Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Request-ID
X-Generator
P3p
X-Cacheable
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
Server-Timing
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Cache-Group
X-Server-Powered-By
X-Backend
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
EagleId
X-Nginx-Cache-Status
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
Grace
X-Page-Speed
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-Device
X-Vhost
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
NEL
X-OneAgent-JS-Injection
X-Dispatcher
Cf-Railgun
X-Host
X-Server-Id
X-Cache-Spec
X-WebKit-CSP
X-CST
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
Request-Id
X-Node
Surrogate-Control
X-Readtime
Accept-CH
X-Akam-SW-Version
Accept-Ch-Lifetime
X-Response-Time
Xkey
X-HW
X-Language
X-Application-Context
X-Template
X-Country
X-Ruxit-JS-Agent
X-Webkit-CSP
X-Ac
Content-Location
X-Cache-Lookup
X-Cloud-Trace-Context
Rating
MS-Author-Via
X-Url
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Mod-Pagespeed
X-Clacks-Overhead
X-B3-TraceId
X-Varnish-TTL
X-Trace
Accept-Ch
X-Content-Type
Fastly-Restarts
X-MS-InvokeApp
X-Rack-Cache
X-ESI
X-Origin-Cache
X-Buckets
X-GitHub-Request-Id
X-Cnection
X-Country-Code
X-Goog-Hash
X-D2id
X-VARITI-CCR
Verso
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Use-Magma
Arr-Disable-Session-Affinity
Cache-Tag
X-Vcap-Request-Id
X-FastCGI-Cache
X-Cached
X-ORACLE-DMS-ECID
Service-Worker-Allowed
X-Abt-Application-Version
X-Server-Name
X-Amz-Rid
X-Client-IP
X-Navigation-Version
X-Px
X-Server-ID
Accept-CH-Lifetime
RTSS
Public-Key-Pins
X-Powered-By-Plesk
X-Fastly-Request-ID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Cache-TTL
Access-Control-Request-Method
X-Element-Page-Cache
X-TTL
X-MSEdge-Ref
X-Dw-Request-Base-Id
X-Powered-CMS
X-NF-Request-ID
X-Upstream
X-Version
X-Sol
Display
Pagespeed
X-Middleton-Display
X-Middleton-Response
Response
S
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
X-LLID
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-ECACHE
X-Cache-Key
X-Accel-Expires
X-Jurisdiction
Realpath
X-HP-Webp
X-Shield-Request-Id
X-Correlation-Id
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Ttl
X-XRDS-Location
X-DynaTrace
X-T
X-SharePointHealthScore
SPRequestGuid
X-MCACHE
X-Mid
X-PressLabs-Stats
SPIisLatency
SPRequestDuration
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
X-Litespeed-Cache
Fastcgi-Cache
X-ORACLE-DMS-RID
X-Mg-S
X-Amz-Server-Side-Encryption
X-Content-Digest
Nginx-Cache
X-Forwarded-Proto
TP-Cache
TP-L2-Cache
X-Recruiting
Charset
Front-End-Https
TCN
Alternate-Protocol
X-Request-Received
