Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Ua-Compatible
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
Server-Timing
X-Robots-Tag
Request-Context
X-Server
X-AH-Environment
X-Ws-Request-Id
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-UA-Device
Grace
X-Varnish-Cache
X-Page-Speed
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
X-Pingback
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
Cf-Railgun
EagleEye-TraceId
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
X-CST
NEL
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Response-Time
X-Akam-SW-Version
X-Readtime
Xkey
Accept-CH
X-HW
X-Country
Content-Location
Accept-Ch-Lifetime
X-Ac
X-Application-Context
X-Language
X-Webkit-CSP
X-Template
Rating
MS-Author-Via
X-Ruxit-JS-Agent
X-Url
X-Mod-Pagespeed
X-Cache-Lookup
X-Cloud-Trace-Context
X-B3-TraceId
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
Accept-Ch
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-GitHub-Request-Id
X-Content-Type
X-ASPNET-VERSION
Fastly-Restarts
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-D2id
X-Exp-Id
X-Cdn-Fetch
Arr-Disable-Session-Affinity
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Country-Code
Verso
X-Goog-Hash
X-VARITI-CCR
Accept-CH-Lifetime
X-Cached
X-Powered-By-Plesk
X-Server-Name
X-Vcap-Request-Id
X-Navigation-Version
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-Fastly-Request-ID
X-Buckets
X-Middleton-Display
Pagespeed
X-Middleton-Response
Response
X-Sol
Display
X-FastCGI-Cache
RTSS
X-ORACLE-DMS-ECID
Access-Control-Request-Method
X-Element-Page-Cache
X-MSEdge-Ref
X-Cache-TTL
X-Powered-CMS
X-Ttl
X-NF-Request-ID
X-Dw-Request-Base-Id
Public-Key-Pins
X-Upstream
X-Version
X-Litespeed-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-TTL
X-Ruxit-Js-Agent
SPRequestDuration
SPIisLatency
X-Oneagent-Js-Injection
Realpath
X-Accel-Expires
SPRequestGuid
X-Release
X-SharePointHealthScore
X-T
X-Jurisdiction
X-HP-Webp
X-ECACHE
X-Correlation-Id
X-Forwarded-Proto
X-Mid
X-MCACHE
X-Px
X-PressLabs-Stats
X-Mg-S
Charset
X-Recruiting
X-Content-Security-Policy-Report-Only
X-Edge-Location-Klb
X-Ezoic-Cdn
X-Shield-Request-Id
TP-L2-Cache
TP-Cache
Edge-Cache-Tag
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-DynaTrace
X-Id
X-ORACLE-DMS-RID
Filters
X-Content-Digest
X-Request-Processing-Time
X-Request-Received
Cache-Tags
Content-MD5
Alternate-Protocol
X-Logged-In
Server-Node
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Kraken-Loop-Name
X-Forwarded-For
Front-End-Https
Nginx-Cache
Server-Name
X-XRDS-LOCATION
X-WebKit-CSP-Report-Only
AR-Request-ID
Ar-Sid
