Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Kinja-Server-Push
X-Turbo-Charged-By
CF-Ray
X-AH-Environment
X-Via
X-Age
X-Cache-Group
X-Pass-Why
X-Backend
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Request-Context
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-Rq
Report-To
X-Server-Id
EagleEye-TraceId
X-Response-Time
X-Ac
X-Host
X-OneAgent-JS-Injection
Request-Id
X-Cnection
X-Backend-Server
X-Node
X-DataDome
X-Ws-Request-Id
Content-Location
X-Origin-Cache
X-Cache-Lookup
X-Cloud-Trace-Context
X-Readtime
NEL
X-Dns-Prefetch-Control
X-Vhost
X-Application-Context
X-Dispatcher
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
P3p
X-Cdn
Allow
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
Surrogate-Control
X-DynaTrace
Rating
X-Country
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
X-FTR-Request-ID
X-Akam-SW-Version
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
X-Ruxit-JS-Agent
X-Instart-Request-ID
Pinterest-Generated-By
X-TtlSet
X-Vname
X-PC
Edge-Control
X-MS-InvokeApp
X-Url
X-Mod-Pagespeed
X-B3-TraceId
Verso
SPRequestGuid
X-Powered-By-Plesk
Accept-Ch
X-ESI
X-D2id
X-Trace
X-VARITI-CCR
X-SharePointHealthScore
Response
X-Server-Name
Pagespeed
X-Sol
X-Middleton-Response
X-GitHub-Request-Id
Service-Worker-Allowed
Display
X-Middleton-Display
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
RTSS
Content-MD5
SPRequestDuration
SPIisLatency
X-Navigation-Version
X-Powered-CMS
X-Abt-Application-Version
X-Debug
X-Vcache
X-TTL
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
X-Upstream
Charset
Public-Key-Pins
X-Vcap-Request-Id
X-Cached
Accept-Ch-Lifetime
MS-Author-Via
DynaTrace
X-NF-Request-ID
X-CST
X-Version
X-Amz-Rid
Edge-Cache-Tag
X-Server-ID
Realpath
X-Px
MicrosoftSharePointTeamServices
X-Shard
TCN
Arr-Disable-Session-Affinity
X-Trafficlayer-App-Scope
X-Ezoic-Cdn
X-Trafficlayer-App-Name
X-XRDS-Location
Access-Control-Request-Method
X-MSEdge-Ref
Pinterest-Version
X-Shield-Request-Id
X-Pinterest-Rid
X-Ser
X-SRCache-Store-Status
Fastly-Restarts
X-SRCache-Fetch-Status
S
X-Fastly-Request-ID
X-Accel-Expires
X-DynaTrace-JS-Agent
X-DIS-Request-ID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-TEC-API-ROOT
X-Recruiting
X-TEC-API-ORIGIN
Front-End-Https
X-TEC-API-VERSION
X-Client-IP
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-Id
X-T
Nginx-Cache
X-Element-Page-Cache
X-Varnish-Age
X-Ttl
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-FTR-Cache-Status
X-FTR-Balancer
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Country-Code-Real
Cache-Tag
X-Amzn-Trace-Id
X-FTR-Expires
X-Dw-Request-Base-Id
X-Webapp-Samesite-None-Activated-N
Fastcgi-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
X-HS-Cache-Config
X-Content-Digest
NR-ENABLED
Powered
X-Fastcgi-Cache
X-Hits
X-Correlation-Id
X-Kinsta-Cache
X-Hp-Webp
Alternate-Protocol
X-FTR-Cache-Host
X-Request-Received
X-RateLimit-Remaining
ServerID
X-Request-Processing-Time
X-Grace
X-Content-Type
X-HS-Combine-CSS
X-N
X-Aspnetmvc-Version
Server-Name
X-Cache-Hit
X-Request-Handler-Origin-Region
X-Microsite
X-Webkit-Csp
PB-RID
PB-PID
TP-Cache
X-Node-Name
Arc-Version
X-Mobile-Rewrite
TP-L2-Cache
X-Rid
X-User-Agent
Healthy
X-Revision
X-Akamai-Edgescape
X-Analytics
X-Forwarded-For
Backend-Timing
AMP-Access-Control-Allow-Source-Origin
