Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
X-Ws-Request-Id
X-Robots-Tag
Server-Timing
Request-Context
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
X-Amz-Request-Id
Host-Header
EagleId
X-Amz-Id-2
X-Nginx-Cache-Status
Report-To
X-Rq
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
Grace
X-UA-Device
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
X-Device
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-Vhost
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
NEL
Cf-Railgun
X-Dispatcher
X-Host
X-Server-Id
X-Cache-Spec
X-CST
X-Node
Allow
X-Backend-Server
Request-Id
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-WebKit-CSP
X-Readtime
Accept-CH
X-Akam-SW-Version
X-Response-Time
X-Webkit-CSP
Xkey
X-Ruxit-JS-Agent
X-HW
X-Language
X-Country
Accept-Ch-Lifetime
X-Application-Context
X-Ac
X-Template
Content-Location
X-Cache-Lookup
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Url
X-B3-TraceId
Edge-Control
X-Mod-Pagespeed
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
X-Varnish-TTL
X-ESI
X-Trace
X-MS-InvokeApp
X-Content-Type
Fastly-Restarts
Accept-CH-Lifetime
X-Rack-Cache
X-GitHub-Request-Id
X-Origin-Cache
X-Cnection
Accept-Ch
X-FastCGI-Cache
X-Country-Code
X-Buckets
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Exp-Variant
X-Goog-Hash
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-D2id
Verso
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-Vcap-Request-Id
X-ORACLE-DMS-ECID
X-Cached
Cache-Tag
X-Abt-Application-Version
X-Server-Name
X-Amz-Rid
Service-Worker-Allowed
X-Client-IP
X-Server-ID
X-Navigation-Version
X-Powered-By-Plesk
RTSS
X-Px
Access-Control-Request-Method
X-Fastly-Request-ID
Public-Key-Pins
X-Powered-CMS
X-Element-Page-Cache
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Upstream
X-Dw-Request-Base-Id
X-Version
X-NF-Request-ID
X-Sol
X-Middleton-Display
Response
Pagespeed
Display
X-Middleton-Response
X-Cache-TTL
X-Ttl
S
X-Edge
X-TTL
X-Kinsta-Cache
X-Edge-Location-Klb
X-LLID
Realpath
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Accel-Expires
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Cache-Key
X-SharePointHealthScore
SPRequestGuid
X-Jurisdiction
X-HP-Webp
SPIisLatency
SPRequestDuration
X-ECACHE
X-Shield-Request-Id
X-Mid
X-MCACHE
X-T
X-PressLabs-Stats
X-Pinterest-Rid
X-Content-Security-Policy-Report-Only
Pinterest-Generated-By
X-Litespeed-Cache
Pinterest-Version
X-DynaTrace
X-Correlation-Id
Edge-Cache-Tag
X-ORACLE-DMS-RID
X-Forwarded-Proto
Fastcgi-Cache
X-XRDS-Location
X-Amz-Server-Side-Encryption
X-Mg-S
X-Content-Digest
TP-L2-Cache
TP-Cache
X-Recruiting
Nginx-Cache
Charset
Filters
X-Id
Front-End-Https
