Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
P3p
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
X-Ua-Compatible
Status
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
X-Robots-Tag
Server-Timing
X-AH-Environment
X-Server
X-Hacker
X-Dns-Prefetch-Control
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
X-Amz-Request-Id
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
NEL
X-Amz-Version-Id
Cf-Railgun
X-Dispatcher
X-Host
X-CST
X-Cache-Spec
X-Server-Id
X-Node
Allow
X-Backend-Server
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Readtime
X-WebKit-CSP
X-Akam-SW-Version
X-Webkit-CSP
X-Response-Time
Accept-CH
Xkey
X-HW
X-Language
X-Country
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
X-Application-Context
X-Ac
Content-Location
X-Template
MS-Author-Via
X-Cache-Lookup
X-Cloud-Trace-Context
Rating
X-Url
X-B3-TraceId
X-Mod-Pagespeed
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
X-ESI
Accept-Ch
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
Accept-CH-Lifetime
Fastly-Restarts
X-Content-Type
X-GitHub-Request-Id
X-Rack-Cache
X-FastCGI-Cache
X-Origin-Cache
X-Cnection
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Cdn-Fetch
X-Use-Magma
X-Kinja
X-Country-Code
X-Server-ID
X-Goog-Hash
Verso
X-Buckets
X-D2id
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-Cached
X-Server-Name
X-Vcap-Request-Id
Cache-Tag
X-ORACLE-DMS-ECID
X-Abt-Application-Version
X-Amz-Rid
X-Client-IP
Service-Worker-Allowed
X-Navigation-Version
X-Powered-By-Plesk
RTSS
Access-Control-Request-Method
X-Fastly-Request-ID
X-Px
X-Powered-CMS
Public-Key-Pins
X-Element-Page-Cache
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Middleton-Response
X-Sol
X-Middleton-Display
Pagespeed
Display
Response
X-Upstream
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Cache-TTL
X-Version
X-Ttl
S
X-TTL
X-Edge
X-Kinsta-Cache
X-LLID
X-Edge-Location-Klb
Realpath
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Accel-Expires
X-SharePointHealthScore
SPIisLatency
SPRequestDuration
SPRequestGuid
X-Instrumentation
X-Jurisdiction
X-Server-Lifecycle-Phase
X-HP-Webp
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-ECACHE
X-Mid
X-T
X-MCACHE
X-Shield-Request-Id
X-Pinterest-Rid
X-Content-Security-Policy-Report-Only
Pinterest-Generated-By
Pinterest-Version
X-PressLabs-Stats
X-Cache-Key
X-Correlation-Id
X-Forwarded-Proto
Edge-Cache-Tag
X-ORACLE-DMS-RID
X-DynaTrace
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
X-Mg-S
Charset
TP-Cache
TP-L2-Cache
X-Content-Digest
Nginx-Cache
X-XRDS-Location
Filters
X-Id
Front-End-Https
X-Request-Received
X-Request-Processing-Time
TCN
Alternate-Protocol
Server-Node
