Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
X-XSS-Protection
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
Access-Control-Allow-Credentials
X-Request-Id
X-AspNet-Version
X-FRAME-OPTIONS
X-Adblock-Key
X-Runtime
X-Request-ID
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
Request-Context
X-Robots-Tag
Server-Timing
X-Ws-Request-Id
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Ua-Compatible
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
X-Page-Speed
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
Cf-Railgun
X-Amz-Version-Id
X-Host
X-Dispatcher
X-Server-Id
NEL
X-OneAgent-JS-Injection
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-WebKit-CSP
X-Readtime
X-Response-Time
X-Akam-SW-Version
Accept-CH
X-Webkit-CSP
Xkey
Accept-Ch-Lifetime
X-HW
X-Country
X-Ac
Content-Location
X-Application-Context
X-Language
MS-Author-Via
X-Template
Rating
X-Cache-Lookup
X-Url
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Varnish-TTL
X-Trace
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
Accept-Ch
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-ASPNET-VERSION
X-D2id
X-Country-Code
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
Verso
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-Goog-Hash
X-FastCGI-Cache
Accept-CH-Lifetime
X-Vcap-Request-Id
X-Server-Name
X-Cached
X-Navigation-Version
Cache-Tag
X-Buckets
X-Powered-By-Plesk
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-ORACLE-DMS-ECID
RTSS
X-Fastly-Request-ID
Pagespeed
Display
X-Sol
Response
X-Middleton-Response
X-Cache-TTL
X-Middleton-Display
Access-Control-Request-Method
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-NF-Request-ID
Public-Key-Pins
X-Dw-Request-Base-Id
X-Ttl
X-Upstream
X-Version
X-SRCache-Fetch-Status
X-Oneagent-Js-Injection
X-SRCache-Store-Status
X-Ruxit-Js-Agent
X-Edge
S
X-TTL
X-Px
X-Kinsta-Cache
X-LLID
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Edge-Location-Klb
Realpath
X-Accel-Expires
SPRequestDuration
SPIisLatency
X-ECACHE
SPRequestGuid
X-SharePointHealthScore
X-T
X-HP-Webp
X-Jurisdiction
X-Server-ID
X-MCACHE
X-Mid
X-PressLabs-Stats
X-Forwarded-Proto
X-Content-Security-Policy-Report-Only
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Instrumentation
X-Shield-Request-Id
X-Correlation-Id
Charset
X-Recruiting
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Edge-Cache-Tag
Fastcgi-Cache
TP-L2-Cache
TP-Cache
X-Amz-Server-Side-Encryption
X-DynaTrace
X-Release
X-Mg-S
X-Ezoic-Cdn
X-Content-Digest
X-Id
X-ORACLE-DMS-RID
X-Request-Processing-Time
X-Request-Received
Filters
Nginx-Cache
Server-Node
Alternate-Protocol
X-Logged-In
