Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
X-FRAME-OPTIONS
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
X-Robots-Tag
Server-Timing
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Dns-Prefetch-Control
X-Server-Powered-By
X-Cache-Group
X-Backend
X-Amz-Request-Id
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Cf-Railgun
X-Dispatcher
X-Host
X-CST
X-Cache-Spec
X-Server-Id
X-Node
Allow
Surrogate-Control
X-Backend-Server
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Readtime
X-Webkit-CSP
X-WebKit-CSP
X-Akam-SW-Version
X-Response-Time
Accept-CH
Xkey
X-HW
Accept-Ch-Lifetime
X-Country
X-Language
X-Application-Context
X-Ruxit-JS-Agent
X-Ac
Content-Location
X-Template
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Cache-Lookup
X-Url
X-B3-TraceId
X-Mod-Pagespeed
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
Accept-Ch
X-Content-Type
X-GitHub-Request-Id
Fastly-Restarts
X-Rack-Cache
X-Varnish-TTL
X-Origin-Cache
Accept-CH-Lifetime
X-Cnection
X-FastCGI-Cache
X-ASPNET-VERSION
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Country-Code
X-Goog-Hash
Verso
X-D2id
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-Buckets
X-Server-ID
X-Server-Name
X-Cached
X-Vcap-Request-Id
Cache-Tag
X-ORACLE-DMS-ECID
X-Abt-Application-Version
X-Amz-Rid
X-Client-IP
X-Navigation-Version
Service-Worker-Allowed
X-Powered-By-Plesk
RTSS
Access-Control-Request-Method
X-Fastly-Request-ID
X-Powered-CMS
X-MSEdge-Ref
X-Element-Page-Cache
Public-Key-Pins
X-Px
X-Middleton-Display
X-Middleton-Response
X-SRCache-Fetch-Status
Response
X-Sol
X-SRCache-Store-Status
Pagespeed
Display
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Cache-TTL
X-Upstream
X-Version
X-Ttl
S
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
X-LLID
X-TTL
Realpath
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Accel-Expires
X-SharePointHealthScore
SPRequestGuid
SPIisLatency
SPRequestDuration
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Instrumentation
X-Jurisdiction
X-HP-Webp
X-Kraken-Loop-Name
X-ECACHE
X-T
X-MCACHE
X-Mid
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-PressLabs-Stats
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Correlation-Id
X-Cache-Key
X-Forwarded-Proto
Edge-Cache-Tag
X-ORACLE-DMS-RID
X-DynaTrace
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
X-Mg-S
Charset
TP-L2-Cache
TP-Cache
X-XRDS-Location
X-Content-Digest
Nginx-Cache
X-Id
Filters
TCN
X-Request-Processing-Time
Front-End-Https
X-Request-Received
X-Oneagent-Js-Injection
Alternate-Protocol
Server-Node
X-Logged-In
X-Ezoic-Cdn
X-Forwarded-For
Cache-Tags
X-Ruxit-Js-Agent
Content-MD5
X-Release
