Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
X-Turbo-Charged-By
CF-Ray
X-AH-Environment
X-Via
X-Age
X-Cache-Group
X-Pass-Why
X-Ua-Compatible
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
X-Nginx-Cache-Status
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-WebKit-CSP
X-Server-Id
X-Rq
Report-To
EagleEye-TraceId
X-Response-Time
X-Host
X-Ac
X-OneAgent-JS-Injection
X-Ws-Request-Id
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Origin-Cache
X-Cache-Lookup
NEL
X-Readtime
X-Cloud-Trace-Context
X-Dns-Prefetch-Control
X-Vhost
X-HW
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
P3p
X-Cdn
Allow
X-Clacks-Overhead
Surrogate-Control
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
X-DynaTrace
Rating
X-Country
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-FTR-Request-ID
X-Akam-SW-Version
X-Country-Code
X-Goog-Hash
X-Ruxit-JS-Agent
X-Instart-Request-ID
X-Varnish-TTL
Edge-Control
Pinterest-Generated-By
X-Vname
X-TtlSet
X-PC
X-Url
X-Mod-Pagespeed
X-MS-InvokeApp
X-B3-TraceId
Verso
SPRequestGuid
X-Powered-By-Plesk
Accept-Ch
X-D2id
X-ESI
X-Trace
X-Server-Name
X-VARITI-CCR
X-SharePointHealthScore
X-GitHub-Request-Id
X-Sol
Response
X-Middleton-Response
Pagespeed
Service-Worker-Allowed
X-Middleton-Display
Display
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-Exp-Id
Content-MD5
X-TTL
RTSS
SPIisLatency
SPRequestDuration
X-Navigation-Version
X-Abt-Application-Version
X-Powered-CMS
X-Debug
X-Vcache
X-Forwarded-Proto
X-Upstream
X-Cached
X-Amz-Server-Side-Encryption
Accept-Ch-Lifetime
X-Vcap-Request-Id
Public-Key-Pins
X-CST
Charset
MS-Author-Via
X-Version
DynaTrace
X-NF-Request-ID
X-Amz-Rid
Edge-Cache-Tag
Realpath
X-Px
MicrosoftSharePointTeamServices
X-DynaTrace-JS-Agent
TCN
X-Shard
Arr-Disable-Session-Affinity
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Ezoic-Cdn
X-MSEdge-Ref
Pinterest-Version
X-Pinterest-Rid
X-Shield-Request-Id
X-Ser
Access-Control-Request-Method
X-Fastly-Request-ID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Accel-Expires
Fastly-Restarts
S
X-Server-ID
X-DIS-Request-ID
X-XRDS-Location
X-Client-IP
Front-End-Https
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-TEC-API-ORIGIN
X-T
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Id
X-Element-Page-Cache
X-Goog-Storage-Class
Nginx-Cache
X-Varnish-Age
X-Webapp-Samesite-None-Activated-N
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
Cache-Tag
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Expires
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
Fastcgi-Cache
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
NR-ENABLED
X-Frontend
Powered
X-Hits
X-Correlation-Id
X-Hp-Webp
X-Ttl
Alternate-Protocol
X-FTR-Cache-Host
X-Kinsta-Cache
X-Fastcgi-Cache
X-Request-Processing-Time
X-Request-Received
ServerID
X-Content-Type
X-Aspnetmvc-Version
X-Microsite
X-HS-Combine-CSS
X-N
X-Request-Handler-Origin-Region
X-Webkit-Csp
Server-Name
X-Grace
X-Cache-Hit
X-RateLimit-Remaining
PB-PID
PB-RID
X-Rid
Arc-Version
