Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
Request-Context
X-Robots-Tag
Server-Timing
X-Ws-Request-Id
X-Server
X-AH-Environment
X-Ua-Compatible
X-Age
X-Hacker
X-Turbo-Charged-By
X-Server-Powered-By
X-Proxy-Cache
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-UA-Device
X-LiteSpeed-Cache
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Railgun
X-Vhost
X-Amz-Version-Id
X-Server-Id
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-WebKit-CSP
X-Response-Time
X-Readtime
X-Akam-SW-Version
Accept-CH
Xkey
X-HW
X-Country
X-Webkit-CSP
X-Ac
Content-Location
X-Application-Context
X-Language
Accept-Ch-Lifetime
X-Template
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Url
X-Cache-Lookup
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-B3-TraceId
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Varnish-TTL
X-Trace
X-GitHub-Request-Id
Fastly-Restarts
X-Content-Type
X-ASPNET-VERSION
Accept-CH-Lifetime
X-Cnection
X-Rack-Cache
X-Origin-Cache
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-GoogleNews-Bot
Arr-Disable-Session-Affinity
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-Country-Code
X-Goog-Hash
Verso
X-D2id
X-VARITI-CCR
Accept-Ch
X-Server-Name
X-Cached
X-Vcap-Request-Id
X-FastCGI-Cache
X-Powered-By-Plesk
Cache-Tag
X-Client-IP
X-Navigation-Version
X-Amz-Rid
X-Abt-Application-Version
X-Buckets
Service-Worker-Allowed
X-Fastly-Request-ID
X-ORACLE-DMS-ECID
X-Ttl
RTSS
Display
X-Middleton-Response
Pagespeed
Response
X-Sol
X-Middleton-Display
Access-Control-Request-Method
X-Element-Page-Cache
X-MSEdge-Ref
X-Powered-CMS
X-NF-Request-ID
X-Cache-TTL
Public-Key-Pins
X-Dw-Request-Base-Id
X-Upstream
X-Ruxit-Js-Agent
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Px
Realpath
X-Oneagent-Js-Injection
SPRequestDuration
SPIisLatency
X-Accel-Expires
X-SharePointHealthScore
SPRequestGuid
X-ECACHE
X-Edge-Location-Klb
X-T
X-Jurisdiction
X-HP-Webp
X-Litespeed-Cache
X-Mid
X-MCACHE
X-TTL
X-Forwarded-Proto
X-Mg-S
X-Content-Security-Policy-Report-Only
X-PressLabs-Stats
X-Release
Charset
X-Correlation-Id
X-Shield-Request-Id
X-Recruiting
Edge-Cache-Tag
TP-Cache
TP-L2-Cache
X-DynaTrace
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Kraken-Loop-Name
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Ezoic-Cdn
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Id
X-Request-Received
X-Request-Processing-Time
X-Content-Digest
X-Server-ID
Filters
Cache-Tags
Server-Node
Alternate-Protocol
X-Logged-In
Front-End-Https
X-ORACLE-DMS-RID
Content-MD5
Nginx-Cache
X-Forwarded-For
X-Cache-Key
Server-Name
TCN
X-Origin-Upstream-Status
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Amzn-Trace-Id
X-Grace
X-Origin-Server
X-WebKit-CSP-Report-Only
X-Hostname
X-Contextid
X-Geo-Country
X-XRDS-Location
X-F-Cache
X-Rid
X-GUploader-UploadID
Host
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-RateLimit-Remaining
X-Goog-Generation
X-Amz-Replication-Status
X-Goog-Stored-Content-Length
Cleartype
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Protected-By
X-HS-Combine-CSS
X-AppVersion
X-Activity-Id
X-Az
AR-Request-ID
AR-ATIME