X-Request-Processing-Time
X-Id
Server-Node
X-Logged-In
X-Oneagent-Js-Injection
Filters
Content-MD5
X-Forwarded-For
X-Ruxit-Js-Agent
X-Geo-Country
X-Ezoic-Cdn
Fusion-Content-Id
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Component-Id
X-Protected-By
Fusion-Content-Source
Fusion-Source
Cache-Tags
X-Hostname
X-ASPNET-VERSION
X-Origin-Upstream-Status
X-Grace
X-Amzn-Trace-Id
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-NWS-LOG-UUID
X-F-Cache
X-Debug-Info
X-Www-Served-By
X-Amz-Replication-Status
Cleartype
X-LB-Cache
X-Origin-Server
X-HS-Content-Id
X-HS-Hub-Id
X-Rid
Host
X-HS-Cache-Config
X-HS-Combine-CSS
X-Activity-Id
X-Contextid
X-Az
X-RateLimit-Remaining
X-AppVersion
X-Daa-Tunnel
X-Git-Hash
X-Page-Id
Server-Name
Section-Io-Cache
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Release
X-Frontend
X-Ab
X-VCache
X-Ser
X-Cache-Age
MicrosoftSharePointTeamServices
X-Content-Options
X-Upgrade-Enabled
Access-Control-Allow-Method
Accept-Charset
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Aspnetmvc-Version
X-Hits
X-Fastcgi-Cache
X-Mobile-URL
X-Source
X-DIS-Request-ID
X-Providence-Cookie
X-Route-Name
X-Flags
ServerID
X-Respond-Thread
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Request-Guid
X-B-Cache
X-Cache-Action
X-Signature
X-Whom
X-Varnish-Age
Healthy
X-FB-Debug
Payment
X-Varnish-Grace
X-Varnish-Backend
X-TT
X-B3-Sampled
Viewport
X-CACHE-GROUP
X-App-Environment
Node
DynaTrace
X-AOL-HN
Paypal-Debug-Id
Fastcgi-Useragent
X-WebKit-CSP-Report-Only
X-Yandex-Sdch-Disable
X-Load-Cache
X-Mobile
X-Seen-By
Version
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-N
Filterid
DC
X-Distributor
SRV
X-HTML-Minification-Powered-By
X-Cache-Control
X-User-Agent
Retry-After
Frame-Options
X-Type
X-Jobs
MS-CV
Refresh
X-Original-Request-Id
X-Response-Served-From
Amp-Access-Control-Allow-Source-Origin
X-Cache-Expired-At
X-FW-Hash
X-FW-Type
X-UUID
X-FW-Server
X-FW-Static
X-FW-Dynamic
X-FW-Serve
X-Tec-Api-Root
X-Adobe-Content
X-Adobe-Loc
X-Tec-Api-Version
X-Page-View
X-Tec-Api-Origin
NGB
X-Proxy-Cache-Status
X-Debug-IsPreview
X-Debug-IsConnected
X-Region
X-NGENIX-Cache
X-Real-IP
X-ProcessESI
X-G
X-RemovedCookies
X-HP-Trace-Id
X-B
X-Vgn-Hpd-Reason
X-XRDS-LOCATION
X-Node-Name
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Azure-Ref
X-Cacheable-TTL
X-Varnish-Server
X-Cluster-Name
Access-Control-Request-Headers
X-Content-Powered-By
X-Device-Type
X-Framework
X-Instance
X-IPLB-Instance
X-CDN-Forward
X-Cache-Time
X-Oracle-Dms-Rid
X-Tumblr-Pixel
X-RTag
Ms-Operation-Id
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Proxy
X-Zen-Fury
X-IPS-LoggedIn
Uber-Trace-Id
X-Cache-Hit
X-Cache-Rule
