Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
ETag
X-XSS-Protection
Pragma
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Request-ID
X-DNS-Prefetch-Control
P3p
X-Content-Security-Policy
X-Iinfo
Status
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Ua-Compatible
Upgrade
X-Dns-Prefetch-Control
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Via
X-Ws-Request-Id
Keep-Alive
Request-Context
Server-Timing
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Cache-Group
X-Server-Powered-By
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
Host-Header
EagleId
Report-To
X-Nginx-Cache-Status
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
Grace
X-UA-Device
X-Page-Speed
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-Device
X-Vhost
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
NEL
X-Dispatcher
X-OneAgent-JS-Injection
Cf-Railgun
X-Host
X-WebKit-CSP
X-Cache-Spec
X-Server-Id
X-CST
X-Node
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Request-Id
Allow
Surrogate-Control
X-Readtime
Accept-CH
X-Akam-SW-Version
X-Response-Time
Accept-Ch-Lifetime
Xkey
X-Language
X-HW
X-Template
X-Application-Context
X-Country
Content-Location
X-Cache-Lookup
X-Ac
Rating
MS-Author-Via
X-Ruxit-JS-Agent
X-Url
X-Cloud-Trace-Context
X-Webkit-CSP
Edge-Control
X-Clacks-Overhead
X-Vname
X-PC
X-TtlSet
X-Mod-Pagespeed
X-Varnish-TTL
X-Trace
Fastly-Restarts
X-Content-Type
X-B3-TraceId
X-Rack-Cache
X-Buckets
X-MS-InvokeApp
X-Origin-Cache
X-ESI
X-GitHub-Request-Id
Accept-Ch
X-Country-Code
X-Goog-Hash
X-Cnection
X-VARITI-CCR
Verso
X-D2id
X-ORACLE-DMS-ECID
Arr-Disable-Session-Affinity
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-FastCGI-Cache
Cache-Tag
X-Vcap-Request-Id
Service-Worker-Allowed
X-Px
X-Cached
X-Abt-Application-Version
Accept-CH-Lifetime
X-Server-Name
X-Client-IP
X-Amz-Rid
X-Server-ID
X-Navigation-Version
X-Cache-TTL
Public-Key-Pins
RTSS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Powered-By-Plesk
X-MSEdge-Ref
Access-Control-Request-Method
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Powered-CMS
X-NF-Request-ID
X-Version
X-TTL
X-Upstream
X-Fastly-Request-ID
X-Sol
Pagespeed
X-Middleton-Response
Response
X-Middleton-Display
Display
S
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
X-LLID
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Cache-Key
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Ttl
X-Accel-Expires
X-Shield-Request-Id
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-HP-Webp
X-Jurisdiction
X-ORACLE-DMS-RID
X-ECACHE
X-DynaTrace
X-T
Realpath
X-PressLabs-Stats
SPRequestGuid
X-SharePointHealthScore
X-Litespeed-Cache
X-MCACHE
X-Mid
Edge-Cache-Tag
X-Correlation-Id
X-Content-Security-Policy-Report-Only
SPIisLatency
