Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
Keep-Alive
Request-Context
X-Robots-Tag
Server-Timing
X-Ws-Request-Id
X-Server
X-AH-Environment
X-Ua-Compatible
X-Age
X-Hacker
X-Turbo-Charged-By
X-Server-Powered-By
X-Proxy-Cache
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-Vhost
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-WebKit-CSP
X-Response-Time
X-Readtime
Accept-CH
X-Akam-SW-Version
Xkey
X-HW
X-Country
X-Webkit-CSP
X-Ac
Content-Location
X-Application-Context
X-Language
Accept-Ch-Lifetime
X-Template
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Url
X-Cache-Lookup
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-B3-TraceId
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Varnish-TTL
X-Trace
X-GitHub-Request-Id
Accept-CH-Lifetime
Fastly-Restarts
X-Content-Type
X-ASPNET-VERSION
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-D2id
Arr-Disable-Session-Affinity
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Country-Code
Verso
X-Goog-Hash
X-VARITI-CCR
Accept-Ch
X-Cached
X-Vcap-Request-Id
X-FastCGI-Cache
X-Navigation-Version
X-Powered-By-Plesk
X-Server-Name
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
X-Buckets
Service-Worker-Allowed
X-Fastly-Request-ID
X-ORACLE-DMS-ECID
RTSS
X-Middleton-Response
X-Middleton-Display
Response
Display
X-Sol
Pagespeed
Access-Control-Request-Method
X-Cache-TTL
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-Ttl
X-NF-Request-ID
Public-Key-Pins
X-Dw-Request-Base-Id
X-Upstream
X-Ruxit-Js-Agent
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
S
X-LLID
X-Kinsta-Cache
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-TTL
X-Px
Realpath
X-Oneagent-Js-Injection
SPIisLatency
SPRequestDuration
X-Accel-Expires
X-ECACHE
X-SharePointHealthScore
SPRequestGuid
X-Edge-Location-Klb
X-HP-Webp
X-T
X-Jurisdiction
X-Mid
X-MCACHE
X-PressLabs-Stats
X-Forwarded-Proto
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Release
Charset
X-Shield-Request-Id
X-Correlation-Id
X-Recruiting
Edge-Cache-Tag
X-DynaTrace
TP-Cache
TP-L2-Cache
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Ezoic-Cdn
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Id
X-Content-Digest
X-Request-Received
Filters
X-Request-Processing-Time
X-Logged-In
Server-Node
Cache-Tags
Nginx-Cache
Alternate-Protocol
Front-End-Https
X-ORACLE-DMS-RID
Content-MD5
X-Cache-Key
X-Forwarded-For
Server-Name
TCN
X-Origin-Upstream-Status
X-Litespeed-Cache
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-Amzn-Trace-Id
Fusion-Content-Source
X-Grace
X-Origin-Server
X-Contextid
X-WebKit-CSP-Report-Only
X-Geo-Country
X-Hostname
X-XRDS-Location
X-Rid
X-Amz-Replication-Status
X-F-Cache
X-Goog-Generation
X-Goog-Metageneration
Host
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-AppVersion
X-Activity-Id
X-Az
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-HS-Cache-Config
Cleartype
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Server-ID
X-Www-Served-By
X-Protected-By
AR-Request-ID
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Frontend
X-Fastcgi-Cache
X-XRDS-LOCATION
X-RateLimit-Remaining
