Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
P3P
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
Keep-Alive
Request-Context
X-Robots-Tag
Server-Timing
X-Ws-Request-Id
X-AH-Environment
X-Server
X-Ua-Compatible
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-Vhost
X-Host
X-Dispatcher
X-OneAgent-JS-Injection
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-WebKit-CSP
X-Response-Time
X-Readtime
Accept-CH
X-Akam-SW-Version
Xkey
X-HW
X-Country
X-Webkit-CSP
X-Ac
Content-Location
X-Application-Context
X-Language
Accept-Ch-Lifetime
X-Template
X-Cloud-Trace-Context
MS-Author-Via
Rating
X-Url
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
X-Ruxit-JS-Agent
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
X-B3-TraceId
X-ESI
X-MS-InvokeApp
X-Varnish-TTL
X-Trace
X-GitHub-Request-Id
Accept-CH-Lifetime
Fastly-Restarts
X-ASPNET-VERSION
X-Content-Type
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-D2id
Arr-Disable-Session-Affinity
Verso
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Country-Code
X-Goog-Hash
X-VARITI-CCR
X-FastCGI-Cache
Accept-Ch
X-Cached
X-Server-Name
X-Vcap-Request-Id
X-Navigation-Version
X-Powered-By-Plesk
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-Buckets
X-Fastly-Request-ID
X-ORACLE-DMS-ECID
RTSS
Pagespeed
X-Middleton-Display
X-Middleton-Response
Display
Response
X-Sol
Access-Control-Request-Method
X-Ruxit-Js-Agent
X-Cache-TTL
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-Ttl
X-NF-Request-ID
X-Oneagent-Js-Injection
X-Upstream
X-Dw-Request-Base-Id
Public-Key-Pins
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
X-Edge
X-Kinsta-Cache
X-LLID
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-TTL
X-Px
Realpath
SPIisLatency
SPRequestDuration
X-Accel-Expires
SPRequestGuid
X-SharePointHealthScore
X-ECACHE
X-Edge-Location-Klb
X-Jurisdiction
X-HP-Webp
X-T
X-Mid
X-PressLabs-Stats
X-MCACHE
X-Forwarded-Proto
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Release
X-Correlation-Id
Charset
X-Shield-Request-Id
X-Recruiting
X-DynaTrace
Edge-Cache-Tag
TP-Cache
TP-L2-Cache
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Kraken-Loop-Name
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
Fastcgi-Cache
X-Ezoic-Cdn
X-Amz-Server-Side-Encryption
X-Content-Digest
X-Id
X-Request-Received
X-Request-Processing-Time
Filters
X-Logged-In
Server-Node
Cache-Tags
Nginx-Cache
Alternate-Protocol
Front-End-Https
Content-MD5
X-Cache-Key
X-Forwarded-For
X-ORACLE-DMS-RID
Server-Name
TCN
X-Litespeed-Cache
X-Origin-Upstream-Status
X-WebKit-CSP-Report-Only
