Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
ETag
X-XSS-Protection
Pragma
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Request-ID
X-Cacheable
Timing-Allow-Origin
X-DNS-Prefetch-Control
P3p
X-Content-Security-Policy
X-Iinfo
Status
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Ua-Compatible
Upgrade
X-Dns-Prefetch-Control
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Via
X-Ws-Request-Id
Keep-Alive
Server-Timing
Request-Context
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Cache-Group
X-Backend
X-Server-Powered-By
X-Amz-Request-Id
EagleId
Host-Header
X-Amz-Id-2
Report-To
X-Nginx-Cache-Status
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
Grace
X-UA-Device
X-Page-Speed
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-Device
X-Vhost
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Dispatcher
X-OneAgent-JS-Injection
NEL
Cf-Railgun
X-Host
X-WebKit-CSP
X-Cache-Spec
X-Server-Id
X-CST
X-Node
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
Request-Id
Surrogate-Control
X-Readtime
Accept-Ch-Lifetime
X-Akam-SW-Version
Accept-CH
X-Response-Time
Xkey
X-Language
X-HW
X-Template
X-Application-Context
X-Country
Content-Location
X-Cache-Lookup
X-Ac
Rating
MS-Author-Via
X-Url
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Webkit-CSP
Edge-Control
X-Clacks-Overhead
X-PC
X-Vname
X-TtlSet
X-Mod-Pagespeed
X-Varnish-TTL
Accept-Ch
X-Trace
Fastly-Restarts
X-Content-Type
X-B3-TraceId
X-Rack-Cache
X-Buckets
X-MS-InvokeApp
X-Origin-Cache
X-ESI
X-GitHub-Request-Id
X-Country-Code
X-Goog-Hash
X-Cnection
X-VARITI-CCR
Verso
X-D2id
X-ORACLE-DMS-ECID
Arr-Disable-Session-Affinity
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Use-Magma
X-FastCGI-Cache
Cache-Tag
X-Px
X-Vcap-Request-Id
Service-Worker-Allowed
X-Cached
X-Abt-Application-Version
X-Server-Name
X-Client-IP
X-Amz-Rid
X-Server-ID
X-Navigation-Version
X-Cache-TTL
Public-Key-Pins
X-TTL
X-SRCache-Fetch-Status
X-SRCache-Store-Status
RTSS
X-Powered-By-Plesk
Accept-CH-Lifetime
X-MSEdge-Ref
Access-Control-Request-Method
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Powered-CMS
X-NF-Request-ID
X-Version
X-Upstream
X-Fastly-Request-ID
Response
X-Middleton-Display
X-Middleton-Response
X-Sol
Pagespeed
Display
S
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
X-LLID
X-Ruxit-Js-Agent
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Cache-Key
X-ECACHE
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Accel-Expires
Pinterest-Version
Pinterest-Generated-By
X-Shield-Request-Id
X-Pinterest-Rid
X-HP-Webp
X-Jurisdiction
X-Correlation-Id
X-ORACLE-DMS-RID
X-T
Realpath
X-Litespeed-Cache
X-PressLabs-Stats
SPRequestGuid
X-MCACHE
X-SharePointHealthScore
X-Mid
X-Content-Security-Policy-Report-Only
Edge-Cache-Tag
X-DynaTrace
X-Ttl
Fastcgi-Cache
SPRequestDuration
SPIisLatency
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Mg-S
X-XRDS-Location
X-Content-Digest
X-Forwarded-Proto
X-Recruiting
TP-L2-Cache
TP-Cache
X-Id
X-Oneagent-Js-Injection
X-Request-Processing-Time
X-Request-Received
Front-End-Https
Charset
Server-Node
Alternate-Protocol
X-Logged-In
Filters
Content-MD5
X-Geo-Country
TCN
X-Forwarded-For
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Protected-By
X-Ezoic-Cdn
X-ASPNET-VERSION
X-Hostname
Cache-Tags
X-NWS-LOG-UUID
X-Ab
X-Amzn-Trace-Id
X-Origin-Upstream-Status
X-Grace
X-Www-Served-By
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Cleartype
X-LB-Cache
X-Debug-Info
X-F-Cache
X-Amz-Replication-Status
X-Origin-Server
X-Az
X-AppVersion
X-Activity-Id
X-HS-Cache-Config
X-Rid
X-HS-Content-Id
X-HS-Hub-Id
Host
X-HS-Combine-CSS
X-Daa-Tunnel
X-Contextid
X-Git-Hash
X-Page-Id
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Section-Io-Cache
Server-Name
X-Content-Options
X-VCache
X-Ser
X-Aspnetmvc-Version
X-Frontend
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-Age
MicrosoftSharePointTeamServices
X-Upgrade-Enabled
Access-Control-Allow-Method
X-RateLimit-Remaining
ServerID
Accept-Charset
X-Hits
X-Source
X-Mobile-URL
X-Release
X-Flags
X-Route-Name
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Aspnet-Duration-Ms
X-Varnish-Age
X-DIS-Request-ID
X-CACHE-GROUP
X-B3-Sampled
X-Cache-Action
X-Signature
X-B-Cache
X-WebKit-CSP-Report-Only
Healthy
Viewport
X-Yandex-Sdch-Disable
Payment
Paypal-Debug-Id
X-Whom
X-Varnish-Grace
X-TT
X-FB-Debug
X-Varnish-Backend
X-AOL-HN
Fastcgi-Useragent
X-Fastcgi-Cache
X-App-Environment
X-Respond-Thread
Node
DynaTrace
X-Load-Cache
X-Mobile
DC
X-Tt-Trace-Tag
X-Tt-Trace-Host
Filterid
X-Tec-Api-Origin
X-Tec-Api-Version
X-Seen-By
X-Tec-Api-Root
Version
X-Distributor
X-User-Agent
X-XRDS-LOCATION
SRV
X-Cache-Control
X-HTML-Minification-Powered-By
Retry-After
X-N
Frame-Options
X-HP-Trace-Id
X-Type
X-Ua-Device
Refresh
X-Jobs
X-FW-Type
X-FW-Static
X-FW-Server
MS-CV
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-Node-Name
X-Original-Request-Id
X-Response-Served-From
X-NGENIX-Cache
X-Azure-Ref
X-UUID
NGB
X-Page-View
X-Cache-Expired-At
X-Proxy-Cache-Status
X-Instance
X-Debug-IsPreview
X-Real-IP
X-Adobe-Loc
X-Adobe-Content
X-Debug-IsConnected
X-Varnish-Server
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
Nel
X-RemovedCookies
X-G
X-ProcessESI
VIX-Pulpo-Node
X-Region
X-Tumblr-Pixel
X-Vgn-Hpd-Reason
X-B
X-Aws-Lambda-Call-Status
X-Cacheable-TTL
VIX-Pulpo-Upstream-Status
X-IPLB-Instance
X-Device-Type
X-Framework
Ms-Operation-Id
X-Cache-Time
X-RTag
X-CDN-Forward
X-Cluster-Name
X-Content-Powered-By
X-Proxy
X-Cache-Hit
Access-Control-Request-Headers
Amp-Access-Control-Allow-Source-Origin
X-Parallel-Accel
SD-X-WS
X-Zen-Fury
Referer-Policy
Liferay-Portal
X-IPS-LoggedIn
Uber-Trace-Id
X-Drupal-Cache-Tags
X-Rendered-As
X-Is-Bot
X-Ms-Version
X-Ms-Request-Id
X-Cache-Rule
Cache-Status
X-Oracle-Dms-Rid
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
X-App-Server
X-Time
Countrycode
X-Mg-Request-UUID
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-L-Path
X-Environment-Context
X-Revision
X-Debug
S-Cnection
X-B3-Traceid
X-Yottaa-Metrics
X-Yottaa-Optimizations
Country
X-TA-CDN-Provider
X-Accel-Buffering
CF-IPCountry
X-Cache-Operation
X-RateLimit-Limit
Count-Hit
X-FW-Version
X-Drupal-Cache-Contexts
X-Nginx-Cache
Akamai-GRN
X-APP-VERSION
X-GG-Cache-Date
X-Microsite
X-Request-Handler-Origin-Region
X-SaId
X-JoinUs
Meta-Geo
X-UPSTREAM-Address
X-ES-SERVER
X-Endurance-Cache-Level
X-RN-RSRV
X-App-Version
From-Origin
X-TNCMS
X-Cache-TTL-Remaining
X-LAGOON
X-Loop
X-Say-TTL
X-Cache-Type
X-SayCDN-TTL
X-Say-Cacheable
Cache
Surrogate-Key
Azure-InstanceId
X-Adobe-Source
Azure-Version
Country-Code
X-NYM-Debug-Backend
X-Sql-Count
X-S-Maxage
X-OCL
X-PCL
Fastly-SSL
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-Sql-Duration-Ms
X-R9-Blue-Green-Version
X-Be
X-Request-Time
X-Varnish-Hostname
Cache-Name
X-AWS-Id
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Pubstack
X-RCS-CacheZone
X-Via-Fastly
X-Varnishpool
X-Status
Apigw-Requestid
X-Origin-Date
Decoy-Debug-TTL
X-LJ-Flow-ID
X-Human
Decoy-Debug-Status
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Proto
X-Hosted-By
Protected
X-No-Session
Decoy-Debug-Key
X-ShopId
X-B3-SpanId
X-VWS-Id
X-Varnish-Beresp-Grace
X-ShardId
X-Sorting-Hat-ShopId
Eomportal-Instance
TWC-Device-Class
Selected-Fe
Property-Id
ServedBy
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-PHP-Host
X-ProxyCache-Status
X-Redis-Cache
X-ProxyCache-Key
X-Proxy-Build
X-PERF
X-Section
X-Server-W
X-Tumblr-Pixel-2
X-Timing-Wait
X-UA-Device-Type
X-Web-Node
X-Xfnlog-Site
X-Origin-Hint
X-Labrador-Cache-Channel
X-Access
X-Akamai-Edgescape
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
X-ApacheServer
X-BYPASS-REASON
X-Handled-By
X-Format
X-Cluster-Node
X-Cache-Server
TWC-Locale-Group
Webcakes-App-Version
Cache-Tv-Group
X-PHP-Backend
AR-PoweredBy
Ar-Sid
Mn-Server-Ip
AR-Request-ID
AR-CACHE
AR-ATIME
X-Hyper-Cache
X-Backend-Host
X-Uri
X-FB-TRIP-ID
X-Time-Microsecs
Cross-Origin-Opener-Policy
GEO-INFO
OT-Force-Account-Verify
X-Hl-Ver
X-Backend-Name
X-ServerID
X-Tumblr-Pixel-3
X-ATG-Version
X-Detected-As
Cross-Origin-Window-Policy
X-Azure-Ref-OriginShield
X-Servername
Web-Mar-Node
X-Ua
X-Cache-Host
X-Varnish-Cache-Hits
X-Datadome
X-FireWall-Port
X-Generation-Time
X-Cache-PHP
Source
Ec-Rule-Version
X-Varnish-Hits
X-Content-Age
Content-Secure-Policy
X-TT-LOGID
X-Ratelimit-Remaining
X-Ratelimit-Limit
X-Via-JSL
X-Trace-Id
Backend
X-SRV
X-Content
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Akamai-Transformed
X-Ua-Browser
X-CS
X-Air-Hostname
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-MP-GENERATED-AT
X-Forwarded-Host
X-Amzn-RequestId
Xserver
X-Air-Trace-Id
X-Air-Source
X-Cache-Grace
X-Cdn
X-Microcachable
X-WA-Info
X-CSRF-Token
X-Mode
X-Locale
X-NWS-UUID-VERIFY
X-Amzn-Remapped-Content-Length
X-Soup
X-Dc
X-Cache-Enabled
Url
X-Edge-Location
X-Origin-TTL
X-Origin-CC
X-Bc-Bl
X-Site-Version
X-Rule
X-Info
Content-Disposition
X-Tenant
X-Zipkin-Id
X-Extlb
AMP-Access-Control-Allow-Source-Origin
X-Proxied
X-Routing-Service
SID
S-Rt
X-Tb
X-Varnish-Beresp-Ttl
X-Magnolia-Registration
Apple-News-Services-Request-Url
Rendered-Blocks
X-Debug-Cache
BehaviorPad-Version
X-Developer
X-A-Ccd
X-Destination
Apple-News-Services-Parsed-Url
X-D
A
X-Conf
Apple-News-Services-Host
CDCHOST
X-A
Apple-News-Services-Handled
X-Connection-Hash
X-A-Dcw
X-Cache-Bucket
User-Cache-Control
X-AIR-PT
X-Application
X-BCube-Filmed-By
X-B-Cookie
X-ARC
X-BBC-Edge-Cache-Status
X-Aicache-OS
Req-Svc-Chain
X-CF-Lambda-Version
X-A-Wwc
X-A-Dgt
X-CF-Lambda-Fn
Surrogated-Key
X-Aed
X-Cache-NE
X-A-Dam
X-Orig-Expires
X-S-Cookie
X-Unique-Id
DCR-Decision-By
X-ScT
X-Session-Fingerprint
DCR-Processing-Time-Ms
X-S
X-Rojux
CDN-Cache
X-Rebelmouse-Cache-Control
X-Request-URI
Meta-Geo-Continent
X-Rewrite-Enabled
X-Shop-Environment
X-SRCache-Key
Fastcgi-X-Cache-Version
X-M-Reqid
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Fastly-SWR
X-M-Log
X-VG-WebServer
Expiry
MD5-Digest
X-Vdms-Version
Host-ID
X-VG-WebCache
X-Ratelimit-Reset
X-Rebelmouse-Surrogate-Control
X-From
X-Forwarded-Path
CDN-EdgeStorageId
X-External-Request-Id
X-Ftr-Request-Id
CDN-PullZone
CDN-RequestId
CDN-Uid
Fastly-SIE
X-Epic-Correlation-Id
Odigeo-Trace-Id
X-PBS-Appsvrname
X-Platform-Server
X-Processor
Mobile-Detection-Method
CDN-RequestCountryCode
X-PAYTM-SRV-ID
X-NAPM-TraceId
CDN-CachedAt
X-NU-AKA-ACS-Version
T-Server
X-Varnish-Beresp-Status
X-EC-Lua
X-GEO
X-Qnm-Cache
X-NCache
X-Storage
Path
NGX
L
Pics-Label
Is-Eu
State
Platform
X-Li-Pop
X-Scheme
X-Service
X-Request-UUID
X-Proxy-Upstream
X-Men
X-Origin-Expires
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-VServer
X-Worker
X-VG-TLSProxy
X-Variation
X-TrackingId
X-Loc
X-LI-UUID
X-Core-Value
X-Date
X-Cms-Context
X-Cache-Debug
X-Accel-Expires-Debug
X-Backend-State
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-JWT-State
X-Li-Fabric
X-Is-Gdpr
X-Has-Esi
X-Fastly-Cache
UCS
X-Cache-Info
X-Micro-Cache
Cache-Host
Cache-Key
Fastly-Backend-Name
Adler-Geo
X-Cached-By
X-Cache-NGX
X-Cache-Id
X-Thanos
X-Cache-Tags
X-Clientip
X-Skip-Cache
X-SIPLIST1
X-Cluster
X-Thinkindot-L3
X-Ckpd-Fst-Backend
X-Slack-Backend
X-Block-Status
X-Via-NSCOPI
X-LSADC-Cache
AKAMAI
VNS-Cache
VNS-Age
X-VC-Cache
X-VarnishDD-TTL
X-Bip
X-Sigma-Backend
X-Auto-Login
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Branch-Name
DataCenter
X-Gzip
X-HN
X-Geo-Header
X-Generated-On
X-Gen-Mode
X-Generated-By
X-Hnp-Log
X-Level-Front-Cache
X-Nginx-Cache-Key
X-Location
X-Old-Content-Length
X-Tx-Id
X-Origin
X-Gamma-Serve
X-RateLimit-Limit-Second
X-Developers
X-Device-Os
X-DefHash
X-DefElseHash
Vix-Hermes-Req-Id
X-Rocket-Build-Number
X-Esi-Check
X-RateLimit-Remaining-Second
X-Forwarded-Site
X-Req
X-Fastly-Backend
Fastly-Drupal-HTML
X-Sigma
X-Varnish-CookieHashed-On
PFcat
PB-RID
PB-PID
Cf-Device-Type
X-Wikidot-Static-Cache
Server-Ext
X-Wikidot-Backend
Server-Hostname
Server-Host
Origin
Cmstype
IsBot
Esi-Enabled
Fastcgi-Cache-TTL
Location
Locid
CPC-Age
CPC-Cache
M-TraceId
Sever-Int
Cmsid
X-Viewer-Country
Arc-Version
C-Via
Svr
True-Client-Country-4JS
Arc-Country
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
TDXMobile
X-Amz-Meta-S3cmd-Attrs
X-Unique-ID
L5d-Success-Class
X-Generated-In
X-Platform-Processor
Wxu-Next-Hostname
Memcached
X-FC-Vary-Parameters
DSUID
Mail-Subject
Wxu-Next-Commit
We-Hiring
X-Fetched-On
X-Platform-Router
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Planisys-CDN-Cache
X-Irp-Debug
X-Planisys-CDN-Rules
X-Owner
HA-Ipaddr
Gh-Request-Id
Ha-Gx-Prefs
X-Planisys-CDN-TTL
X-Platform
X-Eu-Site
X-GeoIP-City
X-GeoIP
X-Hash
V-Age
X-Policy
X-HS-Content-Campaign-Id
X-Rocket-Nginx-Serving-Static
X-Request-Host
X-CGP
CacheControlHeader
X-Csrf-Jwt
Pagetype
Release
X-Sucuri-ID
X-Mvc-Supplant-Cachable
X-Var-Ttl
Server-Info
X-Vdms-Path
NM-Fastcgi-Cache
X-Render-Time
XServer
Wxu-Next-Region
X-Platform-Cluster
X-Served-From
X-DataDome
X-CLOUD-TRACE-CONTEXT
NtCoent-Length
X-SD-PageType
X-V-Cache
X-WADP-Cache
X-Fmm-Version
Webserver
X-Clara-WADP
X-GoCache-CacheStatus
X-Qloud-Router
X-Cache-Var-Map
X-Cache-Var
X-Cache-Remote
Cache-Hits
Environment
X-DC
X-Mvc-Supplant-OutputCached
MIME-Version
X-Servedbyhost
X-Via-Popv
X-Origin-Time
X-PJAX-URL
X-NodeID
X-Via-Poph
X-Datadog-Parent-Id
X-Via-Popn
X-Datadog-Trace-Id
X-Gdpr
X-Nyt-Route
X-API-Version
Kp-EeAlive
X-Datadog-Sampling-Priority
X-Srv
X-Via-Ucdn
X-Vc
X-NC
X-Zone
Candidate-Md5Url
X-Server-IP
X-Pod-Name
X-PF-Uncompressing
X-User
X-Cache-Config
WebServer
X-Varnish-Ttl
Time
X-BBC-Origin-Response-Status
X-Wa
Server-ID
Cluster
Memory
Who
X-TIME
X-App
X-Varnish-Url
X-Webkit-Csp
X-Minions-Version
X-Refresh
X-Traceid
HostName
X-Internal-Host
X-CACHE-KEY
X-ZONE
Onion-Location
Web-Mar-Region
GeoIp-Country-Code
X-VCL-Version
X-LB-ID
X-Webkit-CSP-Report-Only
X-Pass-Why
Tcn
Powered-By-ChinaCache
Resin-Trace
X-NewRelic-App-Data
X-Edge-Pop
Geoip-Latitude
My-App
N-Cache
Geo-Info
X-ID
X-Dynatrace
X-Esi
X-Cache-Ttl
Servername
X-Tb-Optimization-Total-Bytes-Saved
X-ElasticPress-Query
X-Newrelic-Synthetics
X-TraceId
X-TX-ID
X-Varnish-Cacheable
X-LI-Proto
X-Tt-Logid
Datacenter
X-VHOST
CDN
X-Akamai-Pragma-Client-IP
X-Fastly-Request-Id
X-EIG-Tracking-Id
WWW-Authenticate
Ohc-File-Size
X-Geo
X-Origin-Response-Time
X-CACHE-AGE
X-OVcl-Cache
X-OVcl
X-HITS
X-Fpc
X-Varnish-Beresp-TTL
Redirect-Candidate
X-TIM-N
Cf-Bgj
X-Li-Proto
X-Tid
X-Backend-TTL
Tracecode
Hostname
Proxy-Connection
X-NODE
X-Up
LB
Magicmarker
X-Correlation-ID
X-AB
Pramga
X-Request-Start
X-NGINX-Cache
X-Method
X-Wix-Viewer-Type
X-Cache-Date
X-HostName
Cdn
X-Dynatrace-Js-Agent
X-Amz-Meta-Cb-Modifiedtime
X-Dispatcher-Server
X-Sn-Servicetimems
X-Vcl-Version
X-Cdn-Origin
X-CSRF-TOKEN
CloudFront-Viewer-Country
Cf-Ipcountry
X-Fastly-Backend-Reqs
X-MSEdge-Flight
W
Is-Us
Lb
GeoIP-Country-Code
X-MSEdge-Features
X-Provided-By
X-ServerName
X-APP
X-Cs
X-UnsetCookies
CF-Cached-On
Server-Id
Sid
X-HS-Status
Ssr
X-Cache-Expires
GeoIP-Latitude
X-Core-Mission
X-COUNTRY
X-Lb-Id
X-IP
X-WA
X-MG-S
DB-Nickname
X-Reqid
X-Webkit-Csp-Report-Only
WP-Super-Cache
Cteonnt-Length
X-FORWARDED-FOR
X-DynaTrace-JS-Agent
X-Sucuri-Cache
X-CCDN-Origin-Time
X-Region-Sid
X-CCDN-CacheTTL
X-Node-Id
X-Cache-Status-Check
X-Check-Cacheable
X-Hcs-Proxy-Type
URI
Ohc-Cache-HIT
CountryCode
X-Via-PopV
X-Via-PopN
X-Cache-Backend
X-Via-PopH
X-ND-Cache
X-Nc
X-Trv-Group
X-VC
Xc-Version
X-ServedByHost
X-SERVER-NAME
X-Moov-T
X-Moov-Xdn-Version
Env
WZWS-RAY
X-Pjax-Url
Shield-Pop
EpKe-Alive
X-SN
Mime-Version
X-Ig-Push-State
User-Agent
X-Pad
X-Via-CDN
X-Amz-Meta-Opti
X-Acquia-Application-UUID
X-Acquia-Site
X-CUA
X-Edge-POP
X-RAMCache
FSS-Cache
CACHE
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-LiteSpeed-Cache-Control
X-Pf-Uncompressing
X-Fastly-Cache-Hits
X-IN-APIGATEWAY
X-SB
X-Dw-Trace-Id
X-Webstats-RespID
X-Swift-Error
X-RSL
X-StackifyID
Xet-Cookie
X-IN-APIGATEWAYSSL
HIT
On-Server
X-Oss-Server-Time
X-Oss-Storage-Class
X-Parent-Response-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Dispatch
X-Nginx-Upstream-Cache-Status
X-Oss-Hash-Crc64ecma
Ohc-Response-Time
Server-Ttl
X-Cdn-Request-ID
X-RPS
X-DW
X-RPM
X-DI
X-DSS
Vha6-Origin
X-DB
X-Action
X-Cdn-Forward
X-TRACE-ID
X-Amzn-Remapped-Host
X-Ftr-Viewer-Uri
X-Amzn-Remapped-User-Agent
X-Amzn-Remapped-X-Forwarded-For
X-Forwarded-Port
X-Env-Stack-Name
X-FPC
X-Env-Sha256-Sig
X-Snapshot-Date
VivaBuild
Hit
X-Yottaa-OS
X-MiniProfiler-Ids
X-CF-Powered-By
Req-ID
Rt-Fastcgi-Cache
Content-Style-Type
ServerName
Viewtype
Content-Script-Type