Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Iinfo
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-AH-Environment
X-Cache-Group
X-Age
X-Ua-Compatible
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Proxy-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-WebKit-CSP
Report-To
EagleEye-TraceId
X-Ac
X-Server-Id
X-Response-Time
X-OneAgent-JS-Injection
Request-Id
X-Cnection
X-Host
X-Backend-Server
X-DataDome
X-Node
Content-Location
X-Origin-Cache
X-Cloud-Trace-Context
X-Readtime
X-Cache-Lookup
X-Cdn
NEL
X-Vhost
X-Ws-Request-Id
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-HW
Allow
X-Dns-Prefetch-Control
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
X-DynaTrace
Surrogate-Control
Rating
X-Country
X-FTR-Request-ID
X-Country-Code
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-Akam-SW-Version
X-Goog-Hash
Pinterest-Generated-By
X-Instart-Request-ID
X-PC
X-Vname
X-TtlSet
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Varnish-TTL
Edge-Control
X-Url
X-Mod-Pagespeed
X-B3-TraceId
Verso
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-Trace
X-Middleton-Response
X-SharePointHealthScore
X-Sol
Response
Pagespeed
Display
X-Middleton-Display
X-VARITI-CCR
RTSS
X-Server-Name
X-Cdn-Fetch
Service-Worker-Allowed
X-Kinja-Server
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-GitHub-Request-Id
X-Server-ID
X-ESI
SPRequestDuration
X-TTL
SPIisLatency
Accept-Ch
Content-MD5
X-Navigation-Version
X-Vcache
X-Powered-CMS
X-Debug
X-Abt-Application-Version
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
Public-Key-Pins
X-CST
Charset
MS-Author-Via
X-Upstream
X-Forwarded-Proto
X-Cached
X-NF-Request-ID
X-Amz-Rid
X-Px
Realpath
X-Version
DynaTrace
Edge-Cache-Tag
MicrosoftSharePointTeamServices
X-Shard
Accept-Ch-Lifetime
TCN
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Fastly-Restarts
X-Pinterest-Rid
X-Ezoic-Cdn
Pinterest-Version
X-Shield-Request-Id
X-Ser
X-MSEdge-Ref
Access-Control-Request-Method
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
X-Fastly-Request-ID
X-Recruiting
X-XRDS-Location
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Accel-Expires
X-DIS-Request-ID
Front-End-Https
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-Goog-Storage-Class
X-Id
X-T
X-Varnish-Age
X-Element-Page-Cache
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Cache-Tag
Fastcgi-Cache
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Fastcgi-Cache
X-Frontend
X-Webapp-Samesite-None-Activated-N
X-Content-Digest
NR-ENABLED
Powered
X-Hits
X-Correlation-Id
X-Ttl
X-Kinsta-Cache
X-Litespeed-Cache
Accept-CH
X-RateLimit-Remaining
X-FTR-Cache-Host
Accept-CH-Lifetime
Alternate-Protocol
X-Grace
X-Hp-Webp
X-Aspnetmvc-Version
ServerID
X-N
X-Webkit-Csp
X-Request-Processing-Time
X-Cache-Hit
X-Request-Received
TP-L2-Cache
TP-Cache
X-Node-Name
PB-PID
X-Microsite
X-Request-Handler-Origin-Region
PB-RID
X-HS-Combine-CSS
Server-Name
X-Mobile-Rewrite
Arc-Version
