Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Request-ID
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Upgrade
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Dns-Prefetch-Control
X-Via
Keep-Alive
X-Ws-Request-Id
X-Robots-Tag
Server-Timing
Request-Context
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
X-Amz-Request-Id
Host-Header
EagleId
X-Amz-Id-2
X-Nginx-Cache-Status
Report-To
X-Rq
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
Grace
X-UA-Device
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
EagleEye-TraceId
Ali-Swift-Global-Savetime
X-Device
X-Vhost
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Amz-Version-Id
NEL
X-Dispatcher
Cf-Railgun
X-Host
X-Cache-Spec
X-Server-Id
X-CST
X-WebKit-CSP
X-Node
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
Request-Id
Surrogate-Control
X-Readtime
Accept-CH
X-Akam-SW-Version
X-Response-Time
Accept-Ch-Lifetime
Xkey
X-HW
X-Ruxit-JS-Agent
X-Language
X-Country
X-Webkit-CSP
X-Application-Context
X-Template
X-Ac
Content-Location
X-Cache-Lookup
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Url
X-B3-TraceId
Edge-Control
X-Vname
X-PC
X-TtlSet
X-Mod-Pagespeed
X-Clacks-Overhead
X-Varnish-TTL
X-Trace
X-ESI
X-Content-Type
X-MS-InvokeApp
Fastly-Restarts
X-Rack-Cache
X-Origin-Cache
X-GitHub-Request-Id
Accept-Ch
X-Cnection
X-Buckets
X-Country-Code
X-Goog-Hash
Accept-CH-Lifetime
Verso
X-D2id
X-VARITI-CCR
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Exp-Id
Arr-Disable-Session-Affinity
X-FastCGI-Cache
X-ORACLE-DMS-ECID
X-Vcap-Request-Id
Cache-Tag
X-Cached
Service-Worker-Allowed
X-Abt-Application-Version
X-Server-Name
X-Client-IP
X-Amz-Rid
X-Server-ID
X-Navigation-Version
X-Px
X-Powered-By-Plesk
RTSS
Public-Key-Pins
Access-Control-Request-Method
X-SRCache-Fetch-Status
X-Fastly-Request-ID
X-SRCache-Store-Status
X-Element-Page-Cache
X-Powered-CMS
X-MSEdge-Ref
X-Cache-TTL
X-Upstream
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Version
X-Litespeed-Cache
Display
Response
Pagespeed
X-Sol
X-Middleton-Display
X-Middleton-Response
S
X-Ttl
X-TTL
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
X-LLID
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Kraken-Loop-Name
Realpath
X-Accel-Expires
X-Cache-Key
X-Jurisdiction
X-HP-Webp
X-ECACHE
X-SharePointHealthScore
SPRequestGuid
X-Shield-Request-Id
Pinterest-Version
SPIisLatency
X-Pinterest-Rid
Pinterest-Generated-By
SPRequestDuration
X-Mid
X-T
X-MCACHE
X-PressLabs-Stats
X-DynaTrace
X-Content-Security-Policy-Report-Only
X-ORACLE-DMS-RID
X-Correlation-Id
Edge-Cache-Tag
Fastcgi-Cache
X-Forwarded-Proto
X-XRDS-Location
X-Mg-S
X-Amz-Server-Side-Encryption
