Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
X-XSS-Protection
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
X-Request-ID
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Robots-Tag
Request-Context
X-Dns-Prefetch-Control
X-Ws-Request-Id
Server-Timing
X-AH-Environment
X-Server
X-Age
X-Hacker
X-Ua-Compatible
X-Turbo-Charged-By
X-Server-Powered-By
X-Proxy-Cache
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
Grace
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Railgun
X-Vhost
X-Amz-Version-Id
X-Server-Id
X-OneAgent-JS-Injection
X-Dispatcher
NEL
X-Host
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
X-WebKit-CSP
X-Response-Time
X-Readtime
X-Akam-SW-Version
Xkey
X-Webkit-CSP
X-HW
X-Country
X-Ac
Accept-Ch-Lifetime
X-Application-Context
Content-Location
X-Language
X-Template
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-Cache-Lookup
X-Url
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-B3-TraceId
Edge-Control
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-GitHub-Request-Id
X-Content-Type
Fastly-Restarts
X-Varnish-TTL
X-Cnection
Accept-CH-Lifetime
X-Rack-Cache
X-Origin-Cache
X-ASPNET-VERSION
X-D2id
X-Country-Code
X-Use-Magma
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
Arr-Disable-Session-Affinity
X-Goog-Hash
Verso
X-VARITI-CCR
X-FastCGI-Cache
X-Server-Name
X-Cached
X-Vcap-Request-Id
Accept-Ch
X-Navigation-Version
Cache-Tag
X-Powered-By-Plesk
X-Client-IP
X-Buckets
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-ORACLE-DMS-ECID
RTSS
X-Middleton-Response
Pagespeed
X-Middleton-Display
Response
X-Sol
Display
X-Fastly-Request-ID
X-Cache-TTL
X-Ttl
Access-Control-Request-Method
X-MSEdge-Ref
X-Element-Page-Cache
X-Powered-CMS
X-NF-Request-ID
X-Dw-Request-Base-Id
Public-Key-Pins
X-Upstream
X-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ruxit-Js-Agent
X-Edge
S
X-Kinsta-Cache
X-LLID
X-Px
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Realpath
X-Accel-Expires
SPIisLatency
X-TTL
SPRequestDuration
X-SharePointHealthScore
X-Edge-Location-Klb
SPRequestGuid
X-T
X-Oneagent-Js-Injection
X-HP-Webp
X-Jurisdiction
X-MCACHE
X-Mid
X-PressLabs-Stats
X-Forwarded-Proto
X-ECACHE
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
Charset
X-Recruiting
X-Release
Edge-Cache-Tag
X-Mg-S
Pinterest-Version
X-DynaTrace
Pinterest-Generated-By
X-Pinterest-Rid
TP-Cache
TP-L2-Cache
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Correlation-Id
X-Kraken-Loop-Name
Fastcgi-Cache
X-Ezoic-Cdn
X-Amz-Server-Side-Encryption
X-Id
X-Content-Digest
X-Request-Processing-Time
X-Request-Received
Filters
X-ORACLE-DMS-RID
Nginx-Cache
Server-Node
