Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
CF-Ray
X-Turbo-Charged-By
X-AH-Environment
X-Ua-Compatible
X-Age
X-Cache-Group
X-Via
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Pingback
X-Page-Speed
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
X-Nginx-Cache-Status
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Server-Id
X-Rq
X-WebKit-CSP
Report-To
EagleEye-TraceId
X-Ws-Request-Id
X-Response-Time
X-Host
X-Ac
X-OneAgent-JS-Injection
X-Backend-Server
Request-Id
X-Cnection
Content-Location
X-DataDome
X-Origin-Cache
X-Node
X-Cache-Lookup
X-Dns-Prefetch-Control
NEL
X-Readtime
X-Cloud-Trace-Context
X-Vhost
P3p
X-HW
X-Dispatcher
X-ORACLE-DMS-ECID
X-Application-Context
X-ORACLE-DMS-RID
X-Cdn
Allow
X-Clacks-Overhead
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Rack-Cache
X-Origin-Upstream-Status
X-DynaTrace
X-Country
Rating
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-FTR-Request-ID
X-Akam-SW-Version
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
Pinterest-Generated-By
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-PC
X-TtlSet
X-Vname
Edge-Control
X-B3-TraceId
X-Mod-Pagespeed
X-Url
Accept-Ch
X-MS-InvokeApp
Verso
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-TTL
X-Trace
X-ESI
X-VARITI-CCR
X-GitHub-Request-Id
X-Server-Name
Service-Worker-Allowed
Content-MD5
Response
X-SharePointHealthScore
X-Sol
Pagespeed
X-Middleton-Response
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Cdn-Fetch
X-Middleton-Display
Display
X-Use-Magma
X-Kinja
RTSS
X-Navigation-Version
Accept-Ch-Lifetime
X-Vcache
SPIisLatency
X-Abt-Application-Version
SPRequestDuration
X-Powered-CMS
X-Debug
X-Forwarded-Proto
X-Upstream
X-Cached
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
Public-Key-Pins
Charset
X-CST
X-Version
DynaTrace
MS-Author-Via
X-NF-Request-ID
X-Amz-Rid
Realpath
Edge-Cache-Tag
X-Px
X-DynaTrace-JS-Agent
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Shard
TCN
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Ezoic-Cdn
X-Shield-Request-Id
X-MSEdge-Ref
X-Fastly-Request-ID
X-Pinterest-Rid
Access-Control-Request-Method
Pinterest-Version
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
X-Accel-Expires
X-TEC-API-ROOT
Fastly-Restarts
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-DIS-Request-ID
X-Client-IP
X-Goog-Generation
X-Goog-Metageneration
Front-End-Https
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-XRDS-Location
X-Webapp-Samesite-None-Activated-N
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Element-Page-Cache
X-Varnish-Age
X-T
X-Id
X-Goog-Storage-Class
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend
X-Amzn-Trace-Id
Cache-Tag
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Nginx-Cache
X-Server-ID
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Dw-Request-Base-Id
X-FTR-Expires
X-Fastcgi-Cache
Fastcgi-Cache
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
X-HS-Cache-Config
NR-ENABLED
Powered
X-Hits
X-Correlation-Id
X-Hp-Webp
Alternate-Protocol
X-Kinsta-Cache