X-Aws-Lambda-Call-Status
Referer-Policy
SD-X-WS
Liferay-Portal
Cache-Status
X-Rendered-As
X-Is-Bot
X-Wix-Request-Id
X-RateLimit-Limit
X-Drupal-Cache-Tags
X-Ms-Version
X-Ms-Request-Id
X-Time
X-Parallel-Accel
Section-Io-Origin-Status
Section-Origin-Responded
X-Mg-Request-UUID
Section-Io-Origin-Time-Seconds
Section-Io-Id
Countrycode
X-EdgeConnect-Cache-Status
X-Debug
X-Accel-Buffering
AR-ATIME
X-Environment-Context
AR-CACHE
AR-PoweredBy
X-Microsite
X-Request-Handler-Origin-Region
X-Revision
X-L-Path
X-App-Server
Ar-Sid
AR-Request-ID
S-Cnection
X-Nginx-Cache
Country
X-Yottaa-Optimizations
X-Yottaa-Metrics
CF-IPCountry
X-Cache-Operation
Cache
Count-Hit
X-App-Version
X-Drupal-Cache-Contexts
Meta-Geo
X-FW-Version
X-TNCMS
X-SaId
X-RN-RSRV
X-Endurance-Cache-Level
X-GG-Cache-Date
X-Loop
Surrogate-Key
X-ES-SERVER
X-JoinUs
X-UPSTREAM-Address
GEO-INFO
X-Cache-TTL-Remaining
X-Say-TTL
X-Adobe-Source
X-Cache-Type
X-Say-Cacheable
X-LAGOON
X-SayCDN-TTL
From-Origin
Akamai-GRN
X-Human
Country-Code
X-S-Maxage
X-Varnish-Beresp-Grace
X-Sql-Duration-Ms
X-Sql-Count
X-APP-VERSION
X-Request-Time
X-Alternate-Cache-Key
X-RCS-CacheZone
X-NYM-Debug-Backend
X-BYPASS-REASON
X-VWS-Id
X-Varnishpool
Azure-SlotName
X-AWS-Id
X-PHP-Host
Apigw-Requestid
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-Version
Cache-Name
X-Xfnlog-Site
X-ProxyCache-Key
X-ProxyCache-Status
X-Status
X-TA-CDN-Provider
X-Varnish-Hostname
X-Sorting-Hat-ShopId
X-R9-Blue-Green-Version
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Sorting-Hat-PodId
X-Shopify-Stage
X-No-Session
X-ShardId
X-Origin-Date
X-ShopId
Protected
X-Storefront-Renderer-Rendered
Fastly-SSL
X-Hosted-By
Cache-Tv-Group
X-OCL
X-Handled-By
X-Proxy-Build
X-Proto
Decoy-Debug-TTL
X-Timing-Wait
ServedBy
X-Via-Fastly
Selected-Fe
X-Redis-Cache
Eomportal-Instance
X-Pubstack
X-Akamai-Edgescape
Decoy-Debug-Key
Decoy-Debug-Status
X-Uri
X-Hyper-Cache
X-PCL
X-Web-Node
X-UA-Device-Type
X-B3-SpanId
X-Be
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Device-Class
X-ApacheServer
X-Format
X-Cache-Server
X-Origin-Hint
X-Server-W
X-Section
X-PERF
X-PHP-Backend
Webcakes-App-Name
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
X-Access
TWC-GeoIP-LatLong
TWC-Privacy
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Property-Id
X-TEC-API-ROOT
Mn-Server-Ip
X-FB-TRIP-ID
X-FireWall-Port
X-Backend-Host
X-Cluster-Node
X-Servername
X-Time-Microsecs
X-Hl-Ver
X-Tumblr-Pixel-2
Nel
X-Backend-Name
OT-Force-Account-Verify
X-ServerID
Cross-Origin-Opener-Policy
X-ATG-Version
X-Ua-Device
X-Detected-As
X-B3-Traceid
X-Azure-Ref-OriginShield
X-Cache-PHP
X-Tumblr-Pixel-3
Cross-Origin-Window-Policy
Web-Mar-Node