X-Logged-In
X-Forwarded-For
X-Ezoic-Cdn
Cache-Tags
Content-MD5
X-Geo-Country
X-Release
X-Litespeed-Cache
X-ASPNET-VERSION
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Deployment-Id
X-Protected-By
X-Origin-Upstream-Status
X-Hostname
X-Amzn-Trace-Id
X-Grace
X-Origin-Server
X-Ruxit-Js-Agent
X-F-Cache
X-Www-Served-By
X-Goog-Generation
Cleartype
X-Oneagent-Js-Injection
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Amz-Replication-Status
X-Rid
X-Contextid
Host
Server-Name
X-Debug-Info
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Az
X-HS-Combine-CSS
X-LB-Cache
X-Activity-Id
X-AppVersion
X-RateLimit-Remaining
X-NWS-LOG-UUID
Section-Io-Cache
X-Frontend
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Git-Hash
MicrosoftSharePointTeamServices
X-Page-Id
X-Ser
X-Aspnetmvc-Version
X-VCache
X-Cache-Age
X-Respond-Thread
X-WebKit-CSP-Report-Only
X-Daa-Tunnel
X-Content-Options
Accept-Charset
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Mobile-URL
X-Source
X-Hits
X-DIS-Request-ID
X-CACHE-GROUP
X-B-Cache
X-Signature
ServerID
Payment
X-Aspnet-Duration-Ms
X-Varnish-Grace
X-Varnish-Age
X-Flags
Paypal-Debug-Id
X-Varnish-Backend
X-Providence-Cookie
X-Request-Guid
X-Route-Name
Healthy
X-Is-Crawler
X-Cache-Action
X-FB-Debug
X-TT
X-Whom
X-Kong-Proxy-Latency
Viewport
X-Kong-Upstream-Latency
Node
X-B3-Sampled
X-AOL-HN
X-App-Environment
X-Ab
Fastcgi-Useragent
Version
DynaTrace
X-Seen-By
X-Mobile
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Load-Cache
X-N
DC
X-Yandex-Sdch-Disable
X-Type
X-XRDS-LOCATION
X-HTML-Minification-Powered-By
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-CACHE
Ar-Sid
X-Distributor
X-Tt-Trace-Host
X-Tt-Trace-Tag
MS-CV
Frame-Options
Retry-After
Filterid
X-Cache-Control
X-User-Agent
X-Cache-Expired-At
SRV
X-Jobs
X-Request-Handler-Origin-Region
X-Microsite
X-Original-Request-Id
X-Response-Served-From
X-IPLB-Instance
X-Proxy-Cache-Status
Refresh
X-UUID
X-Adobe-Loc
X-Real-IP
X-Adobe-Content
X-Device-Type
X-Debug-IsPreview
X-Debug-IsConnected
Access-Control-Request-Headers
X-Cluster-Name
X-Cacheable-TTL
X-Instance
X-Varnish-Server
X-Page-View
X-Region
X-IPS-LoggedIn
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Uber-Trace-Id
X-Framework
NGB
X-Tumblr-User
X-B
X-ProcessESI
X-Content-Powered-By
X-RemovedCookies
X-Cache-Time
X-G
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Proxy
Ms-Operation-Id
X-RTag
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Hash
X-FW-Static
X-FW-Dynamic
X-Fastcgi-Cache
X-Vgn-Hpd-Reason
X-NGENIX-Cache
X-Zen-Fury
X-CDN-Forward
Countrycode
X-Azure-Ref
X-Wix-Request-Id
Cache-Status
Section-Io-Id
X-Time
