Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-Powered-By
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Request-ID
X-Check
X-Cache-Status
X-Generator
P3p
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
X-Dns-Prefetch-Control
Keep-Alive
X-Ws-Request-Id
X-Robots-Tag
Request-Context
Server-Timing
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Cache-Group
X-Server-Powered-By
X-Backend
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
EagleId
X-Nginx-Cache-Status
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Vhost
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
NEL
X-OneAgent-JS-Injection
Cf-Railgun
X-Dispatcher
X-Host
X-Server-Id
X-Cache-Spec
X-CST
X-Node
X-Backend-Server
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Request-Id
Surrogate-Control
X-WebKit-CSP
Accept-CH
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-Webkit-CSP
Xkey
X-HW
Accept-Ch-Lifetime
X-Language
X-Ruxit-JS-Agent
X-Country
X-Application-Context
X-Template
X-Ac
Content-Location
X-Cache-Lookup
X-Cloud-Trace-Context
MS-Author-Via
Rating
X-Url
X-B3-TraceId
X-Mod-Pagespeed
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
X-Trace
X-Varnish-TTL
X-MS-InvokeApp
X-ESI
X-Content-Type
Fastly-Restarts
X-Rack-Cache
X-Origin-Cache
X-GitHub-Request-Id
Accept-CH-Lifetime
X-ASPNET-VERSION
X-Cnection
X-Buckets
X-Country-Code
X-Goog-Hash
Accept-Ch
Verso
X-VARITI-CCR
X-D2id
X-Exp-Id
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Exp-Variant
X-Use-Magma
X-Cdn-Fetch
Arr-Disable-Session-Affinity
X-ORACLE-DMS-ECID
X-Vcap-Request-Id
X-FastCGI-Cache
Cache-Tag
X-Cached
X-Abt-Application-Version
X-Server-Name
Service-Worker-Allowed
X-Client-IP
X-Amz-Rid
X-Navigation-Version
X-Server-ID
X-Powered-By-Plesk
RTSS
X-Px
X-Fastly-Request-ID
Access-Control-Request-Method
Public-Key-Pins
X-Element-Page-Cache
X-MSEdge-Ref
X-SRCache-Store-Status
X-Powered-CMS
X-SRCache-Fetch-Status
X-Upstream
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Version
X-Cache-TTL
X-Sol
Display
Response
X-Middleton-Response
X-Middleton-Display
Pagespeed
X-Ttl
S
X-Edge-Location-Klb
X-Edge
X-Kinsta-Cache
X-LLID
X-TTL
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-ECACHE
Realpath
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Accel-Expires
X-Cache-Key
X-Jurisdiction
X-HP-Webp
X-Correlation-Id
SPRequestGuid
X-SharePointHealthScore
X-XRDS-Location
SPRequestDuration
SPIisLatency
X-Shield-Request-Id
X-T
X-Mid
X-MCACHE
X-PressLabs-Stats
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Content-Security-Policy-Report-Only
X-ORACLE-DMS-RID
X-DynaTrace
Edge-Cache-Tag
X-Litespeed-Cache
X-Forwarded-Proto
Fastcgi-Cache
X-Mg-S
