Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
ETag
X-XSS-Protection
Pragma
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
P3p
X-Generator
X-Request-ID
X-Cacheable
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Upgrade
X-Dns-Prefetch-Control
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
Server-Timing
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Backend
X-Amz-Request-Id
X-Cache-Group
X-Amz-Id-2
Host-Header
EagleId
X-Nginx-Cache-Status
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
Grace
X-Page-Speed
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-Device
X-Vhost
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
NEL
X-Dispatcher
X-OneAgent-JS-Injection
Cf-Railgun
X-Host
X-WebKit-CSP
X-Cache-Spec
X-Server-Id
X-CST
X-Node
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
Request-Id
Surrogate-Control
X-Readtime
Accept-CH
X-Akam-SW-Version
X-Response-Time
Accept-Ch-Lifetime
Xkey
X-HW
X-Language
X-Template
X-Application-Context
X-Country
X-Ac
X-Ruxit-JS-Agent
Content-Location
X-Cache-Lookup
X-Cloud-Trace-Context
Rating
MS-Author-Via
X-Url
X-Webkit-CSP
Edge-Control
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-Mod-Pagespeed
X-Varnish-TTL
X-B3-TraceId
X-Trace
Fastly-Restarts
X-Content-Type
X-Rack-Cache
X-MS-InvokeApp
X-Buckets
X-Origin-Cache
X-ESI
X-GitHub-Request-Id
Accept-Ch
X-Cnection
X-Country-Code
X-Goog-Hash
Verso
X-D2id
X-VARITI-CCR
X-ORACLE-DMS-ECID
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
Arr-Disable-Session-Affinity
X-Kinja-Build
X-FastCGI-Cache
Cache-Tag
X-Vcap-Request-Id
X-Cached
Service-Worker-Allowed
X-Server-Name
X-Abt-Application-Version
X-Px
Accept-CH-Lifetime
X-Server-ID
X-Client-IP
X-Amz-Rid
X-Navigation-Version
X-Cache-TTL
Public-Key-Pins
RTSS
X-Powered-By-Plesk
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-MSEdge-Ref
Access-Control-Request-Method
X-Element-Page-Cache
X-Powered-CMS
X-Fastly-Request-ID
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Upstream
X-Version
X-TTL
X-Sol
X-Middleton-Display
Display
Pagespeed
Response
X-Middleton-Response
S
X-Edge-Location-Klb
X-Kinsta-Cache
X-Edge
X-LLID
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
Mrf-Cache-Status
MRF-Tech
X-Cache-Key
X-B3-TraceId-Primal
X-Ttl
X-Accel-Expires
X-Jurisdiction
X-HP-Webp
X-Shield-Request-Id
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-ECACHE
X-Correlation-Id
Realpath
X-ORACLE-DMS-RID
X-T
X-DynaTrace
X-SharePointHealthScore
X-Litespeed-Cache
SPRequestGuid
X-MCACHE
X-Mid
X-PressLabs-Stats
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
SPIisLatency
SPRequestDuration
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Mg-S
X-Content-Digest
Nginx-Cache
