Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-Request-ID
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-DNS-Prefetch-Control
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
X-Robots-Tag
Server-Timing
X-AH-Environment
X-Ua-Compatible
X-Server
X-Hacker
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
X-Amz-Request-Id
EagleId
X-Nginx-Cache-Status
X-Dns-Prefetch-Control
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-Page-Speed
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
NEL
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
Cf-Railgun
X-Host
X-Dispatcher
X-OneAgent-JS-Injection
X-Server-Id
X-CST
Allow
X-Cache-Spec
X-Node
Surrogate-Control
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Webkit-CSP
Accept-CH
X-Readtime
X-Response-Time
X-Akam-SW-Version
X-WebKit-CSP
Xkey
X-HW
X-Country
Accept-Ch-Lifetime
X-Language
X-Ac
X-Application-Context
Content-Location
X-Ruxit-JS-Agent
X-Template
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Cache-Lookup
X-Url
X-Mod-Pagespeed
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
X-B3-TraceId
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
Accept-CH-Lifetime
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-ASPNET-VERSION
X-Origin-Cache
X-Cnection
X-Rack-Cache
X-FastCGI-Cache
X-D2id
X-Exp-Variant
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-Country-Code
X-Goog-Hash
X-VARITI-CCR
Verso
Arr-Disable-Session-Affinity
X-Server-Name
X-Buckets
X-Vcap-Request-Id
X-Cached
Accept-Ch
X-Navigation-Version
Cache-Tag
X-Amz-Rid
X-Client-IP
Service-Worker-Allowed
X-Abt-Application-Version
X-ORACLE-DMS-ECID
X-Powered-By-Plesk
RTSS
X-Fastly-Request-ID
Access-Control-Request-Method
X-Powered-CMS
X-MSEdge-Ref
Display
X-Element-Page-Cache
X-Middleton-Display
Pagespeed
X-Sol
Response
X-Middleton-Response
X-Cache-TTL
Public-Key-Pins
X-Server-ID
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Upstream
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Version
X-Px
X-Ttl
X-TTL
X-Edge
S
X-Edge-Location-Klb
X-Kinsta-Cache
X-LLID
Realpath
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Oneagent-Js-Injection
X-ECACHE
X-Accel-Expires
SPIisLatency
SPRequestDuration
SPRequestGuid
X-SharePointHealthScore
X-Jurisdiction
X-HP-Webp
X-T
X-Aspnetmvc-Version
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Mid
X-MCACHE
X-PressLabs-Stats
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-Forwarded-Proto
X-Cache-Key
X-DynaTrace
X-Correlation-Id
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Ruxit-Js-Agent
Edge-Cache-Tag
X-Recruiting
Charset
Fastcgi-Cache
X-Amz-Server-Side-Encryption
TP-L2-Cache
TP-Cache
