Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-Request-ID
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
X-Ws-Request-Id
Request-Context
X-Robots-Tag
Server-Timing
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
EagleId
X-Nginx-Cache-Status
Report-To
X-Rq
X-LiteSpeed-Cache
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
EagleEye-TraceId
Ali-Swift-Global-Savetime
X-Device
X-Vhost
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
NEL
Cf-Railgun
X-Dispatcher
X-Host
X-Server-Id
X-Cache-Spec
X-CST
X-Node
Allow
X-Backend-Server
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-WebKit-CSP
X-Readtime
Accept-CH
X-Akam-SW-Version
X-Response-Time
X-Webkit-CSP
Xkey
X-Ruxit-JS-Agent
X-HW
X-Language
X-Country
Accept-Ch-Lifetime
X-Application-Context
X-Ac
X-Template
Content-Location
X-Cache-Lookup
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Url
X-B3-TraceId
Edge-Control
X-Mod-Pagespeed
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
X-ESI
X-Trace
X-MS-InvokeApp
X-Varnish-TTL
X-Content-Type
Fastly-Restarts
Accept-CH-Lifetime
X-GitHub-Request-Id
X-Rack-Cache
X-Origin-Cache
X-Cnection
Accept-Ch
X-FastCGI-Cache
X-Country-Code
X-Buckets
X-Goog-Hash
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Exp-Variant
Verso
X-D2id
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-Vcap-Request-Id
X-ORACLE-DMS-ECID
X-Cached
Cache-Tag
X-Server-Name
X-Abt-Application-Version
X-Amz-Rid
X-Client-IP
Service-Worker-Allowed
X-Server-ID
X-Navigation-Version
X-Powered-By-Plesk
RTSS
X-Px
Access-Control-Request-Method
X-Fastly-Request-ID
Public-Key-Pins
X-Powered-CMS
X-Element-Page-Cache
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
X-Dw-Request-Base-Id
X-Version
X-NF-Request-ID
X-Cache-TTL
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Middleton-Response
Response
X-Ttl
S
X-Edge
X-TTL
X-Kinsta-Cache
X-Edge-Location-Klb
X-LLID
Mrf-Cache-Status
MRF-Tech
Realpath
X-B3-TraceId-Primal
X-Accel-Expires
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Cache-Key
X-Jurisdiction
SPRequestGuid
X-HP-Webp
X-SharePointHealthScore
SPIisLatency
SPRequestDuration
X-ECACHE
X-Shield-Request-Id
X-Mid
X-T
X-MCACHE
X-PressLabs-Stats
X-Litespeed-Cache
Pinterest-Version
Pinterest-Generated-By
X-Content-Security-Policy-Report-Only
X-Pinterest-Rid
X-DynaTrace
X-Correlation-Id
Edge-Cache-Tag
X-ORACLE-DMS-RID
X-Forwarded-Proto
Fastcgi-Cache
X-XRDS-Location
X-Mg-S
X-Amz-Server-Side-Encryption
X-Content-Digest
TP-L2-Cache
TP-Cache
X-Recruiting
Nginx-Cache
Charset
Filters
X-Id
Front-End-Https
X-Request-Received
TCN
X-Request-Processing-Time
Alternate-Protocol
X-Forwarded-For
Server-Node