X-Debug-Info
Section-Io-Cache
X-LB-Cache
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
MicrosoftSharePointTeamServices
X-Ser
X-Aspnetmvc-Version
X-Page-Id
X-Git-Hash
X-Cache-Age
X-Varnish-Age
Accept-Charset
X-Upgrade-Enabled
X-NWS-LOG-UUID
X-Respond-Thread
X-DIS-Request-ID
X-Hits
ServerID
X-Source
X-VCache
Nel
X-Tec-Api-Origin
X-Tec-Api-Root
Paypal-Debug-Id
X-Mobile-URL
X-Microsite
X-Tec-Api-Version
X-Request-Handler-Origin-Region
X-Varnish-Backend
X-Content-Options
X-Signature
X-Varnish-Grace
X-B-Cache
X-CACHE-GROUP
Access-Control-Allow-Method
X-Is-Crawler
X-Request-Guid
X-Route-Name
X-Kong-Proxy-Latency
X-Flags
X-Kong-Upstream-Latency
X-Providence-Cookie
X-FB-Debug
X-Aspnet-Duration-Ms
Payment
Healthy
X-Cache-Action
X-Daa-Tunnel
X-Whom
X-B3-Sampled
X-TT
Viewport
X-N
X-AOL-HN
X-App-Environment
Node
X-Seen-By
X-Type
Version
X-Load-Cache
Fastcgi-Useragent
X-Mobile
MS-CV
DC
DynaTrace
X-Webkit-Csp
X-Ab
X-Cache-Expired-At
X-Yandex-Sdch-Disable
X-HTML-Minification-Powered-By
Filterid
X-Distributor
X-IPLB-Instance
X-Cache-Control
SRV
Retry-After
X-Response-Served-From
X-Original-Request-Id
X-Real-IP
X-FireWall-Port
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-UUID
X-Instance
X-Tumblr-Pixel-0
Frame-Options
X-Tumblr-Pixel
X-Varnish-Server
X-Tumblr-User
X-Tumblr-Pixel-1
X-ProcessESI
X-Proxy-Cache-Status
X-IPS-LoggedIn
NGB
X-RemovedCookies
X-Content-Powered-By
X-Debug-IsPreview
X-Device-Type
X-RTag
X-Proxy
X-Debug-IsConnected
X-User-Agent
X-Region
X-Debug
X-Jobs
X-Cluster-Name
Access-Control-Request-Headers
Ms-Operation-Id
Uber-Trace-Id
X-Adobe-Content
X-Page-View
VIX-Pulpo-Upstream-Status
X-Accel-Buffering
X-B
Refresh
X-Cache-Time
VIX-Pulpo-Node
X-Adobe-Loc
X-Cacheable-TTL
X-Framework
Cache
X-G
X-Wix-Request-Id
X-Zen-Fury
X-FW-Hash
X-FW-Type
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Dynamic
Countrycode
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Vgn-Hpd-Reason
X-Time
X-Oracle-Dms-Rid
Cache-Status
X-Cache-Hit
X-TA-CDN-Provider
X-Nginx-Cache
Surrogate-Key
X-RateLimit-Limit
X-NGENIX-Cache
Country
X-App-Version
X-Drupal-Cache-Tags
X-Rendered-As
X-Is-Bot
X-Mg-Request-UUID
X-Azure-Ref
Eomportal-Instance
X-App-Server
X-EdgeConnect-Cache-Status
S-Cnection
X-CDN-Forward
X-Cache-Rule
X-Ms-Request-Id
X-Ms-Version
Referer-Policy
X-Node-Name
SD-X-WS
X-Drupal-Cache-Contexts
Liferay-Portal
AMP-Access-Control-Allow-Source-Origin
X-JoinUs
X-Timing-Wait
X-SaId
From-Origin
X-Proxy-Build
X-ES-SERVER
Meta-Geo
Selected-Fe
X-Varnishpool
X-UPSTREAM-Address
X-Cache-Operation
X-Environment-Context
X-L-Path
X-RN-RSRV
X-Tumblr-Pixel-2
X-Handled-By
X-No-Session
Protected
X-TNCMS
Azure-Version
X-Backend-Host
X-Cache-TTL-Remaining
X-Cache-Server
ServedBy
Azure-InstanceId
Azure-RegionName
X-Alternate-Cache-Key
Azure-SlotName
Azure-SiteName
X-Endurance-Cache-Level
X-GG-Cache-Date
X-Loop
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
CF-IPCountry
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-PHP-Backend
X-Pubstack
X-Rule
X-Storefront-Renderer-Rendered
X-Request-Time
X-S-Maxage
X-R9-Blue-Green-Version
X-Varnish-Hostname
