Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
Request-Context
X-Robots-Tag
Server-Timing
X-Ws-Request-Id
X-Server
X-AH-Environment
X-Ua-Compatible
X-Age
X-Hacker
X-Turbo-Charged-By
X-Server-Powered-By
X-Proxy-Cache
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
Grace
X-Page-Speed
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-Vhost
X-Host
X-Dispatcher
X-OneAgent-JS-Injection
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-WebKit-CSP
X-Response-Time
X-Readtime
Accept-CH
X-Akam-SW-Version
Xkey
X-HW
X-Country
X-Webkit-CSP
X-Ac
Content-Location
X-Application-Context
X-Language
Accept-Ch-Lifetime
X-Template
X-Cloud-Trace-Context
MS-Author-Via
Rating
X-Url
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
X-Vname
X-PC
X-TtlSet
X-Ruxit-JS-Agent
X-Clacks-Overhead
X-B3-TraceId
X-ESI
X-MS-InvokeApp
X-Varnish-TTL
X-Trace
X-GitHub-Request-Id
Accept-CH-Lifetime
Fastly-Restarts
X-Content-Type
X-ASPNET-VERSION
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-D2id
Arr-Disable-Session-Affinity
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Exp-Id
X-Goog-Hash
X-Country-Code
Verso
X-VARITI-CCR
X-FastCGI-Cache
Accept-Ch
X-Cached
X-Server-Name
X-Vcap-Request-Id
X-Navigation-Version
X-Powered-By-Plesk
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-Buckets
X-ORACLE-DMS-ECID
RTSS
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
Pagespeed
Response
X-Fastly-Request-ID
Access-Control-Request-Method
X-Ruxit-Js-Agent
X-Cache-TTL
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-Ttl
X-NF-Request-ID
X-Oneagent-Js-Injection
X-Dw-Request-Base-Id
Public-Key-Pins
X-Upstream
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-TTL
X-Px
Realpath
SPRequestDuration
SPIisLatency
X-Accel-Expires
SPRequestGuid
X-SharePointHealthScore
X-Edge-Location-Klb
X-Jurisdiction
X-T
X-HP-Webp
X-Mid
X-MCACHE
X-Forwarded-Proto
X-PressLabs-Stats
X-ECACHE
X-Content-Security-Policy-Report-Only
X-Mg-S
Charset
X-Release
X-Correlation-Id
X-Shield-Request-Id
X-Recruiting
X-DynaTrace
Edge-Cache-Tag
TP-L2-Cache
TP-Cache
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Fastcgi-Cache
X-Ezoic-Cdn
X-Amz-Server-Side-Encryption
X-Id
X-Content-Digest
X-Request-Received
Filters
X-Request-Processing-Time
Cache-Tags
Server-Node
X-Logged-In
Nginx-Cache
Alternate-Protocol
X-ORACLE-DMS-RID
Front-End-Https
Content-MD5
X-Cache-Key
X-Forwarded-For
Server-Name
TCN
X-Litespeed-Cache
X-Origin-Upstream-Status
X-WebKit-CSP-Report-Only
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-Amzn-Trace-Id
X-Origin-Server
X-Grace
X-Contextid
X-Geo-Country
X-Hostname
X-F-Cache
X-XRDS-Location
X-Amz-Replication-Status
X-Rid
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-Az
X-Activity-Id
X-AppVersion
X-Goog-Stored-Content-Encoding
Host
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Cleartype
X-HS-Combine-CSS
X-Www-Served-By
X-Protected-By
X-Server-ID
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
Ar-Sid
X-Frontend
X-RateLimit-Remaining
X-XRDS-LOCATION
X-Debug-Info
Section-Io-Cache
X-LB-Cache
