Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
Status
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Ua-Compatible
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
X-Robots-Tag
Server-Timing
X-AH-Environment
X-Server
X-Hacker
X-Dns-Prefetch-Control
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
X-Amz-Request-Id
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
X-Device
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
NEL
X-Amz-Version-Id
Cf-Railgun
X-Dispatcher
X-Host
X-CST
X-Cache-Spec
X-Server-Id
X-Node
Allow
Request-Id
Surrogate-Control
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Readtime
X-WebKit-CSP
X-Webkit-CSP
X-Akam-SW-Version
X-Response-Time
Accept-CH
Xkey
Accept-Ch-Lifetime
X-HW
X-Language
X-Country
X-Ruxit-JS-Agent
X-Application-Context
X-Ac
Content-Location
X-Template
MS-Author-Via
X-Cloud-Trace-Context
X-Cache-Lookup
Rating
X-Url
X-B3-TraceId
X-Mod-Pagespeed
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
X-Varnish-TTL
Accept-Ch
X-MS-InvokeApp
X-Trace
X-ESI
X-Content-Type
Fastly-Restarts
X-GitHub-Request-Id
X-Rack-Cache
X-Origin-Cache
X-Cnection
X-FastCGI-Cache
X-Exp-Id
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Country-Code
X-Goog-Hash
X-Server-ID
Verso
X-D2id
X-VARITI-CCR
X-Buckets
Accept-CH-Lifetime
Arr-Disable-Session-Affinity
X-Server-Name
X-Vcap-Request-Id
X-Cached
Cache-Tag
X-ORACLE-DMS-ECID
X-Abt-Application-Version
X-Amz-Rid
X-Client-IP
Service-Worker-Allowed
X-Navigation-Version
X-Powered-By-Plesk
RTSS
X-Fastly-Request-ID
Access-Control-Request-Method
X-Px
Public-Key-Pins
X-Powered-CMS
X-MSEdge-Ref
X-Element-Page-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
X-Middleton-Response
X-Sol
X-Middleton-Display
X-Dw-Request-Base-Id
Display
Response
Pagespeed
X-NF-Request-ID
X-Version
X-Cache-TTL
S
X-TTL
X-Ttl
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
X-LLID
Realpath
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-ECACHE
X-Accel-Expires
X-HP-Webp
X-Jurisdiction
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
SPRequestGuid
X-SharePointHealthScore
SPRequestDuration
SPIisLatency
X-Instrumentation
X-Cache-Key
X-Mid
X-T
X-MCACHE
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
X-PressLabs-Stats
X-DynaTrace
X-Correlation-Id
X-Forwarded-Proto
Edge-Cache-Tag
X-ORACLE-DMS-RID
X-XRDS-Location
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
Charset
X-Mg-S
TP-L2-Cache
TP-Cache
X-Content-Digest
Nginx-Cache
X-Id
Filters
Front-End-Https
X-Request-Received
X-Request-Processing-Time
TCN
Server-Node
Alternate-Protocol
X-Logged-In
X-Forwarded-For
X-Ezoic-Cdn
Cache-Tags
