Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
X-Turbo-Charged-By
CF-Ray
X-AH-Environment
X-Age
X-Cache-Group
X-Via
X-Pass-Why
X-Backend
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Hacker
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Device
X-WebKit-CSP
X-Rq
Report-To
X-Ws-Request-Id
EagleEye-TraceId
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
Request-Id
X-Cnection
X-Backend-Server
Content-Location
X-DataDome
X-Origin-Cache
NEL
X-Node
X-Cache-Lookup
X-Readtime
X-Dns-Prefetch-Control
X-Cloud-Trace-Context
X-Vhost
X-HW
X-Dispatcher
X-ORACLE-DMS-ECID
X-Application-Context
X-ORACLE-DMS-RID
P3p
X-Cdn
Allow
Surrogate-Control
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
X-Country
Rating
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
X-Ruxit-JS-Agent
Pinterest-Generated-By
Edge-Control
X-Instart-Request-ID
X-TtlSet
X-Vname
X-PC
X-B3-TraceId
X-Mod-Pagespeed
X-Url
Accept-Ch
X-MS-InvokeApp
Verso
SPRequestGuid
X-Powered-By-Plesk
X-TTL
X-ESI
X-D2id
X-Trace
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
Service-Worker-Allowed
Content-MD5
X-SharePointHealthScore
X-Cdn-Fetch
Response
Pagespeed
X-Sol
X-Exp-Id
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Middleton-Response
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
RTSS
X-Middleton-Display
Display
Accept-Ch-Lifetime
X-Navigation-Version
SPIisLatency
SPRequestDuration
X-Abt-Application-Version
X-Powered-CMS
X-Debug
X-Forwarded-Proto
X-Vcache
X-Upstream
X-Cached
X-Amz-Server-Side-Encryption
Public-Key-Pins
X-Vcap-Request-Id
Charset
X-Version
DynaTrace
MS-Author-Via
X-CST
X-NF-Request-ID
X-Amz-Rid
Realpath
Edge-Cache-Tag
X-Px
X-DynaTrace-JS-Agent
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Shard
TCN
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Shield-Request-Id
X-Ezoic-Cdn
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
Access-Control-Request-Method
X-Pinterest-Rid
Pinterest-Version
X-Ser
X-Accel-Expires
S
X-DIS-Request-ID
Fastly-Restarts
X-Client-IP
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Front-End-Https
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Webapp-Samesite-None-Activated-N
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-T
X-Id
X-Varnish-Age
X-Element-Page-Cache
X-XRDS-Location
X-Goog-Storage-Class
Cache-Tag
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-Amzn-Trace-Id
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Dw-Request-Base-Id
X-FTR-Expires
X-Mrf-Section-Lastmod
MRF-Tech
Nginx-Cache
X-Server-ID
Fastcgi-Cache
X-Content-Digest
X-HS-Hub-Id
X-Frontend
X-HS-Content-Id
X-HS-Cache-Config
NR-ENABLED
Powered
X-Fastcgi-Cache
X-Correlation-Id
X-Hits
X-Hp-Webp
Alternate-Protocol
X-Kinsta-Cache
X-FTR-Cache-Host
X-Content-Type
X-Request-Received
X-Request-Processing-Time
Server-Name
ServerID
X-RateLimit-Remaining
X-HS-Combine-CSS
X-Aspnetmvc-Version
X-Microsite
X-Request-Handler-Origin-Region
PB-PID
X-Webkit-Csp
PB-RID
Arc-Version
