Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
Access-Control-Max-Age
Keep-Alive
X-Kinja-Server-Push
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-AH-Environment
X-Cache-Group
X-Age
X-Pass-Why
X-Backend
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Rq
X-Server-Id
Report-To
EagleEye-TraceId
X-Ac
X-Response-Time
X-OneAgent-JS-Injection
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
X-Node
Content-Location
X-Origin-Cache
X-Cloud-Trace-Context
X-Ws-Request-Id
X-Readtime
X-Cache-Lookup
NEL
X-Dns-Prefetch-Control
X-Cdn
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-HW
Allow
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
Surrogate-Control
X-DynaTrace
Rating
X-Country
X-FTR-Request-ID
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Country-Code
X-Akam-SW-Version
X-Goog-Hash
Pinterest-Generated-By
X-Instart-Request-ID
X-Varnish-TTL
X-Ruxit-JS-Agent
X-PC
X-Vname
X-TtlSet
Edge-Control
X-MS-InvokeApp
X-Mod-Pagespeed
X-B3-TraceId
X-Url
SPRequestGuid
Verso
X-Powered-By-Plesk
X-D2id
X-Sol
Pagespeed
Response
X-Trace
X-SharePointHealthScore
X-Middleton-Response
X-Middleton-Display
Display
X-VARITI-CCR
Service-Worker-Allowed
X-Server-Name
RTSS
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-GitHub-Request-Id
X-ESI
Accept-Ch
Content-MD5
SPIisLatency
SPRequestDuration
X-Navigation-Version
X-Vcache
X-TTL
X-Powered-CMS
X-Abt-Application-Version
X-Debug
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
Charset
X-Upstream
X-Forwarded-Proto
X-Cached
Public-Key-Pins
MS-Author-Via
X-CST
X-NF-Request-ID
DynaTrace
X-Amz-Rid
X-Server-ID
X-Version
Realpath
Edge-Cache-Tag
Accept-Ch-Lifetime
X-Px
MicrosoftSharePointTeamServices
X-Shard
TCN
Arr-Disable-Session-Affinity
X-Ezoic-Cdn
X-XRDS-Location
X-MSEdge-Ref
X-Pinterest-Rid
X-Shield-Request-Id
Pinterest-Version
Fastly-Restarts
Access-Control-Request-Method
X-Ser
X-SRCache-Store-Status
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-SRCache-Fetch-Status
X-Fastly-Request-ID
S
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-DynaTrace-JS-Agent
X-Accel-Expires
X-DIS-Request-ID
X-Recruiting
Front-End-Https
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Client-IP
X-Amz-Meta-S3cmd-Attrs
Nginx-Cache
X-T
X-Id
X-Varnish-Age
X-Goog-Storage-Class
X-Element-Page-Cache
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-Amzn-Trace-Id
X-FTR-Expires
Cache-Tag
X-Dw-Request-Base-Id
X-Ttl
X-Webapp-Samesite-None-Activated-N
Fastcgi-Cache
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Content-Digest
NR-ENABLED
X-Frontend
X-Hits
Powered
X-Fastcgi-Cache
X-Correlation-Id
X-Kinsta-Cache
X-Hp-Webp
Alternate-Protocol
X-RateLimit-Remaining
X-FTR-Cache-Host
Accept-CH
Accept-CH-Lifetime
X-Request-Received
X-Request-Processing-Time
ServerID
X-Cache-Hit
Server-Name
X-Aspnetmvc-Version
X-Grace
X-N
X-Microsite
X-HS-Combine-CSS
X-Request-Handler-Origin-Region
X-Node-Name
PB-RID
PB-PID
X-Webkit-Csp
Arc-Version