X-Amz-Server-Side-Encryption
X-Content-Digest
TP-L2-Cache
TP-Cache
X-Recruiting
Nginx-Cache
Charset
X-Id
Filters
X-Oneagent-Js-Injection
Front-End-Https
TCN
X-Request-Processing-Time
X-Request-Received
Alternate-Protocol
Server-Node
X-Logged-In
X-Ezoic-Cdn
X-Forwarded-For
Content-MD5
X-Geo-Country
Cache-Tags
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Protected-By
X-Hostname
X-Origin-Upstream-Status
X-Amzn-Trace-Id
X-Grace
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Release
X-Goog-Generation
X-Goog-Storage-Class
X-Origin-Server
X-Www-Served-By
X-F-Cache
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
X-Amz-Replication-Status
Cleartype
X-Rid
X-Debug-Info
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
Host
X-HS-Combine-CSS
X-LB-Cache
X-AppVersion
X-Az
X-Activity-Id
X-Contextid
X-RateLimit-Remaining
Server-Name
Section-Io-Cache
X-Page-Id
X-Git-Hash
X-Daa-Tunnel
X-Frontend
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-VCache
X-Cache-Age
X-Respond-Thread
X-Ser
MicrosoftSharePointTeamServices
X-Content-Options
X-Fastcgi-Cache
Accept-Charset
Access-Control-Allow-Method
X-Aspnetmvc-Version
X-Upgrade-Enabled
X-Ab
X-Hits
X-WebKit-CSP-Report-Only
X-Mobile-URL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-DIS-Request-ID
ServerID
X-Source
X-Providence-Cookie
X-Signature
X-Route-Name
X-Request-Guid
X-Is-Crawler
X-B-Cache
X-Flags
X-Aspnet-Duration-Ms
X-Whom
X-Cache-Action
X-Varnish-Backend
Payment
Viewport
X-FB-Debug
X-TT
X-Varnish-Grace
Healthy
X-Varnish-Age
Paypal-Debug-Id
Node
X-AOL-HN
X-App-Environment
X-CACHE-GROUP
X-B3-Sampled
Fastcgi-Useragent
X-Load-Cache
Version
DynaTrace
X-Yandex-Sdch-Disable
X-Seen-By
X-Mobile
X-N
DC
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Type
Filterid
X-HTML-Minification-Powered-By
X-Distributor
SRV
Frame-Options
Retry-After
X-Cache-Control
X-User-Agent
MS-CV
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Jobs
X-Cache-Expired-At
Refresh
X-Response-Served-From
X-Original-Request-Id
X-UUID
X-IPLB-Instance
X-Real-IP
NGB
X-Adobe-Content
X-Adobe-Loc
X-Page-View
X-Proxy-Cache-Status
Access-Control-Request-Headers
X-Cluster-Name
X-Debug-IsPreview
X-Region
X-Varnish-Server
X-Instance
X-Device-Type
X-Debug-IsConnected
AR-Request-ID
X-RemovedCookies
X-FW-Static
VIX-Pulpo-Node
Ar-Sid
X-XRDS-LOCATION
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-FW-Type
VIX-Pulpo-Upstream-Status
X-Tumblr-User
AR-CACHE
X-G
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-Framework
AR-PoweredBy
X-Cacheable-TTL
X-Content-Powered-By
X-B
AR-ATIME
X-FW-Server
X-ProcessESI
X-Proxy
X-CDN-Forward
X-RTag
X-Cache-Time
X-IPS-LoggedIn
Ms-Operation-Id
