Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
X-Dns-Prefetch-Control
Keep-Alive
X-Ws-Request-Id
X-Robots-Tag
Request-Context
Server-Timing
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
EagleId
X-Nginx-Cache-Status
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
EagleEye-TraceId
Ali-Swift-Global-Savetime
X-Device
X-Vhost
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
NEL
X-Dispatcher
Cf-Railgun
X-Host
X-Cache-Spec
X-Server-Id
X-CST
X-WebKit-CSP
X-Node
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
Request-Id
Surrogate-Control
X-Readtime
Accept-CH
X-Akam-SW-Version
X-Response-Time
Accept-Ch-Lifetime
Xkey
X-HW
X-Ruxit-JS-Agent
X-Language
X-Country
X-Webkit-CSP
X-Application-Context
X-Template
X-Ac
Content-Location
X-Cache-Lookup
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Url
Edge-Control
X-B3-TraceId
X-TtlSet
X-Vname
X-PC
X-Mod-Pagespeed
X-Clacks-Overhead
X-Trace
X-Varnish-TTL
X-ESI
X-MS-InvokeApp
X-Content-Type
Fastly-Restarts
X-Rack-Cache
X-Origin-Cache
X-GitHub-Request-Id
X-Cnection
Accept-Ch
X-Buckets
X-Country-Code
X-Goog-Hash
Accept-CH-Lifetime
Verso
X-D2id
X-VARITI-CCR
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Exp-Id
Arr-Disable-Session-Affinity
X-FastCGI-Cache
X-ORACLE-DMS-ECID
X-Vcap-Request-Id
Cache-Tag
X-Cached
Service-Worker-Allowed
X-Abt-Application-Version
X-Server-Name
X-Amz-Rid
X-Client-IP
X-Server-ID
X-Navigation-Version
X-Px
X-Powered-By-Plesk
RTSS
Public-Key-Pins
Access-Control-Request-Method
X-SRCache-Fetch-Status
X-Fastly-Request-ID
X-SRCache-Store-Status
X-Element-Page-Cache
X-Powered-CMS
X-MSEdge-Ref
X-Cache-TTL
X-Upstream
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Version
Response
Pagespeed
X-Sol
Display
X-Middleton-Response
X-Middleton-Display
S
X-Ttl
X-TTL
X-Edge-Location-Klb
X-Edge
X-Kinsta-Cache
X-LLID
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Server-Lifecycle-Phase
X-Accel-Expires
Realpath
X-Jurisdiction
X-HP-Webp
X-Correlation-Id
X-ECACHE
X-Shield-Request-Id
SPRequestGuid
X-SharePointHealthScore
X-T
Pinterest-Version
Pinterest-Generated-By
SPIisLatency
SPRequestDuration
X-Pinterest-Rid
X-Mid
X-MCACHE
X-Cache-Key
X-PressLabs-Stats
X-Litespeed-Cache
X-Content-Security-Policy-Report-Only
X-ORACLE-DMS-RID
Edge-Cache-Tag
X-DynaTrace
X-Forwarded-Proto
Fastcgi-Cache
X-XRDS-Location
X-Mg-S
X-Amz-Server-Side-Encryption
X-Content-Digest
Nginx-Cache
X-Recruiting
TP-Cache
TP-L2-Cache
Charset
Filters
Front-End-Https
X-Request-Received
X-Request-Processing-Time
TCN
X-Id
Alternate-Protocol
Server-Node
X-Logged-In
X-Forwarded-For
X-Ezoic-Cdn
Content-MD5
