Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-Request-ID
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
Request-Context
X-Ws-Request-Id
Server-Timing
X-Robots-Tag
X-AH-Environment
X-Server
X-Ua-Compatible
X-Hacker
X-Age
X-Turbo-Charged-By
X-Server-Powered-By
X-Proxy-Cache
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
Cf-Railgun
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Host
X-Dispatcher
X-Server-Id
X-CST
X-Node
Allow
X-Cache-Spec
Surrogate-Control
Request-Id
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
X-WebKit-CSP
X-Readtime
X-Response-Time
X-Akam-SW-Version
X-Webkit-CSP
Xkey
X-HW
Accept-Ch-Lifetime
X-Country
X-Ac
X-Application-Context
Content-Location
X-Language
X-Ruxit-JS-Agent
MS-Author-Via
X-Template
X-Cloud-Trace-Context
Rating
X-Cache-Lookup
X-Url
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-Vname
X-PC
X-TtlSet
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-Content-Type
X-GitHub-Request-Id
X-ASPNET-VERSION
Fastly-Restarts
X-Cnection
X-Origin-Cache
X-Rack-Cache
X-D2id
X-Country-Code
X-Exp-Variant
X-GoogleNews-Bot
Verso
X-Cdn-Fetch
X-VARITI-CCR
X-Kinja
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Goog-Hash
Arr-Disable-Session-Affinity
Accept-CH-Lifetime
X-FastCGI-Cache
X-Vcap-Request-Id
X-Cached
X-Navigation-Version
X-Buckets
Cache-Tag
X-Server-Name
X-Client-IP
X-Amz-Rid
X-Powered-By-Plesk
X-Abt-Application-Version
Service-Worker-Allowed
X-ORACLE-DMS-ECID
Accept-Ch
X-Fastly-Request-ID
RTSS
X-Cache-TTL
Access-Control-Request-Method
Pagespeed
Display
X-Sol
X-Middleton-Response
Response
X-Middleton-Display
X-MSEdge-Ref
X-Powered-CMS
X-Element-Page-Cache
X-Ttl
X-NF-Request-ID
Public-Key-Pins
X-Dw-Request-Base-Id
X-Upstream
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Version
X-Px
S
X-Edge
X-Kinsta-Cache
X-Edge-Location-Klb
X-LLID
Mrf-Cache-Status
X-TTL
MRF-Tech
X-B3-TraceId-Primal
Realpath
X-Oneagent-Js-Injection
X-Server-ID
X-Accel-Expires
SPIisLatency
SPRequestDuration
X-ECACHE
X-SharePointHealthScore
SPRequestGuid
X-Jurisdiction
X-HP-Webp
X-T
X-MCACHE
X-PressLabs-Stats
X-Mid
X-Forwarded-Proto
X-Content-Security-Policy-Report-Only
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Shield-Request-Id
X-Correlation-Id
X-DynaTrace
X-Ruxit-Js-Agent
Charset
Edge-Cache-Tag
X-Recruiting
Fastcgi-Cache
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Cache-Key
TP-L2-Cache
TP-Cache
X-Amz-Server-Side-Encryption
X-Mg-S
X-Content-Digest
X-Ezoic-Cdn
X-Release
X-ORACLE-DMS-RID
X-Request-Processing-Time
Nginx-Cache
Filters
X-Id
X-Request-Received
TCN