X-Xfnlog-Site
X-Shopify-Stage
X-Via-Fastly
X-Sorting-Hat-ShopId
X-BYPASS-REASON
X-Be
Fastly-SSL
X-NYM-Debug-Backend
TWC-Privacy
X-OCL
Akamai-GRN
Cache-Name
Cache-Tv-Group
X-AWS-Id
Webcakes-App-Name
Property-Id
X-Proto
Webcakes-App-Version
X-Origin-Hint
X-LAGOON
X-Server-W
TWC-GeoIP-LatLong
X-Human
TWC-GeoIP-Country
TWC-Connection-Speed
X-LJ-Flow-ID
TWC-Device-Class
TWC-Locale-Group
X-VWS-Id
X-PCL
X-ProxyCache-Status
Country-Code
X-ProxyCache-Key
Webcakes-Region
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-Status
X-Access
X-Say-TTL
X-RCS-CacheZone
X-Section
X-Adobe-Source
X-Format
X-Origin-Date
X-Hl-Ver
X-SayCDN-TTL
X-Varnish-Beresp-Grace
X-Backend-Name
Apigw-Requestid
X-Say-Cacheable
Xserver
X-Cache-PHP
X-Labrador-Cache-Channel
X-UA-Device-Type
X-Sql-Duration-Ms
X-Sql-Count
X-PERF
X-PHP-Host
X-FB-TRIP-ID
X-Akamai-Edgescape
X-Hyper-Cache
X-ApacheServer
Mn-Server-Ip
X-Uri
X-Hosted-By
X-Redis-Cache
X-Cached-By
X-Trace-Id
Amp-Access-Control-Allow-Source-Origin
X-Ua-Device
X-Web-Node
X-Revision
X-MP-GENERATED-AT
X-WA-Info
X-Dc
X-ATG-Version
X-Content-Age
X-FW-Version
X-B3-SpanId
X-CSRF-Token
X-Cache-Type
X-Soup
X-Cache-Enabled
X-Time-Microsecs
X-ServerID
X-Tumblr-Pixel-3
X-Edge-Location
X-Mode
Backend
X-SRV
X-Aws-Lambda-Call-Status
X-Bc-Bl
X-Info
X-CS
X-Datadome
X-TT-LOGID
X-Microcachable
X-APP-VERSION
X-Varnish-Beresp-Status
X-Akamai-Transformed
X-Detected-As
Who
X-Cache-NGX
X-Varnish-Cache-Hits
X-Azure-Ref-OriginShield
X-Debug-Cache
X-Cache-Host
X-Routing-Service
X-Generation-Time
Web-Mar-Node
X-Proxied
X-Platform
X-Zipkin-Id
X-Storage
X-Parallel-Accel
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-CACHE-KEY
OT-Force-Account-Verify
X-Amz-Apigw-Id
X-Cluster-Node
X-Varnish-Hits
Count-Hit
GEO-INFO
X-Via-JSL
Cross-Origin-Opener-Policy
X-Varnish-Beresp-Ttl
X-Unique-ID
X-Extlb
X-B3-Traceid
DataCenter
X-Locale
Server-Info
X-Origin-TTL
X-Origin-CC
Meta-Geo-Continent
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
MD5-Digest
Mobile-Detection-Method
Rendered-Blocks
Req-Svc-Chain
A
Odigeo-Trace-Id
Apple-News-Services-Handled
Apple-News-Services-Host
BehaviorPad-Version
CDN-Uid
Content-Disposition
State
CDN-Cache
CDN-RequestId
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestCountryCode
DCR-Decision-By
DCR-Processing-Time-Ms
Fastly-Backend-Name
Host-ID
CDN-PullZone
Cache-Host
Fastcgi-X-Cache-Version
Expiry
CDCHOST
M-TraceId
X-Cms-Context
X-Rewrite-Enabled
X-Request-URI
X-Rojux
X-S
X-S-Cookie
X-Ratelimit-Reset
X-Proxy-Upstream
X-NAPM-TraceId
X-Location
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-ScT
X-Service
X-VG-WebCache
X-Vdms-Version
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Vdms-Path
X-Varnish-Url
X-Session-Fingerprint
X-SRCache-Key
X-Sucuri-ID
X-Thanos
X-Level-Front-Cache
X-Geo-Header
X-Application
X-Aed
X-ARC
X-B-Cookie
X-BCube-Filmed-By
X-A-Wwc
X-A-Dgt
X-A
T-Server
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Bip
X-Cache-Bucket
X-Epic-Correlation-Id
X-Developer
X-External-Request-Id
X-From
X-Generated-On
X-Destination
X-D
X-Cache-NE
X-CF-Lambda-Fn
X-Connection-Hash
X-Core-Value
