Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
ETag
X-XSS-Protection
Pragma
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Request-ID
X-Cache-Status
P3p
X-Generator
X-Cacheable
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Upgrade
X-Dns-Prefetch-Control
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Via
Keep-Alive
X-Ws-Request-Id
Server-Timing
Request-Context
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Cache-Group
X-Server-Powered-By
X-Backend
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
EagleId
X-Nginx-Cache-Status
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
Grace
X-Page-Speed
X-UA-Device
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-Device
X-Vhost
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
NEL
X-Dispatcher
Cf-Railgun
X-Host
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Cache-Spec
X-Server-Id
X-CST
X-Node
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
Request-Id
Surrogate-Control
X-Readtime
Accept-CH
X-Akam-SW-Version
X-Response-Time
Accept-Ch-Lifetime
Xkey
X-Language
X-HW
X-Template
X-Application-Context
X-Country
X-Ac
Content-Location
X-Cache-Lookup
X-Cloud-Trace-Context
Rating
MS-Author-Via
X-Ruxit-JS-Agent
X-Url
X-Webkit-CSP
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
X-Mod-Pagespeed
X-Varnish-TTL
X-Trace
Fastly-Restarts
X-Content-Type
X-B3-TraceId
X-MS-InvokeApp
X-Rack-Cache
X-Buckets
X-Origin-Cache
X-ESI
X-GitHub-Request-Id
Accept-Ch
X-Cnection
X-Country-Code
X-Goog-Hash
X-D2id
Verso
X-VARITI-CCR
X-ORACLE-DMS-ECID
X-Exp-Id
X-Cdn-Fetch
Arr-Disable-Session-Affinity
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Use-Magma
X-FastCGI-Cache
Cache-Tag
X-Vcap-Request-Id
Service-Worker-Allowed
X-Cached
X-Abt-Application-Version
X-Server-Name
Accept-CH-Lifetime
X-Px
X-Amz-Rid
X-Server-ID
X-Client-IP
X-Navigation-Version
X-Cache-TTL
Public-Key-Pins
RTSS
X-Powered-By-Plesk
X-TTL
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-MSEdge-Ref
Access-Control-Request-Method
X-Element-Page-Cache
X-Powered-CMS
X-Fastly-Request-ID
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Version
X-Upstream
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Middleton-Response
Response
S
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
X-LLID
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Kraken-Loop-Name
X-Cache-Key
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Accel-Expires
X-Oneagent-Js-Injection
X-HP-Webp
X-Jurisdiction
X-Shield-Request-Id
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Aspnetmvc-Version
X-Correlation-Id
Realpath
X-ECACHE
X-ORACLE-DMS-RID
X-T
X-DynaTrace
X-Litespeed-Cache
SPRequestGuid
X-SharePointHealthScore
X-Mid
