Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
X-Powered-By
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
CF-Ray
X-Turbo-Charged-By
X-AH-Environment
X-Ua-Compatible
X-Age
X-Cache-Group
X-Via
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Hacker
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Feature-Policy
Server-Timing
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Server-Id
X-Device
X-Rq
Report-To
X-Ws-Request-Id
EagleEye-TraceId
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
X-Cnection
Request-Id
X-Backend-Server
Content-Location
X-Origin-Cache
X-DataDome
X-Node
NEL
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Readtime
X-Vhost
X-Cloud-Trace-Context
P3p
X-HW
X-Dispatcher
X-ORACLE-DMS-ECID
X-Application-Context
X-ORACLE-DMS-RID
X-Cdn
Allow
Surrogate-Control
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
Rating
X-Country
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
Edge-Control
X-Instart-Request-ID
X-Vname
X-TtlSet
X-PC
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-B3-TraceId
X-Mod-Pagespeed
X-Url
Accept-Ch
X-MS-InvokeApp
Verso
X-TTL
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-Trace
X-ESI
X-Server-Name
X-VARITI-CCR
Content-MD5
Service-Worker-Allowed
X-GitHub-Request-Id
X-SharePointHealthScore
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Middleton-Response
Response
RTSS
X-Sol
Pagespeed
X-Middleton-Display
Display
X-Vcache
Accept-Ch-Lifetime
X-Navigation-Version
X-Abt-Application-Version
X-Powered-CMS
SPIisLatency
X-Debug
SPRequestDuration
X-Forwarded-Proto
X-Upstream
X-Cached
X-Amz-Server-Side-Encryption
Public-Key-Pins
X-Vcap-Request-Id
Charset
DynaTrace
X-CST
X-Version
MS-Author-Via
X-NF-Request-ID
X-Amz-Rid
Edge-Cache-Tag
Realpath
X-Px
X-DynaTrace-JS-Agent
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-Shard
TCN
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Shield-Request-Id
X-MSEdge-Ref
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-Fastly-Request-ID
X-Accel-Expires
X-Pinterest-Rid
S
Pinterest-Version
X-Ser
X-DIS-Request-ID
Fastly-Restarts
X-Client-IP
X-Webapp-Samesite-None-Activated-N
Front-End-Https
X-Goog-Stored-Content-Encoding
X-XRDS-Location
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Amz-Meta-S3cmd-Attrs
X-T
X-Id
X-Recruiting
X-Element-Page-Cache
X-Varnish-Age
Cache-Tag
X-Goog-Storage-Class
X-Amzn-Trace-Id
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-Server-ID
X-Dw-Request-Base-Id
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-FTR-Expires
X-Fastcgi-Cache
Nginx-Cache
Fastcgi-Cache
X-Content-Digest
X-HS-Cache-Config
X-Frontend
X-HS-Content-Id
X-HS-Hub-Id
NR-ENABLED
X-Hits
Powered
X-Correlation-Id
X-Hp-Webp
Alternate-Protocol
X-Kinsta-Cache
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Aspnetmvc-Version
X-Content-Type
X-Webkit-Csp
X-Request-Processing-Time
X-Request-Received
Server-Name
X-HS-Combine-CSS
ServerID
X-Request-Handler-Origin-Region
X-Microsite
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
