Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-Request-ID
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
Request-Context
X-Ws-Request-Id
Server-Timing
X-Robots-Tag
X-AH-Environment
X-Server
X-Ua-Compatible
X-Hacker
X-Age
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Server-Powered-By
X-Proxy-Cache
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-Page-Speed
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
Cf-Railgun
NEL
X-Amz-Version-Id
X-Host
X-Dispatcher
X-Server-Id
X-OneAgent-JS-Injection
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH
X-WebKit-CSP
X-Readtime
X-Response-Time
X-Akam-SW-Version
X-Webkit-CSP
Xkey
X-HW
X-Country
X-Ac
Content-Location
X-Application-Context
Accept-Ch-Lifetime
X-Language
MS-Author-Via
X-Template
X-Cloud-Trace-Context
Rating
X-Cache-Lookup
X-Url
X-Ruxit-JS-Agent
X-Mod-Pagespeed
Edge-Control
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-B3-TraceId
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
Accept-CH-Lifetime
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-ASPNET-VERSION
X-Origin-Cache
X-Cnection
X-Rack-Cache
X-FastCGI-Cache
X-D2id
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Country-Code
X-Exp-Variant
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Kinja-Server
Verso
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-Goog-Hash
X-Server-Name
X-Cached
X-Vcap-Request-Id
X-Navigation-Version
Cache-Tag
X-Buckets
X-Client-IP
X-Powered-By-Plesk
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
Accept-Ch
X-ORACLE-DMS-ECID
RTSS
X-Cache-TTL
X-Fastly-Request-ID
X-Sol
X-Middleton-Display
X-Middleton-Response
Display
Response
Pagespeed
Access-Control-Request-Method
X-MSEdge-Ref
X-Powered-CMS
X-Element-Page-Cache
X-Ttl
X-Oneagent-Js-Injection
X-NF-Request-ID
Public-Key-Pins
X-Dw-Request-Base-Id
X-Upstream
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Px
X-Edge
S
X-Kinsta-Cache
X-Edge-Location-Klb
X-LLID
X-TTL
MRF-Tech
X-B3-TraceId-Primal
Realpath
Mrf-Cache-Status
X-Ruxit-Js-Agent
X-Server-ID
X-Accel-Expires
SPIisLatency
SPRequestDuration
SPRequestGuid
X-SharePointHealthScore
X-Jurisdiction
X-T
X-HP-Webp
X-Aspnetmvc-Version
X-Mid
X-MCACHE
X-PressLabs-Stats
X-ECACHE
X-Forwarded-Proto
X-Content-Security-Policy-Report-Only
X-Instrumentation
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Shield-Request-Id
X-Correlation-Id
X-DynaTrace
Edge-Cache-Tag
Pinterest-Version
Pinterest-Generated-By
Charset
X-Pinterest-Rid
X-Recruiting
X-Cache-Key
Fastcgi-Cache
X-Amz-Server-Side-Encryption
TP-Cache
TP-L2-Cache
X-Mg-S
X-Content-Digest
X-Ezoic-Cdn
X-Release
Nginx-Cache
Filters
