Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-Request-ID
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-DNS-Prefetch-Control
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
X-FRAME-OPTIONS
Status
X-Ua-Compatible
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
X-Robots-Tag
Server-Timing
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
X-Amz-Request-Id
EagleId
X-Nginx-Cache-Status
X-Amz-Id-2
X-Dns-Prefetch-Control
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
X-Page-Speed
Grace
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
NEL
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-OneAgent-JS-Injection
X-Amz-Version-Id
Cf-Railgun
X-Dispatcher
X-Host
X-CST
X-Cache-Spec
Allow
X-Server-Id
X-Node
Surrogate-Control
Request-Id
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Webkit-CSP
X-Readtime
X-WebKit-CSP
X-Akam-SW-Version
X-Response-Time
Accept-CH
Xkey
Accept-Ch-Lifetime
X-HW
X-Country
X-Ruxit-JS-Agent
X-Application-Context
X-Language
X-Ac
Content-Location
X-Template
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Cache-Lookup
X-Url
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
Accept-Ch
X-Content-Type
X-GitHub-Request-Id
Fastly-Restarts
X-Cnection
X-Rack-Cache
X-Origin-Cache
X-ASPNET-VERSION
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Country-Code
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-Use-Magma
X-GoogleNews-Bot
X-VARITI-CCR
X-Goog-Hash
X-D2id
Verso
Arr-Disable-Session-Affinity
X-Server-ID
X-Server-Name
Accept-CH-Lifetime
X-Cached
X-Buckets
X-Vcap-Request-Id
X-FastCGI-Cache
Cache-Tag
X-ORACLE-DMS-ECID
X-Amz-Rid
X-Abt-Application-Version
X-Navigation-Version
X-Client-IP
Service-Worker-Allowed
X-Powered-By-Plesk
X-Fastly-Request-ID
RTSS
Access-Control-Request-Method
X-Ttl
X-Powered-CMS
X-Element-Page-Cache
X-MSEdge-Ref
X-Middleton-Display
X-Sol
Display
Pagespeed
Response
X-Middleton-Response
Public-Key-Pins
X-Upstream
X-NF-Request-ID
X-Dw-Request-Base-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Px
X-Version
X-Cache-TTL
X-Edge
S
X-Edge-Location-Klb
X-Kinsta-Cache
X-LLID
Realpath
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-ECACHE
X-Accel-Expires
SPRequestDuration
SPIisLatency
X-TTL
SPRequestGuid
X-SharePointHealthScore
X-HP-Webp
X-Jurisdiction
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Kraken-Loop-Name
X-MCACHE
X-T
X-Mid
X-PressLabs-Stats
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Forwarded-Proto
X-Cache-Key
X-DynaTrace
Pinterest-Generated-By
X-Pinterest-Rid
X-Correlation-Id
Pinterest-Version
Edge-Cache-Tag
Fastcgi-Cache
X-Recruiting
X-ORACLE-DMS-RID
X-Amz-Server-Side-Encryption
