Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-DNS-Prefetch-Control
P3p
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
Keep-Alive
X-Ws-Request-Id
Server-Timing
Request-Context
X-Robots-Tag
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Cache-Group
X-Server-Powered-By
X-Backend
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
EagleId
X-Nginx-Cache-Status
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Vhost
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
NEL
Cf-Railgun
X-Dispatcher
X-Host
X-Server-Id
X-Cache-Spec
X-CST
X-Node
X-Backend-Server
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Request-Id
Surrogate-Control
X-WebKit-CSP
X-Readtime
X-Akam-SW-Version
Accept-CH
X-Response-Time
X-Webkit-CSP
Accept-Ch-Lifetime
Xkey
X-Ruxit-JS-Agent
X-HW
X-Language
X-Country
X-Application-Context
X-Template
X-Ac
Content-Location
X-Cache-Lookup
X-Cloud-Trace-Context
MS-Author-Via
Rating
X-Url
X-B3-TraceId
X-Mod-Pagespeed
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
X-Varnish-TTL
X-Trace
Accept-Ch
X-ESI
X-MS-InvokeApp
X-Content-Type
Fastly-Restarts
X-Rack-Cache
X-Origin-Cache
X-GitHub-Request-Id
X-Cnection
X-Buckets
X-Country-Code
X-Goog-Hash
Verso
X-D2id
X-VARITI-CCR
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-FastCGI-Cache
Arr-Disable-Session-Affinity
Accept-CH-Lifetime
X-Vcap-Request-Id
X-ORACLE-DMS-ECID
Cache-Tag
X-Cached
X-Abt-Application-Version
X-Server-Name
Service-Worker-Allowed
X-Amz-Rid
X-Client-IP
X-Navigation-Version
X-Server-ID
X-Powered-By-Plesk
RTSS
X-Px
X-Fastly-Request-ID
Access-Control-Request-Method
Public-Key-Pins
X-Element-Page-Cache
X-SRCache-Fetch-Status
X-Powered-CMS
X-SRCache-Store-Status
X-MSEdge-Ref
X-Upstream
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Version
X-Cache-TTL
X-Sol
Response
Display
Pagespeed
X-Middleton-Display
X-Middleton-Response
X-TTL
S
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
X-LLID
X-Ttl
Mrf-Cache-Status
X-B3-TraceId-Primal
X-ECACHE
MRF-Tech
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Routeconfig-Destination
Realpath
X-Accel-Expires
X-Cache-Key
X-Jurisdiction
X-HP-Webp
X-Correlation-Id
SPRequestGuid
X-SharePointHealthScore
X-XRDS-Location
SPIisLatency
SPRequestDuration
X-T
X-Shield-Request-Id
X-Mid
X-MCACHE
X-PressLabs-Stats
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Content-Security-Policy-Report-Only
X-ORACLE-DMS-RID
X-DynaTrace
Edge-Cache-Tag
X-Litespeed-Cache
X-Forwarded-Proto
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Content-Digest
X-Recruiting
TP-Cache
TP-L2-Cache
Nginx-Cache
Charset
X-Mg-S
X-Id
Filters
Front-End-Https
TCN
X-Request-Received
X-Request-Processing-Time