X-Request-Processing-Time
X-Id
X-Request-Received
X-ORACLE-DMS-RID
TCN
Front-End-Https
X-Logged-In
Server-Node
Alternate-Protocol
Cache-Tags
X-XRDS-Location
X-Forwarded-For
Content-MD5
X-Litespeed-Cache
X-Origin-Upstream-Status
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
X-Amzn-Trace-Id
Server-Name
X-Geo-Country
X-Origin-Server
X-Grace
X-Hostname
X-Protected-By
X-Amz-Replication-Status
X-F-Cache
X-Contextid
X-Www-Served-By
X-Rid
Cleartype
X-AppVersion
X-Az
Host
X-Activity-Id
X-Goog-Generation
X-GUploader-UploadID
X-WebKit-CSP-Report-Only
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-RateLimit-Remaining
X-Debug-Info
X-LB-Cache
X-Frontend
Section-Io-Cache
MicrosoftSharePointTeamServices
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-NWS-LOG-UUID
X-Ser
X-Git-Hash
X-Page-Id
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Cache-Age
X-Respond-Thread
Accept-Charset
X-VCache
X-Upgrade-Enabled
AR-CACHE
Ar-Sid
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Content-Options
X-Source
X-Varnish-Age
X-DIS-Request-ID
X-Hits
X-Mobile-URL
Paypal-Debug-Id
X-Daa-Tunnel
ServerID
Access-Control-Allow-Method
X-Varnish-Backend
X-B-Cache
X-Varnish-Grace
X-CACHE-GROUP
X-Signature
Viewport
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Payment
X-Flags
X-Request-Guid
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Cache-Action
X-FB-Debug
X-Aspnet-Duration-Ms
Healthy
X-TT
X-Whom
X-B3-Sampled
Node
X-AOL-HN
X-XRDS-LOCATION
X-App-Environment
X-N
Version
X-Seen-By
X-Microsite
X-Request-Handler-Origin-Region
X-Type
Fastcgi-Useragent
X-Load-Cache
X-Mobile
DynaTrace
DC
X-Fastcgi-Cache
MS-CV
X-Yandex-Sdch-Disable
X-Ab
X-Cache-Expired-At
X-HTML-Minification-Powered-By
X-Distributor
X-Ua-Device
Retry-After
SRV
Filterid
X-Cache-Control
X-Tt-Trace-Tag
X-Tt-Trace-Host
Frame-Options
X-IPLB-Instance
X-User-Agent
X-Original-Request-Id
X-Response-Served-From
X-UUID
X-Real-IP
X-Instance
X-Tumblr-User
X-RemovedCookies
X-ProcessESI
X-Varnish-Server
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-IPS-LoggedIn
X-Jobs
X-Adobe-Content
X-Debug-IsConnected
X-Content-Powered-By
X-Adobe-Loc
X-Cluster-Name
X-Region
X-Debug-IsPreview
X-Proxy
Ms-Operation-Id
Access-Control-Request-Headers
X-Device-Type
X-Proxy-Cache-Status
X-RTag
VIX-Pulpo-Node
NGB
VIX-Pulpo-Upstream-Status
Refresh
X-Page-View
X-B
X-Cache-Time
X-Cacheable-TTL
Uber-Trace-Id
X-Framework
X-G
X-Debug
X-FireWall-Port
X-Accel-Buffering
Cache
X-FW-Server
X-FW-Serve
X-Vgn-Hpd-Reason
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Dynamic
X-Zen-Fury
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Countrycode
