Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
ETag
X-XSS-Protection
Pragma
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
P3p
X-Request-ID
X-Cacheable
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Dns-Prefetch-Control
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Upgrade
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
Server-Timing
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Cache-Group
X-Server-Powered-By
X-Backend
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
EagleId
X-Nginx-Cache-Status
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
Grace
X-Page-Speed
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-Device
X-Vhost
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
NEL
X-Dispatcher
X-OneAgent-JS-Injection
Cf-Railgun
X-Host
X-WebKit-CSP
X-Cache-Spec
X-Server-Id
X-CST
X-Node
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
Request-Id
Surrogate-Control
X-Readtime
Accept-Ch-Lifetime
X-Akam-SW-Version
Accept-CH
X-Response-Time
Xkey
X-HW
X-Language
X-Template
X-Application-Context
X-Country
X-Ruxit-JS-Agent
X-Ac
Content-Location
X-Cache-Lookup
Rating
MS-Author-Via
X-Url
X-Cloud-Trace-Context
X-Webkit-CSP
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
X-Mod-Pagespeed
X-Varnish-TTL
Accept-Ch
X-B3-TraceId
X-Trace
Fastly-Restarts
X-Content-Type
X-MS-InvokeApp
X-Rack-Cache
X-Buckets
X-Origin-Cache
X-ESI
X-GitHub-Request-Id
X-Cnection
X-Country-Code
X-Goog-Hash
Verso
X-D2id
X-VARITI-CCR
X-ORACLE-DMS-ECID
X-Exp-Variant
X-Exp-Id
Arr-Disable-Session-Affinity
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
X-FastCGI-Cache
Cache-Tag
X-Vcap-Request-Id
Service-Worker-Allowed
X-Cached
X-Server-Name
X-Abt-Application-Version
X-Px
X-Amz-Rid
X-Client-IP
X-Server-ID
X-Navigation-Version
X-Cache-TTL
Public-Key-Pins
RTSS
X-TTL
X-Powered-By-Plesk
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-MSEdge-Ref
Access-Control-Request-Method
X-Element-Page-Cache
Accept-CH-Lifetime
X-Powered-CMS
X-Fastly-Request-ID
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Version
X-Upstream
Response
Display
X-Middleton-Display
X-Sol
Pagespeed
X-Middleton-Response
S
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
X-LLID
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-ECACHE
X-Accel-Expires
X-HP-Webp
X-Shield-Request-Id
X-Jurisdiction
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Realpath
X-Correlation-Id
X-Cache-Key
X-T
X-ORACLE-DMS-RID
X-SharePointHealthScore
X-Litespeed-Cache
SPRequestGuid
X-MCACHE
X-PressLabs-Stats
X-Mid
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
SPRequestDuration
SPIisLatency
X-Ttl
X-DynaTrace
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Content-Digest
