Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
X-XSS-Protection
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Robots-Tag
Server-Timing
Request-Context
X-Dns-Prefetch-Control
X-Server
X-Ws-Request-Id
X-AH-Environment
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
X-Pingback
X-Server-Id
EagleEye-TraceId
X-Vhost
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-WebKit-CSP
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Response-Time
X-Akam-SW-Version
X-Readtime
Xkey
X-HW
Accept-Ch-Lifetime
X-Country
Accept-CH
Content-Location
X-Ac
X-Application-Context
X-Language
X-Ruxit-JS-Agent
Rating
X-Template
MS-Author-Via
X-Webkit-CSP
X-Url
X-Cache-Lookup
X-Mod-Pagespeed
X-Cloud-Trace-Context
Accept-Ch
X-B3-TraceId
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-ASPNET-VERSION
X-D2id
X-Exp-Id
Arr-Disable-Session-Affinity
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Country-Code
Verso
X-Goog-Hash
X-VARITI-CCR
X-Cached
Accept-CH-Lifetime
X-Server-Name
X-Powered-By-Plesk
X-Vcap-Request-Id
X-Navigation-Version
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
X-FastCGI-Cache
Service-Worker-Allowed
X-Fastly-Request-ID
X-Middleton-Response
X-Middleton-Display
Pagespeed
X-Buckets
Display
Response
X-Sol
X-Litespeed-Cache
X-ORACLE-DMS-ECID
RTSS
Access-Control-Request-Method
X-Element-Page-Cache
X-Cache-TTL
X-MSEdge-Ref
X-Powered-CMS
X-NF-Request-ID
X-Dw-Request-Base-Id
Public-Key-Pins
X-Ttl
X-Upstream
X-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TTL
X-Edge
S
X-Kinsta-Cache
X-LLID
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
SPRequestDuration
SPIisLatency
Realpath
X-Ruxit-Js-Agent
X-Accel-Expires
X-SharePointHealthScore
SPRequestGuid
X-ECACHE
X-T
X-HP-Webp
X-Px
X-Jurisdiction
X-Oneagent-Js-Injection
X-Release
X-Correlation-Id
X-Forwarded-Proto
X-MCACHE
X-Mid
X-PressLabs-Stats
X-Mg-S
Charset
X-Content-Security-Policy-Report-Only
X-Recruiting
X-Edge-Location-Klb
X-Shield-Request-Id
X-Ezoic-Cdn
TP-Cache
TP-L2-Cache
Edge-Cache-Tag
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Fastcgi-Cache
X-Id
X-Amz-Server-Side-Encryption
X-Content-Digest
Filters
X-Request-Processing-Time
X-Request-Received
Cache-Tags
X-DynaTrace
Content-MD5
Alternate-Protocol
X-Logged-In
Server-Node
X-ORACLE-DMS-RID
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
Front-End-Https
X-Forwarded-For
Nginx-Cache
X-XRDS-LOCATION
Server-Name
X-WebKit-CSP-Report-Only
X-Origin-Upstream-Status
X-Amzn-Trace-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
Ar-Sid
Fusion-Component-Id
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-CACHE