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Debug
Section-Origin-Responded
X-Mg-Request-UUID
X-App-Version
X-RateLimit-Limit
X-Node-Name
Amp-Access-Control-Allow-Source-Origin
X-Accel-Buffering
X-Oracle-Dms-Rid
X-Cache-Rule
X-Ms-Version
X-Ms-Request-Id
Cache
X-Cache-Hit
X-Is-Bot
X-Rendered-As
X-Nginx-Cache
SD-X-WS
X-Drupal-Cache-Tags
Liferay-Portal
X-FireWall-Port
Referer-Policy
S-Cnection
X-EdgeConnect-Cache-Status
Country
Surrogate-Key
X-App-Server
X-Aws-Lambda-Call-Status
X-L-Path
X-Environment-Context
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Operation
CF-IPCountry
Eomportal-Instance
X-Revision
X-TA-CDN-Provider
X-Loop
X-ES-SERVER
X-TNCMS
X-Timing-Wait
X-Endurance-Cache-Level
Meta-Geo
X-SaId
X-RN-RSRV
X-UPSTREAM-Address
X-GG-Cache-Date
Selected-Fe
X-JoinUs
From-Origin
X-Parallel-Accel
X-Proxy-Build
X-Cache-Type
X-ShopId
X-Sorting-Hat-PodId
X-Xfnlog-Site
X-Adobe-Source
X-Varnish-Beresp-Grace
X-Varnishpool
X-ShardId
X-Shopify-Stage
X-Request-Time
X-Storefront-Renderer-Rendered
X-Cache-TTL-Remaining
X-Drupal-Cache-Contexts
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-No-Session
Protected
X-Varnish-Hostname
X-R9-Blue-Green-Version
X-BYPASS-REASON
X-Be
X-NYM-Debug-Backend
X-Handled-By
X-Origin-Date
ServedBy
X-SayCDN-TTL
X-ProxyCache-Status
X-Say-Cacheable
X-AWS-Id
X-HP-Trace-Id
X-S-Maxage
X-Proto
X-Backend-Host
X-PHP-Backend
Cache-Name
X-LJ-Flow-ID
X-LAGOON
X-VWS-Id
X-Human
X-Say-TTL
X-Pubstack
X-ProxyCache-Key
X-Server-W
X-RCS-CacheZone
Fastly-SSL
Cache-Tv-Group
Apigw-Requestid
Property-Id
Azure-SiteName
X-OCL
X-Cache-Server
X-Sql-Duration-Ms
X-UA-Device-Type
Webcakes-App-Version
X-Sql-Count
Webcakes-App-Name
TWC-Privacy
Webcakes-Region
Azure-InstanceId
Azure-SlotName
Azure-RegionName
X-Akamai-Edgescape
X-Origin-Hint
TWC-Locale-Group
Azure-Version
Country-Code
X-PCL
X-FB-TRIP-ID
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
X-Backend-Name
X-Section
X-Access
Mn-Server-Ip
X-Status
X-Hosted-By
X-Hl-Ver
Decoy-Debug-Status
Akamai-GRN
Decoy-Debug-TTL
X-Labrador-Cache-Channel
X-PHP-Host
X-Tumblr-Pixel-2
X-Via-Fastly
Decoy-Debug-Key
X-Format
X-Uri
X-ApacheServer
X-PERF
X-Web-Node
GEO-INFO
Count-Hit
Nel
X-Hyper-Cache
X-FW-Version
X-Redis-Cache
X-Ua-Device
X-Cache-PHP
Xserver
X-ServerID
X-Time-Microsecs
X-B3-SpanId
X-TT-LOGID
X-ATG-Version
X-Cluster-Node
X-Servername
X-Trace-Id
OT-Force-Account-Verify
X-WA-Info
X-CSRF-Token
X-Tumblr-Pixel-3
X-Content-Age
X-MP-GENERATED-AT
X-Azure-Ref-OriginShield
X-Detected-As
X-Rule
Backend
Cross-Origin-Opener-Policy
X-Varnish-Cache-Hits
X-Soup
X-Akamai-Transformed
X-Datadome
X-Generation-Time
X-Cached-By
X-APP-VERSION
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Cache-Host
