Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
X-XSS-Protection
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-Request-ID
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
Request-Context
X-Robots-Tag
Server-Timing
X-Ws-Request-Id
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Ua-Compatible
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
Cf-Railgun
X-Amz-Version-Id
NEL
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
X-Server-Id
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH
X-Readtime
X-Response-Time
X-Akam-SW-Version
X-Webkit-CSP
X-WebKit-CSP
Xkey
X-HW
X-Country
Accept-Ch-Lifetime
X-Ac
Content-Location
X-Application-Context
X-Language
MS-Author-Via
X-Cloud-Trace-Context
X-Template
Rating
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Url
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-Vname
X-PC
X-TtlSet
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-Cnection
X-Origin-Cache
Accept-CH-Lifetime
X-Rack-Cache
X-ASPNET-VERSION
X-D2id
X-Country-Code
X-Exp-Id
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-Use-Magma
Verso
Arr-Disable-Session-Affinity
X-VARITI-CCR
X-Goog-Hash
Accept-Ch
X-Server-Name
X-FastCGI-Cache
X-Vcap-Request-Id
X-Cached
X-Navigation-Version
Cache-Tag
X-Buckets
X-Powered-By-Plesk
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-ORACLE-DMS-ECID
X-Fastly-Request-ID
RTSS
X-Cache-TTL
X-Sol
X-Middleton-Response
Pagespeed
Response
Display
X-Middleton-Display
X-Ttl
Access-Control-Request-Method
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-NF-Request-ID
X-Dw-Request-Base-Id
Public-Key-Pins
X-Upstream
X-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge
S
X-Px
X-Kinsta-Cache
X-LLID
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Edge-Location-Klb
Realpath
X-Accel-Expires
X-TTL
SPRequestDuration
SPIisLatency
X-ECACHE
X-SharePointHealthScore
X-Ruxit-Js-Agent
SPRequestGuid
X-HP-Webp
X-Oneagent-Js-Injection
X-T
X-Jurisdiction
X-Server-ID
X-MCACHE
X-Mid
X-PressLabs-Stats
X-Forwarded-Proto
X-Content-Security-Policy-Report-Only
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Shield-Request-Id
X-Correlation-Id
X-DynaTrace
X-Recruiting
Charset
Edge-Cache-Tag
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Fastcgi-Cache
TP-L2-Cache
TP-Cache
X-Amz-Server-Side-Encryption
X-Mg-S
X-Release
X-Ezoic-Cdn
X-Id
X-Content-Digest
X-Cache-Key
X-ORACLE-DMS-RID
X-Request-Processing-Time
X-Request-Received
Filters
Nginx-Cache
X-Logged-In
Server-Node
Alternate-Protocol
Front-End-Https
Cache-Tags
TCN
Content-MD5
X-Forwarded-For
X-Origin-Upstream-Status