X-Logged-In
X-Ezoic-Cdn
Content-MD5
X-Geo-Country
Cache-Tags
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
X-ASPNET-VERSION
X-Protected-By
X-Hostname
X-Amzn-Trace-Id
X-Origin-Upstream-Status
X-Release
X-Grace
X-GUploader-UploadID
X-Goog-Generation
X-Origin-Server
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Www-Served-By
X-F-Cache
X-Oneagent-Js-Injection
Cleartype
X-Amz-Replication-Status
X-NWS-LOG-UUID
X-Rid
X-HS-Cache-Config
X-HS-Hub-Id
Host
X-Debug-Info
X-HS-Content-Id
X-HS-Combine-CSS
X-LB-Cache
X-Contextid
X-Az
X-Activity-Id
X-AppVersion
Server-Name
Section-Io-Cache
X-RateLimit-Remaining
X-Erf-Bev-Bev
X-Page-Id
X-Erf-Bev-Bev-Is-Generated
X-Frontend
X-Browser-Type
X-Git-Hash
X-Daa-Tunnel
X-Ser
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-Respond-Thread
X-VCache
X-Cache-Age
X-Content-Options
X-WebKit-CSP-Report-Only
X-Ruxit-Js-Agent
Accept-Charset
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Hits
X-Ab
X-Source
X-Mobile-URL
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-DIS-Request-ID
X-Flags
X-Is-Crawler
X-Aspnet-Duration-Ms
X-CACHE-GROUP
ServerID
X-Providence-Cookie
X-B-Cache
X-Route-Name
X-Signature
X-Request-Guid
X-Whom
X-Varnish-Backend
X-Varnish-Grace
X-Varnish-Age
Payment
X-Cache-Action
Healthy
X-TT
X-FB-Debug
Viewport
X-App-Environment
Paypal-Debug-Id
Node
X-AOL-HN
X-B3-Sampled
Fastcgi-Useragent
DynaTrace
X-Seen-By
Version
X-Load-Cache
X-Mobile
X-Yandex-Sdch-Disable
X-N
DC
X-XRDS-LOCATION
X-Type
X-HTML-Minification-Powered-By
X-Tt-Trace-Host
X-Tt-Trace-Tag
Filterid
X-Distributor
X-Tec-Api-Root
X-Tec-Api-Origin
SRV
X-Tec-Api-Version
X-Cache-Control
Retry-After
X-Fastcgi-Cache
Frame-Options
X-User-Agent
MS-CV
X-Cache-Expired-At
X-Jobs
X-Original-Request-Id
AR-ATIME
X-Response-Served-From
Ar-Sid
AR-CACHE
AR-PoweredBy
AR-Request-ID
X-IPLB-Instance
Refresh
X-UUID
Amp-Access-Control-Allow-Source-Origin
X-Page-View
NGB
X-Adobe-Content
X-Adobe-Loc
X-Real-IP
X-Proxy-Cache-Status
X-Cluster-Name
X-Debug-IsConnected
X-Varnish-Server
X-Instance
X-Region
X-Device-Type
X-Debug-IsPreview
Access-Control-Request-Headers
X-Content-Powered-By
X-Framework
X-Cacheable-TTL
X-Cache-Time
VIX-Pulpo-Upstream-Status
X-B
X-IPS-LoggedIn
X-ProcessESI
X-Tumblr-User
X-Proxy
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-RemovedCookies
X-Tumblr-Pixel
VIX-Pulpo-Node
X-G
Ms-Operation-Id
Uber-Trace-Id
X-FW-Dynamic
X-FW-Type
X-FW-Static
X-FW-Hash
X-RTag
X-FW-Serve
X-FW-Server
X-Request-Handler-Origin-Region
X-Microsite
X-Vgn-Hpd-Reason
X-NGENIX-Cache
X-Zen-Fury
X-Azure-Ref
X-CDN-Forward
Countrycode
X-Node-Name
X-Wix-Request-Id
Cache-Status
X-Time
X-Cache-Rule
X-Cache-Hit