X-Content-Digest
Nginx-Cache
TP-L2-Cache
TP-Cache
X-Recruiting
Charset
Filters
Front-End-Https
TCN
Alternate-Protocol
X-Request-Processing-Time
X-Id
X-Request-Received
Server-Node
X-Logged-In
X-Forwarded-For
X-Ezoic-Cdn
Content-MD5
X-Geo-Country
Cache-Tags
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
X-ASPNET-VERSION
X-Protected-By
X-Hostname
X-Amzn-Trace-Id
X-Grace
X-Origin-Upstream-Status
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-NWS-LOG-UUID
X-Www-Served-By
X-F-Cache
X-Origin-Server
X-Oneagent-Js-Injection
Cleartype
X-Amz-Replication-Status
X-Rid
X-HS-Hub-Id
X-Release
X-HS-Cache-Config
X-HS-Content-Id
Host
X-HS-Combine-CSS
X-LB-Cache
X-Debug-Info
X-Activity-Id
X-AppVersion
X-Az
X-Contextid
X-Daa-Tunnel
X-RateLimit-Remaining
Section-Io-Cache
X-Page-Id
Server-Name
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Git-Hash
X-Frontend
X-Ser
X-VCache
MicrosoftSharePointTeamServices
X-Ab
X-Respond-Thread
X-Aspnetmvc-Version
X-Cache-Age
X-Content-Options
X-Ruxit-Js-Agent
Accept-Charset
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Hits
X-Mobile-URL
ServerID
X-Source
X-DIS-Request-ID
X-WebKit-CSP-Report-Only
X-Signature
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-Route-Name
X-CACHE-GROUP
X-B-Cache
X-Request-Guid
X-Aspnet-Duration-Ms
X-Varnish-Backend
X-Cache-Action
Payment
X-Whom
Healthy
Viewport
X-FB-Debug
X-Varnish-Grace
X-Varnish-Age
X-TT
Paypal-Debug-Id
Node
X-Fastcgi-Cache
X-AOL-HN
X-App-Environment
X-B3-Sampled
DynaTrace
Fastcgi-Useragent
X-Yandex-Sdch-Disable
Version
X-Load-Cache
X-Mobile
X-Seen-By
X-N
DC
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-XRDS-LOCATION
Filterid
X-Type
X-HTML-Minification-Powered-By
SRV
X-Distributor
Retry-After
X-User-Agent
X-Tec-Api-Version
X-Tec-Api-Origin
Frame-Options
X-Tec-Api-Root
X-Cache-Control
MS-CV
X-Ua-Device
X-Jobs
Refresh
X-Cache-Expired-At
X-Response-Served-From
X-Original-Request-Id
X-Proxy-Cache-Status
X-Real-IP
X-IPLB-Instance
Amp-Access-Control-Allow-Source-Origin
NGB
X-UUID
X-Page-View
X-FW-Server
X-Adobe-Loc
X-FW-Serve
X-FW-Dynamic
X-Adobe-Content
X-Device-Type
X-Cluster-Name
X-Varnish-Server
X-Debug-IsConnected
X-Debug-IsPreview
X-FW-Static
X-Instance
X-FW-Hash
X-Region
X-FW-Type
Access-Control-Request-Headers
X-ProcessESI
X-G
VIX-Pulpo-Upstream-Status
X-Proxy
X-Tumblr-Pixel-1
X-Content-Powered-By
X-Framework
X-RemovedCookies
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cacheable-TTL
X-Tumblr-User
VIX-Pulpo-Node
X-B
X-Vgn-Hpd-Reason
X-NGENIX-Cache
X-Cache-Time
Ms-Operation-Id
X-RTag
X-IPS-LoggedIn
X-CDN-Forward
X-Azure-Ref
Uber-Trace-Id
X-Zen-Fury
X-Node-Name
AR-Request-ID
