Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Alt-Svc
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
P3p
X-Content-Security-Policy
X-Iinfo
X-FRAME-OPTIONS
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Upgrade
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
Request-Context
X-Robots-Tag
Server-Timing
X-AH-Environment
X-Server
X-Hacker
X-Age
X-Turbo-Charged-By
X-Proxy-Cache
X-Dns-Prefetch-Control
X-Server-Powered-By
X-Cache-Group
X-Backend
X-Amz-Request-Id
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Id-2
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-UA-Device
X-Page-Speed
Grace
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Cf-Railgun
X-Dispatcher
X-Host
X-CST
X-Cache-Spec
Allow
Surrogate-Control
X-Backend-Server
Request-Id
X-Server-Id
X-Node
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Webkit-CSP
X-Readtime
X-Akam-SW-Version
X-Response-Time
X-WebKit-CSP
Accept-CH
Accept-Ch-Lifetime
Xkey
X-HW
X-Country
X-Language
X-Ruxit-JS-Agent
X-Application-Context
X-Ac
Content-Location
X-Template
MS-Author-Via
X-Cloud-Trace-Context
X-Cache-Lookup
Rating
X-Url
X-B3-TraceId
X-Mod-Pagespeed
Accept-Ch
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
X-ESI
X-MS-InvokeApp
X-Trace
X-Varnish-TTL
X-Content-Type
X-Server-ID
X-GitHub-Request-Id
Fastly-Restarts
X-Rack-Cache
X-Origin-Cache
X-Cnection
X-ASPNET-VERSION
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-Country-Code
X-Goog-Hash
Verso
X-D2id
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-FastCGI-Cache
X-Buckets
Accept-CH-Lifetime
X-Server-Name
X-Cached
X-Vcap-Request-Id
Cache-Tag
X-ORACLE-DMS-ECID
X-Abt-Application-Version
X-Amz-Rid
X-Client-IP
X-Navigation-Version
Service-Worker-Allowed
X-Powered-By-Plesk
X-Fastly-Request-ID
RTSS
Access-Control-Request-Method
X-Powered-CMS
Public-Key-Pins
X-Element-Page-Cache
X-MSEdge-Ref
X-Px
X-Middleton-Display
Response
X-SRCache-Store-Status
X-Middleton-Response
X-Sol
Pagespeed
X-SRCache-Fetch-Status
Display
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Upstream
X-Version
X-TTL
X-Cache-TTL
S
X-Edge
X-Edge-Location-Klb
X-Kinsta-Cache
X-LLID
X-Ttl
Realpath
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-ECACHE
X-Accel-Expires
X-SharePointHealthScore
SPRequestDuration
SPIisLatency
SPRequestGuid
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Jurisdiction
X-HP-Webp
X-Cache-Key
X-Mid
X-T
X-MCACHE
X-Shield-Request-Id
X-PressLabs-Stats
X-Content-Security-Policy-Report-Only
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Correlation-Id
X-DynaTrace
X-Forwarded-Proto
X-XRDS-Location
Edge-Cache-Tag
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Amz-Server-Side-Encryption
