Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
Access-Control-Max-Age
Keep-Alive
X-Kinja-Server-Push
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-AH-Environment
X-Cache-Group
X-Ua-Compatible
X-Age
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Proxy-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Hacker
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-WebKit-CSP
Report-To
X-Server-Id
EagleEye-TraceId
X-Ac
X-Response-Time
X-Host
Request-Id
X-Cnection
X-OneAgent-JS-Injection
X-Backend-Server
X-DataDome
X-Node
Content-Location
X-Origin-Cache
X-Dns-Prefetch-Control
X-Cloud-Trace-Context
X-Readtime
X-Cache-Lookup
NEL
X-Cdn
X-Ws-Request-Id
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
Allow
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
X-DynaTrace
Surrogate-Control
Rating
X-FTR-Request-ID
X-Country
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
X-Country-Code
X-Akam-SW-Version
X-Goog-Hash
X-Varnish-TTL
Pinterest-Generated-By
X-Instart-Request-ID
X-Vname
X-TtlSet
X-PC
Edge-Control
X-MS-InvokeApp
X-B3-TraceId
X-Url
X-Ruxit-JS-Agent
X-Mod-Pagespeed
SPRequestGuid
Verso
X-Powered-By-Plesk
X-D2id
X-Trace
X-Sol
Response
Pagespeed
X-Middleton-Response
X-SharePointHealthScore
Accept-Ch
Display
X-Middleton-Display
X-VARITI-CCR
Service-Worker-Allowed
X-Server-Name
RTSS
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Exp-Id
X-Kinja
X-Use-Magma
X-GitHub-Request-Id
X-ESI
Content-MD5
SPRequestDuration
SPIisLatency
X-Navigation-Version
X-Vcache
X-Powered-CMS
X-Abt-Application-Version
X-Debug
X-TTL
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
Charset
X-Server-ID
X-CST
MS-Author-Via
Public-Key-Pins
X-Forwarded-Proto
X-Upstream
X-Cached
DynaTrace
Accept-Ch-Lifetime
X-NF-Request-ID
X-Amz-Rid
X-Version
Realpath
Edge-Cache-Tag
X-Px
MicrosoftSharePointTeamServices
X-Shard
Arr-Disable-Session-Affinity
X-Ezoic-Cdn
X-MSEdge-Ref
Pinterest-Version
X-Shield-Request-Id
X-Pinterest-Rid
X-TEC-API-ORIGIN
Fastly-Restarts
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Ser
TCN
Access-Control-Request-Method
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
S
X-Fastly-Request-ID
X-XRDS-Location
X-Accel-Expires
X-Recruiting
X-DIS-Request-ID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
Front-End-Https
X-Client-IP
X-Amz-Meta-S3cmd-Attrs
Nginx-Cache
X-Id
X-T
X-Goog-Storage-Class
X-Varnish-Age
X-Element-Page-Cache
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Expires
X-Amzn-Trace-Id
X-Webkit-Csp
X-Ttl
X-Dw-Request-Base-Id
Cache-Tag
X-Webapp-Samesite-None-Activated-N
Fastcgi-Cache
X-Fastcgi-Cache
X-Frontend
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Content-Digest
NR-ENABLED
Powered
X-Hits
X-Correlation-Id
X-Kinsta-Cache
X-RateLimit-Remaining
X-FTR-Cache-Host
X-Oneagent-Js-Injection
Alternate-Protocol
X-Hp-Webp
X-Aspnetmvc-Version
ServerID
X-N
X-Request-Received
X-Request-Processing-Time
X-Grace
X-Cache-Hit
TP-L2-Cache
TP-Cache
X-Node-Name
X-Request-Handler-Origin-Region
Server-Name