X-ORACLE-DMS-RID
Nginx-Cache
X-Mg-S
X-Content-Digest
X-XRDS-Location
X-Request-Received
X-Request-Processing-Time
Filters
X-Id
X-Ezoic-Cdn
TCN
Front-End-Https
X-Logged-In
Server-Node
X-Release
Alternate-Protocol
X-Forwarded-For
Cache-Tags
Content-MD5
X-Litespeed-Cache
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-Origin-Upstream-Status
X-Geo-Country
X-Amzn-Trace-Id
X-Hostname
X-Protected-By
X-Origin-Server
X-Grace
Server-Name
X-Www-Served-By
X-Rid
Cleartype
X-F-Cache
X-Amz-Replication-Status
X-Activity-Id
X-AppVersion
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Az
X-GUploader-UploadID
X-Goog-Storage-Class
Host
X-Goog-Metageneration
X-Contextid
X-Goog-Generation
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-LB-Cache
X-RateLimit-Remaining
X-Debug-Info
X-WebKit-CSP-Report-Only
X-Frontend
Section-Io-Cache
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
MicrosoftSharePointTeamServices
X-NWS-LOG-UUID
X-Git-Hash
X-Ser
X-Page-Id
X-Cache-Age
X-VCache
X-Upgrade-Enabled
X-Respond-Thread
Accept-Charset
X-Content-Options
X-Daa-Tunnel
X-Source
X-Hits
Access-Control-Allow-Method
X-Varnish-Age
X-DIS-Request-ID
X-Mobile-URL
Paypal-Debug-Id
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
ServerID
X-Varnish-Backend
Viewport
X-Kong-Upstream-Latency
X-CACHE-GROUP
X-Signature
X-Varnish-Grace
X-B-Cache
X-Kong-Proxy-Latency
Healthy
X-Flags
X-Cache-Action
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Whom
X-Is-Crawler
X-Aspnet-Duration-Ms
Payment
X-FB-Debug
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-B3-Sampled
Ar-Sid
X-TT
AR-CACHE
Node
X-AOL-HN
X-App-Environment
X-N
Version
X-Seen-By
X-Mobile
DynaTrace
X-Load-Cache
X-Type
Fastcgi-Useragent
DC
X-Fastcgi-Cache
X-Yandex-Sdch-Disable
X-Request-Handler-Origin-Region
X-Microsite
X-XRDS-LOCATION
MS-CV
X-Ab
X-HTML-Minification-Powered-By
X-Distributor
X-Cache-Expired-At
Retry-After
SRV
X-Tt-Trace-Host
X-Ua-Device
X-Cache-Control
X-Tt-Trace-Tag
Frame-Options
Filterid
X-User-Agent
X-IPLB-Instance
X-Original-Request-Id
X-Response-Served-From
X-Tumblr-Pixel-0
X-Real-IP
X-RemovedCookies
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-ProcessESI
X-Instance
X-Jobs
X-UUID
X-Tumblr-User
X-Cluster-Name
X-Varnish-Server
X-IPS-LoggedIn
X-Region
X-Proxy-Cache-Status
Ms-Operation-Id
Uber-Trace-Id
X-Proxy
Refresh
Access-Control-Request-Headers
X-Cache-Time
X-Debug-IsConnected
X-Adobe-Content
X-Device-Type
X-Content-Powered-By
X-Adobe-Loc
X-Cacheable-TTL
X-Debug-IsPreview
X-RTag
VIX-Pulpo-Node
X-Page-View
X-G
X-Framework
X-B
VIX-Pulpo-Upstream-Status
NGB
X-Debug
X-FireWall-Port
X-Vgn-Hpd-Reason
X-FW-Static
X-FW-Type
X-Zen-Fury
X-FW-Server
