Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
X-FRAME-OPTIONS
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
X-CONTENT-TYPE-OPTIONS
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
X-XSS-PROTECTION
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Kinja-Server-Push
X-Turbo-Charged-By
X-Via
X-AH-Environment
X-Ua-Compatible
X-Age
X-Cache-Group
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-Rq
X-Server-Id
Report-To
EagleEye-TraceId
X-Ac
X-Response-Time
X-Host
X-OneAgent-JS-Injection
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
X-Node
Content-Location
X-Ws-Request-Id
X-Origin-Cache
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Cloud-Trace-Context
X-Readtime
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
X-Cdn
Allow
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
Surrogate-Control
X-DynaTrace
X-Country
Rating
X-FTR-Request-ID
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-Akam-SW-Version
X-Country-Code
X-Goog-Hash
Pinterest-Generated-By
X-Instart-Request-ID
X-Varnish-TTL
X-Vname
X-PC
X-TtlSet
Edge-Control
X-MS-InvokeApp
X-Mod-Pagespeed
X-Url
X-Ruxit-JS-Agent
SPRequestGuid
Verso
X-B3-TraceId
X-Powered-By-Plesk
X-D2id
X-Trace
X-ESI
Accept-Ch
X-SharePointHealthScore
X-Sol
X-Middleton-Response
Response
X-VARITI-CCR
Pagespeed
X-Middleton-Display
Display
Service-Worker-Allowed
X-GitHub-Request-Id
X-Server-Name
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Use-Magma
RTSS
Content-MD5
X-TTL
SPIisLatency
SPRequestDuration
X-Navigation-Version
X-Powered-CMS
X-Abt-Application-Version
X-Debug
X-Vcache
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
Charset
X-Vcap-Request-Id
X-Upstream
X-Cached
MS-Author-Via
Public-Key-Pins
X-CST
DynaTrace
Accept-Ch-Lifetime
X-NF-Request-ID
X-Amz-Rid
X-Version
Realpath
X-Px
Edge-Cache-Tag
MicrosoftSharePointTeamServices
X-Shard
TCN
Arr-Disable-Session-Affinity
X-Ezoic-Cdn
X-Server-ID
Access-Control-Request-Method
X-DynaTrace-JS-Agent
Pinterest-Version
X-Trafficlayer-App-Scope
X-Pinterest-Rid
X-Trafficlayer-App-Name
X-MSEdge-Ref
X-Shield-Request-Id
X-XRDS-Location
X-Ser
Fastly-Restarts
X-SRCache-Fetch-Status
S
X-SRCache-Store-Status
X-Fastly-Request-ID
X-Accel-Expires
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-DIS-Request-ID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Front-End-Https
X-Recruiting
X-Client-IP
X-Amz-Meta-S3cmd-Attrs
X-Id
Nginx-Cache
X-T
X-Goog-Storage-Class
X-Element-Page-Cache
X-Varnish-Age
MRF-Tech
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Expires
X-Amzn-Trace-Id
Cache-Tag
X-Dw-Request-Base-Id
X-Webapp-Samesite-None-Activated-N
Fastcgi-Cache
X-Fastcgi-Cache
X-HS-Cache-Config
X-HS-Hub-Id
X-Frontend
X-HS-Content-Id
X-Content-Digest
NR-ENABLED
Powered
X-Hits
X-Ttl
X-Kinsta-Cache
Alternate-Protocol
X-Hp-Webp
X-RateLimit-Remaining
X-Correlation-Id
X-Aspnetmvc-Version
X-Webkit-Csp
X-FTR-Cache-Host
X-Request-Processing-Time
ServerID
X-Request-Received
X-N
X-Cache-Hit
Server-Name
X-Request-Handler-Origin-Region
