Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
X-FRAME-OPTIONS
Status
X-Ua-Compatible
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
X-Dns-Prefetch-Control
Keep-Alive
X-Ws-Request-Id
Request-Context
X-Robots-Tag
Server-Timing
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
X-Amz-Request-Id
Host-Header
EagleId
X-Amz-Id-2
X-Nginx-Cache-Status
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
NEL
X-Amz-Version-Id
Cf-Railgun
X-Dispatcher
X-Host
X-CST
X-Cache-Spec
X-Server-Id
X-Node
Allow
X-Backend-Server
Request-Id
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Readtime
X-Webkit-CSP
X-WebKit-CSP
X-Akam-SW-Version
X-Response-Time
Accept-CH
Accept-Ch-Lifetime
Xkey
X-HW
X-Ruxit-JS-Agent
X-Language
X-Country
X-Application-Context
X-Ac
Content-Location
X-Template
MS-Author-Via
X-Cache-Lookup
Rating
X-Cloud-Trace-Context
X-Url
X-B3-TraceId
Accept-Ch
Edge-Control
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
X-Varnish-TTL
X-ESI
X-MS-InvokeApp
X-Trace
X-Content-Type
Fastly-Restarts
X-Rack-Cache
X-GitHub-Request-Id
X-Origin-Cache
X-Cnection
X-FastCGI-Cache
X-Use-Magma
X-Exp-Variant
X-Kinja
X-Country-Code
X-Kinja-Build
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-Buckets
X-Goog-Hash
Verso
X-D2id
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-Server-ID
Accept-CH-Lifetime
X-Vcap-Request-Id
X-Cached
Cache-Tag
X-ORACLE-DMS-ECID
X-Abt-Application-Version
X-Server-Name
X-Amz-Rid
Service-Worker-Allowed
X-Client-IP
X-Navigation-Version
X-Powered-By-Plesk
RTSS
X-Px
Access-Control-Request-Method
X-Fastly-Request-ID
Public-Key-Pins
X-Powered-CMS
X-TTL
X-Element-Page-Cache
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Upstream
X-Dw-Request-Base-Id
X-Sol
X-Middleton-Response
X-Cache-TTL
Pagespeed
Response
X-Middleton-Display
Display
X-NF-Request-ID
X-Version
S
X-Edge
X-Kinsta-Cache
X-Edge-Location-Klb
X-LLID
X-B3-TraceId-Primal
Realpath
Mrf-Cache-Status
MRF-Tech
X-ECACHE
X-Accel-Expires
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-SharePointHealthScore
SPRequestGuid
X-HP-Webp
X-Jurisdiction
SPIisLatency
SPRequestDuration
X-Ttl
X-Mid
X-MCACHE
X-T
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-PressLabs-Stats
X-Cache-Key
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Correlation-Id
X-ORACLE-DMS-RID
X-Forwarded-Proto
Edge-Cache-Tag
X-Litespeed-Cache
X-DynaTrace
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
X-Mg-S
Charset
TP-Cache
X-Content-Digest
TP-L2-Cache
X-XRDS-Location
Nginx-Cache
X-Id
Filters
Front-End-Https
X-Request-Received
X-Request-Processing-Time
Alternate-Protocol
Server-Node
X-Logged-In
X-Forwarded-For
X-Ezoic-Cdn
TCN
Cache-Tags
