Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
ETag
Pragma
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Request-ID
X-Generator
P3p
X-Cacheable
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Upgrade
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Dns-Prefetch-Control
X-Via
Keep-Alive
X-Ws-Request-Id
Server-Timing
Request-Context
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Cache-Group
X-Server-Powered-By
X-Backend
X-Amz-Request-Id
Host-Header
EagleId
X-Amz-Id-2
X-Nginx-Cache-Status
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
Grace
X-UA-Device
X-Page-Speed
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-Device
X-Vhost
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Dispatcher
X-OneAgent-JS-Injection
NEL
Cf-Railgun
X-WebKit-CSP
X-Host
X-Cache-Spec
X-Server-Id
X-CST
X-Node
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
Request-Id
Surrogate-Control
X-Readtime
Accept-CH
X-Akam-SW-Version
Accept-Ch-Lifetime
X-Response-Time
Xkey
X-HW
X-Language
X-Template
X-Application-Context
X-Country
Content-Location
X-Ac
X-Cache-Lookup
Rating
MS-Author-Via
X-Url
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Webkit-CSP
Edge-Control
X-Clacks-Overhead
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-Mod-Pagespeed
X-Trace
Accept-Ch
Fastly-Restarts
X-B3-TraceId
X-Content-Type
X-Rack-Cache
X-Buckets
X-MS-InvokeApp
X-Origin-Cache
X-ESI
X-GitHub-Request-Id
X-Country-Code
X-Cnection
X-Goog-Hash
Verso
X-D2id
X-VARITI-CCR
X-ORACLE-DMS-ECID
X-FastCGI-Cache
Arr-Disable-Session-Affinity
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
Cache-Tag
X-Vcap-Request-Id
Service-Worker-Allowed
X-Cached
X-Px
X-Server-Name
X-Abt-Application-Version
X-Amz-Rid
X-Client-IP
X-Navigation-Version
X-Cache-TTL
Accept-CH-Lifetime
X-Server-ID
X-TTL
Public-Key-Pins
RTSS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Powered-By-Plesk
Access-Control-Request-Method
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Version
X-Upstream
X-Fastly-Request-ID
Display
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Pagespeed
S
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
X-LLID
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Kraken-Loop-Name
X-Cache-Key
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-ECACHE
X-Ruxit-Js-Agent
X-Accel-Expires
X-Shield-Request-Id
X-Jurisdiction
X-HP-Webp
X-ORACLE-DMS-RID
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Correlation-Id
Realpath
X-T
X-PressLabs-Stats
SPRequestGuid
X-MCACHE
X-Mid
X-SharePointHealthScore
X-Content-Security-Policy-Report-Only
Edge-Cache-Tag
X-DynaTrace
SPRequestDuration
SPIisLatency
X-Litespeed-Cache
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-XRDS-Location
X-Mg-S
Nginx-Cache