Section-Origin-Responded
X-Wix-Request-Id
X-Mg-Request-UUID
X-RateLimit-Limit
X-NGENIX-Cache
X-Oracle-Dms-Rid
X-CDN-Forward
Cache-Status
X-Azure-Ref
X-App-Version
X-Time
Surrogate-Key
X-Is-Bot
X-Rendered-As
Country
X-Ms-Version
X-Cache-Hit
X-Nginx-Cache
X-Cache-Rule
X-Drupal-Cache-Tags
X-Ms-Request-Id
S-Cnection
X-EdgeConnect-Cache-Status
X-Node-Name
X-App-Server
Referer-Policy
SD-X-WS
Eomportal-Instance
Amp-Access-Control-Allow-Source-Origin
Liferay-Portal
X-TA-CDN-Provider
X-L-Path
X-Environment-Context
X-Cache-Operation
X-UPSTREAM-Address
X-Drupal-Cache-Contexts
X-Tumblr-Pixel-2
X-RN-RSRV
X-Timing-Wait
Meta-Geo
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-SaId
X-JoinUs
X-ES-SERVER
X-Varnishpool
From-Origin
X-Proxy-Build
Selected-Fe
X-Cache-TTL-Remaining
X-R9-Blue-Green-Version
X-Backend-Host
X-Pubstack
X-Via-Fastly
X-Sorting-Hat-ShopId
Protected
ServedBy
X-Storefront-Renderer-Rendered
X-Varnish-Beresp-Grace
X-Alternate-Cache-Key
X-TNCMS
X-Request-Time
X-Xfnlog-Site
X-PHP-Backend
X-S-Maxage
X-Loop
X-ShopId
X-Handled-By
X-ShardId
X-GG-Cache-Date
X-Shopify-Stage
X-Sorting-Hat-PodId
X-No-Session
X-Cache-Server
X-Endurance-Cache-Level
X-Varnish-Hostname
CF-IPCountry
X-Adobe-Source
Webcakes-Region
Webcakes-App-Version
X-AWS-Id
Cache-Tv-Group
X-BYPASS-REASON
X-Be
Webcakes-App-Name
TWC-Privacy
TWC-Connection-Speed
Property-Id
Fastly-SSL
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Human
X-LAGOON
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-ProxyCache-Status
Azure-SlotName
Azure-Version
X-VWS-Id
Cache-Name
X-Server-W
X-ProxyCache-Key
X-Proto
X-OCL
X-Origin-Hint
X-PCL
X-NYM-Debug-Backend
X-LJ-Flow-ID
Decoy-Debug-Key
Country-Code
Decoy-Debug-Status
Decoy-Debug-TTL
X-Backend-Name
X-SayCDN-TTL
X-Section
Nel
X-Say-TTL
X-Say-Cacheable
X-Hl-Ver
X-Origin-Date
X-RCS-CacheZone
X-Access
X-Format
Akamai-GRN
Apigw-Requestid
X-UA-Device-Type
X-Sql-Duration-Ms
X-ApacheServer
X-Akamai-Edgescape
X-Labrador-Cache-Channel
X-PERF
X-Sql-Count
X-PHP-Host
X-Revision
X-Status
X-FB-TRIP-ID
Mn-Server-Ip
X-Hyper-Cache
X-Uri
X-Cache-PHP
X-Hosted-By
X-Redis-Cache
X-Rule
X-Web-Node
X-Cache-Type
X-Aws-Lambda-Call-Status
X-Trace-Id
X-B3-SpanId
Xserver
X-ATG-Version
X-MP-GENERATED-AT
AMP-Access-Control-Allow-Source-Origin
X-FW-Version
X-WA-Info
X-B3-Traceid
X-Time-Microsecs
X-ServerID
X-Content-Age
X-Cached-By
X-Tumblr-Pixel-3
X-Dc
X-Parallel-Accel
X-Soup
X-Akamai-Transformed
Backend
X-Cache-Enabled
X-CSRF-Token
X-Edge-Location
Count-Hit
GEO-INFO
X-Mode
X-Cluster-Node
X-Datadome
X-Detected-As
OT-Force-Account-Verify
X-TT-LOGID
X-Varnish-Cache-Hits
X-Azure-Ref-OriginShield