Amp-Access-Control-Allow-Source-Origin
X-NGENIX-Cache
X-Vgn-Hpd-Reason
X-Azure-Ref
Uber-Trace-Id
X-Zen-Fury
X-Node-Name
X-Microsite
Countrycode
X-Request-Handler-Origin-Region
X-Wix-Request-Id
X-Cache-Rule
Cache-Status
X-Cache-Hit
X-Time
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Mg-Request-UUID
X-Is-Bot
X-Ms-Version
X-Ms-Request-Id
X-Rendered-As
Referer-Policy
Liferay-Portal
X-Debug
X-App-Version
X-RateLimit-Limit
SD-X-WS
X-Accel-Buffering
X-Aws-Lambda-Call-Status
X-Nginx-Cache
X-Drupal-Cache-Tags
X-Oracle-Dms-Rid
X-HP-Trace-Id
Cache
X-EdgeConnect-Cache-Status
S-Cnection
X-App-Server
Country
X-Environment-Context
X-L-Path
X-Cache-Operation
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Revision
X-Parallel-Accel
Surrogate-Key
CF-IPCountry
X-FireWall-Port
Eomportal-Instance
Meta-Geo
X-Endurance-Cache-Level
X-UPSTREAM-Address
X-TNCMS
X-ES-SERVER
X-RN-RSRV
X-GG-Cache-Date
X-Drupal-Cache-Contexts
X-JoinUs
X-Loop
X-SaId
X-Sorting-Hat-PodId
X-Say-TTL
X-ShopId
From-Origin
X-Shopify-Stage
X-ShardId
X-Say-Cacheable
X-Timing-Wait
X-Alternate-Cache-Key
X-Proxy-Build
X-Xfnlog-Site
Selected-Fe
X-Cache-TTL-Remaining
X-LAGOON
X-Storefront-Renderer-Rendered
X-SayCDN-TTL
X-Cache-Type
X-Sorting-Hat-ShopId
X-Adobe-Source
X-No-Session
X-LJ-Flow-ID
X-BYPASS-REASON
X-Be
X-NYM-Debug-Backend
X-Origin-Date
X-ProxyCache-Key
Count-Hit
X-Proto
X-AWS-Id
Akamai-GRN
Cache-Name
Country-Code
Protected
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-ProxyCache-Status
X-Human
X-Request-Time
X-Varnish-Hostname
X-S-Maxage
X-Sql-Duration-Ms
X-Sql-Count
X-Varnishpool
X-Varnish-Beresp-Grace
X-VWS-Id
X-Status
X-FW-Version
Fastly-SSL
Apigw-Requestid
X-Pubstack
X-UA-Device-Type
Decoy-Debug-Key
X-Cache-Server
Decoy-Debug-Status
Decoy-Debug-TTL
Cache-Tv-Group
X-Akamai-Edgescape
X-PHP-Backend
X-PCL
X-PHP-Host
X-RCS-CacheZone
X-R9-Blue-Green-Version
X-TA-CDN-Provider
X-Labrador-Cache-Channel
X-OCL
X-Handled-By
ServedBy
X-Hosted-By
X-Backend-Name
X-Hl-Ver
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Server-W
TWC-Device-Class
TWC-GeoIP-Country
TWC-Privacy
X-Via-Fastly
X-Tumblr-Pixel-2
X-Access
Webcakes-App-Version
X-Hyper-Cache
X-Section
X-Uri
Webcakes-Region
X-Origin-Hint
X-Redis-Cache
X-Format
Webcakes-App-Name
X-Web-Node
Property-Id
X-ApacheServer
X-Backend-Host
Mn-Server-Ip
X-PERF
X-B3-SpanId
X-FB-TRIP-ID
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
GEO-INFO
Nel
X-Cluster-Node
X-ServerID
X-Time-Microsecs
X-Servername
X-ATG-Version
Xserver
X-Ua-Device
X-Cache-PHP
OT-Force-Account-Verify
X-Tumblr-Pixel-3
Cross-Origin-Opener-Policy
X-TT-LOGID
X-Trace-Id
X-CSRF-Token
X-Detected-As
X-APP-VERSION
X-Azure-Ref-OriginShield
X-Content-Age
