Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Cache-Status
X-Generator
P3p
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
X-Robots-Tag
Request-Context
X-Ws-Request-Id
Server-Timing
X-AH-Environment
X-Server
X-Age
X-Hacker
X-Turbo-Charged-By
X-Server-Powered-By
X-Proxy-Cache
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Railgun
X-Vhost
X-Amz-Version-Id
X-Server-Id
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH
X-WebKit-CSP
X-Response-Time
X-Readtime
X-Akam-SW-Version
Xkey
X-Webkit-CSP
X-HW
X-Country
X-Ac
Accept-Ch-Lifetime
X-Application-Context
Content-Location
X-Language
MS-Author-Via
X-Template
X-Cloud-Trace-Context
Rating
X-Url
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-Vname
X-PC
X-TtlSet
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-GitHub-Request-Id
Fastly-Restarts
X-Content-Type
X-Varnish-TTL
X-Cnection
X-Origin-Cache
X-Rack-Cache
Accept-CH-Lifetime
X-ASPNET-VERSION
X-D2id
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Cdn-Fetch
X-GoogleNews-Bot
Arr-Disable-Session-Affinity
X-Country-Code
X-Goog-Hash
Verso
X-FastCGI-Cache
X-VARITI-CCR
X-Server-Name
X-Vcap-Request-Id
X-Cached
Accept-Ch
X-Navigation-Version
X-Powered-By-Plesk
Cache-Tag
X-Abt-Application-Version
X-Buckets
X-Amz-Rid
X-Client-IP
Service-Worker-Allowed
X-ORACLE-DMS-ECID
RTSS
X-Middleton-Display
X-Sol
Pagespeed
X-Middleton-Response
Display
Response
X-Fastly-Request-ID
X-Cache-TTL
Access-Control-Request-Method
X-Ttl
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-NF-Request-ID
Public-Key-Pins
X-Dw-Request-Base-Id
X-Upstream
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ruxit-Js-Agent
S
X-Edge
X-Kinsta-Cache
X-LLID
X-Px
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Realpath
X-Accel-Expires
SPIisLatency
SPRequestDuration
X-TTL
X-SharePointHealthScore
SPRequestGuid
X-Edge-Location-Klb
X-Jurisdiction
X-T
X-Oneagent-Js-Injection
X-HP-Webp
X-Mid
X-MCACHE
X-ECACHE
X-PressLabs-Stats
X-Forwarded-Proto
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-Correlation-Id
Charset
X-Recruiting
X-Mg-S
Edge-Cache-Tag
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
TP-Cache
X-Release
TP-L2-Cache
X-Kraken-Loop-Name
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Ezoic-Cdn
X-DynaTrace
X-Content-Digest
X-Id
X-Request-Received
X-Request-Processing-Time
Filters
X-ORACLE-DMS-RID
Nginx-Cache
X-Logged-In
Server-Node
Alternate-Protocol
X-Server-ID
Cache-Tags
Front-End-Https
Content-MD5
X-Forwarded-For
X-Cache-Key
TCN
X-Origin-Upstream-Status
Server-Name
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
