Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
X-Turbo-Charged-By
CF-Ray
X-AH-Environment
X-Age
X-Cache-Group
X-Via
X-Pass-Why
X-Backend
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Pingback
X-Page-Speed
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Hacker
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Device
X-WebKit-CSP
X-Rq
Report-To
X-Ws-Request-Id
EagleEye-TraceId
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
Request-Id
X-Backend-Server
X-Cnection
Content-Location
X-Origin-Cache
X-DataDome
NEL
X-Node
X-Cache-Lookup
X-Readtime
X-Dns-Prefetch-Control
X-Cloud-Trace-Context
X-Vhost
X-HW
X-Dispatcher
X-ORACLE-DMS-ECID
X-Application-Context
X-ORACLE-DMS-RID
P3p
X-Cdn
Surrogate-Control
Allow
X-Clacks-Overhead
X-Origin-Upstream-Status
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Rack-Cache
X-DynaTrace
Rating
X-Country
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
X-Ruxit-JS-Agent
Pinterest-Generated-By
Edge-Control
X-Instart-Request-ID
X-Vname
X-TtlSet
X-PC
X-B3-TraceId
X-Mod-Pagespeed
X-Url
Accept-Ch
X-MS-InvokeApp
Verso
SPRequestGuid
X-Powered-By-Plesk
X-TTL
X-ESI
X-D2id
X-Trace
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
Service-Worker-Allowed
X-SharePointHealthScore
Content-MD5
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Build
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
Response
X-Middleton-Response
Pagespeed
X-Sol
X-Middleton-Display
Display
RTSS
Accept-Ch-Lifetime
X-Navigation-Version
SPIisLatency
SPRequestDuration
X-Abt-Application-Version
X-Debug
X-Powered-CMS
X-Forwarded-Proto
X-Vcache
X-Upstream
X-Cached
X-Vcap-Request-Id
Public-Key-Pins
X-Version
X-Amz-Server-Side-Encryption
DynaTrace
X-CST
MS-Author-Via
Charset
X-NF-Request-ID
Realpath
X-Amz-Rid
Edge-Cache-Tag
X-Px
X-DynaTrace-JS-Agent
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Shard
TCN
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Ezoic-Cdn
X-Shield-Request-Id
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastly-Request-ID
X-Pinterest-Rid
X-Ser
Pinterest-Version
X-Accel-Expires
S
Access-Control-Request-Method
X-DIS-Request-ID
Fastly-Restarts
X-Client-IP
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Front-End-Https
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Webapp-Samesite-None-Activated-N
X-T
X-Id
X-Varnish-Age
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-XRDS-Location
X-Goog-Storage-Class
X-FTR-Backend
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
Cache-Tag
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-FTR-Expires
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
Nginx-Cache
X-Server-ID
Fastcgi-Cache
X-Content-Digest
Powered
X-HS-Cache-Config
X-Fastcgi-Cache
X-HS-Hub-Id
X-Correlation-Id
X-Frontend
X-HS-Content-Id
NR-ENABLED
X-Hits
X-Hp-Webp
Alternate-Protocol
X-FTR-Cache-Host
X-Kinsta-Cache
X-Content-Type
X-Request-Processing-Time
X-Request-Received
X-RateLimit-Remaining
X-Aspnetmvc-Version
ServerID
X-Microsite
