Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
X-XSS-Protection
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-Request-ID
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
X-Dns-Prefetch-Control
Keep-Alive
Request-Context
X-Robots-Tag
Server-Timing
X-Ws-Request-Id
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Ua-Compatible
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
Cf-Railgun
X-Amz-Version-Id
NEL
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
X-Server-Id
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Webkit-CSP
X-Readtime
X-Response-Time
X-Akam-SW-Version
Accept-CH
X-WebKit-CSP
Xkey
Accept-Ch-Lifetime
X-HW
X-Country
X-Ac
Content-Location
X-Application-Context
X-Language
MS-Author-Via
X-Template
Rating
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Url
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Varnish-TTL
X-Trace
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
Accept-Ch
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-ASPNET-VERSION
X-D2id
X-Country-Code
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
Verso
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-Goog-Hash
X-FastCGI-Cache
Accept-CH-Lifetime
X-Server-Name
X-Vcap-Request-Id
X-Cached
X-Navigation-Version
Cache-Tag
X-Buckets
X-Powered-By-Plesk
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-ORACLE-DMS-ECID
RTSS
X-Cache-TTL
X-Fastly-Request-ID
Display
X-Sol
X-Middleton-Response
Pagespeed
Response
X-Middleton-Display
Access-Control-Request-Method
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-NF-Request-ID
X-Dw-Request-Base-Id
Public-Key-Pins
X-Ttl
X-Upstream
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
S
X-TTL
X-Px
X-Kinsta-Cache
X-LLID
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Edge-Location-Klb
Realpath
X-Accel-Expires
SPRequestDuration
SPIisLatency
X-ECACHE
X-Ruxit-Js-Agent
X-SharePointHealthScore
SPRequestGuid
X-Jurisdiction
X-T
X-HP-Webp
X-Oneagent-Js-Injection
X-Server-ID
X-Mid
X-MCACHE
X-PressLabs-Stats
X-Forwarded-Proto
X-Content-Security-Policy-Report-Only
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Shield-Request-Id
X-Correlation-Id
Charset
X-Recruiting
Edge-Cache-Tag
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
Fastcgi-Cache
TP-L2-Cache
TP-Cache
X-Amz-Server-Side-Encryption
X-DynaTrace
X-Mg-S
X-Release
X-Ezoic-Cdn
X-Id
X-Content-Digest
X-ORACLE-DMS-RID
X-Request-Received
Filters
X-Request-Processing-Time
Nginx-Cache
X-Logged-In
Server-Node
Front-End-Https
Alternate-Protocol
Cache-Tags
X-Cache-Key
Content-MD5
X-Forwarded-For
TCN
X-Origin-Upstream-Status