X-WA-Info
Backend
Web-Mar-Node
X-Datadome
X-MP-GENERATED-AT
X-Cache-Host
X-Generation-Time
X-Varnish-Cache-Hits
X-Rule
X-CS
X-Cached-By
X-Soup
X-Akamai-Transformed
Content-Secure-Policy
X-Varnish-Hits
Cross-Origin-Window-Policy
X-Cache-Ttl
X-Cache-Enabled
X-Ua
X-Edge-Location
X-Bc-Bl
X-Via-JSL
Ec-Rule-Version
X-SRV
X-Info
X-Mode
X-NWS-UUID-VERIFY
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Varnish-Beresp-Status
X-Cache-Grace
X-Microcachable
X-Varnish-Beresp-Ttl
Source
X-Magnolia-Registration
X-Locale
Upgrade-Insecure-Requests
Url
X-Forwarded-Host
S-Rt
SID
X-Cache-NGX
X-Debug-Cache
X-Origin-CC
X-Origin-TTL
X-Storage
X-EC-Lua
AMP-Access-Control-Allow-Source-Origin
X-Extlb
X-Tb
X-Zipkin-Id
X-B3-Traceid
X-Proxied
X-Routing-Service
X-Site-Version
CDN-Uid
X-NAPM-TraceId
X-Forwarded-Path
CDN-RequestId
CDN-RequestCountryCode
DCR-Decision-By
DCR-Processing-Time-Ms
Fastly-SIE
Fastly-SWR
Fastcgi-X-Cache-Version
Expiry
CDN-PullZone
X-From
CDN-EdgeStorageId
Apple-News-Services-Handled
A
X-GoCache-CacheStatus
Apple-News-Services-Parsed-Url
BehaviorPad-Version
Content-Disposition
X-Tenant
Apple-News-Services-Request-Url
CDN-CachedAt
CDN-Cache
CDCHOST
X-SRCache-Key
X-Epic-Correlation-Id
X-BCube-Filmed-By
X-B-Cookie
X-ARC
X-Cache-Bucket
X-Cache-NE
X-CF-Lambda-Fn
T-Server
X-Application
X-AIR-PT
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
X-A-Ccd
X-Aicache-OS
X-A
Surrogated-Key
State
Meta-Geo-Continent
X-Developer
Mobile-Detection-Method
MD5-Digest
X-NU-AKA-ACS-Version
X-External-Request-Id
M-TraceId
X-Destination
Odigeo-Trace-Id
X-Connection-Hash
X-Clientip
X-CF-Lambda-Version
Req-Svc-Chain
Rendered-Blocks
Path
X-D
Host-ID
Apple-News-Services-Host
X-Request-URI
X-Aed
X-Orig-Expires
X-PAYTM-SRV-ID
X-Rebelmouse-Surrogate-Control
X-Session-Fingerprint
X-VG-WebServer
X-Vdms-Version
X-Air-Trace-Id
X-Shop-Environment
X-Air-Source
X-VG-WebCache
X-Air-Hostname
X-Platform-Server
X-GEO
X-S-Cookie
X-S
X-ScT
X-Vtex-Remote-Cache
X-PBS-Appsvrname
X-Vtex-Processado-Em
X-Ratelimit-Reset
X-Dc
X-Processor
X-Rewrite-Enabled
User-Cache-Control
X-Rebelmouse-Cache-Control
X-Rojux
X-Platform
X-Ratelimit-Limit
X-Envoy-Decorator-Operation
X-Ftr-Request-Id
X-DPWN-IS-SECURE
L
X-Fmm-Version
Fastly-Drupal-HTML
Is-Eu
X-Fastly-Cache
X-Fastly-Backend
X-DC
PB-PID
X-Cache-Debug
X-Unique-Id
X-Cache-Info
X-Cache-Tags
X-Request-UUID
UCS
X-Bip
X-Accel-Expires-Debug
X-WADP-Cache
X-Backend-State
X-Rocket-Build-Number
X-Clara-WADP
X-Cms-Context
X-Date
Fastly-Backend-Name
Origin
NGX
X-VG-TLSProxy
PB-RID
X-Conf
X-Request-Host
X-Core-Value
Platform
Pics-Label
X-Service
X-Forwarded-Site
X-JWT-State
X-Loc
C-Via
X-TrackingId
Cache-Host
X-Li-Fabric
Cache-Key