X-Trace-Id
X-Content-Age
X-Generation-Time
Backend
X-Cache-Host
X-Varnish-Cache-Hits
X-TT-LOGID
X-Ua
X-Varnish-Hits
Ec-Rule-Version
Xserver
X-CS
X-Via-JSL
X-CSRF-Token
X-Datadome
X-WA-Info
Source
Content-Secure-Policy
X-MP-GENERATED-AT
X-Soup
X-SRV
X-Akamai-Transformed
X-Microcachable
X-Cache-Enabled
X-Cache-Grace
X-Edge-Location
X-Mode
X-Cdn
Upgrade-Insecure-Requests
X-Air-Trace-Id
X-Air-Source
X-Bc-Bl
X-Air-Hostname
X-Varnish-Beresp-Ttl
X-Rule
X-NWS-UUID-VERIFY
X-Locale
X-Forwarded-Host
X-Info
Url
X-Amz-Apigw-Id
X-Origin-CC
X-Amzn-Remapped-Content-Length
X-Origin-TTL
X-Amzn-RequestId
X-GEO
S-Rt
X-Varnish-Beresp-Status
X-Site-Version
SID
X-DataDome
X-Unique-Id
Content-Disposition
X-Tb
X-Cached-By
X-Magnolia-Registration
Rendered-Blocks
Meta-Geo-Continent
Mobile-Detection-Method
State
Path
Odigeo-Trace-Id
Req-Svc-Chain
CDN-RequestId
BehaviorPad-Version
CDCHOST
CDN-Cache
CDN-CachedAt
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
A
Apple-News-Services-Handled
Apple-News-Services-Host
CDN-EdgeStorageId
CDN-PullZone
Fastcgi-X-Cache-Version
Fastly-SIE
Fastly-SWR
Host-ID
Expiry
DCR-Processing-Time-Ms
CDN-RequestCountryCode
CDN-Uid
DCR-Decision-By
MD5-Digest
X-Cache-Bucket
X-Ratelimit-Reset
X-Proxied
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Rewrite-Enabled
X-Request-URI
X-Processor
X-Platform-Server
X-NU-AKA-ACS-Version
X-NAPM-TraceId
X-Orig-Expires
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Rojux
X-Routing-Service
X-VG-WebCache
X-Vdms-Version
X-VG-WebServer
X-Vtex-Processado-Em
X-Zipkin-Id
X-Vtex-Remote-Cache
X-Tenant
X-SRCache-Key
X-S-Cookie
X-S
X-ScT
X-Session-Fingerprint
X-Shop-Environment
X-Ftr-Request-Id
X-From
X-Aicache-OS
X-Aed
X-AIR-PT
X-Application
X-B-Cookie
X-ARC
X-A-Wwc
X-A-Dgt
X-A
T-Server
X-A-Ccd
X-A-Dam
X-A-Dcw
X-BBC-Edge-Cache-Status
X-BCube-Filmed-By
X-Epic-Correlation-Id
X-Developer
X-External-Request-Id
X-Extlb
X-Forwarded-Path
X-Destination
X-Debug-Cache
X-CF-Lambda-Fn
X-Cache-NE
X-Conf
X-Connection-Hash
X-D
Surrogated-Key
X-CF-Lambda-Version
X-Storage
X-DC
User-Cache-Control
X-Content
X-EC-Lua
X-Cache-NGX
X-Ratelimit-Limit
X-Ua-Browser
L
X-VServer
M-TraceId
X-LI-UUID
X-Men
X-VG-TLSProxy
X-Loc
Fastly-Drupal-HTML
X-Li-Pop
X-Li-Fabric
NGX
X-Cache-Info
X-Core-Value
X-Cache-Debug
X-Backend-State
X-Accel-Expires-Debug
UCS
X-Date
Platform
X-Fastly-Backend
X-Origin-Expires
Origin
X-Envoy-Decorator-Operation
Pics-Label
X-DPWN-IS-SECURE
X-Fastly-Cache
Is-Eu
X-SVT-ORM-RULES
Cache-Host
Cache-Key
X-SVT-ORM-VERSION
Adler-Geo
X-Variation
X-TrackingId
X-Request-UUID
X-Service
Cmsid
Cmstype
X-Proxy-Upstream
X-Tx-Id
X-Thanos
X-Clientip
X-Cms-Context
X-Micro-Cache
X-Cluster