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Mg-Request-UUID
Section-Io-Origin-Status
Section-Io-Id
X-Rendered-As
X-Ms-Version
X-Oracle-Dms-Rid
X-Ms-Request-Id
X-Is-Bot
X-Debug
SD-X-WS
X-Accel-Buffering
Liferay-Portal
Referer-Policy
X-Nginx-Cache
X-RateLimit-Limit
X-Aws-Lambda-Call-Status
Cache
X-App-Version
X-Drupal-Cache-Tags
X-EdgeConnect-Cache-Status
S-Cnection
Country
CF-IPCountry
X-App-Server
X-FireWall-Port
X-Environment-Context
X-L-Path
X-Revision
X-HP-Trace-Id
Surrogate-Key
X-Cache-Operation
X-Yottaa-Metrics
X-Parallel-Accel
X-Yottaa-Optimizations
Eomportal-Instance
X-Loop
X-ES-SERVER
Selected-Fe
X-TNCMS
X-GG-Cache-Date
X-UPSTREAM-Address
X-Proxy-Build
X-Timing-Wait
X-Endurance-Cache-Level
X-TA-CDN-Provider
Meta-Geo
X-SaId
X-RN-RSRV
X-JoinUs
X-SayCDN-TTL
X-Cache-TTL-Remaining
X-Xfnlog-Site
X-Adobe-Source
X-Cache-Type
X-Drupal-Cache-Contexts
From-Origin
X-Say-TTL
X-ShopId
X-Say-Cacheable
X-Shopify-Stage
X-Request-Time
X-LAGOON
X-ShardId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Varnishpool
Country-Code
X-Sql-Count
Count-Hit
X-Proto
Azure-RegionName
Azure-SiteName
Azure-InstanceId
Protected
Azure-SlotName
X-Origin-Date
X-Sql-Duration-Ms
Azure-Version
Cache-Name
X-NYM-Debug-Backend
X-Human
X-ProxyCache-Key
X-S-Maxage
X-AWS-Id
X-Varnish-Hostname
X-ProxyCache-Status
X-LJ-Flow-ID
X-No-Session
X-Varnish-Beresp-Grace
X-PHP-Backend
X-VWS-Id
X-BYPASS-REASON
X-Be
X-Backend-Host
Property-Id
X-Handled-By
Decoy-Debug-Status
X-Hosted-By
Decoy-Debug-TTL
X-Status
X-PCL
X-Server-W
X-RCS-CacheZone
Decoy-Debug-Key
X-PHP-Host
Fastly-SSL
X-Origin-Hint
X-Labrador-Cache-Channel
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
X-OCL
Webcakes-Region
X-Cache-Server
X-FB-TRIP-ID
X-UA-Device-Type
X-Pubstack
TWC-Connection-Speed
ServedBy
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
X-Akamai-Edgescape
GEO-INFO
Akamai-GRN
Apigw-Requestid
Cache-Tv-Group
X-Tumblr-Pixel-2
X-Uri
X-Backend-Name
X-Access
X-Redis-Cache
X-Format
X-Section
X-Via-Fastly
X-FW-Version
Mn-Server-Ip
X-Web-Node
X-Hyper-Cache
X-Hl-Ver
X-ApacheServer
X-PERF
Nel
X-Ua-Device
X-Cluster-Node
X-ServerID
X-Time-Microsecs
X-ATG-Version
X-B3-SpanId
Xserver
X-Cache-PHP
X-TEC-API-ROOT
X-Servername
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-APP-VERSION
OT-Force-Account-Verify
X-CSRF-Token
X-Trace-Id
X-Tumblr-Pixel-3
X-Content-Age
X-Azure-Ref-OriginShield
Backend
X-Detected-As
Cross-Origin-Opener-Policy
X-WA-Info
X-MP-GENERATED-AT
X-TT-LOGID
Web-Mar-Node
X-Varnish-Cache-Hits
X-Cache-Host
X-Rule
X-Generation-Time
X-Datadome
X-Cache-Enabled
X-Cache-Ttl
X-Cached-By
X-Akamai-Transformed
X-SRV
X-Varnish-Hits