TCN
Alternate-Protocol
X-Request-Processing-Time
X-Request-Received
Server-Node
X-Forwarded-For
X-Logged-In
X-Ezoic-Cdn
X-Geo-Country
Cache-Tags
Content-MD5
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
X-ASPNET-VERSION
X-Protected-By
X-Hostname
X-Origin-Upstream-Status
X-Amzn-Trace-Id
X-Release
X-Grace
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Origin-Server
X-Www-Served-By
X-F-Cache
Cleartype
X-Oneagent-Js-Injection
X-Amz-Replication-Status
X-Rid
X-NWS-LOG-UUID
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
Host
X-LB-Cache
X-HS-Combine-CSS
X-AppVersion
X-Contextid
X-Debug-Info
X-RateLimit-Remaining
X-Az
X-Activity-Id
Server-Name
Section-Io-Cache
X-Frontend
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Page-Id
X-Git-Hash
X-Daa-Tunnel
X-Ser
MicrosoftSharePointTeamServices
X-VCache
X-Aspnetmvc-Version
X-Respond-Thread
X-Cache-Age
X-Content-Options
X-WebKit-CSP-Report-Only
X-Ruxit-Js-Agent
Accept-Charset
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Hits
X-Source
X-Mobile-URL
X-DIS-Request-ID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Ab
X-B-Cache
X-Aspnet-Duration-Ms
X-Flags
X-Route-Name
X-Is-Crawler
X-Request-Guid
ServerID
X-Signature
X-Providence-Cookie
X-CACHE-GROUP
X-Varnish-Backend
X-Whom
X-Cache-Action
X-Varnish-Age
X-Varnish-Grace
Healthy
Payment
X-FB-Debug
Viewport
X-App-Environment
X-TT
Paypal-Debug-Id
Node
X-B3-Sampled
X-AOL-HN
Fastcgi-Useragent
DynaTrace
Version
X-Seen-By
X-Yandex-Sdch-Disable
X-Mobile
X-Load-Cache
X-N
DC
X-XRDS-LOCATION
X-Type
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-HTML-Minification-Powered-By
Filterid
X-Tec-Api-Root
X-Distributor
SRV
X-Tec-Api-Version
X-Tec-Api-Origin
Frame-Options
Retry-After
X-Cache-Control
X-Fastcgi-Cache
X-User-Agent
MS-CV
X-Cache-Expired-At
X-Jobs
X-Ua-Device
AR-CACHE
AR-PoweredBy
AR-ATIME
X-IPLB-Instance
X-Response-Served-From
AR-Request-ID
X-Original-Request-Id
Ar-Sid
Refresh
Amp-Access-Control-Allow-Source-Origin
X-Page-View
X-Real-IP
X-Proxy-Cache-Status
X-UUID
NGB
X-Adobe-Loc
X-Cluster-Name
X-Adobe-Content
Access-Control-Request-Headers
X-Varnish-Server
X-Instance
X-Region
X-Device-Type
X-RemovedCookies
X-ProcessESI
VIX-Pulpo-Upstream-Status
X-Framework
X-G
X-Tumblr-Pixel
X-Tumblr-Pixel-1
VIX-Pulpo-Node
X-Tumblr-Pixel-0
X-Debug-IsPreview
X-Cache-Time
X-Cacheable-TTL
X-Proxy
X-Content-Powered-By
X-B
X-Tumblr-User
X-Debug-IsConnected
X-IPS-LoggedIn
Ms-Operation-Id
X-FW-Type
X-FW-Static
X-FW-Server
Uber-Trace-Id
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-RTag
X-Microsite
X-Vgn-Hpd-Reason
X-Request-Handler-Origin-Region
X-NGENIX-Cache
X-CDN-Forward
X-Zen-Fury
X-Azure-Ref
