Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
ETag
X-XSS-Protection
Pragma
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Cacheable
Timing-Allow-Origin
X-Request-ID
P3p
X-DNS-Prefetch-Control
X-Content-Security-Policy
X-Iinfo
Status
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Dns-Prefetch-Control
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Ua-Compatible
Upgrade
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Via
X-Ws-Request-Id
Keep-Alive
Server-Timing
Request-Context
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Cache-Group
X-Server-Powered-By
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
EagleId
Host-Header
Report-To
X-Nginx-Cache-Status
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
Grace
X-UA-Device
X-Page-Speed
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-Device
X-Vhost
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
NEL
X-Dispatcher
X-OneAgent-JS-Injection
Cf-Railgun
X-Host
X-WebKit-CSP
X-Cache-Spec
X-Server-Id
X-CST
X-Node
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
Request-Id
Surrogate-Control
X-Readtime
Accept-Ch-Lifetime
X-Akam-SW-Version
Accept-CH
X-Response-Time
Xkey
X-Language
X-HW
X-Template
X-Application-Context
X-Country
Content-Location
X-Ac
X-Cache-Lookup
Rating
MS-Author-Via
X-Ruxit-JS-Agent
X-Url
X-Cloud-Trace-Context
X-Webkit-CSP
Edge-Control
X-Clacks-Overhead
X-TtlSet
X-PC
X-Vname
X-Mod-Pagespeed
X-Varnish-TTL
Accept-Ch
X-Trace
Fastly-Restarts
X-Content-Type
X-B3-TraceId
X-Rack-Cache
X-Buckets
X-MS-InvokeApp
X-Origin-Cache
X-ESI
X-GitHub-Request-Id
X-Country-Code
X-Goog-Hash
X-Cnection
Verso
X-VARITI-CCR
X-D2id
X-ORACLE-DMS-ECID
Arr-Disable-Session-Affinity
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Exp-Id
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-FastCGI-Cache
Cache-Tag
X-Px
X-Vcap-Request-Id
Service-Worker-Allowed
X-Cached
X-Abt-Application-Version
X-Server-Name
X-Server-ID
X-Client-IP
X-Amz-Rid
X-Navigation-Version
X-Cache-TTL
Public-Key-Pins
X-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
RTSS
X-Powered-By-Plesk
Accept-CH-Lifetime
X-MSEdge-Ref
Access-Control-Request-Method
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Powered-CMS
X-NF-Request-ID
X-Version
X-Upstream
X-Fastly-Request-ID
X-Middleton-Response
Display
X-Sol
Pagespeed
X-Middleton-Display
Response
S
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
X-LLID
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-ECACHE
X-Accel-Expires
X-Pinterest-Rid
X-Shield-Request-Id
Pinterest-Version
Pinterest-Generated-By
X-Cache-Key
X-Jurisdiction
X-HP-Webp
X-Correlation-Id
X-ORACLE-DMS-RID
Realpath
X-T
X-Litespeed-Cache
X-PressLabs-Stats
X-MCACHE
X-SharePointHealthScore
X-Mid
SPRequestGuid