X-Content-Type
TP-L2-Cache
X-Mobile-Rewrite
TP-Cache
AMP-Access-Control-Allow-Source-Origin
X-Rid
X-User-Agent
Healthy
X-Analytics
Backend-Timing
X-Zen-Fury
X-Revision
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-Logged-In
Server-Node
X-Pad
X-Forwarded-For
X-LB-Cache
X-Az
X-Amz-Apigw-Id
X-Amzn-RequestId
X-AppVersion
X-Activity-Id
X-Mobile-URL
Cache-Status
X-Cached-By
X-Varnish-Grace
X-GUploader-UploadID
AR-PoweredBy
AR-ATIME
AR-CACHE
X-IPLB-Instance
X-NWS-LOG-UUID
X-FastCGI-Cache
X-B3-Sampled
X-Oneagent-Js-Injection
Retry-After
X-Type
X-Content-Options
Refresh
X-F-Cache
X-Geo-Country
Upgrade-Insecure-Requests
Paypal-Debug-Id
X-Litespeed-Cache
X-Ruxit-Js-Agent
X-App-Environment
Ar-Sid
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Debug-Info
DC
X-Varnish-Backend
X-PHP-Backend
X-Request-Guid
Source
X-Framework
Host
X-B
X-Page-Id
X-Jobs
X-FB-Debug
Access-Control-Allow-Method
X-AOL-HN
Actual-Object-TTL
Accept-Charset
FilterID
X-Cluster
X-Via-JSL
X-WebKit-CSP-Report-Only
X-Srv
X-Cache-Age
X-Seen-By
X-ATG-Version
X-Cache-2
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-TT
Fastcgi-Useragent
X-Cache-Key
MS-CV
X-Git-Hash
Cache
X-Content-Powered-By
X-Cache-TTL
X-Whom
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-PressLabs-Stats
AR-Request-ID
X-Amz-Replication-Status
X-UA
X-Cache-Control
X-Signature
X-B-Cache
X-Wix-Request-Id
Host-Header
Surrogate-Key
X-Host-Name
X-Esi
NGB
X-Response-Served-From
X-Daa-Tunnel
X-TA-CDN-Provider
X-Cache-Enabled
X-Origin-Server
X-RequestSource
Frame-Options
WPE-Backend
X-FW-Type
Cache-Tv-Group
X-FW-Server
X-Mobile
X-FW-Static
X-FW-Serve
X-FW-Hash
X-EdgeConnect-Cache-Status
X-GeoIP
X-Handled-By
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-TX-ID
Filters
X-Cacheable-TTL
X-Region
X-Drupal-Cache-Tags
Eomportal-Instance
X-Cache-Action
X-Cache-Rule
X-Cache-Operation
Payment
X-Hyper-Cache
X-Kong-Proxy-Latency
Cleartype
X-Cache-NE
X-Kong-Upstream-Latency
X-Adobe-Content
X-Adobe-Loc
Webserver
Xserver
From-Origin
X-SERVER
X-Hostname
X-UA-Device-Type
X-RemovedCookies
X-ProcessESI
X-Akamai-Transformed
X-Load-Cache
X-Forwarded-Host
Datacenter
Ms-Operation-Id
X-NewRelic-App-Data
X-RTag
X-Cache-TTL-Remaining
X-Edge-Location
X-ATS-Timestamp
X-Time
X-Cache-Server
Liferay-Portal
X-App-Server
X-Status
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Contextid
X-Varnish-Hostname
X-Varnish-Server
Tracecode
X-Rule
Country
X-TT-TIMESTAMP
X-BCube-Filmed-By
Odigeo-Trace-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-URL
X-Oss-Object-Type
X-Oss-Request-Id
X-RN-RSRV
Meta-Geo
X-Cache-Var
X-Path-Route
X-Upgrade-Enabled
Load-Balancing
X-Cache-Var-Map
X-ES-SERVER
X-ORACLE-APMCS-REQUEST-ID
X-UUID
X-Xfnlog-Site
X-Debug-Cache
X-Viewer-Country
X-ORACLE-APMCS-TAG
Mn-Server-Ip
DB-Nickname
X-VCT
X-R9-Blue-Green-Version
X-Via-Fastly
Cache-Tags
X-CCM
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
DSUID
Property-Id
X-PCL
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
