Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
CF-Ray
X-Turbo-Charged-By
X-AH-Environment
X-Ua-Compatible
X-Age
X-Cache-Group
X-Via
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Hacker
X-Nginx-Cache-Status
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Server-Id
X-Rq
X-WebKit-CSP
Report-To
EagleEye-TraceId
X-Ws-Request-Id
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
Request-Id
X-Cnection
X-Backend-Server
Content-Location
X-DataDome
X-Origin-Cache
X-Node
X-Cache-Lookup
X-Dns-Prefetch-Control
NEL
X-Readtime
X-Cloud-Trace-Context
X-Vhost
P3p
X-HW
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cdn
Allow
X-Clacks-Overhead
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Rack-Cache
X-Origin-Upstream-Status
X-DynaTrace
X-Country
Rating
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
Pinterest-Generated-By
X-Instart-Request-ID
X-Ruxit-JS-Agent
Edge-Control
X-TtlSet
X-PC
X-Vname
X-B3-TraceId
X-Mod-Pagespeed
X-Url
Accept-Ch
X-MS-InvokeApp
Verso
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-Trace
X-TTL
X-ESI
X-VARITI-CCR
X-Server-Name
Service-Worker-Allowed
X-GitHub-Request-Id
X-SharePointHealthScore
Content-MD5
Response
X-Middleton-Response
Pagespeed
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Sol
X-Exp-Variant
Display
X-Middleton-Display
RTSS
X-Navigation-Version
Accept-Ch-Lifetime
SPRequestDuration
SPIisLatency
X-Vcache
X-Abt-Application-Version
X-Powered-CMS
X-Debug
X-Forwarded-Proto
X-Upstream
X-Cached
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
Public-Key-Pins
Charset
X-CST
X-Version
DynaTrace
MS-Author-Via
X-NF-Request-ID
X-Amz-Rid
Realpath
Edge-Cache-Tag
X-Px
X-DynaTrace-JS-Agent
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Shard
TCN
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Shield-Request-Id
X-Ezoic-Cdn
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-Pinterest-Rid
X-Ser
Pinterest-Version
X-Fastly-Request-ID
S
X-Accel-Expires
Fastly-Restarts
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-DIS-Request-ID
X-TEC-API-ROOT
X-Client-IP
X-Goog-Stored-Content-Length
Front-End-Https
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-XRDS-Location
X-Webapp-Samesite-None-Activated-N
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-T
X-Varnish-Age
X-Element-Page-Cache
X-Goog-Storage-Class
X-FTR-DC
Cache-Tag
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-Amzn-Trace-Id
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Server-ID
Nginx-Cache
X-Dw-Request-Base-Id
X-FTR-Expires
X-Fastcgi-Cache
Fastcgi-Cache
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Frontend
NR-ENABLED
Powered
X-Hits
X-Correlation-Id
X-Hp-Webp
Alternate-Protocol
X-Kinsta-Cache
X-FTR-Cache-Host
X-Aspnetmvc-Version
X-Webkit-Csp
X-Request-Processing-Time
X-Request-Received
X-Content-Type
X-Ttl
Server-Name
ServerID
X-RateLimit-Remaining
X-Request-Handler-Origin-Region
X-N
X-Microsite
X-HS-Combine-CSS
X-Cache-Hit
TP-L2-Cache
TP-Cache