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Server-Name
X-Amzn-Trace-Id
X-Litespeed-Cache
X-XRDS-Location
X-Origin-Server
X-Grace
X-Geo-Country
X-Rid
X-Contextid
X-Protected-By
X-Amz-Replication-Status
X-F-Cache
Host
X-Az
X-Activity-Id
Cleartype
X-AppVersion
X-Www-Served-By
X-Goog-Metageneration
X-WebKit-CSP-Report-Only
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-HS-Cache-Config
X-Hostname
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-RateLimit-Remaining
Section-Io-Cache
X-Frontend
X-Debug-Info
X-LB-Cache
MicrosoftSharePointTeamServices
X-Browser-Type
X-Erf-Bev-Bev
X-XRDS-LOCATION
X-Erf-Bev-Bev-Is-Generated
X-NWS-LOG-UUID
X-Ser
X-Tec-Api-Root
X-Page-Id
X-Tec-Api-Version
X-Git-Hash
X-Tec-Api-Origin
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Cache-Age
Ar-Sid
AR-Request-ID
X-Respond-Thread
X-Source
X-VCache
Accept-Charset
X-Upgrade-Enabled
X-Varnish-Age
X-Aspnetmvc-Version
X-Content-Options
X-Hits
X-DIS-Request-ID
X-Mobile-URL
Paypal-Debug-Id
ServerID
Access-Control-Allow-Method
X-Varnish-Backend
X-Daa-Tunnel
X-Kong-Upstream-Latency
X-B-Cache
X-Varnish-Grace
X-Kong-Proxy-Latency
X-Signature
X-B3-Sampled
Payment
X-Fastcgi-Cache
X-Request-Guid
Healthy
X-Route-Name
X-Providence-Cookie
X-FB-Debug
X-Flags
X-Cache-Action
Viewport
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Whom
X-TT
X-CACHE-GROUP
X-AOL-HN
Node
X-App-Environment
X-N
Version
X-Seen-By
X-Request-Handler-Origin-Region
X-Microsite
X-Type
X-Load-Cache
Fastcgi-Useragent
X-Mobile
DynaTrace
DC
MS-CV
X-Yandex-Sdch-Disable
X-Cache-Expired-At
X-HTML-Minification-Powered-By
X-Distributor
SRV
Filterid
Retry-After
X-Ab
X-Cache-Control
X-Tt-Trace-Tag
X-IPLB-Instance
X-Tt-Trace-Host
Frame-Options
X-User-Agent
X-Original-Request-Id
X-Response-Served-From
X-UUID
X-Instance
X-Real-IP
X-Jobs
X-Tumblr-Pixel
X-ProcessESI
X-IPS-LoggedIn
X-RemovedCookies
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Varnish-Server
X-Cluster-Name
X-Proxy-Cache-Status
X-Proxy
X-Debug-IsPreview
X-Adobe-Loc
X-Region
X-Adobe-Content
X-RTag
Access-Control-Request-Headers
X-Debug-IsConnected
X-Device-Type
X-Content-Powered-By
Ms-Operation-Id
VIX-Pulpo-Node
Refresh
Uber-Trace-Id
VIX-Pulpo-Upstream-Status
NGB
X-Cacheable-TTL
X-B
X-Cache-Time
X-Page-View
X-Framework
Nel
X-FireWall-Port
X-G
X-Debug
X-Accel-Buffering
Cache
X-FW-Serve
X-FW-Type
X-FW-Hash
X-FW-Static
X-FW-Server
X-FW-Dynamic
X-Zen-Fury
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Wix-Request-Id
Section-Io-Origin-Status
X-Time
X-App-Version
Countrycode
X-Vgn-Hpd-Reason
X-RateLimit-Limit
X-NGENIX-Cache
X-Nginx-Cache
Cache-Status
X-Azure-Ref
X-Oracle-Dms-Rid
