Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Kinja-Server-Push
X-Turbo-Charged-By
CF-Ray
X-AH-Environment
X-Via
X-Age
X-Cache-Group
X-Pass-Why
X-Backend
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Hacker
X-Nginx-Cache-Status
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-Rq
Report-To
X-Server-Id
EagleEye-TraceId
X-Host
X-Ac
X-Response-Time
X-OneAgent-JS-Injection
X-Ws-Request-Id
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Origin-Cache
X-Cache-Lookup
NEL
X-Cloud-Trace-Context
X-Readtime
X-Dns-Prefetch-Control
X-Vhost
X-HW
X-Dispatcher
X-Application-Context
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
P3p
X-Cdn
Allow
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Surrogate-Control
X-Rack-Cache
X-Origin-Upstream-Status
X-DynaTrace
Rating
X-Country
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-FTR-Request-ID
X-Akam-SW-Version
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Instart-Request-ID
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Mod-Pagespeed
X-Url
X-B3-TraceId
X-MS-InvokeApp
Verso
Accept-Ch
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-ESI
X-Trace
X-VARITI-CCR
X-SharePointHealthScore
X-Server-Name
X-GitHub-Request-Id
Service-Worker-Allowed
X-Middleton-Response
X-Sol
Response
Pagespeed
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-TTL
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-GoogleNews-Bot
Display
X-Middleton-Display
Content-MD5
RTSS
X-Navigation-Version
SPIisLatency
SPRequestDuration
X-Abt-Application-Version
X-Powered-CMS
Accept-Ch-Lifetime
X-Debug
X-Vcache
X-Forwarded-Proto
X-Upstream
X-Cached
X-Amz-Server-Side-Encryption
Public-Key-Pins
X-Vcap-Request-Id
Charset
MS-Author-Via
X-CST
X-Version
DynaTrace
X-NF-Request-ID
X-Amz-Rid
Realpath
X-Server-ID
Edge-Cache-Tag
X-Px
MicrosoftSharePointTeamServices
X-DynaTrace-JS-Agent
X-Shard
TCN
Arr-Disable-Session-Affinity
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Ezoic-Cdn
Pinterest-Version
X-Pinterest-Rid
X-Shield-Request-Id
X-MSEdge-Ref
Access-Control-Request-Method
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastly-Request-ID
X-Ser
S
Fastly-Restarts
X-Accel-Expires
X-XRDS-Location
X-DIS-Request-ID
X-Client-IP
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Front-End-Https
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-T
X-Element-Page-Cache
X-Goog-Storage-Class
X-Varnish-Age
X-Webapp-Samesite-None-Activated-N
Nginx-Cache
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
Cache-Tag
X-Mrf-Section-Lastmod
X-FTR-Expires
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
X-Frontend
X-Content-Digest
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
Powered
NR-ENABLED
X-Hits
X-Correlation-Id
X-Hp-Webp
X-Ttl
Alternate-Protocol
X-Kinsta-Cache
X-FTR-Cache-Host
X-Fastcgi-Cache
X-Content-Type
X-Aspnetmvc-Version
X-Request-Handler-Origin-Region
ServerID
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Webkit-Csp
X-N
X-RateLimit-Remaining
