Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-Request-ID
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-DNS-Prefetch-Control
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
X-FRAME-OPTIONS
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
Server-Timing
X-Robots-Tag
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
X-Amz-Request-Id
EagleId
X-Nginx-Cache-Status
X-Amz-Id-2
X-Dns-Prefetch-Control
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
X-Page-Speed
Grace
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
NEL
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-OneAgent-JS-Injection
X-Amz-Version-Id
Cf-Railgun
X-Dispatcher
X-Host
X-CST
X-Server-Id
X-Cache-Spec
Allow
X-Node
Surrogate-Control
Request-Id
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Webkit-CSP
X-Readtime
X-WebKit-CSP
X-Response-Time
X-Akam-SW-Version
Accept-CH
Xkey
Accept-Ch-Lifetime
X-HW
X-Country
X-Ruxit-JS-Agent
X-Language
X-Application-Context
X-Ac
Content-Location
X-Template
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Cache-Lookup
X-Url
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
Accept-Ch
X-Content-Type
X-GitHub-Request-Id
Fastly-Restarts
X-Rack-Cache
X-Cnection
X-Origin-Cache
X-ASPNET-VERSION
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Country-Code
X-VARITI-CCR
X-D2id
Verso
X-Goog-Hash
X-FastCGI-Cache
Arr-Disable-Session-Affinity
X-Cached
Accept-CH-Lifetime
X-Server-Name
X-Vcap-Request-Id
X-Buckets
Cache-Tag
X-ORACLE-DMS-ECID
X-Abt-Application-Version
X-Amz-Rid
X-Navigation-Version
X-Client-IP
Service-Worker-Allowed
X-Powered-By-Plesk
X-Fastly-Request-ID
X-Server-ID
RTSS
Access-Control-Request-Method
X-Powered-CMS
X-Element-Page-Cache
X-MSEdge-Ref
X-Middleton-Display
Pagespeed
X-Sol
Display
Response
X-Middleton-Response
Public-Key-Pins
X-Upstream
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Cache-TTL
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Px
X-Ttl
X-Version
X-Edge
S
X-Kinsta-Cache
X-Edge-Location-Klb
X-TTL
X-LLID
X-B3-TraceId-Primal
MRF-Tech
Realpath
Mrf-Cache-Status
X-ECACHE
X-Accel-Expires
SPIisLatency
SPRequestDuration
SPRequestGuid
X-SharePointHealthScore
X-Jurisdiction
X-HP-Webp
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-T
X-Mid
X-MCACHE
X-PressLabs-Stats
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-Forwarded-Proto
X-DynaTrace
X-Cache-Key
X-Pinterest-Rid
X-Correlation-Id
Pinterest-Version
Pinterest-Generated-By
Edge-Cache-Tag
Fastcgi-Cache
X-ORACLE-DMS-RID
X-Amz-Server-Side-Encryption
Charset
X-Recruiting
X-XRDS-Location
TP-Cache
TP-L2-Cache
X-Content-Digest
Nginx-Cache
X-Id
Filters
TCN
X-Request-Processing-Time
X-Request-Received
Front-End-Https
X-Ezoic-Cdn
X-Mg-S
X-Oneagent-Js-Injection
Server-Node
X-Logged-In
Alternate-Protocol
X-Forwarded-For
X-Release
Cache-Tags
Content-MD5
X-Ruxit-Js-Agent
X-Geo-Country
X-Origin-Upstream-Status
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Source
X-Hostname
X-Litespeed-Cache
X-Amzn-Trace-Id
X-Protected-By
X-Grace
X-Origin-Server
X-RateLimit-Remaining
X-Www-Served-By
Server-Name
Cleartype
X-Amz-Replication-Status
X-F-Cache
X-Rid
Host
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Contextid