Content-MD5
X-Geo-Country
X-Release
X-Litespeed-Cache
X-ASPNET-VERSION
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
X-Protected-By
X-Hostname
X-Origin-Upstream-Status
X-Amzn-Trace-Id
X-Origin-Server
X-Grace
X-Ruxit-Js-Agent
X-RateLimit-Remaining
X-Www-Served-By
X-F-Cache
X-GUploader-UploadID
Cleartype
X-Oneagent-Js-Injection
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Rid
X-Amz-Replication-Status
X-Debug-Info
X-Contextid
Host
Server-Name
X-HS-Content-Id
X-HS-Cache-Config
X-Az
X-Activity-Id
X-AppVersion
X-HS-Hub-Id
X-HS-Combine-CSS
X-LB-Cache
X-NWS-LOG-UUID
Section-Io-Cache
X-Frontend
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Git-Hash
X-Page-Id
MicrosoftSharePointTeamServices
X-Ser
X-Aspnetmvc-Version
X-Cache-Age
X-VCache
X-Daa-Tunnel
X-Respond-Thread
X-Content-Options
Accept-Charset
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Mobile-URL
X-Source
X-Hits
X-DIS-Request-ID
X-WebKit-CSP-Report-Only
X-Signature
X-B-Cache
X-CACHE-GROUP
X-Request-Guid
X-Route-Name
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Varnish-Age
Paypal-Debug-Id
X-Flags
X-Providence-Cookie
ServerID
Healthy
Payment
X-TT
X-FB-Debug
X-Varnish-Backend
X-Cache-Action
Viewport
X-Whom
X-Varnish-Grace
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-B3-Sampled
X-AOL-HN
Node
X-Ab
Fastcgi-Useragent
X-App-Environment
Version
X-Seen-By
DynaTrace
X-Mobile
X-N
X-Load-Cache
X-Yandex-Sdch-Disable
DC
X-Type
X-HTML-Minification-Powered-By
Ar-Sid
X-Distributor
AR-ATIME
AR-PoweredBy
AR-CACHE
AR-Request-ID
SRV
X-Tec-Api-Version
X-Tec-Api-Root
X-Tt-Trace-Host
X-Tec-Api-Origin
X-Tt-Trace-Tag
MS-CV
X-Fastcgi-Cache
Frame-Options
Retry-After
X-Cache-Control
Filterid
X-User-Agent
X-Cache-Expired-At
X-IPLB-Instance
X-XRDS-LOCATION
X-Jobs
X-Microsite
X-Original-Request-Id
X-Response-Served-From
X-Request-Handler-Origin-Region
X-Adobe-Content
X-Adobe-Loc
X-Proxy-Cache-Status
X-UUID
Refresh
X-Real-IP
X-Page-View
X-Debug-IsConnected
X-Cacheable-TTL
X-Cluster-Name
X-Region
Access-Control-Request-Headers
X-Debug-IsPreview
X-Device-Type
X-IPS-LoggedIn
X-Varnish-Server
X-Instance
VIX-Pulpo-Node
X-Tumblr-Pixel-0
X-Tumblr-User
VIX-Pulpo-Upstream-Status
X-G
X-Content-Powered-By
X-Tumblr-Pixel
X-Framework
X-ProcessESI
X-B
NGB
X-Tumblr-Pixel-1
X-RemovedCookies
X-RTag
X-CDN-Forward
Uber-Trace-Id
Ms-Operation-Id
X-Cache-Time
X-Proxy
X-Vgn-Hpd-Reason
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Type
X-FW-Dynamic
X-RateLimit-Limit
Amp-Access-Control-Allow-Source-Origin
X-Zen-Fury
X-NGENIX-Cache
Countrycode
X-Azure-Ref
X-Wix-Request-Id
Cache-Status
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-Time