X-Amzn-Trace-Id
X-Litespeed-Cache
X-Grace
X-Origin-Server
X-WebKit-CSP-Report-Only
X-Geo-Country
X-Hostname
X-Contextid
X-Rid
X-Amz-Replication-Status
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-F-Cache
X-Goog-Metageneration
X-AppVersion
X-Activity-Id
X-Az
Host
X-XRDS-LOCATION
Cleartype
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-Www-Served-By
X-Protected-By
X-XRDS-Location
X-RateLimit-Remaining
Section-Io-Cache
X-LB-Cache
X-Frontend
X-Debug-Info
AR-CACHE
AR-PoweredBy
AR-ATIME
Ar-Sid
AR-Request-ID
MicrosoftSharePointTeamServices
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Page-Id
X-Ser
X-Git-Hash
X-Cache-Age
X-NWS-LOG-UUID
Accept-Charset
X-Varnish-Age
X-Upgrade-Enabled
X-Aspnetmvc-Version
X-Respond-Thread
X-Source
X-Hits
X-Content-Options
X-DIS-Request-ID
ServerID
X-Mobile-URL
Paypal-Debug-Id
X-Varnish-Backend
X-Varnish-Grace
X-Kong-Proxy-Latency
X-Signature
X-Kong-Upstream-Latency
Access-Control-Allow-Method
X-B-Cache
X-Route-Name
Nel
X-VCache
X-Fastcgi-Cache
X-Request-Guid
X-Is-Crawler
X-FB-Debug
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Flags
Payment
X-Cache-Action
X-TT
X-Request-Handler-Origin-Region
X-Microsite
Healthy
X-Whom
X-B3-Sampled
Viewport
X-N
X-Daa-Tunnel
X-CACHE-GROUP
X-AOL-HN
Node
X-App-Environment
X-Seen-By
X-Type
Version
X-Load-Cache
Fastcgi-Useragent
X-Mobile
DC
MS-CV
DynaTrace
Filterid
X-Yandex-Sdch-Disable
X-Cache-Expired-At
X-HTML-Minification-Powered-By
X-Distributor
X-Cache-Control
X-IPLB-Instance
X-Webkit-Csp
Retry-After
X-Ab
X-Tt-Trace-Tag
X-Response-Served-From
X-Original-Request-Id
X-Tt-Trace-Host
SRV
X-UUID
X-Real-IP
NGB
X-Proxy-Cache-Status
X-RemovedCookies
X-FireWall-Port
X-Tumblr-Pixel-0
X-ProcessESI
X-Instance
X-Tumblr-Pixel
X-User-Agent
X-Tumblr-Pixel-1
X-Tumblr-User
Frame-Options
X-Cluster-Name
Ms-Operation-Id
X-RTag
Access-Control-Request-Headers
X-Debug-IsConnected
X-Content-Powered-By
X-Varnish-Server
X-Proxy
X-Jobs
X-IPS-LoggedIn
X-Device-Type
X-Debug-IsPreview
X-Region
Refresh
X-Page-View
X-Cacheable-TTL
X-Adobe-Loc
X-B
X-Adobe-Content
X-Debug
X-Cache-Time
Uber-Trace-Id
X-Framework
VIX-Pulpo-Upstream-Status
X-Accel-Buffering
X-G
VIX-Pulpo-Node
Cache
X-Wix-Request-Id
X-FW-Dynamic
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Server
Countrycode
X-Zen-Fury
Section-Io-Origin-Time-Seconds
X-Time
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Status
X-Vgn-Hpd-Reason
X-RateLimit-Limit
X-Nginx-Cache
Cache-Status
X-Cache-Hit
X-NGENIX-Cache
X-App-Version
Surrogate-Key
X-Oracle-Dms-Rid
X-Azure-Ref
X-TA-CDN-Provider