X-TEC-API-ORIGIN
Web-Mar-Node
X-Cache-Ttl
X-Cache-Enabled
X-Edge-Location
X-Varnish-Hits
X-Bc-Bl
X-Varnish-Beresp-Status
X-CS
AMP-Access-Control-Allow-Source-Origin
X-Mode
X-Info
X-Microcachable
Cross-Origin-Window-Policy
Ec-Rule-Version
X-Amzn-Remapped-Content-Length
X-SRV
X-Amzn-RequestId
X-Amz-Apigw-Id
Content-Secure-Policy
X-Ua
X-Dc
S-Rt
X-Cache-NGX
X-Via-JSL
X-B3-Traceid
X-Storage
X-Debug-Cache
X-Magnolia-Registration
X-Cache-Grace
X-Air-Hostname
X-Air-Trace-Id
Url
X-Origin-TTL
X-Proxied
X-Origin-CC
X-Air-Source
X-Zipkin-Id
X-Platform
X-Routing-Service
X-Varnish-Beresp-Ttl
SID
Upgrade-Insecure-Requests
X-Extlb
X-Locale
X-NWS-UUID-VERIFY
Source
X-Forwarded-Host
MD5-Digest
Fastly-SWR
Host-ID
M-TraceId
Mobile-Detection-Method
Req-Svc-Chain
State
Surrogated-Key
Rendered-Blocks
Path
A
Odigeo-Trace-Id
Meta-Geo-Continent
Apple-News-Services-Host
CDCHOST
CDN-RequestId
CDN-Uid
CDN-Cache
T-Server
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-CachedAt
Cache-Host
BehaviorPad-Version
Apple-News-Services-Parsed-Url
Fastly-SIE
CDN-PullZone
Fastcgi-X-Cache-Version
Expiry
Apple-News-Services-Request-Url
DCR-Decision-By
DCR-Processing-Time-Ms
Apple-News-Services-Handled
X-Bip
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Request-URI
X-Rewrite-Enabled
X-Rojux
X-Ratelimit-Reset
X-Processor
X-Orig-Expires
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Platform-Server
X-S
X-S-Cookie
X-VG-WebCache
X-Vdms-Version
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Thanos
X-Tenant
X-ScT
X-Session-Fingerprint
X-Shop-Environment
X-SRCache-Key
X-NU-AKA-ACS-Version
X-NAPM-TraceId
X-Application
X-Aicache-OS
X-ARC
X-B-Cookie
X-BCube-Filmed-By
X-Aed
X-A-Wwc
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Cache-Bucket
X-Cache-NE
X-External-Request-Id
X-Epic-Correlation-Id
X-Forwarded-Path
X-From
X-GoCache-CacheStatus
X-Developer
X-Destination
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Clientip
X-Connection-Hash
X-A
X-D
X-Tb
X-GEO
Platform
Server-Info
X-SVT-ORM-VERSION
X-Core-Value
X-Cms-Context
PB-PID
X-VServer
PB-RID
Fastly-Drupal-HTML
Esi-Enabled
DSUID
X-Sigma-Backend
X-DPWN-IS-SECURE
X-Proxy-Upstream
Fastly-Backend-Name
X-Device-Os
Is-Eu
Kp-EeAlive
X-Backend-State
Origin
X-Branch-Name
X-Served-From
NGX
X-Sigma
X-Service
X-EC-Lua
X-Cache-Debug
X-SVT-ORM-RULES
L
X-Request-UUID
X-Cache-Tags
X-AIR-PT
X-Rocket-Build-Number
X-TrackingId
X-Envoy-Decorator-Operation
X-Variation
X-Loc
X-VHOST
X-Generated-On
Content-Disposition
Arc-Version
Adler-Geo
X-Has-Esi
X-JWT-State
X-Li-Fabric
X-Is-Gdpr
X-Li-Pop
X-Hash
X-LI-UUID
C-Via
UCS
X-Varnish-Ttl
X-Unique-ID
X-DataDome
X-Vdms-Path