Countrycode
X-Node-Name
X-Wix-Request-Id
Cache-Status
X-Cache-Rule
X-Time
X-Mg-Request-UUID
Section-Io-Id
X-Cache-Hit
X-Rendered-As
X-Debug
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Oracle-Dms-Rid
X-Is-Bot
Section-Origin-Responded
X-Accel-Buffering
X-Ms-Request-Id
SD-X-WS
X-Ms-Version
Referer-Policy
X-Nginx-Cache
X-RateLimit-Limit
Liferay-Portal
X-Drupal-Cache-Tags
X-Aws-Lambda-Call-Status
X-App-Version
Cache
X-EdgeConnect-Cache-Status
S-Cnection
Country
X-App-Server
X-FireWall-Port
CF-IPCountry
X-Environment-Context
X-Revision
X-HP-Trace-Id
X-L-Path
Surrogate-Key
X-Yottaa-Optimizations
X-Parallel-Accel
X-Cache-Operation
X-Yottaa-Metrics
Eomportal-Instance
X-GG-Cache-Date
X-JoinUs
Meta-Geo
X-Loop
Selected-Fe
X-ES-SERVER
X-TNCMS
X-Timing-Wait
X-Proxy-Build
X-SaId
X-RN-RSRV
X-TA-CDN-Provider
X-UPSTREAM-Address
X-ShopId
X-Endurance-Cache-Level
From-Origin
X-ShardId
X-Shopify-Stage
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-Request-Time
X-Varnishpool
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Cache-Type
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Proto
X-PHP-Backend
X-Human
Count-Hit
X-ProxyCache-Key
Cache-Name
X-ProxyCache-Status
Country-Code
X-Origin-Date
X-Cache-TTL-Remaining
X-LAGOON
X-LJ-Flow-ID
X-No-Session
X-Adobe-Source
X-NYM-Debug-Backend
Azure-Version
Azure-SlotName
X-Backend-Host
Azure-InstanceId
X-Be
X-Varnish-Beresp-Grace
X-Varnish-Hostname
X-Xfnlog-Site
X-VWS-Id
X-AWS-Id
X-BYPASS-REASON
Azure-RegionName
Protected
X-S-Maxage
Azure-SiteName
X-Drupal-Cache-Contexts
X-Sql-Count
X-Sql-Duration-Ms
Cache-Tv-Group
X-Akamai-Edgescape
Decoy-Debug-TTL
TWC-Privacy
ServedBy
TWC-Locale-Group
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
Webcakes-App-Name
Property-Id
Apigw-Requestid
Decoy-Debug-Status
Fastly-SSL
Webcakes-Region
Webcakes-App-Version
Decoy-Debug-Key
X-Hosted-By
X-Pubstack
Akamai-GRN
X-PCL
X-Origin-Hint
X-RCS-CacheZone
X-Server-W
GEO-INFO
X-UA-Device-Type
X-Status
X-OCL
X-PHP-Host
X-FB-TRIP-ID
X-Cache-Server
X-Labrador-Cache-Channel
TWC-GeoIP-LatLong
X-Handled-By
X-Tumblr-Pixel-2
X-Backend-Name
X-Via-Fastly
X-Uri
X-Redis-Cache
X-Hl-Ver
X-Hyper-Cache
X-Access
X-R9-Blue-Green-Version
X-Section
X-Format
X-Web-Node
Mn-Server-Ip
X-FW-Version
X-PERF
X-ApacheServer
Nel
X-Cluster-Node
X-Time-Microsecs
X-ServerID
X-Cache-PHP
Xserver
X-ATG-Version
X-B3-SpanId
X-Servername
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-APP-VERSION
OT-Force-Account-Verify
X-Tumblr-Pixel-3
X-Content-Age
X-CSRF-Token
X-Trace-Id
X-WA-Info
Backend
X-Azure-Ref-OriginShield
X-Detected-As
Cross-Origin-Opener-Policy
X-TT-LOGID
X-MP-GENERATED-AT
Web-Mar-Node
X-Varnish-Cache-Hits
