Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
X-FRAME-OPTIONS
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
X-Ws-Request-Id
Request-Context
X-Robots-Tag
Server-Timing
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
X-Amz-Request-Id
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Cf-Railgun
X-Dispatcher
X-Host
X-CST
X-Cache-Spec
X-Server-Id
X-Node
Allow
X-Backend-Server
Surrogate-Control
Request-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Webkit-CSP
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-WebKit-CSP
Accept-CH
Accept-Ch-Lifetime
Xkey
X-HW
X-Country
X-Language
X-Application-Context
X-Ruxit-JS-Agent
X-Ac
Content-Location
X-Template
MS-Author-Via
Rating
X-Cache-Lookup
X-Url
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-B3-TraceId
Accept-Ch
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-Content-Type
Fastly-Restarts
X-GitHub-Request-Id
X-Rack-Cache
X-Origin-Cache
X-Cnection
X-ASPNET-VERSION
X-FastCGI-Cache
X-Exp-Id
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja
X-Country-Code
X-Goog-Hash
X-D2id
Verso
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-Buckets
X-Server-ID
Accept-CH-Lifetime
X-Cached
X-Server-Name
X-Vcap-Request-Id
Cache-Tag
X-ORACLE-DMS-ECID
X-Abt-Application-Version
X-Amz-Rid
X-Client-IP
X-Navigation-Version
Service-Worker-Allowed
X-Powered-By-Plesk
RTSS
Access-Control-Request-Method
X-Fastly-Request-ID
X-Powered-CMS
X-MSEdge-Ref
Public-Key-Pins
X-Element-Page-Cache
X-Px
Display
Pagespeed
X-Sol
Response
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Middleton-Response
X-Middleton-Display
X-Dw-Request-Base-Id
X-Cache-TTL
X-NF-Request-ID
X-Upstream
X-Version
X-TTL
S
X-Edge
X-Kinsta-Cache
X-Edge-Location-Klb
X-LLID
X-Ttl
Realpath
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-ECACHE
X-Accel-Expires
SPRequestDuration
SPIisLatency
X-SharePointHealthScore
SPRequestGuid
X-HP-Webp
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Instrumentation
X-Kraken-Loop-Name
X-Jurisdiction
X-MCACHE
X-T
X-Mid
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-PressLabs-Stats
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Correlation-Id
X-Cache-Key
X-Forwarded-Proto
Edge-Cache-Tag
X-ORACLE-DMS-RID
Fastcgi-Cache
X-DynaTrace
X-Amz-Server-Side-Encryption
X-Recruiting
X-Mg-S
Charset
TP-Cache
TP-L2-Cache
X-XRDS-Location
X-Content-Digest
Nginx-Cache
X-Id
Filters
Front-End-Https
X-Request-Received
X-Request-Processing-Time
X-Oneagent-Js-Injection
X-Ezoic-Cdn
Alternate-Protocol
Server-Node
X-Logged-In
X-Forwarded-For
TCN
Cache-Tags
Content-MD5
X-Ruxit-Js-Agent
X-Release
X-Geo-Country
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Deployment-Id
X-Origin-Upstream-Status
X-Protected-By
X-Litespeed-Cache
X-Amzn-Trace-Id
X-Grace
X-Origin-Server
X-Www-Served-By
X-F-Cache
Cleartype
X-GUploader-UploadID
X-Hostname
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Amz-Replication-Status
X-Rid
X-Contextid
Server-Name
Host
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Az
X-Activity-Id
X-RateLimit-Remaining
X-Debug-Info
X-AppVersion
X-LB-Cache
X-NWS-LOG-UUID
Section-Io-Cache