AMP-Access-Control-Allow-Source-Origin
X-Zen-Fury
Healthy
X-User-Agent
X-Rid
X-Content-Type
X-Revision
Backend-Timing
X-Analytics
X-Akamai-Edgescape
Server-Node
X-Content-Security-Policy-Report-Only
X-Logged-In
X-LB-Cache
AR-CACHE
AR-ATIME
AR-PoweredBy
Cache-Status
X-Activity-Id
X-Az
X-AppVersion
X-Forwarded-For
X-Pad
X-Amzn-RequestId
X-Amz-Apigw-Id
Ar-Sid
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
X-IPLB-Instance
X-Cached-By
X-Varnish-Grace
Retry-After
X-Mobile-URL
X-Type
X-FastCGI-Cache
X-Srv
X-B3-Sampled
Paypal-Debug-Id
X-GUploader-UploadID
X-Content-Options
X-Ruxit-Js-Agent
X-F-Cache
Refresh
X-Geo-Country
X-Via-JSL
Upgrade-Insecure-Requests
X-Tumblr-Pixel-0
X-App-Environment
X-Tumblr-User
X-Varnish-Backend
X-Tumblr-Pixel
X-Jobs
Accept-Charset
X-FB-Debug
X-Debug-Info
Host
X-Instance
Source
Access-Control-Allow-Method
X-Page-Id
X-Cache-Age
X-PHP-Backend
X-Request-Guid
DC
X-Framework
X-AOL-HN
X-B
X-Cluster
FilterID
Actual-Object-TTL
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-WebKit-CSP-Report-Only
X-Seen-By
X-Cache-Key
X-ATG-Version
AR-Request-ID
MS-CV
X-TT
Fastcgi-Useragent
X-Content-Powered-By
X-Cache-TTL
X-Git-Hash
VIX-Pulpo-Node
X-Cache-2
VIX-Pulpo-Upstream-Status
X-Whom
X-Esi
Cache
X-PressLabs-Stats
X-UA
X-TA-CDN-Provider
X-Cache-Control
X-Amz-Replication-Status
X-Host-Name
Surrogate-Key
X-Signature
X-B-Cache
X-Wix-Request-Id
Host-Header
X-Response-Served-From
Frame-Options
NGB
X-Mobile
X-Daa-Tunnel
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Cache-Rule
X-FW-Static
X-FW-Type
X-RequestSource
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-Operation
X-Origin-Server
X-GeoIP
WPE-Backend
Cache-Tv-Group
X-Drupal-Cache-Tags
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Cache-Enabled
X-Handled-By
X-Hyper-Cache
X-Region
X-Cache-Action
Webserver
Payment
Cleartype
Filters
X-Cache-NE
X-Cacheable-TTL
X-TX-ID
Eomportal-Instance
Xserver
X-Adobe-Loc
X-Adobe-Content
X-UA-Device-Type
X-SERVER
From-Origin
X-Forwarded-Host
X-EdgeConnect-Cache-Status
X-ProcessESI
X-RemovedCookies
X-Time
Datacenter
X-Load-Cache
X-Akamai-Transformed
X-Hostname
Ms-Operation-Id
X-RTag
X-Cache-TTL-Remaining
X-App-Server
X-NewRelic-App-Data
X-Cache-Server
X-Edge-Location
Liferay-Portal
X-Status
Tracecode
X-Contextid
X-Yottaa-Metrics
X-XRDS-LOCATION
X-Yottaa-Optimizations
X-ATS-Timestamp
X-Varnish-Hostname
X-Varnish-Server
X-BCube-Filmed-By
Odigeo-Trace-Id
X-TT-TIMESTAMP
X-Rule
Country
Meta-Geo
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
X-Path-Route
Load-Balancing
X-Cache-Var-Map
X-Xfnlog-Site
Release
X-Debug-Cache
X-FW-Dynamic
X-VCT
DSUID
X-Viewer-Country
Server-Info
X-Upgrade-Enabled
DB-Nickname
X-Soup
TWC-GeoIP-LatLong
X-Varnish-Cache-Hits
X-Origin-Hint
Webcakes-App-Name
TWC-Privacy
X-Rocket-Nginx-Bypass
X-Pubstack
X-R9-Blue-Green-Version
TWC-Device-Class
TWC-Locale-Group
X-Via-Fastly
X-OCL
X-Cache-Config
TWC-Connection-Speed
X-Cache-Host
Cache-Tags
TWC-GeoIP-Country
Webcakes-Region