X-Soup
X-Bc-Bl
X-Edge-Location
Cross-Origin-Window-Policy
Content-Secure-Policy
Ec-Rule-Version
X-Ua
X-CS
X-Mode
X-Info
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Via-JSL
S-Rt
X-Microcachable
X-Varnish-Beresp-Status
X-NWS-UUID-VERIFY
X-Cache-Grace
Url
Source
X-Magnolia-Registration
X-B3-Traceid
X-Cache-NGX
X-Locale
X-Storage
X-Origin-TTL
X-Origin-CC
X-Air-Hostname
X-GEO
X-Air-Source
X-Air-Trace-Id
SID
X-Dc
X-Debug-Cache
Upgrade-Insecure-Requests
X-Ratelimit-Limit
X-Forwarded-Host
X-Zipkin-Id
X-Proxied
X-Extlb
X-Platform
X-Varnish-Beresp-Ttl
X-Routing-Service
X-Tb
X-Aed
X-ARC
X-Application
X-External-Request-Id
X-A-Wwc
Apple-News-Services-Handled
X-Connection-Hash
X-AIR-PT
BehaviorPad-Version
X-Epic-Correlation-Id
A
X-Site-Version
X-Destination
X-Developer
X-Cache-Bucket
CDN-CachedAt
X-A-Dcw
Apple-News-Services-Request-Url
X-BCube-Filmed-By
Apple-News-Services-Parsed-Url
X-A-Dam
X-CF-Lambda-Version
X-A-Dgt
X-B-Cookie
X-Cache-NE
X-D
X-Clientip
CDCHOST
X-CF-Lambda-Fn
X-Aicache-OS
CDN-Cache
DCR-Decision-By
X-Shop-Environment
X-Session-Fingerprint
Fastcgi-X-Cache-Version
X-Unique-Id
Path
X-SRCache-Key
Expiry
X-ScT
CDN-EdgeStorageId
X-Request-URI
X-Rojux
X-S
X-S-Cookie
X-Tenant
Fastly-SIE
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
MD5-Digest
M-TraceId
Host-ID
Meta-Geo-Continent
X-VG-WebServer
Odigeo-Trace-Id
Fastly-SWR
X-Vdms-Version
Mobile-Detection-Method
X-VG-WebCache
Rendered-Blocks
X-Rewrite-Enabled
T-Server
X-A
Surrogated-Key
State
X-Rebelmouse-Surrogate-Control
Req-Svc-Chain
X-A-Ccd
CDN-Uid
X-Forwarded-Path
CDN-PullZone
CDN-RequestCountryCode
X-From
CDN-RequestId
X-GoCache-CacheStatus
X-NU-AKA-ACS-Version
X-NAPM-TraceId
X-Processor
DCR-Processing-Time-Ms
X-Ratelimit-Reset
X-Rebelmouse-Cache-Control
X-Orig-Expires
X-Platform-Server
Apple-News-Services-Host
X-PBS-Appsvrname
X-PAYTM-SRV-ID
User-Cache-Control
X-DataDome
PB-PID
Platform
PB-RID
NGX
X-Accel-Expires-Debug
UCS
Origin
X-Has-Esi
X-Rocket-Build-Number
X-Service
X-Sigma
X-Sigma-Backend
X-Request-UUID
X-Request-Host
X-Loc
X-Men
X-Origin-Expires
X-Proxy-Upstream
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-VServer
X-WADP-Cache
X-Conf
X-Ftr-Request-Id
X-VG-TLSProxy
X-Variation
X-Thanos
X-TrackingId
X-Var-Ttl
X-LI-UUID
X-Li-Pop
X-Cms-Context
X-Core-Value
X-Date
X-Device-Os
X-Clara-WADP
X-Cache-Tags
X-Branch-Name
X-Cache-Debug
X-Cache-Info
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Hash
X-Is-Gdpr
X-JWT-State
X-Li-Fabric
L
X-Forwarded-Site
X-Fastly-Backend
X-Fastly-Cache
X-Fmm-Version
X-Backend-State
X-Bip
X-Ratelimit-Remaining
Adler-Geo
Esi-Enabled
DSUID
Content-Disposition
Fastly-Backend-Name
Cmsid