Ar-Sid
AR-CACHE
X-Www-Served-By
AR-PoweredBy
X-Frontend
X-XRDS-LOCATION
X-Debug-Info
X-Fastcgi-Cache
Section-Io-Cache
X-LB-Cache
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
MicrosoftSharePointTeamServices
X-Ser
X-Aspnetmvc-Version
X-Page-Id
X-Git-Hash
X-Cache-Age
Accept-Charset
X-Varnish-Age
X-Upgrade-Enabled
X-NWS-LOG-UUID
X-Respond-Thread
X-DIS-Request-ID
Nel
X-VCache
ServerID
X-Source
X-Hits
X-Tec-Api-Version
X-Request-Handler-Origin-Region
X-Mobile-URL
X-Tec-Api-Origin
X-Tec-Api-Root
X-Microsite
Paypal-Debug-Id
X-CACHE-GROUP
X-Varnish-Backend
X-Content-Options
X-Varnish-Grace
X-B-Cache
X-Signature
X-Kong-Upstream-Latency
X-Route-Name
Access-Control-Allow-Method
X-Aspnet-Duration-Ms
X-Cache-Action
X-Is-Crawler
X-Kong-Proxy-Latency
Healthy
Payment
X-Request-Guid
X-Providence-Cookie
X-Flags
Viewport
X-Whom
X-TT
X-B3-Sampled
X-FB-Debug
X-Daa-Tunnel
X-N
Node
X-App-Environment
X-Seen-By
X-AOL-HN
X-Type
Version
X-Load-Cache
Fastcgi-Useragent
X-Mobile
DC
MS-CV
DynaTrace
X-Cache-Expired-At
X-Webkit-Csp
X-Ab
X-Yandex-Sdch-Disable
X-HTML-Minification-Powered-By
Filterid
X-Distributor
X-IPLB-Instance
SRV
X-Cache-Control
Retry-After
X-Response-Served-From
X-Original-Request-Id
X-Instance
X-Tt-Trace-Host
X-Real-IP
X-Tt-Trace-Tag
X-FireWall-Port
NGB
Frame-Options
X-IPS-LoggedIn
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-UUID
X-Tumblr-Pixel
X-Proxy-Cache-Status
X-Content-Powered-By
X-Debug-IsConnected
X-Debug-IsPreview
X-Varnish-Server
X-Jobs
Access-Control-Request-Headers
X-Device-Type
X-Region
X-RemovedCookies
X-ProcessESI
X-Cluster-Name
X-Debug
Uber-Trace-Id
VIX-Pulpo-Node
Refresh
X-Adobe-Loc
X-Adobe-Content
X-User-Agent
VIX-Pulpo-Upstream-Status
X-Page-View
X-Proxy
X-Accel-Buffering
X-Cache-Time
X-B
X-Cacheable-TTL
Ms-Operation-Id
X-Framework
X-RTag
Cache
X-G
X-Wix-Request-Id
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-Zen-Fury
X-FW-Static
X-FW-Server
X-RateLimit-Limit
Countrycode
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Vgn-Hpd-Reason
X-App-Version
X-Time
Cache-Status
X-Oracle-Dms-Rid
X-TA-CDN-Provider
X-Cache-Hit
Surrogate-Key
X-Nginx-Cache
X-NGENIX-Cache
Country
X-Azure-Ref
X-Rendered-As
X-Is-Bot
X-Drupal-Cache-Tags
X-Mg-Request-UUID
Eomportal-Instance
S-Cnection
X-Cache-Rule
X-CDN-Forward
X-App-Server
X-EdgeConnect-Cache-Status
X-Ms-Request-Id
X-Ms-Version
Referer-Policy
SD-X-WS
X-Node-Name
X-Drupal-Cache-Contexts
AMP-Access-Control-Allow-Source-Origin
Liferay-Portal
X-L-Path
X-Environment-Context
Selected-Fe
X-Proxy-Build
X-Cache-Operation
Meta-Geo
X-Timing-Wait
X-Tumblr-Pixel-2
X-Varnishpool
X-JoinUs
X-SaId
X-RN-RSRV
X-UPSTREAM-Address
X-ES-SERVER
X-Backend-Host
X-Storefront-Renderer-Rendered
X-Xfnlog-Site
X-Yottaa-Metrics
X-Rule
X-Yottaa-Optimizations
X-Alternate-Cache-Key
X-Request-Time
Protected
X-TNCMS
X-Loop
ServedBy
From-Origin
Azure-InstanceId
X-Via-Fastly
CF-IPCountry
X-Pubstack
Azure-SiteName
X-GG-Cache-Date
X-S-Maxage
Azure-RegionName
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Varnish-Hostname
X-Shopify-Stage
Azure-SlotName
X-ShopId
X-Cache-TTL-Remaining
X-PHP-Backend
Azure-Version