X-Geo-Country
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-Origin-Upstream-Status
X-Protected-By
X-Litespeed-Cache
X-Hostname
X-Amzn-Trace-Id
X-Grace
X-Origin-Server
X-Www-Served-By
X-F-Cache
X-Goog-Stored-Content-Length
Cleartype
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Rid
X-Amz-Replication-Status
X-Contextid
Server-Name
Host
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Az
X-AppVersion
X-Activity-Id
X-Debug-Info
X-RateLimit-Remaining
X-HS-Combine-CSS
X-LB-Cache
X-NWS-LOG-UUID
X-Frontend
Section-Io-Cache
MicrosoftSharePointTeamServices
X-Git-Hash
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Page-Id
X-Cache-Age
X-Ser
X-WebKit-CSP-Report-Only
X-Respond-Thread
X-Daa-Tunnel
X-Content-Options
Accept-Charset
X-Aspnetmvc-Version
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Hits
X-VCache
X-Source
X-Mobile-URL
X-DIS-Request-ID
X-B-Cache
X-Varnish-Age
X-Signature
X-Varnish-Grace
ServerID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Varnish-Backend
Paypal-Debug-Id
X-FB-Debug
X-Cache-Action
X-Aspnet-Duration-Ms
Payment
Healthy
X-TT
X-Whom
X-Flags
X-Is-Crawler
Viewport
X-Request-Guid
X-Route-Name
X-Providence-Cookie
X-B3-Sampled
Node
X-AOL-HN
X-CACHE-GROUP
X-App-Environment
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Version
X-N
DynaTrace
X-Seen-By
X-Mobile
X-Ab
X-Load-Cache
Fastcgi-Useragent
X-Yandex-Sdch-Disable
DC
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-ATIME
X-Type
AR-Request-ID
X-HTML-Minification-Powered-By
X-Distributor
X-Tt-Trace-Tag
MS-CV
X-Tt-Trace-Host
X-XRDS-LOCATION
Frame-Options
X-Cache-Control
Filterid
Retry-After
X-Cache-Expired-At
X-User-Agent
X-Fastcgi-Cache
SRV
X-Request-Handler-Origin-Region
X-Microsite
X-Jobs
X-Response-Served-From
X-Original-Request-Id
X-IPLB-Instance
X-UUID
X-Real-IP
X-Proxy-Cache-Status
Refresh
X-Adobe-Content
X-Adobe-Loc
X-Instance
X-Cluster-Name
X-IPS-LoggedIn
X-Region
X-Cacheable-TTL
X-Debug-IsPreview
X-Device-Type
X-Debug-IsConnected
Access-Control-Request-Headers
X-Varnish-Server
Uber-Trace-Id
X-Cache-Time
X-Tumblr-User
VIX-Pulpo-Upstream-Status
X-B
NGB
X-Framework
X-G
X-ProcessESI
VIX-Pulpo-Node
X-Page-View
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Content-Powered-By
X-RemovedCookies
X-Tumblr-Pixel-1
X-RTag
Ms-Operation-Id
X-Proxy
X-Vgn-Hpd-Reason
X-FW-Type
X-FW-Hash
X-FW-Dynamic
X-FW-Static
X-FW-Server
X-Zen-Fury
X-FW-Serve
X-NGENIX-Cache
Countrycode
X-Azure-Ref
X-Time
Cache-Status
X-App-Version
X-Debug
X-CDN-Forward
X-Mg-Request-UUID
X-RateLimit-Limit
X-Wix-Request-Id
Section-Origin-Responded
Section-Io-Id
X-Accel-Buffering
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Cache
