Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
X-FRAME-OPTIONS
Status
X-Ua-Compatible
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
X-Robots-Tag
Server-Timing
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Dns-Prefetch-Control
X-Server-Powered-By
X-Cache-Group
X-Backend
X-Amz-Request-Id
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Cf-Railgun
X-Dispatcher
X-Host
X-CST
X-Cache-Spec
X-Node
Allow
Surrogate-Control
X-Backend-Server
Request-Id
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Webkit-CSP
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-WebKit-CSP
Accept-CH
Accept-Ch-Lifetime
Xkey
X-HW
X-Country
X-Language
X-Ruxit-JS-Agent
X-Application-Context
X-Ac
Content-Location
X-Template
MS-Author-Via
X-Cloud-Trace-Context
X-Cache-Lookup
Rating
X-Url
X-B3-TraceId
X-Mod-Pagespeed
Accept-Ch
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-Content-Type
X-Server-ID
X-GitHub-Request-Id
Fastly-Restarts
X-Rack-Cache
X-Origin-Cache
X-Cnection
X-ASPNET-VERSION
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-Country-Code
X-Goog-Hash
Verso
X-D2id
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-FastCGI-Cache
X-Buckets
Accept-CH-Lifetime
X-Server-Name
X-Cached
X-Vcap-Request-Id
Cache-Tag
X-ORACLE-DMS-ECID
X-Abt-Application-Version
X-Amz-Rid
X-Client-IP
X-Navigation-Version
Service-Worker-Allowed
X-Powered-By-Plesk
X-Fastly-Request-ID
RTSS
Access-Control-Request-Method
X-Powered-CMS
Public-Key-Pins
X-Element-Page-Cache
X-MSEdge-Ref
X-Px
X-Middleton-Display
Response
X-SRCache-Store-Status
X-Middleton-Response
X-Sol
Pagespeed
X-SRCache-Fetch-Status
Display
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Upstream
X-Version
X-Ttl
X-Cache-TTL
S
X-Edge
X-Kinsta-Cache
X-Edge-Location-Klb
X-LLID
X-TTL
Realpath
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-ECACHE
X-Accel-Expires
X-SharePointHealthScore
SPRequestDuration
SPIisLatency
SPRequestGuid
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Jurisdiction
X-HP-Webp
X-Cache-Key
X-Mid
X-T
X-MCACHE
X-Shield-Request-Id
X-PressLabs-Stats
X-Content-Security-Policy-Report-Only
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Correlation-Id
X-DynaTrace
X-Forwarded-Proto
X-XRDS-Location
Edge-Cache-Tag
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
Charset
X-Mg-S
TP-Cache
TP-L2-Cache
X-Content-Digest
Nginx-Cache
X-Id
Filters
TCN
X-Request-Processing-Time
X-Request-Received
Front-End-Https
X-Oneagent-Js-Injection
Alternate-Protocol
X-Ezoic-Cdn
X-Logged-In
Server-Node
X-Forwarded-For
Cache-Tags
Content-MD5
X-Ruxit-Js-Agent
X-Release
X-Geo-Country
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Origin-Upstream-Status
X-Protected-By
X-Hostname
X-Litespeed-Cache
X-Amzn-Trace-Id
X-Grace
X-Origin-Server
X-RateLimit-Remaining
X-F-Cache
X-Www-Served-By
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Cleartype
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Amz-Replication-Status
X-Rid
Server-Name
Host
X-Contextid
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Az
X-AppVersion
X-Activity-Id
X-HS-Combine-CSS
X-Debug-Info
X-LB-Cache
X-NWS-LOG-UUID
Section-Io-Cache
