Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-Request-ID
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-DNS-Prefetch-Control
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
Server-Timing
X-Robots-Tag
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
X-Amz-Request-Id
EagleId
X-Nginx-Cache-Status
X-Dns-Prefetch-Control
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
X-Device
Ali-Swift-Global-Savetime
EagleEye-TraceId
NEL
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
Cf-Railgun
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
X-Server-Id
X-CST
Allow
X-Cache-Spec
X-Node
Surrogate-Control
Request-Id
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Webkit-CSP
Accept-CH
X-Readtime
X-Response-Time
X-Akam-SW-Version
X-WebKit-CSP
Xkey
X-HW
Accept-Ch-Lifetime
X-Country
X-Application-Context
X-Language
X-Ac
Content-Location
X-Ruxit-JS-Agent
MS-Author-Via
X-Template
X-Cloud-Trace-Context
Rating
X-Cache-Lookup
X-Url
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-Clacks-Overhead
X-PC
X-TtlSet
X-Vname
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
Accept-CH-Lifetime
X-Content-Type
X-GitHub-Request-Id
X-ASPNET-VERSION
Fastly-Restarts
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-FastCGI-Cache
X-D2id
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Country-Code
Verso
X-Goog-Hash
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-Server-Name
X-Vcap-Request-Id
X-Cached
Accept-Ch
X-Buckets
Cache-Tag
X-Navigation-Version
X-Amz-Rid
Service-Worker-Allowed
X-Abt-Application-Version
X-Client-IP
X-Powered-By-Plesk
X-ORACLE-DMS-ECID
X-Fastly-Request-ID
RTSS
Access-Control-Request-Method
X-Powered-CMS
X-MSEdge-Ref
X-Sol
X-Element-Page-Cache
X-Middleton-Response
Display
Pagespeed
Response
X-Middleton-Display
X-Cache-TTL
Public-Key-Pins
X-Server-ID
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Upstream
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Px
X-Version
X-Ttl
X-TTL
S
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
X-LLID
Realpath
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Accel-Expires
X-Oneagent-Js-Injection
SPIisLatency
SPRequestDuration
X-ECACHE
SPRequestGuid
X-SharePointHealthScore
X-Jurisdiction
X-HP-Webp
X-T
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Instrumentation
X-Mid
X-MCACHE
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Cache-Key
X-Forwarded-Proto
X-PressLabs-Stats
X-DynaTrace
Pinterest-Generated-By
X-Correlation-Id
Pinterest-Version
X-Pinterest-Rid
X-Ruxit-Js-Agent
Edge-Cache-Tag
X-Recruiting
Fastcgi-Cache
Charset
X-Amz-Server-Side-Encryption
TP-L2-Cache
TP-Cache
Nginx-Cache
X-Mg-S
X-Content-Digest
X-Request-Received
X-XRDS-Location
X-Request-Processing-Time
X-Id
X-ORACLE-DMS-RID
X-Ezoic-Cdn
Front-End-Https
Filters
TCN
Server-Node
X-Logged-In
Alternate-Protocol
X-Release
Cache-Tags
X-Forwarded-For
Content-MD5
X-Litespeed-Cache
Fusion-Component-Id
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-Geo-Country
X-Amzn-Trace-Id
X-Origin-Upstream-Status
X-Hostname
X-Origin-Server
X-Grace
Server-Name
X-Protected-By
Cleartype
X-Rid
X-Www-Served-By
X-RateLimit-Remaining
