Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-Powered-By
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
X-Ws-Request-Id
Server-Timing
X-Robots-Tag
Request-Context
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
EagleId
X-Nginx-Cache-Status
Report-To
X-Rq
X-LiteSpeed-Cache
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
EagleEye-TraceId
X-Device
Ali-Swift-Global-Savetime
X-Vhost
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
NEL
Cf-Railgun
X-Dispatcher
X-Host
X-Server-Id
X-Cache-Spec
X-CST
X-Node
Allow
X-Backend-Server
Request-Id
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-WebKit-CSP
X-Readtime
X-Akam-SW-Version
X-Response-Time
Accept-CH
X-Webkit-CSP
Accept-Ch-Lifetime
Xkey
X-Ruxit-JS-Agent
X-HW
X-Language
X-Country
X-Application-Context
X-Ac
X-Template
Content-Location
X-Cache-Lookup
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Url
X-B3-TraceId
Edge-Control
X-Mod-Pagespeed
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
Accept-Ch
X-Varnish-TTL
X-ESI
X-Trace
X-MS-InvokeApp
X-Content-Type
Fastly-Restarts
X-GitHub-Request-Id
X-Rack-Cache
X-Origin-Cache
X-Cnection
X-FastCGI-Cache
X-Country-Code
X-Buckets
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Goog-Hash
X-Kinja-Server
Verso
X-VARITI-CCR
X-D2id
Accept-CH-Lifetime
Arr-Disable-Session-Affinity
X-Vcap-Request-Id
X-ORACLE-DMS-ECID
X-Cached
Cache-Tag
X-Server-Name
X-Abt-Application-Version
X-Client-IP
Service-Worker-Allowed
X-Amz-Rid
X-Server-ID
X-Navigation-Version
X-Powered-By-Plesk
RTSS
X-Px
X-Fastly-Request-ID
Access-Control-Request-Method
Public-Key-Pins
X-Powered-CMS
X-Element-Page-Cache
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
X-Dw-Request-Base-Id
X-TTL
X-NF-Request-ID
X-Version
Pagespeed
Response
Display
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Cache-TTL
S
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
X-LLID
X-Ttl
X-B3-TraceId-Primal
MRF-Tech
Realpath
X-ECACHE
Mrf-Cache-Status
X-Accel-Expires
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
SPRequestGuid
X-HP-Webp
X-Jurisdiction
X-SharePointHealthScore
SPRequestDuration
SPIisLatency
X-Correlation-Id
X-Shield-Request-Id
X-Mid
X-T
X-MCACHE
X-PressLabs-Stats
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Content-Security-Policy-Report-Only
X-Litespeed-Cache
X-Cache-Key
Edge-Cache-Tag
X-ORACLE-DMS-RID
X-Forwarded-Proto
X-DynaTrace
Fastcgi-Cache
X-XRDS-Location
X-Amz-Server-Side-Encryption
X-Mg-S
X-Content-Digest
TP-L2-Cache
TP-Cache
X-Recruiting
Nginx-Cache
Charset
Filters
X-Id
Front-End-Https
X-Request-Received
X-Request-Processing-Time
Alternate-Protocol
Server-Node
