Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
CF-RAY
Link
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
X-FRAME-OPTIONS
Status
X-Ua-Compatible
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
CF-Ray
X-Via
X-Dns-Prefetch-Control
Keep-Alive
X-Ws-Request-Id
Request-Context
X-Robots-Tag
Server-Timing
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
X-Amz-Request-Id
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Id-2
Report-To
X-Rq
X-LiteSpeed-Cache
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
X-Device
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
NEL
X-Amz-Version-Id
Cf-Railgun
X-Dispatcher
X-Host
X-CST
X-Cache-Spec
X-Server-Id
X-Node
Allow
X-Backend-Server
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Readtime
X-Webkit-CSP
X-WebKit-CSP
X-Akam-SW-Version
X-Response-Time
Accept-CH
Accept-Ch-Lifetime
Xkey
X-HW
X-Ruxit-JS-Agent
X-Language
X-Country
X-Application-Context
X-Ac
Content-Location
X-Template
X-Cloud-Trace-Context
MS-Author-Via
X-Cache-Lookup
Rating
X-Url
X-B3-TraceId
Edge-Control
Accept-Ch
X-Mod-Pagespeed
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
X-Varnish-TTL
X-ESI
X-MS-InvokeApp
X-Trace
Fastly-Restarts
X-Content-Type
X-GitHub-Request-Id
X-Rack-Cache
X-Origin-Cache
X-Cnection
X-FastCGI-Cache
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Country-Code
X-Buckets
X-Goog-Hash
Verso
X-D2id
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-Server-ID
Accept-CH-Lifetime
X-Vcap-Request-Id
X-Cached
Cache-Tag
X-ORACLE-DMS-ECID
X-Abt-Application-Version
X-Server-Name
X-Amz-Rid
Service-Worker-Allowed
X-Navigation-Version
X-Client-IP
X-Powered-By-Plesk
RTSS
X-Fastly-Request-ID
X-Px
Access-Control-Request-Method
Public-Key-Pins
X-Powered-CMS
X-TTL
X-MSEdge-Ref
X-Element-Page-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Upstream
X-Dw-Request-Base-Id
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Pagespeed
Display
X-Cache-TTL
X-Version
X-NF-Request-ID
S
X-Edge
X-Kinsta-Cache
X-Edge-Location-Klb
X-LLID
X-B3-TraceId-Primal
Realpath
Mrf-Cache-Status
MRF-Tech
X-ECACHE
X-Accel-Expires
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
SPRequestGuid
X-Instrumentation
X-SharePointHealthScore
X-Jurisdiction
X-HP-Webp
X-Ttl
SPIisLatency
X-Cache-Key
SPRequestDuration
X-Shield-Request-Id
X-T
X-Mid
X-MCACHE
X-Content-Security-Policy-Report-Only
X-PressLabs-Stats
Pinterest-Generated-By
X-Pinterest-Rid
X-DynaTrace
Pinterest-Version
X-XRDS-Location
X-ORACLE-DMS-RID
Edge-Cache-Tag
X-Forwarded-Proto
X-Litespeed-Cache
X-Correlation-Id
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
TP-L2-Cache
Charset
TP-Cache
X-Content-Digest
X-Mg-S
Nginx-Cache
X-Id
Filters