X-Frontend
MicrosoftSharePointTeamServices
X-Git-Hash
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Page-Id
X-Cache-Age
X-Ser
X-WebKit-CSP-Report-Only
X-VCache
X-Daa-Tunnel
X-Respond-Thread
X-Content-Options
X-Aspnetmvc-Version
Accept-Charset
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Hits
X-Source
X-Mobile-URL
X-DIS-Request-ID
X-B-Cache
X-Signature
X-Varnish-Age
X-Kong-Upstream-Latency
X-Varnish-Backend
ServerID
X-Kong-Proxy-Latency
X-Varnish-Grace
Paypal-Debug-Id
X-Aspnet-Duration-Ms
Healthy
X-Flags
X-Whom
X-Is-Crawler
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-TT
Payment
Viewport
X-FB-Debug
X-Cache-Action
X-B3-Sampled
Node
X-AOL-HN
X-CACHE-GROUP
X-App-Environment
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-N
Version
X-Mobile
X-Seen-By
X-Ab
DynaTrace
Fastcgi-Useragent
X-Load-Cache
X-Yandex-Sdch-Disable
DC
Ar-Sid
AR-Request-ID
AR-PoweredBy
X-Type
AR-CACHE
AR-ATIME
X-HTML-Minification-Powered-By
X-Distributor
X-XRDS-LOCATION
X-Tt-Trace-Host
X-Tt-Trace-Tag
MS-CV
SRV
Frame-Options
Filterid
X-Cache-Control
Retry-After
X-Cache-Expired-At
X-User-Agent
X-Fastcgi-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Jobs
X-Original-Request-Id
X-Response-Served-From
X-IPLB-Instance
X-Adobe-Loc
X-UUID
X-Proxy-Cache-Status
X-Adobe-Content
X-Real-IP
X-IPS-LoggedIn
Refresh
X-Cacheable-TTL
Access-Control-Request-Headers
X-Cluster-Name
X-Instance
X-Region
X-Debug-IsPreview
X-Device-Type
X-Varnish-Server
X-Debug-IsConnected
X-ProcessESI
X-Page-View
X-Cache-Time
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-RemovedCookies
X-G
X-Framework
Uber-Trace-Id
NGB
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Powered-By
X-B
X-RTag
Ms-Operation-Id
X-App-Version
X-Proxy
X-Vgn-Hpd-Reason
X-Zen-Fury
X-CDN-Forward
X-FW-Serve
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-NGENIX-Cache
Countrycode
X-Debug
Cache-Status
X-Time
X-Azure-Ref
X-Mg-Request-UUID
X-Wix-Request-Id
X-RateLimit-Limit
Section-Io-Id
X-Accel-Buffering
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Cache
X-Cache-Rule
X-Node-Name
X-Nginx-Cache
X-FireWall-Port
X-Is-Bot
X-Rendered-As
X-Ms-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Ms-Version
X-Cache-Hit
X-Drupal-Cache-Tags
X-Oracle-Dms-Rid
Liferay-Portal
SD-X-WS
Referer-Policy
X-EdgeConnect-Cache-Status
S-Cnection
Surrogate-Key
Country
X-App-Server
X-L-Path
X-Environment-Context
X-Cache-Operation
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Aws-Lambda-Call-Status
Eomportal-Instance
X-Revision
X-TA-CDN-Provider
X-Proxy-Build
From-Origin
X-GG-Cache-Date
X-SaId
X-ES-SERVER
Selected-Fe
X-UPSTREAM-Address
X-JoinUs
X-RN-RSRV
X-Loop
X-TNCMS
CF-IPCountry
Meta-Geo
X-Drupal-Cache-Contexts
X-Timing-Wait
X-Endurance-Cache-Level
X-Adobe-Source
X-ShopId
X-ShardId
X-Shopify-Stage
X-Xfnlog-Site
X-Alternate-Cache-Key
X-Varnish-Beresp-Grace
X-Storefront-Renderer-Rendered
X-Cache-Type
X-Sorting-Hat-ShopId
X-Cache-TTL-Remaining
X-Varnishpool
X-Sorting-Hat-PodId
X-Request-Time
ServedBy
Protected
Cache-Name
X-PHP-Backend
X-BYPASS-REASON
X-No-Session
X-Varnish-Hostname
X-Handled-By
X-Say-Cacheable
X-S-Maxage