X-Recruiting
Charset
X-Mg-S
TP-Cache
TP-L2-Cache
X-Content-Digest
Nginx-Cache
X-Id
Filters
TCN
X-Request-Processing-Time
X-Request-Received
Front-End-Https
X-Oneagent-Js-Injection
Alternate-Protocol
X-Ezoic-Cdn
X-Logged-In
Server-Node
X-Forwarded-For
Cache-Tags
Content-MD5
X-Ruxit-Js-Agent
X-Release
X-Geo-Country
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Origin-Upstream-Status
X-Protected-By
X-Hostname
X-Litespeed-Cache
X-Amzn-Trace-Id
X-Grace
X-Origin-Server
X-RateLimit-Remaining
X-F-Cache
X-Www-Served-By
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Cleartype
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Amz-Replication-Status
X-Rid
Server-Name
Host
X-Contextid
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Az
X-AppVersion
X-Activity-Id
X-HS-Combine-CSS
X-Debug-Info
X-LB-Cache
X-NWS-LOG-UUID
Section-Io-Cache
X-Frontend
MicrosoftSharePointTeamServices
X-Git-Hash
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Page-Id
X-Cache-Age
X-Daa-Tunnel
X-Ser
X-VCache
X-Respond-Thread
X-Content-Options
Accept-Charset
X-Aspnetmvc-Version
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Hits
X-Mobile-URL
X-WebKit-CSP-Report-Only
X-Source
X-DIS-Request-ID
X-Varnish-Age
X-B-Cache
X-Signature
X-Kong-Upstream-Latency
ServerID
X-Varnish-Grace
Paypal-Debug-Id
X-Kong-Proxy-Latency
X-Varnish-Backend
Healthy
Payment
X-Flags
X-Is-Crawler
X-Whom
X-TT
Viewport
X-Cache-Action
X-FB-Debug
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Route-Name
X-Request-Guid
X-B3-Sampled
Node
X-CACHE-GROUP
X-AOL-HN
X-App-Environment
X-Fastcgi-Cache
Version
X-N
X-Mobile
X-Seen-By
DynaTrace
X-Load-Cache
Fastcgi-Useragent
X-Yandex-Sdch-Disable
DC
X-Type
AR-PoweredBy
Ar-Sid
AR-Request-ID
AR-ATIME
AR-CACHE
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-HTML-Minification-Powered-By
X-Ab
X-Distributor
X-Tt-Trace-Host
SRV
MS-CV
X-Tt-Trace-Tag
Frame-Options
X-Cache-Control
Retry-After
X-Cache-Expired-At
X-User-Agent
Filterid
X-Microsite
X-Request-Handler-Origin-Region
X-Jobs
X-Original-Request-Id
X-Response-Served-From
X-IPLB-Instance
X-IPS-LoggedIn
X-UUID
X-Adobe-Loc
X-Real-IP
X-Proxy-Cache-Status
X-Adobe-Content
Refresh
X-Debug-IsPreview
Access-Control-Request-Headers
X-Varnish-Server
X-Debug-IsConnected
X-Region
X-Instance
X-Device-Type
X-Cluster-Name
X-Cacheable-TTL
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Page-View
VIX-Pulpo-Upstream-Status
X-Framework
X-Tumblr-User
VIX-Pulpo-Node
X-Cache-Time
X-XRDS-LOCATION
X-B
NGB
X-Content-Powered-By
X-RemovedCookies
X-G
Uber-Trace-Id
X-Tumblr-Pixel-0
X-ProcessESI
X-App-Version
Ms-Operation-Id
X-RTag
X-Proxy
X-RateLimit-Limit