X-PressLabs-Stats
X-MCACHE
X-XRDS-Location
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
SPRequestDuration
SPIisLatency
X-Ttl
X-Ruxit-Js-Agent
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Content-Digest
Nginx-Cache
X-Mg-S
X-Forwarded-Proto
TP-L2-Cache
TP-Cache
X-Recruiting
Charset
X-Request-Received
X-Request-Processing-Time
Front-End-Https
TCN
Alternate-Protocol
Server-Node
X-Logged-In
X-Id
Filters
X-Geo-Country
Content-MD5
X-Forwarded-For
X-Ezoic-Cdn
Fusion-Content-Id
X-Protected-By
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Deployment-Id
X-ASPNET-VERSION
Cache-Tags
X-Hostname
X-NWS-LOG-UUID
X-Amzn-Trace-Id
X-Origin-Upstream-Status
X-Grace
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Debug-Info
X-F-Cache
X-Www-Served-By
X-Origin-Server
X-Ab
X-Amz-Replication-Status
Cleartype
X-Az
X-Rid
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-LB-Cache
X-Activity-Id
X-AppVersion
X-HS-Combine-CSS
Host
X-Daa-Tunnel
X-Contextid
X-Git-Hash
X-Page-Id
Section-Io-Cache
X-Browser-Type
X-Erf-Bev-Bev
Server-Name
X-Erf-Bev-Bev-Is-Generated
X-VCache
X-Ser
X-Frontend
X-RateLimit-Remaining
X-Content-Options
X-Cache-Age
X-Release
MicrosoftSharePointTeamServices
X-Upgrade-Enabled
X-Kong-Proxy-Latency
Access-Control-Allow-Method
X-Kong-Upstream-Latency
Accept-Charset
X-Source
ServerID
X-Hits
X-Mobile-URL
X-DIS-Request-ID
X-Request-Guid
X-Route-Name
X-Providence-Cookie
X-Signature
X-Is-Crawler
X-Respond-Thread
X-CACHE-GROUP
X-Aspnet-Duration-Ms
X-Flags
X-B-Cache
X-Varnish-Age
X-WebKit-CSP-Report-Only
X-Varnish-Backend
Healthy
X-Whom
X-Cache-Action
Viewport
Paypal-Debug-Id
X-Varnish-Grace
Payment
X-FB-Debug
X-B3-Sampled
Fastcgi-Useragent
Node
DynaTrace
X-App-Environment
X-Yandex-Sdch-Disable
X-Fastcgi-Cache
X-TT
X-AOL-HN
X-Load-Cache
X-Mobile
DC
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Seen-By
Filterid
Version
X-N
X-Distributor
SRV
X-User-Agent
X-HTML-Minification-Powered-By
X-Cache-Control
Retry-After
X-Tec-Api-Version
Frame-Options
X-Tec-Api-Root
X-Type
X-Tec-Api-Origin
X-Ua-Device
X-Jobs
MS-CV
Refresh
X-FW-Dynamic
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Response-Served-From
X-XRDS-LOCATION
X-Original-Request-Id
X-HP-Trace-Id
X-UUID
X-Cache-Expired-At
NGB
X-Adobe-Loc
X-Adobe-Content
X-Page-View
Amp-Access-Control-Allow-Source-Origin
X-NGENIX-Cache
X-Proxy-Cache-Status
X-Node-Name
X-Region
X-Instance
X-Real-IP
X-Debug-IsPreview
X-Debug-IsConnected
X-Cluster-Name
X-G
X-Azure-Ref
X-B
VIX-Pulpo-Upstream-Status
X-IPLB-Instance
VIX-Pulpo-Node
X-RemovedCookies
X-ProcessESI
X-Varnish-Server
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
Ms-Operation-Id
X-Vgn-Hpd-Reason
X-Cacheable-TTL
X-RTag
X-Framework
X-Device-Type