X-Accel-Buffering
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
Countrycode
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Wix-Request-Id
X-CDN-Forward
X-Time
X-Mg-Request-UUID
Cache
X-NGENIX-Cache
Cache-Status
X-Oracle-Dms-Rid
X-RateLimit-Limit
X-Azure-Ref
X-App-Version
Amp-Access-Control-Allow-Source-Origin
X-Node-Name
X-Cache-Rule
X-Is-Bot
X-Rendered-As
X-Drupal-Cache-Tags
Country
X-Ms-Version
Surrogate-Key
X-Ms-Request-Id
X-EdgeConnect-Cache-Status
X-Cache-Hit
S-Cnection
X-Nginx-Cache
SD-X-WS
Referer-Policy
Liferay-Portal
X-App-Server
Eomportal-Instance
X-Environment-Context
X-L-Path
X-Cache-Operation
X-Yottaa-Optimizations
X-TA-CDN-Provider
X-Yottaa-Metrics
X-ES-SERVER
X-Drupal-Cache-Contexts
X-JoinUs
X-Timing-Wait
X-Proxy-Build
X-Tumblr-Pixel-2
X-UPSTREAM-Address
X-Varnishpool
Selected-Fe
Meta-Geo
X-RN-RSRV
From-Origin
X-SaId
X-Cache-TTL-Remaining
X-Backend-Host
X-Alternate-Cache-Key
X-Cache-Server
Protected
CF-IPCountry
X-No-Session
X-Storefront-Renderer-Rendered
X-Pubstack
X-PHP-Backend
X-Varnish-Beresp-Grace
X-Sorting-Hat-PodId
X-R9-Blue-Green-Version
X-Request-Time
X-ShopId
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-ShopId
X-S-Maxage
X-Via-Fastly
X-Varnish-Hostname
X-Loop
X-Xfnlog-Site
X-GG-Cache-Date
X-TNCMS
X-Handled-By
X-Endurance-Cache-Level
Property-Id
Fastly-SSL
X-NYM-Debug-Backend
Azure-RegionName
X-Adobe-Source
Cache-Name
Azure-SiteName
Azure-SlotName
Azure-Version
Cache-Tv-Group
X-Be
Azure-InstanceId
X-Server-W
X-OCL
Webcakes-App-Version
X-Origin-Hint
Webcakes-App-Name
X-LJ-Flow-ID
X-LAGOON
X-AWS-Id
X-Human
Webcakes-Region
X-PCL
TWC-Privacy
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
TWC-Connection-Speed
TWC-Device-Class
X-Proto
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
ServedBy
X-VWS-Id
X-Revision
Country-Code
X-UA-Device-Type
X-RCS-CacheZone
X-Access
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Format
X-Section
X-Hl-Ver
X-Origin-Date
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
Apigw-Requestid
X-Backend-Name
Akamai-GRN
X-Labrador-Cache-Channel
X-PHP-Host
X-PERF
Mn-Server-Ip
X-ApacheServer
X-Sql-Count
X-Cache-Type
X-Akamai-Edgescape
X-FB-TRIP-ID
X-Status
X-Sql-Duration-Ms
X-Aws-Lambda-Call-Status
X-Hosted-By
X-Uri
X-Hyper-Cache
X-Cache-PHP
X-Redis-Cache
X-Web-Node
X-B3-SpanId
X-Parallel-Accel
X-ATG-Version
X-Rule
X-B3-Traceid
X-Trace-Id
X-FW-Version
Xserver
X-MP-GENERATED-AT
X-WA-Info
X-Time-Microsecs
X-ServerID
X-Tumblr-Pixel-3
X-Content-Age
Count-Hit
GEO-INFO
X-Cached-By
OT-Force-Account-Verify
X-TT-LOGID
X-Cluster-Node
X-Soup
X-CSRF-Token
AMP-Access-Control-Allow-Source-Origin
X-Akamai-Transformed
Backend
X-Detected-As