Surrogate-Key
X-Mg-Request-UUID
X-CDN-Forward
X-Cache-Hit
Country
X-Drupal-Cache-Tags
X-Is-Bot
X-Rendered-As
X-Cache-Rule
X-App-Server
X-Ms-Request-Id
X-Ms-Version
S-Cnection
X-TA-CDN-Provider
Eomportal-Instance
X-Node-Name
X-EdgeConnect-Cache-Status
Referer-Policy
SD-X-WS
Liferay-Portal
X-Environment-Context
X-L-Path
X-Drupal-Cache-Contexts
X-Cache-Operation
X-SaId
X-Varnishpool
X-Timing-Wait
X-UPSTREAM-Address
From-Origin
X-JoinUs
Meta-Geo
CF-IPCountry
X-Tumblr-Pixel-2
Selected-Fe
X-RN-RSRV
X-ES-SERVER
X-Proxy-Build
X-ShopId
X-Shopify-Stage
X-Loop
X-PHP-Backend
X-R9-Blue-Green-Version
X-Request-Time
X-Pubstack
X-Yottaa-Optimizations
X-No-Session
X-S-Maxage
X-ShardId
X-Varnish-Hostname
X-Cache-Server
X-Endurance-Cache-Level
X-Backend-Host
ServedBy
X-Cache-TTL-Remaining
Protected
X-TNCMS
X-Via-Fastly
X-Handled-By
X-Sorting-Hat-ShopId
X-GG-Cache-Date
X-Yottaa-Metrics
X-Xfnlog-Site
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
AMP-Access-Control-Allow-Source-Origin
TWC-GeoIP-LatLong
Property-Id
Cache-Tv-Group
TWC-Locale-Group
Cache-Name
TWC-Privacy
Webcakes-App-Version
Webcakes-App-Name
X-NYM-Debug-Backend
TWC-GeoIP-Country
Azure-Version
X-Proto
Azure-SiteName
Azure-RegionName
Azure-SlotName
TWC-Connection-Speed
X-ProxyCache-Status
TWC-Device-Class
X-ProxyCache-Key
X-Server-W
Webcakes-Region
X-Be
X-Human
Azure-InstanceId
X-BYPASS-REASON
X-Varnish-Beresp-Grace
X-Origin-Hint
Fastly-SSL
X-VWS-Id
X-AWS-Id
X-LAGOON
X-LJ-Flow-ID
X-OCL
X-Adobe-Source
X-PCL
X-Origin-Date
Decoy-Debug-Status
Country-Code
Decoy-Debug-TTL
Decoy-Debug-Key
X-SayCDN-TTL
Apigw-Requestid
X-Backend-Name
X-Hl-Ver
X-Format
X-Section
X-Access
X-Say-TTL
Akamai-GRN
Xserver
X-Say-Cacheable
X-RCS-CacheZone
X-FB-TRIP-ID
Amp-Access-Control-Allow-Source-Origin
X-ApacheServer
X-Labrador-Cache-Channel
X-Akamai-Edgescape
X-PHP-Host
X-UA-Device-Type
X-Sql-Duration-Ms
Mn-Server-Ip
X-Status
X-Rule
X-Sql-Count
X-PERF
X-Hyper-Cache
X-Uri
X-Revision
X-Hosted-By
X-Cache-PHP
X-Redis-Cache
X-B3-SpanId
X-Web-Node
X-Webkit-Csp
X-Trace-Id
X-WA-Info
X-Ua-Device
X-FW-Version
X-Cache-Type
X-ATG-Version
X-MP-GENERATED-AT
X-Dc
X-Aws-Lambda-Call-Status
X-Content-Age
X-ServerID
X-Time-Microsecs
X-CSRF-Token
X-Tumblr-Pixel-3
X-TT-LOGID
X-Cached-By
X-Datadome
X-Soup
X-Cache-Enabled
X-Akamai-Transformed
Backend
X-Parallel-Accel
X-Edge-Location
X-Mode
X-CS
X-Detected-As
X-Bc-Bl
X-Microcachable
Count-Hit
X-Azure-Ref-OriginShield
X-Info
X-Varnish-Cache-Hits
X-Varnish-Beresp-Status
X-Cache-Host
OT-Force-Account-Verify
X-Cluster-Node
X-Generation-Time
Web-Mar-Node
X-Cache-NGX
Cross-Origin-Opener-Policy
X-Varnish-Hits
X-SRV