Content-MD5
X-Geo-Country
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
X-Release
X-Protected-By
X-Amzn-Trace-Id
X-Origin-Upstream-Status
X-ASPNET-VERSION
X-Grace
X-Origin-Server
X-Hostname
X-F-Cache
X-Www-Served-By
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Length
Cleartype
X-Rid
X-Amz-Replication-Status
Host
X-Ruxit-Js-Agent
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Contextid
X-Debug-Info
X-Az
X-Activity-Id
X-HS-Combine-CSS
X-LB-Cache
X-AppVersion
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
Server-Name
Section-Io-Cache
X-RateLimit-Remaining
X-Frontend
X-Browser-Type
X-Page-Id
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Git-Hash
MicrosoftSharePointTeamServices
X-Daa-Tunnel
X-VCache
X-Cache-Age
X-Ser
X-Respond-Thread
X-Content-Options
Access-Control-Allow-Method
X-Aspnetmvc-Version
Accept-Charset
X-Upgrade-Enabled
X-Hits
X-Mobile-URL
X-WebKit-CSP-Report-Only
X-DIS-Request-ID
X-Source
X-B-Cache
X-Signature
ServerID
Healthy
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Payment
X-Varnish-Grace
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Is-Crawler
X-Flags
X-Varnish-Backend
X-Aspnet-Duration-Ms
X-Varnish-Age
X-TT
X-Whom
X-Cache-Action
Viewport
X-FB-Debug
X-Ab
Paypal-Debug-Id
X-B3-Sampled
Node
X-CACHE-GROUP
X-AOL-HN
X-App-Environment
Fastcgi-Useragent
X-Seen-By
Version
DynaTrace
X-Load-Cache
X-Mobile
X-Yandex-Sdch-Disable
X-N
DC
X-Type
X-Tec-Api-Version
X-Tec-Api-Root
X-HTML-Minification-Powered-By
X-Tec-Api-Origin
X-Distributor
X-Tt-Trace-Host
X-Tt-Trace-Tag
SRV
Filterid
X-XRDS-LOCATION
Frame-Options
MS-CV
X-Cache-Control
Retry-After
X-User-Agent
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
Ar-Sid
X-Fastcgi-Cache
X-Cache-Expired-At
X-Jobs
X-IPLB-Instance
X-Response-Served-From
X-Original-Request-Id
Refresh
X-Real-IP
X-Proxy-Cache-Status
X-Adobe-Loc
X-UUID
X-Adobe-Content
X-Debug-IsPreview
X-Debug-IsConnected
X-Varnish-Server
Access-Control-Request-Headers
X-Page-View
X-Device-Type
X-Instance
X-Cluster-Name
X-Region
NGB
X-Tumblr-User
X-Microsite
X-Cache-Time
Uber-Trace-Id
X-B
VIX-Pulpo-Upstream-Status
X-IPS-LoggedIn
VIX-Pulpo-Node
X-Content-Powered-By
X-Tumblr-Pixel-0
X-G
X-ProcessESI
X-Tumblr-Pixel
X-Cacheable-TTL
X-Tumblr-Pixel-1
X-RemovedCookies
X-Request-Handler-Origin-Region
X-Framework
X-Proxy
Ms-Operation-Id
X-CDN-Forward
X-RTag
X-FW-Static
X-FW-Server
X-FW-Type
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
X-Vgn-Hpd-Reason
X-NGENIX-Cache
X-Zen-Fury
X-Azure-Ref
Countrycode
X-App-Version
Amp-Access-Control-Allow-Source-Origin
X-Time
Cache-Status
X-Wix-Request-Id
X-Node-Name
X-Cache-Rule
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Debug