SPRequestDuration
X-Ruxit-Js-Agent
Fastcgi-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Mg-S
X-XRDS-Location
X-Content-Digest
X-Forwarded-Proto
TP-Cache
TP-L2-Cache
X-Recruiting
X-Id
X-Oneagent-Js-Injection
X-Request-Processing-Time
X-Request-Received
Front-End-Https
TCN
Charset
Server-Node
Alternate-Protocol
X-Logged-In
Filters
X-Geo-Country
Content-MD5
X-Forwarded-For
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
X-Protected-By
Fusion-Template-Id
Fusion-Deployment-Id
X-Ezoic-Cdn
X-ASPNET-VERSION
Cache-Tags
X-Hostname
X-NWS-LOG-UUID
X-Amzn-Trace-Id
X-Ab
X-Origin-Upstream-Status
X-Debug-Info
X-Grace
X-Www-Served-By
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-LB-Cache
X-F-Cache
Cleartype
X-Amz-Replication-Status
X-Rid
X-HS-Hub-Id
X-HS-Cache-Config
X-Az
X-HS-Content-Id
X-Origin-Server
X-AppVersion
X-Activity-Id
X-HS-Combine-CSS
Host
X-Daa-Tunnel
X-Contextid
X-Git-Hash
X-Page-Id
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
Section-Io-Cache
X-Erf-Bev-Bev
Server-Name
X-VCache
X-RateLimit-Remaining
X-Ser
X-Content-Options
MicrosoftSharePointTeamServices
X-Upgrade-Enabled
X-Aspnetmvc-Version
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-Age
X-Frontend
Access-Control-Allow-Method
Accept-Charset
ServerID
X-Hits
X-Source
X-Mobile-URL
X-DIS-Request-ID
X-Release
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Request-Guid
X-Is-Crawler
X-Route-Name
X-CACHE-GROUP
X-Varnish-Age
X-Flags
X-Signature
X-B-Cache
X-WebKit-CSP-Report-Only
X-Cache-Action
X-B3-Sampled
Healthy
Viewport
X-Whom
X-Varnish-Grace
X-FB-Debug
X-Varnish-Backend
Payment
Paypal-Debug-Id
X-Yandex-Sdch-Disable
X-TT
X-AOL-HN
DynaTrace
Fastcgi-Useragent
Node
X-Respond-Thread
X-Fastcgi-Cache
X-App-Environment
X-Load-Cache
X-Mobile
DC
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Filterid
X-Tt-Trace-Host
X-Tt-Trace-Tag
Version
X-Seen-By
X-Distributor
X-User-Agent
X-XRDS-LOCATION
SRV
X-HTML-Minification-Powered-By
X-Cache-Control
Retry-After
X-N
Frame-Options
X-HP-Trace-Id
X-Type
X-Ua-Device
Refresh
X-Jobs
X-FW-Static
X-FW-Type
MS-CV
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-Node-Name
X-Original-Request-Id
X-NGENIX-Cache
X-Response-Served-From
X-UUID
Amp-Access-Control-Allow-Source-Origin
X-Azure-Ref
X-Adobe-Loc
X-Adobe-Content
X-Proxy-Cache-Status
X-Page-View
NGB
X-Cache-Expired-At
X-Aws-Lambda-Call-Status
X-Real-IP
X-Debug-IsPreview
X-Instance
X-Debug-IsConnected
X-Varnish-Server
X-ProcessESI
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-IPLB-Instance
X-Region
X-B
X-RemovedCookies
X-Vgn-Hpd-Reason
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Cacheable-TTL
X-Cluster-Name
X-Tumblr-Pixel-0
X-G
X-Framework
X-CDN-Forward
X-Cache-Time
X-Content-Powered-By