X-Request-Handler-Origin-Region
Server-Name
X-Webkit-Csp
X-HS-Combine-CSS
TP-Cache
PB-PID
X-N
PB-RID
TP-L2-Cache
X-Cache-Hit
Arc-Version
X-Mobile-Rewrite
X-Grace
X-Ttl
X-Rid
X-Akamai-Edgescape
Healthy
X-Forwarded-For
X-Analytics
Backend-Timing
X-Pad
X-User-Agent
X-Revision
X-Node-Name
X-Content-Security-Policy-Report-Only
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-Mobile-URL
X-Zen-Fury
X-Amzn-RequestId
X-Amz-Apigw-Id
X-LB-Cache
X-Varnish-Grace
Server-Node
X-AppVersion
X-Activity-Id
X-Az
X-Cached-By
X-B3-Sampled
Cache-Status
X-Content-Options
X-Oneagent-Js-Injection
Refresh
X-GUploader-UploadID
X-Geo-Country
X-F-Cache
Upgrade-Insecure-Requests
X-NWS-LOG-UUID
X-IPLB-Instance
X-Type
X-FastCGI-Cache
Retry-After
X-Varnish-Backend
X-Ruxit-Js-Agent
X-Cache-2
X-Srv
X-App-Environment
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Jobs
Accept-Charset
Host
Paypal-Debug-Id
X-FB-Debug
X-B
X-Cluster
DC
X-AOL-HN
X-PHP-Backend
Actual-Object-TTL
X-Framework
X-Request-Guid
X-Page-Id
X-Instance
X-Debug-Info
Access-Control-Allow-Method
FilterID
X-WebKit-CSP-Report-Only
Source
Accept-CH-Lifetime
X-TT
Cache
AR-CACHE
AR-PoweredBy
AR-ATIME
Accept-CH
X-ATG-Version
Fastcgi-Useragent
X-Erf-Bev-Bev
X-Cache-Age
X-Erf-Bev-Bev-Is-Generated
X-Seen-By
X-Git-Hash
X-Cache-Key
MS-CV
X-Content-Powered-By
X-TA-CDN-Provider
X-Via-JSL
Ar-Sid
X-Amz-Replication-Status
Host-Header
X-Cache-TTL
X-B-Cache
X-Signature
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Whom
X-PressLabs-Stats
X-Origin-Server
X-Cache-Control
X-Wix-Request-Id
X-Cache-Enabled
X-Mobile
X-Response-Served-From
NGB
Surrogate-Key
X-ATS-Timestamp
X-XRDS-LOCATION
Xserver
X-RequestSource
X-Daa-Tunnel
X-GeoIP
Cache-Tv-Group
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Filters
X-Host-Name
Datacenter
Payment
Eomportal-Instance
Cleartype
X-Cache-NE
X-FW-Type
X-Hyper-Cache
X-Cacheable-TTL
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Server
X-UA
X-Adobe-Content
WPE-Backend
X-Adobe-Loc
X-Handled-By
Webserver
X-Drupal-Cache-Tags
X-Region
Frame-Options
X-Load-Cache
X-EdgeConnect-Cache-Status
X-TX-ID
X-Kong-Upstream-Latency
X-Cache-Action
X-Litespeed-Cache
X-Kong-Proxy-Latency
X-SERVER
X-Akamai-Transformed
X-Cache-Operation
X-Cache-Rule
AR-Request-ID
X-Hostname
X-Esi
From-Origin
X-Edge-Location
X-Cache-TTL-Remaining
X-ProcessESI
X-NewRelic-App-Data
X-RemovedCookies
Liferay-Portal
X-UA-Device-Type
X-RTag
Ms-Operation-Id
X-Varnish-Hostname
X-Cache-Server
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Forwarded-Host
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Varnish-Server
X-Rule
X-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
Country
X-Upgrade-Enabled
X-Contextid
X-UUID
Odigeo-Trace-Id
X-App-Server
Load-Balancing
Meta-Geo
X-BCube-Filmed-By
X-Cache-Var-Map
X-Path-Route
X-Cache-Var
X-RN-RSRV
X-ES-SERVER
DSUID
X-TT-TIMESTAMP
X-VCache
X-VCT
Webcakes-Region
DB-Nickname
Mn-Server-Ip
TWC-Connection-Speed
Webcakes-App-Version
Webcakes-App-Name
X-Origin-Hint
TWC-GeoIP-Country
X-EIG-Tracking-Id