Section-Io-Id
X-Mg-Request-UUID
X-Cache-Hit
X-Accel-Buffering
X-Ms-Version
X-Is-Bot
X-Rendered-As
X-Ms-Request-Id
X-Nginx-Cache
Liferay-Portal
X-RateLimit-Limit
Cache
SD-X-WS
X-Oracle-Dms-Rid
Referer-Policy
X-Drupal-Cache-Tags
X-EdgeConnect-Cache-Status
S-Cnection
X-App-Server
X-FireWall-Port
Country
X-Aws-Lambda-Call-Status
Surrogate-Key
X-L-Path
X-Environment-Context
X-Cache-Operation
X-Yottaa-Metrics
X-Yottaa-Optimizations
CF-IPCountry
X-Revision
X-HP-Trace-Id
Eomportal-Instance
X-Parallel-Accel
X-ES-SERVER
Meta-Geo
X-Timing-Wait
X-Endurance-Cache-Level
X-GG-Cache-Date
X-Loop
X-UPSTREAM-Address
X-RN-RSRV
X-Proxy-Build
X-JoinUs
Selected-Fe
X-SaId
X-TNCMS
X-Drupal-Cache-Contexts
From-Origin
X-Alternate-Cache-Key
X-Adobe-Source
X-Cache-Type
X-Cache-TTL-Remaining
X-Request-Time
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Varnishpool
X-Xfnlog-Site
X-Shopify-Stage
X-TA-CDN-Provider
X-ShardId
X-ShopId
X-Origin-Date
X-PHP-Backend
X-BYPASS-REASON
X-Say-Cacheable
X-LAGOON
X-Proto
X-NYM-Debug-Backend
X-No-Session
X-Say-TTL
X-ProxyCache-Status
X-SayCDN-TTL
X-LJ-Flow-ID
Cache-Name
Protected
X-ProxyCache-Key
X-S-Maxage
X-Varnish-Beresp-Grace
X-Varnish-Hostname
X-Backend-Host
X-AWS-Id
X-VWS-Id
X-Be
X-FB-TRIP-ID
X-Handled-By
Cache-Tv-Group
Apigw-Requestid
Fastly-SSL
X-Akamai-Edgescape
Country-Code
Property-Id
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Version
TWC-Locale-Group
Webcakes-App-Name
TWC-Device-Class
TWC-Connection-Speed
X-Cache-Server
X-Human
ServedBy
Webcakes-Region
TWC-Privacy
Azure-SiteName
X-PCL
X-Origin-Hint
Azure-InstanceId
Azure-RegionName
X-Pubstack
X-R9-Blue-Green-Version
X-Server-W
X-UA-Device-Type
X-RCS-CacheZone
X-Sql-Duration-Ms
X-OCL
X-Sql-Count
Azure-SlotName
Azure-Version
X-Tumblr-Pixel-2
X-Labrador-Cache-Channel
Decoy-Debug-Key
X-PHP-Host
X-Via-Fastly
X-Section
X-Access
X-Hl-Ver
Decoy-Debug-Status
X-Hosted-By
X-Status
X-Format
Decoy-Debug-TTL
Mn-Server-Ip
Akamai-GRN
X-Backend-Name
Count-Hit
X-ApacheServer
X-PERF
X-Uri
X-FW-Version
X-Web-Node
X-Hyper-Cache
X-B3-SpanId
X-Redis-Cache
GEO-INFO
Xserver
Nel
X-Time-Microsecs
X-ServerID
X-Cache-PHP
X-Servername
X-ATG-Version
X-Cluster-Node
X-Ua-Device
OT-Force-Account-Verify
X-TT-LOGID
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Trace-Id
X-TEC-API-VERSION
X-CSRF-Token
X-Content-Age
X-Tumblr-Pixel-3
X-WA-Info
X-Azure-Ref-OriginShield
Cross-Origin-Opener-Policy
X-Detected-As
X-MP-GENERATED-AT
X-Rule
X-Datadome
Backend
X-Generation-Time
X-Varnish-Cache-Hits
X-Cache-Host
X-Cached-By
X-CS
Web-Mar-Node
X-Akamai-Transformed
X-Soup
X-Bc-Bl
X-Cache-Enabled
X-Varnish-Hits
X-APP-VERSION
X-Edge-Location