X-Debug
Section-Origin-Responded
X-Mg-Request-UUID
X-App-Version
X-Node-Name
X-Accel-Buffering
X-Cache-Rule
X-Oracle-Dms-Rid
Cache
X-Ms-Version
X-Cache-Hit
X-Rendered-As
X-Ms-Request-Id
X-Is-Bot
SD-X-WS
X-Nginx-Cache
X-Drupal-Cache-Tags
Liferay-Portal
X-FireWall-Port
Referer-Policy
X-EdgeConnect-Cache-Status
Country
S-Cnection
Surrogate-Key
X-App-Server
X-Aws-Lambda-Call-Status
X-Environment-Context
X-L-Path
X-Yottaa-Metrics
X-Cache-Operation
X-Yottaa-Optimizations
CF-IPCountry
Eomportal-Instance
X-TA-CDN-Provider
X-Revision
X-RN-RSRV
X-Endurance-Cache-Level
Meta-Geo
X-UPSTREAM-Address
X-SaId
X-TNCMS
From-Origin
X-JoinUs
X-Loop
X-GG-Cache-Date
X-ES-SERVER
X-Xfnlog-Site
X-Alternate-Cache-Key
X-Varnishpool
X-Adobe-Source
X-Shopify-Stage
Selected-Fe
X-Parallel-Accel
X-ShopId
X-Cache-Type
X-Cache-TTL-Remaining
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-ShardId
X-Proxy-Build
X-Timing-Wait
X-Drupal-Cache-Contexts
X-Sorting-Hat-ShopId
X-Varnish-Beresp-Grace
X-Say-Cacheable
Cache-Name
X-NYM-Debug-Backend
X-Origin-Date
X-No-Session
X-Handled-By
Protected
ServedBy
X-Be
X-Proto
X-ProxyCache-Key
X-LAGOON
X-Request-Time
X-Human
X-R9-Blue-Green-Version
X-Pubstack
X-SayCDN-TTL
X-Say-TTL
X-ProxyCache-Status
X-S-Maxage
X-BYPASS-REASON
X-HP-Trace-Id
X-PHP-Backend
X-RCS-CacheZone
X-PCL
X-OCL
Cache-Tv-Group
Fastly-SSL
X-AWS-Id
X-Varnish-Hostname
X-VWS-Id
Country-Code
X-Sql-Duration-Ms
X-Sql-Count
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Apigw-Requestid
X-LJ-Flow-ID
X-Cache-Server
X-Backend-Name
TWC-Connection-Speed
X-Format
X-Hl-Ver
X-Origin-Hint
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-App-Version
Webcakes-Region
X-Access
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Akamai-Edgescape
X-Section
X-Status
X-Server-W
X-Hosted-By
X-Labrador-Cache-Channel
X-PHP-Host
Decoy-Debug-Status
Decoy-Debug-TTL
X-UA-Device-Type
X-Tumblr-Pixel-2
X-Via-Fastly
Akamai-GRN
Decoy-Debug-Key
Nel
X-ApacheServer
Count-Hit
X-Hyper-Cache
X-Backend-Host
X-Web-Node
X-Uri
X-PERF
GEO-INFO
Mn-Server-Ip
X-FW-Version
X-FB-TRIP-ID
X-Ua-Device
X-B3-SpanId
X-Redis-Cache
X-Cache-PHP
X-Time-Microsecs
Xserver
X-ServerID
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-ATG-Version
X-TEC-API-ROOT
X-Servername
X-Cluster-Node
X-Trace-Id
OT-Force-Account-Verify
X-WA-Info
X-Tumblr-Pixel-3
X-Content-Age
X-CSRF-Token
X-Rule
X-MP-GENERATED-AT
X-Azure-Ref-OriginShield
X-TT-LOGID
X-Detected-As
Cross-Origin-Opener-Policy
Backend
X-Varnish-Cache-Hits
X-Akamai-Transformed
X-Soup
X-Cache-Host
X-Generation-Time
X-APP-VERSION
X-Datadome
X-Cached-By
X-Cache-Ttl
X-CS
Web-Mar-Node
X-Bc-Bl