X-Origin-Server
X-Fastcgi-Cache
X-Grace
X-Contextid
X-Amz-Replication-Status
X-Geo-Country
X-F-Cache
X-Rid
X-Activity-Id
Host
X-Az
X-AppVersion
X-Goog-Metageneration
X-HS-Content-Id
X-Goog-Storage-Class
X-HS-Cache-Config
X-Goog-Stored-Content-Length
X-HS-Hub-Id
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Cache-Key
X-HS-Combine-CSS
Cleartype
X-Frontend
TCN
X-Www-Served-By
X-Protected-By
Section-Io-Cache
X-LB-Cache
X-Debug-Info
X-Ser
MicrosoftSharePointTeamServices
X-Hostname
X-Browser-Type
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Microsite
X-Request-Handler-Origin-Region
X-Page-Id
X-Cache-Age
X-RateLimit-Remaining
X-Git-Hash
X-Varnish-Age
Accept-Charset
X-Respond-Thread
X-Aspnetmvc-Version
X-Hits
X-Upgrade-Enabled
X-Source
X-DIS-Request-ID
ServerID
Paypal-Debug-Id
X-Mobile-URL
X-NWS-LOG-UUID
X-VCache
X-N
X-Varnish-Backend
X-Content-Options
X-Varnish-Grace
X-B-Cache
X-Signature
X-Route-Name
X-Request-Guid
X-Is-Crawler
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
X-XRDS-Location
X-B3-Sampled
Payment
Healthy
Access-Control-Allow-Method
Nel
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-FB-Debug
X-Whom
X-App-Environment
X-Cache-Action
X-TT
X-Seen-By
Viewport
Node
X-CACHE-GROUP
X-AOL-HN
X-Daa-Tunnel
X-Type
X-Load-Cache
Fastcgi-Useragent
Version
MS-CV
X-Server-ID
DC
X-Mobile
X-Cache-Expired-At
Filterid
X-IPLB-Instance
X-Distributor
X-Webkit-Csp
X-HTML-Minification-Powered-By
X-Cache-Control
X-Yandex-Sdch-Disable
DynaTrace
SRV
X-FireWall-Port
X-Response-Served-From
X-Debug
Retry-After
X-Original-Request-Id
X-Real-IP
Refresh
X-Instance
X-Jobs
X-Varnish-Server
NGB
X-Tt-Trace-Tag
X-RemovedCookies
X-ProcessESI
X-Proxy-Cache-Status
X-Tt-Trace-Host
X-Accel-Buffering
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-UUID
X-Debug-IsConnected
X-Device-Type
X-Debug-IsPreview
X-Content-Powered-By
X-IPS-LoggedIn
X-Page-View
X-Ab
Ms-Operation-Id
X-Proxy
X-Region
X-RTag
X-Framework
Cache
X-Cluster-Name
X-B
VIX-Pulpo-Node
Access-Control-Request-Headers
X-Cache-Time
X-Cacheable-TTL
VIX-Pulpo-Upstream-Status
Uber-Trace-Id
Frame-Options
X-Wix-Request-Id
X-G
X-Adobe-Loc
X-Adobe-Content
X-User-Agent
X-FW-Hash
X-Zen-Fury
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Dynamic
X-FW-Serve
Countrycode
X-Cache-Hit
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-App-Version
X-Time
Surrogate-Key
Cache-Status
X-Oracle-Dms-Rid
X-Vgn-Hpd-Reason
X-Nginx-Cache
X-Drupal-Cache-Tags
Eomportal-Instance
AMP-Access-Control-Allow-Source-Origin
Country
X-NGENIX-Cache
X-Is-Bot
X-Azure-Ref