X-Amz-Replication-Status
X-F-Cache
Host
X-Contextid
X-Az
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Activity-Id
X-AppVersion
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Debug-Info
X-LB-Cache
X-WebKit-CSP-Report-Only
Section-Io-Cache
X-Frontend
X-Erf-Bev-Bev
X-NWS-LOG-UUID
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
MicrosoftSharePointTeamServices
X-Git-Hash
X-Ser
X-Aspnetmvc-Version
X-Page-Id
X-Cache-Age
X-Respond-Thread
X-Upgrade-Enabled
X-Daa-Tunnel
X-Content-Options
X-VCache
Accept-Charset
X-Source
X-Varnish-Age
X-Hits
X-DIS-Request-ID
Paypal-Debug-Id
X-Mobile-URL
ServerID
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-Varnish-Grace
X-Varnish-Backend
X-CACHE-GROUP
Viewport
X-Kong-Proxy-Latency
X-Signature
X-B-Cache
Healthy
X-Is-Crawler
X-Flags
X-Route-Name
X-Cache-Action
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Request-Guid
AR-Request-ID
Ar-Sid
X-B3-Sampled
X-Whom
X-FB-Debug
AR-CACHE
AR-PoweredBy
Payment
AR-ATIME
X-TT
Node
X-AOL-HN
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-App-Environment
X-N
X-Seen-By
Version
X-Load-Cache
X-Type
DynaTrace
DC
Fastcgi-Useragent
X-Mobile
X-Fastcgi-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Yandex-Sdch-Disable
X-XRDS-LOCATION
MS-CV
X-HTML-Minification-Powered-By
X-Ab
X-Distributor
X-Cache-Expired-At
Retry-After
X-Cache-Control
SRV
Frame-Options
X-Tt-Trace-Tag
X-Tt-Trace-Host
Filterid
X-User-Agent
X-IPLB-Instance
X-Response-Served-From
X-Original-Request-Id
X-Tumblr-User
X-UUID
X-Tumblr-Pixel-1
X-RemovedCookies
X-Instance
X-ProcessESI
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Proxy-Cache-Status
X-IPS-LoggedIn
X-Cluster-Name
X-Debug-IsConnected
X-Varnish-Server
X-Adobe-Loc
X-Adobe-Content
X-Cache-Time
X-Proxy
X-Cacheable-TTL
Uber-Trace-Id
X-Jobs
X-Debug-IsPreview
X-Real-IP
X-Region
X-Page-View
VIX-Pulpo-Node
Ms-Operation-Id
Access-Control-Request-Headers
X-G
X-Framework
VIX-Pulpo-Upstream-Status
X-Content-Powered-By
X-Device-Type
Refresh
X-RTag
NGB
X-B
X-Debug
X-Vgn-Hpd-Reason
X-FireWall-Port
X-RateLimit-Limit
X-Accel-Buffering
X-Zen-Fury
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Type
X-FW-Dynamic
X-CDN-Forward
X-Wix-Request-Id
X-Mg-Request-UUID
Cache
X-Time
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Cache-Status
X-NGENIX-Cache
Countrycode
X-Oracle-Dms-Rid
X-Azure-Ref
X-App-Version
X-Nginx-Cache
X-Rendered-As
X-Cache-Rule
X-Is-Bot
Amp-Access-Control-Allow-Source-Origin
X-Ms-Request-Id
X-Drupal-Cache-Tags
X-Ms-Version
Country
X-Node-Name
X-Cache-Hit
S-Cnection
X-EdgeConnect-Cache-Status
Surrogate-Key
Referer-Policy
SD-X-WS
X-App-Server
Liferay-Portal
Eomportal-Instance
X-L-Path
X-Environment-Context
X-Cache-Operation
X-TA-CDN-Provider
X-Drupal-Cache-Contexts
X-JoinUs
X-Yottaa-Metrics
Meta-Geo
X-UPSTREAM-Address
X-Yottaa-Optimizations
X-RN-RSRV
From-Origin
X-ES-SERVER
X-Tumblr-Pixel-2
X-SaId
X-Cache-TTL-Remaining
X-Xfnlog-Site
X-S-Maxage
X-Request-Time
X-R9-Blue-Green-Version
X-Pubstack
CF-IPCountry
X-Endurance-Cache-Level
X-Varnish-Hostname
X-Cache-Server
X-Varnish-Beresp-Grace
X-Backend-Host
X-Handled-By
X-GG-Cache-Date
X-Via-Fastly
X-No-Session
X-Varnishpool