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Metageneration
X-Az
X-AppVersion
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Activity-Id
X-HS-Combine-CSS
X-LB-Cache
X-Debug-Info
Section-Io-Cache
X-Frontend
X-NWS-LOG-UUID
MicrosoftSharePointTeamServices
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Git-Hash
X-Page-Id
X-Ser
X-Cache-Age
X-WebKit-CSP-Report-Only
X-Respond-Thread
X-VCache
X-Aspnetmvc-Version
X-Content-Options
X-Daa-Tunnel
X-Upgrade-Enabled
Accept-Charset
X-Hits
Access-Control-Allow-Method
X-Mobile-URL
X-Source
X-DIS-Request-ID
X-Varnish-Age
X-Varnish-Grace
X-Signature
Healthy
X-Varnish-Backend
X-B-Cache
Paypal-Debug-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Aspnet-Duration-Ms
Viewport
X-Is-Crawler
X-Flags
X-Whom
X-Cache-Action
ServerID
X-Request-Guid
X-Providence-Cookie
X-B3-Sampled
X-Route-Name
Payment
X-TT
X-FB-Debug
X-CACHE-GROUP
Node
X-AOL-HN
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-App-Environment
X-Fastcgi-Cache
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-Request-ID
AR-ATIME
X-N
Version
DynaTrace
X-Mobile
Fastcgi-Useragent
X-Seen-By
X-Load-Cache
X-Type
DC
X-Yandex-Sdch-Disable
X-HTML-Minification-Powered-By
MS-CV
X-Request-Handler-Origin-Region
X-Microsite
X-XRDS-LOCATION
SRV
X-Distributor
Retry-After
X-Cache-Expired-At
X-Tt-Trace-Host
X-Tt-Trace-Tag
Frame-Options
X-Cache-Control
X-Ab
X-User-Agent
Filterid
X-Response-Served-From
X-Original-Request-Id
X-IPLB-Instance
X-Jobs
Refresh
X-Real-IP
X-IPS-LoggedIn
X-ProcessESI
X-Region
X-RemovedCookies
X-UUID
X-Instance
X-Content-Powered-By
X-Device-Type
X-Cluster-Name
X-Tumblr-Pixel-1
Uber-Trace-Id
Access-Control-Request-Headers
X-Debug-IsConnected
X-Debug-IsPreview
X-Cacheable-TTL
X-Adobe-Loc
X-Adobe-Content
X-Proxy-Cache-Status
X-Tumblr-User
X-Varnish-Server
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cache-Time
X-B
VIX-Pulpo-Upstream-Status
X-Proxy
VIX-Pulpo-Node
X-Page-View
X-G
X-Framework
X-RTag
Ms-Operation-Id
NGB
X-RateLimit-Limit
X-App-Version
X-Vgn-Hpd-Reason
X-Debug
X-Zen-Fury
X-Time
X-FW-Hash
Countrycode
X-FireWall-Port
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Server
X-FW-Dynamic
X-Accel-Buffering
X-NGENIX-Cache
Cache-Status
Section-Origin-Responded
X-CDN-Forward
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Mg-Request-UUID
Cache
X-Azure-Ref
X-Wix-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Nginx-Cache
X-Cache-Rule
X-Node-Name
X-Oracle-Dms-Rid
X-Ms-Request-Id
X-Rendered-As
X-Drupal-Cache-Tags
X-Is-Bot
X-Ms-Version
Liferay-Portal
Surrogate-Key
Country
Referer-Policy
SD-X-WS
S-Cnection
X-EdgeConnect-Cache-Status
X-Cache-Hit
X-App-Server
X-L-Path
X-Environment-Context
Eomportal-Instance
X-Cache-Operation
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Proxy-Build
X-RN-RSRV
Selected-Fe
Meta-Geo
X-Drupal-Cache-Contexts
X-Timing-Wait
X-ES-SERVER
X-SaId
X-UPSTREAM-Address
X-JoinUs
X-Varnishpool
From-Origin
CF-IPCountry
X-Revision
X-No-Session
X-Cache-TTL-Remaining
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Varnish-Hostname
X-Varnish-Beresp-Grace
X-Storefront-Renderer-Rendered
X-ShardId
X-Via-Fastly
X-Xfnlog-Site
X-GG-Cache-Date
X-Loop