X-XRDS-Location
X-Forwarded-Proto
TP-Cache
TP-L2-Cache
X-Recruiting
Charset
X-Oneagent-Js-Injection
X-Request-Processing-Time
X-Request-Received
Front-End-Https
TCN
Server-Node
X-Ruxit-Js-Agent
Alternate-Protocol
X-Logged-In
X-Id
Filters
X-CACHE-GROUP
Content-MD5
X-Geo-Country
X-Forwarded-For
X-Ezoic-Cdn
X-Protected-By
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Source
X-ASPNET-VERSION
Cache-Tags
X-Hostname
X-NWS-LOG-UUID
X-Origin-Upstream-Status
X-Amzn-Trace-Id
X-Grace
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-F-Cache
X-Debug-Info
Cleartype
X-Www-Served-By
X-Amz-Replication-Status
X-Ab
X-Origin-Server
X-Rid
X-HS-Cache-Config
X-LB-Cache
X-Az
X-HS-Content-Id
X-Activity-Id
X-HS-Hub-Id
X-AppVersion
X-HS-Combine-CSS
Host
X-Daa-Tunnel
X-Contextid
X-RateLimit-Remaining
X-Git-Hash
X-Page-Id
Section-Io-Cache
X-Erf-Bev-Bev-Is-Generated
Server-Name
X-Erf-Bev-Bev
X-VCache
X-Browser-Type
X-Frontend
X-Ser
X-Aspnetmvc-Version
X-Content-Options
X-Release
MicrosoftSharePointTeamServices
X-Upgrade-Enabled
X-Cache-Age
X-Kong-Upstream-Latency
Access-Control-Allow-Method
Accept-Charset
X-Kong-Proxy-Latency
ServerID
X-Hits
X-Source
X-Mobile-URL
X-DIS-Request-ID
X-Is-Crawler
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Respond-Thread
X-Request-Guid
X-Flags
X-B-Cache
X-Route-Name
X-Signature
X-Cache-Action
X-Varnish-Age
X-WebKit-CSP-Report-Only
X-Whom
Healthy
X-Varnish-Backend
Viewport
X-FB-Debug
Payment
Paypal-Debug-Id
X-Varnish-Grace
X-B3-Sampled
X-AOL-HN
Fastcgi-Useragent
X-TT
X-Fastcgi-Cache
X-App-Environment
X-Yandex-Sdch-Disable
Node
DynaTrace
X-Load-Cache
X-Mobile
Version
X-Tt-Trace-Tag
DC
X-Tt-Trace-Host
X-Seen-By
Filterid
X-Distributor
SRV
X-N
X-XRDS-LOCATION
X-HTML-Minification-Powered-By
X-User-Agent
X-Cache-Control
X-Tec-Api-Root
X-Type
X-Tec-Api-Version
X-Tec-Api-Origin
Frame-Options
Retry-After
X-Jobs
MS-CV
Refresh
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Server
X-FW-Dynamic
X-FW-Hash
X-Original-Request-Id
X-Response-Served-From
X-HP-Trace-Id
X-Cache-Expired-At
X-UUID
X-Node-Name
X-Page-View
X-Adobe-Loc
X-Adobe-Content
Amp-Access-Control-Allow-Source-Origin
X-Region
X-Real-IP
X-Debug-IsConnected
X-Debug-IsPreview
X-Varnish-Server
X-Instance
X-Azure-Ref
X-Proxy-Cache-Status
X-IPLB-Instance
NGB
X-Cluster-Name
X-Tumblr-User
X-B
X-ProcessESI
X-G
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Vgn-Hpd-Reason
X-RemovedCookies
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Cacheable-TTL
X-Tumblr-Pixel
X-CDN-Forward
X-Cache-Time
Access-Control-Request-Headers
X-Framework
X-Proxy
X-Content-Powered-By
X-RTag
Ms-Operation-Id
X-Aws-Lambda-Call-Status
X-NGENIX-Cache
X-Device-Type
X-Cache-Hit
X-Zen-Fury
