Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Cache-Status
X-Generator
P3p
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Robots-Tag
Request-Context
X-Dns-Prefetch-Control
X-Ws-Request-Id
Server-Timing
X-AH-Environment
X-Server
X-Age
X-Hacker
X-Turbo-Charged-By
X-Server-Powered-By
X-Proxy-Cache
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Vhost
X-Amz-Version-Id
X-Server-Id
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH
X-WebKit-CSP
X-Response-Time
X-Readtime
X-Akam-SW-Version
Xkey
X-Webkit-CSP
X-HW
X-Country
X-Ac
Accept-Ch-Lifetime
X-Application-Context
Content-Location
X-Language
X-Template
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Url
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-Varnish-TTL
X-Cnection
X-Origin-Cache
X-Rack-Cache
Accept-CH-Lifetime
X-ASPNET-VERSION
X-D2id
X-Cdn-Fetch
X-Use-Magma
X-Country-Code
X-Exp-Id
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
Arr-Disable-Session-Affinity
X-Goog-Hash
Verso
X-VARITI-CCR
X-FastCGI-Cache
X-Server-Name
X-Vcap-Request-Id
X-Cached
Accept-Ch
X-Navigation-Version
X-Powered-By-Plesk
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Buckets
X-Abt-Application-Version
Service-Worker-Allowed
X-ORACLE-DMS-ECID
RTSS
X-Middleton-Display
X-Sol
Pagespeed
X-Middleton-Response
Display
Response
X-Fastly-Request-ID
X-Cache-TTL
X-Ttl
Access-Control-Request-Method
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-NF-Request-ID
Public-Key-Pins
X-Dw-Request-Base-Id
X-Upstream
X-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge
X-Ruxit-Js-Agent
S
X-Kinsta-Cache
X-LLID
X-Px
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Realpath
SPRequestDuration
SPIisLatency
X-Accel-Expires
X-TTL
SPRequestGuid
X-SharePointHealthScore
X-Edge-Location-Klb
X-T
X-HP-Webp
X-Oneagent-Js-Injection
X-Jurisdiction
X-MCACHE
X-Mid
X-PressLabs-Stats
X-Forwarded-Proto
X-ECACHE
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-Correlation-Id
Charset
X-Recruiting
X-Mg-S
Edge-Cache-Tag
X-Release
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
TP-Cache
TP-L2-Cache
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Ezoic-Cdn
X-Id
X-DynaTrace
X-Content-Digest
X-Request-Received
X-Request-Processing-Time
Filters
X-ORACLE-DMS-RID
Nginx-Cache
X-Logged-In
Server-Node
Cache-Tags
Alternate-Protocol
X-Server-ID
Front-End-Https
Content-MD5
X-Forwarded-For
X-Cache-Key
TCN
X-Origin-Upstream-Status
Server-Name
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Component-Id
X-Amzn-Trace-Id
X-Litespeed-Cache
X-Origin-Server
X-Grace
X-WebKit-CSP-Report-Only
X-Geo-Country
X-Hostname
X-Contextid
X-Amz-Replication-Status
X-F-Cache
X-Rid
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-GUploader-UploadID
X-Activity-Id
X-AppVersion
X-Az
Host
X-Goog-Stored-Content-Length
Cleartype
X-HS-Cache-Config
X-HS-Hub-Id
X-Protected-By
X-XRDS-LOCATION
X-HS-Content-Id
X-Www-Served-By
X-HS-Combine-CSS
X-XRDS-Location
X-RateLimit-Remaining
X-Frontend
X-Debug-Info
Section-Io-Cache
Ar-Sid
X-LB-Cache
AR-ATIME
AR-CACHE
AR-Request-ID
AR-PoweredBy
