Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
ETag
Pragma
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Xss-Protection
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Adblock-Key
X-Runtime
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
P3p
X-Request-ID
X-Cacheable
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Content-Security-Policy
X-Iinfo
Status
X-Ua-Compatible
Feature-Policy
Content-Encoding
X-AspNetMvc-Version
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
Upgrade
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Dns-Prefetch-Control
X-Via
X-Ws-Request-Id
Keep-Alive
Server-Timing
Request-Context
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Age
X-Proxy-Cache
X-Turbo-Charged-By
X-Cache-Group
X-Server-Powered-By
X-Amz-Request-Id
X-Backend
X-Amz-Id-2
Host-Header
EagleId
X-Nginx-Cache-Status
Report-To
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
Grace
X-UA-Device
X-Page-Speed
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-Device
X-Vhost
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
X-Dispatcher
X-OneAgent-JS-Injection
NEL
Cf-Railgun
X-WebKit-CSP
X-Host
X-Cache-Spec
X-CST
X-Server-Id
X-Node
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Request-Id
Allow
Surrogate-Control
Accept-CH
X-Readtime
X-Akam-SW-Version
Accept-Ch-Lifetime
X-Response-Time
Xkey
X-Language
X-HW
X-Template
X-Application-Context
X-Country
Content-Location
X-Ac
X-Cloud-Trace-Context
X-Cache-Lookup
Rating
X-Ruxit-JS-Agent
MS-Author-Via
X-Url
X-Webkit-CSP
Edge-Control
X-Clacks-Overhead
X-PC
X-TtlSet
X-Vname
X-Mod-Pagespeed
X-Varnish-TTL
X-Trace
X-B3-TraceId
Fastly-Restarts
X-Content-Type
X-Rack-Cache
X-Buckets
X-MS-InvokeApp
X-Origin-Cache
X-ESI
X-GitHub-Request-Id
X-Cnection
X-Country-Code
X-Goog-Hash
Accept-Ch
Verso
X-D2id
X-VARITI-CCR
X-Server-ID
X-ORACLE-DMS-ECID
X-FastCGI-Cache
Arr-Disable-Session-Affinity
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
Cache-Tag
X-Vcap-Request-Id
X-Cached
Service-Worker-Allowed
X-Px
X-Abt-Application-Version
X-Amz-Rid
X-Server-Name
X-Client-IP
X-Navigation-Version
X-Cache-TTL
Accept-CH-Lifetime
X-TTL
Public-Key-Pins
X-Powered-By-Plesk
X-SRCache-Store-Status
RTSS
X-SRCache-Fetch-Status
X-MSEdge-Ref
Access-Control-Request-Method
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Powered-CMS
X-Fastly-Request-ID
X-Version
X-NF-Request-ID
X-Upstream
Pagespeed
Display
X-Middleton-Response
X-Sol
Response
X-Middleton-Display
S
X-Kinsta-Cache
X-Edge-Location-Klb
X-Edge
X-LLID
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Cache-Key
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-ECACHE
X-Accel-Expires
X-Shield-Request-Id
X-HP-Webp
X-Jurisdiction
X-ORACLE-DMS-RID
X-Correlation-Id
Pinterest-Version
X-Pinterest-Rid
Realpath
