Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
X-Turbo-Charged-By
CF-Ray
X-Age
X-Cache-Group
X-Via
X-Pass-Why
X-AH-Environment
X-Backend
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Pingback
X-Page-Speed
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
X-Nginx-Cache-Status
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Device
X-WebKit-CSP
X-Rq
Report-To
X-Ws-Request-Id
EagleEye-TraceId
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
Request-Id
X-Backend-Server
X-Cnection
Content-Location
X-DataDome
X-Origin-Cache
X-Node
NEL
X-Cache-Lookup
X-Readtime
X-Dns-Prefetch-Control
X-Cloud-Trace-Context
X-Vhost
X-HW
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
P3p
X-ORACLE-DMS-RID
X-Cdn
Surrogate-Control
Allow
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
Rating
X-DynaTrace
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
X-Ruxit-JS-Agent
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Instart-Request-ID
Pinterest-Generated-By
X-Mod-Pagespeed
X-Url
X-B3-TraceId
Accept-Ch
X-MS-InvokeApp
Verso
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-Trace
X-Server-Name
X-VARITI-CCR
Service-Worker-Allowed
X-GitHub-Request-Id
Content-MD5
X-SharePointHealthScore
X-TTL
X-ESI
X-Sol
Pagespeed
X-Middleton-Response
Response
RTSS
X-Middleton-Display
Display
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Id
X-Use-Magma
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Kinja
Accept-Ch-Lifetime
X-Navigation-Version
X-Vcache
SPRequestDuration
SPIisLatency
X-Abt-Application-Version
X-Powered-CMS
X-Debug
X-Forwarded-Proto
X-Upstream
X-Cached
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-Version
Charset
DynaTrace
X-NF-Request-ID
X-CST
MS-Author-Via
X-Amz-Rid
Edge-Cache-Tag
X-Px
X-DynaTrace-JS-Agent
Realpath
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Shard
TCN
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Shield-Request-Id
X-Ezoic-Cdn
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-Fastly-Request-ID
X-Accel-Expires
S
X-Ser
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-DIS-Request-ID
X-Pinterest-Rid
Fastly-Restarts
Pinterest-Version
X-Client-IP
X-XRDS-Location
Front-End-Https
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Element-Page-Cache
X-Varnish-Age
X-Id
X-T
X-Webapp-Samesite-None-Activated-N
Cache-Tag
X-Goog-Storage-Class
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-Amzn-Trace-Id
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-Mrf-Section-Lastmod
X-FTR-Expires
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Nginx-Cache
X-Dw-Request-Base-Id
X-Server-ID
Fastcgi-Cache
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Frontend
Powered
X-Hits
NR-ENABLED
X-Fastcgi-Cache
X-Correlation-Id
X-Hp-Webp
Alternate-Protocol
X-Ttl
X-Kinsta-Cache
X-FTR-Cache-Host
X-Content-Type
X-Request-Processing-Time
X-Request-Received
X-RateLimit-Remaining
ServerID
X-HS-Combine-CSS
X-Aspnetmvc-Version
Server-Name
X-Request-Handler-Origin-Region
X-Microsite
