Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
Status
X-Iinfo
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
Request-Context
X-Robots-Tag
Server-Timing
X-Ws-Request-Id
X-Server
X-AH-Environment
X-Ua-Compatible
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
X-Nginx-Cache-Status
EagleId
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
Grace
X-Page-Speed
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-Vhost
X-Host
X-Dispatcher
X-OneAgent-JS-Injection
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-WebKit-CSP
X-Response-Time
X-Readtime
Accept-CH
X-Akam-SW-Version
Xkey
X-HW
X-Country
X-Webkit-CSP
X-Ac
Content-Location
X-Application-Context
X-Language
Accept-Ch-Lifetime
X-Template
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Url
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Ruxit-JS-Agent
X-Clacks-Overhead
X-B3-TraceId
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-GitHub-Request-Id
Accept-CH-Lifetime
Fastly-Restarts
X-Content-Type
X-ASPNET-VERSION
X-Cnection
X-Rack-Cache
X-Origin-Cache
X-D2id
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
Arr-Disable-Session-Affinity
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Country-Code
Verso
X-Goog-Hash
X-VARITI-CCR
X-FastCGI-Cache
Accept-Ch
X-Cached
X-Server-Name
X-Vcap-Request-Id
X-Powered-By-Plesk
X-Navigation-Version
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
X-Buckets
Service-Worker-Allowed
X-ORACLE-DMS-ECID
RTSS
X-Sol
X-Middleton-Response
X-Middleton-Display
Response
Pagespeed
Display
X-Fastly-Request-ID
Access-Control-Request-Method
X-Cache-TTL
X-Ruxit-Js-Agent
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-Ttl
X-NF-Request-ID
X-Oneagent-Js-Injection
X-Upstream
X-Dw-Request-Base-Id
Public-Key-Pins
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-TTL
X-Px
Realpath
SPIisLatency
SPRequestDuration
X-Accel-Expires
X-SharePointHealthScore
SPRequestGuid
X-Edge-Location-Klb
X-HP-Webp
X-Jurisdiction
X-T
X-Mid
X-MCACHE
X-PressLabs-Stats
X-Forwarded-Proto
X-ECACHE
X-Content-Security-Policy-Report-Only
X-Mg-S
X-Release
Charset
X-Recruiting
X-Correlation-Id
X-Shield-Request-Id
Edge-Cache-Tag
X-DynaTrace
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
TP-Cache
TP-L2-Cache
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Ezoic-Cdn
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Id
X-Request-Received
Filters
X-Request-Processing-Time
X-Content-Digest
Server-Node
X-Logged-In
Cache-Tags
X-ORACLE-DMS-RID
Alternate-Protocol
Nginx-Cache
Front-End-Https
Content-MD5
X-Cache-Key
X-Forwarded-For
Server-Name
TCN
X-Litespeed-Cache
X-Origin-Upstream-Status
X-WebKit-CSP-Report-Only
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-Amzn-Trace-Id
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
X-Origin-Server
X-Grace
X-Contextid
X-Hostname
X-Geo-Country
X-Rid
X-XRDS-Location
X-Amz-Replication-Status
X-Activity-Id
X-AppVersion
X-F-Cache
X-Az
Host
X-Goog-Generation
X-HS-Content-Id
X-HS-Cache-Config
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Combine-CSS
Cleartype
X-Server-ID
X-Protected-By
X-Www-Served-By