X-Frontend
MicrosoftSharePointTeamServices
X-Git-Hash
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Page-Id
X-Cache-Age
X-Daa-Tunnel
X-Ser
X-VCache
X-Respond-Thread
X-Content-Options
Accept-Charset
X-Aspnetmvc-Version
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Hits
X-Mobile-URL
X-WebKit-CSP-Report-Only
X-Source
X-DIS-Request-ID
X-Varnish-Age
X-B-Cache
X-Signature
X-Kong-Upstream-Latency
ServerID
X-Varnish-Grace
Paypal-Debug-Id
X-Kong-Proxy-Latency
X-Varnish-Backend
Healthy
Payment
X-Flags
X-Is-Crawler
X-Whom
X-TT
Viewport
X-Cache-Action
X-FB-Debug
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Route-Name
X-Request-Guid
X-B3-Sampled
Node
X-CACHE-GROUP
X-AOL-HN
X-App-Environment
X-Fastcgi-Cache
Version
X-N
X-Mobile
X-Seen-By
X-Ab
DynaTrace
Fastcgi-Useragent
X-Load-Cache
X-Yandex-Sdch-Disable
DC
X-Type
AR-CACHE
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-Request-ID
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-HTML-Minification-Powered-By
X-Distributor
X-Tt-Trace-Host
SRV
MS-CV
X-Tt-Trace-Tag
Frame-Options
X-Cache-Control
Retry-After
Filterid
X-Cache-Expired-At
X-User-Agent
X-Microsite
X-Request-Handler-Origin-Region
X-Jobs
X-Original-Request-Id
X-Response-Served-From
X-IPLB-Instance
X-IPS-LoggedIn
X-UUID
X-Adobe-Loc
X-Real-IP
X-Proxy-Cache-Status
X-Adobe-Content
Refresh
X-Debug-IsPreview
Access-Control-Request-Headers
X-Varnish-Server
X-Debug-IsConnected
X-Region
X-Instance
X-Device-Type
X-Cluster-Name
X-Cacheable-TTL
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Page-View
VIX-Pulpo-Upstream-Status
X-Framework
X-Tumblr-User
VIX-Pulpo-Node
X-Cache-Time
X-XRDS-LOCATION
X-B
NGB
X-Content-Powered-By
X-RemovedCookies
X-G
Uber-Trace-Id
X-Tumblr-Pixel-0
X-ProcessESI
X-App-Version
Ms-Operation-Id
X-RTag
X-Proxy
X-RateLimit-Limit
X-Vgn-Hpd-Reason
X-CDN-Forward
X-Zen-Fury
X-NGENIX-Cache
Countrycode
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Dynamic
X-FW-Type
X-FW-Hash
X-Azure-Ref
Cache-Status
X-Time
X-Debug
Amp-Access-Control-Allow-Source-Origin
X-Wix-Request-Id
X-Mg-Request-UUID
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Accel-Buffering
Section-Origin-Responded
Section-Io-Origin-Status
Cache
X-Cache-Rule
X-Node-Name
X-Nginx-Cache
X-FireWall-Port
X-Rendered-As
X-Ms-Version
X-Cache-Hit
X-Ms-Request-Id
X-Is-Bot
X-Drupal-Cache-Tags
X-Oracle-Dms-Rid
SD-X-WS
Liferay-Portal
Referer-Policy
Surrogate-Key
X-EdgeConnect-Cache-Status
S-Cnection
X-App-Server
X-TA-CDN-Provider
Country
X-Environment-Context
X-L-Path
X-Cache-Operation
X-Yottaa-Metrics
X-Yottaa-Optimizations
Eomportal-Instance
X-Aws-Lambda-Call-Status
X-Revision
X-JoinUs
X-Drupal-Cache-Contexts
X-SaId
X-Proxy-Build
Meta-Geo
From-Origin
X-Timing-Wait
X-TNCMS
Selected-Fe
X-Loop
X-UPSTREAM-Address
CF-IPCountry
X-RN-RSRV
X-GG-Cache-Date
X-Endurance-Cache-Level
X-ES-SERVER
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Adobe-Source
X-Cache-TTL-Remaining
X-Varnish-Beresp-Grace
X-Alternate-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Varnishpool
X-Cache-Type
X-Xfnlog-Site
X-Request-Time
X-ShardId
X-ShopId
X-Say-TTL
X-Pubstack
X-R9-Blue-Green-Version