X-Sigma
Arc-Version
X-Li-Pop
X-VServer
Adler-Geo
X-LI-UUID
X-Has-Esi
X-Origin-Expires
X-Hash
X-Men
X-SVT-ORM-VERSION
X-Amz-Meta-S3cmd-Attrs
X-Is-Gdpr
X-Variation
X-SVT-ORM-RULES
X-Proxy-Upstream
X-Thanos
DSUID
Cmsid
X-Sigma-Backend
Cmstype
X-DataDome
Server-Info
X-Via-NSCOPI
X-Viewer-Country
X-Wikidot-Static-Cache
X-CGP
X-Cache-Id
X-Level-Front-Cache
X-Branch-Name
X-Varnish-CookieHashed-On
X-Scheme
X-Nginx-Cache-Key
X-Served-From
X-SIPLIST1
X-Slack-Backend
X-Mvc-Supplant-Cachable
X-Var-Ttl
X-Block-Status
X-Location
X-Micro-Cache
X-Wikidot-Backend
X-Thinkindot-L3
X-Old-Content-Length
X-GeoIP
X-Geo-Header
X-GeoIP-City
X-Eu-Site
X-Policy
X-Esi-Check
X-Generated-On
X-FC-Vary-Parameters
X-RateLimit-Limit-Second
X-Gen-Mode
X-RateLimit-Remaining-Second
X-Gamma-Serve
X-Generated-In
X-Generated-By
X-Gzip
X-BBC-Edge-Cache-Status
X-Csrf-Jwt
X-Varnish-Remaining-TTL
X-Hnp-Log
X-Req
X-Irp-Debug
X-Varnish-CookieINHashed-On
X-VC-Cache
X-HN
X-Developers
X-Device-Os
X-DefHash
X-DefElseHash
X-VarnishDD-TTL
X-Origin
X-Cluster
True-Client-Country-4JS
Server-Ext
Mail-Subject
Release
Server-Host
Server-Hostname
Sever-Int
IsBot
X-Unique-ID
HA-Ipaddr
Gh-Request-Id
Ha-Gx-Prefs
NM-Fastcgi-Cache
X-Varnish-Ttl
PFcat
Pagetype
Fastcgi-Cache-TTL
TDXMobile
We-Hiring
VNS-Cache
VNS-Age
Cf-Device-Type
Location
L5d-Success-Class
CacheControlHeader
Vix-Hermes-Req-Id
CPC-Age
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
NtCoent-Length
CPC-Cache
Locid
Esi-Enabled
Webserver
X-Ratelimit-Remaining
X-Fetched-On
X-Planisys-CDN-Cache
Arc-Country
X-Goog-Meta-Goog-Reserved-File-Mtime
AKAMAI
X-Owner
X-Planisys-CDN-Rules
Kp-EeAlive
X-Planisys-CDN-TTL
X-Sucuri-ID
Wxu-Next-Hostname
Wxu-Next-Commit
V-Age
X-Skip-Cache
Wxu-Next-Region
Svr
Memcached
X-Vdms-Path
X-HS-Content-Campaign-Id
X-Ckpd-Fst-Backend
X-Qloud-Router
X-Worker
Who
DataCenter
X-NC
X-Auto-Login
X-Via-Popv
X-User
Cache-Hits
X-Servedbyhost
X-M-Reqid
X-Via-Popn
X-Via-Poph
X-Mvc-Supplant-OutputCached
X-M-Log
MIME-Version
X-NCache
X-Zone
X-Srv
X-Qnm-Cache
X-V-Cache
X-Tx-Id
X-PF-Uncompressing
X-Ua-Browser
X-Content
X-Platform-Cluster
X-Platform-Router
X-Rocket-Nginx-Serving-Static
X-Render-Time
X-LSADC-Cache
X-Traceid
X-Varnish-Url
X-Minions-Version
X-Platform-Processor
XServer
X-Vc
X-SD-PageType
X-LB-ID
X-ID
X-Cache-Remote
My-App
Environment
Server-ID
X-Wa
Powered-By-ChinaCache
X-Datadog-Parent-Id
X-Refresh
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
WebServer
X-ZONE
X-Pass-Why
X-Newrelic-Synthetics
X-BBC-Origin-Response-Status
X-App
X-Internal-Host
X-PJAX-URL
X-API-Version
X-NodeID
X-Cache-Var-Map
X-Nyt-Route
X-Origin-Time
Time
X-Gdpr
X-Cache-Var
Memory
X-TX-ID
X-Webkit-Csp
X-TIME