TWC-Device-Class
Webcakes-App-Name
Release
TWC-Connection-Speed
X-OCL
X-FW-Dynamic
X-Pubstack
Azure-SlotName
X-Human
X-Origin
Azure-Version
X-Rocket-Nginx-Bypass
Azure-SiteName
X-Cache-Host
X-Cache-Time
Azure-InstanceId
Cache-Name
Azure-RegionName
X-Origin-Response-Time
X-Akamai-Request-ID
X-IP
X-Labrador-Cache-Channel
X-Drupal-Cache-Contexts
X-Web-Node
NGX
X-EIG-Tracking-Id
X-Varnish-Cache-Hits
X-Akamai-Request-ID2
Fastly-SSL
X-From
X-Soup
X-Cache-Config
S-Rt
X-Redis-Cache
Server-Info
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
X-Site-Version
X-TNCMS
Ec-Rule-Version
X-Section
X-FC-Vary-Parameters
X-Format
S-Cnection
X-Hosted-By
Origin-Edge-Control
X-Locale
X-Real-IP
L5d-Success-Class
X-Access
X-Www-Served-By
X-ApacheServer
X-Proxy
X-Proto
X-Rendered-As
Origin-Cache-Control
X-Loop
X-NWS-UUID-VERIFY
X-PERF
Viewport
X-Time-Microsecs
Version
X-FireWall-Port
X-Content-Age
X-Is-Bot
X-ServerID
X-Varnish-Hits
X-Goog-Meta-Goog-Reserved-File-Mtime
Selected-Fe
X-Vgn-Hpd-Reason
X-Proxy-Build
X-Timing-Wait
Uber-Trace-Id
X-XRDS-LOCATION
X-Cluster-Name
X-Info
X-Generated
X-Backend-Name
X-Storage
X-VCache
X-JoinUs
X-RateLimit-Limit
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
X-Cache-Backend
X-Generated-By
X-Origin-TTL
X-Origin-CC
X-Accel-Buffering
X-PHP-Host
X-B3-Traceid
Rt-Fastcgi-Cache
X-Amzn-Remapped-Content-Length
X-App-Version
Akamai-GRN
Cteonnt-Length
Time
Cache-Key
X-WA-Info
X-Nginx-Cache-Key
X-Presslabs-Stats
Origin
X-GoCache-CacheStatus
Cache-Hits
X-No-Session
GEO-INFO
X-SaId
X-Geo
X-Tec-Api-Root
X-Tec-Api-Origin
Vix-Hermes-Req-Id
X-Tec-Api-Version
X-NCache
X-L-Path
X-SS-Set-Cookie
X-CF-Powered-By
X-Environment-Context
X-Cache-Remote
X-Guploader-Uploadid
X-MServer
X-Trace-Id
X-Unique-Id
X-Backend-TTL
Accept-Language
X-FB-TRIP-ID
X-Hit
X-CDN-Forward
X-Tb
X-APP-VERSION
Access-Control-Request-Headers
Srv
X-CACHE-KEY
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-Device-Type
X-B3-SpanId
X-Tumblr-Pixel-3
X-CS
X-CSRF-TOKEN
X-OVcl
X-OVcl-Cache
X-Cache-Grace
X-S
User-Cache-Control
X-SRV
ServedBy
X-Cluster-Node
X-Shopify-Generated-Cart-Token
X-ShardId
X-ShopId
X-Alternate-Cache-Key
X-EC-Lua
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Arc-Country
BehaviorPad-Version
Cross-Origin-Window-Policy
Content-Script-Type
Fastcgi-X-Cache-Version
AsisCache
IsBot
Mobile-Detection-Method
Node
Rendered-Blocks
Content-Style-Type
Meta-Geo-Continent
Machine
MD5-Digest
Apple-News-Services-Handled
X-Aed
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-ScT
X-Server-Time
X-Request-UUID
X-Region-Sid
X-G
X-Hl-Ver
X-PAYTM-SRV-ID
X-Processor
X-Service
X-Session-Fingerprint
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-SIPLIST1
X-SRCache-Key
X-Svr
X-Transaction
X-External-Request-Id
X-DPWN-IS-SECURE
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
VivaBuild
Viewtype
Request-EU
Rt-Proxy-Cache
Server-Host
T-Server
X-A-Wwc
X-AIR-PT
X-D
X-Date
X-Destination
