Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
X-XSS-Protection
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Request-ID
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Robots-Tag
Server-Timing
Request-Context
X-Dns-Prefetch-Control
X-Ws-Request-Id
X-Server
X-AH-Environment
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Device
X-Pingback
X-Server-Id
EagleEye-TraceId
X-Vhost
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Dispatcher
NEL
X-Host
X-CST
X-Node
Allow
Surrogate-Control
X-WebKit-CSP
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Response-Time
X-Akam-SW-Version
X-Readtime
Xkey
Accept-CH
X-HW
X-Country
Content-Location
X-Ac
X-Application-Context
Accept-Ch-Lifetime
X-Language
X-Ruxit-JS-Agent
Rating
X-Template
MS-Author-Via
X-Webkit-CSP
X-Url
X-Cache-Lookup
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-B3-TraceId
Edge-Control
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
Accept-Ch
X-Trace
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-Varnish-TTL
X-Cnection
X-Origin-Cache
Accept-CH-Lifetime
X-Rack-Cache
X-ASPNET-VERSION
X-D2id
Arr-Disable-Session-Affinity
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
Verso
X-Country-Code
X-Goog-Hash
X-VARITI-CCR
X-Cached
X-Server-Name
X-Powered-By-Plesk
X-Vcap-Request-Id
X-Navigation-Version
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
X-FastCGI-Cache
Service-Worker-Allowed
X-Fastly-Request-ID
X-Buckets
X-Sol
X-Middleton-Display
X-Middleton-Response
Response
Pagespeed
Display
X-ORACLE-DMS-ECID
RTSS
Access-Control-Request-Method
X-Ttl
X-Element-Page-Cache
X-MSEdge-Ref
X-Cache-TTL
X-Powered-CMS
X-NF-Request-ID
X-Dw-Request-Base-Id
Public-Key-Pins
X-Upstream
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
X-Litespeed-Cache
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
SPIisLatency
SPRequestDuration
X-TTL
X-Ruxit-Js-Agent
Realpath
X-Accel-Expires
X-SharePointHealthScore
SPRequestGuid
X-Jurisdiction
X-T
X-HP-Webp
X-Px
X-Oneagent-Js-Injection
X-Release
X-MCACHE
X-Forwarded-Proto
X-Mid
X-PressLabs-Stats
X-Mg-S
X-ECACHE
Charset
X-Correlation-Id
X-Content-Security-Policy-Report-Only
X-Edge-Location-Klb
X-Recruiting
X-Shield-Request-Id
X-Ezoic-Cdn
TP-Cache
TP-L2-Cache
Edge-Cache-Tag
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Fastcgi-Cache
X-ORACLE-DMS-RID
X-DynaTrace
X-Amz-Server-Side-Encryption
X-Id
X-Content-Digest
X-Request-Processing-Time
X-Request-Received
Filters
Cache-Tags
Content-MD5
X-Logged-In
Server-Node
Alternate-Protocol
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Kraken-Loop-Name
Front-End-Https
X-Forwarded-For