X-Device-Type
Ms-Operation-Id
X-RTag
Access-Control-Request-Headers
X-Proxy
X-Parallel-Accel
X-Cache-Hit
X-Zen-Fury
SD-X-WS
Referer-Policy
X-IPS-LoggedIn
X-Cache-Rule
Liferay-Portal
Uber-Trace-Id
X-Drupal-Cache-Tags
X-Is-Bot
X-Rendered-As
X-Ms-Version
Cache-Status
X-Ms-Request-Id
X-Wix-Request-Id
X-Oracle-Dms-Rid
X-Time
X-App-Server
X-EdgeConnect-Cache-Status
Section-Io-Origin-Time-Seconds
Countrycode
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
X-Mg-Request-UUID
X-Revision
X-L-Path
X-Environment-Context
X-Debug
S-Cnection
X-B3-Traceid
X-Yottaa-Metrics
X-Yottaa-Optimizations
Country
X-APP-VERSION
X-TA-CDN-Provider
CF-IPCountry
Count-Hit
X-Accel-Buffering
X-Cache-Operation
X-RateLimit-Limit
X-Drupal-Cache-Contexts
X-Nginx-Cache
X-FW-Version
Akamai-GRN
X-RN-RSRV
X-UPSTREAM-Address
X-ES-SERVER
X-Microsite
X-Request-Handler-Origin-Region
X-Endurance-Cache-Level
X-GG-Cache-Date
X-SaId
Meta-Geo
X-JoinUs
X-Say-Cacheable
Cache
X-Say-TTL
From-Origin
X-Adobe-Source
X-SayCDN-TTL
X-TNCMS
X-Cache-TTL-Remaining
X-Loop
X-LAGOON
X-Cache-Type
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-RegionName
Fastly-SSL
X-Sql-Count
X-Human
Azure-InstanceId
X-R9-Blue-Green-Version
X-Sql-Duration-Ms
X-Request-Time
X-Varnish-Beresp-Grace
X-S-Maxage
GEO-INFO
Country-Code
Surrogate-Key
X-PCL
X-NYM-Debug-Backend
X-OCL
X-ShopId
X-No-Session
X-Varnish-Hostname
X-LJ-Flow-ID
X-ProxyCache-Status
X-Shopify-Stage
X-Status
X-Sorting-Hat-ShopId
X-Origin-Date
Cache-Name
Cache-Tv-Group
X-Sorting-Hat-PodId
Decoy-Debug-Key
X-Storefront-Renderer-Rendered
X-Via-Fastly
Decoy-Debug-TTL
Decoy-Debug-Status
Protected
X-Varnishpool
X-PHP-Host
X-Handled-By
X-Be
X-BYPASS-REASON
X-Alternate-Cache-Key
X-Proto
X-Hosted-By
X-AWS-Id
X-ProxyCache-Key
X-Labrador-Cache-Channel
X-ShardId
X-VWS-Id
X-Pubstack
X-RCS-CacheZone
X-Timing-Wait
Property-Id
Selected-Fe
X-Cluster-Node
Eomportal-Instance
X-Redis-Cache
X-Proxy-Build
X-Format
X-Section
X-Xfnlog-Site
X-Cache-Server
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-ApacheServer
X-Web-Node
X-Akamai-Edgescape
X-Access
X-Server-W
X-PERF
TWC-Locale-Group
X-Origin-Hint
X-Tumblr-Pixel-2
TWC-Connection-Speed
X-UA-Device-Type
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
ServedBy
Webcakes-Region
Apigw-Requestid
Mn-Server-Ip
AR-CACHE
AR-ATIME
X-Uri
Nel
AR-PoweredBy
AR-Request-ID
X-Backend-Host
X-Time-Microsecs
X-PHP-Backend
Ar-Sid
X-Hyper-Cache
Cross-Origin-Opener-Policy
X-FB-TRIP-ID
OT-Force-Account-Verify
X-Backend-Name
X-B3-SpanId
X-App-Version
X-Servername
X-Hl-Ver
X-ServerID
X-Tumblr-Pixel-3
Cross-Origin-Window-Policy
X-Detected-As
X-ATG-Version
X-Azure-Ref-OriginShield
X-Ua
Web-Mar-Node
X-FireWall-Port
X-Varnish-Cache-Hits
X-Cache-Host
X-Generation-Time
X-Cache-PHP
