Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Request-ID
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
Request-Context
X-Robots-Tag
Server-Timing
X-Ws-Request-Id
X-AH-Environment
X-Server
X-Ua-Compatible
X-Age
X-Hacker
X-Turbo-Charged-By
X-Server-Powered-By
X-Proxy-Cache
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-Vhost
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-WebKit-CSP
X-Response-Time
X-Readtime
Accept-CH
X-Akam-SW-Version
Xkey
X-HW
X-Country
X-Webkit-CSP
X-Ac
Content-Location
X-Application-Context
X-Language
Accept-Ch-Lifetime
X-Template
X-Cloud-Trace-Context
MS-Author-Via
Rating
X-Cache-Lookup
X-Url
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-B3-TraceId
Edge-Control
X-Vname
X-PC
X-TtlSet
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Varnish-TTL
X-Trace
X-GitHub-Request-Id
Accept-CH-Lifetime
Fastly-Restarts
X-Content-Type
X-ASPNET-VERSION
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-D2id
Arr-Disable-Session-Affinity
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Country-Code
Verso
X-Goog-Hash
X-VARITI-CCR
Accept-Ch
X-Server-Name
X-Cached
X-Vcap-Request-Id
X-Navigation-Version
X-FastCGI-Cache
X-Powered-By-Plesk
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
X-Buckets
Service-Worker-Allowed
X-Fastly-Request-ID
X-ORACLE-DMS-ECID
RTSS
X-Middleton-Response
Response
Display
Pagespeed
X-Middleton-Display
X-Sol
Access-Control-Request-Method
X-Cache-TTL
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-Ttl
X-NF-Request-ID
X-Dw-Request-Base-Id
Public-Key-Pins
X-Upstream
X-Ruxit-Js-Agent
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
X-Edge
X-LLID
X-Kinsta-Cache
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Px
X-TTL
Realpath
X-Oneagent-Js-Injection
SPRequestDuration
SPIisLatency
X-Accel-Expires
X-SharePointHealthScore
SPRequestGuid
X-ECACHE
X-HP-Webp
X-Jurisdiction
X-Edge-Location-Klb
X-T
X-MCACHE
X-Forwarded-Proto
X-Mid
X-PressLabs-Stats
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Release
Charset
X-Correlation-Id
X-Shield-Request-Id
X-Recruiting
Edge-Cache-Tag
X-DynaTrace
TP-Cache
TP-L2-Cache
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Pinterest-Rid
X-Instrumentation
Pinterest-Generated-By
Pinterest-Version
X-Ezoic-Cdn
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Id
X-Content-Digest
Filters
X-Request-Received
X-Request-Processing-Time
Cache-Tags
X-Logged-In
Server-Node
Alternate-Protocol
Nginx-Cache
Front-End-Https
X-ORACLE-DMS-RID
Content-MD5
X-Cache-Key
X-Forwarded-For
Server-Name
TCN
X-Litespeed-Cache
X-Origin-Upstream-Status
Fusion-Deployment-Id