Surrogated-Key
X-CF-Lambda-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Magnolia-Registration
X-Air-Source
X-Servername
X-Air-Hostname
X-TEC-API-VERSION
X-Air-Trace-Id
X-DataDome
Upgrade-Insecure-Requests
X-AIR-PT
X-Tb
X-Rebelmouse-Cache-Control
Memcached
X-Rebelmouse-Surrogate-Control
X-VHOST
Path
Pics-Label
PFcat
X-Req
Pagetype
Location
X-Scheme
X-Served-From
Gh-Request-Id
X-Sigma
Kp-EeAlive
X-Developers
X-Platform-Server
X-Rocket-Build-Number
L
X-Request-UUID
X-Origin
X-GoCache-CacheStatus
X-Accel-Expires-Debug
X-Has-Esi
X-Hash
X-Backend-State
X-Site-Version
X-Cache-Debug
X-Gamma-Serve
X-Branch-Name
X-HN
X-Is-Gdpr
X-Date
X-Envoy-Decorator-Operation
X-NU-AKA-ACS-Version
X-Sigma-Backend
X-Clientip
X-JWT-State
UCS
X-Varnish-Ttl
Server-Host
Origin
Esi-Enabled
Fastcgi-Cache-TTL
CacheControlHeader
AKAMAI
X-VarnishDD-TTL
X-TrackingId
X-Var-Ttl
X-VG-TLSProxy
Fastly-SIE
Fastly-SWR
Cmstype
Cmsid
Fastly-Drupal-HTML
X-Minions-Version
X-Aicache-OS
SID
X-EC-Lua
User-Cache-Control
X-Cluster
X-Li-Fabric
Arc-Country
True-Client-Country-4JS
X-Li-Pop
Thinkindot-CacheControl-Type
Thinkindot-Control
C-Via
Arc-Version
Wxu-Next-Region
Wxu-Next-Hostname
We-Hiring
X-VC-Cache
Vix-Hermes-Req-Id
Wxu-Next-Commit
X-Viewer-Country
X-Csrf-Jwt
X-Fmm-Version
X-Forwarded-Site
X-Fastly-Cache
X-Fastly-Backend
X-Device-Os
X-Eu-Site
X-Ratelimit-Limit
X-Clara-WADP
X-CGP
X-Generated-By
Thinkindot-CacheControl
Adler-Geo
X-Cache-Grace
X-Cache-Info
X-WADP-Cache
X-Cache-Tags
Source
X-Generated-In
X-LI-UUID
X-SVT-ORM-VERSION
Ec-Rule-Version
Cf-Device-Type
Platform
X-Amz-Meta-S3cmd-Attrs
My-App
PB-RID
NGX
X-DPWN-IS-SECURE
TDXMobile
X-Request-Host
NM-Fastcgi-Cache
PB-PID
DSUID
X-SVT-ORM-RULES
X-Owner
X-Micro-Cache
HA-Ipaddr
X-Men
Ha-Gx-Prefs
X-Loc
Svr
Mail-Subject
X-Thinkindot-L3
X-Variation
X-Origin-Expires
X-RateLimit-Limit-Second
L5d-Success-Class
Is-Eu
X-RateLimit-Remaining-Second
X-Policy
X-TX-ID
Geo-Info
X-Pass-Why
X-NWS-UUID-VERIFY
X-Wikidot-Static-Cache
X-Esi-Check
X-Skip-Cache
X-Slack-Backend
X-Forwarded-Host
X-Fetched-On
X-Wikidot-Backend
X-FC-Vary-Parameters
X-Via-NSCOPI
X-Varnish-CookieHashed-On
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Nginx-Cache-Key
X-Varnish-Remaining-TTL
X-SIPLIST1
X-Varnish-CookieINHashed-On
X-Mvc-Supplant-Cachable
X-Hnp-Log
X-User
X-Qloud-Router
X-VServer
X-Gen-Mode
X-GeoIP
X-GeoIP-City
X-Gzip
X-Goog-Meta-Goog-Reserved-File-Mtime
Webserver
X-Old-Content-Length
Locid
X-Cache-Id
VNS-Age
CPC-Cache
CPC-Age
X-Block-Status
Release
VNS-Cache
V-Age
Sever-Int
Server-Hostname
Server-Ext
Cache-Key
IsBot
X-DefHash
X-DefElseHash
S-Rt
X-Ua
NtCoent-Length
X-Shop-Environment
X-Planisys-CDN-Cache
X-PF-Uncompressing
X-Orig-Expires
X-Forwarded-Path
Powered-By-ChinaCache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Unique-Id
Url
X-Tenant
Cache-Hits
Cross-Origin-Window-Policy
X-Via-Popn
X-Via-Popv
X-Mvc-Supplant-OutputCached
X-Via-Poph
X-Refresh
MIME-Version
X-Ratelimit-Remaining
X-OVcl
X-Cache-Ttl
Content-Secure-Policy
X-Vc
X-OVcl-Cache
X-Zone
X-Ftr-Request-Id
X-PJAX-URL
X-HP-Trace-Id
XServer
X-Conf
Cf-Bgj
X-NC
X-TraceId
X-Internal-Host
Tcn