Nginx-Cache
X-XRDS-LOCATION
Server-Name
X-WebKit-CSP-Report-Only
X-Origin-Upstream-Status
X-Amzn-Trace-Id
X-Cache-Key
Fusion-Component-Id
AR-ATIME
AR-Request-ID
Ar-Sid
AR-PoweredBy
AR-CACHE
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
X-Origin-Server
X-Grace
X-Fastcgi-Cache
X-Contextid
X-Amz-Replication-Status
X-Geo-Country
X-F-Cache
TCN
X-Rid
X-Az
X-Activity-Id
X-AppVersion
Host
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Cache-Config
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-HS-Hub-Id
X-HS-Combine-CSS
Cleartype
X-Frontend
X-Www-Served-By
X-Protected-By
Section-Io-Cache
X-Hostname
X-LB-Cache
X-Debug-Info
X-Ser
MicrosoftSharePointTeamServices
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Request-Handler-Origin-Region
X-Microsite
X-Page-Id
X-Cache-Age
X-RateLimit-Remaining
X-Git-Hash
X-Varnish-Age
Accept-Charset
X-Hits
X-Aspnetmvc-Version
X-Respond-Thread
X-Upgrade-Enabled
X-Source
ServerID
X-DIS-Request-ID
Paypal-Debug-Id
X-NWS-LOG-UUID
X-VCache
X-Mobile-URL
X-N
X-Content-Options
X-Varnish-Backend
X-B-Cache
X-Varnish-Grace
X-Signature
X-XRDS-Location
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-B3-Sampled
X-Request-Guid
X-Providence-Cookie
X-Route-Name
X-Whom
Access-Control-Allow-Method
X-Kong-Upstream-Latency
Nel
X-Kong-Proxy-Latency
X-FB-Debug
Healthy
Payment
X-Cache-Action
X-TT
X-App-Environment
X-Seen-By
Node
Viewport
X-CACHE-GROUP
X-Daa-Tunnel
X-AOL-HN
X-Type
X-Load-Cache
Fastcgi-Useragent
Version
MS-CV
X-Server-ID
DC
X-Mobile
X-Cache-Expired-At
Filterid
X-IPLB-Instance
X-Distributor
X-Webkit-Csp
X-HTML-Minification-Powered-By
X-Yandex-Sdch-Disable
DynaTrace
X-Cache-Control
X-FireWall-Port
SRV
X-Response-Served-From
X-Debug
X-Original-Request-Id
Retry-After
X-Jobs
Refresh
X-Instance
X-Real-IP
X-Accel-Buffering
X-Varnish-Server
X-Proxy-Cache-Status
X-Tt-Trace-Host
X-Tt-Trace-Tag
NGB
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-ProcessESI
X-RemovedCookies
X-UUID
X-Page-View
X-Device-Type
X-Region
X-Ab
X-Proxy
X-IPS-LoggedIn
Ms-Operation-Id
X-Debug-IsPreview
X-Content-Powered-By
X-RTag
X-Debug-IsConnected
X-Cache-Time
X-Cluster-Name
Cache
X-Cacheable-TTL
X-B
Access-Control-Request-Headers
X-Framework
Uber-Trace-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Frame-Options
X-Adobe-Content
X-Adobe-Loc
X-Wix-Request-Id
X-G
X-User-Agent
X-FW-Serve
X-FW-Static
X-FW-Hash
X-FW-Dynamic
X-FW-Type
X-FW-Server
X-Zen-Fury
Countrycode
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-Cache-Hit
Surrogate-Key
Cache-Status
X-Nginx-Cache
X-Vgn-Hpd-Reason
X-Time
X-App-Version
X-Drupal-Cache-Tags
Eomportal-Instance