X-Debug-Cache
X-R9-Blue-Green-Version
TWC-Privacy
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Rocket-Nginx-Bypass
X-From
Release
Property-Id
X-IP
X-Proxy-Build
X-Drupal-Cache-Contexts
Azure-RegionName
Azure-SlotName
Azure-SiteName
X-FC-Vary-Parameters
Azure-InstanceId
Cache-Name
X-Origin-Response-Time
X-Akamai-Request-ID
X-Cache-Time
X-Proxy
X-Proto
X-FW-Dynamic
Selected-Fe
X-Human
X-Hosted-By
X-Origin
Origin-Cache-Control
Origin-Edge-Control
X-Timing-Wait
X-TNCMS
X-ServerID
Azure-Version
L5d-Success-Class
Fastly-SSL
X-FireWall-Port
X-Loop
S-Rt
X-Redis-Cache
X-Via-Fastly
X-Vgn-Hpd-Reason
X-Real-IP
X-Soup
X-Access
Viewport
Ec-Rule-Version
X-Varnish-Hits
Cache-Tags
X-Locale
X-Www-Served-By
Uber-Trace-Id
X-Pubstack
X-PCL
X-Viewer-Country
X-BYPASS-REASON
X-OCL
X-Site-Version
X-Rendered-As
X-ProxyCache-Status
X-ProxyCache-Key
X-Section
X-Generated
X-Accel-Buffering
X-Is-Bot
X-JoinUs
X-Format
X-Cluster-Name
X-Backend-Name
X-Cache-Config
X-Content-Age
X-Cache-Host
X-CCM
X-Akamai-Request-ID2
X-Labrador-Cache-Channel
X-Varnish-Cache-Hits
X-Web-Node
Version
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated-By
NGX
Decoy-Debug-TTL
Decoy-Debug-Key
Server-Info
Decoy-Debug-Status
S-Cnection
X-Time-Microsecs
X-Xfnlog-Site
X-NWS-UUID-VERIFY
Tracecode
X-Cache-Backend
X-PHP-Host
X-Presslabs-Stats
X-Amzn-Remapped-Content-Length
X-Info
X-Origin-TTL
X-Origin-CC
X-Time
X-SaId
X-PERF
X-ApacheServer
X-WA-Info
Akamai-GRN
X-Tec-Api-Version
X-Geo
X-Tec-Api-Origin
X-Tec-Api-Root
X-Storage
X-Nginx-Cache-Key
Cteonnt-Length
GEO-INFO
X-URL
Rt-Fastcgi-Cache
Time
X-MServer
X-CF-Powered-By
X-APP-VERSION
X-No-Session
X-Unique-Id
X-App-Version
X-Cache-Remote
X-L-Path
X-Environment-Context
Origin
Access-Control-Request-Headers
X-Guploader-Uploadid
X-Backend-TTL
X-FB-TRIP-ID
X-Tb
Accept-Language
Cache-Key
X-TIME
X-GoCache-CacheStatus
X-CDN-Forward
X-EC-Lua
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-NCache
X-CACHE-KEY
X-Hit
X-RCS-CacheZone
X-RateLimit-Limit
X-Alternate-Cache-Key
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Generated-Cart-Token
X-Dc
Cache-Hits
Vix-Hermes-Req-Id
Mime-Version
OT-Force-Account-Verify
X-Device-Type
X-Tumblr-Pixel-3
X-Trace-Id
X-Source
X-S
X-CS
X-SS-Set-Cookie
X-B3-SpanId
X-Parent-Response-Time
X-OVcl-Cache
X-Endurance-Cache-Level
X-Magnolia-Registration
X-OVcl
Xc-Version
Mobile-Detection-Method
X-G
X-Processor
Cross-Origin-Window-Policy
X-Region-Sid
Content-Style-Type
Content-Script-Type
X-CF-Lambda-Version
Meta-Geo-Continent
Arc-Country
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Server-Host
Apple-News-Services-Host
Rendered-Blocks
X-Hl-Ver
X-VG-WebServer
Apple-News-Services-Handled
X-VG-WebCache
BehaviorPad-Version
X-B-Cookie
Node
Rt-Proxy-Cache
X-PAYTM-SRV-ID
X-Aed
X-Accel-Expires-Debug
X-CF-Lambda-Fn
X-A-Dcw
X-Rewrite-Enabled
X-Destination
X-Svr
X-Connection-Hash
X-Vtex-Processado-Em
X-AIR-PT
X-SRCache-Key
Viewtype
X-SIPLIST1
X-ARC
VivaBuild
X-Date
X-D
X-A
X-A-Ccd
X-A-Dam
X-Vtex-Remote-Cache
