Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
Keep-Alive
X-Ws-Request-Id
X-Robots-Tag
Request-Context
Server-Timing
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Cache-Group
X-Server-Powered-By
X-Backend
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
EagleId
X-Nginx-Cache-Status
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
EagleEye-TraceId
X-Device
Ali-Swift-Global-Savetime
X-Vhost
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
NEL
X-Dispatcher
Cf-Railgun
X-Host
X-Server-Id
X-Cache-Spec
X-CST
X-WebKit-CSP
X-Node
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Backend-Server
Allow
Request-Id
Surrogate-Control
X-Readtime
Accept-CH
X-Akam-SW-Version
X-Response-Time
Accept-Ch-Lifetime
Xkey
X-HW
X-Ruxit-JS-Agent
X-Language
X-Webkit-CSP
X-Country
X-Application-Context
X-Template
X-Ac
Content-Location
X-Cache-Lookup
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Url
X-Vname
X-PC
Edge-Control
X-TtlSet
X-B3-TraceId
X-Mod-Pagespeed
X-Clacks-Overhead
X-Trace
X-Varnish-TTL
X-ESI
X-Content-Type
Fastly-Restarts
X-MS-InvokeApp
X-Rack-Cache
X-Origin-Cache
X-GitHub-Request-Id
Accept-Ch
X-Cnection
X-Buckets
X-Country-Code
X-Goog-Hash
Verso
Accept-CH-Lifetime
X-D2id
X-VARITI-CCR
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
Arr-Disable-Session-Affinity
X-FastCGI-Cache
X-Vcap-Request-Id
X-ORACLE-DMS-ECID
Cache-Tag
X-Cached
X-Abt-Application-Version
Service-Worker-Allowed
X-Amz-Rid
X-Client-IP
X-Server-Name
X-Server-ID
X-Navigation-Version
X-Powered-By-Plesk
X-Px
RTSS
Public-Key-Pins
Access-Control-Request-Method
X-Fastly-Request-ID
X-Powered-CMS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Element-Page-Cache
X-Cache-TTL
X-MSEdge-Ref
X-Dw-Request-Base-Id
X-Upstream
X-Version
X-NF-Request-ID
X-Sol
Response
X-Middleton-Response
Display
Pagespeed
X-Middleton-Display
S
X-Ttl
X-TTL
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
X-LLID
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Accel-Expires
Realpath
X-Cache-Key
X-Jurisdiction
X-HP-Webp
X-ECACHE
X-Shield-Request-Id
X-T
X-SharePointHealthScore
SPRequestGuid
SPIisLatency
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Mid
X-MCACHE
SPRequestDuration
X-PressLabs-Stats
X-Litespeed-Cache
X-DynaTrace
X-Content-Security-Policy-Report-Only
X-Correlation-Id
Edge-Cache-Tag
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Forwarded-Proto
X-XRDS-Location
X-Amz-Server-Side-Encryption
X-Mg-S
X-Content-Digest
X-Recruiting
Nginx-Cache
TP-Cache
TP-L2-Cache
Charset
Filters
Front-End-Https
X-Request-Processing-Time
X-Request-Received
TCN
X-Id
Alternate-Protocol