Country
X-NGENIX-Cache
X-Azure-Ref
X-App-Server
X-Is-Bot
X-Rendered-As
X-TA-CDN-Provider
X-EdgeConnect-Cache-Status
X-RateLimit-Limit
CF-IPCountry
S-Cnection
X-Drupal-Cache-Contexts
X-Rule
X-Mg-Request-UUID
AMP-Access-Control-Allow-Source-Origin
X-Cache-Rule
Liferay-Portal
Referer-Policy
X-Ms-Request-Id
X-Ms-Version
X-Oracle-Dms-Rid
X-Yottaa-Optimizations
Meta-Geo
Selected-Fe
X-ES-SERVER
X-JoinUs
X-Yottaa-Metrics
From-Origin
X-Proxy-Build
X-RN-RSRV
X-UPSTREAM-Address
X-SaId
Xserver
X-Tumblr-Pixel-2
X-Varnishpool
X-Timing-Wait
X-Sorting-Hat-ShopId
X-Cached-By
X-Handled-By
X-Cache-TTL-Remaining
X-Via-Fastly
Country-Code
X-TNCMS
X-Loop
SD-X-WS
X-Storefront-Renderer-Rendered
Protected
X-No-Session
X-Backend-Host
X-Xfnlog-Site
ServedBy
X-PHP-Backend
X-Sorting-Hat-PodId
X-Shopify-Stage
X-R9-Blue-Green-Version
X-Pubstack
X-Alternate-Cache-Key
X-Endurance-Cache-Level
X-Cache-Server
X-ShardId
X-ShopId
Akamai-GRN
Decoy-Debug-Status
Azure-SiteName
Decoy-Debug-TTL
Fastly-SSL
X-Human
Cache-Tv-Group
Azure-InstanceId
Decoy-Debug-Key
X-VWS-Id
X-L-Path
X-Environment-Context
X-Varnish-Hostname
X-Be
Azure-SlotName
X-Cache-PHP
Cache-Name
Azure-Version
X-OCL
X-SayCDN-TTL
X-Say-TTL
Webcakes-App-Version
Webcakes-App-Name
X-Server-W
X-Say-Cacheable
X-S-Maxage
X-Node-Name
X-Cache-Operation
X-Proto
Webcakes-Region
X-Request-Time
TWC-Privacy
TWC-Locale-Group
X-NYM-Debug-Backend
Azure-RegionName
Property-Id
X-LJ-Flow-ID
X-LAGOON
X-Origin-Hint
X-PCL
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-AWS-Id
TWC-Connection-Speed
X-Backend-Name
X-Access
X-Hl-Ver
X-Sql-Count
X-PHP-Host
X-Labrador-Cache-Channel
X-Sql-Duration-Ms
Apigw-Requestid
X-Origin-Date
X-Status
X-Hyper-Cache
X-Section
X-Dc
X-ProxyCache-Status
X-BYPASS-REASON
X-RCS-CacheZone
X-Redis-Cache
X-ProxyCache-Key
X-Format
X-PERF
X-Akamai-Edgescape
X-ApacheServer
X-UA-Device-Type
X-Hosted-By
X-GG-Cache-Date
X-FB-TRIP-ID
Mn-Server-Ip
X-Uri
X-CDN-Forward
X-Adobe-Source
X-Varnish-Beresp-Grace
X-Web-Node
X-Trace-Id
X-Content-Age
X-MP-GENERATED-AT
X-WA-Info
X-ATG-Version
X-B3-SpanId
X-FW-Version
X-Ua-Device
Amp-Access-Control-Allow-Source-Origin
X-Cache-Enabled
X-SRV
X-Revision
X-CSRF-Token
X-CACHE-KEY
X-Soup
X-Mode
X-Edge-Location
X-Info
Backend
X-ServerID
X-Time-Microsecs
X-Tumblr-Pixel-3
Who
X-Cache-Type
X-Bc-Bl
X-Cache-NGX
X-Varnish-Ttl
X-Debug-Cache
X-Microcachable
X-Varnish-Beresp-Status
X-CS
X-Akamai-Transformed
X-Platform
X-Storage
X-Detected-As
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-APP-VERSION
X-Azure-Ref-OriginShield
X-CLOUD-TRACE-CONTEXT
X-TT-LOGID
DataCenter
Web-Mar-Node
X-Cache-Host
X-Via-JSL