Nginx-Cache
X-Mg-S
X-XRDS-Location
X-Forwarded-Proto
TP-L2-Cache
X-Recruiting
TP-Cache
Charset
X-Oneagent-Js-Injection
Front-End-Https
X-Request-Received
X-Request-Processing-Time
Alternate-Protocol
Server-Node
X-Ruxit-Js-Agent
X-Id
X-Logged-In
Filters
TCN
Content-MD5
X-Geo-Country
X-Forwarded-For
X-Ezoic-Cdn
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-Protected-By
Fusion-Deployment-Id
X-ASPNET-VERSION
Cache-Tags
X-NWS-LOG-UUID
X-Amzn-Trace-Id
X-Grace
X-Origin-Upstream-Status
X-Hostname
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-F-Cache
X-Debug-Info
X-Www-Served-By
Cleartype
X-Ab
X-Origin-Server
X-Amz-Replication-Status
X-HS-Cache-Config
X-Az
X-Activity-Id
X-AppVersion
X-HS-Content-Id
X-LB-Cache
X-Rid
X-HS-Hub-Id
X-HS-Combine-CSS
Host
X-Contextid
X-Daa-Tunnel
X-Git-Hash
X-Page-Id
Section-Io-Cache
Server-Name
X-Ser
X-VCache
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Frontend
X-RateLimit-Remaining
X-Aspnetmvc-Version
X-Content-Options
X-Cache-Age
X-Release
MicrosoftSharePointTeamServices
X-Upgrade-Enabled
Accept-Charset
Access-Control-Allow-Method
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
ServerID
X-Hits
X-Source
X-Mobile-URL
X-DIS-Request-ID
X-Aspnet-Duration-Ms
X-Request-Guid
X-Route-Name
X-Respond-Thread
X-Is-Crawler
X-Flags
X-CACHE-GROUP
X-Providence-Cookie
X-B-Cache
X-Signature
X-WebKit-CSP-Report-Only
X-Varnish-Age
X-Cache-Action
Viewport
X-FB-Debug
Healthy
X-Varnish-Backend
X-Whom
Payment
Paypal-Debug-Id
X-Varnish-Grace
X-B3-Sampled
X-TT
X-AOL-HN
Fastcgi-Useragent
DynaTrace
X-Yandex-Sdch-Disable
X-Fastcgi-Cache
X-App-Environment
Node
X-Load-Cache
X-Mobile
DC
Version
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Seen-By
Filterid
X-N
X-Distributor
X-XRDS-LOCATION
X-HTML-Minification-Powered-By
SRV
X-User-Agent
X-Cache-Control
Frame-Options
Retry-After
X-Type
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Jobs
MS-CV
Refresh
X-FW-Dynamic
X-FW-Type
X-FW-Hash
X-FW-Static
X-FW-Server
X-FW-Serve
X-Response-Served-From
X-HP-Trace-Id
X-Original-Request-Id
X-UUID
X-Cache-Expired-At
X-Page-View
X-NGENIX-Cache
NGB
X-Adobe-Loc
X-Proxy-Cache-Status
X-Adobe-Content
X-Node-Name
X-Real-IP
X-Azure-Ref
X-Varnish-Server
X-Debug-IsPreview
X-Region
X-Instance
X-Debug-IsConnected
X-Cluster-Name
VIX-Pulpo-Upstream-Status
X-ProcessESI
X-Vgn-Hpd-Reason
X-Cacheable-TTL
X-B
VIX-Pulpo-Node
X-IPLB-Instance
X-Tumblr-User
X-RemovedCookies
X-G
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-CDN-Forward
X-Content-Powered-By
X-Cache-Time
Ms-Operation-Id
Access-Control-Request-Headers
X-Device-Type
X-Framework
X-RTag
X-Proxy
X-Aws-Lambda-Call-Status
X-Zen-Fury
X-Cache-Hit
X-IPS-LoggedIn