X-Vgn-Hpd-Reason
X-CDN-Forward
X-Zen-Fury
X-NGENIX-Cache
Countrycode
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Dynamic
X-FW-Type
X-FW-Hash
X-Azure-Ref
Cache-Status
X-Time
X-Debug
Amp-Access-Control-Allow-Source-Origin
X-Wix-Request-Id
X-Mg-Request-UUID
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Accel-Buffering
Section-Origin-Responded
Section-Io-Origin-Status
Cache
X-Cache-Rule
X-Node-Name
X-Nginx-Cache
X-Cache-Hit
X-Rendered-As
X-Ms-Version
X-Is-Bot
X-FireWall-Port
X-Ms-Request-Id
X-Drupal-Cache-Tags
X-Oracle-Dms-Rid
Liferay-Portal
SD-X-WS
Referer-Policy
X-EdgeConnect-Cache-Status
S-Cnection
Surrogate-Key
Country
X-TA-CDN-Provider
X-App-Server
X-L-Path
X-Environment-Context
X-Cache-Operation
X-Yottaa-Metrics
X-Yottaa-Optimizations
Eomportal-Instance
X-Aws-Lambda-Call-Status
X-Revision
X-UPSTREAM-Address
Meta-Geo
X-TNCMS
X-Timing-Wait
CF-IPCountry
Selected-Fe
X-Proxy-Build
From-Origin
X-SaId
X-Endurance-Cache-Level
X-Drupal-Cache-Contexts
X-ES-SERVER
X-GG-Cache-Date
X-RN-RSRV
X-Loop
X-JoinUs
X-Request-Time
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Varnishpool
X-Varnish-Beresp-Grace
X-Alternate-Cache-Key
X-Cache-Type
X-Xfnlog-Site
X-Adobe-Source
X-Cache-TTL-Remaining
X-Say-TTL
X-BYPASS-REASON
Cache-Name
X-Be
X-SayCDN-TTL
X-Say-Cacheable
X-S-Maxage
X-Human
X-LJ-Flow-ID
X-Handled-By
X-No-Session
X-Backend-Host
X-NYM-Debug-Backend
X-AWS-Id
Protected
X-VWS-Id
X-ProxyCache-Status
X-Pubstack
X-LAGOON
X-PHP-Backend
X-ProxyCache-Key
X-Varnish-Hostname
X-R9-Blue-Green-Version
X-Origin-Date
Apigw-Requestid
Azure-SiteName
Azure-InstanceId
Azure-RegionName
ServedBy
Webcakes-App-Version
Webcakes-App-Name
X-Origin-Hint
TWC-Privacy
Webcakes-Region
X-OCL
X-FB-TRIP-ID
X-Cache-Server
X-Akamai-Edgescape
TWC-Locale-Group
TWC-GeoIP-LatLong
Fastly-SSL
Country-Code
Cache-Tv-Group
Azure-Version
Property-Id
X-PCL
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Azure-SlotName
X-RCS-CacheZone
X-UA-Device-Type
X-Server-W
X-Proto
X-Parallel-Accel
X-Backend-Name
X-Access
Decoy-Debug-TTL
X-Sql-Count
X-Status
X-Sql-Duration-Ms
Decoy-Debug-Status
X-Tumblr-Pixel-2
X-Via-Fastly
Mn-Server-Ip
X-Section
Decoy-Debug-Key
X-Labrador-Cache-Channel
X-Hl-Ver
X-Format
Akamai-GRN
X-PHP-Host
X-PERF
X-Uri
X-Hosted-By
X-Web-Node
X-ApacheServer
X-HP-Trace-Id
Xserver
X-Redis-Cache
X-Hyper-Cache
X-B3-SpanId
GEO-INFO
X-Cache-PHP
Nel
Count-Hit
X-ATG-Version
X-FW-Version
X-Time-Microsecs
X-ServerID
X-Ua-Device
X-Cache-Ttl
X-TT-LOGID
X-Trace-Id
X-CSRF-Token
X-Rule
OT-Force-Account-Verify
X-WA-Info
X-Cluster-Node
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Servername
X-TEC-API-VERSION
X-Content-Age