X-Amzn-RequestId
X-Amz-Apigw-Id
X-DataDome
X-Amzn-Remapped-Content-Length
X-Generation-Time
X-Aws-Lambda-Call-Status
X-Varnish-Cache-Hits
X-Datadome
X-Unique-ID
X-Extlb
Server-Info
X-Locale
X-Varnish-Hits
Geo-Info
X-Ratelimit-Limit
X-Pass-Why
X-Site-Version
Cross-Origin-Opener-Policy
OT-Force-Account-Verify
X-Ratelimit-Remaining
X-Origin-TTL
X-B3-Traceid
X-AIR-PT
X-Origin-CC
X-Cluster-Node
X-Processor
CDN-Cache
X-CF-Lambda-Fn
X-Proxy-Upstream
Meta-Geo-Continent
X-PAYTM-SRV-ID
X-PBS-Appsvrname
Mobile-Detection-Method
X-CF-Lambda-Version
Fastly-Backend-Name
X-Magnolia-Registration
Expiry
X-D
X-Core-Value
X-Location
X-Level-Front-Cache
X-Destination
X-Generated-On
Host-ID
Fastcgi-X-Cache-Version
X-Developer
BehaviorPad-Version
User-Cache-Control
M-TraceId
X-NAPM-TraceId
X-Cms-Context
CDCHOST
X-Air-Hostname
X-Air-Source
X-Connection-Hash
X-Geo-Header
Odigeo-Trace-Id
X-Air-Trace-Id
MD5-Digest
Apple-News-Services-Parsed-Url
X-From
X-Application
X-Aed
X-Varnish-Url
Surrogated-Key
A
X-ARC
X-Thanos
DCR-Decision-By
X-B-Cookie
X-A-Ccd
X-EC-Lua
Apple-News-Services-Request-Url
X-Vdms-Path
X-A-Dcw
X-A-Dam
Apple-News-Services-Handled
X-Vtex-Remote-Cache
X-A-Dgt
X-Vtex-Processado-Em
X-A-Wwc
X-External-Request-Id
X-Vdms-Version
T-Server
X-VG-WebCache
X-VG-WebServer
DCR-Processing-Time-Ms
Ec-Rule-Version
CDN-RequestCountryCode
X-TX-ID
X-Rewrite-Enabled
X-Cache-Bucket
X-Rojux
Apple-News-Services-Host
X-Request-URI
Content-Disposition
X-Ratelimit-Reset
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
X-S
X-S-Cookie
X-A
X-Bip
X-BCube-Filmed-By
X-SRCache-Key
X-Sucuri-ID
CDN-Uid
X-Session-Fingerprint
CDN-RequestId
X-ScT
Rendered-Blocks
X-Service
X-Cache-NE
Tcn
Count-Hit
X-Cluster
GEO-INFO
X-Parallel-Accel
X-Tb
X-Varnish-Beresp-Ttl
X-Forwarded-Site
X-Fmm-Version
Esi-Enabled
X-Fastly-Cache
Pagetype
X-Branch-Name
X-Cache-Debug
PFcat
X-Cache-Info
Req-Svc-Chain
Server-Host
UCS
X-Accel-Expires-Debug
X-Aicache-OS
X-Backend-State
Path
Memcached
X-Envoy-Decorator-Operation
Gh-Request-Id
X-Epic-Correlation-Id
Fastly-SWR
X-Developers
X-Date
X-Clara-WADP
X-Clientip
Location
Fastly-SIE
X-Men
X-Is-Gdpr
X-JWT-State
X-WADP-Cache
X-Rebelmouse-Cache-Control
X-Origin
X-Rebelmouse-Surrogate-Control
X-VG-TLSProxy
X-Served-From
X-NU-AKA-ACS-Version
X-Amz-Meta-S3cmd-Attrs
X-TrackingId
X-Micro-Cache
X-VarnishDD-TTL
X-Var-Ttl
X-Hash
X-HN
X-Platform-Server
X-Generated-By
Cache-Host
CacheControlHeader
X-Scheme
Cmsid
X-Gamma-Serve
X-Req
X-Request-UUID
X-Request-Host
X-GoCache-CacheStatus
Cmstype
AKAMAI
X-Has-Esi
X-NWS-UUID-VERIFY
X-Servername
Upgrade-Insecure-Requests
X-Cache-Grace
X-Block-Status
X-Sigma