X-CCM
X-EIG-Tracking-Id
Property-Id
X-PCL
Webcakes-App-Version
Version
Mn-Server-Ip
Azure-InstanceId
X-FC-Vary-Parameters
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-From
X-NWS-UUID-VERIFY
X-Labrador-Cache-Channel
X-IP
X-Human
NGX
Azure-Version
X-Drupal-Cache-Contexts
L5d-Success-Class
S-Rt
Origin-Edge-Control
Origin-Cache-Control
Selected-Fe
Fastly-SSL
Cache-Name
X-Cache-Time
X-Akamai-Request-ID2
X-Akamai-Request-ID
X-Loop
X-Hosted-By
X-ServerID
X-Real-IP
X-Oss-Object-Type
X-Redis-Cache
X-Timing-Wait
X-TNCMS
X-Web-Node
X-UUID
X-Oss-Storage-Class
X-Oss-Server-Time
X-Proxy-Build
X-Oss-Request-Id
X-Proto
X-Origin-Response-Time
X-Origin
X-Oss-Hash-Crc64ecma
X-Proxy
X-PERF
Viewport
X-Access
X-JoinUs
X-Www-Served-By
S-Cnection
X-Vgn-Hpd-Reason
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Backend-Name
X-Locale
X-Section
X-Rendered-As
X-Generated
X-RateLimit-Limit
X-Content-Age
X-FireWall-Port
X-Site-Version
X-Cluster-Name
X-ApacheServer
X-Format
Ec-Rule-Version
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-Info
X-Varnish-Hits
X-Time-Microsecs
X-VCache
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-B3-Traceid
X-Is-Bot
X-Storage
X-Guploader-Uploadid
Uber-Trace-Id
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-Origin-CC
X-Origin-TTL
Rt-Fastcgi-Cache
X-URL
X-Generated-By
X-Cache-Backend
X-PHP-Host
Cache-Key
X-Webkit-CSP
Cteonnt-Length
X-Accel-Buffering
X-Amzn-Remapped-Content-Length
X-Presslabs-Stats
X-WA-Info
Akamai-GRN
Time
GEO-INFO
Vix-Hermes-Req-Id
X-App-Version
X-SS-Set-Cookie
Cache-Hits
X-GoCache-CacheStatus
X-Hit
X-Nginx-Cache-Key
X-NCache
X-SaId
X-CF-Powered-By
X-Backend-TTL
X-Trace-Id
Origin
X-Cache-Remote
Accept-Language
X-No-Session
X-APP-VERSION
X-FB-TRIP-ID
X-Environment-Context
X-MServer
X-L-Path
X-Device-Type
X-Cache-Grace
X-CS
X-Tumblr-Pixel-3
X-Geo
X-Tb
Access-Control-Request-Headers
X-OVcl
X-SayCDN-TTL
X-OVcl-Cache
X-Say-TTL
X-Say-Cacheable
X-S
X-B3-SpanId
X-Unique-Id
X-Cluster-Node
X-CDN-Forward
X-CACHE-KEY
X-Tec-Api-Root
X-Uri
X-Tec-Api-Origin
User-Cache-Control
X-Tec-Api-Version
Srv
X-Via-CDN
Fastcgi-X-Cache-Version
X-CF-Lambda-Version
Mobile-Detection-Method
Apple-News-Services-Handled
Apple-News-Services-Host
MD5-Digest
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Shopify-Stage
Machine
Apple-News-Services-Parsed-Url
Content-Script-Type
X-D
X-Connection-Hash
BehaviorPad-Version
Arc-Country
Content-Style-Type
Cross-Origin-Window-Policy
AsisCache
Apple-News-Services-Request-Url
X-Hl-Ver
IsBot
Node
Viewtype
X-A-Dgt
X-ScT
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-Server-Time
X-DPWN-IS-SECURE
X-SIPLIST1
X-Session-Fingerprint
X-A-Dcw
X-Service
X-A-Wwc
X-Accel-Expires-Debug
X-CF-Lambda-Fn
X-ARC
X-External-Request-Id
X-PAYTM-SRV-ID
X-Processor
X-Application
X-Request-UUID
X-Region-Sid
X-Aed
X-AIR-PT
X-A-Dam
X-A-Ccd
Server-Host
T-Server
X-Vtex-Processado-Em
X-Date
Rt-Proxy-Cache
Request-EU
X-Vtex-Remote-Cache
Rendered-Blocks