Front-End-Https
X-Cache-Key
Cache-Tags
X-Forwarded-For
Content-MD5
TCN
X-Origin-Upstream-Status
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
X-Amzn-Trace-Id
Server-Name
X-Litespeed-Cache
X-XRDS-Location
X-Grace
X-Origin-Server
X-Geo-Country
X-Hostname
X-Contextid
X-Rid
X-Amz-Replication-Status
X-F-Cache
X-Protected-By
Cleartype
Host
X-Az
X-AppVersion
X-Activity-Id
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-WebKit-CSP-Report-Only
X-Www-Served-By
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-RateLimit-Remaining
X-Frontend
Section-Io-Cache
X-LB-Cache
X-Debug-Info
MicrosoftSharePointTeamServices
X-Erf-Bev-Bev-Is-Generated
X-XRDS-LOCATION
X-Erf-Bev-Bev
X-Browser-Type
X-NWS-LOG-UUID
X-Ser
X-Page-Id
AR-PoweredBy
X-Tec-Api-Origin
AR-ATIME
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-Age
AR-Request-ID
Ar-Sid
X-Git-Hash
AR-CACHE
X-Respond-Thread
X-VCache
Accept-Charset
X-Source
X-Aspnetmvc-Version
X-Upgrade-Enabled
X-Varnish-Age
X-Hits
X-Content-Options
X-DIS-Request-ID
X-Daa-Tunnel
X-Mobile-URL
Paypal-Debug-Id
ServerID
X-Varnish-Backend
Access-Control-Allow-Method
X-B-Cache
X-Varnish-Grace
X-Signature
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-B3-Sampled
Nel
X-Aspnet-Duration-Ms
Viewport
X-Fastcgi-Cache
X-Cache-Action
X-Request-Guid
Payment
X-Route-Name
X-Is-Crawler
X-Providence-Cookie
Healthy
X-Flags
X-FB-Debug
X-Whom
X-TT
X-CACHE-GROUP
Node
X-N
X-AOL-HN
X-App-Environment
X-Seen-By
Version
X-Request-Handler-Origin-Region
X-Microsite
X-Type
X-Load-Cache
Fastcgi-Useragent
X-Mobile
DC
DynaTrace
MS-CV
X-Yandex-Sdch-Disable
X-HTML-Minification-Powered-By
X-Cache-Expired-At
X-Distributor
SRV
Retry-After
Filterid
X-Ab
X-Cache-Control
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-IPLB-Instance
Frame-Options
X-Response-Served-From
X-User-Agent
X-Original-Request-Id
X-Instance
X-Real-IP
X-RemovedCookies
X-ProcessESI
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-UUID
X-Varnish-Server
X-Tumblr-Pixel-0
X-Tumblr-User
X-Jobs
X-IPS-LoggedIn
X-Debug-IsConnected
X-Debug-IsPreview
X-Device-Type
Ms-Operation-Id
X-Proxy
X-Proxy-Cache-Status
X-Region
X-RTag
X-Cache-Time
VIX-Pulpo-Node
NGB
X-B
Uber-Trace-Id
Refresh
X-Cacheable-TTL
Access-Control-Request-Headers
X-Content-Powered-By
X-Adobe-Loc
X-Cluster-Name
VIX-Pulpo-Upstream-Status
X-Page-View
X-Adobe-Content
X-Framework
X-FireWall-Port
X-Debug
X-G
X-Accel-Buffering
Cache
X-FW-Serve
X-FW-Dynamic
X-FW-Server
X-FW-Hash
X-Zen-Fury
X-FW-Type
X-FW-Static
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-App-Version
Countrycode
Section-Origin-Responded
X-Wix-Request-Id
X-Time
X-Vgn-Hpd-Reason
X-RateLimit-Limit