X-Geo-Country
Cache-Tags
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
X-Protected-By
X-ASPNET-VERSION
X-Hostname
X-Amzn-Trace-Id
X-Grace
X-Origin-Upstream-Status
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-NWS-LOG-UUID
X-Www-Served-By
X-Origin-Server
X-F-Cache
X-Amz-Replication-Status
Cleartype
X-Oneagent-Js-Injection
X-Rid
X-Debug-Info
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Release
X-LB-Cache
Host
X-HS-Combine-CSS
X-Az
X-AppVersion
X-Activity-Id
X-Contextid
Section-Io-Cache
X-Daa-Tunnel
X-Page-Id
Server-Name
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Git-Hash
X-Erf-Bev-Bev
X-Frontend
X-Ser
X-VCache
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-Ab
X-Respond-Thread
X-RateLimit-Remaining
X-Cache-Age
X-Content-Options
X-Ruxit-Js-Agent
Accept-Charset
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Hits
X-Mobile-URL
ServerID
X-DIS-Request-ID
X-Source
X-WebKit-CSP-Report-Only
X-B-Cache
X-Is-Crawler
X-Aspnet-Duration-Ms
X-CACHE-GROUP
X-Signature
X-Flags
X-Route-Name
X-Providence-Cookie
X-Request-Guid
X-Varnish-Backend
Payment
X-Cache-Action
X-Whom
X-Varnish-Age
X-TT
Viewport
Healthy
X-Varnish-Grace
X-FB-Debug
Paypal-Debug-Id
Node
X-Fastcgi-Cache
X-AOL-HN
X-App-Environment
Fastcgi-Useragent
DynaTrace
X-B3-Sampled
X-Load-Cache
X-Yandex-Sdch-Disable
Version
X-Seen-By
X-Mobile
X-N
DC
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-XRDS-LOCATION
X-HTML-Minification-Powered-By
X-Type
Filterid
X-Distributor
X-Tec-Api-Root
Retry-After
Frame-Options
X-Tec-Api-Origin
X-Tec-Api-Version
X-User-Agent
X-Cache-Control
SRV
MS-CV
X-Jobs
X-Cache-Expired-At
Refresh
X-Original-Request-Id
X-Response-Served-From
X-UUID
X-Page-View
X-Real-IP
X-Proxy-Cache-Status
X-Adobe-Content
NGB
X-IPLB-Instance
X-Adobe-Loc
X-Cluster-Name
X-Instance
X-Varnish-Server
X-Debug-IsPreview
X-Device-Type
X-Region
Access-Control-Request-Headers
X-FW-Static
X-FW-Hash
X-FW-Serve
X-FW-Server
X-Debug-IsConnected
X-FW-Dynamic
X-FW-Type
VIX-Pulpo-Node
X-B
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel-0
X-G
X-Cacheable-TTL
X-Framework
X-Tumblr-User
X-Tumblr-Pixel-1
X-Proxy
X-RemovedCookies
X-Tumblr-Pixel
X-Content-Powered-By
X-ProcessESI
X-Vgn-Hpd-Reason
X-NGENIX-Cache
X-Cache-Time
Ms-Operation-Id
X-IPS-LoggedIn
X-RTag
X-Azure-Ref
Uber-Trace-Id
X-Zen-Fury
X-Node-Name
Amp-Access-Control-Allow-Source-Origin
AR-CACHE
AR-ATIME
AR-Request-ID
Ar-Sid
X-CDN-Forward
AR-PoweredBy
Countrycode
X-Wix-Request-Id
X-Cache-Hit
Cache-Status
X-Cache-Rule
X-Request-Handler-Origin-Region
X-Microsite
Section-Io-Origin-Time-Seconds
X-Ms-Request-Id