X-S-Maxage
X-Request-Time
X-ShopId
X-TNCMS
X-PHP-Backend
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Endurance-Cache-Level
Protected
X-Handled-By
X-Cache-Server
X-Backend-Host
X-Adobe-Source
X-VWS-Id
X-AWS-Id
X-R9-Blue-Green-Version
Cache-Name
X-BYPASS-REASON
X-Aws-Lambda-Call-Status
X-LJ-Flow-ID
X-LAGOON
X-Pubstack
X-Human
X-ProxyCache-Key
X-ProxyCache-Status
X-Be
TWC-GeoIP-LatLong
X-PCL
Webcakes-Region
X-NYM-Debug-Backend
X-Origin-Date
TWC-Locale-Group
X-OCL
TWC-Connection-Speed
Webcakes-App-Name
ServedBy
Webcakes-App-Version
TWC-Privacy
Apigw-Requestid
X-RCS-CacheZone
X-SayCDN-TTL
X-Hl-Ver
TWC-Device-Class
X-UA-Device-Type
X-Proto
Property-Id
X-Say-TTL
X-Tumblr-Pixel-2
TWC-GeoIP-Country
X-Say-Cacheable
Cache-Tv-Group
Fastly-SSL
X-Origin-Hint
X-Server-W
Mn-Server-Ip
Decoy-Debug-TTL
X-Backend-Name
X-Sql-Duration-Ms
X-Labrador-Cache-Channel
X-Sql-Count
X-PHP-Host
X-PERF
Decoy-Debug-Status
X-Format
X-Cache-Type
X-FB-TRIP-ID
X-Section
X-ApacheServer
X-Akamai-Edgescape
X-Access
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
X-TA-CDN-Provider
Decoy-Debug-Key
Country-Code
X-Status
X-Uri
X-Hosted-By
Xserver
Akamai-GRN
X-Redis-Cache
X-Web-Node
X-Hyper-Cache
X-B3-SpanId
X-Cache-PHP
X-Parallel-Accel
X-TT-LOGID
X-Ua-Device
X-Rule
X-ServerID
X-Time-Microsecs
X-ATG-Version
X-FW-Version
X-Trace-Id
GEO-INFO
X-WA-Info
Count-Hit
X-HP-Trace-Id
X-CSRF-Token
X-MP-GENERATED-AT
X-Content-Age
X-Cached-By
OT-Force-Account-Verify
X-Tumblr-Pixel-3
X-Akamai-Transformed
X-Cluster-Node
X-Soup
Backend
X-Detected-As
X-Azure-Ref-OriginShield
X-Servername
X-Cache-Enabled
X-CS
X-Varnish-Cache-Hits
AMP-Access-Control-Allow-Source-Origin
Cross-Origin-Opener-Policy
X-Edge-Location
X-Cache-Host
X-Mode
X-Generation-Time
X-Datadome
Web-Mar-Node
X-Bc-Bl
X-Varnish-Beresp-Status
X-Varnish-Hits
X-Info
X-Cache-Ttl
X-Microcachable
X-Unique-ID
X-Dc
X-Cache-NGX
X-Varnish-Beresp-Ttl
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Debug-Cache
X-Storage
X-Platform
X-Routing-Service
X-Proxied
X-Zipkin-Id
X-TEC-API-VERSION
X-APP-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
SID
Ec-Rule-Version
X-Extlb
X-DataDome
X-Magnolia-Registration
X-Srv
X-Origin-TTL
X-B3-Traceid
X-Origin-CC
Url
S-Rt
Cross-Origin-Window-Policy
X-NWS-UUID-VERIFY
X-Cache-Bucket
X-CF-Lambda-Fn
M-TraceId
X-Cache-NE
X-BCube-Filmed-By
X-ARC
X-Ua
Fastcgi-X-Cache-Version
Source
X-B-Cookie
X-Bip
A
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
CDN-Cache
CDCHOST
Req-Svc-Chain
Cache-Host
Rendered-Blocks
CDN-RequestCountryCode
CDN-RequestId
Mobile-Detection-Method
Meta-Geo-Continent
Expiry
DCR-Processing-Time-Ms
DCR-Decision-By
CDN-Uid
Path
Odigeo-Trace-Id
State
BehaviorPad-Version
X-A-Dcw
X-Cache-Grace
X-A-Dam
X-A-Dgt
X-A-Wwc
MD5-Digest
X-Aicache-OS
X-Aed
X-A-Ccd
X-A
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Surrogated-Key
Apple-News-Services-Host
Apple-News-Services-Handled
T-Server
X-Air-Trace-Id
X-Application
Upgrade-Insecure-Requests
X-Request-URI
X-Rewrite-Enabled
X-Rojux
X-S
X-Ratelimit-Reset
X-Processor
Host-ID
X-NAPM-TraceId
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-S-Cookie
X-Air-Source
X-VG-WebCache
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Vdms-Version