Alternate-Protocol
Server-Node
X-Logged-In
X-Ezoic-Cdn
X-Forwarded-For
Content-MD5
X-Geo-Country
Cache-Tags
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
X-Protected-By
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-Hostname
X-ASPNET-VERSION
X-Amzn-Trace-Id
X-Grace
X-Origin-Upstream-Status
X-Release
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Www-Served-By
X-Goog-Stored-Content-Encoding
X-F-Cache
X-Origin-Server
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Amz-Replication-Status
X-NWS-LOG-UUID
Cleartype
X-Rid
X-Debug-Info
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
Host
X-AppVersion
X-Az
X-Activity-Id
X-LB-Cache
X-Contextid
X-Oneagent-Js-Injection
X-RateLimit-Remaining
Section-Io-Cache
Server-Name
X-Page-Id
X-Frontend
X-Daa-Tunnel
X-Git-Hash
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-VCache
MicrosoftSharePointTeamServices
X-Respond-Thread
X-Cache-Age
X-Ser
X-Content-Options
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Aspnetmvc-Version
Accept-Charset
X-Hits
X-Ruxit-Js-Agent
X-Mobile-URL
X-DIS-Request-ID
X-Source
ServerID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Signature
X-Route-Name
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-B-Cache
X-Request-Guid
Payment
X-Varnish-Backend
X-Whom
X-Cache-Action
X-Varnish-Grace
X-TT
X-Varnish-Age
X-FB-Debug
Healthy
Viewport
X-Ab
Paypal-Debug-Id
Node
X-WebKit-CSP-Report-Only
X-CACHE-GROUP
X-B3-Sampled
X-AOL-HN
Fastcgi-Useragent
X-App-Environment
X-Load-Cache
DynaTrace
X-Seen-By
Version
X-Fastcgi-Cache
X-Yandex-Sdch-Disable
X-Mobile
X-N
DC
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Type
X-HTML-Minification-Powered-By
SRV
X-Distributor
Filterid
Frame-Options
Retry-After
X-Cache-Control
X-User-Agent
MS-CV
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Jobs
X-Cache-Expired-At
Refresh
Amp-Access-Control-Allow-Source-Origin
X-Response-Served-From
X-Original-Request-Id
X-IPLB-Instance
X-UUID
X-Real-IP
X-Proxy-Cache-Status
NGB
X-Adobe-Loc
X-Adobe-Content
X-Page-View
Access-Control-Request-Headers
X-Debug-IsPreview
X-Cluster-Name
X-Debug-IsConnected
X-Instance
X-Varnish-Server
X-Region
X-Device-Type
X-FW-Static
X-FW-Server
X-FW-Type
AR-ATIME
VIX-Pulpo-Node
X-FW-Serve
AR-CACHE
AR-PoweredBy
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-FW-Dynamic
VIX-Pulpo-Upstream-Status
AR-Request-ID
Ar-Sid
X-FW-Hash
X-RemovedCookies
X-XRDS-LOCATION
X-G
X-Framework
X-Content-Powered-By
X-B
X-Cacheable-TTL
X-ProcessESI
X-Cache-Time
X-IPS-LoggedIn
X-Proxy
X-RTag
Ms-Operation-Id
X-CDN-Forward
X-Vgn-Hpd-Reason
X-NGENIX-Cache
Uber-Trace-Id
X-Azure-Ref
X-Zen-Fury
X-Request-Handler-Origin-Region
X-Node-Name