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
MicrosoftSharePointTeamServices
X-Ser
X-Aspnetmvc-Version
X-Git-Hash
X-Page-Id
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Cache-Age
Accept-Charset
X-Varnish-Age
X-Upgrade-Enabled
X-NWS-LOG-UUID
X-Respond-Thread
Nel
X-Fastcgi-Cache
X-Hits
ServerID
X-DIS-Request-ID
X-VCache
X-Source
Paypal-Debug-Id
X-Microsite
X-Request-Handler-Origin-Region
X-Mobile-URL
X-Varnish-Backend
X-Content-Options
X-Varnish-Grace
X-B-Cache
X-Signature
X-CACHE-GROUP
Healthy
X-Kong-Proxy-Latency
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-FB-Debug
X-Request-Guid
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Cache-Action
X-Flags
X-Aspnet-Duration-Ms
Payment
X-B3-Sampled
X-Daa-Tunnel
X-Whom
X-TT
Viewport
X-N
Node
X-AOL-HN
X-App-Environment
X-Seen-By
X-Type
Version
X-Load-Cache
Fastcgi-Useragent
MS-CV
X-Mobile
DC
DynaTrace
X-Ab
X-Cache-Expired-At
X-Webkit-Csp
X-Yandex-Sdch-Disable
X-HTML-Minification-Powered-By
Filterid
X-Ua-Device
X-Distributor
X-IPLB-Instance
X-Cache-Control
SRV
Retry-After
X-Original-Request-Id
X-Response-Served-From
X-Instance
X-UUID
X-Tt-Trace-Host
X-FireWall-Port
X-Tt-Trace-Tag
X-Real-IP
X-Tumblr-Pixel-1
X-Proxy-Cache-Status
X-Tumblr-Pixel
X-Tumblr-Pixel-0
NGB
X-RemovedCookies
X-Varnish-Server
X-Tumblr-User
Frame-Options
X-IPS-LoggedIn
X-ProcessESI
X-Content-Powered-By
X-Debug
X-Proxy
X-Device-Type
X-Debug-IsPreview
X-User-Agent
X-Region
X-Debug-IsConnected
X-Jobs
X-RTag
Ms-Operation-Id
Access-Control-Request-Headers
X-Cluster-Name
X-B
X-Adobe-Loc
X-Cacheable-TTL
X-Adobe-Content
X-Cache-Time
X-Page-View
Uber-Trace-Id
Refresh
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Accel-Buffering
X-Framework
Cache
X-G
X-Wix-Request-Id
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Type
X-FW-Server
X-FW-Static
X-Zen-Fury
Countrycode
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
X-Vgn-Hpd-Reason
Cache-Status
X-Oracle-Dms-Rid
X-Cache-Hit
X-TA-CDN-Provider
X-RateLimit-Limit
Surrogate-Key
Country
X-NGENIX-Cache
X-App-Version
X-Time
X-Azure-Ref
X-Rendered-As
X-Drupal-Cache-Tags
X-Mg-Request-UUID
X-Is-Bot
X-Nginx-Cache
Eomportal-Instance
S-Cnection
X-EdgeConnect-Cache-Status
X-App-Server
X-CDN-Forward
X-Cache-Rule
X-Ms-Version
X-Ms-Request-Id
Referer-Policy
X-Drupal-Cache-Contexts
SD-X-WS
X-Node-Name
Liferay-Portal
AMP-Access-Control-Allow-Source-Origin
X-Environment-Context
X-RN-RSRV
X-Timing-Wait
X-Proxy-Build
X-Varnishpool
X-SaId
X-L-Path
X-JoinUs
X-Tumblr-Pixel-2
From-Origin
Selected-Fe
X-Cache-Operation
Meta-Geo
X-UPSTREAM-Address
X-ES-SERVER
X-Storefront-Renderer-Rendered
X-Yottaa-Optimizations
X-Varnish-Hostname
X-Yottaa-Metrics
X-Via-Fastly
X-Cache-TTL-Remaining
X-Xfnlog-Site
X-TNCMS
X-Request-Time
X-GG-Cache-Date
X-Handled-By
X-Loop
X-No-Session
X-Endurance-Cache-Level
X-Cache-Server
Protected
ServedBy
X-Backend-Host
Azure-Version
Azure-SlotName
X-PHP-Backend
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Azure-RegionName
X-ShardId
Azure-SiteName
X-Pubstack
X-R9-Blue-Green-Version
X-S-Maxage
Azure-InstanceId
X-Alternate-Cache-Key