Front-End-Https
X-Request-Received
TCN
X-Request-Processing-Time
Alternate-Protocol
Server-Node
X-Logged-In
X-Forwarded-For
X-Ezoic-Cdn
Cache-Tags
Content-MD5
X-Geo-Country
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Component-Id
X-Protected-By
X-Release
X-Hostname
X-Origin-Upstream-Status
X-Amzn-Trace-Id
X-ASPNET-VERSION
X-Grace
X-Origin-Server
X-F-Cache
X-Www-Served-By
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Cleartype
X-GUploader-UploadID
X-Rid
X-Ruxit-Js-Agent
Host
X-Amz-Replication-Status
X-Contextid
X-HS-Cache-Config
X-Debug-Info
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Az
X-AppVersion
X-Activity-Id
X-LB-Cache
X-RateLimit-Remaining
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
Server-Name
Section-Io-Cache
X-Frontend
X-Browser-Type
X-Page-Id
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
MicrosoftSharePointTeamServices
X-Git-Hash
X-VCache
X-Ser
X-Cache-Age
X-Daa-Tunnel
X-Respond-Thread
X-Content-Options
Accept-Charset
Access-Control-Allow-Method
X-Aspnetmvc-Version
X-Upgrade-Enabled
X-Hits
X-Mobile-URL
X-DIS-Request-ID
X-Signature
X-B-Cache
Payment
ServerID
X-Source
X-Varnish-Backend
Healthy
X-Varnish-Age
X-Request-Guid
X-Route-Name
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Varnish-Grace
X-Providence-Cookie
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Viewport
X-TT
X-Whom
X-FB-Debug
Paypal-Debug-Id
X-Cache-Action
X-B3-Sampled
X-WebKit-CSP-Report-Only
Node
X-AOL-HN
X-CACHE-GROUP
X-App-Environment
Fastcgi-Useragent
DynaTrace
Version
X-Seen-By
X-Ab
X-Load-Cache
X-Mobile
X-Yandex-Sdch-Disable
X-N
DC
X-Type
X-HTML-Minification-Powered-By
X-Distributor
X-Tt-Trace-Tag
X-Tt-Trace-Host
SRV
Frame-Options
Filterid
MS-CV
Retry-After
X-Cache-Control
X-User-Agent
AR-PoweredBy
AR-ATIME
Ar-Sid
AR-Request-ID
AR-CACHE
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Cache-Expired-At
X-Fastcgi-Cache
X-Jobs
X-IPLB-Instance
X-Response-Served-From
X-Original-Request-Id
X-UUID
X-Real-IP
Refresh
X-Adobe-Content
X-Proxy-Cache-Status
X-Adobe-Loc
X-Cluster-Name
X-Instance
X-Page-View
X-Region
X-Debug-IsConnected
X-Device-Type
X-Debug-IsPreview
Access-Control-Request-Headers
X-Varnish-Server
X-ProcessESI
X-RemovedCookies
X-Request-Handler-Origin-Region
X-Tumblr-Pixel-1
X-B
NGB
X-Microsite
X-Tumblr-User
X-XRDS-LOCATION
VIX-Pulpo-Upstream-Status
Uber-Trace-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cacheable-TTL
X-G
X-Cache-Time
X-IPS-LoggedIn
VIX-Pulpo-Node
X-Content-Powered-By
Ms-Operation-Id
X-RTag
X-Proxy
X-CDN-Forward
Amp-Access-Control-Allow-Source-Origin
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-Framework
X-FW-Serve
X-Vgn-Hpd-Reason
X-NGENIX-Cache
