Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
CF-Ray
X-Turbo-Charged-By
X-AH-Environment
X-Ua-Compatible
X-Age
X-Cache-Group
X-Via
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Hacker
X-Nginx-Cache-Status
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Server-Id
X-Rq
X-WebKit-CSP
Report-To
EagleEye-TraceId
X-Ws-Request-Id
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
Request-Id
X-Cnection
X-Backend-Server
Content-Location
X-DataDome
X-Origin-Cache
X-Node
X-Dns-Prefetch-Control
X-Cache-Lookup
NEL
X-Readtime
X-Cloud-Trace-Context
X-Vhost
P3p
X-HW
X-Dispatcher
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cdn
Allow
X-Clacks-Overhead
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Rack-Cache
X-Origin-Upstream-Status
X-DynaTrace
Rating
X-Country
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
Pinterest-Generated-By
X-Instart-Request-ID
X-Ruxit-JS-Agent
Edge-Control
X-PC
X-TtlSet
X-Vname
X-B3-TraceId
X-Mod-Pagespeed
X-Url
Accept-Ch
X-MS-InvokeApp
Verso
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-TTL
X-Trace
X-ESI
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
Service-Worker-Allowed
X-SharePointHealthScore
Content-MD5
Response
X-Middleton-Response
X-Sol
Pagespeed
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Middleton-Display
Display
RTSS
X-Navigation-Version
Accept-Ch-Lifetime
SPIisLatency
SPRequestDuration
X-Vcache
X-Abt-Application-Version
X-Powered-CMS
X-Debug
X-Forwarded-Proto
X-Upstream
X-Cached
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
Public-Key-Pins
Charset
X-CST
DynaTrace
X-Version
MS-Author-Via
X-NF-Request-ID
X-Amz-Rid
Realpath
Edge-Cache-Tag
X-Px
X-DynaTrace-JS-Agent
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Shard
TCN
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Ezoic-Cdn
X-Shield-Request-Id
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-Ser
Pinterest-Version
X-Fastly-Request-ID
X-Pinterest-Rid
S
X-Accel-Expires
X-TEC-API-ORIGIN
X-DIS-Request-ID
X-TEC-API-ROOT
X-TEC-API-VERSION
Fastly-Restarts
X-Client-IP
Front-End-Https
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-XRDS-Location
X-Webapp-Samesite-None-Activated-N
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-T
X-Varnish-Age
X-Element-Page-Cache
X-Goog-Storage-Class
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
Cache-Tag
X-FTR-Cache-Status
X-Country-Code-Real
X-Amzn-Trace-Id
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Server-ID
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Nginx-Cache
X-FTR-Expires
X-Dw-Request-Base-Id
Fastcgi-Cache
X-Fastcgi-Cache
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Frontend
Powered
NR-ENABLED
X-Hits
X-Correlation-Id
X-Hp-Webp
Alternate-Protocol
X-Kinsta-Cache
X-FTR-Cache-Host
X-Aspnetmvc-Version
X-Webkit-Csp
X-Request-Received
X-Request-Processing-Time
X-Content-Type
X-Ttl
ServerID
X-RateLimit-Remaining
Server-Name
X-HS-Combine-CSS
X-N
X-Request-Handler-Origin-Region