X-Proxy
X-Cache-Time
X-CDN-Forward
Access-Control-Request-Headers
X-Aws-Lambda-Call-Status
X-Content-Powered-By
X-Cache-Hit
X-Zen-Fury
X-IPS-LoggedIn
Uber-Trace-Id
X-Cache-Rule
SD-X-WS
X-Parallel-Accel
Liferay-Portal
Referer-Policy
Cache-Status
X-Rendered-As
X-Is-Bot
X-Ms-Request-Id
X-Ms-Version
X-Drupal-Cache-Tags
X-Wix-Request-Id
X-Oracle-Dms-Rid
X-Time
X-Mg-Request-UUID
X-EdgeConnect-Cache-Status
Section-Io-Id
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Countrycode
X-App-Server
X-Debug
X-RateLimit-Limit
X-L-Path
X-Revision
X-B3-Traceid
X-Environment-Context
S-Cnection
X-Accel-Buffering
Country
X-APP-VERSION
X-Yottaa-Metrics
CF-IPCountry
X-Yottaa-Optimizations
X-Request-Handler-Origin-Region
X-Microsite
Count-Hit
X-Cache-Operation
AR-CACHE
AR-PoweredBy
X-Nginx-Cache
Ar-Sid
AR-Request-ID
AR-ATIME
Cache
X-Drupal-Cache-Contexts
X-FW-Version
X-ES-SERVER
X-RN-RSRV
X-GG-Cache-Date
X-Endurance-Cache-Level
X-SaId
X-UPSTREAM-Address
Meta-Geo
X-TNCMS
X-Loop
Akamai-GRN
X-JoinUs
X-TA-CDN-Provider
X-SayCDN-TTL
X-Cache-Type
From-Origin
X-LAGOON
X-Adobe-Source
X-Say-TTL
Surrogate-Key
X-Say-Cacheable
GEO-INFO
X-R9-Blue-Green-Version
X-Request-Time
Fastly-SSL
Protected
Country-Code
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Sql-Duration-Ms
X-Sql-Count
X-NYM-Debug-Backend
X-S-Maxage
X-Cache-TTL-Remaining
X-PCL
Azure-Version
X-Human
Azure-SlotName
X-OCL
Apigw-Requestid
Cache-Tv-Group
Decoy-Debug-Key
Cache-Name
X-Labrador-Cache-Channel
X-Shopify-Stage
X-Origin-Date
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-PHP-Host
X-Proto
X-Pubstack
X-RCS-CacheZone
X-ProxyCache-Status
X-ShopId
X-ProxyCache-Key
X-No-Session
X-LJ-Flow-ID
X-AWS-Id
X-Be
X-Alternate-Cache-Key
ServedBy
Decoy-Debug-TTL
X-BYPASS-REASON
X-VWS-Id
X-Varnish-Beresp-Grace
X-ShardId
X-Handled-By
X-Varnish-Hostname
X-Varnishpool
Decoy-Debug-Status
X-Xfnlog-Site
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-Country
X-Hosted-By
Selected-Fe
X-UA-Device-Type
X-Tumblr-Pixel-2
TWC-Connection-Speed
Webcakes-Region
X-Timing-Wait
X-Proxy-Build
X-Redis-Cache
X-Origin-Hint
X-Format
X-Hyper-Cache
X-Cache-Server
X-Section
X-Access
X-Status
X-Akamai-Edgescape
X-Server-W
Property-Id
TWC-Device-Class
X-Web-Node
X-Via-Fastly
X-ApacheServer
X-Cluster-Node
X-PERF
X-PHP-Backend
X-Backend-Host
Nel
Mn-Server-Ip
Eomportal-Instance
X-FB-TRIP-ID
X-Time-Microsecs
X-Servername
X-Uri
X-App-Version
X-Backend-Name
X-Hl-Ver
X-FireWall-Port
OT-Force-Account-Verify
X-B3-SpanId
X-ServerID
Cross-Origin-Opener-Policy
X-Tumblr-Pixel-3
X-ATG-Version
X-Detected-As
Cross-Origin-Window-Policy
X-Azure-Ref-OriginShield
X-Ua
Web-Mar-Node
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Generation-Time
X-Cache-Host