X-Logged-In
Alternate-Protocol
Cache-Tags
X-Server-ID
Front-End-Https
X-Cache-Key
Content-MD5
X-Forwarded-For
TCN
X-Origin-Upstream-Status
Server-Name
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-Amzn-Trace-Id
X-Litespeed-Cache
X-Origin-Server
X-Grace
X-WebKit-CSP-Report-Only
X-Geo-Country
X-Hostname
X-Contextid
X-Amz-Replication-Status
X-Rid
X-F-Cache
X-Goog-Stored-Content-Length
X-AppVersion
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Metageneration
X-Activity-Id
X-Az
X-Goog-Generation
Host
Cleartype
X-HS-Content-Id
X-XRDS-LOCATION
X-HS-Cache-Config
X-Protected-By
X-HS-Hub-Id
X-Www-Served-By
X-HS-Combine-CSS
X-XRDS-Location
X-RateLimit-Remaining
X-Frontend
X-Debug-Info
Section-Io-Cache
AR-Request-ID
AR-PoweredBy
X-LB-Cache
Ar-Sid
AR-CACHE
AR-ATIME
MicrosoftSharePointTeamServices
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Ser
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Git-Hash
X-Page-Id
X-Cache-Age
X-NWS-LOG-UUID
X-Varnish-Age
Accept-Charset
X-Respond-Thread
X-Upgrade-Enabled
X-Aspnetmvc-Version
X-VCache
X-Hits
X-Content-Options
X-Source
X-DIS-Request-ID
ServerID
X-Mobile-URL
Paypal-Debug-Id
X-Varnish-Backend
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Signature
Access-Control-Allow-Method
X-B-Cache
X-Varnish-Grace
Healthy
X-Fastcgi-Cache
Nel
Payment
X-Cache-Action
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Flags
X-Route-Name
X-FB-Debug
X-Aspnet-Duration-Ms
X-Microsite
X-Request-Handler-Origin-Region
X-Daa-Tunnel
Viewport
X-B3-Sampled
X-Whom
X-TT
X-N
Node
X-AOL-HN
X-CACHE-GROUP
X-App-Environment
X-Seen-By
X-Type
X-Load-Cache
Version
Fastcgi-Useragent
X-Mobile
DC
MS-CV
DynaTrace
X-Yandex-Sdch-Disable
X-Cache-Expired-At
X-HTML-Minification-Powered-By
Filterid
X-Distributor
SRV
X-Ab
X-Cache-Control
X-IPLB-Instance
X-Webkit-Csp
Retry-After
X-Response-Served-From
X-Tt-Trace-Host
X-Original-Request-Id
X-Tt-Trace-Tag
X-Real-IP
Frame-Options
X-UUID
X-Instance
NGB
X-Tumblr-Pixel
X-FireWall-Port
X-Tumblr-Pixel-0
X-Varnish-Server
X-User-Agent
X-IPS-LoggedIn
X-RemovedCookies
X-Tumblr-User
X-Tumblr-Pixel-1
X-Proxy-Cache-Status
X-ProcessESI
X-Proxy
Access-Control-Request-Headers
X-Region
X-Device-Type
X-Cluster-Name
X-Content-Powered-By
X-Debug-IsConnected
X-Jobs
Ms-Operation-Id
X-Debug-IsPreview
X-RTag
X-B
X-Adobe-Content
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-Time
Refresh
X-Debug
X-Adobe-Loc
Uber-Trace-Id
X-Page-View
X-Cacheable-TTL
X-Framework
X-G
X-Accel-Buffering
Cache
X-Wix-Request-Id
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Dynamic
X-Zen-Fury
Countrycode
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Origin-Responded