Fusion-Source
Fusion-Component-Id
X-Amzn-Trace-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-Grace
X-Origin-Server
X-WebKit-CSP-Report-Only
X-Contextid
X-Hostname
X-Geo-Country
X-Rid
X-F-Cache
X-Amz-Replication-Status
X-Goog-Generation
X-Goog-Storage-Class
X-Activity-Id
X-Goog-Stored-Content-Length
X-Az
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-AppVersion
X-GUploader-UploadID
Host
Cleartype
X-RateLimit-Remaining
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-XRDS-Location
X-HS-Combine-CSS
X-Protected-By
X-Server-ID
X-Www-Served-By
AR-Request-ID
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-ATIME
X-Frontend
X-Fastcgi-Cache
X-XRDS-LOCATION
Section-Io-Cache
X-Debug-Info
X-LB-Cache
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
MicrosoftSharePointTeamServices
X-Ser
X-Aspnetmvc-Version
X-Git-Hash
X-Page-Id
X-Cache-Age
Accept-Charset
X-Varnish-Age
X-Upgrade-Enabled
X-NWS-LOG-UUID
X-Respond-Thread
X-Hits
Nel
X-VCache
ServerID
X-DIS-Request-ID
X-Microsite
X-Source
X-Request-Handler-Origin-Region
X-Mobile-URL
Paypal-Debug-Id
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Varnish-Backend
X-Content-Options
X-Varnish-Grace
X-Signature
X-B-Cache
X-CACHE-GROUP
Access-Control-Allow-Method
Healthy
X-Aspnet-Duration-Ms
X-Cache-Action
X-FB-Debug
X-Flags
X-Is-Crawler
X-Providence-Cookie
Payment
X-Kong-Upstream-Latency
X-Route-Name
X-Kong-Proxy-Latency
X-Request-Guid
X-B3-Sampled
Viewport
X-TT
X-Whom
X-Daa-Tunnel
X-N
Node
X-AOL-HN
X-App-Environment
X-Seen-By
X-Type
Version
X-Load-Cache
Fastcgi-Useragent
MS-CV
X-Mobile
DC
DynaTrace
X-Cache-Expired-At
X-Webkit-Csp
X-Ab
X-Yandex-Sdch-Disable
Filterid
X-HTML-Minification-Powered-By
X-Distributor
X-IPLB-Instance
SRV
X-Cache-Control
Retry-After
X-Response-Served-From
X-Original-Request-Id
X-Real-IP
X-UUID
X-FireWall-Port
X-Instance
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Proxy-Cache-Status
X-Tumblr-Pixel-1
Frame-Options
NGB
X-Varnish-Server
X-Tumblr-User
X-IPS-LoggedIn
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Jobs
X-Debug-IsConnected
X-Content-Powered-By
Access-Control-Request-Headers
Ms-Operation-Id
X-Debug-IsPreview
X-User-Agent
X-RemovedCookies
X-Region
X-ProcessESI
X-Cluster-Name
X-RTag
X-Device-Type
X-Debug
X-Page-View
X-Accel-Buffering
X-B
X-Cacheable-TTL
X-Cache-Time
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Adobe-Loc
X-Adobe-Content
Uber-Trace-Id
X-Proxy
X-Framework
Cache
Refresh
X-G
X-Wix-Request-Id
X-FW-Dynamic
X-FW-Type
X-FW-Hash
X-FW-Static
X-FW-Server
X-FW-Serve
X-Zen-Fury
Countrycode
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-RateLimit-Limit