X-HS-Combine-CSS
X-Microsite
X-Content-Type
PB-PID
X-Node-Name
PB-RID
TP-Cache
TP-L2-Cache
X-Mobile-Rewrite
Arc-Version
Accept-CH
X-Rid
X-User-Agent
X-Grace
Accept-CH-Lifetime
Healthy
X-Revision
X-Akamai-Edgescape
X-Ruxit-Js-Agent
AMP-Access-Control-Allow-Source-Origin
X-Zen-Fury
Backend-Timing
X-Analytics
X-Content-Security-Policy-Report-Only
X-Forwarded-For
X-Logged-In
Server-Node
X-Pad
X-LB-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Az
X-AppVersion
X-Activity-Id
X-Mobile-URL
Cache-Status
X-Oneagent-Js-Injection
X-Cached-By
X-Varnish-Grace
X-NWS-LOG-UUID
X-IPLB-Instance
X-B3-Sampled
Retry-After
X-Type
Refresh
X-Content-Options
AR-PoweredBy
X-F-Cache
AR-ATIME
AR-CACHE
X-Geo-Country
X-GUploader-UploadID
Upgrade-Insecure-Requests
X-FastCGI-Cache
Paypal-Debug-Id
X-Srv
X-Varnish-Backend
X-Tumblr-User
X-Tumblr-Pixel-0
X-App-Environment
X-Tumblr-Pixel
Source
X-Instance
X-FB-Debug
DC
X-Debug-Info
X-PHP-Backend
X-Request-Guid
X-Page-Id
X-Jobs
X-Cluster
X-Framework
Host
Access-Control-Allow-Method
Accept-Charset
Actual-Object-TTL
X-B
X-WebKit-CSP-Report-Only
FilterID
X-AOL-HN
X-Cache-Age
Ar-Sid
X-ATG-Version
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Cache-2
X-Seen-By
X-Via-JSL
Cache
X-TT
Fastcgi-Useragent
MS-CV
X-PressLabs-Stats
X-Cache-Key
X-Git-Hash
X-Content-Powered-By
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-TTL
X-Whom
X-Amz-Replication-Status
X-UA
X-B-Cache
X-Signature
X-Cache-Control
Host-Header
X-Wix-Request-Id
AR-Request-ID
X-Host-Name
Surrogate-Key
X-Daa-Tunnel
X-Response-Served-From
NGB
X-Cache-Enabled
X-RequestSource
WPE-Backend
X-Origin-Server
X-Mobile
X-Tumblr-Pixel-2
Frame-Options
X-GeoIP
X-EdgeConnect-Cache-Status
X-Tumblr-Pixel-1
Cache-Tv-Group
X-FW-Hash
X-Drupal-Cache-Tags
X-Region
X-Handled-By
Cleartype
X-FW-Server
Eomportal-Instance
X-Hyper-Cache
Payment
X-FW-Serve
Filters
X-FW-Static
X-FW-Type
X-TX-ID
X-Cacheable-TTL
X-Cache-Action
X-Litespeed-Cache
Xserver
Webserver
X-Cache-Operation
X-Adobe-Content
X-Adobe-Loc
X-TA-CDN-Provider
X-Cache-NE
X-SERVER
X-Cache-Rule
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Esi
From-Origin
X-Hostname
X-Load-Cache
X-ProcessESI
X-Akamai-Transformed
X-UA-Device-Type
X-RemovedCookies
X-Forwarded-Host
Datacenter
X-ATS-Timestamp
X-NewRelic-App-Data
X-RTag
Ms-Operation-Id
X-Cache-TTL-Remaining
X-Edge-Location
Liferay-Portal
X-Cache-Server
X-Time
X-App-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Status
X-VCache
X-Varnish-Hostname
X-Contextid
X-Varnish-Server
X-Rule
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
Odigeo-Trace-Id
Country
X-TT-TIMESTAMP
Tracecode
X-BCube-Filmed-By
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Cache-Var
X-ES-SERVER
X-Upgrade-Enabled
X-Path-Route
X-RN-RSRV
Meta-Geo
X-Cache-Var-Map
Load-Balancing
X-Xfnlog-Site
X-Debug-Cache
DSUID
X-Viewer-Country
X-UUID
DB-Nickname
X-Pubstack
X-R9-Blue-Green-Version
X-Origin-Hint
Cache-Tags
TWC-Device-Class
X-Cache-Config
TWC-Connection-Speed
X-OCL
X-PCL
TWC-GeoIP-Country