X-NGENIX-Cache
Cache-Status
X-Nginx-Cache
X-Azure-Ref
X-Oracle-Dms-Rid
Surrogate-Key
X-Mg-Request-UUID
X-Cache-Hit
X-CDN-Forward
X-Drupal-Cache-Tags
X-Rendered-As
Country
X-Is-Bot
S-Cnection
X-Ms-Version
X-Ms-Request-Id
X-App-Server
X-EdgeConnect-Cache-Status
X-TA-CDN-Provider
Eomportal-Instance
X-Node-Name
Referer-Policy
X-Cache-Rule
SD-X-WS
Liferay-Portal
X-L-Path
X-Environment-Context
X-Drupal-Cache-Contexts
X-JoinUs
X-Proxy-Build
X-Varnishpool
X-ES-SERVER
Meta-Geo
X-Tumblr-Pixel-2
X-RN-RSRV
From-Origin
X-Timing-Wait
X-UPSTREAM-Address
X-SaId
Selected-Fe
X-Shopify-Stage
X-No-Session
X-Cache-TTL-Remaining
X-ShopId
X-Via-Fastly
X-PHP-Backend
X-Handled-By
X-Pubstack
X-Sorting-Hat-PodId
X-Xfnlog-Site
X-Sorting-Hat-ShopId
X-Loop
X-Cache-Server
X-Storefront-Renderer-Rendered
Protected
X-Alternate-Cache-Key
X-Endurance-Cache-Level
ServedBy
X-TNCMS
CF-IPCountry
X-Backend-Host
X-ShardId
X-R9-Blue-Green-Version
Webcakes-App-Version
X-AWS-Id
Webcakes-Region
TWC-Locale-Group
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-Country
Cache-Name
Azure-Version
X-Be
Cache-Tv-Group
Property-Id
Azure-SlotName
Azure-SiteName
TWC-Device-Class
Fastly-SSL
Azure-InstanceId
Azure-RegionName
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-OCL
X-VWS-Id
X-Varnish-Hostname
X-Request-Time
X-PCL
X-Proto
X-Yottaa-Metrics
X-S-Maxage
AMP-Access-Control-Allow-Source-Origin
X-Server-W
X-Origin-Hint
X-Yottaa-Optimizations
X-LJ-Flow-ID
X-NYM-Debug-Backend
X-LAGOON
X-ProxyCache-Key
X-Cache-Operation
Xserver
Decoy-Debug-Status
X-Varnish-Beresp-Grace
Decoy-Debug-Key
X-ProxyCache-Status
X-Origin-Date
X-Human
X-Access
X-Adobe-Source
X-Say-Cacheable
X-RCS-CacheZone
X-Say-TTL
X-Backend-Name
Country-Code
X-Section
X-SayCDN-TTL
X-BYPASS-REASON
Decoy-Debug-TTL
Akamai-GRN
X-Format
Apigw-Requestid
X-Hl-Ver
X-Sql-Duration-Ms
X-PERF
X-FB-TRIP-ID
X-UA-Device-Type
X-GG-Cache-Date
Amp-Access-Control-Allow-Source-Origin
X-Labrador-Cache-Channel
X-Sql-Count
X-Status
X-PHP-Host
X-ApacheServer
X-Akamai-Edgescape
Mn-Server-Ip
X-Rule
X-Revision
X-Cache-PHP
X-Hosted-By
X-Hyper-Cache
X-Uri
X-Redis-Cache
X-B3-SpanId
X-Web-Node
X-Trace-Id
X-Webkit-Csp
X-Cache-Type
X-WA-Info
X-MP-GENERATED-AT
X-FW-Version
X-ATG-Version
X-Ua-Device
X-Content-Age
X-Dc
X-CSRF-Token
X-Time-Microsecs
X-ServerID
X-Aws-Lambda-Call-Status
X-Tumblr-Pixel-3
X-Cached-By
X-TT-LOGID
X-Datadome
X-Soup
X-Akamai-Transformed
Backend
X-Cache-Enabled
X-Edge-Location
X-Parallel-Accel
X-CS
X-Mode
X-Detected-As
X-Varnish-Cache-Hits
X-Bc-Bl
Count-Hit
X-Microcachable
X-Azure-Ref-OriginShield
X-Cluster-Node
OT-Force-Account-Verify
X-Cache-Host
Web-Mar-Node
X-Unique-ID