Request-Country
X-Destination
X-B-Cookie
VivaBuild
X-Trv-Group
X-Transaction
X-Svr
X-SRCache-Key
X-A
X-Detected-As
X-VG-WebServer
X-G
X-VG-WebCache
X-Twitter-Response-Tags
Xc-Version
Meta-Geo-Continent
X-CSRF-TOKEN
Mail-Subject
NtCoent-Length
Mime-Version
X-EC-Lua
We-Hiring
X-Ah-Environment
X-Dc
Now
OT-Force-Account-Verify
ServerName
ServedBy
X-IN-APIGATEWAYSSL
X-Instart-Isnd
RNT-Machine
RNT-Time
X-IN-APIGATEWAY
X-Hnp-Log
CDCHOST
X-Cms-Context
X-Matched-Rule
X-Varnish-Beresp-Status
X-Clara-WADP
X-Varnish-Beresp-Grace
X-Proxy-Cache-Status
X-RateLimit-Limit-Second
X-Block-Status
X-RateLimit-Remaining-Second
X-Reboot
X-Level-Front-Cache
X-Location
X-S-Maxage
X-Cache-Bucket
X-Proxy-Upstream
Kp-EeAlive
X-Reqid
X-Request-URI
X-Cache-Debug
X-Cache-Info
X-Thinkindot-L3
Thinkindot-CacheControl-Type
X-Dispatch
X-Webstats-RespID
X-WADP-Cache
Thinkindot-CacheControl
X-NX-Host
Cache-Host
X-Dispatcher-Server
Thinkindot-Control
Wxu-Next-Commit
Web-Mar-Node
X-Endurance-Cache-Level
X-Gen-Mode
Wxu-Next-Hostname
Wxu-Next-Region
X-Generated-On
X-Shopify-Generated-Cart-Token
X-UnsetCookies
Proxy-Connection
Served-By
X-Ms-Version
X-Ms-Request-Id
X-Hash
X-CUA
Hostname
X-Core-Value
X-Varnish-Beresp-Ttl
X-User
X-Debug-Log
Server-Int
X-Debug-Cookies
X-FW-Version
X-B3-Parentspanid
X-Method
X-LI-UUID
X-Logging-Id
X-Agile
X-Agile-Age
X-Magnolia-Registration
X-Agile-Id
X-Amz-Meta-Cache-Control
X-Cache-Id
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Has-Esi
X-Core-Mission
X-Clientip
X-Compress-Hint
X-GeoIP-City
X-Developers
X-Generated-In
X-Fastly-Cache
X-Eu-Site
X-Distributor
X-Distil-CS
X-Geo-Header
X-Generation-Time
X-CGP
X-Cdn-Srv
X-Azure-Ref-OriginShield
X-Key
X-Backend-State
X-Azure-Ref
X-Li-Fabric
X-Li-Pop
X-Auto-Login
X-JWT-State
X-BBXSRF
W
X-Irp-Debug
X-Cache-URL
X-Cache-FS-Status
X-C
X-Is-Gdpr
X-Bip
X-App-Name
Section-Io-Cache
Gh-Request-Id
X-Server-IP
X-VG-TLSProxy
X-VC-Cache
X-Sigma
X-Variation
Ha-Gx-Prefs
HA-Ipaddr
X-SD-PageType
L
Is-Eu
IBM-Web2-Location
Heartbleed
X-Sigma-Backend
X-Skip-Cache
X-SVT-ORM-VERSION
AKAMAI
X-Swa-Ws
X-Thanos
X-Up
X-TrackingId
Adler-Geo
Content-Disposition
X-Sucuri-Cache
Fastly-Soc-X-Request-Id
Esi-Enabled
X-SVT-ORM-RULES
Countrycode
X-Scheme
X-VServer
X-Wikidot-Backend
X-Origin-Expires
X-Owner
X-Epic-Correlation-Id
X-Platform-Server
X-Wikidot-Static-Cache
X-NC
X-Old-Content-Length
X-Vdms-Version
X-Origin-Date
True-Client-Country-4JS
X-Policy
SD-X-WS
X-Qloud-Router
X-Request-Start
Magicmarker
X-Parent-Response-Time
Memcached
PFcat
X-WebServer
Pramga
X-We-Are-Hiring
Platform
X-Release
X-Rocket-Build-Number
Cache-Provider
X-Nc
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-ServiceProvider
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
Locale
X-NodeID
X-LI-Proto
X-MSEdge-Features
X-Internal-Host
Cdncip
X-AK-Request-ID
Cdnsip
V-Age
X-MSEdge-Flight
X-RCS-CacheZone
X-Cdn-Forward
X-B3-Spanid
X-Via-NSCOPI
Powered-By-ChinaCache
X-Upstream-Ct
Server-ID
X-Source