X-Ms-Version
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Status
X-Time
X-Is-Bot
X-Rendered-As
SD-X-WS
Liferay-Portal
X-Aws-Lambda-Call-Status
Referer-Policy
X-Oracle-Dms-Rid
X-Mg-Request-UUID
X-HP-Trace-Id
X-Drupal-Cache-Tags
X-Debug
X-Accel-Buffering
X-Nginx-Cache
X-EdgeConnect-Cache-Status
X-Parallel-Accel
S-Cnection
Cache
Country
X-L-Path
X-App-Server
CF-IPCountry
X-RateLimit-Limit
X-Revision
X-Environment-Context
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-App-Version
X-Cache-Operation
Surrogate-Key
X-FireWall-Port
Count-Hit
X-UPSTREAM-Address
X-RN-RSRV
X-Loop
X-JoinUs
X-ES-SERVER
Eomportal-Instance
X-Drupal-Cache-Contexts
X-GG-Cache-Date
X-SaId
Meta-Geo
X-Endurance-Cache-Level
X-TNCMS
X-TA-CDN-Provider
X-Say-TTL
X-Alternate-Cache-Key
X-Cache-TTL-Remaining
X-Timing-Wait
X-Xfnlog-Site
X-Adobe-Source
From-Origin
X-Storefront-Renderer-Rendered
X-LAGOON
X-Say-Cacheable
X-Cache-Type
X-SayCDN-TTL
X-Sorting-Hat-ShopId
X-Proxy-Build
Selected-Fe
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
X-ShopId
X-Request-Time
Azure-InstanceId
X-BYPASS-REASON
X-Be
X-S-Maxage
X-Origin-Date
Country-Code
X-Human
X-Varnishpool
X-ProxyCache-Status
X-FW-Version
X-Sql-Count
X-Proto
X-No-Session
X-ProxyCache-Key
Azure-SiteName
Protected
X-NYM-Debug-Backend
X-AWS-Id
Azure-SlotName
Akamai-GRN
X-Sql-Duration-Ms
X-VWS-Id
Azure-Version
Cache-Name
Azure-RegionName
X-LJ-Flow-ID
X-Varnish-Beresp-Grace
X-Varnish-Hostname
Apigw-Requestid
X-Akamai-Edgescape
Decoy-Debug-Status
X-OCL
X-Pubstack
X-R9-Blue-Green-Version
ServedBy
X-Status
X-PHP-Host
X-RCS-CacheZone
X-PCL
X-PHP-Backend
Fastly-SSL
X-UA-Device-Type
X-Hosted-By
X-Handled-By
X-Cache-Server
Cache-Tv-Group
GEO-INFO
Decoy-Debug-TTL
X-Labrador-Cache-Channel
Decoy-Debug-Key
TWC-Connection-Speed
TWC-Device-Class
X-Hyper-Cache
X-Via-Fastly
X-Web-Node
X-Hl-Ver
X-Uri
X-Section
X-Origin-Hint
X-Tumblr-Pixel-2
X-Server-W
X-Format
X-Redis-Cache
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
X-Backend-Name
X-Access
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-APP-VERSION
Property-Id
X-PERF
Nel
X-ApacheServer
X-Backend-Host
Mn-Server-Ip
X-FB-TRIP-ID
X-Time-Microsecs
X-Cluster-Node
X-ServerID
X-Ua-Device
X-Servername
X-B3-SpanId
X-ATG-Version
X-Cache-PHP
OT-Force-Account-Verify
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Xserver
Cross-Origin-Opener-Policy
X-Tumblr-Pixel-3
X-TT-LOGID
X-Detected-As
X-Azure-Ref-OriginShield
X-Datadome
Backend
X-CSRF-Token
X-Trace-Id
X-Content-Age
X-WA-Info
Web-Mar-Node
X-Generation-Time
X-Varnish-Cache-Hits
X-MP-GENERATED-AT
X-Cache-Host
Cross-Origin-Window-Policy
