Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
X-FRAME-OPTIONS
Status
Content-Encoding
Feature-Policy
X-Ua-Compatible
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
X-Robots-Tag
Server-Timing
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Dns-Prefetch-Control
X-Server-Powered-By
X-Cache-Group
X-Backend
X-Amz-Request-Id
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-UA-Device
X-Varnish-Cache
X-Page-Speed
Grace
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Cf-Railgun
X-Dispatcher
X-Host
X-CST
X-Cache-Spec
X-Node
Allow
Surrogate-Control
X-Backend-Server
Request-Id
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Webkit-CSP
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-WebKit-CSP
Accept-CH
Accept-Ch-Lifetime
Xkey
X-HW
X-Country
X-Language
X-Application-Context
X-Ruxit-JS-Agent
X-Ac
Content-Location
X-Template
MS-Author-Via
Rating
X-Cloud-Trace-Context
X-Cache-Lookup
X-Url
X-B3-TraceId
X-Mod-Pagespeed
Accept-Ch
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-Content-Type
X-GitHub-Request-Id
Fastly-Restarts
X-Server-ID
X-Rack-Cache
X-Origin-Cache
X-Cnection
X-ASPNET-VERSION
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Server
X-GoogleNews-Bot
X-Country-Code
X-Goog-Hash
X-D2id
X-VARITI-CCR
Verso
X-FastCGI-Cache
Arr-Disable-Session-Affinity
X-Buckets
Accept-CH-Lifetime
X-Server-Name
X-Cached
X-Vcap-Request-Id
Cache-Tag
X-Abt-Application-Version
X-ORACLE-DMS-ECID
X-Amz-Rid
X-Navigation-Version
X-Client-IP
Service-Worker-Allowed
X-Powered-By-Plesk
X-Fastly-Request-ID
RTSS
Access-Control-Request-Method
Public-Key-Pins
X-Powered-CMS
X-Element-Page-Cache
X-Px
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Response
X-Middleton-Display
X-Sol
X-Middleton-Response
Pagespeed
Display
X-Dw-Request-Base-Id
X-Version
X-NF-Request-ID
X-Upstream
X-Ttl
X-Cache-TTL
S
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
X-LLID
X-TTL
Realpath
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-ECACHE
X-Accel-Expires
SPRequestDuration
SPIisLatency
X-SharePointHealthScore
SPRequestGuid
X-Kraken-Loop-Name
X-Jurisdiction
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-HP-Webp
X-Cache-Key
X-MCACHE
X-Mid
X-T
X-Shield-Request-Id
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-PressLabs-Stats
X-Content-Security-Policy-Report-Only
X-Correlation-Id
X-DynaTrace
X-Forwarded-Proto
X-XRDS-Location
Edge-Cache-Tag
X-ORACLE-DMS-RID
X-Amz-Server-Side-Encryption
Fastcgi-Cache
X-Mg-S
X-Recruiting
Charset
TP-Cache
TP-L2-Cache
X-Content-Digest
Nginx-Cache
X-Id
TCN
Front-End-Https
X-Oneagent-Js-Injection
Filters
Alternate-Protocol
X-Request-Processing-Time
Server-Node
X-Logged-In
X-Ezoic-Cdn
X-Request-Received
X-Forwarded-For
Content-MD5
Cache-Tags
X-Ruxit-Js-Agent
X-Release
X-Geo-Country
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-Origin-Upstream-Status
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
X-Litespeed-Cache
X-Hostname
X-Protected-By
X-Grace
X-RateLimit-Remaining
X-Amzn-Trace-Id
X-Origin-Server
X-Goog-Generation
X-GUploader-UploadID
X-Www-Served-By
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-F-Cache