X-Ttl
X-Content-Digest
X-Forwarded-Proto
X-Recruiting
TP-L2-Cache
TP-Cache
Front-End-Https
Charset
X-Request-Processing-Time
X-Request-Received
Alternate-Protocol
Server-Node
X-Id
X-Logged-In
Filters
X-Oneagent-Js-Injection
Content-MD5
TCN
X-Forwarded-For
X-Geo-Country
Fusion-Component-Id
Fusion-Content-Source
X-Protected-By
Fusion-Template-Id
Fusion-Deployment-Id
X-Ezoic-Cdn
Fusion-Content-Id
Fusion-Source
Cache-Tags
X-Hostname
X-Amzn-Trace-Id
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Origin-Upstream-Status
X-Grace
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Generation
X-Ab
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Www-Served-By
Cleartype
X-F-Cache
X-LB-Cache
X-Amz-Replication-Status
X-Debug-Info
X-Origin-Server
X-AppVersion
X-Activity-Id
X-Az
X-HS-Hub-Id
X-Rid
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
Host
X-Daa-Tunnel
X-Contextid
X-Git-Hash
X-Page-Id
Section-Io-Cache
Server-Name
X-Content-Options
X-Erf-Bev-Bev
X-Browser-Type
X-VCache
X-Erf-Bev-Bev-Is-Generated
X-Frontend
X-Ser
X-Cache-Age
MicrosoftSharePointTeamServices
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Upgrade-Enabled
X-RateLimit-Remaining
Access-Control-Allow-Method
X-Release
X-Aspnetmvc-Version
X-Hits
ServerID
Accept-Charset
X-Mobile-URL
X-Source
X-WebKit-CSP-Report-Only
X-Aspnet-Duration-Ms
X-Flags
X-Varnish-Age
X-DIS-Request-ID
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Request-Guid
X-B-Cache
X-Signature
X-Cache-Action
X-B3-Sampled
Healthy
Viewport
X-Varnish-Grace
Payment
Paypal-Debug-Id
X-Whom
X-TT
Fastcgi-Useragent
X-FB-Debug
X-Varnish-Backend
X-AOL-HN
X-Yandex-Sdch-Disable
X-Respond-Thread
X-CACHE-GROUP
Node
X-App-Environment
X-Load-Cache
X-Mobile
DynaTrace
X-Fastcgi-Cache
DC
X-Tt-Trace-Tag
X-Tt-Trace-Host
Filterid
X-Seen-By
Version
X-Distributor
X-N
SRV
X-User-Agent
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-HTML-Minification-Powered-By
X-Cache-Control
Frame-Options
Retry-After
X-Type
X-XRDS-LOCATION
X-HP-Trace-Id
MS-CV
Refresh
X-Jobs
X-FW-Hash
X-FW-Dynamic
X-FW-Type
X-FW-Serve
X-FW-Static
X-FW-Server
X-Response-Served-From
X-Ua-Device
X-Original-Request-Id
X-Cache-Expired-At
X-NGENIX-Cache
X-UUID
X-Page-View
X-Azure-Ref
X-Proxy-Cache-Status
NGB
X-Real-IP
X-Node-Name
X-Instance
X-Debug-IsPreview
X-Debug-IsConnected
X-Adobe-Loc
X-Adobe-Content
X-Varnish-Server
X-IPLB-Instance
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-B
X-Cacheable-TTL
X-ProcessESI
X-Tumblr-User
X-Vgn-Hpd-Reason
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-RemovedCookies
X-Tumblr-Pixel
X-Region
X-G
X-Cluster-Name
X-Device-Type
X-CDN-Forward
X-Cache-Time
Ms-Operation-Id
X-RTag
X-Framework
Amp-Access-Control-Allow-Source-Origin
X-Aws-Lambda-Call-Status