X-Rendered-As
X-App-Server
X-EdgeConnect-Cache-Status
X-TA-CDN-Provider
X-RateLimit-Limit
X-Drupal-Cache-Contexts
S-Cnection
X-Rule
CF-IPCountry
X-Cache-Rule
X-Mg-Request-UUID
Referer-Policy
Liferay-Portal
X-Ms-Version
X-Ms-Request-Id
X-ES-SERVER
X-JoinUs
From-Origin
X-Varnishpool
X-Tumblr-Pixel-2
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-SaId
X-UPSTREAM-Address
Selected-Fe
X-Timing-Wait
X-Proxy-Build
Xserver
X-RN-RSRV
Meta-Geo
SD-X-WS
X-Pubstack
X-Storefront-Renderer-Rendered
Country-Code
X-TNCMS
X-Endurance-Cache-Level
X-Cache-TTL-Remaining
X-Sorting-Hat-ShopId
X-CDN-Forward
X-Sorting-Hat-PodId
X-Cache-Server
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-Loop
X-No-Session
Protected
X-ShardId
X-ShopId
X-Shopify-Stage
X-Handled-By
X-Alternate-Cache-Key
X-PHP-Backend
ServedBy
X-Via-Fastly
X-Backend-Host
X-Cached-By
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Cache-Name
Azure-InstanceId
X-AWS-Id
X-Be
X-Cache-PHP
X-Environment-Context
X-L-Path
Cache-Tv-Group
Akamai-GRN
Webcakes-App-Version
Property-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Privacy
Webcakes-App-Name
Decoy-Debug-Key
TWC-Connection-Speed
Decoy-Debug-Status
Decoy-Debug-TTL
Fastly-SSL
Webcakes-Region
X-Human
X-Say-TTL
X-OCL
X-S-Maxage
X-Server-W
X-Origin-Hint
X-SayCDN-TTL
X-PCL
X-NYM-Debug-Backend
X-Cache-Operation
X-Varnish-Hostname
X-Node-Name
X-VWS-Id
X-Request-Time
X-LAGOON
X-LJ-Flow-ID
X-Say-Cacheable
X-Proto
X-Sql-Count
X-Status
X-Sql-Duration-Ms
X-CACHE-KEY
X-Section
X-PHP-Host
X-BYPASS-REASON
X-Format
X-Hl-Ver
X-Hyper-Cache
X-Backend-Name
X-Origin-Date
X-ProxyCache-Status
X-ProxyCache-Key
X-Labrador-Cache-Channel
X-Access
X-Redis-Cache
X-RCS-CacheZone
Apigw-Requestid
X-Dc
X-ApacheServer
X-Akamai-Edgescape
X-FB-TRIP-ID
X-Hosted-By
X-UA-Device-Type
X-PERF
X-GG-Cache-Date
X-Uri
Mn-Server-Ip
X-Adobe-Source
X-Varnish-Beresp-Grace
X-Web-Node
X-MP-GENERATED-AT
X-Content-Age
X-Trace-Id
X-WA-Info
X-ATG-Version
X-B3-SpanId
X-FW-Version
X-Ua-Device
X-Cache-Enabled
X-SRV
X-Revision
X-Soup
X-CSRF-Token
X-Edge-Location
X-Mode
X-Time-Microsecs
Amp-Access-Control-Allow-Source-Origin
Backend
X-ServerID
X-Info
X-Tumblr-Pixel-3
Who
X-CS
X-Bc-Bl
X-Cdn
X-Cache-Type
X-Cache-NGX
X-TT-LOGID
X-Akamai-Transformed
X-Datadome
X-Debug-Cache
X-Microcachable
X-Varnish-Beresp-Status
X-Detected-As
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-Platform
X-Storage
X-CLOUD-TRACE-CONTEXT
X-Azure-Ref-OriginShield
Geo-Info
Web-Mar-Node
X-Cache-Host
DataCenter
X-Via-JSL
Tcn
X-Amzn-Remapped-Content-Length
X-Generation-Time
X-Varnish-Cache-Hits
X-Aws-Lambda-Call-Status