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
X-Amzn-Trace-Id
Server-Name
X-XRDS-Location
X-Litespeed-Cache
X-Origin-Server
X-Grace
X-Hostname
X-Geo-Country
X-RateLimit-Remaining
X-Rid
X-Contextid
X-Amz-Replication-Status
X-Protected-By
X-F-Cache
Host
X-Activity-Id
X-AppVersion
X-Az
Cleartype
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Www-Served-By
X-Goog-Metageneration
X-WebKit-CSP-Report-Only
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Debug-Info
Section-Io-Cache
X-Frontend
X-LB-Cache
MicrosoftSharePointTeamServices
X-Fastcgi-Cache
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-XRDS-LOCATION
X-Erf-Bev-Bev
X-NWS-LOG-UUID
X-Ser
X-Page-Id
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Git-Hash
AR-Request-ID
Ar-Sid
AR-PoweredBy
X-Cache-Age
AR-CACHE
AR-ATIME
X-Respond-Thread
X-Aspnetmvc-Version
X-VCache
X-Varnish-Age
X-Source
Accept-Charset
X-Upgrade-Enabled
X-Content-Options
X-Hits
X-DIS-Request-ID
ServerID
Paypal-Debug-Id
X-Daa-Tunnel
X-Mobile-URL
X-Varnish-Backend
Access-Control-Allow-Method
X-Signature
X-B-Cache
X-Kong-Upstream-Latency
X-Varnish-Grace
X-Kong-Proxy-Latency
X-B3-Sampled
Viewport
X-Route-Name
Payment
X-Request-Guid
X-Providence-Cookie
X-Cache-Action
Healthy
X-FB-Debug
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Whom
X-TT
Node
X-AOL-HN
X-CACHE-GROUP
X-App-Environment
X-N
Version
X-Seen-By
X-Request-Handler-Origin-Region
X-Microsite
X-Type
Fastcgi-Useragent
X-Load-Cache
X-Mobile
DC
DynaTrace
MS-CV
X-Yandex-Sdch-Disable
X-Cache-Expired-At
X-HTML-Minification-Powered-By
X-Distributor
Filterid
SRV
Retry-After
X-Ab
X-Cache-Control
X-Webkit-Csp
X-Tt-Trace-Tag
X-IPLB-Instance
X-Tt-Trace-Host
Frame-Options
X-Original-Request-Id
X-User-Agent
X-Response-Served-From
X-UUID
X-Instance
X-Real-IP
X-ProcessESI
X-IPS-LoggedIn
X-RemovedCookies
X-Tumblr-Pixel-1
X-Varnish-Server
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
Access-Control-Request-Headers
X-Region
X-Adobe-Content
X-RTag
X-Proxy-Cache-Status
X-Jobs
X-Content-Powered-By
X-Debug-IsConnected
X-Device-Type
Ms-Operation-Id
X-Adobe-Loc
X-Debug-IsPreview
X-Proxy
X-Cluster-Name
VIX-Pulpo-Upstream-Status
X-B
X-Cache-Time
Refresh
NGB
Uber-Trace-Id
X-Page-View
VIX-Pulpo-Node
X-Cacheable-TTL
X-Framework
Nel
X-G
X-Debug
X-FireWall-Port
X-Accel-Buffering
X-RateLimit-Limit
Cache
X-FW-Serve
X-FW-Server
X-FW-Dynamic
X-FW-Type
X-FW-Hash
X-FW-Static
X-Zen-Fury
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-App-Version
Section-Origin-Responded
X-Wix-Request-Id
Countrycode
X-Time
X-Vgn-Hpd-Reason
X-NGENIX-Cache
Cache-Status
X-Nginx-Cache
X-Azure-Ref