X-Upstream-Ht
X-SRV
X-COUNTRY
X-ND-Cache
X-Servername
X-Developer
A
X-GRACE
X-Sn-Servicetimems
X-Trafficlayer-App-Version
X-Cdn-Origin
GEO-REGION-INFO
X-Be
X-Device-Os
Environment
CF-IPCountry
X-Sucuri-Id
X-Lb-Id
X-FPC
X-Node-Id
X-TIME
X-FORWARDED-FOR
Locid
X-VHOST
X-Req
X-Nginx-Cache
X-Sucuri-ID
Tcn
X-Gamma-Serve
X-Served-From
FNAC-ModuleRouting
X-Microcachable
X-Servedbyhost
X-Zone
Geo-Info
X-Newrelic-Synthetics
Request-Time
X-Refresh
ProcessTime
X-Ratelimit-Remaining
X-Pjax-Url
X-Tb-Optimization-Total-Bytes-Saved
X-HTML-Minification-Powered-By
Resin-Trace
X-IPS-LoggedIn
X-AWS-Id
X-Pf-Uncompressing
X-Render-Time
Memory
X-VWS-Id
X-LJ-Flow-ID
X-VCL-Version
Gannett-Cam-Experience-Id
X-NU-AKA-ACS-Version
X-ElasticPress-Search
Group
X-ECACHE
X-Instart-Info
X-Edge-O15-RID
Cf-Ipcountry
X-Correlation-ID
CF-Cached-On
X-GeoIP-Country-Code
X-Backend-Host
Geoip-City
Geoip-Latitude
GeoIp-Country-Code
X-Backend-Url
Amp-Access-Control-Allow-Source-Origin
X-Var-Ttl
XServer
X-NGENIX-Cache
X-DC
TTL
X-CSRF-Token
Backend-Name
PICS-Label
X-Pod
Pics-Label
X-Unique-ID
X-Bc
X-MP-GENERATED-AT
X-Mode
MIME-Version
N-Cache
Cdn
X-Via-Edge
X-HOST
X-Via-SSL
REQUESTUUID
Pagetype
Lfy
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
X-ZONE
X-Vcl-Version
X-GEO
Cache-Prefix
Fly-Cache
Ttl
X-Check-Cacheable
M-TraceId
Fly-Request-Id
X-APP
X-CLOUD-TRACE-CONTEXT
HostName
X-Fstrz
X-Via-Ucdn
Ohc-File-Size
Host-ID
Ohc-Cache-HIT
X-Ratelimit-Limit
X-Worker
X-Proxied
X-Zipkin-Id
X-Routing-Service
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
SRV
X-Cache-Miss-From
X-HS-Status
X-Sedo-Request-Id
Cache-Cookie-Set-From
X-PF-Uncompressing
HitType
X-Swift-Error
X-Fetched-On
X-LiteSpeed-Cache-Control
X-Upstream-HT
X-PJAX-URL
X-BC
X-Server-W
X-Fastly-Country-Code
X-Cdn-Request-ID
X-Upstream-CT
X-Dynatrace-Js-Agent
X-NGINX-Cache
On-Server
Fastly-SIE
X-ServedByHost
Pragrma
X-Rebelmouse-Surrogate-Control
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Cache-Tag
URI
User-Agent
X-TH-Server
X-Wa
X-HostName
X-Varnish-Ttl
X-Tt-Trace-Tag
Powered-By
X-Aicache-OS
X-WR-MODIFICATION
X-UPSTREAM-Address
X-Request-Time
X-WA
X-TT-LOGID
Who
CDN
X-RateLimit-Reset
CACHE
Media-Length
X-BE
X-GDPR
X-LB-ID
Dynatrace
X-Varnish-Cacheable
X-LAGOON
Cdn-Request-Time
X-Fastly-Backend-Reqs
Cdn-Host
X-Edge-Server
X-Fpc
X-Varnish-URL
X-Cf-Powered-By
DataCenter
FSS-Proxy
X-ServerName
FSS-Cache
Debug
SS
X-Hello
X-SN
X-ABtesting
LB
Get-Access-Time
Is-Session-Tracking
Server-Id
X-Flog
X-Ua
X-Ftr-Cache-Host
Filterid
X-DI
X-DSS
X-DW
X-Org
X-Action
X-Protected-By
X-Tt-Trace-Host
AR-SID
X-Response-By
SN
X-DB
X-RPS
X-RSL
X-Varnish-Beresp-TTL
X-RPM
X-Gen-Id
Cneonction
X-Request-Url
XxX-Cache-Status
Requestid
X-Fastly-Cache-Hits
Warning
SID
Xet-Cookie
X-VC
X-SB
UCS
Thinkindot-Cache-Type
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Application
X-LiteSpeed-Tag
X-Akamai-ERRuleID
X-Akamai-ERPolicy
RequestId
X-Nananana
Product
X-Li-Proto
NnCoection
X-Dw-Trace-Id