Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
ETag
Pragma
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Request-ID
X-Generator
P3p
X-Cacheable
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
X-Dns-Prefetch-Control
Access-Control-Expose-Headers
Upgrade
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Via
X-Ws-Request-Id
Keep-Alive
Request-Context
Server-Timing
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Cache-Group
X-Server-Powered-By
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
Host-Header
EagleId
X-Nginx-Cache-Status
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
Grace
X-UA-Device
X-Page-Speed
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-Device
X-Vhost
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
NEL
X-Dispatcher
X-OneAgent-JS-Injection
Cf-Railgun
X-Host
X-WebKit-CSP
X-Cache-Spec
X-Server-Id
X-CST
X-Node
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
Request-Id
Surrogate-Control
X-Readtime
Accept-CH
X-Akam-SW-Version
Accept-Ch-Lifetime
X-Response-Time
Xkey
X-Language
X-HW
X-Template
X-Application-Context
X-Country
Content-Location
X-Ac
X-Cloud-Trace-Context
X-Cache-Lookup
Rating
X-Ruxit-JS-Agent
MS-Author-Via
X-Url
X-Webkit-CSP
Edge-Control
X-Clacks-Overhead
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-Mod-Pagespeed
X-Trace
Fastly-Restarts
X-B3-TraceId
Accept-Ch
X-Content-Type
X-Rack-Cache
X-Buckets
X-MS-InvokeApp
X-Origin-Cache
X-ESI
X-GitHub-Request-Id
X-Cnection
X-Country-Code
X-Goog-Hash
Verso
X-D2id
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-Kinja
X-Use-Magma
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
Cache-Tag
X-Vcap-Request-Id
X-Cached
X-ORACLE-DMS-ECID
Service-Worker-Allowed
X-Px
X-FastCGI-Cache
X-Abt-Application-Version
X-Server-Name
X-Client-IP
X-Amz-Rid
X-Navigation-Version
X-Cache-TTL
Accept-CH-Lifetime
X-Server-ID
X-TTL
Public-Key-Pins
RTSS
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Powered-By-Plesk
X-MSEdge-Ref
Access-Control-Request-Method
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Fastly-Request-ID
X-Powered-CMS
X-NF-Request-ID
X-Version
X-Upstream
Display
Pagespeed
X-Middleton-Response
X-Middleton-Display
Response
X-Sol
S
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
X-LLID
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-Cache-Key
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-ECACHE
X-Accel-Expires
X-HP-Webp
X-Jurisdiction
X-Shield-Request-Id
Pinterest-Generated-By
Pinterest-Version
X-Correlation-Id
X-Pinterest-Rid
Realpath
X-T
X-XRDS-Location
X-DynaTrace
X-Mid
X-SharePointHealthScore
X-PressLabs-Stats
X-MCACHE
SPRequestGuid
X-Content-Security-Policy-Report-Only
Edge-Cache-Tag
SPRequestDuration
SPIisLatency