X-Handled-By
X-No-Session
X-ShardId
Cache-Name
Property-Id
X-LJ-Flow-ID
Country-Code
X-LAGOON
Webcakes-Region
X-Server-W
X-ProxyCache-Key
X-Proto
X-BYPASS-REASON
X-Cache-Server
X-ProxyCache-Status
X-Endurance-Cache-Level
X-Origin-Hint
X-R9-Blue-Green-Version
X-Human
X-NYM-Debug-Backend
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
TWC-Privacy
X-VWS-Id
Webcakes-App-Version
Webcakes-App-Name
TWC-Connection-Speed
X-AWS-Id
X-SayCDN-TTL
X-Cache-PHP
X-Say-TTL
Fastly-SSL
X-Format
X-Be
X-Varnish-Beresp-Grace
X-Status
X-Origin-Date
X-Adobe-Source
X-Backend-Name
X-RCS-CacheZone
X-Say-Cacheable
X-OCL
X-Hl-Ver
X-PCL
Apigw-Requestid
Cache-Tv-Group
Xserver
Akamai-GRN
X-Access
X-Sql-Duration-Ms
X-Akamai-Edgescape
X-Sql-Count
X-UA-Device-Type
X-FB-TRIP-ID
X-Hyper-Cache
X-Labrador-Cache-Channel
X-PHP-Host
X-Section
X-PERF
X-ApacheServer
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Mn-Server-Ip
X-Hosted-By
X-Uri
X-Redis-Cache
Amp-Access-Control-Allow-Source-Origin
X-Cached-By
X-Trace-Id
X-Ua-Device
X-Web-Node
X-WA-Info
X-Revision
X-Dc
X-Content-Age
X-FW-Version
X-B3-SpanId
X-ATG-Version
X-MP-GENERATED-AT
X-CSRF-Token
X-Soup
X-Cache-Type
X-ServerID
X-Time-Microsecs
X-Cache-Enabled
X-Edge-Location
X-Tumblr-Pixel-3
X-Mode
X-SRV
Backend
X-Info
X-Datadome
X-CS
X-Aws-Lambda-Call-Status
X-Bc-Bl
X-Akamai-Transformed
X-TT-LOGID
X-Microcachable
Who
X-Varnish-Beresp-Status
X-Detected-As
X-Azure-Ref-OriginShield
X-Varnish-Cache-Hits
X-Cache-NGX
X-Cache-Host
X-Debug-Cache
X-Storage
X-Zipkin-Id
X-Routing-Service
Web-Mar-Node
X-Platform
X-Proxied
X-Varnish-Hits
X-Cluster-Node
X-Generation-Time
OT-Force-Account-Verify
X-CACHE-KEY
X-Parallel-Accel
Count-Hit
GEO-INFO
X-APP-VERSION
Cross-Origin-Opener-Policy
X-Via-JSL
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Unique-ID
X-Extlb
DataCenter
X-Varnish-Beresp-Ttl
X-B3-Traceid
Server-Info
X-Locale
X-Origin-TTL
X-Origin-CC
CDN-PullZone
CDN-RequestCountryCode
X-CF-Lambda-Fn
CDN-EdgeStorageId
CDCHOST
CDN-Cache
Fastcgi-X-Cache-Version
CDN-CachedAt
CDN-RequestId
DCR-Decision-By
X-Cache-NE
X-Thanos
X-From
DCR-Processing-Time-Ms
X-Varnish-Url
Expiry
Cache-Host
CDN-Uid
Apple-News-Services-Request-Url
X-D
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Epic-Correlation-Id
X-Developer
X-Vtex-Remote-Cache
X-Vdms-Version
X-External-Request-Id
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
BehaviorPad-Version
X-CF-Lambda-Version
Apple-News-Services-Handled
X-Connection-Hash
A
X-Vdms-Path
X-Sucuri-ID
X-Ratelimit-Reset
X-Bip
X-NAPM-TraceId
X-A-Dam
X-Request-URI
X-Rewrite-Enabled
X-A
X-Cache-Bucket
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-Processor
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Proxy-Upstream
X-ARC
X-A-Wwc
X-Aed
X-BCube-Filmed-By
X-Rojux
T-Server
MD5-Digest
Meta-Geo-Continent
X-ScT
X-Service
X-Session-Fingerprint
X-SRCache-Key
Host-ID
M-TraceId
X-S-Cookie
X-Destination
X-Location
State
Surrogated-Key
Req-Svc-Chain
X-S
Mobile-Detection-Method
Odigeo-Trace-Id
Rendered-Blocks
X-B-Cookie
X-Application
X-Air-Source
X-Air-Trace-Id
X-Magnolia-Registration
X-Air-Hostname
