Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
X-XSS-Protection
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Cache-Status
X-Generator
P3p
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Robots-Tag
X-Dns-Prefetch-Control
Request-Context
Server-Timing
X-Ws-Request-Id
X-Server
X-AH-Environment
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Pingback
X-Device
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-Vhost
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-WebKit-CSP
X-Response-Time
X-Akam-SW-Version
X-Readtime
Xkey
Accept-CH
X-Webkit-CSP
X-HW
Accept-Ch-Lifetime
X-Country
X-Ac
Content-Location
X-Application-Context
X-Language
X-Template
MS-Author-Via
Rating
X-Url
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
Accept-Ch
X-Varnish-TTL
X-Trace
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-ASPNET-VERSION
X-D2id
X-Cdn-Fetch
X-Kinja-Server
X-Use-Magma
Arr-Disable-Session-Affinity
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Country-Code
Verso
X-VARITI-CCR
X-Goog-Hash
X-Cached
Accept-CH-Lifetime
X-Server-Name
X-FastCGI-Cache
X-Vcap-Request-Id
X-Powered-By-Plesk
X-Navigation-Version
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-Buckets
X-Fastly-Request-ID
X-ORACLE-DMS-ECID
X-Middleton-Response
X-Middleton-Display
Display
Pagespeed
X-Sol
Response
RTSS
Access-Control-Request-Method
X-Cache-TTL
X-Element-Page-Cache
X-MSEdge-Ref
X-Powered-CMS
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Upstream
X-Ttl
Public-Key-Pins
X-Version
X-Litespeed-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ruxit-Js-Agent
X-Edge
S
X-TTL
X-Kinsta-Cache
X-LLID
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Px
Realpath
SPIisLatency
SPRequestDuration
X-Accel-Expires
SPRequestGuid
X-SharePointHealthScore
X-ECACHE
X-HP-Webp
X-Oneagent-Js-Injection
X-Jurisdiction
X-T
X-Forwarded-Proto
X-MCACHE
X-Mid
X-PressLabs-Stats
X-Edge-Location-Klb
X-Mg-S
X-Release
X-Content-Security-Policy-Report-Only
X-Correlation-Id
Charset
X-Recruiting
X-Shield-Request-Id
TP-Cache
TP-L2-Cache
Edge-Cache-Tag
X-Ezoic-Cdn
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Id
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Content-Digest
X-Request-Processing-Time
Filters
X-Request-Received
X-DynaTrace
Cache-Tags
X-Logged-In
Alternate-Protocol
Nginx-Cache
Server-Node
Content-MD5
Front-End-Https
X-Forwarded-For
X-ORACLE-DMS-RID
Server-Name
X-Origin-Upstream-Status
X-WebKit-CSP-Report-Only
X-XRDS-LOCATION
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Deployment-Id
X-Amzn-Trace-Id
X-Cache-Key