X-Info
X-Generation-Time
X-Cache-NGX
X-Varnish-Beresp-Status
Cross-Origin-Opener-Policy
GEO-INFO
X-SRV
X-Varnish-Hits
X-Debug-Cache
X-Platform
X-Routing-Service
DataCenter
X-Storage
X-Proxied
X-Amzn-RequestId
X-Zipkin-Id
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-CACHE-KEY
Who
X-Servername
X-APP-VERSION
X-Extlb
X-HP-Trace-Id
X-Varnish-Beresp-Ttl
SID
Server-Info
X-B3-Traceid
X-Locale
X-Origin-CC
X-Origin-TTL
DCR-Processing-Time-Ms
X-A-Dam
X-A-Dcw
X-Application
X-Air-Hostname
X-Air-Source
X-BCube-Filmed-By
Expiry
X-Cache-Bucket
X-Bip
X-Air-Trace-Id
X-Magnolia-Registration
X-Aed
X-A-Wwc
X-Aicache-OS
X-ARC
X-B-Cookie
X-A-Dgt
Req-Svc-Chain
CDN-Cache
DCR-Decision-By
CDN-CachedAt
CDCHOST
Host-ID
M-TraceId
Cache-Host
CDN-EdgeStorageId
CDN-PullZone
Fastly-Backend-Name
Content-Disposition
Fastcgi-X-Cache-Version
CDN-Uid
CDN-RequestCountryCode
CDN-RequestId
BehaviorPad-Version
MD5-Digest
Rendered-Blocks
Odigeo-Trace-Id
State
Surrogated-Key
X-A
T-Server
X-Cache-NE
A
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Mobile-Detection-Method
Meta-Geo-Continent
X-A-Ccd
X-Destination
X-Location
X-NAPM-TraceId
X-Thanos
X-Level-Front-Cache
X-S
X-Rewrite-Enabled
X-EC-Lua
X-Vdms-Path
X-ScT
X-PAYTM-SRV-ID
X-Request-URI
X-Ratelimit-Reset
X-Session-Fingerprint
X-Processor
X-Service
X-SRCache-Key
X-PBS-Appsvrname
X-Generated-On
X-Geo-Header
X-Connection-Hash
X-Core-Value
X-D
X-VG-WebServer
X-Cms-Context
X-Vtex-Processado-Em
X-CF-Lambda-Fn
X-Vtex-Remote-Cache
X-CF-Lambda-Version
X-S-Cookie
X-Via-JSL
X-External-Request-Id
X-From
X-Developer
X-Vdms-Version
X-VG-WebCache
X-Rojux
Upgrade-Insecure-Requests
X-DataDome
Location
X-Scheme
Memcached
X-TrackingId
Fastly-SWR
Fastly-SIE
X-VG-TLSProxy
Fastcgi-Cache-TTL
Gh-Request-Id
X-VarnishDD-TTL
X-Sigma
X-Sigma-Backend
X-Sucuri-ID
X-Var-Ttl
Kp-EeAlive
Server-Host
X-GoCache-CacheStatus
X-Gamma-Serve
X-Has-Esi
X-Hash
X-HN
X-Epic-Correlation-Id
X-Envoy-Decorator-Operation
X-AIR-PT
X-Branch-Name
Esi-Enabled
X-Backend-State
X-Developers
X-Is-Gdpr
X-JWT-State
Pics-Label
X-Rebelmouse-Surrogate-Control
PFcat
Pagetype
X-Request-UUID
X-Cache-Debug
X-Rebelmouse-Cache-Control
X-Origin
X-NU-AKA-ACS-Version
UCS
X-Platform-Server
X-Proxy-Upstream
X-Rocket-Build-Number
X-Clientip
Cmsid
CacheControlHeader
X-NWS-UUID-VERIFY
Source
Cmstype
X-Cache-Grace
AKAMAI
X-Site-Version
X-Tb
User-Cache-Control
X-Ua
S-Rt
X-Cluster
X-Clara-WADP
X-CGP
X-Cache-Tags
X-VHOST
X-Csrf-Jwt
X-Varnish-Ttl
TDXMobile
X-Date
X-Cache-Info
X-Amz-Meta-S3cmd-Attrs
X-Device-Os
Vix-Hermes-Req-Id
Wxu-Next-Commit
Wxu-Next-Hostname
True-Client-Country-4JS
X-Accel-Expires-Debug