Amp-Access-Control-Allow-Source-Origin
Uber-Trace-Id
X-Cache-Rule
SD-X-WS
Referer-Policy
Liferay-Portal
X-Parallel-Accel
X-Rendered-As
X-Is-Bot
Cache-Status
X-Drupal-Cache-Tags
X-Ms-Version
X-Ms-Request-Id
X-Wix-Request-Id
X-Oracle-Dms-Rid
X-Time
Section-Origin-Responded
X-Mg-Request-UUID
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-EdgeConnect-Cache-Status
Countrycode
X-Debug
X-App-Server
X-L-Path
X-RateLimit-Limit
X-Environment-Context
X-Revision
S-Cnection
Country
X-Accel-Buffering
X-Yottaa-Metrics
CF-IPCountry
X-Nginx-Cache
X-Yottaa-Optimizations
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Operation
Count-Hit
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-CACHE
Ar-Sid
X-FW-Version
X-Drupal-Cache-Contexts
Cache
X-APP-VERSION
X-JoinUs
X-SaId
X-ES-SERVER
X-TA-CDN-Provider
X-TNCMS
X-UPSTREAM-Address
X-Endurance-Cache-Level
X-RN-RSRV
Akamai-GRN
X-Loop
Meta-Geo
X-GG-Cache-Date
X-App-Version
X-Cache-TTL-Remaining
X-LAGOON
X-Adobe-Source
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
Surrogate-Key
From-Origin
X-Cache-Type
X-Request-Time
X-S-Maxage
X-Sql-Duration-Ms
X-Sql-Count
X-R9-Blue-Green-Version
X-Varnish-Beresp-Grace
X-PCL
Fastly-SSL
X-OCL
X-NYM-Debug-Backend
X-Human
Country-Code
Protected
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-InstanceId
Azure-Version
X-Be
X-Origin-Date
X-BYPASS-REASON
X-No-Session
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Hosted-By
X-Handled-By
X-AWS-Id
X-PHP-Host
X-ProxyCache-Status
Decoy-Debug-Key
X-Pubstack
X-RCS-CacheZone
Cache-Tv-Group
Decoy-Debug-Status
Decoy-Debug-TTL
X-Proto
Cache-Name
ServedBy
Apigw-Requestid
X-ProxyCache-Key
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Varnishpool
X-Shopify-Stage
X-ShopId
X-Status
X-Storefront-Renderer-Rendered
X-Varnish-Hostname
X-VWS-Id
X-Xfnlog-Site
X-ShardId
X-Sorting-Hat-ShopId
Property-Id
Selected-Fe
X-Proxy-Build
X-Origin-Hint
X-Cache-Server
X-Web-Node
X-Hyper-Cache
X-Format
Eomportal-Instance
X-Via-Fastly
TWC-Connection-Speed
X-Access
Webcakes-Region
Webcakes-App-Version
X-Akamai-Edgescape
TWC-Privacy
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
TWC-Device-Class
X-Section
X-Timing-Wait
X-Server-W
X-Redis-Cache
X-Uri
X-Tumblr-Pixel-2
X-B3-SpanId
X-UA-Device-Type
X-ApacheServer
X-Cluster-Node
X-PERF
X-PHP-Backend
X-Backend-Host
Nel
Mn-Server-Ip
X-FB-TRIP-ID
X-Time-Microsecs
GEO-INFO
X-Hl-Ver
X-Ua-Device
X-Servername
X-Backend-Name
OT-Force-Account-Verify
Cross-Origin-Opener-Policy
X-ServerID
X-FireWall-Port
X-B3-Traceid
X-Tumblr-Pixel-3
X-ATG-Version
X-Detected-As
X-Azure-Ref-OriginShield
Cross-Origin-Window-Policy
Web-Mar-Node
X-Ua
X-Datadome
X-Generation-Time