X-Cache-Host
X-Generation-Time
X-Rule
X-Datadome
X-Cache-Ttl
X-Cache-Enabled
X-Cached-By
X-Soup
X-Varnish-Hits
Cross-Origin-Window-Policy
X-Edge-Location
X-Bc-Bl
X-Akamai-Transformed
X-CS
X-Ua
Content-Secure-Policy
X-Info
X-Mode
Ec-Rule-Version
X-Amz-Apigw-Id
X-SRV
X-Amzn-RequestId
X-Via-JSL
X-Amzn-Remapped-Content-Length
X-Varnish-Beresp-Status
X-Microcachable
S-Rt
X-Cache-Grace
X-NWS-UUID-VERIFY
X-B3-Traceid
Url
X-Cache-NGX
Source
X-Magnolia-Registration
X-Air-Source
Upgrade-Insecure-Requests
X-Forwarded-Host
X-Air-Trace-Id
X-Debug-Cache
X-Origin-CC
X-Origin-TTL
X-GEO
X-Storage
X-Locale
SID
X-Dc
X-Air-Hostname
X-Platform
X-Ratelimit-Limit
X-Tb
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-Extlb
X-Varnish-Beresp-Ttl
X-NU-AKA-ACS-Version
X-Tenant
Mobile-Detection-Method
X-PAYTM-SRV-ID
X-Destination
X-Orig-Expires
Meta-Geo-Continent
X-Developer
Host-ID
DCR-Decision-By
CDCHOST
DCR-Processing-Time-Ms
BehaviorPad-Version
Apple-News-Services-Request-Url
Expiry
CDN-Cache
CDN-CachedAt
CDN-RequestId
CDN-Uid
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-PBS-Appsvrname
X-Forwarded-Path
X-External-Request-Id
X-Epic-Correlation-Id
X-NAPM-TraceId
M-TraceId
X-From
Fastly-SWR
Fastcgi-X-Cache-Version
Apple-News-Services-Handled
A
X-Site-Version
Fastly-SIE
MD5-Digest
Path
X-Vtex-Processado-Em
X-Unique-Id
X-Session-Fingerprint
X-BCube-Filmed-By
X-VG-WebServer
X-ScT
X-Cache-Bucket
T-Server
Surrogated-Key
X-Rojux
X-Vtex-Remote-Cache
X-S-Cookie
X-B-Cookie
X-VG-WebCache
X-A
X-A-Wwc
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Aed
X-Aicache-OS
X-Application
X-ARC
X-Vdms-Version
X-AIR-PT
X-Shop-Environment
X-Rewrite-Enabled
X-S
X-Rebelmouse-Surrogate-Control
X-Processor
X-Request-URI
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Clientip
Req-Svc-Chain
X-Rebelmouse-Cache-Control
Odigeo-Trace-Id
X-Cache-NE
Rendered-Blocks
X-SRCache-Key
X-A-Dgt
X-D
X-Connection-Hash
User-Cache-Control
Esi-Enabled
DSUID
Cmstype
X-Accel-Expires-Debug
Origin
X-Date
Cmsid
Platform
PB-PID
Content-Disposition
PB-RID
Fastly-Drupal-HTML
Is-Eu
X-Cache-Debug
X-Cache-Tags
X-Device-Os
X-Fastly-Backend
X-Cache-Info
X-DPWN-IS-SECURE
L
X-Fmm-Version
X-Clara-WADP
State
Fastly-Backend-Name
X-Backend-State
X-Bip
UCS
X-Forwarded-Site
X-Branch-Name
X-Cms-Context
X-Li-Fabric
X-Proxy-Upstream
X-Thanos
X-Ratelimit-Reset
X-Ftr-Request-Id
X-Conf
X-SVT-ORM-RULES
X-Origin-Expires
X-LI-UUID
X-Loc
X-Men
X-SVT-ORM-VERSION
X-Request-Host
X-TrackingId
X-Variation
X-VServer
X-DataDome
X-Sigma
X-Sigma-Backend
X-Service
X-WADP-Cache
X-Amz-Meta-S3cmd-Attrs
X-Request-UUID
X-Var-Ttl
X-Rocket-Build-Number
X-Li-Pop
X-Platform-Server
X-Has-Esi
X-Hash