X-Drupal-Cache-Tags
Country
X-Is-Bot
X-Rendered-As
X-Mg-Request-UUID
Eomportal-Instance
S-Cnection
X-App-Server
X-Cache-Rule
X-EdgeConnect-Cache-Status
X-Ms-Version
X-Ms-Request-Id
X-CDN-Forward
Referer-Policy
X-Node-Name
AMP-Access-Control-Allow-Source-Origin
SD-X-WS
Liferay-Portal
X-Drupal-Cache-Contexts
X-Environment-Context
X-L-Path
X-Proxy-Build
X-Cache-Operation
X-RN-RSRV
X-JoinUs
X-ES-SERVER
CF-IPCountry
X-SaId
Meta-Geo
X-Varnishpool
From-Origin
X-Timing-Wait
X-UPSTREAM-Address
Selected-Fe
X-Tumblr-Pixel-2
X-Via-Fastly
X-Shopify-Stage
X-Loop
X-ShopId
X-ShardId
X-PHP-Backend
X-GG-Cache-Date
X-Handled-By
X-Request-Time
X-No-Session
X-Cache-Server
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Backend-Host
X-Varnish-Hostname
X-S-Maxage
X-Yottaa-Metrics
X-Alternate-Cache-Key
X-Yottaa-Optimizations
Protected
X-R9-Blue-Green-Version
Azure-RegionName
Azure-InstanceId
X-Endurance-Cache-Level
Azure-SiteName
X-Sorting-Hat-ShopId
Azure-Version
Azure-SlotName
X-TNCMS
X-AWS-Id
ServedBy
X-BYPASS-REASON
X-Cache-TTL-Remaining
Cache-Name
Cache-Tv-Group
X-Be
X-Human
X-LJ-Flow-ID
X-PCL
X-Proto
X-Pubstack
X-Rule
X-Xfnlog-Site
X-OCL
X-ProxyCache-Status
X-ProxyCache-Key
X-Server-W
X-VWS-Id
X-Backend-Name
X-SayCDN-TTL
Akamai-GRN
X-Varnish-Beresp-Grace
Fastly-SSL
Country-Code
X-Say-Cacheable
X-Adobe-Source
X-Say-TTL
TWC-Connection-Speed
Property-Id
TWC-GeoIP-Country
X-Origin-Hint
TWC-Device-Class
X-Origin-Date
X-NYM-Debug-Backend
X-LAGOON
Webcakes-Region
X-Hl-Ver
Webcakes-App-Version
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-Access
X-Akamai-Edgescape
X-Sql-Count
Xserver
X-Section
X-FB-TRIP-ID
X-Format
X-RCS-CacheZone
X-PHP-Host
X-Cache-PHP
X-UA-Device-Type
X-Sql-Duration-Ms
X-Status
X-Labrador-Cache-Channel
Apigw-Requestid
X-Uri
X-Hyper-Cache
X-Hosted-By
Mn-Server-Ip
X-Redis-Cache
X-ApacheServer
X-PERF
X-Web-Node
X-Revision
X-Dc
X-Trace-Id
X-WA-Info
X-MP-GENERATED-AT
X-FW-Version
X-ATG-Version
Amp-Access-Control-Allow-Source-Origin
X-Ua-Device
X-Cached-By
X-Content-Age
X-B3-SpanId
X-CSRF-Token
X-Cache-Type
X-Soup
X-ServerID
X-Time-Microsecs
X-Tumblr-Pixel-3
X-Cache-Enabled
X-Datadome
X-Aws-Lambda-Call-Status
X-Mode
X-CACHE-KEY
Backend
X-TT-LOGID
X-Edge-Location
X-Akamai-Transformed
X-Info
X-Bc-Bl
X-SRV
X-Microcachable
X-Detected-As
X-Varnish-Cache-Hits
X-CS
X-Azure-Ref-OriginShield
X-Varnish-Beresp-Status
X-Cache-Host
X-Cache-NGX
X-Parallel-Accel
X-Varnish-Ttl
X-Generation-Time
X-APP-VERSION
X-Debug-Cache
Who
Web-Mar-Node
X-Zipkin-Id
X-Platform
X-Varnish-Hits
X-Proxied
OT-Force-Account-Verify
X-Routing-Service
Count-Hit