X-SVT-ORM-VERSION
X-Sigma-Backend
X-Slack-Backend
X-SVT-ORM-RULES
X-VC-Cache
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
State
My-App
X-Variation
X-Viewer-Country
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Thinkindot-L3
X-Owner
X-DPWN-IS-SECURE
X-Hnp-Log
X-HS-Content-Campaign-Id
X-Device-Os
X-Irp-Debug
X-Esi-Check
X-Eu-Site
X-Gen-Mode
X-Fastly-Backend
X-Generated-In
X-Gzip
X-Li-Fabric
X-Li-Pop
X-RateLimit-Limit-Second
X-Policy
X-Cache-Tags
X-RateLimit-Remaining-Second
X-Cache-Id
X-Origin-Expires
X-Old-Content-Length
X-Csrf-Jwt
X-LI-UUID
Vix-Hermes-Req-Id
X-Mvc-Supplant-Cachable
X-Rocket-Build-Number
X-CGP
Origin
Arc-Version
C-Via
NM-Fastcgi-Cache
PB-PID
PB-RID
Arc-Country
Platform
Pics-Label
NGX
Cache-Key
L5d-Success-Class
L
HA-Ipaddr
Is-Eu
Ha-Gx-Prefs
Fastly-Drupal-HTML
Mail-Subject
Cf-Device-Type
DSUID
Kp-EeAlive
Adler-Geo
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
True-Client-Country-4JS
Webserver
Svr
TDXMobile
X-Forwarded-Host
Source
X-Nginx-Cache-Key
X-FC-Vary-Parameters
X-Fetched-On
CPC-Cache
X-Via-NSCOPI
X-Minions-Version
IsBot
X-PF-Uncompressing
Fastcgi-Cache-TTL
X-VServer
CPC-Age
X-Loc
X-User
X-Varnish-CookieHashed-On
VNS-Age
X-GeoIP-City
X-Skip-Cache
X-GeoIP
X-Varnish-CookieINHashed-On
X-SIPLIST1
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Qloud-Router
X-Varnish-Remaining-TTL
X-Planisys-CDN-Rules
Locid
Server-Hostname
VNS-Cache
Sever-Int
Server-Ext
V-Age
X-DefHash
Release
X-DefElseHash
X-TraceId
X-Goog-Meta-Goog-Reserved-File-Mtime
Url
X-Mvc-Supplant-OutputCached
SID
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Via-Poph
X-Via-Popn
X-Via-Popv
NtCoent-Length
X-OVcl
Cache-Hits
X-PJAX-URL
X-Unique-Id
X-Vc
X-OVcl-Cache
X-Zone
X-Ua
X-Tenant
X-Forwarded-Path
X-Shop-Environment
X-Orig-Expires
Powered-By-ChinaCache
DB-Nickname
S-Rt
Cf-Bgj
X-Refresh
X-Backend-TTL
X-Cache-Ttl
Cross-Origin-Window-Policy
Magicmarker
X-Geo
XServer
Geoip-Latitude
X-NC
MIME-Version
X-Ftr-Request-Id
GeoIp-Country-Code
X-Internal-Host
X-LB-ID
X-TIME
X-ID
X-GEO
X-NCache
X-Method
Time
Memory
X-Dispatcher-Server
Content-Secure-Policy
HostName
X-Conf
WebServer
X-ZONE
X-BBC-Edge-Cache-Status
X-Srv
X-HP-Trace-Id
X-Ckpd-Fst-Backend
X-Worker
X-IP
Server-ID
Ssr
X-Auto-Login
X-Li-Proto
X-Servedbyhost
X-Newrelic-Synthetics
X-V-Cache
X-Nc
LB
X-LSADC-Cache
Hostname
X-M-Log
X-NewRelic-App-Data
X-Render-Time
X-M-Reqid
X-Vcl-Version
X-Rocket-Nginx-Serving-Static
X-Trv-Group
X-Qnm-Cache
X-Platform-Processor
X-DC
X-Correlation-ID
X-Tb-Optimization-Total-Bytes-Saved
X-Platform-Cluster
X-Platform-Router
X-Node-Id
X-HostName
Resin-Trace
X-FTR-Request-ID
Env