X-Logged-In
Server-Node
X-Ezoic-Cdn
X-Forwarded-For
X-Geo-Country
Content-MD5
Cache-Tags
X-ASPNET-VERSION
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
X-Protected-By
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-Hostname
X-Amzn-Trace-Id
X-Grace
X-Origin-Upstream-Status
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-NWS-LOG-UUID
X-Goog-Generation
X-Www-Served-By
X-F-Cache
Cleartype
X-Amz-Replication-Status
X-Origin-Server
X-Oneagent-Js-Injection
X-Rid
X-Debug-Info
X-Release
X-LB-Cache
Host
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-AppVersion
X-Az
X-Contextid
X-HS-Combine-CSS
X-Activity-Id
Section-Io-Cache
X-Daa-Tunnel
X-Git-Hash
Server-Name
X-Browser-Type
X-Page-Id
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Frontend
X-Ser
X-VCache
X-Respond-Thread
X-Aspnetmvc-Version
X-Ab
MicrosoftSharePointTeamServices
X-RateLimit-Remaining
X-Cache-Age
X-Ruxit-Js-Agent
X-Content-Options
Access-Control-Allow-Method
Accept-Charset
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Mobile-URL
X-Hits
X-Kong-Proxy-Latency
X-Source
ServerID
X-WebKit-CSP-Report-Only
X-CACHE-GROUP
X-DIS-Request-ID
X-Whom
X-Signature
X-Providence-Cookie
X-Varnish-Backend
Payment
X-Aspnet-Duration-Ms
X-B-Cache
X-Request-Guid
X-Is-Crawler
X-Route-Name
X-Flags
X-FB-Debug
Viewport
X-Cache-Action
Healthy
X-Varnish-Age
X-Varnish-Grace
X-TT
Paypal-Debug-Id
Node
X-Fastcgi-Cache
X-App-Environment
X-AOL-HN
Fastcgi-Useragent
DynaTrace
X-Load-Cache
X-B3-Sampled
X-Yandex-Sdch-Disable
Version
X-Mobile
X-Seen-By
X-N
DC
X-Tt-Trace-Tag
X-XRDS-LOCATION
X-Tt-Trace-Host
X-Type
X-Distributor
Filterid
X-HTML-Minification-Powered-By
Retry-After
Frame-Options
X-Tec-Api-Version
X-Tec-Api-Root
X-User-Agent
X-Tec-Api-Origin
X-Cache-Control
SRV
MS-CV
X-Jobs
Refresh
X-Original-Request-Id
X-Cache-Expired-At
X-Response-Served-From
X-UUID
NGB
X-Real-IP
X-Adobe-Content
X-Adobe-Loc
X-Debug-IsPreview
X-Debug-IsConnected
X-Instance
X-Proxy-Cache-Status
X-Varnish-Server
X-IPLB-Instance
X-Region
X-Cluster-Name
X-Page-View
X-Device-Type
Access-Control-Request-Headers
X-RemovedCookies
X-FW-Server
X-FW-Static
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-FW-Hash
X-FW-Serve
X-Tumblr-User
X-Tumblr-Pixel-0
X-Proxy
X-FW-Dynamic
X-B
X-Cacheable-TTL
X-Framework
X-G
X-ProcessESI
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Powered-By
X-FW-Type
Amp-Access-Control-Allow-Source-Origin
X-IPS-LoggedIn
X-Cache-Time
X-NGENIX-Cache
Ms-Operation-Id
X-Azure-Ref
X-RTag
Uber-Trace-Id
X-Vgn-Hpd-Reason
X-Node-Name
Ar-Sid
X-CDN-Forward
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Zen-Fury