DataCenter
X-Cluster-Node
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
Cross-Origin-Opener-Policy
X-Storage
GEO-INFO
X-Unique-ID
X-Via-JSL
X-Extlb
Server-Info
X-Locale
X-Varnish-Beresp-Ttl
X-B3-Traceid
X-Origin-CC
X-Origin-TTL
X-Servername
Fastly-Backend-Name
Host-ID
Odigeo-Trace-Id
Rendered-Blocks
Req-Svc-Chain
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
M-TraceId
CDN-RequestCountryCode
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
Cache-Host
A
BehaviorPad-Version
CDN-PullZone
State
DCR-Processing-Time-Ms
Expiry
DCR-Decision-By
Content-Disposition
CDN-RequestId
CDN-Uid
Fastcgi-X-Cache-Version
X-CF-Lambda-Fn
X-Request-URI
X-Ratelimit-Reset
X-Rewrite-Enabled
X-Rojux
X-S
X-Proxy-Upstream
X-Processor
X-Location
X-Level-Front-Cache
X-NAPM-TraceId
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-S-Cookie
X-ScT
X-VG-WebCache
X-Vdms-Version
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Vdms-Path
X-Thanos
X-Service
X-Session-Fingerprint
X-SRCache-Key
X-Sucuri-ID
X-Geo-Header
X-Generated-On
X-Aed
X-A-Wwc
X-Application
X-ARC
X-B-Cookie
X-A-Dgt
X-A-Dcw
T-Server
X-A
X-A-Ccd
X-A-Dam
X-BCube-Filmed-By
X-Bip
X-Developer
X-Destination
X-Epic-Correlation-Id
X-External-Request-Id
X-From
X-D
X-Core-Value
X-Cache-Bucket
X-Cache-NE
X-CF-Lambda-Version
X-Cms-Context
Surrogated-Key
X-Connection-Hash
X-Magnolia-Registration
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-AIR-PT
Upgrade-Insecure-Requests
X-Tb
Kp-EeAlive
Gh-Request-Id
X-Req
X-Rebelmouse-Surrogate-Control
X-Request-UUID
X-Rebelmouse-Cache-Control
Fastly-SIE
X-Scheme
X-Served-From
X-Sigma
X-Sigma-Backend
Esi-Enabled
X-Rocket-Build-Number
Location
Fastly-Drupal-HTML
SID
Fastcgi-Cache-TTL
Fastly-SWR
X-NU-AKA-ACS-Version
X-Accel-Expires-Debug
X-Gamma-Serve
UCS
X-GoCache-CacheStatus
X-Date
X-DataDome
X-Site-Version
X-Branch-Name
X-Clientip
X-Has-Esi
X-Hash
Origin
Cmstype
Memcached
Pagetype
Path
Server-Host
X-Is-Gdpr
X-JWT-State
X-Origin
X-Platform-Server
Apple-News-Services-Handled
X-TrackingId
CacheControlHeader
AKAMAI
X-Var-Ttl
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-VG-TLSProxy
X-Varnish-Url
CDCHOST
X-Minions-Version
Cmsid
X-Aicache-OS
User-Cache-Control
Source
X-Cluster
PFcat
TDXMobile
PB-RID
Thinkindot-CacheControl
PB-PID
X-VC-Cache
Platform
Thinkindot-CacheControl-Type
X-Li-Fabric
Pics-Label
X-VarnishDD-TTL
X-HN
X-Fmm-Version
X-Backend-State
X-Developers
X-Device-Os
X-WADP-Cache
X-Cache-Debug
X-Cache-Info
X-Cache-Grace
X-Clara-WADP
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Variation
X-Forwarded-Site
X-Generated-By