X-Origin-Server
X-Grace
X-Geo-Country
X-Rid
X-Amz-Replication-Status
TCN
X-Contextid
X-F-Cache
X-Az
X-AppVersion
Host
X-Activity-Id
AR-Request-ID
AR-CACHE
AR-ATIME
Ar-Sid
AR-PoweredBy
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-HS-Cache-Config
X-Goog-Stored-Content-Encoding
X-HS-Content-Id
X-HS-Hub-Id
Cleartype
X-GUploader-UploadID
X-Goog-Generation
X-HS-Combine-CSS
X-Protected-By
X-Www-Served-By
X-Frontend
X-Server-ID
X-Hostname
X-LB-Cache
Section-Io-Cache
X-Debug-Info
X-Fastcgi-Cache
X-Erf-Bev-Bev-Is-Generated
X-RateLimit-Remaining
X-Browser-Type
X-Erf-Bev-Bev
MicrosoftSharePointTeamServices
X-Ser
X-XRDS-Location
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Page-Id
X-Git-Hash
X-Cache-Age
Accept-Charset
X-Varnish-Age
X-Aspnetmvc-Version
X-Respond-Thread
X-Upgrade-Enabled
X-Hits
X-Microsite
X-Request-Handler-Origin-Region
X-VCache
X-DIS-Request-ID
X-Source
ServerID
X-NWS-LOG-UUID
X-Mobile-URL
Paypal-Debug-Id
X-Content-Options
X-Varnish-Backend
X-Varnish-Grace
X-Signature
X-B-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Is-Crawler
X-Providence-Cookie
Healthy
X-Route-Name
X-Request-Guid
X-Flags
X-Aspnet-Duration-Ms
X-FB-Debug
Nel
Access-Control-Allow-Method
X-B3-Sampled
Payment
X-TT
X-Whom
Viewport
X-Cache-Action
X-N
X-App-Environment
X-CACHE-GROUP
X-Daa-Tunnel
Node
X-Seen-By
X-AOL-HN
X-Load-Cache
X-Type
Fastcgi-Useragent
Version
MS-CV
X-Mobile
DC
DynaTrace
X-Cache-Expired-At
Filterid
X-Yandex-Sdch-Disable
X-HTML-Minification-Powered-By
X-IPLB-Instance
X-Distributor
X-Webkit-Csp
X-Cache-Control
X-Ab
SRV
Retry-After
X-FireWall-Port
X-Response-Served-From
X-Original-Request-Id
X-Real-IP
X-Instance
X-ProcessESI
X-RemovedCookies
X-Proxy-Cache-Status
X-Tumblr-Pixel
X-Debug
X-Tumblr-User
X-Tt-Trace-Tag
X-UUID
X-Jobs
NGB
X-Tt-Trace-Host
X-Tumblr-Pixel-1
X-Varnish-Server
X-Tumblr-Pixel-0
X-Device-Type
X-Debug-IsPreview
X-Debug-IsConnected
Frame-Options
Ms-Operation-Id
Refresh
X-Region
X-RTag
X-Proxy
X-Content-Powered-By
VIX-Pulpo-Node
Uber-Trace-Id
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-Cacheable-TTL
X-B
X-Accel-Buffering
X-Cluster-Name
X-Page-View
X-IPS-LoggedIn
Access-Control-Request-Headers
X-User-Agent
X-Framework
X-Adobe-Content
X-Adobe-Loc
Cache
X-G
X-Oracle-Dms-Rid
X-Wix-Request-Id
X-Zen-Fury
X-FW-Static
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Type
Countrycode
X-App-Version
X-Time
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-Cache-Hit
X-Vgn-Hpd-Reason
Surrogate-Key
Cache-Status
X-Nginx-Cache
X-TA-CDN-Provider
X-NGENIX-Cache
X-Drupal-Cache-Tags
X-RateLimit-Limit