AR-Request-ID
Countrycode
X-Wix-Request-Id
Cache-Status
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Rule
Section-Io-Id
X-Ms-Version
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Cache-Hit
X-Ms-Request-Id
SD-X-WS
X-Time
X-Rendered-As
X-Is-Bot
X-Mg-Request-UUID
X-Aws-Lambda-Call-Status
X-Oracle-Dms-Rid
X-HP-Trace-Id
Referer-Policy
Liferay-Portal
X-Debug
X-Accel-Buffering
X-Nginx-Cache
X-Drupal-Cache-Tags
X-EdgeConnect-Cache-Status
S-Cnection
Cache
Country
X-App-Server
X-Parallel-Accel
CF-IPCountry
X-Revision
X-RateLimit-Limit
X-Environment-Context
X-Yottaa-Optimizations
X-L-Path
X-Yottaa-Metrics
X-App-Version
X-Cache-Operation
Surrogate-Key
X-FireWall-Port
Count-Hit
X-SaId
X-JoinUs
X-RN-RSRV
X-UPSTREAM-Address
X-Endurance-Cache-Level
X-TA-CDN-Provider
Meta-Geo
Eomportal-Instance
X-TNCMS
X-Loop
X-GG-Cache-Date
X-ES-SERVER
Selected-Fe
X-Adobe-Source
X-Alternate-Cache-Key
X-Drupal-Cache-Contexts
From-Origin
X-Cache-TTL-Remaining
X-Cache-Type
X-Say-Cacheable
X-Timing-Wait
X-LAGOON
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Proxy-Build
X-Say-TTL
X-Xfnlog-Site
X-Shopify-Stage
X-SayCDN-TTL
X-ShopId
X-ShardId
X-Be
Protected
X-NYM-Debug-Backend
X-Proto
X-Varnish-Beresp-Grace
Azure-SiteName
X-Varnish-Hostname
Cache-Name
Azure-Version
X-FW-Version
X-BYPASS-REASON
Azure-SlotName
Azure-InstanceId
Azure-RegionName
X-Origin-Date
Akamai-GRN
X-No-Session
X-ProxyCache-Status
X-ProxyCache-Key
X-S-Maxage
X-Human
X-Varnishpool
X-Request-Time
X-R9-Blue-Green-Version
X-Status
X-Sql-Duration-Ms
X-Labrador-Cache-Channel
Apigw-Requestid
Country-Code
Decoy-Debug-TTL
Fastly-SSL
X-Sql-Count
Decoy-Debug-Status
Decoy-Debug-Key
X-Cache-Server
ServedBy
X-PHP-Backend
Cache-Tv-Group
X-PCL
X-Handled-By
X-LJ-Flow-ID
X-AWS-Id
GEO-INFO
X-OCL
X-Hosted-By
X-Pubstack
X-Akamai-Edgescape
X-VWS-Id
X-PHP-Host
X-Section
Property-Id
X-Tumblr-Pixel-2
X-Via-Fastly
X-Format
X-UA-Device-Type
X-Backend-Name
X-Hl-Ver
Webcakes-Region
X-Hyper-Cache
TWC-Privacy
X-Origin-Hint
Webcakes-App-Name
X-Web-Node
TWC-Locale-Group
TWC-Connection-Speed
Webcakes-App-Version
TWC-Device-Class
TWC-GeoIP-Country
X-Access
X-Redis-Cache
TWC-GeoIP-LatLong
X-APP-VERSION
X-Server-W
X-Backend-Host
X-ApacheServer
X-Uri
X-PERF
Nel
Mn-Server-Ip
X-FB-TRIP-ID
X-RCS-CacheZone
X-Ua-Device
X-ServerID
X-Cluster-Node
X-Time-Microsecs
X-B3-SpanId
X-ATG-Version
X-Servername
X-Cache-PHP
OT-Force-Account-Verify
Xserver
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Cross-Origin-Opener-Policy
X-Tumblr-Pixel-3
X-Azure-Ref-OriginShield
X-Detected-As
X-CSRF-Token
X-Trace-Id
Backend
X-Content-Age
X-WA-Info
X-MP-GENERATED-AT
X-Cache-Host