X-Forwarded-For
X-Logged-In
X-Ezoic-Cdn
TCN
Content-MD5
X-Geo-Country
Cache-Tags
Fusion-Content-Source
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
X-ASPNET-VERSION
X-Protected-By
X-Amzn-Trace-Id
X-Origin-Upstream-Status
X-Release
X-Grace
X-Origin-Server
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Hostname
X-Www-Served-By
X-F-Cache
X-Oneagent-Js-Injection
X-Amz-Replication-Status
Cleartype
X-NWS-LOG-UUID
X-Rid
Host
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-Debug-Info
X-LB-Cache
X-Contextid
X-Activity-Id
X-Az
X-AppVersion
Server-Name
Section-Io-Cache
X-RateLimit-Remaining
X-Page-Id
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Git-Hash
X-Frontend
X-Daa-Tunnel
X-Ser
MicrosoftSharePointTeamServices
X-Respond-Thread
X-VCache
X-Aspnetmvc-Version
X-Cache-Age
X-Content-Options
X-Ruxit-Js-Agent
X-WebKit-CSP-Report-Only
Accept-Charset
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Hits
X-Mobile-URL
X-Source
X-Ab
X-Kong-Upstream-Latency
X-DIS-Request-ID
X-Kong-Proxy-Latency
X-B-Cache
X-Aspnet-Duration-Ms
X-Is-Crawler
ServerID
X-Route-Name
X-CACHE-GROUP
X-Flags
X-Request-Guid
X-Providence-Cookie
X-Signature
Payment
Healthy
X-Varnish-Backend
X-Whom
X-Varnish-Grace
X-Cache-Action
X-Varnish-Age
X-TT
Viewport
X-FB-Debug
Paypal-Debug-Id
X-App-Environment
Node
X-AOL-HN
X-B3-Sampled
Fastcgi-Useragent
DynaTrace
X-Seen-By
Version
X-Load-Cache
X-Yandex-Sdch-Disable
X-Mobile
X-N
DC
X-XRDS-LOCATION
X-Type
X-HTML-Minification-Powered-By
X-Tt-Trace-Tag
X-Tt-Trace-Host
Filterid
X-Distributor
X-Tec-Api-Version
SRV
X-Tec-Api-Origin
X-Tec-Api-Root
X-Fastcgi-Cache
Retry-After
X-Cache-Control
Frame-Options
X-User-Agent
MS-CV
X-Cache-Expired-At
X-Jobs
AR-ATIME
X-IPLB-Instance
AR-CACHE
Ar-Sid
Refresh
X-Original-Request-Id
AR-Request-ID
AR-PoweredBy
X-Response-Served-From
X-UUID
X-Adobe-Loc
X-Proxy-Cache-Status
X-Page-View
X-Adobe-Content
NGB
X-Real-IP
Access-Control-Request-Headers
X-Cluster-Name
X-Instance
X-Varnish-Server
X-Device-Type
X-Debug-IsPreview
X-Debug-IsConnected
X-Region
X-Framework
X-RemovedCookies
X-G
X-ProcessESI
X-Tumblr-Pixel-0
X-IPS-LoggedIn
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Cache-Time
VIX-Pulpo-Upstream-Status
X-Content-Powered-By
X-Cacheable-TTL
X-Proxy
X-Tumblr-User
Uber-Trace-Id
VIX-Pulpo-Node
X-B
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-RTag
X-FW-Server
Ms-Operation-Id
X-CDN-Forward
X-FW-Type
X-FW-Static
X-Vgn-Hpd-Reason
X-Microsite
X-Request-Handler-Origin-Region
X-NGENIX-Cache
Amp-Access-Control-Allow-Source-Origin
X-Zen-Fury
X-Azure-Ref
Countrycode
X-Node-Name
X-Wix-Request-Id
X-Time
X-App-Version
Cache-Status