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-Amzn-Trace-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
X-Origin-Server
X-Grace
X-Contextid
X-Hostname
X-Geo-Country
X-Rid
X-Amz-Replication-Status
X-F-Cache
X-Az
X-AppVersion
Host
X-Activity-Id
Cleartype
X-HS-Hub-Id
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-HS-Cache-Config
X-Goog-Storage-Class
X-Goog-Metageneration
X-XRDS-Location
X-HS-Content-Id
X-Goog-Generation
X-RateLimit-Remaining
X-HS-Combine-CSS
X-Www-Served-By
X-Server-ID
Ar-Sid
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Protected-By
X-XRDS-LOCATION
X-Frontend
X-Debug-Info
Section-Io-Cache
X-LB-Cache
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
MicrosoftSharePointTeamServices
X-Ser
X-Aspnetmvc-Version
X-Page-Id
X-Git-Hash
X-Cache-Age
X-Varnish-Age
Accept-Charset
X-NWS-LOG-UUID
X-Upgrade-Enabled
X-Respond-Thread
X-Hits
ServerID
X-Fastcgi-Cache
Nel
X-DIS-Request-ID
X-Request-Handler-Origin-Region
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Source
X-Microsite
X-Mobile-URL
Paypal-Debug-Id
X-VCache
X-Varnish-Grace
X-Content-Options
X-CACHE-GROUP
X-Varnish-Backend
X-Signature
X-B-Cache
X-Route-Name
X-Request-Guid
Payment
X-Flags
X-Cache-Action
X-Aspnet-Duration-Ms
X-Is-Crawler
Healthy
X-Providence-Cookie
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Viewport
Access-Control-Allow-Method
X-FB-Debug
X-B3-Sampled
X-Daa-Tunnel
X-TT
X-N
X-Whom
Node
X-App-Environment
X-AOL-HN
X-Seen-By
X-Type
X-Load-Cache
Version
Fastcgi-Useragent
MS-CV
X-Mobile
DC
DynaTrace
X-Cache-Expired-At
X-Ab
X-Webkit-Csp
Filterid
X-HTML-Minification-Powered-By
X-Yandex-Sdch-Disable
X-Distributor
X-IPLB-Instance
X-Cache-Control
SRV
Retry-After
X-Response-Served-From
X-Original-Request-Id
X-UUID
X-Instance
X-FireWall-Port
X-RemovedCookies
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Real-IP
X-Tumblr-User
X-IPS-LoggedIn
NGB
X-ProcessESI
X-Proxy-Cache-Status
X-Tt-Trace-Host
Frame-Options
X-Tt-Trace-Tag
X-User-Agent
Ms-Operation-Id
X-Debug-IsPreview
X-Device-Type
X-Debug-IsConnected
X-Proxy
X-RTag
X-Varnish-Server
X-Cluster-Name
X-Content-Powered-By
X-Debug
VIX-Pulpo-Upstream-Status
X-Page-View
X-Region
Uber-Trace-Id
Refresh
X-Cache-Time
X-Adobe-Loc
X-Cacheable-TTL
Access-Control-Request-Headers
VIX-Pulpo-Node
X-Accel-Buffering
X-Adobe-Content
X-Jobs
X-Framework
X-B
Cache
X-G
X-Oracle-Dms-Rid
X-Wix-Request-Id
X-Zen-Fury
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Type
X-RateLimit-Limit
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-Vgn-Hpd-Reason
Countrycode
Cache-Status
X-Cache-Hit