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Varnish-Cache-Hits
X-TEC-API-VERSION
X-Cache-PHP
X-Cache-Host
X-Trace-Id
Backend
X-Content-Age
X-TT-LOGID
X-Varnish-Hits
Ec-Rule-Version
Content-Secure-Policy
X-Via-JSL
Source
X-CS
X-MP-GENERATED-AT
X-SRV
X-CSRF-Token
Xserver
X-WA-Info
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Akamai-Transformed
X-Cdn
X-Soup
X-Cache-Grace
X-Microcachable
X-Ratelimit-Limit
Upgrade-Insecure-Requests
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Mode
X-Amzn-RequestId
X-Edge-Location
X-Cache-Enabled
X-Bc-Bl
X-NWS-UUID-VERIFY
X-Forwarded-Host
X-Rule
X-Ratelimit-Remaining
Url
X-Locale
X-Unique-Id
X-Origin-CC
X-Origin-TTL
X-Info
S-Rt
X-Content
AMP-Access-Control-Allow-Source-Origin
X-Ua-Browser
X-Site-Version
SID
X-Dc
Content-Disposition
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Magnolia-Registration
X-Tb
T-Server
Surrogated-Key
X-A
X-ScT
X-A-Wwc
X-Application
X-S-Cookie
X-ARC
X-B-Cookie
X-BBC-Edge-Cache-Status
X-AIR-PT
X-Aicache-OS
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Aed
X-A-Ccd
Apple-News-Services-Parsed-Url
Mobile-Detection-Method
Meta-Geo-Continent
Odigeo-Trace-Id
CDN-Uid
CDN-RequestCountryCode
CDN-RequestId
MD5-Digest
DCR-Decision-By
X-SRCache-Key
Fastly-SWR
Fastcgi-X-Cache-Version
Host-ID
DCR-Processing-Time-Ms
Expiry
CDN-PullZone
CDN-EdgeStorageId
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Session-Fingerprint
X-Tenant
A
X-Shop-Environment
BehaviorPad-Version
CDN-Cache
CDN-CachedAt
CDCHOST
Path
Req-Svc-Chain
Rendered-Blocks
State
X-VG-WebCache
X-Extlb
X-Forwarded-Path
X-From
X-Platform-Server
X-External-Request-Id
X-Vtex-Remote-Cache
X-PAYTM-SRV-ID
X-Zipkin-Id
X-Proxied
X-Epic-Correlation-Id
X-S
X-Ftr-Request-Id
X-NAPM-TraceId
X-Ratelimit-Reset
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Storage
X-NU-AKA-ACS-Version
X-Orig-Expires
X-Rewrite-Enabled
X-Request-URI
X-Routing-Service
X-Rojux
X-Vtex-Processado-Em
X-Cache-NE
X-CF-Lambda-Fn
X-Developer
X-VG-WebServer
Fastly-SIE
X-BCube-Filmed-By
X-Cache-Bucket
X-Vdms-Version
X-Processor
X-Cached-By
X-CF-Lambda-Version
X-Conf
X-Debug-Cache
X-D
X-Connection-Hash
X-Destination
User-Cache-Control
X-PBS-Appsvrname
X-EC-Lua
X-GEO
X-Men
L
Is-Eu
X-Origin-Expires
X-Proxy-Upstream
NGX
Origin
X-Service
X-Date
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
UCS
X-Core-Value
X-Accel-Expires-Debug
X-Cache-Debug
X-Backend-State
X-Cache-Info
X-Cms-Context
X-Fastly-Backend
X-Fastly-Cache
X-Li-Pop
Platform
Pics-Label
X-LI-UUID
X-Li-Fabric
X-JWT-State
X-Has-Esi
X-Request-UUID
X-Is-Gdpr
X-Loc
M-TraceId
Cmsid
Cmstype
X-SVT-ORM-VERSION
Adler-Geo
X-SVT-ORM-RULES
Cache-Host
Cache-Key
X-VServer
X-VG-TLSProxy
X-Worker
X-Cache-NGX
X-TrackingId