X-APP-VERSION
X-Microcachable
X-Bc-Bl
X-Info
X-Varnish-Beresp-Status
X-Cache-Host
X-CS
Web-Mar-Node
X-Generation-Time
Cross-Origin-Opener-Policy
X-Varnish-Hits
X-Servername
X-Cache-NGX
X-Debug-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Varnish-Beresp-Ttl
X-Platform
X-SRV
X-Routing-Service
DataCenter
X-Storage
X-Proxied
X-Zipkin-Id
Who
X-HP-Trace-Id
X-Unique-ID
X-Extlb
X-DataDome
X-Origin-CC
X-Origin-TTL
Apple-News-Services-Host
CDN-EdgeStorageId
X-Ratelimit-Reset
CDN-PullZone
CDN-RequestCountryCode
X-Rewrite-Enabled
X-Processor
CDN-RequestId
X-Request-URI
CDCHOST
Cache-Host
BehaviorPad-Version
Apple-News-Services-Handled
A
Apple-News-Services-Request-Url
CDN-Cache
X-Generated-On
Apple-News-Services-Parsed-Url
CDN-CachedAt
X-NAPM-TraceId
X-CF-Lambda-Version
X-Level-Front-Cache
X-CF-Lambda-Fn
X-Cache-NE
X-A
T-Server
Surrogated-Key
Rendered-Blocks
Req-Svc-Chain
X-Locale
State
X-A-Ccd
X-Cache-Bucket
X-Aed
X-A-Wwc
X-Aicache-OS
X-ARC
X-Application
X-A-Dgt
X-A-Dcw
X-A-Dam
X-Bip
X-BCube-Filmed-By
X-B-Cookie
X-Location
X-Cms-Context
Expiry
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
Fastly-Backend-Name
Host-ID
X-From
X-Geo-Header
Content-Disposition
X-PBS-Appsvrname
X-PAYTM-SRV-ID
DCR-Decision-By
X-External-Request-Id
X-Epic-Correlation-Id
X-Connection-Hash
Meta-Geo-Continent
Mobile-Detection-Method
Odigeo-Trace-Id
X-Core-Value
X-D
M-TraceId
X-Developer
X-Destination
MD5-Digest
CDN-Uid
X-S
X-ScT
Server-Info
X-Vdms-Version
X-Vtex-Processado-Em
X-Vdms-Path
SID
X-Session-Fingerprint
X-Rojux
X-Service
X-VG-WebCache
X-Air-Hostname
X-S-Cookie
X-Air-Source
X-VG-WebServer
X-Thanos
X-SRCache-Key
X-Vtex-Remote-Cache
X-Magnolia-Registration
X-Air-Trace-Id
S-Rt
X-Ua
Upgrade-Insecure-Requests
X-Cache-Debug
X-Origin
Fastly-SWR
Fastly-SIE
X-HN
X-NWS-UUID-VERIFY
X-Clientip
Cmstype
X-Hash
Esi-Enabled
X-Gamma-Serve
Fastcgi-Cache-TTL
Gh-Request-Id
Fastly-Drupal-HTML
X-Sucuri-ID
Pics-Label
PFcat
X-JWT-State
UCS
Path
X-TrackingId
Server-Host
X-Var-Ttl
Pagetype
Origin
L
Kp-EeAlive
X-Backend-State
Location
X-NU-AKA-ACS-Version
X-Is-Gdpr
Memcached
X-Branch-Name
Cmsid
X-Sigma-Backend
AKAMAI
X-Via-JSL
X-Envoy-Decorator-Operation
X-VHOST
X-Served-From
X-Rebelmouse-Surrogate-Control
X-Proxy-Upstream
X-GoCache-CacheStatus
X-VG-TLSProxy
X-Sigma
X-Rebelmouse-Cache-Control
X-Platform-Server
X-Scheme
X-VarnishDD-TTL
X-Has-Esi
X-Rocket-Build-Number
X-EC-Lua
Source
X-Request-UUID
CacheControlHeader
X-Developers
X-Varnish-Ttl
User-Cache-Control
Url
X-Cache-Grace
Cross-Origin-Window-Policy
X-AIR-PT
X-Tb
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Vix-Hermes-Req-Id
DSUID
X-Li-Fabric