X-Backend-TTL
DB-Nickname
X-ID
Time
X-Srv
X-LB-ID
Magicmarker
X-GEO
X-BBC-Edge-Cache-Status
Memory
X-Geo
WebServer
X-Servedbyhost
X-ZONE
X-Ckpd-Fst-Backend
Server-ID
X-Worker
X-NCache
X-TIME
X-Dispatcher-Server
HostName
X-Method
X-Auto-Login
GeoIp-Country-Code
Geoip-Latitude
X-LSADC-Cache
X-V-Cache
X-NewRelic-App-Data
Hostname
X-IP
X-Render-Time
X-DC
Ssr
X-Rocket-Nginx-Serving-Static
X-Traceid
X-Platform-Router
X-CLOUD-TRACE-CONTEXT
X-M-Log
X-M-Reqid
X-Wa
X-Tb-Optimization-Total-Bytes-Saved
X-Platform-Processor
X-Platform-Cluster
X-Qnm-Cache
X-Tx-Id
Resin-Trace
LB
X-Newrelic-Synthetics
X-SD-PageType
X-Cache-Remote
X-App
X-Li-Proto
X-Correlation-ID
X-Datadog-Sampling-Priority
X-Nc
X-Datadog-Parent-Id
X-Trv-Group
Environment
X-Datadog-Trace-Id
Ohc-File-Size
X-Gdpr
X-Node-Id
X-MSEdge-Features
X-VCL-Version
X-HITS
X-MSEdge-Flight
X-CACHE-AGE
X-Via-CDN
X-API-Version
X-Vcl-Version
X-BBC-Origin-Response-Status
X-NodeID
X-Dynatrace
X-Nyt-Route
X-Cache-Config
X-Origin-Response-Time
X-Origin-Time
X-Server-IP
Datacenter
Env
X-Pod-Name
Cluster
X-Via-Ucdn
X-APP
Cf-Ipcountry
X-ServerName
X-ElasticPress-Query
X-LI-Proto
X-Reqid
X-Edge-Pop
X-Varnish-Beresp-TTL
Candidate-Md5Url
X-DynaTrace-JS-Agent
X-Wix-Viewer-Type
X-ND-Cache
CF-Cached-On
Sid
X-FTR-Request-ID
X-WA
X-Cache-Var
X-Cache-Var-Map
X-Akamai-Pragma-Client-IP
X-HostName
Web-Mar-Region
Viewtype
VivaBuild
X-HS-Status
N-Cache
Rt-Fastcgi-Cache
Machine
CDN
X-Dynatrace-Js-Agent
X-Cdn-Forward
X-Cs
Proxy-Connection
GeoIP-Latitude
GeoIP-Country-Code
Server-Id
X-ServedByHost
X-NGINX-Cache
FSS-Cache
On-Server
X-Webkit-CSP-Report-Only
Servername
WWW-Authenticate
X-VC
Onion-Location
X-EIG-Tracking-Id
X-Swa-Ws
X-SERVER-NAME
X-Lb-Id
X-URL
X-Pjax-Url
X-Fastly-Backend-Reqs
Cdn
X-Check-Cacheable
X-Varnish-Cacheable
WZWS-RAY
Ohc-Cache-HIT
X-Xrds-Location
X-Esi
X-CSRF-TOKEN
X-Oss-Hash-Crc64ecma
X-Via-PopH
X-Via-PopV
X-Oss-Server-Time
X-Via-PopN
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Request-Id
X-IN-APIGATEWAY
X-FTR-Backend-Server
X-Fastly-Request-Id
X-FTR-Backend
Xc-Version
X-Cache-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-IN-APIGATEWAYSSL
X-FTR-Realm
X-FTR-DC
X-CCM
X-Fpc
Mime-Version
Tracecode
URI
X-SN
Cteonnt-Length
X-Swift-Error
CountryCode
X-Webkit-Csp-Report-Only
X-CUA
X-TIM-N
Server-Ttl
CACHE
X-Request-Start
Redirect-Candidate
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-FORWARDED-FOR
X-Tid
X-Pf-Uncompressing
X-Air-Pt
X-Fastly-Cache-Hits
X-SB
X-LiteSpeed-Cache-Control
SR-User-Adfree
X-Webstats-RespID
Ohc-Response-Time
X-RPS
X-Snapshot-Date
X-DW
X-FTR-Expires
X-RPM
X-DI
X-DSS
Warning
X-Action
X-Dw-Trace-Id
X-Yottaa-OS
X-Up
Xet-Cookie
Instruction
X-DB
X-ElasticPress-Search
Shield-Pop
X-Region-Sid
WP-Super-Cache
X-StackifyID
X-RSL
X-Edge-POP
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Date
Is-Us
X-Cache-Status-Check
X-C
X-Apw-Access-Action
X-Depends-On
X-UnsetCookies
X-Cache-Expires
X-MiniProfiler-Ids
X-Mg-Request-Id
X-TH-Server
X-Apw-Access-Object
X-Apw-Access-Token
Vha6-Origin
X-CCDN-CacheTTL
X-CCDN-Origin-Time
ServerName
X-Tt-Logid
X-Apw-Hits
X-Pad
X-Hcs-Proxy-Type