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Litespeed-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Mg-S
X-Ruxit-Js-Agent
X-Ttl
X-Content-Digest
X-Forwarded-Proto
X-Recruiting
TP-L2-Cache
TP-Cache
X-Request-Processing-Time
X-Request-Received
TCN
Charset
Front-End-Https
Alternate-Protocol
Server-Node
X-Id
X-Logged-In
X-Oneagent-Js-Injection
Filters
Content-MD5
X-Forwarded-For
X-Geo-Country
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Template-Id
X-Ezoic-Cdn
Fusion-Content-Id
X-Protected-By
Fusion-Source
Cache-Tags
X-Hostname
X-ASPNET-VERSION
X-Amzn-Trace-Id
X-NWS-LOG-UUID
X-Origin-Upstream-Status
X-Grace
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Debug-Info
X-F-Cache
X-Www-Served-By
Cleartype
X-Amz-Replication-Status
X-AppVersion
X-Origin-Server
X-LB-Cache
X-Az
X-Rid
X-Activity-Id
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
Host
X-Daa-Tunnel
X-Ab
X-Contextid
X-Git-Hash
X-Page-Id
Section-Io-Cache
Server-Name
X-RateLimit-Remaining
X-Content-Options
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-VCache
X-Frontend
X-Ser
X-Cache-Age
X-Upgrade-Enabled
MicrosoftSharePointTeamServices
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Access-Control-Allow-Method
X-Fastcgi-Cache
X-Release
X-Aspnetmvc-Version
Accept-Charset
X-Hits
ServerID
X-Source
X-Mobile-URL
X-DIS-Request-ID
X-Route-Name
X-Request-Guid
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Varnish-Age
X-B-Cache
X-Cache-Action
X-B3-Sampled
X-Signature
Healthy
Viewport
Payment
Paypal-Debug-Id
X-FB-Debug
X-Varnish-Grace
X-Varnish-Backend
X-Whom
Fastcgi-Useragent
X-TT
X-AOL-HN
X-Yandex-Sdch-Disable
X-App-Environment
X-CACHE-GROUP
X-Respond-Thread
Node
X-WebKit-CSP-Report-Only
X-Load-Cache
DynaTrace
X-Mobile
DC
X-Tt-Trace-Tag
X-Tt-Trace-Host
Version
Filterid
X-Seen-By
X-Distributor
X-N
X-User-Agent
SRV
X-HTML-Minification-Powered-By
X-Cache-Control
Frame-Options
X-Type
Retry-After
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-HP-Trace-Id
Refresh
MS-CV
X-Jobs
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Server
X-FW-Dynamic
X-FW-Hash
X-Original-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Ua-Device
X-Response-Served-From
X-NGENIX-Cache
X-Cache-Expired-At
X-UUID
X-Node-Name
X-Azure-Ref
X-Page-View
X-Adobe-Content
X-Adobe-Loc
X-Debug-IsPreview
X-Instance
X-Debug-IsConnected
X-Proxy-Cache-Status
X-Real-IP
X-Varnish-Server
X-Region
X-Tumblr-Pixel-1
X-Cluster-Name
X-Tumblr-User
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-B
NGB
X-IPLB-Instance
X-Vgn-Hpd-Reason
X-RemovedCookies
X-ProcessESI
X-G
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cacheable-TTL
X-XRDS-LOCATION
X-Aws-Lambda-Call-Status
X-CDN-Forward
X-Device-Type
X-RTag
Ms-Operation-Id
Access-Control-Request-Headers