X-DefElseHash
X-Wikidot-Backend
X-Slack-Backend
X-Wikidot-Static-Cache
X-DefHash
X-Varnish-CookieHashed-On
X-Worker
X-Cache-Ttl
X-Varnish-CookieINHashed-On
X-Var-Ttl
X-Nginx-Cache-Key
VNS-Age
VNS-Cache
X-Bip
X-Block-Status
X-Thinkindot-L3
X-Device-Os
X-Cache-Id
X-VC-Cache
X-Branch-Name
X-Cache-Tags
X-Sigma-Backend
X-Hash
X-HN
X-RateLimit-Remaining-Second
X-Has-Esi
X-Generated-On
X-Gzip
Vix-Hermes-Req-Id
X-Hnp-Log
X-Level-Front-Cache
X-Req
X-JWT-State
X-Is-Gdpr
X-Via-NSCOPI
X-Rocket-Build-Number
X-Generated-By
X-Old-Content-Length
X-RateLimit-Limit-Second
X-Varnish-Remaining-TTL
X-Sigma
X-VarnishDD-TTL
X-Esi-Check
X-Served-From
X-Scheme
X-Gamma-Serve
X-Gen-Mode
X-Viewer-Country
X-Dc
X-Forwarded-Site
X-SIPLIST1
X-Ckpd-Fst-Backend
CPC-Age
Sever-Int
TDXMobile
PB-RID
Thinkindot-Control
Thinkindot-CacheControl-Type
CPC-Cache
Esi-Enabled
PB-PID
PFcat
Server-Ext
Server-Host
Server-Hostname
True-Client-Country-4JS
Thinkindot-CacheControl
C-Via
IsBot
Arc-Version
Fastly-Backend-Name
Location
Locid
X-Platform
AMP-Access-Control-Allow-Source-Origin
Server-Info
X-NCache
X-Amz-Meta-S3cmd-Attrs
X-Ratelimit-Remaining
X-Eu-Site
X-Vdms-Path
X-Irp-Debug
L5d-Success-Class
Pagetype
X-M-Log
DSUID
Ha-Gx-Prefs
X-WADP-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
Memcached
X-Mvc-Supplant-Cachable
X-M-Reqid
Mail-Subject
X-Location
Fastcgi-Cache-TTL
X-Geo-Header
X-GeoIP
X-GoCache-CacheStatus
X-Generated-In
X-FC-Vary-Parameters
X-Fetched-On
X-Fmm-Version
X-GeoIP-City
NM-Fastcgi-Cache
X-Csrf-Jwt
Arc-Country
X-Skip-Cache
V-Age
X-Developers
Cf-Device-Type
X-Sucuri-ID
Webserver
We-Hiring
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
Svr
X-Request-Host
X-Planisys-CDN-Cache
X-Policy
X-Owner
HA-Ipaddr
X-Origin
Release
X-Planisys-CDN-Rules
X-Clara-WADP
X-CGP
X-Planisys-CDN-TTL
NtCoent-Length
XServer
X-Qnm-Cache
Gh-Request-Id
X-Qloud-Router
X-V-Cache
AKAMAI
X-Unique-ID
X-Auto-Login
CacheControlHeader
Cache-Hits
X-Mvc-Supplant-OutputCached
X-Servedbyhost
X-Via-Popn
MIME-Version
X-Rocket-Nginx-Serving-Static
X-HS-Content-Campaign-Id
X-LSADC-Cache
Kp-EeAlive
X-Platform-Cluster
X-Via-Poph
X-Platform-Router
X-Platform-Processor
X-Via-Popv
X-Srv
X-SD-PageType
X-Render-Time
DataCenter
X-Cache-Remote
X-User
X-Cache-Var-Map
X-Cache-Var
X-Zone
Environment
X-NODE
Who
X-Vc
X-BBC-Origin-Response-Status
X-PF-Uncompressing
X-Wa
X-NC
X-Datadog-Sampling-Priority
X-Traceid
X-Datadog-Trace-Id
X-NodeID
X-Datadog-Parent-Id
X-ID
Cluster
X-API-Version
X-Varnish-Url
X-Nyt-Route
X-App
X-Gdpr
X-Refresh
X-PJAX-URL
X-Via-Ucdn
Server-ID
X-Origin-Time
X-Minions-Version
WebServer
X-Varnish-Ttl
X-Webkit-CSP-Report-Only
X-Cache-Config