AR-ATIME
Ar-Sid
AR-CACHE
AR-PoweredBy
Countrycode
X-Cache-Rule
X-Request-Handler-Origin-Region
X-Wix-Request-Id
X-Microsite
Cache-Status
X-Cache-Hit
Section-Origin-Responded
X-Ms-Version
X-Time
X-Rendered-As
X-Is-Bot
SD-X-WS
X-Ms-Request-Id
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Oracle-Dms-Rid
Liferay-Portal
X-Mg-Request-UUID
X-Aws-Lambda-Call-Status
Referer-Policy
X-HP-Trace-Id
X-Debug
X-Drupal-Cache-Tags
X-Nginx-Cache
X-Accel-Buffering
X-EdgeConnect-Cache-Status
S-Cnection
X-Parallel-Accel
Country
Cache
X-Environment-Context
X-App-Server
X-L-Path
X-Revision
CF-IPCountry
X-RateLimit-Limit
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Operation
X-App-Version
Surrogate-Key
X-FireWall-Port
Count-Hit
X-Loop
X-UPSTREAM-Address
X-JoinUs
X-ES-SERVER
Meta-Geo
X-RN-RSRV
X-SaId
X-TNCMS
Eomportal-Instance
X-GG-Cache-Date
X-TA-CDN-Provider
X-Cache-TTL-Remaining
X-ShardId
X-Say-Cacheable
X-Cache-Type
X-Proxy-Build
Selected-Fe
From-Origin
X-Alternate-Cache-Key
X-Endurance-Cache-Level
X-Drupal-Cache-Contexts
X-ShopId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Timing-Wait
X-Sorting-Hat-PodId
X-SayCDN-TTL
X-Shopify-Stage
X-Say-TTL
X-S-Maxage
X-Be
X-VWS-Id
X-BYPASS-REASON
X-Origin-Date
X-Xfnlog-Site
X-FW-Version
Azure-Version
Azure-SlotName
Cache-Name
Country-Code
Protected
Azure-SiteName
Azure-RegionName
X-AWS-Id
X-Adobe-Source
Akamai-GRN
Azure-InstanceId
X-Request-Time
X-Proto
X-Varnish-Hostname
X-LJ-Flow-ID
X-LAGOON
X-Varnish-Beresp-Grace
X-Sql-Count
X-ProxyCache-Status
X-No-Session
X-Sql-Duration-Ms
X-Varnishpool
X-Human
X-NYM-Debug-Backend
X-ProxyCache-Key
X-Status
X-Handled-By
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Apigw-Requestid
ServedBy
X-UA-Device-Type
X-Pubstack
X-RCS-CacheZone
GEO-INFO
X-R9-Blue-Green-Version
X-PCL
X-PHP-Backend
X-PHP-Host
X-Cache-Server
X-Labrador-Cache-Channel
X-OCL
Cache-Tv-Group
Fastly-SSL
X-Akamai-Edgescape
X-Hosted-By
TWC-Connection-Speed
TWC-GeoIP-Country
X-Redis-Cache
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Privacy
X-Uri
X-Backend-Name
X-Via-Fastly
X-Hyper-Cache
X-Tumblr-Pixel-2
X-Web-Node
X-Hl-Ver
X-Section
X-Origin-Hint
X-Server-W
Webcakes-App-Version
Webcakes-Region
X-Access
X-Format
Webcakes-App-Name
TWC-Locale-Group
X-APP-VERSION
Property-Id
Nel
X-PERF
X-ApacheServer
X-Backend-Host
Mn-Server-Ip
X-FB-TRIP-ID
X-Time-Microsecs
X-Cluster-Node
X-ServerID
X-Servername
X-ATG-Version
X-B3-SpanId
X-Cache-PHP
OT-Force-Account-Verify
X-TEC-API-VERSION
Xserver
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Tumblr-Pixel-3
Cross-Origin-Opener-Policy
X-Detected-As
X-Azure-Ref-OriginShield
Backend
X-Trace-Id