Pinterest-Generated-By
X-T
SPRequestGuid
X-XRDS-Location
X-SharePointHealthScore
X-PressLabs-Stats
X-Mid
X-MCACHE
X-DynaTrace
X-Content-Security-Policy-Report-Only
Edge-Cache-Tag
SPRequestDuration
SPIisLatency
Fastcgi-Cache
X-Litespeed-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Mg-S
X-Ttl
X-Ruxit-Js-Agent
X-Content-Digest
X-Forwarded-Proto
TP-Cache
TP-L2-Cache
X-Recruiting
Charset
TCN
Front-End-Https
X-Request-Processing-Time
X-Request-Received
X-Id
Alternate-Protocol
Server-Node
X-Logged-In
Filters
X-Oneagent-Js-Injection
Content-MD5
X-Geo-Country
X-Forwarded-For
X-Ezoic-Cdn
Fusion-Template-Id
X-Protected-By
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Cache-Tags
X-Hostname
X-Amzn-Trace-Id
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Origin-Upstream-Status
X-Grace
X-Debug-Info
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Ab
X-F-Cache
Cleartype
X-Www-Served-By
X-AppVersion
X-Activity-Id
X-Az
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-LB-Cache
X-HS-Combine-CSS
X-Rid
X-Origin-Server
X-Amz-Replication-Status
Host
X-Contextid
X-Daa-Tunnel
X-Page-Id
X-Git-Hash
Section-Io-Cache
X-RateLimit-Remaining
Server-Name
X-Browser-Type
X-Erf-Bev-Bev
X-Content-Options
X-VCache
X-Erf-Bev-Bev-Is-Generated
X-Frontend
X-Ser
X-Cache-Age
MicrosoftSharePointTeamServices
X-Upgrade-Enabled
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Access-Control-Allow-Method
X-Release
X-Aspnetmvc-Version
Accept-Charset
X-Hits
ServerID
X-Source
X-Mobile-URL
X-Aspnet-Duration-Ms
X-Flags
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Is-Crawler
X-Varnish-Age
X-Cache-Action
X-B3-Sampled
X-DIS-Request-ID
X-B-Cache
X-Signature
Healthy
Viewport
X-Whom
X-FB-Debug
X-Varnish-Backend
Payment
X-Yandex-Sdch-Disable
X-AOL-HN
Fastcgi-Useragent
X-Varnish-Grace
X-TT
Node
X-CACHE-GROUP
Paypal-Debug-Id
X-Respond-Thread
X-App-Environment
X-WebKit-CSP-Report-Only
X-Load-Cache
DynaTrace
X-Mobile
X-Fastcgi-Cache
X-Tt-Trace-Host
X-Tt-Trace-Tag
Filterid
DC
X-Seen-By
Version
X-N
X-Distributor
SRV
X-User-Agent
X-HTML-Minification-Powered-By
X-Cache-Control
Frame-Options
X-Type
Retry-After
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-HP-Trace-Id
MS-CV
X-Jobs
X-FW-Hash
Refresh
X-FW-Dynamic
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-Response-Served-From
X-Original-Request-Id
X-Ua-Device
X-UUID
X-NGENIX-Cache
Amp-Access-Control-Allow-Source-Origin
X-Cache-Expired-At
NGB
X-Azure-Ref
X-Adobe-Content
X-Adobe-Loc
X-Proxy-Cache-Status
X-Page-View
X-Instance
X-Node-Name
X-Debug-IsConnected
X-Varnish-Server
X-Debug-IsPreview
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cluster-Name
X-G
X-B
X-IPLB-Instance
X-Vgn-Hpd-Reason
X-XRDS-LOCATION
X-Real-IP
X-Cacheable-TTL
X-Cache-Time
X-Device-Type
X-CDN-Forward