Countrycode
X-Microsite
X-Cache-Rule
X-Wix-Request-Id
Cache-Status
X-Time
X-Cache-Hit
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
X-Mg-Request-UUID
Section-Io-Origin-Time-Seconds
X-Is-Bot
X-Rendered-As
X-Ms-Version
X-Ms-Request-Id
SD-X-WS
Liferay-Portal
X-RateLimit-Limit
X-Debug
X-App-Version
Referer-Policy
X-Aws-Lambda-Call-Status
X-Accel-Buffering
X-Nginx-Cache
X-Drupal-Cache-Tags
X-Oracle-Dms-Rid
X-HP-Trace-Id
Cache
X-EdgeConnect-Cache-Status
CF-IPCountry
S-Cnection
X-App-Server
Country
X-L-Path
X-Environment-Context
X-Revision
X-Yottaa-Optimizations
X-Parallel-Accel
X-Cache-Operation
X-Yottaa-Metrics
Surrogate-Key
X-FireWall-Port
Eomportal-Instance
X-TNCMS
X-UPSTREAM-Address
X-GG-Cache-Date
X-Drupal-Cache-Contexts
X-Loop
X-RN-RSRV
X-Endurance-Cache-Level
Meta-Geo
X-ES-SERVER
X-Sorting-Hat-PodId
X-ShopId
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-ShardId
X-Xfnlog-Site
X-Alternate-Cache-Key
X-JoinUs
X-Cache-Type
X-Shopify-Stage
From-Origin
X-LAGOON
X-Proxy-Build
X-Sorting-Hat-ShopId
X-Cache-TTL-Remaining
X-Storefront-Renderer-Rendered
X-Timing-Wait
Selected-Fe
X-SaId
X-Adobe-Source
X-Human
X-LJ-Flow-ID
X-No-Session
X-NYM-Debug-Backend
X-BYPASS-REASON
X-Be
Cache-Name
Protected
X-AWS-Id
X-Origin-Date
X-Proto
X-Sql-Duration-Ms
X-Varnish-Beresp-Grace
X-Varnish-Hostname
X-Varnishpool
X-Sql-Count
X-S-Maxage
X-ProxyCache-Key
X-ProxyCache-Status
X-Request-Time
Count-Hit
X-VWS-Id
GEO-INFO
Azure-SlotName
X-RCS-CacheZone
Azure-Version
X-Pubstack
Cache-Tv-Group
X-UA-Device-Type
Country-Code
Azure-SiteName
Akamai-GRN
Apigw-Requestid
ServedBy
X-TA-CDN-Provider
X-FW-Version
Azure-RegionName
X-R9-Blue-Green-Version
X-PHP-Host
Decoy-Debug-TTL
X-Labrador-Cache-Channel
X-Hosted-By
Fastly-SSL
X-Handled-By
X-Cache-Server
X-OCL
X-Akamai-Edgescape
X-PHP-Backend
Azure-InstanceId
X-PCL
Decoy-Debug-Key
Decoy-Debug-Status
Property-Id
TWC-GeoIP-Country
X-Origin-Hint
X-Access
X-Backend-Name
X-Hyper-Cache
X-Format
X-Hl-Ver
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
TWC-Connection-Speed
X-Redis-Cache
X-Via-Fastly
X-Uri
X-Web-Node
X-Status
X-Server-W
X-Tumblr-Pixel-2
X-Section
X-Backend-Host
X-PERF
X-ApacheServer
Mn-Server-Ip
X-TEC-API-ORIGIN
X-B3-SpanId
X-TEC-API-ROOT
X-FB-TRIP-ID
X-TEC-API-VERSION
X-Cluster-Node
X-Time-Microsecs
Nel
X-ServerID
Xserver
X-ATG-Version
X-Servername
X-Ua-Device
X-Cache-PHP
OT-Force-Account-Verify
X-TT-LOGID
Cross-Origin-Opener-Policy
X-Tumblr-Pixel-3
X-CSRF-Token
X-Trace-Id
X-APP-VERSION
X-Detected-As
X-Azure-Ref-OriginShield
X-WA-Info
Backend
X-Content-Age
Web-Mar-Node
X-MP-GENERATED-AT
X-Cache-Host
X-Varnish-Cache-Hits
X-Generation-Time
X-Rule
X-CS
X-Cached-By
X-Datadome