X-Framework
X-Oracle-Dms-Rid
X-Cache-Time
X-Content-Powered-By
X-Proxy
X-Zen-Fury
X-IPS-LoggedIn
X-Cache-Hit
Uber-Trace-Id
SD-X-WS
Referer-Policy
Liferay-Portal
X-Cache-Rule
X-Parallel-Accel
Cache-Status
X-Ms-Version
X-Is-Bot
X-Drupal-Cache-Tags
X-Ms-Request-Id
X-Rendered-As
X-EdgeConnect-Cache-Status
X-Wix-Request-Id
X-Time
X-App-Server
Section-Io-Origin-Status
X-Mg-Request-UUID
Section-Origin-Responded
Countrycode
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-RateLimit-Limit
X-Environment-Context
X-Debug
X-L-Path
X-Revision
X-Yottaa-Metrics
X-Yottaa-Optimizations
S-Cnection
Country
CF-IPCountry
X-Accel-Buffering
X-B3-Traceid
Count-Hit
X-Cache-Operation
X-TA-CDN-Provider
X-Nginx-Cache
X-APP-VERSION
X-Microsite
X-Request-Handler-Origin-Region
X-Drupal-Cache-Contexts
X-FW-Version
Akamai-GRN
Cache
AR-PoweredBy
X-UPSTREAM-Address
X-RN-RSRV
X-Endurance-Cache-Level
Meta-Geo
X-SaId
Ar-Sid
AR-ATIME
X-GG-Cache-Date
X-ES-SERVER
AR-Request-ID
AR-CACHE
X-JoinUs
X-Loop
X-Adobe-Source
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Cache-TTL-Remaining
X-TNCMS
X-LAGOON
GEO-INFO
From-Origin
X-Cache-Type
Surrogate-Key
X-Human
Azure-SiteName
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Country-Code
Azure-Version
Fastly-SSL
X-OCL
X-Sql-Count
X-R9-Blue-Green-Version
X-Sql-Duration-Ms
X-S-Maxage
X-PCL
X-Varnish-Beresp-Grace
X-NYM-Debug-Backend
X-Request-Time
Decoy-Debug-TTL
X-Sorting-Hat-ShopId
X-Pubstack
X-B3-SpanId
X-VWS-Id
X-ProxyCache-Status
X-Storefront-Renderer-Rendered
X-LJ-Flow-ID
X-Shopify-Stage
Cache-Tv-Group
X-RCS-CacheZone
Decoy-Debug-Key
Decoy-Debug-Status
Cache-Name
X-ShardId
Protected
X-Varnish-Hostname
Apigw-Requestid
X-ShopId
X-Sorting-Hat-PodId
X-Varnishpool
X-Labrador-Cache-Channel
X-Proto
X-Status
X-Hosted-By
X-Handled-By
X-PHP-Host
X-Be
X-Alternate-Cache-Key
X-No-Session
X-Origin-Date
X-ProxyCache-Key
X-AWS-Id
X-BYPASS-REASON
X-Timing-Wait
X-Format
Property-Id
X-Origin-Hint
Eomportal-Instance
X-Redis-Cache
Selected-Fe
X-Section
X-Server-W
X-Cache-Server
TWC-Privacy
X-Tumblr-Pixel-2
TWC-Locale-Group
X-UA-Device-Type
Webcakes-App-Name
X-Access
Webcakes-App-Version
X-Proxy-Build
X-Web-Node
X-Akamai-Edgescape
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Xfnlog-Site
X-Via-Fastly
ServedBy
Webcakes-Region
X-App-Version
X-PERF
X-Backend-Host
X-Cluster-Node
Mn-Server-Ip
X-Hyper-Cache
X-ApacheServer
X-PHP-Backend
X-Time-Microsecs
X-FB-TRIP-ID
X-Uri
Cross-Origin-Opener-Policy
X-Servername
X-Hl-Ver
X-Backend-Name
OT-Force-Account-Verify
Nel
X-ServerID
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Tumblr-Pixel-3
X-ATG-Version
X-FireWall-Port
X-Detected-As
X-Azure-Ref-OriginShield
Web-Mar-Node
X-Ua
Cross-Origin-Window-Policy
X-Generation-Time
X-Cache-Host
X-Varnish-Cache-Hits