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Wxu-Next-Region
X-Fastly-Backend
X-Request-Host
X-Served-From
X-Req
X-Owner
X-Origin-Expires
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-VC-Cache
X-WADP-Cache
X-Varnish-Url
X-Variation
X-Thinkindot-L3
X-Minions-Version
X-Micro-Cache
X-Fmm-Version
X-Forwarded-Site
X-Fastly-Cache
Svr
X-Eu-Site
X-Generated-By
X-Generated-In
X-Loc
X-Men
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-DPWN-IS-SECURE
X-Policy
Cf-Device-Type
Path
X-Forwarded-Host
PB-RID
Fastly-Drupal-HTML
DSUID
L
Platform
Origin
Ha-Gx-Prefs
HA-Ipaddr
Is-Eu
C-Via
Arc-Version
Arc-Country
NM-Fastcgi-Cache
NGX
Adler-Geo
Ec-Rule-Version
PB-PID
L5d-Success-Class
Url
Cross-Origin-Window-Policy
V-Age
X-Gzip
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Orig-Expires
X-DefHash
X-RateLimit-Remaining-Second
X-Irp-Debug
Locid
X-Gen-Mode
Webserver
X-Forwarded-Path
X-RateLimit-Limit-Second
X-DefElseHash
X-Esi-Check
X-Tenant
X-PF-Uncompressing
IsBot
X-GeoIP
X-Nginx-Cache-Key
X-Old-Content-Length
X-GeoIP-City
Mail-Subject
Sever-Int
X-Qloud-Router
X-Shop-Environment
X-FC-Vary-Parameters
X-Fetched-On
X-SIPLIST1
Cache-Key
X-Varnish-Remaining-TTL
Release
Server-Ext
X-Varnish-CookieINHashed-On
X-Block-Status
Content-Secure-Policy
X-Wikidot-Static-Cache
X-VServer
X-Viewer-Country
X-Hnp-Log
X-Wikidot-Backend
X-User
X-Varnish-CookieHashed-On
NtCoent-Length
X-Mvc-Supplant-Cachable
X-Slack-Backend
X-Skip-Cache
Server-Hostname
We-Hiring
X-Cache-Id
X-TX-ID
X-Ratelimit-Limit
X-Via-NSCOPI
X-Zone
X-HS-Content-Campaign-Id
X-Planisys-CDN-Cache
VNS-Age
VNS-Cache
Geo-Info
Cache-Hits
CPC-Age
CPC-Cache
My-App
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-TEC-API-VERSION
X-Pass-Why
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Srv
X-Via-Popn
X-Mvc-Supplant-OutputCached
X-Via-Popv
Powered-By-ChinaCache
X-Ftr-Request-Id
X-Vc
X-Via-Poph
MIME-Version
X-CLOUD-TRACE-CONTEXT
X-Refresh
X-Conf
X-Internal-Host
X-PJAX-URL
X-Ratelimit-Remaining
X-BBC-Edge-Cache-Status
X-Cache-Ttl
X-Unique-Id
XServer
X-GEO
X-NC
X-TraceId
X-Ckpd-Fst-Backend
X-LB-ID
X-OVcl-Cache
X-Worker
X-OVcl
Tcn
X-ID
Time
Cf-Bgj
X-NCache
Server-ID
X-Servedbyhost
Memory
X-Auto-Login
X-Geo
X-Backend-TTL
WebServer
Magicmarker
X-V-Cache
DB-Nickname
X-LSADC-Cache
HostName
X-TIME
X-Render-Time
Geoip-Latitude
GeoIp-Country-Code
X-NewRelic-App-Data
X-Rocket-Nginx-Serving-Static
X-DC
X-ZONE
X-M-Reqid
X-M-Log
X-Traceid
X-Platform-Cluster
X-Dispatcher-Server
X-Platform-Processor
X-Cache-Remote
X-Newrelic-Synthetics
X-Qnm-Cache
X-Platform-Router
X-Method
X-SD-PageType
Hostname
X-Tx-Id
X-Wa
X-Dynatrace
Ssr
X-IP
X-Datadog-Parent-Id
X-App
Environment
Resin-Trace