Charset
X-XRDS-Location
TP-L2-Cache
TP-Cache
X-Mg-S
X-Content-Digest
Nginx-Cache
X-Id
X-Request-Processing-Time
Filters
X-Request-Received
TCN
Front-End-Https
X-Ezoic-Cdn
Alternate-Protocol
X-Oneagent-Js-Injection
Server-Node
X-Logged-In
X-Forwarded-For
X-Release
Cache-Tags
Content-MD5
X-Ruxit-Js-Agent
X-Origin-Upstream-Status
X-Geo-Country
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-Hostname
X-Litespeed-Cache
X-Protected-By
X-Amzn-Trace-Id
X-Grace
X-Origin-Server
X-RateLimit-Remaining
X-Www-Served-By
Server-Name
Host
X-Rid
Cleartype
X-Amz-Replication-Status
X-F-Cache
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Contextid
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Az
X-HS-Combine-CSS
X-AppVersion
X-Activity-Id
X-LB-Cache
X-Debug-Info
Section-Io-Cache
X-Frontend
X-NWS-LOG-UUID
MicrosoftSharePointTeamServices
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Git-Hash
X-Page-Id
X-Ser
X-Fastcgi-Cache
X-Cache-Age
X-Respond-Thread
X-WebKit-CSP-Report-Only
X-VCache
X-Upgrade-Enabled
Accept-Charset
X-Content-Options
X-Aspnetmvc-Version
X-Daa-Tunnel
X-Hits
Access-Control-Allow-Method
X-DIS-Request-ID
X-Varnish-Age
X-Source
X-Mobile-URL
X-Kong-Proxy-Latency
X-Varnish-Grace
X-Kong-Upstream-Latency
Healthy
X-B-Cache
Paypal-Debug-Id
X-Varnish-Backend
X-Signature
X-Providence-Cookie
Payment
X-Route-Name
X-Whom
Viewport
X-Is-Crawler
X-Request-Guid
ServerID
X-Flags
X-B3-Sampled
X-Cache-Action
X-Aspnet-Duration-Ms
X-FB-Debug
X-TT
Node
X-CACHE-GROUP
X-App-Environment
X-AOL-HN
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
X-N
Version
X-Seen-By
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Mobile
Fastcgi-Useragent
X-Load-Cache
DynaTrace
X-Type
DC
X-Yandex-Sdch-Disable
X-Ab
X-HTML-Minification-Powered-By
MS-CV
X-Distributor
X-Request-Handler-Origin-Region
X-Microsite
SRV
X-XRDS-LOCATION
Retry-After
X-Tt-Trace-Host
X-Cache-Expired-At
X-Tt-Trace-Tag
X-Cache-Control
Frame-Options
Filterid
X-User-Agent
X-Jobs
X-Response-Served-From
X-Original-Request-Id
X-IPLB-Instance
X-Real-IP
Refresh
X-UUID
X-RemovedCookies
X-Region
X-Proxy-Cache-Status
X-ProcessESI
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Instance
X-Tumblr-User
X-Cluster-Name
Uber-Trace-Id
Access-Control-Request-Headers
X-Device-Type
X-Content-Powered-By
X-Varnish-Server
X-Cacheable-TTL
X-Tumblr-Pixel
X-Adobe-Loc
X-Debug-IsConnected
X-Debug-IsPreview
X-Adobe-Content
X-Page-View
VIX-Pulpo-Upstream-Status
X-Framework
VIX-Pulpo-Node
NGB
X-Proxy
X-Cache-Time
X-G
X-B
Ms-Operation-Id
X-RTag
X-RateLimit-Limit
X-App-Version
X-Vgn-Hpd-Reason
X-Zen-Fury
X-Debug
X-FW-Server
X-FW-Static
X-FW-Type
X-Time
X-FireWall-Port