X-Mobile-Rewrite
X-User-Agent
X-Node-Name
Healthy
X-Akamai-Edgescape
TP-L2-Cache
X-Analytics
Backend-Timing
X-Revision
TP-Cache
X-Forwarded-For
Accept-CH
X-Content-Security-Policy-Report-Only
Accept-CH-Lifetime
AMP-Access-Control-Allow-Source-Origin
X-Zen-Fury
X-Logged-In
Server-Node
X-LB-Cache
X-Mobile-URL
X-Pad
X-FastCGI-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Activity-Id
X-Varnish-Grace
X-Az
X-AppVersion
X-Cached-By
X-B3-Sampled
X-NWS-LOG-UUID
X-GUploader-UploadID
Cache-Status
X-Oneagent-Js-Injection
X-Content-Options
Refresh
X-IPLB-Instance
Upgrade-Insecure-Requests
X-F-Cache
Retry-After
X-Geo-Country
X-Type
X-Srv
X-Ruxit-Js-Agent
Paypal-Debug-Id
X-App-Environment
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Varnish-Backend
FilterID
DC
X-Cache-2
X-Instance
X-Framework
X-PHP-Backend
X-Request-Guid
AR-ATIME
AR-CACHE
AR-PoweredBy
Source
X-WebKit-CSP-Report-Only
X-Debug-Info
Actual-Object-TTL
X-Page-Id
Access-Control-Allow-Method
X-Cluster
X-FB-Debug
Accept-Charset
Host
X-Jobs
X-AOL-HN
X-Erf-Bev-Bev-Is-Generated
X-Cache-Key
X-Erf-Bev-Bev
X-B
X-ATG-Version
Cache
X-Cache-Age
X-TT
Fastcgi-Useragent
X-Seen-By
MS-CV
X-Git-Hash
Ar-Sid
X-Via-JSL
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
X-Cache-TTL
VIX-Pulpo-Node
X-Amz-Replication-Status
X-Signature
X-Whom
Host-Header
X-B-Cache
X-Cache-Control
X-PressLabs-Stats
X-Wix-Request-Id
X-Daa-Tunnel
X-Origin-Server
X-UA
X-Cache-Enabled
Surrogate-Key
NGB
X-Response-Served-From
X-Mobile
X-RequestSource
X-Host-Name
X-Tumblr-Pixel-2
Cache-Tv-Group
X-Tumblr-Pixel-1
X-FW-Type
Filters
Payment
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Hash
X-Handled-By
X-GeoIP
WPE-Backend
X-EdgeConnect-Cache-Status
Cleartype
X-Hyper-Cache
Eomportal-Instance
X-TA-CDN-Provider
AR-Request-ID
X-Cacheable-TTL
X-Region
X-ATS-Timestamp
X-TX-ID
Frame-Options
X-Adobe-Content
X-Adobe-Loc
X-Drupal-Cache-Tags
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Webserver
X-Cache-Action
X-Cache-NE
X-Cache-Rule
X-Hostname
X-Cache-Operation
X-Litespeed-Cache
X-SERVER
Xserver
X-NewRelic-App-Data
X-Load-Cache
From-Origin
Datacenter
X-Esi
X-Akamai-Transformed
X-ProcessESI
X-RemovedCookies
X-UA-Device-Type
X-Edge-Location
X-RTag
Ms-Operation-Id
Liferay-Portal
X-Cache-TTL-Remaining
X-Forwarded-Host
X-Cache-Server
X-Oss-Server-Time
X-Oss-Request-Id
X-Yottaa-Optimizations
X-Varnish-Server
X-Yottaa-Metrics
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Rule
X-Status
X-Varnish-Hostname
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-XRDS-LOCATION
X-App-Server
X-Contextid
Country
Odigeo-Trace-Id
X-VCache
X-Tec-Api-Version
X-Tec-Api-Root
X-UUID
X-Upgrade-Enabled
X-Tec-Api-Origin
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
Meta-Geo
X-Path-Route
X-RN-RSRV
Load-Balancing
X-TT-TIMESTAMP
X-BCube-Filmed-By
DSUID
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
X-Rocket-Nginx-Bypass
Release
X-Origin-Hint
Mn-Server-Ip
Property-Id
TWC-Privacy
TWC-GeoIP-LatLong
Webcakes-App-Name