TP-Cache
TP-L2-Cache
X-N
X-Cache-Hit
X-Rid
Healthy
X-Akamai-Edgescape
X-Forwarded-For
X-Grace
X-User-Agent
X-Revision
Backend-Timing
X-Analytics
X-Pad
X-Content-Security-Policy-Report-Only
X-Node-Name
X-Logged-In
X-Mobile-URL
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Zen-Fury
AMP-Access-Control-Allow-Source-Origin
X-LB-Cache
X-Ttl
X-Varnish-Grace
Server-Node
X-Oneagent-Js-Injection
X-Cached-By
X-Activity-Id
X-AppVersion
X-Az
X-B3-Sampled
Cache-Status
X-Content-Options
X-F-Cache
Refresh
X-Geo-Country
X-GUploader-UploadID
Upgrade-Insecure-Requests
X-NWS-LOG-UUID
X-Ruxit-Js-Agent
X-Type
X-IPLB-Instance
X-Varnish-Backend
FilterID
Retry-After
X-Cache-2
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-App-Environment
X-Jobs
X-Srv
Host
X-FB-Debug
Accept-Charset
Actual-Object-TTL
DC
Paypal-Debug-Id
X-B
X-AOL-HN
X-Request-Guid
X-Framework
X-Instance
X-Page-Id
X-PHP-Backend
X-Debug-Info
X-Cluster
Accept-CH-Lifetime
Source
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
Accept-CH
X-TT
Cache
X-ATG-Version
AR-ATIME
AR-PoweredBy
AR-CACHE
Fastcgi-Useragent
X-Cache-Age
X-Seen-By
X-FastCGI-Cache
X-Git-Hash
MS-CV
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Content-Powered-By
X-Signature
X-B-Cache
X-PressLabs-Stats
Host-Header
VIX-Pulpo-Upstream-Status
X-Amz-Replication-Status
VIX-Pulpo-Node
X-Via-JSL
Ar-Sid
X-TA-CDN-Provider
X-Cache-Key
Xserver
X-Cache-TTL
X-Origin-Server
X-ATS-Timestamp
X-Cache-Enabled
X-Cache-Control
X-Whom
X-Mobile
NGB
X-Wix-Request-Id
X-Response-Served-From
X-Daa-Tunnel
X-UA
Surrogate-Key
X-RequestSource
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Cache-Tv-Group
X-GeoIP
X-Cacheable-TTL
X-FW-Serve
X-FW-Hash
WPE-Backend
Eomportal-Instance
Filters
Datacenter
Cleartype
Payment
Frame-Options
X-FW-Server
X-Cache-NE
X-FW-Static
X-Hyper-Cache
X-FW-Type
X-Adobe-Loc
X-Adobe-Content
X-Host-Name
X-Litespeed-Cache
X-Handled-By
X-Region
X-TX-ID
X-SERVER
X-Drupal-Cache-Tags
Webserver
X-Cache-Action
X-Esi
X-Load-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-XRDS-LOCATION
X-EdgeConnect-Cache-Status
X-Hostname
X-Akamai-Transformed
X-Cache-Operation
X-Cache-Rule
From-Origin
X-Edge-Location
AR-Request-ID
X-NewRelic-App-Data
X-Cache-TTL-Remaining
X-ProcessESI
X-RemovedCookies
Liferay-Portal
X-UA-Device-Type
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Ms-Operation-Id
X-Varnish-Hostname
X-RTag
X-Cache-Server
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Varnish-Server
X-Forwarded-Host
X-Rule
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Status
Country
X-Upgrade-Enabled
X-Contextid
Odigeo-Trace-Id
X-UUID
X-App-Server
X-Path-Route
X-RN-RSRV
Load-Balancing
X-Cache-Var-Map
Meta-Geo
X-ES-SERVER
X-Cache-Var
X-From
DSUID
X-BCube-Filmed-By
X-R9-Blue-Green-Version
TWC-Device-Class
TWC-Connection-Speed
Release
X-Origin-Hint
TWC-GeoIP-Country
X-EIG-Tracking-Id
Webcakes-App-Version
X-Debug-Cache
X-CCM
TWC-Privacy
DB-Nickname
Webcakes-Region
Mn-Server-Ip
Webcakes-App-Name
TWC-GeoIP-LatLong