X-Amz-Replication-Status
Cleartype
Server-Name
X-Contextid
Host
X-Rid
X-Debug-Info
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-LB-Cache
X-Az
X-AppVersion
X-Activity-Id
X-NWS-LOG-UUID
Section-Io-Cache
X-Frontend
MicrosoftSharePointTeamServices
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Git-Hash
X-Page-Id
X-Cache-Age
X-Ser
X-Daa-Tunnel
X-VCache
X-Respond-Thread
X-Content-Options
Accept-Charset
X-Aspnetmvc-Version
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Hits
X-Mobile-URL
X-Source
X-WebKit-CSP-Report-Only
X-DIS-Request-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Varnish-Grace
X-B-Cache
X-Signature
X-Varnish-Age
Healthy
Payment
X-Flags
X-Whom
X-Cache-Action
X-Is-Crawler
X-FB-Debug
X-TT
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Route-Name
X-Request-Guid
X-Varnish-Backend
X-B3-Sampled
Node
ServerID
Paypal-Debug-Id
Viewport
X-CACHE-GROUP
X-App-Environment
X-AOL-HN
Version
X-N
X-Seen-By
Fastcgi-Useragent
X-Ab
DynaTrace
X-Mobile
X-Load-Cache
X-Fastcgi-Cache
AR-CACHE
AR-PoweredBy
AR-ATIME
AR-Request-ID
Ar-Sid
X-Yandex-Sdch-Disable
X-Type
DC
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-HTML-Minification-Powered-By
X-Distributor
SRV
X-Tt-Trace-Host
X-Tt-Trace-Tag
Frame-Options
MS-CV
X-Cache-Control
X-Cache-Expired-At
Retry-After
Filterid
X-Request-Handler-Origin-Region
X-Microsite
X-User-Agent
X-Jobs
X-Original-Request-Id
X-Response-Served-From
X-Adobe-Content
Refresh
X-Proxy-Cache-Status
X-Adobe-Loc
X-Real-IP
X-UUID
X-IPS-LoggedIn
X-IPLB-Instance
X-Debug-IsPreview
X-Device-Type
X-Region
X-Cacheable-TTL
X-Debug-IsConnected
Access-Control-Request-Headers
X-Varnish-Server
X-Framework
X-XRDS-LOCATION
X-G
X-B
VIX-Pulpo-Upstream-Status
X-Cluster-Name
X-Content-Powered-By
VIX-Pulpo-Node
X-Page-View
NGB
Uber-Trace-Id
X-RemovedCookies
X-Cache-Time
X-ProcessESI
X-App-Version
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-RTag
Ms-Operation-Id
X-RateLimit-Limit
X-Proxy
X-Vgn-Hpd-Reason
X-Zen-Fury
X-CDN-Forward
Countrycode
X-NGENIX-Cache
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
X-Azure-Ref
Cache-Status
Amp-Access-Control-Allow-Source-Origin
X-Time
X-Wix-Request-Id
X-Debug
X-Mg-Request-UUID
Section-Origin-Responded
Section-Io-Id
X-Accel-Buffering
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Cache
X-Node-Name
X-Cache-Rule
X-Nginx-Cache
X-Rendered-As
X-Ms-Version
X-Is-Bot
X-FireWall-Port
X-Cache-Hit
X-Ms-Request-Id
X-Oracle-Dms-Rid
X-Drupal-Cache-Tags
Liferay-Portal
SD-X-WS
Referer-Policy
Surrogate-Key
S-Cnection
X-EdgeConnect-Cache-Status
X-TA-CDN-Provider
X-App-Server
Country
X-L-Path
X-Environment-Context
X-Yottaa-Metrics
X-Cache-Operation
X-Yottaa-Optimizations
X-Aws-Lambda-Call-Status
Eomportal-Instance
X-Revision
X-RN-RSRV
X-Loop
X-ES-SERVER
Selected-Fe
X-GG-Cache-Date
Meta-Geo
From-Origin
X-JoinUs
X-Proxy-Build
X-SaId
X-Timing-Wait
X-Drupal-Cache-Contexts
X-UPSTREAM-Address
X-TNCMS
X-Varnish-Beresp-Grace
X-Cache-Type
X-Varnishpool
X-Adobe-Source
CF-IPCountry
X-Alternate-Cache-Key
X-Xfnlog-Site
X-Endurance-Cache-Level
X-ShopId
X-ShardId
X-Cache-TTL-Remaining
X-Request-Time
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