X-Cache-Rule
Section-Io-Origin-Status
X-Cache-Hit
X-Mg-Request-UUID
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Debug
X-Rendered-As
X-Is-Bot
X-Ms-Version
X-Oracle-Dms-Rid
X-Ms-Request-Id
X-Accel-Buffering
SD-X-WS
Referer-Policy
X-Nginx-Cache
Liferay-Portal
X-RateLimit-Limit
Cache
X-Drupal-Cache-Tags
X-Aws-Lambda-Call-Status
X-EdgeConnect-Cache-Status
S-Cnection
Country
X-App-Server
X-FireWall-Port
CF-IPCountry
X-Environment-Context
X-L-Path
X-Revision
X-HP-Trace-Id
X-Cache-Operation
Surrogate-Key
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Parallel-Accel
Eomportal-Instance
X-Proxy-Build
X-Loop
Selected-Fe
Meta-Geo
X-ES-SERVER
X-Endurance-Cache-Level
X-SaId
X-GG-Cache-Date
X-TA-CDN-Provider
X-UPSTREAM-Address
X-JoinUs
X-RN-RSRV
X-Timing-Wait
X-TNCMS
X-Request-Time
X-Drupal-Cache-Contexts
X-Adobe-Source
Count-Hit
X-Alternate-Cache-Key
X-Cache-Type
From-Origin
X-Cache-TTL-Remaining
X-SayCDN-TTL
X-Xfnlog-Site
X-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Varnishpool
X-ShardId
X-Say-Cacheable
X-LAGOON
X-Say-TTL
Azure-SiteName
X-No-Session
X-Varnish-Beresp-Grace
X-Varnish-Hostname
X-Sql-Count
X-NYM-Debug-Backend
Protected
Azure-InstanceId
X-Origin-Date
Azure-RegionName
X-LJ-Flow-ID
X-Sql-Duration-Ms
X-Backend-Host
Cache-Name
X-AWS-Id
X-PHP-Backend
X-ProxyCache-Status
Country-Code
X-Proto
X-ProxyCache-Key
X-VWS-Id
X-Be
X-S-Maxage
X-BYPASS-REASON
X-Human
Azure-Version
Azure-SlotName
TWC-Device-Class
Decoy-Debug-TTL
Property-Id
Fastly-SSL
Decoy-Debug-Status
TWC-Connection-Speed
X-Labrador-Cache-Channel
Decoy-Debug-Key
X-UA-Device-Type
X-Status
X-Origin-Hint
X-PCL
X-Server-W
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-PHP-Host
X-OCL
X-Hosted-By
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Version
Webcakes-Region
X-Handled-By
X-FB-TRIP-ID
X-Cache-Server
TWC-GeoIP-Country
X-Akamai-Edgescape
Cache-Tv-Group
Akamai-GRN
X-Access
X-Hl-Ver
X-Via-Fastly
X-Section
X-Uri
X-Tumblr-Pixel-2
X-Backend-Name
X-Format
X-Hyper-Cache
X-Redis-Cache
X-Web-Node
X-Pubstack
Mn-Server-Ip
Apigw-Requestid
ServedBy
X-FW-Version
X-ApacheServer
Nel
X-PERF
X-B3-SpanId
X-Cluster-Node
X-Ua-Device
X-Time-Microsecs
X-ServerID
GEO-INFO
X-ATG-Version
X-Cache-PHP
Xserver
X-Servername
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TT-LOGID
X-TEC-API-ROOT
OT-Force-Account-Verify
X-Datadome
X-CSRF-Token
X-Trace-Id
X-Content-Age
X-Tumblr-Pixel-3
Cross-Origin-Opener-Policy
Backend
X-Azure-Ref-OriginShield
X-Detected-As
X-WA-Info
X-MP-GENERATED-AT
Web-Mar-Node
X-Rule
X-Varnish-Cache-Hits
X-Generation-Time
X-Cache-Host
X-APP-VERSION
X-Cache-Ttl
X-Cache-Enabled
X-Varnish-Hits
X-CS