X-TT-TIMESTAMP
X-VCT
TWC-Locale-Group
X-Rocket-Nginx-Bypass
Property-Id
X-Cache-Time
X-Cache-Host
X-Cache-Config
X-BYPASS-REASON
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-Hosted-By
X-FW-Dynamic
X-FireWall-Port
X-Akamai-Request-ID
Uber-Trace-Id
Fastly-SSL
Cache-Tags
Cache-Name
L5d-Success-Class
Origin-Cache-Control
Selected-Fe
S-Rt
Origin-Edge-Control
X-Human
X-IP
X-Soup
X-ServerID
X-Real-IP
X-Timing-Wait
X-TNCMS
X-Viewer-Country
X-Via-Fastly
X-Vgn-Hpd-Reason
X-Pubstack
X-ProxyCache-Status
X-Origin
X-OCL
X-Loop
X-Origin-Response-Time
X-PCL
X-Proxy-Build
X-Proxy
X-Proto
Azure-Version
X-ProxyCache-Key
X-Redis-Cache
Azure-RegionName
Azure-InstanceId
X-Accel-Buffering
Azure-SlotName
Azure-SiteName
X-Varnish-Hits
X-Content-Age
X-Www-Served-By
X-Akamai-Request-ID2
X-Access
X-Backend-Name
X-Format
X-Cluster-Name
X-Is-Bot
X-Site-Version
X-Section
X-Rendered-As
X-Locale
X-Labrador-Cache-Channel
Viewport
X-JoinUs
X-Generated
X-Xfnlog-Site
Version
Ec-Rule-Version
NGX
X-Generated-By
X-Web-Node
X-Goog-Meta-Goog-Reserved-File-Mtime
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-PHP-Host
Server-Info
S-Cnection
X-Varnish-Cache-Hits
X-Cache-Backend
X-Time-Microsecs
X-NWS-UUID-VERIFY
X-SaId
X-Amzn-Remapped-Content-Length
X-PERF
X-ApacheServer
X-Storage
Akamai-GRN
X-Info
Tracecode
X-Origin-CC
X-Origin-TTL
X-Geo
X-URL
X-Nginx-Cache-Key
X-WA-Info
X-Time
X-Presslabs-Stats
X-CACHE-KEY
Rt-Fastcgi-Cache
X-CF-Powered-By
GEO-INFO
X-No-Session
X-MServer
X-App-Version
Cteonnt-Length
X-L-Path
Time
X-Environment-Context
X-Guploader-Uploadid
Origin
X-Unique-Id
X-Cache-Remote
X-TIME
X-Tb
Access-Control-Request-Headers
X-FB-TRIP-ID
X-Backend-TTL
Accept-Language
Cache-Key
X-APP-VERSION
X-EC-Lua
X-Say-Cacheable
X-CLOUD-TRACE-CONTEXT
X-Say-TTL
X-SayCDN-TTL
X-RCS-CacheZone
X-GoCache-CacheStatus
X-RateLimit-Limit
X-NCache
X-CDN-Forward
Cache-Hits
X-Hit
X-Shopify-Generated-Cart-Token
X-ShopId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
Vix-Hermes-Req-Id
Mime-Version
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Source
X-Trace-Id
X-Dc
OT-Force-Account-Verify
X-B3-SpanId
X-VCache
X-Device-Type
X-CS
X-Upstream-Ct
X-Upstream-Ht
X-Tumblr-Pixel-3
X-S
X-Endurance-Cache-Level
X-Accel-Expires-Debug
Apple-News-Services-Handled
Cross-Origin-Window-Policy
BehaviorPad-Version
Fastcgi-X-Cache-Version
X-Aed
X-A-Wwc
Apple-News-Services-Request-Url
X-AIR-PT
AsisCache
X-B-Cookie
X-ARC
X-A-Dgt
Arc-Country
Apple-News-Services-Parsed-Url
X-Application
Content-Style-Type
Apple-News-Services-Host
X-A-Dcw
Rt-Proxy-Cache
X-A-Ccd
Request-EU
Server-Host
User-Cache-Control
T-Server
VivaBuild
X-A
Request-Country
X-Magnolia-Registration
Meta-Geo-Continent
MD5-Digest
Machine
Mobile-Detection-Method
Viewtype
Rendered-Blocks
Node
X-A-Dam
IsBot
X-DPWN-IS-SECURE
X-Trv-Group
X-Twitter-Response-Tags
X-Transaction
X-ND-Cache
X-PAYTM-SRV-ID
X-OVcl
X-OVcl-Cache
Content-Script-Type
X-VG-WebServer
X-VG-WebCache
X-CF-Lambda-Fn
X-Processor
X-Svr
X-ScT
X-SIPLIST1
X-Server-Time
X-Service