X-Variation
X-Generated-In
X-Generated-By
True-Client-Country-4JS
Svr
X-Accel-Expires-Debug
X-Date
X-VC-Cache
X-Cache-Tags
X-DPWN-IS-SECURE
X-CGP
X-Clara-WADP
NGX
X-Cluster
X-Csrf-Jwt
X-Cache-Info
X-Eu-Site
NtCoent-Length
C-Via
X-Fmm-Version
X-Ratelimit-Limit
X-Fastly-Cache
Content-Secure-Policy
X-WADP-Cache
X-Varnish-Url
X-Fastly-Backend
X-Forwarded-Site
X-Micro-Cache
X-Site-Version
X-Tenant
Is-Eu
Adler-Geo
X-Policy
X-Owner
X-SVT-ORM-RULES
L5d-Success-Class
Arc-Country
Thinkindot-Control
X-Device-Os
X-Li-Pop
Ec-Rule-Version
X-Origin-Expires
X-Shop-Environment
Arc-Version
HA-Ipaddr
Ha-Gx-Prefs
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Req
PB-RID
PB-PID
Platform
X-Request-Host
X-LI-UUID
X-Loc
X-Forwarded-Path
X-Men
X-Amz-Meta-S3cmd-Attrs
TDXMobile
Cf-Device-Type
NM-Fastcgi-Cache
X-SVT-ORM-VERSION
X-Orig-Expires
X-Minions-Version
X-Thinkindot-L3
X-Forwarded-Host
X-Slack-Backend
X-DefHash
X-DefElseHash
X-SIPLIST1
X-Viewer-Country
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Gen-Mode
X-Qloud-Router
X-FC-Vary-Parameters
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Esi-Check
X-Gzip
Cache-Key
X-Fetched-On
Mail-Subject
X-Mvc-Supplant-Cachable
Locid
X-Wikidot-Static-Cache
X-Varnish-CookieHashed-On
Sever-Int
We-Hiring
Server-Ext
Release
V-Age
Server-Hostname
X-Irp-Debug
X-Hnp-Log
X-Varnish-CookieINHashed-On
X-Nginx-Cache-Key
X-GeoIP-City
X-Skip-Cache
X-PF-Uncompressing
X-User
X-GeoIP
X-Cache-Id
IsBot
X-Wikidot-Backend
X-Varnish-Remaining-TTL
X-Block-Status
X-Old-Content-Length
X-VServer
Webserver
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
VNS-Cache
X-Srv
Powered-By-ChinaCache
VNS-Age
X-Ftr-Request-Id
X-CACHE-KEY
X-Via-NSCOPI
My-App
X-HS-Content-Campaign-Id
X-Unique-Id
X-Planisys-CDN-TTL
Cache-Hits
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
CPC-Cache
CPC-Age
XServer
X-Zone
X-GEO
X-Ratelimit-Remaining
X-Mvc-Supplant-OutputCached
X-Vc
X-Refresh
MIME-Version
X-Conf
X-Pass-Why
X-TX-ID
X-BBC-Edge-Cache-Status
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-PJAX-URL
X-Cache-Ttl
X-Internal-Host
X-Ckpd-Fst-Backend
X-TIME
X-Worker
X-NC
X-Servedbyhost
X-ID
Geo-Info
Time
X-Auto-Login
X-OVcl-Cache
X-OVcl
Memory
WebServer
X-TraceId
X-V-Cache
X-LSADC-Cache
Cf-Bgj
Server-ID
X-NCache
X-LB-ID
X-Backend-TTL
X-Rocket-Nginx-Serving-Static
X-Webkit-Csp
X-DC
X-Render-Time
X-NewRelic-App-Data
Magicmarker
DB-Nickname
X-ZONE
X-Tx-Id
Hostname
X-Traceid
X-Wa
X-Platform-Router
X-Cache-Remote
X-Qnm-Cache
GeoIp-Country-Code
X-Platform-Cluster
X-M-Reqid
X-M-Log
Geoip-Latitude
X-Platform-Processor
X-Newrelic-Synthetics
X-Geo
X-Dispatcher-Server
HostName