X-Microsite
X-HS-Combine-CSS
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
Accept-CH
AMP-Access-Control-Allow-Source-Origin
X-Zen-Fury
X-Content-Type
X-Rid
X-User-Agent
Healthy
Accept-CH-Lifetime
X-Revision
Backend-Timing
X-Ruxit-Js-Agent
X-Akamai-Edgescape
X-Analytics
Server-Node
X-Content-Security-Policy-Report-Only
X-Logged-In
X-LB-Cache
X-Forwarded-For
X-AppVersion
X-Amz-Apigw-Id
Cache-Status
X-Activity-Id
X-Amzn-RequestId
X-Az
X-Pad
AR-ATIME
X-Cached-By
AR-CACHE
AR-PoweredBy
X-Mobile-URL
X-Varnish-Grace
X-IPLB-Instance
X-NWS-LOG-UUID
Retry-After
X-B3-Sampled
X-Type
X-Content-Options
Refresh
X-Litespeed-Cache
X-F-Cache
X-FastCGI-Cache
Ar-Sid
X-GUploader-UploadID
X-Geo-Country
Upgrade-Insecure-Requests
Paypal-Debug-Id
FilterID
X-Srv
X-App-Environment
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Varnish-Backend
X-Debug-Info
X-FB-Debug
X-Jobs
Source
Accept-Charset
Host
X-B
X-PHP-Backend
X-AOL-HN
DC
X-Request-Guid
Actual-Object-TTL
Access-Control-Allow-Method
X-Cluster
X-Framework
X-Cache-Age
X-Via-JSL
X-Page-Id
X-ATG-Version
X-WebKit-CSP-Report-Only
X-Cache-Key
X-Seen-By
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Fastcgi-Useragent
X-Git-Hash
X-Cache-2
X-TT
X-PressLabs-Stats
MS-CV
Cache
X-Content-Powered-By
X-Cache-TTL
X-Whom
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
AR-Request-ID
X-UA
X-Amz-Replication-Status
X-Cache-Control
X-Esi
X-B-Cache
X-Signature
X-Host-Name
X-Wix-Request-Id
X-TA-CDN-Provider
Host-Header
Surrogate-Key
NGB
X-Response-Served-From
Frame-Options
X-Daa-Tunnel
X-RequestSource
X-Cache-Enabled
X-Origin-Server
X-GeoIP
X-FW-Type
X-Drupal-Cache-Tags
X-FW-Server
X-Mobile
X-FW-Static
WPE-Backend
Cache-Tv-Group
X-FW-Hash
X-FW-Serve
Eomportal-Instance
X-Tumblr-Pixel-2
X-Region
X-Tumblr-Pixel-1
Filters
X-Cache-NE
X-Cache-Operation
X-Cache-Rule
X-Cacheable-TTL
X-Handled-By
X-Hyper-Cache
X-TX-ID
X-Cache-Action
Payment
Xserver
Cleartype
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Adobe-Loc
X-Adobe-Content
X-SERVER
X-EdgeConnect-Cache-Status
Webserver
From-Origin
X-UA-Device-Type
X-RemovedCookies
X-ProcessESI
X-Forwarded-Host
Datacenter
X-Akamai-Transformed
X-Load-Cache
X-RTag
X-NewRelic-App-Data
X-Cache-TTL-Remaining
Ms-Operation-Id
X-App-Server
X-Hostname
X-Edge-Location
X-ATS-Timestamp
X-Time
X-Cache-Server
Liferay-Portal
X-Status
X-Yottaa-Optimizations
X-Contextid
X-XRDS-LOCATION
X-Yottaa-Metrics
X-Varnish-Hostname
X-Varnish-Server
Tracecode
X-Rule
Odigeo-Trace-Id
X-BCube-Filmed-By
Country
X-TT-TIMESTAMP
X-Upgrade-Enabled
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
X-Cache-Var-Map
Meta-Geo
X-Path-Route
Load-Balancing
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Debug-Cache
X-Oss-Server-Time
DSUID
X-Oss-Storage-Class
X-Xfnlog-Site
X-Viewer-Country
Version
X-Via-Fastly
X-R9-Blue-Green-Version
TWC-Connection-Speed
X-PCL
X-Varnish-Cache-Hits
X-Pubstack
DB-Nickname
Release
Property-Id
Mn-Server-Ip
Server-Info
X-Origin-Hint
X-EIG-Tracking-Id
Cache-Tags
TWC-Privacy
X-VCT