Cross-Origin-Window-Policy
Content-Secure-Policy
X-Varnish-Hits
X-Soup
X-Akamai-Transformed
X-Bc-Bl
X-Cache-Enabled
X-Cache-Ttl
X-Ua
X-Edge-Location
Ec-Rule-Version
X-SRV
X-Via-JSL
X-Info
X-Mode
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-NWS-UUID-VERIFY
X-Amzn-RequestId
X-Varnish-Beresp-Ttl
X-Cache-Grace
X-Microcachable
X-Varnish-Beresp-Status
Source
S-Rt
X-Forwarded-Host
Upgrade-Insecure-Requests
X-Magnolia-Registration
SID
X-Locale
X-GEO
Url
X-Cache-NGX
X-Debug-Cache
X-EC-Lua
X-DC
X-DataDome
X-Storage
X-Origin-CC
X-Origin-TTL
X-Proxied
X-B3-Traceid
X-Routing-Service
X-Zipkin-Id
X-Extlb
X-Site-Version
Expiry
X-Connection-Hash
X-A-Dgt
X-Air-Trace-Id
X-Air-Source
X-Orig-Expires
User-Cache-Control
Odigeo-Trace-Id
X-NU-AKA-ACS-Version
X-A-Dcw
X-NAPM-TraceId
Meta-Geo-Continent
Apple-News-Services-Request-Url
X-GoCache-CacheStatus
X-External-Request-Id
Host-ID
X-Epic-Correlation-Id
Content-Disposition
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Fastly-SIE
Fastly-SWR
A
BehaviorPad-Version
Fastcgi-X-Cache-Version
X-Air-Hostname
X-D
Mobile-Detection-Method
X-Vdms-Version
X-A-Ccd
MD5-Digest
M-TraceId
X-Developer
X-Destination
X-VG-WebCache
X-A
X-A-Wwc
X-SRCache-Key
CDN-RequestId
X-BCube-Filmed-By
CDN-Uid
T-Server
X-Cache-Bucket
X-S-Cookie
X-From
X-Rewrite-Enabled
X-VG-WebServer
CDN-RequestCountryCode
X-Rojux
X-S
Rendered-Blocks
Surrogated-Key
X-ScT
DCR-Processing-Time-Ms
X-Vtex-Remote-Cache
DCR-Decision-By
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Session-Fingerprint
X-Shop-Environment
State
Req-Svc-Chain
X-Vtex-Processado-Em
CDN-EdgeStorageId
CDN-PullZone
X-Platform-Server
X-Clientip
CDCHOST
X-AIR-PT
X-Aicache-OS
Path
X-Processor
Apple-News-Services-Host
X-A-Dam
X-Aed
X-Forwarded-Path
X-PBS-Appsvrname
CDN-Cache
X-B-Cookie
X-Tenant
CDN-CachedAt
X-Request-URI
X-Ratelimit-Reset
X-Rebelmouse-Surrogate-Control
X-Application
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-ARC
X-Ratelimit-Limit
X-Platform
X-Tb
Fastly-Drupal-HTML
X-Fmm-Version
Fastly-Backend-Name
DSUID
X-Forwarded-Site
Origin
X-Clara-WADP
UCS
X-Backend-State
Platform
X-Unique-Id
X-Bip
X-Cache-Info
X-Cache-Tags
X-Cache-Debug
Pics-Label
PB-RID
L
X-Envoy-Decorator-Operation
Is-Eu
X-Fastly-Backend
X-DPWN-IS-SECURE
NGX
PB-PID
X-Cms-Context
X-Core-Value
X-Fastly-Cache
X-Origin-Expires
X-Li-Pop
X-LI-UUID
X-Loc
X-Men
X-Li-Fabric
X-VServer
X-SVT-ORM-VERSION
X-Is-Gdpr
X-JWT-State
X-Sigma-Backend
X-Sigma
X-Request-Host
X-Request-UUID
X-Rocket-Build-Number
X-Conf
X-Proxy-Upstream
X-Ftr-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Service
X-WADP-Cache
X-Thanos
X-SVT-ORM-RULES
X-Variation
Cache-Host
C-Via
Arc-Version
Cache-Key
Adler-Geo