Front-End-Https
Server-Node
X-Logged-In
Alternate-Protocol
Cache-Tags
X-XRDS-Location
X-Forwarded-For
Content-MD5
X-Litespeed-Cache
X-Origin-Upstream-Status
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
X-Amzn-Trace-Id
Server-Name
X-Geo-Country
X-Grace
X-Hostname
X-Origin-Server
X-Protected-By
X-F-Cache
X-Www-Served-By
X-Rid
X-Amz-Replication-Status
Cleartype
X-Contextid
X-AppVersion
X-Activity-Id
X-Az
Host
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-RateLimit-Remaining
X-Debug-Info
X-LB-Cache
X-WebKit-CSP-Report-Only
Section-Io-Cache
X-Frontend
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
MicrosoftSharePointTeamServices
X-NWS-LOG-UUID
X-Ser
X-Page-Id
X-Aspnetmvc-Version
X-Git-Hash
X-Cache-Age
AR-CACHE
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-Request-ID
Accept-Charset
X-Upgrade-Enabled
X-VCache
X-Source
X-Respond-Thread
X-Hits
X-Varnish-Age
X-Content-Options
X-DIS-Request-ID
X-Fastcgi-Cache
X-Daa-Tunnel
X-Mobile-URL
X-Tec-Api-Version
ServerID
Access-Control-Allow-Method
X-Varnish-Backend
X-Tec-Api-Origin
X-Tec-Api-Root
X-Varnish-Grace
X-B-Cache
X-CACHE-GROUP
Paypal-Debug-Id
X-Signature
Viewport
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Cache-Action
X-Route-Name
X-Flags
X-FB-Debug
X-Is-Crawler
X-Request-Guid
Payment
X-B3-Sampled
X-TT
Healthy
X-Whom
X-AOL-HN
X-XRDS-LOCATION
Node
X-N
X-App-Environment
Version
X-Seen-By
X-Type
X-Microsite
X-Request-Handler-Origin-Region
DynaTrace
X-Load-Cache
Fastcgi-Useragent
X-Mobile
DC
MS-CV
X-Yandex-Sdch-Disable
X-Ab
X-Cache-Expired-At
X-Distributor
X-HTML-Minification-Powered-By
SRV
Retry-After
Filterid
X-Cache-Control
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-IPLB-Instance
Frame-Options
X-User-Agent
X-Original-Request-Id
X-Response-Served-From
X-Real-IP
X-UUID
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-RemovedCookies
X-Jobs
X-ProcessESI
X-IPS-LoggedIn
X-Varnish-Server
X-Device-Type
X-Debug-IsConnected
X-Adobe-Content
X-Adobe-Loc
X-Content-Powered-By
X-RTag
X-Debug-IsPreview
X-Cluster-Name
Access-Control-Request-Headers
Ms-Operation-Id
X-Region
X-Proxy-Cache-Status
Refresh
X-Proxy
X-B
X-Page-View
VIX-Pulpo-Node
X-Cache-Time
Uber-Trace-Id
VIX-Pulpo-Upstream-Status
NGB
X-Cacheable-TTL
X-G
X-Framework
X-FireWall-Port
X-Debug
X-Accel-Buffering
Cache
X-FW-Serve
X-FW-Dynamic
X-FW-Type
X-Vgn-Hpd-Reason
X-FW-Server
X-FW-Static
X-FW-Hash
Countrycode
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Zen-Fury
Section-Origin-Responded
X-Wix-Request-Id
X-Time
X-Oracle-Dms-Rid
X-RateLimit-Limit
X-NGENIX-Cache
X-Mg-Request-UUID