X-Cache-PHP
X-Varnish-Cache-Hits
X-TEC-API-VERSION
Backend
X-Content-Age
X-Varnish-Hits
Ec-Rule-Version
X-Datadome
X-Trace-Id
X-Via-JSL
Source
Content-Secure-Policy
X-SRV
X-MP-GENERATED-AT
X-WA-Info
X-TT-LOGID
X-Akamai-Transformed
X-Cdn
X-CS
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Cache-Grace
X-Soup
Upgrade-Insecure-Requests
X-CSRF-Token
X-Microcachable
X-Ratelimit-Limit
X-Edge-Location
X-Mode
X-Amz-Apigw-Id
X-Cache-Enabled
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Bc-Bl
Xserver
Url
X-NWS-UUID-VERIFY
X-Forwarded-Host
X-Rule
X-Locale
X-Origin-CC
X-Info
X-Origin-TTL
X-Unique-Id
X-Ratelimit-Remaining
X-Varnish-Beresp-Ttl
X-Ua-Browser
X-Content
S-Rt
X-Site-Version
X-GEO
Content-Disposition
X-Varnish-Beresp-Status
X-Dc
X-Magnolia-Registration
X-Tb
DCR-Decision-By
CDN-Uid
X-CF-Lambda-Fn
X-Proxied
CDN-RequestId
X-Ratelimit-Reset
Fastly-SIE
Fastly-SWR
X-Rebelmouse-Cache-Control
Fastcgi-X-Cache-Version
Expiry
X-Shop-Environment
CDN-RequestCountryCode
DCR-Processing-Time-Ms
X-Processor
X-Platform-Server
CDN-Cache
CDN-CachedAt
Apple-News-Services-Parsed-Url
X-NU-AKA-ACS-Version
BehaviorPad-Version
X-Cache-Bucket
X-NAPM-TraceId
Apple-News-Services-Host
X-PAYTM-SRV-ID
CDN-EdgeStorageId
CDCHOST
X-SRCache-Key
A
Apple-News-Services-Handled
X-Orig-Expires
CDN-PullZone
Host-ID
X-Conf
X-ARC
Surrogated-Key
T-Server
X-Connection-Hash
State
X-S-Cookie
X-S
X-Routing-Service
X-D
X-Application
X-Rojux
X-A-Dgt
X-A-Wwc
X-Aed
X-Aicache-OS
X-A-Dcw
X-A-Dam
X-Rewrite-Enabled
X-A
X-A-Ccd
X-CF-Lambda-Version
Req-Svc-Chain
Rendered-Blocks
MD5-Digest
X-From
X-B-Cookie
X-Forwarded-Path
X-AIR-PT
X-BBC-Edge-Cache-Status
X-Ftr-Request-Id
X-Session-Fingerprint
X-BCube-Filmed-By
X-Request-URI
Meta-Geo-Continent
X-Cache-NE
X-Destination
Path
X-ScT
X-Debug-Cache
X-Developer
Odigeo-Trace-Id
X-Extlb
X-External-Request-Id
Mobile-Detection-Method
X-Epic-Correlation-Id
X-Rebelmouse-Surrogate-Control
Apple-News-Services-Request-Url
X-PBS-Appsvrname
X-Vdms-Version
X-Vtex-Remote-Cache
X-VG-WebServer
X-Storage
X-Zipkin-Id
X-Vtex-Processado-Em
X-VG-WebCache
X-Tenant
X-Cached-By
User-Cache-Control
SID
XServer
X-EC-Lua
X-Tx-Id
X-DataDome
Pics-Label
X-Service
X-Worker
Platform
X-Fastly-Cache
L
Is-Eu
M-TraceId
X-Envoy-Decorator-Operation
NGX
X-Fastly-Backend
X-DPWN-IS-SECURE
X-Cache-Info
X-Cache-Debug
X-Is-Gdpr
X-JWT-State
X-VServer
X-Date
X-Core-Value
X-Cache-NGX
X-Cms-Context
X-Backend-State
X-Request-UUID
X-SVT-ORM-RULES
X-Men
X-Proxy-Upstream
X-Loc
X-LI-UUID
X-Li-Fabric
X-Li-Pop
X-Accel-Expires-Debug
UCS
Origin
Adler-Geo
Cmstype
X-SVT-ORM-VERSION
X-TrackingId
X-Origin-Expires
X-Variation
Cache-Key
Cache-Host
X-VG-TLSProxy
Cmsid
Fastly-Backend-Name
X-Has-Esi
X-M-Log
X-Micro-Cache
X-NCache