X-Cache-Enabled
X-Dc
X-Varnish-Cache-Hits
X-HP-Trace-Id
X-Edge-Location
X-Datadome
X-Azure-Ref-OriginShield
X-Cache-Host
X-APP-VERSION
X-Servername
X-Mode
X-Bc-Bl
Cross-Origin-Opener-Policy
Web-Mar-Node
X-Generation-Time
X-Varnish-Beresp-Status
X-Info
X-CS
X-Microcachable
X-Varnish-Hits
X-Amz-Apigw-Id
X-Cache-NGX
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Varnish-Beresp-Ttl
X-Storage
X-Debug-Cache
X-Proxied
X-Platform
X-Routing-Service
X-Zipkin-Id
X-Unique-ID
DataCenter
S-Rt
X-Extlb
X-SRV
X-Ua
X-Origin-TTL
X-Magnolia-Registration
Who
X-Origin-CC
X-Processor
X-CF-Lambda-Fn
Odigeo-Trace-Id
Mobile-Detection-Method
X-Application
X-Session-Fingerprint
MD5-Digest
X-Service
X-ARC
T-Server
Path
Meta-Geo-Continent
X-A-Dam
X-Aicache-OS
Expiry
X-Aed
X-A-Ccd
X-CF-Lambda-Version
X-SRCache-Key
X-A
X-A-Wwc
X-NAPM-TraceId
Req-Svc-Chain
Rendered-Blocks
X-ScT
X-PBS-Appsvrname
X-PAYTM-SRV-ID
Cross-Origin-Window-Policy
X-S-Cookie
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
Fastly-Backend-Name
CDCHOST
Cache-Host
X-A-Dgt
X-Cache-Bucket
X-Ratelimit-Reset
CDN-PullZone
Content-Disposition
DCR-Processing-Time-Ms
X-Rewrite-Enabled
X-Request-URI
CDN-Uid
CDN-RequestCountryCode
CDN-RequestId
Host-ID
State
X-B-Cookie
Apple-News-Services-Handled
Apple-News-Services-Host
X-A-Dcw
A
DCR-Decision-By
X-S
Fastcgi-X-Cache-Version
X-BCube-Filmed-By
M-TraceId
Surrogated-Key
BehaviorPad-Version
X-Rojux
X-Cache-NE
Apple-News-Services-Request-Url
X-Bip
Apple-News-Services-Parsed-Url
Url
X-Thanos
X-Geo-Header
X-External-Request-Id
Upgrade-Insecure-Requests
X-Via-JSL
SID
X-Connection-Hash
Ec-Rule-Version
X-Vtex-Processado-Em
X-Locale
X-VG-WebCache
X-Level-Front-Cache
X-Destination
X-Epic-Correlation-Id
X-Developer
X-VG-WebServer
X-Core-Value
X-D
X-NWS-UUID-VERIFY
X-Vtex-Remote-Cache
X-Cache-Ttl
X-Generated-On
X-Air-Source
X-Air-Hostname
X-Vdms-Version
X-Cms-Context
X-Air-Trace-Id
X-Vdms-Path
X-From
X-Location
X-DataDome
Source
X-TEC-API-VERSION
Server-Info
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Cache-Grace
X-Rebelmouse-Surrogate-Control
Memcached
Kp-EeAlive
L
X-Cache-Debug
Fastly-Drupal-HTML
Location
X-Branch-Name
Gh-Request-Id
X-Envoy-Decorator-Operation
X-Backend-State
X-Rebelmouse-Cache-Control
X-Platform-Server
Origin
Thinkindot-CacheControl
TDXMobile
X-Origin
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Gamma-Serve
X-VHOST
UCS
X-Varnish-Ttl
Server-Host
Fastly-SIE
X-Tenant
X-Proxy-Upstream
NGX
Fastly-SWR
Pics-Label
PFcat
Pagetype
X-Shop-Environment
DSUID
X-Thinkindot-L3
X-TrackingId
X-Var-Ttl
C-Via
CacheControlHeader
X-Forwarded-Path
X-HN
X-VarnishDD-TTL
AKAMAI
X-VG-TLSProxy
X-Sigma-Backend
X-Sigma