Source
X-Content-Age
Content-Secure-Policy
X-Varnish-Hits
Ec-Rule-Version
X-Ratelimit-Limit
X-Datadome
X-Trace-Id
X-Via-JSL
Backend
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Akamai-Transformed
X-Air-Trace-Id
X-Forwarded-Host
X-Air-Source
X-Content
X-Ua-Browser
X-Amz-Apigw-Id
X-MP-GENERATED-AT
Xserver
Upgrade-Insecure-Requests
X-Air-Hostname
X-Amzn-RequestId
X-Cache-Grace
X-Cdn
X-WA-Info
X-TT-LOGID
X-Mode
X-CS
X-CSRF-Token
X-Microcachable
X-Soup
X-Locale
X-NWS-UUID-VERIFY
X-Amzn-Remapped-Content-Length
X-Dc
X-SRV
X-Ratelimit-Remaining
X-Edge-Location
Url
X-Cache-Enabled
X-Unique-Id
X-Origin-TTL
X-Origin-CC
X-Bc-Bl
X-Site-Version
X-Tenant
Content-Disposition
X-Rule
X-Info
X-Proxied
X-Extlb
X-Zipkin-Id
X-Routing-Service
X-GEO
X-Tb
SID
S-Rt
X-Varnish-Beresp-Status
X-Magnolia-Registration
X-Varnish-Beresp-Ttl
X-Cache-NE
X-A-Wwc
X-A-Dgt
X-Application
X-B-Cookie
X-Vtex-Processado-Em
X-BCube-Filmed-By
X-Vtex-Remote-Cache
X-Aicache-OS
X-Aed
X-AIR-PT
X-Cache-Bucket
X-ARC
X-BBC-Edge-Cache-Status
Apple-News-Services-Host
CDN-RequestId
CDN-Uid
Mobile-Detection-Method
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
Meta-Geo-Continent
MD5-Digest
Fastly-SIE
Expiry
Fastly-SWR
DCR-Processing-Time-Ms
Host-ID
DCR-Decision-By
CDN-Cache
CDCHOST
A
Surrogated-Key
Apple-News-Services-Handled
T-Server
X-A
X-A-Dam
X-A-Ccd
X-CF-Lambda-Fn
Apple-News-Services-Parsed-Url
Path
Odigeo-Trace-Id
BehaviorPad-Version
Rendered-Blocks
Apple-News-Services-Request-Url
Req-Svc-Chain
X-A-Dcw
X-Debug-Cache
Fastcgi-X-Cache-Version
X-VG-WebCache
X-Vdms-Version
X-CF-Lambda-Version
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-VG-WebServer
X-S
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-PBS-Appsvrname
X-Platform-Server
X-Processor
X-PAYTM-SRV-ID
X-Orig-Expires
X-Rebelmouse-Cache-Control
X-NAPM-TraceId
X-Ratelimit-Reset
X-Forwarded-Path
X-Ftr-Request-Id
X-D
X-Session-Fingerprint
User-Cache-Control
X-Destination
X-M-Reqid
X-SRCache-Key
X-Shop-Environment
X-Conf
X-Connection-Hash
X-ScT
X-Developer
X-M-Log
X-Epic-Correlation-Id
X-External-Request-Id
X-NCache
X-EC-Lua
X-Storage
X-Qnm-Cache
X-Proxy-Upstream
X-SVT-ORM-RULES
L
Fastly-Backend-Name
Platform
NGX
X-Request-UUID
X-Service
X-Scheme
X-TrackingId
X-SVT-ORM-VERSION
Is-Eu
Origin
X-Li-Pop
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
X-Fastly-Cache
X-Worker
X-From
X-Backend-State
X-Date
X-Cms-Context
X-VServer
X-Cache-Info
X-Core-Value
X-Accel-Expires-Debug
X-Has-Esi
X-Loc
UCS
X-Men
X-NU-AKA-ACS-Version
State
X-LI-UUID
X-Variation
X-Is-Gdpr
X-JWT-State
X-Li-Fabric
X-VG-TLSProxy
X-Origin-Expires
X-Cache-Debug
Cache-Key
X-Tx-Id
Adler-Geo
X-DataDome
Cache-Host
X-Micro-Cache
X-Cache-NGX
AMP-Access-Control-Allow-Source-Origin
X-Cached-By