X-Oracle-Dms-Rid
X-Mg-Request-UUID
Surrogate-Key
X-CDN-Forward
X-Cache-Hit
X-Drupal-Cache-Tags
X-Is-Bot
Country
X-Rendered-As
X-Ms-Request-Id
X-App-Server
X-Ms-Version
S-Cnection
X-Cache-Rule
X-Node-Name
X-EdgeConnect-Cache-Status
X-TA-CDN-Provider
Eomportal-Instance
Referer-Policy
SD-X-WS
Liferay-Portal
X-Environment-Context
X-L-Path
X-Drupal-Cache-Contexts
X-UPSTREAM-Address
Selected-Fe
From-Origin
X-JoinUs
X-Proxy-Build
X-Cache-Operation
X-SaId
CF-IPCountry
X-Timing-Wait
X-ES-SERVER
X-Tumblr-Pixel-2
X-RN-RSRV
X-Varnishpool
Meta-Geo
X-PHP-Backend
X-ShopId
X-ShardId
Protected
X-Request-Time
X-R9-Blue-Green-Version
X-Pubstack
X-S-Maxage
X-No-Session
X-Loop
X-Xfnlog-Site
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-TNCMS
X-Cache-TTL-Remaining
X-Varnish-Hostname
X-Via-Fastly
X-Endurance-Cache-Level
X-GG-Cache-Date
X-Sorting-Hat-ShopId
ServedBy
X-Sorting-Hat-PodId
X-Backend-Host
X-Storefront-Renderer-Rendered
X-Cache-Server
X-Handled-By
X-Shopify-Stage
X-Alternate-Cache-Key
AMP-Access-Control-Allow-Source-Origin
Property-Id
X-Proto
Fastly-SSL
X-Server-W
X-Origin-Hint
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-PCL
X-ProxyCache-Key
Azure-Version
Cache-Name
Cache-Tv-Group
Azure-SlotName
Azure-SiteName
X-ProxyCache-Status
Azure-InstanceId
Azure-RegionName
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
X-Varnish-Beresp-Grace
X-Adobe-Source
X-NYM-Debug-Backend
X-LJ-Flow-ID
X-BYPASS-REASON
X-AWS-Id
X-LAGOON
X-Human
Webcakes-App-Version
Webcakes-App-Name
X-VWS-Id
Webcakes-Region
X-OCL
X-Be
X-Format
X-Hl-Ver
Decoy-Debug-TTL
X-Origin-Date
X-RCS-CacheZone
Xserver
X-Access
X-Backend-Name
Decoy-Debug-Key
Country-Code
Decoy-Debug-Status
Apigw-Requestid
X-SayCDN-TTL
X-Section
X-Say-Cacheable
X-Say-TTL
Akamai-GRN
X-Sql-Duration-Ms
Amp-Access-Control-Allow-Source-Origin
X-Labrador-Cache-Channel
X-Status
X-FB-TRIP-ID
X-ApacheServer
X-UA-Device-Type
X-Akamai-Edgescape
X-Sql-Count
Mn-Server-Ip
X-PERF
X-Rule
X-PHP-Host
X-Hosted-By
X-Hyper-Cache
X-Cache-PHP
X-Uri
X-Revision
X-Redis-Cache
X-Web-Node
X-B3-SpanId
X-Trace-Id
X-MP-GENERATED-AT
X-ATG-Version
X-WA-Info
X-FW-Version
X-Ua-Device
X-Cache-Type
X-Dc
X-Content-Age
X-CSRF-Token
X-Aws-Lambda-Call-Status
X-ServerID
X-Time-Microsecs
X-TT-LOGID
X-Cached-By
X-Tumblr-Pixel-3
X-Datadome
X-Soup
X-Cache-Enabled
Backend
X-Akamai-Transformed
X-Edge-Location
X-Parallel-Accel
X-Mode
X-CS
X-Detected-As
X-Varnish-Cache-Hits
X-Azure-Ref-OriginShield
X-Microcachable
X-Info
X-Bc-Bl
Count-Hit
OT-Force-Account-Verify
X-Varnish-Beresp-Status
X-Cluster-Node
X-Cache-Host
X-Unique-ID
X-Generation-Time
Web-Mar-Node