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
X-DynaTrace
X-Ttl
SPRequestDuration
SPIisLatency
Fastcgi-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Mg-S
X-XRDS-Location
X-Content-Digest
X-Forwarded-Proto
TP-L2-Cache
TP-Cache
X-Recruiting
X-Id
X-Oneagent-Js-Injection
X-Request-Received
X-Request-Processing-Time
Front-End-Https
Charset
Alternate-Protocol
Server-Node
X-Logged-In
Filters
X-Geo-Country
Content-MD5
X-Forwarded-For
TCN
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Deployment-Id
X-Protected-By
Fusion-Source
Fusion-Template-Id
X-Ezoic-Cdn
X-ASPNET-VERSION
Cache-Tags
X-Ab
X-NWS-LOG-UUID
X-Amzn-Trace-Id
X-Origin-Upstream-Status
X-Hostname
X-Grace
X-Debug-Info
X-GUploader-UploadID
X-Www-Served-By
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Cleartype
X-F-Cache
X-LB-Cache
X-Amz-Replication-Status
X-HS-Hub-Id
X-HS-Content-Id
X-AppVersion
X-Origin-Server
X-Az
X-Activity-Id
X-HS-Cache-Config
X-Rid
X-HS-Combine-CSS
Host
X-Daa-Tunnel
X-Contextid
X-Git-Hash
X-Page-Id
X-Browser-Type
Section-Io-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Server-Name
X-VCache
X-Content-Options
X-Ser
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-Upgrade-Enabled
X-Cache-Age
X-Frontend
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Access-Control-Allow-Method
ServerID
X-RateLimit-Remaining
Accept-Charset
X-Hits
X-Source
X-Mobile-URL
X-DIS-Request-ID
X-Release
X-Is-Crawler
X-Flags
X-Request-Guid
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Route-Name
X-CACHE-GROUP
X-Varnish-Age
X-B3-Sampled
X-WebKit-CSP-Report-Only
X-Cache-Action
X-Signature
X-B-Cache
Healthy
Viewport
X-Varnish-Backend
X-Varnish-Grace
X-Whom
Payment
Paypal-Debug-Id
X-Yandex-Sdch-Disable
X-FB-Debug
X-TT
DynaTrace
X-AOL-HN
Fastcgi-Useragent
X-Respond-Thread
X-App-Environment
X-Fastcgi-Cache
Node
X-Load-Cache
X-Mobile
X-Tt-Trace-Tag
X-Tt-Trace-Host
DC
Filterid
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Version
X-Seen-By
X-Distributor
X-User-Agent
SRV
X-XRDS-LOCATION
X-Cache-Control
X-HTML-Minification-Powered-By
X-N
Frame-Options
Retry-After
X-HP-Trace-Id
X-Type
Refresh
X-Ua-Device
X-Jobs
MS-CV
X-FW-Server
X-FW-Serve
X-FW-Static
X-Node-Name
X-FW-Hash
X-FW-Type
X-FW-Dynamic
X-Response-Served-From
X-NGENIX-Cache
X-Original-Request-Id
X-Azure-Ref
X-UUID
X-Page-View
X-Adobe-Content
X-Proxy-Cache-Status
X-Cache-Expired-At
X-Adobe-Loc
NGB
X-Real-IP
X-Varnish-Server
X-Instance
X-Debug-IsConnected
X-Aws-Lambda-Call-Status
X-Debug-IsPreview
X-Tumblr-User
X-Vgn-Hpd-Reason
X-Tumblr-Pixel-1
X-ProcessESI
X-G
X-Cacheable-TTL
X-RemovedCookies
X-Tumblr-Pixel-0
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-IPLB-Instance
X-B
X-Region
X-Tumblr-Pixel
X-Cluster-Name
X-Framework
X-Device-Type