X-APP
X-Wa
X-App
X-Cache-Remote
X-SD-PageType
X-Origin-Response-Time
X-Tx-Id
Ohc-File-Size
X-Traceid
X-MSEdge-Features
X-WA
Environment
X-Cdn-Forward
X-MSEdge-Flight
X-HITS
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Reqid
X-Dynatrace
X-Via-CDN
X-HOST
X-Datadog-Parent-Id
Sid
X-CACHE-AGE
X-VHOST
X-DynaTrace-JS-Agent
X-Varnish-Beresp-TTL
X-API-Version
X-Cache-Config
X-NodeID
X-VCL-Version
X-Gdpr
X-Origin-Time
X-Via-Ucdn
X-Nyt-Route
X-BBC-Origin-Response-Status
X-ServerName
X-Pod-Name
VivaBuild
Viewtype
Cluster
CF-Cached-On
Rt-Fastcgi-Cache
X-Server-IP
X-Edge-Pop
Datacenter
X-ND-Cache
X-Wix-Viewer-Type
Machine
X-ElasticPress-Query
Cf-Ipcountry
X-HS-Status
Candidate-Md5Url
X-LI-Proto
X-ServedByHost
Server-Id
X-Cs
Web-Mar-Region
CDN
On-Server
X-Cache-Var
X-Akamai-Pragma-Client-IP
N-Cache
FSS-Cache
X-Cache-Var-Map
X-Dynatrace-Js-Agent
X-CCM
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
Proxy-Connection
X-Oss-Storage-Class
X-NGINX-Cache
X-FTR-Realm
X-FTR-Backend
Xc-Version
X-Country-Code-Real
X-Swa-Ws
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-Oss-Hash-Crc64ecma
X-Check-Cacheable
X-Lb-Id
Tracecode
Mime-Version
X-URL
GeoIP-Latitude
WZWS-RAY
GeoIP-Country-Code
Ohc-Cache-HIT
X-Esi
X-CSRF-TOKEN
X-Xrds-Location
X-EIG-Tracking-Id
X-IN-APIGATEWAYSSL
Servername
X-Fastly-Request-Id
X-Swift-Error
X-CUA
WWW-Authenticate
Onion-Location
X-Varnish-Cacheable
X-Cache-Backend
X-IN-APIGATEWAY
X-Via-PopV
X-Via-PopN
X-VC
Cdn
X-Pjax-Url
X-Fastly-Backend-Reqs
X-Via-PopH
X-ECache
Instruction
CountryCode
X-SN
SR-User-Adfree
Cteonnt-Length
X-FTR-Expires
URI
X-Region-Sid
X-Webkit-CSP-Report-Only
X-Varnish-Authentication
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-FORWARDED-FOR
Server-Ttl
X-Provided-By
X-UnsetCookies
X-Tt-Logid
X-Air-Pt
X-Depends-On
CACHE
X-LiteSpeed-Cache-Control
X-Acquia-Site
X-Acquia-Purge-Tags
ServerName
Ohc-Response-Time
Lfy
X-Core-Mission
X-Fastly-Cache-Hits
X-Cache-Expires
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Redirect-Candidate
X-Fpc
X-RSL
X-Request-Start
X-StackifyID
X-TIM-N
X-Tid
X-RPS
X-RPM
X-Action
W
X-DB
X-DI
X-DW
X-DSS
Shield-Pop
CloudFront-Viewer-Country
X-ElasticPress-Search
Warning
X-Webstats-RespID
X-SB
X-Dw-Trace-Id
X-Pf-Uncompressing
X-Yottaa-OS
WP-Super-Cache
X-Snapshot-Date
X-Pad
X-Matched-Rule
X-Cdn-Origin
X-RAMCache
X-Sn-Servicetimems
X-Cdn-Request-ID
X-C
Xet-Cookie
X-FPC
PICS-Label
X-Mg-Request-Id
X-MiniProfiler-Ids
X-Hcs-Proxy-Type
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
Vha6-Origin
X-Cache-Status-Check
X-CCDN-Origin-Time
Content-Script-Type
X-CCDN-CacheTTL
X-TH-Server
Content-Style-Type