X-Is-Gdpr
X-GoCache-CacheStatus
Arc-Version
Cache-Key
Cache-Host
C-Via
X-JWT-State
Adler-Geo
AMP-Access-Control-Allow-Source-Origin
Server-Info
X-Scheme
X-Served-From
X-Block-Status
X-Generated-By
X-GeoIP-City
X-FC-Vary-Parameters
X-Cache-Id
X-Eu-Site
X-Esi-Check
X-Gen-Mode
X-Wikidot-Backend
X-Location
X-Viewer-Country
X-Via-NSCOPI
X-VarnishDD-TTL
X-VC-Cache
X-Varnish-Remaining-TTL
X-GeoIP
X-Geo-Header
X-Vdms-Path
X-SIPLIST1
X-Varnish-CookieHashed-On
X-Generated-In
X-VG-TLSProxy
X-Level-Front-Cache
X-Varnish-CookieINHashed-On
X-Slack-Backend
X-Gamma-Serve
X-Irp-Debug
X-DefElseHash
X-Generated-On
X-Policy
X-Hnp-Log
X-DefHash
X-Envoy-Decorator-Operation
X-Developers
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Old-Content-Length
X-Origin
X-Csrf-Jwt
X-HN
X-Fastly-Cache
X-Fetched-On
X-Req
X-Wikidot-Static-Cache
X-CGP
X-Cluster
X-BBC-Edge-Cache-Status
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Core-Value
X-Micro-Cache
X-Thinkindot-L3
X-Gzip
Thinkindot-Control
CPC-Age
NM-Fastcgi-Cache
NGX
CPC-Cache
Pagetype
Cf-Device-Type
Release
CacheControlHeader
Pics-Label
PFcat
Fastcgi-Cache-TTL
Memcached
NtCoent-Length
L5d-Success-Class
Kp-EeAlive
IsBot
Location
Locid
Mail-Subject
Gh-Request-Id
Ha-Gx-Prefs
X-EC-Lua
HA-Ipaddr
Server-Ext
VNS-Age
Vix-Hermes-Req-Id
Server-Host
VNS-Cache
We-Hiring
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-DC
True-Client-Country-4JS
Sever-Int
Server-Hostname
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Skip-Cache
Arc-Country
X-Planisys-CDN-TTL
Webserver
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Unique-ID
X-Sucuri-ID
X-Owner
AKAMAI
Svr
V-Age
X-Ckpd-Fst-Backend
Who
DataCenter
X-Worker
X-Qloud-Router
X-Mvc-Supplant-OutputCached
X-User
X-HS-Content-Campaign-Id
X-NC
X-Auto-Login
Cache-Hits
X-V-Cache
X-Srv
X-Via-Poph
X-PF-Uncompressing
X-Ratelimit-Remaining
X-Via-Popv
X-Via-Popn
X-NCache
X-Varnish-Url
MIME-Version
X-Servedbyhost
X-Minions-Version
X-Tx-Id
X-M-Log
X-M-Reqid
X-Qnm-Cache
XServer
X-Render-Time
X-Rocket-Nginx-Serving-Static
X-Vc
X-LSADC-Cache
X-Zone
X-ZONE
X-ID
My-App
X-Platform-Processor
X-Traceid
X-Platform-Cluster
Powered-By-ChinaCache
X-SD-PageType
X-Refresh
X-LB-ID
X-Platform-Router
X-Varnish-Ttl
X-Cache-Remote
WebServer
X-Datadog-Trace-Id
Time
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Internal-Host
X-App
X-Wa
Memory
X-Newrelic-Synthetics
X-Ua-Browser
X-TX-ID
X-Content
X-Webkit-Csp
X-Pass-Why
X-NodeID
X-PJAX-URL
X-BBC-Origin-Response-Status
X-Origin-Time
X-Gdpr
X-Nyt-Route
Server-ID
X-API-Version
Environment
X-TIME
X-Cache-Var-Map
X-CACHE-KEY
X-Cache-Var
Cluster
X-VCL-Version
X-Cache-Config
X-Server-IP
X-Via-Ucdn