Section-Io-Origin-Status
X-Time
X-Vgn-Hpd-Reason
Cache-Status
X-Oracle-Dms-Rid
X-Cache-Hit
X-TA-CDN-Provider
Surrogate-Key
X-Nginx-Cache
X-NGENIX-Cache
X-App-Version
Country
X-Rendered-As
X-Is-Bot
X-Mg-Request-UUID
X-Drupal-Cache-Tags
X-Azure-Ref
Eomportal-Instance
X-EdgeConnect-Cache-Status
S-Cnection
X-App-Server
X-Cache-Rule
X-CDN-Forward
X-Ms-Version
X-Ms-Request-Id
SD-X-WS
X-Drupal-Cache-Contexts
X-Node-Name
Referer-Policy
Liferay-Portal
AMP-Access-Control-Allow-Source-Origin
X-Tumblr-Pixel-2
From-Origin
X-ES-SERVER
Meta-Geo
X-JoinUs
X-L-Path
Selected-Fe
X-Timing-Wait
X-Proxy-Build
X-Environment-Context
X-UPSTREAM-Address
X-SaId
X-Cache-Operation
X-Varnishpool
X-RN-RSRV
X-Cache-TTL-Remaining
X-Sorting-Hat-ShopId
X-Loop
X-GG-Cache-Date
X-Alternate-Cache-Key
X-S-Maxage
X-Handled-By
X-PHP-Backend
X-Backend-Host
Azure-SiteName
Azure-RegionName
X-ShardId
CF-IPCountry
Azure-Version
Azure-SlotName
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Cache-Server
X-Yottaa-Optimizations
X-Storefront-Renderer-Rendered
X-TNCMS
X-Varnish-Hostname
X-ShopId
X-Request-Time
X-Rule
X-Endurance-Cache-Level
Protected
Azure-InstanceId
X-Pubstack
ServedBy
X-Yottaa-Metrics
X-Xfnlog-Site
X-R9-Blue-Green-Version
X-Human
Akamai-GRN
TWC-Connection-Speed
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-BYPASS-REASON
X-AWS-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
Country-Code
Cache-Tv-Group
Fastly-SSL
Property-Id
TWC-GeoIP-Country
TWC-Device-Class
Cache-Name
X-Origin-Hint
X-PCL
X-OCL
X-NYM-Debug-Backend
X-Be
X-ProxyCache-Key
X-Server-W
X-ProxyCache-Status
X-No-Session
X-Proto
X-LJ-Flow-ID
X-VWS-Id
X-Via-Fastly
X-LAGOON
X-Section
X-Varnish-Beresp-Grace
X-Adobe-Source
X-SayCDN-TTL
X-Say-TTL
X-RCS-CacheZone
X-Status
X-Say-Cacheable
Xserver
Decoy-Debug-Status
X-Cache-PHP
X-Access
X-Origin-Date
Decoy-Debug-TTL
X-Hl-Ver
Apigw-Requestid
X-Backend-Name
Decoy-Debug-Key
X-Format
X-Akamai-Edgescape
X-UA-Device-Type
Mn-Server-Ip
X-Hyper-Cache
X-FB-TRIP-ID
X-PHP-Host
X-Labrador-Cache-Channel
X-Sql-Duration-Ms
X-Sql-Count
X-Hosted-By
X-ApacheServer
X-PERF
X-Uri
X-Cached-By
X-Redis-Cache
X-Trace-Id
X-Ua-Device
X-Web-Node
X-MP-GENERATED-AT
X-WA-Info
X-Revision
Amp-Access-Control-Allow-Source-Origin
X-ATG-Version
X-Dc
X-Content-Age
X-FW-Version
X-B3-SpanId
X-Cache-Type
X-CSRF-Token
X-Soup
X-ServerID
X-Time-Microsecs
X-Cache-Enabled
X-Edge-Location
X-Tumblr-Pixel-3
X-Mode
Backend
X-SRV
X-Info
X-Datadome
X-Bc-Bl
X-Aws-Lambda-Call-Status
X-CS
X-Microcachable
X-APP-VERSION
X-TT-LOGID
Who
X-Varnish-Beresp-Status
X-Detected-As
X-Akamai-Transformed
X-Varnish-Cache-Hits