X-LAGOON
X-ProxyCache-Status
X-S-Maxage
Cache-Name
X-ProxyCache-Key
X-Say-Cacheable
X-SayCDN-TTL
ServedBy
X-BYPASS-REASON
X-NYM-Debug-Backend
X-Origin-Date
X-Be
X-VWS-Id
X-AWS-Id
X-Backend-Host
X-Varnish-Hostname
X-No-Session
X-Human
X-LJ-Flow-ID
X-PHP-Backend
Protected
X-Handled-By
X-Akamai-Edgescape
X-OCL
Apigw-Requestid
X-Cache-Server
X-FB-TRIP-ID
Azure-RegionName
Azure-InstanceId
Webcakes-App-Name
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-PCL
Cache-Tv-Group
Property-Id
Country-Code
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Origin-Hint
Fastly-SSL
Webcakes-App-Version
Azure-SiteName
Azure-SlotName
TWC-Privacy
Azure-Version
Webcakes-Region
X-RCS-CacheZone
X-UA-Device-Type
X-Server-W
X-Proto
X-Parallel-Accel
X-Backend-Name
X-Access
Decoy-Debug-TTL
X-Sql-Count
X-Status
X-Sql-Duration-Ms
Decoy-Debug-Status
X-Tumblr-Pixel-2
X-Via-Fastly
Mn-Server-Ip
X-Section
Decoy-Debug-Key
X-Labrador-Cache-Channel
X-Hl-Ver
X-Format
Akamai-GRN
X-PHP-Host
X-PERF
X-Uri
X-Hosted-By
X-Web-Node
X-ApacheServer
X-HP-Trace-Id
Xserver
X-Redis-Cache
X-Hyper-Cache
X-B3-SpanId
GEO-INFO
X-Cache-PHP
Nel
Count-Hit
X-ATG-Version
X-FW-Version
X-Time-Microsecs
X-ServerID
X-Ua-Device
X-Cache-Ttl
X-TT-LOGID
X-Trace-Id
X-CSRF-Token
X-Rule
OT-Force-Account-Verify
X-TEC-API-ORIGIN
X-Cluster-Node
X-WA-Info
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Servername
X-Content-Age
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Detected-As
X-Akamai-Transformed
X-Azure-Ref-OriginShield
X-Soup
Cross-Origin-Opener-Policy
Backend
X-Cached-By
X-Varnish-Cache-Hits
X-Cache-Enabled
X-Generation-Time
X-Cache-Host
X-CS
X-Edge-Location
Web-Mar-Node
X-Varnish-Hits
X-Datadome
X-Bc-Bl
X-Mode
X-Varnish-Beresp-Status
X-Info
X-Microcachable
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
Ec-Rule-Version
AMP-Access-Control-Allow-Source-Origin
X-Amzn-RequestId
X-Varnish-Beresp-Ttl
X-Cache-NGX
X-Storage
Content-Secure-Policy
Cross-Origin-Window-Policy
X-Unique-ID
X-Debug-Cache
X-Via-JSL
X-Routing-Service
X-Magnolia-Registration
X-APP-VERSION
X-Ua
X-Dc
S-Rt
SID
X-Cache-Grace
X-Platform
X-Proxied
X-Zipkin-Id
Url
X-Air-Hostname
Upgrade-Insecure-Requests
X-Extlb
X-NWS-UUID-VERIFY
X-DataDome
X-Air-Trace-Id
X-Air-Source
X-Origin-CC
X-Origin-TTL
Source
X-Locale
X-Forwarded-Host
X-B3-Traceid
X-ARC
X-Aed
X-NAPM-TraceId
X-Platform-Server
X-B-Cookie
X-PBS-Appsvrname
A
X-NU-AKA-ACS-Version
X-From
Apple-News-Services-Handled
X-BCube-Filmed-By
X-Processor
X-PAYTM-SRV-ID
X-Aicache-OS
X-Orig-Expires
X-Application
X-A-Dgt
Host-ID
M-TraceId
MD5-Digest
Fastly-SWR
Fastly-SIE
Expiry
X-A
Fastcgi-X-Cache-Version
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
Req-Svc-Chain
State
Surrogated-Key
T-Server
Odigeo-Trace-Id
Path
DCR-Processing-Time-Ms
DCR-Decision-By
X-Cache-Bucket
X-A-Dcw
CDCHOST
Cache-Host
BehaviorPad-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-A-Wwc
CDN-Cache
CDN-CachedAt
CDN-Uid
X-A-Dam
X-A-Ccd
CDN-RequestId
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-PullZone
Apple-News-Services-Host
X-Bip
X-Session-Fingerprint
X-Vtex-Processado-Em
X-Shop-Environment
X-Vtex-Remote-Cache
X-CF-Lambda-Version