Fastly-SSL
X-VWS-Id
Azure-RegionName
X-Loop
X-Revision
X-NYM-Debug-Backend
X-TNCMS
X-Be
X-Adobe-Source
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Cache-Tv-Group
TWC-GeoIP-Country
X-LJ-Flow-ID
X-LAGOON
X-OCL
X-Origin-Hint
X-PHP-Backend
X-PCL
X-Human
TWC-Privacy
X-Alternate-Cache-Key
Webcakes-Region
Webcakes-App-Version
X-AWS-Id
Webcakes-App-Name
X-BYPASS-REASON
TWC-Locale-Group
X-ProxyCache-Key
TWC-Connection-Speed
TWC-Device-Class
ServedBy
Protected
X-Sorting-Hat-ShopId
Property-Id
X-Sorting-Hat-PodId
X-Shopify-Stage
TWC-GeoIP-LatLong
X-ProxyCache-Status
X-Server-W
X-ShardId
X-ShopId
X-Storefront-Renderer-Rendered
X-Proto
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-Format
Apigw-Requestid
X-Section
Selected-Fe
X-Access
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
Akamai-GRN
Cache-Name
X-Proxy-Build
X-Timing-Wait
X-RCS-CacheZone
X-UA-Device-Type
X-Sql-Duration-Ms
X-Aws-Lambda-Call-Status
Mn-Server-Ip
X-Sql-Count
X-Origin-Date
X-Backend-Name
X-FB-TRIP-ID
X-ApacheServer
X-Status
Country-Code
X-Hl-Ver
X-Labrador-Cache-Channel
X-Cache-Type
X-Akamai-Edgescape
X-PHP-Host
X-PERF
X-Uri
X-Hosted-By
X-Web-Node
X-Redis-Cache
X-Hyper-Cache
X-Ua-Device
X-B3-SpanId
X-Cache-PHP
X-ATG-Version
X-Parallel-Accel
Xserver
X-Trace-Id
X-ServerID
X-Rule
X-FW-Version
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Time-Microsecs
X-Content-Age
X-WA-Info
Count-Hit
GEO-INFO
X-Cached-By
X-Soup
X-Cluster-Node
OT-Force-Account-Verify
X-TT-LOGID
X-Akamai-Transformed
AMP-Access-Control-Allow-Source-Origin
X-CSRF-Token
X-Cache-Enabled
X-Detected-As
X-HP-Trace-Id
X-Azure-Ref-OriginShield
Backend
X-Varnish-Cache-Hits
X-Datadome
X-Edge-Location
X-Cache-Host
X-CS
X-APP-VERSION
X-Mode
Web-Mar-Node
X-Servername
X-Bc-Bl
Cross-Origin-Opener-Policy
X-Varnish-Beresp-Status
X-Generation-Time
X-Varnish-Hits
X-Info
X-Dc
X-Microcachable
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Storage
X-Debug-Cache
X-Varnish-Beresp-Ttl
X-Routing-Service
X-Proxied
X-Cache-NGX
X-Zipkin-Id
X-Unique-ID
X-B3-Traceid
X-Ua
X-Extlb
X-Platform
X-SRV
SID
Who
X-Origin-TTL
S-Rt
X-Origin-CC
X-A-Dam
X-S
X-ScT
X-S-Cookie
X-A-Dcw
X-A
X-Developer
X-NAPM-TraceId
A
X-Destination
X-Rojux
X-A-Dgt
X-Location
X-A-Ccd
X-D
X-Cache-NE
X-Core-Value
X-Cache-Bucket
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cms-Context
X-SRCache-Key
X-BCube-Filmed-By
X-B-Cookie
X-Aed
T-Server
X-Session-Fingerprint
X-Aicache-OS
X-Locale
X-ARC
X-Application
X-A-Wwc
Surrogated-Key
X-Processor
MD5-Digest
M-TraceId
Meta-Geo-Continent
X-Epic-Correlation-Id
Mobile-Detection-Method
CDN-RequestCountryCode
CDN-RequestId
Host-ID
X-External-Request-Id
DCR-Processing-Time-Ms
Content-Disposition
X-Request-URI
Expiry
Fastcgi-X-Cache-Version
CDN-Uid
Fastly-Backend-Name
CDN-PullZone
Odigeo-Trace-Id
Req-Svc-Chain
BehaviorPad-Version
Rendered-Blocks
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
X-Rewrite-Enabled
X-PAYTM-SRV-ID
Path
X-PBS-Appsvrname
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
Cache-Host
CDCHOST
DCR-Decision-By
X-Magnolia-Registration
X-Via-JSL
X-Vtex-Remote-Cache
X-Vdms-Version
Upgrade-Insecure-Requests
Ec-Rule-Version