TWC-Privacy
Mn-Server-Ip
X-Via-Fastly
Property-Id
X-VCT
Webcakes-App-Version
Release
X-CCM
X-Rocket-Nginx-Bypass
Webcakes-App-Name
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-Region
Azure-InstanceId
X-FC-Vary-Parameters
X-EIG-Tracking-Id
X-Drupal-Cache-Contexts
Cache-Name
L5d-Success-Class
S-Rt
X-FW-Dynamic
X-Cache-Host
NGX
Fastly-SSL
X-Cache-Time
Azure-SiteName
Azure-SlotName
Selected-Fe
Azure-Version
Azure-RegionName
X-Labrador-Cache-Channel
X-Proto
X-Proxy
X-Web-Node
X-Origin-Response-Time
X-Redis-Cache
X-Proxy-Build
X-Vgn-Hpd-Reason
X-Timing-Wait
X-Soup
X-Real-IP
X-TNCMS
X-Varnish-Cache-Hits
X-Loop
X-Origin
X-IP
X-Hosted-By
X-Akamai-Request-ID2
X-Human
X-Akamai-Request-ID
X-NWS-UUID-VERIFY
X-From
Server-Info
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Site-Version
Origin-Cache-Control
X-Access
S-Cnection
X-ServerID
X-Backend-Name
Version
X-Www-Served-By
Origin-Edge-Control
Decoy-Debug-TTL
X-ApacheServer
X-Section
X-Content-Age
X-Locale
Viewport
X-Format
X-FireWall-Port
X-Is-Bot
X-Cluster-Name
X-PERF
X-XRDS-LOCATION
Ec-Rule-Version
X-Generated
Decoy-Debug-Status
Decoy-Debug-Key
X-Rendered-As
X-Time-Microsecs
X-ProxyCache-Status
X-JoinUs
X-ProxyCache-Key
X-BYPASS-REASON
X-Varnish-Hits
Uber-Trace-Id
X-Info
X-B3-Traceid
X-Storage
X-Generated-By
X-Cache-Backend
X-Guploader-Uploadid
X-Origin-CC
X-PHP-Host
X-Accel-Buffering
X-Origin-TTL
X-App-Version
X-URL
X-RateLimit-Limit
Rt-Fastcgi-Cache
X-Amzn-Remapped-Content-Length
Akamai-GRN
X-WA-Info
Time
Cache-Key
Cteonnt-Length
X-Nginx-Cache-Key
X-Tec-Api-Origin
X-Tec-Api-Root
X-SaId
X-Tec-Api-Version
X-No-Session
X-GoCache-CacheStatus
X-Cache-Remote
Vix-Hermes-Req-Id
X-L-Path
X-MServer
X-Environment-Context
Cache-Hits
X-CF-Powered-By
Origin
X-NCache
GEO-INFO
X-Geo
X-FB-TRIP-ID
Accept-Language
X-CACHE-KEY
X-Presslabs-Stats
X-Tb
X-Trace-Id
X-Backend-TTL
X-Hit
X-SS-Set-Cookie
X-B3-SpanId
Access-Control-Request-Headers
Srv
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-Device-Type
X-Tumblr-Pixel-3
X-APP-VERSION
X-CS
X-Unique-Id
X-ShardId
X-Alternate-Cache-Key
X-CDN-Forward
X-OVcl
X-CSRF-TOKEN
X-ShopId
X-OVcl-Cache
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Cache-Grace
X-Cluster-Node
X-S
User-Cache-Control
ServedBy
X-Parent-Response-Time
X-Dc
X-A-Dcw
X-A
X-S-Cookie
X-A-Ccd
X-A-Dam
X-Region-Sid
X-Aed
X-AIR-PT
X-Application
Apple-News-Services-Handled
Apple-News-Services-Host
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dgt
Request-EU
Xc-Version
T-Server
X-Twitter-Response-Tags
X-PAYTM-SRV-ID
Server-Host
Rt-Proxy-Cache
Fastcgi-X-Cache-Version
X-Ah-Environment
X-Trv-Group
VivaBuild
X-Transaction
Request-Country
X-G
Viewtype
X-Processor
X-Hl-Ver
Rendered-Blocks
X-Vdms-Version
Meta-Geo-Continent
X-Connection-Hash
X-Detected-As
X-Request-UUID
X-Vtex-Remote-Cache
X-Service
Cross-Origin-Window-Policy
X-Vtex-Processado-Em
Mobile-Detection-Method
X-ARC
X-Rewrite-Enabled
MD5-Digest
X-Server-Time
X-SIPLIST1
Machine
IsBot
X-Date
X-D
X-Rojux
X-DPWN-IS-SECURE