X-Content-Powered-By
X-Proxy
Access-Control-Request-Headers
X-Zen-Fury
Nel
X-Cache-Hit
X-IPS-LoggedIn
Referer-Policy
Uber-Trace-Id
Liferay-Portal
SD-X-WS
X-Parallel-Accel
X-Rendered-As
X-Drupal-Cache-Tags
X-Is-Bot
X-Ms-Request-Id
X-Ms-Version
Cache-Status
X-Cache-Rule
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
X-Time
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
Countrycode
X-Mg-Request-UUID
X-App-Server
X-Oracle-Dms-Rid
X-Environment-Context
X-Debug
X-L-Path
X-Revision
S-Cnection
X-Yottaa-Optimizations
X-Yottaa-Metrics
Country
X-Accel-Buffering
CF-IPCountry
X-RateLimit-Limit
X-B3-Traceid
X-Cache-Operation
X-APP-VERSION
X-TA-CDN-Provider
X-Nginx-Cache
X-Drupal-Cache-Contexts
X-Microsite
X-Request-Handler-Origin-Region
Count-Hit
X-FW-Version
Akamai-GRN
Cache
X-ES-SERVER
X-SaId
X-JoinUs
X-RN-RSRV
Ar-Sid
X-GG-Cache-Date
AR-Request-ID
AR-ATIME
Meta-Geo
AR-PoweredBy
X-UPSTREAM-Address
AR-CACHE
X-Endurance-Cache-Level
X-SayCDN-TTL
X-LAGOON
Surrogate-Key
X-Loop
X-TNCMS
X-Cache-TTL-Remaining
From-Origin
X-Say-Cacheable
X-Cache-Type
X-Say-TTL
Azure-Version
Azure-InstanceId
X-PCL
X-Adobe-Source
X-Sql-Count
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Sql-Duration-Ms
X-R9-Blue-Green-Version
X-S-Maxage
Country-Code
X-NYM-Debug-Backend
Fastly-SSL
X-OCL
Protected
X-Alternate-Cache-Key
X-Varnish-Hostname
X-Be
X-AWS-Id
X-RCS-CacheZone
Decoy-Debug-Key
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-ShopId
X-ShopId
X-B3-SpanId
X-Varnish-Beresp-Grace
X-Pubstack
X-VWS-Id
Decoy-Debug-Status
Cache-Name
X-No-Session
Apigw-Requestid
X-LJ-Flow-ID
X-Varnishpool
X-Request-Time
X-Sorting-Hat-PodId
X-Hosted-By
X-Human
X-Origin-Date
Decoy-Debug-TTL
X-Proto
X-Storefront-Renderer-Rendered
X-Status
TWC-GeoIP-LatLong
Property-Id
Eomportal-Instance
TWC-Locale-Group
Selected-Fe
TWC-Connection-Speed
TWC-Device-Class
ServedBy
TWC-GeoIP-Country
X-Via-Fastly
X-Timing-Wait
X-Labrador-Cache-Channel
X-Handled-By
X-Format
X-ProxyCache-Key
X-Proxy-Build
X-Redis-Cache
X-ProxyCache-Status
X-Web-Node
X-UA-Device-Type
X-Cache-Server
X-PHP-Host
Webcakes-App-Version
Webcakes-App-Name
X-Server-W
TWC-Privacy
X-Section
X-Access
X-BYPASS-REASON
X-Xfnlog-Site
X-Tumblr-Pixel-2
X-Akamai-Edgescape
X-Origin-Hint
Webcakes-Region
Cache-Tv-Group
X-App-Version
X-Cluster-Node
X-ApacheServer
X-Hyper-Cache
X-Backend-Host
X-PHP-Backend
X-PERF
GEO-INFO
Mn-Server-Ip
X-Uri
X-FB-TRIP-ID
X-Time-Microsecs
Cross-Origin-Opener-Policy
X-Hl-Ver
X-Backend-Name
X-ServerID
OT-Force-Account-Verify
X-ATG-Version
X-Tumblr-Pixel-3
X-FireWall-Port
X-Detected-As
X-Servername
X-Azure-Ref-OriginShield
X-Ua
Web-Mar-Node
Cross-Origin-Window-Policy
X-Generation-Time
X-Cache-Host
X-Varnish-Cache-Hits
X-Cache-PHP
X-Datadome
Ec-Rule-Version
X-Content-Age