X-Cached-By
X-Soup
X-Akamai-Transformed
X-Bc-Bl
X-SRV
X-Edge-Location
Cross-Origin-Window-Policy
X-Ua
Content-Secure-Policy
Ec-Rule-Version
X-Mode
X-Info
X-Via-JSL
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
S-Rt
X-Varnish-Beresp-Status
X-Microcachable
X-Cache-Grace
X-NWS-UUID-VERIFY
Source
X-Magnolia-Registration
AMP-Access-Control-Allow-Source-Origin
X-B3-Traceid
Url
X-Cache-NGX
SID
X-Storage
X-Forwarded-Host
Upgrade-Insecure-Requests
X-Debug-Cache
X-Origin-TTL
X-Ratelimit-Limit
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Locale
X-Dc
X-Origin-CC
X-Zipkin-Id
X-Varnish-Beresp-Ttl
X-GEO
X-Routing-Service
X-Extlb
X-Tb
X-Platform
X-Proxied
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
A
X-External-Request-Id
Apple-News-Services-Host
CDN-RequestCountryCode
X-Site-Version
Apple-News-Services-Handled
CDN-RequestId
X-B-Cookie
X-Application
X-Cache-Bucket
X-Destination
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Developer
CDN-Cache
X-Clientip
X-Connection-Hash
CDCHOST
X-D
X-Aed
X-Cache-NE
CDN-EdgeStorageId
CDN-PullZone
X-Epic-Correlation-Id
BehaviorPad-Version
X-A-Wwc
X-Aicache-OS
CDN-CachedAt
X-AIR-PT
X-BCube-Filmed-By
X-PAYTM-SRV-ID
X-Session-Fingerprint
X-ScT
X-Shop-Environment
Fastly-SIE
X-SRCache-Key
X-S-Cookie
X-S
Rendered-Blocks
Expiry
CDN-Uid
Fastcgi-X-Cache-Version
X-Rojux
Fastly-SWR
X-Unique-Id
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
Host-ID
X-VG-WebServer
Path
X-Tenant
Odigeo-Trace-Id
X-Vdms-Version
X-VG-WebCache
Req-Svc-Chain
X-Rewrite-Enabled
X-A
X-A-Ccd
T-Server
X-Rebelmouse-Surrogate-Control
DCR-Processing-Time-Ms
M-TraceId
X-A-Dam
X-A-Dgt
X-Forwarded-Path
X-From
X-GoCache-CacheStatus
X-A-Dcw
X-NAPM-TraceId
DCR-Decision-By
X-Processor
X-Platform-Server
X-NU-AKA-ACS-Version
X-PBS-Appsvrname
X-ARC
State
X-Rebelmouse-Cache-Control
X-Orig-Expires
X-Ratelimit-Reset
Surrogated-Key
User-Cache-Control
Platform
PB-RID
Pics-Label
PB-PID
UCS
X-Accel-Expires-Debug
Origin
NGX
X-Is-Gdpr
X-Rocket-Build-Number
X-Service
X-Sigma
X-Sigma-Backend
X-Request-UUID
X-Request-URI
X-Men
X-Origin-Expires
X-Proxy-Upstream
X-Request-Host
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-VServer
X-WADP-Cache
X-Conf
X-Ftr-Request-Id
X-VG-TLSProxy
X-Variation
X-Thanos
X-TrackingId
X-Var-Ttl
X-Loc
X-LI-UUID
X-Cms-Context
X-Core-Value
X-Date
X-Device-Os
X-Clara-WADP
X-Cache-Tags
X-Branch-Name
X-Cache-Debug
X-Cache-Info
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Hash
X-JWT-State
X-Li-Fabric
X-Li-Pop
X-Has-Esi
X-Forwarded-Site
X-Fastly-Backend
X-Fastly-Cache
X-Fmm-Version
X-Backend-State
X-Bip
Content-Disposition
Cmstype
DSUID
Esi-Enabled
