Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
X-FRAME-OPTIONS
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Upgrade
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
Server-Timing
X-Robots-Tag
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Dns-Prefetch-Control
X-Server-Powered-By
X-Cache-Group
X-Backend
X-Amz-Request-Id
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Cf-Railgun
X-Dispatcher
X-Host
X-CST
X-Cache-Spec
X-Server-Id
Allow
X-Node
X-Backend-Server
Surrogate-Control
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Webkit-CSP
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-WebKit-CSP
Accept-CH
Accept-Ch-Lifetime
Xkey
X-HW
X-Country
X-Language
X-Ruxit-JS-Agent
X-Application-Context
X-Ac
Content-Location
X-Template
MS-Author-Via
X-Cache-Lookup
X-Cloud-Trace-Context
Rating
X-Url
X-B3-TraceId
X-Mod-Pagespeed
Accept-Ch
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-Content-Type
Fastly-Restarts
X-GitHub-Request-Id
X-Rack-Cache
X-Origin-Cache
X-Cnection
X-ASPNET-VERSION
X-FastCGI-Cache
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-Exp-Id
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Use-Magma
X-Country-Code
Verso
X-D2id
X-Goog-Hash
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-Server-ID
X-Buckets
Accept-CH-Lifetime
X-Cached
X-Server-Name
X-Vcap-Request-Id
Cache-Tag
X-Abt-Application-Version
X-ORACLE-DMS-ECID
X-Amz-Rid
X-Client-IP
X-Navigation-Version
Service-Worker-Allowed
X-Powered-By-Plesk
RTSS
X-Fastly-Request-ID
Access-Control-Request-Method
X-Powered-CMS
X-Element-Page-Cache
X-MSEdge-Ref
Public-Key-Pins
X-Px
Pagespeed
Response
X-Sol
X-Middleton-Display
Display
X-Middleton-Response
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Upstream
X-Cache-TTL
X-Version
X-TTL
S
X-Edge
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ttl
X-LLID
Realpath
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-ECACHE
X-Accel-Expires
X-SharePointHealthScore
SPRequestDuration
SPIisLatency
SPRequestGuid
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-HP-Webp
X-Jurisdiction
X-Cache-Key
X-MCACHE
X-T
X-Mid
X-Content-Security-Policy-Report-Only
X-PressLabs-Stats
X-Shield-Request-Id
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Correlation-Id
X-DynaTrace
X-Forwarded-Proto
X-XRDS-Location
Edge-Cache-Tag
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
Charset
TP-Cache
TP-L2-Cache
X-Content-Digest
Nginx-Cache
X-Mg-S
X-Id
Filters
TCN
X-Request-Received
Front-End-Https
X-Request-Processing-Time
X-Oneagent-Js-Injection
X-Logged-In
Alternate-Protocol
X-Ezoic-Cdn
Server-Node
X-Forwarded-For