X-Method
X-App
X-SD-PageType
X-Datadog-Trace-Id
X-CLOUD-TRACE-CONTEXT
X-Datadog-Parent-Id
Environment
X-Datadog-Sampling-Priority
Resin-Trace
X-Cache-Config
X-IP
X-API-Version
X-VCL-Version
X-BBC-Origin-Response-Status
X-NodeID
X-Tb-Optimization-Total-Bytes-Saved
Ssr
X-Gdpr
X-Origin-Time
X-Nyt-Route
X-Correlation-ID
LB
X-Pod-Name
X-Server-IP
X-Edge-Pop
Cluster
X-Via-Ucdn
Ohc-File-Size
Tcn
X-LI-Proto
X-Li-Proto
X-Dynatrace
X-HITS
X-MSEdge-Features
Candidate-Md5Url
X-CACHE-AGE
X-MSEdge-Flight
X-Webkit-CSP-Report-Only
X-Origin-Response-Time
X-Cache-Var
X-Cache-Var-Map
X-ElasticPress-Query
X-Trv-Group
X-Nc
Cf-Ipcountry
X-DynaTrace-JS-Agent
X-Vcl-Version
Web-Mar-Region
X-Node-Id
X-Via-CDN
X-Varnish-Beresp-TTL
N-Cache
X-Akamai-Pragma-Client-IP
Datacenter
X-ND-Cache
Env
X-APP
X-Wix-Viewer-Type
X-HostName
X-ServerName
X-Fastly-Request-Id
Proxy-Connection
X-Reqid
X-Cs
Sid
X-HS-Status
X-WA
GeoIP-Country-Code
Onion-Location
Servername
GeoIP-Latitude
X-NGINX-Cache
CDN
X-Dynatrace-Js-Agent
X-Content
X-Ua-Browser
CF-Cached-On
Server-Id
WWW-Authenticate
X-Varnish-Cacheable
Rt-Fastcgi-Cache
X-AB
VivaBuild
Viewtype
Cdn
X-EIG-Tracking-Id
X-MG-S
X-Lb-Id
Machine
X-CSRF-TOKEN
WZWS-RAY
X-FTR-Request-ID
X-Fastly-Backend-Reqs
X-Via-PopN
X-Cdn-Forward
X-URL
X-Via-PopH
X-Fpc
X-Via-PopV
X-Check-Cacheable
Ohc-Cache-HIT
X-Xrds-Location
X-Esi
X-Tid
X-Cache-Backend
X-TIM-N
Cteonnt-Length
Server-Ttl
X-Pjax-Url
X-ServedByHost
On-Server
FSS-Cache
X-IN-APIGATEWAY
X-Request-Start
Redirect-Candidate
X-IN-APIGATEWAYSSL
X-VC
X-ECache
X-Swa-Ws
URI
Shield-Pop
X-Up
X-SN
Mime-Version
CountryCode
X-Tt-Logid
X-Pad
X-Oss-Storage-Class
CACHE
X-Air-Pt
X-Oss-Server-Time
Lb
X-Contensis-Viewer-Groups
X-FTR-Backend-Server
Is-Us
Pramga
X-Amz-Meta-Cb-Modifiedtime
X-FTR-Backend
X-Country-Code-Real
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Cache-ASPX
X-Varnish-Authentication
X-FTR-Realm
X-FTR-Balancer
Tracecode
X-FTR-Cache-Status
X-FTR-DC
X-Swift-Error
X-FORWARDED-FOR
Xc-Version
X-DI
X-Webstats-RespID
X-RSL
X-RPS
X-DW
X-RPM
X-StackifyID
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Acquia-Site
X-Cache-Date
X-Acquia-Application-UUID
X-DB
Xet-Cookie
X-SB
X-Pf-Uncompressing
X-DSS
X-Fastly-Cache-Hits
X-Action
Ohc-Response-Time
X-Dw-Trace-Id
WP-Super-Cache
Warning
X-ElasticPress-Search
Vha6-Origin
X-LiteSpeed-Cache-Control
X-Yottaa-OS
X-CCM
X-Sn-Servicetimems
X-Cdn-Origin
CloudFront-Viewer-Country
Content-Script-Type
X-RAMCache
X-Core-Mission
Content-Style-Type
X-MiniProfiler-Ids
X-CCDN-CacheTTL
X-TH-Server
ServerName
X-FTR-Expires
X-Snapshot-Date
X-CCDN-Origin-Time
X-CUA
X-C
X-Mg-Request-Id
X-Hcs-Proxy-Type