X-Vgn-Hpd-Reason
X-RateLimit-Limit
Cache-Status
X-Nginx-Cache
X-Cache-Hit
X-NGENIX-Cache
Surrogate-Key
X-App-Version
X-Time
X-Oracle-Dms-Rid
X-TA-CDN-Provider
X-Azure-Ref
X-Drupal-Cache-Tags
X-Rendered-As
Country
X-Is-Bot
X-Mg-Request-UUID
Eomportal-Instance
S-Cnection
X-App-Server
X-EdgeConnect-Cache-Status
X-Cache-Rule
X-Ms-Version
X-Ms-Request-Id
X-Node-Name
Referer-Policy
SD-X-WS
X-CDN-Forward
Liferay-Portal
X-Drupal-Cache-Contexts
X-L-Path
X-Environment-Context
X-UPSTREAM-Address
X-Varnishpool
X-ES-SERVER
X-JoinUs
CF-IPCountry
X-Timing-Wait
From-Origin
X-Tumblr-Pixel-2
X-Cache-Operation
Selected-Fe
X-RN-RSRV
Meta-Geo
X-SaId
X-Proxy-Build
X-Shopify-Stage
X-Handled-By
X-ShopId
X-Alternate-Cache-Key
Azure-SiteName
X-Sorting-Hat-PodId
X-ShardId
Azure-InstanceId
Azure-SlotName
X-GG-Cache-Date
X-Cache-TTL-Remaining
X-Cache-Server
ServedBy
X-Endurance-Cache-Level
X-Sorting-Hat-ShopId
X-Backend-Host
Azure-RegionName
Azure-Version
Protected
X-Loop
X-Yottaa-Optimizations
X-TNCMS
X-Storefront-Renderer-Rendered
X-Yottaa-Metrics
X-Varnish-Hostname
X-Via-Fastly
X-Pubstack
X-Xfnlog-Site
X-Request-Time
X-S-Maxage
X-PHP-Backend
X-R9-Blue-Green-Version
X-No-Session
X-Be
Webcakes-Region
Webcakes-App-Version
X-Origin-Hint
X-ProxyCache-Status
Akamai-GRN
Webcakes-App-Name
X-AWS-Id
X-PCL
X-VWS-Id
AMP-Access-Control-Allow-Source-Origin
X-ProxyCache-Key
Cache-Tv-Group
Cache-Name
TWC-Privacy
X-LAGOON
X-Proto
X-Rule
X-NYM-Debug-Backend
X-LJ-Flow-ID
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-Server-W
Property-Id
X-Human
TWC-Locale-Group
Fastly-SSL
X-BYPASS-REASON
X-OCL
TWC-GeoIP-LatLong
Xserver
Decoy-Debug-Key
Decoy-Debug-Status
Country-Code
Decoy-Debug-TTL
X-Backend-Name
X-Say-Cacheable
X-Section
X-Format
X-Status
X-Say-TTL
X-Hl-Ver
X-Adobe-Source
X-Origin-Date
X-Access
X-RCS-CacheZone
X-SayCDN-TTL
Apigw-Requestid
X-Varnish-Beresp-Grace
X-Sql-Count
X-Sql-Duration-Ms
X-PHP-Host
X-Labrador-Cache-Channel
X-UA-Device-Type
X-Akamai-Edgescape
X-Cache-PHP
X-PERF
X-FB-TRIP-ID
X-ApacheServer
Mn-Server-Ip
Amp-Access-Control-Allow-Source-Origin
X-Hosted-By
X-Uri
X-Hyper-Cache
X-Redis-Cache
X-Revision
X-Web-Node
X-Trace-Id
X-Dc
X-WA-Info
X-MP-GENERATED-AT
X-FW-Version
X-Cached-By
X-ATG-Version
X-B3-SpanId
X-Ua-Device
X-Content-Age
X-Cache-Type
X-CSRF-Token
X-Time-Microsecs
X-ServerID
X-Soup
X-Cache-Enabled
X-Tumblr-Pixel-3
X-Edge-Location
X-Mode
X-Aws-Lambda-Call-Status
Backend
X-Akamai-Transformed
X-Bc-Bl
X-Info
X-Detected-As
X-Microcachable
X-Varnish-Ttl
X-SRV
X-Datadome
X-Varnish-Beresp-Status
X-Azure-Ref-OriginShield
X-Varnish-Cache-Hits
X-CS
X-Cache-Host
X-TT-LOGID
X-APP-VERSION