X-Detected-As
X-Connection-Hash
X-CF-Lambda-Version
X-Application
X-ARC
X-B-Cookie
X-CF-Lambda-Fn
Request-Country
X-Accel-Expires-Debug
NtCoent-Length
ServerName
OT-Force-Account-Verify
X-Parent-Response-Time
X-Endurance-Cache-Level
X-Uri
X-Thinkindot-L3
Web-Mar-Node
Wxu-Next-Commit
Thinkindot-Control
Wxu-Next-Hostname
Wxu-Next-Region
Thinkindot-CacheControl
X-Ah-Environment
X-WADP-Cache
X-Webstats-RespID
RNT-Time
Served-By
X-Request-URI
Server-Int
Thinkindot-CacheControl-Type
X-Reboot
X-Dispatch
X-Level-Front-Cache
X-CUA
X-Core-Value
X-Dispatcher-Server
X-Instart-Isnd
X-Gen-Mode
X-Generated-On
X-Hnp-Log
X-Cms-Context
X-Clara-WADP
X-Ms-Request-Id
X-Ms-Version
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Block-Status
X-Cache-Bucket
X-Location
X-Matched-Rule
X-Cache-Info
Mime-Version
RNT-Machine
We-Hiring
Mail-Subject
CDCHOST
X-Vdms-Version
Cache-Host
Proxy-Connection
X-Via-CDN
X-Dc
X-RCS-CacheZone
X-B3-Parentspanid
X-FW-Version
X-Agile
X-Server-IP
X-NC
X-Scheme
X-Magnolia-Registration
X-S-Maxage
X-Reqid
X-IN-APIGATEWAYSSL
X-SVT-ORM-VERSION
X-Swa-Ws
True-Client-Country-4JS
X-IN-APIGATEWAY
X-SVT-ORM-RULES
W
X-Sucuri-Cache
AKAMAI
X-Agile-Age
X-Skip-Cache
X-Qloud-Router
X-Proxy-Upstream
X-Compress-Hint
X-Proxy-Cache-Status
X-Cdn-Srv
X-Logging-Id
X-JWT-State
X-Is-Gdpr
X-Generation-Time
X-Geo-Header
X-Has-Esi
X-Developers
X-Cache-URL
X-Cache-Id
X-App-Name
X-Hash
X-NX-Host
X-Release
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Method
X-C
X-BBXSRF
X-Backend-State
X-Agile-Id
Adler-Geo
X-Varnish-Beresp-Status
Fastly-Soc-X-Request-Id
Magicmarker
Memcached
X-Varnish-Beresp-Grace
X-VServer
X-Source
X-Debug-Cookies
X-Varnish-Beresp-Ttl
X-Cache-Debug
IBM-Web2-Location
Now
Heartbleed
Is-Eu
Kp-EeAlive
X-Wikidot-Backend
X-Wikidot-Static-Cache
L
X-Debug-Log
X-We-Are-Hiring
X-User
Section-Io-Cache
Esi-Enabled
X-Variation
X-Fastly-Cache
Platform
Content-Disposition
X-VC-Cache
Pramga
X-VG-TLSProxy
X-Up
Cache-Provider
X-Li-Pop
X-Debug-Cache-Expiry
X-Via-NSCOPI
X-Bip
X-Auto-Login
PFcat
X-LI-UUID
X-Li-Fabric
X-TrackingId
HA-Ipaddr
X-Thanos
X-Internal-Host
X-Clientip
X-WebServer
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-CGP
X-Core-Mission
X-MSEdge-Features
X-ServiceProvider
X-Distil-CS
X-SD-PageType
X-Key
X-Origin-Date
X-Irp-Debug
X-Debug-Cache-Fetch
X-Generated-In
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Eu-Site
X-Origin-Expires
X-Platform-Server
Gh-Request-Id
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Policy
Countrycode
X-GeoIP-City
X-Owner
X-NodeID
X-Debug-Cache-Store
X-MSEdge-Flight
Ha-Gx-Prefs
X-Old-Content-Length
X-Amz-Meta-Cache-Control
X-Distributor
X-Epic-Correlation-Id
X-Cache-FS-Status
X-AK-Request-ID
SD-X-WS
X-Upstream-Ht
Locale
Cdnsip
X-Upstream-Ct
Cdncip
X-UnsetCookies
Hostname
X-Nc
X-LI-Proto
V-Age
X-Request-Start
X-ND-Cache
Powered-By-ChinaCache
X-Servername
CF-IPCountry
X-B3-Spanid
Server-ID
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