PB-PID
PB-RID
X-Mobile-Rewrite
X-Grace
Arc-Version
X-Rid
Healthy
X-Akamai-Edgescape
X-User-Agent
X-Analytics
X-Node-Name
X-Revision
Backend-Timing
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Pad
AMP-Access-Control-Allow-Source-Origin
X-Logged-In
X-Zen-Fury
X-Mobile-URL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-LB-Cache
Server-Node
X-Varnish-Grace
X-Oneagent-Js-Injection
X-AppVersion
X-Activity-Id
X-Az
X-Cached-By
Cache-Status
X-B3-Sampled
X-GUploader-UploadID
X-NWS-LOG-UUID
X-Content-Options
X-F-Cache
Refresh
X-Geo-Country
X-Ruxit-Js-Agent
X-IPLB-Instance
Upgrade-Insecure-Requests
X-Type
Retry-After
X-Varnish-Backend
FilterID
X-App-Environment
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-FastCGI-Cache
X-Tumblr-User
Accept-Charset
X-FB-Debug
X-Cache-2
Host
Paypal-Debug-Id
X-Srv
X-Jobs
X-PHP-Backend
X-B
X-Cluster
X-Framework
X-AOL-HN
DC
X-Instance
X-Page-Id
Actual-Object-TTL
X-Request-Guid
X-Debug-Info
Accept-CH-Lifetime
Access-Control-Allow-Method
Source
Accept-CH
X-WebKit-CSP-Report-Only
AR-CACHE
Cache
X-ATG-Version
AR-PoweredBy
AR-ATIME
X-TT
X-Cache-Age
X-Seen-By
X-Erf-Bev-Bev-Is-Generated
Fastcgi-Useragent
X-Erf-Bev-Bev
X-Git-Hash
MS-CV
X-Cache-Key
X-Content-Powered-By
X-Via-JSL
Ar-Sid
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-PressLabs-Stats
Host-Header
X-B-Cache
X-Signature
X-Cache-TTL
X-Amz-Replication-Status
X-TA-CDN-Provider
X-Whom
X-Cache-Control
X-Origin-Server
X-Cache-Enabled
X-Wix-Request-Id
X-Daa-Tunnel
X-Response-Served-From
NGB
X-UA
Xserver
Surrogate-Key
X-Mobile
X-ATS-Timestamp
X-RequestSource
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-GeoIP
X-Host-Name
Cache-Tv-Group
Payment
WPE-Backend
Filters
Eomportal-Instance
Datacenter
X-Cache-NE
X-Cacheable-TTL
X-FW-Type
X-Hyper-Cache
X-FW-Static
X-FW-Server
X-FW-Serve
Cleartype
X-FW-Hash
X-Adobe-Loc
X-Litespeed-Cache
X-Handled-By
X-Adobe-Content
X-Region
Frame-Options
X-SERVER
X-Cache-Action
X-Drupal-Cache-Tags
X-TX-ID
Webserver
X-EdgeConnect-Cache-Status
X-Esi
X-Load-Cache
X-XRDS-LOCATION
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
AR-Request-ID
X-Hostname
X-Cache-Rule
X-Cache-Operation
X-Akamai-Transformed
From-Origin
X-Cache-TTL-Remaining
X-Edge-Location
X-NewRelic-App-Data
X-RemovedCookies
X-ProcessESI
X-UA-Device-Type
Liferay-Portal
X-RTag
Ms-Operation-Id
X-Cache-Server
X-Forwarded-Host
X-Varnish-Hostname
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Varnish-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Rule
X-Status
Country
X-Contextid
X-App-Server
Odigeo-Trace-Id
X-Upgrade-Enabled
X-UUID
Meta-Geo
Load-Balancing
X-BCube-Filmed-By
X-RN-RSRV
X-ES-SERVER
X-Cache-Var-Map
X-Path-Route
X-Cache-Var
DSUID
X-TT-TIMESTAMP
Webcakes-App-Name
X-Rocket-Nginx-Bypass
Webcakes-Region
Webcakes-App-Version
DB-Nickname
X-VCT
X-EIG-Tracking-Id
TWC-Locale-Group
X-Debug-Cache
TWC-Privacy
X-CCM
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
Mn-Server-Ip
Release
TWC-Connection-Speed