AMP-Access-Control-Allow-Source-Origin
X-M-Reqid
True-Client-Country-4JS
X-Var-Ttl
C-Via
X-Developers
Arc-Version
X-Location
X-Geo-Header
X-Device-Os
VNS-Age
Vix-Hermes-Req-Id
X-Rocket-Build-Number
VNS-Cache
X-Level-Front-Cache
X-Qnm-Cache
X-Req
X-Generated-On
X-Auto-Login
X-SIPLIST1
X-Cache-Id
X-RateLimit-Remaining-Second
X-Branch-Name
X-Gzip
X-Cache-Tags
X-Hnp-Log
X-Thanos
X-Viewer-Country
X-Block-Status
X-Bip
X-Cluster
X-Ckpd-Fst-Backend
X-RateLimit-Limit-Second
X-Thinkindot-L3
X-Sigma-Backend
X-DefElseHash
X-Clientip
Thinkindot-Control
X-DefHash
Thinkindot-CacheControl-Type
X-Served-From
CPC-Age
CPC-Cache
X-Old-Content-Length
Cf-Device-Type
X-Sigma
PFcat
Fastly-Drupal-HTML
PB-PID
X-Generated-By
Locid
X-Forwarded-Site
Esi-Enabled
Fastcgi-Cache-TTL
X-Via-NSCOPI
X-Origin
IsBot
Location
X-HN
X-Gen-Mode
X-VC-Cache
PB-RID
X-Varnish-CookieINHashed-On
X-Nginx-Cache-Key
X-Hash
X-Wikidot-Static-Cache
Sever-Int
Server-Ext
Server-Hostname
X-Esi-Check
Server-Host
X-Varnish-CookieHashed-On
X-Scheme
X-VarnishDD-TTL
Thinkindot-CacheControl
X-Varnish-Remaining-TTL
TDXMobile
X-Wikidot-Backend
X-Platform
X-Amz-Meta-S3cmd-Attrs
X-Eu-Site
X-Gamma-Serve
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated-In
X-GeoIP
X-GoCache-CacheStatus
X-Csrf-Jwt
X-FC-Vary-Parameters
X-Fmm-Version
X-GeoIP-City
X-Fetched-On
X-Request-Host
Arc-Country
Memcached
Mail-Subject
L5d-Success-Class
Svr
X-Clara-WADP
Release
Pagetype
HA-Ipaddr
Ha-Gx-Prefs
X-Slack-Backend
X-Sucuri-ID
CacheControlHeader
X-Vdms-Path
Gh-Request-Id
DSUID
X-Skip-Cache
NM-Fastcgi-Cache
X-DC
X-Policy
X-Irp-Debug
X-HS-Content-Campaign-Id
X-CGP
Wxu-Next-Region
AKAMAI
Wxu-Next-Hostname
X-Mvc-Supplant-Cachable
Server-Info
We-Hiring
X-WADP-Cache
Wxu-Next-Commit
DataCenter
Webserver
X-LSADC-Cache
NtCoent-Length
X-Qloud-Router
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Owner
X-Rocket-Nginx-Serving-Static
V-Age
X-Platform-Cluster
X-Render-Time
X-Platform-Router
X-Platform-Processor
X-Unique-ID
X-Servedbyhost
X-SD-PageType
Cache-Hits
X-V-Cache
MIME-Version
X-Mvc-Supplant-OutputCached
Kp-EeAlive
X-Cache-Remote
X-Via-Popv
Environment
X-Cache-Var-Map
X-Cache-Var
X-Via-Poph
X-Via-Popn
X-Srv
X-User
X-Gdpr
X-API-Version
X-Datadog-Parent-Id
X-PJAX-URL
X-Origin-Time
X-Datadog-Trace-Id
X-Nyt-Route
X-Datadog-Sampling-Priority
X-NodeID
X-ID
X-Zone
X-Via-Ucdn
X-PF-Uncompressing
X-NC
X-Vc
X-Wa
Who
X-BBC-Origin-Response-Status
X-Varnish-Ttl
WebServer
X-Minions-Version
Candidate-Md5Url
X-App
Cluster
X-Server-IP
X-Varnish-Url
X-Pod-Name
X-Cache-Config
X-Traceid
X-Refresh
Server-ID
X-Webkit-Csp
X-TIME
Memory
X-VCL-Version
X-Internal-Host
Time
X-ZONE
X-CACHE-KEY
Powered-By-ChinaCache
My-App
HostName
X-LB-ID
X-Webkit-CSP-Report-Only