X-Content-Powered-By
Access-Control-Request-Headers
X-RTag
X-Cache-Time
X-CDN-Forward
Ms-Operation-Id
X-Proxy
X-Cache-Hit
X-Parallel-Accel
Amp-Access-Control-Allow-Source-Origin
X-Zen-Fury
SD-X-WS
Referer-Policy
X-Cache-Rule
X-IPS-LoggedIn
Liferay-Portal
Uber-Trace-Id
X-Is-Bot
X-Drupal-Cache-Tags
X-Rendered-As
X-Ms-Version
X-Ms-Request-Id
Cache-Status
X-Oracle-Dms-Rid
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
X-App-Server
X-Time
Section-Io-Origin-Status
X-Mg-Request-UUID
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Countrycode
Section-Io-Id
X-L-Path
X-Revision
X-Environment-Context
X-B3-Traceid
X-Debug
S-Cnection
X-Yottaa-Optimizations
Country
X-Yottaa-Metrics
X-TA-CDN-Provider
CF-IPCountry
Count-Hit
X-Accel-Buffering
X-Cache-Operation
X-RateLimit-Limit
X-Drupal-Cache-Contexts
X-FW-Version
X-Nginx-Cache
Akamai-GRN
X-APP-VERSION
X-Request-Handler-Origin-Region
X-UPSTREAM-Address
X-Endurance-Cache-Level
X-SaId
X-RN-RSRV
X-Microsite
Meta-Geo
X-JoinUs
X-ES-SERVER
X-GG-Cache-Date
X-Say-TTL
Cache
X-Cache-TTL-Remaining
From-Origin
X-SayCDN-TTL
X-Adobe-Source
X-LAGOON
X-Loop
X-Cache-Type
X-Say-Cacheable
X-TNCMS
X-App-Version
X-R9-Blue-Green-Version
Azure-SlotName
Azure-Version
X-Request-Time
X-Sql-Count
Country-Code
Azure-SiteName
Azure-RegionName
Surrogate-Key
X-Human
X-NYM-Debug-Backend
X-OCL
Azure-InstanceId
X-PCL
X-Sql-Duration-Ms
X-S-Maxage
X-Varnish-Beresp-Grace
Fastly-SSL
Protected
X-ProxyCache-Status
X-Varnish-Hostname
X-PHP-Host
X-Proto
X-Status
X-Varnishpool
X-ProxyCache-Key
Apigw-Requestid
X-LJ-Flow-ID
X-Be
X-BYPASS-REASON
X-No-Session
X-B3-SpanId
X-Origin-Date
X-Via-Fastly
X-VWS-Id
X-Pubstack
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-AWS-Id
Decoy-Debug-Key
X-Storefront-Renderer-Rendered
Decoy-Debug-TTL
Decoy-Debug-Status
X-Labrador-Cache-Channel
X-ShopId
X-Handled-By
X-Hosted-By
X-RCS-CacheZone
X-ShardId
Cache-Name
Cache-Tv-Group
X-Cluster-Node
X-Cache-Server
ServedBy
Property-Id
TWC-GeoIP-Country
Eomportal-Instance
X-Akamai-Edgescape
X-ApacheServer
TWC-Device-Class
Selected-Fe
X-Origin-Hint
X-Timing-Wait
X-Format
X-Server-W
X-Section
X-Tumblr-Pixel-2
X-UA-Device-Type
X-Xfnlog-Site
X-Web-Node
Webcakes-Region
X-Redis-Cache
Webcakes-App-Version
X-Access
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Proxy-Build
TWC-Connection-Speed
X-PERF
Webcakes-App-Name
Nel
AR-PoweredBy
X-PHP-Backend
X-Time-Microsecs
X-Hyper-Cache
Mn-Server-Ip
Ar-Sid
AR-ATIME
X-Backend-Host
AR-Request-ID
AR-CACHE
Cross-Origin-Opener-Policy
X-Uri
GEO-INFO
X-FB-TRIP-ID
OT-Force-Account-Verify
X-Hl-Ver
X-Servername
X-Backend-Name
X-ServerID
X-Tumblr-Pixel-3
Cross-Origin-Window-Policy
X-ATG-Version
X-Detected-As
X-Azure-Ref-OriginShield
Web-Mar-Node
X-Ua
X-Varnish-Cache-Hits
X-Cache-Host