X-Varnish-Hits
X-Cache-NGX
Cross-Origin-Opener-Policy
X-Debug-Cache
X-SRV
GEO-INFO
X-Platform
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Storage
DataCenter
X-Amzn-RequestId
X-Varnish-Beresp-Ttl
Who
X-APP-VERSION
X-Extlb
X-HP-Trace-Id
X-Origin-TTL
X-Locale
X-B3-Traceid
Server-Info
X-Origin-CC
X-Servername
SID
X-Thanos
DCR-Decision-By
DCR-Processing-Time-Ms
Expiry
X-Session-Fingerprint
MD5-Digest
X-Service
M-TraceId
Host-ID
Fastcgi-X-Cache-Version
X-SRCache-Key
CDN-Cache
X-Vdms-Version
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
A
X-VG-WebCache
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-VG-WebServer
Apple-News-Services-Request-Url
BehaviorPad-Version
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
CDN-EdgeStorageId
X-Vdms-Path
Cache-Host
CDCHOST
CDN-CachedAt
Content-Disposition
X-S-Cookie
X-Level-Front-Cache
X-BCube-Filmed-By
X-Geo-Header
X-Bip
X-Generated-On
X-Location
X-B-Cookie
X-Application
X-PAYTM-SRV-ID
X-NAPM-TraceId
X-ARC
X-From
X-External-Request-Id
X-CF-Lambda-Fn
X-Core-Value
X-Connection-Hash
X-CF-Lambda-Version
X-D
X-Destination
X-Epic-Correlation-Id
X-Cache-Bucket
X-Developer
X-Cache-NE
X-Aicache-OS
X-Aed
X-Cms-Context
Surrogated-Key
T-Server
X-S
State
Req-Svc-Chain
Mobile-Detection-Method
Odigeo-Trace-Id
X-ScT
Rendered-Blocks
X-Rojux
X-Rewrite-Enabled
X-A-Wwc
X-Ratelimit-Reset
X-Processor
X-PBS-Appsvrname
X-A-Dgt
X-A-Dcw
X-Request-URI
X-A
X-A-Ccd
X-A-Dam
Meta-Geo-Continent
Fastly-Backend-Name
X-Air-Trace-Id
X-Via-JSL
X-Magnolia-Registration
X-Air-Hostname
X-Air-Source
X-EC-Lua
Upgrade-Insecure-Requests
X-DataDome
Esi-Enabled
X-Origin
X-VG-TLSProxy
X-Is-Gdpr
X-JWT-State
Origin
X-Request-UUID
Cmsid
Cmstype
X-Rebelmouse-Surrogate-Control
X-NU-AKA-ACS-Version
X-Gamma-Serve
Fastly-Drupal-HTML
X-Hash
L
Kp-EeAlive
X-HN
Location
UCS
X-VarnishDD-TTL
X-Platform-Server
X-Has-Esi
Fastly-SWR
Fastly-SIE
X-Rebelmouse-Cache-Control
X-GoCache-CacheStatus
X-Proxy-Upstream
Memcached
Gh-Request-Id
Fastcgi-Cache-TTL
Pagetype
X-Developers
X-Cache-Grace
PFcat
AKAMAI
X-Sigma
Pics-Label
Server-Host
X-TrackingId
X-Var-Ttl
Source
X-Clientip
X-Sucuri-ID
X-Cache-Debug
X-Sigma-Backend
Path
X-NWS-UUID-VERIFY
X-Served-From
CacheControlHeader
X-Scheme
X-Backend-State
X-Branch-Name
X-AIR-PT
X-Envoy-Decorator-Operation
X-Rocket-Build-Number
X-CACHE-KEY
X-Tb
S-Rt
User-Cache-Control
X-Ua
X-Site-Version
X-Men
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-Control
X-Li-Pop
X-LI-UUID
Svr
Thinkindot-CacheControl
X-Li-Fabric
X-Loc
X-Accel-Expires-Debug
X-Cache-Info
X-DPWN-IS-SECURE
X-Eu-Site
X-Fastly-Backend
X-Device-Os
X-Cache-Tags