TWC-Device-Class
X-R9-Blue-Green-Version
X-From
X-Cache-Host
X-Soup
X-Cache-Time
Origin-Cache-Control
Origin-Edge-Control
X-Cache-Config
X-ServerID
Azure-Version
Azure-SlotName
Selected-Fe
X-Origin
Cache-Name
Azure-SiteName
Azure-RegionName
X-Loop
X-OCL
X-Akamai-Request-ID
Azure-InstanceId
X-IP
X-Viewer-Country
X-Proxy-Build
L5d-Success-Class
S-Rt
X-Real-IP
X-Timing-Wait
X-Pubstack
X-TNCMS
X-Via-Fastly
X-Proxy
Cache-Tags
X-Proto
X-Hosted-By
X-Origin-Response-Time
X-Vgn-Hpd-Reason
X-Drupal-Cache-Contexts
Fastly-SSL
X-Human
X-FC-Vary-Parameters
X-FW-Dynamic
X-PCL
X-Redis-Cache
X-FireWall-Port
Viewport
X-Rendered-As
Uber-Trace-Id
X-Xfnlog-Site
X-Section
X-Web-Node
X-Is-Bot
X-JoinUs
X-Site-Version
X-Locale
X-ProxyCache-Status
X-Labrador-Cache-Channel
X-ProxyCache-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Content-Age
X-Cluster-Name
X-Backend-Name
X-Akamai-Request-ID2
X-Format
X-Generated
X-Www-Served-By
X-BYPASS-REASON
X-Varnish-Hits
X-Access
NGX
Ec-Rule-Version
X-NWS-UUID-VERIFY
Version
Decoy-Debug-Status
X-Accel-Buffering
Server-Info
Decoy-Debug-Key
Decoy-Debug-TTL
X-Varnish-Cache-Hits
S-Cnection
X-Generated-By
X-Time-Microsecs
X-Time
X-Cache-Backend
Tracecode
X-PHP-Host
X-PERF
X-ApacheServer
X-Amzn-Remapped-Content-Length
X-Info
X-Storage
X-Origin-TTL
X-Origin-CC
X-SaId
X-URL
X-Geo
Akamai-GRN
X-VCache
X-Nginx-Cache-Key
Rt-Fastcgi-Cache
X-WA-Info
X-Presslabs-Stats
Cteonnt-Length
Time
GEO-INFO
X-App-Version
X-CF-Powered-By
X-Guploader-Uploadid
X-No-Session
X-MServer
Cache-Key
X-Environment-Context
X-L-Path
Origin
X-Cache-Remote
X-Unique-Id
X-FB-TRIP-ID
Accept-Language
X-Tb
Access-Control-Request-Headers
X-Tec-Api-Origin
X-APP-VERSION
X-Backend-TTL
X-Tec-Api-Version
X-Tec-Api-Root
X-CACHE-KEY
X-GoCache-CacheStatus
X-RateLimit-Limit
X-NCache
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-Hit
X-CDN-Forward
X-EC-Lua
Cache-Hits
Vix-Hermes-Req-Id
X-TIME
X-Trace-Id
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-RCS-CacheZone
X-ShopId
X-Shopify-Generated-Cart-Token
X-Alternate-Cache-Key
X-Device-Type
X-B3-SpanId
X-Source
OT-Force-Account-Verify
X-Dc
X-Tumblr-Pixel-3
Mime-Version
X-S
X-CS
X-SS-Set-Cookie
X-OVcl-Cache
Srv
X-OVcl
Content-Script-Type
BehaviorPad-Version
Content-Style-Type
Machine
Fastcgi-X-Cache-Version
X-G
X-External-Request-Id
X-Hl-Ver
X-DPWN-IS-SECURE
IsBot
Cross-Origin-Window-Policy
Apple-News-Services-Request-Url
X-Vtex-Processado-Em
X-VG-WebCache
X-PAYTM-SRV-ID
X-Vdms-Version
X-Processor
X-Vtex-Remote-Cache
X-VG-WebServer
X-Magnolia-Registration
MD5-Digest
Arc-Country
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Endurance-Cache-Level
AsisCache
Node
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
Viewtype
VivaBuild
X-A-Dgt
X-A-Wwc
X-ARC
X-B-Cookie
X-Application
X-AIR-PT
X-Accel-Expires-Debug
X-Aed
T-Server
X-CF-Lambda-Fn
X-Date
X-D
User-Cache-Control
Mobile-Detection-Method
X-Destination
Meta-Geo-Continent
Rendered-Blocks
Request-Country
Server-Host
