Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Robots-Tag
X-Dns-Prefetch-Control
Server-Timing
Request-Context
X-Ws-Request-Id
X-Server
X-AH-Environment
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
X-Pingback
X-Server-Id
X-Styx-Req-Id
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Vhost
Cf-Railgun
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
X-WebKit-CSP
Request-Id
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Akam-SW-Version
X-Readtime
Xkey
Accept-CH
X-HW
X-Country
Content-Location
X-Ac
X-Application-Context
Accept-Ch-Lifetime
X-Language
X-Ruxit-JS-Agent
Rating
X-Template
MS-Author-Via
X-Webkit-CSP
X-Url
X-Cache-Lookup
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-B3-TraceId
X-Vname
Edge-Control
X-PC
X-TtlSet
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
Accept-Ch
X-Trace
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-Varnish-TTL
X-Cnection
X-Origin-Cache
X-Rack-Cache
Accept-CH-Lifetime
X-ASPNET-VERSION
X-D2id
X-Kinja-Revision
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
Arr-Disable-Session-Affinity
X-Kinja
X-Kinja-Build
X-Exp-Id
X-Country-Code
Verso
X-Goog-Hash
X-VARITI-CCR
X-Cached
X-Server-Name
X-Powered-By-Plesk
X-Vcap-Request-Id
X-Navigation-Version
Cache-Tag
X-Amz-Rid
X-Abt-Application-Version
X-FastCGI-Cache
X-Client-IP
X-Fastly-Request-ID
Service-Worker-Allowed
X-Middleton-Response
X-Sol
X-Middleton-Display
Display
Pagespeed
Response
X-Buckets
X-ORACLE-DMS-ECID
RTSS
Access-Control-Request-Method
X-Ttl
X-MSEdge-Ref
X-Cache-TTL
X-Element-Page-Cache
X-Powered-CMS
X-NF-Request-ID
Public-Key-Pins
X-Dw-Request-Base-Id
X-Upstream
X-Oneagent-Js-Injection
X-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
X-Litespeed-Cache
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
SPIisLatency
SPRequestDuration
X-TTL
X-Ruxit-Js-Agent
X-Accel-Expires
Realpath
SPRequestGuid
X-SharePointHealthScore
X-Px
X-T
X-Jurisdiction
X-HP-Webp
X-Release
X-Mid
X-MCACHE
X-Forwarded-Proto
X-Correlation-Id
X-PressLabs-Stats
X-Mg-S
X-ECACHE
Charset
X-Content-Security-Policy-Report-Only
X-Edge-Location-Klb
X-Recruiting
X-Shield-Request-Id
X-Ezoic-Cdn
TP-L2-Cache
TP-Cache
Edge-Cache-Tag
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Id
X-Content-Digest
X-Request-Processing-Time
Filters
X-Request-Received
Cache-Tags
X-DynaTrace
Content-MD5
Server-Node
Alternate-Protocol
X-Logged-In
X-ORACLE-DMS-RID
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Instrumentation
X-Forwarded-For
Front-End-Https
Nginx-Cache
X-XRDS-LOCATION
Server-Name
X-WebKit-CSP-Report-Only
X-Origin-Upstream-Status
X-Amzn-Trace-Id
AR-ATIME