X-CSRF-Token
X-Content-Age
Web-Mar-Node
X-WA-Info
X-Varnish-Cache-Hits
X-Generation-Time
X-MP-GENERATED-AT
X-Cache-Host
X-TT-LOGID
Cross-Origin-Window-Policy
X-Datadome
X-Ua
X-Varnish-Hits
X-Rule
X-Bc-Bl
Content-Secure-Policy
X-Cached-By
X-Soup
X-Via-JSL
X-CS
X-Edge-Location
X-Cache-Enabled
Ec-Rule-Version
X-Akamai-Transformed
X-NWS-UUID-VERIFY
X-Info
X-Ratelimit-Limit
Source
X-Amz-Apigw-Id
X-SRV
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Mode
X-Microcachable
S-Rt
X-Cache-Grace
X-Varnish-Beresp-Status
X-Origin-TTL
X-Origin-CC
Url
X-Forwarded-Host
X-Locale
Upgrade-Insecure-Requests
X-Magnolia-Registration
X-B3-Traceid
X-Cache-NGX
X-Air-Source
SID
X-GEO
X-Air-Trace-Id
X-Dc
X-Air-Hostname
X-EC-Lua
X-Varnish-Beresp-Ttl
X-Tb
X-Site-Version
X-Storage
X-Debug-Cache
Expiry
X-Zipkin-Id
Fastcgi-X-Cache-Version
Path
X-CF-Lambda-Fn
Rendered-Blocks
DCR-Processing-Time-Ms
Surrogated-Key
T-Server
X-Cache-NE
Req-Svc-Chain
DCR-Decision-By
X-CF-Lambda-Version
X-Clientip
MD5-Digest
Meta-Geo-Continent
X-Vtex-Processado-Em
Host-ID
M-TraceId
X-Connection-Hash
Mobile-Detection-Method
X-Vtex-Remote-Cache
Fastly-SIE
X-Conf
Fastly-SWR
Odigeo-Trace-Id
X-A
CDN-Uid
Apple-News-Services-Handled
Apple-News-Services-Host
X-Aicache-OS
X-AIR-PT
A
Apple-News-Services-Parsed-Url
X-A-Dam
X-A-Dcw
X-A-Wwc
BehaviorPad-Version
X-Aed
Apple-News-Services-Request-Url
X-Application
X-ARC
X-BCube-Filmed-By
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestId
X-A-Dgt
CDN-EdgeStorageId
CDN-CachedAt
X-A-Ccd
Content-Disposition
CDCHOST
CDN-Cache
X-B-Cookie
X-Cache-Bucket
X-Developer
X-Proxied
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Processor
X-PBS-Appsvrname
X-Ftr-Request-Id
X-NAPM-TraceId
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Rewrite-Enabled
X-Tenant
X-Session-Fingerprint
X-Unique-Id
X-Shop-Environment
X-SRCache-Key
X-ScT
X-S-Cookie
X-Rojux
X-Routing-Service
X-S
X-From
X-Orig-Expires
X-VG-WebCache
X-Vdms-Version
X-Destination
X-Epic-Correlation-Id
X-Forwarded-Path
X-VG-WebServer
X-D
X-External-Request-Id
X-Extlb
User-Cache-Control
X-DataDome
X-Cache-Ttl
X-WADP-Cache
X-Thanos
X-Request-UUID
X-Clara-WADP
UCS
X-Rocket-Build-Number
State
X-Cms-Context
NGX
X-Date
X-SVT-ORM-RULES
X-Sigma
X-Sigma-Backend
X-Service
Origin
Platform
PB-RID
PB-PID
X-DPWN-IS-SECURE
X-SVT-ORM-VERSION
X-Fastly-Backend
X-Li-Fabric
X-JWT-State
X-Li-Pop
X-LI-UUID
X-Loc
X-Is-Gdpr
X-Hash
X-Bip
X-Forwarded-Site
X-GoCache-CacheStatus
X-Has-Esi
X-Backend-State
X-Variation
X-Men
X-Fmm-Version
X-TrackingId
X-Proxy-Upstream
X-Ratelimit-Reset
L
X-Cache-Tags
X-Platform-Server
X-VServer
X-Cache-Debug
X-Origin-Expires
X-Accel-Expires-Debug