Candidate-Md5Url
X-NewRelic-App-Data
X-OVcl
X-OVcl-Cache
X-Pod-Name
Hostname
Datacenter
Cf-Bgj
Geoip-Latitude
HostName
X-CLOUD-TRACE-CONTEXT
GeoIp-Country-Code
X-TraceId
X-Webkit-CSP-Report-Only
X-Backend-TTL
Magicmarker
X-ElasticPress-Query
N-Cache
X-Edge-Pop
X-LI-Proto
X-Correlation-ID
X-Tb-Optimization-Total-Bytes-Saved
Geo-Info
Resin-Trace
X-VHOST
Web-Mar-Region
Ohc-File-Size
Tcn
X-Method
X-Dispatcher-Server
X-Dynatrace
X-HITS
X-Origin-Response-Time
X-CACHE-AGE
Onion-Location
X-Varnish-Beresp-TTL
DB-Nickname
X-Akamai-Pragma-Client-IP
X-Geo
X-Li-Proto
Servername
X-Varnish-Cacheable
GeoIP-Country-Code
GeoIP-Latitude
X-IP
X-NODE
X-MSEdge-Features
Ssr
X-EIG-Tracking-Id
WWW-Authenticate
X-MSEdge-Flight
X-AB
Proxy-Connection
X-Wix-Viewer-Type
X-HostName
Cdn
X-Cs
X-Fastly-Request-Id
X-Vcl-Version
X-Node-Id
LB
CDN
X-DynaTrace-JS-Agent
Cf-Ipcountry
CF-Cached-On
X-TIM-N
X-Tid
X-Fpc
Server-Id
Redirect-Candidate
X-Trv-Group
Lb
X-ND-Cache
X-HS-Status
X-Dynatrace-Js-Agent
X-Tt-Logid
X-APP
Sid
Env
X-Request-Start
X-Fastly-Backend-Reqs
Tracecode
X-Pjax-Url
WZWS-RAY
X-Via-CDN
X-MG-S
Pramga
URI
Cteonnt-Length
X-NGINX-Cache
X-Cache-Date
X-WA
Is-Us
X-Webkit-Csp-Report-Only
X-Up
X-ServerName
X-Nc
X-Check-Cacheable
X-Reqid
X-Lb-Id
X-Amz-Meta-Cb-Modifiedtime
X-VC
X-Sn-Servicetimems
X-Cdn-Origin
X-Esi
X-CSRF-TOKEN
Ohc-Cache-HIT
X-Core-Mission
W
X-Provided-By
Viewtype
VivaBuild
Rt-Fastcgi-Cache
X-IN-APIGATEWAYSSL
Mime-Version
X-Cache-Backend
X-ServedByHost
X-Via-PopV
X-Via-PopN
X-SERVER-NAME
X-IN-APIGATEWAY
X-Via-PopH
X-UnsetCookies
X-ECache
Server-Ttl
X-Cache-Expires
Shield-Pop
CloudFront-Viewer-Country
X-SN
CountryCode
X-LiteSpeed-Cache-Control
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Fastly-Cache-Hits
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-FORWARDED-FOR
X-Acquia-Application-UUID
Machine
X-Acquia-Site
X-Pf-Uncompressing
X-Cache-ASPX
X-RAMCache
X-Pad
CACHE
WP-Super-Cache
X-CUA
X-CCDN-Origin-Time
Xet-Cookie
X-Sucuri-Cache
X-StackifyID
X-CCDN-CacheTTL
X-Swift-Error
X-Edge-POP
X-Region-Sid
X-RSL
X-FTR-Request-ID
X-Hcs-Proxy-Type
X-Yottaa-OS
X-Cdn-Request-ID
X-Cache-Status-Check
X-RPM
Ohc-Response-Time
ServerName
X-SB
X-RPS
X-Webstats-RespID
X-Dw-Trace-Id
X-Action
Vha6-Origin
X-DSS
X-DI
X-DB
X-DW
X-B3-Spanid
X-Cdn-Forward
X-Oss-Server-Time
X-FTR-Realm
Xc-Version
X-FTR-DC
X-FTR-Expires
X-Moov-Xdn-Version
X-FPC
X-Moov-T
X-CF-Powered-By
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Request-Id
Content-Style-Type
X-Country-Code-Real
On-Server
X-TH-Server
X-MiniProfiler-Ids
X-C
FSS-Cache
X-ElasticPress-Search
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
Content-Script-Type
X-FTR-Backend
Req-ID