AR-Request-ID
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-CACHE
X-Frontend
X-XRDS-LOCATION
X-RateLimit-Remaining
X-Debug-Info
Section-Io-Cache
X-LB-Cache
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
MicrosoftSharePointTeamServices
X-Ser
X-Aspnetmvc-Version
X-Tec-Api-Origin
X-Page-Id
X-Tec-Api-Root
X-Git-Hash
X-Tec-Api-Version
X-Cache-Age
X-Varnish-Age
Accept-Charset
X-NWS-LOG-UUID
X-Upgrade-Enabled
X-Respond-Thread
ServerID
X-DIS-Request-ID
Nel
X-Fastcgi-Cache
X-VCache
X-Mobile-URL
X-Hits
X-Request-Handler-Origin-Region
X-Microsite
X-Source
Paypal-Debug-Id
X-Varnish-Backend
X-Content-Options
X-Varnish-Grace
X-CACHE-GROUP
X-B-Cache
X-Signature
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-Route-Name
X-Flags
Healthy
X-Kong-Proxy-Latency
X-Providence-Cookie
X-Is-Crawler
Payment
X-Request-Guid
X-Aspnet-Duration-Ms
X-Whom
X-B3-Sampled
Viewport
X-FB-Debug
X-Daa-Tunnel
X-Cache-Action
X-TT
Node
X-N
X-App-Environment
X-Seen-By
X-AOL-HN
X-Type
X-Load-Cache
Fastcgi-Useragent
Version
X-Mobile
MS-CV
DC
DynaTrace
X-Webkit-Csp
X-Ab
X-Cache-Expired-At
X-HTML-Minification-Powered-By
Filterid
X-Yandex-Sdch-Disable
X-Ua-Device
X-IPLB-Instance
X-Distributor
X-Cache-Control
SRV
Retry-After
X-Original-Request-Id
X-Response-Served-From
X-Real-IP
X-UUID
X-FireWall-Port
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-1
NGB
X-ProcessESI
X-IPS-LoggedIn
Frame-Options
X-RemovedCookies
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Proxy-Cache-Status
X-User-Agent
X-Region
X-Device-Type
X-Cluster-Name
Ms-Operation-Id
X-RTag
X-Proxy
X-Varnish-Server
X-Debug
X-Cache-Time
X-Jobs
X-Debug-IsConnected
Access-Control-Request-Headers
X-Accel-Buffering
X-Page-View
X-Content-Powered-By
Refresh
X-Debug-IsPreview
X-Adobe-Content
Uber-Trace-Id
X-Adobe-Loc
X-Framework
Cache
X-Cacheable-TTL
X-B
VIX-Pulpo-Node
X-G
VIX-Pulpo-Upstream-Status
X-Wix-Request-Id
X-FW-Type
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Zen-Fury
X-FW-Static
X-FW-Server
Countrycode
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
Cache-Status
X-Oracle-Dms-Rid
X-Vgn-Hpd-Reason
X-Cache-Hit
X-TA-CDN-Provider
X-RateLimit-Limit
Surrogate-Key
X-NGENIX-Cache
Country
X-Time
X-App-Version
X-Rendered-As
X-Drupal-Cache-Tags
X-Nginx-Cache
X-Mg-Request-UUID
X-Is-Bot
X-Azure-Ref
X-EdgeConnect-Cache-Status
Eomportal-Instance
S-Cnection
X-App-Server
X-CDN-Forward
X-Ms-Version
X-Cache-Rule
X-Ms-Request-Id
Referer-Policy
SD-X-WS
X-Drupal-Cache-Contexts
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
Liferay-Portal
X-JoinUs
X-Cache-Operation
X-Varnishpool
X-ES-SERVER
X-UPSTREAM-Address
From-Origin
Meta-Geo
X-Proxy-Build
Selected-Fe
X-Timing-Wait
X-RN-RSRV
X-SaId
X-Tumblr-Pixel-2
X-Varnish-Hostname
CF-IPCountry
X-Cache-Server
X-Pubstack
X-R9-Blue-Green-Version
X-Handled-By
ServedBy
X-PHP-Backend
X-Loop
X-Rule
Protected
X-Backend-Host
X-S-Maxage
X-Environment-Context
Azure-InstanceId
X-Via-Fastly
Azure-SlotName
X-GG-Cache-Date
X-No-Session
Azure-RegionName
Azure-SiteName
X-Xfnlog-Site
X-Yottaa-Metrics
X-Request-Time
X-L-Path
Azure-Version
X-Endurance-Cache-Level
X-TNCMS