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Origin-Upstream-Status
X-Amzn-Trace-Id
X-Fastcgi-Cache
Fusion-Template-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
X-Origin-Server
X-Grace
X-Cache-Key
X-Amz-Replication-Status
X-Contextid
X-F-Cache
X-Geo-Country
X-Rid
Host
X-AppVersion
X-Activity-Id
X-Az
X-GUploader-UploadID
X-HS-Cache-Config
X-HS-Hub-Id
X-Goog-Stored-Content-Length
X-HS-Content-Id
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
TCN
X-Goog-Generation
X-HS-Combine-CSS
Cleartype
X-Frontend
X-Www-Served-By
Section-Io-Cache
X-Protected-By
X-Hostname
X-LB-Cache
X-Debug-Info
X-Ser
MicrosoftSharePointTeamServices
X-RateLimit-Remaining
X-Aspnetmvc-Version
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Request-Handler-Origin-Region
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Microsite
X-Cache-Age
X-Varnish-Age
X-Page-Id
X-Git-Hash
Accept-Charset
X-Hits
X-Respond-Thread
X-XRDS-Location
X-Upgrade-Enabled
X-DIS-Request-ID
Nel
X-Source
ServerID
X-Mobile-URL
Paypal-Debug-Id
X-N
X-Varnish-Backend
X-NWS-LOG-UUID
X-VCache
X-Content-Options
X-Signature
X-Varnish-Grace
X-B-Cache
X-CACHE-GROUP
X-B3-Sampled
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Route-Name
X-Request-Guid
X-Providence-Cookie
Healthy
Access-Control-Allow-Method
Payment
X-FB-Debug
X-Whom
X-Cache-Action
X-App-Environment
X-TT
X-Seen-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Viewport
Node
X-AOL-HN
X-Type
X-Daa-Tunnel
X-Load-Cache
X-Server-ID
Fastcgi-Useragent
MS-CV
Version
DC
X-Mobile
X-Webkit-Csp
X-Cache-Expired-At
X-IPLB-Instance
Filterid
X-HTML-Minification-Powered-By
X-Distributor
X-FireWall-Port
DynaTrace
X-Cache-Control
SRV
X-Debug
X-Yandex-Sdch-Disable
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
Refresh
X-Instance
Retry-After
X-Jobs
X-Real-IP
X-ProcessESI
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-RemovedCookies
X-UUID
X-Tumblr-User
X-Varnish-Server
X-Tumblr-Pixel-1
X-Proxy-Cache-Status
NGB
X-Proxy
X-Debug-IsPreview
X-Tt-Trace-Tag
Ms-Operation-Id
X-Content-Powered-By
X-Tt-Trace-Host
X-Debug-IsConnected
X-Page-View
X-Device-Type
X-IPS-LoggedIn
Cache
X-Region
X-RTag
X-B
X-Cache-Time
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Access-Control-Request-Headers
X-Framework
Uber-Trace-Id
X-Cluster-Name
X-Cacheable-TTL
X-Wix-Request-Id
X-G
Frame-Options
X-Adobe-Loc
X-Adobe-Content
X-Ab
X-User-Agent
X-FW-Server
X-FW-Static
X-Zen-Fury
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-FW-Type
Countrycode
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Cache-Hit
X-Time
X-App-Version
Surrogate-Key
Cache-Status
X-Vgn-Hpd-Reason
X-Nginx-Cache