X-Vdms-Path
X-Service
X-Session-Fingerprint
X-SRCache-Key
X-Thanos
X-Locale
X-ScT
X-Destination
X-From
X-External-Request-Id
X-Epic-Correlation-Id
X-Developer
X-Air-Hostname
X-D
X-Connection-Hash
X-CF-Lambda-Version
Who
Server-Info
DataCenter
X-Clientip
Pics-Label
PFcat
Fastly-SIE
X-Core-Value
X-Forwarded-Path
Fastly-SWR
X-Orig-Expires
X-Shop-Environment
X-Rebelmouse-Surrogate-Control
X-Tenant
L
Kp-EeAlive
Memcached
X-Rebelmouse-Cache-Control
X-NU-AKA-ACS-Version
NGX
X-VG-TLSProxy
X-Platform-Server
Origin
X-Var-Ttl
X-Request-UUID
X-Generated-On
X-Gamma-Serve
X-Rocket-Build-Number
X-Scheme
X-Backend-State
X-Geo-Header
X-Location
X-HN
X-Hash
X-GoCache-CacheStatus
X-Branch-Name
X-Served-From
X-SVT-ORM-VERSION
X-TrackingId
X-Level-Front-Cache
X-VarnishDD-TTL
X-SVT-ORM-RULES
X-Sigma-Backend
X-Envoy-Decorator-Operation
UCS
X-Device-Os
X-Sigma
X-Cache-Debug
X-Cms-Context
Content-Secure-Policy
DSUID
Esi-Enabled
Content-Disposition
Cmstype
X-Forwarded-Host
X-Via-JSL
C-Via
Fastly-Backend-Name
Cmsid
Fastly-Drupal-HTML
User-Cache-Control
X-SRV
X-Men
X-Nginx-Cache-Key
X-CGP
X-Clara-WADP
X-Amz-Meta-S3cmd-Attrs
X-Thinkindot-L3
X-Csrf-Jwt
X-User
X-Cluster
X-Cache-Info
X-VServer
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
PB-PID
X-Micro-Cache
Is-Eu
X-WADP-Cache
Adler-Geo
Arc-Version
X-Developers
X-Skip-Cache
X-Generated-In
X-Generated-By
X-Owner
X-Forwarded-Site
X-Varnish-Ttl
X-Li-Pop
X-Policy
X-Proxy-Upstream
X-GeoIP-City
X-GeoIP
X-Fmm-Version
X-Fetched-On
X-VHOST
X-Eu-Site
X-Request-Host
X-Site-Version
PB-RID
X-Origin
X-Fastly-Cache
X-LI-UUID
X-Fastly-Backend
X-Li-Fabric
X-AIR-PT
Pagetype
Fastcgi-Cache-TTL
X-Variation
Server-Ext
X-Has-Esi
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
Server-Host
Sever-Int
X-Origin-Expires
Server-Hostname
Arc-Country
AKAMAI
Svr
NM-Fastcgi-Cache
X-Is-Gdpr
HA-Ipaddr
Release
L5d-Success-Class
Ha-Gx-Prefs
X-Cache-Tags
Vix-Hermes-Req-Id
Gh-Request-Id
X-VC-Cache
True-Client-Country-4JS
X-JWT-State
X-DPWN-IS-SECURE
Platform
CacheControlHeader
X-Loc
Location
Thinkindot-Control
X-Tb
X-FC-Vary-Parameters
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Hnp-Log
X-Irp-Debug
X-PF-Uncompressing
X-Old-Content-Length
X-Varnish-CookieINHashed-On
X-Qloud-Router
X-SIPLIST1
X-Gen-Mode
X-Esi-Check
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gzip
X-Req
X-Sucuri-ID
Cache-Key
Cf-Device-Type
IsBot
X-Mvc-Supplant-Cachable
X-Block-Status
V-Age
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Accel-Expires-Debug
X-DefHash
X-Cache-Id
X-GEO
Locid
X-Date
X-Ftr-Request-Id
X-DefElseHash
X-Slack-Backend
Nel
Webserver
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Conf
X-Planisys-CDN-Rules
X-RateLimit-Limit-Second
X-Via-NSCOPI
X-EC-Lua
X-Varnish-Url
NtCoent-Length
X-Viewer-Country
X-RateLimit-Remaining-Second
We-Hiring
X-Minions-Version
Mail-Subject
Cache-Hits
X-Mvc-Supplant-OutputCached
X-Via-Popv
X-Vc
X-Via-Poph
X-Via-Popn
X-BBC-Edge-Cache-Status
X-DC
VNS-Age
MIME-Version
CPC-Cache
CPC-Age
VNS-Cache
X-Zone
X-Ckpd-Fst-Backend
My-App
X-Servedbyhost
X-HS-Content-Campaign-Id
Powered-By-ChinaCache
X-Ratelimit-Limit
X-Unique-Id
X-Internal-Host
X-Worker
X-Webkit-CSP-Report-Only