AR-CACHE
Fusion-Source
AR-PoweredBy
AR-Request-ID
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
Ar-Sid
Fusion-Template-Id
X-Origin-Server
X-Grace
X-Fastcgi-Cache
X-Amz-Replication-Status
X-Geo-Country
X-Contextid
X-Rid
X-F-Cache
TCN
X-Activity-Id
X-Az
X-AppVersion
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
Host
X-Cache-Key
X-HS-Combine-CSS
Cleartype
X-Frontend
X-Www-Served-By
X-Protected-By
Section-Io-Cache
X-Hostname
X-LB-Cache
X-Debug-Info
X-Ser
MicrosoftSharePointTeamServices
X-Tec-Api-Origin
X-Tec-Api-Version
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Tec-Api-Root
X-Browser-Type
X-Request-Handler-Origin-Region
X-Microsite
X-Cache-Age
X-Page-Id
X-Git-Hash
X-RateLimit-Remaining
X-Varnish-Age
Accept-Charset
X-Hits
X-Respond-Thread
X-Aspnetmvc-Version
X-Upgrade-Enabled
X-Source
X-DIS-Request-ID
X-Mobile-URL
ServerID
Paypal-Debug-Id
X-N
X-Varnish-Backend
X-NWS-LOG-UUID
X-B-Cache
X-Signature
X-Varnish-Grace
X-Content-Options
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Flags
X-Request-Guid
X-Route-Name
X-Providence-Cookie
X-XRDS-Location
X-B3-Sampled
Payment
Nel
X-Whom
X-FB-Debug
X-Kong-Proxy-Latency
X-App-Environment
X-Cache-Action
Healthy
X-Kong-Upstream-Latency
Access-Control-Allow-Method
X-TT
X-VCache
X-Seen-By
X-CACHE-GROUP
Viewport
Node
X-AOL-HN
X-Daa-Tunnel
X-Type
X-Load-Cache
Fastcgi-Useragent
MS-CV
Version
X-Server-ID
DC
X-Mobile
Filterid
X-Cache-Expired-At
X-IPLB-Instance
X-Distributor
X-HTML-Minification-Powered-By
X-Webkit-Csp
X-Cache-Control
DynaTrace
X-FireWall-Port
X-Yandex-Sdch-Disable
X-Debug
X-Response-Served-From
Retry-After
X-Original-Request-Id
X-Jobs
Refresh
X-Real-IP
X-Tumblr-Pixel-0
X-Instance
X-Tt-Trace-Tag
X-Tumblr-Pixel-1
X-Tumblr-User
X-ProcessESI
X-Accel-Buffering
NGB
X-Tumblr-Pixel
X-Proxy-Cache-Status
X-UUID
X-Tt-Trace-Host
X-RemovedCookies
SRV
X-Device-Type
X-Varnish-Server
X-Debug-IsConnected
X-Content-Powered-By
X-RTag
Ms-Operation-Id
X-Debug-IsPreview
X-Proxy
X-Page-View
X-Cluster-Name
X-Cacheable-TTL
Access-Control-Request-Headers
Cache
VIX-Pulpo-Node
X-Cache-Time
X-IPS-LoggedIn
X-Region
VIX-Pulpo-Upstream-Status
X-Framework
X-B
X-Ab
Uber-Trace-Id
Frame-Options
X-Adobe-Loc
X-Wix-Request-Id
X-Adobe-Content
X-G
X-User-Agent
X-FW-Static
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Dynamic
X-FW-Hash
X-Zen-Fury
Countrycode
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Id
X-Cache-Hit
X-Time
Surrogate-Key
X-Vgn-Hpd-Reason
Cache-Status
X-Oracle-Dms-Rid
X-Nginx-Cache
X-App-Version
X-Drupal-Cache-Tags
Eomportal-Instance
X-NGENIX-Cache
Country
X-App-Server
X-Rendered-As