X-Cache-Hit
X-HS-Combine-CSS
Server-Name
PB-RID
PB-PID
X-Grace
TP-Cache
Arc-Version
TP-L2-Cache
X-Mobile-Rewrite
Healthy
X-Rid
X-Node-Name
X-User-Agent
X-Forwarded-For
X-Analytics
Backend-Timing
X-Revision
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Zen-Fury
X-LB-Cache
X-Mobile-URL
X-FastCGI-Cache
Server-Node
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Varnish-Grace
X-Az
X-Activity-Id
X-AppVersion
X-Cached-By
Cache-Status
X-GUploader-UploadID
X-B3-Sampled
X-NWS-LOG-UUID
X-Content-Options
X-Oneagent-Js-Injection
Refresh
Accept-CH
Accept-CH-Lifetime
Upgrade-Insecure-Requests
X-F-Cache
X-Geo-Country
X-IPLB-Instance
Retry-After
X-Type
X-Ruxit-Js-Agent
X-Srv
FilterID
X-App-Environment
X-FB-Debug
X-Tumblr-Pixel
X-Varnish-Backend
X-Tumblr-User
X-Tumblr-Pixel-0
X-Request-Guid
X-Framework
Paypal-Debug-Id
X-Cluster
X-PHP-Backend
X-Jobs
X-Cache-2
Access-Control-Allow-Method
Host
X-Debug-Info
AR-PoweredBy
X-Page-Id
AR-CACHE
AR-ATIME
DC
Source
Actual-Object-TTL
Accept-Charset
X-Litespeed-Cache
X-Instance
X-AOL-HN
X-WebKit-CSP-Report-Only
X-B
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Cache-Age
X-TT
X-ATG-Version
Cache
Fastcgi-Useragent
X-Seen-By
X-Cache-Key
Ar-Sid
X-Git-Hash
MS-CV
X-Content-Powered-By
X-Via-JSL
VIX-Pulpo-Upstream-Status
X-PressLabs-Stats
VIX-Pulpo-Node
X-Cache-TTL
X-Whom
X-Amz-Replication-Status
X-B-Cache
X-Signature
Host-Header
X-Wix-Request-Id
X-Cache-Control
X-Daa-Tunnel
X-Response-Served-From
NGB
X-Cache-Enabled
X-UA
X-Mobile
X-Origin-Server
Surrogate-Key
X-RequestSource
Cache-Tv-Group
X-Host-Name
X-GeoIP
Filters
Payment
X-Tumblr-Pixel-2
X-Handled-By
Cleartype
X-Tumblr-Pixel-1
X-EdgeConnect-Cache-Status
Eomportal-Instance
X-FW-Hash
X-Cacheable-TTL
X-FW-Type
X-FW-Server
X-Region
X-FW-Static
WPE-Backend
X-FW-Serve
X-TX-ID
AR-Request-ID
X-Hyper-Cache
X-Drupal-Cache-Tags
Xserver
X-Adobe-Loc
X-ATS-Timestamp
X-TA-CDN-Provider
X-Cache-NE
X-Adobe-Content
Frame-Options
X-Cache-Action
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Webserver
Datacenter
X-Cache-Rule
X-Cache-Operation
X-Hostname
X-Load-Cache
X-SERVER
From-Origin
X-NewRelic-App-Data
X-Esi
X-Akamai-Transformed
X-ProcessESI
X-RemovedCookies
X-UA-Device-Type
X-Edge-Location
X-Cache-TTL-Remaining
Liferay-Portal
Ms-Operation-Id
X-Forwarded-Host
X-RTag
X-Cache-Server
X-Varnish-Hostname
X-Varnish-Server
X-Oss-Server-Time
X-Oss-Storage-Class
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Rule
X-Status
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-App-Server
X-XRDS-LOCATION
X-Contextid
Country
Odigeo-Trace-Id
X-VCache
X-Upgrade-Enabled
X-UUID
Meta-Geo
X-TT-TIMESTAMP
Load-Balancing
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
X-Path-Route
X-BCube-Filmed-By
X-Time
X-RN-RSRV
DSUID
X-R9-Blue-Green-Version
X-VCT
X-Rocket-Nginx-Bypass
X-Debug-Cache
Release
X-From
X-CCM
Mn-Server-Ip
Webcakes-App-Name
TWC-Privacy
X-Loop
X-OCL
Webcakes-Region
X-Cache-Config
X-Real-IP
X-Akamai-Request-ID
Webcakes-App-Version
TWC-Locale-Group