X-FireWall-Port
X-Generation-Time
X-Datadome
X-Cache-PHP
Source
Ec-Rule-Version
X-Varnish-Hits
Content-Secure-Policy
X-Ratelimit-Limit
X-Content-Age
X-Ratelimit-Remaining
X-Trace-Id
X-TT-LOGID
X-Via-JSL
Backend
X-SRV
X-Akamai-Transformed
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-CS
X-Ua-Browser
X-Content
X-Amzn-RequestId
X-Air-Trace-Id
X-MP-GENERATED-AT
X-Air-Source
Xserver
X-Amz-Apigw-Id
X-Forwarded-Host
Upgrade-Insecure-Requests
X-Air-Hostname
X-Cdn
X-Microcachable
X-Cache-Grace
X-WA-Info
X-CSRF-Token
X-Mode
X-Amzn-Remapped-Content-Length
X-Soup
X-Locale
X-NWS-UUID-VERIFY
X-Dc
X-Edge-Location
Url
X-Cache-Enabled
X-Origin-TTL
X-Unique-Id
X-Origin-CC
X-Site-Version
X-Bc-Bl
X-Info
AMP-Access-Control-Allow-Source-Origin
X-Rule
Content-Disposition
X-Tenant
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-Extlb
X-Tb
SID
S-Rt
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Magnolia-Registration
X-D
X-A
T-Server
X-A-Ccd
X-A-Dam
X-Debug-Cache
X-A-Dcw
A
X-Destination
Apple-News-Services-Request-Url
X-Session-Fingerprint
Apple-News-Services-Parsed-Url
Surrogated-Key
Apple-News-Services-Handled
Apple-News-Services-Host
CDCHOST
X-Developer
X-AIR-PT
X-External-Request-Id
X-Forwarded-Path
X-From
X-ARC
X-Ftr-Request-Id
X-PBS-Appsvrname
X-Aicache-OS
X-PAYTM-SRV-ID
X-A-Dgt
X-A-Wwc
X-Epic-Correlation-Id
X-Aed
X-B-Cookie
CDN-Cache
CDN-CachedAt
X-CF-Lambda-Fn
Rendered-Blocks
X-Cache-NE
X-CF-Lambda-Version
X-Conf
Fastly-SIE
Fastly-SWR
X-NU-AKA-ACS-Version
Host-ID
Mobile-Detection-Method
Path
Meta-Geo-Continent
X-Cache-Bucket
X-NAPM-TraceId
MD5-Digest
Fastcgi-X-Cache-Version
Expiry
Req-Svc-Chain
X-Connection-Hash
X-BBC-Edge-Cache-Status
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestId
CDN-Uid
X-BCube-Filmed-By
DCR-Processing-Time-Ms
X-Platform-Server
X-Application
X-Orig-Expires
DCR-Decision-By
Odigeo-Trace-Id
BehaviorPad-Version
X-Shop-Environment
X-S-Cookie
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-VG-WebCache
X-Vdms-Version
X-Rojux
X-Request-URI
X-S
X-SRCache-Key
User-Cache-Control
X-Ratelimit-Reset
X-M-Reqid
X-Vtex-Remote-Cache
X-Processor
X-Rewrite-Enabled
X-M-Log
X-ScT
X-VG-WebServer
X-Vtex-Processado-Em
X-Storage
X-EC-Lua
X-GEO
X-NCache
X-Qnm-Cache
Fastly-Backend-Name
X-Request-UUID
UCS
X-Fastly-Cache
X-Date
Origin
X-DPWN-IS-SECURE
NGX
X-Loc
X-SVT-ORM-VERSION
X-JWT-State
L
State
X-SVT-ORM-RULES
X-Envoy-Decorator-Operation
X-Cache-Debug
X-Men
Is-Eu
X-Is-Gdpr
X-Proxy-Upstream
X-Cache-Info
X-TrackingId
X-Core-Value
X-Li-Fabric
X-Backend-State
X-Micro-Cache
X-Accel-Expires-Debug
Cache-Host
Cache-Key
X-VG-TLSProxy
X-LI-UUID
X-Has-Esi
Adler-Geo
X-Li-Pop
X-Origin-Expires
X-Worker
Pics-Label
Platform
X-Cms-Context
X-VServer
X-Variation
X-Service
X-Scheme
X-Cached-By