X-BBC-Edge-Cache-Status
X-Request-Host
X-Cache-Info
DSUID
Fastly-Backend-Name
Cmstype
Cmsid
Fastly-Drupal-HTML
X-Platform
Cache-Key
C-Via
Arc-Version
Adler-Geo
Cache-Host
Is-Eu
X-Ratelimit-Remaining
X-Amz-Meta-S3cmd-Attrs
AMP-Access-Control-Allow-Source-Origin
X-DC
X-Core-Value
X-DefElseHash
X-Csrf-Jwt
X-Scheme
X-SIPLIST1
X-Var-Ttl
X-Block-Status
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Level-Front-Cache
X-Varnish-Remaining-TTL
X-Branch-Name
X-Cache-Id
X-DefHash
X-Cluster
X-CGP
X-Slack-Backend
X-Thinkindot-L3
X-Served-From
X-RateLimit-Remaining-Second
X-Origin
X-HN
X-Gzip
X-GeoIP-City
X-Geo-Header
X-GeoIP
X-Hnp-Log
X-Old-Content-Length
X-Micro-Cache
X-Location
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-Generated-On
X-Generated-In
X-Esi-Check
X-Eu-Site
X-Envoy-Decorator-Operation
X-Device-Os
X-Developers
X-RateLimit-Limit-Second
X-Fastly-Cache
X-Gen-Mode
X-Generated-By
X-Gamma-Serve
X-Policy
X-FC-Vary-Parameters
X-Req
X-VarnishDD-TTL
CPC-Cache
X-Viewer-Country
Release
Pics-Label
Esi-Enabled
PFcat
CacheControlHeader
Server-Host
CPC-Age
TDXMobile
X-Via-NSCOPI
Sever-Int
Server-Hostname
Fastcgi-Cache-TTL
Pagetype
Locid
Mail-Subject
Location
L5d-Success-Class
IsBot
HA-Ipaddr
Ha-Gx-Prefs
NM-Fastcgi-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
Server-Info
Gh-Request-Id
Thinkindot-CacheControl
Server-Ext
Vix-Hermes-Req-Id
Thinkindot-CacheControl-Type
VNS-Age
VNS-Cache
X-VC-Cache
We-Hiring
Cf-Device-Type
X-VG-TLSProxy
True-Client-Country-4JS
Thinkindot-Control
X-Ckpd-Fst-Backend
Wxu-Next-Hostname
Wxu-Next-Commit
Kp-EeAlive
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Svr
X-Owner
Arc-Country
X-Vdms-Path
X-Worker
AKAMAI
Memcached
Wxu-Next-Region
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Skip-Cache
NtCoent-Length
Webserver
V-Age
X-Sucuri-ID
X-Unique-ID
X-Fetched-On
DataCenter
X-M-Log
X-HS-Content-Campaign-Id
X-M-Reqid
X-Auto-Login
X-Qloud-Router
X-NCache
X-Via-Popn
X-Mvc-Supplant-OutputCached
Cache-Hits
X-V-Cache
X-Qnm-Cache
Who
X-Tx-Id
X-User
X-Via-Poph
X-Via-Popv
X-Srv
X-Content
X-Ua-Browser
X-Render-Time
X-Rocket-Nginx-Serving-Static
X-PF-Uncompressing
MIME-Version
X-LSADC-Cache
X-NC
X-Servedbyhost
XServer
X-Varnish-Url
X-SD-PageType
X-Platform-Cluster
X-Traceid
X-Platform-Router
X-Platform-Processor
X-Minions-Version
X-Zone
X-ZONE
X-ID
X-Cache-Remote
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Wa
X-Vc
X-LB-ID
WebServer
X-Varnish-Ttl
Environment
Powered-By-ChinaCache
X-BBC-Origin-Response-Status
X-Refresh
X-API-Version
X-Gdpr
X-App
X-Origin-Time
X-Cache-Var-Map
X-Nyt-Route
X-Cache-Var
X-PJAX-URL
My-App
X-NodeID
X-TIME
X-Cache-Config