X-TA-CDN-Provider
Surrogate-Key
X-NGENIX-Cache
Country
X-App-Version
X-Time
X-Rendered-As
X-Nginx-Cache
X-Drupal-Cache-Tags
X-Azure-Ref
X-Is-Bot
X-Mg-Request-UUID
Eomportal-Instance
X-EdgeConnect-Cache-Status
S-Cnection
X-App-Server
X-CDN-Forward
X-Cache-Rule
X-Ms-Version
X-Ms-Request-Id
Referer-Policy
SD-X-WS
X-Drupal-Cache-Contexts
Liferay-Portal
X-Node-Name
AMP-Access-Control-Allow-Source-Origin
X-UPSTREAM-Address
X-SaId
X-Cache-Operation
X-Varnishpool
Meta-Geo
X-JoinUs
Selected-Fe
X-Proxy-Build
X-Tumblr-Pixel-2
X-RN-RSRV
From-Origin
X-ES-SERVER
X-Timing-Wait
X-Backend-Host
Azure-SlotName
X-Xfnlog-Site
X-Via-Fastly
X-Pubstack
Azure-SiteName
ServedBy
X-S-Maxage
X-Rule
X-Endurance-Cache-Level
X-No-Session
X-Yottaa-Metrics
X-Request-Time
Azure-InstanceId
X-Yottaa-Optimizations
X-L-Path
X-Handled-By
X-Varnish-Hostname
X-GG-Cache-Date
X-Cache-Server
X-Environment-Context
CF-IPCountry
Azure-RegionName
Azure-Version
X-Cache-TTL-Remaining
X-R9-Blue-Green-Version
Akamai-GRN
X-Loop
Fastly-SSL
Cache-Name
X-LJ-Flow-ID
Property-Id
Protected
X-NYM-Debug-Backend
X-LAGOON
X-Human
TWC-Privacy
X-Be
X-TNCMS
TWC-GeoIP-Country
X-Alternate-Cache-Key
X-ShardId
X-Storefront-Renderer-Rendered
X-Server-W
X-BYPASS-REASON
TWC-GeoIP-LatLong
X-VWS-Id
X-AWS-Id
Webcakes-App-Name
Webcakes-App-Version
X-ShopId
X-Shopify-Stage
TWC-Connection-Speed
X-Proto
X-PHP-Backend
X-PCL
X-Origin-Hint
TWC-Locale-Group
X-OCL
X-ProxyCache-Key
TWC-Device-Class
Webcakes-Region
Cache-Tv-Group
X-Sorting-Hat-ShopId
X-ProxyCache-Status
X-Sorting-Hat-PodId
Decoy-Debug-Status
X-Access
X-Backend-Name
Decoy-Debug-Key
X-Cache-PHP
Decoy-Debug-TTL
X-Say-Cacheable
X-Section
X-Status
X-SayCDN-TTL
X-Say-TTL
X-Format
X-RCS-CacheZone
X-Adobe-Source
X-Hl-Ver
Apigw-Requestid
Country-Code
X-Varnish-Beresp-Grace
X-Akamai-Edgescape
X-Sql-Duration-Ms
X-Sql-Count
X-PHP-Host
X-FB-TRIP-ID
Mn-Server-Ip
X-Labrador-Cache-Channel
X-Origin-Date
X-UA-Device-Type
X-ApacheServer
X-PERF
X-Hosted-By
X-Uri
X-Hyper-Cache
X-Redis-Cache
X-Trace-Id
X-Web-Node
X-Cached-By
X-Ua-Device
Xserver
Amp-Access-Control-Allow-Source-Origin
X-Revision
X-MP-GENERATED-AT
X-ATG-Version
X-Dc
X-Content-Age
X-B3-Traceid
X-WA-Info
X-B3-SpanId
X-FW-Version
X-Soup
X-Cache-Type
X-Time-Microsecs
X-Cache-Enabled
X-ServerID
X-Tumblr-Pixel-3
X-Edge-Location
X-Mode
X-CSRF-Token
X-SRV
X-Datadome
X-Aws-Lambda-Call-Status
X-Bc-Bl
X-Info
Backend
X-Microcachable
X-APP-VERSION
X-CS
X-Akamai-Transformed
X-Varnish-Beresp-Status
Who
X-Detected-As
X-TT-LOGID
X-Azure-Ref-OriginShield
X-Varnish-Cache-Hits
X-Cache-NGX
X-Cache-Host
X-Debug-Cache