X-CACHE-KEY
GEO-INFO
X-Debug-Cache
X-Proxied
X-Platform
X-Zipkin-Id
X-Storage
X-Amzn-RequestId
X-Routing-Service
X-Amzn-Remapped-Content-Length
DataCenter
X-Amz-Apigw-Id
Who
X-Servername
X-Unique-ID
X-APP-VERSION
X-Extlb
X-Varnish-Beresp-Ttl
X-HP-Trace-Id
X-B3-Traceid
SID
X-Origin-CC
Server-Info
X-Locale
X-Origin-TTL
X-Epic-Correlation-Id
X-A-Dgt
X-Air-Trace-Id
A
X-A-Wwc
X-Air-Source
X-Developer
X-Magnolia-Registration
Odigeo-Trace-Id
X-A-Dam
X-From
Surrogated-Key
X-Via-JSL
X-A-Ccd
X-Generated-On
X-External-Request-Id
X-A-Dcw
X-Core-Value
Expiry
Fastcgi-X-Cache-Version
Fastly-Backend-Name
X-CF-Lambda-Fn
X-CF-Lambda-Version
DCR-Decision-By
DCR-Processing-Time-Ms
MD5-Digest
X-Aed
X-Cache-NE
X-B-Cookie
X-ARC
M-TraceId
X-BCube-Filmed-By
X-Bip
X-Aicache-OS
X-Cache-Bucket
Host-ID
Content-Disposition
Meta-Geo-Continent
X-D
BehaviorPad-Version
Cache-Host
Mobile-Detection-Method
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Connection-Hash
CDCHOST
CDN-RequestId
CDN-Uid
X-Cms-Context
CDN-RequestCountryCode
CDN-PullZone
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-Destination
X-Air-Hostname
X-PAYTM-SRV-ID
Req-Svc-Chain
X-PBS-Appsvrname
X-Geo-Header
X-Processor
State
X-NAPM-TraceId
Rendered-Blocks
X-Vdms-Version
T-Server
X-Vdms-Path
X-EC-Lua
X-Ratelimit-Reset
X-Rojux
X-S
X-S-Cookie
X-ScT
X-Service
X-Session-Fingerprint
X-Thanos
X-Request-URI
X-SRCache-Key
X-Rewrite-Enabled
X-VG-WebCache
X-Application
X-Vtex-Processado-Em
X-A
X-Vtex-Remote-Cache
X-VG-WebServer
X-Level-Front-Cache
X-Location
Upgrade-Insecure-Requests
X-DataDome
Esi-Enabled
X-Request-UUID
Fastcgi-Cache-TTL
Fastly-Drupal-HTML
X-Sigma
Cmsid
X-JWT-State
X-Clientip
Cmstype
Memcached
Fastly-SIE
X-Sucuri-ID
X-Sigma-Backend
X-AIR-PT
X-Backend-State
L
Kp-EeAlive
X-Has-Esi
Location
X-Scheme
X-GoCache-CacheStatus
X-Hash
X-HN
X-Rocket-Build-Number
Server-Host
X-Is-Gdpr
Gh-Request-Id
X-Cache-Debug
X-Branch-Name
X-Served-From
Fastly-SWR
X-Rebelmouse-Surrogate-Control
Source
X-Developers
X-VarnishDD-TTL
AKAMAI
X-Platform-Server
X-Cache-Grace
Origin
Pics-Label
X-VG-TLSProxy
X-NU-AKA-ACS-Version
X-Origin
X-Envoy-Decorator-Operation
PFcat
Pagetype
X-TrackingId
Path
CacheControlHeader
X-Var-Ttl
X-Proxy-Upstream
X-Rebelmouse-Cache-Control
UCS
X-Gamma-Serve
S-Rt
X-Ua
X-Tb
User-Cache-Control
X-Site-Version
X-NWS-UUID-VERIFY
Wxu-Next-Region
X-Accel-Expires-Debug
Wxu-Next-Hostname
True-Client-Country-4JS
TDXMobile
Thinkindot-CacheControl
Thinkindot-Control
Wxu-Next-Commit
Thinkindot-CacheControl-Type
X-Minions-Version
X-Origin-Expires
X-Owner
X-Policy
X-Micro-Cache
X-Men
X-LI-UUID
X-Loc
X-Req
X-Request-Host
X-Varnish-Url