X-Served-From
Fastcgi-Cache-TTL
Content-Secure-Policy
X-Scheme
X-Has-Esi
X-Is-Gdpr
X-SVT-ORM-RULES
X-Request-UUID
X-Orig-Expires
X-GoCache-CacheStatus
Esi-Enabled
X-SVT-ORM-VERSION
X-Clientip
X-NU-AKA-ACS-Version
X-JWT-State
X-Developers
X-Device-Os
X-Hash
X-Rocket-Build-Number
Cmsid
Cmstype
X-Tb
User-Cache-Control
X-Forwarded-Host
X-CGP
X-Generated-In
X-Date
X-LI-UUID
X-Clara-WADP
X-GeoIP
X-Cache-Info
Wxu-Next-Hostname
Wxu-Next-Commit
X-GeoIP-City
Wxu-Next-Region
X-Generated-By
X-Forwarded-Site
X-Fmm-Version
X-Li-Pop
X-Men
X-Fastly-Cache
X-Fastly-Backend
X-AIR-PT
X-Accel-Expires-Debug
X-Micro-Cache
X-Fetched-On
X-Csrf-Jwt
X-Cluster
X-Eu-Site
X-Li-Fabric
X-Skip-Cache
X-User
Cf-Device-Type
X-Amz-Meta-S3cmd-Attrs
Is-Eu
X-Sucuri-ID
X-Site-Version
Ha-Gx-Prefs
X-Req
X-Request-Host
Arc-Country
X-Ratelimit-Limit
X-Cache-Tags
X-VC-Cache
X-Srv
X-Variation
X-VServer
PB-PID
PB-RID
Platform
X-DPWN-IS-SECURE
X-Loc
X-Origin-Expires
HA-Ipaddr
X-WADP-Cache
Sever-Int
X-Owner
X-EC-Lua
Server-Ext
Svr
Arc-Version
Adler-Geo
Vix-Hermes-Req-Id
X-Nginx-Cache-Key
True-Client-Country-4JS
Release
Server-Hostname
L5d-Success-Class
NM-Fastcgi-Cache
X-Policy
Nel
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Varnish-CookieINHashed-On
X-Irp-Debug
X-Varnish-Remaining-TTL
X-Wikidot-Static-Cache
X-Wikidot-Backend
NtCoent-Length
IsBot
Locid
X-Gen-Mode
X-Hnp-Log
Cache-Key
X-Gzip
X-DefHash
Mail-Subject
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Block-Status
X-Qloud-Router
X-PF-Uncompressing
We-Hiring
X-Mvc-Supplant-Cachable
V-Age
X-Old-Content-Length
X-Cache-Id
X-Slack-Backend
X-Viewer-Country
X-SIPLIST1
X-Esi-Check
X-Varnish-CookieHashed-On
X-Via-NSCOPI
X-Ftr-Request-Id
X-Varnish-Url
X-DefElseHash
X-Minions-Version
X-FC-Vary-Parameters
Webserver
X-GEO
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
VNS-Age
Cache-Hits
X-Unique-Id
X-Conf
VNS-Cache
CPC-Cache
CPC-Age
X-HS-Content-Campaign-Id
X-Zone
XServer
X-Vc
Powered-By-ChinaCache
My-App
MIME-Version
X-BBC-Edge-Cache-Status
X-Ratelimit-Remaining
X-Mvc-Supplant-OutputCached
X-Pass-Why
X-Ckpd-Fst-Backend
X-Worker
X-Via-Popv
X-Via-Popn
X-Servedbyhost
X-Via-Poph
X-Internal-Host
X-Auto-Login
X-NC
X-PJAX-URL
X-Refresh
X-TX-ID
X-CACHE-KEY
X-ID
X-LSADC-Cache
X-DC
X-V-Cache
Time
Memory
WebServer
X-OVcl
X-Tx-Id
X-OVcl-Cache
X-NCache
X-Render-Time
X-Rocket-Nginx-Serving-Static
X-LB-ID
Server-ID
X-Traceid
X-Platform-Cluster
Geo-Info
X-Qnm-Cache
X-Platform-Router
X-Platform-Processor
X-Webkit-Csp
X-TIME
X-M-Reqid
Cf-Bgj
X-Wa
X-M-Log
X-Newrelic-Synthetics
X-Backend-TTL
X-Cache-Remote
X-NewRelic-App-Data
X-ZONE
X-TraceId
X-App
X-SD-PageType
Hostname
Magicmarker
Geoip-Latitude
X-Datadog-Trace-Id