X-Zen-Fury
Countrycode
X-Azure-Ref
X-Wix-Request-Id
X-App-Version
X-Node-Name
Cache-Status
X-RateLimit-Limit
X-Time
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Cache-Rule
X-Debug
Section-Io-Origin-Status
X-Mg-Request-UUID
Section-Io-Id
X-Accel-Buffering
X-Cache-Hit
X-Nginx-Cache
X-Rendered-As
X-Ms-Request-Id
X-Is-Bot
X-Ms-Version
SD-X-WS
Liferay-Portal
Cache
Referer-Policy
X-Oracle-Dms-Rid
X-Drupal-Cache-Tags
S-Cnection
Country
X-FireWall-Port
X-App-Server
X-Aws-Lambda-Call-Status
X-EdgeConnect-Cache-Status
Surrogate-Key
X-L-Path
X-Environment-Context
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Operation
X-HP-Trace-Id
Eomportal-Instance
X-Revision
X-Parallel-Accel
X-Endurance-Cache-Level
X-TA-CDN-Provider
Meta-Geo
CF-IPCountry
X-UPSTREAM-Address
X-SaId
X-JoinUs
X-Loop
Selected-Fe
X-RN-RSRV
X-Proxy-Build
X-Timing-Wait
X-ES-SERVER
X-TNCMS
X-GG-Cache-Date
From-Origin
X-Cache-TTL-Remaining
X-Alternate-Cache-Key
X-Drupal-Cache-Contexts
X-Request-Time
X-Xfnlog-Site
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Varnishpool
X-Sorting-Hat-ShopId
X-ShardId
X-Storefront-Renderer-Rendered
X-ShopId
X-Cache-Type
X-Adobe-Source
X-VWS-Id
X-AWS-Id
X-Varnish-Hostname
X-Varnish-Beresp-Grace
X-PHP-Backend
X-S-Maxage
X-LJ-Flow-ID
Protected
X-Proto
X-No-Session
X-Backend-Host
X-NYM-Debug-Backend
X-SayCDN-TTL
X-Say-TTL
X-LAGOON
Cache-Name
X-Origin-Date
X-ProxyCache-Key
X-ProxyCache-Status
X-Be
X-Say-Cacheable
X-BYPASS-REASON
GEO-INFO
Apigw-Requestid
Webcakes-Region
Cache-Tv-Group
X-Akamai-Edgescape
X-Cache-Server
X-Handled-By
X-FB-TRIP-ID
Webcakes-App-Version
X-OCL
Fastly-SSL
TWC-GeoIP-Country
ServedBy
TWC-Device-Class
Property-Id
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
X-Origin-Hint
X-UA-Device-Type
Azure-Version
X-PCL
Azure-SlotName
Azure-InstanceId
Azure-SiteName
Country-Code
X-Server-W
X-R9-Blue-Green-Version
X-Pubstack
X-Human
X-RCS-CacheZone
X-Sql-Duration-Ms
X-Sql-Count
Azure-RegionName
X-Via-Fastly
X-Section
X-Format
X-Backend-Name
X-Access
X-Status
X-Tumblr-Pixel-2
Akamai-GRN
X-Hl-Ver
Mn-Server-Ip
Count-Hit
X-Web-Node
X-Labrador-Cache-Channel
Decoy-Debug-Key
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-PHP-Host
X-PERF
X-TEC-API-VERSION
Decoy-Debug-Status
X-ApacheServer
X-Hosted-By
X-FW-Version
Decoy-Debug-TTL
X-Hyper-Cache
X-Uri
Xserver
Nel
X-B3-SpanId
X-Redis-Cache
X-Time-Microsecs
X-ServerID
X-Cache-PHP
X-Servername
X-Ua-Device
X-ATG-Version
X-Cluster-Node
OT-Force-Account-Verify
X-CSRF-Token
X-Trace-Id
X-WA-Info
X-Tumblr-Pixel-3
X-TT-LOGID
Cross-Origin-Opener-Policy
X-Detected-As
X-Content-Age
X-Azure-Ref-OriginShield
X-MP-GENERATED-AT
X-Datadome
X-Rule
X-Generation-Time
X-Varnish-Cache-Hits