Countrycode
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
Cache-Status
X-Accel-Buffering
X-NGENIX-Cache
Section-Origin-Responded
X-CDN-Forward
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Wix-Request-Id
Section-Io-Origin-Status
X-Mg-Request-UUID
Cache
X-Azure-Ref
Amp-Access-Control-Allow-Source-Origin
X-Nginx-Cache
X-Cache-Rule
X-Node-Name
X-Oracle-Dms-Rid
X-Is-Bot
X-Rendered-As
X-Ms-Version
X-Ms-Request-Id
X-Drupal-Cache-Tags
Surrogate-Key
Liferay-Portal
S-Cnection
Referer-Policy
SD-X-WS
X-Cache-Hit
Country
X-App-Server
X-EdgeConnect-Cache-Status
X-L-Path
X-Environment-Context
Eomportal-Instance
X-Cache-Operation
X-Yottaa-Optimizations
X-Yottaa-Metrics
Selected-Fe
X-Proxy-Build
X-JoinUs
X-Drupal-Cache-Contexts
X-Timing-Wait
X-UPSTREAM-Address
X-Varnishpool
X-RN-RSRV
Meta-Geo
X-SaId
X-ES-SERVER
X-Cache-TTL-Remaining
X-Varnish-Beresp-Grace
X-Loop
X-Varnish-Hostname
CF-IPCountry
X-Xfnlog-Site
From-Origin
X-Revision
X-Alternate-Cache-Key
X-No-Session
X-GG-Cache-Date
X-Sorting-Hat-ShopId
X-Request-Time
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Via-Fastly
X-PHP-Backend
X-TNCMS
X-ShopId
X-Storefront-Renderer-Rendered
X-ShardId
X-S-Maxage
Cache-Name
X-Adobe-Source
X-Endurance-Cache-Level
X-VWS-Id
X-Handled-By
X-Cache-Server
X-Aws-Lambda-Call-Status
Protected
X-Human
X-LJ-Flow-ID
X-ProxyCache-Key
X-Backend-Host
X-ProxyCache-Status
ServedBy
X-LAGOON
X-AWS-Id
X-BYPASS-REASON
X-R9-Blue-Green-Version
X-Pubstack
X-Proto
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Apigw-Requestid
Azure-InstanceId
TWC-Locale-Group
TWC-Privacy
Azure-SiteName
X-RCS-CacheZone
Webcakes-App-Name
Webcakes-Region
Fastly-SSL
Azure-RegionName
X-OCL
TWC-Connection-Speed
X-PCL
X-Say-Cacheable
X-Tumblr-Pixel-2
X-UA-Device-Type
X-Origin-Date
X-Origin-Hint
X-Say-TTL
X-SayCDN-TTL
Azure-Version
X-NYM-Debug-Backend
Azure-SlotName
X-Server-W
X-Hl-Ver
Cache-Tv-Group
TWC-Device-Class
Country-Code
X-Be
Property-Id
X-Labrador-Cache-Channel
X-Sql-Count
X-Sql-Duration-Ms
X-PERF
X-Section
X-PHP-Host
X-Status
X-FB-TRIP-ID
X-Format
X-Backend-Name
X-Akamai-Edgescape
Mn-Server-Ip
X-Cache-Type
X-ApacheServer
X-Access
X-TA-CDN-Provider
Akamai-GRN
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Uri
X-Hyper-Cache
Xserver
X-Hosted-By
X-Redis-Cache
X-Web-Node
X-B3-SpanId
X-Parallel-Accel
X-Cache-PHP
X-TT-LOGID
X-ATG-Version
X-Rule
X-Ua-Device
X-Cache-Ttl
X-FW-Version
X-Time-Microsecs
X-Trace-Id
X-ServerID
X-WA-Info
GEO-INFO
Count-Hit
X-HP-Trace-Id
X-CSRF-Token
X-MP-GENERATED-AT
X-Content-Age
OT-Force-Account-Verify
X-Cached-By
X-Tumblr-Pixel-3
X-Soup
X-Cluster-Node
X-Akamai-Transformed
Backend
X-Detected-As
X-Cache-Enabled