Environment
X-Datadog-Sampling-Priority
DB-Nickname
GeoIp-Country-Code
X-Datadog-Parent-Id
X-Webkit-CSP-Report-Only
HostName
X-BBC-Origin-Response-Status
X-Nyt-Route
X-VCL-Version
X-Origin-Time
X-Gdpr
X-NodeID
X-API-Version
X-Cache-Config
X-CLOUD-TRACE-CONTEXT
X-Dispatcher-Server
X-Geo
X-Method
Resin-Trace
X-Tb-Optimization-Total-Bytes-Saved
X-Pod-Name
X-Via-Ucdn
X-Server-IP
X-Edge-Pop
Cluster
X-Correlation-ID
X-Cache-Var-Map
X-Cache-Var
X-Akamai-Pragma-Client-IP
Candidate-Md5Url
X-LI-Proto
Ssr
X-IP
LB
Ohc-File-Size
Tcn
X-Dynatrace
X-MSEdge-Features
X-MSEdge-Flight
X-Origin-Response-Time
X-HITS
X-CACHE-AGE
N-Cache
X-ElasticPress-Query
Datacenter
X-Li-Proto
Web-Mar-Region
Cf-Ipcountry
X-Nc
X-Varnish-Beresp-TTL
X-Node-Id
X-Trv-Group
X-NODE
X-Content
X-AB
X-Ua-Browser
X-Vcl-Version
X-Wix-Viewer-Type
X-DynaTrace-JS-Agent
X-ND-Cache
X-Via-CDN
Onion-Location
X-HostName
Servername
X-Cs
Env
X-Fastly-Request-Id
X-APP
GeoIP-Latitude
GeoIP-Country-Code
X-ServerName
CF-Cached-On
Sid
CDN
X-Reqid
X-NGINX-Cache
X-EIG-Tracking-Id
WWW-Authenticate
X-Varnish-Cacheable
Proxy-Connection
Cdn
X-HS-Status
X-Dynatrace-Js-Agent
X-WA
WZWS-RAY
Server-Id
X-MG-S
X-CSRF-TOKEN
X-Fpc
Rt-Fastcgi-Cache
Viewtype
VivaBuild
X-Lb-Id
X-Fastly-Backend-Reqs
X-Request-Start
X-TIM-N
Redirect-Candidate
Cteonnt-Length
X-Via-PopN
X-Via-PopV
X-Tid
X-Check-Cacheable
X-Via-PopH
X-Pjax-Url
X-URL
Machine
X-Xrds-Location
Ohc-Cache-HIT
X-Esi
X-IN-APIGATEWAY
X-FTR-Request-ID
X-IN-APIGATEWAYSSL
X-VC
X-Up
Tracecode
X-Cache-Backend
X-Cdn-Forward
Lb
URI
Mime-Version
CountryCode
X-ServedByHost
On-Server
Server-Ttl
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Date
FSS-Cache
Shield-Pop
Pramga
Is-Us
X-SN
X-Tt-Logid
X-Swa-Ws
X-Sn-Servicetimems
X-Cdn-Origin
X-Cache-ASPX
X-Fastly-Cache-Hits
X-Varnish-Authentication
X-Contensis-Viewer-Groups
CACHE
X-FORWARDED-FOR
X-Air-Pt
X-LiteSpeed-Cache-Control
X-RAMCache
X-StackifyID
X-Oss-Hash-Crc64ecma
X-Provided-By
X-Oss-Object-Type
X-Oss-Request-Id
X-RPM
X-FTR-Backend
X-RSL
X-Oss-Server-Time
X-Core-Mission
Xet-Cookie
X-Swift-Error
X-Pf-Uncompressing
CloudFront-Viewer-Country
Content-Script-Type
X-Acquia-Site
X-Acquia-Purge-Tags
X-SB
X-DW
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Content-Style-Type
X-RPS
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-DSS
X-Pad
X-Dw-Trace-Id
Xc-Version
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Yottaa-OS
X-ElasticPress-Search
X-DI
X-DB
X-Webstats-RespID
X-Oss-Storage-Class
WP-Super-Cache
Warning
Ohc-Response-Time
Vha6-Origin
X-Action
X-Cdn-Request-ID
X-Cache-Expires
Req-ID
X-FTR-Expires
ServerName
X-Snapshot-Date
X-MiniProfiler-Ids
X-TH-Server
X-C
W