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Tb-Optimization-Total-Bytes-Saved
X-BBC-Origin-Response-Status
X-Origin-Time
X-Nyt-Route
X-Cache-Config
X-NodeID
X-API-Version
X-Li-Proto
X-Gdpr
X-Correlation-ID
X-Origin-Response-Time
X-VCL-Version
Cluster
X-Pod-Name
X-Nc
LB
X-Server-IP
X-Via-Ucdn
X-Edge-Pop
Ohc-File-Size
X-DynaTrace-JS-Agent
X-Trv-Group
X-Webkit-CSP-Report-Only
X-CACHE-AGE
X-HITS
X-Vcl-Version
X-MSEdge-Flight
X-MSEdge-Features
Candidate-Md5Url
X-Cache-Var-Map
X-Cache-Var
X-ElasticPress-Query
X-Via-CDN
X-APP
X-LI-Proto
X-Varnish-Beresp-TTL
X-Node-Id
Cf-Ipcountry
Web-Mar-Region
Env
N-Cache
Datacenter
X-Akamai-Pragma-Client-IP
X-ServerName
X-WA
X-ND-Cache
X-Wix-Viewer-Type
X-Reqid
X-HostName
X-Fastly-Request-Id
Proxy-Connection
CF-Cached-On
X-HS-Status
Sid
GeoIP-Latitude
GeoIP-Country-Code
VivaBuild
Viewtype
X-FTR-Request-ID
Rt-Fastcgi-Cache
Onion-Location
X-Ua-Browser
X-Content
X-Cs
WWW-Authenticate
Cdn
X-AB
X-Varnish-Cacheable
Servername
X-EIG-Tracking-Id
CDN
Machine
X-Dynatrace-Js-Agent
X-Fastly-Backend-Reqs
Server-Id
X-Cdn-Forward
X-MG-S
WZWS-RAY
X-NGINX-Cache
X-ServedByHost
X-Lb-Id
On-Server
X-URL
X-Check-Cacheable
FSS-Cache
X-CSRF-TOKEN
X-Xrds-Location
Ohc-Cache-HIT
X-Esi
X-Via-PopH
X-Cache-Backend
Cteonnt-Length
X-Via-PopV
X-Via-PopN
X-IN-APIGATEWAYSSL
X-Fpc
X-Request-Start
Redirect-Candidate
X-TIM-N
X-Swa-Ws
X-Tid
Server-Ttl
X-Pjax-Url
X-IN-APIGATEWAY
X-VC
Lb
URI
X-FTR-Cache-Status
X-Up
X-Oss-Storage-Class
X-Oss-Request-Id
X-FTR-DC
X-Oss-Hash-Crc64ecma
X-FTR-Realm
Xc-Version
X-Oss-Object-Type
X-Oss-Server-Time
Shield-Pop
X-FTR-Backend
CountryCode
Mime-Version
X-Country-Code-Real
X-FTR-Backend-Server
X-SN
X-FTR-Balancer
X-CCM
X-Cache-Date
X-FORWARDED-FOR
Tracecode
Is-Us
Vha6-Origin
X-Amz-Meta-Cb-Modifiedtime
CACHE
X-Cache-ASPX
X-Swift-Error
X-Pad
WP-Super-Cache
Pramga
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Air-Pt
X-Action
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Sn-Servicetimems
X-StackifyID
Xet-Cookie
X-Cdn-Origin
X-Acquia-Site
X-RSL
X-RPS
X-DI
X-DB
X-DSS
X-DW
X-RPM
X-Acquia-Application-Trace
X-Snapshot-Date
X-ElasticPress-Search
X-Dw-Trace-Id
Warning
X-FTR-Expires
X-CUA
X-Pf-Uncompressing
X-Yottaa-OS
X-Webstats-RespID
X-SB
X-Fastly-Cache-Hits
Ohc-Response-Time
X-LiteSpeed-Cache-Control
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Action
X-FPC
Content-Script-Type
Content-Style-Type
X-Cache-Status-Check
X-Core-Mission
CloudFront-Viewer-Country
SR-User-Adfree
X-Hcs-Proxy-Type
X-C
X-TH-Server
X-MiniProfiler-Ids
X-Tt-Logid
X-Mg-Request-Id
ServerName
X-Region-Sid
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Instruction