We-Hiring
X-Fastly-Cache
X-TX-ID
X-Fastly-Backend
Thinkindot-Control
X-Li-Pop
X-Policy
X-SVT-ORM-RULES
L
X-Cache-Tags
X-Amz-Meta-S3cmd-Attrs
Ec-Rule-Version
X-NWS-UUID-VERIFY
Is-Eu
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-Request-Host
C-Via
Arc-Version
X-VHOST
Arc-Country
X-Origin-Expires
X-Owner
X-Men
X-Micro-Cache
Cf-Device-Type
Mail-Subject
NGX
NM-Fastcgi-Cache
DSUID
X-LI-UUID
Adler-Geo
X-Loc
NtCoent-Length
X-EC-Lua
X-Viewer-Country
X-VServer
X-Skip-Cache
X-Ratelimit-Limit
X-Slack-Backend
X-SIPLIST1
X-CGP
X-DefElseHash
Webserver
X-Csrf-Jwt
X-DefHash
X-Via-NSCOPI
X-Old-Content-Length
X-Gzip
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GeoIP-City
X-Hnp-Log
X-Irp-Debug
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Mvc-Supplant-Cachable
X-PF-Uncompressing
X-Qloud-Router
X-RateLimit-Remaining-Second
X-Fetched-On
X-FC-Vary-Parameters
X-Eu-Site
X-Varnish-CookieHashed-On
X-Gen-Mode
X-GeoIP
X-Generated-In
X-RateLimit-Limit-Second
X-Esi-Check
X-Nginx-Cache-Key
Sever-Int
Wxu-Next-Region
Ha-Gx-Prefs
Server-Hostname
HA-Ipaddr
Server-Ext
Svr
Wxu-Next-Hostname
CPC-Cache
True-Client-Country-4JS
Vix-Hermes-Req-Id
VNS-Age
Wxu-Next-Commit
VNS-Cache
X-HP-Trace-Id
Release
IsBot
X-Cache-Id
L5d-Success-Class
Cache-Key
X-Block-Status
X-Ua
My-App
CPC-Age
S-Rt
Geo-Info
X-Pass-Why
V-Age
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Wikidot-Backend
X-Shop-Environment
X-User
X-HS-Content-Campaign-Id
X-Tenant
X-Wikidot-Static-Cache
Locid
X-Orig-Expires
X-Forwarded-Host
X-Forwarded-Path
Url
X-TEC-API-ORIGIN
Cross-Origin-Window-Policy
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Via-Poph
X-Via-Popv
X-Mvc-Supplant-OutputCached
X-Vc
X-PJAX-URL
X-Unique-Id
Powered-By-ChinaCache
Cache-Hits
Content-Secure-Policy
X-Via-Popn
X-Zone
MIME-Version
X-Ftr-Request-Id
X-Ratelimit-Remaining
X-TraceId
X-Conf
X-OVcl
X-Internal-Host
X-OVcl-Cache
X-Refresh
X-Srv
X-Cache-Ttl
XServer
Cf-Bgj
X-NC
X-LB-ID
X-BBC-Edge-Cache-Status
X-GEO
DB-Nickname
X-ID
Tcn
X-Backend-TTL
X-Ckpd-Fst-Backend
Magicmarker
X-Worker
WebServer
X-Geo
Geoip-Latitude
X-NCache
GeoIp-Country-Code
Time
Server-ID
X-Servedbyhost
HostName
X-Auto-Login
Memory
X-ZONE
X-LSADC-Cache
X-TIME
X-V-Cache
X-Dispatcher-Server
X-Method
X-NewRelic-App-Data
X-Render-Time
X-Rocket-Nginx-Serving-Static
X-Newrelic-Synthetics
X-M-Reqid
X-IP
X-M-Log
X-Qnm-Cache
Hostname
X-Dynatrace
Ssr
X-DC
X-Tb-Optimization-Total-Bytes-Saved
X-Traceid
X-CLOUD-TRACE-CONTEXT
X-Li-Proto
X-Wa
X-SD-PageType
Resin-Trace
X-Cache-Remote
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Tx-Id