CF-IPCountry
X-Rule
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Version
TWC-Privacy
TWC-GeoIP-Country
Webcakes-App-Name
TWC-Device-Class
Country-Code
Cache-Tv-Group
Fastly-SSL
Property-Id
TWC-Connection-Speed
Webcakes-Region
X-Be
X-Proto
X-PCL
X-ProxyCache-Key
X-ProxyCache-Status
X-VWS-Id
X-Server-W
X-Origin-Hint
X-OCL
X-BYPASS-REASON
Cache-Name
X-LAGOON
X-LJ-Flow-ID
X-NYM-Debug-Backend
X-AWS-Id
X-Human
Akamai-GRN
X-Say-Cacheable
X-Say-TTL
X-Access
X-Section
X-RCS-CacheZone
X-Origin-Date
X-Backend-Name
X-Cache-PHP
X-Format
X-Hl-Ver
X-SayCDN-TTL
X-Varnish-Beresp-Grace
Apigw-Requestid
X-Adobe-Source
X-Status
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-ApacheServer
X-Akamai-Edgescape
X-FB-TRIP-ID
X-Labrador-Cache-Channel
X-Sql-Count
X-Sql-Duration-Ms
X-PHP-Host
X-Hyper-Cache
X-UA-Device-Type
X-PERF
Mn-Server-Ip
X-Dc
X-Hosted-By
X-Uri
X-Redis-Cache
X-Cached-By
Amp-Access-Control-Allow-Source-Origin
X-Trace-Id
X-Web-Node
Xserver
X-WA-Info
X-Revision
X-MP-GENERATED-AT
X-ATG-Version
X-Content-Age
X-FW-Version
X-B3-SpanId
X-B3-Traceid
X-Soup
X-Cache-Type
X-ServerID
X-Time-Microsecs
X-Cache-Enabled
X-Edge-Location
X-Tumblr-Pixel-3
X-Mode
X-CSRF-Token
X-SRV
Backend
X-Aws-Lambda-Call-Status
X-Bc-Bl
X-Info
X-Datadome
X-Microcachable
X-APP-VERSION
X-Akamai-Transformed
X-Varnish-Beresp-Status
Who
X-Detected-As
X-Cache-NGX
X-Azure-Ref-OriginShield
X-CS
X-Varnish-Cache-Hits
X-Debug-Cache
X-Cache-Host
X-Proxied
X-Zipkin-Id
X-TT-LOGID
X-Routing-Service
X-Storage
X-Platform
Web-Mar-Node
X-Generation-Time
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
DataCenter
OT-Force-Account-Verify
X-Cluster-Node
X-Amz-Apigw-Id
X-Parallel-Accel
X-CACHE-KEY
X-Varnish-Hits
Count-Hit
GEO-INFO
X-Via-JSL
Cross-Origin-Opener-Policy
X-Extlb
X-Unique-ID
X-Varnish-Beresp-Ttl
Server-Info
X-Locale
X-Origin-TTL
X-Origin-CC
Cache-Host
X-Location
CDCHOST
CDN-CachedAt
CDN-Cache
X-Aed
X-NAPM-TraceId
Apple-News-Services-Handled
A
CDN-EdgeStorageId
X-Application
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Destination
X-PBS-Appsvrname
X-PAYTM-SRV-ID
Apple-News-Services-Request-Url
BehaviorPad-Version
X-Level-Front-Cache
X-Geo-Header
X-BCube-Filmed-By
X-Generated-On
State
Req-Svc-Chain
Rendered-Blocks
X-Connection-Hash
X-Cms-Context
Odigeo-Trace-Id
X-A-Dcw
Surrogated-Key
T-Server
X-A
X-Cache-NE
X-A-Ccd
X-A-Dam
X-External-Request-Id
X-CF-Lambda-Fn
X-From
X-Bip
X-CF-Lambda-Version
X-ARC
Mobile-Detection-Method
DCR-Decision-By
DCR-Processing-Time-Ms
Expiry
X-D
Content-Disposition
CDN-Uid
CDN-RequestCountryCode
X-A-Wwc
CDN-RequestId
X-A-Dgt
X-B-Cookie
MD5-Digest
X-Epic-Correlation-Id
Meta-Geo-Continent
X-Core-Value
M-TraceId
Host-ID
Fastcgi-X-Cache-Version
Fastly-Backend-Name
X-Cache-Bucket
CDN-PullZone
X-Air-Hostname
X-S-Cookie
X-ScT
X-Service
X-S
X-Rewrite-Enabled
X-Servername
X-Vtex-Processado-Em
X-Request-URI
X-Session-Fingerprint
X-VG-WebServer
X-Sucuri-ID
X-Thanos
X-Varnish-Url
X-SRCache-Key
X-Vdms-Path
X-VG-WebCache
X-Vdms-Version
X-Vtex-Remote-Cache
X-Rojux
X-Air-Source
X-Air-Trace-Id
X-DataDome
X-Proxy-Upstream