X-Device-Os
X-Developers
X-DefHash
X-DefElseHash
X-Esi-Check
X-Fastly-Backend
X-Generated-On
X-Geo-Header
X-Generated-By
X-Gen-Mode
X-Forwarded-Site
X-Gamma-Serve
DataCenter
X-Clientip
X-Auto-Login
X-Bip
X-LSADC-Cache
VNS-Cache
VNS-Age
X-Block-Status
X-Branch-Name
X-Ckpd-Fst-Backend
X-Gzip
X-Wikidot-Static-Cache
X-Cache-Tags
X-Cache-Id
X-Cluster
X-Hnp-Log
X-SIPLIST1
X-Skip-Cache
X-Sigma-Backend
X-Sigma
X-Served-From
X-Slack-Backend
X-Thanos
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Thinkindot-L3
X-Rocket-Build-Number
X-Via-NSCOPI
Vix-Hermes-Req-Id
X-Viewer-Country
X-Level-Front-Cache
X-Wikidot-Backend
X-VC-Cache
X-Location
X-Nginx-Cache-Key
X-RateLimit-Remaining-Second
Fastcgi-Cache-TTL
X-RateLimit-Limit-Second
X-Origin
X-Old-Content-Length
X-HN
X-Req
Svr
Location
Locid
M-TraceId
Sever-Int
Cmstype
IsBot
CPC-Age
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
Cmsid
Cf-Device-Type
Arc-Version
PFcat
C-Via
Pics-Label
PB-RID
PB-PID
Server-Hostname
Server-Host
Server-Ext
Arc-Country
CPC-Cache
AKAMAI
Fastly-Drupal-HTML
Esi-Enabled
Thinkindot-Control
True-Client-Country-4JS
X-Amz-Meta-S3cmd-Attrs
X-Eu-Site
X-Irp-Debug
Wxu-Next-Region
Pagetype
CacheControlHeader
X-Planisys-CDN-Cache
X-Platform-Router
X-Owner
X-HS-Content-Campaign-Id
X-Mvc-Supplant-Cachable
NM-Fastcgi-Cache
X-Fetched-On
X-Goog-Meta-Goog-Reserved-File-Mtime
Release
X-Generated-In
V-Age
X-GeoIP
X-Rocket-Nginx-Serving-Static
X-Hash
X-Planisys-CDN-Rules
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
X-FC-Vary-Parameters
X-Platform-Processor
L5d-Success-Class
DSUID
X-CGP
X-Planisys-CDN-TTL
X-Vdms-Path
Gh-Request-Id
X-Sucuri-ID
HA-Ipaddr
Ha-Gx-Prefs
NtCoent-Length
Mail-Subject
X-GeoIP-City
X-Platform-Cluster
XServer
X-Policy
X-Platform
X-Var-Ttl
Server-Info
X-Csrf-Jwt
X-Request-Host
X-Render-Time
Memcached
Webserver
X-SD-PageType
X-GoCache-CacheStatus
X-Qloud-Router
X-WADP-Cache
X-V-Cache
X-Fmm-Version
X-Clara-WADP
X-CLOUD-TRACE-CONTEXT
X-Unique-ID
X-Cache-Var-Map
X-Cache-Remote
X-Cache-Var
Environment
X-Srv
Cache-Hits
X-DC
X-Mvc-Supplant-OutputCached
X-NodeID
X-Nyt-Route
X-API-Version
X-Servedbyhost
X-Gdpr
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-PJAX-URL
MIME-Version
X-Origin-Time
Kp-EeAlive
X-Datadog-Sampling-Priority
X-NC
X-Via-Ucdn
X-Via-Popn
X-Via-Poph
X-Via-Popv
X-Vc
X-PF-Uncompressing
X-Pod-Name
X-Cache-Config
X-User
X-Wa
X-Server-IP
X-BBC-Origin-Response-Status
Candidate-Md5Url
WebServer
X-Varnish-Ttl
Memory
X-Zone
Cluster
X-ZONE
X-App
Time
Who
X-Refresh
X-Varnish-Url
X-TIME
X-Traceid
Server-ID
HostName
X-Internal-Host
X-Webkit-Csp
X-Minions-Version
X-CACHE-KEY
Onion-Location
GeoIp-Country-Code
X-VCL-Version
X-Webkit-CSP-Report-Only
X-LB-ID
Web-Mar-Region
X-Pass-Why
My-App
N-Cache