X-Platform
X-Routing-Service
Web-Mar-Node
X-Storage
X-Zipkin-Id
X-Proxied
X-Generation-Time
X-Varnish-Hits
OT-Force-Account-Verify
X-Amz-Apigw-Id
X-CACHE-KEY
X-Amzn-RequestId
X-Cluster-Node
X-Amzn-Remapped-Content-Length
GEO-INFO
X-Parallel-Accel
Count-Hit
X-Via-JSL
Cross-Origin-Opener-Policy
X-Unique-ID
X-Extlb
DataCenter
X-Varnish-Beresp-Ttl
Server-Info
X-Locale
X-Origin-TTL
X-Origin-CC
Meta-Geo-Continent
Apple-News-Services-Parsed-Url
MD5-Digest
CDN-Cache
CDN-CachedAt
M-TraceId
Apple-News-Services-Request-Url
Req-Svc-Chain
BehaviorPad-Version
CDCHOST
Rendered-Blocks
Mobile-Detection-Method
Odigeo-Trace-Id
CDN-EdgeStorageId
Apple-News-Services-Host
Apple-News-Services-Handled
DCR-Processing-Time-Ms
Cache-Host
DCR-Decision-By
CDN-Uid
Content-Disposition
CDN-RequestCountryCode
A
Fastly-Backend-Name
CDN-RequestId
Fastcgi-X-Cache-Version
CDN-PullZone
Expiry
Host-ID
X-CF-Lambda-Fn
X-Request-URI
X-Proxy-Upstream
X-Rewrite-Enabled
X-Rojux
X-S
X-Processor
X-PBS-Appsvrname
X-Level-Front-Cache
X-Location
X-NAPM-TraceId
X-PAYTM-SRV-ID
X-S-Cookie
X-ScT
X-VG-WebCache
X-Vdms-Version
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Vdms-Path
X-Varnish-Url
X-Session-Fingerprint
X-SRCache-Key
X-Sucuri-ID
X-Thanos
X-Geo-Header
X-Generated-On
X-Aed
X-A-Wwc
X-Application
X-ARC
X-B-Cookie
X-A-Dgt
X-A-Dcw
T-Server
X-A
X-A-Ccd
X-A-Dam
X-BCube-Filmed-By
X-Bip
X-Developer
X-Destination
X-Epic-Correlation-Id
X-External-Request-Id
X-From
X-D
X-Connection-Hash
X-Cache-Bucket
X-Cache-NE
X-CF-Lambda-Version
X-Cms-Context
Surrogated-Key
X-Core-Value
X-DataDome
X-Magnolia-Registration
X-Tb
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Servername
X-AIR-PT
Upgrade-Insecure-Requests
Location
X-VHOST
X-Backend-State
X-Branch-Name
Kp-EeAlive
X-Site-Version
X-Cache-Debug
L
UCS
PFcat
Path
Pagetype
Origin
Pics-Label
X-Developers
State
Server-Host
X-Varnish-Ttl
Memcached
X-GoCache-CacheStatus
X-Sigma
X-Sigma-Backend
X-Service
X-Served-From
X-Rocket-Build-Number
X-TrackingId
X-Var-Ttl
X-Minions-Version
X-Aicache-OS
X-VG-TLSProxy
X-VarnishDD-TTL
X-Request-UUID
X-Req
X-HN
X-Is-Gdpr
X-Has-Esi
Gh-Request-Id
X-Gamma-Serve
X-JWT-State
X-Origin
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Ratelimit-Reset
X-Platform-Server
X-Envoy-Decorator-Operation
X-NU-AKA-ACS-Version
Esi-Enabled
X-Air-Hostname
Fastly-SWR
Fastly-SIE
Fastcgi-Cache-TTL
X-Air-Source
X-Air-Trace-Id
AKAMAI
Fastly-Drupal-HTML
CacheControlHeader
User-Cache-Control
X-EC-Lua
X-Cluster
X-Clara-WADP
X-Clientip
X-CGP
X-Cache-Tags
X-Cache-Info
X-VC-Cache
Source
X-DPWN-IS-SECURE