Fastly-Backend-Name
Cmsid
Cache-Key
Adler-Geo
X-Amz-Meta-S3cmd-Attrs
Arc-Version
C-Via
Cache-Host
Fastly-Drupal-HTML
X-Ratelimit-Remaining
Is-Eu
L
Server-Info
X-Gen-Mode
X-Generated-By
X-Gamma-Serve
X-Generated-In
X-Viewer-Country
X-Generated-On
X-Gzip
X-HN
X-GeoIP-City
X-GeoIP
X-Geo-Header
X-Wikidot-Backend
X-Fetched-On
X-Cluster
X-Csrf-Jwt
X-CGP
X-Cache-Id
X-Block-Status
X-DefElseHash
X-DefHash
X-FC-Vary-Parameters
X-Hnp-Log
X-Eu-Site
X-Esi-Check
X-Developers
X-Wikidot-Static-Cache
X-Via-NSCOPI
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Policy
X-Thinkindot-L3
X-Varnish-CookieHashed-On
X-EC-Lua
X-Slack-Backend
L5d-Success-Class
X-Scheme
X-Served-From
X-DC
X-SIPLIST1
X-Req
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Micro-Cache
NtCoent-Length
X-Location
X-Level-Front-Cache
Location
X-Vdms-Path
X-Mvc-Supplant-Cachable
X-Old-Content-Length
X-Origin
X-VarnishDD-TTL
X-Nginx-Cache-Key
X-VC-Cache
X-Irp-Debug
X-BBC-Edge-Cache-Status
VNS-Cache
Sever-Int
Cf-Device-Type
We-Hiring
CacheControlHeader
Server-Hostname
IsBot
Wxu-Next-Region
Server-Host
CPC-Cache
Mail-Subject
Wxu-Next-Hostname
Thinkindot-CacheControl-Type
Thinkindot-Control
Wxu-Next-Commit
Memcached
Kp-EeAlive
TDXMobile
Thinkindot-CacheControl
Fastcgi-Cache-TTL
Server-Ext
PFcat
Locid
Ha-Gx-Prefs
Release
Pagetype
CPC-Age
Gh-Request-Id
True-Client-Country-4JS
VNS-Age
Vix-Hermes-Req-Id
HA-Ipaddr
NM-Fastcgi-Cache
X-Ckpd-Fst-Backend
Arc-Country
X-DataDome
AKAMAI
Webserver
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Owner
X-Planisys-CDN-TTL
V-Age
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Unique-ID
X-Sucuri-ID
X-Skip-Cache
Who
DataCenter
X-Mvc-Supplant-OutputCached
X-User
X-Qloud-Router
X-HS-Content-Campaign-Id
X-Worker
Svr
X-Via-Poph
X-NC
X-PF-Uncompressing
X-Via-Popv
X-Via-Popn
X-V-Cache
Cache-Hits
X-Auto-Login
X-CACHE-KEY
X-Minions-Version
X-Varnish-Url
X-Zone
MIME-Version
X-Servedbyhost
X-NCache
X-Qnm-Cache
X-Srv
X-Tx-Id
X-M-Log
X-M-Reqid
XServer
X-Rocket-Nginx-Serving-Static
X-Render-Time
X-Vc
X-LSADC-Cache
X-ID
X-Refresh
X-Traceid
X-Platform-Cluster
Powered-By-ChinaCache
My-App
X-Platform-Processor
X-LB-ID
X-Platform-Router
X-SD-PageType
WebServer
X-Cache-Remote
X-Varnish-Ttl
X-Datadog-Sampling-Priority
X-Internal-Host
X-ZONE
X-Wa
Time
Environment
X-Datadog-Trace-Id
X-Content
Memory
X-Newrelic-Synthetics
X-Ua-Browser
X-Datadog-Parent-Id
X-TX-ID
X-NodeID
X-App
Server-ID
X-TIME
X-BBC-Origin-Response-Status
X-Webkit-Csp
X-API-Version
X-Pass-Why
X-Origin-Time
X-Nyt-Route
X-PJAX-URL
X-Gdpr
X-Cache-Var
X-Cache-Var-Map
X-Cache-Config
X-Server-IP
Cluster
X-Via-Ucdn
X-VCL-Version
Tcn
Geo-Info
X-Dynatrace