X-Azure-Ref-OriginShield
X-Cache-NGX
X-Cache-Host
X-Debug-Cache
X-Platform
X-Proxied
X-Zipkin-Id
Web-Mar-Node
X-Storage
X-Routing-Service
X-Generation-Time
X-Amzn-RequestId
OT-Force-Account-Verify
X-Amz-Apigw-Id
X-CACHE-KEY
X-Cluster-Node
X-Varnish-Hits
X-Amzn-Remapped-Content-Length
X-Parallel-Accel
Count-Hit
GEO-INFO
X-Via-JSL
Cross-Origin-Opener-Policy
DataCenter
X-B3-Traceid
X-Extlb
X-Unique-ID
X-Varnish-Beresp-Ttl
Server-Info
X-Origin-CC
X-Origin-TTL
Apple-News-Services-Parsed-Url
X-Magnolia-Registration
Content-Disposition
Apple-News-Services-Host
Host-ID
X-Level-Front-Cache
X-Cms-Context
X-Air-Trace-Id
X-Air-Hostname
X-CF-Lambda-Fn
X-NAPM-TraceId
M-TraceId
X-Servername
X-CF-Lambda-Version
CDN-Uid
X-Developer
CDN-RequestId
X-Location
X-Connection-Hash
X-Air-Source
CDN-PullZone
X-Cache-NE
X-From
DCR-Processing-Time-Ms
DCR-Decision-By
Cache-Host
Expiry
X-D
X-Epic-Correlation-Id
A
Apple-News-Services-Handled
Fastcgi-X-Cache-Version
Fastly-Backend-Name
Apple-News-Services-Request-Url
X-External-Request-Id
X-Destination
X-Core-Value
CDN-EdgeStorageId
CDN-CachedAt
CDCHOST
CDN-Cache
X-Generated-On
BehaviorPad-Version
CDN-RequestCountryCode
X-PBS-Appsvrname
X-Sucuri-ID
X-SRCache-Key
X-Application
X-Aed
Rendered-Blocks
X-Thanos
Req-Svc-Chain
X-Session-Fingerprint
X-DataDome
X-S-Cookie
X-S
MD5-Digest
X-ScT
X-Service
X-ARC
X-A-Wwc
X-A-Dgt
State
X-VG-WebServer
X-VG-WebCache
Surrogated-Key
X-Vtex-Processado-Em
T-Server
X-Vtex-Remote-Cache
X-A
X-Vdms-Version
X-A-Dcw
X-Varnish-Url
X-A-Dam
X-Locale
X-Vdms-Path
X-A-Ccd
X-Rojux
X-B-Cookie
X-Proxy-Upstream
X-Bip
X-BCube-Filmed-By
X-Processor
Mobile-Detection-Method
X-PAYTM-SRV-ID
Meta-Geo-Continent
X-Cache-Bucket
Odigeo-Trace-Id
X-Ratelimit-Reset
X-Request-URI
X-Rewrite-Enabled
X-Tb
X-TEC-API-ROOT
X-TEC-API-VERSION
X-AIR-PT
X-TEC-API-ORIGIN
Upgrade-Insecure-Requests
Kp-EeAlive
Fastly-SWR
L
X-Developers
Memcached
Cmstype
X-Cache-Debug
Fastly-Drupal-HTML
Fastly-SIE
Location
X-Branch-Name
X-Backend-State
Esi-Enabled
Origin
Pics-Label
Fastcgi-Cache-TTL
Gh-Request-Id
Path
PFcat
Pagetype
Server-Host
X-Date
X-Accel-Expires-Debug
X-Clientip
X-Is-Gdpr
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Req
X-Request-UUID
X-Varnish-Ttl
X-Platform-Server
X-NU-AKA-ACS-Version
X-Origin
Cmsid
X-Rocket-Build-Number
X-Served-From
X-VarnishDD-TTL
X-Aicache-OS
X-VG-TLSProxy
X-Var-Ttl
X-TrackingId
X-Sigma
X-Sigma-Backend
X-Minions-Version
UCS
X-VHOST
X-Envoy-Decorator-Operation
CacheControlHeader
X-HN
X-Has-Esi
X-GoCache-CacheStatus
X-Gamma-Serve
X-Geo-Header
X-JWT-State
X-Hash
SID
X-Cluster
X-EC-Lua
User-Cache-Control
X-Fastly-Cache
Wxu-Next-Commit