X-Servername
X-Cache-Ttl
X-TEC-API-ORIGIN
X-DataDome
X-Tb
Upgrade-Insecure-Requests
X-TEC-API-ROOT
X-TEC-API-VERSION
X-AIR-PT
X-Platform-Server
Memcached
X-VHOST
Path
PFcat
Origin
Kp-EeAlive
Fastly-SWR
Fastly-SIE
Fastly-Drupal-HTML
Fastly-Backend-Name
X-Request-UUID
Gh-Request-Id
Pics-Label
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Req
L
UCS
X-Cache-Debug
X-Branch-Name
X-Gamma-Serve
X-Backend-State
X-Clientip
X-Cms-Context
X-Date
X-Envoy-Decorator-Operation
X-Core-Value
X-Accel-Expires-Debug
X-Site-Version
X-HN
X-Level-Front-Cache
X-NU-AKA-ACS-Version
X-Rocket-Build-Number
X-Hash
X-Generated-On
X-Geo-Header
X-GoCache-CacheStatus
X-Origin
X-Varnish-Ttl
Cmsid
Cmstype
Content-Disposition
X-VG-TLSProxy
X-Var-Ttl
X-TrackingId
CacheControlHeader
X-Sigma-Backend
X-Aicache-OS
X-Served-From
X-Scheme
X-Minions-Version
X-VarnishDD-TTL
X-Sigma
Esi-Enabled
SID
X-EC-Lua
User-Cache-Control
X-Cluster
Vix-Hermes-Req-Id
AKAMAI
We-Hiring
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
True-Client-Country-4JS
C-Via
X-Li-Fabric
X-Li-Pop
X-JWT-State
X-Is-Gdpr
Arc-Country
Arc-Version
Adler-Geo
X-Has-Esi
X-Viewer-Country
X-WADP-Cache
X-Clara-WADP
X-CGP
X-Eu-Site
X-Csrf-Jwt
X-DPWN-IS-SECURE
Source
X-Developers
X-Device-Os
X-Fastly-Backend
X-Cache-Tags
X-Forwarded-Site
X-VC-Cache
X-Generated-By
X-LI-UUID
X-Fmm-Version
X-Fastly-Cache
X-Cache-Info
X-Cache-Grace
X-Generated-In
Svr
X-Amz-Meta-S3cmd-Attrs
X-Owner
Pagetype
Location
L5d-Success-Class
PB-PID
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
NGX
My-App
NM-Fastcgi-Cache
X-SVT-ORM-RULES
X-Policy
Mail-Subject
X-SVT-ORM-VERSION
PB-RID
Server-Host
X-Variation
Fastcgi-Cache-TTL
X-Micro-Cache
X-Loc
X-Men
Is-Eu
Ec-Rule-Version
X-Origin-Expires
Platform
DSUID
HA-Ipaddr
Ha-Gx-Prefs
X-Request-Host
X-NWS-UUID-VERIFY
Geo-Info
X-TX-ID
X-Pass-Why
X-Esi-Check
X-Wikidot-Backend
X-SIPLIST1
X-Skip-Cache
X-Wikidot-Static-Cache
X-Gzip
X-Old-Content-Length
Webserver
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-Hnp-Log
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Varnish-CookieHashed-On
X-User
X-GeoIP-City
X-Forwarded-Host
X-Slack-Backend
X-Varnish-Remaining-TTL
X-Via-NSCOPI
X-Gen-Mode
X-Varnish-CookieINHashed-On
X-VServer
X-GeoIP
X-PF-Uncompressing
X-Qloud-Router
X-FC-Vary-Parameters
X-Fetched-On
X-Thinkindot-L3
X-Nginx-Cache-Key
Locid
Release
Server-Ext
IsBot
CPC-Cache
Cf-Device-Type
Thinkindot-Control
VNS-Cache
VNS-Age
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
TDXMobile
Sever-Int
Server-Hostname
V-Age
Cache-Key
CPC-Age
X-DefElseHash
X-Cache-Id
X-Block-Status
X-DefHash
S-Rt
NtCoent-Length
Url
Powered-By-ChinaCache
X-Forwarded-Path
X-Tenant
X-HS-Content-Campaign-Id
X-Shop-Environment
X-Orig-Expires
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Cache-Hits
X-Unique-Id
Cross-Origin-Window-Policy
X-Vc
MIME-Version
X-Via-Poph
X-Mvc-Supplant-OutputCached
X-Via-Popn
X-Refresh
X-Ua
X-Via-Popv
X-Ratelimit-Limit
X-Ftr-Request-Id
X-HP-Trace-Id
X-PJAX-URL
X-OVcl
X-OVcl-Cache
X-Zone
Content-Secure-Policy
XServer
Cf-Bgj
X-Internal-Host
X-Conf
X-TraceId
X-NC
Tcn
X-ID
DB-Nickname
X-Backend-TTL