Eomportal-Instance
X-Drupal-Cache-Tags
X-RateLimit-Limit
Country
X-App-Server
X-NGENIX-Cache
X-Rendered-As
X-Is-Bot
X-Azure-Ref
X-EdgeConnect-Cache-Status
AMP-Access-Control-Allow-Source-Origin
X-Rule
X-Drupal-Cache-Contexts
X-Oracle-Dms-Rid
X-TA-CDN-Provider
S-Cnection
X-Mg-Request-UUID
CF-IPCountry
X-Cache-Rule
Liferay-Portal
X-Ms-Request-Id
X-Ms-Version
X-UPSTREAM-Address
Meta-Geo
X-ES-SERVER
X-JoinUs
X-Tumblr-Pixel-2
X-Timing-Wait
X-Proxy-Build
From-Origin
X-SaId
Referer-Policy
X-RN-RSRV
X-Yottaa-Metrics
Selected-Fe
X-Yottaa-Optimizations
X-Varnishpool
X-Cached-By
Country-Code
X-Shopify-Stage
X-Loop
X-Endurance-Cache-Level
X-Cache-Server
X-Sorting-Hat-PodId
X-Handled-By
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Via-Fastly
X-ShopId
X-Xfnlog-Site
Protected
X-Pubstack
X-R9-Blue-Green-Version
X-TNCMS
ServedBy
X-PHP-Backend
X-No-Session
X-Alternate-Cache-Key
X-ShardId
X-Cache-TTL-Remaining
X-Backend-Host
Xserver
TWC-Connection-Speed
X-Human
Cache-Tv-Group
X-Cache-PHP
TWC-Privacy
X-LAGOON
X-OCL
X-NYM-Debug-Backend
X-Cache-Operation
X-LJ-Flow-ID
Cache-Name
X-Be
Akamai-GRN
Webcakes-App-Name
Azure-InstanceId
Azure-RegionName
Webcakes-App-Version
Webcakes-Region
Azure-Version
X-AWS-Id
Azure-SlotName
TWC-Locale-Group
SD-X-WS
X-Server-W
X-CDN-Forward
X-SayCDN-TTL
X-Say-TTL
TWC-GeoIP-Country
Property-Id
X-VWS-Id
X-Varnish-Hostname
TWC-Device-Class
X-Say-Cacheable
X-S-Maxage
X-Proto
Decoy-Debug-Key
X-PCL
X-Origin-Hint
Decoy-Debug-Status
Decoy-Debug-TTL
X-Request-Time
TWC-GeoIP-LatLong
Fastly-SSL
Azure-SiteName
X-Hyper-Cache
X-Redis-Cache
X-RCS-CacheZone
X-Section
X-Sql-Count
X-Status
X-Sql-Duration-Ms
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-Backend-Name
X-Hl-Ver
X-Labrador-Cache-Channel
X-PHP-Host
X-Origin-Date
X-Access
X-Format
Apigw-Requestid
X-Environment-Context
X-L-Path
X-ApacheServer
X-Akamai-Edgescape
X-FB-TRIP-ID
X-Node-Name
X-UA-Device-Type
X-Uri
X-PERF
X-Dc
X-GG-Cache-Date
X-Hosted-By
Mn-Server-Ip
X-Adobe-Source
X-Varnish-Beresp-Grace
X-Trace-Id
X-Web-Node
X-MP-GENERATED-AT
X-WA-Info
X-Content-Age
X-Ua-Device
X-ATG-Version
X-B3-SpanId
X-Cache-Enabled
X-CACHE-KEY
X-FW-Version
X-Soup
X-Edge-Location
Amp-Access-Control-Allow-Source-Origin
X-SRV
X-Revision
X-CSRF-Token
X-Mode
Who
Backend
X-Info
X-Time-Microsecs
X-ServerID
X-Tumblr-Pixel-3
X-Bc-Bl
X-CS
X-Cache-NGX
X-Cache-Type
X-Debug-Cache
X-Varnish-Beresp-Status
X-CLOUD-TRACE-CONTEXT
X-Akamai-Transformed
X-Zipkin-Id
X-Proxied
X-Storage
X-Routing-Service
X-TT-LOGID
X-Platform
X-Microcachable
X-Detected-As
X-Datadome
X-Via-JSL
X-Azure-Ref-OriginShield
X-Unique-ID