X-Timing-Wait
Property-Id
X-Vgn-Hpd-Reason
L5d-Success-Class
Fastly-SSL
Cache-Tags
Selected-Fe
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-TNCMS
TWC-GeoIP-Country
X-Proxy-Build
TWC-Device-Class
X-Origin-Response-Time
X-PCL
X-Soup
X-Proto
X-Human
X-Viewer-Country
X-Hosted-By
X-EIG-Tracking-Id
X-Redis-Cache
X-Proxy
X-FC-Vary-Parameters
X-Origin-Hint
Origin-Cache-Control
S-Rt
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ServerID
Ec-Rule-Version
X-Generated
X-Cache-Host
X-Section
X-Site-Version
Origin-Edge-Control
X-Xfnlog-Site
X-Access
X-Locale
X-Via-Fastly
X-Akamai-Request-ID2
X-Content-Age
X-Drupal-Cache-Contexts
X-IP
X-Format
X-Pubstack
X-FW-Dynamic
X-Www-Served-By
X-Web-Node
Viewport
DB-Nickname
NGX
Cache-Name
Tracecode
X-Labrador-Cache-Channel
X-Origin
X-FireWall-Port
Uber-Trace-Id
Server-Info
X-Cluster-Name
X-Rendered-As
Decoy-Debug-Key
X-Cache-Time
X-JoinUs
X-Backend-Name
X-ProxyCache-Status
S-Cnection
X-BYPASS-REASON
Decoy-Debug-TTL
X-Is-Bot
X-ProxyCache-Key
Decoy-Debug-Status
X-Accel-Buffering
Version
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-RegionName
X-Varnish-Cache-Hits
X-Time-Microsecs
X-NWS-UUID-VERIFY
X-Generated-By
X-PERF
X-ApacheServer
X-Varnish-Hits
X-Cache-Backend
X-Info
X-PHP-Host
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Storage
X-Origin-CC
X-Origin-TTL
X-Amzn-Remapped-Content-Length
X-SaId
X-App-Version
X-WA-Info
Rt-Fastcgi-Cache
Akamai-GRN
X-URL
X-Geo
X-CF-Powered-By
Cteonnt-Length
X-Nginx-Cache-Key
X-Presslabs-Stats
Cache-Key
Time
X-MServer
X-No-Session
Origin
GEO-INFO
X-Guploader-Uploadid
X-Cache-Remote
X-L-Path
X-Environment-Context
X-RateLimit-Limit
X-FB-TRIP-ID
Access-Control-Request-Headers
Accept-Language
X-GoCache-CacheStatus
X-Tb
Vix-Hermes-Req-Id
X-SayCDN-TTL
Cache-Hits
X-Say-Cacheable
X-Say-TTL
X-Unique-Id
X-Backend-TTL
X-Hit
X-APP-VERSION
X-CACHE-KEY
X-NCache
X-B3-SpanId
X-Trace-Id
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-Alternate-Cache-Key
X-CDN-Forward
X-Device-Type
X-SS-Set-Cookie
X-EC-Lua
Srv
X-CS
X-RCS-CacheZone
X-B3-Traceid
X-Tumblr-Pixel-3
X-Source
X-S
Mime-Version
OT-Force-Account-Verify
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Arc-Country
X-AIR-PT
BehaviorPad-Version
X-ScT
Apple-News-Services-Host
AsisCache
X-S-Cookie
X-Service
X-SIPLIST1
X-B-Cookie
X-SRCache-Key
X-Dc
User-Cache-Control
X-ARC
X-Application
X-Endurance-Cache-Level
X-Server-Time
X-Rojux
X-Magnolia-Registration
X-Session-Fingerprint
Apple-News-Services-Handled
X-Accel-Expires-Debug
X-Processor
Meta-Geo-Continent
MD5-Digest
T-Server
Viewtype
Machine
Mobile-Detection-Method
Server-Host
Request-Country
Request-EU
Rendered-Blocks
X-PAYTM-SRV-ID
Node
Rt-Proxy-Cache
IsBot
VivaBuild
X-A-Wwc
Cross-Origin-Window-Policy
Content-Style-Type
Content-Script-Type
X-Rewrite-Enabled
X-Transaction
X-A-Dgt
Fastcgi-X-Cache-Version
X-Region-Sid
X-A
X-A-Ccd
X-A-Dam
X-Request-UUID
X-A-Dcw
X-Aed
X-Svr
X-VG-WebCache
X-VG-WebServer
X-DPWN-IS-SECURE
X-Detected-As