X-CF-Lambda-Version
Rt-Proxy-Cache
X-Connection-Hash
Request-EU
X-Detected-As
Apple-News-Services-Handled
X-Session-Fingerprint
X-Service
X-Parent-Response-Time
X-Twitter-Response-Tags
X-Request-UUID
X-SIPLIST1
X-Region-Sid
X-Svr
Xc-Version
X-Cluster-Node
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Transaction
X-ScT
X-Ah-Environment
X-Upstream-Ct
X-Server-Time
X-Trv-Group
X-Upstream-Ht
X-SRCache-Key
ServerName
ServedBy
X-Reboot
X-IN-APIGATEWAYSSL
X-Instart-Isnd
Thinkindot-CacheControl
X-Level-Front-Cache
Thinkindot-Control
Thinkindot-CacheControl-Type
X-IN-APIGATEWAY
X-Hash
X-CUA
X-Thinkindot-L3
X-Dispatch
X-Dispatcher-Server
X-Generated-On
X-Core-Value
Served-By
X-Webstats-RespID
Now
Wxu-Next-Commit
X-ND-Cache
Wxu-Next-Hostname
X-Cache-Bucket
Wxu-Next-Region
X-Via-NSCOPI
X-Location
X-Matched-Rule
Mail-Subject
We-Hiring
NtCoent-Length
X-SRV
X-CSRF-TOKEN
Proxy-Connection
X-Uri
X-Debug-Cache-Fetch
X-We-Are-Hiring
X-BBXSRF
X-Server-IP
X-Backend-State
X-Debug-Cache-Expiry
X-C
X-Thanos
X-Sucuri-Cache
X-SD-PageType
X-Core-Mission
X-Skip-Cache
X-B3-Parentspanid
X-TrackingId
X-Clara-WADP
X-Sigma-Backend
X-Sigma
X-Cache-FS-Status
X-Cdn-Srv
X-Cache-URL
X-Cache-Info
X-Debug-Cache-Store
X-Cache-Debug
X-SVT-ORM-RULES
X-Clientip
X-Cms-Context
X-Compress-Hint
X-Block-Status
X-CGP
X-SVT-ORM-VERSION
X-WebServer
X-Bip
X-Epic-Correlation-Id
X-NX-Host
X-Release
X-Old-Content-Length
X-VServer
X-RateLimit-Remaining-Second
X-VG-TLSProxy
X-Ms-Version
X-Ms-Request-Id
X-User
X-Request-Start
X-Logging-Id
X-Method
X-Reqid
X-Origin-Date
X-Origin-Expires
X-Platform-Server
X-Planisys-CDN-TTL
X-Azure-Ref-OriginShield
X-Proxy-Cache-Status
X-Proxy-Upstream
X-VC-Cache
X-Qloud-Router
X-RateLimit-Limit-Second
X-Owner
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Variation
X-LI-UUID
X-Li-Pop
X-WADP-Cache
X-Rocket-Build-Number
X-Eu-Site
X-Fastly-Cache
X-FW-Version
X-Distributor
X-Distil-CS
X-Debug-Log
X-Scheme
X-S-Maxage
X-Wikidot-Backend
X-Developers
X-Up
X-Gen-Mode
X-Is-Gdpr
X-Irp-Debug
X-JWT-State
X-Key
X-Li-Fabric
X-Request-URI
X-Wikidot-Static-Cache
X-Geo-Header
X-Generation-Time
X-GeoIP-City
X-Has-Esi
X-Hnp-Log
X-Debug-Cookies
X-App-Name
SD-X-WS
RNT-Time
RNT-Machine
Content-Disposition
Section-Io-Cache
X-Varnish-Beresp-Ttl
Server-Int
X-Azure-Ref
Ha-Gx-Prefs
Magicmarker
Cache-Host
PFcat
Adler-Geo
Platform
CDCHOST
Memcached
Pramga
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Agile-Id
Heartbleed
X-Agile-Age
HA-Ipaddr
X-Cache-Grace
X-Auto-Login
X-Amz-Meta-Cache-Control
Gh-Request-Id
X-Agile
IBM-Web2-Location
Esi-Enabled
L
Countrycode
Fastly-Soc-X-Request-Id
W
Is-Eu
Web-Mar-Node
AKAMAI
Cache-Provider
X-Nc
X-Cache-Id
X-Trafficlayer-App-Version
Kp-EeAlive
Powered-By-ChinaCache
Server-ID
X-Generated-In
X-LI-Proto
X-Swa-Ws
X-Policy
X-Internal-Host
X-Via-CDN
X-NodeID
X-MSEdge-Flight
X-MSEdge-Features
Cdncip
X-Urbn-Site-Id
Cdnsip
X-Urbn-Context-Path
X-NC
X-ServiceProvider
Locale
V-Age
True-Client-Country-4JS
X-AK-Request-ID