X-IPS-LoggedIn
Uber-Trace-Id
X-Cache-Rule
SD-X-WS
Referer-Policy
X-Parallel-Accel
Liferay-Portal
Cache-Status
X-Is-Bot
X-Rendered-As
X-Ms-Request-Id
X-Drupal-Cache-Tags
X-Ms-Version
X-Wix-Request-Id
X-Oracle-Dms-Rid
X-Time
Section-Origin-Responded
X-EdgeConnect-Cache-Status
Section-Io-Origin-Status
Section-Io-Id
X-Mg-Request-UUID
Section-Io-Origin-Time-Seconds
Countrycode
X-App-Server
X-L-Path
S-Cnection
X-Revision
X-Environment-Context
X-Debug
X-RateLimit-Limit
X-Accel-Buffering
Country
X-Yottaa-Metrics
X-APP-VERSION
X-Yottaa-Optimizations
CF-IPCountry
X-Nginx-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Operation
Count-Hit
Ar-Sid
AR-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
X-FW-Version
X-Drupal-Cache-Contexts
Cache
X-TNCMS
X-TA-CDN-Provider
X-UPSTREAM-Address
X-SaId
X-RN-RSRV
X-JoinUs
X-Loop
X-ES-SERVER
Meta-Geo
Akamai-GRN
X-GG-Cache-Date
X-Cache-Type
X-Adobe-Source
X-Say-Cacheable
X-Endurance-Cache-Level
X-SayCDN-TTL
X-Say-TTL
From-Origin
X-Cache-TTL-Remaining
X-LAGOON
GEO-INFO
Surrogate-Key
X-Sql-Duration-Ms
X-NYM-Debug-Backend
Protected
X-Varnish-Beresp-Grace
Azure-Version
X-Request-Time
Country-Code
Fastly-SSL
X-PCL
X-OCL
X-R9-Blue-Green-Version
Azure-InstanceId
X-S-Maxage
Azure-RegionName
X-Human
X-Sql-Count
Azure-SlotName
Azure-SiteName
X-Proto
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Shopify-Stage
X-AWS-Id
X-Alternate-Cache-Key
X-No-Session
Apigw-Requestid
X-Sorting-Hat-ShopId
Cache-Name
X-Origin-Date
Cache-Tv-Group
X-Pubstack
X-Status
X-LJ-Flow-ID
X-Xfnlog-Site
X-VWS-Id
X-Hosted-By
X-Varnish-Hostname
X-PHP-Host
X-Varnishpool
X-RCS-CacheZone
X-Handled-By
Decoy-Debug-Key
ServedBy
X-Be
X-Storefront-Renderer-Rendered
Decoy-Debug-Status
X-Labrador-Cache-Channel
Decoy-Debug-TTL
TWC-Connection-Speed
X-Format
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
X-Origin-Hint
Eomportal-Instance
X-Redis-Cache
TWC-Locale-Group
Selected-Fe
X-Server-W
X-ProxyCache-Key
X-Tumblr-Pixel-2
X-ProxyCache-Status
X-Timing-Wait
X-UA-Device-Type
X-Cache-Server
X-Hyper-Cache
X-Web-Node
X-Via-Fastly
X-Proxy-Build
TWC-Privacy
X-BYPASS-REASON
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
X-Akamai-Edgescape
X-Access
TWC-GeoIP-LatLong
X-Section
X-PHP-Backend
X-PERF
Nel
Mn-Server-Ip
X-ApacheServer
X-Cluster-Node
X-Backend-Host
X-Uri
X-FB-TRIP-ID
X-Time-Microsecs
X-Backend-Name
X-App-Version
X-Servername
X-Hl-Ver
X-Ua-Device
X-B3-SpanId
OT-Force-Account-Verify
X-ServerID
Cross-Origin-Opener-Policy
X-FireWall-Port
X-B3-Traceid
X-ATG-Version
X-Tumblr-Pixel-3
X-Detected-As
X-Azure-Ref-OriginShield
Cross-Origin-Window-Policy
Web-Mar-Node
X-Cache-PHP
X-TEC-API-ROOT
X-Ua
X-TEC-API-VERSION
X-Cache-Host
X-Varnish-Cache-Hits