X-Cache-Host
Backend
X-CS
X-Cached-By
Web-Mar-Node
X-Soup
X-Bc-Bl
X-Varnish-Hits
X-Akamai-Transformed
X-APP-VERSION
X-Edge-Location
X-Cache-Enabled
X-Cache-Ttl
Content-Secure-Policy
Ec-Rule-Version
X-Mode
Cross-Origin-Window-Policy
X-Microcachable
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Ua
X-Varnish-Beresp-Status
X-Info
S-Rt
X-Varnish-Beresp-Ttl
X-Via-JSL
X-Cache-NGX
X-SRV
X-Cache-Grace
X-Debug-Cache
X-Storage
SID
X-Magnolia-Registration
X-Origin-CC
Url
X-Origin-TTL
X-Locale
X-Proxied
X-Platform
X-Zipkin-Id
X-NWS-UUID-VERIFY
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
Upgrade-Insecure-Requests
X-Routing-Service
X-Forwarded-Host
X-Dc
X-Extlb
Source
X-B3-Traceid
BehaviorPad-Version
Apple-News-Services-Request-Url
M-TraceId
Host-ID
Apple-News-Services-Parsed-Url
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
Apple-News-Services-Host
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
CDN-Uid
Apple-News-Services-Handled
A
Fastly-SIE
CDCHOST
Fastcgi-X-Cache-Version
Expiry
DCR-Decision-By
DCR-Processing-Time-Ms
Fastly-SWR
X-BCube-Filmed-By
X-Platform-Server
X-PBS-Appsvrname
X-Processor
X-Ratelimit-Reset
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-PAYTM-SRV-ID
X-Orig-Expires
X-From
X-Forwarded-Path
X-GoCache-CacheStatus
X-NAPM-TraceId
X-NU-AKA-ACS-Version
X-Request-URI
X-Rewrite-Enabled
X-Vdms-Version
X-Tenant
X-VG-WebCache
X-VG-WebServer
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-SRCache-Key
X-Shop-Environment
X-S
X-Rojux
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-External-Request-Id
X-Epic-Correlation-Id
T-Server
Surrogated-Key
X-A
X-A-Ccd
X-A-Dgt
X-A-Dcw
State
Req-Svc-Chain
Mobile-Detection-Method
Meta-Geo-Continent
Odigeo-Trace-Id
Path
Rendered-Blocks
X-A-Wwc
X-Aed
X-Connection-Hash
X-Clientip
X-D
X-Destination
X-Developer
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Application
X-Aicache-OS
X-ARC
X-B-Cookie
X-Cache-NE
MD5-Digest
X-A-Dam
AMP-Access-Control-Allow-Source-Origin
X-GEO
X-Unique-ID
X-Tb
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Thanos
X-Sigma-Backend
X-Sigma
X-Request-UUID
X-Rocket-Build-Number
UCS
X-Service
Platform
Pics-Label
X-VG-TLSProxy
X-VServer
L
Kp-EeAlive
NGX
X-Variation
PB-PID
X-TrackingId
Origin
X-Var-Ttl
X-Proxy-Upstream
Server-Info
X-Is-Gdpr
X-Core-Value
X-JWT-State
X-Cms-Context
X-Hash
X-Has-Esi
X-Fastly-Backend
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
X-Device-Os
X-Li-Fabric
X-Li-Pop
X-Bip
X-Loc
X-Backend-State
X-Origin-Expires
X-Branch-Name
X-Cache-Bucket
X-Cache-Tags
X-LI-UUID
X-Cache-Debug
Is-Eu
PB-RID
Esi-Enabled
Arc-Version
Adler-Geo
X-Site-Version
DSUID
X-AIR-PT
Cmsid
Cmstype
Cache-Host
Content-Disposition