X-Yottaa-Optimizations
X-LJ-Flow-ID
X-PCL
X-ProxyCache-Status
X-Proto
Cache-Tv-Group
Cache-Name
Country-Code
Fastly-SSL
Property-Id
X-LAGOON
X-ProxyCache-Key
Webcakes-App-Version
X-Shopify-Stage
X-Origin-Hint
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-NYM-Debug-Backend
X-OCL
X-VWS-Id
X-Storefront-Renderer-Rendered
X-Server-W
X-BYPASS-REASON
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Privacy
Webcakes-App-Name
X-Be
X-AWS-Id
Webcakes-Region
X-Human
TWC-Connection-Speed
X-Alternate-Cache-Key
X-Cache-TTL-Remaining
Akamai-GRN
X-Format
X-Cache-PHP
X-Backend-Name
X-Access
X-Origin-Date
X-Say-Cacheable
X-Adobe-Source
X-Section
X-SayCDN-TTL
X-Say-TTL
X-RCS-CacheZone
X-Hl-Ver
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-PHP-Host
X-PERF
X-Labrador-Cache-Channel
X-Hyper-Cache
X-FB-TRIP-ID
X-Varnish-Beresp-Grace
X-UA-Device-Type
X-ApacheServer
Mn-Server-Ip
X-Status
X-Sql-Duration-Ms
Apigw-Requestid
X-Sql-Count
X-Akamai-Edgescape
X-Redis-Cache
X-Uri
X-Hosted-By
X-Dc
X-Trace-Id
X-Cached-By
X-Web-Node
Amp-Access-Control-Allow-Source-Origin
Xserver
X-WA-Info
X-MP-GENERATED-AT
X-ATG-Version
X-Revision
X-Content-Age
X-B3-SpanId
X-FW-Version
X-B3-Traceid
X-Cache-Type
X-Soup
X-Cache-Enabled
X-Time-Microsecs
X-Edge-Location
X-Tumblr-Pixel-3
X-ServerID
X-Mode
X-CSRF-Token
Backend
X-SRV
X-Bc-Bl
X-Info
X-Datadome
X-APP-VERSION
X-Aws-Lambda-Call-Status
X-Microcachable
X-Detected-As
Who
X-Varnish-Beresp-Status
X-Akamai-Transformed
X-Azure-Ref-OriginShield
X-CS
X-Varnish-Cache-Hits
X-Cache-NGX
X-Debug-Cache
X-Platform
X-Generation-Time
X-Zipkin-Id
Web-Mar-Node
X-TT-LOGID
X-Cache-Host
X-Storage
X-Proxied
X-Routing-Service
X-CACHE-KEY
X-Amzn-Remapped-Content-Length
DataCenter
X-Amz-Apigw-Id
X-Varnish-Hits
X-Parallel-Accel
X-Amzn-RequestId
X-Cluster-Node
OT-Force-Account-Verify
GEO-INFO
Count-Hit
Cross-Origin-Opener-Policy
X-Via-JSL
X-Unique-ID
X-Extlb
X-Varnish-Beresp-Ttl
X-Locale
Server-Info
X-Origin-TTL
X-Origin-CC
CDN-Cache
Mobile-Detection-Method
Cache-Host
BehaviorPad-Version
CDCHOST
Odigeo-Trace-Id
Apple-News-Services-Parsed-Url
DCR-Processing-Time-Ms
Req-Svc-Chain
Rendered-Blocks
Content-Disposition
Apple-News-Services-Request-Url
Meta-Geo-Continent
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
Apple-News-Services-Handled
A
Fastly-Backend-Name
Host-ID
M-TraceId
Apple-News-Services-Host
Fastcgi-X-Cache-Version
CDN-Uid
CDN-CachedAt
CDN-EdgeStorageId
DCR-Decision-By
MD5-Digest
Expiry
X-Core-Value
X-Request-URI
X-Ratelimit-Reset
X-Rewrite-Enabled
X-Rojux
X-S
X-Proxy-Upstream
X-Processor
X-Location
X-Level-Front-Cache
X-NAPM-TraceId
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-S-Cookie
X-ScT
X-VG-WebCache
X-Vdms-Version
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Vdms-Path
X-Varnish-Url
X-Session-Fingerprint
X-Service
X-SRCache-Key
X-Sucuri-ID
X-Thanos
X-Geo-Header
X-Generated-On
X-Aed
X-A-Wwc
X-ARC
X-B-Cookie
X-BCube-Filmed-By
X-A-Dgt
X-A-Dcw
T-Server
Surrogated-Key
X-A
X-A-Ccd
X-A-Dam
X-Bip
X-Cache-Bucket
X-Developer
X-Destination
X-Epic-Correlation-Id
X-External-Request-Id
X-From
X-D
X-Connection-Hash