TP-Cache
X-N
X-Mobile-Rewrite
X-Cache-Hit
TP-L2-Cache
X-Grace
X-Rid
X-Ttl
Healthy
X-Pad
X-Akamai-Edgescape
X-Forwarded-For
X-User-Agent
X-Revision
Backend-Timing
X-Analytics
X-Node-Name
X-Content-Security-Policy-Report-Only
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-Mobile-URL
X-Zen-Fury
X-Amz-Apigw-Id
X-Amzn-RequestId
X-LB-Cache
Server-Node
X-Varnish-Grace
X-AppVersion
X-Az
X-Activity-Id
X-Cached-By
Cache-Status
X-B3-Sampled
X-GUploader-UploadID
X-Content-Options
X-F-Cache
X-Oneagent-Js-Injection
Refresh
X-Geo-Country
Upgrade-Insecure-Requests
X-FastCGI-Cache
X-NWS-LOG-UUID
X-IPLB-Instance
X-Type
Retry-After
X-Varnish-Backend
X-Cache-2
X-Srv
X-Ruxit-Js-Agent
X-Tumblr-Pixel
X-App-Environment
X-Tumblr-User
X-Tumblr-Pixel-0
Host
Accept-Charset
Paypal-Debug-Id
X-Jobs
X-FB-Debug
X-B
X-Cluster
X-AOL-HN
DC
Actual-Object-TTL
X-Debug-Info
X-Framework
X-Request-Guid
X-PHP-Backend
X-Page-Id
X-Instance
Access-Control-Allow-Method
Source
X-WebKit-CSP-Report-Only
FilterID
Cache
Accept-CH-Lifetime
AR-CACHE
AR-ATIME
X-TT
X-ATG-Version
AR-PoweredBy
Accept-CH
X-Cache-Age
Fastcgi-Useragent
X-Erf-Bev-Bev-Is-Generated
X-Seen-By
X-Erf-Bev-Bev
X-Git-Hash
X-Cache-Key
MS-CV
X-Content-Powered-By
X-TA-CDN-Provider
Ar-Sid
X-Via-JSL
VIX-Pulpo-Node
X-B-Cache
VIX-Pulpo-Upstream-Status
X-Signature
X-Cache-TTL
X-Amz-Replication-Status
Host-Header
X-Whom
X-PressLabs-Stats
X-Origin-Server
X-Cache-Control
X-Wix-Request-Id
X-Cache-Enabled
X-Response-Served-From
Xserver
NGB
X-Mobile
X-UA
X-Daa-Tunnel
X-XRDS-LOCATION
Surrogate-Key
X-ATS-Timestamp
X-RequestSource
X-GeoIP
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Cache-Tv-Group
X-Host-Name
Cleartype
Datacenter
Payment
X-Hyper-Cache
Filters
Eomportal-Instance
WPE-Backend
X-Cache-NE
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Hash
X-Cacheable-TTL
Frame-Options
X-Adobe-Loc
X-Adobe-Content
X-TX-ID
X-Handled-By
X-Region
X-Drupal-Cache-Tags
Webserver
X-Cache-Action
X-Load-Cache
X-EdgeConnect-Cache-Status
X-Kong-Upstream-Latency
X-Litespeed-Cache
X-Kong-Proxy-Latency
X-SERVER
X-Akamai-Transformed
X-Hostname
AR-Request-ID
X-Cache-Rule
X-Cache-Operation
From-Origin
X-Esi
X-Cache-TTL-Remaining
X-Edge-Location
X-NewRelic-App-Data
X-RemovedCookies
X-ProcessESI
Liferay-Portal
X-UA-Device-Type
X-RTag
Ms-Operation-Id
X-Cache-Server
X-Varnish-Hostname
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-ORACLE-APMCS-TAG
X-Forwarded-Host
X-ORACLE-APMCS-REQUEST-ID
X-Varnish-Server
X-Rule
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Status
Country
X-Upgrade-Enabled
X-Contextid
X-App-Server
Odigeo-Trace-Id
X-UUID
X-ES-SERVER
X-BCube-Filmed-By
X-Cache-Var-Map
X-RN-RSRV
X-Path-Route
X-Cache-Var
Meta-Geo
Load-Balancing
DSUID
X-TT-TIMESTAMP
X-VCache
TWC-GeoIP-Country
X-Rocket-Nginx-Bypass
X-R9-Blue-Green-Version
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Name
X-Origin-Hint
TWC-Locale-Group
X-CCM
Property-Id
TWC-GeoIP-LatLong
Release
Mn-Server-Ip
TWC-Privacy