X-Azure-Ref-OriginShield
X-Servername
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Cache-Hits
X-CS
X-Edge-Location
Cross-Origin-Opener-Policy
X-Cache-Host
X-Generation-Time
X-Mode
X-TEC-API-VERSION
Web-Mar-Node
X-Varnish-Beresp-Status
X-Bc-Bl
X-TEC-API-ROOT
X-Varnish-Hits
X-TEC-API-ORIGIN
X-Datadome
X-Microcachable
X-Info
X-Unique-ID
X-Dc
X-Varnish-Beresp-Ttl
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Cache-NGX
X-Storage
X-Debug-Cache
X-Proxied
X-Zipkin-Id
X-Platform
X-Routing-Service
X-APP-VERSION
SID
X-DataDome
X-Magnolia-Registration
Ec-Rule-Version
X-Extlb
X-NWS-UUID-VERIFY
Url
Upgrade-Insecure-Requests
X-Origin-CC
X-Origin-TTL
S-Rt
X-Srv
Cross-Origin-Window-Policy
X-B3-Traceid
X-From
X-Air-Hostname
BehaviorPad-Version
X-Air-Source
X-Developer
X-Air-Trace-Id
X-External-Request-Id
X-Epic-Correlation-Id
X-A-Dam
X-D
X-Connection-Hash
X-A-Ccd
A
X-Destination
X-Aicache-OS
X-Cache-Bucket
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-B-Cookie
Apple-News-Services-Host
X-BCube-Filmed-By
X-Bip
X-Ua
Source
X-Cache-NE
X-CF-Lambda-Fn
X-A-Wwc
X-Cache-Grace
X-A-Dgt
X-Aed
Apple-News-Services-Request-Url
X-ARC
X-Application
X-CF-Lambda-Version
X-A-Dcw
CDN-PullZone
DCR-Decision-By
Path
X-Vdms-Path
X-Vdms-Version
DCR-Processing-Time-Ms
X-Thanos
X-SRCache-Key
X-Service
X-Session-Fingerprint
T-Server
Rendered-Blocks
X-VG-WebCache
X-Via-JSL
Fastcgi-X-Cache-Version
Meta-Geo-Continent
MD5-Digest
M-TraceId
Content-Secure-Policy
Expiry
Mobile-Detection-Method
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Odigeo-Trace-Id
CDN-Uid
Req-Svc-Chain
X-ScT
X-PBS-Appsvrname
X-Processor
CDN-EdgeStorageId
X-PAYTM-SRV-ID
X-NAPM-TraceId
CDCHOST
CDN-CachedAt
X-Locale
Host-ID
X-Ratelimit-Reset
X-Request-URI
X-Rojux
X-S
X-S-Cookie
CDN-RequestId
CDN-RequestCountryCode
Surrogated-Key
State
X-A
X-Rewrite-Enabled
Cache-Host
CDN-Cache
Who
Server-Info
Pics-Label
L
Kp-EeAlive
PFcat
Origin
Memcached
NGX
UCS
X-Location
X-VG-TLSProxy
Fastly-SIE
Fastly-SWR
X-VarnishDD-TTL
X-Var-Ttl
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-TrackingId
X-Clientip
X-Forwarded-Path
X-Rebelmouse-Surrogate-Control
X-Shop-Environment
X-Tenant
X-Rebelmouse-Cache-Control
X-Platform-Server
X-NU-AKA-ACS-Version
X-Orig-Expires
X-Sigma-Backend
X-Sigma
X-Gamma-Serve
X-Generated-On
X-Geo-Header
X-Envoy-Decorator-Operation
X-Device-Os
X-Branch-Name
X-Cache-Debug
X-Cms-Context
X-GoCache-CacheStatus
X-Hash
X-Rocket-Build-Number
X-Scheme
X-Served-From
X-Request-UUID
X-Proxy-Upstream
X-HN
X-Level-Front-Cache
X-Backend-State
X-Core-Value
DSUID
C-Via
Esi-Enabled
Fastly-Backend-Name
Fastly-Drupal-HTML
X-Forwarded-Host
Cmsid
Cmstype