X-SVT-ORM-VERSION
X-Fastly-Backend
We-Hiring
X-Thinkindot-L3
Vix-Hermes-Req-Id
X-SVT-ORM-RULES
Wxu-Next-Hostname
X-DPWN-IS-SECURE
X-Viewer-Country
X-Device-Os
X-VC-Cache
Wxu-Next-Region
X-WADP-Cache
X-Variation
X-Fmm-Version
X-Eu-Site
X-Request-Host
X-Loc
X-Men
X-Micro-Cache
X-Cache-Tags
X-LI-UUID
X-CGP
X-Li-Fabric
X-Li-Pop
X-Clara-WADP
X-Origin-Expires
X-Cache-Info
X-RateLimit-Remaining-Second
X-Generated-In
X-Generated-By
X-Scheme
X-RateLimit-Limit-Second
X-Policy
X-Cache-Grace
X-Owner
X-Csrf-Jwt
X-Forwarded-Site
True-Client-Country-4JS
X-Amz-Meta-S3cmd-Attrs
Mail-Subject
L5d-Success-Class
My-App
NGX
PB-RID
PB-PID
NM-Fastcgi-Cache
HA-Ipaddr
Ha-Gx-Prefs
AKAMAI
Adler-Geo
Source
Arc-Version
C-Via
Ec-Rule-Version
DSUID
Cf-Device-Type
Platform
Is-Eu
Thinkindot-Control
Thinkindot-CacheControl-Type
TDXMobile
X-Site-Version
Thinkindot-CacheControl
Geo-Info
X-Pass-Why
X-TX-ID
X-Slack-Backend
Cache-Key
X-Esi-Check
X-Hnp-Log
VNS-Age
CPC-Cache
CPC-Age
X-HS-Content-Campaign-Id
V-Age
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gzip
X-Varnish-Remaining-TTL
X-Gen-Mode
X-GeoIP
X-GeoIP-City
X-Wikidot-Static-Cache
X-Varnish-CookieINHashed-On
X-FC-Vary-Parameters
X-Via-NSCOPI
X-Fetched-On
Webserver
X-Qloud-Router
X-Forwarded-Host
Arc-Country
X-DefElseHash
X-VServer
X-Old-Content-Length
X-DefHash
X-Cache-Id
X-User
X-Block-Status
Sever-Int
X-Nginx-Cache-Key
Server-Ext
Server-Hostname
X-Mvc-Supplant-Cachable
X-Varnish-CookieHashed-On
Svr
X-Irp-Debug
VNS-Cache
Release
Locid
X-SIPLIST1
IsBot
X-Wikidot-Backend
S-Rt
X-Ua
X-NWS-UUID-VERIFY
NtCoent-Length
X-Unique-Id
X-Skip-Cache
X-Forwarded-Path
X-Orig-Expires
X-PF-Uncompressing
X-Shop-Environment
X-Tenant
Cache-Hits
X-Planisys-CDN-TTL
Powered-By-ChinaCache
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Url
Cross-Origin-Window-Policy
X-Ratelimit-Limit
X-Via-Popv
MIME-Version
X-Mvc-Supplant-OutputCached
X-Via-Popn
X-Refresh
X-Via-Poph
X-Ftr-Request-Id
X-HP-Trace-Id
X-OVcl-Cache
X-PJAX-URL
X-OVcl
Content-Secure-Policy
X-Zone
X-Vc
X-Cache-Ttl
XServer
Cf-Bgj
X-Internal-Host
X-Conf
X-TraceId
X-NC
DB-Nickname
Tcn
X-ID
X-Backend-TTL
X-Srv
Time
Magicmarker
X-BBC-Edge-Cache-Status
Memory
X-GEO
X-LB-ID
WebServer
X-Geo
X-Ckpd-Fst-Backend
X-ZONE
X-Worker
Server-ID
X-Servedbyhost
X-Ratelimit-Remaining
X-Auto-Login
X-Method
X-Dispatcher-Server
X-TIME
GeoIp-Country-Code
X-NCache
Geoip-Latitude
HostName
X-LSADC-Cache
X-V-Cache
X-NewRelic-App-Data
X-Rocket-Nginx-Serving-Static
X-IP
X-DC
Hostname
X-Render-Time
Ssr
X-Traceid
X-Platform-Router
X-Qnm-Cache
X-Wa
X-M-Log
X-CLOUD-TRACE-CONTEXT
X-M-Reqid
X-Platform-Cluster
X-Tb-Optimization-Total-Bytes-Saved