AMP-Access-Control-Allow-Source-Origin
X-Is-Bot
X-Azure-Ref
X-EdgeConnect-Cache-Status
X-TA-CDN-Provider
X-RateLimit-Limit
X-Rule
X-Drupal-Cache-Contexts
CF-IPCountry
S-Cnection
X-Cache-Rule
X-Mg-Request-UUID
X-Ms-Version
X-Ms-Request-Id
Liferay-Portal
Referer-Policy
From-Origin
X-Proxy-Build
X-Varnishpool
X-ES-SERVER
Selected-Fe
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-JoinUs
X-SaId
X-RN-RSRV
X-Timing-Wait
X-Tumblr-Pixel-2
Meta-Geo
X-UPSTREAM-Address
ServedBy
X-R9-Blue-Green-Version
X-Pubstack
X-Cached-By
Protected
X-PHP-Backend
X-Storefront-Renderer-Rendered
X-TNCMS
X-Backend-Host
X-Loop
SD-X-WS
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Handled-By
X-Endurance-Cache-Level
X-Cache-Server
Xserver
X-No-Session
X-Shopify-Stage
X-ShardId
X-Alternate-Cache-Key
Country-Code
X-Via-Fastly
X-ShopId
Azure-Version
Cache-Name
Azure-InstanceId
Cache-Tv-Group
X-Environment-Context
Azure-RegionName
Azure-SiteName
X-L-Path
Azure-SlotName
X-Cache-TTL-Remaining
X-Say-TTL
X-Varnish-Hostname
X-VWS-Id
X-Xfnlog-Site
X-Be
X-LJ-Flow-ID
X-Human
X-Cache-PHP
X-LAGOON
X-OCL
X-Server-W
X-Proto
Decoy-Debug-TTL
Decoy-Debug-Status
X-Request-Time
X-PCL
X-SayCDN-TTL
X-Say-Cacheable
X-S-Maxage
Decoy-Debug-Key
X-AWS-Id
X-Cache-Operation
Webcakes-App-Version
Webcakes-Region
X-Backend-Name
X-BYPASS-REASON
X-Dc
Webcakes-App-Name
TWC-Locale-Group
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
X-Node-Name
X-Redis-Cache
X-ProxyCache-Status
X-CACHE-KEY
X-Sql-Count
X-Sql-Duration-Ms
X-ProxyCache-Key
X-PHP-Host
X-Hyper-Cache
X-Hl-Ver
X-Labrador-Cache-Channel
X-Origin-Date
X-Origin-Hint
Fastly-SSL
X-NYM-Debug-Backend
Apigw-Requestid
Akamai-GRN
X-Akamai-Edgescape
X-FB-TRIP-ID
X-Section
X-Access
X-RCS-CacheZone
X-Status
X-Hosted-By
X-Uri
X-Format
X-UA-Device-Type
X-GG-Cache-Date
X-ApacheServer
X-PERF
X-Varnish-Beresp-Grace
X-Adobe-Source
X-CDN-Forward
Mn-Server-Ip
X-Web-Node
X-WA-Info
X-Trace-Id
X-MP-GENERATED-AT
X-Content-Age
X-ATG-Version
X-Ua-Device
X-FW-Version
X-B3-SpanId
X-Cache-Enabled
X-SRV
X-Revision
X-CSRF-Token
X-Soup
X-Mode
X-Edge-Location
X-ServerID
X-Info
Backend
Amp-Access-Control-Allow-Source-Origin
X-Time-Microsecs
X-Tumblr-Pixel-3
Who
X-Bc-Bl
X-TT-LOGID
X-Cache-Type
X-Cache-NGX
X-Akamai-Transformed
X-Microcachable
X-Varnish-Beresp-Status
X-Datadome
X-CS
X-Debug-Cache
X-Storage
X-Varnish-Ttl
X-Platform
X-Detected-As
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-CLOUD-TRACE-CONTEXT
X-APP-VERSION
X-Azure-Ref-OriginShield
X-Cache-Host
Web-Mar-Node
DataCenter
X-Via-JSL
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Varnish-Cache-Hits
X-Generation-Time
X-Amz-Apigw-Id