X-Vdms-Path
X-Vtex-Processado-Em
X-Cache-Ttl
X-Connection-Hash
X-Level-Front-Cache
X-VG-WebServer
X-Geo-Header
X-Generated-On
X-NWS-UUID-VERIFY
X-VG-WebCache
X-From
Url
X-DataDome
Cross-Origin-Window-Policy
DataCenter
Source
Server-Info
X-Cache-Grace
Fastly-SIE
Fastly-SWR
Location
X-Proxy-Upstream
L
Kp-EeAlive
X-Ratelimit-Reset
X-Sigma-Backend
Esi-Enabled
X-Rebelmouse-Cache-Control
X-Platform-Server
Fastcgi-Cache-TTL
X-Shop-Environment
Memcached
Fastly-Drupal-HTML
X-HN
X-Tenant
X-Envoy-Decorator-Operation
Thinkindot-Control
Server-Host
X-VHOST
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
State
TDXMobile
X-Origin
X-Device-Os
Origin
Content-Secure-Policy
NGX
Pagetype
PFcat
X-Developers
Pics-Label
X-Varnish-Ttl
X-Rebelmouse-Surrogate-Control
X-GoCache-CacheStatus
X-Rocket-Build-Number
X-Branch-Name
AKAMAI
X-Air-Hostname
X-Backend-State
X-Air-Trace-Id
X-Air-Source
X-VarnishDD-TTL
X-Cache-Debug
X-Sigma
X-Thanos
X-Thinkindot-L3
X-Gamma-Serve
X-Service
X-Var-Ttl
X-Served-From
X-Forwarded-Path
X-Bip
X-VG-TLSProxy
X-JWT-State
X-NU-AKA-ACS-Version
X-Orig-Expires
X-Request-UUID
X-Has-Esi
X-Is-Gdpr
CacheControlHeader
X-Tb
User-Cache-Control
X-Forwarded-Host
X-Srv
X-Cache-Info
Wxu-Next-Region
True-Client-Country-4JS
UCS
X-Cluster
X-Generated-In
X-VServer
Svr
Cf-Device-Type
X-AIR-PT
X-EC-Lua
X-WADP-Cache
Vix-Hermes-Req-Id
Wxu-Next-Commit
X-Micro-Cache
Adler-Geo
X-Csrf-Jwt
X-GeoIP
X-CGP
X-Generated-By
X-Clara-WADP
Wxu-Next-Hostname
X-VC-Cache
Is-Eu
X-Eu-Site
DSUID
X-Fastly-Cache
X-Hash
Cmstype
X-Req
X-SVT-ORM-VERSION
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Cmsid
X-Loc
X-Clientip
X-Scheme
X-Fetched-On
X-User
Arc-Country
X-TrackingId
X-DPWN-IS-SECURE
C-Via
L5d-Success-Class
X-Cache-Tags
X-Owner
X-Li-Pop
X-Fmm-Version
Server-Ext
Server-Hostname
X-Nginx-Cache-Key
Sever-Int
X-LI-UUID
X-Amz-Meta-S3cmd-Attrs
X-Li-Fabric
X-Variation
X-SVT-ORM-RULES
X-Sucuri-ID
X-Site-Version
Platform
NM-Fastcgi-Cache
X-Skip-Cache
Nel
X-FC-Vary-Parameters
X-Fastly-Backend
X-Date
X-GeoIP-City
X-Hnp-Log
X-Esi-Check
X-Forwarded-Site
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gzip
X-Gen-Mode
PB-PID
Cache-Key
IsBot
Locid
Arc-Version
NtCoent-Length
X-Viewer-Country
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Irp-Debug
PB-RID
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-SIPLIST1
X-Origin-Expires
X-DefElseHash
X-DefHash
X-Ftr-Request-Id
X-Via-NSCOPI
X-Varnish-Url
X-Mvc-Supplant-Cachable
V-Age
X-Old-Content-Length
X-Minions-Version
X-Men
X-Block-Status
X-Accel-Expires-Debug
We-Hiring
Release
X-PF-Uncompressing
X-RateLimit-Remaining-Second
X-Request-Host
X-Slack-Backend
X-RateLimit-Limit-Second
X-Qloud-Router
X-Policy
Mail-Subject
X-Cache-Id
Webserver
X-GEO
VNS-Cache
CPC-Age
Cache-Hits
X-Unique-Id
VNS-Age
CPC-Cache
X-Planisys-CDN-TTL
X-Conf
X-HS-Content-Campaign-Id
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Zone
XServer
X-Vc
Powered-By-ChinaCache
My-App
X-Mvc-Supplant-OutputCached
X-BBC-Edge-Cache-Status
MIME-Version
X-Ratelimit-Limit
X-Pass-Why
X-Servedbyhost
X-Worker
X-Ckpd-Fst-Backend
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-DC
X-Auto-Login
X-Internal-Host