X-CCM
X-From
X-R9-Blue-Green-Version
X-VCT
Webcakes-App-Version
Webcakes-Region
X-Proto
X-Origin-Response-Time
Cache-Name
X-PCL
Azure-Version
Cache-Tags
Azure-RegionName
Azure-SiteName
Azure-InstanceId
S-Rt
X-Cache-Config
X-Akamai-Request-ID
X-FW-Dynamic
X-Debug-Cache
X-Drupal-Cache-Contexts
X-Human
Selected-Fe
Fastly-SSL
L5d-Success-Class
X-IP
X-Proxy
X-OCL
Azure-SlotName
X-Timing-Wait
X-Real-IP
X-Pubstack
X-FC-Vary-Parameters
X-Vgn-Hpd-Reason
X-Proxy-Build
X-Redis-Cache
X-Soup
Ec-Rule-Version
X-Access
X-Hosted-By
X-Viewer-Country
X-Web-Node
X-Locale
DB-Nickname
NGX
X-Xfnlog-Site
X-EIG-Tracking-Id
Viewport
X-Www-Served-By
X-Loop
X-Site-Version
X-Backend-Name
Tracecode
X-Time
X-Via-Fastly
X-Format
X-Akamai-Request-ID2
X-Section
X-TNCMS
X-Varnish-Cache-Hits
Origin-Edge-Control
Origin-Cache-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NWS-UUID-VERIFY
Uber-Trace-Id
S-Cnection
X-Content-Age
X-Cache-Host
X-Origin
Decoy-Debug-TTL
Decoy-Debug-Key
X-Cache-Time
Server-Info
X-FireWall-Port
Decoy-Debug-Status
X-ServerID
X-Rendered-As
X-ProxyCache-Status
X-Accel-Buffering
X-Is-Bot
X-Cluster-Name
X-ProxyCache-Key
X-BYPASS-REASON
X-Labrador-Cache-Channel
X-Time-Microsecs
X-Generated-By
X-Generated
X-Cache-Backend
X-ApacheServer
X-PERF
X-JoinUs
X-Info
X-Presslabs-Stats
Version
X-Storage
X-Varnish-Hits
X-Amzn-Remapped-Content-Length
X-PHP-Host
X-Origin-CC
X-Origin-TTL
Akamai-GRN
Rt-Fastcgi-Cache
X-B3-Traceid
X-CF-Powered-By
GEO-INFO
X-WA-Info
X-Geo
X-URL
X-Nginx-Cache-Key
Cteonnt-Length
Time
Cache-Key
X-SaId
X-MServer
X-No-Session
X-Environment-Context
X-L-Path
X-Unique-Id
X-App-Version
X-Guploader-Uploadid
X-Backend-TTL
X-APP-VERSION
Origin
X-Cache-Remote
X-GoCache-CacheStatus
Access-Control-Request-Headers
Accept-Language
X-FB-TRIP-ID
X-Tb
X-RateLimit-Limit
X-CDN-Forward
X-NCache
Vix-Hermes-Req-Id
X-SayCDN-TTL
Cache-Hits
X-Say-TTL
X-Say-Cacheable
X-EC-Lua
X-Hit
X-Trace-Id
X-Device-Type
X-SS-Set-Cookie
Srv
X-Alternate-Cache-Key
X-TIME
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Shopify-Generated-Cart-Token
X-Tumblr-Pixel-3
X-Shopify-Stage
X-Dc
X-RCS-CacheZone
X-OVcl-Cache
X-Source
X-OVcl
X-CS
X-B3-SpanId
X-S
X-Cluster-Node
X-A-Dgt
X-CF-Lambda-Version
X-Vtex-Processado-Em
Machine
X-Svr
X-A-Dcw
X-Vtex-Remote-Cache
User-Cache-Control
X-Region-Sid
Xc-Version
X-D
X-A-Wwc
IsBot
X-Accel-Expires-Debug
NtCoent-Length
X-Aed
X-Processor
X-Date
X-Connection-Hash
X-CF-Lambda-Fn
X-ARC
X-Twitter-Response-Tags
X-Application
BehaviorPad-Version
X-Server-Time
X-Transaction
Content-Script-Type
X-Trv-Group
Cross-Origin-Window-Policy
X-B-Cookie
Content-Style-Type
AsisCache
Arc-Country
X-Vdms-Version
X-Magnolia-Registration
Fastcgi-X-Cache-Version
X-VG-WebCache
X-AIR-PT
X-ScT
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-VG-WebServer
X-A-Dam
X-Request-UUID
X-Hl-Ver
VivaBuild
X-CACHE-KEY
X-G
X-Rewrite-Enabled
X-External-Request-Id
X-Parent-Response-Time
Node
Rendered-Blocks
Request-Country
Rt-Proxy-Cache
Server-Host
T-Server