X-Generation-Time
X-TEC-API-ORIGIN
X-Content-Age
Backend
X-Varnish-Hits
Ec-Rule-Version
X-Datadome
Content-Secure-Policy
X-Trace-Id
X-Via-JSL
Source
X-CSRF-Token
X-MP-GENERATED-AT
X-TT-LOGID
X-WA-Info
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Akamai-Transformed
X-Cdn
X-CS
X-Cache-Grace
Upgrade-Insecure-Requests
X-Ratelimit-Limit
X-Microcachable
X-Soup
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-SRV
X-Cache-Enabled
X-Mode
X-Forwarded-Host
Url
X-Rule
X-Locale
X-Bc-Bl
X-NWS-UUID-VERIFY
Xserver
X-Origin-TTL
X-Edge-Location
X-Unique-Id
X-Info
X-Origin-CC
X-Ua-Browser
X-Content
S-Rt
X-Site-Version
Content-Disposition
X-GEO
X-Varnish-Beresp-Status
X-Dc
X-Tb
X-Magnolia-Registration
X-Varnish-Beresp-Ttl
Host-ID
X-External-Request-Id
X-ARC
X-Epic-Correlation-Id
X-Forwarded-Path
CDN-Uid
X-AIR-PT
X-Aicache-OS
X-Aed
X-Ftr-Request-Id
X-From
X-CF-Lambda-Fn
X-Application
X-B-Cookie
X-Rewrite-Enabled
X-Extlb
X-CF-Lambda-Version
X-Conf
X-BCube-Filmed-By
X-Connection-Hash
Apple-News-Services-Request-Url
Expiry
X-SRCache-Key
DCR-Processing-Time-Ms
A
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Cache-Bucket
DCR-Decision-By
X-D
X-BBC-Edge-Cache-Status
Fastly-SIE
BehaviorPad-Version
Fastly-SWR
X-Shop-Environment
X-Request-URI
X-Developer
CDN-RequestId
X-Tenant
Fastcgi-X-Cache-Version
X-Debug-Cache
X-Destination
X-Session-Fingerprint
Meta-Geo-Continent
X-Processor
X-NAPM-TraceId
X-Rojux
X-NU-AKA-ACS-Version
X-Vtex-Remote-Cache
X-Proxied
X-ScT
CDN-CachedAt
Rendered-Blocks
X-Storage
Req-Svc-Chain
X-Routing-Service
X-Orig-Expires
T-Server
X-Platform-Server
X-Cached-By
X-PAYTM-SRV-ID
X-PBS-Appsvrname
Surrogated-Key
State
CDN-EdgeStorageId
X-S-Cookie
X-Vtex-Processado-Em
X-S
X-Vdms-Version
CDN-Cache
Apple-News-Services-Handled
X-A-Wwc
X-A-Dgt
Mobile-Detection-Method
X-Rebelmouse-Surrogate-Control
MD5-Digest
X-VG-WebServer
CDN-PullZone
CDN-RequestCountryCode
X-VG-WebCache
User-Cache-Control
X-Rebelmouse-Cache-Control
X-Ratelimit-Reset
X-A-Ccd
Path
X-A
CDCHOST
X-Zipkin-Id
X-Cache-NE
X-A-Dcw
Odigeo-Trace-Id
X-A-Dam
X-DataDome
X-Tx-Id
X-EC-Lua
SID
X-Service
NGX
X-Accel-Expires-Debug
Origin
Pics-Label
UCS
Platform
M-TraceId
L
X-Request-UUID
X-Cache-Debug
Fastly-Backend-Name
X-Backend-State
Is-Eu
X-Cache-Info
X-SVT-ORM-VERSION
X-JWT-State
X-TrackingId
XServer
X-Date
X-Li-Fabric
X-Is-Gdpr
X-Has-Esi
X-Fastly-Cache
X-Variation
Cache-Key
X-Envoy-Decorator-Operation
X-VG-TLSProxy
X-Core-Value
X-SVT-ORM-RULES
Cache-Host
X-VServer
X-Origin-Expires
Adler-Geo
X-Fastly-Backend
X-Men
X-Worker
X-Li-Pop
X-LI-UUID
X-Loc
X-Cache-NGX
X-M-Log
X-M-Reqid
X-Ratelimit-Remaining
X-Micro-Cache
AMP-Access-Control-Allow-Source-Origin
X-NCache
X-Block-Status
Vix-Hermes-Req-Id