X-Var-Ttl
X-Fastly-Backend
X-Origin-Expires
Cmsid
Cmstype
X-VG-TLSProxy
X-Level-Front-Cache
User-Cache-Control
X-Site-Version
Thinkindot-CacheControl-Type
Thinkindot-Control
Wxu-Next-Hostname
Wxu-Next-Commit
X-Thinkindot-L3
X-SIPLIST1
Wxu-Next-Region
True-Client-Country-4JS
Vix-Hermes-Req-Id
X-Csrf-Jwt
X-Nginx-Cache-Key
X-Location
X-Origin
X-Owner
X-Fetched-On
X-Gamma-Serve
X-Generated-In
X-HN
X-GeoIP-City
X-GeoIP
X-Geo-Header
X-FC-Vary-Parameters
X-Policy
X-Unique-Id
X-Ratelimit-Limit
X-CGP
X-Req
Thinkindot-CacheControl
X-DefElseHash
X-Eu-Site
X-Developers
X-Amz-Meta-S3cmd-Attrs
X-DefHash
X-Scheme
Server-Host
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
TDXMobile
X-Cache-Info
IsBot
X-Accel-Expires-Debug
Locid
Location
L5d-Success-Class
X-Date
X-Fastly-Cache
X-Request-Host
X-WADP-Cache
X-Conf
X-Ftr-Request-Id
CacheControlHeader
X-Micro-Cache
X-Fmm-Version
X-Forwarded-Site
Cf-Device-Type
X-Men
Memcached
X-Clara-WADP
DataCenter
Release
Pics-Label
Cache-Key
Server-Ext
Server-Hostname
X-VC-Cache
Sever-Int
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-VarnishDD-TTL
PFcat
NM-Fastcgi-Cache
Pagetype
X-Varnish-Remaining-TTL
Who
AKAMAI
X-Via-NSCOPI
X-Mvc-Supplant-Cachable
V-Age
X-Viewer-Country
X-Irp-Debug
X-Goog-Meta-Goog-Reserved-File-Mtime
X-RateLimit-Limit-Second
X-Slack-Backend
Arc-Country
X-RateLimit-Remaining-Second
X-Wikidot-Static-Cache
Svr
X-Wikidot-Backend
X-Old-Content-Length
X-Hnp-Log
Fastcgi-Cache-TTL
CPC-Cache
CPC-Age
X-Cache-Id
X-Block-Status
Mail-Subject
NtCoent-Length
VNS-Cache
We-Hiring
X-Skip-Cache
X-Cluster
X-BBC-Edge-Cache-Status
X-Generated-By
VNS-Age
X-Gen-Mode
X-Esi-Check
X-Sucuri-ID
X-Qloud-Router
X-User
X-Gzip
Webserver
X-DC
X-Ckpd-Fst-Backend
X-PF-Uncompressing
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Srv
X-Via-Popn
X-Via-Poph
X-Varnish-Url
X-Via-Popv
Cache-Hits
X-HS-Content-Campaign-Id
X-Mvc-Supplant-OutputCached
X-Worker
X-Ratelimit-Remaining
X-Minions-Version
X-CACHE-KEY
X-V-Cache
X-Servedbyhost
X-NC
X-Auto-Login
X-Vc
MIME-Version
XServer
Powered-By-ChinaCache
My-App
X-ZONE
X-Zone
X-ID
X-LB-ID
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
X-Qnm-Cache
X-NCache
X-Tx-Id
X-Rocket-Nginx-Serving-Static
X-Internal-Host
X-M-Reqid
X-M-Log
X-Render-Time
X-LSADC-Cache
X-Refresh
X-TX-ID
WebServer
X-PJAX-URL
X-Traceid
Time
Memory
X-Wa
X-Newrelic-Synthetics
X-Pass-Why
X-SD-PageType
X-Cache-Remote
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Environment
X-TIME
Server-ID
X-Webkit-Csp
X-Webkit-CSP-Report-Only
X-Datadog-Trace-Id
X-App
X-Dynatrace
X-NodeID
X-OVcl
X-Origin-Time
X-Nyt-Route
X-Gdpr
X-OVcl-Cache
X-API-Version
X-BBC-Origin-Response-Status
X-TraceId