X-Node-Name
X-Cache-Rule
X-Nginx-Cache
Amp-Access-Control-Allow-Source-Origin
X-Ms-Version
X-Cache-Hit
X-FireWall-Port
X-Rendered-As
X-Ms-Request-Id
X-Is-Bot
X-Oracle-Dms-Rid
X-Drupal-Cache-Tags
Liferay-Portal
SD-X-WS
Referer-Policy
X-EdgeConnect-Cache-Status
Surrogate-Key
S-Cnection
X-App-Server
Country
X-L-Path
X-Environment-Context
X-Cache-Operation
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Aws-Lambda-Call-Status
Eomportal-Instance
X-Revision
X-TA-CDN-Provider
X-SaId
X-TNCMS
X-UPSTREAM-Address
Selected-Fe
X-Endurance-Cache-Level
X-Timing-Wait
Meta-Geo
From-Origin
CF-IPCountry
X-RN-RSRV
X-GG-Cache-Date
X-Proxy-Build
X-ES-SERVER
X-Loop
X-JoinUs
X-Drupal-Cache-Contexts
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-ShardId
X-Adobe-Source
X-Shopify-Stage
X-Request-Time
X-Cache-Type
X-Xfnlog-Site
X-Sorting-Hat-PodId
X-Varnish-Beresp-Grace
X-ShopId
X-Cache-TTL-Remaining
X-Varnishpool
X-Be
Cache-Name
X-R9-Blue-Green-Version
X-Pubstack
ServedBy
X-ProxyCache-Key
X-Origin-Date
X-LAGOON
X-LJ-Flow-ID
X-ProxyCache-Status
X-Varnish-Hostname
X-AWS-Id
X-NYM-Debug-Backend
X-SayCDN-TTL
X-No-Session
X-BYPASS-REASON
X-VWS-Id
X-Say-TTL
X-S-Maxage
X-Backend-Host
Protected
X-Handled-By
X-Say-Cacheable
X-PHP-Backend
X-Human
Cache-Tv-Group
Azure-InstanceId
Apigw-Requestid
X-Cache-Server
Azure-RegionName
X-FB-TRIP-ID
Azure-SlotName
Azure-SiteName
Azure-Version
X-OCL
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
X-RCS-CacheZone
X-Akamai-Edgescape
X-Server-W
X-UA-Device-Type
X-Proto
TWC-Locale-Group
TWC-GeoIP-LatLong
Property-Id
X-PCL
Fastly-SSL
TWC-Connection-Speed
TWC-Device-Class
X-Origin-Hint
TWC-GeoIP-Country
Country-Code
Webcakes-App-Version
X-Parallel-Accel
X-PHP-Host
X-Access
X-Section
Mn-Server-Ip
Decoy-Debug-Key
X-Labrador-Cache-Channel
Decoy-Debug-TTL
Decoy-Debug-Status
X-Status
X-Tumblr-Pixel-2
X-Sql-Count
X-Sql-Duration-Ms
Akamai-GRN
X-Backend-Name
X-Format
X-Via-Fastly
X-Hl-Ver
X-ApacheServer
X-HP-Trace-Id
X-Hosted-By
X-Web-Node
X-Uri
X-PERF
Xserver
X-Hyper-Cache
X-Redis-Cache
GEO-INFO
Count-Hit
X-Cache-PHP
Nel
X-FW-Version
X-Time-Microsecs
X-Ua-Device
X-ServerID
X-ATG-Version
X-B3-SpanId
X-TT-LOGID
X-Trace-Id
X-CSRF-Token
X-Cluster-Node
OT-Force-Account-Verify
X-Rule
X-WA-Info
X-Servername
X-Tumblr-Pixel-3
X-Content-Age
X-MP-GENERATED-AT
X-Detected-As
X-Datadome
X-Azure-Ref-OriginShield
Cross-Origin-Opener-Policy
Backend
X-Cached-By
X-Akamai-Transformed
X-Soup
X-Varnish-Cache-Hits
X-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-Generation-Time
X-Cache-Enabled
Web-Mar-Node
X-Varnish-Ttl
X-Edge-Location
X-TEC-API-ORIGIN
X-APP-VERSION
X-Bc-Bl