X-Aws-Lambda-Call-Status
X-Unique-ID
X-Extlb
Server-Info
X-Locale
X-Varnish-Hits
X-Ratelimit-Limit
Geo-Info
X-Site-Version
Cross-Origin-Opener-Policy
OT-Force-Account-Verify
X-Pass-Why
X-DataDome
X-Origin-CC
X-Ratelimit-Remaining
X-B3-Traceid
X-AIR-PT
X-Cluster-Node
X-Origin-TTL
CDN-CachedAt
Meta-Geo-Continent
CDN-Cache
Odigeo-Trace-Id
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
Rendered-Blocks
Expiry
DCR-Decision-By
Content-Disposition
CDN-RequestId
A
BehaviorPad-Version
CDN-Uid
M-TraceId
MD5-Digest
Host-ID
CDN-PullZone
CDN-RequestCountryCode
Fastly-Backend-Name
CDN-EdgeStorageId
X-CF-Lambda-Version
X-Geo-Header
X-Generated-On
X-Level-Front-Cache
X-Location
X-NAPM-TraceId
X-From
X-External-Request-Id
X-D
X-Destination
X-Thanos
X-Developer
X-Sucuri-ID
X-SRCache-Key
X-S-Cookie
X-ScT
X-S
X-Ratelimit-Reset
X-Rewrite-Enabled
X-Service
X-Session-Fingerprint
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Proxy-Upstream
X-Vdms-Path
X-Core-Value
X-A-Wwc
X-A-Dgt
X-Aed
X-Application
X-ARC
X-A-Dcw
X-Vtex-Remote-Cache
T-Server
X-A
X-A-Ccd
X-A-Dam
X-B-Cookie
X-BCube-Filmed-By
X-VG-WebServer
X-Cms-Context
X-Connection-Hash
X-VG-WebCache
X-Vdms-Version
X-Rojux
X-CF-Lambda-Fn
X-Bip
X-Cache-Bucket
X-Cache-NE
X-Vtex-Processado-Em
Surrogated-Key
Mobile-Detection-Method
X-EC-Lua
X-Air-Source
User-Cache-Control
X-Air-Trace-Id
X-Magnolia-Registration
Ec-Rule-Version
X-TX-ID
X-Air-Hostname
Count-Hit
X-Varnish-Beresp-Ttl
Tcn
X-Cluster
X-Parallel-Accel
X-Tb
Fastly-SIE
X-Branch-Name
Fastly-SWR
X-Varnish-Url
Gh-Request-Id
X-VG-TLSProxy
X-Generated-By
Server-Host
Cmstype
Cmsid
Req-Svc-Chain
X-Platform-Server
X-Aicache-OS
Path
Esi-Enabled
X-Rebelmouse-Cache-Control
X-Request-URI
X-Scheme
X-TrackingId
X-Request-UUID
Memcached
X-Var-Ttl
Location
UCS
X-Rebelmouse-Surrogate-Control
X-Gamma-Serve
X-Served-From
X-Accel-Expires-Debug
X-Request-Host
X-Req
Pagetype
X-Cache-Info
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Clara-WADP
Apple-News-Services-Request-Url
X-NU-AKA-ACS-Version
X-Origin
X-Date
AKAMAI
X-Epic-Correlation-Id
X-JWT-State
X-Is-Gdpr
X-Forwarded-Site
X-Fmm-Version
X-Fastly-Cache
X-Has-Esi
X-Hash
X-GoCache-CacheStatus
Apple-News-Services-Handled
X-WADP-Cache
CDCHOST
X-Amz-Meta-S3cmd-Attrs
X-Men
X-Clientip
CacheControlHeader
X-Micro-Cache
Cache-Host
Upgrade-Insecure-Requests
GEO-INFO
X-Servername
X-Cache-Grace
X-NWS-UUID-VERIFY
X-Owner
Thinkindot-Control
X-Cache-Tags
X-Sigma-Backend
True-Client-Country-4JS
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Li-Pop
X-Sigma
Svr
X-Fastly-Backend
TDXMobile
X-Irp-Debug
Vix-Hermes-Req-Id
X-Policy
X-Developers