X-Date
X-Cluster
X-Clara-WADP
X-CGP
X-Fastly-Cache
X-Fmm-Version
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Vix-Hermes-Req-Id
X-Generated-In
X-Generated-By
X-Forwarded-Site
X-WADP-Cache
X-Micro-Cache
True-Client-Country-4JS
X-Origin-Expires
Adler-Geo
Arc-Country
X-Minions-Version
X-Forwarded-Host
Ha-Gx-Prefs
Is-Eu
HA-Ipaddr
Ec-Rule-Version
DSUID
C-Via
Cf-Device-Type
X-Amz-Meta-S3cmd-Attrs
X-Request-Host
X-Varnish-Url
Arc-Version
X-Req
L5d-Success-Class
X-Policy
X-VC-Cache
X-Variation
NGX
X-Varnish-Ttl
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
NM-Fastcgi-Cache
PB-PID
X-Owner
X-VHOST
X-Thinkindot-L3
Platform
PB-RID
X-Csrf-Jwt
NtCoent-Length
Cross-Origin-Window-Policy
Url
X-Varnish-CookieHashed-On
X-Slack-Backend
X-Varnish-CookieINHashed-On
X-Esi-Check
X-SIPLIST1
X-DefElseHash
X-Forwarded-Path
X-DefHash
X-Skip-Cache
X-Orig-Expires
X-Tenant
X-Shop-Environment
X-PF-Uncompressing
Content-Secure-Policy
X-Hnp-Log
X-Old-Content-Length
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-Irp-Debug
X-Gzip
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gen-Mode
X-Varnish-Remaining-TTL
X-Fetched-On
X-FC-Vary-Parameters
X-GeoIP
X-RateLimit-Remaining-Second
X-Qloud-Router
X-RateLimit-Limit-Second
X-GeoIP-City
Webserver
X-Block-Status
X-Wikidot-Backend
Locid
X-VServer
X-User
Release
Server-Ext
We-Hiring
V-Age
Sever-Int
Server-Hostname
X-Viewer-Country
Mail-Subject
IsBot
X-Cache-Id
Cache-Key
X-Wikidot-Static-Cache
X-TX-ID
Cache-Hits
X-Zone
X-HS-Content-Campaign-Id
VNS-Age
Geo-Info
VNS-Cache
CPC-Age
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
My-App
CPC-Cache
X-Via-NSCOPI
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Powered-By-ChinaCache
MIME-Version
X-Ftr-Request-Id
X-Vc
X-Mvc-Supplant-OutputCached
X-Via-Poph
X-Via-Popv
X-Srv
X-Via-Popn
X-Pass-Why
X-Refresh
X-PJAX-URL
X-Internal-Host
X-Ratelimit-Limit
X-Conf
X-Cache-Ttl
X-BBC-Edge-Cache-Status
X-Unique-Id
X-GEO
XServer
X-OVcl-Cache
X-TraceId
X-Worker
X-NC
X-Ckpd-Fst-Backend
X-LB-ID
X-OVcl
X-ID
Cf-Bgj
X-NCache
Time
Memory
Server-ID
X-Servedbyhost
X-Auto-Login
X-Geo
WebServer
X-Backend-TTL
X-Ratelimit-Remaining
Magicmarker
X-V-Cache
X-LSADC-Cache
DB-Nickname
HostName
X-NewRelic-App-Data
GeoIp-Country-Code
X-DC
Geoip-Latitude
X-Rocket-Nginx-Serving-Static
X-TIME
X-Render-Time
X-ZONE
X-M-Log
X-Platform-Processor
X-Method
X-Cache-Remote
X-Traceid
X-M-Reqid
X-Qnm-Cache
X-Platform-Cluster
X-Newrelic-Synthetics
X-Platform-Router
X-Dispatcher-Server
Tcn
X-SD-PageType
Hostname
X-Tx-Id
X-Wa
Ssr
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-IP
Resin-Trace