X-Varnish-Hits
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Mode
X-Varnish-Beresp-Status
X-CS
X-Cache-Ttl
X-Info
X-Microcachable
X-Dc
Ec-Rule-Version
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-NGX
Cross-Origin-Window-Policy
X-Storage
Content-Secure-Policy
X-Via-JSL
X-SRV
X-Debug-Cache
X-Routing-Service
X-Magnolia-Registration
X-Cache-Grace
S-Rt
X-Ua
X-Proxied
SID
X-Varnish-Beresp-Ttl
X-Platform
X-Zipkin-Id
Url
X-Air-Hostname
Upgrade-Insecure-Requests
X-Air-Trace-Id
X-Origin-CC
X-Air-Source
X-Origin-TTL
X-Extlb
Source
X-Locale
X-Forwarded-Host
X-B3-Traceid
X-NWS-UUID-VERIFY
Mobile-Detection-Method
CDN-EdgeStorageId
Host-ID
M-TraceId
CDCHOST
Meta-Geo-Continent
MD5-Digest
Cache-Host
CDN-Cache
BehaviorPad-Version
CDN-CachedAt
CDN-PullZone
DCR-Processing-Time-Ms
CDN-Uid
Apple-News-Services-Request-Url
DCR-Decision-By
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Expiry
Fastcgi-X-Cache-Version
CDN-RequestCountryCode
A
X-Vtex-Remote-Cache
CDN-RequestId
Apple-News-Services-Handled
Fastly-SIE
Fastly-SWR
X-A-Dcw
X-SRCache-Key
X-From
X-Shop-Environment
X-NAPM-TraceId
X-Orig-Expires
X-NU-AKA-ACS-Version
X-Forwarded-Path
X-Tenant
X-Developer
X-Destination
X-Epic-Correlation-Id
X-Thanos
X-External-Request-Id
X-Session-Fingerprint
X-PAYTM-SRV-ID
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Rewrite-Enabled
X-Rojux
X-S
X-Rebelmouse-Cache-Control
X-Ratelimit-Reset
X-PBS-Appsvrname
X-ScT
X-Platform-Server
X-Processor
X-S-Cookie
X-D
X-Connection-Hash
X-VG-WebServer
X-A
X-A-Ccd
X-A-Dam
X-A-Dgt
T-Server
Surrogated-Key
Rendered-Blocks
Path
Req-Svc-Chain
State
X-Vtex-Processado-Em
X-A-Wwc
X-Aed
X-VG-WebCache
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Vdms-Version
X-Clientip
X-Cache-NE
X-Cache-Bucket
X-Application
X-Aicache-OS
X-ARC
X-B-Cookie
X-BCube-Filmed-By
Odigeo-Trace-Id
X-Bip
X-Unique-ID
X-Tb
Server-Info
Cmstype
Content-Disposition
X-Hash
DSUID
Cmsid
X-Service
X-Sigma-Backend
X-Has-Esi
X-Sigma
X-Rocket-Build-Number
X-Served-From
Esi-Enabled
X-Loc
X-Proxy-Upstream
X-Origin-Expires
L
Kp-EeAlive
X-Level-Front-Cache
Fastly-Drupal-HTML
X-Request-UUID
X-Is-Gdpr
X-JWT-State
Fastly-Backend-Name
X-Generated-On
NGX
X-Device-Os
X-Core-Value
Adler-Geo
X-VG-TLSProxy
X-Vdms-Path
X-Cms-Context
X-GoCache-CacheStatus
X-Backend-State
UCS
X-Branch-Name
X-Cache-Debug
X-Cache-Tags
Is-Eu
X-DPWN-IS-SECURE
X-TrackingId
X-Var-Ttl
Origin
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Variation
C-Via
PB-RID
Arc-Version
X-Envoy-Decorator-Operation
PB-PID
Platform
X-DataDome
X-GEO
User-Cache-Control
DataCenter
X-Site-Version
X-Csrf-Jwt
X-WADP-Cache
X-Varnish-Remaining-TTL
X-Fastly-Backend