X-Cache-Var
X-Cache-Config
X-Server-IP
X-VCL-Version
X-Via-Ucdn
X-Cache-Var-Map
Cluster
Hostname
Cf-Bgj
X-NewRelic-App-Data
X-Content
X-Ua-Browser
HostName
X-Backend-TTL
Magicmarker
Geoip-Latitude
X-Pod-Name
X-CLOUD-TRACE-CONTEXT
GeoIp-Country-Code
Candidate-Md5Url
X-Tb-Optimization-Total-Bytes-Saved
X-LI-Proto
Datacenter
Resin-Trace
Geo-Info
X-Edge-Pop
X-Correlation-ID
X-ElasticPress-Query
X-Dispatcher-Server
X-Method
N-Cache
DB-Nickname
Ohc-File-Size
Tcn
X-HITS
X-Geo
Web-Mar-Region
X-CACHE-AGE
X-Varnish-Beresp-TTL
X-IP
X-Origin-Response-Time
X-Li-Proto
X-Akamai-Pragma-Client-IP
Ssr
GeoIP-Country-Code
X-NODE
Onion-Location
X-MSEdge-Features
X-MSEdge-Flight
GeoIP-Latitude
X-AB
X-Varnish-Cacheable
X-Wix-Viewer-Type
X-Node-Id
Servername
WWW-Authenticate
LB
X-EIG-Tracking-Id
Cf-Ipcountry
X-HostName
Cdn
X-Trv-Group
Proxy-Connection
X-Cs
X-Vcl-Version
X-ND-Cache
X-Fastly-Request-Id
CF-Cached-On
X-APP
CDN
X-Dynatrace-Js-Agent
Lb
X-Via-CDN
Server-Id
WZWS-RAY
X-Nc
X-DynaTrace-JS-Agent
Redirect-Candidate
X-Tid
X-TIM-N
X-Fastly-Backend-Reqs
Env
X-WA
X-HS-Status
X-Fpc
X-Pjax-Url
Sid
X-MG-S
Cteonnt-Length
Tracecode
X-Request-Start
X-NGINX-Cache
X-Reqid
X-Up
X-ServerName
X-Check-Cacheable
X-Cache-Date
X-Lb-Id
Pramga
Rt-Fastcgi-Cache
Is-Us
X-URL
X-Xrds-Location
X-Esi
X-CSRF-TOKEN
Ohc-Cache-HIT
VivaBuild
X-Amz-Meta-Cb-Modifiedtime
X-Cdn-Origin
Mime-Version
X-VC
X-ServedByHost
X-Sn-Servicetimems
X-Cache-Backend
URI
Viewtype
X-IN-APIGATEWAY
X-Via-PopH
X-IN-APIGATEWAYSSL
X-Via-PopV
X-Via-PopN
X-ECache
X-SN
CountryCode
Machine
CloudFront-Viewer-Country
X-Core-Mission
X-FTR-Request-ID
Shield-Pop
X-Provided-By
Server-Ttl
W
X-UnsetCookies
X-Webkit-Csp-Report-Only
X-Tt-Logid
X-Cdn-Forward
X-RAMCache
X-Fastly-Cache-Hits
X-Contensis-Viewer-Groups
X-Acquia-Application-UUID
X-Acquia-Site
X-Cache-ASPX
X-Acquia-Purge-Tags
X-Varnish-Authentication
X-LiteSpeed-Cache-Control
X-Pad
X-Yottaa-OS
X-Cdn-Request-ID
X-Cache-Expires
CACHE
X-Dw-Trace-Id
X-FORWARDED-FOR
X-Acquia-Application-Trace
Srv
X-RSL
X-DI
X-DB
X-DSS
X-StackifyID
Xet-Cookie
X-RPM
X-DW
X-RPS
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-Pf-Uncompressing
X-FTR-DC
X-FTR-Realm
FSS-Cache
On-Server
X-Action
X-FTR-Backend-Server
Ohc-Response-Time
ServerName
Vha6-Origin
X-Country-Code-Real
WP-Super-Cache
X-Webstats-RespID
X-Swift-Error
X-SB
X-B3-Spanid
X-Air-Pt
X-Cache-Status-Check
X-Region-Sid
X-Sucuri-Cache
X-FPC
PICS-Label
X-Edge-POP
Req-ID
X-Swa-Ws
X-Oss-Storage-Class
X-Oss-Server-Time
X-ElasticPress-Search
X-TH-Server
X-MiniProfiler-Ids
X-Oss-Request-Id
X-Oss-Object-Type
X-Snapshot-Date
Content-Script-Type
X-C
X-FTR-Expires
X-Oss-Hash-Crc64ecma
Content-Style-Type