X-Pod-Name
Candidate-Md5Url
Hostname
X-OVcl
X-NewRelic-App-Data
X-OVcl-Cache
Datacenter
X-CLOUD-TRACE-CONTEXT
GeoIp-Country-Code
HostName
Geoip-Latitude
Cf-Bgj
X-TraceId
X-Webkit-CSP-Report-Only
X-Backend-TTL
Magicmarker
X-LI-Proto
Resin-Trace
N-Cache
X-ElasticPress-Query
X-Tb-Optimization-Total-Bytes-Saved
X-Edge-Pop
X-VHOST
Web-Mar-Region
Ohc-File-Size
X-Origin-Response-Time
X-Dispatcher-Server
X-CACHE-AGE
X-HITS
X-HostName
X-Method
Onion-Location
DB-Nickname
X-Varnish-Beresp-TTL
X-Geo
X-Li-Proto
X-Akamai-Pragma-Client-IP
X-EIG-Tracking-Id
X-Varnish-Cacheable
X-IP
X-MSEdge-Features
X-NODE
WWW-Authenticate
X-MSEdge-Flight
GeoIP-Country-Code
GeoIP-Latitude
Servername
Ssr
X-AB
X-Correlation-ID
X-Wix-Viewer-Type
Proxy-Connection
Cdn
LB
X-Node-Id
X-Fastly-Request-Id
X-Vcl-Version
CDN
Cf-Ipcountry
CF-Cached-On
X-DynaTrace-JS-Agent
X-Fpc
X-TIM-N
X-APP
Redirect-Candidate
Lb
X-Tid
Server-Id
X-ND-Cache
X-HS-Status
X-Trv-Group
X-Dynatrace-Js-Agent
X-Cs
WZWS-RAY
Env
X-Request-Start
Sid
X-Up
X-Fastly-Backend-Reqs
Tracecode
X-Via-CDN
X-Pjax-Url
X-WA
X-MG-S
Pramga
Is-Us
URI
Cteonnt-Length
X-Cache-Date
X-NGINX-Cache
X-ServerName
X-Webkit-Csp-Report-Only
X-Nc
X-Amz-Meta-Cb-Modifiedtime
X-Tt-Logid
X-Check-Cacheable
X-Reqid
X-Sn-Servicetimems
X-VC
X-Cdn-Origin
X-Lb-Id
X-CSRF-TOKEN
Ohc-Cache-HIT
X-Esi
Rt-Fastcgi-Cache
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Cache-Backend
W
X-ServedByHost
X-Core-Mission
Mime-Version
X-Provided-By
X-SERVER-NAME
Viewtype
X-Via-PopN
VivaBuild
X-Via-PopV
X-Via-PopH
X-UnsetCookies
X-LiteSpeed-Cache-Control
CountryCode
CloudFront-Viewer-Country
Shield-Pop
X-SN
Server-Ttl
X-Cache-Expires
X-Contensis-Viewer-Groups
X-Pf-Uncompressing
X-Cache-ASPX
X-Fastly-Cache-Hits
X-Acquia-Site
X-Varnish-Authentication
X-RAMCache
X-FORWARDED-FOR
CACHE
X-Pad
X-Acquia-Application-UUID
Machine
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-StackifyID
X-DSS
X-DI
Xet-Cookie
X-RPS
X-RSL
X-DB
X-RPM
X-DW
X-Cdn-Request-ID
X-CUA
X-SB
X-CCDN-Origin-Time
X-Swift-Error
X-Hcs-Proxy-Type
X-Yottaa-OS
X-Sucuri-Cache
X-Region-Sid
X-Webstats-RespID
X-CCDN-CacheTTL
ServerName
Vha6-Origin
X-FTR-Request-ID
Ohc-Response-Time
X-Dw-Trace-Id
WP-Super-Cache
X-Action
X-Cache-Status-Check
X-Edge-POP
X-Cdn-Forward
Req-ID
Xc-Version
X-Moov-Xdn-Version
X-Moov-T
X-FPC
Content-Style-Type
X-Oss-Storage-Class
X-FTR-Balancer
X-MiniProfiler-Ids
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-ElasticPress-Search
X-TH-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Expires
X-Oss-Request-Id
On-Server
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-C
X-FTR-Realm
FSS-Cache
Content-Script-Type