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Detected-As
X-Akamai-Transformed
X-Azure-Ref-OriginShield
X-Soup
Cross-Origin-Opener-Policy
Backend
X-Cached-By
X-Varnish-Cache-Hits
X-Cache-Enabled
X-Generation-Time
X-Cache-Host
X-CS
X-Edge-Location
Web-Mar-Node
X-Varnish-Hits
X-Datadome
X-Bc-Bl
X-Mode
X-Varnish-Beresp-Status
X-Info
X-Microcachable
X-Amz-Apigw-Id
X-Amzn-RequestId
Ec-Rule-Version
AMP-Access-Control-Allow-Source-Origin
X-Amzn-Remapped-Content-Length
X-Varnish-Beresp-Ttl
X-Cache-NGX
X-Debug-Cache
X-Unique-ID
X-Storage
Cross-Origin-Window-Policy
X-Via-JSL
X-Routing-Service
X-Magnolia-Registration
X-Ua
X-APP-VERSION
X-Dc
S-Rt
SID
X-Cache-Grace
X-Platform
X-Proxied
X-Zipkin-Id
Url
X-Air-Hostname
X-DataDome
X-Extlb
X-NWS-UUID-VERIFY
Content-Secure-Policy
X-Air-Trace-Id
X-Air-Source
Upgrade-Insecure-Requests
X-Origin-CC
Source
X-Locale
X-Origin-TTL
X-Forwarded-Host
X-B3-Traceid
X-NAPM-TraceId
X-Aed
X-Platform-Server
X-B-Cookie
A
X-Processor
X-ARC
X-NU-AKA-ACS-Version
X-From
Apple-News-Services-Handled
X-PAYTM-SRV-ID
X-BCube-Filmed-By
X-PBS-Appsvrname
X-Aicache-OS
X-Orig-Expires
X-Application
X-A-Dgt
Host-ID
M-TraceId
MD5-Digest
Fastly-SWR
Fastly-SIE
Expiry
X-A
Fastcgi-X-Cache-Version
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
Req-Svc-Chain
State
Surrogated-Key
T-Server
Odigeo-Trace-Id
Path
DCR-Processing-Time-Ms
DCR-Decision-By
X-Cache-Bucket
X-A-Dcw
CDCHOST
Cache-Host
BehaviorPad-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-A-Wwc
CDN-Cache
CDN-CachedAt
CDN-Uid
X-A-Dam
X-A-Ccd
CDN-RequestId
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-PullZone
Apple-News-Services-Host
X-Bip
X-Session-Fingerprint
X-Vtex-Processado-Em
X-Shop-Environment
X-Vtex-Remote-Cache
X-CF-Lambda-Version
X-ScT
X-S
X-S-Cookie
X-CF-Lambda-Fn
X-VG-WebServer
X-External-Request-Id
X-Clientip
X-Destination
X-Developer
X-SRCache-Key
X-Epic-Correlation-Id
X-Ratelimit-Reset
X-Tenant
X-D
X-Thanos
X-SRV
X-VG-WebCache
X-Connection-Hash
X-Request-URI
X-Rewrite-Enabled
X-Cache-NE
X-Forwarded-Path
X-Rebelmouse-Cache-Control
X-Vdms-Version
X-Rebelmouse-Surrogate-Control
X-Rojux
Server-Info
X-Tb
X-SVT-ORM-RULES
Fastly-Backend-Name
X-SVT-ORM-VERSION
Fastly-Drupal-HTML
X-Branch-Name
PB-PID
Esi-Enabled
PB-RID
Content-Disposition
DSUID
X-Loc
X-Level-Front-Cache
X-Device-Os
Origin
X-Is-Gdpr
X-Envoy-Decorator-Operation
UCS
X-Has-Esi
X-Generated-On
X-Origin-Expires
NGX
X-JWT-State
X-DPWN-IS-SECURE
X-Vdms-Path
Is-Eu
Kp-EeAlive
X-Sigma-Backend
L
X-Sigma
Cmstype
X-Service
X-Cache-Tags
Arc-Version
Cmsid
C-Via
X-Proxy-Upstream
Adler-Geo
X-Rocket-Build-Number
X-Request-UUID
X-Var-Ttl
X-Backend-State
X-Hash
X-Cms-Context
X-TrackingId
X-GoCache-CacheStatus