X-Device-Os
Webserver
X-LI-UUID
X-Backend-State
X-Cache-Debug
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Origin-Expires
X-Old-Content-Length
X-Rocket-Build-Number
X-Block-Status
X-Cache-Id
We-Hiring
X-Esi-Check
Platform
Mail-Subject
X-Gen-Mode
Adler-Geo
Fastly-Drupal-HTML
X-VC-Cache
State
My-App
X-Li-Fabric
X-Variation
Arc-Country
C-Via
Cache-Key
X-Viewer-Country
Is-Eu
Arc-Version
X-VarnishDD-TTL
Cf-Device-Type
Kp-EeAlive
X-Thinkindot-L3
X-Gzip
Pics-Label
NGX
PB-RID
DSUID
X-Mvc-Supplant-Cachable
X-HS-Content-Campaign-Id
X-Slack-Backend
X-Hnp-Log
PB-PID
PFcat
Origin
X-HN
NM-Fastcgi-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Source
X-PF-Uncompressing
X-VServer
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Loc
X-CGP
X-GeoIP
X-Nginx-Cache-Key
X-Eu-Site
Fastcgi-Cache-TTL
X-Minions-Version
X-FC-Vary-Parameters
X-Fetched-On
X-Wikidot-Static-Cache
X-Planisys-CDN-TTL
X-Csrf-Jwt
X-Wikidot-Backend
X-DefElseHash
X-DefHash
X-GeoIP-City
X-Qloud-Router
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
CPC-Age
L
L5d-Success-Class
VNS-Cache
VNS-Age
Server-Ext
X-SIPLIST1
Sever-Int
X-Skip-Cache
V-Age
Release
IsBot
X-Varnish-CookieHashed-On
Ha-Gx-Prefs
Server-Hostname
X-Via-NSCOPI
X-Generated-In
CPC-Cache
X-RateLimit-Remaining-Second
HA-Ipaddr
X-RateLimit-Limit-Second
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-TraceId
X-Forwarded-Host
Locid
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Mvc-Supplant-OutputCached
Url
SID
X-User
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Unique-Id
X-Via-Popn
X-Via-Poph
X-OVcl
NtCoent-Length
Cache-Hits
X-Vc
X-Via-Popv
X-OVcl-Cache
X-PJAX-URL
X-Zone
X-Tenant
X-Ua
S-Rt
X-Shop-Environment
DB-Nickname
X-Forwarded-Path
X-Orig-Expires
X-Refresh
Cf-Bgj
Powered-By-ChinaCache
X-Backend-TTL
Magicmarker
X-Cache-Ttl
Cross-Origin-Window-Policy
X-Geo
XServer
MIME-Version
Geoip-Latitude
GeoIp-Country-Code
X-LB-ID
X-Internal-Host
X-Ftr-Request-Id
X-NC
X-ID
X-Conf
HostName
X-Dispatcher-Server
X-Method
X-GEO
Time
Content-Secure-Policy
Memory
WebServer
X-BBC-Edge-Cache-Status
X-ZONE
X-NCache
X-Worker
X-HP-Trace-Id
X-Ckpd-Fst-Backend
X-Srv
X-IP
X-TIME
X-Servedbyhost
Server-ID
Ssr
X-Li-Proto
X-Auto-Login
X-Newrelic-Synthetics
X-Dynatrace
X-Nc
X-LSADC-Cache
LB
Hostname
X-V-Cache
X-Vcl-Version
X-M-Reqid
X-Render-Time
X-NewRelic-App-Data
X-Trv-Group
X-Rocket-Nginx-Serving-Static
X-Qnm-Cache
X-M-Log
X-Tb-Optimization-Total-Bytes-Saved
X-Node-Id
Resin-Trace
X-Platform-Processor
X-Platform-Cluster
X-DC
X-Platform-Router
X-HostName
X-APP
X-Origin-Response-Time
X-SD-PageType
X-FTR-Request-ID
X-Wa
Env
X-Tx-Id
X-Cache-Remote
