL
X-Planisys-CDN-TTL
V-Age
X-VServer
X-Planisys-CDN-Rules
X-User
IsBot
X-Planisys-CDN-Cache
X-DefHash
VNS-Cache
X-Loc
X-DefElseHash
VNS-Age
X-NWS-UUID-VERIFY
Tcn
X-PF-Uncompressing
Url
X-Mvc-Supplant-OutputCached
X-Unique-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-CLOUD-TRACE-CONTEXT
Cache-Hits
X-Tenant
X-Ua
S-Rt
Powered-By-ChinaCache
X-Via-Popv
X-Via-Poph
X-Shop-Environment
X-Forwarded-Path
X-OVcl
NtCoent-Length
X-OVcl-Cache
X-Via-Popn
X-Orig-Expires
X-TraceId
X-Refresh
MIME-Version
DB-Nickname
X-PJAX-URL
X-Cache-Ttl
X-Vc
Cross-Origin-Window-Policy
Cf-Bgj
X-Backend-TTL
XServer
Magicmarker
X-Ftr-Request-Id
X-NC
X-ID
X-Zone
X-ZONE
Content-Secure-Policy
X-LB-ID
Memory
X-Conf
X-Internal-Host
X-GEO
Time
X-Geo
WebServer
Geoip-Latitude
X-BBC-Edge-Cache-Status
GeoIp-Country-Code
X-Dispatcher-Server
X-Method
HostName
X-HP-Trace-Id
X-Ckpd-Fst-Backend
X-Servedbyhost
X-Srv
X-Worker
Server-ID
X-TIME
X-NCache
X-IP
X-Auto-Login
X-DC
X-LSADC-Cache
Hostname
X-V-Cache
X-NewRelic-App-Data
Ssr
X-M-Reqid
X-Rocket-Nginx-Serving-Static
LB
X-Li-Proto
X-M-Log
X-Render-Time
X-Qnm-Cache
X-Tx-Id
X-Newrelic-Synthetics
X-Traceid
X-Platform-Processor
X-Trv-Group
X-Platform-Router
X-Tb-Optimization-Total-Bytes-Saved
X-Wa
X-Nc
X-Platform-Cluster
X-Node-Id
X-Cache-Remote
Resin-Trace
X-App
X-SD-PageType
X-Vcl-Version
Ohc-File-Size
X-MSEdge-Flight
X-APP
X-HITS
Env
Environment
X-Datadog-Parent-Id
X-CACHE-AGE
X-Datadog-Trace-Id
X-Origin-Response-Time
X-Via-CDN
X-VCL-Version
X-Dynatrace
X-MSEdge-Features
X-Datadog-Sampling-Priority
X-VHOST
X-Gdpr
X-FTR-Request-ID
Datacenter
X-Reqid
X-HostName
X-Origin-Time
X-Nyt-Route
X-BBC-Origin-Response-Status
X-NodeID
X-Cache-Config
X-Via-Ucdn
X-API-Version
Sid
X-ServerName
CF-Cached-On
X-WA
X-Pod-Name
X-Varnish-Beresp-TTL
X-Server-IP
Cluster
X-Correlation-ID
X-DynaTrace-JS-Agent
X-ND-Cache
X-LI-Proto
X-Edge-Pop
VivaBuild
Cf-Ipcountry
X-ElasticPress-Query
Rt-Fastcgi-Cache
Viewtype
X-Wix-Viewer-Type
Candidate-Md5Url
X-Cdn-Forward
X-HS-Status
Machine
Web-Mar-Region
X-Cache-Var-Map
X-Cache-Var
X-Dynatrace-Js-Agent
CDN
X-Akamai-Pragma-Client-IP
N-Cache
X-Cs
X-ServedByHost
Server-Id
FSS-Cache
On-Server
GeoIP-Latitude
X-NGINX-Cache
Proxy-Connection
GeoIP-Country-Code
X-Check-Cacheable
Servername
X-Pjax-Url
WZWS-RAY
X-Lb-Id
X-CCM
X-Oss-Server-Time
X-Oss-Storage-Class
X-FTR-Realm
X-Oss-Hash-Crc64ecma
X-Swa-Ws
X-Oss-Object-Type
Xc-Version
X-VC
X-Oss-Request-Id
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-URL
X-FTR-DC
X-Xrds-Location
X-CSRF-TOKEN
Ohc-Cache-HIT
X-Esi
X-Fastly-Backend-Reqs
X-IN-APIGATEWAYSSL
X-Via-PopH
Tracecode
Cdn
X-Fastly-Request-Id
X-Varnish-Cacheable
Onion-Location
X-EIG-Tracking-Id
WWW-Authenticate
X-IN-APIGATEWAY
X-Cache-Backend
X-Via-PopV
X-Via-PopN
X-CUA
CountryCode
X-SN
URI
Mime-Version
Cteonnt-Length
X-Swift-Error
X-Webkit-CSP-Report-Only
CACHE
X-FORWARDED-FOR
X-Fpc
Instruction
SR-User-Adfree
X-Air-Pt
X-Pf-Uncompressing
X-Region-Sid
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-FTR-Expires
Ohc-Response-Time
X-DSS
X-Yottaa-OS
X-DI
X-Fastly-Cache-Hits
Warning
X-Action
X-Depends-On
Shield-Pop
X-DB
X-Dw-Trace-Id
X-RPM
X-StackifyID
X-DW
Server-Ttl
X-SB
X-Tid
X-TIM-N
X-LiteSpeed-Cache-Control
X-Webstats-RespID
X-Request-Start
X-RSL
Redirect-Candidate
X-Snapshot-Date
WP-Super-Cache
X-RPS
X-UnsetCookies
X-ElasticPress-Search
X-Provided-By
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Xet-Cookie
X-Edge-POP
X-Hcs-Proxy-Type
X-Mg-Request-Id
X-Up
X-Apw-Access-Action
X-TH-Server
X-Acquia-Application-Trace
W
Lfy
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Core-Mission
X-Acquia-Site
X-MiniProfiler-Ids
X-Matched-Rule
Content-Style-Type
Content-Script-Type
X-Tt-Logid
X-Apw-Hits
X-Cache-Status-Check
ServerName
X-Pad
X-Apw-Access-Token
CloudFront-Viewer-Country
X-C
X-Cache-Expires
X-Apw-Access-Object
Vha6-Origin