Web-Mar-Node
X-Varnish-Cache-Hits
X-Generation-Time
X-TT-LOGID
X-Datadome
Cross-Origin-Window-Policy
X-Ua
X-Varnish-Hits
X-SRV
X-Rule
Content-Secure-Policy
X-Cached-By
X-Akamai-Transformed
X-Bc-Bl
X-Soup
Ec-Rule-Version
X-Cache-Enabled
X-CS
X-Via-JSL
X-Edge-Location
X-Ratelimit-Limit
Source
X-Info
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-NWS-UUID-VERIFY
X-Mode
S-Rt
X-Ratelimit-Remaining
X-Microcachable
X-Cache-Grace
X-Origin-TTL
X-Origin-CC
X-Varnish-Beresp-Status
Upgrade-Insecure-Requests
X-B3-Traceid
X-Forwarded-Host
Url
X-Magnolia-Registration
X-Locale
X-Cache-NGX
X-Air-Source
X-GEO
X-Dc
SID
X-Air-Hostname
X-Air-Trace-Id
X-Debug-Cache
X-Varnish-Beresp-Ttl
X-Tb
X-EC-Lua
X-Storage
X-Site-Version
CDN-Cache
Apple-News-Services-Host
X-External-Request-Id
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-AIR-PT
X-Epic-Correlation-Id
Apple-News-Services-Handled
CDN-CachedAt
Content-Disposition
X-CF-Lambda-Version
X-A-Dgt
X-Clientip
X-BCube-Filmed-By
X-Extlb
X-CF-Lambda-Fn
X-Cache-Bucket
BehaviorPad-Version
X-Cache-NE
X-A-Wwc
X-A-Dcw
X-Conf
X-Application
X-D
X-A-Ccd
X-Destination
X-A-Dam
A
X-Aed
X-Connection-Hash
X-B-Cookie
X-ARC
X-Developer
DCR-Decision-By
Fastcgi-X-Cache-Version
X-ScT
X-Session-Fingerprint
X-Shop-Environment
Odigeo-Trace-Id
Path
X-S-Cookie
X-S
X-Request-URI
CDN-EdgeStorageId
Expiry
X-Rewrite-Enabled
X-Routing-Service
X-Rojux
X-SRCache-Key
Fastly-SIE
M-TraceId
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Zipkin-Id
Host-ID
X-VG-WebCache
MD5-Digest
X-Tenant
Fastly-SWR
Mobile-Detection-Method
Meta-Geo-Continent
X-Vdms-Version
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Ratelimit-Reset
State
X-Aicache-OS
DCR-Processing-Time-Ms
X-NAPM-TraceId
Surrogated-Key
T-Server
CDN-Uid
X-A
X-Ftr-Request-Id
X-From
X-GoCache-CacheStatus
X-NU-AKA-ACS-Version
X-Processor
X-Forwarded-Path
X-Proxied
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestId
X-Platform-Server
X-Orig-Expires
Rendered-Blocks
X-PAYTM-SRV-ID
X-PBS-Appsvrname
User-Cache-Control
X-Cache-Ttl
Req-Svc-Chain
Platform
PB-RID
PB-PID
X-Accel-Expires-Debug
NGX
UCS
X-Forwarded-Site
X-Request-UUID
X-Rocket-Build-Number
X-Service
X-Request-Host
X-Proxy-Upstream
X-Loc
X-Men
X-Origin-Expires
X-Sigma
X-Sigma-Backend
X-VG-TLSProxy
X-VServer
X-WADP-Cache
X-Variation
X-TrackingId
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Thanos
X-LI-UUID
X-Li-Pop
X-Core-Value
X-Date
X-DPWN-IS-SECURE
X-Cms-Context
X-Clara-WADP
X-Bip
X-Cache-Info
X-Cache-Tags
X-Envoy-Decorator-Operation
X-Fastly-Backend
X-Is-Gdpr
X-JWT-State
X-Li-Fabric
X-Hash
X-Has-Esi
X-Fastly-Cache
X-Fmm-Version