X-Cache-NGX
X-Parallel-Accel
Web-Mar-Node
X-Generation-Time
X-Debug-Cache
Who
X-Proxied
X-Zipkin-Id
X-Storage
X-Routing-Service
X-Platform
X-Cluster-Node
GEO-INFO
DataCenter
X-Varnish-Hits
OT-Force-Account-Verify
Count-Hit
X-Amzn-Remapped-Content-Length
Cross-Origin-Opener-Policy
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Unique-ID
X-Via-JSL
X-DataDome
X-CACHE-KEY
X-Extlb
X-Locale
Server-Info
X-Varnish-Beresp-Ttl
X-Servername
X-B3-Traceid
X-Origin-CC
X-Origin-TTL
MD5-Digest
Fastcgi-X-Cache-Version
Meta-Geo-Continent
Fastly-Backend-Name
Host-ID
M-TraceId
Mobile-Detection-Method
CDN-Cache
BehaviorPad-Version
Cache-Host
CDCHOST
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
A
Apple-News-Services-Handled
Apple-News-Services-Host
Odigeo-Trace-Id
CDN-CachedAt
Content-Disposition
DCR-Decision-By
DCR-Processing-Time-Ms
CDN-Uid
CDN-RequestId
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
Expiry
X-Cms-Context
X-Ratelimit-Reset
X-Proxy-Upstream
X-Request-URI
X-Rewrite-Enabled
X-Rojux
X-Processor
X-PBS-Appsvrname
X-Level-Front-Cache
X-Geo-Header
X-Location
X-NAPM-TraceId
X-PAYTM-SRV-ID
X-S
X-S-Cookie
X-VG-WebCache
X-Vdms-Version
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Vdms-Path
X-Thanos
X-Service
X-ScT
X-Session-Fingerprint
X-SRCache-Key
X-Sucuri-ID
X-Generated-On
X-From
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Aed
X-Application
X-A-Dam
X-A-Ccd
State
Req-Svc-Chain
Surrogated-Key
T-Server
X-A
X-ARC
X-B-Cookie
X-Destination
X-D
X-Developer
X-Epic-Correlation-Id
X-External-Request-Id
X-Core-Value
X-Connection-Hash
X-Bip
X-BCube-Filmed-By
X-Cache-Bucket
X-Cache-NE
X-CF-Lambda-Version
Rendered-Blocks
X-CF-Lambda-Fn
X-Magnolia-Registration
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Tb
X-AIR-PT
Upgrade-Insecure-Requests
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Req
X-Date
Origin
Location
Memcached
L
Fastly-SIE
Fastly-SWR
Fastly-Drupal-HTML
SID
Fastcgi-Cache-TTL
X-Served-From
X-Scheme
Pagetype
Kp-EeAlive
X-Rocket-Build-Number
Gh-Request-Id
X-Request-UUID
PFcat
X-Backend-State
X-Site-Version
X-Gamma-Serve
X-Accel-Expires-Debug
X-Branch-Name
X-Cache-Debug
X-Developers
X-Clientip
X-Envoy-Decorator-Operation
X-GoCache-CacheStatus
X-Has-Esi
Server-Host
X-NU-AKA-ACS-Version
X-Origin
X-Sigma
X-JWT-State
X-Is-Gdpr
X-Hash
X-HN
UCS
Path
X-Platform-Server
X-VG-TLSProxy
X-TrackingId
Cmsid
X-VarnishDD-TTL
AKAMAI
X-Varnish-Url
Esi-Enabled
CacheControlHeader
Cmstype
X-Var-Ttl
X-Minions-Version
X-Aicache-OS
X-Sigma-Backend
User-Cache-Control
X-Cluster
Source
X-Device-Os
Thinkindot-Control
Adler-Geo
Thinkindot-CacheControl-Type
X-VC-Cache