X-Webkit-Csp
PB-PID
PB-RID
Arc-Version
X-N
X-Mobile-Rewrite
TP-L2-Cache
TP-Cache
X-Grace
X-Cache-Hit
X-Akamai-Edgescape
Healthy
X-Rid
X-User-Agent
Backend-Timing
X-Analytics
X-Forwarded-For
X-Pad
X-Revision
X-Node-Name
X-Content-Security-Policy-Report-Only
X-Mobile-URL
AMP-Access-Control-Allow-Source-Origin
X-Amzn-RequestId
X-Logged-In
X-Zen-Fury
X-Amz-Apigw-Id
X-LB-Cache
Server-Node
X-Varnish-Grace
X-Activity-Id
X-AppVersion
X-Cached-By
X-Az
X-B3-Sampled
Cache-Status
X-Content-Options
X-GUploader-UploadID
X-Oneagent-Js-Injection
X-F-Cache
Refresh
X-Geo-Country
Upgrade-Insecure-Requests
X-FastCGI-Cache
X-NWS-LOG-UUID
X-Type
X-IPLB-Instance
Retry-After
X-Varnish-Backend
X-Ruxit-Js-Agent
X-Cache-2
X-Srv
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-FB-Debug
X-App-Environment
X-Request-Guid
X-Page-Id
X-Jobs
X-Instance
Host
X-Debug-Info
Accept-Charset
X-AOL-HN
X-Cluster
Paypal-Debug-Id
Source
Access-Control-Allow-Method
Actual-Object-TTL
X-PHP-Backend
X-B
FilterID
X-Framework
X-WebKit-CSP-Report-Only
DC
Accept-CH-Lifetime
Cache
X-ATG-Version
Accept-CH
X-TT
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Cache-Age
Fastcgi-Useragent
X-Seen-By
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Cache-Key
X-Git-Hash
MS-CV
X-PressLabs-Stats
X-Content-Powered-By
X-Via-JSL
X-TA-CDN-Provider
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-B-Cache
X-Signature
Ar-Sid
Host-Header
X-Cache-TTL
X-Amz-Replication-Status
X-Whom
X-Esi
X-Cache-Control
X-Origin-Server
X-Wix-Request-Id
NGB
X-Response-Served-From
X-Cache-Enabled
X-ATS-Timestamp
Xserver
Surrogate-Key
X-Daa-Tunnel
X-UA
X-Mobile
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Cache-Tv-Group
Payment
X-FW-Server
X-Host-Name
X-FW-Serve
X-Cache-NE
X-FW-Static
Datacenter
X-FW-Hash
X-Hyper-Cache
X-RequestSource
Cleartype
X-FW-Type
X-GeoIP
Frame-Options
X-Adobe-Content
WPE-Backend
Eomportal-Instance
X-Adobe-Loc
X-Cacheable-TTL
Filters
X-Region
X-TX-ID
X-Handled-By
X-Cache-Action
X-Drupal-Cache-Tags
X-EdgeConnect-Cache-Status
Webserver
X-Ah-Environment
X-Load-Cache
X-Litespeed-Cache
X-Kong-Proxy-Latency
X-Hostname
X-Kong-Upstream-Latency
X-SERVER
AR-Request-ID
X-Akamai-Transformed
X-Cache-Rule
X-Cache-Operation
X-Edge-Location
X-Cache-TTL-Remaining
X-XRDS-LOCATION
From-Origin
X-ProcessESI
X-RemovedCookies
X-NewRelic-App-Data
Liferay-Portal
X-UA-Device-Type
X-Cache-Server
Ms-Operation-Id
X-RTag
X-Varnish-Hostname
X-Oss-Request-Id
X-Oss-Storage-Class
X-Forwarded-Host
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Rule
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Varnish-Server
X-Status
Country
X-Upgrade-Enabled
X-Contextid
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-UUID
X-App-Server
Odigeo-Trace-Id
X-ES-SERVER
Meta-Geo
X-RN-RSRV
X-Path-Route
X-Cache-Var-Map
Load-Balancing
X-Cache-Var
X-BCube-Filmed-By
X-TT-TIMESTAMP
DSUID
X-VCT
DB-Nickname
X-Rocket-Nginx-Bypass
X-CCM
Mn-Server-Ip
X-From
X-Debug-Cache
X-Origin
X-Origin-Hint
X-OCL
Azure-SiteName
X-Drupal-Cache-Contexts