X-Newrelic-Synthetics
X-ID
X-NewRelic-App-Data
Geoip-Latitude
X-Edge-Pop
Powered-By-ChinaCache
X-Tt-Logid
Resin-Trace
X-Esi
X-Cache-Ttl
X-Tb-Optimization-Total-Bytes-Saved
X-ElasticPress-Query
X-TraceId
Geo-Info
Servername
X-Varnish-Cacheable
X-LI-Proto
X-Akamai-Pragma-Client-IP
CDN
X-Correlation-ID
X-VHOST
Datacenter
WWW-Authenticate
X-Fastly-Request-Id
Tcn
Ohc-File-Size
X-TX-ID
X-CACHE-AGE
X-HITS
X-EIG-Tracking-Id
X-OVcl
X-OVcl-Cache
X-Origin-Response-Time
X-Dynatrace
X-Varnish-Beresp-TTL
Cf-Bgj
X-Tid
Redirect-Candidate
X-TIM-N
X-Li-Proto
X-Geo
X-Fpc
X-Backend-TTL
LB
Hostname
Tracecode
Magicmarker
Proxy-Connection
X-NODE
X-AB
Pramga
X-Up
X-Wix-Viewer-Type
X-Cache-Date
X-Request-Start
X-Method
X-NGINX-Cache
X-Dynatrace-Js-Agent
Cdn
X-HostName
X-Vcl-Version
X-Cs
X-Amz-Meta-Cb-Modifiedtime
X-Sn-Servicetimems
X-Cdn-Origin
X-Dispatcher-Server
CloudFront-Viewer-Country
X-CSRF-TOKEN
Cf-Ipcountry
X-MSEdge-Features
Server-Id
Lb
X-MSEdge-Flight
X-Fastly-Backend-Reqs
W
Is-Us
GeoIP-Country-Code
X-Provided-By
X-UnsetCookies
CF-Cached-On
X-Lb-Id
X-IP
Sid
X-HS-Status
X-COUNTRY
X-APP
X-Cache-Expires
Ssr
X-Core-Mission
GeoIP-Latitude
X-MG-S
DB-Nickname
X-WA
Cteonnt-Length
X-ServerName
X-Reqid
X-Webkit-Csp-Report-Only
WP-Super-Cache
X-FORWARDED-FOR
X-Check-Cacheable
URI
X-Cache-Status-Check
X-DynaTrace-JS-Agent
X-Node-Id
X-Sucuri-Cache
X-Region-Sid
Ohc-Cache-HIT
CountryCode
X-SERVER-NAME
X-Moov-Xdn-Version
X-CCDN-Origin-Time
X-Moov-T
X-CCDN-CacheTTL
X-Via-PopH
X-Via-PopV
X-Cache-Backend
X-VC
X-ND-Cache
X-Trv-Group
X-Nc
Xc-Version
X-Via-PopN
X-Hcs-Proxy-Type
Mime-Version
X-ECache
WZWS-RAY
X-Ig-Push-State
Env
EpKe-Alive
X-Pad
Shield-Pop
User-Agent
X-Via-CDN
X-ServedByHost
X-Pjax-Url
X-SN
CACHE
X-Pf-Uncompressing
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-RAMCache
X-Edge-POP
X-Amz-Meta-Opti
X-Fastly-Cache-Hits
X-Varnish-Authentication
FSS-Cache
X-CUA
X-LiteSpeed-Cache-Control
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Nginx-Upstream-Cache-Status
X-Dispatch
On-Server
X-B3-Spanid
X-Cdn-Request-ID
HIT
X-RPS
X-SB
X-Parent-Response-Time
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Action
Vha6-Origin
X-Oss-Hash-Crc64ecma
X-Webstats-RespID
X-Dw-Trace-Id
X-Oss-Object-Type
Ohc-Response-Time
X-DB
X-DI
X-Oss-Request-Id
Xet-Cookie
X-Oss-Storage-Class
Server-Ttl
X-StackifyID
X-Swift-Error
X-DSS
X-DW
X-RPM
X-RSL
X-Oss-Server-Time
X-TRACE-ID
X-Cdn-Forward
X-Env-Sha256-Sig
X-Amzn-Remapped-X-Forwarded-For
X-Amzn-Remapped-User-Agent
X-Env-Stack-Name
X-Amzn-Remapped-Host
X-Forwarded-Port
X-UP
X-Snapshot-Date
X-Ftr-Viewer-Uri
X-FPC
Fastly-Drupal-Html
Rt-Fastcgi-Cache
Content-Style-Type
Req-ID
X-Yottaa-OS
Hit
Content-Script-Type
ServerName
VivaBuild
X-MiniProfiler-Ids
Viewtype
X-CF-Powered-By