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Varnish-Hits
Content-Secure-Policy
Backend
X-SRV
X-TT-LOGID
Source
X-Trace-Id
X-Via-JSL
X-CS
X-Ratelimit-Remaining
X-Ratelimit-Limit
X-MP-GENERATED-AT
X-Forwarded-Host
X-WA-Info
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Amz-Apigw-Id
X-Amzn-RequestId
Upgrade-Insecure-Requests
X-CSRF-Token
X-Cache-Grace
X-Microcachable
X-Ua-Browser
X-Akamai-Transformed
X-Content
X-Mode
X-Soup
Xserver
X-Cache-Enabled
X-NWS-UUID-VERIFY
X-Edge-Location
X-Cdn
X-Amzn-Remapped-Content-Length
X-Locale
Url
X-Bc-Bl
X-Rule
X-Info
X-Dc
X-Origin-TTL
X-Site-Version
X-Origin-CC
X-Tenant
Content-Disposition
X-Zipkin-Id
X-Routing-Service
X-Varnish-Beresp-Ttl
X-Extlb
X-Proxied
SID
X-Unique-Id
S-Rt
X-Magnolia-Registration
X-Tb
X-A
X-Cache-NE
Expiry
X-Developer
Mobile-Detection-Method
Surrogated-Key
X-Vdms-Version
DCR-Decision-By
DCR-Processing-Time-Ms
Fastcgi-X-Cache-Version
Rendered-Blocks
X-A-Wwc
X-Destination
X-NAPM-TraceId
Fastly-SIE
X-A-Ccd
X-From
X-BCube-Filmed-By
X-Epic-Correlation-Id
X-NU-AKA-ACS-Version
Fastly-SWR
X-External-Request-Id
A
Odigeo-Trace-Id
X-A-Dgt
X-Forwarded-Path
Apple-News-Services-Handled
Apple-News-Services-Host
BehaviorPad-Version
X-Ftr-Request-Id
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
CDCHOST
X-A-Dcw
CDN-RequestCountryCode
CDN-RequestId
X-GEO
CDN-Uid
CDN-PullZone
CDN-EdgeStorageId
X-Cache-Bucket
CDN-Cache
T-Server
CDN-CachedAt
X-Orig-Expires
X-BBC-Edge-Cache-Status
X-Conf
X-SRCache-Key
X-Varnish-Beresp-Status
X-Request-URI
Req-Svc-Chain
X-Rebelmouse-Surrogate-Control
X-Aicache-OS
X-Rebelmouse-Cache-Control
X-Session-Fingerprint
X-A-Dam
X-CF-Lambda-Fn
X-S
X-S-Cookie
X-Storage
X-Rojux
X-Aed
X-Rewrite-Enabled
MD5-Digest
X-ARC
X-ScT
X-Ratelimit-Reset
X-Platform-Server
X-Processor
X-VG-WebCache
X-VG-WebServer
User-Cache-Control
X-PBS-Appsvrname
AMP-Access-Control-Allow-Source-Origin
Meta-Geo-Continent
X-PAYTM-SRV-ID
X-Debug-Cache
X-B-Cookie
X-D
X-Application
X-CF-Lambda-Version
X-Connection-Hash
X-Shop-Environment
X-Vtex-Remote-Cache
X-AIR-PT
Host-ID
X-Vtex-Processado-Em
X-EC-Lua
Cache-Host
Cache-Key
NGX
X-Core-Value
Is-Eu
Fastly-Backend-Name
X-Date
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Fastly-Cache
X-Cache-Info
L
X-Cms-Context
X-Is-Gdpr
X-Men
X-Cached-By
X-Origin-Expires
X-VG-TLSProxy
State
X-Li-Fabric
X-LI-UUID
X-Loc
X-M-Reqid
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Request-UUID
X-Service
X-Backend-State
UCS
X-M-Log
X-Proxy-Upstream
X-VServer
Platform
X-Li-Pop
X-TrackingId
X-Cache-Debug
X-Has-Esi
X-JWT-State
X-Micro-Cache
X-Variation
X-Accel-Expires-Debug
Adler-Geo
X-Worker
X-Cache-NGX
Pics-Label
Path
X-Qnm-Cache
X-NCache
X-DataDome
X-Tx-Id
XServer
X-Auto-Login
X-Cache-Tags
X-Cache-Id