X-Content-Powered-By
Ms-Operation-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-RTag
X-Region
Access-Control-Request-Headers
X-Aws-Lambda-Call-Status
X-Framework
X-ProcessESI
X-RemovedCookies
X-Proxy
X-Cache-Hit
X-Zen-Fury
X-IPS-LoggedIn
Nel
Liferay-Portal
X-Cache-Rule
SD-X-WS
Uber-Trace-Id
Cache-Status
X-Rendered-As
X-Is-Bot
X-Parallel-Accel
Referer-Policy
X-Drupal-Cache-Tags
X-Ms-Version
X-Ms-Request-Id
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
X-Time
X-App-Server
Section-Io-Id
Countrycode
Section-Io-Origin-Status
Section-Origin-Responded
X-Mg-Request-UUID
Section-Io-Origin-Time-Seconds
X-Oracle-Dms-Rid
X-RateLimit-Limit
X-Revision
X-Environment-Context
X-Debug
X-L-Path
S-Cnection
X-Yottaa-Metrics
X-Yottaa-Optimizations
CF-IPCountry
X-Accel-Buffering
Country
X-B3-Traceid
X-Cache-Operation
Count-Hit
X-TA-CDN-Provider
X-APP-VERSION
X-Nginx-Cache
X-Drupal-Cache-Contexts
X-Microsite
X-Request-Handler-Origin-Region
X-FW-Version
Cache
Akamai-GRN
X-RN-RSRV
Ar-Sid
X-SaId
AR-ATIME
AR-CACHE
AR-Request-ID
AR-PoweredBy
X-GG-Cache-Date
X-JoinUs
X-UPSTREAM-Address
X-ES-SERVER
Meta-Geo
X-Endurance-Cache-Level
X-Cache-TTL-Remaining
X-TNCMS
GEO-INFO
X-Adobe-Source
X-SayCDN-TTL
X-Loop
X-LAGOON
X-Cache-Type
Surrogate-Key
X-Say-Cacheable
X-Say-TTL
From-Origin
Country-Code
X-Request-Time
X-NYM-Debug-Backend
Fastly-SSL
Azure-RegionName
X-Sql-Count
X-PCL
X-Sql-Duration-Ms
Azure-SiteName
Azure-InstanceId
Azure-Version
X-OCL
Azure-SlotName
Protected
X-AWS-Id
X-Be
X-B3-SpanId
Cache-Tv-Group
Decoy-Debug-Status
Apigw-Requestid
X-Alternate-Cache-Key
Decoy-Debug-TTL
X-VWS-Id
X-Varnish-Beresp-Grace
X-Origin-Date
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
Decoy-Debug-Key
X-BYPASS-REASON
X-Storefront-Renderer-Rendered
X-Status
X-Proto
X-PHP-Host
X-ProxyCache-Key
X-ShopId
X-Human
X-Labrador-Cache-Channel
X-Hosted-By
X-RCS-CacheZone
X-S-Maxage
X-ShardId
X-LJ-Flow-ID
X-ProxyCache-Status
X-R9-Blue-Green-Version
X-Pubstack
X-Server-W
TWC-Connection-Speed
Eomportal-Instance
ServedBy
Selected-Fe
Property-Id
X-Proxy-Build
TWC-GeoIP-Country
X-Access
X-No-Session
X-Varnishpool
X-Section
X-Web-Node
X-Format
X-Handled-By
X-Akamai-Edgescape
Webcakes-Region
Webcakes-App-Version
X-Origin-Hint
X-UA-Device-Type
X-Timing-Wait
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
TWC-Privacy
X-Varnish-Hostname
TWC-Device-Class
X-Xfnlog-Site
Cache-Name
Mn-Server-Ip
X-Hyper-Cache
X-Tumblr-Pixel-2
X-Cluster-Node
X-App-Version
X-Backend-Host
X-Cache-Server
X-Redis-Cache
X-FB-TRIP-ID
X-ApacheServer
X-PHP-Backend
X-Uri
X-PERF
X-Time-Microsecs
X-Backend-Name
X-Servername
X-Via-Fastly
Cross-Origin-Opener-Policy
X-Hl-Ver
X-ServerID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-FireWall-Port
X-Tumblr-Pixel-3
X-ATG-Version
X-TEC-API-ORIGIN