X-Cache-PHP
Ec-Rule-Version
X-Varnish-Hits
X-Content-Age
Content-Secure-Policy
Source
X-TT-LOGID
Backend
X-Via-JSL
X-CS
X-Datadome
X-Trace-Id
X-MP-GENERATED-AT
Upgrade-Insecure-Requests
X-Forwarded-Host
X-Akamai-Transformed
X-Amz-Apigw-Id
X-WA-Info
X-Amzn-RequestId
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Content
X-Ua-Browser
X-Microcachable
X-Mode
X-Cache-Grace
X-CSRF-Token
X-SRV
Xserver
X-Soup
X-Edge-Location
X-Amzn-Remapped-Content-Length
X-Cdn
X-Cache-Enabled
X-Locale
Url
X-Rule
X-NWS-UUID-VERIFY
X-Ratelimit-Limit
X-Bc-Bl
X-Varnish-Beresp-Ttl
X-Info
X-Origin-TTL
X-Origin-CC
X-Site-Version
Content-Disposition
X-GEO
X-Tenant
X-Ratelimit-Remaining
X-Varnish-Beresp-Status
X-Extlb
X-Proxied
SID
X-DataDome
X-Zipkin-Id
X-Unique-Id
X-Routing-Service
S-Rt
X-Tb
X-Magnolia-Registration
Odigeo-Trace-Id
Path
X-Platform-Server
CDN-RequestCountryCode
X-Ratelimit-Reset
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Surrogated-Key
X-From
X-Ftr-Request-Id
Rendered-Blocks
CDN-RequestId
Req-Svc-Chain
X-Processor
X-Orig-Expires
A
Apple-News-Services-Handled
Expiry
CDN-CachedAt
CDN-EdgeStorageId
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
DCR-Decision-By
CDCHOST
BehaviorPad-Version
DCR-Processing-Time-Ms
Apple-News-Services-Request-Url
Fastcgi-X-Cache-Version
X-NAPM-TraceId
MD5-Digest
Host-ID
X-PAYTM-SRV-ID
Meta-Geo-Continent
X-PBS-Appsvrname
CDN-Cache
X-NU-AKA-ACS-Version
CDN-PullZone
Fastly-SIE
T-Server
Fastly-SWR
Mobile-Detection-Method
X-Forwarded-Path
X-A-Wwc
X-Aed
X-Aicache-OS
X-Storage
X-A-Dgt
X-Conf
X-Session-Fingerprint
X-Cache-NE
X-Tx-Id
X-A-Dcw
X-SRCache-Key
X-AIR-PT
X-BBC-Edge-Cache-Status
X-BCube-Filmed-By
X-Cache-Bucket
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Developer
X-VG-WebServer
X-Application
X-ARC
X-B-Cookie
X-Dc
X-Shop-Environment
X-Destination
X-Vtex-Remote-Cache
X-A-Dam
X-Vtex-Processado-Em
X-D
X-Vdms-Version
User-Cache-Control
X-Rewrite-Enabled
X-External-Request-Id
X-Epic-Correlation-Id
X-Rojux
CDN-Uid
X-VG-WebCache
X-A-Ccd
X-Connection-Hash
X-Request-URI
X-ScT
X-S
X-S-Cookie
X-A
X-Debug-Cache
X-EC-Lua
X-Core-Value
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Cms-Context
X-Is-Gdpr
Origin
NGX
X-Has-Esi
Pics-Label
Platform
X-Fastly-Cache
State
X-Envoy-Decorator-Operation
L
Is-Eu
X-Backend-State
X-Cache-Debug
X-Cache-Info
Fastly-Backend-Name
Fastly-Drupal-HTML
UCS
X-DPWN-IS-SECURE
X-JWT-State
Cache-Host
X-Variation
X-Request-UUID
X-Worker
X-Loc
X-VG-TLSProxy
X-M-Log
X-Cache-NGX
X-Service
X-TrackingId
X-VServer
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Cached-By
X-Origin-Expires
X-M-Reqid
Cache-Key
X-Micro-Cache
Adler-Geo
X-Men
XServer
X-Qnm-Cache
X-NCache
X-Wikidot-Static-Cache
X-Cache-Id
Vix-Hermes-Req-Id
X-Level-Front-Cache