ServedBy
Cache-Name
X-PHP-Backend
X-S-Maxage
X-ProxyCache-Status
X-Say-Cacheable
X-Say-TTL
X-VWS-Id
X-SayCDN-TTL
X-ProxyCache-Key
X-Origin-Date
X-Human
X-BYPASS-REASON
X-LAGOON
X-LJ-Flow-ID
X-No-Session
X-AWS-Id
X-Varnish-Hostname
X-Backend-Host
X-Be
X-Parallel-Accel
X-FB-TRIP-ID
X-UA-Device-Type
X-R9-Blue-Green-Version
Country-Code
Apigw-Requestid
Protected
X-Handled-By
X-Akamai-Edgescape
X-RCS-CacheZone
X-Pubstack
X-NYM-Debug-Backend
X-PHP-Host
X-Via-Fastly
TWC-Device-Class
TWC-Connection-Speed
Property-Id
X-Proto
Azure-Version
Cache-Tv-Group
TWC-GeoIP-Country
Fastly-SSL
Mn-Server-Ip
X-PCL
X-OCL
X-Server-W
X-Cache-Server
X-Labrador-Cache-Channel
X-Status
X-Origin-Hint
Azure-SlotName
TWC-Privacy
X-Hl-Ver
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Sql-Count
X-Sql-Duration-Ms
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-HP-Trace-Id
X-Access
X-ApacheServer
X-Uri
X-Section
X-Format
X-Backend-Name
X-PERF
Decoy-Debug-Key
X-Hosted-By
Decoy-Debug-TTL
Akamai-GRN
X-Web-Node
Decoy-Debug-Status
Xserver
X-Hyper-Cache
X-Tumblr-Pixel-2
X-Redis-Cache
X-B3-SpanId
X-Cache-PHP
Count-Hit
GEO-INFO
Nel
X-Time-Microsecs
X-ATG-Version
X-ServerID
X-Ua-Device
X-TT-LOGID
X-Cache-Ttl
X-FW-Version
X-Trace-Id
X-WA-Info
X-Rule
X-CSRF-Token
OT-Force-Account-Verify
X-Servername
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Cluster-Node
X-Content-Age
X-Detected-As
X-Akamai-Transformed
X-Azure-Ref-OriginShield
Cross-Origin-Opener-Policy
X-MP-GENERATED-AT
Backend
X-Cached-By
X-Soup
X-Tumblr-Pixel-3
X-Cache-Enabled
X-Varnish-Cache-Hits
X-Cache-Host
X-CS
X-Edge-Location
X-Datadome
X-Varnish-Hits
X-Bc-Bl
Web-Mar-Node
X-Generation-Time
X-Mode
X-Varnish-Beresp-Status
X-Info
X-Microcachable
Ec-Rule-Version
X-Varnish-Beresp-Ttl
AMP-Access-Control-Allow-Source-Origin
X-Cache-NGX
X-Via-JSL
X-Debug-Cache
Cross-Origin-Window-Policy
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Storage
X-Amz-Apigw-Id
Content-Secure-Policy
X-Cache-Grace
X-Zipkin-Id
X-Dc
S-Rt
X-APP-VERSION
X-Routing-Service
X-Magnolia-Registration
X-Platform
X-Proxied
X-Unique-ID
X-Extlb
X-DataDome
X-Air-Trace-Id
Url
Upgrade-Insecure-Requests
X-Air-Source
SID
X-Air-Hostname
X-NWS-UUID-VERIFY
X-Origin-TTL
X-Origin-CC
X-Locale
X-Forwarded-Host
Source
X-B3-Traceid
CDN-Cache
CDN-EdgeStorageId
X-VG-WebCache
CDN-RequestId
Expiry
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
DCR-Decision-By
CDN-RequestCountryCode
CDN-Uid
CDN-PullZone
Apple-News-Services-Handled
X-Orig-Expires
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Platform-Server
X-NAPM-TraceId
A
BehaviorPad-Version
Cache-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Fastly-SIE
Apple-News-Services-Host
CDCHOST
Meta-Geo-Continent
X-ARC
X-B-Cookie
X-BCube-Filmed-By
X-Application
X-Aicache-OS
X-A-Dgt
X-A-Wwc
X-Aed
X-Bip
X-Cache-Bucket
X-D
X-Destination
X-Developer
X-Connection-Hash
X-Clientip
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-A-Dcw
X-A-Dam
Odigeo-Trace-Id
Path
Req-Svc-Chain
Mobile-Detection-Method
X-SRCache-Key
Host-ID
M-TraceId
MD5-Digest
State
Surrogated-Key
X-Epic-Correlation-Id
X-A
X-A-Ccd
X-External-Request-Id