DB-Nickname
Webcakes-Region
Webcakes-App-Version
X-From
X-VCT
X-EIG-Tracking-Id
X-Debug-Cache
X-Cache-Time
Cache-Tags
Fastly-SSL
Selected-Fe
L5d-Success-Class
S-Rt
Origin-Edge-Control
Origin-Cache-Control
Cache-Name
X-Akamai-Request-ID
Azure-InstanceId
X-Cache-Config
Azure-RegionName
Azure-SiteName
Azure-Version
Azure-SlotName
X-Cache-Host
X-FC-Vary-Parameters
X-Hosted-By
X-Proxy
X-Vgn-Hpd-Reason
X-Proxy-Build
X-Pubstack
X-Via-Fastly
X-Proto
X-PCL
X-Loop
X-IP
X-OCL
X-Origin
X-Human
X-Origin-Response-Time
X-Viewer-Country
X-TNCMS
X-Redis-Cache
X-ServerID
X-FW-Dynamic
X-Timing-Wait
X-Real-IP
X-Soup
X-Drupal-Cache-Contexts
X-FireWall-Port
X-Section
X-Is-Bot
X-Varnish-Hits
X-Rendered-As
X-JoinUs
X-Cluster-Name
X-Format
X-Labrador-Cache-Channel
X-Accel-Buffering
X-Locale
X-Site-Version
X-Xfnlog-Site
X-Www-Served-By
Uber-Trace-Id
X-BYPASS-REASON
X-ProxyCache-Key
X-Generated
X-Access
X-Content-Age
X-ProxyCache-Status
Ec-Rule-Version
X-Backend-Name
X-Akamai-Request-ID2
Viewport
X-Goog-Meta-Goog-Reserved-File-Mtime
Version
X-Web-Node
NGX
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Varnish-Cache-Hits
X-Generated-By
S-Cnection
Server-Info
X-Time-Microsecs
X-Cache-Backend
X-NWS-UUID-VERIFY
X-PHP-Host
Tracecode
X-PERF
X-ApacheServer
X-Presslabs-Stats
X-Amzn-Remapped-Content-Length
X-Origin-TTL
X-Storage
X-Time
X-Origin-CC
X-Info
X-SaId
X-Tec-Api-Root
X-Geo
X-Tec-Api-Origin
Akamai-GRN
X-Tec-Api-Version
X-WA-Info
X-Nginx-Cache-Key
GEO-INFO
Rt-Fastcgi-Cache
Cteonnt-Length
X-URL
Time
X-MServer
X-No-Session
X-CF-Powered-By
X-Unique-Id
Origin
X-Environment-Context
X-L-Path
X-APP-VERSION
X-App-Version
X-Cache-Remote
Cache-Key
X-Backend-TTL
Access-Control-Request-Headers
X-Tb
X-Guploader-Uploadid
Accept-Language
X-FB-TRIP-ID
X-SayCDN-TTL
X-TIME
X-Say-Cacheable
X-CDN-Forward
X-GoCache-CacheStatus
X-Say-TTL
X-NCache
X-EC-Lua
X-Hit
Cache-Hits
Vix-Hermes-Req-Id
X-CACHE-KEY
X-Shopify-Stage
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-RateLimit-Limit
X-RCS-CacheZone
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-PodId
X-Trace-Id
X-Dc
Mime-Version
X-Device-Type
OT-Force-Account-Verify
X-CS
X-Tumblr-Pixel-3
X-S
X-Source
X-SS-Set-Cookie
X-B3-SpanId
Srv
X-OVcl
X-OVcl-Cache
X-Parent-Response-Time
X-Endurance-Cache-Level
X-Magnolia-Registration
Request-Country
Rendered-Blocks
Node
Mobile-Detection-Method
Request-EU
Fastcgi-X-Cache-Version
Apple-News-Services-Host
BehaviorPad-Version
AsisCache
Rt-Proxy-Cache
Apple-News-Services-Parsed-Url
Arc-Country
Content-Script-Type
Content-Style-Type
Machine
MD5-Digest
IsBot
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Cross-Origin-Window-Policy
Meta-Geo-Continent
X-Date
X-ScT
X-S-Cookie
X-Server-Time
X-Service
X-Session-Fingerprint
X-Rojux
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-Processor
X-Region-Sid
X-Request-UUID
X-SIPLIST1
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-Svr
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Hl-Ver
X-G