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cms-Context
State
X-Application
X-Air-Hostname
X-Magnolia-Registration
X-Air-Trace-Id
X-Air-Source
X-Servername
Upgrade-Insecure-Requests
X-DataDome
X-AIR-PT
X-Tb
Pagetype
Path
PFcat
X-VHOST
Origin
L
X-Req
X-VG-TLSProxy
Fastly-SWR
Fastly-SIE
X-Rebelmouse-Surrogate-Control
Gh-Request-Id
X-Platform-Server
Kp-EeAlive
X-Rebelmouse-Cache-Control
Memcached
X-Origin
X-Clientip
X-Cache-Debug
X-GoCache-CacheStatus
X-Branch-Name
X-Date
X-Aicache-OS
X-Envoy-Decorator-Operation
X-Developers
X-Minions-Version
X-Has-Esi
X-Backend-State
X-JWT-State
UCS
X-Varnish-Ttl
X-NU-AKA-ACS-Version
X-Is-Gdpr
X-Accel-Expires-Debug
X-Site-Version
X-Hash
X-HN
Server-Host
Pics-Label
X-Sigma
X-Served-From
X-Scheme
Cmsid
X-Var-Ttl
X-Sigma-Backend
X-VarnishDD-TTL
AKAMAI
X-TrackingId
Cmstype
CacheControlHeader
Fastcgi-Cache-TTL
X-Request-UUID
Esi-Enabled
X-Rocket-Build-Number
X-EC-Lua
User-Cache-Control
Thinkindot-CacheControl-Type
X-Request-Host
Thinkindot-Control
True-Client-Country-4JS
X-Micro-Cache
X-Men
TDXMobile
X-Thinkindot-L3
X-Ratelimit-Limit
C-Via
Svr
X-Loc
Thinkindot-CacheControl
Adler-Geo
X-Generated-In
Arc-Country
Arc-Version
Source
X-Clara-WADP
X-SVT-ORM-RULES
X-CGP
X-Generated-By
Fastly-Drupal-HTML
X-Gamma-Serve
X-Csrf-Jwt
X-SVT-ORM-VERSION
We-Hiring
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
X-WADP-Cache
X-Cache-Info
Ha-Gx-Prefs
Mail-Subject
X-Policy
Cf-Device-Type
X-Eu-Site
Ec-Rule-Version
X-Cache-Grace
X-Fastly-Backend
X-Fastly-Cache
X-Amz-Meta-S3cmd-Attrs
Is-Eu
X-RateLimit-Remaining-Second
HA-Ipaddr
L5d-Success-Class
Location
X-RateLimit-Limit-Second
NGX
My-App
Platform
X-DPWN-IS-SECURE
PB-RID
X-Variation
DSUID
X-Origin-Expires
X-Device-Os
PB-PID
X-VC-Cache
X-Viewer-Country
X-Fmm-Version
X-Forwarded-Site
NM-Fastcgi-Cache
X-Cache-Tags
X-NWS-UUID-VERIFY
X-Cluster
Geo-Info
X-Pass-Why
X-TX-ID
X-Varnish-CookieINHashed-On
X-GeoIP
X-DefHash
X-User
X-Varnish-CookieHashed-On
X-Esi-Check
X-FC-Vary-Parameters
X-Varnish-Remaining-TTL
X-Fetched-On
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-DefElseHash
X-Gen-Mode
X-SIPLIST1
Release
X-Forwarded-Host
Webserver
X-VServer
Server-Ext
Cache-Key
Server-Hostname
X-Via-NSCOPI
X-Owner
IsBot
CPC-Age
Locid
X-Qloud-Router
SID
X-PF-Uncompressing
Sever-Int
X-Cache-Id
X-Hnp-Log
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Skip-Cache
X-Gzip
X-GeoIP-City
X-Block-Status
X-Li-Fabric
X-Li-Pop
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-LI-UUID
Vix-Hermes-Req-Id
VNS-Cache
VNS-Age
CPC-Cache
X-Ua
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
V-Age
X-Shop-Environment
X-Unique-Id
Powered-By-ChinaCache
S-Rt
X-Old-Content-Length
X-Tenant
X-Orig-Expires
X-Goog-Meta-Goog-Reserved-File-Mtime
Url
X-Forwarded-Path
X-Slack-Backend
Cache-Hits
Cross-Origin-Window-Policy
XServer
X-PJAX-URL
MIME-Version
X-Vc
X-Planisys-CDN-Cache
X-Mvc-Supplant-OutputCached
X-Planisys-CDN-Rules
NtCoent-Length
X-Refresh
X-Planisys-CDN-TTL
X-Ratelimit-Remaining
X-TraceId
X-Cache-Ttl
X-OVcl
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-OVcl-Cache
X-Ftr-Request-Id
X-HP-Trace-Id
Content-Secure-Policy