X-Detected-As
OT-Force-Account-Verify
X-Azure-Ref-OriginShield
Cross-Origin-Window-Policy
Web-Mar-Node
X-Ua
X-Generation-Time
X-Cache-Host
X-Cache-PHP
X-Varnish-Cache-Hits
Ec-Rule-Version
X-Content-Age
X-Varnish-Hits
Content-Secure-Policy
Backend
X-SRV
X-Via-JSL
X-CS
Source
X-Datadome
X-Trace-Id
X-MP-GENERATED-AT
X-Forwarded-Host
X-Amzn-RequestId
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-WA-Info
X-Cache-Grace
X-CSRF-Token
X-Mode
X-Akamai-Transformed
Xserver
X-Ua-Browser
X-Content
X-Microcachable
X-TT-LOGID
X-Edge-Location
X-Amzn-Remapped-Content-Length
X-Unique-Id
X-Cache-Enabled
X-Cdn
X-Rule
X-Locale
X-Soup
X-Bc-Bl
Url
X-Ratelimit-Limit
X-Origin-TTL
X-Origin-CC
X-Info
X-Varnish-Beresp-Ttl
X-GEO
X-Ratelimit-Remaining
X-Tenant
X-NWS-UUID-VERIFY
X-Site-Version
Content-Disposition
X-Proxied
X-Routing-Service
X-Extlb
X-Zipkin-Id
SID
X-Magnolia-Registration
X-DataDome
X-Tb
S-Rt
MD5-Digest
CDCHOST
BehaviorPad-Version
Meta-Geo-Continent
CDN-Cache
CDN-CachedAt
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
A
Apple-News-Services-Handled
Apple-News-Services-Host
CDN-EdgeStorageId
CDN-RequestCountryCode
Expiry
Fastcgi-X-Cache-Version
Fastly-SIE
DCR-Processing-Time-Ms
DCR-Decision-By
CDN-RequestId
CDN-Uid
X-SRCache-Key
Fastly-SWR
X-A-Dam
X-Rewrite-Enabled
X-Developer
X-Epic-Correlation-Id
X-External-Request-Id
X-Forwarded-Path
X-Destination
X-Debug-Cache
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Conf
X-Connection-Hash
X-D
X-From
X-Ftr-Request-Id
X-Orig-Expires
X-NU-AKA-ACS-Version
X-Platform-Server
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-NAPM-TraceId
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Ratelimit-Reset
X-Cache-NE
X-Cache-Bucket
X-ScT
T-Server
X-S-Cookie
X-S
X-A
Surrogated-Key
Req-Svc-Chain
Odigeo-Trace-Id
X-Shop-Environment
Path
X-Session-Fingerprint
Rendered-Blocks
X-A-Ccd
X-A-Dcw
X-ARC
X-Application
X-B-Cookie
X-BBC-Edge-Cache-Status
X-BCube-Filmed-By
X-Rojux
X-AIR-PT
X-A-Dgt
X-A-Wwc
X-Aed
X-Aicache-OS
Mobile-Detection-Method
CDN-PullZone
X-VG-WebCache
X-Vdms-Version
X-Vtex-Remote-Cache
User-Cache-Control
X-Varnish-Beresp-Status
X-Vtex-Processado-Em
X-Dc
X-VG-WebServer
X-Storage
X-EC-Lua
X-Tx-Id
X-DPWN-IS-SECURE
NGX
X-M-Log
L
X-Envoy-Decorator-Operation
X-Cached-By
X-Fastly-Cache
State
Origin
X-Request-UUID
X-TrackingId
X-Worker
X-Origin-Expires
X-Cms-Context
Host-ID
Is-Eu
X-Core-Value
X-Accel-Expires-Debug
Fastly-Backend-Name
Fastly-Drupal-HTML
X-Date
X-VServer
X-M-Reqid
X-Cache-Info
X-Is-Gdpr
X-Cache-Debug
X-SVT-ORM-RULES
X-Proxy-Upstream
X-JWT-State
X-Li-Fabric
X-Variation
X-LI-UUID
Adler-Geo
X-Li-Pop
X-Backend-State
UCS
X-VG-TLSProxy
X-Men
Pics-Label
X-SVT-ORM-VERSION
X-Cache-NGX
X-Has-Esi
X-Loc
Cache-Key
Platform
X-Micro-Cache
X-Qnm-Cache
XServer
X-Auto-Login