X-Destination
X-Session-Fingerprint
X-ScT
Arc-Country
AsisCache
Content-Style-Type
BehaviorPad-Version
Apple-News-Services-Request-Url
Mime-Version
X-B-Cookie
X-EC-Lua
X-Svr
Apple-News-Services-Parsed-Url
X-SRCache-Key
Node
X-CF-Lambda-Version
Content-Script-Type
X-External-Request-Id
X-VG-WebCache
NtCoent-Length
X-VG-WebServer
X-CF-Lambda-Fn
ServerName
X-RCS-CacheZone
OT-Force-Account-Verify
X-Endurance-Cache-Level
RNT-Time
X-Level-Front-Cache
Now
X-Ms-Request-Id
RNT-Machine
X-Matched-Rule
X-Location
X-Block-Status
X-CUA
X-WADP-Cache
X-Core-Value
X-Cms-Context
X-IN-APIGATEWAY
X-Clara-WADP
X-Debug-Cookies
X-Debug-Log
X-Gen-Mode
X-Generated-On
X-Hash
X-Dispatcher-Server
X-Hnp-Log
X-Dispatch
X-Cache-Info
X-Cache-Debug
Web-Mar-Node
Wxu-Next-Commit
Thinkindot-Control
Thinkindot-CacheControl-Type
Server-Int
Thinkindot-CacheControl
Wxu-Next-Hostname
Wxu-Next-Region
X-Ms-Version
X-Cache-Bucket
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Webstats-RespID
Served-By
X-NX-Host
X-RateLimit-Remaining-Second
We-Hiring
Mail-Subject
X-RateLimit-Limit-Second
X-Proxy-Upstream
Cache-Host
X-Magnolia-Registration
X-Proxy-Cache-Status
X-Reboot
Proxy-Connection
X-Nc
X-Source
X-Thinkindot-L3
CDCHOST
X-Request-URI
X-Uri
X-B3-Parentspanid
X-SRV
X-Via-CDN
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-C
X-Varnish-Beresp-Ttl
X-BBXSRF
X-Bip
X-Cache-Id
X-WebServer
X-Sucuri-Cache
X-CGP
X-Method
X-Cdn-Srv
X-We-Are-Hiring
X-Cache-URL
X-Reqid
X-Backend-State
X-Agile-Id
X-Upstream-Ht
X-Agile-Age
X-Agile
X-SVT-ORM-VERSION
Fastly-Soc-X-Request-Id
X-App-Name
X-Upstream-Ct
X-Azure-Ref-OriginShield
X-SVT-ORM-RULES
X-Azure-Ref
L
X-Release
X-Variation
X-Clientip
X-Eu-Site
X-Scheme
X-Has-Esi
X-VServer
X-Distil-CS
X-TrackingId
X-Fastly-Cache
X-S-Maxage
X-Geo-Header
X-Generated-In
X-FW-Version
X-GeoIP-City
X-VG-TLSProxy
X-Server-IP
X-VC-Cache
X-Skip-Cache
X-Rocket-Build-Number
X-Core-Mission
Esi-Enabled
X-Thanos
X-Compress-Hint
X-Sigma-Backend
X-Debug-Cache-Expiry
X-Developers
X-Swa-Ws
X-Sigma
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Generation-Time
X-Auto-Login
X-Planisys-CDN-Cache
Section-Io-Cache
X-User
X-Wikidot-Backend
X-JWT-State
X-Planisys-CDN-Rules
X-Is-Gdpr
IBM-Web2-Location
Is-Eu
X-Policy
X-Planisys-CDN-TTL
X-Key
Adler-Geo
X-Origin-Date
Kp-EeAlive
Memcached
Magicmarker
Content-Disposition
X-Origin-Expires
Pramga
Platform
AKAMAI
PFcat
True-Client-Country-4JS
X-Via-NSCOPI
X-Wikidot-Static-Cache
W
Gh-Request-Id
HA-Ipaddr
Ha-Gx-Prefs
X-Up
X-Irp-Debug
Heartbleed
X-Logging-Id
X-Qloud-Router
Countrycode
Cache-Provider
X-Li-Fabric
X-AK-Request-ID
X-Distributor
Cdnsip
X-GRACE
X-NodeID
X-Amz-Meta-Cache-Control
X-SD-PageType
X-Epic-Correlation-Id
X-Old-Content-Length
X-MSEdge-Flight
X-Li-Pop
Locale
Cdncip
X-LI-UUID
X-ServiceProvider
X-Internal-Host
X-MSEdge-Features
X-Urbn-Site-Id
SD-X-WS
X-Platform-Server
X-Request-Start
X-ND-Cache
X-Urbn-Context-Path
X-Owner
X-Cache-FS-Status
Hostname
X-Cdn-Forward
X-UnsetCookies
Server-ID
X-LI-Proto
V-Age
X-NC
X-TIME