X-Ua
X-Rule
Content-Secure-Policy
X-Varnish-Hits
X-SRV
X-Bc-Bl
X-Cached-By
X-Soup
X-Akamai-Transformed
Ec-Rule-Version
X-Cache-Enabled
X-CS
X-Edge-Location
X-Via-JSL
X-Ratelimit-Limit
X-NWS-UUID-VERIFY
Source
X-Mode
X-Amz-Apigw-Id
X-Info
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Ratelimit-Remaining
S-Rt
X-Cache-Grace
X-Microcachable
X-Origin-TTL
X-Origin-CC
X-Varnish-Beresp-Status
X-Locale
Upgrade-Insecure-Requests
X-Forwarded-Host
X-B3-Traceid
X-Magnolia-Registration
Url
AMP-Access-Control-Allow-Source-Origin
X-Air-Source
X-Air-Trace-Id
X-Cache-NGX
X-Air-Hostname
X-GEO
X-Dc
SID
X-Tb
X-Varnish-Beresp-Ttl
X-Debug-Cache
X-Storage
X-Site-Version
X-EC-Lua
A
Expiry
Apple-News-Services-Handled
Fastcgi-X-Cache-Version
Content-Disposition
X-Ftr-Request-Id
Fastly-SIE
X-Forwarded-Path
X-Zipkin-Id
X-From
Fastly-SWR
Apple-News-Services-Host
DCR-Processing-Time-Ms
CDN-Cache
CDN-CachedAt
CDCHOST
BehaviorPad-Version
X-GoCache-CacheStatus
CDN-EdgeStorageId
Host-ID
CDN-Uid
DCR-Decision-By
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
Apple-News-Services-Parsed-Url
M-TraceId
X-B-Cookie
X-ARC
X-Application
X-BCube-Filmed-By
X-Cache-Bucket
X-CF-Lambda-Fn
T-Server
X-Cache-NE
X-AIR-PT
X-Aicache-OS
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
X-A-Ccd
X-Aed
X-A
Surrogated-Key
State
Mobile-Detection-Method
X-Developer
X-Destination
Meta-Geo-Continent
MD5-Digest
X-External-Request-Id
X-Epic-Correlation-Id
Odigeo-Trace-Id
Path
X-Conf
X-Clientip
X-CF-Lambda-Version
X-Connection-Hash
Req-Svc-Chain
X-D
Rendered-Blocks
X-Extlb
Apple-News-Services-Request-Url
X-Processor
X-NU-AKA-ACS-Version
X-Orig-Expires
X-Request-URI
X-Proxied
X-Unique-Id
X-Vdms-Version
X-VG-WebServer
X-Vtex-Remote-Cache
X-Platform-Server
User-Cache-Control
X-PBS-Appsvrname
X-Rewrite-Enabled
X-Rojux
X-Tenant
X-Vtex-Processado-Em
X-PAYTM-SRV-ID
X-Routing-Service
X-S-Cookie
X-S
X-ScT
X-Shop-Environment
X-Rebelmouse-Cache-Control
X-SRCache-Key
X-NAPM-TraceId
X-Rebelmouse-Surrogate-Control
X-Session-Fingerprint
X-Ratelimit-Reset
X-VG-WebCache
X-Cache-Ttl
X-Varnish-Ttl
X-VServer
X-Request-UUID
Origin
Platform
PB-RID
X-SVT-ORM-VERSION
Fastly-Backend-Name
X-Date
Fastly-Drupal-HTML
PB-PID
X-Fmm-Version
NGX
X-Rocket-Build-Number
X-Clara-WADP
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
X-Core-Value
X-Cms-Context
X-Proxy-Upstream
L
X-Request-Host
X-Platform
X-SVT-ORM-RULES
Is-Eu
X-Fastly-Backend
X-Fastly-Cache
X-Forwarded-Site
Cmsid
X-Variation
X-Accel-Expires-Debug
X-Is-Gdpr
X-Hash
X-Has-Esi
DSUID
Adler-Geo
X-Backend-State
X-JWT-State
X-Li-Fabric
X-Sigma
X-Men