L
X-Backend-State
X-Cache-Debug
X-Unique-Id
Cmstype
Fastly-Backend-Name
Fastly-Drupal-HTML
X-Varnish-Ttl
Cmsid
Adler-Geo
Cache-Key
CDCHOST
Cache-Host
C-Via
Arc-Version
X-DataDome
DSUID
X-Platform
Is-Eu
X-Amz-Meta-S3cmd-Attrs
AMP-Access-Control-Allow-Source-Origin
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
X-CGP
X-RateLimit-Remaining-Second
X-Var-Ttl
X-Req
X-Csrf-Jwt
X-VC-Cache
X-Varnish-CookieHashed-On
X-Via-NSCOPI
X-Micro-Cache
X-Mvc-Supplant-Cachable
CacheControlHeader
X-Old-Content-Length
X-Location
X-Viewer-Country
X-DefElseHash
X-Branch-Name
X-RateLimit-Limit-Second
X-Origin
X-Developers
X-GeoIP
X-Geo-Header
X-Generated-On
X-Generated-In
X-GeoIP-City
X-Served-From
X-Scheme
X-HN
X-Irp-Debug
X-Gzip
X-Generated-By
X-Gamma-Serve
X-Esi-Check
X-Device-Os
X-DC
X-Thinkindot-L3
X-Eu-Site
X-Slack-Backend
X-Level-Front-Cache
X-Wikidot-Backend
X-FC-Vary-Parameters
X-DefHash
X-Cache-Id
Origin
Thinkindot-Control
Pagetype
True-Client-Country-4JS
NM-Fastcgi-Cache
Ha-Gx-Prefs
Cf-Device-Type
Server-Host
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Pics-Label
Release
CPC-Cache
PFcat
CPC-Age
TDXMobile
Esi-Enabled
X-BBC-Edge-Cache-Status
Gh-Request-Id
Vix-Hermes-Req-Id
X-Wikidot-Static-Cache
VNS-Age
VNS-Cache
We-Hiring
Location
L5d-Success-Class
HA-Ipaddr
Mail-Subject
Locid
X-Owner
X-Gen-Mode
X-SIPLIST1
X-Fetched-On
Server-Ext
Server-Info
Kp-EeAlive
X-Nginx-Cache-Key
X-Skip-Cache
X-Planisys-CDN-Cache
X-Hnp-Log
X-Planisys-CDN-TTL
X-Goog-Meta-Goog-Reserved-File-Mtime
Fastcgi-Cache-TTL
IsBot
Memcached
X-Planisys-CDN-Rules
X-Policy
X-Sucuri-ID
X-Block-Status
X-Ckpd-Fst-Backend
X-Worker
V-Age
Svr
NtCoent-Length
Sever-Int
X-Vdms-Path
Server-Hostname
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
X-Cluster
X-Unique-ID
AKAMAI
Webserver
DataCenter
Arc-Country
X-Qloud-Router
X-M-Reqid
X-M-Log
X-HS-Content-Campaign-Id
X-NCache
X-Via-Popn
X-V-Cache
X-Qnm-Cache
X-Via-Poph
X-Auto-Login
X-User
Cache-Hits
X-Mvc-Supplant-OutputCached
Who
X-Via-Popv
X-Tx-Id
X-Content
X-Ua-Browser
X-Platform-Router
X-Rocket-Nginx-Serving-Static
X-NC
X-PF-Uncompressing
X-LSADC-Cache
X-Servedbyhost
MIME-Version
X-Platform-Cluster
X-Platform-Processor
XServer
X-Srv
X-Traceid
X-Varnish-Url
X-Render-Time
X-Minions-Version
X-SD-PageType
X-ID
X-Zone
X-Datadog-Sampling-Priority
X-Vc
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-LB-ID
X-ZONE
Environment
WebServer
X-Cache-Remote
X-Wa
X-PJAX-URL
X-Nyt-Route
X-Refresh
My-App
X-Origin-Time
Powered-By-ChinaCache
X-Cache-Var-Map
X-Cache-Var
X-API-Version
X-NodeID
X-Gdpr
X-App
X-Server-IP
X-Internal-Host
Server-ID
X-TIME
Cluster
X-Webkit-Csp