True-Client-Country-4JS
X-TX-ID
X-LI-UUID
X-Loc
X-Men
X-Li-Pop
X-Csrf-Jwt
TDXMobile
Vix-Hermes-Req-Id
Svr
Thinkindot-CacheControl
Wxu-Next-Commit
X-Fastly-Backend
X-Fastly-Cache
X-Fmm-Version
X-DPWN-IS-SECURE
X-Cache-Grace
X-Cache-Tags
X-Cache-Info
X-Eu-Site
X-WADP-Cache
X-CGP
X-Clara-WADP
Wxu-Next-Region
Wxu-Next-Hostname
X-Generated-In
X-Micro-Cache
X-Forwarded-Site
X-Viewer-Country
X-Generated-By
We-Hiring
X-Li-Fabric
X-Thinkindot-L3
L5d-Success-Class
X-SVT-ORM-VERSION
X-Request-Host
X-Amz-Meta-S3cmd-Attrs
X-RateLimit-Limit-Second
X-Variation
X-RateLimit-Remaining-Second
Cf-Device-Type
Is-Eu
DSUID
Ec-Rule-Version
X-NWS-UUID-VERIFY
X-SVT-ORM-RULES
Ha-Gx-Prefs
X-VHOST
HA-Ipaddr
X-Policy
Mail-Subject
Arc-Country
NM-Fastcgi-Cache
X-Owner
Platform
Pics-Label
NGX
PB-PID
PB-RID
X-Origin-Expires
C-Via
Arc-Version
NtCoent-Length
X-EC-Lua
X-DefHash
X-DefElseHash
X-Wikidot-Static-Cache
X-Ratelimit-Limit
X-Nginx-Cache-Key
X-Varnish-Remaining-TTL
X-Skip-Cache
X-SIPLIST1
X-Esi-Check
X-Slack-Backend
X-Fetched-On
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GeoIP-City
X-GeoIP
X-Hnp-Log
X-Qloud-Router
Webserver
X-Gzip
X-PF-Uncompressing
X-Mvc-Supplant-Cachable
X-User
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-FC-Vary-Parameters
X-VServer
X-Forwarded-Host
X-Via-NSCOPI
X-Gen-Mode
X-Irp-Debug
X-Wikidot-Backend
X-Old-Content-Length
X-HP-Trace-Id
V-Age
CPC-Age
X-Block-Status
My-App
Server-Hostname
CPC-Cache
Release
Server-Ext
Locid
IsBot
X-Cache-Id
Cache-Key
X-Ua
S-Rt
Sever-Int
VNS-Cache
VNS-Age
Geo-Info
X-Pass-Why
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Tenant
X-Planisys-CDN-Cache
X-Shop-Environment
X-HS-Content-Campaign-Id
Cache-Hits
Cross-Origin-Window-Policy
Url
X-Forwarded-Path
X-Orig-Expires
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Via-Poph
X-Via-Popv
Powered-By-ChinaCache
X-Vc
Content-Secure-Policy
X-Unique-Id
X-PJAX-URL
X-Mvc-Supplant-OutputCached
X-Via-Popn
MIME-Version
X-Ratelimit-Remaining
X-Ftr-Request-Id
X-TraceId
X-Internal-Host
X-Refresh
X-Cache-Ttl
X-Srv
X-Zone
X-Conf
X-OVcl-Cache
X-OVcl
XServer
X-GEO
Cf-Bgj
X-BBC-Edge-Cache-Status
X-TIME
X-LB-ID
X-NC
DB-Nickname
Tcn
X-ID
X-Backend-TTL
X-ZONE
X-Ckpd-Fst-Backend
X-Worker
Magicmarker
X-NCache
X-Geo
WebServer
GeoIp-Country-Code
Geoip-Latitude
X-Auto-Login
Time
HostName
Memory
Server-ID
X-Servedbyhost
X-NewRelic-App-Data
X-LSADC-Cache
X-V-Cache
X-Dispatcher-Server
X-Correlation-ID
X-Method
X-Render-Time
X-Rocket-Nginx-Serving-Static
X-DC
X-Platform-Router
X-IP
X-M-Log
X-M-Reqid
X-Platform-Processor
X-Newrelic-Synthetics
Hostname
X-Tb-Optimization-Total-Bytes-Saved
X-Platform-Cluster
X-Qnm-Cache