X-CLOUD-TRACE-CONTEXT
Environment
X-Tb-Optimization-Total-Bytes-Saved
X-App
X-Datadog-Parent-Id
X-NodeID
X-Origin-Time
X-Nyt-Route
X-Li-Proto
X-Cache-Config
X-API-Version
X-BBC-Origin-Response-Status
X-Gdpr
X-Correlation-ID
X-Origin-Response-Time
LB
Cluster
X-Nc
X-Pod-Name
X-VCL-Version
X-Via-Ucdn
X-Server-IP
X-Edge-Pop
Ohc-File-Size
X-DynaTrace-JS-Agent
X-MSEdge-Features
X-MSEdge-Flight
X-Vcl-Version
Candidate-Md5Url
X-Dynatrace
X-CACHE-AGE
X-Trv-Group
X-HITS
X-Webkit-CSP-Report-Only
X-Cache-Var
X-Cache-Var-Map
X-ServerName
X-ElasticPress-Query
X-LI-Proto
X-Node-Id
X-APP
X-Via-CDN
Cf-Ipcountry
Web-Mar-Region
N-Cache
X-Varnish-Beresp-TTL
Env
Datacenter
X-Akamai-Pragma-Client-IP
X-WA
X-HS-Status
X-ND-Cache
X-Reqid
X-Wix-Viewer-Type
X-HostName
Proxy-Connection
CF-Cached-On
Sid
Cdn
GeoIP-Country-Code
GeoIP-Latitude
Servername
VivaBuild
Viewtype
Onion-Location
X-FTR-Request-ID
Rt-Fastcgi-Cache
X-Cs
X-Content
X-Ua-Browser
CDN
X-Fastly-Backend-Reqs
Machine
X-AB
X-EIG-Tracking-Id
WWW-Authenticate
X-Varnish-Cacheable
X-Dynatrace-Js-Agent
Server-Id
X-MG-S
X-Cdn-Forward
X-ServedByHost
X-NGINX-Cache
On-Server
FSS-Cache
X-URL
X-Lb-Id
WZWS-RAY
X-Check-Cacheable
X-Esi
Ohc-Cache-HIT
X-CSRF-TOKEN
X-Xrds-Location
X-Via-PopV
Cteonnt-Length
X-Via-PopN
X-Via-PopH
X-TIM-N
X-Tid
X-Request-Start
Redirect-Candidate
X-IN-APIGATEWAYSSL
X-Cache-Backend
X-Fastly-Request-Id
X-Swa-Ws
X-Pjax-Url
X-Fpc
Server-Ttl
X-VC
X-IN-APIGATEWAY
Lb
X-FTR-Balancer
URI
X-FTR-Realm
Shield-Pop
X-FTR-DC
X-Oss-Hash-Crc64ecma
X-FTR-Cache-Status
X-Country-Code-Real
Xc-Version
X-FTR-Backend
X-Oss-Object-Type
X-FTR-Backend-Server
X-Oss-Request-Id
CountryCode
X-Oss-Storage-Class
X-Up
X-SN
Mime-Version
X-Oss-Server-Time
X-Pad
X-Cache-ASPX
X-FORWARDED-FOR
X-CCM
X-Contensis-Viewer-Groups
WP-Super-Cache
X-Air-Pt
CACHE
X-Swift-Error
Vha6-Origin
Pramga
X-Varnish-Authentication
Is-Us
X-Cache-Date
X-Amz-Meta-Cb-Modifiedtime
Tracecode
X-DI
X-DB
X-DSS
X-Action
X-RSL
X-Acquia-Application-UUID
X-StackifyID
X-Acquia-Application-Trace
Xet-Cookie
X-Acquia-Purge-Tags
X-Acquia-Site
X-Sn-Servicetimems
X-RPM
X-RPS
X-Cdn-Origin
X-DW
X-Dw-Trace-Id
X-Snapshot-Date
X-Yottaa-OS
X-Webstats-RespID
X-LiteSpeed-Cache-Control
X-CUA
X-Pf-Uncompressing
X-ElasticPress-Search
X-SB
Ohc-Response-Time
X-FTR-Expires
X-Fastly-Cache-Hits
Warning
X-Apw-Hits
X-Mg-Request-Id
X-Apw-Access-Token
X-Cache-Status-Check
X-TH-Server
X-FPC
Content-Script-Type
X-Apw-Access-Object
X-CCDN-Origin-Time
Content-Style-Type
Instruction
X-Hcs-Proxy-Type
X-C
X-CCDN-CacheTTL
ServerName
X-Region-Sid
SR-User-Adfree
X-Tt-Logid
X-MiniProfiler-Ids
X-Apw-Access-Action