X-Session-Fingerprint
X-S-Cookie
X-Rojux
X-Region-Sid
X-Request-UUID
X-SRCache-Key
X-Rewrite-Enabled
X-Vtex-Processado-Em
X-Vdms-Version
X-Ah-Environment
X-Detected-As
X-Vtex-Remote-Cache
X-Destination
X-D
X-Hl-Ver
X-G
Xc-Version
X-CF-Lambda-Version
X-Connection-Hash
X-Date
X-External-Request-Id
X-Cluster-Node
ServedBy
Now
X-SS-Set-Cookie
ServerName
X-Parent-Response-Time
X-Cache-Bucket
X-Thinkindot-L3
X-Dispatch
X-CUA
X-Core-Value
X-Reboot
X-Matched-Rule
Thinkindot-Control
Thinkindot-CacheControl-Type
Served-By
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Via-NSCOPI
X-Hash
X-Generated-On
X-Location
X-IN-APIGATEWAY
X-Level-Front-Cache
X-Webstats-RespID
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Dispatcher-Server
Thinkindot-CacheControl
Srv
We-Hiring
Mail-Subject
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
Proxy-Connection
X-CSRF-TOKEN
X-SRV
NtCoent-Length
X-Fastly-Cache
X-VG-TLSProxy
X-SVT-ORM-RULES
X-Amz-Meta-Cache-Control
X-Eu-Site
X-Epic-Correlation-Id
X-B3-Parentspanid
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Auto-Login
X-App-Name
X-Agile-Age
X-WebServer
X-We-Are-Hiring
X-Skip-Cache
X-Generation-Time
X-GeoIP-City
X-Geo-Header
X-Gen-Mode
X-WADP-Cache
X-Agile
X-VC-Cache
X-Sucuri-Cache
X-VServer
X-FW-Version
X-Agile-Id
X-BBXSRF
X-Compress-Hint
Powered-By-ChinaCache
X-Core-Mission
X-Cms-Context
X-Clientip
X-Up
X-Clara-WADP
X-Thanos
X-TrackingId
X-Debug-Cookies
X-Debug-Log
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Developers
X-Debug-Cache-Expiry
X-CGP
X-Uri
X-Block-Status
X-C
X-Rocket-Build-Number
X-Bip
X-SVT-ORM-VERSION
X-Variation
X-Has-Esi
X-Cache-Debug
X-Cache-FS-Status
X-Distil-CS
X-Cdn-Srv
X-Cache-URL
X-User
X-Distributor
X-Cache-Info
X-Backend-State
X-Sigma-Backend
Heartbleed
IBM-Web2-Location
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
X-Proxy-Cache-Status
X-Platform-Server
X-Planisys-CDN-TTL
X-SD-PageType
Memcached
Magicmarker
X-Planisys-CDN-Cache
L
X-Planisys-CDN-Rules
X-Proxy-Upstream
X-Qloud-Router
AKAMAI
Esi-Enabled
Countrycode
Cache-Host
CDCHOST
Content-Disposition
Adler-Geo
X-Request-URI
X-S-Maxage
X-Scheme
X-Release
X-Reqid
Fastly-Soc-X-Request-Id
X-Request-Start
X-Owner
X-Origin-Expires
X-Key
X-JWT-State
Server-ID
Section-Io-Cache
SD-X-WS
RNT-Machine
RNT-Time
Server-Int
X-Wikidot-Static-Cache
W
Web-Mar-Node
X-Sigma
X-Irp-Debug
X-Is-Gdpr
X-Wikidot-Backend
X-Li-Fabric
X-Li-Pop
X-Ms-Version
X-Ms-Request-Id
X-Server-IP
X-NX-Host
X-Origin-Date
X-Old-Content-Length
PFcat
X-Method
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-LI-UUID
Pramga
Platform
X-Logging-Id
X-Hnp-Log
X-Varnish-Beresp-Grace
X-Nc
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Kp-EeAlive
X-Trafficlayer-App-Version
X-Swa-Ws
X-Cache-Id
X-Generated-In
X-LI-Proto
X-Policy
X-Internal-Host
Cache-Provider
X-Cache-Grace
Environment
V-Age
True-Client-Country-4JS
Locale
Cdncip
Cdnsip
X-HTML-Minification-Powered-By
Locid
X-NodeID
X-ServiceProvider
X-Urbn-Context-Path
X-AK-Request-ID
X-Urbn-Site-Id