X-Cache-Ttl
Content-Secure-Policy
Ec-Rule-Version
X-SRV
X-Mode
Cross-Origin-Window-Policy
X-Info
X-Varnish-Beresp-Status
AMP-Access-Control-Allow-Source-Origin
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Microcachable
X-Ua
X-Via-JSL
X-Cache-NGX
X-Cache-Grace
Url
S-Rt
X-Magnolia-Registration
SID
X-Debug-Cache
X-Storage
X-Dc
X-Forwarded-Host
X-Origin-TTL
X-Origin-CC
X-Air-Source
Upgrade-Insecure-Requests
X-Air-Hostname
X-Zipkin-Id
X-Air-Trace-Id
X-NWS-UUID-VERIFY
X-Locale
X-Routing-Service
X-Platform
X-Varnish-Beresp-Ttl
X-Proxied
Source
X-B3-Traceid
X-Extlb
Expiry
Fastcgi-X-Cache-Version
Fastly-SIE
BehaviorPad-Version
Fastly-SWR
Host-ID
CDN-Cache
Path
Odigeo-Trace-Id
Mobile-Detection-Method
MD5-Digest
Meta-Geo-Continent
CDCHOST
Apple-News-Services-Parsed-Url
CDN-EdgeStorageId
CDN-RequestId
Apple-News-Services-Handled
CDN-RequestCountryCode
A
CDN-Uid
DCR-Decision-By
CDN-CachedAt
CDN-PullZone
X-Vtex-Remote-Cache
Apple-News-Services-Host
DCR-Processing-Time-Ms
Apple-News-Services-Request-Url
X-Application
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Platform-Server
X-Processor
X-Ratelimit-Reset
X-Vtex-Processado-Em
X-Orig-Expires
X-From
X-Forwarded-Path
X-GoCache-CacheStatus
X-NAPM-TraceId
X-NU-AKA-ACS-Version
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-SRCache-Key
X-Shop-Environment
X-Tenant
X-VG-WebServer
X-Vdms-Version
X-Session-Fingerprint
X-ScT
X-Rewrite-Enabled
X-Request-URI
X-Rojux
X-S
X-S-Cookie
X-External-Request-Id
X-Epic-Correlation-Id
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Aed
X-Aicache-OS
X-A-Dam
X-A-Ccd
State
Req-Svc-Chain
Surrogated-Key
T-Server
X-A
X-VG-WebCache
X-ARC
X-Connection-Hash
X-Clientip
X-D
X-Destination
X-Developer
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-B-Cookie
X-BCube-Filmed-By
X-Cache-Bucket
X-Cache-NE
Rendered-Blocks
M-TraceId
X-Ratelimit-Limit
X-Tb
X-Service
X-Rocket-Build-Number
X-Core-Value
Pics-Label
PB-RID
PB-PID
X-Cms-Context
X-Var-Ttl
Fastly-Drupal-HTML
DSUID
X-Device-Os
Esi-Enabled
Platform
Fastly-Backend-Name
X-Variation
X-Origin-Expires
Is-Eu
X-Bip
X-TrackingId
X-Branch-Name
X-Backend-State
X-Thanos
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-AIR-PT
X-Proxy-Upstream
X-Request-UUID
X-Unique-Id
Cmstype
L
X-Cache-Tags
X-Cache-Debug
Origin
NGX
Content-Disposition
X-Li-Fabric
X-Is-Gdpr
X-Li-Pop
X-Sigma-Backend
Server-Info
C-Via
UCS
Adler-Geo
X-Hash
X-JWT-State
X-Has-Esi
X-Sigma
X-Site-Version
Cache-Host
Arc-Version
X-Loc
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
Cmsid
X-LI-UUID
X-VServer
X-VG-TLSProxy
X-Fastly-Backend
X-GEO
User-Cache-Control
X-Forwarded-Site
Wxu-Next-Region
TDXMobile