X-Sigma-Backend
X-Loc
X-LI-UUID
X-Service
X-Li-Pop
X-TrackingId
X-Bip
X-Cache-Info
Cache-Host
X-Origin-Expires
Cache-Key
X-VG-TLSProxy
X-BBC-Edge-Cache-Status
UCS
C-Via
Cmstype
X-Cache-Tags
X-WADP-Cache
Arc-Version
X-Thanos
X-Cache-Debug
X-Amz-Meta-S3cmd-Attrs
X-Csrf-Jwt
X-Slack-Backend
X-Cluster
X-Branch-Name
X-CGP
X-Req
X-Scheme
X-SIPLIST1
X-Block-Status
X-Served-From
X-FC-Vary-Parameters
X-Var-Ttl
X-HN
X-Hnp-Log
X-Gzip
X-VC-Cache
X-GeoIP-City
X-Nginx-Cache-Key
X-Thinkindot-L3
X-Irp-Debug
X-VarnishDD-TTL
X-Mvc-Supplant-Cachable
X-Location
X-Wikidot-Static-Cache
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Wikidot-Backend
X-Varnish-Remaining-TTL
X-Level-Front-Cache
X-GeoIP
X-Old-Content-Length
X-RateLimit-Limit-Second
X-Esi-Check
X-Viewer-Country
X-Device-Os
X-RateLimit-Remaining-Second
X-DefHash
X-Via-NSCOPI
X-Developers
X-Eu-Site
X-Micro-Cache
X-Generated-On
X-Geo-Header
X-Origin
X-Generated-In
X-Generated-By
X-Policy
X-Gamma-Serve
X-Gen-Mode
X-DefElseHash
X-Cache-Id
Release
CPC-Cache
Pics-Label
PFcat
CPC-Age
Cf-Device-Type
Server-Hostname
Server-Host
Server-Ext
Pagetype
NM-Fastcgi-Cache
HA-Ipaddr
Locid
Location
L5d-Success-Class
Mail-Subject
Ha-Gx-Prefs
Esi-Enabled
Fastcgi-Cache-TTL
Gh-Request-Id
IsBot
CacheControlHeader
True-Client-Country-4JS
X-DC
Vix-Hermes-Req-Id
VNS-Age
We-Hiring
VNS-Cache
Thinkindot-Control
Server-Info
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
Sever-Int
X-Worker
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Owner
X-Ckpd-Fst-Backend
AKAMAI
Webserver
Arc-Country
X-Planisys-CDN-TTL
X-Unique-ID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Fetched-On
Wxu-Next-Commit
Wxu-Next-Hostname
X-DataDome
NtCoent-Length
Svr
Kp-EeAlive
V-Age
X-Skip-Cache
X-Sucuri-ID
Wxu-Next-Region
Memcached
X-Vdms-Path
DataCenter
X-Qloud-Router
X-HS-Content-Campaign-Id
X-M-Reqid
X-Auto-Login
X-M-Log
X-NCache
X-Qnm-Cache
Who
X-Tx-Id
X-Via-Popv
X-Via-Poph
Cache-Hits
X-Mvc-Supplant-OutputCached
X-V-Cache
X-Via-Popn
X-User
X-CACHE-KEY
X-Ua-Browser
X-Content
X-Platform-Cluster
X-Platform-Processor
MIME-Version
X-Servedbyhost
X-Render-Time
X-Rocket-Nginx-Serving-Static
X-LSADC-Cache
X-Platform-Router
X-Zone
X-NC
X-PF-Uncompressing
X-Srv
XServer
X-SD-PageType
X-Varnish-Url
X-Traceid
X-Minions-Version
X-Cache-Remote
X-ID
X-Vc
Environment
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-LB-ID
WebServer
Powered-By-ChinaCache
My-App
X-Refresh
X-Origin-Time
X-Nyt-Route
X-Gdpr
X-API-Version
X-Wa
X-ZONE
X-BBC-Origin-Response-Status
X-Cache-Var
X-NodeID
X-Cache-Var-Map
X-PJAX-URL
X-Via-Ucdn
X-Internal-Host
Memory
X-App
Time