X-CDN-Forward
Cache-Status
X-Nginx-Cache
X-Azure-Ref
X-App-Version
Surrogate-Key
Country
X-Is-Bot
X-Rendered-As
X-Cache-Hit
X-Cache-Rule
X-EdgeConnect-Cache-Status
X-Ms-Version
X-Ms-Request-Id
X-Drupal-Cache-Tags
S-Cnection
X-Node-Name
X-App-Server
Referer-Policy
Eomportal-Instance
SD-X-WS
Amp-Access-Control-Allow-Source-Origin
Liferay-Portal
X-TA-CDN-Provider
X-Environment-Context
X-L-Path
X-Cache-Operation
X-Drupal-Cache-Contexts
X-UPSTREAM-Address
Selected-Fe
X-JoinUs
Meta-Geo
X-Proxy-Build
X-RN-RSRV
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-ES-SERVER
X-Tumblr-Pixel-2
X-SaId
X-Timing-Wait
CF-IPCountry
From-Origin
X-Alternate-Cache-Key
X-Backend-Host
X-No-Session
X-Request-Time
X-ShopId
X-Varnish-Hostname
Protected
X-Varnishpool
X-Via-Fastly
X-Cache-TTL-Remaining
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-TNCMS
X-S-Maxage
X-Xfnlog-Site
X-Loop
X-GG-Cache-Date
X-PHP-Backend
X-Sorting-Hat-PodId
X-ShardId
X-Endurance-Cache-Level
X-Cache-Server
ServedBy
Cache-Name
Azure-SiteName
Azure-RegionName
X-OCL
Azure-SlotName
Azure-Version
Fastly-SSL
Cache-Tv-Group
X-R9-Blue-Green-Version
Property-Id
TWC-Locale-Group
X-BYPASS-REASON
X-Be
X-AWS-Id
X-ProxyCache-Key
X-NYM-Debug-Backend
X-Proto
X-LJ-Flow-ID
X-LAGOON
X-Handled-By
X-Adobe-Source
X-ProxyCache-Status
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Pubstack
Azure-InstanceId
X-Server-W
X-VWS-Id
X-Varnish-Beresp-Grace
X-PCL
X-Origin-Hint
X-Say-Cacheable
X-Origin-Date
Country-Code
X-Section
X-SayCDN-TTL
X-RCS-CacheZone
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Say-TTL
Apigw-Requestid
X-Format
X-Hl-Ver
X-Human
Nel
X-Backend-Name
X-Access
Akamai-GRN
Mn-Server-Ip
X-Labrador-Cache-Channel
X-Sql-Duration-Ms
X-FB-TRIP-ID
X-ApacheServer
X-Status
X-PHP-Host
X-Akamai-Edgescape
X-Sql-Count
X-UA-Device-Type
X-Revision
X-PERF
X-Hyper-Cache
X-Cache-PHP
X-Hosted-By
X-Uri
Xserver
X-Rule
X-Redis-Cache
X-Web-Node
X-Ua-Device
X-Cache-Type
X-B3-SpanId
X-Aws-Lambda-Call-Status
X-Trace-Id
X-WA-Info
X-FW-Version
X-MP-GENERATED-AT
AMP-Access-Control-Allow-Source-Origin
X-ATG-Version
X-ServerID
X-Content-Age
X-Time-Microsecs
X-Cached-By
X-CSRF-Token
X-Tumblr-Pixel-3
X-Parallel-Accel
X-Cache-Enabled
Backend
X-Edge-Location
X-Soup
X-Akamai-Transformed
GEO-INFO
Count-Hit
X-Dc
X-Mode
X-Detected-As
X-Datadome
X-Cluster-Node
X-CS
X-TT-LOGID
OT-Force-Account-Verify
X-APP-VERSION
X-Azure-Ref-OriginShield
X-Info
X-Varnish-Cache-Hits
X-Cache-Host
X-Microcachable
X-Bc-Bl
Web-Mar-Node
X-Generation-Time
X-Varnish-Hits
X-Varnish-Beresp-Status
Cross-Origin-Opener-Policy
X-Cache-NGX