Content-Disposition
X-Tb
User-Cache-Control
DataCenter
AKAMAI
Is-Eu
X-CGP
X-Skip-Cache
X-Clara-WADP
X-Cluster
X-Site-Version
Wxu-Next-Hostname
Wxu-Next-Region
Arc-Version
X-Cache-Info
X-Request-Host
Ha-Gx-Prefs
X-SRV
X-WADP-Cache
X-AIR-PT
X-User
X-LI-UUID
Adler-Geo
X-Thinkindot-L3
X-VServer
X-Developers
X-Owner
X-Origin
X-GeoIP-City
X-GeoIP
X-VHOST
X-Varnish-Ttl
X-Nginx-Cache-Key
X-Men
X-Li-Pop
X-Li-Fabric
X-Micro-Cache
X-Generated-In
X-Generated-By
X-Policy
X-Amz-Meta-S3cmd-Attrs
Wxu-Next-Commit
X-Date
X-Req
X-Eu-Site
X-Fastly-Backend
X-Forwarded-Site
X-Fmm-Version
X-Fetched-On
X-Fastly-Cache
X-Csrf-Jwt
X-Accel-Expires-Debug
Svr
Release
CacheControlHeader
X-JWT-State
TDXMobile
Location
Thinkindot-CacheControl
X-Variation
Sever-Int
Fastcgi-Cache-TTL
X-Has-Esi
X-Is-Gdpr
Server-Ext
Server-Host
X-DPWN-IS-SECURE
Server-Hostname
Thinkindot-Control
Thinkindot-CacheControl-Type
NM-Fastcgi-Cache
PB-RID
Platform
Vix-Hermes-Req-Id
X-VC-Cache
HA-Ipaddr
Gh-Request-Id
PB-PID
Pagetype
L5d-Success-Class
True-Client-Country-4JS
X-Origin-Expires
X-Loc
X-Cache-Tags
Arc-Country
Webserver
X-PF-Uncompressing
X-Gen-Mode
X-SIPLIST1
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-Old-Content-Length
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-Varnish-Remaining-TTL
X-Gzip
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-FC-Vary-Parameters
Mail-Subject
X-RateLimit-Limit-Second
X-Via-NSCOPI
X-Viewer-Country
X-Block-Status
X-Sucuri-ID
X-Cache-Id
X-Wikidot-Backend
X-Wikidot-Static-Cache
Locid
IsBot
Cf-Device-Type
Cache-Key
V-Age
X-DefElseHash
X-Slack-Backend
We-Hiring
X-GEO
X-Esi-Check
X-RateLimit-Remaining-Second
X-Qloud-Router
X-Ftr-Request-Id
X-DefHash
Nel
X-Conf
X-EC-Lua
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
NtCoent-Length
X-Planisys-CDN-Cache
X-Minions-Version
X-Varnish-Url
Cache-Hits
CPC-Age
VNS-Age
CPC-Cache
VNS-Cache
X-DC
X-Via-Poph
X-Via-Popv
X-BBC-Edge-Cache-Status
X-Vc
X-Via-Popn
X-HS-Content-Campaign-Id
X-Mvc-Supplant-OutputCached
MIME-Version
X-Zone
X-Servedbyhost
X-Ckpd-Fst-Backend
My-App
Powered-By-ChinaCache
X-Ratelimit-Limit
X-Worker
X-Internal-Host
X-Unique-Id
X-Pass-Why
X-Webkit-CSP-Report-Only
XServer
X-Refresh
X-TX-ID
X-Auto-Login
X-V-Cache
X-LB-ID
Memory
Time
X-Tx-Id
X-ID
X-CACHE-KEY
Server-ID
X-Traceid
X-Rocket-Nginx-Serving-Static
X-PJAX-URL
X-NCache
X-NC
WebServer
X-Platform-Processor
X-Platform-Cluster
X-Platform-Router
X-Ratelimit-Remaining
X-Wa
X-OVcl
X-ZONE
X-LSADC-Cache
X-OVcl-Cache
X-Render-Time
X-Newrelic-Synthetics
X-NewRelic-App-Data
X-Qnm-Cache
X-M-Log
X-M-Reqid
X-App
Cf-Bgj
X-SD-PageType
X-TIME
X-Webkit-Csp
Geo-Info
X-Backend-TTL
HostName
X-Cache-Remote
Magicmarker