Country
X-Rendered-As
AMP-Access-Control-Allow-Source-Origin
Eomportal-Instance
X-Is-Bot
X-App-Server
X-Azure-Ref
X-EdgeConnect-Cache-Status
S-Cnection
X-Mg-Request-UUID
X-Ms-Version
X-Ms-Request-Id
Referer-Policy
X-Drupal-Cache-Contexts
X-Cache-Rule
X-CDN-Forward
Liferay-Portal
SD-X-WS
X-Node-Name
X-Proxy-Build
X-ES-SERVER
Selected-Fe
Meta-Geo
X-JoinUs
CF-IPCountry
X-SaId
X-Rule
X-Tumblr-Pixel-2
X-Timing-Wait
X-Varnishpool
From-Origin
X-RN-RSRV
X-UPSTREAM-Address
Protected
X-L-Path
X-Environment-Context
X-Cache-TTL-Remaining
ServedBy
X-Pubstack
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-TNCMS
X-Via-Fastly
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Xfnlog-Site
X-ShopId
X-ShardId
X-Endurance-Cache-Level
X-Cache-Server
X-Backend-Host
X-Handled-By
X-Loop
X-R9-Blue-Green-Version
X-PHP-Backend
X-No-Session
X-Alternate-Cache-Key
X-Shopify-Stage
Xserver
TWC-GeoIP-LatLong
X-NYM-Debug-Backend
Fastly-SSL
X-Origin-Hint
Cache-Name
X-LJ-Flow-ID
X-Proto
X-LAGOON
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-AWS-Id
TWC-Locale-Group
Akamai-GRN
X-Be
Cache-Tv-Group
X-Server-W
TWC-Connection-Speed
TWC-Device-Class
Property-Id
X-Request-Time
X-Varnish-Hostname
X-S-Maxage
TWC-GeoIP-Country
Azure-Version
X-VWS-Id
Country-Code
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-SiteName
TWC-Privacy
X-Origin-Date
X-Cache-Operation
X-Human
X-ProxyCache-Key
X-ProxyCache-Status
X-Status
X-RCS-CacheZone
X-Hl-Ver
X-OCL
X-PCL
X-Backend-Name
X-BYPASS-REASON
Decoy-Debug-TTL
Decoy-Debug-Key
Apigw-Requestid
Decoy-Debug-Status
X-Access
X-Hyper-Cache
X-ApacheServer
X-Akamai-Edgescape
X-Sql-Count
X-GG-Cache-Date
X-FB-TRIP-ID
X-UA-Device-Type
X-Format
X-Dc
X-Sql-Duration-Ms
X-PERF
X-Section
X-Labrador-Cache-Channel
X-Say-TTL
Mn-Server-Ip
X-Say-Cacheable
X-SayCDN-TTL
X-Varnish-Beresp-Grace
X-Adobe-Source
X-PHP-Host
X-Cache-PHP
X-Hosted-By
X-Uri
X-Redis-Cache
X-Cached-By
X-Web-Node
X-WA-Info
X-Trace-Id
X-MP-GENERATED-AT
X-ATG-Version
X-CACHE-KEY
X-Ua-Device
X-Content-Age
X-FW-Version
X-Revision
X-B3-SpanId
X-CSRF-Token
X-Cache-Enabled
X-Soup
X-Edge-Location
X-ServerID
X-Time-Microsecs
Amp-Access-Control-Allow-Source-Origin
X-Mode
X-Tumblr-Pixel-3
X-Cache-Type
X-SRV
X-Datadome
X-CS
Backend
X-Bc-Bl
X-Info
Who
X-TT-LOGID
X-Detected-As
X-Microcachable
X-Akamai-Transformed
X-Aws-Lambda-Call-Status
X-Varnish-Beresp-Status
X-Debug-Cache
X-Azure-Ref-OriginShield
X-Storage
X-Cache-NGX
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-Cache-Host
X-Platform
Web-Mar-Node
X-Generation-Time
DataCenter
X-Varnish-Cache-Hits