X-Served-From
X-Req
X-B3-Spanid
X-NC
X-Via-CDN
X-Gamma-Serve
X-B3-Traceid
X-Servername
X-MSEdge-Flight
X-MSEdge-Features
FNAC-ModuleRouting
X-GRACE
X-IPS-LoggedIn
X-Cdn-Forward
CF-IPCountry
GEO-REGION-INFO
X-Lb-Id
X-Newrelic-Synthetics
X-Be
X-Zone
X-FPC
X-Sucuri-Id
X-Refresh
X-Render-Time
X-Edge-O15-RID
ProcessTime
X-Tb-Optimization-Total-Bytes-Saved
X-NU-AKA-ACS-Version
X-UnsetCookies
Hostname
X-Mode
X-VHOST
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Nginx-Cache
X-MP-GENERATED-AT
X-GeoIP-Country-Code
Geo-Info
Tcn
X-Sucuri-ID
X-Pjax-Url
X-Developer
X-Microcachable
A
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-Zipkin-Id
X-Sn-Servicetimems
X-Servedbyhost
X-Routing-Service
X-Cdn-Origin
X-Proxied
X-Device-Os
X-FORWARDED-FOR
X-Node-Id
X-Pf-Uncompressing
X-Bc
X-CSRF-Token
X-COUNTRY
Gannett-Cam-Experience-Id
Memory
TTL
X-Correlation-ID
X-DC
GeoIp-Country-Code
Amp-Access-Control-Allow-Source-Origin
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Geoip-Latitude
Request-Time
Cache-Cookie-Set-Idcheck
Resin-Trace
CF-Cached-On
X-Ratelimit-Limit
HostName
X-Request-Time
Cf-Ipcountry
X-Ratelimit-Remaining
X-Pod
PICS-Label
Pics-Label
X-Vcl-Version
X-VCL-Version
X-Cdn-Request-ID
Cdn
X-Via-SSL
GeoIP-City
GeoIP-Country-Code
M-TraceId
GeoIP-Latitude
X-Via-Edge
X-Unique-ID
Group
X-NODE
X-TH-Server
Host-ID
X-ZONE
X-NGINX-Cache
X-Instart-Info
Ttl
Geoip-City
X-ECACHE
X-ElasticPress-Search
X-Swift-Error
X-Backend-Url
HitType
X-Var-Ttl
Ohc-Cache-HIT
Powered-By
X-PF-Uncompressing
X-Backend-Host
X-APP
Ohc-File-Size
MIME-Version
XServer
X-UPSTREAM-Address
X-ServedByHost
Backend-Name
URI
SRV
X-BC
X-Fastly-Country-Code
X-Check-Cacheable
Media-Length
X-HS-Status
N-Cache
Pagetype
Lfy
User-Agent
REQUESTUUID
On-Server
X-HostName
X-NGENIX-Cache
X-Hp-Ccpa-Warning
X-Tt-Trace-Host
Fly-Request-Id
X-WR-MODIFICATION
FSS-Proxy
Fly-Cache
X-PJAX-URL
FSS-Cache
X-Cache-Tag
X-Fstrz
X-Tt-Trace-Tag
X-Aicache-OS
Cache-Prefix
X-LiteSpeed-Cache-Control
X-NYM-Debug-Backend
Who
X-WA
X-Via-Ucdn
UCS
X-Worker
AR-SID
X-Sedo-Request-Id
X-BE
CDN
X-Fetched-On
Pragrma
X-Cache-Miss-From
X-Cache-Tags
Server-Cache-Control
X-LB-ID
X-Varnish-URL
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Varnish-Cacheable
X-LAGOON
X-GEO
X-Fpc
Server-Surrogate-Control
X-Cache-ASPX
Processtime
X-Server-W
X-Cf-Powered-By
Country-Code
Fastly-Backend-Name
X-Rebelmouse-Cache-Control
X-Store
Location
X-Rebelmouse-Surrogate-Control
Fastly-SWR
X-ServerName
X-Wa
Debug
Fastly-SIE
X-Fastly-Backend-Reqs
X-Ua
X-Ftr-Cache-Host
X-Akamai-ERRuleID
X-Varnish-Beresp-TTL
X-Akamai-ERPolicy
X-Protected-By
X-Upstream-HT
X-Upstream-CT
X-Amzn-Remapped-Connection
X-TT-LOGID
X-Apw-Access-Object
LB
Ohc-Response-Time
RequestId
X-Response-By
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Token
X-Amzn-Remapped-Date
X-VC
Application
XxX-Cache-Status
X-Fastly-Cache-Hits
Product
X-Nananana
NnCoection
X-Request-Url
X-Gen-Id
Cneonction
Xet-Cookie
WP-Super-Cache
X-SB
Thinkindot-Cache-Type
SID
X-Li-Proto
X-Dw-Trace-Id