X-Pass-Why
X-Newrelic-Synthetics
X-NewRelic-App-Data
Onion-Location
GeoIp-Country-Code
Geoip-Latitude
N-Cache
Web-Mar-Region
X-Esi
X-Cache-Ttl
X-CLOUD-TRACE-CONTEXT
Datacenter
Resin-Trace
X-Edge-Pop
X-ElasticPress-Query
X-LI-Proto
Geo-Info
X-Tt-Logid
Servername
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
X-VHOST
X-Akamai-Pragma-Client-IP
X-Varnish-Cacheable
X-OVcl
X-OVcl-Cache
CDN
Tcn
Ohc-File-Size
Hostname
X-TX-ID
X-Dynatrace
X-HITS
X-CACHE-AGE
WWW-Authenticate
X-EIG-Tracking-Id
Cf-Bgj
X-Origin-Response-Time
X-Backend-TTL
LB
Magicmarker
X-Geo
X-Li-Proto
Redirect-Candidate
X-TIM-N
X-Fpc
X-Tid
X-NODE
X-Dynatrace-Js-Agent
X-Varnish-Beresp-TTL
X-AB
X-Correlation-ID
Tracecode
X-Method
X-Wix-Viewer-Type
X-NGINX-Cache
X-Dispatcher-Server
Proxy-Connection
X-HostName
Cdn
Pramga
GeoIP-Country-Code
X-Cache-Date
X-MSEdge-Features
X-Up
X-Cs
X-Request-Start
X-MSEdge-Flight
X-CSRF-TOKEN
X-Fastly-Request-Id
Sid
Cf-Ipcountry
X-Sn-Servicetimems
X-Vcl-Version
X-Cdn-Origin
X-IP
X-Fastly-Backend-Reqs
GeoIP-Latitude
X-Amz-Meta-Cb-Modifiedtime
Is-Us
DB-Nickname
Ssr
CF-Cached-On
X-APP
X-HS-Status
Server-Id
X-Provided-By
W
X-Core-Mission
X-COUNTRY
X-Lb-Id
X-UnsetCookies
X-MG-S
Lb
X-Cache-Expires
X-ServerName
X-Webkit-Csp-Report-Only
X-WA
X-Reqid
CloudFront-Viewer-Country
Cteonnt-Length
X-Node-Id
X-Nc
X-FORWARDED-FOR
X-Check-Cacheable
URI
X-Via-PopV
X-VC
X-Via-PopH
X-Via-PopN
X-ND-Cache
WP-Super-Cache
X-Trv-Group
Ohc-Cache-HIT
CountryCode
X-DynaTrace-JS-Agent
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
Env
X-Via-CDN
WZWS-RAY
X-Region-Sid
X-Pjax-Url
X-Cache-Status-Check
X-CCDN-Origin-Time
X-SERVER-NAME
X-Sucuri-Cache
X-Cache-Backend
X-ECache
X-Pf-Uncompressing
X-SN
Mime-Version
X-ServedByHost
X-Pad
X-CUA
X-Moov-Xdn-Version
X-Moov-T
Shield-Pop
Xc-Version
X-Acquia-Application-UUID
EpKe-Alive
X-Ig-Push-State
User-Agent
X-Acquia-Site
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Edge-POP
X-RAMCache
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Contensis-Viewer-Groups
X-Varnish-Authentication
CACHE
X-Fastly-Cache-Hits
X-Cache-ASPX
X-LiteSpeed-Cache-Control
X-Action
X-Webstats-RespID
X-DI
X-Cdn-Request-ID
X-DB
X-SB
Ohc-Response-Time
X-DSS
Vha6-Origin
X-Dw-Trace-Id
X-B3-Spanid
X-DW
X-RSL
X-RPS
X-StackifyID
Server-Ttl
Xet-Cookie
X-Swift-Error
Rt-Fastcgi-Cache
FSS-Cache
Viewtype
X-RPM
VivaBuild
X-TRACE-ID
X-Cdn-Forward
X-Dispatch
X-FPC
X-Oss-Server-Time
X-Oss-Storage-Class
X-Parent-Response-Time
X-UP
On-Server
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Nginx-Upstream-Cache-Status
ServerName
Req-ID
Content-Style-Type
Content-Script-Type
X-ElasticPress-Search
X-Yottaa-OS
X-TH-Server
X-Amz-Meta-Opti
Hit
X-CF-Powered-By
X-MiniProfiler-Ids
HIT