X-Processor
X-Developer
X-Magnolia-Registration
X-Ratelimit-Reset
X-AIR-PT
X-Tb
Upgrade-Insecure-Requests
Esi-Enabled
X-Accel-Expires-Debug
Fastcgi-Cache-TTL
Memcached
X-Sigma-Backend
X-Site-Version
UCS
X-Backend-State
X-Developers
X-VG-TLSProxy
Fastly-SIE
X-Has-Esi
X-Minions-Version
Kp-EeAlive
L
X-HN
X-Hash
X-VarnishDD-TTL
Server-Host
Fastly-SWR
Cmstype
X-Platform-Server
X-JWT-State
Gh-Request-Id
X-Is-Gdpr
Fastly-Drupal-HTML
X-Sigma
Path
X-Envoy-Decorator-Operation
AKAMAI
X-Request-UUID
X-VHOST
X-Aicache-OS
X-Gamma-Serve
PFcat
X-Clientip
X-NU-AKA-ACS-Version
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Req
Pics-Label
Cmsid
X-Rocket-Build-Number
X-Scheme
X-TrackingId
X-Served-From
X-Var-Ttl
X-Branch-Name
X-Origin
Pagetype
CacheControlHeader
X-Varnish-Ttl
Origin
X-Date
X-GoCache-CacheStatus
X-Cache-Debug
Location
X-Cluster
X-EC-Lua
User-Cache-Control
TDXMobile
X-CGP
Thinkindot-CacheControl
X-Cache-Info
X-Cache-Grace
X-Clara-WADP
X-Cache-Tags
Svr
X-Generated-By
X-Device-Os
X-DPWN-IS-SECURE
X-Csrf-Jwt
X-WADP-Cache
X-Eu-Site
Thinkindot-CacheControl-Type
X-VC-Cache
X-Fastly-Backend
Wxu-Next-Region
Wxu-Next-Hostname
X-Fastly-Cache
Wxu-Next-Commit
Vix-Hermes-Req-Id
X-Fmm-Version
X-Forwarded-Site
Thinkindot-Control
True-Client-Country-4JS
X-Viewer-Country
X-Generated-In
We-Hiring
Mail-Subject
X-LI-UUID
X-Li-Pop
Cf-Device-Type
X-Loc
X-Men
DSUID
Ec-Rule-Version
X-SVT-ORM-RULES
HA-Ipaddr
Ha-Gx-Prefs
X-Variation
C-Via
Arc-Version
X-Origin-Expires
X-RateLimit-Limit-Second
Source
X-Owner
X-Policy
X-Amz-Meta-S3cmd-Attrs
X-RateLimit-Remaining-Second
Arc-Country
Adler-Geo
X-Request-Host
X-Micro-Cache
Is-Eu
X-Li-Fabric
PB-PID
X-Thinkindot-L3
NGX
My-App
Platform
X-SVT-ORM-VERSION
NM-Fastcgi-Cache
L5d-Success-Class
PB-RID
X-Ratelimit-Limit
X-NWS-UUID-VERIFY
X-Pass-Why
Geo-Info
X-TX-ID
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Wikidot-Static-Cache
X-Gen-Mode
X-PF-Uncompressing
X-GeoIP
X-Qloud-Router
X-GeoIP-City
X-Varnish-CookieHashed-On
X-Wikidot-Backend
X-Old-Content-Length
X-Varnish-CookieINHashed-On
X-Skip-Cache
X-FC-Vary-Parameters
X-Gzip
X-Slack-Backend
X-Hnp-Log
X-Irp-Debug
X-HS-Content-Campaign-Id
X-SIPLIST1
X-Fetched-On
X-Esi-Check
X-VServer
X-Varnish-Remaining-TTL
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Forwarded-Host
X-Via-NSCOPI
X-User
VNS-Age
Server-Ext
Server-Hostname
Cache-Key
Webserver
Release
SID
CPC-Age
CPC-Cache
IsBot
Locid
V-Age
Sever-Int
X-Block-Status
X-DefHash
X-Cache-Id
VNS-Cache
X-DefElseHash
X-Ua
X-TEC-API-ORIGIN
S-Rt
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Orig-Expires
Url
X-Shop-Environment
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Unique-Id
Powered-By-ChinaCache
X-Tenant
Cache-Hits
X-Forwarded-Path
Cross-Origin-Window-Policy
XServer
X-PJAX-URL
NtCoent-Length
X-Refresh
X-Ratelimit-Remaining
MIME-Version
X-Mvc-Supplant-OutputCached
X-Vc
X-TraceId
Content-Secure-Policy
X-Via-Popn
X-Via-Popv
X-HP-Trace-Id
X-Ftr-Request-Id
X-OVcl
X-Cache-Ttl
X-OVcl-Cache
X-Via-Poph
X-NC
X-Conf
Cf-Bgj
X-Internal-Host
X-TIME
X-ID
Tcn
DB-Nickname
X-Backend-TTL