X-Date
X-DefElseHash
X-VarnishDD-TTL
X-Developers
X-Cluster
X-DefHash
X-VC-Cache
X-Clara-WADP
X-AIR-PT
X-Accel-Expires-Debug
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-VServer
X-LI-UUID
X-CGP
X-Li-Fabric
X-Cache-Info
X-Li-Pop
X-Eu-Site
X-Varnish-CookieINHashed-On
X-Request-Host
X-Req
X-HN
X-Scheme
X-GeoIP-City
Who
X-Owner
X-Origin
Vix-Hermes-Req-Id
X-Micro-Cache
X-Men
X-Location
X-GeoIP
X-Geo-Header
X-Fmm-Version
X-Thinkindot-L3
X-Fetched-On
X-Varnish-CookieHashed-On
X-Nginx-Cache-Key
X-Forwarded-Site
X-Ftr-Request-Id
X-SIPLIST1
X-Generated-In
X-EC-Lua
X-Gamma-Serve
X-Fastly-Cache
X-Policy
Thinkindot-CacheControl
Pagetype
TDXMobile
NM-Fastcgi-Cache
Thinkindot-CacheControl-Type
Server-Host
Thinkindot-Control
PFcat
Pics-Label
Server-Ext
Server-Hostname
Sever-Int
X-VHOST
Release
Fastcgi-Cache-TTL
Gh-Request-Id
Cf-Device-Type
HA-Ipaddr
Locid
X-Amz-Meta-S3cmd-Attrs
CacheControlHeader
Cache-Key
IsBot
L5d-Success-Class
True-Client-Country-4JS
Location
Memcached
Ha-Gx-Prefs
X-RateLimit-Limit-Second
X-Mvc-Supplant-Cachable
X-Conf
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Ratelimit-Limit
X-Old-Content-Length
X-Generated-By
X-Gen-Mode
X-Irp-Debug
X-Gzip
X-Hnp-Log
X-FC-Vary-Parameters
X-Esi-Check
Mail-Subject
X-Qloud-Router
X-Skip-Cache
X-RateLimit-Remaining-Second
X-Sucuri-ID
X-Via-NSCOPI
Arc-Country
X-Cache-Id
V-Age
X-Block-Status
X-Slack-Backend
NtCoent-Length
X-Viewer-Country
AKAMAI
X-Wikidot-Backend
We-Hiring
Webserver
X-User
X-Unique-Id
Svr
X-Wikidot-Static-Cache
X-Srv
CPC-Age
CPC-Cache
VNS-Age
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-BBC-Edge-Cache-Status
VNS-Cache
X-Planisys-CDN-Rules
X-PF-Uncompressing
Cache-Hits
X-HS-Content-Campaign-Id
X-Via-Popn
X-Mvc-Supplant-OutputCached
X-DC
X-Via-Popv
X-Varnish-Url
X-Minions-Version
X-Ckpd-Fst-Backend
X-Via-Poph
X-Servedbyhost
MIME-Version
X-Ratelimit-Remaining
X-Worker
X-Vc
X-CACHE-KEY
X-NC
Powered-By-ChinaCache
X-Zone
X-V-Cache
X-Auto-Login
My-App
XServer
X-Refresh
X-LB-ID
X-Internal-Host
X-TX-ID
X-ZONE
X-ID
X-Traceid
X-Platform-Cluster
X-Render-Time
X-PJAX-URL
X-Pass-Why
X-Qnm-Cache
X-M-Reqid
X-Rocket-Nginx-Serving-Static
X-Platform-Router
X-NCache
Time
X-Tx-Id
Memory
X-LSADC-Cache
X-M-Log
X-Platform-Processor
WebServer
X-Newrelic-Synthetics
Server-ID
X-SD-PageType
X-Wa
X-Cache-Remote
X-OVcl
X-Webkit-CSP-Report-Only
Environment
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-OVcl-Cache
X-Datadog-Trace-Id
X-TIME
X-App
X-Webkit-Csp
HostName
X-Origin-Time
Cf-Bgj
X-Gdpr
X-API-Version
X-Dynatrace
X-Nyt-Route
X-NodeID
X-BBC-Origin-Response-Status
X-TraceId
X-Backend-TTL
Magicmarker
X-Cache-Var
X-Server-IP