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Amzn-RequestId
DataCenter
Web-Mar-Node
X-Cache-Host
Geo-Info
X-APP-VERSION
X-Varnish-Cache-Hits
X-Generation-Time
X-Extlb
X-Locale
X-Aws-Lambda-Call-Status
X-DataDome
Server-Info
X-Pass-Why
X-B3-Traceid
X-Site-Version
X-EC-Lua
X-Varnish-Hits
X-Origin-CC
X-Origin-TTL
X-Varnish-Beresp-Ttl
Tcn
X-AIR-PT
A
CDCHOST
X-Generated-On
Apple-News-Services-Request-Url
X-Location
X-Magnolia-Registration
X-Level-Front-Cache
Apple-News-Services-Host
Apple-News-Services-Handled
X-Geo-Header
Apple-News-Services-Parsed-Url
BehaviorPad-Version
X-From
X-Cluster-Node
Host-ID
X-Developer
X-Destination
X-External-Request-Id
Fastly-Backend-Name
Expiry
Rendered-Blocks
X-Cache-Bucket
Fastcgi-X-Cache-Version
X-D
X-Cache-NE
X-Cms-Context
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
M-TraceId
X-CF-Lambda-Version
X-Core-Value
Odigeo-Trace-Id
X-CF-Lambda-Fn
X-Connection-Hash
X-Bip
DCR-Processing-Time-Ms
X-A-Dcw
X-A-Dgt
CDN-RequestCountryCode
X-A-Wwc
X-A-Dam
X-A-Ccd
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
X-A
T-Server
CDN-RequestId
Cross-Origin-Opener-Policy
X-B-Cookie
X-BCube-Filmed-By
DCR-Decision-By
X-ARC
X-Application
CDN-Uid
X-Aed
Surrogated-Key
Content-Disposition
CDN-Cache
X-Ratelimit-Reset
X-VG-WebServer
X-S
X-S-Cookie
X-VG-WebCache
X-Rewrite-Enabled
X-Request-URI
X-Processor
X-Proxy-Upstream
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-ScT
X-Service
X-Vdms-Path
X-Thanos
X-Varnish-Url
OT-Force-Account-Verify
X-Vdms-Version
X-Sucuri-ID
X-Session-Fingerprint
X-Air-Trace-Id
X-SRCache-Key
Ec-Rule-Version
X-PBS-Appsvrname
X-Rojux
X-NAPM-TraceId
X-Air-Hostname
X-PAYTM-SRV-ID
X-Air-Source
X-TX-ID
X-Cluster
X-Ratelimit-Limit
User-Cache-Control
X-Tb
X-Served-From
Fastly-SIE
Fastly-SWR
PFcat
X-Epic-Correlation-Id
X-Platform-Server
Server-Host
X-Backend-State
Esi-Enabled
X-VG-TLSProxy
X-NU-AKA-ACS-Version
Gh-Request-Id
X-VarnishDD-TTL
X-Fastly-Cache
Pagetype
X-Cache-Debug
X-Micro-Cache
X-Clientip
X-Clara-WADP
Memcached
X-TrackingId
Location
X-Men
X-HN
Pics-Label
X-Branch-Name
X-Developers
X-Date
Req-Svc-Chain
X-Envoy-Decorator-Operation
X-Fmm-Version
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-GoCache-CacheStatus
X-Req
X-Aicache-OS
X-Forwarded-Site
Cache-Host
X-Varnish-Ttl
AKAMAI
X-Cache-Info
X-Hash
X-Has-Esi
X-Is-Gdpr
X-WADP-Cache
X-Accel-Expires-Debug
CacheControlHeader
X-Generated-By
X-Gamma-Serve
X-Amz-Meta-S3cmd-Attrs
X-Scheme
Cmsid
Cmstype
X-Var-Ttl
X-Request-Host
UCS
X-Request-UUID
X-Origin
X-JWT-State
Path
GEO-INFO
X-NWS-UUID-VERIFY
X-Cache-Grace
Upgrade-Insecure-Requests
Count-Hit
X-Cache-Id
Wxu-Next-Hostname
X-Viewer-Country
My-App