X-ScT
X-S
X-S-Cookie
X-CF-Lambda-Fn
X-VG-WebServer
X-External-Request-Id
X-Clientip
X-Destination
X-Developer
X-SRCache-Key
X-Epic-Correlation-Id
X-Ratelimit-Reset
X-Tenant
X-D
X-Thanos
X-SRV
X-VG-WebCache
X-Connection-Hash
X-Request-URI
X-Rewrite-Enabled
X-Cache-NE
X-Forwarded-Path
X-Rebelmouse-Cache-Control
X-Vdms-Version
X-Rebelmouse-Surrogate-Control
X-Rojux
Server-Info
X-Tb
X-SVT-ORM-RULES
Fastly-Backend-Name
X-SVT-ORM-VERSION
Fastly-Drupal-HTML
X-Branch-Name
PB-PID
Esi-Enabled
PB-RID
Content-Disposition
DSUID
X-Loc
X-Level-Front-Cache
X-Device-Os
Origin
X-Is-Gdpr
X-Envoy-Decorator-Operation
UCS
X-Has-Esi
X-Generated-On
X-Origin-Expires
NGX
X-JWT-State
X-DPWN-IS-SECURE
X-Vdms-Path
Is-Eu
Kp-EeAlive
X-Sigma-Backend
L
X-Sigma
Cmstype
X-Service
X-Cache-Tags
Arc-Version
Cmsid
C-Via
X-Proxy-Upstream
Adler-Geo
X-Rocket-Build-Number
X-Request-UUID
X-Var-Ttl
X-Backend-State
X-Hash
X-Cms-Context
X-TrackingId
X-GoCache-CacheStatus
X-Variation
Pics-Label
X-VG-TLSProxy
X-Core-Value
Platform
X-Served-From
X-Cache-Debug
User-Cache-Control
X-Site-Version
X-Srv
X-GEO
Sever-Int
X-Eu-Site
TDXMobile
Thinkindot-CacheControl
X-GeoIP
Thinkindot-CacheControl-Type
X-Geo-Header
X-DefHash
X-Cluster
X-Csrf-Jwt
X-Date
X-DefElseHash
X-Clara-WADP
X-Accel-Expires-Debug
X-Forwarded-Site
X-Cache-Info
X-GeoIP-City
X-CGP
X-Developers
X-Fmm-Version
Vix-Hermes-Req-Id
X-Generated-In
True-Client-Country-4JS
Thinkindot-Control
X-Gamma-Serve
X-Ftr-Request-Id
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Fetched-On
X-Men
X-Req
X-VarnishDD-TTL
X-Request-Host
X-VC-Cache
X-Scheme
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Owner
X-Origin
X-Fastly-Cache
X-Policy
Server-Hostname
X-WADP-Cache
X-Fastly-Backend
X-VHOST
X-AIR-PT
X-EC-Lua
NtCoent-Length
Who
X-SIPLIST1
X-VServer
X-Varnish-Ttl
X-User
X-Li-Fabric
X-Thinkindot-L3
X-Li-Pop
X-LI-UUID
X-Nginx-Cache-Key
X-Varnish-CookieHashed-On
Location
L5d-Success-Class
IsBot
Memcached
Release
PFcat
X-HN
NM-Fastcgi-Cache
Locid
Pagetype
Ha-Gx-Prefs
HA-Ipaddr
Cache-Key
Gh-Request-Id
X-Location
Server-Ext
Cf-Device-Type
Server-Host
CacheControlHeader
Fastcgi-Cache-TTL
X-Micro-Cache
X-Gzip
X-Sucuri-ID
X-Slack-Backend
X-Skip-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Conf
X-Wikidot-Backend
X-RateLimit-Remaining-Second
X-Via-NSCOPI
X-RateLimit-Limit-Second
X-Qloud-Router
X-Mvc-Supplant-Cachable
X-Viewer-Country
X-Gen-Mode
X-FC-Vary-Parameters
X-Irp-Debug
X-Generated-By
X-Wikidot-Static-Cache
X-Old-Content-Length
X-Hnp-Log
Webserver
Mail-Subject
DataCenter
V-Age
X-Esi-Check
AKAMAI
We-Hiring
Arc-Country
X-Cache-Id
X-Block-Status
X-DC
Svr
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-PF-Uncompressing
CPC-Age
VNS-Cache
X-BBC-Edge-Cache-Status
VNS-Age
CPC-Cache
X-Planisys-CDN-Rules
X-Minions-Version
X-Mvc-Supplant-OutputCached
X-Via-Poph
X-Via-Popn
X-Ckpd-Fst-Backend
Cache-Hits
X-Varnish-Url
X-Unique-Id
X-Servedbyhost
X-Via-Popv
MIME-Version
X-HS-Content-Campaign-Id
X-Worker
X-Ratelimit-Limit
X-Vc
X-Auto-Login
My-App
X-Zone
X-V-Cache
Powered-By-ChinaCache
X-Webkit-CSP-Report-Only
X-Tx-Id
XServer
X-NC
X-Refresh
X-Traceid
X-LB-ID
X-Internal-Host