VNS-Cache
X-Bip
X-Block-Status
X-Branch-Name
X-Nginx-Cache-Key
X-Sigma-Backend
X-SIPLIST1
X-Slack-Backend
X-Thanos
X-Sigma
X-Rocket-Build-Number
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Req
X-Thinkindot-L3
X-Varnish-CookieHashed-On
X-Viewer-Country
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Scheme
X-Via-NSCOPI
X-VC-Cache
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
X-Origin
X-Old-Content-Length
X-Esi-Check
X-Fastly-Backend
X-Forwarded-Site
X-Gamma-Serve
X-Device-Os
X-Developers
X-Cluster
X-DefElseHash
X-DefHash
X-Gen-Mode
X-Generated-By
X-Level-Front-Cache
X-Location
VNS-Age
X-Hnp-Log
X-HN
X-Generated-On
X-Geo-Header
X-Gzip
X-Clientip
X-Ckpd-Fst-Backend
C-Via
M-TraceId
Locid
Arc-Version
Origin
Server-Ext
PFcat
PB-PID
Location
IsBot
Fastly-Drupal-HTML
Fastcgi-Cache-TTL
Esi-Enabled
CPC-Cache
CPC-Age
Cf-Device-Type
Cmsid
Cmstype
Server-Host
PB-RID
Thinkindot-CacheControl
Server-Hostname
Thinkindot-CacheControl-Type
Thinkindot-Control
Vix-Hermes-Req-Id
True-Client-Country-4JS
Sever-Int
TDXMobile
X-Platform
X-Amz-Meta-S3cmd-Attrs
X-Served-From
X-Owner
X-FC-Vary-Parameters
X-Vdms-Path
X-Policy
X-Mvc-Supplant-Cachable
DataCenter
X-Var-Ttl
Svr
X-Skip-Cache
X-Eu-Site
X-HS-Content-Campaign-Id
X-GeoIP-City
X-GeoIP
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sucuri-ID
X-Request-Host
X-Generated-In
X-LSADC-Cache
X-Fetched-On
X-Hash
CacheControlHeader
Arc-Country
AKAMAI
X-Irp-Debug
DSUID
X-Planisys-CDN-TTL
X-CGP
Server-Info
Wxu-Next-Hostname
X-Planisys-CDN-Cache
Mail-Subject
Pagetype
Wxu-Next-Region
Memcached
Release
NM-Fastcgi-Cache
X-Planisys-CDN-Rules
Ha-Gx-Prefs
Wxu-Next-Commit
We-Hiring
HA-Ipaddr
Gh-Request-Id
L5d-Success-Class
X-Csrf-Jwt
V-Age
Webserver
X-Unique-ID
X-Render-Time
X-WADP-Cache
X-Qloud-Router
X-DC
X-Platform-Processor
X-Platform-Router
X-GoCache-CacheStatus
X-Rocket-Nginx-Serving-Static
X-Platform-Cluster
X-Fmm-Version
X-V-Cache
X-Clara-WADP
NtCoent-Length
X-CLOUD-TRACE-CONTEXT
Cache-Hits
X-SD-PageType
MIME-Version
X-Mvc-Supplant-OutputCached
X-Cache-Remote
X-Cache-Var
X-Cache-Var-Map
X-Via-Poph
Environment
X-Via-Popn
Kp-EeAlive
X-Servedbyhost
X-Via-Popv
X-Zone
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-NodeID
X-API-Version
X-PJAX-URL
X-Origin-Time
X-Nyt-Route
X-Gdpr
X-Srv
X-Vc
X-User
X-NC
X-Via-Ucdn
X-ID
Server-ID
X-Pod-Name
Candidate-Md5Url
X-Server-IP
X-BBC-Origin-Response-Status
X-PF-Uncompressing
X-Wa
X-Cache-Config
Who
X-Varnish-Ttl
WebServer
X-Internal-Host
Time
Cluster
X-Traceid
X-App
X-Varnish-Url
X-Minions-Version
X-Refresh
Memory
HostName
X-LB-ID
X-Webkit-Csp
X-VCL-Version
X-TIME
X-CACHE-KEY
X-Pass-Why
Onion-Location
X-ZONE
GeoIp-Country-Code
X-Webkit-CSP-Report-Only
Web-Mar-Region
Powered-By-ChinaCache
My-App
Tcn
X-NewRelic-App-Data