Cache-Tags
X-Ruxit-Js-Agent
Content-MD5
X-Release
X-Geo-Country
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Deployment-Id
X-Protected-By
X-Origin-Upstream-Status
X-Hostname
X-Litespeed-Cache
X-Amzn-Trace-Id
X-Grace
X-RateLimit-Remaining
X-Origin-Server
X-F-Cache
X-Www-Served-By
Cleartype
X-Goog-Stored-Content-Length
X-Amz-Replication-Status
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Rid
X-Goog-Storage-Class
X-Goog-Metageneration
Server-Name
X-Contextid
Host
X-Activity-Id
X-Debug-Info
X-HS-Hub-Id
X-AppVersion
X-HS-Cache-Config
X-Az
X-HS-Content-Id
X-HS-Combine-CSS
X-LB-Cache
X-NWS-LOG-UUID
Section-Io-Cache
X-Frontend
MicrosoftSharePointTeamServices
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Git-Hash
X-Page-Id
X-Cache-Age
X-Daa-Tunnel
X-Ser
X-VCache
X-Respond-Thread
X-Content-Options
X-Aspnetmvc-Version
Access-Control-Allow-Method
Accept-Charset
X-Hits
X-Upgrade-Enabled
X-WebKit-CSP-Report-Only
X-Source
X-Mobile-URL
X-DIS-Request-ID
X-Signature
X-Varnish-Age
X-B-Cache
ServerID
Paypal-Debug-Id
X-Varnish-Grace
X-Varnish-Backend
Payment
X-Flags
X-Is-Crawler
X-Providence-Cookie
Healthy
X-Whom
Viewport
X-Cache-Action
X-FB-Debug
X-TT
X-Request-Guid
X-Aspnet-Duration-Ms
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Route-Name
X-B3-Sampled
Node
X-AOL-HN
X-CACHE-GROUP
X-App-Environment
Version
X-N
X-Mobile
X-Tec-Api-Origin
X-Seen-By
X-Tec-Api-Root
DynaTrace
Fastcgi-Useragent
X-Tec-Api-Version
X-Load-Cache
X-Yandex-Sdch-Disable
DC
X-Type
AR-PoweredBy
AR-CACHE
AR-Request-ID
Ar-Sid
AR-ATIME
X-HTML-Minification-Powered-By
X-Ab
X-Tt-Trace-Tag
SRV
X-Distributor
MS-CV
X-Tt-Trace-Host
Frame-Options
Retry-After
X-Cache-Control
X-Cache-Expired-At
X-User-Agent
X-Fastcgi-Cache
X-Microsite
X-Request-Handler-Origin-Region
Filterid
X-Jobs
X-Response-Served-From
X-Original-Request-Id
X-IPLB-Instance
X-IPS-LoggedIn
X-Real-IP
Refresh
X-Adobe-Content
X-UUID
X-Adobe-Loc
X-Region
X-Debug-IsConnected
X-Device-Type
X-Debug-IsPreview
X-Cluster-Name
X-Instance
X-Varnish-Server
X-Cacheable-TTL
Access-Control-Request-Headers
X-Proxy-Cache-Status
X-B
X-Tumblr-Pixel-0
Uber-Trace-Id
X-Page-View
X-Cache-Time
X-Content-Powered-By
X-ProcessESI
VIX-Pulpo-Node
X-Tumblr-Pixel-1
X-Tumblr-User
X-Framework
X-G
X-RemovedCookies
VIX-Pulpo-Upstream-Status
X-XRDS-LOCATION
X-Tumblr-Pixel
X-App-Version
X-RTag
Ms-Operation-Id
NGB
X-Proxy
X-RateLimit-Limit
X-Vgn-Hpd-Reason
X-Zen-Fury
X-CDN-Forward
X-FW-Static
X-NGENIX-Cache
X-FW-Server
X-FW-Type
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
Countrycode
X-Azure-Ref
X-Time
X-Debug
Amp-Access-Control-Allow-Source-Origin
Cache-Status