Fastly-Drupal-HTML
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Ttl
Cache-Host
C-Via
Arc-Version
Cache-Key
Is-Eu
Cmstype
Server-Info
AMP-Access-Control-Allow-Source-Origin
X-Gzip
X-Generated-By
X-Wikidot-Backend
X-Generated-In
X-Geo-Header
X-Generated-On
X-GeoIP-City
X-GeoIP
X-BBC-Edge-Cache-Status
X-Csrf-Jwt
X-DefElseHash
X-Cluster
X-CGP
X-Block-Status
X-Cache-Id
X-DefHash
X-Developers
X-Wikidot-Static-Cache
X-Gamma-Serve
X-Fetched-On
X-FC-Vary-Parameters
X-Eu-Site
X-Gen-Mode
X-Viewer-Country
IsBot
NtCoent-Length
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Policy
X-Varnish-CookieHashed-On
X-Req
X-Thinkindot-L3
X-SIPLIST1
X-Slack-Backend
X-DC
X-Served-From
X-EC-Lua
X-Scheme
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Micro-Cache
X-Via-NSCOPI
X-Location
X-Level-Front-Cache
X-Hnp-Log
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-VC-Cache
X-VarnishDD-TTL
X-Vdms-Path
X-Origin
X-Old-Content-Length
X-HN
X-Esi-Check
Wxu-Next-Hostname
TDXMobile
HA-Ipaddr
Wxu-Next-Commit
CPC-Age
Wxu-Next-Region
Sever-Int
Ha-Gx-Prefs
Location
Locid
Gh-Request-Id
Thinkindot-CacheControl
Memcached
VNS-Age
Mail-Subject
Vix-Hermes-Req-Id
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
We-Hiring
VNS-Cache
Server-Hostname
Cf-Device-Type
PFcat
CPC-Cache
Release
NM-Fastcgi-Cache
Pics-Label
Fastcgi-Cache-TTL
L5d-Success-Class
Server-Host
Kp-EeAlive
Pagetype
Server-Ext
CacheControlHeader
Webserver
AKAMAI
Arc-Country
X-Skip-Cache
X-Ckpd-Fst-Backend
X-Owner
V-Age
X-Goog-Meta-Goog-Reserved-File-Mtime
Svr
X-Unique-ID
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Sucuri-ID
X-Planisys-CDN-Rules
Who
DataCenter
X-Mvc-Supplant-OutputCached
X-Qloud-Router
X-HS-Content-Campaign-Id
X-User
X-Worker
Cache-Hits
X-Auto-Login
X-PF-Uncompressing
X-Via-Popn
X-V-Cache
X-Via-Poph
X-NC
X-Via-Popv
MIME-Version
X-Minions-Version
X-Varnish-Url
X-Servedbyhost
X-NCache
XServer
X-Tx-Id
X-Qnm-Cache
X-Srv
X-M-Reqid
X-M-Log
X-Platform-Router
X-Rocket-Nginx-Serving-Static
X-Platform-Processor
X-Render-Time
X-LSADC-Cache
X-Vc
X-Platform-Cluster
X-ID
X-Zone
X-ZONE
X-Refresh
X-LB-ID
X-SD-PageType
My-App
X-Traceid
Powered-By-ChinaCache
X-Cache-Remote
WebServer
X-Datadog-Trace-Id
X-Content
Memory
X-Datadog-Sampling-Priority
Time
Environment
X-Internal-Host
X-App
X-Ua-Browser
X-Wa
X-Datadog-Parent-Id
X-Newrelic-Synthetics
X-TX-ID
X-TIME
Server-ID
X-Nyt-Route
X-Webkit-Csp
X-Gdpr
X-Pass-Why
X-PJAX-URL
X-BBC-Origin-Response-Status
X-NodeID
X-Origin-Time
X-API-Version
X-Cache-Var-Map
X-Cache-Var
X-CACHE-KEY
X-Server-IP
X-Cache-Config
X-VCL-Version
X-Via-Ucdn
Cluster
X-NewRelic-App-Data
Candidate-Md5Url
X-OVcl-Cache