X-Servername
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Debug-Cache
X-SRV
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-Storage
X-Varnish-Beresp-Ttl
Who
X-HP-Trace-Id
X-Unique-ID
SID
X-B3-Traceid
X-Platform
X-Extlb
DataCenter
X-Origin-CC
X-Origin-TTL
X-PBS-Appsvrname
Host-ID
X-Core-Value
X-Magnolia-Registration
X-NAPM-TraceId
X-Developer
X-D
X-PAYTM-SRV-ID
X-Processor
X-Destination
X-Air-Trace-Id
X-Request-URI
CDCHOST
X-Rewrite-Enabled
X-TEC-API-ORIGIN
M-TraceId
X-Cms-Context
X-Air-Source
X-Air-Hostname
X-Connection-Hash
X-Ratelimit-Reset
X-Location
Fastly-Backend-Name
CDN-PullZone
CDN-EdgeStorageId
A
CDN-RequestCountryCode
CDN-RequestId
Apple-News-Services-Handled
Apple-News-Services-Host
X-From
Apple-News-Services-Request-Url
BehaviorPad-Version
Apple-News-Services-Parsed-Url
CDN-Uid
X-Geo-Header
X-TEC-API-ROOT
Fastcgi-X-Cache-Version
CDN-Cache
CDN-CachedAt
Expiry
DCR-Processing-Time-Ms
X-External-Request-Id
Content-Disposition
X-Epic-Correlation-Id
DCR-Decision-By
X-Locale
MD5-Digest
X-BCube-Filmed-By
Req-Svc-Chain
X-B-Cookie
State
Surrogated-Key
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Vdms-Path
Rendered-Blocks
X-VG-WebCache
X-VG-WebServer
X-ARC
T-Server
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A
X-A-Dgt
X-A-Wwc
X-Application
X-Aicache-OS
X-Aed
Server-Info
X-Cache-Bucket
X-Vdms-Version
X-Session-Fingerprint
X-Service
Mobile-Detection-Method
X-CF-Lambda-Fn
Odigeo-Trace-Id
X-CF-Lambda-Version
X-ScT
X-TEC-API-VERSION
X-Rojux
X-S
X-S-Cookie
Meta-Geo-Continent
X-Cache-NE
X-SRCache-Key
X-DataDome
Upgrade-Insecure-Requests
S-Rt
X-Ua
X-Cache-Debug
UCS
Location
Fastly-SIE
Fastly-SWR
X-Developers
X-Branch-Name
Memcached
Pics-Label
Gh-Request-Id
CacheControlHeader
X-Clientip
Fastly-Drupal-HTML
Esi-Enabled
X-Envoy-Decorator-Operation
L
Kp-EeAlive
Fastcgi-Cache-TTL
PFcat
X-Bip
X-Backend-State
Origin
Cmsid
Cmstype
Server-Host
Pagetype
X-Hash
X-Request-UUID
X-Via-JSL
X-Varnish-Ttl
X-Rocket-Build-Number
X-Level-Front-Cache
X-JWT-State
X-VG-TLSProxy
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Proxy-Upstream
X-Platform-Server
X-Origin
X-Var-Ttl
X-NWS-UUID-VERIFY
X-NU-AKA-ACS-Version
Path
X-Is-Gdpr
X-Gamma-Serve
X-Sucuri-ID
X-VarnishDD-TTL
AKAMAI
X-Thanos
Cache-Host
X-TrackingId
X-VHOST
X-Generated-On
X-Scheme
X-HN
X-Sigma-Backend
X-Sigma
X-Has-Esi
X-GoCache-CacheStatus
X-Cache-Grace
X-Tb
User-Cache-Control
Source
X-AIR-PT
Cross-Origin-Window-Policy
Url
X-Thinkindot-L3
X-Forwarded-Path
X-VC-Cache
X-Varnish-Url
X-Variation
X-Tenant
X-Shop-Environment
X-Accel-Expires-Debug
X-Orig-Expires