X-TIME
GEO-REGION-INFO
X-Trafficlayer-App-Version
X-Be
X-Cdn-Forward
X-COUNTRY
X-Sucuri-Id
X-GRACE
Environment
X-Lb-Id
X-Developer
Locid
X-FPC
X-Req
A
X-Nginx-Cache
X-Cdn-Origin
FNAC-ModuleRouting
X-Sn-Servicetimems
X-Served-From
X-Servedbyhost
Geo-Info
X-Device-Os
X-Newrelic-Synthetics
X-Zone
X-VHOST
X-HTML-Minification-Powered-By
X-Refresh
X-Gamma-Serve
X-Node-Id
X-Microcachable
X-FORWARDED-FOR
Tcn
X-Sucuri-ID
ProcessTime
X-Webkit-CSP
Memory
X-Render-Time
X-IPS-LoggedIn
X-Tb-Optimization-Total-Bytes-Saved
Request-Time
X-VWS-Id
X-Pjax-Url
X-VCL-Version
X-LJ-Flow-ID
X-AWS-Id
X-NU-AKA-ACS-Version
XServer
Resin-Trace
X-DC
X-Pf-Uncompressing
X-GeoIP-Country-Code
X-MP-GENERATED-AT
X-Mode
Gannett-Cam-Experience-Id
X-Correlation-ID
X-Edge-O15-RID
CF-Cached-On
X-Ratelimit-Remaining
Pics-Label
Geoip-City
Amp-Access-Control-Allow-Source-Origin
X-Instart-Info
MIME-Version
GeoIp-Country-Code
Geoip-Latitude
X-ElasticPress-Search
Group
X-ECACHE
X-Backend-Host
PICS-Label
Cf-Ipcountry
TTL
X-Var-Ttl
Ttl
GeoIP-Country-Code
X-Backend-Url
GeoIP-Latitude
X-Bc
X-Pod
X-NGENIX-Cache
X-Zipkin-Id
X-Routing-Service
X-Proxied
GeoIP-City
Host-ID
X-Via-Edge
X-Dynatrace-Js-Agent
Backend-Name
Cdn
X-Via-SSL
X-APP
X-CSRF-Token
X-ZONE
X-Unique-ID
M-TraceId
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
HostName
Lfy
Cache-Cookie-Set-Idcheck
N-Cache
Pagetype
REQUESTUUID
Ohc-Cache-HIT
Ohc-File-Size
X-CLOUD-TRACE-CONTEXT
X-Fstrz
Fly-Cache
X-Vcl-Version
Fly-Request-Id
Cache-Prefix
X-PF-Uncompressing
X-Check-Cacheable
X-BC
X-Cdn-Request-ID
HitType
X-GEO
X-Via-Ucdn
X-PJAX-URL
X-Worker
X-Request-Time
X-Ratelimit-Limit
X-Swift-Error
X-TH-Server
X-Fastly-Country-Code
X-Cache-Miss-From
X-Sedo-Request-Id
X-NGINX-Cache
X-Tt-Trace-Tag
Pragrma
X-UPSTREAM-Address
X-HS-Status
X-Fetched-On
X-Aicache-OS
X-Server-W
User-Agent
On-Server
URI
X-HostName
X-Upstream-CT
X-LiteSpeed-Cache-Control
X-Upstream-HT
Powered-By
X-Rebelmouse-Cache-Control
X-ServedByHost
X-Rebelmouse-Surrogate-Control
CDN
Fastly-SWR
X-Cache-Tag
X-Wa
X-WR-MODIFICATION
Fastly-SIE
SRV
Who
X-WA
Media-Length
AR-SID
X-BE
X-TT-LOGID
X-Tt-Trace-Host
X-Fpc
X-Varnish-URL
FSS-Cache
X-LB-ID
X-LAGOON
X-Fastly-Backend-Reqs
X-Varnish-Cacheable
FSS-Proxy
X-GDPR
X-Cf-Powered-By
DataCenter
Cdn-Request-Time
Server-Id
X-ServerName
Cdn-Host
Debug
CACHE
UCS
X-Edge-Server
X-Hp-Ccpa-Warning
X-RateLimit-Reset
X-Ua
X-Ftr-Cache-Host
Filterid
X-Varnish-Beresp-TTL
X-Flog
Is-Session-Tracking
X-Cache-Tags
SS
Get-Access-Time
X-SN
WP-Super-Cache
X-Gen-Id
X-ABtesting
X-Store
X-Hello
LB
X-Akamai-ERRuleID
X-Protected-By
X-Akamai-ERPolicy
Processtime
Country-Code
X-Nananana
Cneonction
NnCoection
XxX-Cache-Status
X-VC
Xet-Cookie
X-SB
X-Action
X-DI
X-DSS
X-DW
X-LiteSpeed-Tag
X-DB
Warning
X-Org
X-Response-By
SN
Requestid
X-RPM
X-RPS
SID
X-Fastly-Cache-Hits
Application
Product
X-Li-Proto
Thinkindot-Cache-Type
X-RSL
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Dw-Trace-Id
X-Request-Url