X-Server-IP
X-Pass-Why
Time
Server-ID
Memory
X-Via-Ucdn
X-Internal-Host
X-Webkit-Csp
Cluster
X-Newrelic-Synthetics
X-CACHE-KEY
X-Pod-Name
Candidate-Md5Url
X-Webkit-CSP-Report-Only
X-TX-ID
X-VCL-Version
HostName
X-NewRelic-App-Data
X-OVcl-Cache
X-OVcl
Geoip-Latitude
X-CLOUD-TRACE-CONTEXT
GeoIp-Country-Code
Datacenter
Resin-Trace
Hostname
N-Cache
Geo-Info
Cf-Bgj
Web-Mar-Region
X-Edge-Pop
X-ElasticPress-Query
X-Correlation-ID
X-LI-Proto
X-Tb-Optimization-Total-Bytes-Saved
X-Backend-TTL
X-TraceId
X-VHOST
Magicmarker
Onion-Location
Tcn
Ohc-File-Size
X-Dynatrace
X-HITS
X-Origin-Response-Time
X-CACHE-AGE
X-Akamai-Pragma-Client-IP
X-Varnish-Beresp-TTL
WWW-Authenticate
X-Varnish-Cacheable
Servername
X-Geo
X-EIG-Tracking-Id
X-Li-Proto
X-Method
X-Dispatcher-Server
X-Esi
X-NODE
Proxy-Connection
GeoIP-Country-Code
DB-Nickname
X-AB
X-Tt-Logid
X-Wix-Viewer-Type
X-IP
X-MSEdge-Features
X-MSEdge-Flight
Ssr
CDN
GeoIP-Latitude
LB
Cdn
X-HostName
X-TIM-N
X-Dynatrace-Js-Agent
X-Fastly-Request-Id
X-Vcl-Version
X-Cs
X-Fpc
Redirect-Candidate
X-Tid
Cf-Ipcountry
CF-Cached-On
Server-Id
Lb
X-Node-Id
X-Request-Start
Tracecode
X-DynaTrace-JS-Agent
Is-Us
X-APP
Sid
X-Up
X-Cache-Date
Pramga
X-ND-Cache
X-HS-Status
X-Trv-Group
X-Fastly-Backend-Reqs
X-MG-S
X-Sn-Servicetimems
X-Pjax-Url
X-NGINX-Cache
WZWS-RAY
X-Cdn-Origin
X-Amz-Meta-Cb-Modifiedtime
Cteonnt-Length
X-Webkit-Csp-Report-Only
X-Via-CDN
Env
X-WA
X-ServerName
X-Reqid
X-FORWARDED-FOR
X-Nc
X-Core-Mission
X-Check-Cacheable
URI
X-Provided-By
W
X-VC
X-Lb-Id
X-CSRF-TOKEN
Ohc-Cache-HIT
X-UnsetCookies
X-ServedByHost
Mime-Version
X-SERVER-NAME
X-Cache-Backend
X-Via-PopN
X-Via-PopH
X-Cache-Expires
CloudFront-Viewer-Country
X-Via-PopV
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-ECache
Server-Ttl
Shield-Pop
VivaBuild
CountryCode
Rt-Fastcgi-Cache
Viewtype
X-SN
WP-Super-Cache
X-Pf-Uncompressing
X-LiteSpeed-Cache-Control
X-RAMCache
X-Edge-POP
X-Cache-Status-Check
X-CCDN-CacheTTL
CACHE
X-Acquia-Application-Trace
X-Varnish-Authentication
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Cache-ASPX
X-Pad
X-Region-Sid
X-Sucuri-Cache
X-Contensis-Viewer-Groups
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Fastly-Cache-Hits
Xc-Version
X-Webstats-RespID
X-Swift-Error
X-Moov-Xdn-Version
Vha6-Origin
Ohc-Response-Time
X-CUA
X-Cdn-Request-ID
EpKe-Alive
X-Moov-T
Machine
X-DW
X-RPM
X-RPS
X-StackifyID
X-DSS
X-DI
X-SB
X-Action
X-DB
X-Dw-Trace-Id
X-RSL
X-Yottaa-OS
Xet-Cookie
ServerName
X-Cdn-Forward
X-B3-Spanid
PICS-Label
User-Agent
X-Ig-Push-State
X-FPC
Content-Script-Type
X-TH-Server
Req-ID
X-MiniProfiler-Ids
X-ElasticPress-Search
X-CF-Powered-By
Content-Style-Type