X-Forwarded-Path
T-Server
X-From
Fastly-SWR
CDN-CachedAt
X-Rojux
X-SRV
X-Rebelmouse-Cache-Control
X-Shop-Environment
X-Ratelimit-Reset
X-Rebelmouse-Surrogate-Control
X-Tenant
X-S
X-Rewrite-Enabled
X-Request-URI
X-S-Cookie
X-Vtex-Remote-Cache
X-Thanos
X-VG-WebServer
X-Vdms-Version
X-Ua
X-Vtex-Processado-Em
Server-Info
X-Tb
X-ScT
X-Variation
Origin
NGX
X-Generated-On
X-Sigma
X-Hash
Fastly-Drupal-HTML
Esi-Enabled
DSUID
X-VG-TLSProxy
Is-Eu
PB-PID
L
Kp-EeAlive
X-Core-Value
Platform
X-TrackingId
X-DPWN-IS-SECURE
X-Branch-Name
X-Served-From
X-Session-Fingerprint
X-Envoy-Decorator-Operation
X-Service
UCS
X-Cache-Debug
Rendered-Blocks
X-Backend-State
Pics-Label
X-Vdms-Path
X-Cache-Tags
X-Var-Ttl
X-Device-Os
PB-RID
X-Sigma-Backend
X-GoCache-CacheStatus
X-Request-UUID
X-Rocket-Build-Number
X-Loc
C-Via
Arc-Version
X-Proxy-Upstream
X-SVT-ORM-RULES
X-Origin-Expires
X-SVT-ORM-VERSION
X-Level-Front-Cache
Adler-Geo
Cmsid
Cmstype
User-Cache-Control
X-Site-Version
X-GEO
X-Nginx-Cache-Key
Wxu-Next-Region
X-User
X-Varnish-Ttl
X-Varnish-CookieINHashed-On
X-WADP-Cache
X-Varnish-CookieHashed-On
X-Accel-Expires-Debug
Wxu-Next-Hostname
X-Fastly-Cache
Who
X-Forwarded-Site
X-Ftr-Request-Id
X-Fetched-On
True-Client-Country-4JS
Vix-Hermes-Req-Id
X-Eu-Site
X-LI-UUID
Wxu-Next-Commit
X-Varnish-Remaining-TTL
X-Csrf-Jwt
X-EC-Lua
X-VServer
X-Cms-Context
Content-Disposition
X-Date
X-Srv
X-DefHash
X-DefElseHash
X-Cluster
X-Policy
X-Cache-Info
X-VHOST
X-JWT-State
X-Fastly-Backend
X-AIR-PT
X-VarnishDD-TTL
X-Clara-WADP
X-CGP
X-VC-Cache
X-Owner
X-Fmm-Version
X-Request-Host
X-GeoIP
NtCoent-Length
X-GeoIP-City
X-Li-Fabric
NM-Fastcgi-Cache
X-Men
X-Generated-In
X-Li-Pop
Memcached
X-Scheme
IsBot
X-Amz-Meta-S3cmd-Attrs
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
X-HN
X-Has-Esi
Fastly-Backend-Name
Locid
X-SIPLIST1
Cache-Key
Server-Hostname
X-Is-Gdpr
X-Micro-Cache
Server-Host
X-Req
Server-Ext
Release
PFcat
Sever-Int
X-Gamma-Serve
X-Gzip
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Developers
X-Slack-Backend
X-Qloud-Router
X-FC-Vary-Parameters
X-Irp-Debug
X-Hnp-Log
X-Gen-Mode
X-Esi-Check
X-Origin
X-Mvc-Supplant-Cachable
X-Wikidot-Static-Cache
X-RateLimit-Limit-Second
X-Skip-Cache
X-RateLimit-Remaining-Second
X-Old-Content-Length
X-Location
X-Geo-Header
X-Wikidot-Backend
X-Via-NSCOPI
X-Sucuri-ID
X-Thinkindot-L3
X-Conf
X-Viewer-Country
X-Generated-By
Webserver
X-Cache-Id
Mail-Subject
X-DC
Svr
TDXMobile
Location
Gh-Request-Id
Cf-Device-Type
CacheControlHeader
Fastcgi-Cache-TTL
Arc-Country
Thinkindot-CacheControl
Pagetype
Thinkindot-CacheControl-Type
We-Hiring
X-Block-Status
V-Age
Thinkindot-Control
DataCenter
AKAMAI
CPC-Age
CPC-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
VNS-Age
X-PF-Uncompressing
X-Planisys-CDN-TTL
VNS-Cache
X-BBC-Edge-Cache-Status
X-Servedbyhost
X-Mvc-Supplant-OutputCached
X-Varnish-Url
X-Unique-Id
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-Minions-Version
Cache-Hits
MIME-Version
X-Ckpd-Fst-Backend
X-Ratelimit-Limit
X-HS-Content-Campaign-Id
X-Vc
My-App
Powered-By-ChinaCache
X-V-Cache
X-Zone
X-Worker
X-Tx-Id
XServer
X-LB-ID
X-NC
X-Internal-Host
X-Traceid
X-Auto-Login