Thinkindot-CacheControl
X-Req
X-Scheme
Vix-Hermes-Req-Id
Wxu-Next-Hostname
True-Client-Country-4JS
Wxu-Next-Commit
Thinkindot-Control
X-Served-From
Thinkindot-CacheControl-Type
X-Csrf-Jwt
X-Gamma-Serve
X-Generated-In
X-Men
X-Level-Front-Cache
X-Fetched-On
X-Generated-On
X-Geo-Header
X-HN
X-DataDome
X-GeoIP-City
X-GeoIP
X-FC-Vary-Parameters
X-Eu-Site
X-CGP
X-Cluster
X-Ratelimit-Remaining
X-Policy
X-Unique-ID
X-Origin
X-Nginx-Cache-Key
X-Location
X-Developers
X-DefHash
X-DefElseHash
X-Amz-Meta-S3cmd-Attrs
X-Request-Host
Gh-Request-Id
Ha-Gx-Prefs
Fastcgi-Cache-TTL
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
HA-Ipaddr
IsBot
Locid
Location
L5d-Success-Class
Kp-EeAlive
Cf-Device-Type
X-Varnish-Remaining-TTL
X-Cache-Info
Cache-Key
X-Accel-Expires-Debug
X-Conf
X-Ftr-Request-Id
X-Clara-WADP
CacheControlHeader
X-VarnishDD-TTL
X-VC-Cache
X-Vdms-Path
X-Date
X-Thinkindot-L3
X-WADP-Cache
NM-Fastcgi-Cache
Sever-Int
X-Fmm-Version
Server-Host
Pagetype
PFcat
Server-Hostname
X-Fastly-Cache
X-VHOST
Server-Ext
Memcached
Release
X-EC-Lua
X-SIPLIST1
X-Micro-Cache
X-Mvc-Supplant-Cachable
CPC-Age
CPC-Cache
Arc-Country
X-Old-Content-Length
X-BBC-Edge-Cache-Status
We-Hiring
X-RateLimit-Remaining-Second
NtCoent-Length
X-Irp-Debug
X-Goog-Meta-Goog-Reserved-File-Mtime
VNS-Cache
Mail-Subject
X-Cache-Id
X-Block-Status
VNS-Age
AKAMAI
X-Slack-Backend
X-Esi-Check
X-Sucuri-ID
Svr
X-Gen-Mode
X-DC
X-Owner
X-Via-NSCOPI
Webserver
X-Viewer-Country
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Skip-Cache
X-RateLimit-Limit-Second
DataCenter
V-Age
X-Hnp-Log
X-Gzip
X-Generated-By
Who
X-CLOUD-TRACE-CONTEXT
X-User
X-Qloud-Router
X-Planisys-CDN-TTL
X-Ckpd-Fst-Backend
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Via-Popn
X-PF-Uncompressing
Cache-Hits
X-Via-Poph
X-Via-Popv
X-HS-Content-Campaign-Id
X-Worker
X-Mvc-Supplant-OutputCached
X-Srv
X-Zone
X-Servedbyhost
X-Varnish-Url
MIME-Version
X-Minions-Version
X-Auto-Login
X-V-Cache
X-NC
X-CACHE-KEY
X-Vc
X-NCache
X-Tx-Id
XServer
X-Qnm-Cache
X-M-Reqid
X-M-Log
X-Render-Time
X-Platform-Processor
My-App
X-Platform-Router
Powered-By-ChinaCache
X-Refresh
X-Platform-Cluster
X-Rocket-Nginx-Serving-Static
X-LSADC-Cache
X-LB-ID
X-ID
X-Wa
X-SD-PageType
Time
X-Internal-Host
Memory
X-Traceid
WebServer
X-Varnish-Ttl
X-TX-ID
X-Cache-Remote
X-Ua-Browser
X-Content
X-Datadog-Trace-Id
X-Pass-Why
X-PJAX-URL
X-Datadog-Parent-Id
Environment
Server-ID
X-ZONE
X-Newrelic-Synthetics
X-Datadog-Sampling-Priority
X-App
X-BBC-Origin-Response-Status
X-Webkit-Csp
X-NodeID
X-Webkit-CSP-Report-Only
X-TIME
X-API-Version
X-Gdpr
X-Nyt-Route
X-Origin-Time
X-Cache-Var-Map
X-Cache-Var
X-Server-IP
X-VCL-Version
X-Via-Ucdn
X-OVcl