Environment
X-B3-Spanid
X-B3-Traceid
X-Req
X-Servername
X-Served-From
Locid
X-HTML-Minification-Powered-By
CF-IPCountry
X-Cdn-Forward
X-GRACE
X-Newrelic-Synthetics
X-Lb-Id
GEO-REGION-INFO
X-Be
X-Gamma-Serve
X-CLOUD-TRACE-CONTEXT
FNAC-ModuleRouting
Hostname
X-UnsetCookies
X-Refresh
X-Sucuri-Id
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-FPC
X-IPS-LoggedIn
X-Nginx-Cache
X-Render-Time
X-VHOST
X-Zone
ProcessTime
X-Sucuri-ID
X-NU-AKA-ACS-Version
X-Tb-Optimization-Total-Bytes-Saved
Tcn
Geo-Info
A
X-Developer
X-Webkit-CSP
X-Mode
X-MP-GENERATED-AT
X-Edge-O15-RID
X-Microcachable
X-Device-Os
X-GeoIP-Country-Code
X-Sn-Servicetimems
X-Servedbyhost
X-Cdn-Origin
X-Node-Id
X-Pjax-Url
X-Ratelimit-Remaining
X-AWS-Id
Memory
X-VWS-Id
X-LJ-Flow-ID
X-Pf-Uncompressing
X-FORWARDED-FOR
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-COUNTRY
TTL
Gannett-Cam-Experience-Id
Request-Time
X-CSRF-Token
X-Correlation-ID
X-DC
Geoip-Latitude
Resin-Trace
GeoIp-Country-Code
Amp-Access-Control-Allow-Source-Origin
X-Bc
CF-Cached-On
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Pics-Label
X-VCL-Version
X-Pod
Cf-Ipcountry
X-Ratelimit-Limit
PICS-Label
GeoIP-Latitude
Cdn
M-TraceId
Group
GeoIP-Country-Code
GeoIP-City
X-Via-Edge
X-Vcl-Version
X-Via-SSL
HostName
X-ZONE
X-Request-Time
X-Unique-ID
X-Swift-Error
Geoip-City
X-Cdn-Request-ID
X-ECACHE
Host-ID
X-Instart-Info
X-NODE
XServer
X-ElasticPress-Search
MIME-Version
Ttl
X-Backend-Url
X-TH-Server
X-NGINX-Cache
X-Var-Ttl
X-Backend-Host
X-PF-Uncompressing
Ohc-File-Size
X-BC
X-Check-Cacheable
HitType
Backend-Name
Ohc-Cache-HIT
X-APP
URI
N-Cache
Powered-By
Lfy
X-NGENIX-Cache
Pagetype
REQUESTUUID
X-UPSTREAM-Address
Fly-Cache
X-ServedByHost
Media-Length
On-Server
X-Fastly-Country-Code
SRV
Fly-Request-Id
X-Fstrz
Cache-Prefix
User-Agent
X-PJAX-URL
X-HostName
X-HS-Status
X-Via-Ucdn
X-Worker
X-WR-MODIFICATION
X-Tt-Trace-Tag
X-Aicache-OS
X-Cache-Tag
X-LiteSpeed-Cache-Control
X-Tt-Trace-Host
FSS-Proxy
X-Fetched-On
X-Sedo-Request-Id
Pragrma
CDN
X-WA
X-Hp-Ccpa-Warning
X-Cache-Miss-From
FSS-Cache
Who
AR-SID
X-BE
UCS
X-Server-W
X-NYM-Debug-Backend
Fastly-SWR
X-Varnish-Cacheable
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-LAGOON
X-LB-ID
Fastly-SIE
X-Varnish-URL
X-GEO
X-Fpc
Processtime
X-Cache-Tags
X-Wa
X-Cf-Powered-By
X-Contensis-Viewer-Groups
X-Upstream-HT
X-Cache-ASPX
Server-Cache-Control
Server-Surrogate-Control
X-Store
X-Fastly-Backend-Reqs
X-Varnish-Authentication
Debug
X-Upstream-CT
X-ServerName
X-Ftr-Cache-Host
X-Ua
Location
Country-Code
Fastly-Backend-Name
X-Akamai-ERRuleID
X-Varnish-Beresp-TTL
X-Akamai-ERPolicy
X-TT-LOGID
X-Protected-By
X-Amzn-Remapped-Date
X-Dw-Trace-Id
X-GDPR
Thinkindot-Cache-Type
X-Amzn-Remapped-Connection
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
Server-Id
X-Li-Proto
X-Apw-Access-Token
WP-Super-Cache
Product
Cneonction
XxX-Cache-Status
X-Request-Url
NnCoection
Application
X-Fastly-Cache-Hits
X-VC
Xet-Cookie
X-SB
SID
X-Gen-Id
X-Nananana