X-BBC-Origin-Response-Status
Time
X-Pass-Why
X-Cache-Config
X-Via-Ucdn
Memory
X-CACHE-KEY
X-Newrelic-Synthetics
X-Webkit-CSP-Report-Only
Candidate-Md5Url
X-Pod-Name
X-TX-ID
X-VCL-Version
X-NewRelic-App-Data
HostName
Geoip-Latitude
Datacenter
X-OVcl
X-OVcl-Cache
GeoIp-Country-Code
X-CLOUD-TRACE-CONTEXT
Resin-Trace
Hostname
Web-Mar-Region
Geo-Info
X-ElasticPress-Query
X-LI-Proto
N-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Edge-Pop
Cf-Bgj
X-VHOST
X-Backend-TTL
X-TraceId
X-Correlation-ID
Onion-Location
Magicmarker
Tcn
Ohc-File-Size
X-Akamai-Pragma-Client-IP
X-Dynatrace
X-CACHE-AGE
X-HITS
X-Origin-Response-Time
X-Varnish-Beresp-TTL
WWW-Authenticate
X-EIG-Tracking-Id
X-Li-Proto
X-Method
X-Dispatcher-Server
Servername
X-Geo
X-Esi
X-NODE
X-HOST
X-Varnish-Cacheable
GeoIP-Country-Code
DB-Nickname
Proxy-Connection
X-AB
Ssr
X-IP
X-MSEdge-Features
X-MSEdge-Flight
CDN
X-Wix-Viewer-Type
GeoIP-Latitude
X-Tt-Logid
LB
Cdn
X-HostName
X-Vcl-Version
X-Fpc
Redirect-Candidate
X-Fastly-Request-Id
X-Dynatrace-Js-Agent
X-TIM-N
X-Cs
Cf-Ipcountry
CF-Cached-On
X-Tid
X-Up
X-Request-Start
Server-Id
Tracecode
Lb
X-Node-Id
X-DynaTrace-JS-Agent
X-WA
X-Fastly-Backend-Reqs
Is-Us
X-Trv-Group
X-Cache-Date
X-APP
Sid
X-HS-Status
X-ND-Cache
Pramga
X-MG-S
X-Amz-Meta-Cb-Modifiedtime
X-Cdn-Origin
X-Sn-Servicetimems
X-Reqid
X-Webkit-Csp-Report-Only
X-Via-CDN
Cteonnt-Length
X-Pjax-Url
X-NGINX-Cache
Env
X-ServerName
WZWS-RAY
X-Nc
X-FORWARDED-FOR
URI
X-Provided-By
X-VC
W
X-Core-Mission
X-Check-Cacheable
X-Lb-Id
X-UnsetCookies
Ohc-Cache-HIT
X-CSRF-TOKEN
X-IN-APIGATEWAYSSL
X-Via-PopN
X-Via-PopH
X-Cache-Expires
X-IN-APIGATEWAY
X-ServedByHost
X-Via-PopV
X-SERVER-NAME
CloudFront-Viewer-Country
X-Cache-Backend
Mime-Version
X-ECache
CountryCode
X-Pf-Uncompressing
WP-Super-Cache
X-SN
Viewtype
Server-Ttl
Rt-Fastcgi-Cache
VivaBuild
Shield-Pop
X-Cdn-Forward
X-RAMCache
CACHE
X-LiteSpeed-Cache-Control
X-Acquia-Application-UUID
X-Pad
X-Acquia-Purge-Tags
X-Sucuri-Cache
X-Acquia-Site
X-Region-Sid
X-Edge-POP
X-Cache-ASPX
X-Cache-Status-Check
X-Acquia-Application-Trace
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Fastly-Cache-Hits
Xc-Version
X-Moov-T
EpKe-Alive
X-CUA
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Moov-Xdn-Version
X-Cdn-Request-ID
Machine
X-DSS
Ohc-Response-Time
Xet-Cookie
Vha6-Origin
X-Action
X-Dw-Trace-Id
X-Yottaa-OS
X-Webstats-RespID
X-SB
X-Swift-Error
X-DB
ServerName
X-StackifyID
X-DI
X-RPS
X-RSL
X-RPM
X-DW
X-B3-Spanid
PICS-Label
User-Agent
X-FPC
X-Ig-Push-State
X-TH-Server
Content-Style-Type
Req-ID
X-ElasticPress-Search
X-MiniProfiler-Ids
X-CF-Powered-By
Content-Script-Type