X-Cache-Config
Server-ID
X-TIME
X-Pass-Why
X-Server-IP
Cluster
X-Webkit-Csp
X-Newrelic-Synthetics
Candidate-Md5Url
X-VCL-Version
X-Webkit-CSP-Report-Only
X-Pod-Name
X-TX-ID
HostName
X-Dynatrace
X-NewRelic-App-Data
X-CLOUD-TRACE-CONTEXT
Datacenter
Geoip-Latitude
X-OVcl-Cache
X-OVcl
Resin-Trace
GeoIp-Country-Code
Hostname
X-Tb-Optimization-Total-Bytes-Saved
Web-Mar-Region
X-Edge-Pop
N-Cache
X-LI-Proto
Geo-Info
X-ElasticPress-Query
Cf-Bgj
X-Backend-TTL
X-TraceId
X-VHOST
Onion-Location
Magicmarker
Ohc-File-Size
Tcn
X-HITS
X-CACHE-AGE
X-Origin-Response-Time
X-Akamai-Pragma-Client-IP
X-Varnish-Beresp-TTL
X-Geo
X-Method
X-EIG-Tracking-Id
WWW-Authenticate
X-Varnish-Cacheable
Servername
X-Li-Proto
X-Dispatcher-Server
X-Esi
Proxy-Connection
DB-Nickname
X-NODE
GeoIP-Country-Code
X-Correlation-ID
X-AB
X-MSEdge-Flight
X-MSEdge-Features
X-IP
X-Wix-Viewer-Type
GeoIP-Latitude
CDN
Ssr
X-HostName
Cdn
LB
X-Fpc
X-Fastly-Request-Id
X-Vcl-Version
X-TIM-N
X-Dynatrace-Js-Agent
X-Cs
X-Tid
Redirect-Candidate
Cf-Ipcountry
CF-Cached-On
Lb
Server-Id
X-Request-Start
X-APP
X-Up
Tracecode
X-Node-Id
X-Tt-Logid
X-DynaTrace-JS-Agent
Sid
X-WA
X-ND-Cache
Pramga
Is-Us
X-HS-Status
X-Trv-Group
X-Fastly-Backend-Reqs
X-Cache-Date
X-MG-S
X-Webkit-Csp-Report-Only
WZWS-RAY
Env
X-Sn-Servicetimems
X-Via-CDN
X-Reqid
X-Pjax-Url
X-Amz-Meta-Cb-Modifiedtime
X-Cdn-Origin
X-NGINX-Cache
X-ServerName
Cteonnt-Length
X-Nc
X-FORWARDED-FOR
X-VC
X-Check-Cacheable
X-Provided-By
URI
W
X-Lb-Id
X-Core-Mission
X-UnsetCookies
X-CSRF-TOKEN
Ohc-Cache-HIT
X-ServedByHost
X-Via-PopH
CloudFront-Viewer-Country
X-Via-PopN
Mime-Version
X-IN-APIGATEWAY
X-Cache-Expires
X-IN-APIGATEWAYSSL
X-Via-PopV
X-Cache-Backend
X-SERVER-NAME
X-ECache
CountryCode
Shield-Pop
VivaBuild
WP-Super-Cache
X-SN
Server-Ttl
Rt-Fastcgi-Cache
Viewtype
X-Pf-Uncompressing
X-Cdn-Forward
X-Acquia-Application-Trace
X-Acquia-Application-UUID
CACHE
X-Hcs-Proxy-Type
X-Sucuri-Cache
X-Region-Sid
X-Contensis-Viewer-Groups
X-Acquia-Site
X-RAMCache
X-Edge-POP
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-LiteSpeed-Cache-Control
X-Cache-Status-Check
X-Acquia-Purge-Tags
X-Fastly-Cache-Hits
X-Cache-ASPX
X-Pad
X-Varnish-Authentication
Srv
X-StackifyID
X-Dw-Trace-Id
X-Moov-T
Xc-Version
X-Cdn-Request-ID
X-CUA
Ohc-Response-Time
ServerName
Vha6-Origin
EpKe-Alive
X-Yottaa-OS
X-Action
X-RSL
X-RPS
Xet-Cookie
X-Webstats-RespID
Machine
X-RPM
X-DW
X-DB
X-Swift-Error
X-Moov-Xdn-Version
X-SB
X-DI
X-DSS
X-B3-Spanid
User-Agent
X-Ig-Push-State
X-FPC
PICS-Label
X-ElasticPress-Search
Content-Script-Type
X-MiniProfiler-Ids
Content-Style-Type
X-TH-Server
Req-ID
X-CF-Powered-By