X-FTR-Cache-Host
X-Aspnetmvc-Version
X-Webkit-Csp
X-Content-Type
X-Ttl
X-Request-Received
X-Request-Processing-Time
ServerID
X-Microsite
X-RateLimit-Remaining
X-Request-Handler-Origin-Region
X-HS-Combine-CSS
Server-Name
X-N
TP-L2-Cache
X-Cache-Hit
PB-RID
TP-Cache
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Rid
X-Grace
Healthy
X-User-Agent
X-Akamai-Edgescape
X-Analytics
X-Node-Name
Backend-Timing
X-Revision
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Pad
X-Zen-Fury
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-Mobile-URL
X-Amzn-RequestId
X-Amz-Apigw-Id
X-LB-Cache
Server-Node
X-Varnish-Grace
X-Oneagent-Js-Injection
X-AppVersion
X-Activity-Id
X-Az
X-Cached-By
Cache-Status
X-B3-Sampled
X-GUploader-UploadID
X-NWS-LOG-UUID
X-Content-Options
X-F-Cache
Refresh
X-Geo-Country
X-Ruxit-Js-Agent
X-IPLB-Instance
X-Type
Retry-After
Upgrade-Insecure-Requests
X-Varnish-Backend
FilterID
X-Tumblr-User
X-Tumblr-Pixel-0
X-FastCGI-Cache
X-Tumblr-Pixel
X-App-Environment
Paypal-Debug-Id
X-Cache-2
Host
X-Srv
X-FB-Debug
Accept-Charset
X-Jobs
X-PHP-Backend
X-Framework
X-Cluster
X-Page-Id
X-Instance
X-B
DC
X-Request-Guid
Actual-Object-TTL
Accept-CH-Lifetime
X-Debug-Info
Source
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
Accept-CH
X-AOL-HN
X-ATG-Version
AR-CACHE
Cache
AR-PoweredBy
AR-ATIME
X-TT
Fastcgi-Useragent
X-Cache-Age
X-Seen-By
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Git-Hash
MS-CV
X-Cache-Key
X-Content-Powered-By
X-Via-JSL
Ar-Sid
X-PressLabs-Stats
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Signature
X-Amz-Replication-Status
X-Cache-TTL
Host-Header
X-B-Cache
X-TA-CDN-Provider
X-Whom
X-Cache-Control
X-Cache-Enabled
X-Wix-Request-Id
NGB
X-Response-Served-From
X-Daa-Tunnel
X-Origin-Server
X-Mobile
X-UA
Xserver
X-RequestSource
X-ATS-Timestamp
Surrogate-Key
X-Tumblr-Pixel-2
X-GeoIP
X-Host-Name
X-Tumblr-Pixel-1
Cache-Tv-Group
X-FW-Serve
X-FW-Static
X-FW-Hash
X-Cacheable-TTL
Filters
Cleartype
X-Cache-NE
WPE-Backend
X-FW-Server
X-FW-Type
Payment
Frame-Options
Eomportal-Instance
Datacenter
X-Litespeed-Cache
X-Region
X-Hyper-Cache
X-Handled-By
X-TX-ID
X-SERVER
X-Drupal-Cache-Tags
X-Cache-Action
X-EdgeConnect-Cache-Status
Webserver
X-Load-Cache
X-Esi
X-XRDS-LOCATION
X-Adobe-Loc
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Adobe-Content
X-Hostname
AR-Request-ID
X-Cache-Rule
X-Cache-Operation
X-Akamai-Transformed
From-Origin
X-Edge-Location
X-NewRelic-App-Data
X-RemovedCookies
X-ProcessESI
X-Cache-TTL-Remaining
X-UA-Device-Type
X-RTag
Ms-Operation-Id
Liferay-Portal
X-Cache-Server
X-Forwarded-Host
X-Varnish-Hostname
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Varnish-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Rule
X-Status
Country
X-App-Server
X-Contextid
X-Upgrade-Enabled
Odigeo-Trace-Id
X-UUID
X-BCube-Filmed-By
X-RN-RSRV
Meta-Geo
X-Cache-Var-Map
X-Path-Route
X-Cache-Var
Load-Balancing
X-ES-SERVER
DSUID
TWC-Connection-Speed
X-Rocket-Nginx-Bypass
TWC-GeoIP-Country
X-TT-TIMESTAMP
DB-Nickname
X-VCT