X-DC
Vix-Hermes-Req-Id
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Rocket-Build-Number
TDXMobile
VNS-Age
Thinkindot-CacheControl
X-Old-Content-Length
X-DefHash
X-HN
X-Hnp-Log
X-Gzip
X-Gen-Mode
X-Forwarded-Site
X-Req
X-Location
X-Wikidot-Static-Cache
X-Nginx-Cache-Key
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Fastly-Backend
X-Esi-Check
X-Ckpd-Fst-Backend
X-Clientip
X-Cache-Tags
X-Cache-Id
X-Branch-Name
X-Cluster
X-Origin
X-Device-Os
X-Developers
Sever-Int
X-DefElseHash
X-Block-Status
VNS-Cache
X-VarnishDD-TTL
CPC-Age
C-Via
CPC-Cache
Arc-Version
X-Varnish-CookieINHashed-On
IsBot
Cmstype
Cache-Host
M-TraceId
X-Sigma
X-Via-NSCOPI
Locid
Location
Cmsid
Cf-Device-Type
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
Server-Ext
X-Service
X-Thinkindot-L3
Server-Host
X-Viewer-Country
X-NCache
Server-Hostname
X-SIPLIST1
Fastcgi-Cache-TTL
PB-PID
X-Wikidot-Backend
PFcat
PB-RID
X-Sigma-Backend
X-Slack-Backend
Esi-Enabled
X-Platform
X-Amz-Meta-S3cmd-Attrs
AMP-Access-Control-Allow-Source-Origin
X-Fetched-On
X-Eu-Site
DSUID
X-FC-Vary-Parameters
X-GeoIP-City
X-Level-Front-Cache
X-Irp-Debug
X-Request-Host
X-HS-Content-Campaign-Id
X-Sucuri-ID
X-Var-Ttl
X-Thanos
Webserver
X-Mvc-Supplant-Cachable
X-Planisys-CDN-Rules
X-Hash
CacheControlHeader
X-Generated-In
X-Generated-By
X-VC-Cache
X-Gamma-Serve
X-Generated-On
X-Geo-Header
X-Goog-Meta-Goog-Reserved-File-Mtime
Server-Info
X-GeoIP
X-Vdms-Path
X-Scheme
X-Bip
Wxu-Next-Hostname
X-Planisys-CDN-Cache
X-Served-From
X-Policy
NM-Fastcgi-Cache
X-Planisys-CDN-TTL
Release
Pagetype
Wxu-Next-Region
X-Csrf-Jwt
X-CGP
Mail-Subject
Gh-Request-Id
L5d-Success-Class
We-Hiring
Ha-Gx-Prefs
Wxu-Next-Commit
V-Age
HA-Ipaddr
X-LSADC-Cache
X-Skip-Cache
X-GoCache-CacheStatus
X-Render-Time
X-Owner
X-Platform-Cluster
X-Platform-Processor
Svr
X-V-Cache
X-Fmm-Version
AKAMAI
X-Clara-WADP
Arc-Country
X-WADP-Cache
Memcached
X-Platform-Router
DataCenter
NtCoent-Length
X-Rocket-Nginx-Serving-Static
X-Qloud-Router
MIME-Version
X-Servedbyhost
X-SD-PageType
X-Mvc-Supplant-OutputCached
X-Cache-Var-Map
X-Cache-Var
X-Cache-Remote
X-Unique-ID
X-Via-Popv
X-Via-Popn
Kp-EeAlive
Environment
Cache-Hits
X-Via-Poph
X-Datadog-Trace-Id
X-Zone
X-Gdpr
X-Nyt-Route
X-Origin-Time
X-API-Version
X-Datadog-Sampling-Priority
X-NodeID
X-Datadog-Parent-Id
X-Srv
X-Wa
X-PJAX-URL
X-Via-Ucdn
X-User
X-NC
X-ID
X-PF-Uncompressing
X-Vc
X-Cache-Config
Candidate-Md5Url
X-Server-IP
X-Pod-Name
Who
X-Traceid
X-App
X-BBC-Origin-Response-Status
Server-ID
X-Varnish-Ttl
WebServer
Cluster
X-Internal-Host
X-Varnish-Url
X-VCL-Version
X-Minions-Version
X-TIME
Memory
Time
HostName
X-LB-ID
X-Webkit-Csp
X-Refresh
Onion-Location
X-ZONE
X-CACHE-KEY
X-Pass-Why
X-Webkit-CSP-Report-Only
My-App
Web-Mar-Region
Powered-By-ChinaCache
Datacenter
N-Cache