X-Vdms-Version
X-D
X-Date
X-CSRF-TOKEN
X-OVcl
X-OVcl-Cache
X-G
X-Hl-Ver
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Parent-Response-Time
X-External-Request-Id
X-Connection-Hash
X-Destination
X-Twitter-Response-Tags
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Trv-Group
ServerName
X-Cluster-Node
X-TIME
ServedBy
Thinkindot-CacheControl
NtCoent-Length
X-Level-Front-Cache
Server-Int
X-Reboot
Thinkindot-CacheControl-Type
X-IN-APIGATEWAYSSL
X-Location
Wxu-Next-Hostname
X-Cache-Bucket
Wxu-Next-Region
Wxu-Next-Commit
X-Ah-Environment
X-Instart-Isnd
X-Upstream-Ht
Thinkindot-Control
X-Upstream-Ct
X-IN-APIGATEWAY
Served-By
X-Hash
X-Thinkindot-L3
X-Matched-Rule
Now
X-Webstats-RespID
X-CUA
X-Core-Value
X-Generated-On
X-Cache-Grace
Proxy-Connection
X-Cache-URL
X-NX-Host
X-Eu-Site
X-Gen-Mode
RNT-Machine
X-Ms-Version
RNT-Time
Section-Io-Cache
X-GeoIP-City
X-Fastly-Cache
W
X-Geo-Header
Web-Mar-Node
X-Has-Esi
X-Distil-CS
X-App-Name
X-CGP
X-Compress-Hint
X-Core-Mission
X-Ms-Request-Id
X-Origin-Date
X-ND-Cache
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Backend-State
X-Clara-WADP
X-Method
X-B3-Parentspanid
X-Cms-Context
X-Clientip
X-Debug-Cookies
X-Debug-Log
X-BBXSRF
X-Block-Status
X-Dispatch
X-C
X-Is-Gdpr
X-Cache-Info
X-Cache-Debug
X-JWT-State
X-Developers
X-Agile-Id
X-Logging-Id
X-Agile-Age
X-Agile
X-Key
X-Bip
X-Irp-Debug
X-RateLimit-Remaining-Second
CDCHOST
X-Scheme
Cache-Host
X-Server-IP
AKAMAI
X-Rocket-Build-Number
Content-Disposition
X-Release
X-Reqid
Fastly-Soc-X-Request-Id
Countrycode
X-VC-Cache
X-User
X-Hnp-Log
X-Sigma-Backend
X-SVT-ORM-VERSION
X-Sucuri-Cache
X-Thanos
X-TrackingId
X-Sigma
X-Up
Mail-Subject
We-Hiring
X-SVT-ORM-RULES
X-RateLimit-Limit-Second
X-Wikidot-Backend
X-We-Are-Hiring
Memcached
X-WADP-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Wikidot-Static-Cache
X-Origin-Expires
PFcat
X-Planisys-CDN-Cache
X-Qloud-Router
X-Proxy-Cache-Status
Ha-Gx-Prefs
HA-Ipaddr
X-Proxy-Upstream
X-Dispatcher-Server
X-VG-TLSProxy
L
Heartbleed
IBM-Web2-Location
X-Via-NSCOPI
X-VServer
X-SRV
X-Nc
X-Uri
Cache-Provider
Esi-Enabled
X-Epic-Correlation-Id
X-Distributor
Gh-Request-Id
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Debug-Cache-Store
X-S-Maxage
X-Li-Fabric
X-Varnish-Beresp-Ttl
Kp-EeAlive
X-Internal-Host
Platform
Is-Eu
X-Policy
Adler-Geo
X-Generation-Time
SD-X-WS
Magicmarker
X-FW-Version
X-Amz-Meta-Cache-Control
X-Generated-In
X-Debug-Cache-Fetch
X-Li-Pop
X-Auto-Login
X-Platform-Server
X-Request-Start
X-WebServer
X-Variation
X-Cdn-Srv
X-Debug-Cache-Expiry
X-Owner
X-Request-URI
X-Skip-Cache
X-SD-PageType
Pramga
X-Swa-Ws
X-LI-UUID
X-Via-CDN
X-NodeID
X-Trafficlayer-App-Version
X-MSEdge-Flight
True-Client-Country-4JS
X-Urbn-Context-Path
X-Urbn-Site-Id
X-ServiceProvider
X-LI-Proto
Locale
X-MSEdge-Features
Server-ID
X-Old-Content-Length
X-Cache-FS-Status
X-Cache-Id
X-NC
V-Age
X-Servername
X-AK-Request-ID
X-Cdn-Forward
Powered-By-ChinaCache
Cdnsip
Cdncip
X-B3-Spanid
Environment
Locid
X-Req
GEO-REGION-INFO