X-Twitter-Response-Tags
X-Trv-Group
X-Cluster-Node
IsBot
X-A-Dgt
X-Transaction
X-Detected-As
X-A-Wwc
MD5-Digest
X-Request-UUID
X-Rojux
X-DPWN-IS-SECURE
Machine
T-Server
X-S-Cookie
Fastcgi-X-Cache-Version
X-Vdms-Version
X-External-Request-Id
X-Service
X-Session-Fingerprint
X-ScT
X-Server-Time
X-Application
X-Upstream-Ct
X-Upstream-Ht
Srv
Now
ServerName
X-Core-Value
X-CUA
X-Dispatch
AsisCache
X-Hash
X-Dispatcher-Server
X-Generated-On
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Instart-Isnd
X-ND-Cache
Thinkindot-CacheControl-Type
X-Via-NSCOPI
User-Cache-Control
Thinkindot-Control
Thinkindot-CacheControl
Server-Int
Served-By
Mail-Subject
We-Hiring
X-Ah-Environment
X-Webstats-RespID
Request-EU
Wxu-Next-Hostname
X-Cache-Bucket
Wxu-Next-Region
X-Thinkindot-L3
X-Level-Front-Cache
Wxu-Next-Commit
Request-Country
X-Matched-Rule
X-Location
X-Reboot
X-Uri
Proxy-Connection
ServedBy
X-Compress-Hint
X-Cms-Context
X-Agile-Id
X-Amz-Meta-Cache-Control
X-C
X-Bip
X-Agile-Age
X-Cache-URL
X-Cache-Debug
X-Agile
X-App-Name
X-B3-Parentspanid
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Core-Mission
X-CGP
X-Clara-WADP
X-BBXSRF
X-Clientip
X-Backend-State
X-Cdn-Srv
X-Cache-FS-Status
X-LI-UUID
X-Wikidot-Backend
X-Scheme
X-SD-PageType
X-Server-IP
X-Sigma-Backend
X-Sigma
X-S-Maxage
X-Rocket-Build-Number
X-Wikidot-Static-Cache
X-Qloud-Router
X-Release
X-Reqid
X-Request-Start
X-Skip-Cache
X-Sucuri-Cache
X-WADP-Cache
X-User
X-Variation
X-VC-Cache
X-VG-TLSProxy
X-VServer
X-Up
X-We-Are-Hiring
X-SVT-ORM-RULES
X-WebServer
X-SVT-ORM-VERSION
X-Thanos
X-TrackingId
X-Platform-Server
X-Planisys-CDN-TTL
X-FW-Version
X-Fastly-Cache
X-Generation-Time
X-Geo-Header
X-Has-Esi
X-GeoIP-City
X-Eu-Site
X-Epic-Correlation-Id
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Developers
X-Distil-CS
X-Distributor
X-Irp-Debug
X-Is-Gdpr
X-Origin-Expires
X-Origin-Date
X-Owner
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Old-Content-Length
X-Method
X-Key
X-JWT-State
X-Li-Fabric
X-Li-Pop
X-Logging-Id
X-Debug-Cache-Expiry
X-Auto-Login
Is-Eu
Heartbleed
HA-Ipaddr
L
Magicmarker
Platform
PFcat
Memcached
Ha-Gx-Prefs
Gh-Request-Id
Cache-Host
AKAMAI
Adler-Geo
Content-Disposition
Countrycode
Fastly-Soc-X-Request-Id
Esi-Enabled
Pramga
IBM-Web2-Location
RNT-Machine
SD-X-WS
W
RNT-Time
Section-Io-Cache
Cache-Provider
NtCoent-Length
X-SRV
X-CSRF-TOKEN
X-Varnish-Beresp-Grace
Web-Mar-Node
X-Debug-Cookies
X-Debug-Log
X-Varnish-Beresp-Ttl
X-Proxy-Upstream
X-Gen-Mode
X-Proxy-Cache-Status
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-NX-Host
CDCHOST
X-Request-URI
X-Varnish-Beresp-Status
X-Hnp-Log
X-Trafficlayer-App-Version
X-Ms-Version
X-Ms-Request-Id
X-Internal-Host
X-Cache-Info
Server-ID
X-Block-Status
Powered-By-ChinaCache
X-Cache-Grace
X-LI-Proto
X-Nc
X-B3-Spanid
X-NC
Kp-EeAlive
X-Generated-In
X-Policy
X-Cache-Id
X-Swa-Ws
X-Via-CDN
Environment
X-Newrelic-Synthetics
Cdnsip
X-Req
X-NodeID
X-MSEdge-Features
Cdncip
X-MSEdge-Flight
X-Servername
Locid
X-Served-From
Locale
CF-IPCountry