XServer
X-Pass-Why
Memory
X-V-Cache
Time
X-TX-ID
X-Refresh
X-LB-ID
X-Auto-Login
X-CACHE-KEY
X-Tx-Id
X-ID
X-Traceid
Server-ID
X-PJAX-URL
X-NC
X-NCache
X-Rocket-Nginx-Serving-Static
WebServer
X-OVcl
X-ZONE
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-OVcl-Cache
X-Render-Time
X-Newrelic-Synthetics
X-Ratelimit-Remaining
X-LSADC-Cache
X-Wa
X-NewRelic-App-Data
X-SD-PageType
X-Qnm-Cache
Cf-Bgj
X-M-Reqid
X-M-Log
X-App
Geo-Info
X-Webkit-Csp
X-TIME
X-Backend-TTL
HostName
X-Cache-Remote
X-Datadog-Trace-Id
Environment
Magicmarker
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-TraceId
X-API-Version
X-Nyt-Route
X-Gdpr
X-VCL-Version
X-BBC-Origin-Response-Status
Hostname
DB-Nickname
X-NodeID
X-Origin-Time
X-Server-IP
Resin-Trace
Cluster
X-Dispatcher-Server
X-Cache-Config
X-Via-Ucdn
X-Geo
GeoIp-Country-Code
X-CLOUD-TRACE-CONTEXT
X-Method
Geoip-Latitude
X-Cache-Var
X-Cache-Var-Map
X-Tb-Optimization-Total-Bytes-Saved
X-Edge-Pop
Candidate-Md5Url
X-Pod-Name
X-LI-Proto
X-Correlation-ID
Ssr
X-AB
X-IP
X-Akamai-Pragma-Client-IP
Tcn
Ohc-File-Size
Datacenter
X-CACHE-AGE
X-Dynatrace
X-HITS
N-Cache
X-Origin-Response-Time
X-MSEdge-Flight
X-MSEdge-Features
X-Content
X-Ua-Browser
Web-Mar-Region
X-Li-Proto
LB
X-Nc
X-ElasticPress-Query
Cf-Ipcountry
X-Node-Id
X-NODE
Cdn
GeoIP-Country-Code
GeoIP-Latitude
X-Trv-Group
X-Varnish-Beresp-TTL
X-DynaTrace-JS-Agent
X-Via-CDN
Proxy-Connection
X-Vcl-Version
X-MG-S
Servername
X-ND-Cache
X-Wix-Viewer-Type
Onion-Location
CF-Cached-On
X-HostName
WWW-Authenticate
X-APP
X-EIG-Tracking-Id
Env
X-Varnish-Cacheable
X-ServerName
X-Reqid
X-HS-Status
WZWS-RAY
X-Cs
Server-Id
X-WA
X-Dynatrace-Js-Agent
X-Fpc
CDN
Sid
Lb
X-NGINX-Cache
VivaBuild
Viewtype
Rt-Fastcgi-Cache
X-TIM-N
X-Tid
Cteonnt-Length
X-Request-Start
X-Pjax-Url
X-Fastly-Backend-Reqs
Redirect-Candidate
URI
X-Up
X-Check-Cacheable
X-URL
Tracecode
Machine
X-Lb-Id
X-Xrds-Location
X-CSRF-TOKEN
Ohc-Cache-HIT
X-Esi
X-IN-APIGATEWAY
X-Via-PopV
X-Via-PopN
X-Cache-Date
Pramga
X-Via-PopH
X-Cache-Backend
X-VC
Is-Us
X-Fastly-Request-Id
X-FTR-Request-ID
X-IN-APIGATEWAYSSL
X-Cdn-Forward
Mime-Version
Shield-Pop
CountryCode
X-ServedByHost
X-Sn-Servicetimems
X-Amz-Meta-Cb-Modifiedtime
FSS-Cache
X-SN
Server-Ttl
X-Cdn-Origin
X-Fastly-Cache-Hits
On-Server
X-FORWARDED-FOR
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-UnsetCookies
X-Cache-ASPX
X-Provided-By
X-Air-Pt
X-RAMCache
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Site
W
CloudFront-Viewer-Country
X-Acquia-Application-Trace
X-LiteSpeed-Cache-Control
X-Core-Mission
CACHE
X-Swa-Ws
X-RPM
X-DSS
X-DI
X-DW
Xc-Version
Xet-Cookie
X-DB
Content-Script-Type
X-StackifyID
X-RSL
Content-Style-Type
X-RPS
X-Pad
X-Cdn-Request-ID
X-Yottaa-OS
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
WP-Super-Cache
X-Cache-Expires
X-Swift-Error
X-Pf-Uncompressing
X-SB
X-Webstats-RespID
Req-ID
X-FTR-Balancer
X-FTR-Backend-Server
Ohc-Response-Time
X-Oss-Hash-Crc64ecma
Vha6-Origin
X-ElasticPress-Search
Warning
X-Oss-Object-Type
X-Oss-Request-Id
X-Dw-Trace-Id
X-FTR-Backend
X-Country-Code-Real
X-Oss-Storage-Class
X-Oss-Server-Time
X-Action
X-TH-Server
X-C
X-Snapshot-Date
X-FTR-Expires
X-MiniProfiler-Ids
X-Tt-Logid
ServerName