X-Varnish-Hits
X-Edge-Location
X-Cache-Enabled
X-Varnish-Beresp-Status
X-Mode
X-Info
X-SRV
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
Cross-Origin-Window-Policy
Content-Secure-Policy
X-Microcachable
X-Amz-Apigw-Id
Ec-Rule-Version
X-Varnish-Beresp-Ttl
S-Rt
X-Ua
X-Via-JSL
X-Cache-NGX
X-Debug-Cache
X-Magnolia-Registration
X-B3-Traceid
X-Storage
X-Cache-Grace
X-Zipkin-Id
X-Platform
X-Origin-CC
X-Routing-Service
AMP-Access-Control-Allow-Source-Origin
X-Origin-TTL
SID
X-Proxied
X-Extlb
X-Locale
X-Dc
Url
X-Forwarded-Host
Source
X-NWS-UUID-VERIFY
Apple-News-Services-Parsed-Url
CDN-RequestCountryCode
CDN-RequestId
DCR-Decision-By
CDN-Uid
Apple-News-Services-Handled
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
Apple-News-Services-Request-Url
Odigeo-Trace-Id
DCR-Processing-Time-Ms
CDN-PullZone
Mobile-Detection-Method
Cache-Host
MD5-Digest
CDCHOST
Upgrade-Insecure-Requests
Host-ID
A
Fastly-SWR
Apple-News-Services-Host
Fastcgi-X-Cache-Version
M-TraceId
BehaviorPad-Version
Meta-Geo-Continent
Fastly-SIE
Expiry
X-Cache-NE
X-Ratelimit-Reset
X-Processor
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Rewrite-Enabled
X-Request-URI
X-Platform-Server
X-PBS-Appsvrname
X-NAPM-TraceId
X-GoCache-CacheStatus
X-NU-AKA-ACS-Version
X-Orig-Expires
X-PAYTM-SRV-ID
X-Rojux
X-S
X-VG-WebCache
X-Vdms-Version
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Thanos
X-Tenant
X-ScT
X-S-Cookie
X-Session-Fingerprint
X-Shop-Environment
X-SRCache-Key
X-From
X-Forwarded-Path
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Aed
X-Application
X-Aicache-OS
X-A-Dam
X-A
Req-Svc-Chain
Rendered-Blocks
State
Surrogated-Key
T-Server
X-ARC
X-B-Cookie
X-Destination
X-D
X-Developer
X-Epic-Correlation-Id
X-External-Request-Id
X-Connection-Hash
X-Clientip
X-Bip
X-BCube-Filmed-By
X-Cache-Bucket
X-CF-Lambda-Fn
X-CF-Lambda-Version
Path
X-A-Ccd
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-GEO
X-DataDome
X-Tb
X-Cache-Tags
X-Cache-Debug
X-Core-Value
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
X-Backend-State
X-Fastly-Backend
X-Cms-Context
Pics-Label
Origin
NGX
L
X-VHOST
PB-PID
Platform
X-Generated-On
PB-RID
UCS
X-Is-Gdpr
X-TrackingId
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Service
X-Variation
X-Vdms-Path
X-AIR-PT
X-EC-Lua
X-VServer
X-VG-TLSProxy
X-Served-From
X-Request-UUID
X-Li-Fabric
X-Level-Front-Cache
X-JWT-State
Is-Eu
X-Li-Pop
X-LI-UUID
X-Proxy-Upstream
Server-Info
X-Origin-Expires
X-Loc
X-Has-Esi
X-Unique-ID
Arc-Version
Adler-Geo
Fastly-Backend-Name
Fastly-Drupal-HTML
Cmsid
Cmstype
DSUID
C-Via
Content-Disposition
X-Site-Version
User-Cache-Control
X-Location
X-Owner