MicrosoftSharePointTeamServices
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Tec-Api-Version
X-Ser
X-Tec-Api-Root
X-Tec-Api-Origin
X-Page-Id
X-Git-Hash
X-Cache-Age
X-NWS-LOG-UUID
Accept-Charset
X-Varnish-Age
X-Upgrade-Enabled
X-Respond-Thread
X-Aspnetmvc-Version
X-Source
X-Content-Options
X-Hits
X-DIS-Request-ID
ServerID
X-Mobile-URL
Paypal-Debug-Id
X-Varnish-Backend
X-Varnish-Grace
X-B-Cache
X-Kong-Upstream-Latency
Access-Control-Allow-Method
X-Signature
X-Kong-Proxy-Latency
X-Cache-Action
X-Flags
X-FB-Debug
X-Providence-Cookie
X-Route-Name
Nel
X-Request-Guid
X-Is-Crawler
X-Aspnet-Duration-Ms
Healthy
Payment
X-Fastcgi-Cache
X-VCache
X-TT
X-B3-Sampled
X-Whom
X-Request-Handler-Origin-Region
X-Microsite
Viewport
X-Daa-Tunnel
X-N
Node
X-CACHE-GROUP
X-AOL-HN
X-App-Environment
X-Seen-By
X-Type
Version
X-Load-Cache
Fastcgi-Useragent
X-Mobile
DC
MS-CV
DynaTrace
X-Yandex-Sdch-Disable
X-Cache-Expired-At
X-HTML-Minification-Powered-By
Filterid
X-Distributor
X-Cache-Control
X-Webkit-Csp
X-IPLB-Instance
X-Ab
Retry-After
X-Original-Request-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Response-Served-From
X-Instance
SRV
X-UUID
Frame-Options
X-Real-IP
X-Tumblr-User
X-RemovedCookies
X-ProcessESI
X-Varnish-Server
X-Proxy-Cache-Status
NGB
X-Tumblr-Pixel-0
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-User-Agent
X-FireWall-Port
X-Region
X-Proxy
X-Jobs
X-Debug-IsPreview
Access-Control-Request-Headers
X-Device-Type
X-Debug-IsConnected
X-Content-Powered-By
Ms-Operation-Id
X-Cluster-Name
X-RTag
Uber-Trace-Id
Refresh
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-B
X-Debug
X-Cacheable-TTL
X-Adobe-Content
X-Page-View
X-Cache-Time
X-Adobe-Loc
X-Framework
X-G
X-Accel-Buffering
Cache
X-Wix-Request-Id
X-FW-Server
X-FW-Static
X-FW-Serve
X-Zen-Fury
X-FW-Type
X-FW-Hash
X-FW-Dynamic
Countrycode
X-Time
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Vgn-Hpd-Reason
X-RateLimit-Limit
Cache-Status
X-Cache-Hit
X-Nginx-Cache
Surrogate-Key
X-NGENIX-Cache
X-App-Version
X-Oracle-Dms-Rid
X-TA-CDN-Provider
X-Azure-Ref
X-Rendered-As
X-Is-Bot
Country
X-Drupal-Cache-Tags
X-Mg-Request-UUID
S-Cnection
Eomportal-Instance
X-App-Server
X-EdgeConnect-Cache-Status
X-Cache-Rule
X-Ms-Version
X-Ms-Request-Id
X-Node-Name
AMP-Access-Control-Allow-Source-Origin
Referer-Policy
Liferay-Portal
SD-X-WS
X-CDN-Forward
X-Drupal-Cache-Contexts
X-L-Path
X-Environment-Context
X-RN-RSRV
X-SaId
From-Origin
CF-IPCountry
X-Timing-Wait
X-Proxy-Build
X-Tumblr-Pixel-2
X-Cache-Operation
X-ES-SERVER
X-UPSTREAM-Address
X-Varnishpool
Meta-Geo
Selected-Fe
X-JoinUs
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-TNCMS
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Xfnlog-Site
X-Varnish-Hostname
X-Via-Fastly
X-Storefront-Renderer-Rendered
X-No-Session
ServedBy
X-Backend-Host
X-Cache-Server
X-Endurance-Cache-Level
Azure-InstanceId
Protected
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
X-GG-Cache-Date
X-Handled-By
X-Request-Time
X-S-Maxage
X-ShardId
X-ShopId
X-R9-Blue-Green-Version
X-Cache-TTL-Remaining
X-Loop
X-PHP-Backend
X-Pubstack