X-Mg-Request-UUID
X-Accel-Buffering
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Wix-Request-Id
Section-Origin-Responded
Section-Io-Id
Cache
X-Cache-Rule
X-Node-Name
X-Nginx-Cache
X-Ms-Version
X-Ms-Request-Id
X-FireWall-Port
X-Rendered-As
X-Is-Bot
X-Drupal-Cache-Tags
X-Cache-Hit
X-Oracle-Dms-Rid
Liferay-Portal
SD-X-WS
X-EdgeConnect-Cache-Status
Referer-Policy
Surrogate-Key
Country
X-TA-CDN-Provider
S-Cnection
X-App-Server
X-L-Path
X-Environment-Context
X-Cache-Operation
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Aws-Lambda-Call-Status
Eomportal-Instance
X-Revision
X-RN-RSRV
X-Proxy-Build
X-Timing-Wait
CF-IPCountry
Selected-Fe
X-ES-SERVER
X-UPSTREAM-Address
From-Origin
X-JoinUs
X-Endurance-Cache-Level
X-Loop
X-TNCMS
X-GG-Cache-Date
X-Drupal-Cache-Contexts
Meta-Geo
X-SaId
X-Cache-Type
X-Request-Time
X-Sorting-Hat-PodId
X-Adobe-Source
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Varnish-Beresp-Grace
X-Xfnlog-Site
X-Varnishpool
X-ShopId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Cache-TTL-Remaining
X-ShardId
X-AWS-Id
X-LAGOON
Protected
Cache-Name
X-Human
X-Handled-By
X-No-Session
X-Backend-Host
X-Be
X-BYPASS-REASON
X-LJ-Flow-ID
X-VWS-Id
X-R9-Blue-Green-Version
X-Pubstack
X-ProxyCache-Status
X-S-Maxage
X-Say-Cacheable
X-SayCDN-TTL
X-Varnish-Hostname
X-Say-TTL
X-NYM-Debug-Backend
X-ProxyCache-Key
X-PHP-Backend
X-Origin-Date
Property-Id
TWC-Device-Class
ServedBy
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
Fastly-SSL
TWC-Privacy
X-Parallel-Accel
TWC-Locale-Group
Cache-Tv-Group
X-Proto
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Apigw-Requestid
X-UA-Device-Type
X-RCS-CacheZone
X-Cache-Server
X-FB-TRIP-ID
X-PCL
TWC-Connection-Speed
X-Origin-Hint
X-Server-W
X-Akamai-Edgescape
X-OCL
X-Hl-Ver
Decoy-Debug-Key
Country-Code
Decoy-Debug-Status
X-Sql-Duration-Ms
Mn-Server-Ip
X-Labrador-Cache-Channel
X-PHP-Host
X-Sql-Count
Decoy-Debug-TTL
Azure-SlotName
Azure-Version
X-Backend-Name
X-Section
X-Tumblr-Pixel-2
X-Format
X-Via-Fastly
Azure-InstanceId
X-Access
Azure-SiteName
Azure-RegionName
X-Status
X-Uri
X-ApacheServer
X-Hosted-By
X-PERF
X-Web-Node
X-HP-Trace-Id
Akamai-GRN
Xserver
X-B3-SpanId
X-Redis-Cache
X-Hyper-Cache
Count-Hit
GEO-INFO
X-Cache-PHP
Nel
X-FW-Version
X-Time-Microsecs
X-ServerID
X-Ua-Device
X-TT-LOGID
X-ATG-Version
X-Trace-Id
X-CSRF-Token
X-Cluster-Node
X-WA-Info
OT-Force-Account-Verify
X-Rule
X-Servername
X-MP-GENERATED-AT
X-Content-Age
X-Tumblr-Pixel-3
X-Azure-Ref-OriginShield
X-Detected-As
X-Akamai-Transformed
Cross-Origin-Opener-Policy
X-Soup
Backend
X-Cached-By
X-Varnish-Cache-Hits
X-CS
X-Cache-Host
X-Generation-Time