X-LB-ID
X-BBC-Edge-Cache-Status
X-GEO
Magicmarker
X-Srv
WebServer
X-Geo
Memory
X-Ratelimit-Remaining
X-NCache
X-ZONE
Server-ID
X-Servedbyhost
Time
X-Ckpd-Fst-Backend
GeoIp-Country-Code
X-Worker
Geoip-Latitude
X-Auto-Login
X-Method
HostName
X-TIME
X-Dispatcher-Server
X-NewRelic-App-Data
X-LSADC-Cache
X-V-Cache
X-Rocket-Nginx-Serving-Static
Hostname
X-DC
X-IP
Ssr
X-Render-Time
X-Traceid
X-Qnm-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Wa
X-M-Reqid
X-CLOUD-TRACE-CONTEXT
X-M-Log
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-Tx-Id
X-SD-PageType
X-Cache-Remote
X-App
Resin-Trace
X-Newrelic-Synthetics
LB
X-Li-Proto
X-Correlation-ID
Environment
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Trv-Group
X-Datadog-Parent-Id
X-Nc
Ohc-File-Size
X-MSEdge-Features
X-Node-Id
X-MSEdge-Flight
X-Via-CDN
X-HITS
X-NodeID
X-Dynatrace
X-Vcl-Version
X-CACHE-AGE
X-VCL-Version
X-Origin-Response-Time
X-BBC-Origin-Response-Status
X-Origin-Time
Cluster
X-Server-IP
X-Via-Ucdn
Datacenter
X-Cache-Config
X-APP
X-Pod-Name
X-API-Version
Env
X-Gdpr
X-Nyt-Route
X-ServerName
Cf-Ipcountry
Candidate-Md5Url
X-LI-Proto
X-Varnish-Beresp-TTL
X-ElasticPress-Query
X-Edge-Pop
X-Reqid
X-DynaTrace-JS-Agent
CF-Cached-On
X-Wix-Viewer-Type
X-FTR-Request-ID
X-ND-Cache
X-WA
Sid
X-Akamai-Pragma-Client-IP
X-Cache-Var-Map
X-HostName
X-Cache-Var
VivaBuild
Web-Mar-Region
X-Webkit-CSP-Report-Only
Rt-Fastcgi-Cache
N-Cache
Viewtype
X-HS-Status
Machine
X-Dynatrace-Js-Agent
X-Cdn-Forward
X-Cs
GeoIP-Country-Code
Proxy-Connection
GeoIP-Latitude
CDN
Server-Id
X-NGINX-Cache
On-Server
Servername
FSS-Cache
Cdn
X-ServedByHost
X-Check-Cacheable
X-URL
WZWS-RAY
X-Varnish-Cacheable
WWW-Authenticate
X-Fastly-Backend-Reqs
X-EIG-Tracking-Id
X-Lb-Id
X-Swa-Ws
X-Pjax-Url
X-Esi
Ohc-Cache-HIT
X-Xrds-Location
X-CSRF-TOKEN
X-Via-PopN
X-Via-PopV
X-Via-PopH
Onion-Location
X-Cache-Backend
Xc-Version
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-IN-APIGATEWAYSSL
X-FTR-Realm
X-FTR-DC
X-VC
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-Oss-Hash-Crc64ecma
X-Fastly-Request-Id
X-IN-APIGATEWAY
X-FTR-Backend-Server
X-FTR-Backend
X-Oss-Object-Type
X-CCM
Cteonnt-Length
X-SN
X-Swift-Error
URI
CountryCode
Tracecode
Mime-Version
X-Fpc
X-Presslabs-Stats
X-Varnish-Authentication
X-Air-Pt
X-Cache-ASPX
X-Contensis-Viewer-Groups
CACHE
X-CUA
X-Tid
X-Request-Start
Server-Ttl
Redirect-Candidate
X-FORWARDED-FOR
X-TIM-N
X-Yottaa-OS
X-Fastly-Cache-Hits
X-Dw-Trace-Id
X-Webstats-RespID
X-RPS
X-ElasticPress-Search
Ohc-Response-Time
X-RPM
X-Pf-Uncompressing
SR-User-Adfree
WP-Super-Cache
X-Action
X-DW
X-DSS
X-RSL
X-LiteSpeed-Cache-Control
X-Region-Sid
X-FTR-Expires
X-SB
X-Up
X-Snapshot-Date
Warning
X-DI
X-StackifyID
X-DB
Shield-Pop
Instruction
Xet-Cookie
Lb
X-Amz-Meta-Cb-Modifiedtime
X-UA
X-Edge-POP
X-Cache-Date
Pramga
Is-Us
X-CCDN-CacheTTL
X-Apw-Access-Token
X-Apw-Hits
X-Cache-Status-Check
X-Apw-Access-Object
X-Apw-Access-Action
X-UnsetCookies
X-Cache-Expires
X-Depends-On
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Pad
X-Tt-Logid
ServerName
X-MiniProfiler-Ids
X-TH-Server
X-Mg-Request-Id
X-C
Vha6-Origin