X-Be
Hostname
X-Lb-Id
CF-IPCountry
X-UnsetCookies
X-GRACE
X-Sucuri-Id
X-HTML-Minification-Powered-By
X-Newrelic-Synthetics
X-Served-From
X-Refresh
X-Gamma-Serve
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
FNAC-ModuleRouting
X-Nginx-Cache
X-FPC
Geo-Info
X-IPS-LoggedIn
A
X-Developer
X-Servedbyhost
X-VHOST
Tcn
X-Sucuri-ID
X-Sn-Servicetimems
X-Device-Os
X-Zone
X-Microcachable
X-Cdn-Origin
X-Render-Time
X-Tb-Optimization-Total-Bytes-Saved
X-NU-AKA-ACS-Version
ProcessTime
X-Edge-O15-RID
X-Webkit-CSP
X-MP-GENERATED-AT
X-Mode
X-Node-Id
X-GeoIP-Country-Code
X-Pjax-Url
X-Ratelimit-Remaining
X-DC
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-FORWARDED-FOR
Request-Time
Memory
X-Pf-Uncompressing
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-VCL-Version
Gannett-Cam-Experience-Id
X-COUNTRY
X-Correlation-ID
Cf-Ipcountry
Geoip-Latitude
Amp-Access-Control-Allow-Source-Origin
Resin-Trace
Pics-Label
TTL
GeoIp-Country-Code
XServer
CF-Cached-On
X-CSRF-Token
GeoIP-Latitude
X-ZONE
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
GeoIP-Country-Code
Group
X-Pod
X-Unique-ID
PICS-Label
Cache-Cookie-Set-From
X-Bc
M-TraceId
X-ECACHE
GeoIP-City
Geoip-City
HostName
X-ElasticPress-Search
X-Instart-Info
MIME-Version
X-Via-Edge
X-Via-SSL
Cdn
X-Ratelimit-Limit
X-Request-Time
X-Vcl-Version
Host-ID
X-Cdn-Request-ID
X-Backend-Url
X-Backend-Host
X-NODE
X-Var-Ttl
X-Swift-Error
X-CLOUD-TRACE-CONTEXT
Ohc-Cache-HIT
X-APP
X-TH-Server
Backend-Name
Ttl
X-BC
X-PF-Uncompressing
Ohc-File-Size
X-NGINX-Cache
X-NGENIX-Cache
N-Cache
Pagetype
HitType
X-Check-Cacheable
REQUESTUUID
Lfy
X-UPSTREAM-Address
Cache-Prefix
X-Fstrz
X-PJAX-URL
Fly-Cache
Fly-Request-Id
Powered-By
URI
Media-Length
On-Server
User-Agent
X-Fastly-Country-Code
X-Tt-Trace-Tag
X-Via-Ucdn
X-Worker
X-HostName
CDN
X-Cache-Miss-From
X-Cache-Tag
X-WR-MODIFICATION
X-Aicache-OS
X-Sedo-Request-Id
X-ServedByHost
Pragrma
SRV
X-LiteSpeed-Cache-Control
FSS-Proxy
X-Tt-Trace-Host
Who
X-HS-Status
X-Server-W
FSS-Cache
X-Hp-Ccpa-Warning
X-GEO
X-Fetched-On
X-WA
AR-SID
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Wa
Fastly-SIE
X-BE
UCS
Fastly-SWR
X-NYM-Debug-Backend
X-Upstream-HT
X-Upstream-CT
X-Dynatrace-Js-Agent
X-LAGOON
Processtime
X-Varnish-URL
X-LB-ID
X-Cache-Tags
X-Fpc
X-Varnish-Cacheable
X-Cf-Powered-By
Debug
X-TT-LOGID
X-Fastly-Backend-Reqs
X-ServerName
X-Store
X-Varnish-Beresp-TTL
X-Ua
X-Ftr-Cache-Host
Country-Code
X-Varnish-Authentication
Fastly-Backend-Name
X-Contensis-Viewer-Groups
X-Cache-ASPX
Server-Cache-Control
Server-Surrogate-Control
X-Akamai-ERRuleID
X-Protected-By
Server-Id
X-Akamai-ERPolicy
X-GDPR
DataCenter
X-Li-Proto
Product
X-Edge-Server
X-Request-Url
Application
SID
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
WP-Super-Cache
Location
X-Fastly-Cache-Hits
X-VC
XxX-Cache-Status
Cdn-Host
X-Dw-Trace-Id
NnCoection
X-Gen-Id
X-Nananana
Cneonction
Cdn-Request-Time
X-SB
X-SN
Thinkindot-Cache-Type
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Xet-Cookie