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-CLOUD-TRACE-CONTEXT
X-Unique-ID
X-Via-JSL
X-Varnish-Hits
X-Parallel-Accel
Cross-Origin-Opener-Policy
X-Cluster-Node
OT-Force-Account-Verify
Server-Info
X-APP-VERSION
X-Locale
X-Extlb
Count-Hit
Geo-Info
X-B3-Traceid
X-Origin-TTL
X-Origin-CC
CDN-PullZone
DCR-Decision-By
CDN-CachedAt
CDN-EdgeStorageId
Content-Disposition
CDN-Uid
CDN-Cache
CDN-RequestId
CDN-RequestCountryCode
X-External-Request-Id
DCR-Processing-Time-Ms
X-Level-Front-Cache
X-Processor
X-Varnish-Url
X-Magnolia-Registration
X-Air-Trace-Id
X-VG-WebServer
X-Generated-On
X-From
BehaviorPad-Version
A
X-Air-Source
X-Rewrite-Enabled
CDCHOST
Fastcgi-X-Cache-Version
X-ARC
X-Application
Rendered-Blocks
X-B-Cookie
X-BCube-Filmed-By
X-Bip
Odigeo-Trace-Id
X-Aed
X-A-Wwc
X-A-Dam
X-A-Ccd
X-A
T-Server
X-A-Dcw
X-A-Dgt
Surrogated-Key
Mobile-Detection-Method
Meta-Geo-Continent
X-D
X-Core-Value
X-Connection-Hash
Fastly-Backend-Name
X-Air-Hostname
X-Destination
Expiry
Host-ID
X-Cms-Context
MD5-Digest
X-Cache-Bucket
X-Cache-NE
M-TraceId
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Developer
X-Geo-Header
X-Vdms-Path
X-S-Cookie
X-SRCache-Key
X-Rojux
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Thanos
X-Varnish-Beresp-Ttl
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-S
X-Sucuri-ID
X-Session-Fingerprint
X-ScT
X-Request-URI
X-Proxy-Upstream
X-NAPM-TraceId
X-VG-WebCache
X-Vdms-Version
X-AIR-PT
X-Location
X-Service
X-Ratelimit-Reset
Tcn
GEO-INFO
X-TX-ID
X-Tb
X-Site-Version
X-Date
Cmstype
Esi-Enabled
Fastly-SIE
X-Envoy-Decorator-Operation
X-Scheme
Fastly-SWR
Location
X-Aicache-OS
X-Ratelimit-Limit
Pics-Label
PFcat
Server-Host
X-Accel-Expires-Debug
UCS
Cache-Host
X-Request-UUID
State
X-Backend-State
Path
X-Cluster
X-Clientip
X-EC-Lua
X-Platform-Server
Cmsid
X-Cache-Debug
Pagetype
X-Branch-Name
Memcached
Gh-Request-Id
X-Developers
X-Req
X-GoCache-CacheStatus
X-Has-Esi
X-Rebelmouse-Surrogate-Control
X-Gamma-Serve
AKAMAI
Ec-Rule-Version
X-Hash
X-HN
X-Origin
X-NU-AKA-ACS-Version
X-Servername
X-Rebelmouse-Cache-Control
X-Is-Gdpr
X-JWT-State
Apple-News-Services-Handled
Req-Svc-Chain
X-Served-From
Apple-News-Services-Host
X-TrackingId
CacheControlHeader
X-VarnishDD-TTL
X-Var-Ttl
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-DataDome
X-Pass-Why
User-Cache-Control
Upgrade-Insecure-Requests
X-Device-Os
X-DPWN-IS-SECURE
X-Variation
Vix-Hermes-Req-Id
X-Men
X-Request-Host
X-WADP-Cache
Fastcgi-Cache-TTL
X-Fastly-Backend
X-LI-UUID
X-Micro-Cache
Wxu-Next-Region
Wxu-Next-Hostname
X-VG-TLSProxy
X-Thinkindot-L3
Wxu-Next-Commit