X-Microsite
X-Cache-Hit
TP-L2-Cache
PB-PID
TP-Cache
PB-RID
Arc-Version
X-Grace
X-Mobile-Rewrite
X-Rid
Healthy
X-Akamai-Edgescape
X-User-Agent
X-Node-Name
Backend-Timing
X-Revision
X-Analytics
X-Forwarded-For
X-Pad
X-Content-Security-Policy-Report-Only
AMP-Access-Control-Allow-Source-Origin
X-Logged-In
X-Zen-Fury
X-Mobile-URL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-LB-Cache
Server-Node
X-Varnish-Grace
X-Activity-Id
X-Oneagent-Js-Injection
X-AppVersion
X-Az
Cache-Status
X-Cached-By
X-B3-Sampled
X-Content-Options
X-NWS-LOG-UUID
Refresh
X-GUploader-UploadID
X-F-Cache
X-Geo-Country
X-IPLB-Instance
Upgrade-Insecure-Requests
X-Ruxit-Js-Agent
X-Type
Retry-After
X-Varnish-Backend
FilterID
X-FastCGI-Cache
X-Tumblr-Pixel
X-App-Environment
X-Tumblr-Pixel-0
X-Tumblr-User
Paypal-Debug-Id
X-Jobs
Accept-Charset
X-Cache-2
X-FB-Debug
Host
X-Srv
X-Page-Id
X-Request-Guid
X-Debug-Info
DC
Actual-Object-TTL
X-AOL-HN
X-B
X-Framework
X-Cluster
X-Instance
X-PHP-Backend
Accept-CH-Lifetime
Access-Control-Allow-Method
Source
X-WebKit-CSP-Report-Only
Accept-CH
AR-CACHE
AR-ATIME
X-ATG-Version
Cache
AR-PoweredBy
X-TT
X-Cache-Age
X-Seen-By
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Fastcgi-Useragent
X-Git-Hash
MS-CV
X-Cache-Key
X-Content-Powered-By
X-Via-JSL
Ar-Sid
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-PressLabs-Stats
X-Cache-TTL
Host-Header
X-B-Cache
X-Amz-Replication-Status
X-Signature
X-Whom
X-TA-CDN-Provider
X-Cache-Control
X-Wix-Request-Id
X-Origin-Server
X-Cache-Enabled
X-Response-Served-From
NGB
X-Daa-Tunnel
X-Mobile
Xserver
Surrogate-Key
X-UA
X-RequestSource
X-ATS-Timestamp
X-Tumblr-Pixel-2
X-GeoIP
Cache-Tv-Group
X-Tumblr-Pixel-1
X-Host-Name
WPE-Backend
Payment
Filters
Cleartype
Datacenter
Eomportal-Instance
X-Cacheable-TTL
X-Cache-NE
X-FW-Server
X-Hyper-Cache
X-FW-Static
X-FW-Type
X-FW-Hash
X-FW-Serve
X-Handled-By
Frame-Options
X-Adobe-Content
X-Adobe-Loc
X-Litespeed-Cache
X-Region
X-SERVER
X-TX-ID
X-Drupal-Cache-Tags
X-Cache-Action
Webserver
X-EdgeConnect-Cache-Status
X-Esi
X-Load-Cache
X-XRDS-LOCATION
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-Rule
X-Cache-Operation
X-Hostname
AR-Request-ID
X-Akamai-Transformed
From-Origin
X-NewRelic-App-Data
X-Cache-TTL-Remaining
X-ProcessESI
X-Edge-Location
X-RemovedCookies
X-UA-Device-Type
Liferay-Portal
X-RTag
Ms-Operation-Id
X-Cache-Server
X-Forwarded-Host
X-Varnish-Hostname
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Varnish-Server
X-Rule
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Status
X-Contextid
Country
X-App-Server
Odigeo-Trace-Id
X-Upgrade-Enabled
X-UUID
X-BCube-Filmed-By
Load-Balancing
X-ES-SERVER
X-Path-Route
X-RN-RSRV
X-Cache-Var-Map
X-Cache-Var
Meta-Geo
DSUID
X-TT-TIMESTAMP
Release
X-Rocket-Nginx-Bypass
Property-Id
DB-Nickname
X-From
X-EIG-Tracking-Id
Mn-Server-Ip
TWC-GeoIP-Country
Webcakes-Region
X-R9-Blue-Green-Version
X-Origin-Hint
X-VCT
X-Debug-Cache
X-CCM
Webcakes-App-Name
Webcakes-App-Version
TWC-Device-Class
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Connection-Speed
X-PCL
Azure-Version
Azure-InstanceId
Azure-SlotName
Azure-RegionName
X-Origin
Azure-SiteName
Origin-Cache-Control
X-Cache-Host
X-Cache-Config
X-IP
X-Human
X-Cache-Time
X-Drupal-Cache-Contexts
X-Hosted-By
X-Akamai-Request-ID
Selected-Fe
X-Loop
Cache-Tags
Cache-Name
Fastly-SSL
L5d-Success-Class
S-Rt
Origin-Edge-Control
X-OCL
X-Origin-Response-Time
X-FW-Dynamic
X-TNCMS
X-Real-IP
X-Redis-Cache
X-Soup
X-Viewer-Country
X-FC-Vary-Parameters
X-FireWall-Port
X-Pubstack
X-Proxy-Build
X-Vgn-Hpd-Reason
X-Timing-Wait
X-Proto
X-Via-Fastly
X-ServerID
X-Proxy
X-ProxyCache-Status
X-Labrador-Cache-Channel
X-Varnish-Hits
X-JoinUs
X-Access
X-Backend-Name
X-Cluster-Name
X-Akamai-Request-ID2
X-Is-Bot
X-Site-Version
Viewport
X-Content-Age
X-Format
X-ProxyCache-Key
X-NWS-UUID-VERIFY
X-Xfnlog-Site
X-Rendered-As
X-Section
Ec-Rule-Version
X-Locale
X-BYPASS-REASON
X-Www-Served-By
Uber-Trace-Id
X-Generated
Server-Info
Version
Decoy-Debug-Key
Decoy-Debug-TTL
X-Accel-Buffering
NGX
X-Varnish-Cache-Hits
S-Cnection
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Web-Node
Decoy-Debug-Status
X-Generated-By
X-Time-Microsecs
Tracecode
X-Cache-Backend
X-PHP-Host
X-Time
X-ApacheServer
X-PERF
X-Info
X-Amzn-Remapped-Content-Length
X-Storage
X-Origin-CC
X-SaId
X-Origin-TTL
X-Geo
X-VCache
X-URL
Akamai-GRN
Rt-Fastcgi-Cache
X-WA-Info
X-Presslabs-Stats
X-Nginx-Cache-Key
Cteonnt-Length
X-CF-Powered-By
X-App-Version
GEO-INFO
Time
X-Guploader-Uploadid
X-No-Session
X-MServer
X-Environment-Context
X-L-Path
Origin
X-Unique-Id
X-Cache-Remote
Cache-Key
Access-Control-Request-Headers
Accept-Language
X-Tec-Api-Origin
X-FB-TRIP-ID
X-Tb
X-Tec-Api-Version
X-Tec-Api-Root
X-Backend-TTL
X-APP-VERSION
X-CACHE-KEY
X-GoCache-CacheStatus
X-Say-Cacheable
X-NCache
X-SayCDN-TTL
X-RateLimit-Limit
X-Say-TTL
X-EC-Lua
Cache-Hits
Vix-Hermes-Req-Id
X-CDN-Forward
X-Hit
X-TIME
X-Shopify-Stage
X-Trace-Id
X-Shopify-Generated-Cart-Token
X-ShardId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-RCS-CacheZone
X-ShopId
X-Device-Type
X-B3-SpanId
X-Tumblr-Pixel-3
X-Source
X-Dc
Mime-Version
X-CS
X-S
OT-Force-Account-Verify
X-SS-Set-Cookie
Srv
X-OVcl-Cache
X-OVcl
Content-Style-Type
Cross-Origin-Window-Policy
Content-Script-Type
Fastcgi-X-Cache-Version
BehaviorPad-Version
IsBot
X-Hl-Ver
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
Apple-News-Services-Parsed-Url
Xc-Version
X-Cluster-Node
X-PAYTM-SRV-ID
X-Processor
User-Cache-Control
X-Magnolia-Registration
X-Endurance-Cache-Level
Apple-News-Services-Request-Url
Arc-Country
Machine
X-VG-WebCache
Apple-News-Services-Handled
AsisCache
Meta-Geo-Continent
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
Viewtype
VivaBuild
X-A-Dgt
X-A-Wwc
X-ARC
X-B-Cookie
X-Application
X-AIR-PT
X-Accel-Expires-Debug
X-Aed
X-CF-Lambda-Fn
T-Server
Node
X-Date
Mobile-Detection-Method
X-Ah-Environment
X-Detected-As
X-Destination
X-D
Rendered-Blocks
Server-Host
X-CF-Lambda-Version