X-Urbn-Site-Id
X-Urbn-Context-Path
X-AK-Request-ID
X-ServiceProvider
V-Age
True-Client-Country-4JS
X-HTML-Minification-Powered-By
X-B3-Traceid
GEO-REGION-INFO
X-Gamma-Serve
X-Be
X-Lb-Id
X-NODE
X-IPS-LoggedIn
X-Cdn-Forward
X-GRACE
FNAC-ModuleRouting
X-FPC
X-CLOUD-TRACE-CONTEXT
X-Refresh
Hostname
X-UnsetCookies
X-Sucuri-Id
X-7Graus-Varnish-Cache-Control
X-Render-Time
X-7Graus-Varnish-XKeys
X-Sucuri-ID
X-Mode
X-MP-GENERATED-AT
X-Tb-Optimization-Total-Bytes-Saved
X-Nginx-Cache
X-NU-AKA-ACS-Version
X-VHOST
X-Zone
Tcn
ProcessTime
X-GeoIP-Country-Code
X-Developer
Geo-Info
A
X-Webkit-CSP
X-Edge-O15-RID
X-Servedbyhost
X-Device-Os
X-Cdn-Origin
X-Microcachable
X-Sn-Servicetimems
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-Node-Id
Memory
X-Pjax-Url
X-Pf-Uncompressing
X-Ratelimit-Remaining
X-CSRF-Token
X-AWS-Id
X-VWS-Id
TTL
X-FORWARDED-FOR
X-LJ-Flow-ID
GeoIp-Country-Code
Geoip-Latitude
X-COUNTRY
Gannett-Cam-Experience-Id
Request-Time
Resin-Trace
X-Correlation-ID
X-Ratelimit-Limit
PICS-Label
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Amp-Access-Control-Allow-Source-Origin
Cache-Cookie-Set-From
X-DC
CF-Cached-On
X-Bc
X-Request-Time
Pics-Label
X-Pod
HostName
Cdn
X-VCL-Version
X-Vcl-Version
X-ZONE
Cf-Ipcountry
X-Swift-Error
Group
GeoIP-Latitude
X-Via-Edge
X-Cdn-Request-ID
GeoIP-Country-Code
X-Via-SSL
GeoIP-City
M-TraceId
X-NGINX-Cache
X-Unique-ID
X-Instart-Info
X-ECACHE
XServer
X-ElasticPress-Search
X-TH-Server
Host-ID
Geoip-City
MIME-Version
X-BC
X-Backend-Url
X-Backend-Host
X-Var-Ttl
Ttl
Ohc-Cache-HIT
Ohc-File-Size
Powered-By
HitType
Backend-Name
X-PF-Uncompressing
X-APP
X-Check-Cacheable
X-UPSTREAM-Address
REQUESTUUID
Lfy
N-Cache
X-NGENIX-Cache
Pagetype
URI
Media-Length
X-PJAX-URL
X-Fstrz
On-Server
User-Agent
Fly-Request-Id
X-HS-Status
Fly-Cache
X-ServedByHost
X-Tt-Trace-Tag
Cache-Prefix
X-Fastly-Country-Code
SRV
X-HostName
X-Hp-Ccpa-Warning
X-Cache-Tag
X-Aicache-OS
X-Tt-Trace-Host
FSS-Proxy
FSS-Cache
X-WR-MODIFICATION
X-Via-Ucdn
X-Worker
X-LiteSpeed-Cache-Control
X-Cache-Miss-From
Who
X-Sedo-Request-Id
UCS
X-WA
Pragrma
X-Fetched-On
CDN
X-NYM-Debug-Backend
AR-SID
Processtime
X-Server-W
X-BE
X-Cache-Tags
X-Cache-ASPX
X-GEO
X-LAGOON
X-Contensis-Viewer-Groups
Server-Cache-Control
Server-Surrogate-Control
X-Varnish-URL
X-Varnish-Cacheable
Fastly-SWR
X-Varnish-Authentication
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Wa
X-LB-ID
X-Fpc
X-Cf-Powered-By
X-Store
Fastly-Backend-Name
Location
X-Upstream-HT
Debug
X-ServerName
X-Upstream-CT
X-Fastly-Backend-Reqs
X-Varnish-Beresp-TTL
X-Ftr-Cache-Host
Filterid
X-Ua
X-Akamai-ERRuleID
X-TT-LOGID
Country-Code
X-Protected-By
X-Akamai-ERPolicy
X-Response-By
X-Request-Url
Product
Application
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Apw-Access-Action
X-Dw-Trace-Id
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
WP-Super-Cache
X-Fastly-Cache-Hits
Cneonction
XxX-Cache-Status
SID
X-GDPR
X-Gen-Id
X-Li-Proto
Thinkindot-Cache-Type
Xet-Cookie
X-Nananana
X-VC
X-SB
NnCoection
Server-Id