X-Content-Security-Policy-Report-Only
Accept-CH
X-Zen-Fury
Accept-CH-Lifetime
X-Logged-In
Server-Node
X-Pad
X-LB-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Mobile-URL
X-Activity-Id
X-AppVersion
X-Az
X-GUploader-UploadID
X-NWS-LOG-UUID
X-Varnish-Grace
X-Cached-By
Cache-Status
X-B3-Sampled
X-FastCGI-Cache
X-Oneagent-Js-Injection
X-IPLB-Instance
X-Content-Options
X-F-Cache
Refresh
Retry-After
X-Type
Upgrade-Insecure-Requests
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Geo-Country
X-Ruxit-Js-Agent
FilterID
X-Varnish-Backend
Paypal-Debug-Id
X-Tumblr-Pixel-0
X-App-Environment
X-Tumblr-Pixel
X-Tumblr-User
Source
X-FB-Debug
X-Instance
Access-Control-Allow-Method
X-Framework
X-Jobs
X-Cluster
DC
X-PHP-Backend
X-Debug-Info
X-Request-Guid
Host
Actual-Object-TTL
X-Page-Id
Accept-Charset
X-WebKit-CSP-Report-Only
X-AOL-HN
X-B
X-Srv
X-Litespeed-Cache
X-Cache-2
X-Cache-Age
Ar-Sid
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-ATG-Version
Cache
X-Seen-By
X-Via-JSL
X-TT
Fastcgi-Useragent
X-Cache-Key
MS-CV
X-Git-Hash
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-TTL
X-PressLabs-Stats
X-Whom
X-Amz-Replication-Status
X-Signature
X-B-Cache
X-UA
X-TA-CDN-Provider
Host-Header
X-Cache-Control
X-Daa-Tunnel
X-Wix-Request-Id
AR-Request-ID
Surrogate-Key
X-Host-Name
X-Response-Served-From
NGB
X-Cache-Enabled
X-Origin-Server
X-RequestSource
X-Mobile
Cache-Tv-Group
X-Tumblr-Pixel-1
WPE-Backend
Frame-Options
X-Tumblr-Pixel-2
X-GeoIP
Payment
Eomportal-Instance
X-Handled-By
X-Hyper-Cache
Filters
X-Region
X-FW-Hash
X-FW-Static
X-TX-ID
X-FW-Type
X-FW-Server
Cleartype
X-FW-Serve
X-Cache-Action
X-Cacheable-TTL
X-Drupal-Cache-Tags
X-EdgeConnect-Cache-Status
X-Adobe-Loc
X-Adobe-Content
X-Cache-NE
X-Kong-Proxy-Latency
X-Cache-Rule
Webserver
X-Kong-Upstream-Latency
X-Cache-Operation
Xserver
X-Hostname
X-NewRelic-App-Data
From-Origin
X-SERVER
X-ATS-Timestamp
Datacenter
X-RemovedCookies
X-ProcessESI
X-UA-Device-Type
X-Akamai-Transformed
X-Load-Cache
X-Esi
X-Forwarded-Host
X-RTag
X-Edge-Location
Ms-Operation-Id
X-Cache-TTL-Remaining
Liferay-Portal
X-Cache-Server
X-Yottaa-Metrics
X-App-Server
X-Time
X-Yottaa-Optimizations
X-Status
X-Contextid
X-Varnish-Server
X-Varnish-Hostname
X-Rule
X-VCache
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
Country
Odigeo-Trace-Id
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-BCube-Filmed-By
X-Upgrade-Enabled
X-TT-TIMESTAMP
X-Cache-Var
X-RN-RSRV
X-Path-Route
X-ES-SERVER
X-Cache-Var-Map
Meta-Geo
Load-Balancing
Tracecode
X-UUID
DSUID
X-Xfnlog-Site
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
X-Cache-Config
X-VCT
X-Pubstack
Release
X-OCL
X-PCL
Mn-Server-Ip
Cache-Tags
TWC-Connection-Speed
X-R9-Blue-Green-Version
TWC-GeoIP-Country
X-Origin-Hint
X-Viewer-Country
TWC-Device-Class
X-Rocket-Nginx-Bypass
X-Debug-Cache
X-CCM
Property-Id
X-Akamai-Request-ID2
X-Akamai-Request-ID
Selected-Fe
X-Cache-Host
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-EIG-Tracking-Id
S-Rt
NGX
Azure-Version
Azure-SlotName
Azure-SiteName
Cache-Name
DB-Nickname
L5d-Success-Class
Fastly-SSL
X-FW-Dynamic
X-Goog-Meta-Goog-Reserved-File-Mtime
X-TNCMS
X-Timing-Wait
X-Soup
X-Vgn-Hpd-Reason
X-Via-Fastly
X-From
X-Web-Node
X-Real-IP
X-Proxy-Build
X-Human
X-Hosted-By
X-IP
X-Loop
X-Proto
X-Origin-Response-Time