Rt-Proxy-Cache
X-Connection-Hash
Request-Country
Request-EU
MD5-Digest
Apple-News-Services-Host
X-S-Cookie
X-Region-Sid
X-ScT
X-Svr
X-Parent-Response-Time
X-Rojux
X-Twitter-Response-Tags
X-Request-UUID
X-Rewrite-Enabled
X-Transaction
X-Upstream-Ht
X-Upstream-Ct
X-VG-WebServer
X-Vdms-Version
X-Vtex-Remote-Cache
X-SIPLIST1
X-Session-Fingerprint
X-Service
X-Vtex-Processado-Em
X-SRCache-Key
X-Server-Time
X-Trv-Group
ServerName
ServedBy
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Instart-Isnd
Thinkindot-CacheControl
X-Thinkindot-L3
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Cache-Bucket
X-Hash
X-Dispatch
X-CUA
X-Reboot
X-Dispatcher-Server
X-Core-Value
Served-By
X-Generated-On
X-Webstats-RespID
X-Level-Front-Cache
Server-Int
Mail-Subject
Now
We-Hiring
X-Matched-Rule
X-Location
Wxu-Next-Commit
X-ND-Cache
Wxu-Next-Hostname
Wxu-Next-Region
X-Via-NSCOPI
X-SRV
X-CSRF-TOKEN
X-Uri
NtCoent-Length
Proxy-Connection
X-Cache-FS-Status
X-BBXSRF
X-Cdn-Srv
X-Variation
X-VC-Cache
X-Bip
X-Cache-URL
X-Cache-Debug
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-VG-TLSProxy
X-B3-Parentspanid
X-User
X-Debug-Cache-Store
X-Backend-State
X-Core-Mission
X-CGP
X-Clara-WADP
X-Thanos
X-Cache-Info
X-VServer
X-SVT-ORM-RULES
X-TrackingId
X-Up
X-Block-Status
X-SVT-ORM-VERSION
X-C
X-Compress-Hint
X-Clientip
X-Cms-Context
X-Sucuri-Cache
X-Epic-Correlation-Id
X-Request-Start
X-Request-URI
X-Reqid
X-Azure-Ref-OriginShield
X-Wikidot-Static-Cache
X-Release
X-Old-Content-Length
X-NX-Host
X-Logging-Id
X-Rocket-Build-Number
X-Method
X-Ms-Request-Id
X-Ms-Version
X-Origin-Date
X-Origin-Expires
X-Proxy-Cache-Status
X-Platform-Server
X-Proxy-Upstream
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Planisys-CDN-TTL
X-We-Are-Hiring
X-Planisys-CDN-Cache
X-Owner
X-Wikidot-Backend
X-Planisys-CDN-Rules
X-WebServer
X-LI-UUID
X-Li-Pop
X-Qloud-Router
X-Server-IP
X-Eu-Site
X-Fastly-Cache
X-SD-PageType
X-FW-Version
X-Distributor
X-Distil-CS
X-Debug-Log
X-Skip-Cache
X-Sigma-Backend
X-Sigma
X-Developers
X-Gen-Mode
X-Generation-Time
X-Is-Gdpr
X-Irp-Debug
X-JWT-State
X-Key
X-Li-Fabric
X-S-Maxage
X-Scheme
X-GeoIP-City
X-Geo-Header
X-Has-Esi
X-Hnp-Log
X-WADP-Cache
X-Debug-Cookies
Web-Mar-Node
IBM-Web2-Location
Is-Eu
Heartbleed
HA-Ipaddr
Ha-Gx-Prefs
L
Magicmarker
Pramga
Platform
PFcat
Memcached
X-Cache-Grace
Gh-Request-Id
X-Azure-Ref
Adler-Geo
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Cache-Host
CDCHOST
Fastly-Soc-X-Request-Id
Esi-Enabled
Countrycode
Content-Disposition
RNT-Machine
AKAMAI
RNT-Time
X-Auto-Login
W
X-Agile
X-Amz-Meta-Cache-Control
X-App-Name
Section-Io-Cache
X-Agile-Age
X-Agile-Id
SD-X-WS
Cache-Provider
X-Nc
X-Internal-Host
Server-ID
X-Generated-In
X-Cache-Id
X-Policy
X-LI-Proto
Kp-EeAlive
X-Swa-Ws
Powered-By-ChinaCache
X-Trafficlayer-App-Version
X-Via-CDN
X-NodeID
X-ServiceProvider
X-Urbn-Context-Path
X-AK-Request-ID
Locale
Cdncip
True-Client-Country-4JS
X-MSEdge-Features
X-MSEdge-Flight
X-NC
Cdnsip
V-Age
X-Urbn-Site-Id