Powered-By-ChinaCache
X-7Graus-Varnish-Cache-Control
X-Servername
X-Trafficlayer-App-Version
X-7Graus-Varnish-XKeys
X-Sucuri-Id
Environment
X-Req
X-B3-Spanid
GEO-REGION-INFO
X-Be
Locid
X-Lb-Id
X-Nginx-Cache
CF-IPCountry
X-Served-From
X-Developer
X-Newrelic-Synthetics
A
FNAC-ModuleRouting
Geo-Info
X-HTML-Minification-Powered-By
X-Refresh
X-Gamma-Serve
X-VHOST
X-Sn-Servicetimems
X-Servedbyhost
X-Device-Os
X-FPC
X-Cdn-Origin
X-Zone
Tcn
ProcessTime
X-Node-Id
X-Microcachable
X-Webkit-CSP
X-Correlation-ID
X-Render-Time
X-Sucuri-ID
X-IPS-LoggedIn
X-NU-AKA-ACS-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Pjax-Url
Memory
Request-Time
X-VWS-Id
X-GeoIP-Country-Code
X-LJ-Flow-ID
X-AWS-Id
X-FORWARDED-FOR
X-MP-GENERATED-AT
X-Mode
X-Edge-O15-RID
X-Pf-Uncompressing
Resin-Trace
X-COUNTRY
Gannett-Cam-Experience-Id
X-VCL-Version
Cf-Ipcountry
X-DC
Group
XServer
Pics-Label
X-Ratelimit-Remaining
TTL
Amp-Access-Control-Allow-Source-Origin
X-Unique-ID
CF-Cached-On
X-Pod
Geoip-City
GeoIP-Latitude
X-ECACHE
X-ElasticPress-Search
X-Instart-Info
GeoIP-Country-Code
X-Bc
GeoIp-Country-Code
Geoip-Latitude
MIME-Version
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-Via-Edge
GeoIP-City
X-CSRF-Token
PICS-Label
X-Var-Ttl
X-Backend-Host
X-Via-SSL
Host-ID
X-Backend-Url
Cdn
X-ZONE
Ttl
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
M-TraceId
HostName
X-NGENIX-Cache
Backend-Name
X-Vcl-Version
X-CLOUD-TRACE-CONTEXT
Pagetype
X-Check-Cacheable
Lfy
X-PF-Uncompressing
REQUESTUUID
X-APP
N-Cache
Ohc-Cache-HIT
Ohc-File-Size
HitType
Fly-Cache
X-Fstrz
X-Cdn-Request-ID
Cache-Prefix
X-BC
Fly-Request-Id
X-Ratelimit-Limit
X-Swift-Error
X-Request-Time
X-GEO
X-Via-Ucdn
X-Worker
X-TH-Server
X-PJAX-URL
X-NGINX-Cache
X-Dynatrace-Js-Agent
X-Sedo-Request-Id
On-Server
X-Cache-Miss-From
Pragrma
User-Agent
URI
X-Fastly-Country-Code
X-HostName
X-LiteSpeed-Cache-Control
X-Aicache-OS
X-UPSTREAM-Address
CDN
X-Fetched-On
X-Tt-Trace-Tag
X-Server-W
X-HS-Status
X-ServedByHost
X-WR-MODIFICATION
Powered-By
X-Cache-Tag
SRV
Who
X-Upstream-CT
Fastly-SIE
X-Ftr-Cache-Host
X-Upstream-HT
X-WA
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Wa
X-Rebelmouse-Surrogate-Control
Media-Length
AR-SID
X-Fpc
X-BE
FSS-Cache
X-LAGOON
X-Varnish-URL
X-TT-LOGID
X-LB-ID
FSS-Proxy
X-Tt-Trace-Host
X-Varnish-Cacheable
DataCenter
X-Cf-Powered-By
UCS
X-Fastly-Backend-Reqs
X-ServerName
Server-Id
X-Hp-Ccpa-Warning
Debug
X-GDPR
X-Ua
Filterid
Cdn-Request-Time
X-Varnish-Beresp-TTL
Cdn-Host
X-Akamai-ERRuleID
X-Cache-Tags
X-Protected-By
X-Edge-Server
X-Akamai-ERPolicy
X-Store
X-SN
Processtime
Country-Code
Xet-Cookie
XxX-Cache-Status
Cneonction
NnCoection
X-SB
WP-Super-Cache
X-VC
X-Nananana
X-Dw-Trace-Id
X-DSS
X-DW
X-DI
X-DB
X-ABtesting
X-Action
X-Flog
X-Hello
X-RPS
X-RSL
X-RPM
X-RateLimit-Reset
X-LiteSpeed-Tag
Warning
SS
SID
X-Li-Proto
X-Gen-Id
X-Fastly-Cache-Hits
Product
Application
Thinkindot-Cache-Type
X-Amzn-Remapped-Date
LB
Requestid
Is-Session-Tracking
Get-Access-Time
X-Amzn-Remapped-Connection
X-Request-Url