X-Cache-Config
X-OVcl-Cache
Cluster
HostName
Tcn
X-TraceId
Geo-Info
Cf-Bgj
Candidate-Md5Url
X-Dynatrace
Hostname
X-Pod-Name
X-NewRelic-App-Data
Datacenter
X-Backend-TTL
GeoIp-Country-Code
X-LI-Proto
Magicmarker
Geoip-Latitude
X-ElasticPress-Query
X-Tb-Optimization-Total-Bytes-Saved
Resin-Trace
N-Cache
X-Edge-Pop
X-Correlation-ID
X-Geo
Web-Mar-Region
X-Dispatcher-Server
DB-Nickname
X-Method
Ohc-File-Size
X-HITS
X-CACHE-AGE
X-Origin-Response-Time
X-HostName
Onion-Location
X-Varnish-Beresp-TTL
X-IP
X-Akamai-Pragma-Client-IP
X-Li-Proto
GeoIP-Latitude
GeoIP-Country-Code
Ssr
X-MSEdge-Features
X-MSEdge-Flight
Proxy-Connection
X-NODE
X-EIG-Tracking-Id
X-Varnish-Cacheable
WWW-Authenticate
Servername
X-AB
X-Node-Id
X-Wix-Viewer-Type
LB
Cf-Ipcountry
Cdn
X-Trv-Group
X-ND-Cache
X-Fastly-Request-Id
CDN
X-Vcl-Version
CF-Cached-On
X-DynaTrace-JS-Agent
X-Fpc
X-APP
Redirect-Candidate
X-Tid
Server-Id
WZWS-RAY
X-TIM-N
X-HS-Status
Lb
X-Via-CDN
X-Dynatrace-Js-Agent
X-Cs
X-Nc
Tracecode
Sid
X-Request-Start
X-WA
X-Pjax-Url
X-Fastly-Backend-Reqs
Env
X-Up
X-MG-S
Pramga
Is-Us
URI
X-NGINX-Cache
X-Reqid
X-Webkit-Csp-Report-Only
X-Cache-Date
Cteonnt-Length
X-ServerName
X-Check-Cacheable
X-Tt-Logid
X-Lb-Id
X-VC
X-Amz-Meta-Cb-Modifiedtime
X-Cdn-Origin
X-Sn-Servicetimems
X-URL
Rt-Fastcgi-Cache
X-Esi
X-Xrds-Location
X-CSRF-TOKEN
Ohc-Cache-HIT
X-ServedByHost
X-Cache-Backend
X-Core-Mission
Mime-Version
X-Provided-By
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
W
X-Via-PopH
Viewtype
X-Via-PopN
X-Via-PopV
VivaBuild
X-SERVER-NAME
X-UnsetCookies
CountryCode
X-Cache-Expires
Shield-Pop
CloudFront-Viewer-Country
X-FTR-Request-ID
X-LiteSpeed-Cache-Control
Server-Ttl
Machine
X-SN
X-Cache-ASPX
X-Pf-Uncompressing
X-Yottaa-OS
X-Varnish-Authentication
X-Acquia-Purge-Tags
X-Contensis-Viewer-Groups
X-Fastly-Cache-Hits
X-RAMCache
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Dw-Trace-Id
X-FORWARDED-FOR
X-Acquia-Site
X-Pad
CACHE
X-Hcs-Proxy-Type
X-Region-Sid
X-RSL
X-Sucuri-Cache
X-StackifyID
X-Cdn-Request-ID
Xet-Cookie
X-RPS
X-Edge-POP
X-Cache-Status-Check
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-CUA
WP-Super-Cache
X-Country-Code-Real
On-Server
FSS-Cache
X-Swift-Error
X-RPM
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-SB
X-FTR-Backend
Ohc-Response-Time
ServerName
Vha6-Origin
X-DW
X-Webstats-RespID
X-DB
X-Action
X-DSS
X-DI
X-Air-Pt
X-Cdn-Forward
X-FTR-Expires
X-FPC
X-Moov-Xdn-Version
Xc-Version
X-Moov-T
X-C
X-Swa-Ws
X-Snapshot-Date
X-Oss-Object-Type
Content-Script-Type
X-ElasticPress-Search
X-TH-Server
X-MiniProfiler-Ids
Content-Style-Type
X-Oss-Storage-Class
Req-ID
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma