Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-DNS-Prefetch-Control
X-Generator
X-Cacheable
Timing-Allow-Origin
P3p
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
Server-Timing
X-Robots-Tag
X-AH-Environment
X-Server
X-Ua-Compatible
X-Hacker
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
X-Amz-Request-Id
X-Nginx-Cache-Status
EagleId
X-Dns-Prefetch-Control
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
X-Device
Ali-Swift-Global-Savetime
EagleEye-TraceId
NEL
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Amz-Version-Id
X-OneAgent-JS-Injection
Cf-Railgun
X-Dispatcher
X-Host
X-CST
X-Server-Id
X-Cache-Spec
Allow
X-Node
Surrogate-Control
Request-Id
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Webkit-CSP
X-Readtime
Accept-CH
X-Akam-SW-Version
X-Response-Time
X-WebKit-CSP
Xkey
X-HW
X-Country
X-Language
Accept-Ch-Lifetime
X-Application-Context
X-Ac
X-Ruxit-JS-Agent
Content-Location
X-Template
MS-Author-Via
Rating
X-Cache-Lookup
X-Cloud-Trace-Context
X-Url
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
Accept-CH-Lifetime
X-Content-Type
X-GitHub-Request-Id
Fastly-Restarts
X-ASPNET-VERSION
X-Rack-Cache
X-Origin-Cache
X-Cnection
X-FastCGI-Cache
X-Use-Magma
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
Accept-Ch
X-Country-Code
X-Goog-Hash
X-VARITI-CCR
X-D2id
Verso
Arr-Disable-Session-Affinity
X-Buckets
X-Server-Name
X-Vcap-Request-Id
X-Cached
Cache-Tag
X-Abt-Application-Version
X-ORACLE-DMS-ECID
X-Amz-Rid
X-Client-IP
X-Navigation-Version
X-Server-ID
Service-Worker-Allowed
X-Powered-By-Plesk
RTSS
X-Fastly-Request-ID
Access-Control-Request-Method
X-Powered-CMS
X-Element-Page-Cache
X-MSEdge-Ref
Public-Key-Pins
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Middleton-Response
Response
X-Ttl
X-Px
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Upstream
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Cache-TTL
X-Version
X-Edge
S
X-Edge-Location-Klb
X-Kinsta-Cache
X-LLID
X-TTL
Realpath
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Accel-Expires
SPRequestDuration
SPIisLatency
SPRequestGuid
X-SharePointHealthScore
X-HP-Webp
X-Jurisdiction
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Kraken-Loop-Name
X-ECACHE
X-MCACHE
X-T
X-Mid
X-Cache-Key
X-Shield-Request-Id
X-PressLabs-Stats
X-Content-Security-Policy-Report-Only
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Forwarded-Proto
X-DynaTrace
X-Correlation-Id
Edge-Cache-Tag
X-Amz-Server-Side-Encryption
Fastcgi-Cache
Charset
X-Recruiting
X-ORACLE-DMS-RID
X-Mg-S
TP-Cache
TP-L2-Cache
X-Content-Digest
X-XRDS-Location
X-Oneagent-Js-Injection
Nginx-Cache
X-Id
X-Request-Processing-Time
Filters
X-Request-Received
TCN
Front-End-Https
Server-Node
X-Logged-In
X-Ezoic-Cdn
Alternate-Protocol
X-Forwarded-For
X-Ruxit-Js-Agent
X-Release
Cache-Tags
Content-MD5
X-Litespeed-Cache
X-Geo-Country
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Content-Source
X-Origin-Upstream-Status
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
X-Hostname
X-Protected-By
X-Amzn-Trace-Id
X-Grace
X-Origin-Server
X-RateLimit-Remaining
X-Amz-Replication-Status
Server-Name
Cleartype
X-F-Cache
X-Goog-Generation
X-Goog-Metageneration
X-Www-Served-By
X-GUploader-UploadID
X-Rid
X-Goog-Storage-Class
Host
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Contextid
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Debug-Info
X-AppVersion
X-Activity-Id
X-HS-Combine-CSS
X-Az
X-LB-Cache
X-NWS-LOG-UUID
Section-Io-Cache
X-Frontend
X-Browser-Type
MicrosoftSharePointTeamServices
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-WebKit-CSP-Report-Only
X-Git-Hash
X-Page-Id
X-Ser
X-Aspnetmvc-Version
X-Cache-Age
X-Daa-Tunnel
X-VCache
X-Respond-Thread
X-Content-Options
Accept-Charset
X-Upgrade-Enabled
X-Source
Access-Control-Allow-Method
X-DIS-Request-ID
X-Hits
X-Mobile-URL
X-Varnish-Age
X-Varnish-Grace
X-Signature
X-CACHE-GROUP
X-B-Cache
Viewport
ServerID
Healthy
X-Varnish-Backend
Paypal-Debug-Id
X-Route-Name
X-Flags
X-Request-Guid
X-Providence-Cookie
X-Is-Crawler
X-TT
X-FB-Debug
X-Whom
X-Kong-Upstream-Latency
X-Cache-Action
Payment
X-Kong-Proxy-Latency
X-Aspnet-Duration-Ms
X-B3-Sampled
Node
X-AOL-HN
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-App-Environment
Version
X-Seen-By
AR-PoweredBy
AR-Request-ID
AR-CACHE
X-N
AR-ATIME
Ar-Sid
DynaTrace
X-Mobile
Fastcgi-Useragent
X-Load-Cache
X-Ab
X-Type
DC
X-Yandex-Sdch-Disable
X-XRDS-LOCATION
X-Distributor
X-HTML-Minification-Powered-By
X-Fastcgi-Cache
MS-CV
SRV
Frame-Options
X-Request-Handler-Origin-Region
X-Microsite
X-Tt-Trace-Tag
X-Cache-Control
X-Tt-Trace-Host
Retry-After
Filterid
X-Cache-Expired-At
X-User-Agent
X-Response-Served-From
X-Jobs
X-Original-Request-Id
X-IPLB-Instance
X-Real-IP
Refresh
X-Debug-IsPreview
X-ProcessESI
X-Adobe-Content
X-IPS-LoggedIn
X-RemovedCookies
X-Adobe-Loc
X-Debug-IsConnected
X-UUID
X-Region
X-Varnish-Server
Uber-Trace-Id
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Cacheable-TTL
X-Tumblr-User
X-Content-Powered-By
X-Tumblr-Pixel
Access-Control-Request-Headers
X-Cluster-Name
X-Proxy-Cache-Status
X-G
VIX-Pulpo-Node
X-Cache-Time
X-B
X-Page-View
X-Proxy
X-Framework
VIX-Pulpo-Upstream-Status
Ms-Operation-Id
X-RTag
X-Device-Type
NGB
X-Vgn-Hpd-Reason
X-CDN-Forward
X-Zen-Fury
X-FW-Hash
X-FW-Server
X-FW-Dynamic
X-FW-Serve
X-FW-Type
X-FW-Static
Countrycode
X-Azure-Ref
X-Mg-Request-UUID
X-Debug
Cache-Status
X-Wix-Request-Id
X-Accel-Buffering
X-Time
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
Cache
Section-Io-Id
Amp-Access-Control-Allow-Source-Origin
X-RateLimit-Limit
X-FireWall-Port
X-App-Version
X-Oracle-Dms-Rid
X-Node-Name
X-NGENIX-Cache
X-Nginx-Cache
X-Cache-Rule
X-Ms-Request-Id
X-Ms-Version
X-Rendered-As
X-Is-Bot
X-Drupal-Cache-Tags
X-Cache-Hit
SD-X-WS
S-Cnection
Referer-Policy
Country
Surrogate-Key
X-EdgeConnect-Cache-Status
Liferay-Portal
X-App-Server
X-TA-CDN-Provider
X-L-Path
X-Environment-Context
X-Yottaa-Optimizations
X-Cache-Operation
X-Yottaa-Metrics
Eomportal-Instance
X-RN-RSRV
X-Proxy-Build
X-SaId
X-Timing-Wait
X-TNCMS
From-Origin
X-JoinUs
Meta-Geo
Selected-Fe
X-Revision
X-ES-SERVER
X-GG-Cache-Date
X-UPSTREAM-Address
X-Loop
X-Aws-Lambda-Call-Status
X-Varnishpool
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-Alternate-Cache-Key
X-Adobe-Source
X-S-Maxage
X-Request-Time
X-PHP-Backend
X-Varnish-Beresp-Grace
X-Cache-Type
X-ShardId
CF-IPCountry
X-Sorting-Hat-ShopId
X-ShopId
X-Storefront-Renderer-Rendered
X-Varnish-Hostname
X-Sorting-Hat-PodId
Cache-Name
X-Shopify-Stage
ServedBy
X-LAGOON
X-No-Session
X-Human
X-NYM-Debug-Backend
X-Xfnlog-Site
X-Cache-Server
Protected
X-Backend-Host
X-Origin-Date
X-Endurance-Cache-Level
X-Be
X-Handled-By
X-Pubstack
X-R9-Blue-Green-Version
X-SayCDN-TTL
X-Say-Cacheable
X-Via-Fastly
X-Say-TTL
Azure-InstanceId
Azure-RegionName
X-Origin-Hint
TWC-Privacy
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Server-W
Azure-SiteName
Property-Id
TWC-GeoIP-Country
X-Tumblr-Pixel-2
X-UA-Device-Type
TWC-Device-Class
Fastly-SSL
TWC-GeoIP-LatLong
Azure-Version
Cache-Tv-Group
Country-Code
TWC-Locale-Group
Azure-SlotName
X-Akamai-Edgescape
X-ProxyCache-Key
X-Proto
TWC-Connection-Speed
X-FB-TRIP-ID
X-ProxyCache-Status
X-RCS-CacheZone
X-VWS-Id
X-LJ-Flow-ID
X-Hl-Ver
X-BYPASS-REASON
X-AWS-Id
Decoy-Debug-TTL
Decoy-Debug-Status
Mn-Server-Ip
X-Sql-Duration-Ms
X-PCL
X-OCL
X-PERF
X-Sql-Count
Decoy-Debug-Key
X-PHP-Host
X-Status
Akamai-GRN
X-Access
X-Backend-Name
X-Section
X-Parallel-Accel
Apigw-Requestid
X-Labrador-Cache-Channel
X-Format
X-ApacheServer
X-Uri
X-Web-Node
X-Hosted-By
X-Hyper-Cache
X-Redis-Cache
X-Ua-Device
X-Cache-PHP
Xserver
GEO-INFO
X-HP-Trace-Id
X-ATG-Version
Count-Hit
X-Time-Microsecs
X-ServerID
X-FW-Version
X-B3-SpanId
X-Rule
X-WA-Info
OT-Force-Account-Verify
X-CSRF-Token
X-Cluster-Node
X-Trace-Id
X-TT-LOGID
X-Content-Age
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
X-Azure-Ref-OriginShield
X-Servername
X-Detected-As
X-Cached-By
X-Akamai-Transformed
X-Soup
Backend
X-Varnish-Cache-Hits
X-Cache-Enabled
Cross-Origin-Opener-Policy
X-Datadome
X-Cache-Ttl
X-Generation-Time
X-Cache-Host
X-APP-VERSION
X-Varnish-Hits
Web-Mar-Node
X-Bc-Bl
X-Varnish-Beresp-Status
X-Mode
X-Dc
X-Microcachable
X-Edge-Location
AMP-Access-Control-Allow-Source-Origin
X-CS
X-Info
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Amz-Apigw-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Cache-NGX
X-Storage
Ec-Rule-Version
X-Debug-Cache
Cross-Origin-Window-Policy
X-Routing-Service
S-Rt
X-Zipkin-Id
X-Proxied
X-Magnolia-Registration
X-Platform
X-B3-Traceid
Content-Secure-Policy
X-Air-Trace-Id
X-Air-Source
X-Extlb
X-Varnish-Beresp-Ttl
X-Unique-ID
X-Cache-Grace
X-Ua
X-Air-Hostname
X-Origin-CC
Url
Upgrade-Insecure-Requests
X-Origin-TTL
X-Via-JSL
X-NWS-UUID-VERIFY
X-Rebelmouse-Surrogate-Control
CDN-CachedAt
X-Clientip
X-Epic-Correlation-Id
X-Rebelmouse-Cache-Control
Source
X-BCube-Filmed-By
CDCHOST
X-Ratelimit-Reset
CDN-Cache
X-Thanos
Req-Svc-Chain
CDN-Uid
X-From
Rendered-Blocks
Path
CDN-RequestId
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-PullZone
X-Request-URI
Cache-Host
X-Bip
Surrogated-Key
X-Platform-Server
X-Cache-NE
A
X-Orig-Expires
X-PBS-Appsvrname
T-Server
X-Forwarded-Host
X-PAYTM-SRV-ID
X-Vtex-Remote-Cache
X-Processor
X-Cache-Bucket
Apple-News-Services-Request-Url
State
X-Vtex-Processado-Em
BehaviorPad-Version
Apple-News-Services-Parsed-Url
X-CF-Lambda-Version
X-CF-Lambda-Fn
Apple-News-Services-Handled
Apple-News-Services-Host
X-Developer
X-B-Cookie
X-A-Dcw
X-A-Dam
X-Service
X-A-Ccd
X-A-Dgt
Host-ID
X-NAPM-TraceId
X-Aed
Mobile-Detection-Method
X-A-Wwc
X-SRCache-Key
X-External-Request-Id
X-Vdms-Path
X-VG-WebServer
X-Vdms-Version
Meta-Geo-Continent
X-Tenant
MD5-Digest
X-A
X-Locale
M-TraceId
X-Session-Fingerprint
X-D
DCR-Decision-By
X-Shop-Environment
DCR-Processing-Time-Ms
X-Application
X-S
X-Rojux
Odigeo-Trace-Id
X-Rewrite-Enabled
X-ARC
X-VG-WebCache
X-Connection-Hash
Fastly-SIE
Fastly-SWR
X-Destination
X-Forwarded-Path
Fastcgi-X-Cache-Version
X-Aicache-OS
Expiry
X-ScT
X-S-Cookie
SID
Server-Info
X-Tb
DataCenter
X-Srv
X-DataDome
Memcached
X-VC-Cache
X-VG-TLSProxy
X-Loc
X-Var-Ttl
X-SVT-ORM-VERSION
X-Location
X-VarnishDD-TTL
X-Origin-Expires
Fastly-Drupal-HTML
Is-Eu
Kp-EeAlive
NGX
L
X-SVT-ORM-RULES
X-TrackingId
X-HN
X-SRV
X-Hash
UCS
X-Is-Gdpr
X-Device-Os
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-JWT-State
Platform
Origin
X-Level-Front-Cache
Fastly-Backend-Name
PB-PID
PB-RID
Pics-Label
PFcat
X-Has-Esi
X-GoCache-CacheStatus
Cmsid
C-Via
Cmstype
X-Rocket-Build-Number
X-Generated-On
X-VHOST
Who
X-Sigma
X-Gamma-Serve
X-Backend-State
X-NU-AKA-ACS-Version
X-Request-UUID
X-Varnish-Ttl
X-Variation
Adler-Geo
X-Cache-Tags
X-Sigma-Backend
X-Cache-Debug
X-Core-Value
X-Geo-Header
X-Scheme
DSUID
Arc-Version
Esi-Enabled
X-Branch-Name
X-Served-From
User-Cache-Control
X-Fetched-On
True-Client-Country-4JS
X-GeoIP
X-CGP
X-Eu-Site
X-Date
Thinkindot-Control
Thinkindot-CacheControl
X-Forwarded-Site
X-Cache-Info
X-Csrf-Jwt
Thinkindot-CacheControl-Type
X-Accel-Expires-Debug
X-Fastly-Cache
X-Ftr-Request-Id
X-Generated-In
TDXMobile
X-Generated-By
X-DefHash
Vix-Hermes-Req-Id
X-Developers
X-DefElseHash
X-Cms-Context
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Cluster
X-Owner
X-Amz-Meta-S3cmd-Attrs
X-GEO
X-GeoIP-City
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Request-Host
Svr
Arc-Country
Cache-Key
AKAMAI
X-Origin
X-Policy
X-Ratelimit-Limit
X-User
X-VServer
X-Skip-Cache
X-AIR-PT
X-Site-Version
X-SIPLIST1
X-LI-UUID
X-Li-Pop
X-Fastly-Backend
X-Thinkindot-L3
X-Sucuri-ID
NtCoent-Length
X-Li-Fabric
CacheControlHeader
X-Proxy-Upstream
Locid
X-Micro-Cache
Location
L5d-Success-Class
HA-Ipaddr
IsBot
Cf-Device-Type
NM-Fastcgi-Cache
Server-Hostname
Sever-Int
Server-Host
Server-Ext
Pagetype
Release
Ha-Gx-Prefs
X-Men
Content-Disposition
X-Nginx-Cache-Key
Gh-Request-Id
Fastcgi-Cache-TTL
Nel
V-Age
X-Irp-Debug
X-Fmm-Version
X-Cache-Id
X-Gzip
X-Slack-Backend
X-Old-Content-Length
X-Hnp-Log
X-Conf
X-Gen-Mode
X-PF-Uncompressing
X-Block-Status
X-Esi-Check
X-Qloud-Router
X-Via-NSCOPI
X-RateLimit-Limit-Second
X-Mvc-Supplant-Cachable
X-Clara-WADP
X-RateLimit-Remaining-Second
Mail-Subject
X-Viewer-Country
We-Hiring
X-Req
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-WADP-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FC-Vary-Parameters
Webserver
X-Minions-Version
VNS-Cache
CPC-Cache
X-Varnish-Url
X-Planisys-CDN-TTL
Cache-Hits
X-BBC-Edge-Cache-Status
CPC-Age
VNS-Age
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Unique-Id
X-EC-Lua
X-Zone
X-HS-Content-Campaign-Id
X-Vc
X-Mvc-Supplant-OutputCached
X-Via-Poph
X-Ckpd-Fst-Backend
X-DC
X-Servedbyhost
X-Via-Popv
Powered-By-ChinaCache
My-App
MIME-Version
X-Via-Popn
X-Worker
XServer
X-Auto-Login
X-Internal-Host
X-NC
X-V-Cache
X-ID
X-Refresh
Time
X-Pass-Why
X-Tx-Id
X-Rocket-Nginx-Serving-Static
X-PJAX-URL
X-NCache
Memory
X-Newrelic-Synthetics
WebServer
X-TX-ID
X-Traceid
X-Platform-Router
X-LB-ID
X-LSADC-Cache
X-Render-Time
X-Platform-Cluster
X-Platform-Processor
X-Ratelimit-Remaining
X-Wa
X-Webkit-CSP-Report-Only
X-TIME
X-App
X-SD-PageType
X-Qnm-Cache
X-Webkit-Csp
X-M-Reqid
Server-ID
X-M-Log
X-OVcl
X-OVcl-Cache
X-Cache-Remote
X-ZONE
X-CACHE-KEY
X-Datadog-Sampling-Priority
Cf-Bgj
Environment
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Backend-TTL
X-TraceId
Magicmarker
X-NewRelic-App-Data
X-BBC-Origin-Response-Status
X-API-Version
X-NodeID
Hostname
X-Origin-Time
Geo-Info
X-Gdpr
X-Nyt-Route
X-CLOUD-TRACE-CONTEXT
Geoip-Latitude
GeoIp-Country-Code
X-VCL-Version
X-Via-Ucdn
X-Cache-Config
Cluster
X-Server-IP
HostName
X-Cache-Var-Map
X-Cache-Var
DB-Nickname
Candidate-Md5Url
X-Method
X-Tb-Optimization-Total-Bytes-Saved
X-Edge-Pop
Resin-Trace
X-Pod-Name
X-Dispatcher-Server
X-Geo
X-Correlation-ID
X-LI-Proto
Tcn
Ohc-File-Size
Datacenter
X-Ua-Browser
X-Content
N-Cache
X-HITS
Ssr
X-ElasticPress-Query
X-IP
X-CACHE-AGE
X-Dynatrace
X-Varnish-Beresp-TTL
Web-Mar-Region
X-Origin-Response-Time
X-MSEdge-Features
X-Li-Proto
X-MSEdge-Flight
X-Akamai-Pragma-Client-IP
LB
Cf-Ipcountry
X-NODE
X-AB
X-Node-Id
X-ND-Cache
GeoIP-Latitude
GeoIP-Country-Code
Proxy-Connection
X-Wix-Viewer-Type
X-Trv-Group
X-DynaTrace-JS-Agent
Onion-Location
Cdn
X-HostName
Servername
X-Varnish-Cacheable
X-EIG-Tracking-Id
WWW-Authenticate
X-Nc
X-Vcl-Version
X-Cs
X-Fastly-Request-Id
X-Via-CDN
CDN
CF-Cached-On
Sid
WZWS-RAY
Server-Id
Env
X-APP
X-ServerName
X-Reqid
X-Dynatrace-Js-Agent
X-HS-Status
X-MG-S
X-Pjax-Url
X-TIM-N
X-Tid
X-NGINX-Cache
X-WA
X-Request-Start
X-Fastly-Backend-Reqs
Redirect-Candidate
X-Fpc
VivaBuild
X-Check-Cacheable
X-URL
X-Lb-Id
Viewtype
Tracecode
URI
Lb
Rt-Fastcgi-Cache
Cteonnt-Length
X-Esi
X-CSRF-TOKEN
Ohc-Cache-HIT
X-Xrds-Location
X-Via-PopV
X-VC
Pramga
Machine
X-Up
Is-Us
X-Via-PopN
X-Via-PopH
X-Cache-Backend
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Cache-Date
X-ECache
Shield-Pop
X-FTR-Request-ID
CountryCode
Mime-Version
Server-Ttl
X-SN
X-ServedByHost
X-Amz-Meta-Cb-Modifiedtime
X-Cdn-Origin
X-Sn-Servicetimems
X-Tt-Logid
X-Fastly-Cache-Hits
X-Cache-ASPX
CACHE
X-Acquia-Application-Trace
CloudFront-Viewer-Country
W
X-Core-Mission
X-Provided-By
X-Acquia-Site
X-Acquia-Purge-Tags
X-UnsetCookies
FSS-Cache
On-Server
X-Acquia-Application-UUID
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-LiteSpeed-Cache-Control
X-FORWARDED-FOR
X-Yottaa-OS
X-Air-Pt
X-Cdn-Forward
X-FTR-Balancer
Xet-Cookie
WP-Super-Cache
X-FTR-Cache-Status
X-StackifyID
X-RSL
X-FTR-Backend
X-Pad
X-FTR-DC
X-Webstats-RespID
X-Pf-Uncompressing
X-RAMCache
X-Cache-Expires
X-Swift-Error
X-SB
X-Cdn-Request-ID
X-RPS
X-FTR-Realm
X-FTR-Backend-Server
Vha6-Origin
X-Oss-Request-Id
X-Country-Code-Real
X-RPM
Ohc-Response-Time
X-Oss-Server-Time
X-Swa-Ws
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-DB
X-Dw-Trace-Id
X-DW
X-Action
X-DI
X-DSS
X-B3-Spanid
Req-ID
X-TH-Server
X-FPC
X-ElasticPress-Search
X-Sucuri-Cache
X-UP
ServerName
X-C
X-Snapshot-Date
Warning
X-FTR-Expires
Xc-Version
Content-Style-Type
Content-Script-Type
X-MiniProfiler-Ids