X-Location
VNS-Age
VNS-Cache
X-Cms-Context
X-Cluster
X-Proxy-Upstream
X-Nginx-Cache-Key
X-Origin
X-Cache-Id
X-Cache-Tags
X-Clientip
Thinkindot-CacheControl-Type
X-Old-Content-Length
X-Branch-Name
Thinkindot-Control
X-Rocket-Build-Number
X-Bip
X-Auto-Login
X-DPWN-IS-SECURE
X-Geo-Header
X-Generated-On
X-Generated-By
X-Forwarded-Site
X-Gamma-Serve
X-Gen-Mode
X-Gzip
X-Device-Os
X-Level-Front-Cache
Thinkindot-CacheControl
X-Esi-Check
X-RateLimit-Remaining-Second
X-Developers
X-Hash
X-HN
X-Hnp-Log
X-RateLimit-Limit-Second
Locid
Cmstype
Cmsid
Cf-Device-Type
X-Sigma-Backend
CPC-Age
CPC-Cache
IsBot
Fastcgi-Cache-TTL
Esi-Enabled
X-Sigma
X-VC-Cache
X-VarnishDD-TTL
X-Thanos
X-Thinkindot-L3
X-Var-Ttl
TDXMobile
X-Scheme
X-Qnm-Cache
C-Via
Arc-Version
X-SIPLIST1
X-Slack-Backend
Location
Fastly-Drupal-HTML
X-Via-NSCOPI
PB-RID
PB-PID
X-Wikidot-Backend
PFcat
X-Served-From
Sever-Int
Server-Hostname
Server-Host
Server-Ext
X-Wikidot-Static-Cache
X-Viewer-Country
X-Amz-Meta-S3cmd-Attrs
X-Platform
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Skip-Cache
X-FC-Vary-Parameters
X-Varnish-CookieHashed-On
X-HS-Content-Campaign-Id
X-Eu-Site
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Owner
X-DC
X-GeoIP-City
X-GoCache-CacheStatus
X-Planisys-CDN-TTL
X-Mvc-Supplant-Cachable
X-Policy
X-WADP-Cache
X-Req
X-Irp-Debug
Svr
X-Generated-In
X-Fmm-Version
X-Vdms-Path
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-GeoIP
X-Fetched-On
X-Request-Host
L5d-Success-Class
Mail-Subject
NM-Fastcgi-Cache
HA-Ipaddr
Ha-Gx-Prefs
DSUID
Gh-Request-Id
Pagetype
Wxu-Next-Region
V-Age
True-Client-Country-4JS
Server-Info
Release
We-Hiring
Wxu-Next-Hostname
Wxu-Next-Commit
CacheControlHeader
Memcached
X-Clara-WADP
Arc-Country
X-DefElseHash
AKAMAI
X-Sucuri-ID
X-Ckpd-Fst-Backend
X-CGP
X-DefHash
X-Csrf-Jwt
NtCoent-Length
X-LSADC-Cache
DataCenter
Webserver
X-Qloud-Router
X-Platform-Router
X-Render-Time
X-V-Cache
X-Platform-Cluster
X-Platform-Processor
X-Rocket-Nginx-Serving-Static
X-Unique-ID
X-Srv
Cache-Hits
X-Mvc-Supplant-OutputCached
Kp-EeAlive
X-Servedbyhost
X-SD-PageType
X-Cache-Remote
X-Cache-Var-Map
X-Via-Poph
X-Via-Popn
X-Cache-Var
MIME-Version
Environment
X-Via-Popv
X-Gdpr
X-Nyt-Route
X-Origin-Time
X-Datadog-Parent-Id
X-NodeID
X-API-Version
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-PJAX-URL
X-User
X-ID
X-Zone
X-Via-Ucdn
X-PF-Uncompressing
X-Wa
X-Vc
X-NC
Who
X-BBC-Origin-Response-Status
X-Varnish-Ttl
WebServer
X-Minions-Version
X-Varnish-Url
X-App
X-Traceid
Candidate-Md5Url
X-Server-IP
X-Pod-Name
X-Cache-Config
Cluster
Server-ID
X-VCL-Version
X-Webkit-Csp
X-Refresh
Time
X-Internal-Host
X-TIME
Memory
X-ZONE
X-CACHE-KEY
HostName
Powered-By-ChinaCache
My-App