Azure-RegionName
Azure-InstanceId
X-Loop
X-FC-Vary-Parameters
X-Hosted-By
TWC-Connection-Speed
S-Rt
Release
Property-Id
TWC-Device-Class
Webcakes-Region
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Akamai-Request-ID
X-Cache-Config
Fastly-SSL
L5d-Success-Class
X-IP
Cache-Tags
Azure-Version
Webcakes-App-Name
X-FireWall-Port
X-Cache-Host
X-FW-Dynamic
X-Origin-Response-Time
X-Cache-Time
Azure-SlotName
X-Redis-Cache
X-Via-Fastly
X-Viewer-Country
X-R9-Blue-Green-Version
X-TNCMS
X-EIG-Tracking-Id
X-Proxy
X-ServerID
X-PCL
X-Real-IP
X-Proto
Selected-Fe
X-Section
X-Human
Ec-Rule-Version
X-ProxyCache-Status
X-Rendered-As
Viewport
Origin-Cache-Control
X-Akamai-Request-ID2
X-Format
X-Content-Age
X-Varnish-Hits
X-Vgn-Hpd-Reason
X-Cluster-Name
X-Timing-Wait
X-Access
X-Backend-Name
X-Generated
X-Soup
Origin-Edge-Control
Cache-Name
Uber-Trace-Id
X-BYPASS-REASON
X-Is-Bot
X-JoinUs
X-ProxyCache-Key
X-Xfnlog-Site
X-Accel-Buffering
X-Proxy-Build
X-Labrador-Cache-Channel
X-Pubstack
Decoy-Debug-TTL
X-Www-Served-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Web-Node
Version
Decoy-Debug-Status
Decoy-Debug-Key
NGX
Server-Info
X-Time
X-Generated-By
X-Time-Microsecs
X-Varnish-Cache-Hits
S-Cnection
X-Locale
X-PHP-Host
X-Site-Version
X-NWS-UUID-VERIFY
X-Cache-Backend
Tracecode
X-PERF
X-ApacheServer
X-Amzn-Remapped-Content-Length
X-SaId
X-Info
X-Origin-TTL
X-Origin-CC
X-Storage
Akamai-GRN
X-Geo
X-WA-Info
X-Nginx-Cache-Key
Rt-Fastcgi-Cache
X-VCache
X-URL
Cteonnt-Length
Time
X-MServer
X-Presslabs-Stats
X-CF-Powered-By
X-Environment-Context
X-No-Session
X-L-Path
Origin
X-Unique-Id
X-APP-VERSION
GEO-INFO
X-App-Version
X-Cache-Remote
X-Guploader-Uploadid
X-Tb
X-Backend-TTL
Cache-Key
X-RateLimit-Limit
X-FB-TRIP-ID
Accept-Language
X-SayCDN-TTL
X-Say-Cacheable
X-EC-Lua
X-Say-TTL
X-GoCache-CacheStatus
Access-Control-Request-Headers
X-Tec-Api-Origin
X-NCache
X-Tec-Api-Root
X-Tec-Api-Version
X-CDN-Forward
X-Hit
X-CACHE-KEY
Vix-Hermes-Req-Id
X-RCS-CacheZone
X-Alternate-Cache-Key
Cache-Hits
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-PodId
X-Device-Type
X-TIME
OT-Force-Account-Verify
Mime-Version
X-CS
X-S
X-Trace-Id
X-Tumblr-Pixel-3
Srv
X-B3-Traceid
X-SS-Set-Cookie
X-B3-SpanId
X-Endurance-Cache-Level
X-OVcl
X-Source
X-Parent-Response-Time
X-OVcl-Cache
X-Dc
X-G
Machine
X-Processor
X-B-Cookie
Rt-Proxy-Cache
Content-Script-Type
Content-Style-Type
X-Region-Sid
Meta-Geo-Continent
BehaviorPad-Version
Xc-Version
X-External-Request-Id
X-Connection-Hash
Request-EU
MD5-Digest
Apple-News-Services-Handled
User-Cache-Control
X-Hl-Ver
X-A-Ccd
X-CF-Lambda-Version
X-CF-Lambda-Fn
Mobile-Detection-Method
X-Magnolia-Registration
Apple-News-Services-Host
X-PAYTM-SRV-ID
Node
Arc-Country
Request-Country
Rendered-Blocks
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
AsisCache
Server-Host
X-Trv-Group
X-Vtex-Processado-Em
X-Twitter-Response-Tags
X-Date
X-Transaction
X-Vtex-Remote-Cache
X-D
X-Application
X-Request-UUID
X-Detected-As
Viewtype
X-Vdms-Version
X-A-Wwc