X-Cache-Enabled
X-Edge-Location
Web-Mar-Node
X-Varnish-Hits
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Datadome
X-Bc-Bl
X-TEC-API-ROOT
X-Cache-Ttl
X-Varnish-Beresp-Status
X-Mode
X-Info
X-Microcachable
X-Varnish-Beresp-Ttl
Ec-Rule-Version
X-Amzn-RequestId
AMP-Access-Control-Allow-Source-Origin
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Cache-NGX
X-Unique-ID
X-Storage
X-Debug-Cache
Cross-Origin-Window-Policy
S-Rt
X-Ua
SID
X-Routing-Service
X-APP-VERSION
X-Zipkin-Id
X-Magnolia-Registration
X-Dc
X-Cache-Grace
X-Proxied
X-Via-JSL
X-Platform
X-NWS-UUID-VERIFY
Content-Secure-Policy
Url
X-DataDome
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Extlb
X-B3-Traceid
X-Origin-TTL
X-Origin-CC
X-Locale
Source
Upgrade-Insecure-Requests
X-Forwarded-Host
CDN-CachedAt
CDN-EdgeStorageId
X-Ratelimit-Reset
Rendered-Blocks
Path
X-Shop-Environment
CDCHOST
X-Processor
CDN-Cache
Odigeo-Trace-Id
X-Rebelmouse-Cache-Control
CDN-PullZone
CDN-Uid
DCR-Processing-Time-Ms
Surrogated-Key
DCR-Decision-By
CDN-RequestId
State
CDN-RequestCountryCode
X-Rebelmouse-Surrogate-Control
Req-Svc-Chain
Mobile-Detection-Method
X-Platform-Server
Host-ID
Fastly-SIE
X-NAPM-TraceId
BehaviorPad-Version
A
Fastly-SWR
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-NU-AKA-ACS-Version
Fastcgi-X-Cache-Version
Meta-Geo-Continent
X-PAYTM-SRV-ID
X-PBS-Appsvrname
Expiry
Cache-Host
MD5-Digest
T-Server
X-Orig-Expires
M-TraceId
Apple-News-Services-Request-Url
X-Session-Fingerprint
X-BCube-Filmed-By
X-VG-WebCache
X-Bip
X-Cache-Bucket
X-VG-WebServer
X-B-Cookie
X-Vtex-Processado-Em
X-Aicache-OS
X-ScT
X-ARC
X-Vdms-Version
X-Cache-NE
X-Destination
X-D
X-SRV
X-Connection-Hash
X-Clientip
X-CF-Lambda-Version
X-Developer
X-Tenant
X-CF-Lambda-Fn
X-S-Cookie
X-Application
X-A
X-Vtex-Remote-Cache
X-External-Request-Id
X-Rojux
X-Rewrite-Enabled
X-A-Dam
X-A-Ccd
X-From
X-Thanos
X-Epic-Correlation-Id
X-A-Wwc
X-Aed
X-Forwarded-Path
X-S
X-SRCache-Key
X-A-Dgt
X-A-Dcw
X-Request-URI
Server-Info
Fastly-Drupal-HTML
X-Device-Os
X-Envoy-Decorator-Operation
X-Core-Value
X-DPWN-IS-SECURE
Esi-Enabled
DSUID
X-Loc
Fastly-Backend-Name
X-JWT-State
PB-PID
Origin
NGX
X-Has-Esi
PB-RID
Pics-Label
X-Generated-On
Content-Disposition
Platform
X-Hash
X-Backend-State
X-Cache-Tags
Kp-EeAlive
Is-Eu
X-Level-Front-Cache
L
X-Cache-Debug
X-Is-Gdpr
X-Branch-Name
UCS
X-Cms-Context
Cmsid
X-SVT-ORM-VERSION
X-Sigma
X-Service
X-Rocket-Build-Number
X-Variation
X-Origin-Expires
X-Served-From
X-GoCache-CacheStatus
X-TrackingId
X-Sigma-Backend
X-Var-Ttl
X-SVT-ORM-RULES
X-Vdms-Path
X-Request-UUID
Arc-Version
C-Via
Adler-Geo
Cmstype
X-VG-TLSProxy