X-Req
X-Policy
X-HN
X-Origin
X-Nginx-Cache-Key
X-Geo-Header
X-DefElseHash
X-DefHash
X-Csrf-Jwt
X-Cluster
X-CGP
X-Developers
X-Device-Os
X-Generated-In
X-GeoIP-City
X-Gamma-Serve
X-FC-Vary-Parameters
X-Eu-Site
X-Hash
X-Scheme
X-Fastly-Cache
X-Fmm-Version
X-Date
X-Clara-WADP
X-Cache-Info
X-Forwarded-Site
X-Men
X-Conf
X-Ftr-Request-Id
X-WADP-Cache
X-Request-Host
X-Micro-Cache
X-Accel-Expires-Debug
Cache-Key
X-Sigma-Backend
X-SIPLIST1
X-Sigma
X-DC
X-Branch-Name
X-Unique-Id
X-Thinkindot-L3
X-VarnishDD-TTL
X-VC-Cache
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Rocket-Build-Number
X-Var-Ttl
Fastcgi-Cache-TTL
L5d-Success-Class
Kp-EeAlive
IsBot
Pagetype
Vix-Hermes-Req-Id
Location
Locid
Thinkindot-CacheControl
Thinkindot-Control
TDXMobile
X-Amz-Meta-S3cmd-Attrs
Cf-Device-Type
True-Client-Country-4JS
Thinkindot-CacheControl-Type
Esi-Enabled
Ha-Gx-Prefs
Server-Hostname
Gh-Request-Id
Sever-Int
Server-Ext
Server-Host
PFcat
Release
HA-Ipaddr
Who
X-GeoIP
X-Sucuri-ID
X-User
X-Goog-Meta-Goog-Reserved-File-Mtime
CacheControlHeader
AKAMAI
NM-Fastcgi-Cache
Arc-Country
X-Qloud-Router
X-Skip-Cache
X-Block-Status
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Old-Content-Length
X-Mvc-Supplant-Cachable
X-Slack-Backend
X-Via-NSCOPI
X-BBC-Edge-Cache-Status
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Viewer-Country
X-Irp-Debug
X-Hnp-Log
Wxu-Next-Commit
VNS-Age
CPC-Cache
CPC-Age
X-Cache-Id
X-Esi-Check
X-Gzip
X-Generated-By
X-Gen-Mode
Memcached
VNS-Cache
V-Age
Wxu-Next-Hostname
NtCoent-Length
Wxu-Next-Region
X-Fetched-On
Svr
DataCenter
Webserver
We-Hiring
Mail-Subject
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Srv
X-Worker
X-PF-Uncompressing
X-Via-Popv
X-Servedbyhost
X-Varnish-Url
X-Via-Poph
X-Ratelimit-Limit
X-Minions-Version
X-Via-Popn
MIME-Version
X-HS-Content-Campaign-Id
X-Ckpd-Fst-Backend
Cache-Hits
X-Mvc-Supplant-OutputCached
X-Auto-Login
X-Zone
X-NC
XServer
X-Tx-Id
Powered-By-ChinaCache
X-Vc
My-App
X-V-Cache
X-ID
X-NCache
X-Rocket-Nginx-Serving-Static
X-Qnm-Cache
X-M-Reqid
X-M-Log
X-Refresh
X-Wa
X-Traceid
X-Render-Time
X-LSADC-Cache
X-Platform-Processor
X-Platform-Cluster
X-LB-ID
X-Internal-Host
X-Platform-Router
X-Varnish-Ttl
WebServer
X-SD-PageType
Server-ID
X-ZONE
X-App
X-Pass-Why
X-Ratelimit-Remaining
X-Newrelic-Synthetics
X-PJAX-URL
X-Cache-Remote
X-TX-ID
X-Webkit-CSP-Report-Only
Time
Memory
Environment
X-TIME
X-Webkit-Csp
X-CACHE-KEY
X-Origin-Time
X-Nyt-Route
X-NodeID
X-BBC-Origin-Response-Status
X-Gdpr
X-OVcl
X-OVcl-Cache
X-API-Version
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-VCL-Version
X-Datadog-Trace-Id
Cluster
X-Server-IP
X-Cache-Var-Map