X-Device-Os
X-Variation
X-Csrf-Jwt
X-Cache-Grace
X-Amz-Meta-S3cmd-Attrs
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
X-WADP-Cache
X-Viewer-Country
Cf-Device-Type
Cmsid
Cmstype
X-Accel-Expires-Debug
Is-Eu
X-Eu-Site
Arc-Version
X-Scheme
X-Micro-Cache
Ha-Gx-Prefs
X-Loc
Adler-Geo
X-Owner
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Policy
Arc-Country
X-LI-UUID
X-Li-Pop
X-Thinkindot-L3
X-Forwarded-Site
X-Fmm-Version
X-Fastly-Cache
X-Generated-By
X-Generated-In
X-Li-Fabric
C-Via
X-Hash
HA-Ipaddr
Vix-Hermes-Req-Id
X-Date
Thinkindot-CacheControl
NM-Fastcgi-Cache
PB-RID
Thinkindot-Control
TDXMobile
SID
PB-PID
Ec-Rule-Version
NGX
Svr
Platform
Thinkindot-CacheControl-Type
My-App
L5d-Success-Class
Mail-Subject
True-Client-Country-4JS
X-TX-ID
Geo-Info
X-NWS-UUID-VERIFY
X-Pass-Why
X-Fetched-On
X-Varnish-CookieHashed-On
X-Esi-Check
X-SIPLIST1
X-Forwarded-Host
DSUID
X-Fastly-Backend
Release
X-Nginx-Cache-Key
X-FC-Vary-Parameters
X-Gen-Mode
Cache-Key
X-Gzip
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Skip-Cache
X-GeoIP-City
X-GeoIP
X-SVT-ORM-VERSION
X-Wikidot-Backend
X-SVT-ORM-RULES
X-Varnish-CookieINHashed-On
X-Slack-Backend
IsBot
X-User
X-DefElseHash
Webserver
X-VServer
X-Qloud-Router
X-Via-NSCOPI
X-Old-Content-Length
CPC-Age
X-Cache-Id
X-Mvc-Supplant-Cachable
X-Block-Status
X-Men
X-Request-Host
X-DefHash
X-Origin-Expires
Sever-Int
X-Varnish-Remaining-TTL
VNS-Age
X-PF-Uncompressing
X-Wikidot-Static-Cache
VNS-Cache
Server-Ext
Locid
V-Age
Server-Hostname
CPC-Cache
X-Ua
Cache-Hits
X-Forwarded-Path
X-Unique-Id
S-Rt
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Orig-Expires
Powered-By-ChinaCache
X-Planisys-CDN-TTL
X-Shop-Environment
X-Tenant
XServer
Url
Cross-Origin-Window-Policy
X-Ratelimit-Limit
X-PJAX-URL
X-Refresh
NtCoent-Length
X-Mvc-Supplant-OutputCached
MIME-Version
X-Vc
X-OVcl-Cache
X-HP-Trace-Id
X-Cache-Ttl
X-Via-Popv
X-Via-Poph
X-Via-Popn
X-OVcl
Content-Secure-Policy
X-Ftr-Request-Id
X-TraceId
X-Internal-Host
Cf-Bgj
X-TIME
X-Conf
X-NC
X-Zone
DB-Nickname
Tcn
X-ID
X-Backend-TTL
X-GEO
Time
Magicmarker
X-BBC-Edge-Cache-Status
Memory
X-Srv
X-Geo
WebServer
X-Servedbyhost
X-LB-ID
X-Ratelimit-Remaining
X-NCache
Geoip-Latitude
GeoIp-Country-Code
X-Ckpd-Fst-Backend
Server-ID
X-Worker
X-ZONE
X-Method
X-Auto-Login
X-Dispatcher-Server
X-LSADC-Cache
HostName
X-V-Cache
X-NewRelic-App-Data
X-Render-Time
X-Rocket-Nginx-Serving-Static
X-IP
Ssr
Hostname
X-DC
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-Platform-Processor
X-Platform-Cluster
X-Platform-Router
X-CLOUD-TRACE-CONTEXT
X-Traceid
X-Tb-Optimization-Total-Bytes-Saved