X-Cache-NGX
X-DefHash
Server-Ext
Sever-Int
Server-Hostname
Server-Host
X-Varnish-Remaining-TTL
X-Branch-Name
X-Level-Front-Cache
X-DefElseHash
X-Via-NSCOPI
X-VarnishDD-TTL
X-Viewer-Country
X-Hnp-Log
X-Clientip
X-Cluster
X-Auto-Login
X-Skip-Cache
X-Slack-Backend
X-HN
X-Bip
X-Cache-Id
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
True-Client-Country-4JS
X-Block-Status
X-Varnish-CookieINHashed-On
VNS-Cache
VNS-Age
Vix-Hermes-Req-Id
Svr
M-TraceId
X-Served-From
X-Forwarded-Site
X-Origin
C-Via
Arc-Version
X-Wikidot-Static-Cache
X-Sigma
CPC-Age
CPC-Cache
Cmstype
Cmsid
Cf-Device-Type
Arc-Country
DataCenter
X-Generated-By
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Generated-On
X-Geo-Header
X-Req
X-Gen-Mode
X-Rocket-Build-Number
AKAMAI
X-LSADC-Cache
X-Gamma-Serve
X-SIPLIST1
X-Cache-Tags
X-Thanos
X-Ckpd-Fst-Backend
Locid
Location
X-Esi-Check
X-Location
X-Gzip
PFcat
X-Developers
PB-RID
PB-PID
X-Device-Os
X-Thinkindot-L3
IsBot
Fastcgi-Cache-TTL
Fastly-Drupal-HTML
X-Varnish-CookieHashed-On
Esi-Enabled
X-Old-Content-Length
X-Tx-Id
X-Wikidot-Backend
X-Sigma-Backend
X-VC-Cache
X-Fastly-Backend
X-Nginx-Cache-Key
X-Amz-Meta-S3cmd-Attrs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GeoIP-City
X-Generated-In
X-Fetched-On
X-FC-Vary-Parameters
X-Eu-Site
X-Csrf-Jwt
XServer
X-Rocket-Nginx-Serving-Static
DSUID
X-Platform-Router
X-Platform-Processor
Gh-Request-Id
Ha-Gx-Prefs
X-Mvc-Supplant-Cachable
L5d-Success-Class
HA-Ipaddr
X-CLOUD-TRACE-CONTEXT
X-Platform-Cluster
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Platform
X-Planisys-CDN-Cache
X-Owner
CacheControlHeader
X-Render-Time
X-Request-Host
Mail-Subject
Memcached
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
X-Var-Ttl
X-Sucuri-ID
X-GeoIP
X-Hash
X-Vdms-Path
X-HS-Content-Campaign-Id
X-Irp-Debug
NtCoent-Length
Pagetype
NM-Fastcgi-Cache
Release
X-Policy
V-Age
X-DataDome
Server-Info
X-CGP
Webserver
X-Fmm-Version
X-Qloud-Router
X-WADP-Cache
X-Clara-WADP
X-SD-PageType
X-V-Cache
X-GoCache-CacheStatus
X-Cache-Var-Map
X-Cache-Var
X-Cache-Remote
X-Unique-ID
X-DC
Cache-Hits
Environment
X-Mvc-Supplant-OutputCached
X-CACHE-KEY
X-Gdpr
X-Nyt-Route
X-Datadog-Sampling-Priority
X-API-Version
X-NodeID
X-Datadog-Parent-Id
X-Datadog-Trace-Id
Kp-EeAlive
MIME-Version
X-Servedbyhost
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-PJAX-URL
X-Origin-Time
X-Srv
X-Vc
X-Via-Ucdn
X-NC
X-Zone
X-User
X-PF-Uncompressing
X-Cache-Config
Candidate-Md5Url
X-BBC-Origin-Response-Status
X-Pod-Name
X-Server-IP
X-Varnish-Ttl
WebServer
Cluster
Time
Memory
X-Wa
Who
X-TIME
X-Internal-Host
X-Varnish-Url
X-App
X-Minions-Version
X-Traceid
HostName
X-Webkit-Csp
X-Refresh
Server-ID
Onion-Location
X-ZONE
GeoIp-Country-Code
X-VCL-Version
X-Webkit-CSP-Report-Only
X-LB-ID