X-NC
X-Refresh
X-TX-ID
X-PJAX-URL
X-ID
X-CACHE-KEY
X-V-Cache
Memory
X-LSADC-Cache
Time
WebServer
X-Render-Time
Server-ID
X-Tx-Id
X-NCache
X-Ratelimit-Remaining
X-Rocket-Nginx-Serving-Static
X-OVcl
X-LB-ID
X-OVcl-Cache
X-Qnm-Cache
X-Traceid
X-Platform-Processor
Geo-Info
X-Platform-Router
X-Platform-Cluster
X-M-Log
X-Wa
X-M-Reqid
Cf-Bgj
X-Webkit-Csp
X-TIME
X-Newrelic-Synthetics
X-Cache-Remote
X-Backend-TTL
X-App
X-SD-PageType
Magicmarker
X-TraceId
X-NewRelic-App-Data
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
DB-Nickname
Environment
Hostname
X-ZONE
Geoip-Latitude
GeoIp-Country-Code
X-Webkit-CSP-Report-Only
HostName
X-Origin-Time
X-Dispatcher-Server
X-Method
X-API-Version
X-CLOUD-TRACE-CONTEXT
X-Nyt-Route
X-Geo
X-BBC-Origin-Response-Status
X-NodeID
X-Gdpr
X-VCL-Version
Resin-Trace
X-Server-IP
Cluster
X-Pod-Name
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Config
X-Via-Ucdn
X-Correlation-ID
X-IP
X-Akamai-Pragma-Client-IP
X-LI-Proto
Candidate-Md5Url
X-Cache-Var
X-Cache-Var-Map
Ssr
X-Edge-Pop
LB
Tcn
Ohc-File-Size
X-HITS
X-MSEdge-Flight
Datacenter
X-MSEdge-Features
X-Origin-Response-Time
X-Dynatrace
X-CACHE-AGE
X-Li-Proto
Web-Mar-Region
X-ElasticPress-Query
Cf-Ipcountry
X-Trv-Group
X-Varnish-Beresp-TTL
X-Nc
N-Cache
X-Node-Id
X-NODE
X-Ua-Browser
X-AB
X-Content
X-Wix-Viewer-Type
X-Vcl-Version
X-DynaTrace-JS-Agent
X-ND-Cache
X-Via-CDN
X-HostName
Onion-Location
GeoIP-Latitude
GeoIP-Country-Code
Servername
X-APP
Env
CDN
CF-Cached-On
X-ServerName
X-HS-Status
X-Varnish-Cacheable
X-EIG-Tracking-Id
Cdn
X-Reqid
Proxy-Connection
WWW-Authenticate
X-Cs
Server-Id
Sid
X-COUNTRY
X-Dynatrace-Js-Agent
X-WA
X-MG-S
VivaBuild
X-Fpc
Rt-Fastcgi-Cache
X-Fastly-Backend-Reqs
Viewtype
WZWS-RAY
X-NGINX-Cache
X-CSRF-TOKEN
X-Lb-Id
X-URL
Machine
X-Check-Cacheable
X-Pjax-Url
X-TIM-N
X-Tid
Cteonnt-Length
Redirect-Candidate
Ohc-Cache-HIT
X-Esi
X-Xrds-Location
CountryCode
X-Via-PopN
X-FTR-Request-ID
X-Via-PopV
Tracecode
X-IN-APIGATEWAY
X-Request-Start
X-Up
X-IN-APIGATEWAYSSL
X-Cache-Backend
X-Fastly-Request-Id
X-Via-PopH
X-VC
X-Cdn-Forward
Lb
Is-Us
URI
Pramga
X-Amz-Meta-Cb-Modifiedtime
Mime-Version
X-ServedByHost
Shield-Pop
X-SN
Server-Ttl
On-Server
X-Cache-Date
FSS-Cache
X-Presslabs-Stats
X-Cdn-Origin
X-LiteSpeed-Cache-Control
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Fastly-Cache-Hits
X-Sn-Servicetimems
X-FORWARDED-FOR
X-Air-Pt
CACHE
X-Swa-Ws
X-Tt-Logid
X-RSL
X-FTR-DC
X-FTR-Realm
X-Provided-By
X-RPS
X-DSS
X-DW
X-RPM
X-RAMCache
X-StackifyID
X-DI
X-Yottaa-OS
Xet-Cookie
CloudFront-Viewer-Country
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Site
Content-Style-Type
X-Acquia-Purge-Tags
Content-Script-Type
X-FTR-Balancer
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Country-Code-Real
X-DB
X-Oss-Object-Type
Xc-Version
X-Webstats-RespID
X-SB
X-Oss-Hash-Crc64ecma
WP-Super-Cache
X-Swift-Error
X-FTR-Backend
X-Dw-Trace-Id
X-FTR-Backend-Server
X-Action
Vha6-Origin
Ohc-Response-Time
X-Pf-Uncompressing
Warning
X-FTR-Cache-Status
X-Pad
X-ElasticPress-Search
Req-ID
X-Cdn-Request-ID
X-Cache-Expires
X-Core-Mission
X-MiniProfiler-Ids
X-FTR-Expires
X-C
X-Snapshot-Date
ServerName
X-TH-Server
W