X-Webkit-CSP-Report-Only
X-LB-ID
X-Pass-Why
X-Newrelic-Synthetics
X-NewRelic-App-Data
Geoip-Latitude
GeoIp-Country-Code
Onion-Location
Web-Mar-Region
N-Cache
X-Esi
X-Cache-Ttl
X-CLOUD-TRACE-CONTEXT
Resin-Trace
Datacenter
X-Edge-Pop
X-ElasticPress-Query
X-Tb-Optimization-Total-Bytes-Saved
X-Tt-Logid
Geo-Info
X-LI-Proto
Servername
X-VHOST
X-TraceId
X-OVcl
X-Varnish-Cacheable
X-OVcl-Cache
X-Akamai-Pragma-Client-IP
Ohc-File-Size
Tcn
X-TX-ID
CDN
X-EIG-Tracking-Id
X-Origin-Response-Time
X-Dynatrace
X-HITS
X-CACHE-AGE
Cf-Bgj
WWW-Authenticate
X-Varnish-Beresp-TTL
Hostname
X-Backend-TTL
X-Geo
X-Li-Proto
Magicmarker
LB
X-NODE
X-TIM-N
X-Tid
X-Fpc
Redirect-Candidate
X-Correlation-ID
X-AB
X-Wix-Viewer-Type
Proxy-Connection
X-Method
Tracecode
X-Dynatrace-Js-Agent
X-Dispatcher-Server
Cdn
X-HostName
X-MSEdge-Features
X-Cache-Date
Pramga
GeoIP-Country-Code
X-Cs
X-MSEdge-Flight
X-Request-Start
Is-Us
X-Fastly-Request-Id
X-Up
Cf-Ipcountry
Sid
Server-Id
X-IP
X-Cdn-Origin
X-Sn-Servicetimems
X-Fastly-Backend-Reqs
X-Vcl-Version
GeoIP-Latitude
Ssr
X-Amz-Meta-Cb-Modifiedtime
DB-Nickname
X-NGINX-Cache
CF-Cached-On
X-CSRF-TOKEN
X-Provided-By
X-Core-Mission
W
X-HS-Status
X-COUNTRY
X-APP
X-UnsetCookies
Lb
X-MG-S
X-Cache-Expires
X-WA
X-Node-Id
X-Lb-Id
X-Reqid
Cteonnt-Length
X-Webkit-Csp-Report-Only
CloudFront-Viewer-Country
X-ServerName
X-FORWARDED-FOR
X-Nc
X-DynaTrace-JS-Agent
X-Trv-Group
X-Check-Cacheable
X-Via-PopH
X-ND-Cache
URI
X-Via-PopN
X-Via-PopV
WP-Super-Cache
X-VC
Ohc-Cache-HIT
CountryCode
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Sucuri-Cache
X-Hcs-Proxy-Type
X-Region-Sid
WZWS-RAY
X-Cache-Backend
X-Pjax-Url
X-Via-CDN
X-SERVER-NAME
Env
X-Cache-Status-Check
X-ECache
X-Pf-Uncompressing
Shield-Pop
X-ServedByHost
X-CUA
X-Moov-Xdn-Version
Mime-Version
X-Pad
X-Moov-T
X-SN
Xc-Version
X-Acquia-Site
X-Acquia-Application-Trace
X-LiteSpeed-Cache-Control
EpKe-Alive
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Ig-Push-State
User-Agent
CACHE
X-RAMCache
X-Fastly-Cache-Hits
X-Varnish-Authentication
X-Edge-POP
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Cdn-Request-ID
FSS-Cache
X-Amz-Meta-Opti
X-Webstats-RespID
X-Dw-Trace-Id
Ohc-Response-Time
Vha6-Origin
X-Action
X-SB
X-Swift-Error
VivaBuild
Viewtype
Rt-Fastcgi-Cache
Server-Ttl
X-DB
X-B3-Spanid
X-RPS
X-RSL
X-DI
Xet-Cookie
X-RPM
X-StackifyID
X-DSS
X-DW
X-Cdn-Forward
X-TRACE-ID
X-Oss-Hash-Crc64ecma
X-FPC
X-Dispatch
X-Nginx-Upstream-Cache-Status
X-Oss-Object-Type
X-Parent-Response-Time
X-UP
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
On-Server
X-ElasticPress-Search
Content-Script-Type
X-MiniProfiler-Ids
Content-Style-Type
ServerName
X-CF-Powered-By
X-TH-Server
Fastly-Drupal-Html
Hit
Req-ID
X-Yottaa-OS
HIT