X-Variation
Pics-Label
X-VG-TLSProxy
X-Core-Value
Platform
X-Served-From
X-Cache-Debug
User-Cache-Control
X-Site-Version
X-Srv
X-GEO
Sever-Int
X-Eu-Site
TDXMobile
Thinkindot-CacheControl
X-GeoIP
Thinkindot-CacheControl-Type
X-Geo-Header
X-DefHash
X-Cluster
X-Csrf-Jwt
X-Date
X-DefElseHash
X-Clara-WADP
X-Accel-Expires-Debug
X-Forwarded-Site
X-Cache-Info
X-GeoIP-City
X-CGP
X-Developers
X-Fmm-Version
Vix-Hermes-Req-Id
X-Generated-In
True-Client-Country-4JS
Thinkindot-Control
X-Gamma-Serve
X-Ftr-Request-Id
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Fetched-On
X-Men
X-Req
X-VarnishDD-TTL
X-Request-Host
X-VC-Cache
X-Scheme
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Owner
X-Origin
X-Fastly-Cache
X-Policy
Server-Hostname
X-WADP-Cache
X-Fastly-Backend
X-VHOST
X-AIR-PT
X-EC-Lua
NtCoent-Length
Who
X-SIPLIST1
X-VServer
X-Varnish-Ttl
X-User
X-Li-Fabric
X-Thinkindot-L3
X-Li-Pop
X-LI-UUID
X-Nginx-Cache-Key
X-Varnish-CookieHashed-On
Location
L5d-Success-Class
IsBot
Memcached
Release
PFcat
X-HN
NM-Fastcgi-Cache
Locid
Pagetype
Ha-Gx-Prefs
HA-Ipaddr
Cache-Key
Gh-Request-Id
X-Location
Server-Ext
Cf-Device-Type
Server-Host
CacheControlHeader
Fastcgi-Cache-TTL
X-Micro-Cache
X-Gzip
X-Sucuri-ID
X-Slack-Backend
X-Skip-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Conf
X-Wikidot-Backend
X-RateLimit-Remaining-Second
X-Via-NSCOPI
X-RateLimit-Limit-Second
X-Qloud-Router
X-Mvc-Supplant-Cachable
X-Viewer-Country
X-Gen-Mode
X-FC-Vary-Parameters
X-Irp-Debug
X-Generated-By
X-Wikidot-Static-Cache
X-Old-Content-Length
X-Hnp-Log
Webserver
Mail-Subject
DataCenter
V-Age
X-Esi-Check
AKAMAI
We-Hiring
Arc-Country
X-Cache-Id
X-Block-Status
X-DC
Svr
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-PF-Uncompressing
CPC-Age
VNS-Cache
X-BBC-Edge-Cache-Status
VNS-Age
CPC-Cache
X-Planisys-CDN-Rules
X-Minions-Version
X-Mvc-Supplant-OutputCached
X-Via-Poph
X-Via-Popn
X-Ckpd-Fst-Backend
Cache-Hits
X-Varnish-Url
X-Unique-Id
X-Servedbyhost
X-Via-Popv
X-HS-Content-Campaign-Id
MIME-Version
X-Worker
X-Ratelimit-Limit
X-Vc
X-Zone
My-App
Powered-By-ChinaCache
X-V-Cache
X-NODE
X-Auto-Login
X-Webkit-CSP-Report-Only
XServer
X-Tx-Id
X-NC
X-Traceid
X-Refresh
X-LB-ID
X-Internal-Host
X-ZONE
X-ID
Memory
X-Render-Time
X-Rocket-Nginx-Serving-Static
X-Platform-Cluster
X-Platform-Router
X-Newrelic-Synthetics
X-Platform-Processor
X-Qnm-Cache
X-NCache
X-Wa
Server-ID
Time
X-LSADC-Cache
X-M-Reqid
X-M-Log
X-Pass-Why
WebServer
X-TX-ID
X-SD-PageType
X-App
X-Ratelimit-Remaining
X-PJAX-URL
X-Cache-Remote
X-OVcl
X-Webkit-Csp
X-Datadog-Trace-Id
X-OVcl-Cache
X-Datadog-Parent-Id
Environment
X-Datadog-Sampling-Priority
X-TIME
X-CACHE-KEY
X-Gdpr