X-Pod-Name
X-OVcl
Hostname
Datacenter
Geoip-Latitude
GeoIp-Country-Code
X-TraceId
X-CLOUD-TRACE-CONTEXT
HostName
Cf-Bgj
X-Backend-TTL
X-Webkit-CSP-Report-Only
N-Cache
Resin-Trace
X-ElasticPress-Query
X-Correlation-ID
X-Edge-Pop
X-Tb-Optimization-Total-Bytes-Saved
Geo-Info
Magicmarker
X-LI-Proto
X-VHOST
Web-Mar-Region
Ohc-File-Size
Tcn
X-CACHE-AGE
X-Method
X-Origin-Response-Time
X-Dynatrace
X-HITS
X-Dispatcher-Server
X-Varnish-Beresp-TTL
Onion-Location
DB-Nickname
X-Li-Proto
X-HOST
X-Akamai-Pragma-Client-IP
X-Geo
X-NODE
X-MSEdge-Features
X-IP
Ssr
WWW-Authenticate
GeoIP-Country-Code
X-MSEdge-Flight
X-Varnish-Cacheable
GeoIP-Latitude
X-EIG-Tracking-Id
Servername
X-AB
X-Wix-Viewer-Type
Proxy-Connection
Cdn
X-HostName
X-Vcl-Version
X-Node-Id
CDN
LB
X-Fastly-Request-Id
X-Cs
CF-Cached-On
X-DynaTrace-JS-Agent
Cf-Ipcountry
X-ND-Cache
X-Trv-Group
X-Dynatrace-Js-Agent
Lb
Redirect-Candidate
X-HS-Status
Server-Id
X-Tid
X-TIM-N
X-Fpc
X-Tt-Logid
X-Fastly-Backend-Reqs
Tracecode
X-Up
X-Pjax-Url
Sid
WZWS-RAY
X-Request-Start
Env
X-Via-CDN
X-APP
X-WA
X-MG-S
X-Webkit-Csp-Report-Only
X-NGINX-Cache
URI
X-Cache-Date
X-ServerName
Is-Us
Cteonnt-Length
Pramga
X-Nc
X-Sn-Servicetimems
X-VC
X-Cdn-Origin
X-Amz-Meta-Cb-Modifiedtime
X-Check-Cacheable
X-Lb-Id
X-Reqid
Ohc-Cache-HIT
X-Esi
X-CSRF-TOKEN
VivaBuild
X-ServedByHost
Rt-Fastcgi-Cache
Viewtype
Mime-Version
X-Provided-By
X-Core-Mission
X-Cache-Backend
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-IN-APIGATEWAYSSL
W
X-SERVER-NAME
X-IN-APIGATEWAY
X-UnsetCookies
X-ECache
Server-Ttl
X-Cache-Expires
X-LiteSpeed-Cache-Control
CountryCode
Shield-Pop
X-SN
CloudFront-Viewer-Country
X-Cdn-Forward
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Fastly-Cache-Hits
X-Pf-Uncompressing
X-Varnish-Authentication
X-Acquia-Application-Trace
X-Acquia-Site
X-RAMCache
X-FORWARDED-FOR
WP-Super-Cache
X-Acquia-Purge-Tags
CACHE
X-Acquia-Application-UUID
Machine
X-Pad
X-RSL
X-RPS
X-RPM
X-DW
X-FTR-Request-ID
X-DSS
X-Region-Sid
X-Sucuri-Cache
X-StackifyID
Xet-Cookie
X-CUA
X-Webstats-RespID
X-DI
X-Cache-Status-Check
X-Edge-POP
X-Cdn-Request-ID
X-SB
X-Swift-Error
X-Dw-Trace-Id
X-Yottaa-OS
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Action
X-DB
Vha6-Origin
ServerName
Ohc-Response-Time
X-CCDN-Origin-Time
X-B3-Spanid
Req-ID
Xc-Version
X-CF-Powered-By
PICS-Label
X-FPC
X-Moov-T
X-Moov-Xdn-Version
X-C
X-FTR-Realm
X-FTR-Expires
X-FTR-DC
X-FTR-Cache-Status
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-FTR-Balancer
X-FTR-Backend-Server
On-Server
FSS-Cache
Content-Script-Type
X-MiniProfiler-Ids
X-Country-Code-Real
X-FTR-Backend
X-ElasticPress-Search
X-TH-Server
Content-Style-Type