X-Platform-Processor
X-Tx-Id
X-Li-Proto
X-App
Resin-Trace
LB
X-Newrelic-Synthetics
X-SD-PageType
X-Cache-Remote
X-Correlation-ID
Environment
X-Nc
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Trv-Group
X-Datadog-Trace-Id
Ohc-File-Size
X-Nyt-Route
X-Gdpr
X-NodeID
X-BBC-Origin-Response-Status
X-Vcl-Version
X-Origin-Time
X-CACHE-AGE
X-VCL-Version
X-Via-CDN
X-Dynatrace
X-MSEdge-Features
X-MSEdge-Flight
X-Node-Id
X-API-Version
X-Cache-Config
X-Origin-Response-Time
X-HITS
X-APP
X-Server-IP
Cluster
X-Pod-Name
X-Via-Ucdn
Env
Datacenter
X-ServerName
Cf-Ipcountry
X-ElasticPress-Query
Candidate-Md5Url
X-Reqid
X-Varnish-Beresp-TTL
X-LI-Proto
X-Edge-Pop
X-DynaTrace-JS-Agent
X-FTR-Request-ID
X-ND-Cache
X-Wix-Viewer-Type
Sid
X-WA
CF-Cached-On
X-Cache-Var
X-Akamai-Pragma-Client-IP
X-Cache-Var-Map
X-HostName
VivaBuild
Web-Mar-Region
Rt-Fastcgi-Cache
Viewtype
N-Cache
X-HS-Status
Machine
X-Cdn-Forward
X-Dynatrace-Js-Agent
CDN
X-Cs
Server-Id
GeoIP-Latitude
GeoIP-Country-Code
Proxy-Connection
X-ServedByHost
On-Server
X-NGINX-Cache
FSS-Cache
Servername
X-Webkit-CSP-Report-Only
X-Lb-Id
X-VC
X-Pjax-Url
X-Check-Cacheable
Cdn
X-Swa-Ws
Onion-Location
X-Fastly-Backend-Reqs
WWW-Authenticate
X-EIG-Tracking-Id
WZWS-RAY
X-Varnish-Cacheable
X-URL
X-CSRF-TOKEN
X-Esi
Ohc-Cache-HIT
X-Xrds-Location
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Cache-Backend
X-Country-Code-Real
X-Oss-Hash-Crc64ecma
X-FTR-Realm
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-FTR-DC
X-FTR-Cache-Status
X-Fastly-Request-Id
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
Xc-Version
X-Oss-Request-Id
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-CCM
X-SN
URI
X-Swift-Error
X-Fpc
Tracecode
CountryCode
Mime-Version
Cteonnt-Length
X-Webkit-Csp-Report-Only
X-CUA
X-Pf-Uncompressing
CACHE
X-FORWARDED-FOR
X-Air-Pt
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cache-ASPX
Server-Ttl
X-Tid
X-TIM-N
Redirect-Candidate
X-SB
X-Fastly-Cache-Hits
X-Request-Start
Instruction
Ohc-Response-Time
X-StackifyID
X-DI
X-Snapshot-Date
X-Action
Shield-Pop
X-FTR-Expires
X-DB
X-LiteSpeed-Cache-Control
X-DSS
X-DW
Warning
X-RPM
X-ElasticPress-Search
X-Up
X-Dw-Trace-Id
X-Region-Sid
WP-Super-Cache
X-Webstats-RespID
SR-User-Adfree
Xet-Cookie
X-RSL
X-RPS
X-Yottaa-OS
Is-Us
X-Amz-Meta-Cb-Modifiedtime
X-Edge-POP
X-Cache-Date
X-Depends-On
X-CCDN-CacheTTL
X-MiniProfiler-Ids
X-Cache-Status-Check
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-TH-Server
X-C
X-Mg-Request-Id
X-Apw-Hits
X-Apw-Access-Token
X-Pad
X-Tt-Logid
ServerName
X-Cache-Expires
X-UnsetCookies
X-Apw-Access-Object
X-Apw-Access-Action
Vha6-Origin