X-Wa
X-Tx-Id
X-Li-Proto
X-Newrelic-Synthetics
LB
X-SD-PageType
X-Cache-Remote
Resin-Trace
X-App
X-Correlation-ID
X-Trv-Group
Environment
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Nc
X-Datadog-Sampling-Priority
Ohc-File-Size
X-Vcl-Version
X-VCL-Version
X-HITS
X-Dynatrace
X-BBC-Origin-Response-Status
X-MSEdge-Features
X-MSEdge-Flight
X-Via-CDN
X-CACHE-AGE
X-NodeID
X-Origin-Time
X-API-Version
X-Nyt-Route
X-Gdpr
X-Node-Id
X-Origin-Response-Time
X-Cache-Config
X-APP
Cluster
Env
X-Via-Ucdn
X-Pod-Name
X-Server-IP
X-Edge-Pop
X-ServerName
Cf-Ipcountry
Datacenter
X-Varnish-Beresp-TTL
Candidate-Md5Url
X-Reqid
X-LI-Proto
X-ElasticPress-Query
X-DynaTrace-JS-Agent
X-FTR-Request-ID
X-Wix-Viewer-Type
X-ND-Cache
CF-Cached-On
Sid
X-WA
X-Cache-Var
X-Cache-Var-Map
X-HostName
Rt-Fastcgi-Cache
Web-Mar-Region
Viewtype
VivaBuild
X-HS-Status
X-NGINX-Cache
Machine
CDN
X-Cdn-Forward
X-Akamai-Pragma-Client-IP
X-Dynatrace-Js-Agent
N-Cache
X-Cs
Server-Id
GeoIP-Country-Code
GeoIP-Latitude
X-Webkit-CSP-Report-Only
Proxy-Connection
Servername
On-Server
X-Lb-Id
X-ServedByHost
FSS-Cache
X-CSRF-TOKEN
X-EIG-Tracking-Id
X-Fastly-Backend-Reqs
Cdn
X-Varnish-Cacheable
X-URL
WWW-Authenticate
X-Swa-Ws
X-Check-Cacheable
Onion-Location
WZWS-RAY
Ohc-Cache-HIT
CountryCode
X-Esi
X-Xrds-Location
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Via-PopV
X-Via-PopH
X-Via-PopN
X-Oss-Object-Type
X-VC
X-FTR-Realm
X-Cache-Backend
X-Country-Code-Real
X-Fastly-Request-Id
X-FTR-Backend
X-FTR-Backend-Server
Xc-Version
X-FTR-DC
X-FTR-Balancer
X-Oss-Hash-Crc64ecma
X-FTR-Cache-Status
X-Pjax-Url
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-CCM
Cteonnt-Length
Mime-Version
X-SN
Tracecode
X-Fpc
URI
X-Swift-Error
X-Tid
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Request-Start
Redirect-Candidate
X-Dw-Trace-Id
X-TIM-N
X-FORWARDED-FOR
X-CUA
X-Varnish-Authentication
CACHE
X-Air-Pt
X-RPS
X-DW
X-RPM
Ohc-Response-Time
Shield-Pop
Instruction
SR-User-Adfree
X-DB
X-Fastly-Cache-Hits
X-DI
X-DSS
X-Pf-Uncompressing
X-Webstats-RespID
X-Region-Sid
X-Yottaa-OS
X-Up
Xet-Cookie
X-LiteSpeed-Cache-Control
X-SB
X-FTR-Expires
WP-Super-Cache
X-ElasticPress-Search
X-RSL
X-Snapshot-Date
X-Action
X-StackifyID
Server-Ttl
Warning
X-Cache-Date
Is-Us
X-Amz-Meta-Cb-Modifiedtime
X-Pad
X-Cache-Status-Check
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Apw-Hits
X-Apw-Access-Token
X-MiniProfiler-Ids
X-UnsetCookies
X-Apw-Access-Object
X-Hcs-Proxy-Type
X-Mg-Request-Id
X-Tt-Logid
X-Cache-Expires
ServerName
X-Apw-Access-Action
X-C
X-TH-Server
X-Depends-On
Vha6-Origin