We-Hiring
X-Li-Pop
X-Li-Fabric
X-Policy
X-Clara-WADP
X-CGP
X-RateLimit-Remaining-Second
Origin
X-Generated-In
L
X-Csrf-Jwt
X-Owner
X-Generated-By
X-VC-Cache
X-Forwarded-Site
X-Cache-Tags
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-RateLimit-Limit-Second
X-Viewer-Country
Fastly-Drupal-HTML
X-Fastly-Cache
X-Cache-Grace
X-Eu-Site
Kp-EeAlive
X-Fmm-Version
X-Origin-Expires
Adler-Geo
Platform
PB-RID
PB-PID
Source
Ha-Gx-Prefs
X-Minions-Version
Arc-Version
X-Epic-Correlation-Id
Arc-Country
NM-Fastcgi-Cache
X-Rocket-Build-Number
Is-Eu
L5d-Success-Class
X-Sigma
Mail-Subject
HA-Ipaddr
NGX
X-Varnish-Ttl
X-Sigma-Backend
Thinkindot-Control
Thinkindot-CacheControl-Type
True-Client-Country-4JS
Cf-Device-Type
DSUID
Thinkindot-CacheControl
X-Amz-Meta-S3cmd-Attrs
X-VHOST
C-Via
Svr
TDXMobile
SID
Webserver
X-NWS-UUID-VERIFY
X-Varnish-Remaining-TTL
X-Qloud-Router
X-Varnish-CookieINHashed-On
X-Fetched-On
X-Forwarded-Host
X-FC-Vary-Parameters
Cache-Key
X-Gzip
X-PF-Uncompressing
X-Mvc-Supplant-Cachable
X-Skip-Cache
X-Nginx-Cache-Key
X-SIPLIST1
My-App
X-Old-Content-Length
X-Slack-Backend
X-Irp-Debug
X-GeoIP
X-Gen-Mode
X-User
X-GeoIP-City
CPC-Age
X-HS-Content-Campaign-Id
X-Hnp-Log
X-Varnish-CookieHashed-On
X-Esi-Check
IsBot
CPC-Cache
Release
X-VServer
X-Via-NSCOPI
Locid
X-Loc
VNS-Age
X-Cache-Info
V-Age
X-Block-Status
X-Cache-Id
Server-Ext
X-Ratelimit-Remaining
VNS-Cache
Sever-Int
Server-Hostname
X-Wikidot-Static-Cache
X-DefElseHash
X-DefHash
X-Wikidot-Backend
X-Planisys-CDN-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Url
X-TEC-API-ROOT
S-Rt
X-TEC-API-VERSION
X-Ua
X-TEC-API-ORIGIN
X-Tenant
X-Mvc-Supplant-OutputCached
X-TraceId
X-Orig-Expires
Cache-Hits
X-Vc
Powered-By-ChinaCache
X-PJAX-URL
X-Forwarded-Path
X-Shop-Environment
X-Via-Popv
X-Via-Poph
X-Via-Popn
X-Unique-Id
Cross-Origin-Window-Policy
X-OVcl-Cache
X-OVcl
NtCoent-Length
X-Refresh
X-Geo
Content-Secure-Policy
MIME-Version
X-Ftr-Request-Id
DB-Nickname
X-Cache-Ttl
X-HP-Trace-Id
Cf-Bgj
X-ZONE
X-Backend-TTL
XServer
X-Internal-Host
Magicmarker
X-LB-ID
X-NC
Memory
Time
X-Conf
X-ID
X-Zone
GeoIp-Country-Code
Geoip-Latitude
X-Srv
X-BBC-Edge-Cache-Status
X-NCache
HostName
WebServer
X-Dispatcher-Server
X-Method
X-Ckpd-Fst-Backend
X-Worker
X-GEO
Server-ID
X-Auto-Login
X-TIME
X-Servedbyhost
X-Dynatrace
X-IP
X-V-Cache
X-LSADC-Cache
X-NewRelic-App-Data
X-Li-Proto
Hostname
Ssr
X-Render-Time
X-Rocket-Nginx-Serving-Static
X-Qnm-Cache
X-M-Reqid
X-Tb-Optimization-Total-Bytes-Saved
X-Platform-Processor
X-Platform-Router
X-M-Log
X-Nc
LB
X-Platform-Cluster
X-Newrelic-Synthetics
X-HostName