X-Service
X-PAYTM-SRV-ID
Request-EU
X-Session-Fingerprint
Viewtype
X-SRCache-Key
X-SIPLIST1
Mobile-Detection-Method
X-S-Cookie
X-DPWN-IS-SECURE
Meta-Geo-Continent
X-A
X-Destination
MD5-Digest
X-Detected-As
X-Rojux
X-A-Ccd
X-Endurance-Cache-Level
ServedBy
X-CSRF-TOKEN
ServerName
X-Location
Thinkindot-CacheControl-Type
X-Webstats-RespID
X-Cache-Bucket
X-Level-Front-Cache
X-Dispatch
Server-Int
X-Instart-Isnd
X-IN-APIGATEWAYSSL
Thinkindot-Control
OT-Force-Account-Verify
Wxu-Next-Region
Served-By
X-Reboot
X-Upstream-Ct
Mime-Version
X-Core-Value
X-CUA
X-Via-NSCOPI
X-Upstream-Ht
Thinkindot-CacheControl
X-Matched-Rule
X-Thinkindot-L3
Wxu-Next-Commit
X-Ah-Environment
Wxu-Next-Hostname
X-Generated-On
X-IN-APIGATEWAY
Now
X-Cache-Grace
X-Agile-Age
X-Agile
Web-Mar-Node
W
X-Auto-Login
X-Agile-Id
X-Azure-Ref
X-App-Name
X-Proxy-Cache-Status
X-Has-Esi
X-Geo-Header
X-Hash
X-Hnp-Log
X-Reqid
X-Generation-Time
X-Gen-Mode
X-Rocket-Build-Number
X-Eu-Site
X-Fastly-Cache
X-FW-Version
X-Irp-Debug
X-Is-Gdpr
X-Method
X-Release
X-Ms-Request-Id
X-Ms-Version
X-Logging-Id
X-RateLimit-Limit-Second
X-Planisys-CDN-TTL
X-JWT-State
X-Key
X-NX-Host
X-Distil-CS
X-Scheme
X-Cache-Info
X-C
X-Cache-URL
X-Cdn-Srv
X-CGP
X-Block-Status
X-Bip
X-B3-Parentspanid
X-Server-IP
X-Backend-State
X-BBXSRF
X-Clientip
X-Planisys-CDN-Cache
X-Debug-Cookies
X-Debug-Log
X-Qloud-Router
X-Developers
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Planisys-CDN-Rules
X-Compress-Hint
X-Proxy-Upstream
X-Debug-Cache-Expiry
X-Azure-Ref-OriginShield
X-TrackingId
HA-Ipaddr
Ha-Gx-Prefs
X-SVT-ORM-RULES
Heartbleed
IBM-Web2-Location
L
X-Wikidot-Static-Cache
Gh-Request-Id
X-User
X-RateLimit-Remaining-Second
Fastly-Soc-X-Request-Id
Esi-Enabled
Content-Disposition
X-Thanos
X-SVT-ORM-VERSION
X-Wikidot-Backend
AKAMAI
Magicmarker
X-VG-TLSProxy
Pramga
X-Sigma
Proxy-Connection
X-VServer
Section-Io-Cache
X-Up
X-Sigma-Backend
X-ND-Cache
X-Sucuri-Cache
Memcached
CDCHOST
X-We-Are-Hiring
X-Skip-Cache
X-VC-Cache
Countrycode
X-Uri
Cache-Provider
X-SRV
X-WADP-Cache
X-Cms-Context
X-Core-Mission
X-Generated-In
X-NC
X-S-Maxage
X-Origin-Date
X-Origin-Expires
X-Policy
X-Internal-Host
X-GeoIP-City
X-Varnish-Beresp-Ttl
X-Dispatcher-Server
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Clara-WADP
Mail-Subject
We-Hiring
RNT-Time
Kp-EeAlive
X-Swa-Ws
Cache-Host
X-Cache-Debug
PFcat
RNT-Machine
X-Nc
X-Via-CDN
X-B3-Spanid
X-MSEdge-Flight
Locale
X-Li-Fabric
X-Li-Pop
Cdnsip
X-AK-Request-ID
X-MSEdge-Features
X-Platform-Server
X-SD-PageType
X-Trafficlayer-App-Version
X-Variation
X-WebServer
X-ServiceProvider
X-Request-URI
X-Old-Content-Length
X-Owner
X-Request-Start
X-LI-UUID
X-Epic-Correlation-Id
Platform
Server-ID
Is-Eu
Adler-Geo
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Amz-Meta-Cache-Control
SD-X-WS
X-Cache-FS-Status
X-NodeID
Cdncip
X-Distributor
X-Cache-Id
Powered-By-ChinaCache
X-LI-Proto
X-Servername
True-Client-Country-4JS
CF-IPCountry
Hostname
X-Lb-Id
V-Age
GEO-REGION-INFO
X-Served-From
X-Be