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Unique-ID
X-Extlb
Server-Info
X-Locale
X-Varnish-Hits
X-Ratelimit-Limit
X-APP-VERSION
X-Site-Version
X-Pass-Why
OT-Force-Account-Verify
X-DataDome
Cross-Origin-Opener-Policy
X-AIR-PT
X-Cluster-Node
X-Ratelimit-Remaining
X-Origin-CC
X-Origin-TTL
X-B3-Traceid
X-Air-Trace-Id
X-Air-Source
X-Location
M-TraceId
X-Magnolia-Registration
X-Generated-On
Fastcgi-X-Cache-Version
Host-ID
DCR-Processing-Time-Ms
Surrogated-Key
T-Server
X-Destination
DCR-Decision-By
X-Ratelimit-Reset
Expiry
Content-Disposition
CDN-Uid
X-Air-Hostname
X-NAPM-TraceId
CDN-RequestCountryCode
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Mobile-Detection-Method
BehaviorPad-Version
Rendered-Blocks
Apple-News-Services-Host
X-PBS-Appsvrname
X-Request-URI
Odigeo-Trace-Id
Apple-News-Services-Handled
X-PAYTM-SRV-ID
Meta-Geo-Continent
MD5-Digest
X-Proxy-Upstream
CDN-PullZone
A
CDN-RequestId
User-Cache-Control
X-Processor
CDN-EdgeStorageId
X-Level-Front-Cache
CDCHOST
CDN-Cache
CDN-CachedAt
X-Geo-Header
X-ScT
X-Application
X-A-Dgt
X-A-Wwc
X-Cms-Context
X-A-Dcw
X-Vtex-Remote-Cache
X-Cache-Bucket
X-Developer
X-Thanos
X-Bip
X-D
X-SRCache-Key
X-Sucuri-ID
X-ARC
X-Connection-Hash
X-B-Cookie
X-VG-WebServer
X-BCube-Filmed-By
X-CF-Lambda-Version
X-Core-Value
Fastly-Backend-Name
X-A-Dam
X-Vdms-Version
X-Rojux
X-S
X-S-Cookie
X-Rewrite-Enabled
X-External-Request-Id
X-From
X-CF-Lambda-Fn
X-VG-WebCache
X-Vdms-Path
Ec-Rule-Version
X-Service
X-Vtex-Processado-Em
X-A-Ccd
X-TX-ID
X-Aed
X-A
X-Session-Fingerprint
X-Cache-NE
X-EC-Lua
X-Parallel-Accel
X-Cluster
X-Tb
X-Varnish-Beresp-Ttl
Count-Hit
X-Cache-Debug
Fastly-SIE
X-Aicache-OS
X-JWT-State
X-Branch-Name
Gh-Request-Id
Location
X-Men
X-Micro-Cache
X-Backend-State
Fastly-SWR
X-Epic-Correlation-Id
Server-Host
X-Developers
X-Hash
X-HN
X-Accel-Expires-Debug
X-Has-Esi
X-GoCache-CacheStatus
X-Generated-By
UCS
X-Forwarded-Site
X-Cache-Info
X-Date
Req-Svc-Chain
X-Fastly-Cache
Pagetype
X-Clientip
X-Is-Gdpr
X-Clara-WADP
X-Fmm-Version
Path
X-Envoy-Decorator-Operation
Pics-Label
PFcat
X-Gamma-Serve
Memcached
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Amz-Meta-S3cmd-Attrs
X-Request-Host
X-Platform-Server
AKAMAI
CacheControlHeader
Cache-Host
X-Request-UUID
X-Scheme
X-VarnishDD-TTL
X-VG-TLSProxy
X-WADP-Cache
X-Varnish-Url
X-Var-Ttl
X-Served-From
X-TrackingId
X-Origin
X-Req
Esi-Enabled
Cmstype
Cmsid
X-NU-AKA-ACS-Version
X-Servername
X-Cache-Grace
X-NWS-UUID-VERIFY
Upgrade-Insecure-Requests
X-Slack-Backend
X-Sigma
X-Sigma-Backend
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-Varnish-Ttl