X-Site-Version
X-Tb
X-Srv
X-GEO
User-Cache-Control
X-Request-Host
X-VServer
True-Client-Country-4JS
X-Varnish-Ttl
X-Geo-Header
X-Generated-In
X-Amz-Meta-S3cmd-Attrs
Wxu-Next-Commit
Wxu-Next-Region
X-User
Wxu-Next-Hostname
X-Gamma-Serve
X-Scheme
Vix-Hermes-Req-Id
X-Varnish-CookieINHashed-On
X-Ftr-Request-Id
X-WADP-Cache
X-Developers
X-VC-Cache
X-DefHash
X-Eu-Site
X-Thinkindot-L3
X-Forwarded-Site
X-Fmm-Version
X-Fetched-On
X-Fastly-Cache
X-DefElseHash
X-Fastly-Backend
X-Varnish-CookieHashed-On
Thinkindot-CacheControl-Type
X-Cache-Info
X-Li-Fabric
X-Li-Pop
X-CGP
X-Clara-WADP
X-Csrf-Jwt
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
X-Cluster
X-LI-UUID
Thinkindot-Control
Who
Thinkindot-CacheControl
X-Policy
DataCenter
NM-Fastcgi-Cache
X-SIPLIST1
X-VHOST
Pagetype
Gh-Request-Id
Ha-Gx-Prefs
X-Owner
X-HN
Locid
Location
L5d-Success-Class
X-Nginx-Cache-Key
X-Origin
IsBot
Memcached
HA-Ipaddr
X-Micro-Cache
PFcat
X-Proxy-Upstream
CacheControlHeader
Cache-Key
Sever-Int
X-GeoIP-City
X-GeoIP
X-Location
TDXMobile
X-EC-Lua
Cf-Device-Type
Server-Host
Server-Hostname
Server-Ext
X-Men
Release
Fastcgi-Cache-TTL
X-AIR-PT
NtCoent-Length
Arc-Country
X-Mvc-Supplant-Cachable
X-Wikidot-Backend
X-DC
X-Date
X-Esi-Check
AKAMAI
X-Wikidot-Static-Cache
X-Cache-Id
X-Gen-Mode
X-Sucuri-ID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated-By
X-Req
X-Slack-Backend
V-Age
Svr
X-Accel-Expires-Debug
X-Qloud-Router
X-Hnp-Log
X-Irp-Debug
X-FC-Vary-Parameters
X-Block-Status
X-Gzip
X-Conf
X-Skip-Cache
X-Old-Content-Length
Webserver
X-Planisys-CDN-Rules
Mail-Subject
X-RateLimit-Remaining-Second
X-PF-Uncompressing
X-RateLimit-Limit-Second
X-Planisys-CDN-TTL
X-Viewer-Country
X-Via-NSCOPI
X-Planisys-CDN-Cache
We-Hiring
X-BBC-Edge-Cache-Status
CPC-Cache
X-Servedbyhost
Cache-Hits
X-Mvc-Supplant-OutputCached
X-Minions-Version
X-Varnish-Url
X-Unique-Id
X-Ckpd-Fst-Backend
VNS-Age
MIME-Version
X-Via-Popn
CPC-Age
X-Via-Poph
VNS-Cache
X-Via-Popv
X-Ratelimit-Limit
X-Vc
X-Worker
X-HS-Content-Campaign-Id
X-Zone
X-V-Cache
My-App
Powered-By-ChinaCache
X-Auto-Login
X-Tx-Id
X-Webkit-CSP-Report-Only
XServer
X-LB-ID
X-Internal-Host
X-Traceid
X-NC
X-Refresh
X-ID
X-ZONE
Server-ID
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Rocket-Nginx-Serving-Static
Time
Memory
X-M-Log
X-LSADC-Cache
X-Qnm-Cache
X-NCache
X-Render-Time
X-M-Reqid
X-Pass-Why
X-Newrelic-Synthetics
X-Wa
X-TX-ID
WebServer
X-SD-PageType
X-App
X-PJAX-URL
X-Ratelimit-Remaining
X-Cache-Remote
X-Webkit-Csp
X-TIME
X-OVcl-Cache
X-OVcl
Environment
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-CACHE-KEY
X-Origin-Time
HostName
X-Gdpr
X-Nyt-Route
Cf-Bgj