X-SVT-ORM-VERSION
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
NGX
Thinkindot-Control
DSUID
X-WADP-Cache
X-Device-Os
C-Via
X-SVT-ORM-RULES
X-Req
X-Li-Pop
X-Li-Fabric
X-LI-UUID
X-Loc
X-Men
X-DPWN-IS-SECURE
X-Eu-Site
X-Forwarded-Site
X-Fmm-Version
X-Generated-In
X-Fastly-Backend
Wxu-Next-Region
X-Minions-Version
X-Origin-Expires
X-CGP
X-Clara-WADP
X-Served-From
X-Cache-Tags
X-Site-Version
X-Request-Host
X-Cluster
X-Date
X-Csrf-Jwt
X-Policy
X-Fastly-Cache
X-Cache-Info
X-Generated-By
HA-Ipaddr
Ha-Gx-Prefs
Ec-Rule-Version
Is-Eu
L5d-Success-Class
PB-RID
PB-PID
NM-Fastcgi-Cache
Cf-Device-Type
Arc-Version
X-EC-Lua
NtCoent-Length
Content-Secure-Policy
Wxu-Next-Hostname
X-Forwarded-Host
Arc-Country
Adler-Geo
Platform
X-Amz-Meta-S3cmd-Attrs
Svr
True-Client-Country-4JS
Vix-Hermes-Req-Id
Wxu-Next-Commit
X-Ratelimit-Limit
V-Age
X-Hnp-Log
X-RateLimit-Limit-Second
X-Skip-Cache
X-Wikidot-Static-Cache
X-FC-Vary-Parameters
Server-Ext
X-Wikidot-Backend
Cache-Key
X-Nginx-Cache-Key
X-Esi-Check
X-GeoIP
Server-Hostname
X-SIPLIST1
Sever-Int
X-Goog-Meta-Goog-Reserved-File-Mtime
We-Hiring
X-Gen-Mode
X-Gzip
X-Fetched-On
X-Viewer-Country
X-Irp-Debug
X-GeoIP-City
X-User
X-RateLimit-Remaining-Second
X-Varnish-CookieINHashed-On
Locid
IsBot
Mail-Subject
X-Varnish-CookieHashed-On
X-Block-Status
X-Cache-Id
X-Slack-Backend
X-Owner
X-Old-Content-Length
X-Varnish-Remaining-TTL
X-Micro-Cache
X-VServer
X-DefElseHash
X-DefHash
Release
X-Mvc-Supplant-Cachable
Webserver
X-Planisys-CDN-Rules
X-Srv
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
VNS-Age
Powered-By-ChinaCache
X-HS-Content-Campaign-Id
X-CACHE-KEY
X-Unique-Id
X-PF-Uncompressing
VNS-Cache
CPC-Cache
X-Via-NSCOPI
CPC-Age
Cache-Hits
X-Qloud-Router
X-Ftr-Request-Id
My-App
X-Zone
X-Via-Poph
MIME-Version
X-GEO
X-Via-Popn
X-Refresh
X-Conf
X-Mvc-Supplant-OutputCached
X-Via-Popv
X-Ratelimit-Remaining
X-TX-ID
X-Pass-Why
X-BBC-Edge-Cache-Status
X-Cache-Ttl
X-Vc
XServer
X-Ckpd-Fst-Backend
X-NC
X-Internal-Host
X-Servedbyhost
X-PJAX-URL
X-Worker
Geo-Info
X-ID
X-OVcl-Cache
X-LB-ID
X-OVcl
Time
Memory
X-Auto-Login
X-DC
WebServer
X-V-Cache
X-LSADC-Cache
Cf-Bgj
X-NCache
Server-ID
X-Backend-TTL
X-Webkit-Csp
X-Render-Time
X-Rocket-Nginx-Serving-Static
Magicmarker
X-NewRelic-App-Data
X-TraceId
X-TIME
X-Traceid
DB-Nickname
X-ZONE
X-Tx-Id
X-Platform-Cluster
X-Qnm-Cache
X-M-Reqid
X-Wa
X-M-Log
X-Platform-Processor
HostName
X-Platform-Router
X-Cache-Remote
X-Geo
X-Newrelic-Synthetics
GeoIp-Country-Code
X-Dispatcher-Server
X-App
Geoip-Latitude
X-Method
X-SD-PageType
Hostname
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Environment