X-SVT-ORM-RULES
Wxu-Next-Commit
Cf-Device-Type
Vix-Hermes-Req-Id
X-Gen-Mode
HA-Ipaddr
We-Hiring
Wxu-Next-Region
Wxu-Next-Hostname
Ha-Gx-Prefs
X-Variation
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Viewer-Country
X-CGP
X-Csrf-Jwt
X-DPWN-IS-SECURE
X-Device-Os
State
My-App
DSUID
X-Esi-Check
X-Mvc-Supplant-Cachable
X-Block-Status
X-Generated-In
X-Cache-Id
Webserver
X-Eu-Site
X-Cache-Tags
X-VC-Cache
X-Fastly-Backend
X-Rocket-Build-Number
Arc-Country
NGX
X-HS-Content-Campaign-Id
Arc-Version
X-Hnp-Log
X-Origin-Expires
C-Via
Kp-EeAlive
Platform
X-Old-Content-Length
Adler-Geo
X-Owner
PB-RID
Origin
X-Irp-Debug
NM-Fastcgi-Cache
L
L5d-Success-Class
X-Policy
Thinkindot-CacheControl
TDXMobile
Is-Eu
Thinkindot-CacheControl-Type
Thinkindot-Control
True-Client-Country-4JS
Fastly-Drupal-HTML
Svr
X-RateLimit-Remaining-Second
X-LI-UUID
Cache-Key
Mail-Subject
X-Gzip
X-RateLimit-Limit-Second
PB-PID
X-Li-Fabric
X-Li-Pop
GEO-INFO
X-Forwarded-Host
Source
X-Skip-Cache
Fastcgi-Cache-TTL
X-SIPLIST1
X-Fetched-On
X-Qloud-Router
X-Minions-Version
X-Loc
X-GeoIP
X-GeoIP-City
X-FC-Vary-Parameters
X-Planisys-CDN-TTL
X-Varnish-CookieINHashed-On
X-Planisys-CDN-Cache
X-Varnish-Remaining-TTL
X-Nginx-Cache-Key
X-Varnish-CookieHashed-On
X-Via-NSCOPI
X-VServer
X-Planisys-CDN-Rules
X-User
X-PF-Uncompressing
VNS-Cache
Locid
Sever-Int
VNS-Age
IsBot
CPC-Cache
CPC-Age
Server-Ext
Release
V-Age
Server-Hostname
X-DefElseHash
X-DefHash
X-TraceId
X-Goog-Meta-Goog-Reserved-File-Mtime
Url
SID
X-Mvc-Supplant-OutputCached
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-PJAX-URL
X-Via-Poph
X-Via-Popn
X-Via-Popv
NtCoent-Length
X-Vc
X-OVcl-Cache
X-Unique-Id
Cache-Hits
X-OVcl
X-Zone
X-Ua
X-Shop-Environment
X-Tenant
X-Orig-Expires
Cf-Bgj
S-Rt
X-Refresh
Powered-By-ChinaCache
X-Forwarded-Path
DB-Nickname
X-Backend-TTL
Cross-Origin-Window-Policy
X-Cache-Ttl
Magicmarker
XServer
X-Geo
Geoip-Latitude
GeoIp-Country-Code
MIME-Version
X-Ftr-Request-Id
X-LB-ID
X-NC
X-Internal-Host
X-ID
Content-Secure-Policy
Memory
X-NCache
X-Conf
X-Dispatcher-Server
Time
X-GEO
X-Method
HostName
WebServer
X-BBC-Edge-Cache-Status
X-ZONE
X-TIME
X-HP-Trace-Id
X-IP
X-Ckpd-Fst-Backend
X-Worker
X-Srv
X-HostName
X-Li-Proto
Ssr
Server-ID
X-Servedbyhost
X-Auto-Login
X-Newrelic-Synthetics
X-Dynatrace
Hostname
X-Nc
X-V-Cache
LB
X-LSADC-Cache
X-Render-Time
X-Vcl-Version
X-Qnm-Cache
X-NewRelic-App-Data
X-Rocket-Nginx-Serving-Static
X-Trv-Group
X-M-Reqid
X-M-Log
X-Node-Id
X-Platform-Router
X-DC
Resin-Trace
X-APP
X-Platform-Processor
X-Platform-Cluster
X-Tb-Optimization-Total-Bytes-Saved