X-VC-Cache
X-WADP-Cache
X-Variation
X-Thinkindot-L3
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Li-Pop
X-Li-Fabric
X-Csrf-Jwt
X-Date
X-Device-Os
X-Cluster
X-Clara-WADP
X-Cache-Tags
X-CGP
X-DPWN-IS-SECURE
X-Eu-Site
X-Generated-By
X-Generated-In
X-Forwarded-Site
X-Fmm-Version
X-Fastly-Backend
X-Fastly-Cache
X-Cache-Info
Vix-Hermes-Req-Id
HA-Ipaddr
Ha-Gx-Prefs
Ec-Rule-Version
Is-Eu
L5d-Success-Class
NM-Fastcgi-Cache
NGX
Svr
DSUID
Cf-Device-Type
X-Amz-Meta-S3cmd-Attrs
X-VHOST
X-Varnish-Ttl
Adler-Geo
Arc-Country
C-Via
Arc-Version
PB-PID
X-Forwarded-Host
PB-RID
Platform
Cross-Origin-Window-Policy
Url
X-Forwarded-Path
X-Wikidot-Backend
X-Fetched-On
X-Old-Content-Length
X-Wikidot-Static-Cache
X-Esi-Check
X-FC-Vary-Parameters
X-VServer
Server-Ext
X-Ratelimit-Limit
Server-Hostname
X-DefElseHash
X-DefHash
X-Viewer-Country
X-GeoIP
X-Orig-Expires
X-Shop-Environment
X-Irp-Debug
X-User
X-Varnish-CookieINHashed-On
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Tenant
X-Hnp-Log
X-GeoIP-City
V-Age
X-Varnish-CookieHashed-On
X-Goog-Meta-Goog-Reserved-File-Mtime
Sever-Int
X-Gzip
X-Gen-Mode
X-PF-Uncompressing
X-Block-Status
Release
X-Slack-Backend
X-RateLimit-Limit-Second
NtCoent-Length
X-Cache-Id
X-Qloud-Router
X-RateLimit-Remaining-Second
Locid
Webserver
Cache-Key
X-Skip-Cache
IsBot
We-Hiring
X-SIPLIST1
Mail-Subject
Content-Secure-Policy
X-Varnish-Remaining-TTL
X-TX-ID
X-HS-Content-Campaign-Id
VNS-Cache
VNS-Age
X-Zone
CPC-Age
My-App
Cache-Hits
CPC-Cache
X-Planisys-CDN-TTL
X-Via-NSCOPI
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Geo-Info
X-TEC-API-ROOT
X-Pass-Why
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Vc
X-Unique-Id
X-Via-Popn
X-CLOUD-TRACE-CONTEXT
X-Mvc-Supplant-OutputCached
X-Ftr-Request-Id
X-Via-Poph
X-Via-Popv
Powered-By-ChinaCache
X-Srv
X-Refresh
X-PJAX-URL
X-Internal-Host
MIME-Version
X-Conf
X-Ratelimit-Remaining
X-BBC-Edge-Cache-Status
X-Cache-Ttl
X-GEO
XServer
X-Worker
X-OVcl-Cache
X-NC
X-OVcl
X-LB-ID
X-Ckpd-Fst-Backend
X-TraceId
X-ID
Tcn
Cf-Bgj
X-NCache
Time
Memory
X-Servedbyhost
X-Auto-Login
X-Backend-TTL
WebServer
X-Geo
X-LSADC-Cache
DB-Nickname
Magicmarker
X-V-Cache
Server-ID
HostName
Geoip-Latitude
GeoIp-Country-Code
X-NewRelic-App-Data
X-Render-Time
X-DC
X-TIME
X-Rocket-Nginx-Serving-Static
X-ZONE
X-Dispatcher-Server
X-Cache-Remote
X-Platform-Router
X-Qnm-Cache
X-M-Log
X-Traceid
X-Dynatrace
X-M-Reqid
X-Platform-Cluster
X-Platform-Processor
X-Method
X-Newrelic-Synthetics
X-Tx-Id
X-Wa
X-SD-PageType
Hostname
X-Tb-Optimization-Total-Bytes-Saved
X-App
X-Datadog-Parent-Id
Environment
X-Datadog-Sampling-Priority
Resin-Trace
Ssr
X-IP