X-Trv-Group
X-Vcl-Version
X-SD-PageType
X-Cache-Remote
X-DC
Resin-Trace
X-Wa
X-Traceid
X-Correlation-ID
X-Datadog-Parent-Id
Environment
X-APP
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-App
X-Tx-Id
X-Node-Id
Ohc-File-Size
X-Origin-Time
X-API-Version
X-Nyt-Route
X-CACHE-AGE
X-Gdpr
X-HITS
X-Cache-Config
X-Origin-Response-Time
X-Via-CDN
X-MSEdge-Flight
X-BBC-Origin-Response-Status
X-MSEdge-Features
X-NodeID
Env
X-DynaTrace-JS-Agent
X-Varnish-Beresp-TTL
X-VCL-Version
X-FTR-Request-ID
X-Via-Ucdn
X-Reqid
X-WA
X-Edge-Pop
X-Server-IP
X-Pod-Name
Cluster
Cf-Ipcountry
X-ServerName
Sid
X-ElasticPress-Query
CF-Cached-On
Candidate-Md5Url
Datacenter
X-Wix-Viewer-Type
X-LI-Proto
Viewtype
VivaBuild
Rt-Fastcgi-Cache
X-ND-Cache
X-Cache-Var
X-Cache-Var-Map
X-Cdn-Forward
Web-Mar-Region
X-HS-Status
Machine
N-Cache
Server-Id
CDN
X-Akamai-Pragma-Client-IP
X-ServedByHost
X-Cs
FSS-Cache
On-Server
X-Dynatrace-Js-Agent
GeoIP-Latitude
X-Webkit-CSP-Report-Only
GeoIP-Country-Code
Proxy-Connection
X-NGINX-Cache
WWW-Authenticate
X-EIG-Tracking-Id
X-Check-Cacheable
Onion-Location
X-Lb-Id
WZWS-RAY
Cdn
Servername
X-Varnish-Cacheable
X-CCM
X-Swa-Ws
X-FTR-Realm
X-FTR-DC
X-Oss-Hash-Crc64ecma
X-FTR-Cache-Status
Xc-Version
X-URL
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-Esi
X-Xrds-Location
X-CSRF-TOKEN
Ohc-Cache-HIT
X-Cache-Backend
X-Via-PopN
X-Via-PopH
X-Fastly-Request-Id
X-VC
Mime-Version
X-Via-PopV
X-Fastly-Backend-Reqs
X-Pjax-Url
X-IN-APIGATEWAY
Tracecode
X-IN-APIGATEWAYSSL
X-CUA
URI
CountryCode
Cteonnt-Length
X-SN
X-Swift-Error
Instruction
CACHE
SR-User-Adfree
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-ASPX
X-Air-Pt
X-FTR-Expires
X-Dw-Trace-Id
X-Request-Start
Redirect-Candidate
X-FORWARDED-FOR
X-Fpc
X-StackifyID
X-Tid
Warning
X-TIM-N
X-Region-Sid
X-Up
X-RSL
Xet-Cookie
X-Fastly-Cache-Hits
X-DI
X-DB
X-Action
Shield-Pop
X-DSS
X-DW
X-RPM
Ohc-Response-Time
ServerName
X-RPS
WP-Super-Cache
X-Depends-On
X-SB
X-Webstats-RespID
X-ElasticPress-Search
X-Yottaa-OS
X-Snapshot-Date
X-LiteSpeed-Cache-Control
X-UnsetCookies
X-Pf-Uncompressing
Server-Ttl
X-Provided-By
X-Apw-Access-Object
X-Apw-Access-Action
X-C
X-Apw-Access-Token
X-Mg-Request-Id
X-Amz-Meta-Cb-Modifiedtime
X-FPC
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Apw-Hits
X-Cache-Status-Check
X-CCDN-CacheTTL
X-Cache-Expires
X-MiniProfiler-Ids
X-Tt-Logid
W
X-Pad
Lfy
Content-Script-Type
Content-Style-Type
X-Acquia-Application-Trace
X-Acquia-Application-UUID
CloudFront-Viewer-Country
X-Matched-Rule
Vha6-Origin
X-Core-Mission
X-Acquia-Purge-Tags
X-Acquia-Site
X-TH-Server