X-Wikidot-Backend
Wxu-Next-Region
X-Wikidot-Static-Cache
State
Wxu-Next-Commit
X-Block-Status
X-Sigma
X-Policy
X-Hnp-Log
X-HS-Content-Campaign-Id
X-RateLimit-Limit-Second
X-Gzip
We-Hiring
X-RateLimit-Remaining-Second
X-Irp-Debug
X-Owner
X-LI-UUID
X-Mvc-Supplant-Cachable
X-Li-Pop
X-Li-Fabric
X-Origin-Expires
X-Old-Content-Length
X-Generated-In
X-Rocket-Build-Number
X-Csrf-Jwt
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Thinkindot-L3
X-CGP
X-Cache-Tags
X-Variation
X-Device-Os
X-DPWN-IS-SECURE
X-Fastly-Backend
X-Gen-Mode
X-Sigma-Backend
X-Slack-Backend
X-Esi-Check
X-Eu-Site
X-VC-Cache
Vix-Hermes-Req-Id
Origin
Adler-Geo
Arc-Country
NM-Fastcgi-Cache
PB-RID
Svr
Cf-Device-Type
Cache-Key
Is-Eu
Mail-Subject
X-Servername
Arc-Version
C-Via
PB-PID
NGX
X-Parallel-Accel
DSUID
Fastly-Drupal-HTML
Ha-Gx-Prefs
HA-Ipaddr
Kp-EeAlive
True-Client-Country-4JS
L
TDXMobile
L5d-Success-Class
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Platform
Webserver
X-Forwarded-Host
X-Ratelimit-Remaining
X-Fetched-On
X-FC-Vary-Parameters
CPC-Cache
CPC-Age
X-GeoIP
X-Nginx-Cache-Key
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-User
X-Varnish-Remaining-TTL
X-Via-NSCOPI
X-Minions-Version
Fastcgi-Cache-TTL
X-VServer
VNS-Cache
X-SIPLIST1
X-PF-Uncompressing
X-Loc
Source
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Qloud-Router
X-Planisys-CDN-TTL
X-GeoIP-City
X-Skip-Cache
X-DefElseHash
Locid
VNS-Age
Server-Ext
V-Age
Sever-Int
X-DefHash
Release
Server-Hostname
IsBot
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-OVcl-Cache
X-TraceId
X-Mvc-Supplant-OutputCached
X-OVcl
Url
X-Goog-Meta-Goog-Reserved-File-Mtime
SID
NtCoent-Length
DB-Nickname
X-Via-Popn
X-Via-Poph
Cache-Hits
X-Vc
X-Via-Popv
X-PJAX-URL
Cf-Bgj
X-Backend-TTL
X-Shop-Environment
X-Zone
X-Orig-Expires
X-Tenant
Powered-By-ChinaCache
X-Forwarded-Path
X-Refresh
X-Cache-Ttl
Magicmarker
X-Unique-Id
X-Geo
S-Rt
X-Ua
XServer
MIME-Version
Cross-Origin-Window-Policy
X-ID
X-Method
X-Internal-Host
X-Dispatcher-Server
Geoip-Latitude
GeoIp-Country-Code
X-NC
X-LB-ID
X-Ftr-Request-Id
WebServer
Memory
X-Conf
X-NCache
HostName
X-ZONE
Time
X-GEO
X-IP
X-TIME
Content-Secure-Policy
X-BBC-Edge-Cache-Status
X-Srv
Server-ID
X-Servedbyhost
X-Ckpd-Fst-Backend
X-Worker
Ssr
X-Nc
X-Li-Proto
X-Auto-Login
LB
Hostname
X-Newrelic-Synthetics
X-Trv-Group
X-V-Cache
X-NewRelic-App-Data
X-LSADC-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Vcl-Version
X-Node-Id
X-Rocket-Nginx-Serving-Static
X-HostName
X-HP-Trace-Id
X-M-Reqid
X-Qnm-Cache
X-DC
X-Render-Time
X-M-Log
X-FTR-Request-ID
Resin-Trace
X-Wa
X-Origin-Response-Time
Env
X-Platform-Cluster