X-Shopify-Stage
X-Alternate-Cache-Key
X-Origin-Hint
X-PCL
Xserver
TWC-Connection-Speed
TWC-Device-Class
X-VWS-Id
X-ProxyCache-Status
Property-Id
X-Rule
X-ProxyCache-Key
Cache-Tv-Group
Cache-Name
Akamai-GRN
X-Proto
X-Server-W
Fastly-SSL
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
X-LJ-Flow-ID
X-Be
X-BYPASS-REASON
X-Human
X-LAGOON
X-NYM-Debug-Backend
X-AWS-Id
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-OCL
Webcakes-App-Name
X-Hl-Ver
Country-Code
Decoy-Debug-Key
X-Backend-Name
Decoy-Debug-TTL
X-Format
X-Access
X-Origin-Date
Decoy-Debug-Status
X-Section
X-Adobe-Source
X-RCS-CacheZone
X-Varnish-Beresp-Grace
X-SayCDN-TTL
X-Status
X-Say-TTL
Apigw-Requestid
X-Say-Cacheable
X-Labrador-Cache-Channel
X-Akamai-Edgescape
X-ApacheServer
X-PERF
X-Cache-PHP
X-UA-Device-Type
Mn-Server-Ip
X-Sql-Duration-Ms
X-FB-TRIP-ID
X-PHP-Host
X-Sql-Count
X-Hosted-By
X-Hyper-Cache
X-Uri
X-Redis-Cache
X-Web-Node
X-Revision
X-Trace-Id
X-Dc
X-WA-Info
X-MP-GENERATED-AT
X-ATG-Version
X-Ua-Device
X-FW-Version
Amp-Access-Control-Allow-Source-Origin
X-Cached-By
X-B3-SpanId
X-Content-Age
X-Cache-Type
X-CSRF-Token
X-Time-Microsecs
X-Soup
X-ServerID
X-Datadome
X-Cache-Enabled
X-Tumblr-Pixel-3
X-Edge-Location
X-Mode
X-CACHE-KEY
Backend
X-Aws-Lambda-Call-Status
X-TT-LOGID
X-Info
X-Akamai-Transformed
X-Bc-Bl
X-Detected-As
X-Microcachable
X-Varnish-Ttl
X-SRV
X-Varnish-Beresp-Status
X-Azure-Ref-OriginShield
X-CS
X-Varnish-Cache-Hits
X-Cache-NGX
X-APP-VERSION
X-Cache-Host
X-Parallel-Accel
Web-Mar-Node
Who
X-Debug-Cache
X-Generation-Time
X-Storage
X-Platform
Count-Hit
X-Zipkin-Id
OT-Force-Account-Verify
X-Routing-Service
DataCenter
X-Proxied
GEO-INFO
X-Cluster-Node
X-Varnish-Hits
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Amzn-RequestId
Cross-Origin-Opener-Policy
X-Unique-ID
X-Via-JSL
X-Extlb
X-Locale
Server-Info
X-Origin-CC
X-Servername
X-Varnish-Beresp-Ttl
X-Origin-TTL
X-B3-Traceid
X-External-Request-Id
Mobile-Detection-Method
X-Epic-Correlation-Id
X-A-Dgt
X-A-Wwc
X-A-Dam
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Geo-Header
X-Magnolia-Registration
X-Generated-On
Odigeo-Trace-Id
X-S
X-From
X-A-Dcw
X-Destination
X-CF-Lambda-Version
Expiry
Fastcgi-X-Cache-Version
Fastly-Backend-Name
X-Aed
Meta-Geo-Continent
X-Cms-Context
DCR-Decision-By
DCR-Processing-Time-Ms
X-CF-Lambda-Fn
X-Cache-NE
X-BCube-Filmed-By
M-TraceId
X-B-Cookie
X-Bip
X-Cache-Bucket
MD5-Digest
X-Application
Host-ID
Content-Disposition
X-Connection-Hash
X-ARC
BehaviorPad-Version
X-D
X-Developer
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Cache-Host
CDCHOST
CDN-RequestId
CDN-Uid
X-Core-Value
CDN-RequestCountryCode
CDN-PullZone
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
A
X-Vtex-Remote-Cache
X-PAYTM-SRV-ID
X-Vdms-Path
X-PBS-Appsvrname
X-Proxy-Upstream
X-Thanos
Req-Svc-Chain
X-NAPM-TraceId
X-Location
X-Vdms-Version
T-Server
Rendered-Blocks
X-Ratelimit-Reset
State
X-Rewrite-Enabled
X-ScT
X-S-Cookie
X-Rojux
X-Service
X-Session-Fingerprint
Surrogated-Key
X-Sucuri-ID
X-SRCache-Key
X-Request-URI
X-VG-WebCache
X-Processor
X-A-Ccd