Fastly-Backend-Name
X-Variation
X-M-Reqid
X-M-Log
X-NCache
X-Var-Ttl
X-Cluster
X-Wikidot-Backend
X-Scheme
X-Ckpd-Fst-Backend
X-Clientip
Fastly-Drupal-HTML
X-Auto-Login
X-Cache-Id
X-Branch-Name
X-Block-Status
X-Bip
X-Cache-Tags
X-Viewer-Country
X-VC-Cache
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Via-NSCOPI
X-Varnish-CookieHashed-On
X-Developers
X-Tx-Id
X-Hash
X-Gzip
X-Geo-Header
X-Generated-On
X-HN
X-Hnp-Log
X-Level-Front-Cache
X-Req
X-Location
X-Micro-Cache
X-Rocket-Build-Number
X-Generated-By
X-Gen-Mode
X-Old-Content-Length
X-RateLimit-Limit-Second
X-Device-Os
X-Origin
X-DefHash
X-Nginx-Cache-Key
X-Esi-Check
X-Gamma-Serve
X-Forwarded-Site
X-Wikidot-Static-Cache
X-RateLimit-Remaining-Second
X-DefElseHash
X-VarnishDD-TTL
Arc-Version
Server-Ext
C-Via
PFcat
PB-RID
Server-Host
Server-Hostname
TDXMobile
X-Thanos
X-Qnm-Cache
Sever-Int
PB-PID
Cf-Device-Type
IsBot
Esi-Enabled
Fastcgi-Cache-TTL
X-Slack-Backend
Location
Locid
X-Sigma-Backend
CPC-Age
CPC-Cache
X-SIPLIST1
Thinkindot-CacheControl
X-Sigma
Vix-Hermes-Req-Id
VNS-Age
X-Thinkindot-L3
X-Served-From
True-Client-Country-4JS
VNS-Cache
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Amz-Meta-S3cmd-Attrs
XServer
X-Platform
Mail-Subject
X-DC
X-Owner
X-Fmm-Version
Ha-Gx-Prefs
X-FC-Vary-Parameters
X-Fetched-On
X-Mvc-Supplant-Cachable
Memcached
X-GeoIP
X-DataDome
X-Planisys-CDN-TTL
We-Hiring
X-HS-Content-Campaign-Id
Wxu-Next-Commit
X-Sucuri-ID
L5d-Success-Class
X-Irp-Debug
X-Generated-In
X-GeoIP-City
X-GoCache-CacheStatus
X-Goog-Meta-Goog-Reserved-File-Mtime
DSUID
NM-Fastcgi-Cache
Arc-Country
Svr
V-Age
X-Csrf-Jwt
AKAMAI
Wxu-Next-Hostname
X-Vdms-Path
X-WADP-Cache
X-CGP
Server-Info
X-Clara-WADP
X-Planisys-CDN-Rules
Gh-Request-Id
Pagetype
X-Skip-Cache
HA-Ipaddr
X-Eu-Site
X-Request-Host
CacheControlHeader
X-Planisys-CDN-Cache
X-Policy
Release
Wxu-Next-Region
X-CLOUD-TRACE-CONTEXT
DataCenter
NtCoent-Length
Webserver
X-LSADC-Cache
X-Platform-Processor
X-Qloud-Router
X-Render-Time
X-Platform-Router
X-Rocket-Nginx-Serving-Static
X-V-Cache
X-Platform-Cluster
X-Unique-ID
X-Mvc-Supplant-OutputCached
X-Via-Poph
Kp-EeAlive
X-Via-Popv
Cache-Hits
X-SD-PageType
X-Via-Popn
X-Cache-Remote
X-CACHE-KEY
X-Cache-Var-Map
X-Servedbyhost
X-Cache-Var
Environment
MIME-Version
X-Srv
X-API-Version
X-PJAX-URL
X-Nyt-Route
X-Gdpr
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Origin-Time
X-NodeID
X-User
X-Datadog-Trace-Id
X-ID
X-Zone
X-Via-Ucdn
X-NC
X-PF-Uncompressing
X-Vc
Who
X-BBC-Origin-Response-Status
WebServer
X-Varnish-Ttl
X-Minions-Version
X-Cache-Config
X-Pod-Name
X-Wa
Cluster
X-Varnish-Url
X-Traceid
Candidate-Md5Url
X-Server-IP
X-App
Server-ID
Memory
Time
X-TIME
X-Internal-Host
HostName
X-LB-ID