Mn-Server-Ip
Webcakes-Region
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
Property-Id
Webcakes-App-Version
Release
TWC-Device-Class
TWC-GeoIP-LatLong
X-From
X-Debug-Cache
X-CCM
X-Origin-Hint
X-Timing-Wait
X-Viewer-Country
X-Proxy-Build
X-Drupal-Cache-Contexts
X-Soup
X-TNCMS
Origin-Edge-Control
X-Proxy
X-Via-Fastly
X-PCL
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-InstanceId
Origin-Cache-Control
X-EIG-Tracking-Id
L5d-Success-Class
Fastly-SSL
S-Rt
X-Real-IP
X-Origin
Cache-Tags
X-OCL
X-Vgn-Hpd-Reason
X-Cache-Config
X-FW-Dynamic
X-Cache-Time
X-IP
X-Cache-Host
X-ServerID
X-Redis-Cache
Selected-Fe
X-FC-Vary-Parameters
X-R9-Blue-Green-Version
X-Pubstack
X-Hosted-By
X-FireWall-Port
X-Loop
X-Human
X-Generated
X-Is-Bot
X-Access
X-Format
Viewport
X-Labrador-Cache-Channel
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cluster-Name
X-Akamai-Request-ID2
X-Backend-Name
X-JoinUs
X-Akamai-Request-ID
X-Locale
X-BYPASS-REASON
X-Web-Node
X-NWS-UUID-VERIFY
X-Site-Version
X-Section
X-Www-Served-By
X-Xfnlog-Site
X-ProxyCache-Status
X-ProxyCache-Key
Uber-Trace-Id
X-Rendered-As
X-Varnish-Hits
Cache-Name
X-Proto
X-Origin-Response-Time
Version
Decoy-Debug-Key
Ec-Rule-Version
NGX
Decoy-Debug-Status
X-Varnish-Cache-Hits
Decoy-Debug-TTL
X-Content-Age
X-Accel-Buffering
X-Generated-By
S-Cnection
X-Time-Microsecs
X-PHP-Host
X-Cache-Backend
Tracecode
X-Time
Server-Info
X-PERF
X-ApacheServer
X-Amzn-Remapped-Content-Length
X-Origin-TTL
X-SaId
X-Origin-CC
X-Storage
X-URL
X-Info
X-VCache
Akamai-GRN
X-Geo
X-Presslabs-Stats
X-Nginx-Cache-Key
Rt-Fastcgi-Cache
Cteonnt-Length
X-App-Version
Time
X-CF-Powered-By
X-WA-Info
X-No-Session
X-MServer
Cache-Key
X-Guploader-Uploadid
GEO-INFO
X-Environment-Context
X-L-Path
Origin
X-Unique-Id
X-Tec-Api-Version
Access-Control-Request-Headers
X-APP-VERSION
X-Tec-Api-Root
X-Cache-Remote
X-FB-TRIP-ID
X-Tec-Api-Origin
Accept-Language
X-Backend-TTL
X-Tb
X-Say-Cacheable
X-Say-TTL
X-RateLimit-Limit
X-SayCDN-TTL
X-NCache
X-CACHE-KEY
X-GoCache-CacheStatus
X-EC-Lua
Cache-Hits
X-Hit
Vix-Hermes-Req-Id
X-TIME
X-CDN-Forward
X-RCS-CacheZone
X-Trace-Id
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-ShardId
X-B3-SpanId
X-Alternate-Cache-Key
X-Shopify-Generated-Cart-Token
X-Device-Type
OT-Force-Account-Verify
X-Source
Mime-Version
X-Tumblr-Pixel-3
X-S
X-Dc
X-SS-Set-Cookie
X-OVcl-Cache
X-OVcl
X-CS
Srv
X-A-Dam
X-A
X-Ah-Environment
X-A-Dcw
X-A-Ccd
X-Aed
BehaviorPad-Version
X-ARC
X-B-Cookie
Content-Style-Type
Cross-Origin-Window-Policy
X-Application
X-A-Wwc
X-Accel-Expires-Debug
AsisCache
X-AIR-PT
X-A-Dgt
VivaBuild
X-Endurance-Cache-Level
MD5-Digest
Machine
Fastcgi-X-Cache-Version
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
Request-Country
Node
Request-EU
Rt-Proxy-Cache
Viewtype
Apple-News-Services-Request-Url
User-Cache-Control
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Server-Host
Apple-News-Services-Handled
T-Server
Arc-Country
X-Upstream-Ht
X-Svr
X-PAYTM-SRV-ID
X-Processor
X-Transaction
X-Trv-Group
X-VG-WebServer
X-Vdms-Version