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dam
X-A-Ccd
T-Server
Viewtype
VivaBuild
X-A
X-Aed
X-AIR-PT
X-Destination
X-Detected-As
X-DPWN-IS-SECURE
X-External-Request-Id
X-D
X-Connection-Hash
X-Application
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
Server-Host
X-ARC
User-Cache-Control
X-Upstream-Ct
X-Cluster-Node
X-Upstream-Ht
ServedBy
Now
ServerName
X-Ah-Environment
X-Core-Value
X-Matched-Rule
Wxu-Next-Hostname
Wxu-Next-Region
X-CUA
Wxu-Next-Commit
We-Hiring
Server-Int
X-Dispatcher-Server
Served-By
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Reboot
Mail-Subject
Thinkindot-Control
X-Location
X-ND-Cache
X-Cache-Bucket
X-Level-Front-Cache
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Generated-On
X-Via-NSCOPI
X-Hash
X-Webstats-RespID
X-Dispatch
X-IN-APIGATEWAY
X-Thinkindot-L3
Proxy-Connection
X-Uri
X-Distil-CS
X-Distributor
X-Epic-Correlation-Id
X-Gen-Mode
X-FW-Version
X-Fastly-Cache
X-Eu-Site
X-Generation-Time
X-GeoIP-City
X-Geo-Header
X-Debug-Cache-Fetch
X-C
X-Block-Status
X-Cache-Debug
X-Cache-FS-Status
X-Cache-Info
X-Bip
X-BBXSRF
X-Azure-Ref
X-Azure-Ref-OriginShield
X-B3-Parentspanid
X-Backend-State
X-Cache-URL
X-Cdn-Srv
X-Has-Esi
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Core-Mission
X-Compress-Hint
X-CGP
X-Clara-WADP
X-Clientip
X-Cms-Context
X-Developers
X-Li-Fabric
X-Skip-Cache
X-Sigma-Backend
X-Sucuri-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Sigma
X-Server-IP
X-Rocket-Build-Number
X-Request-URI
X-S-Maxage
X-Scheme
X-SD-PageType
X-Thanos
X-TrackingId
X-We-Are-Hiring
X-WADP-Cache
X-WebServer
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-VG-TLSProxy
X-Up
X-User
X-Variation
X-VC-Cache
X-Request-Start
X-Reqid
X-Ms-Request-Id
X-Method
X-Ms-Version
X-NX-Host
X-Old-Content-Length
X-Logging-Id
X-LI-UUID
X-JWT-State
X-Is-Gdpr
X-Key
X-Auto-Login
X-Li-Pop
X-Origin-Date
X-Origin-Expires
X-Qloud-Router
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Release
X-Proxy-Cache-Status
X-Platform-Server
X-Owner
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Hnp-Log
X-Irp-Debug
Web-Mar-Node
W
Content-Disposition
Countrycode
Pramga
PFcat
RNT-Machine
RNT-Time
Magicmarker
Esi-Enabled
Fastly-Soc-X-Request-Id
Is-Eu
Section-Io-Cache
L
SD-X-WS
IBM-Web2-Location
Heartbleed
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
Cache-Host
CDCHOST
Memcached
X-App-Name
X-Agile-Age
X-Agile
Adler-Geo
X-Amz-Meta-Cache-Control
Platform
X-Agile-Id
AKAMAI
X-SRV
Cache-Provider
NtCoent-Length
X-CSRF-TOKEN
X-Generated-In
X-Cache-Grace
X-LI-Proto
Kp-EeAlive
Server-ID
X-Policy
X-Trafficlayer-App-Version
X-Cache-Id
X-Swa-Ws
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Powered-By-ChinaCache
X-Varnish-Beresp-Grace
X-Internal-Host
X-B3-Spanid
X-Nc
X-NC
Cdnsip
X-Urbn-Site-Id
X-Urbn-Context-Path
Cdncip
X-NodeID
Locale
X-ServiceProvider
V-Age
True-Client-Country-4JS
X-AK-Request-ID
X-NODE
X-Via-CDN
Environment
X-Newrelic-Synthetics
CF-IPCountry
Locid
X-MSEdge-Flight