X-LJ-Flow-ID
X-AWS-Id
X-R9-Blue-Green-Version
X-Pubstack
X-VWS-Id
X-NYM-Debug-Backend
X-ProxyCache-Key
X-Backend-Host
X-SayCDN-TTL
X-Origin-Date
X-Say-TTL
X-Human
X-ProxyCache-Status
X-Be
X-LAGOON
Cache-Tv-Group
X-UA-Device-Type
Azure-SlotName
Azure-RegionName
X-Server-W
Azure-InstanceId
Apigw-Requestid
Azure-SiteName
X-FB-TRIP-ID
Azure-Version
Country-Code
X-Origin-Hint
Property-Id
X-PCL
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
X-Akamai-Edgescape
X-OCL
TWC-Locale-Group
TWC-GeoIP-LatLong
X-RCS-CacheZone
X-Cache-Server
X-Proto
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
Fastly-SSL
Webcakes-Region
X-Parallel-Accel
X-Tumblr-Pixel-2
X-Access
X-Format
X-Sql-Count
X-Sql-Duration-Ms
X-Status
X-Section
X-Hl-Ver
X-Labrador-Cache-Channel
X-PHP-Host
X-Backend-Name
Mn-Server-Ip
X-Via-Fastly
Decoy-Debug-TTL
Akamai-GRN
Decoy-Debug-Status
Decoy-Debug-Key
X-Web-Node
X-HP-Trace-Id
X-PERF
X-ApacheServer
X-Hosted-By
X-Uri
Xserver
X-Hyper-Cache
X-B3-SpanId
X-Redis-Cache
Nel
Count-Hit
X-Cache-PHP
X-FW-Version
X-Ua-Device
X-Time-Microsecs
X-ATG-Version
X-ServerID
X-TT-LOGID
GEO-INFO
X-Trace-Id
OT-Force-Account-Verify
X-WA-Info
X-Rule
X-Cluster-Node
X-CSRF-Token
X-Servername
X-Tumblr-Pixel-3
X-MP-GENERATED-AT
X-Content-Age
X-Datadome
X-Detected-As
X-Azure-Ref-OriginShield
Backend
X-Akamai-Transformed
X-Cached-By
Cross-Origin-Opener-Policy
X-Soup
X-Varnish-Cache-Hits
X-Cache-Host
X-Generation-Time
AMP-Access-Control-Allow-Source-Origin
X-Cache-Enabled
X-CS
Web-Mar-Node
X-Edge-Location
X-TEC-API-VERSION
X-Varnish-Hits
X-Bc-Bl
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Cache-Ttl
X-Varnish-Beresp-Status
X-Mode
X-Info
X-Microcachable
X-Dc
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
Ec-Rule-Version
X-Amz-Apigw-Id
X-Cache-NGX
X-Via-JSL
X-SRV
X-Debug-Cache
X-Storage
Cross-Origin-Window-Policy
Content-Secure-Policy
X-Cache-Grace
X-Routing-Service
X-Zipkin-Id
SID
X-Magnolia-Registration
X-APP-VERSION
X-Varnish-Beresp-Ttl
X-Ua
S-Rt
X-Platform
X-Proxied
X-Air-Hostname
Upgrade-Insecure-Requests
Url
X-NWS-UUID-VERIFY
X-Origin-CC
X-Extlb
X-Origin-TTL
X-Air-Source
X-Air-Trace-Id
Source
X-Locale
X-Forwarded-Host
X-B3-Traceid
X-PAYTM-SRV-ID
CDN-PullZone
CDN-RequestCountryCode
CDN-Uid
DCR-Decision-By
X-Platform-Server
CDN-RequestId
CDN-EdgeStorageId
X-PBS-Appsvrname
CDCHOST
Apple-News-Services-Handled
A
X-NAPM-TraceId
X-NU-AKA-ACS-Version
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
CDN-Cache
Cache-Host
X-Orig-Expires
BehaviorPad-Version
CDN-CachedAt
MD5-Digest
X-ARC
X-B-Cookie
X-BCube-Filmed-By
X-Bip
X-Application
X-Aicache-OS
X-A-Dgt
X-A-Wwc
X-Aed
X-Cache-Bucket
X-Cache-NE
X-Destination
X-Developer
X-Epic-Correlation-Id
X-External-Request-Id
X-D
X-Connection-Hash
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Clientip
X-A-Dcw
X-A-Dam
M-TraceId
Meta-Geo-Continent
Mobile-Detection-Method
Odigeo-Trace-Id
Host-ID
Fastly-SWR
Expiry
Fastcgi-X-Cache-Version
Fastly-SIE
Path
Rendered-Blocks
X-Forwarded-Path
X-A
X-A-Ccd
X-From
T-Server
Req-Svc-Chain
State
Surrogated-Key
DCR-Processing-Time-Ms
Apple-News-Services-Request-Url
X-Rewrite-Enabled