True-Client-Country-4JS
X-Fastly-Backend
X-Rocket-Build-Number
Thinkindot-CacheControl
X-Forwarded-Site
Sever-Int
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Esi-Enabled
Thinkindot-CacheControl-Type
X-Branch-Name
TDXMobile
Thinkindot-Control
X-Served-From
X-Thanos
Cmstype
X-Block-Status
X-Auto-Login
X-Thinkindot-L3
X-Device-Os
Cf-Device-Type
Cmsid
X-Slack-Backend
X-SIPLIST1
X-Cache-Tags
Arc-Version
X-Wikidot-Backend
C-Via
X-Sigma
X-Accel-Expires-Debug
X-Sigma-Backend
X-Location
X-Esi-Check
Server-Host
M-TraceId
Locid
Location
X-Gzip
X-VC-Cache
Server-Hostname
X-Cluster
X-Scheme
X-DefElseHash
IsBot
X-Date
X-DC
X-Old-Content-Length
X-Hnp-Log
X-HN
X-Origin
X-DefHash
X-Clientip
X-Geo-Header
X-Gen-Mode
X-Generated-By
X-Bip
X-Proxy-Upstream
Fastcgi-Cache-TTL
X-Varnish-Remaining-TTL
X-Nginx-Cache-Key
Server-Ext
X-Gamma-Serve
PFcat
PB-RID
X-Generated-On
X-Developers
X-Ckpd-Fst-Backend
X-VarnishDD-TTL
PB-PID
AMP-Access-Control-Allow-Source-Origin
X-Amz-Meta-S3cmd-Attrs
X-Platform
X-Vdms-Path
X-Var-Ttl
X-Via-NSCOPI
X-RateLimit-Remaining-Second
X-GeoIP-City
X-Owner
X-GeoIP
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Skip-Cache
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Hash
Svr
X-Planisys-CDN-TTL
X-Fetched-On
X-Request-Host
X-FC-Vary-Parameters
X-Eu-Site
X-Sucuri-ID
X-Req
AKAMAI
X-Generated-In
X-Policy
X-RateLimit-Limit-Second
Arc-Country
X-Viewer-Country
X-CGP
NM-Fastcgi-Cache
Memcached
Pagetype
X-Csrf-Jwt
Server-Info
CPC-Cache
L5d-Success-Class
HA-Ipaddr
CPC-Age
DSUID
CacheControlHeader
X-LSADC-Cache
Ha-Gx-Prefs
Gh-Request-Id
V-Age
Release
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
VNS-Age
VNS-Cache
Webserver
X-Unique-ID
DataCenter
X-Clara-WADP
X-Render-Time
X-Platform-Router
X-Platform-Cluster
X-Qloud-Router
X-Platform-Processor
X-WADP-Cache
Mail-Subject
X-Rocket-Nginx-Serving-Static
X-Fmm-Version
X-GoCache-CacheStatus
We-Hiring
X-V-Cache
NtCoent-Length
Cache-Hits
X-Servedbyhost
MIME-Version
X-SD-PageType
X-Mvc-Supplant-OutputCached
X-Cache-Remote
X-Cache-Var
X-Srv
X-Cache-Var-Map
Kp-EeAlive
Environment
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-Gdpr
X-Nyt-Route
X-Origin-Time
X-API-Version
X-Datadog-Parent-Id
X-NodeID
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Zone
X-Vc
X-User
X-PJAX-URL
X-Via-Ucdn
X-Wa
X-ID
X-Webkit-CSP-Report-Only
X-Pod-Name
X-Server-IP
X-Traceid
X-NC
X-Cache-Config
Server-ID
X-App
Who
Candidate-Md5Url
X-PF-Uncompressing
X-BBC-Origin-Response-Status
WebServer
X-Varnish-Ttl
X-Refresh
X-VCL-Version
Time
Memory
X-Varnish-Url
Cluster
X-Internal-Host
X-Minions-Version
X-LB-ID
X-Webkit-Csp
X-TIME
HostName
X-CACHE-KEY
X-ZONE
X-Pass-Why
Onion-Location
Powered-By-ChinaCache
My-App
Web-Mar-Region
Geoip-Latitude
N-Cache
X-Edge-Pop