X-Via-Ucdn
Cluster
X-Cache-Config
X-VCL-Version
X-Server-IP
X-CACHE-KEY
X-Pod-Name
Candidate-Md5Url
X-Webkit-CSP-Report-Only
Geo-Info
Datacenter
Hostname
X-NewRelic-App-Data
HostName
X-OVcl-Cache
X-OVcl
GeoIp-Country-Code
Geoip-Latitude
X-CLOUD-TRACE-CONTEXT
Cf-Bgj
X-LI-Proto
X-Backend-TTL
X-Tb-Optimization-Total-Bytes-Saved
X-ElasticPress-Query
Magicmarker
N-Cache
Resin-Trace
Web-Mar-Region
X-Edge-Pop
X-TraceId
X-VHOST
Onion-Location
X-Origin-Response-Time
X-Geo
Tcn
Ohc-File-Size
Servername
X-HITS
X-CACHE-AGE
X-Dynatrace
X-Method
X-Akamai-Pragma-Client-IP
X-Dispatcher-Server
DB-Nickname
X-MSEdge-Features
GeoIP-Country-Code
X-MSEdge-Flight
X-Varnish-Cacheable
X-Li-Proto
WWW-Authenticate
X-EIG-Tracking-Id
X-Esi
X-NODE
X-Varnish-Beresp-TTL
X-IP
Proxy-Connection
GeoIP-Latitude
Ssr
Cf-Ipcountry
LB
X-Correlation-ID
Cdn
X-AB
X-Wix-Viewer-Type
X-Fpc
CF-Cached-On
X-HostName
X-Tid
X-Vcl-Version
CDN
X-Node-Id
X-TIM-N
Redirect-Candidate
X-Dynatrace-Js-Agent
X-DynaTrace-JS-Agent
X-HS-Status
Tracecode
X-Trv-Group
X-Request-Start
X-Up
X-APP
X-ND-Cache
Lb
X-Tt-Logid
X-Cs
Server-Id
X-Fastly-Backend-Reqs
X-Reqid
X-Via-CDN
X-WA
Sid
WZWS-RAY
Env
Is-Us
X-Pjax-Url
X-Cache-Date
Pramga
X-MG-S
X-Webkit-Csp-Report-Only
X-Sn-Servicetimems
X-ServerName
X-Amz-Meta-Cb-Modifiedtime
Cteonnt-Length
X-NGINX-Cache
X-Cdn-Origin
X-FORWARDED-FOR
X-Nc
W
X-Check-Cacheable
X-VC
X-Core-Mission
URI
X-Lb-Id
X-Provided-By
X-CSRF-TOKEN
X-UnsetCookies
Ohc-Cache-HIT
X-Cache-Expires
X-Cache-Backend
CloudFront-Viewer-Country
Viewtype
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Fastly-Request-Id
Rt-Fastcgi-Cache
VivaBuild
X-Via-PopN
X-Via-PopH
X-SERVER-NAME
X-Via-PopV
Shield-Pop
CountryCode
X-ServedByHost
Server-Ttl
X-SN
Mime-Version
X-Pf-Uncompressing
WP-Super-Cache
X-Acquia-Application-Trace
X-Edge-POP
X-CCDN-CacheTTL
X-Acquia-Application-UUID
X-Cache-Status-Check
X-Acquia-Purge-Tags
Machine
X-Varnish-Authentication
CACHE
X-Acquia-Site
X-RAMCache
X-CCDN-Origin-Time
X-Region-Sid
X-Fastly-Cache-Hits
X-LiteSpeed-Cache-Control
X-Hcs-Proxy-Type
X-Sucuri-Cache
X-Contensis-Viewer-Groups
X-Pad
X-Cache-ASPX
Xet-Cookie
X-Moov-Xdn-Version
X-StackifyID
Xc-Version
X-CF-Powered-By
X-Cdn-Request-ID
EpKe-Alive
X-CUA
X-Moov-T
X-RPS
X-Yottaa-OS
X-Dw-Trace-Id
X-DI
X-FTR-Request-ID
Ohc-Response-Time
Vha6-Origin
X-Action
X-DSS
X-DB
X-DW
X-Webstats-RespID
X-RSL
X-SB
X-RPM
X-Swift-Error
X-Cdn-Forward
User-Agent
ServerName
X-Ig-Push-State
X-Country-Code-Real
X-TH-Server
X-MiniProfiler-Ids
X-C
X-ElasticPress-Search
X-FTR-Realm
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
On-Server
Req-ID
X-FTR-Backend
Content-Style-Type
X-FTR-Expires
Content-Script-Type
FSS-Cache