X-ORACLE-APMCS-REQUEST-ID
TWC-Locale-Group
X-FW-Dynamic
Webcakes-App-Version
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-OCL
X-CCM
Webcakes-App-Name
X-Cache-Host
X-ORACLE-APMCS-TAG
TWC-Device-Class
Azure-RegionName
X-Web-Node
X-Human
Azure-SlotName
Azure-Version
Cache-Name
Azure-SiteName
Fastly-SSL
X-UUID
X-TNCMS
X-Drupal-Cache-Contexts
X-Labrador-Cache-Channel
X-IP
X-Origin-Response-Time
X-Cache-Time
X-Akamai-Request-ID
X-Origin
X-Akamai-Request-ID2
X-Rocket-Nginx-Bypass
X-Loop
X-From
Origin-Edge-Control
Origin-Cache-Control
X-Cache-Config
Azure-InstanceId
X-Soup
X-Hosted-By
NGX
S-Rt
X-Redis-Cache
X-Format
X-Locale
X-Generated
X-Access
X-FireWall-Port
X-Proto
S-Cnection
X-NWS-UUID-VERIFY
X-ApacheServer
X-ServerID
X-Real-IP
X-Proxy
X-Content-Age
X-FC-Vary-Parameters
X-Rendered-As
X-PERF
L5d-Success-Class
X-Section
X-Site-Version
X-Www-Served-By
Decoy-Debug-Key
Decoy-Debug-TTL
Ec-Rule-Version
Decoy-Debug-Status
X-VCache
X-Varnish-Hits
X-Time-Microsecs
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Is-Bot
Viewport
X-Vgn-Hpd-Reason
X-Info
X-Timing-Wait
Selected-Fe
X-Proxy-Build
Uber-Trace-Id
X-Backend-Name
X-Storage
X-Cluster-Name
X-RateLimit-Limit
X-Guploader-Uploadid
X-ProxyCache-Key
X-BYPASS-REASON
X-ProxyCache-Status
X-Origin-TTL
X-Cache-Backend
X-Generated-By
X-Origin-CC
X-URL
X-PHP-Host
X-App-Version
Rt-Fastcgi-Cache
X-Accel-Buffering
X-Amzn-Remapped-Content-Length
Cteonnt-Length
Akamai-GRN
Cache-Key
Time
X-WA-Info
X-Nginx-Cache-Key
Origin
X-SaId
Cache-Hits
X-GoCache-CacheStatus
X-No-Session
X-SS-Set-Cookie
X-Cache-Remote
X-NCache
Vix-Hermes-Req-Id
X-Hit
X-CF-Powered-By
GEO-INFO
Accept-Language
X-Trace-Id
X-MServer
X-FB-TRIP-ID
X-Backend-TTL
X-Geo
X-Environment-Context
X-L-Path
X-Presslabs-Stats
X-B3-SpanId
X-Tb
Access-Control-Request-Headers
X-B3-Traceid
X-CS
Srv
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Device-Type
X-Tumblr-Pixel-3
X-Cache-Grace
X-APP-VERSION
X-OVcl-Cache
X-OVcl
X-Unique-Id
X-CDN-Forward
X-S
X-Tec-Api-Version
X-Tec-Api-Origin
X-CACHE-KEY
X-Tec-Api-Root
X-Cluster-Node
User-Cache-Control
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
OT-Force-Account-Verify
X-Uri
ServedBy
X-ShardId
X-ShopId
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Dc
X-A-Wwc
Content-Script-Type
X-Accel-Expires-Debug
Meta-Geo-Continent
X-A-Dgt
X-A-Ccd
X-A-Dam
X-A-Dcw
Content-Style-Type
X-Aed
X-Vtex-Remote-Cache
X-CF-Lambda-Fn
Machine
X-B-Cookie
Xc-Version
X-AIR-PT
X-Application
X-ARC
X-A
Mobile-Detection-Method
Apple-News-Services-Request-Url
Arc-Country
AsisCache
BehaviorPad-Version
X-Vtex-Processado-Em
T-Server
Apple-News-Services-Host
Apple-News-Services-Handled
Server-Host
Rt-Proxy-Cache
Request-EU
Cross-Origin-Window-Policy
MD5-Digest
Fastcgi-X-Cache-Version
Node
VivaBuild
Request-Country
Rendered-Blocks
Viewtype
Apple-News-Services-Parsed-Url
X-CF-Lambda-Version
X-SIPLIST1
X-SRCache-Key
X-Session-Fingerprint
X-Service
X-External-Request-Id
X-VG-WebServer
X-Svr
X-Detected-As
X-CSRF-TOKEN
X-Ah-Environment