Cf-Bgj
X-Via-Ucdn
X-Cache-Var
Hostname
X-NewRelic-App-Data
X-Cache-Config
X-Backend-TTL
X-TraceId
HostName
X-Content
X-Ua-Browser
X-Pod-Name
Datacenter
X-LI-Proto
X-CLOUD-TRACE-CONTEXT
Magicmarker
Candidate-Md5Url
Geoip-Latitude
X-Tb-Optimization-Total-Bytes-Saved
GeoIp-Country-Code
Geo-Info
Resin-Trace
X-Correlation-ID
X-Method
DB-Nickname
X-Edge-Pop
X-Dispatcher-Server
N-Cache
X-ElasticPress-Query
Ohc-File-Size
Tcn
X-HITS
X-Dynatrace
Web-Mar-Region
X-Geo
X-CACHE-AGE
X-Origin-Response-Time
X-IP
Ssr
X-Akamai-Pragma-Client-IP
LB
X-Esi
GeoIP-Latitude
GeoIP-Country-Code
X-MSEdge-Flight
X-Varnish-Beresp-TTL
X-Li-Proto
X-NODE
Servername
Onion-Location
X-MSEdge-Features
X-AB
X-Varnish-Cacheable
WWW-Authenticate
X-EIG-Tracking-Id
X-Node-Id
X-Wix-Viewer-Type
Cf-Ipcountry
Cdn
X-HostName
X-Trv-Group
Proxy-Connection
X-ND-Cache
CF-Cached-On
WZWS-RAY
CDN
X-Vcl-Version
X-Fpc
X-Dynatrace-Js-Agent
X-Via-CDN
X-Nc
X-DynaTrace-JS-Agent
X-Cs
X-Tid
Env
X-APP
X-Pjax-Url
Sid
Server-Id
X-TIM-N
X-Fastly-Backend-Reqs
Redirect-Candidate
X-HS-Status
Lb
X-MG-S
Cteonnt-Length
X-NGINX-Cache
X-Request-Start
Tracecode
X-Reqid
X-ServerName
X-WA
X-Up
X-Webkit-Csp-Report-Only
Pramga
URI
X-Tt-Logid
X-Check-Cacheable
Rt-Fastcgi-Cache
X-Cache-Date
Is-Us
X-Lb-Id
X-URL
X-CSRF-TOKEN
X-Xrds-Location
Ohc-Cache-HIT
Viewtype
X-Cache-Backend
X-VC
VivaBuild
X-Fastly-Request-Id
X-Sn-Servicetimems
X-Via-PopN
X-IN-APIGATEWAY
X-Amz-Meta-Cb-Modifiedtime
X-IN-APIGATEWAYSSL
X-Cdn-Origin
X-Via-PopH
X-Via-PopV
X-Core-Mission
Mime-Version
Shield-Pop
X-ServedByHost
X-Provided-By
CloudFront-Viewer-Country
X-FTR-Request-ID
CountryCode
Machine
W
X-SN
Server-Ttl
X-UnsetCookies
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Fastly-Cache-Hits
X-Dw-Trace-Id
X-RAMCache
X-Pf-Uncompressing
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Cache-Expires
X-Cache-ASPX
X-Yottaa-OS
X-Pad
CACHE
X-FORWARDED-FOR
X-LiteSpeed-Cache-Control
FSS-Cache
X-Country-Code-Real
X-FTR-Realm
X-Swift-Error
X-RPS
X-StackifyID
X-Edge-POP
On-Server
Xet-Cookie
X-RPM
WP-Super-Cache
X-Cdn-Request-ID
X-RSL
X-FTR-Balancer
Ohc-Response-Time
Vha6-Origin
X-DW
X-FTR-Backend
X-SB
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Webstats-RespID
X-DSS
X-DB
X-DI
X-Action
X-FTR-DC
X-Cdn-Forward
X-Air-Pt
X-Cache-Status-Check
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Req-ID
X-CCDN-Origin-Time
X-Region-Sid
X-Sucuri-Cache
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-FTR-Expires
X-C
X-Snapshot-Date
X-Swa-Ws
X-Oss-Server-Time
X-Oss-Storage-Class
ServerName
Content-Script-Type
X-MiniProfiler-Ids
X-TH-Server
X-ElasticPress-Search
Content-Style-Type