Geo-Info
N-Cache
Resin-Trace
Geoip-Latitude
X-Edge-Pop
X-Newrelic-Synthetics
X-Dynatrace
X-Esi
X-Cache-Ttl
Servername
X-ElasticPress-Query
X-LI-Proto
Datacenter
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
X-Varnish-Cacheable
X-TX-ID
X-Tt-Logid
X-VHOST
CDN
X-Akamai-Pragma-Client-IP
X-EIG-Tracking-Id
WWW-Authenticate
X-OVcl
X-Origin-Response-Time
X-OVcl-Cache
X-Fastly-Request-Id
X-Geo
Ohc-File-Size
Cf-Bgj
X-HITS
X-CACHE-AGE
Hostname
X-Backend-TTL
Magicmarker
X-Varnish-Beresp-TTL
X-Tid
X-Fpc
LB
X-TIM-N
X-Li-Proto
Redirect-Candidate
X-NODE
Proxy-Connection
X-Up
X-Dynatrace-Js-Agent
Tracecode
X-Correlation-ID
X-AB
X-Cache-Date
X-Dispatcher-Server
X-NGINX-Cache
X-Wix-Viewer-Type
Pramga
X-Request-Start
X-Method
X-HostName
Cdn
GeoIP-Country-Code
X-MSEdge-Flight
X-Cdn-Origin
X-Sn-Servicetimems
X-Amz-Meta-Cb-Modifiedtime
X-MSEdge-Features
X-Vcl-Version
X-CSRF-TOKEN
CloudFront-Viewer-Country
Cf-Ipcountry
W
GeoIP-Latitude
X-Provided-By
Is-Us
X-APP
Ssr
DB-Nickname
X-IP
Lb
X-Fastly-Backend-Reqs
X-ServerName
X-Cs
X-UnsetCookies
CF-Cached-On
X-WA
X-COUNTRY
X-Reqid
X-Core-Mission
X-Cache-Expires
Server-Id
Sid
X-Lb-Id
X-HS-Status
X-MG-S
X-Webkit-Csp-Report-Only
WP-Super-Cache
Cteonnt-Length
X-Node-Id
X-Nc
X-FORWARDED-FOR
X-Sucuri-Cache
X-Check-Cacheable
X-Hcs-Proxy-Type
X-Region-Sid
X-DynaTrace-JS-Agent
X-VC
X-Cache-Status-Check
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-ND-Cache
X-Trv-Group
URI
Ohc-Cache-HIT
CountryCode
X-Via-PopV
X-Cache-Backend
X-Via-PopH
X-Via-PopN
X-Via-CDN
Env
X-Moov-Xdn-Version
X-ServedByHost
X-SERVER-NAME
X-Moov-T
WZWS-RAY
X-Pjax-Url
Xc-Version
X-Pf-Uncompressing
Shield-Pop
X-Pad
User-Agent
Mime-Version
EpKe-Alive
X-Ig-Push-State
X-SN
X-Amz-Meta-Opti
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-LiteSpeed-Cache-Control
X-CUA
X-Edge-POP
X-RAMCache
X-Acquia-Application-Trace
FSS-Cache
X-Acquia-Site
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Fastly-Cache-Hits
X-Varnish-Authentication
X-IN-APIGATEWAYSSL
CACHE
X-IN-APIGATEWAY
X-Oss-Storage-Class
X-Oss-Server-Time
Ohc-Response-Time
Vha6-Origin
X-DB
X-Action
VivaBuild
X-Oss-Request-Id
X-Dw-Trace-Id
X-Dispatch
X-Nginx-Upstream-Cache-Status
On-Server
HIT
X-Oss-Object-Type
Xet-Cookie
X-Oss-Hash-Crc64ecma
X-Webstats-RespID
X-RSL
X-RPS
X-RPM
X-DI
X-Parent-Response-Time
X-Swift-Error
X-SB
X-StackifyID
X-DW
X-DSS
Rt-Fastcgi-Cache
Server-Ttl
Viewtype
X-Cdn-Request-ID
X-TRACE-ID
X-Cdn-Forward
X-Ftr-Viewer-Uri
X-Forwarded-Port
X-Env-Sha256-Sig
X-Amzn-Remapped-X-Forwarded-For
X-Snapshot-Date
X-Env-Stack-Name
X-Amzn-Remapped-Host
X-Amzn-Remapped-User-Agent
X-FPC
Content-Script-Type
X-MiniProfiler-Ids
X-TH-Server
ServerName
Content-Style-Type
Req-ID
X-CF-Powered-By
X-Yottaa-OS
X-ElasticPress-Search
Hit