X-Zone
X-ZONE
X-Srv
Magicmarker
Memory
Time
X-GEO
X-BBC-Edge-Cache-Status
X-Geo
WebServer
Server-ID
X-Ckpd-Fst-Backend
X-Worker
Geoip-Latitude
X-Servedbyhost
X-LB-ID
X-NCache
GeoIp-Country-Code
X-Auto-Login
X-Dispatcher-Server
X-Method
X-NewRelic-App-Data
HostName
Hostname
X-LSADC-Cache
X-V-Cache
Ssr
X-Render-Time
X-IP
X-Rocket-Nginx-Serving-Static
X-CLOUD-TRACE-CONTEXT
X-Wa
X-Qnm-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Platform-Processor
X-Platform-Router
X-M-Log
X-Platform-Cluster
X-M-Reqid
X-Tx-Id
X-Li-Proto
X-Cache-Remote
Resin-Trace
X-Newrelic-Synthetics
X-Traceid
LB
X-SD-PageType
X-DC
X-App
X-Correlation-ID
X-Datadog-Parent-Id
Environment
X-Nc
X-Trv-Group
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Ohc-File-Size
X-Via-CDN
X-Vcl-Version
X-MSEdge-Features
X-MSEdge-Flight
X-Origin-Time
X-Nyt-Route
X-Cache-Config
X-VCL-Version
X-Gdpr
X-Dynatrace
X-Origin-Response-Time
X-NodeID
X-CACHE-AGE
X-API-Version
X-Node-Id
X-HITS
X-BBC-Origin-Response-Status
Cluster
X-Edge-Pop
X-Server-IP
X-Via-Ucdn
Env
X-Pod-Name
X-APP
Sid
Cf-Ipcountry
X-ServerName
X-Varnish-Beresp-TTL
Candidate-Md5Url
X-Reqid
X-LI-Proto
X-ElasticPress-Query
Datacenter
X-DynaTrace-JS-Agent
X-Wix-Viewer-Type
CF-Cached-On
X-WA
X-ND-Cache
X-FTR-Request-ID
X-HostName
X-Cache-Var-Map
X-Cache-Var
VivaBuild
X-Cs
Viewtype
X-HS-Status
X-Fastly-Request-Id
Web-Mar-Region
N-Cache
Rt-Fastcgi-Cache
X-Akamai-Pragma-Client-IP
X-Cdn-Forward
Machine
X-NGINX-Cache
CDN
X-Dynatrace-Js-Agent
Server-Id
GeoIP-Latitude
GeoIP-Country-Code
Proxy-Connection
X-Webkit-CSP-Report-Only
Servername
On-Server
X-CSRF-TOKEN
X-Lb-Id
FSS-Cache
X-ServedByHost
WZWS-RAY
X-Fastly-Backend-Reqs
X-Via-PopH
WWW-Authenticate
X-Via-PopN
X-Via-PopV
X-EIG-Tracking-Id
Onion-Location
X-Varnish-Cacheable
X-Check-Cacheable
X-URL
Cdn
X-Swa-Ws
X-Xrds-Location
Ohc-Cache-HIT
X-Esi
X-FTR-Backend-Server
X-Oss-Request-Id
X-FTR-Backend
X-VC
X-IN-APIGATEWAYSSL
X-FTR-Balancer
X-Oss-Object-Type
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
Xc-Version
X-Country-Code-Real
X-Pjax-Url
X-IN-APIGATEWAY
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Cache-Backend
X-CCM
X-ECache
X-SN
Cteonnt-Length
URI
X-Fpc
Mime-Version
CountryCode
Tracecode
X-Swift-Error
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Varnish-Authentication
X-Tid
X-TIM-N
X-Tt-Logid
X-Dw-Trace-Id
X-CUA
X-FORWARDED-FOR
Redirect-Candidate
X-Request-Start
CACHE
X-Air-Pt
Xet-Cookie
X-DSS
X-Up
X-Fastly-Cache-Hits
Ohc-Response-Time
Shield-Pop
Instruction
X-Region-Sid
SR-User-Adfree
X-DB
X-DI
X-StackifyID
X-RPM
X-Pf-Uncompressing
Server-Ttl
X-DW
X-LiteSpeed-Cache-Control
X-SB
WP-Super-Cache
X-RPS
X-Yottaa-OS
X-Snapshot-Date
X-FTR-Expires
X-Webstats-RespID
X-Action
Warning
X-RSL
X-ElasticPress-Search
Is-Us
X-Amz-Meta-Cb-Modifiedtime
X-Hcs-Proxy-Type
X-Apw-Access-Token
X-Apw-Hits
X-Cache-Status-Check
X-Apw-Access-Object
X-Apw-Access-Action
X-UnsetCookies
X-Depends-On
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-MiniProfiler-Ids
X-Pad
ServerName
X-TH-Server
X-C
X-Mg-Request-Id
X-Cache-Expires
Vha6-Origin