Ssr
X-Traceid
Resin-Trace
X-Cache-Remote
X-SD-PageType
X-Wa
X-App
X-CLOUD-TRACE-CONTEXT
X-Li-Proto
X-Tx-Id
LB
X-Datadog-Parent-Id
Environment
X-Datadog-Sampling-Priority
X-Nc
X-Datadog-Trace-Id
X-Vcl-Version
X-BBC-Origin-Response-Status
X-Trv-Group
X-Cache-Config
X-Nyt-Route
X-API-Version
X-NodeID
X-Gdpr
X-Origin-Time
Ohc-File-Size
X-Node-Id
X-Pod-Name
X-Dynatrace
X-MSEdge-Flight
X-MSEdge-Features
X-CACHE-AGE
X-HITS
X-Server-IP
X-Edge-Pop
X-Via-CDN
Cluster
X-VCL-Version
X-Origin-Response-Time
X-HOST
X-Via-Ucdn
X-Varnish-Beresp-TTL
X-DynaTrace-JS-Agent
Env
X-APP
Candidate-Md5Url
X-ServerName
Cf-Ipcountry
X-WA
X-Cache-Var
X-Reqid
X-Cache-Var-Map
X-LI-Proto
X-Akamai-Pragma-Client-IP
Datacenter
Web-Mar-Region
CF-Cached-On
N-Cache
Sid
X-FTR-Request-ID
X-Cdn-Forward
X-ND-Cache
X-ElasticPress-Query
X-Wix-Viewer-Type
X-HostName
X-Webkit-CSP-Report-Only
VivaBuild
X-HS-Status
X-Fastly-Request-Id
Rt-Fastcgi-Cache
Viewtype
X-Cs
CDN
Machine
Proxy-Connection
Server-Id
GeoIP-Country-Code
GeoIP-Latitude
X-Dynatrace-Js-Agent
X-ServedByHost
FSS-Cache
WWW-Authenticate
X-Varnish-Cacheable
Servername
Cdn
X-NGINX-Cache
Onion-Location
X-Fastly-Backend-Reqs
On-Server
X-EIG-Tracking-Id
X-Lb-Id
WZWS-RAY
X-URL
X-Swa-Ws
X-Check-Cacheable
X-Xrds-Location
Ohc-Cache-HIT
X-Esi
X-CSRF-TOKEN
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Cache-Backend
Mime-Version
X-Oss-Request-Id
X-Oss-Server-Time
X-Via-PopV
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-Via-PopH
X-Via-PopN
X-IN-APIGATEWAY
X-Pjax-Url
X-Country-Code-Real
Xc-Version
X-IN-APIGATEWAYSSL
X-VC
X-ECache
X-Ua-Browser
X-CCM
X-Content
Shield-Pop
Cteonnt-Length
X-Tid
X-Swift-Error
X-AB
URI
Tracecode
X-Request-Start
X-TIM-N
CountryCode
Redirect-Candidate
X-Fpc
X-SN
X-MG-S
Server-Ttl
X-FORWARDED-FOR
X-Tt-Logid
X-Air-Pt
CACHE
X-Cache-ASPX
X-Varnish-Authentication
X-Up
Lb
X-CUA
X-Contensis-Viewer-Groups
X-StackifyID
ServerName
Ohc-Response-Time
X-Action
X-DB
X-Fastly-Cache-Hits
X-DSS
X-DW
X-RPM
X-RPS
Vha6-Origin
X-RSL
X-FTR-Expires
X-DI
Warning
X-Acquia-Site
X-Webstats-RespID
X-Pf-Uncompressing
X-Acquia-Purge-Tags
X-Amz-Meta-Cb-Modifiedtime
X-SB
X-Region-Sid
X-Cache-Date
Instruction
X-LiteSpeed-Cache-Control
X-Snapshot-Date
X-Yottaa-OS
X-Acquia-Application-Trace
Pramga
Is-Us
Xet-Cookie
WP-Super-Cache
SR-User-Adfree
X-Dw-Trace-Id
X-ElasticPress-Search
X-Acquia-Application-UUID
PICS-Label
X-FPC
X-Hcs-Proxy-Type
X-Apw-Access-Object
X-C
X-Cache-Expires
X-MiniProfiler-Ids
X-TH-Server
X-UnsetCookies
X-Depends-On
X-Mg-Request-Id
X-Cache-Status-Check
X-Apw-Hits
X-Apw-Access-Action
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Pad
X-Apw-Access-Token