X-Webkit-CSP-Report-Only
X-ID
X-ZONE
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-Rocket-Nginx-Serving-Static
X-Pass-Why
X-Refresh
X-Newrelic-Synthetics
X-LSADC-Cache
Time
Server-ID
X-Wa
Memory
X-NCache
X-M-Reqid
X-M-Log
X-TX-ID
WebServer
X-Qnm-Cache
X-App
X-Render-Time
X-SD-PageType
X-Ratelimit-Remaining
X-PJAX-URL
X-Cache-Remote
X-Webkit-Csp
X-TIME
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
Environment
X-Datadog-Parent-Id
X-OVcl-Cache
X-OVcl
X-CACHE-KEY
Cf-Bgj
X-VCL-Version
HostName
X-NodeID
X-BBC-Origin-Response-Status
X-Backend-TTL
Magicmarker
X-Via-Ucdn
X-Server-IP
X-Origin-Time
Geo-Info
X-Nyt-Route
X-API-Version
X-Gdpr
X-NewRelic-App-Data
Hostname
Cluster
Datacenter
X-TraceId
Resin-Trace
X-Ua-Browser
X-Cache-Config
Candidate-Md5Url
X-LI-Proto
X-CLOUD-TRACE-CONTEXT
X-Content
DB-Nickname
X-Cache-Var
X-Cache-Var-Map
X-Method
X-Dispatcher-Server
X-Pod-Name
X-Tb-Optimization-Total-Bytes-Saved
GeoIp-Country-Code
Geoip-Latitude
X-Geo
X-Correlation-ID
X-ElasticPress-Query
N-Cache
X-Edge-Pop
Tcn
Ohc-File-Size
X-Dynatrace
X-Origin-Response-Time
X-CACHE-AGE
X-HITS
Ssr
X-IP
GeoIP-Latitude
GeoIP-Country-Code
Web-Mar-Region
X-MSEdge-Flight
X-MSEdge-Features
X-Akamai-Pragma-Client-IP
Cf-Ipcountry
Servername
X-Li-Proto
X-Varnish-Beresp-TTL
LB
X-NODE
X-AB
Cdn
X-Node-Id
X-Wix-Viewer-Type
X-EIG-Tracking-Id
X-Varnish-Cacheable
WWW-Authenticate
X-Trv-Group
X-ND-Cache
X-HostName
Onion-Location
X-Nc
Proxy-Connection
X-Vcl-Version
WZWS-RAY
X-Via-CDN
CF-Cached-On
X-DynaTrace-JS-Agent
Env
Lb
X-Dynatrace-Js-Agent
X-Pjax-Url
X-Fastly-Backend-Reqs
X-Fpc
X-APP
X-Cs
Redirect-Candidate
X-TIM-N
X-Tid
CDN
X-ServerName
Sid
Server-Id
X-Reqid
X-HS-Status
X-MG-S
Tracecode
X-Request-Start
X-Up
X-WA
X-NGINX-Cache
X-Lb-Id
Cteonnt-Length
X-Check-Cacheable
Viewtype
VivaBuild
Pramga
X-Cache-Date
Is-Us
X-URL
Rt-Fastcgi-Cache
Ohc-Cache-HIT
X-Xrds-Location
X-Esi
X-CSRF-TOKEN
X-Via-PopN
URI
X-Via-PopV
X-Cache-Backend
X-IN-APIGATEWAY
X-Via-PopH
X-IN-APIGATEWAYSSL
X-Fastly-Request-Id
X-Cdn-Origin
X-VC
Machine
X-Sn-Servicetimems
Mime-Version
X-Yottaa-OS
X-ServedByHost
CountryCode
X-Amz-Meta-Cb-Modifiedtime
Server-Ttl
X-Core-Mission
CloudFront-Viewer-Country
X-Provided-By
X-Dw-Trace-Id
Shield-Pop
X-SN
X-FTR-Request-ID
W
X-Webkit-Csp-Report-Only
X-UnsetCookies
X-Tt-Logid
X-Fastly-Cache-Hits
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Acquia-Site
X-Varnish-Authentication
X-Air-Pt
X-LiteSpeed-Cache-Control
X-Acquia-Purge-Tags
X-FORWARDED-FOR
X-Cdn-Request-ID
On-Server
CACHE
FSS-Cache
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Cache-Expires
X-Cdn-Forward
X-DSS
Xet-Cookie
X-RSL
X-StackifyID
X-DW
X-RAMCache
X-RPS
X-RPM
X-DI
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-DB
X-Swa-Ws
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-FTR-Realm
X-FTR-DC
X-Action
X-Webstats-RespID
WP-Super-Cache
Vha6-Origin
Ohc-Response-Time
X-Pad
X-SB
X-Swift-Error
X-Pf-Uncompressing
X-Region-Sid
X-Sucuri-Cache
X-Cache-Status-Check
Req-ID
X-Edge-POP
ServerName
Warning
Content-Script-Type
X-Snapshot-Date
X-C
X-FTR-Expires
X-TH-Server
X-MiniProfiler-Ids
X-ElasticPress-Search
Xc-Version
Content-Style-Type