X-Origin-Response-Time
Env
X-SD-PageType
X-Tx-Id
X-FTR-Request-ID
X-Wa
X-Cache-Remote
Ohc-File-Size
X-Traceid
X-HITS
X-WA
X-MSEdge-Flight
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-App
X-CACHE-AGE
X-Reqid
X-MSEdge-Features
X-Via-CDN
Environment
Sid
X-Datadog-Parent-Id
X-Varnish-Beresp-TTL
X-DynaTrace-JS-Agent
X-VHOST
X-Via-Ucdn
X-BBC-Origin-Response-Status
X-NodeID
X-VCL-Version
X-API-Version
X-Gdpr
X-Cache-Config
X-Nyt-Route
X-Origin-Time
X-ServerName
Rt-Fastcgi-Cache
Cluster
X-Server-IP
VivaBuild
Viewtype
X-Cdn-Forward
CF-Cached-On
X-Pod-Name
X-Edge-Pop
X-Correlation-ID
Datacenter
X-ElasticPress-Query
Candidate-Md5Url
X-Wix-Viewer-Type
X-ND-Cache
Cf-Ipcountry
Machine
X-HS-Status
X-LI-Proto
Web-Mar-Region
X-ServedByHost
Server-Id
X-Akamai-Pragma-Client-IP
X-Cache-Var
X-Cache-Var-Map
N-Cache
CDN
FSS-Cache
On-Server
X-Cs
X-Dynatrace-Js-Agent
X-CCM
X-FTR-Backend
X-Oss-Server-Time
X-Country-Code-Real
Proxy-Connection
X-NGINX-Cache
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
Xc-Version
X-FTR-Realm
X-Oss-Object-Type
X-Oss-Storage-Class
X-Swa-Ws
X-Lb-Id
GeoIP-Latitude
X-URL
X-Check-Cacheable
WZWS-RAY
Mime-Version
GeoIP-Country-Code
Tracecode
Ohc-Cache-HIT
X-Xrds-Location
X-CSRF-TOKEN
X-Esi
Cdn
X-Via-PopN
X-IN-APIGATEWAYSSL
X-Fastly-Backend-Reqs
Servername
X-Varnish-Cacheable
X-Via-PopV
Onion-Location
X-Via-PopH
X-IN-APIGATEWAY
WWW-Authenticate
X-Fastly-Request-Id
X-Cache-Backend
X-EIG-Tracking-Id
X-Swift-Error
X-VC
X-Pjax-Url
X-CUA
Instruction
CountryCode
Cteonnt-Length
X-SN
X-Region-Sid
SR-User-Adfree
URI
X-FTR-Expires
X-Webkit-CSP-Report-Only
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-FORWARDED-FOR
X-UnsetCookies
X-LiteSpeed-Cache-Control
X-Varnish-Authentication
CACHE
Server-Ttl
X-Provided-By
X-Air-Pt
X-Depends-On
X-Acquia-Application-Trace
W
X-Action
ServerName
Ohc-Response-Time
X-Fastly-Cache-Hits
X-Core-Mission
X-DB
X-Acquia-Purge-Tags
X-Acquia-Site
X-Cache-Expires
X-Acquia-Application-UUID
Lfy
Warning
X-Fpc
X-ElasticPress-Search
X-RSL
X-RPS
Redirect-Candidate
X-Request-Start
X-TIM-N
X-Tid
X-Snapshot-Date
X-StackifyID
WP-Super-Cache
X-Pad
Shield-Pop
X-Dw-Trace-Id
X-DI
X-SB
X-Webstats-RespID
X-DSS
X-Matched-Rule
X-RPM
X-Pf-Uncompressing
X-Yottaa-OS
X-DW
CloudFront-Viewer-Country
Xet-Cookie
X-FPC
X-Varnish-URL
X-MiniProfiler-Ids
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Cache-Status-Check
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Mg-Request-Id
X-RAMCache
X-Cdn-Origin
X-Cdn-Request-ID
X-Tt-Logid
X-Sn-Servicetimems
X-TH-Server
Content-Style-Type
Content-Script-Type
X-C
Vha6-Origin