Fastly-Backend-Name
C-Via
Fastly-Drupal-HTML
User-Cache-Control
X-Generated-In
CacheControlHeader
X-Forwarded-Site
X-Req
X-Generated-On
X-Fetched-On
X-Geo-Header
X-Policy
Wxu-Next-Region
Wxu-Next-Commit
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
True-Client-Country-4JS
X-Scheme
X-Origin
Vix-Hermes-Req-Id
Wxu-Next-Hostname
X-DataDome
X-Cluster
X-Level-Front-Cache
X-CGP
X-Csrf-Jwt
X-HN
X-Developers
X-DefHash
X-DefElseHash
X-Ftr-Request-Id
X-Request-Host
X-Eu-Site
X-GeoIP
X-FC-Vary-Parameters
X-Nginx-Cache-Key
X-Location
X-GeoIP-City
TDXMobile
X-Conf
X-Served-From
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-EC-Lua
X-Accel-Expires-Debug
NM-Fastcgi-Cache
X-Gamma-Serve
L5d-Success-Class
Pagetype
Location
X-Varnish-Remaining-TTL
Locid
Fastcgi-Cache-TTL
X-VHOST
X-Vdms-Path
Memcached
X-VarnishDD-TTL
X-VC-Cache
PFcat
IsBot
X-Thinkindot-L3
Ha-Gx-Prefs
Server-Ext
Server-Hostname
Gh-Request-Id
Server-Host
HA-Ipaddr
X-Date
Cf-Device-Type
X-SIPLIST1
Sever-Int
Release
CPC-Cache
CPC-Age
Mail-Subject
X-Wikidot-Static-Cache
VNS-Cache
X-Ratelimit-Limit
We-Hiring
Cache-Key
X-BBC-Edge-Cache-Status
X-Wikidot-Backend
X-Goog-Meta-Goog-Reserved-File-Mtime
X-WADP-Cache
X-Old-Content-Length
X-Clara-WADP
X-Cache-Info
X-Gen-Mode
DataCenter
X-Sucuri-ID
X-Fmm-Version
X-Fastly-Cache
X-Skip-Cache
VNS-Age
X-Owner
X-Generated-By
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Slack-Backend
X-Via-NSCOPI
X-Unique-Id
X-Men
X-Block-Status
X-Hnp-Log
X-Irp-Debug
X-Viewer-Country
X-DC
X-Amz-Meta-S3cmd-Attrs
Webserver
AKAMAI
V-Age
Svr
Arc-Country
Who
X-Srv
X-Planisys-CDN-Rules
X-Micro-Cache
X-Planisys-CDN-TTL
X-Ckpd-Fst-Backend
X-Esi-Check
X-Qloud-Router
X-User
X-Mvc-Supplant-Cachable
X-Cache-Id
X-Gzip
NtCoent-Length
X-Planisys-CDN-Cache
X-Worker
X-PF-Uncompressing
MIME-Version
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-Servedbyhost
X-HS-Content-Campaign-Id
Cache-Hits
X-Zone
X-Ratelimit-Remaining
X-V-Cache
X-Minions-Version
X-Mvc-Supplant-OutputCached
X-Auto-Login
X-Varnish-Url
X-NC
X-NCache
X-Vc
X-Tx-Id
XServer
X-Refresh
X-Platform-Processor
X-Qnm-Cache
X-Wa
X-LSADC-Cache
X-Rocket-Nginx-Serving-Static
Powered-By-ChinaCache
X-Platform-Router
X-Render-Time
My-App
X-Traceid
X-M-Reqid
X-LB-ID
X-Platform-Cluster
X-M-Log
X-Webkit-CSP-Report-Only
X-ID
X-SD-PageType
Memory
X-Internal-Host
X-App
Time
Server-ID
WebServer
X-Varnish-Ttl
X-Cache-Remote
X-ZONE
X-Pass-Why
X-TX-ID
X-Newrelic-Synthetics
Environment
X-PJAX-URL
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Content
X-Ua-Browser
X-API-Version
X-Webkit-Csp
X-Nyt-Route
X-Origin-Time
X-TIME
X-BBC-Origin-Response-Status
X-Gdpr
X-NodeID
X-Correlation-ID
X-CACHE-KEY
X-Cache-Var
X-Cache-Var-Map