X-ElasticPress-Query
X-Newrelic-Synthetics
X-Tt-Logid
X-NewRelic-App-Data
Geoip-Latitude
Resin-Trace
X-LI-Proto
GeoIp-Country-Code
X-Cache-Ttl
X-Esi
X-Edge-Pop
X-CLOUD-TRACE-CONTEXT
Servername
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Cacheable
Geo-Info
X-TraceId
X-VHOST
X-EIG-Tracking-Id
X-Origin-Response-Time
X-OVcl
X-Akamai-Pragma-Client-IP
WWW-Authenticate
X-OVcl-Cache
CDN
Tcn
Ohc-File-Size
X-TX-ID
Cf-Bgj
X-HITS
X-Fpc
X-Dynatrace
X-CACHE-AGE
Hostname
X-Backend-TTL
X-Dynatrace-Js-Agent
Magicmarker
X-Geo
LB
X-Tid
X-TIM-N
Redirect-Candidate
Tracecode
X-Li-Proto
X-NODE
X-Varnish-Beresp-TTL
Proxy-Connection
X-Up
X-Correlation-ID
X-AB
Cdn
GeoIP-Country-Code
X-Cache-Date
X-Wix-Viewer-Type
X-NGINX-Cache
X-Dispatcher-Server
X-Method
X-HostName
X-Webkit-Csp-Report-Only
Pramga
X-Amz-Meta-Cb-Modifiedtime
X-Fastly-Request-Id
X-Cdn-Origin
X-Request-Start
X-Sn-Servicetimems
X-MSEdge-Features
X-MSEdge-Flight
X-CSRF-TOKEN
Cf-Ipcountry
W
X-IP
Is-Us
X-Provided-By
Ssr
X-Fastly-Backend-Reqs
GeoIP-Latitude
X-Vcl-Version
DB-Nickname
CloudFront-Viewer-Country
X-Cs
X-UnsetCookies
CF-Cached-On
X-Reqid
X-Core-Mission
X-Cache-Expires
X-COUNTRY
Sid
X-Lb-Id
X-HS-Status
X-APP
Server-Id
Lb
X-MG-S
X-WA
WP-Super-Cache
X-ServerName
Cteonnt-Length
X-Node-Id
X-FORWARDED-FOR
X-Nc
X-Trv-Group
X-Check-Cacheable
X-CCDN-Origin-Time
X-ND-Cache
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Sucuri-Cache
X-VC
URI
CountryCode
Ohc-Cache-HIT
X-Region-Sid
X-Moov-T
X-Via-CDN
Xc-Version
Env
X-Via-PopN
X-Cache-Status-Check
X-Pjax-Url
WZWS-RAY
X-Via-PopV
X-SERVER-NAME
X-Via-PopH
X-Moov-Xdn-Version
X-Cache-Backend
X-DynaTrace-JS-Agent
X-Pad
Shield-Pop
X-ServedByHost
EpKe-Alive
X-SN
User-Agent
Mime-Version
X-Pf-Uncompressing
X-Ig-Push-State
X-Edge-POP
X-RAMCache
X-LiteSpeed-Cache-Control
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Site
X-CUA
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Acquia-Purge-Tags
X-TRACE-ID
X-Fastly-Cache-Hits
X-Cache-ASPX
FSS-Cache
X-Amz-Meta-Opti
CACHE
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Oss-Server-Time
X-Parent-Response-Time
X-Oss-Request-Id
X-Cdn-Request-ID
X-Nginx-Upstream-Cache-Status
Hit
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
On-Server
X-Oss-Storage-Class
Server-Ttl
X-DI
X-DB
X-DSS
X-DW
X-RPM
Vha6-Origin
Ohc-Response-Time
X-Webstats-RespID
X-SB
X-Dw-Trace-Id
X-Swift-Error
X-RPS
X-Action
Rt-Fastcgi-Cache
Viewtype
Xet-Cookie
VivaBuild
X-StackifyID
X-RSL
X-Cdn-Forward
X-Amzn-Remapped-X-Forwarded-For
X-Amzn-Remapped-User-Agent
X-Amzn-Remapped-Host
X-Env-Sha256-Sig
X-Forwarded-Port
X-Ftr-Viewer-Uri
Content-Style-Type
X-Snapshot-Date
X-Env-Stack-Name
X-ElasticPress-Search
X-Dispatch
HIT
Req-ID
ServerName
X-CF-Powered-By
X-Yottaa-OS
X-TH-Server
X-MiniProfiler-Ids
Content-Script-Type