X-Datadog-Trace-Id
X-Cache-Config
X-Gdpr
X-Nyt-Route
X-Origin-Time
X-Li-Proto
X-API-Version
X-NodeID
X-BBC-Origin-Response-Status
X-Correlation-ID
Cluster
X-Nc
X-Pod-Name
X-Edge-Pop
X-Server-IP
LB
X-Via-Ucdn
X-VCL-Version
X-Origin-Response-Time
X-DynaTrace-JS-Agent
Ohc-File-Size
X-MSEdge-Features
Candidate-Md5Url
X-Vcl-Version
X-MSEdge-Flight
X-Webkit-CSP-Report-Only
X-HITS
X-HostName
X-Trv-Group
X-CACHE-AGE
X-Varnish-Beresp-TTL
X-Cache-Var
X-Cache-Var-Map
X-Node-Id
X-Via-CDN
X-LI-Proto
X-APP
X-ElasticPress-Query
Cf-Ipcountry
Web-Mar-Region
N-Cache
Env
X-Akamai-Pragma-Client-IP
X-ServerName
Datacenter
X-Wix-Viewer-Type
X-WA
X-ND-Cache
X-Reqid
Proxy-Connection
X-Fastly-Request-Id
CF-Cached-On
X-HS-Status
Sid
Onion-Location
GeoIP-Country-Code
VivaBuild
GeoIP-Latitude
Viewtype
Server-Id
CDN
Rt-Fastcgi-Cache
X-FTR-Request-ID
X-Cs
X-Content
X-Ua-Browser
Machine
Servername
Cdn
WWW-Authenticate
X-Dynatrace-Js-Agent
X-AB
X-Fastly-Backend-Reqs
X-EIG-Tracking-Id
X-Varnish-Cacheable
X-MG-S
X-Cdn-Forward
WZWS-RAY
X-ServedByHost
X-NGINX-Cache
X-Lb-Id
X-Check-Cacheable
FSS-Cache
On-Server
X-URL
X-Xrds-Location
X-CSRF-TOKEN
Ohc-Cache-HIT
X-Esi
X-Via-PopV
X-Via-PopH
X-VC
X-Swa-Ws
X-Via-PopN
X-TIM-N
X-Pjax-Url
X-Fpc
Redirect-Candidate
X-Request-Start
Cteonnt-Length
Server-Ttl
Mime-Version
X-Tid
X-Cache-Backend
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Lb
X-SN
Shield-Pop
URI
X-Country-Code-Real
X-FTR-Cache-Status
X-Oss-Storage-Class
X-Oss-Request-Id
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-Oss-Server-Time
X-Up
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-FTR-Backend-Server
Xc-Version
CountryCode
X-FTR-Backend
Vha6-Origin
X-Air-Pt
CACHE
X-Swift-Error
X-Pad
X-FORWARDED-FOR
X-CCM
Tracecode
Pramga
X-Contensis-Viewer-Groups
Is-Us
X-Amz-Meta-Cb-Modifiedtime
X-Varnish-Authentication
X-Cache-ASPX
X-Cache-Date
WP-Super-Cache
X-Action
X-RSL
X-RPM
X-RPS
X-DB
X-DW
X-DI
X-DSS
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-StackifyID
X-Sn-Servicetimems
X-Acquia-Application-Trace
X-Cdn-Origin
X-Acquia-Site
Xet-Cookie
X-Snapshot-Date
X-ElasticPress-Search
X-Dw-Trace-Id
Warning
ServerName
X-CUA
X-FTR-Expires
X-Pf-Uncompressing
X-Yottaa-OS
X-Webstats-RespID
X-Fastly-Cache-Hits
X-SB
X-LiteSpeed-Cache-Control
Ohc-Response-Time
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Access-Object
SR-User-Adfree
Content-Script-Type
Content-Style-Type
X-FPC
X-Apw-Hits
X-Core-Mission
CloudFront-Viewer-Country
X-RAMCache
X-CCDN-Origin-Time
X-C
X-TH-Server
X-MiniProfiler-Ids
X-Tt-Logid
X-Mg-Request-Id
X-Hcs-Proxy-Type
X-Cache-Status-Check
X-Region-Sid
X-CCDN-CacheTTL
Instruction