X-VG-WebCache
X-VG-WebServer
X-Accel-Expires-Debug
X-Aed
VivaBuild
X-AIR-PT
X-A-Dgt
X-Destination
X-Svr
X-S-Cookie
X-A-Dam
X-ARC
X-Rojux
X-A
X-Rewrite-Enabled
X-Upstream-Ht
X-Upstream-Ct
X-A-Dcw
X-ScT
Fastcgi-X-Cache-Version
X-SIPLIST1
X-DPWN-IS-SECURE
X-SRCache-Key
Cross-Origin-Window-Policy
T-Server
X-Session-Fingerprint
IsBot
X-Server-Time
ServerName
Now
X-Dispatcher-Server
X-IN-APIGATEWAYSSL
X-Core-Value
X-CUA
X-Dispatch
X-Hash
X-IN-APIGATEWAY
We-Hiring
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Cache-Bucket
Thinkindot-CacheControl
X-Service
X-Reboot
Mail-Subject
Server-Int
X-Cluster-Node
X-Thinkindot-L3
X-ND-Cache
X-Via-NSCOPI
X-Matched-Rule
X-Location
ServedBy
X-CSRF-TOKEN
X-Uri
X-Azure-Ref
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Azure-Ref-OriginShield
X-Amz-Meta-Cache-Control
X-App-Name
X-Auto-Login
X-Compress-Hint
X-Clara-WADP
X-Cache-FS-Status
X-Cache-Info
X-Cache-URL
X-Cdn-Srv
X-CGP
X-Cache-Debug
X-C
X-Cms-Context
X-Debug-Cache-Store
X-B3-Parentspanid
X-Backend-State
X-Block-Status
X-Clientip
X-Core-Mission
X-Irp-Debug
X-S-Maxage
X-Rocket-Build-Number
X-Scheme
X-SD-PageType
X-Sigma-Backend
X-Sigma
X-Request-URI
X-Request-Start
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Platform-Server
X-Proxy-Cache-Status
X-Reqid
X-Proxy-Upstream
X-Skip-Cache
X-SVT-ORM-RULES
X-VG-TLSProxy
X-VC-Cache
X-VServer
X-Webstats-RespID
X-We-Are-Hiring
X-WADP-Cache
X-Variation
X-Wikidot-Backend
X-TrackingId
X-SVT-ORM-VERSION
X-Wikidot-Static-Cache
X-Up
X-User
X-Planisys-CDN-Cache
X-Origin-Expires
X-Gen-Mode
X-FW-Version
X-Generated-On
X-Generation-Time
X-GeoIP-City
X-Geo-Header
X-Fastly-Cache
X-Eu-Site
X-Developers
X-Debug-Log
X-Distil-CS
X-Distributor
X-Epic-Correlation-Id
X-Has-Esi
X-Hnp-Log
X-LI-UUID
X-Li-Pop
X-Method
X-NX-Host
X-Origin-Date
X-Old-Content-Length
X-Li-Fabric
X-Level-Front-Cache
X-WebServer
X-Instart-Isnd
X-Is-Gdpr
X-JWT-State
X-Key
X-Debug-Cookies
Wxu-Next-Region
Is-Eu
IBM-Web2-Location
HA-Ipaddr
L
Magicmarker
RNT-Machine
Platform
PFcat
Ha-Gx-Prefs
Gh-Request-Id
CDCHOST
AKAMAI
Adler-Geo
Content-Disposition
Countrycode
Fastly-Soc-X-Request-Id
Esi-Enabled
RNT-Time
Memcached
Wxu-Next-Hostname
W
SD-X-WS
Served-By
Wxu-Next-Commit
Section-Io-Cache
Web-Mar-Node
NtCoent-Length
X-SRV
Proxy-Connection
X-Varnish-Beresp-Ttl
Kp-EeAlive
X-Sucuri-Cache
X-Varnish-Beresp-Grace
X-Internal-Host
X-Agile
X-Agile-Id
X-Varnish-Beresp-Status
X-Release
X-Trafficlayer-App-Version
X-RateLimit-Remaining-Second
X-Thanos
Heartbleed
X-LI-Proto
X-Bip
Cache-Host
X-Ms-Version
Pramga
X-Server-IP
X-BBXSRF
X-Owner
X-Policy
X-Qloud-Router
Server-ID
X-Cache-Id
Powered-By-ChinaCache
X-RateLimit-Limit-Second
X-Generated-In
X-Logging-Id
X-Cache-Grace
X-Agile-Age
X-Ms-Request-Id
X-Nc
Cache-Provider
X-B3-Spanid
X-NC
X-ServiceProvider
Cdncip
Cdnsip
X-AK-Request-ID
V-Age
True-Client-Country-4JS
X-Swa-Ws
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Newrelic-Synthetics
X-Via-CDN
Environment
X-MSEdge-Flight
X-NodeID
X-MSEdge-Features
X-Req