X-Level-Front-Cache
X-Vtex-Processado-Em
X-VG-WebServer
X-A
X-AIR-PT
Upgrade-Insecure-Requests
X-Tb
X-Rebelmouse-Cache-Control
Path
X-Sigma-Backend
X-Clientip
Kp-EeAlive
X-Rebelmouse-Surrogate-Control
Cmsid
X-Sigma
Cmstype
X-Req
Fastcgi-Cache-TTL
X-Served-From
Gh-Request-Id
X-HN
X-Rocket-Build-Number
X-DataDome
X-Cache-Debug
X-Is-Gdpr
Memcached
L
X-JWT-State
X-Request-UUID
Fastly-Drupal-HTML
Fastly-SWR
Fastly-SIE
Esi-Enabled
Pagetype
X-Backend-State
X-Gamma-Serve
X-Envoy-Decorator-Operation
Origin
UCS
X-Developers
X-VarnishDD-TTL
SID
X-Origin
X-VG-TLSProxy
X-GoCache-CacheStatus
X-Hash
X-Aicache-OS
X-Minions-Version
X-NU-AKA-ACS-Version
X-Scheme
AKAMAI
X-Var-Ttl
X-Date
X-Accel-Expires-Debug
X-Branch-Name
X-TrackingId
CacheControlHeader
X-Varnish-Url
X-Has-Esi
PFcat
Server-Host
X-Platform-Server
X-Site-Version
Location
X-Cluster
User-Cache-Control
Source
TDXMobile
Vix-Hermes-Req-Id
Wxu-Next-Region
Wxu-Next-Commit
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Wxu-Next-Hostname
X-Forwarded-Site
X-Origin-Expires
X-Owner
X-VC-Cache
X-Micro-Cache
X-Men
X-LI-UUID
X-Loc
X-Variation
X-Policy
X-SVT-ORM-RULES
X-Request-Host
X-SVT-ORM-VERSION
X-RateLimit-Remaining-Second
X-Thinkindot-L3
X-RateLimit-Limit-Second
X-Li-Pop
X-Viewer-Country
X-Csrf-Jwt
X-Device-Os
X-DPWN-IS-SECURE
X-Clara-WADP
X-CGP
X-Cache-Info
X-Cache-Tags
X-Eu-Site
X-Fastly-Backend
X-Generated-In
X-Li-Fabric
X-WADP-Cache
X-Generated-By
X-Fastly-Cache
X-Fmm-Version
X-Cache-Grace
We-Hiring
HA-Ipaddr
Ha-Gx-Prefs
Ec-Rule-Version
Is-Eu
L5d-Success-Class
NM-Fastcgi-Cache
NGX
Mail-Subject
DSUID
Cf-Device-Type
X-VHOST
Svr
X-NWS-UUID-VERIFY
X-Amz-Meta-S3cmd-Attrs
Adler-Geo
C-Via
Arc-Version
Arc-Country
PB-PID
X-TX-ID
PB-RID
Pics-Label
Platform
NtCoent-Length
X-EC-Lua
X-Slack-Backend
X-Skip-Cache
X-Ua
X-FC-Vary-Parameters
X-Fetched-On
X-Esi-Check
S-Rt
Sever-Int
Server-Hostname
X-DefHash
X-Varnish-Remaining-TTL
X-SIPLIST1
X-Varnish-CookieHashed-On
X-User
X-Ratelimit-Limit
X-Hnp-Log
X-PF-Uncompressing
X-Gzip
X-Irp-Debug
X-Old-Content-Length
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GeoIP-City
X-DefElseHash
Webserver
X-HP-Trace-Id
X-Gen-Mode
X-GeoIP
X-Qloud-Router
X-Forwarded-Host
X-Varnish-CookieINHashed-On
X-Cache-Id
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Block-Status
VNS-Age
Locid
IsBot
Server-Ext
VNS-Cache
Release
X-VServer
CPC-Age
V-Age
X-Via-NSCOPI
CPC-Cache
Cache-Key
My-App
X-Pass-Why
Geo-Info
X-Tenant
X-Planisys-CDN-TTL
Cross-Origin-Window-Policy
Cache-Hits
X-HS-Content-Campaign-Id
X-Planisys-CDN-Rules
X-Orig-Expires
X-Shop-Environment
X-Planisys-CDN-Cache
Url
X-Forwarded-Path
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Via-Popn
X-Via-Popv
Content-Secure-Policy
X-Vc
X-Via-Poph
X-PJAX-URL
X-Unique-Id
Powered-By-ChinaCache
X-Mvc-Supplant-OutputCached
X-Zone
X-Ratelimit-Remaining
MIME-Version
X-Ftr-Request-Id
X-TraceId
X-Srv
X-Cache-Ttl
X-OVcl-Cache
X-Refresh
X-Conf
X-Internal-Host
X-OVcl
XServer
X-GEO
X-NC
Cf-Bgj
X-BBC-Edge-Cache-Status
X-LB-ID
DB-Nickname
X-ID
X-Backend-TTL
Tcn
X-Ckpd-Fst-Backend
X-NCache
X-Worker