X-CLOUD-TRACE-CONTEXT
X-Origin-Time
X-API-Version
X-Gdpr
X-IP
X-BBC-Origin-Response-Status
Resin-Trace
Ssr
X-VCL-Version
X-NodeID
X-Nyt-Route
X-Cache-Config
X-Tb-Optimization-Total-Bytes-Saved
X-Correlation-ID
LB
Cluster
X-Server-IP
X-Via-Ucdn
X-Pod-Name
Tcn
Ohc-File-Size
X-CACHE-AGE
X-Li-Proto
X-Edge-Pop
X-HITS
X-MSEdge-Flight
X-Origin-Response-Time
X-LI-Proto
Candidate-Md5Url
X-Dynatrace
X-MSEdge-Features
X-Webkit-CSP-Report-Only
X-Cache-Var
X-Cache-Var-Map
X-ElasticPress-Query
X-Trv-Group
Datacenter
X-Nc
X-DynaTrace-JS-Agent
Cf-Ipcountry
X-Varnish-Beresp-TTL
Web-Mar-Region
X-Node-Id
X-Via-CDN
X-Vcl-Version
X-Akamai-Pragma-Client-IP
X-ND-Cache
X-APP
Env
X-Wix-Viewer-Type
N-Cache
X-HostName
X-ServerName
GeoIP-Country-Code
X-Reqid
GeoIP-Latitude
Proxy-Connection
CDN
X-WA
Servername
Onion-Location
X-HS-Status
X-Dynatrace-Js-Agent
CF-Cached-On
X-Content
X-Ua-Browser
X-Cs
Sid
Server-Id
Rt-Fastcgi-Cache
X-Varnish-Cacheable
WWW-Authenticate
VivaBuild
X-EIG-Tracking-Id
Cdn
X-AB
Viewtype
X-MG-S
X-NGINX-Cache
WZWS-RAY
X-FTR-Request-ID
Machine
X-Fastly-Backend-Reqs
X-VC
X-Lb-Id
X-URL
X-Fpc
X-Cdn-Forward
X-Check-Cacheable
Ohc-Cache-HIT
X-CSRF-TOKEN
X-Esi
X-Xrds-Location
X-TIM-N
X-Via-PopV
X-Cache-Backend
X-Pjax-Url
X-ServedByHost
Redirect-Candidate
FSS-Cache
Cteonnt-Length
X-Request-Start
X-IN-APIGATEWAYSSL
X-Via-PopH
X-Tid
X-Fastly-Request-Id
On-Server
X-IN-APIGATEWAY
X-Via-PopN
X-SERVER-NAME
X-SN
X-Swa-Ws
X-Up
CountryCode
Mime-Version
URI
Server-Ttl
Shield-Pop
X-Tt-Logid
X-Webkit-Csp-Report-Only
CACHE
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Varnish-Authentication
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-FTR-Realm
X-Oss-Hash-Crc64ecma
X-FTR-DC
Is-Us
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Date
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Oss-Storage-Class
Lb
X-LiteSpeed-Cache-Control
X-Air-Pt
Tracecode
X-Pf-Uncompressing
X-FORWARDED-FOR
Xc-Version
X-Swift-Error
WP-Super-Cache
X-StackifyID
X-RSL
X-RPS
X-DSS
X-DW
X-Acquia-Application-Trace
X-SB
X-Cdn-Origin
X-Sn-Servicetimems
X-Acquia-Site
X-Acquia-Purge-Tags
Pramga
X-DI
X-Acquia-Application-UUID
Xet-Cookie
X-RPM
X-Fastly-Cache-Hits
X-DB
X-Dw-Trace-Id
X-ElasticPress-Search
Warning
X-Pad
Vha6-Origin
Ohc-Response-Time
X-Yottaa-OS
X-Action
X-Webstats-RespID
X-CCM
Content-Style-Type
Content-Script-Type
X-CUA
W
X-Core-Mission
X-RAMCache
X-Provided-By
X-Edge-POP
X-FTR-Expires
X-Mg-Request-Id
X-Snapshot-Date
X-TH-Server
X-MiniProfiler-Ids
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-C
X-Hcs-Proxy-Type
ServerName