X-BBC-Origin-Response-Status
X-API-Version
X-Nyt-Route
X-Origin-Time
X-VCL-Version
HostName
X-NodeID
Cf-Bgj
X-Backend-TTL
Hostname
X-NewRelic-App-Data
X-Cache-Config
Geo-Info
Cluster
X-Server-IP
Magicmarker
X-Cache-Var
X-Cache-Var-Map
X-Via-Ucdn
Datacenter
X-TraceId
X-LI-Proto
X-Ua-Browser
X-Pod-Name
X-CLOUD-TRACE-CONTEXT
X-Content
Resin-Trace
Candidate-Md5Url
DB-Nickname
X-Method
GeoIp-Country-Code
Geoip-Latitude
X-Dispatcher-Server
X-Tb-Optimization-Total-Bytes-Saved
X-Edge-Pop
X-Correlation-ID
X-Geo
N-Cache
X-AB
Ohc-File-Size
Tcn
Ssr
X-Origin-Response-Time
X-ElasticPress-Query
X-Dynatrace
Web-Mar-Region
X-IP
X-HITS
X-CACHE-AGE
X-Akamai-Pragma-Client-IP
X-MSEdge-Flight
GeoIP-Country-Code
GeoIP-Latitude
X-MSEdge-Features
Cf-Ipcountry
Onion-Location
X-Li-Proto
Servername
X-Varnish-Beresp-TTL
LB
Cdn
X-Varnish-Cacheable
WWW-Authenticate
X-Trv-Group
X-EIG-Tracking-Id
X-Node-Id
X-ND-Cache
X-Nc
X-Wix-Viewer-Type
X-HostName
X-Vcl-Version
X-Via-CDN
Proxy-Connection
WZWS-RAY
CF-Cached-On
X-DynaTrace-JS-Agent
X-Fastly-Backend-Reqs
Env
X-Pjax-Url
X-Fpc
X-APP
X-Dynatrace-Js-Agent
Lb
X-Cs
Redirect-Candidate
Server-Id
X-ServerName
X-Tid
Sid
CDN
X-TIM-N
X-Reqid
X-HS-Status
X-MG-S
Tracecode
X-WA
X-Up
X-NGINX-Cache
X-Request-Start
X-Lb-Id
X-Cache-Date
Cteonnt-Length
Is-Us
X-Check-Cacheable
Pramga
Rt-Fastcgi-Cache
Viewtype
VivaBuild
X-URL
X-CSRF-TOKEN
X-Esi
Ohc-Cache-HIT
X-Xrds-Location
X-Via-PopN
X-Via-PopH
X-Via-PopV
X-Cache-Backend
X-Fastly-Request-Id
X-Amz-Meta-Cb-Modifiedtime
X-Cdn-Origin
X-Sn-Servicetimems
URI
Machine
X-IN-APIGATEWAY
X-VC
X-IN-APIGATEWAYSSL
X-ServedByHost
Mime-Version
Shield-Pop
X-Dw-Trace-Id
W
CloudFront-Viewer-Country
X-FTR-Request-ID
X-Core-Mission
X-Provided-By
X-Yottaa-OS
Server-Ttl
CountryCode
X-SN
X-Webkit-Csp-Report-Only
X-Tt-Logid
X-UnsetCookies
CACHE
X-Contensis-Viewer-Groups
X-Cache-Expires
FSS-Cache
X-Varnish-Authentication
X-Fastly-Cache-Hits
X-Cdn-Forward
X-Cache-ASPX
X-Air-Pt
X-Acquia-Application-Trace
X-Pad
X-LiteSpeed-Cache-Control
X-Cdn-Request-ID
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
On-Server
X-Acquia-Site
X-FORWARDED-FOR
X-StackifyID
X-DW
X-DSS
Xet-Cookie
X-RSL
X-DI
X-RPS
X-RPM
X-RAMCache
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-DB
X-FTR-DC
X-Swa-Ws
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-FTR-Realm
X-FTR-Cache-Status
X-Webstats-RespID
X-Action
Vha6-Origin
WP-Super-Cache
Ohc-Response-Time
X-SB
X-Swift-Error
X-Pf-Uncompressing
X-Region-Sid
X-Sucuri-Cache
X-Cache-Status-Check
Req-ID
X-Edge-POP
ServerName
Warning
Content-Script-Type
X-ElasticPress-Search
X-Snapshot-Date
X-C
X-TH-Server
X-MiniProfiler-Ids
X-FTR-Expires
Xc-Version
Content-Style-Type