X-EC-Lua
X-Server-Time
X-ScT
X-Region-Sid
X-Hl-Ver
X-Processor
X-PAYTM-SRV-ID
X-Request-UUID
IsBot
X-G
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-Destination
X-DPWN-IS-SECURE
X-Twitter-Response-Tags
X-Trv-Group
Mime-Version
X-VG-WebCache
X-D
X-Date
X-Connection-Hash
X-Transaction
X-Via-CDN
ServerName
Served-By
X-Matched-Rule
X-Reboot
X-Ms-Request-Id
X-Request-URI
X-Cache-Info
X-WADP-Cache
X-Gen-Mode
X-Location
X-Ms-Version
X-Level-Front-Cache
X-RateLimit-Remaining-Second
X-Hnp-Log
X-Webstats-RespID
X-RateLimit-Limit-Second
RNT-Machine
X-Generated-On
X-Clara-WADP
X-Instart-Isnd
Thinkindot-CacheControl
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Web-Mar-Node
X-Vdms-Version
X-CUA
X-Dispatch
X-Thinkindot-L3
X-Dispatcher-Server
X-Hash
X-Cache-Debug
X-S-Maxage
Server-Int
X-Block-Status
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Endurance-Cache-Level
X-Core-Value
X-Cms-Context
X-Cache-Bucket
RNT-Time
X-Varnish-Beresp-Ttl
Proxy-Connection
X-Varnish-Beresp-Status
X-Nc
Cache-Host
CDCHOST
Mail-Subject
X-Varnish-Beresp-Grace
We-Hiring
NtCoent-Length
X-SRV
X-B3-Parentspanid
X-Parent-Response-Time
X-FW-Version
X-JWT-State
X-Is-Gdpr
X-Li-Fabric
X-Geo-Header
X-Has-Esi
X-Li-Pop
X-App-Name
X-Old-Content-Length
X-Method
X-Logging-Id
X-Generation-Time
X-Azure-Ref
X-Epic-Correlation-Id
X-Cdn-Srv
X-Compress-Hint
X-Cache-URL
X-Cache-Id
X-Cache-FS-Status
X-BBXSRF
X-Backend-State
X-Distributor
X-C
X-Developers
X-Owner
X-Azure-Ref-OriginShield
X-Fastly-Cache
X-Release
PFcat
X-Core-Mission
X-Debug-Cookies
Now
X-Wikidot-Static-Cache
X-We-Are-Hiring
X-Wikidot-Backend
X-Debug-Log
X-GeoIP-City
X-Origin-Expires
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Origin-Date
X-NX-Host
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-VServer
X-VG-TLSProxy
X-SD-PageType
X-Server-IP
X-Skip-Cache
X-Scheme
X-Reqid
X-Qloud-Router
X-Amz-Meta-Cache-Control
X-Sucuri-Cache
X-SVT-ORM-RULES
X-Variation
X-VC-Cache
X-User
X-Up
X-SVT-ORM-VERSION
X-Swa-Ws
X-Platform-Server
X-LI-UUID
Adler-Geo
Content-Disposition
AKAMAI
Kp-EeAlive
SD-X-WS
Section-Io-Cache
Memcached
Esi-Enabled
W
Magicmarker
True-Client-Country-4JS
L
Heartbleed
X-RCS-CacheZone
Fastly-Soc-X-Request-Id
X-Agile-Id
X-Agile
IBM-Web2-Location
X-Agile-Age
Platform
Is-Eu
Pramga
X-Magnolia-Registration
Cache-Provider
Hostname
X-UnsetCookies
X-Source
X-Key
X-Rocket-Build-Number
X-Internal-Host
X-LI-Proto
V-Age
X-ServiceProvider
X-Generated-In
X-Request-Start
X-AK-Request-ID
X-Policy
X-Planisys-CDN-TTL
X-Debug-Cache-Fetch
X-Irp-Debug
X-Via-NSCOPI
X-Planisys-CDN-Rules
Cdnsip
X-Sigma
X-Urbn-Context-Path
X-Planisys-CDN-Cache
X-Urbn-Site-Id
X-MSEdge-Features
X-MSEdge-Flight
X-NodeID
Cdncip
X-Eu-Site
X-Upstream-Ct
X-Upstream-Ht
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
X-Thanos
X-WebServer
X-Auto-Login
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Clientip
X-CGP
X-Bip
Countrycode
X-TrackingId
X-Distil-CS
X-Sigma-Backend
Locale
X-Cdn-Forward
Server-ID
X-7Graus-Varnish-Cache-Control