X-Has-Esi
X-Hash
Cmstype
X-TrackingId
X-VG-TLSProxy
Cmsid
Server-Info
X-Served-From
X-Scheme
X-CGP
X-VC-Cache
X-Varnish-Remaining-TTL
X-Wikidot-Backend
X-VarnishDD-TTL
X-Accel-Expires-Debug
X-Var-Ttl
X-Slack-Backend
X-Wikidot-Static-Cache
X-Thinkindot-L3
X-Block-Status
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Viewer-Country
X-SIPLIST1
X-Branch-Name
X-Cache-Id
X-Old-Content-Length
X-Eu-Site
X-Gzip
X-Esi-Check
X-HN
X-Irp-Debug
X-Hnp-Log
X-GeoIP-City
X-FC-Vary-Parameters
X-Generated-By
X-Gen-Mode
X-Generated-In
X-Generated-On
X-GeoIP
X-Geo-Header
X-Device-Os
X-Developers
X-Gamma-Serve
X-Nginx-Cache-Key
X-Origin
X-Policy
X-Cluster
X-BBC-Edge-Cache-Status
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-DefHash
X-Level-Front-Cache
X-DefElseHash
X-Date
X-Csrf-Jwt
X-Location
X-Req
True-Client-Country-4JS
Locid
Location
NtCoent-Length
L5d-Success-Class
Mail-Subject
NM-Fastcgi-Cache
Server-Ext
Release
PFcat
Pagetype
IsBot
HA-Ipaddr
CPC-Cache
X-Unique-ID
Cf-Device-Type
CacheControlHeader
Esi-Enabled
Fastcgi-Cache-TTL
Ha-Gx-Prefs
Gh-Request-Id
X-Dc
Server-Host
CPC-Age
VNS-Age
Server-Hostname
We-Hiring
VNS-Cache
TDXMobile
Thinkindot-CacheControl
Sever-Int
Thinkindot-CacheControl-Type
Vix-Hermes-Req-Id
Thinkindot-Control
Webserver
AMP-Access-Control-Allow-Source-Origin
X-Ratelimit-Remaining
X-Fetched-On
X-Via-NSCOPI
AKAMAI
Wxu-Next-Region
Wxu-Next-Hostname
X-Vdms-Path
X-Goog-Meta-Goog-Reserved-File-Mtime
Wxu-Next-Commit
Arc-Country
V-Age
X-Sucuri-ID
X-Skip-Cache
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Svr
Memcached
X-RateLimit-Limit-Second
X-Owner
X-RateLimit-Remaining-Second
Kp-EeAlive
X-Qloud-Router
X-Worker
X-Mvc-Supplant-OutputCached
X-Ckpd-Fst-Backend
X-HS-Content-Campaign-Id
DataCenter
Who
X-Tx-Id
X-M-Reqid
X-User
X-Servedbyhost
X-Via-Popn
X-M-Log
Cache-Hits
X-Via-Popv
X-Via-Poph
MIME-Version
X-Auto-Login
X-Zone
X-NCache
X-Srv
X-V-Cache
X-NC
X-Qnm-Cache
X-PF-Uncompressing
X-Ua-Browser
X-Content
X-Platform-Processor
X-Traceid
X-Platform-Router
X-Minions-Version
X-Rocket-Nginx-Serving-Static
X-Varnish-Url
X-Platform-Cluster
X-Render-Time
X-LSADC-Cache
XServer
X-Vc
X-SD-PageType
X-Wa
X-LB-ID
X-Webkit-CSP-Report-Only
X-ID
X-Cache-Remote
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
Server-ID
X-Refresh
X-Datadog-Trace-Id
My-App
Powered-By-ChinaCache
Environment
X-App
WebServer
X-Varnish-Ttl
X-PJAX-URL
X-Internal-Host
X-Nyt-Route
X-NodeID
X-BBC-Origin-Response-Status
X-Cache-Var-Map
X-Origin-Time
X-Pass-Why
X-ZONE
X-Newrelic-Synthetics
Time
X-API-Version
Memory
X-VCL-Version
X-Gdpr
X-Cache-Var
X-Webkit-Csp
X-TIME
X-Cache-Config
X-Server-IP
X-Via-Ucdn
Cluster
X-CACHE-KEY
X-Pod-Name