GeoIp-Country-Code
X-LI-Proto
X-Newrelic-Synthetics
X-NewRelic-App-Data
Resin-Trace
X-Cache-Ttl
X-Esi
Datacenter
X-ElasticPress-Query
Servername
X-CLOUD-TRACE-CONTEXT
X-Varnish-Cacheable
X-Tb-Optimization-Total-Bytes-Saved
Geo-Info
X-TraceId
X-Tt-Logid
X-VHOST
X-AB
X-EIG-Tracking-Id
X-Origin-Response-Time
X-OVcl
WWW-Authenticate
X-Akamai-Pragma-Client-IP
X-OVcl-Cache
X-TX-ID
CDN
Tcn
Ohc-File-Size
X-Dynatrace
X-Fpc
Cf-Bgj
X-CACHE-AGE
X-HITS
Hostname
X-Backend-TTL
Magicmarker
X-Geo
X-Tid
X-TIM-N
LB
Redirect-Candidate
Tracecode
Proxy-Connection
X-Varnish-Beresp-TTL
X-Li-Proto
X-Dynatrace-Js-Agent
X-Up
X-NODE
Cdn
X-Correlation-ID
X-Dispatcher-Server
GeoIP-Country-Code
X-Request-Start
Pramga
X-Method
X-Wix-Viewer-Type
X-Cache-Date
X-NGINX-Cache
X-HostName
X-Cdn-Origin
X-Sn-Servicetimems
X-MSEdge-Flight
X-Fastly-Request-Id
X-MSEdge-Features
X-Amz-Meta-Cb-Modifiedtime
CloudFront-Viewer-Country
Cf-Ipcountry
X-CSRF-TOKEN
X-IP
GeoIP-Latitude
X-Vcl-Version
Lb
X-Fastly-Backend-Reqs
Ssr
X-Provided-By
Is-Us
W
DB-Nickname
X-Cs
CF-Cached-On
X-UnsetCookies
X-Core-Mission
X-Reqid
X-Cache-Expires
X-APP
X-COUNTRY
Sid
X-HS-Status
Server-Id
X-Lb-Id
X-MG-S
X-Nc
X-ServerName
X-WA
X-Webkit-Csp-Report-Only
WP-Super-Cache
X-Node-Id
X-Oracle-Dms-Ecid
Cteonnt-Length
X-FORWARDED-FOR
X-Check-Cacheable
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Cache-Status-Check
X-Hcs-Proxy-Type
X-Region-Sid
X-Sucuri-Cache
X-ND-Cache
X-DynaTrace-JS-Agent
X-VC
X-Trv-Group
URI
Ohc-Cache-HIT
CountryCode
X-Moov-T
Xc-Version
Env
X-Via-CDN
X-Via-PopH
X-Pjax-Url
X-Via-PopN
X-SERVER-NAME
WZWS-RAY
X-Moov-Xdn-Version
X-Cache-Backend
X-Via-PopV
X-Ig-Push-State
Mime-Version
EpKe-Alive
X-ServedByHost
X-SN
X-Pf-Uncompressing
X-Pad
Shield-Pop
X-Acquia-Application-Trace
X-CUA
X-Cache-ASPX
X-Acquia-Application-UUID
X-Acquia-Site
X-Contensis-Viewer-Groups
CACHE
X-RAMCache
X-Edge-POP
X-Acquia-Purge-Tags
X-Fastly-Cache-Hits
X-TRACE-ID
X-Amz-Meta-Opti
User-Agent
FSS-Cache
X-Varnish-Authentication
X-LiteSpeed-Cache-Control
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Cdn-Request-ID
On-Server
X-Oss-Object-Type
X-Oss-Request-Id
X-Nginx-Upstream-Cache-Status
HIT
X-Parent-Response-Time
X-Oss-Hash-Crc64ecma
X-Dispatch
X-Oss-Storage-Class
X-Oss-Server-Time
X-DSS
X-DI
X-DB
X-DW
X-RPM
X-Swift-Error
X-Action
Vha6-Origin
X-SB
X-Webstats-RespID
X-Dw-Trace-Id
Ohc-Response-Time
X-RSL
X-RPS
Viewtype
Server-Ttl
Xet-Cookie
VivaBuild
Rt-Fastcgi-Cache
X-StackifyID
X-Cdn-Forward
X-Ftr-Viewer-Uri
X-Forwarded-Port
X-MiniProfiler-Ids
X-Env-Sha256-Sig
X-Amzn-Remapped-User-Agent
X-Amzn-Remapped-X-Forwarded-For
X-Amzn-Remapped-Host
X-Env-Stack-Name
Hit
Content-Script-Type
X-Yottaa-OS
Content-Style-Type
X-ElasticPress-Search
X-CF-Powered-By
ServerName
Req-ID
X-TH-Server