X-NC
X-ND-Cache
Tcn
X-7Graus-Varnish-XKeys
Powered-By-ChinaCache
X-TIME
X-Sucuri-Id
X-GRACE
Environment
X-COUNTRY
X-B3-Spanid
X-Be
GEO-REGION-INFO
X-Trafficlayer-App-Version
X-Servername
X-Developer
A
CF-IPCountry
X-Nginx-Cache
X-Lb-Id
X-FPC
Geo-Info
X-Sn-Servicetimems
X-Cdn-Origin
Locid
X-Req
X-Device-Os
X-Gamma-Serve
X-Newrelic-Synthetics
X-VHOST
X-Node-Id
X-Served-From
FNAC-ModuleRouting
X-Zone
ProcessTime
X-Microcachable
X-Refresh
X-FORWARDED-FOR
X-Servedbyhost
X-HTML-Minification-Powered-By
X-Webkit-CSP
X-Edge-O15-RID
X-Sucuri-ID
Request-Time
X-Pjax-Url
X-Render-Time
Memory
X-IPS-LoggedIn
X-Tb-Optimization-Total-Bytes-Saved
X-VWS-Id
X-Pf-Uncompressing
X-LJ-Flow-ID
X-AWS-Id
X-NU-AKA-ACS-Version
Resin-Trace
X-VCL-Version
X-GeoIP-Country-Code
Gannett-Cam-Experience-Id
CF-Cached-On
Cf-Ipcountry
X-Correlation-ID
X-MP-GENERATED-AT
GeoIp-Country-Code
X-ElasticPress-Search
Group
X-Mode
XServer
X-DC
X-Instart-Info
TTL
X-ECACHE
Geoip-Latitude
Amp-Access-Control-Allow-Source-Origin
Geoip-City
Pics-Label
X-Ratelimit-Remaining
X-CSRF-Token
X-Unique-ID
X-Backend-Host
X-Pod
X-Backend-Url
X-Var-Ttl
MIME-Version
X-NGENIX-Cache
GeoIP-Latitude
GeoIP-Country-Code
Cdn
Backend-Name
PICS-Label
GeoIP-City
M-TraceId
X-Via-Edge
X-Via-SSL
X-ZONE
X-Check-Cacheable
X-Routing-Service
X-Proxied
HostName
Ttl
X-APP
X-Zipkin-Id
REQUESTUUID
Pagetype
Host-ID
X-Vcl-Version
N-Cache
X-Bc
Lfy
X-CLOUD-TRACE-CONTEXT
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Fly-Cache
X-Fstrz
Fly-Request-Id
Cache-Cookie-Set-From
Cache-Prefix
Ohc-File-Size
Ohc-Cache-HIT
HitType
X-GEO
X-PF-Uncompressing
X-BC
X-Worker
X-Cdn-Request-ID
X-Via-Ucdn
X-HostName
X-Ratelimit-Limit
X-Sedo-Request-Id
X-HS-Status
X-Fastly-Country-Code
X-PJAX-URL
X-TH-Server
X-Cache-Miss-From
X-Dynatrace-Js-Agent
X-LiteSpeed-Cache-Control
X-Swift-Error
Pragrma
User-Agent
X-Fetched-On
X-Cache-Tag
URI
X-Request-Time
X-ServedByHost
On-Server
X-Server-W
X-Upstream-HT
X-Upstream-CT
X-WR-MODIFICATION
X-Rebelmouse-Surrogate-Control
Powered-By
Fastly-SIE
X-Wa
X-Tt-Trace-Tag
X-UPSTREAM-Address
Fastly-SWR
X-Rebelmouse-Cache-Control
X-NGINX-Cache
SRV
X-WA
Media-Length
Who
X-Aicache-OS
CDN
X-BE
X-TT-LOGID
X-LAGOON
AR-SID
X-LB-ID
X-Fpc
X-GDPR
X-Varnish-URL
X-Fastly-Backend-Reqs
X-ServerName
X-Varnish-Cacheable
X-Cf-Powered-By
DataCenter
X-Edge-Server
Server-Id
CACHE
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Cdn-Host
Cdn-Request-Time
Debug
X-Tt-Trace-Host
FSS-Proxy
FSS-Cache
X-Ftr-Cache-Host
X-Ua
X-RateLimit-Reset
X-ABtesting
X-Varnish-Beresp-TTL
Get-Access-Time
LB
Is-Session-Tracking
SS
X-Protected-By
X-SN
X-Hello
UCS
X-Gen-Id
X-Flog
X-Hp-Ccpa-Warning
WP-Super-Cache
X-Cache-Tags
Xet-Cookie
X-SB
X-Nananana
XxX-Cache-Status
Cneonction
NnCoection
X-VC
Application
X-DW
X-DSS
X-DI
X-DB
X-LiteSpeed-Tag
X-RPM
X-RSL
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-RPS
X-Dw-Trace-Id
X-Action
SID
X-Fastly-Cache-Hits
SN
Product
X-Org
X-Li-Proto
Warning
Requestid
Thinkindot-Cache-Type
X-Response-By
X-Request-Url