X-Platform-Processor
X-Tx-Id
X-APP
X-Platform-Router
Ohc-File-Size
X-Traceid
X-MSEdge-Features
X-App
X-MSEdge-Flight
X-CACHE-AGE
Sid
X-HITS
X-SD-PageType
X-Reqid
X-Dynatrace
X-Cache-Remote
X-VHOST
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-VCL-Version
X-WA
X-Via-CDN
Environment
X-DynaTrace-JS-Agent
X-ServerName
X-API-Version
X-Via-Ucdn
X-Origin-Time
VivaBuild
CF-Cached-On
X-Nyt-Route
X-Gdpr
Viewtype
X-Cache-Config
X-BBC-Origin-Response-Status
Rt-Fastcgi-Cache
X-NodeID
X-Varnish-Beresp-TTL
X-Cdn-Forward
Datacenter
X-Correlation-ID
Cluster
X-Pod-Name
X-ND-Cache
X-Edge-Pop
X-Server-IP
X-Wix-Viewer-Type
Machine
Cf-Ipcountry
Candidate-Md5Url
X-ElasticPress-Query
X-LI-Proto
X-HS-Status
X-Akamai-Pragma-Client-IP
Web-Mar-Region
Server-Id
FSS-Cache
X-ServedByHost
On-Server
X-Cs
CDN
N-Cache
X-Dynatrace-Js-Agent
X-CCM
X-Cache-Var
X-Cache-Var-Map
Proxy-Connection
X-NGINX-Cache
X-FTR-DC
X-FTR-Cache-Status
X-Oss-Hash-Crc64ecma
X-FTR-Realm
X-Oss-Request-Id
X-Oss-Object-Type
Xc-Version
X-FTR-Backend-Server
X-FTR-Balancer
X-Oss-Storage-Class
X-FTR-Backend
X-Oss-Server-Time
X-Country-Code-Real
X-Swa-Ws
X-URL
GeoIP-Country-Code
WZWS-RAY
X-Lb-Id
GeoIP-Latitude
Tracecode
X-Check-Cacheable
X-Xrds-Location
X-CSRF-TOKEN
X-Esi
Ohc-Cache-HIT
Cdn
Servername
X-IN-APIGATEWAYSSL
X-Fastly-Request-Id
X-Cache-Backend
X-IN-APIGATEWAY
X-Via-PopH
X-Via-PopN
X-Via-PopV
Mime-Version
X-VC
X-CUA
X-Fastly-Backend-Reqs
X-Pjax-Url
X-Swift-Error
CountryCode
Instruction
X-SN
SR-User-Adfree
X-Varnish-Cacheable
X-EIG-Tracking-Id
WWW-Authenticate
Onion-Location
URI
X-FTR-Expires
X-Region-Sid
X-Webkit-CSP-Report-Only
Cteonnt-Length
X-Provided-By
X-Varnish-Authentication
CACHE
X-Depends-On
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-LiteSpeed-Cache-Control
Server-Ttl
X-UnsetCookies
X-FORWARDED-FOR
X-Air-Pt
X-RPS
X-Fastly-Cache-Hits
Lfy
X-RSL
W
X-Fpc
X-Pf-Uncompressing
X-RPM
X-Snapshot-Date
X-DI
X-Action
X-DSS
X-DW
Ohc-Response-Time
Shield-Pop
X-DB
CloudFront-Viewer-Country
X-Cache-Expires
WP-Super-Cache
X-Acquia-Application-UUID
X-Yottaa-OS
X-ElasticPress-Search
X-Matched-Rule
X-Webstats-RespID
X-Acquia-Application-Trace
X-SB
X-Acquia-Purge-Tags
Warning
X-Pad
X-Core-Mission
X-Acquia-Site
X-Dw-Trace-Id
X-Tid
X-RAMCache
X-StackifyID
X-TIM-N
X-Request-Start
X-MiniProfiler-Ids
Redirect-Candidate
Content-Style-Type
X-Apw-Access-Object
X-TH-Server
X-Mg-Request-Id
X-Cache-Status-Check
X-Sn-Servicetimems
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
Content-Script-Type
X-Apw-Hits
X-Tt-Logid
Vha6-Origin
X-CCDN-Origin-Time
X-Apw-Access-Action
ServerName
X-Cdn-Origin
X-Cdn-Request-ID
X-Apw-Access-Token
X-C