X-Rojux
X-S
X-VG-WebServer
X-Request-URI
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Unique-ID
X-ScT
X-Session-Fingerprint
X-Shop-Environment
X-Vtex-Remote-Cache
X-SRCache-Key
X-Vtex-Processado-Em
X-Thanos
X-Tenant
X-VG-WebCache
X-S-Cookie
X-Ratelimit-Reset
X-Vdms-Version
X-Processor
X-Tb
Server-Info
X-Backend-State
X-Var-Ttl
X-Proxy-Upstream
X-TrackingId
X-Served-From
Kp-EeAlive
Is-Eu
X-Variation
X-Sigma-Backend
Esi-Enabled
X-Is-Gdpr
X-Cache-Debug
X-Device-Os
Fastly-Backend-Name
X-Branch-Name
L
X-DPWN-IS-SECURE
X-VG-TLSProxy
Origin
X-Envoy-Decorator-Operation
PB-PID
PB-RID
Pics-Label
UCS
NGX
X-Generated-On
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
DSUID
X-Hash
X-Service
X-Has-Esi
Platform
Fastly-Drupal-HTML
C-Via
X-Level-Front-Cache
X-Request-UUID
X-GoCache-CacheStatus
Arc-Version
X-Loc
X-Core-Value
X-Cms-Context
Adler-Geo
X-Cache-Tags
X-Vdms-Path
Content-Disposition
X-Sigma
X-JWT-State
Cmsid
Cmstype
X-Origin-Expires
X-Rocket-Build-Number
X-DataDome
DataCenter
X-Site-Version
User-Cache-Control
X-Gamma-Serve
X-Ftr-Request-Id
X-DefElseHash
X-Cluster
True-Client-Country-4JS
TDXMobile
X-SIPLIST1
X-Date
Thinkindot-CacheControl
X-Csrf-Jwt
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Varnish-Remaining-TTL
Wxu-Next-Commit
X-Fastly-Cache
X-Fmm-Version
X-Developers
X-CGP
X-Varnish-CookieINHashed-On
X-VC-Cache
X-VarnishDD-TTL
X-Thinkindot-L3
X-Accel-Expires-Debug
X-Varnish-CookieHashed-On
X-User
X-Forwarded-Site
X-Clara-WADP
Wxu-Next-Hostname
Wxu-Next-Region
X-Cache-Info
X-Fetched-On
X-DefHash
Vix-Hermes-Req-Id
Who
Cf-Device-Type
X-Scheme
X-Amz-Meta-S3cmd-Attrs
X-Li-Fabric
Cache-Key
CacheControlHeader
X-Fastly-Backend
Fastcgi-Cache-TTL
HA-Ipaddr
IsBot
X-Generated-In
Gh-Request-Id
X-VHOST
X-Request-Host
X-Req
X-LI-UUID
X-Owner
X-Policy
X-Eu-Site
X-VServer
X-Origin
X-Li-Pop
X-EC-Lua
X-Location
X-Men
X-Micro-Cache
X-Nginx-Cache-Key
L5d-Success-Class
Ha-Gx-Prefs
PFcat
X-Geo-Header
Pagetype
X-GeoIP
X-GeoIP-City
Release
X-WADP-Cache
Sever-Int
Server-Hostname
Server-Host
Server-Ext
X-AIR-PT
NM-Fastcgi-Cache
Memcached
X-HN
Locid
X-Varnish-Ttl
Location
X-RateLimit-Limit-Second
X-Old-Content-Length
X-RateLimit-Remaining-Second
X-Qloud-Router
X-Via-NSCOPI
X-Irp-Debug
X-Generated-By
X-Conf
X-Gen-Mode
X-Gzip
X-Slack-Backend
X-Wikidot-Backend
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-Skip-Cache
X-Mvc-Supplant-Cachable
X-Wikidot-Static-Cache
X-Viewer-Country
X-Sucuri-ID
X-FC-Vary-Parameters
X-Block-Status
Webserver
X-Unique-Id
NtCoent-Length
AKAMAI
Mail-Subject
X-GEO
X-Ratelimit-Limit
Svr
X-Esi-Check
We-Hiring
Arc-Country
X-Cache-Id
V-Age
X-Srv
X-BBC-Edge-Cache-Status
X-PF-Uncompressing
CPC-Age
X-Planisys-CDN-Rules
CPC-Cache
X-Planisys-CDN-Cache
VNS-Age
X-Planisys-CDN-TTL
VNS-Cache
X-CLOUD-TRACE-CONTEXT
X-Mvc-Supplant-OutputCached
X-Minions-Version
X-DC
X-Ckpd-Fst-Backend
X-Via-Popv
X-Via-Poph
X-Varnish-Url
X-Via-Popn
Cache-Hits
X-HS-Content-Campaign-Id
X-Servedbyhost
X-Ratelimit-Remaining
X-Vc
X-Worker
MIME-Version
X-CACHE-KEY
My-App
Powered-By-ChinaCache
X-V-Cache
X-Auto-Login
X-Zone
X-NC
XServer
X-TX-ID
X-Refresh
X-Internal-Host