X-MSEdge-Features
X-HTML-Minification-Powered-By
X-Servername
X-Req
X-Served-From
X-B3-Traceid
X-Lb-Id
GEO-REGION-INFO
X-Be
X-Gamma-Serve
FNAC-ModuleRouting
X-IPS-LoggedIn
X-GRACE
X-Cdn-Forward
X-Refresh
X-FPC
X-CLOUD-TRACE-CONTEXT
Hostname
X-UnsetCookies
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
X-Sucuri-Id
X-Render-Time
X-Sucuri-ID
X-Nginx-Cache
X-MP-GENERATED-AT
X-VHOST
X-Mode
X-NU-AKA-ACS-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Zone
ProcessTime
X-Microcachable
X-Developer
Tcn
A
X-Servedbyhost
Geo-Info
X-GeoIP-Country-Code
X-Edge-O15-RID
X-Webkit-CSP
X-Cdn-Origin
X-Device-Os
X-Sn-Servicetimems
X-AWS-Id
X-Node-Id
X-LJ-Flow-ID
X-VWS-Id
X-Pf-Uncompressing
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-Pjax-Url
Memory
X-Ratelimit-Remaining
X-CSRF-Token
X-FORWARDED-FOR
TTL
X-COUNTRY
Geoip-Latitude
Resin-Trace
Request-Time
Gannett-Cam-Experience-Id
GeoIp-Country-Code
X-Correlation-ID
X-Ratelimit-Limit
PICS-Label
Cache-Cookie-Set-From
Amp-Access-Control-Allow-Source-Origin
Cache-Cookie-Set-Idcheck
X-DC
Cache-Cookie-Set-Lfrom
X-Bc
CF-Cached-On
X-ZONE
X-Pod
X-Request-Time
X-Vcl-Version
Cdn
Pics-Label
X-VCL-Version
HostName
Cf-Ipcountry
X-Swift-Error
X-Via-SSL
X-Via-Edge
GeoIP-City
M-TraceId
X-Cdn-Request-ID
Group
GeoIP-Latitude
GeoIP-Country-Code
X-Unique-ID
X-NGINX-Cache
Geoip-City
X-ECACHE
X-ElasticPress-Search
X-TH-Server
Host-ID
XServer
X-Instart-Info
MIME-Version
X-BC
Ttl
X-Backend-Host
X-Var-Ttl
Ohc-Cache-HIT
Ohc-File-Size
X-Backend-Url
X-APP
X-Check-Cacheable
X-PF-Uncompressing
HitType
Backend-Name
Powered-By
X-UPSTREAM-Address
Media-Length
N-Cache
REQUESTUUID
Pagetype
Lfy
URI
X-NGENIX-Cache
X-PJAX-URL
X-Tt-Trace-Tag
Cache-Prefix
X-ServedByHost
X-HS-Status
X-Fastly-Country-Code
Fly-Request-Id
Fly-Cache
X-Fstrz
User-Agent
On-Server
X-HostName
X-Hp-Ccpa-Warning
SRV
X-Via-Ucdn
X-Tt-Trace-Host
X-Cache-Tag
X-WR-MODIFICATION
FSS-Proxy
X-Worker
X-Aicache-OS
FSS-Cache
X-LiteSpeed-Cache-Control
X-Cache-Miss-From
Pragrma
UCS
X-Fetched-On
Who
X-Sedo-Request-Id
X-NYM-Debug-Backend
X-WA
CDN
Processtime
AR-SID
X-BE
X-Cache-Tags
X-Server-W
Server-Surrogate-Control
X-Rebelmouse-Cache-Control
Server-Cache-Control
X-Varnish-Cacheable
Fastly-SWR
X-Wa
X-LAGOON
X-Varnish-URL
Fastly-SIE
X-LB-ID
X-Fpc
X-Rebelmouse-Surrogate-Control
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-ASPX
X-GEO
X-Cf-Powered-By
Fastly-Backend-Name
Country-Code
Location
X-Store
X-ServerName
X-Upstream-HT
Debug
X-Varnish-Beresp-TTL
Filterid
X-Fastly-Backend-Reqs
X-Upstream-CT
X-Ftr-Cache-Host
X-Ua
X-Akamai-ERPolicy
X-TT-LOGID
X-Protected-By
X-Response-By
X-Akamai-ERRuleID
Xet-Cookie
X-Apw-Access-Action
X-Apw-Access-Object
WP-Super-Cache
X-VC
X-Apw-Hits
X-Apw-Access-Token
X-Fastly-Cache-Hits
Thinkindot-Cache-Type
X-Li-Proto
SID
X-Dw-Trace-Id
Server-Id
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Gen-Id
Application
X-Nananana
XxX-Cache-Status
Cneonction
NnCoection
X-GDPR
Product
X-Request-Url
X-SB