Candidate-Md5Url
X-TX-ID
Datacenter
X-NewRelic-App-Data
X-OVcl
X-OVcl-Cache
X-LI-Proto
HostName
Hostname
Cf-Bgj
X-CLOUD-TRACE-CONTEXT
X-Backend-TTL
Web-Mar-Region
X-ElasticPress-Query
Geoip-Latitude
Geo-Info
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
X-Edge-Pop
GeoIp-Country-Code
N-Cache
Magicmarker
Resin-Trace
X-AB
X-VHOST
Onion-Location
X-Origin-Response-Time
Tcn
Ohc-File-Size
Servername
GeoIP-Country-Code
X-CACHE-AGE
X-Akamai-Pragma-Client-IP
X-Method
X-Dynatrace
X-Dispatcher-Server
X-HITS
DB-Nickname
X-MSEdge-Features
X-EIG-Tracking-Id
X-MSEdge-Flight
WWW-Authenticate
X-Varnish-Cacheable
X-Geo
GeoIP-Latitude
X-Esi
Ssr
Proxy-Connection
X-IP
X-Varnish-Beresp-TTL
X-Li-Proto
X-NODE
Cdn
X-Correlation-ID
LB
X-Wix-Viewer-Type
X-MG-S
X-Fpc
X-HostName
CF-Cached-On
X-Dynatrace-Js-Agent
X-Tid
CDN
X-TIM-N
Redirect-Candidate
X-Node-Id
X-DynaTrace-JS-Agent
Cf-Ipcountry
X-Up
Tracecode
X-Request-Start
X-Vcl-Version
X-Trv-Group
Lb
X-ND-Cache
X-HS-Status
X-Cs
X-Tt-Logid
Server-Id
X-Pjax-Url
X-Fastly-Backend-Reqs
X-Reqid
Sid
X-Cache-Date
Is-Us
WZWS-RAY
Pramga
Env
X-APP
X-Via-CDN
X-Nc
X-Amz-Meta-Cb-Modifiedtime
X-Sn-Servicetimems
X-Cdn-Origin
X-ServerName
X-NGINX-Cache
Cteonnt-Length
X-WA
X-Webkit-Csp-Report-Only
X-FORWARDED-FOR
X-VC
X-Check-Cacheable
URI
W
X-Lb-Id
X-Core-Mission
X-Provided-By
X-UnsetCookies
X-CSRF-TOKEN
Ohc-Cache-HIT
X-IN-APIGATEWAY
X-Via-PopH
Rt-Fastcgi-Cache
CloudFront-Viewer-Country
X-Cache-Expires
X-Cache-Backend
X-Via-PopN
X-SERVER-NAME
Viewtype
X-Fastly-Request-Id
X-IN-APIGATEWAYSSL
X-Via-PopV
VivaBuild
Server-Ttl
Mime-Version
X-ServedByHost
X-Pf-Uncompressing
CountryCode
X-SN
Shield-Pop
X-Contensis-Viewer-Groups
X-Acquia-Application-UUID
X-Acquia-Site
Machine
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Varnish-Authentication
X-Fastly-Cache-Hits
X-Cache-Status-Check
X-Cache-ASPX
X-Hcs-Proxy-Type
X-Region-Sid
X-Sucuri-Cache
X-LiteSpeed-Cache-Control
X-CCDN-Origin-Time
WP-Super-Cache
X-RAMCache
CACHE
X-Pad
X-Edge-POP
X-CCDN-CacheTTL
Xet-Cookie
X-Moov-Xdn-Version
Xc-Version
X-StackifyID
EpKe-Alive
X-CUA
X-Cdn-Request-ID
X-CF-Powered-By
X-Moov-T
Vha6-Origin
X-SB
X-Action
X-DB
X-Webstats-RespID
Ohc-Response-Time
X-Dw-Trace-Id
X-FTR-Request-ID
X-Yottaa-OS
X-DI
X-Swift-Error
X-DSS
X-DW
X-RPS
X-RSL
X-RPM
X-Cdn-Forward
User-Agent
X-Ig-Push-State
X-FTR-Realm
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-MiniProfiler-Ids
X-FTR-Expires
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-FTR-Backend-Server
X-TH-Server
X-FTR-Backend
FSS-Cache
X-ElasticPress-Search
X-Country-Code-Real
X-C
ServerName
Content-Script-Type
X-FTR-Cache-Status
Req-ID
X-FTR-Balancer
On-Server
Content-Style-Type
X-FTR-DC