X-B3-Spanid
Environment
Locid
X-B3-Traceid
X-Servername
X-Served-From
X-Req
X-Newrelic-Synthetics
CF-IPCountry
X-Cdn-Forward
X-HTML-Minification-Powered-By
X-GRACE
X-Lb-Id
X-Gamma-Serve
X-Be
FNAC-ModuleRouting
X-CLOUD-TRACE-CONTEXT
GEO-REGION-INFO
X-UnsetCookies
Hostname
X-7Graus-Varnish-XKeys
X-Sucuri-Id
X-FPC
X-Refresh
X-7Graus-Varnish-Cache-Control
X-IPS-LoggedIn
X-VHOST
X-Render-Time
X-Nginx-Cache
X-Zone
X-NU-AKA-ACS-Version
ProcessTime
Tcn
A
Geo-Info
X-Tb-Optimization-Total-Bytes-Saved
X-Developer
X-Sucuri-ID
X-MP-GENERATED-AT
X-Webkit-CSP
X-Edge-O15-RID
X-Mode
X-Servedbyhost
X-Sn-Servicetimems
X-Microcachable
X-Device-Os
X-GeoIP-Country-Code
X-Cdn-Origin
X-Pjax-Url
X-Node-Id
X-Ratelimit-Remaining
Memory
X-AWS-Id
X-FORWARDED-FOR
X-LJ-Flow-ID
X-Pf-Uncompressing
X-VWS-Id
X-Routing-Service
X-Proxied
X-Zipkin-Id
X-COUNTRY
X-CSRF-Token
TTL
Request-Time
Gannett-Cam-Experience-Id
X-Correlation-ID
X-DC
Resin-Trace
Geoip-Latitude
Amp-Access-Control-Allow-Source-Origin
GeoIp-Country-Code
X-Bc
CF-Cached-On
Pics-Label
X-Pod
X-Ratelimit-Limit
PICS-Label
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Cf-Ipcountry
X-VCL-Version
X-Via-Edge
X-Vcl-Version
GeoIP-City
GeoIP-Country-Code
Group
X-ZONE
Cdn
M-TraceId
X-Via-SSL
GeoIP-Latitude
HostName
X-Request-Time
X-Unique-ID
X-Cdn-Request-ID
X-Instart-Info
Geoip-City
X-ECACHE
X-ElasticPress-Search
X-Swift-Error
X-NODE
Host-ID
XServer
MIME-Version
X-TH-Server
X-Backend-Host
Ttl
X-NGINX-Cache
X-Backend-Url
X-Var-Ttl
X-BC
HitType
X-PF-Uncompressing
Ohc-Cache-HIT
Backend-Name
Ohc-File-Size
X-Check-Cacheable
X-APP
URI
Pagetype
N-Cache
Powered-By
REQUESTUUID
Lfy
X-NGENIX-Cache
X-UPSTREAM-Address
User-Agent
X-ServedByHost
X-Fastly-Country-Code
Fly-Request-Id
On-Server
X-PJAX-URL
X-Fstrz
Media-Length
Cache-Prefix
Fly-Cache
SRV
X-HostName
X-HS-Status
X-Cache-Tag
X-WR-MODIFICATION
X-Via-Ucdn
X-Aicache-OS
X-Worker
X-Tt-Trace-Tag
X-LiteSpeed-Cache-Control
X-Sedo-Request-Id
X-WA
Who
X-Hp-Ccpa-Warning
CDN
X-Cache-Miss-From
X-Fetched-On
FSS-Cache
FSS-Proxy
X-Tt-Trace-Host
Pragrma
AR-SID
X-BE
UCS
X-Server-W
X-NYM-Debug-Backend
Fastly-SIE
X-LB-ID
Fastly-SWR
X-Varnish-Cacheable
Processtime
X-Cache-Tags
X-GEO
X-LAGOON
X-Varnish-URL
X-Rebelmouse-Cache-Control
X-Wa
X-Rebelmouse-Surrogate-Control
X-Fpc
X-Cf-Powered-By
X-Upstream-CT
X-Store
X-Fastly-Backend-Reqs
X-Upstream-HT
X-ServerName
Server-Cache-Control
Debug
X-Varnish-Authentication
X-Cache-ASPX
X-Contensis-Viewer-Groups
Server-Surrogate-Control
X-Ftr-Cache-Host
X-Ua
Location
X-Akamai-ERRuleID
X-Varnish-Beresp-TTL
Country-Code
Fastly-Backend-Name
X-Akamai-ERPolicy
X-Protected-By
X-TT-LOGID
X-GDPR
X-Request-Url
X-Fastly-Cache-Hits
SID
X-Gen-Id
Server-Id
X-Apw-Hits
X-Response-By
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
Application
NnCoection
Cneonction
X-Amzn-Remapped-Connection
X-Nananana
XxX-Cache-Status
Product
X-Amzn-Remapped-Date
X-Dw-Trace-Id
WP-Super-Cache
Thinkindot-Cache-Type
Xet-Cookie
X-VC
X-SB
X-Li-Proto