Ohc-File-Size
X-Traceid
X-HITS
X-CACHE-AGE
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-MSEdge-Flight
X-Datadog-Parent-Id
X-Reqid
X-App
X-Via-CDN
X-WA
Environment
X-MSEdge-Features
Sid
X-Varnish-Beresp-TTL
X-DynaTrace-JS-Agent
X-Cdn-Forward
X-VHOST
X-NodeID
X-Via-Ucdn
X-Origin-Time
X-Gdpr
X-BBC-Origin-Response-Status
X-Cache-Config
X-API-Version
X-Nyt-Route
X-VCL-Version
X-ServerName
CF-Cached-On
VivaBuild
X-Server-IP
Cluster
Viewtype
X-Edge-Pop
Rt-Fastcgi-Cache
X-Correlation-ID
Datacenter
X-Pod-Name
X-HS-Status
X-Wix-Viewer-Type
Candidate-Md5Url
Machine
Cf-Ipcountry
X-ND-Cache
X-ElasticPress-Query
Server-Id
X-ServedByHost
Web-Mar-Region
X-LI-Proto
X-Cs
X-Cache-Var
CDN
On-Server
X-Akamai-Pragma-Client-IP
FSS-Cache
N-Cache
X-Cache-Var-Map
X-Dynatrace-Js-Agent
X-CCM
X-Oss-Storage-Class
Proxy-Connection
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-NGINX-Cache
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Country-Code-Real
X-Swa-Ws
X-FTR-Realm
X-FTR-Cache-Status
X-Oss-Object-Type
X-FTR-DC
Xc-Version
X-Oss-Request-Id
X-Lb-Id
GeoIP-Latitude
GeoIP-Country-Code
WZWS-RAY
Tracecode
Mime-Version
X-URL
X-Check-Cacheable
X-Esi
Ohc-Cache-HIT
X-Xrds-Location
X-CSRF-TOKEN
X-Via-PopN
X-Pjax-Url
X-IN-APIGATEWAY
X-Fastly-Request-Id
X-Via-PopV
X-EIG-Tracking-Id
X-CUA
X-IN-APIGATEWAYSSL
X-Cache-Backend
X-Fastly-Backend-Reqs
X-Swift-Error
X-Varnish-Cacheable
Cdn
Onion-Location
X-Via-PopH
X-VC
Servername
WWW-Authenticate
Cteonnt-Length
CountryCode
X-ECache
Instruction
URI
X-Region-Sid
X-SN
X-FTR-Expires
SR-User-Adfree
X-Webkit-CSP-Report-Only
X-FORWARDED-FOR
CACHE
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Air-Pt
X-UnsetCookies
X-Depends-On
X-Provided-By
Server-Ttl
X-LiteSpeed-Cache-Control
X-Cache-ASPX
X-Vcache
X-TIM-N
X-RPS
X-Action
X-DB
X-DI
Shield-Pop
ServerName
X-Fastly-Cache-Hits
Ohc-Response-Time
X-DSS
X-DW
X-Request-Start
X-StackifyID
Redirect-Candidate
X-Fpc
X-RPM
X-RSL
X-Tid
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Snapshot-Date
X-Acquia-Application-UUID
W
X-Acquia-Site
X-Cache-Expires
X-Pad
X-Matched-Rule
X-Core-Mission
WP-Super-Cache
Lfy
CloudFront-Viewer-Country
X-Webstats-RespID
X-Pf-Uncompressing
X-SB
X-Yottaa-OS
X-Dw-Trace-Id
Warning
X-ElasticPress-Search
Srv
Xet-Cookie
X-Cdn-Request-ID
X-FPC
X-RAMCache
X-Cdn-Origin
X-Varnish-URL
X-Apw-Access-Object
X-Mg-Request-Id
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Tt-Logid
X-C
X-MiniProfiler-Ids
X-TH-Server
X-CCDN-CacheTTL
X-Cache-Status-Check
Content-Style-Type
Content-Script-Type
X-Apw-Access-Action
X-Apw-Access-Token
Vha6-Origin
X-Apw-Hits
X-Sn-Servicetimems