X-VCL-Version
X-LB-ID
Candidate-Md5Url
X-Server-IP
X-Internal-Host
HostName
Datacenter
Time
X-Webkit-Csp
X-TIME
Powered-By-ChinaCache
Memory
My-App
X-Pod-Name
X-CACHE-KEY
X-ZONE
X-Newrelic-Synthetics
X-Pass-Why
X-LI-Proto
N-Cache
Geoip-Latitude
X-NewRelic-App-Data
X-Esi
Onion-Location
X-Tb-Optimization-Total-Bytes-Saved
X-CLOUD-TRACE-CONTEXT
GeoIp-Country-Code
Web-Mar-Region
Resin-Trace
X-Edge-Pop
Servername
X-OVcl-Cache
X-TX-ID
X-OVcl
Geo-Info
X-ElasticPress-Query
X-VHOST
Hostname
X-Varnish-Cacheable
X-Origin-Response-Time
X-Akamai-Pragma-Client-IP
Cf-Bgj
X-TraceId
X-AB
Tcn
X-Backend-TTL
Ohc-File-Size
X-Dynatrace
X-HITS
X-CACHE-AGE
Magicmarker
WWW-Authenticate
X-Tt-Logid
X-Fpc
CDN
X-EIG-Tracking-Id
X-Geo
LB
X-Dispatcher-Server
X-TIM-N
GeoIP-Country-Code
X-Tid
X-Method
X-Varnish-Beresp-TTL
Cdn
X-Li-Proto
Redirect-Candidate
X-Correlation-ID
Proxy-Connection
Tracecode
X-Up
X-Dynatrace-Js-Agent
X-Wix-Viewer-Type
X-MSEdge-Features
X-MSEdge-Flight
DB-Nickname
X-HostName
Is-Us
X-IP
GeoIP-Latitude
X-Cache-Date
Pramga
Ssr
X-Request-Start
Cf-Ipcountry
Lb
X-Vcl-Version
X-Fastly-Backend-Reqs
X-Cdn-Origin
X-NGINX-Cache
X-HS-Status
X-Sn-Servicetimems
X-CSRF-TOKEN
X-Cs
CF-Cached-On
X-APP
Sid
X-Core-Mission
X-Provided-By
Server-Id
W
X-COUNTRY
X-Node-Id
X-Amz-Meta-Cb-Modifiedtime
X-UnsetCookies
X-MG-S
X-Pjax-Url
CloudFront-Viewer-Country
X-Reqid
X-ServerName
X-Trv-Group
X-WA
X-Cache-Expires
X-Webkit-Csp-Report-Only
Cteonnt-Length
X-ND-Cache
X-Lb-Id
X-Oracle-Dms-Ecid
X-FORWARDED-FOR
X-Nc
X-Check-Cacheable
Env
X-Via-CDN
URI
WZWS-RAY
X-VC
WP-Super-Cache
X-DynaTrace-JS-Agent
CountryCode
Ohc-Cache-HIT
X-Cache-Status-Check
X-CCDN-Origin-Time
X-Via-PopH
X-Via-PopN
X-Region-Sid
X-Sucuri-Cache
X-SERVER-NAME
X-Fastly-Request-Id
X-Via-PopV
X-Hcs-Proxy-Type
X-Cache-Backend
X-CCDN-CacheTTL
Xc-Version
X-Moov-Xdn-Version
Mime-Version
X-ServedByHost
X-Pf-Uncompressing
X-Moov-T
X-SN
X-CUA
X-IN-APIGATEWAYSSL
X-Pad
Shield-Pop
X-IN-APIGATEWAY
User-Agent
X-RAMCache
X-Ig-Push-State
X-Acquia-Application-Trace
EpKe-Alive
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Edge-POP
X-Contensis-Viewer-Groups
X-Cache-ASPX
CACHE
X-Varnish-Authentication
X-Fastly-Cache-Hits
Rt-Fastcgi-Cache
X-LiteSpeed-Cache-Control
Server-Ttl
Viewtype
VivaBuild
X-Dw-Trace-Id
FSS-Cache
X-Amz-Meta-Opti
X-StackifyID
X-Webstats-RespID
X-Swift-Error
X-Yottaa-OS
X-SB
X-Cdn-Request-ID
X-DI
X-DB
X-Action
X-RSL
X-DSS
X-RPM
X-DW
X-RPS
Vha6-Origin
Xet-Cookie
Ohc-Response-Time
X-Cdn-Forward
X-Parent-Response-Time
X-Dispatch
X-ElasticPress-Search
Hit
On-Server
X-MiniProfiler-Ids
Content-Style-Type
Req-ID
Content-Script-Type
ServerName
X-TH-Server
Machine
X-CF-Powered-By