X-ZONE
X-ID
X-Render-Time
Memory
X-Rocket-Nginx-Serving-Static
X-Platform-Cluster
X-Platform-Router
X-Newrelic-Synthetics
X-Platform-Processor
X-Qnm-Cache
X-NCache
X-Wa
Server-ID
Time
X-LSADC-Cache
X-M-Reqid
X-M-Log
X-Pass-Why
WebServer
X-TX-ID
X-SD-PageType
X-App
X-Ratelimit-Remaining
X-PJAX-URL
X-Cache-Remote
X-Webkit-Csp
X-OVcl-Cache
X-OVcl
X-TIME
X-Datadog-Trace-Id
Environment
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-CACHE-KEY
X-Origin-Time
X-API-Version
X-BBC-Origin-Response-Status
X-NodeID
HostName
X-VCL-Version
X-Gdpr
X-Nyt-Route
Cf-Bgj
X-Backend-TTL
X-Server-IP
Hostname
X-Cache-Config
Geo-Info
Cluster
X-Via-Ucdn
X-NewRelic-App-Data
X-Cache-Var-Map
X-Cache-Var
Magicmarker
X-Ua-Browser
X-Content
Datacenter
X-TraceId
X-Pod-Name
X-CLOUD-TRACE-CONTEXT
X-LI-Proto
Candidate-Md5Url
Resin-Trace
DB-Nickname
GeoIp-Country-Code
Geoip-Latitude
X-Method
X-Dispatcher-Server
X-Tb-Optimization-Total-Bytes-Saved
X-Edge-Pop
X-Correlation-ID
X-Geo
X-ElasticPress-Query
N-Cache
Tcn
Ohc-File-Size
X-Origin-Response-Time
Ssr
X-Dynatrace
X-HITS
Web-Mar-Region
X-CACHE-AGE
X-IP
X-MSEdge-Features
X-Akamai-Pragma-Client-IP
X-MSEdge-Flight
GeoIP-Latitude
GeoIP-Country-Code
Cf-Ipcountry
X-NODE
Onion-Location
X-Li-Proto
X-Varnish-Beresp-TTL
LB
Servername
Cdn
X-AB
X-Nc
X-Node-Id
WWW-Authenticate
X-ND-Cache
X-Trv-Group
X-Varnish-Cacheable
X-Wix-Viewer-Type
X-EIG-Tracking-Id
X-HostName
X-Vcl-Version
WZWS-RAY
X-Via-CDN
Proxy-Connection
CF-Cached-On
X-DynaTrace-JS-Agent
X-APP
Lb
X-Pjax-Url
X-Dynatrace-Js-Agent
X-Fastly-Backend-Reqs
Env
X-Fpc
X-Cs
X-Tid
Server-Id
X-TIM-N
Sid
X-HS-Status
CDN
X-Reqid
Redirect-Candidate
X-ServerName
X-MG-S
X-Up
X-WA
X-Request-Start
X-NGINX-Cache
Tracecode
X-Lb-Id
Rt-Fastcgi-Cache
X-Cache-Date
X-Check-Cacheable
Cteonnt-Length
X-URL
Viewtype
VivaBuild
Is-Us
Pramga
Ohc-Cache-HIT
X-Esi
X-Xrds-Location
X-CSRF-TOKEN
X-Via-PopV
X-Via-PopN
X-Sn-Servicetimems
URI
X-Cache-Backend
Machine
X-Via-PopH
X-Cdn-Origin
X-VC
X-IN-APIGATEWAYSSL
X-Fastly-Request-Id
X-IN-APIGATEWAY
X-Amz-Meta-Cb-Modifiedtime
Mime-Version
X-ServedByHost
Shield-Pop
X-Dw-Trace-Id
W
CloudFront-Viewer-Country
X-FTR-Request-ID
X-Core-Mission
X-Provided-By
X-Yottaa-OS
Server-Ttl
CountryCode
X-SN
X-Webkit-Csp-Report-Only
X-Tt-Logid
X-UnsetCookies
CACHE
X-Contensis-Viewer-Groups
X-Cache-Expires
FSS-Cache
X-Varnish-Authentication
X-Fastly-Cache-Hits
X-Cdn-Forward
X-Cache-ASPX
X-Air-Pt
X-Acquia-Application-Trace
X-Pad
X-LiteSpeed-Cache-Control
X-Cdn-Request-ID
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
On-Server
X-Acquia-Site
X-FORWARDED-FOR
X-StackifyID
X-DW
X-DSS
Xet-Cookie
X-RSL
X-DI
X-RPS
X-RPM
X-RAMCache
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-DB
X-FTR-DC
X-Swa-Ws
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-FTR-Realm
X-FTR-Cache-Status
X-Webstats-RespID
X-Action
Vha6-Origin
WP-Super-Cache
Ohc-Response-Time
X-SB
X-Swift-Error
X-Pf-Uncompressing
X-Region-Sid
X-Sucuri-Cache
X-Cache-Status-Check
Req-ID
X-Edge-POP
ServerName
Warning
Content-Script-Type
X-ElasticPress-Search
X-Snapshot-Date
X-C
X-TH-Server
X-MiniProfiler-Ids
X-FTR-Expires
Xc-Version
Content-Style-Type