Cluster
X-OVcl-Cache
X-VCL-Version
X-OVcl
X-Cache-Config
X-Server-IP
HostName
X-Pod-Name
Cf-Bgj
X-Via-Ucdn
Hostname
X-NewRelic-App-Data
X-LI-Proto
Candidate-Md5Url
Datacenter
X-TraceId
X-Backend-TTL
X-Tb-Optimization-Total-Bytes-Saved
Magicmarker
X-CLOUD-TRACE-CONTEXT
X-Edge-Pop
X-ElasticPress-Query
Geo-Info
N-Cache
Geoip-Latitude
Resin-Trace
GeoIp-Country-Code
X-AB
X-Dispatcher-Server
X-Method
DB-Nickname
Web-Mar-Region
Ohc-File-Size
Tcn
X-Geo
X-HITS
X-CACHE-AGE
GeoIP-Latitude
GeoIP-Country-Code
X-Dynatrace
Onion-Location
Servername
X-Origin-Response-Time
X-IP
Ssr
X-Akamai-Pragma-Client-IP
Cf-Ipcountry
X-Varnish-Beresp-TTL
Proxy-Connection
X-MSEdge-Features
X-NODE
WWW-Authenticate
X-EIG-Tracking-Id
X-Varnish-Cacheable
X-MSEdge-Flight
X-Li-Proto
Cdn
X-Node-Id
X-Wix-Viewer-Type
LB
X-HostName
X-Fpc
X-HS-Status
X-ND-Cache
X-Trv-Group
X-DynaTrace-JS-Agent
X-Nc
CF-Cached-On
X-Tid
CDN
X-Vcl-Version
X-Dynatrace-Js-Agent
X-Via-CDN
WZWS-RAY
Lb
X-TIM-N
Redirect-Candidate
X-Cs
X-Up
X-APP
Cteonnt-Length
Sid
X-Pjax-Url
Server-Id
Env
X-Fastly-Backend-Reqs
Tracecode
X-Request-Start
X-MG-S
X-Webkit-Csp-Report-Only
X-Reqid
URI
X-WA
X-NGINX-Cache
X-ServerName
X-Cache-Date
Is-Us
Pramga
X-VC
Rt-Fastcgi-Cache
X-Amz-Meta-Cb-Modifiedtime
X-URL
X-Check-Cacheable
X-Cdn-Origin
X-Tt-Logid
X-Sn-Servicetimems
X-Lb-Id
Ohc-Cache-HIT
X-Esi
X-Xrds-Location
X-CSRF-TOKEN
X-Provided-By
X-SERVER-NAME
X-Core-Mission
W
X-Via-PopN
VivaBuild
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Cache-Backend
X-Fastly-Request-Id
X-Via-PopV
Viewtype
X-Via-PopH
X-UnsetCookies
X-RAMCache
CloudFront-Viewer-Country
Shield-Pop
Mime-Version
X-ServedByHost
X-FTR-Request-ID
X-LiteSpeed-Cache-Control
Server-Ttl
Machine
X-Cache-Expires
X-SN
CountryCode
X-Acquia-Application-UUID
X-Fastly-Cache-Hits
X-Contensis-Viewer-Groups
X-Acquia-Application-Trace
X-Pf-Uncompressing
X-Yottaa-OS
CACHE
X-Cache-ASPX
X-Varnish-Authentication
X-Pad
X-Acquia-Purge-Tags
X-Acquia-Site
X-Dw-Trace-Id
X-FORWARDED-FOR
X-RSL
X-FTR-Balancer
X-StackifyID
FSS-Cache
X-CCDN-CacheTTL
X-FTR-Cache-Status
Xet-Cookie
X-CCDN-Origin-Time
X-RPS
X-CUA
X-Cache-Status-Check
X-Edge-POP
X-Hcs-Proxy-Type
X-Cdn-Request-ID
X-Action
X-Region-Sid
X-Swift-Error
Ohc-Response-Time
On-Server
X-SB
X-Webstats-RespID
WP-Super-Cache
X-Country-Code-Real
X-Sucuri-Cache
X-RPM
Vha6-Origin
X-FTR-Backend
X-DSS
X-DB
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-DW
X-DI
X-Cdn-Forward
X-Air-Pt
Req-ID
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-FTR-Expires
X-C
X-Snapshot-Date
X-Swa-Ws
X-Oss-Server-Time
X-Oss-Storage-Class
ServerName
Content-Script-Type
X-MiniProfiler-Ids
X-TH-Server
X-ElasticPress-Search
Content-Style-Type