X-Servername
Locid
CF-IPCountry
X-HTML-Minification-Powered-By
GEO-REGION-INFO
X-Gamma-Serve
FNAC-ModuleRouting
X-Served-From
X-GRACE
X-Cdn-Forward
X-IPS-LoggedIn
X-Be
X-Refresh
X-Lb-Id
X-Sucuri-Id
X-FPC
X-CLOUD-TRACE-CONTEXT
X-Nginx-Cache
Hostname
X-UnsetCookies
X-7Graus-Varnish-Cache-Control
Geo-Info
X-7Graus-Varnish-XKeys
X-Render-Time
ProcessTime
X-NU-AKA-ACS-Version
X-Tb-Optimization-Total-Bytes-Saved
X-VHOST
X-Mode
X-MP-GENERATED-AT
X-Zone
A
Tcn
X-Sucuri-ID
X-Developer
X-Servedbyhost
X-Microcachable
X-GeoIP-Country-Code
X-Edge-O15-RID
X-Webkit-CSP
X-Sn-Servicetimems
X-Device-Os
X-Cdn-Origin
X-Routing-Service
X-Proxied
X-Zipkin-Id
X-VWS-Id
X-Pjax-Url
X-AWS-Id
X-Node-Id
X-Pf-Uncompressing
Memory
X-LJ-Flow-ID
X-Ratelimit-Remaining
X-FORWARDED-FOR
X-DC
Request-Time
Resin-Trace
X-CSRF-Token
Gannett-Cam-Experience-Id
X-COUNTRY
TTL
X-Correlation-ID
GeoIp-Country-Code
X-VCL-Version
Amp-Access-Control-Allow-Source-Origin
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Geoip-Latitude
PICS-Label
Cache-Cookie-Set-Lfrom
X-ZONE
X-Bc
CF-Cached-On
Cf-Ipcountry
Pics-Label
X-Request-Time
X-Pod
M-TraceId
HostName
X-Ratelimit-Limit
GeoIP-Latitude
GeoIP-Country-Code
X-Swift-Error
X-Via-Edge
X-Vcl-Version
Group
X-Cdn-Request-ID
X-Via-SSL
GeoIP-City
Cdn
X-Unique-ID
XServer
X-Instart-Info
X-TH-Server
X-ElasticPress-Search
X-ECACHE
Host-ID
Geoip-City
Ttl
X-NODE
X-BC
MIME-Version
X-NGINX-Cache
Ohc-File-Size
X-Backend-Host
Ohc-Cache-HIT
X-Var-Ttl
X-Backend-Url
X-APP
X-PF-Uncompressing
Backend-Name
Powered-By
X-Check-Cacheable
HitType
X-UPSTREAM-Address
Pagetype
Lfy
Media-Length
URI
REQUESTUUID
X-NGENIX-Cache
N-Cache
X-Fstrz
X-Oracle-Dms-Rid
X-Tt-Trace-Tag
X-PJAX-URL
User-Agent
Fly-Cache
X-Fastly-Country-Code
Fly-Request-Id
X-ServedByHost
X-HS-Status
Cache-Prefix
On-Server
X-HostName
SRV
X-Hp-Ccpa-Warning
X-Via-Ucdn
X-Worker
X-WR-MODIFICATION
X-Cache-Tag
X-Tt-Trace-Host
X-Aicache-OS
FSS-Proxy
FSS-Cache
X-LiteSpeed-Cache-Control
Who
X-BE
X-Cache-Miss-From
X-NYM-Debug-Backend
CDN
X-Sedo-Request-Id
Pragrma
X-Fetched-On
X-Dynatrace
X-WA
AR-SID
X-Server-W
UCS
X-Cache-Tags
X-Contensis-Viewer-Groups
X-Varnish-Cacheable
X-Varnish-Authentication
Fastly-SWR
X-Varnish-URL
Server-Cache-Control
Server-Surrogate-Control
X-LB-ID
Processtime
X-Cache-ASPX
X-LAGOON
Fastly-SIE
X-GEO
X-Fpc
X-Rebelmouse-Surrogate-Control
X-Wa
X-Rebelmouse-Cache-Control
X-Cf-Powered-By
X-Store
X-Upstream-CT
Country-Code
X-ServerName
Location
X-Upstream-HT
Debug
X-Fastly-Backend-Reqs
Fastly-Backend-Name
Filterid
X-Ftr-Cache-Host
X-Ua
X-Response-By
X-TT-LOGID
X-Akamai-ERPolicy
X-Varnish-Beresp-TTL
X-Akamai-ERRuleID
X-Protected-By
X-Li-Proto
Server-Id
X-Dw-Trace-Id
X-Request-Url
Product
X-Apw-Access-Token
Ohc-Response-Time
RequestId
Lb
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
SID
Cneonction
X-GDPR
X-Amzn-Remapped-Connection
XxX-Cache-Status
NnCoection
Thinkindot-Cache-Type
X-Fastly-Cache-Hits
X-Gen-Id
WP-Super-Cache
X-Nananana
Xet-Cookie
X-VC
X-Amzn-Remapped-Date
X-SB
Application