X-Datadog-Trace-Id
LB
X-App
X-Datadog-Sampling-Priority
Environment
X-Datadog-Parent-Id
X-Nc
X-Correlation-ID
X-Trv-Group
X-Vcl-Version
X-BBC-Origin-Response-Status
X-Gdpr
X-Nyt-Route
X-Origin-Time
X-Cache-Config
X-API-Version
Ohc-File-Size
X-Edge-Pop
Cluster
X-Server-IP
X-MSEdge-Flight
X-CACHE-AGE
X-Via-CDN
X-HITS
X-MSEdge-Features
X-APP
X-Via-Ucdn
X-Node-Id
X-NodeID
X-Origin-Response-Time
X-VCL-Version
X-Varnish-Beresp-TTL
X-DynaTrace-JS-Agent
Candidate-Md5Url
X-Pod-Name
Env
Cf-Ipcountry
X-ServerName
X-LI-Proto
X-WA
X-Akamai-Pragma-Client-IP
X-Cache-Var-Map
X-Reqid
X-Cache-Var
Datacenter
X-ElasticPress-Query
N-Cache
Web-Mar-Region
X-Wix-Viewer-Type
X-ND-Cache
X-FTR-Request-ID
CF-Cached-On
Sid
X-HostName
X-Webkit-CSP-Report-Only
X-Cdn-Forward
Rt-Fastcgi-Cache
X-Fastly-Request-Id
VivaBuild
Viewtype
X-HS-Status
X-Cs
Machine
CDN
Server-Id
X-ServedByHost
X-Dynatrace-Js-Agent
GeoIP-Country-Code
Proxy-Connection
GeoIP-Latitude
Onion-Location
WWW-Authenticate
X-EIG-Tracking-Id
FSS-Cache
X-Varnish-Cacheable
On-Server
X-NGINX-Cache
Cdn
Servername
X-Fastly-Backend-Reqs
X-Check-Cacheable
WZWS-RAY
X-URL
X-Lb-Id
X-Swa-Ws
X-CSRF-TOKEN
X-Xrds-Location
X-Esi
Ohc-Cache-HIT
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-VC
X-Via-PopV
Mime-Version
Xc-Version
X-Cache-Backend
X-Country-Code-Real
X-Via-PopN
X-FTR-Backend
X-Via-PopH
X-FTR-Backend-Server
X-IN-APIGATEWAYSSL
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-IN-APIGATEWAY
X-Pjax-Url
X-Oss-Request-Id
X-Oss-Storage-Class
X-CCM
Cteonnt-Length
X-Tid
X-TIM-N
X-Request-Start
Redirect-Candidate
X-Fpc
Shield-Pop
X-Swift-Error
CountryCode
Server-Ttl
X-ECache
URI
X-AB
X-MG-S
X-SN
Tracecode
X-Ua-Browser
X-Content
Lb
CACHE
X-FORWARDED-FOR
X-Varnish-Authentication
X-Cache-ASPX
X-Air-Pt
X-Contensis-Viewer-Groups
X-CUA
X-Up
X-Vcache
X-DI
X-Fastly-Cache-Hits
X-DSS
X-RPM
Xet-Cookie
X-DW
Ohc-Response-Time
Warning
X-RPS
X-Dw-Trace-Id
X-Pf-Uncompressing
X-Action
X-DB
ServerName
Is-Us
X-Acquia-Purge-Tags
X-LiteSpeed-Cache-Control
X-Snapshot-Date
SR-User-Adfree
X-Acquia-Application-UUID
WP-Super-Cache
X-Webstats-RespID
X-SB
X-Region-Sid
X-FTR-Expires
X-Yottaa-OS
X-Acquia-Site
X-Acquia-Application-Trace
Pramga
Instruction
X-RSL
X-Cache-Date
X-Amz-Meta-Cb-Modifiedtime
X-ElasticPress-Search
X-StackifyID
Srv
X-FPC
X-MiniProfiler-Ids
X-Apw-Hits
X-Cache-Status-Check
X-CCDN-CacheTTL
X-Apw-Access-Token
X-Apw-Access-Object
X-UnsetCookies
X-Apw-Access-Action
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Cache-Expires
X-Pad
X-Tt-Logid
X-Depends-On
X-TH-Server
X-Mg-Request-Id
X-C
Vha6-Origin