X-Refresh
X-Webkit-Csp
X-ZONE
Powered-By-ChinaCache
X-Webkit-CSP-Report-Only
X-VCL-Version
My-App
Geo-Info
Tcn
X-Pass-Why
X-Newrelic-Synthetics
GeoIp-Country-Code
N-Cache
X-NewRelic-App-Data
Geoip-Latitude
Onion-Location
Web-Mar-Region
X-Cache-Ttl
X-Esi
X-Dynatrace
X-ElasticPress-Query
Datacenter
X-Edge-Pop
Resin-Trace
X-LI-Proto
X-TX-ID
X-Tb-Optimization-Total-Bytes-Saved
X-VHOST
X-TraceId
X-Akamai-Pragma-Client-IP
X-OVcl-Cache
X-OVcl
X-Varnish-Cacheable
Servername
CDN
Ohc-File-Size
X-Geo
Cf-Bgj
WWW-Authenticate
X-CACHE-AGE
X-Origin-Response-Time
X-HostName
X-HITS
Hostname
X-Tt-Logid
X-Varnish-Beresp-TTL
X-Backend-TTL
Magicmarker
X-Li-Proto
X-EIG-Tracking-Id
X-Tid
X-TIM-N
Redirect-Candidate
X-NODE
X-Fpc
X-AB
X-Correlation-ID
LB
Tracecode
X-Up
X-Method
X-Dispatcher-Server
Proxy-Connection
X-Wix-Viewer-Type
X-Dynatrace-Js-Agent
Cdn
X-Vcl-Version
X-Request-Start
X-Fastly-Request-Id
X-MSEdge-Features
X-MSEdge-Flight
X-Cache-Date
Pramga
Is-Us
GeoIP-Country-Code
Cf-Ipcountry
GeoIP-Latitude
X-APP
DB-Nickname
X-Fastly-Backend-Reqs
X-IP
X-NGINX-Cache
Server-Id
X-Sn-Servicetimems
Lb
Ssr
X-Cdn-Origin
X-Amz-Meta-Cb-Modifiedtime
X-CSRF-TOKEN
X-Cs
CF-Cached-On
X-Provided-By
Sid
X-COUNTRY
W
X-HS-Status
X-WA
X-Core-Mission
X-UnsetCookies
X-MG-S
X-Cache-Expires
X-Webkit-Csp-Report-Only
X-ServerName
X-Lb-Id
CloudFront-Viewer-Country
Cteonnt-Length
X-Node-Id
X-Reqid
X-FORWARDED-FOR
X-Nc
X-DynaTrace-JS-Agent
X-Check-Cacheable
URI
X-Trv-Group
WP-Super-Cache
X-VC
X-ND-Cache
Ohc-Cache-HIT
CountryCode
X-SERVER-NAME
X-Region-Sid
X-CCDN-Origin-Time
X-Via-PopH
X-Cache-Status-Check
X-Via-CDN
X-Sucuri-Cache
WZWS-RAY
Env
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-ServedByHost
Mime-Version
X-Cache-Backend
X-Via-PopV
X-Pjax-Url
X-Via-PopN
X-Moov-Xdn-Version
X-CUA
X-Moov-T
Xc-Version
Shield-Pop
X-SN
X-Pf-Uncompressing
X-Pad
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Site
X-Ig-Push-State
CACHE
X-Edge-POP
EpKe-Alive
X-RAMCache
User-Agent
X-Acquia-Application-UUID
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-LiteSpeed-Cache-Control
X-IN-APIGATEWAY
X-Fastly-Cache-Hits
X-IN-APIGATEWAYSSL
X-Amz-Meta-Opti
Xet-Cookie
X-Action
X-DB
X-Cdn-Request-ID
Vha6-Origin
ServerName
X-Dw-Trace-Id
X-DI
FSS-Cache
Ohc-Response-Time
X-Webstats-RespID
X-SB
Rt-Fastcgi-Cache
X-Swift-Error
X-RPS
X-StackifyID
Server-Ttl
Viewtype
VivaBuild
X-RPM
X-RSL
X-DSS
X-DW
X-Cdn-Forward
X-Oss-Server-Time
X-FPC
On-Server
X-Dispatch
X-Parent-Response-Time
X-Nginx-Upstream-Cache-Status
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-ElasticPress-Search
Content-Script-Type
Content-Style-Type
X-TH-Server
X-Yottaa-OS
X-CF-Powered-By
X-MiniProfiler-Ids
Fastly-Drupal-Html
Hit
Req-ID
HIT