X-Twitter-Response-Tags
X-SRCache-Key
X-Region-Sid
X-Server-Time
X-Service
X-Session-Fingerprint
X-ScT
X-S-Cookie
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-Hl-Ver
X-VG-WebCache
Content-Script-Type
X-Upstream-Ct
X-Destination
X-Detected-As
X-Date
X-D
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
Xc-Version
X-Cluster-Node
X-G
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-External-Request-Id
X-DPWN-IS-SECURE
ServerName
X-Magnolia-Registration
ServedBy
X-Via-NSCOPI
X-ND-Cache
X-SIPLIST1
X-Webstats-RespID
IsBot
X-Thinkindot-L3
Server-Int
X-Generated-On
X-Hash
X-IN-APIGATEWAY
Wxu-Next-Hostname
Wxu-Next-Region
X-Cache-Bucket
X-Dispatch
X-Dispatcher-Server
X-IN-APIGATEWAYSSL
Thinkindot-Control
X-Location
X-Matched-Rule
Served-By
X-Level-Front-Cache
X-Instart-Isnd
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Reboot
Wxu-Next-Commit
Mail-Subject
We-Hiring
Now
X-Parent-Response-Time
Proxy-Connection
X-Uri
X-SRV
X-CSRF-TOKEN
NtCoent-Length
X-Debug-Log
X-Developers
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Distil-CS
X-Debug-Cookies
CDCHOST
X-Generation-Time
X-Geo-Header
X-GeoIP-City
X-Gen-Mode
X-FW-Version
X-Epic-Correlation-Id
X-CUA
X-Eu-Site
X-Has-Esi
X-Cms-Context
X-BBXSRF
X-Bip
X-Block-Status
X-C
X-Backend-State
X-Auto-Login
X-Agile-Id
X-Amz-Meta-Cache-Control
X-App-Name
X-Cache-Debug
X-Cache-FS-Status
X-Clientip
X-Hnp-Log
X-Core-Mission
X-Clara-WADP
X-CGP
X-Cache-Info
X-Cache-URL
X-Cdn-Srv
X-Core-Value
X-Irp-Debug
X-Request-Start
X-Request-URI
X-Rocket-Build-Number
X-S-Maxage
X-Reqid
X-RateLimit-Remaining-Second
X-Proxy-Upstream
X-Qloud-Router
X-RateLimit-Limit-Second
X-Scheme
X-SD-PageType
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Thanos
X-TrackingId
X-Sucuri-Cache
X-Skip-Cache
X-Server-IP
X-Sigma
X-Sigma-Backend
X-Proxy-Cache-Status
X-Platform-Server
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Varnish-Beresp-Ttl
X-Key
X-JWT-State
X-User
X-Agile-Age
X-Is-Gdpr
X-Varnish-Beresp-Status
X-Ms-Request-Id
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Varnish-Beresp-Grace
X-Owner
X-Ms-Version
X-NX-Host
X-Old-Content-Length
X-Variation
X-Compress-Hint
X-Wikidot-Static-Cache
Pramga
Platform
X-Agile
X-Cache-Grace
X-Wikidot-Backend
X-WebServer
X-WADP-Cache
SD-X-WS
RNT-Time
RNT-Machine
X-We-Are-Hiring
Memcached
L
AKAMAI
Fastly-Soc-X-Request-Id
Countrycode
Cache-Host
Content-Disposition
Gh-Request-Id
Ha-Gx-Prefs
Adler-Geo
Is-Eu
Heartbleed
HA-Ipaddr
Web-Mar-Node
PFcat
X-VServer
Cache-Provider
X-Nc
X-VG-TLSProxy
Magicmarker
X-Cache-Id
X-Distributor
X-Up
Section-Io-Cache
X-Origin-Date
X-Method
X-Fastly-Cache
X-Internal-Host
X-Generated-In
Esi-Enabled
X-VC-Cache
Server-ID
Kp-EeAlive
X-LI-Proto
X-Logging-Id
X-Origin-Expires
X-Trafficlayer-App-Version
X-Swa-Ws
X-Policy
X-Azure-Ref
Powered-By-ChinaCache
W
X-Release
IBM-Web2-Location
X-Azure-Ref-OriginShield
X-B3-Parentspanid
X-Via-CDN
V-Age
X-MSEdge-Features
X-ServiceProvider
X-Urbn-Site-Id
X-NC
Cdnsip
X-Urbn-Context-Path
Locale
X-AK-Request-ID
X-NodeID
Cdncip