X-NewRelic-App-Data
Geo-Info
Hostname
X-Cache-Var-Map
X-Via-Ucdn
Cluster
X-Cache-Config
X-VCL-Version
X-Content
X-Ua-Browser
Candidate-Md5Url
X-CLOUD-TRACE-CONTEXT
GeoIp-Country-Code
Geoip-Latitude
X-Tb-Optimization-Total-Bytes-Saved
X-Pod-Name
DB-Nickname
X-LI-Proto
X-Dispatcher-Server
Datacenter
X-Method
Resin-Trace
X-Edge-Pop
X-Geo
X-Correlation-ID
N-Cache
X-ElasticPress-Query
Ohc-File-Size
Tcn
Ssr
X-HITS
Web-Mar-Region
X-IP
X-CACHE-AGE
X-Origin-Response-Time
X-Varnish-Beresp-TTL
X-Akamai-Pragma-Client-IP
X-MSEdge-Features
X-Li-Proto
X-MSEdge-Flight
Cf-Ipcountry
Onion-Location
LB
GeoIP-Country-Code
GeoIP-Latitude
X-NODE
X-AB
X-Node-Id
Servername
X-Varnish-Cacheable
WWW-Authenticate
X-Vcl-Version
X-Trv-Group
X-EIG-Tracking-Id
X-Wix-Viewer-Type
X-ND-Cache
X-HostName
Cdn
X-Cs
X-Via-CDN
X-Fastly-Request-Id
Proxy-Connection
X-Nc
X-APP
CF-Cached-On
X-DynaTrace-JS-Agent
CDN
Server-Id
Lb
Env
WZWS-RAY
X-Dynatrace-Js-Agent
X-ServerName
X-Reqid
X-TIM-N
X-Fastly-Backend-Reqs
Sid
X-Tid
X-Fpc
Redirect-Candidate
X-WA
X-Pjax-Url
X-HS-Status
X-MG-S
X-Up
X-Request-Start
Tracecode
X-NGINX-Cache
Cteonnt-Length
Is-Us
Viewtype
X-Lb-Id
Rt-Fastcgi-Cache
Pramga
X-Cache-Date
X-Check-Cacheable
VivaBuild
X-URL
X-Xrds-Location
X-CSRF-TOKEN
X-Esi
Ohc-Cache-HIT
X-Via-PopN
X-Via-PopH
X-Cdn-Forward
X-Via-PopV
Machine
X-VC
X-Cdn-Origin
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Amz-Meta-Cb-Modifiedtime
X-ServedByHost
X-Sn-Servicetimems
Mime-Version
X-Cache-Backend
URI
X-ECache
X-FTR-Request-ID
CloudFront-Viewer-Country
Shield-Pop
X-Core-Mission
CountryCode
X-SN
X-Provided-By
W
Server-Ttl
X-Webkit-Csp-Report-Only
X-Tt-Logid
X-UnsetCookies
X-Contensis-Viewer-Groups
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Fastly-Cache-Hits
X-Acquia-Site
X-Varnish-Authentication
FSS-Cache
X-Air-Pt
X-Yottaa-OS
X-Acquia-Application-Trace
X-Pad
X-Cache-ASPX
X-FORWARDED-FOR
X-Cache-Expires
X-RAMCache
X-LiteSpeed-Cache-Control
On-Server
X-Vcache
CACHE
X-Dw-Trace-Id
X-Cdn-Request-ID
Srv
X-RSL
X-FTR-Realm
X-StackifyID
X-FTR-DC
X-Oss-Storage-Class
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-RPS
X-Swa-Ws
Xet-Cookie
X-FTR-Backend-Server
X-FTR-Cache-Status
X-RPM
X-Swift-Error
Ohc-Response-Time
ServerName
X-Oss-Hash-Crc64ecma
WP-Super-Cache
X-SB
X-Webstats-RespID
X-Pf-Uncompressing
Vha6-Origin
X-Oss-Object-Type
X-DI
X-DSS
X-DW
X-Oss-Request-Id
X-DB
X-Oss-Server-Time
X-Action
X-B3-Spanid
X-Sucuri-Cache
Req-ID
X-Edge-POP
X-Cache-Status-Check
X-Region-Sid
X-FPC
PICS-Label
X-ElasticPress-Search
X-FTR-Expires
X-C
X-Snapshot-Date
Xc-Version
Content-Script-Type
Warning
X-TH-Server
Content-Style-Type
X-MiniProfiler-Ids