X-Newrelic-Synthetics
X-Cdn-Forward
X-GRACE
X-UnsetCookies
Environment
X-HTML-Minification-Powered-By
X-Req
X-Refresh
X-FPC
Locid
FNAC-ModuleRouting
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
X-Sucuri-Id
X-Gamma-Serve
X-Sucuri-ID
X-Zone
X-Render-Time
A
X-IPS-LoggedIn
X-Developer
X-Nginx-Cache
X-VHOST
X-Servedbyhost
X-Tb-Optimization-Total-Bytes-Saved
X-NU-AKA-ACS-Version
X-Sn-Servicetimems
X-Cdn-Origin
X-Microcachable
Geo-Info
X-Device-Os
Tcn
X-Mode
X-Edge-O15-RID
X-Webkit-CSP
X-MP-GENERATED-AT
X-GeoIP-Country-Code
X-Node-Id
ProcessTime
X-Pf-Uncompressing
X-Ratelimit-Remaining
Memory
Request-Time
X-FORWARDED-FOR
X-Pjax-Url
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-Routing-Service
X-Proxied
XServer
X-Zipkin-Id
Gannett-Cam-Experience-Id
GeoIp-Country-Code
Geoip-Latitude
X-COUNTRY
X-Correlation-ID
X-DC
TTL
Amp-Access-Control-Allow-Source-Origin
Resin-Trace
PICS-Label
X-VCL-Version
X-CSRF-Token
CF-Cached-On
Pics-Label
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Pod
Cache-Cookie-Set-From
Cf-Ipcountry
MIME-Version
M-TraceId
Group
X-ECACHE
X-Bc
X-ZONE
X-ElasticPress-Search
X-Via-Edge
HostName
Geoip-City
X-Instart-Info
X-Via-SSL
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
X-Request-Time
X-Unique-ID
X-Ratelimit-Limit
X-Backend-Url
X-Var-Ttl
X-Backend-Host
X-NODE
X-Vcl-Version
Host-ID
Cdn
X-NGINX-Cache
X-Swift-Error
X-CLOUD-TRACE-CONTEXT
X-Cdn-Request-ID
Ohc-File-Size
Backend-Name
X-APP
X-BC
Ohc-Cache-HIT
Ttl
X-NGENIX-Cache
X-PJAX-URL
X-PF-Uncompressing
Pagetype
X-TH-Server
URI
HitType
REQUESTUUID
X-Check-Cacheable
Lfy
X-UPSTREAM-Address
N-Cache
Fly-Cache
Fly-Request-Id
X-Fstrz
Powered-By
Cache-Prefix
X-Worker
X-Fastly-Country-Code
User-Agent
X-Via-Ucdn
X-Tt-Trace-Tag
On-Server
X-HostName
X-Aicache-OS
X-Sedo-Request-Id
Media-Length
AR-SID
X-Cache-Miss-From
X-ServedByHost
X-WR-MODIFICATION
X-Cache-Tag
Pragrma
CDN
X-LiteSpeed-Cache-Control
SRV
FSS-Proxy
X-Tt-Trace-Host
FSS-Cache
X-HS-Status
X-Fetched-On
X-WA
Who
X-GEO
X-Hp-Ccpa-Warning
X-Server-W
Processtime
X-Rebelmouse-Surrogate-Control
X-BE
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Wa
Fastly-SIE
UCS
X-Upstream-HT
X-NYM-Debug-Backend
X-Upstream-CT
X-Varnish-URL
X-Dynatrace-Js-Agent
X-LAGOON
X-Cache-Tags
X-LB-ID
X-Varnish-Cacheable
X-Fpc
X-Cf-Powered-By
X-Fastly-Backend-Reqs
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-ASPX
Server-Cache-Control
X-TT-LOGID
X-Store
X-ServerName
Server-Surrogate-Control
Debug
DataCenter
X-Ftr-Cache-Host
X-Ua
Fastly-Backend-Name
X-Varnish-Beresp-TTL
X-GDPR
X-Protected-By
X-Apw-Access-Token
X-Akamai-ERPolicy
X-Apw-Access-Action
Location
X-Apw-Hits
Server-Id
X-Akamai-ERRuleID
X-Apw-Access-Object
X-VC
Country-Code
X-SB
WP-Super-Cache
Xet-Cookie
XxX-Cache-Status
X-Li-Proto
Thinkindot-Cache-Type
X-Dw-Trace-Id
SID
X-Gen-Id
X-Request-Url
Application
X-Fastly-Cache-Hits
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Cdn-Request-Time
Cneonction
X-SN
Product
Cdn-Host
NnCoection
X-Nananana
X-Edge-Server