X-LB-ID
X-ZONE
X-ID
X-Platform-Cluster
X-Platform-Processor
X-Traceid
X-Tx-Id
X-Platform-Router
X-LSADC-Cache
X-Pass-Why
X-NCache
X-M-Log
X-Render-Time
X-M-Reqid
X-Rocket-Nginx-Serving-Static
Time
X-Qnm-Cache
Memory
X-PJAX-URL
WebServer
X-Newrelic-Synthetics
Server-ID
X-Wa
X-SD-PageType
X-Cache-Remote
X-Webkit-Csp
Environment
X-Webkit-CSP-Report-Only
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-TIME
Geo-Info
X-App
X-OVcl
X-OVcl-Cache
X-Datadog-Sampling-Priority
HostName
X-Dynatrace
X-BBC-Origin-Response-Status
X-API-Version
X-Gdpr
X-Nyt-Route
Cf-Bgj
X-NodeID
X-Origin-Time
X-Backend-TTL
Tcn
X-TraceId
X-Cache-Config
X-Server-IP
X-Cache-Var
X-Cache-Var-Map
Cluster
X-Via-Ucdn
X-VCL-Version
X-NewRelic-App-Data
Magicmarker
Hostname
X-Content
X-Ua-Browser
X-Geo
X-Tb-Optimization-Total-Bytes-Saved
X-Pod-Name
Geoip-Latitude
Candidate-Md5Url
GeoIp-Country-Code
DB-Nickname
Resin-Trace
X-Dispatcher-Server
X-Method
X-Edge-Pop
X-LI-Proto
Datacenter
X-Correlation-ID
X-ElasticPress-Query
N-Cache
Ohc-File-Size
Web-Mar-Region
X-HITS
X-CACHE-AGE
Ssr
X-Origin-Response-Time
X-IP
X-HostName
X-Varnish-Beresp-TTL
X-Akamai-Pragma-Client-IP
X-MSEdge-Flight
X-Li-Proto
X-MSEdge-Features
Cf-Ipcountry
LB
Onion-Location
GeoIP-Latitude
X-NODE
GeoIP-Country-Code
X-AB
WWW-Authenticate
X-EIG-Tracking-Id
X-Wix-Viewer-Type
Servername
X-Varnish-Cacheable
X-Trv-Group
X-ND-Cache
X-Node-Id
X-Vcl-Version
Cdn
X-APP
X-Via-CDN
Proxy-Connection
X-Fastly-Request-Id
X-Nc
CF-Cached-On
X-DynaTrace-JS-Agent
X-Dynatrace-Js-Agent
CDN
Lb
WZWS-RAY
Server-Id
Env
X-Fastly-Backend-Reqs
X-Cs
X-ServerName
Redirect-Candidate
X-Pjax-Url
Sid
X-WA
X-Reqid
X-Tid
X-Fpc
X-TIM-N
X-HS-Status
X-MG-S
Tracecode
X-Request-Start
Cteonnt-Length
X-Up
X-NGINX-Cache
Pramga
VivaBuild
X-Cache-Date
Viewtype
X-Lb-Id
Rt-Fastcgi-Cache
X-URL
Is-Us
X-Check-Cacheable
X-Esi
X-Xrds-Location
Ohc-Cache-HIT
X-CSRF-TOKEN
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Sn-Servicetimems
X-IN-APIGATEWAY
X-ServedByHost
X-Amz-Meta-Cb-Modifiedtime
URI
X-Cdn-Origin
X-IN-APIGATEWAYSSL
Machine
X-Cache-Backend
Mime-Version
X-VC
W
X-Core-Mission
Shield-Pop
X-Provided-By
CloudFront-Viewer-Country
CountryCode
X-SN
Server-Ttl
X-FTR-Request-ID
X-Tt-Logid
X-UnsetCookies
X-Webkit-Csp-Report-Only
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Fastly-Cache-Hits
X-Cache-ASPX
X-Pad
X-Dw-Trace-Id
X-Cdn-Forward
X-LiteSpeed-Cache-Control
X-Air-Pt
CACHE
X-Cache-Expires
X-FORWARDED-FOR
X-RAMCache
On-Server
X-Acquia-Site
X-Yottaa-OS
X-Cdn-Request-ID
FSS-Cache
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-DSS
X-DW
X-DI
X-StackifyID
Xet-Cookie
X-RSL
X-RPS
X-RPM
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-DB
X-FTR-DC
X-Swa-Ws
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-FTR-Realm
X-FTR-Cache-Status
X-Webstats-RespID
X-SB
X-Action
WP-Super-Cache
ServerName
Ohc-Response-Time
Vha6-Origin
X-Swift-Error
X-Pf-Uncompressing
X-Region-Sid
X-Sucuri-Cache
X-FPC
Req-ID
X-Cache-Status-Check
X-Edge-POP
Warning
Content-Style-Type
X-ElasticPress-Search
X-Snapshot-Date
X-C
X-TH-Server
X-MiniProfiler-Ids
Content-Script-Type
Xc-Version
X-FTR-Expires