Magicmarker
WebServer
X-Geo
Server-ID
HostName
Geoip-Latitude
Memory
X-Auto-Login
GeoIp-Country-Code
Time
X-ZONE
X-Servedbyhost
X-LSADC-Cache
X-Dispatcher-Server
X-NewRelic-App-Data
X-V-Cache
X-TIME
X-Method
X-Render-Time
X-Rocket-Nginx-Serving-Static
X-Newrelic-Synthetics
X-IP
X-Platform-Cluster
Ssr
X-M-Log
X-DC
X-Qnm-Cache
X-M-Reqid
Hostname
X-Platform-Processor
X-Dynatrace
X-Tb-Optimization-Total-Bytes-Saved
X-Platform-Router
X-Traceid
X-Cache-Remote
X-SD-PageType
X-CLOUD-TRACE-CONTEXT
X-Li-Proto
Resin-Trace
X-Wa
X-Tx-Id
Environment
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
LB
X-App
X-Nc
X-Datadog-Parent-Id
X-Correlation-ID
X-BBC-Origin-Response-Status
X-API-Version
X-Trv-Group
X-Origin-Time
X-NodeID
X-Vcl-Version
X-Cache-Config
X-Gdpr
X-Nyt-Route
Ohc-File-Size
X-Edge-Pop
X-Via-Ucdn
X-Server-IP
X-APP
X-Via-CDN
Cluster
X-CACHE-AGE
X-VCL-Version
X-Node-Id
X-MSEdge-Features
X-MSEdge-Flight
X-Pod-Name
X-Origin-Response-Time
X-HITS
X-Varnish-Beresp-TTL
X-DynaTrace-JS-Agent
Candidate-Md5Url
Env
Cf-Ipcountry
X-ServerName
X-LI-Proto
X-Cache-Var
X-WA
X-Reqid
X-Akamai-Pragma-Client-IP
X-Cache-Var-Map
Datacenter
X-Wix-Viewer-Type
X-FTR-Request-ID
X-Cdn-Forward
X-ElasticPress-Query
CF-Cached-On
Web-Mar-Region
Sid
X-ND-Cache
N-Cache
X-HostName
X-Webkit-CSP-Report-Only
X-HS-Status
Rt-Fastcgi-Cache
X-Fastly-Request-Id
VivaBuild
X-Cs
Viewtype
Machine
CDN
Proxy-Connection
Server-Id
X-Dynatrace-Js-Agent
GeoIP-Country-Code
X-ServedByHost
GeoIP-Latitude
Cdn
Servername
On-Server
WWW-Authenticate
FSS-Cache
X-Fastly-Backend-Reqs
Onion-Location
X-EIG-Tracking-Id
X-NGINX-Cache
X-Varnish-Cacheable
WZWS-RAY
X-Check-Cacheable
X-Lb-Id
X-Swa-Ws
X-URL
X-Xrds-Location
X-CSRF-TOKEN
X-Esi
Ohc-Cache-HIT
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Via-PopN
X-Via-PopV
X-FTR-Realm
X-FTR-Cache-Status
X-Cache-Backend
Mime-Version
X-Country-Code-Real
X-VC
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-Via-PopH
X-FTR-DC
X-Pjax-Url
Xc-Version
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-CCM
X-ECache
X-Content
X-Ua-Browser
X-SN
Server-Ttl
CountryCode
URI
Cteonnt-Length
Shield-Pop
X-Swift-Error
X-Tid
Redirect-Candidate
X-TIM-N
X-MG-S
X-AB
Tracecode
X-Fpc
X-Request-Start
X-Up
X-Cache-ASPX
X-CUA
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Air-Pt
Lb
CACHE
X-FORWARDED-FOR
X-Vcache
Srv
X-DW
X-RPM
X-RPS
X-DSS
X-DI
X-LiteSpeed-Cache-Control
X-SB
SR-User-Adfree
X-Action
X-DB
X-RSL
X-StackifyID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Date
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Dw-Trace-Id
Xet-Cookie
Is-Us
Pramga
X-Region-Sid
Instruction
X-Snapshot-Date
WP-Super-Cache
X-Yottaa-OS
X-FTR-Expires
X-ElasticPress-Search
Warning
X-Webstats-RespID
X-Pf-Uncompressing
Ohc-Response-Time
ServerName
X-Fastly-Cache-Hits
X-Mg-Request-Id
X-CCDN-CacheTTL
X-Cache-Status-Check
Vha6-Origin
X-FPC
PICS-Label
X-C
X-Apw-Access-Action
X-Apw-Hits
X-UnsetCookies
X-Tt-Logid
X-TH-Server
X-Hcs-Proxy-Type
X-Depends-On
X-Pad
X-MiniProfiler-Ids
X-CCDN-Origin-Time
X-Apw-Access-Object
X-Cache-Expires
X-Apw-Access-Token