X-Datadog-Sampling-Priority
Environment
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-TraceId
X-Nyt-Route
X-Gdpr
X-NodeID
DB-Nickname
X-Origin-Time
X-VCL-Version
Hostname
X-BBC-Origin-Response-Status
X-API-Version
X-Server-IP
X-Via-Ucdn
Geoip-Latitude
Cluster
X-CLOUD-TRACE-CONTEXT
Resin-Trace
GeoIp-Country-Code
X-Geo
X-Dispatcher-Server
X-Tb-Optimization-Total-Bytes-Saved
X-Method
X-Cache-Config
X-Cache-Var
X-Cache-Var-Map
X-LI-Proto
X-Pod-Name
Datacenter
X-Edge-Pop
Candidate-Md5Url
X-Correlation-ID
Ssr
X-Akamai-Pragma-Client-IP
X-IP
X-Ua-Browser
X-Content
Ohc-File-Size
Tcn
X-ElasticPress-Query
N-Cache
X-CACHE-AGE
X-MSEdge-Features
X-HITS
X-Dynatrace
X-MSEdge-Flight
X-Origin-Response-Time
X-Nc
X-Li-Proto
LB
Web-Mar-Region
Cf-Ipcountry
GeoIP-Latitude
GeoIP-Country-Code
X-NODE
X-DynaTrace-JS-Agent
X-Varnish-Beresp-TTL
X-Trv-Group
X-Node-Id
Cdn
X-AB
Proxy-Connection
X-Via-CDN
X-Wix-Viewer-Type
X-Vcl-Version
Servername
X-ND-Cache
X-HostName
Onion-Location
CF-Cached-On
X-APP
X-Varnish-Cacheable
WWW-Authenticate
Env
X-EIG-Tracking-Id
X-ServerName
X-Reqid
X-HS-Status
WZWS-RAY
X-Cs
X-Fpc
X-Dynatrace-Js-Agent
CDN
Server-Id
X-WA
Sid
X-Pjax-Url
Lb
X-MG-S
Rt-Fastcgi-Cache
Redirect-Candidate
X-Request-Start
Cteonnt-Length
VivaBuild
X-TIM-N
X-NGINX-Cache
Viewtype
X-Fastly-Backend-Reqs
X-Tid
Machine
X-Check-Cacheable
URI
X-URL
X-Up
X-Lb-Id
Tracecode
Ohc-Cache-HIT
X-CSRF-TOKEN
X-Esi
X-Xrds-Location
X-Via-PopH
X-Via-PopV
X-Fastly-Request-Id
Is-Us
X-Cache-Date
X-Via-PopN
X-FTR-Request-ID
X-IN-APIGATEWAY
X-Cache-Backend
X-VC
X-IN-APIGATEWAYSSL
Pramga
X-Cdn-Forward
FSS-Cache
On-Server
Server-Ttl
X-Amz-Meta-Cb-Modifiedtime
X-Fastly-Cache-Hits
Mime-Version
X-Cdn-Origin
X-SN
Shield-Pop
CountryCode
X-Sn-Servicetimems
X-ServedByHost
X-Cache-ASPX
CloudFront-Viewer-Country
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
W
X-Core-Mission
X-Contensis-Viewer-Groups
X-Provided-By
X-Varnish-Authentication
X-RAMCache
X-Air-Pt
X-LiteSpeed-Cache-Control
X-Swa-Ws
CACHE
X-FORWARDED-FOR
X-UnsetCookies
Xet-Cookie
X-SB
X-FTR-DC
X-Cdn-Request-ID
X-Webstats-RespID
X-FTR-Balancer
X-StackifyID
X-FTR-Cache-Status
X-Swift-Error
X-FTR-Realm
Xc-Version
X-Pf-Uncompressing
Warning
Content-Style-Type
Content-Script-Type
X-Yottaa-OS
X-Pad
X-Cache-Expires
Req-ID
X-Oss-Storage-Class
X-ElasticPress-Search
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
WP-Super-Cache
X-Country-Code-Real
Vha6-Origin
X-FTR-Backend-Server
Ohc-Response-Time
X-Dw-Trace-Id
X-FTR-Backend
X-Oss-Object-Type
X-DW
X-RPM
X-RPS
X-RSL
X-DSS
X-DI
X-Oss-Request-Id
X-Action
X-DB
X-Tt-Logid
X-Snapshot-Date
X-MiniProfiler-Ids
X-C
X-FTR-Expires
ServerName
X-TH-Server