X-Conf
X-NC
Cf-Bgj
X-TIME
X-Internal-Host
X-ID
DB-Nickname
X-Backend-TTL
X-ZONE
Tcn
X-Zone
X-BBC-Edge-Cache-Status
Memory
Magicmarker
X-Srv
Time
X-GEO
X-Geo
WebServer
Geoip-Latitude
X-Ckpd-Fst-Backend
X-NCache
X-Worker
X-Servedbyhost
X-LB-ID
GeoIp-Country-Code
X-Method
X-Auto-Login
Server-ID
X-Dispatcher-Server
X-NewRelic-App-Data
Hostname
X-LSADC-Cache
HostName
Ssr
X-Rocket-Nginx-Serving-Static
X-IP
X-Render-Time
X-V-Cache
X-CLOUD-TRACE-CONTEXT
X-Qnm-Cache
X-Wa
X-M-Log
X-M-Reqid
X-Platform-Processor
X-Platform-Cluster
X-Tb-Optimization-Total-Bytes-Saved
X-Platform-Router
X-Tx-Id
X-Li-Proto
Resin-Trace
X-SD-PageType
X-Traceid
X-DC
LB
X-Cache-Remote
X-App
X-Newrelic-Synthetics
X-Correlation-ID
X-Datadog-Trace-Id
X-Nc
X-Trv-Group
X-Datadog-Sampling-Priority
Environment
X-Datadog-Parent-Id
Ohc-File-Size
X-Gdpr
X-Nyt-Route
X-VCL-Version
X-Origin-Time
X-Cache-Config
X-API-Version
X-BBC-Origin-Response-Status
X-Vcl-Version
X-NodeID
X-Via-CDN
X-MSEdge-Flight
X-MSEdge-Features
X-Node-Id
X-Dynatrace
X-HITS
X-CACHE-AGE
X-Origin-Response-Time
X-Edge-Pop
X-Pod-Name
X-Via-Ucdn
Env
X-Server-IP
Cluster
X-APP
Cf-Ipcountry
X-ServerName
Sid
X-ElasticPress-Query
Candidate-Md5Url
X-Reqid
X-Varnish-Beresp-TTL
X-DynaTrace-JS-Agent
Datacenter
X-LI-Proto
X-ND-Cache
CF-Cached-On
X-Wix-Viewer-Type
X-WA
X-FTR-Request-ID
X-HostName
X-Cache-Var-Map
X-Cache-Var
X-HS-Status
Viewtype
Rt-Fastcgi-Cache
VivaBuild
X-Fastly-Request-Id
N-Cache
Web-Mar-Region
X-Cs
X-Cdn-Forward
X-Akamai-Pragma-Client-IP
X-Dynatrace-Js-Agent
CDN
Machine
X-NGINX-Cache
Server-Id
GeoIP-Latitude
Proxy-Connection
X-CSRF-TOKEN
Servername
GeoIP-Country-Code
FSS-Cache
X-Lb-Id
On-Server
X-Webkit-CSP-Report-Only
X-ServedByHost
X-Fastly-Backend-Reqs
X-Via-PopH
X-Via-PopV
X-URL
X-Swa-Ws
X-Via-PopN
X-Check-Cacheable
WWW-Authenticate
X-EIG-Tracking-Id
WZWS-RAY
Onion-Location
Cdn
X-Varnish-Cacheable
X-Xrds-Location
Ohc-Cache-HIT
X-Esi
X-FTR-Backend-Server
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Cache-Backend
X-FTR-Balancer
Xc-Version
X-FTR-Realm
X-FTR-DC
X-Oss-Object-Type
X-VC
X-Oss-Hash-Crc64ecma
X-FTR-Cache-Status
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Pjax-Url
X-FTR-Backend
X-Country-Code-Real
X-ECache
X-CCM
Cteonnt-Length
Tracecode
CountryCode
X-Swift-Error
Mime-Version
URI
X-SN
X-Dw-Trace-Id
X-FORWARDED-FOR
X-CUA
X-Air-Pt
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
CACHE
X-Tt-Logid
X-Request-Start
Redirect-Candidate
X-Fpc
X-TIM-N
Instruction
Xet-Cookie
X-ElasticPress-Search
Ohc-Response-Time
X-Tid
X-Fastly-Cache-Hits
X-StackifyID
Shield-Pop
X-RSL
X-DW
X-RPM
X-DSS
X-DI
X-FTR-Expires
X-Action
X-DB
X-RPS
Warning
X-LiteSpeed-Cache-Control
SR-User-Adfree
Server-Ttl
WP-Super-Cache
X-Yottaa-OS
X-Pf-Uncompressing
X-SB
X-Region-Sid
X-Snapshot-Date
X-Webstats-RespID
X-Apw-Access-Object
Is-Us
X-Amz-Meta-Cb-Modifiedtime
X-UnsetCookies
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Apw-Access-Action
X-TH-Server
X-Up
X-Mg-Request-Id
ServerName
X-Cache-Status-Check
X-C
X-Pad
Vha6-Origin
X-Apw-Hits
X-Apw-Access-Token
X-Cache-Expires
X-Depends-On
X-MiniProfiler-Ids
X-Hcs-Proxy-Type