Web-Mar-Region
Tcn
X-Pass-Why
X-Dynatrace
X-NewRelic-App-Data
N-Cache
Geo-Info
X-ID
X-Newrelic-Synthetics
X-Edge-Pop
Geoip-Latitude
My-App
Powered-By-ChinaCache
Resin-Trace
X-Esi
X-Cache-Ttl
X-Tb-Optimization-Total-Bytes-Saved
X-ElasticPress-Query
X-TraceId
X-Varnish-Cacheable
CDN
X-LI-Proto
X-Akamai-Pragma-Client-IP
Servername
X-TX-ID
X-Tt-Logid
X-VHOST
Datacenter
X-Fastly-Request-Id
WWW-Authenticate
X-EIG-Tracking-Id
Ohc-File-Size
X-Geo
X-HITS
X-OVcl-Cache
X-CACHE-AGE
X-OVcl
X-HostName
X-Origin-Response-Time
X-Varnish-Beresp-TTL
Cf-Bgj
X-Fpc
X-TIM-N
X-Li-Proto
Redirect-Candidate
X-Tid
X-Backend-TTL
Proxy-Connection
Tracecode
Hostname
LB
X-NODE
Magicmarker
X-Up
X-AB
X-Correlation-ID
X-Wix-Viewer-Type
X-Request-Start
X-NGINX-Cache
X-Method
Pramga
X-Cache-Date
Cdn
X-Dynatrace-Js-Agent
X-Amz-Meta-Cb-Modifiedtime
X-Dispatcher-Server
X-Cdn-Origin
X-Sn-Servicetimems
X-Vcl-Version
X-CSRF-TOKEN
Cf-Ipcountry
CloudFront-Viewer-Country
GeoIP-Country-Code
Server-Id
W
X-MSEdge-Flight
X-Provided-By
X-MSEdge-Features
Is-Us
X-APP
Lb
X-Fastly-Backend-Reqs
X-Cs
X-UnsetCookies
CF-Cached-On
X-COUNTRY
X-Lb-Id
Ssr
X-HS-Status
X-WA
X-IP
GeoIP-Latitude
X-Cache-Expires
X-Core-Mission
Sid
X-MG-S
DB-Nickname
Cteonnt-Length
X-ServerName
X-Webkit-Csp-Report-Only
X-Reqid
WP-Super-Cache
X-FORWARDED-FOR
X-Hcs-Proxy-Type
X-DynaTrace-JS-Agent
X-CCDN-CacheTTL
X-Region-Sid
X-Cache-Status-Check
X-CCDN-Origin-Time
X-Check-Cacheable
X-Node-Id
URI
X-Sucuri-Cache
Ohc-Cache-HIT
CountryCode
Xc-Version
X-VC
X-Moov-Xdn-Version
Mime-Version
X-Via-PopV
X-ND-Cache
X-Via-PopN
X-Nc
X-SERVER-NAME
X-Moov-T
X-ServedByHost
X-Via-PopH
X-Cache-Backend
X-Trv-Group
User-Agent
X-Via-CDN
EpKe-Alive
X-Pad
WZWS-RAY
X-SN
X-Pjax-Url
Shield-Pop
X-Ig-Push-State
Env
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
FSS-Cache
X-Acquia-Application-UUID
X-Amz-Meta-Opti
X-Fastly-Cache-Hits
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Pf-Uncompressing
X-Varnish-Authentication
X-CUA
X-LiteSpeed-Cache-Control
X-Edge-POP
X-Acquia-Site
CACHE
X-RAMCache
On-Server
X-Nginx-Upstream-Cache-Status
HIT
X-Cdn-Request-ID
X-Dispatch
X-Action
X-IN-APIGATEWAYSSL
X-Oss-Request-Id
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Webstats-RespID
X-SB
X-Parent-Response-Time
X-Swift-Error
Ohc-Response-Time
ServerName
X-RSL
X-RPS
X-StackifyID
Xet-Cookie
Server-Ttl
X-RPM
X-DW
Vha6-Origin
X-DB
X-DI
X-DSS
X-Oss-Hash-Crc64ecma
X-Cdn-Forward
X-TRACE-ID
X-Env-Sha256-Sig
X-Amzn-Remapped-X-Forwarded-For
X-Amzn-Remapped-User-Agent
X-Amzn-Remapped-Host
X-Env-Stack-Name
X-Forwarded-Port
X-Snapshot-Date
X-Ftr-Viewer-Uri
X-FPC
Fastly-Drupal-Html
Hit
Content-Style-Type
Req-ID
X-Yottaa-OS
Content-Script-Type
VivaBuild
X-MiniProfiler-Ids
Rt-Fastcgi-Cache
Viewtype
X-CF-Powered-By