True-Client-Country-4JS
X-MSEdge-Flight
Locid
X-Req
X-B3-Spanid
X-B3-Traceid
X-Served-From
X-Servername
X-Newrelic-Synthetics
X-Cdn-Forward
X-GRACE
Environment
X-HTML-Minification-Powered-By
CF-IPCountry
X-Lb-Id
X-Gamma-Serve
FNAC-ModuleRouting
X-Be
GEO-REGION-INFO
X-CLOUD-TRACE-CONTEXT
Hostname
X-UnsetCookies
X-FPC
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
X-Refresh
X-Sucuri-Id
X-IPS-LoggedIn
X-Nginx-Cache
X-VHOST
X-Render-Time
X-Zone
Geo-Info
X-Developer
X-Sucuri-ID
Tcn
ProcessTime
X-NU-AKA-ACS-Version
A
X-Webkit-CSP
X-Mode
X-MP-GENERATED-AT
X-Edge-O15-RID
X-GeoIP-Country-Code
X-Cdn-Origin
X-Tb-Optimization-Total-Bytes-Saved
X-Sn-Servicetimems
X-Servedbyhost
X-Device-Os
X-Microcachable
X-Node-Id
X-Pjax-Url
X-Ratelimit-Remaining
X-Pf-Uncompressing
X-FORWARDED-FOR
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
Memory
X-Zipkin-Id
X-Routing-Service
X-Proxied
Request-Time
TTL
Gannett-Cam-Experience-Id
X-CSRF-Token
X-COUNTRY
X-Correlation-ID
X-DC
GeoIp-Country-Code
Geoip-Latitude
Amp-Access-Control-Allow-Source-Origin
CF-Cached-On
X-Bc
Pics-Label
PICS-Label
Resin-Trace
X-VCL-Version
Cf-Ipcountry
X-Pod
X-Ratelimit-Limit
GeoIP-Country-Code
GeoIP-Latitude
Cache-Cookie-Set-From
GeoIP-City
Cache-Cookie-Set-Idcheck
X-Via-SSL
X-Via-Edge
M-TraceId
Group
HostName
Cdn
X-Vcl-Version
Cache-Cookie-Set-Lfrom
X-ZONE
X-Unique-ID
X-Request-Time
X-ElasticPress-Search
XServer
X-NODE
Host-ID
X-ECACHE
X-Cdn-Request-ID
X-Instart-Info
X-Swift-Error
Geoip-City
MIME-Version
X-Backend-Host
Ttl
X-TH-Server
X-Backend-Url
X-NGINX-Cache
X-Var-Ttl
Ohc-Cache-HIT
X-APP
X-PF-Uncompressing
Backend-Name
X-BC
HitType
Ohc-File-Size
X-Check-Cacheable
N-Cache
URI
Lfy
Pagetype
X-NGENIX-Cache
REQUESTUUID
Powered-By
X-UPSTREAM-Address
X-ServedByHost
Fly-Request-Id
Fly-Cache
X-Fastly-Country-Code
Cache-Prefix
X-Fstrz
SRV
On-Server
X-PJAX-URL
Media-Length
User-Agent
X-HostName
X-HS-Status
X-Cache-Tag
X-Worker
X-WR-MODIFICATION
X-Via-Ucdn
X-Aicache-OS
X-LiteSpeed-Cache-Control
X-Fetched-On
X-Cache-Miss-From
Pragrma
Who
CDN
X-Sedo-Request-Id
X-Hp-Ccpa-Warning
X-Tt-Trace-Tag
X-WA
FSS-Proxy
FSS-Cache
AR-SID
X-Tt-Trace-Host
UCS
X-BE
X-Server-W
X-NYM-Debug-Backend
Fastly-SWR
X-Cache-Tags
Fastly-SIE
X-LAGOON
Processtime
X-LB-ID
X-Varnish-URL
X-GEO
X-Varnish-Cacheable
X-Rebelmouse-Surrogate-Control
X-Fpc
X-Wa
X-Rebelmouse-Cache-Control
X-Cf-Powered-By
X-ServerName
X-Store
X-Upstream-CT
Debug
X-Upstream-HT
X-Fastly-Backend-Reqs
X-Ua
X-Ftr-Cache-Host
X-Akamai-ERRuleID
X-Varnish-Beresp-TTL
Server-Cache-Control
Fastly-Backend-Name
Location
X-Varnish-Authentication
X-Contensis-Viewer-Groups
Server-Surrogate-Control
X-Cache-ASPX
Country-Code
X-Akamai-ERPolicy
X-Protected-By
X-TT-LOGID
X-GDPR
X-Fastly-Cache-Hits
X-Gen-Id
SID
X-Request-Url
Application
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
Server-Id
X-Li-Proto
NnCoection
Cneonction
X-Amzn-Remapped-Connection
X-Nananana
XxX-Cache-Status
Product
X-Amzn-Remapped-Date
X-Dw-Trace-Id
WP-Super-Cache
Xet-Cookie
X-VC
X-SB
Thinkindot-Cache-Type