X-BBC-Origin-Response-Status
X-VCL-Version
X-NodeID
X-API-Version
X-Backend-TTL
X-Cache-Config
X-Cache-Var
X-Cache-Var-Map
Magicmarker
Geo-Info
X-Via-Ucdn
Cluster
X-Server-IP
Hostname
X-NewRelic-App-Data
X-TraceId
X-Content
X-Pod-Name
X-LI-Proto
X-Ua-Browser
X-CLOUD-TRACE-CONTEXT
Candidate-Md5Url
Resin-Trace
DB-Nickname
X-Dispatcher-Server
GeoIp-Country-Code
Geoip-Latitude
X-Method
X-Edge-Pop
Datacenter
X-Tb-Optimization-Total-Bytes-Saved
X-Geo
X-Correlation-ID
X-AB
N-Cache
Ohc-File-Size
Tcn
X-Origin-Response-Time
X-HITS
X-Dynatrace
Ssr
X-CACHE-AGE
X-IP
Web-Mar-Region
X-ElasticPress-Query
X-MSEdge-Features
X-Akamai-Pragma-Client-IP
GeoIP-Latitude
GeoIP-Country-Code
X-MSEdge-Flight
Cf-Ipcountry
X-Varnish-Beresp-TTL
X-Li-Proto
LB
Servername
X-NODE
Onion-Location
Cdn
X-Node-Id
X-Wix-Viewer-Type
X-Varnish-Cacheable
WWW-Authenticate
X-EIG-Tracking-Id
X-MG-S
X-Nc
X-Trv-Group
X-ND-Cache
X-HostName
X-Via-CDN
Proxy-Connection
WZWS-RAY
X-Vcl-Version
X-DynaTrace-JS-Agent
CF-Cached-On
Env
X-APP
Lb
X-Fastly-Backend-Reqs
X-Dynatrace-Js-Agent
X-Fpc
X-Cs
X-Tid
Redirect-Candidate
Server-Id
Sid
X-ServerName
X-Pjax-Url
CDN
X-HS-Status
X-Reqid
X-TIM-N
X-WA
Tracecode
X-NGINX-Cache
X-Request-Start
X-Up
Is-Us
Rt-Fastcgi-Cache
Viewtype
Cteonnt-Length
X-Cache-Date
X-URL
X-Check-Cacheable
VivaBuild
Pramga
X-Lb-Id
X-CSRF-TOKEN
X-Esi
X-Xrds-Location
Ohc-Cache-HIT
X-Cdn-Origin
X-Via-PopV
X-Fastly-Request-Id
X-Amz-Meta-Cb-Modifiedtime
URI
X-VC
X-Via-PopN
X-IN-APIGATEWAYSSL
Machine
X-Sn-Servicetimems
X-Cache-Backend
X-IN-APIGATEWAY
X-Via-PopH
CountryCode
W
X-ServedByHost
X-Provided-By
X-Core-Mission
Mime-Version
Shield-Pop
X-SN
X-FTR-Request-ID
CloudFront-Viewer-Country
Server-Ttl
X-Dw-Trace-Id
X-Yottaa-OS
X-UnsetCookies
X-Webkit-Csp-Report-Only
X-Tt-Logid
X-Fastly-Cache-Hits
X-Varnish-Authentication
X-Cdn-Request-ID
X-Contensis-Viewer-Groups
X-Cache-ASPX
On-Server
X-Pad
X-Acquia-Site
FSS-Cache
X-FORWARDED-FOR
X-Cdn-Forward
X-Air-Pt
X-LiteSpeed-Cache-Control
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Application-UUID
CACHE
X-Cache-Expires
X-DSS
X-DW
Xet-Cookie
X-DI
X-RSL
X-RAMCache
X-StackifyID
X-RPS
X-RPM
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-DB
X-FTR-DC
X-Swa-Ws
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-FTR-Realm
X-FTR-Balancer
X-Webstats-RespID
X-Action
Vha6-Origin
WP-Super-Cache
Ohc-Response-Time
X-SB
X-Swift-Error
X-Pf-Uncompressing
X-Region-Sid
X-Sucuri-Cache
X-Cache-Status-Check
Req-ID
X-Edge-POP
ServerName
Warning
Content-Script-Type
X-ElasticPress-Search
X-Snapshot-Date
X-C
X-TH-Server
X-MiniProfiler-Ids
X-FTR-Expires
Xc-Version
Content-Style-Type