Azure-RegionName
X-Proxy
Azure-InstanceId
X-NWS-UUID-VERIFY
X-Redis-Cache
X-ApacheServer
X-Access
X-Section
X-Format
X-Varnish-Cache-Hits
X-Generated
X-Cache-Time
Origin-Cache-Control
X-Content-Age
X-Www-Served-By
S-Cnection
Viewport
Origin-Edge-Control
X-Backend-Name
X-Site-Version
X-PERF
X-ServerID
Server-Info
X-Locale
X-FireWall-Port
Decoy-Debug-Key
Decoy-Debug-Status
X-Origin
Ec-Rule-Version
Version
Decoy-Debug-TTL
X-Labrador-Cache-Channel
X-Cluster-Name
X-Time-Microsecs
X-Rendered-As
X-Is-Bot
X-JoinUs
X-ProxyCache-Status
X-BYPASS-REASON
Uber-Trace-Id
X-ProxyCache-Key
X-XRDS-LOCATION
X-Varnish-Hits
X-Storage
X-Generated-By
X-Info
X-Tec-Api-Version
X-Tec-Api-Origin
X-Accel-Buffering
X-Tec-Api-Root
X-Cache-Backend
X-B3-Traceid
X-Origin-CC
X-PHP-Host
X-Origin-TTL
X-Amzn-Remapped-Content-Length
Rt-Fastcgi-Cache
Akamai-GRN
X-App-Version
X-URL
X-RateLimit-Limit
X-WA-Info
Time
X-CF-Powered-By
Cache-Key
X-Nginx-Cache-Key
Cteonnt-Length
X-SaId
X-Presslabs-Stats
X-Geo
X-No-Session
GEO-INFO
X-Cache-Remote
X-Environment-Context
Origin
X-L-Path
X-MServer
X-Unique-Id
Accept-Language
X-Guploader-Uploadid
X-GoCache-CacheStatus
X-Backend-TTL
Cache-Hits
Vix-Hermes-Req-Id
X-NCache
X-FB-TRIP-ID
X-Tb
X-CDN-Forward
Access-Control-Request-Headers
X-Trace-Id
X-Hit
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
Srv
X-SS-Set-Cookie
X-CACHE-KEY
X-APP-VERSION
X-B3-SpanId
X-Device-Type
X-Tumblr-Pixel-3
X-CS
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-OVcl-Cache
X-OVcl
X-CSRF-TOKEN
X-S
X-Parent-Response-Time
X-EC-Lua
User-Cache-Control
X-SRV
NtCoent-Length
X-Cluster-Node
ServedBy
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
Cross-Origin-Window-Policy
BehaviorPad-Version
X-A-Dgt
IsBot
Request-Country
X-A-Dcw
Request-EU
X-Application
X-ARC
X-B-Cookie
X-Session-Fingerprint
X-SIPLIST1
X-AIR-PT
X-RCS-CacheZone
X-Svr
X-SRCache-Key
OT-Force-Account-Verify
Rt-Proxy-Cache
AsisCache
Viewtype
VivaBuild
X-CF-Lambda-Fn
Node
T-Server
Server-Host
Rendered-Blocks
Apple-News-Services-Host
Apple-News-Services-Handled
Mobile-Detection-Method
Meta-Geo-Continent
Arc-Country
X-A
X-A-Ccd
X-A-Dam
Content-Style-Type
Content-Script-Type
MD5-Digest
Apple-News-Services-Request-Url
Machine
Apple-News-Services-Parsed-Url
X-Server-Time
Xc-Version
X-Service
X-Hl-Ver
X-Vtex-Remote-Cache
X-Request-UUID
X-G
X-Detected-As
X-DPWN-IS-SECURE
X-External-Request-Id
X-Cache-Grace
X-Processor
X-Twitter-Response-Tags
X-Vdms-Version
X-VG-WebCache
X-VG-WebServer
Fastcgi-X-Cache-Version
X-PAYTM-SRV-ID
X-Trv-Group
X-Vtex-Processado-Em
X-Destination
X-Region-Sid
X-Date
X-Connection-Hash
X-CF-Lambda-Version
X-S-Cookie
X-ScT
X-Transaction
X-Rewrite-Enabled
X-D
X-Rojux
X-Endurance-Cache-Level
X-Magnolia-Registration
X-Source
ServerName
X-Dc
X-Proxy-Upstream
X-Cache-Bucket
X-Cache-Info
X-Instart-Isnd
X-Block-Status
X-Level-Front-Cache
X-Proxy-Cache-Status
X-Matched-Rule
Served-By
X-Ms-Request-Id
X-Core-Value
X-NX-Host
X-Location
X-Ms-Version
Thinkindot-CacheControl
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Generated-On
X-Gen-Mode
X-Thinkindot-L3
X-Dispatch
X-Debug-Log
X-Debug-Cookies
X-Hash
X-CUA
X-RateLimit-Limit-Second
Thinkindot-Control
X-IN-APIGATEWAY
Server-Int
X-RateLimit-Remaining-Second
Web-Mar-Node
X-Reboot
X-Webstats-RespID
X-Hnp-Log
X-IN-APIGATEWAYSSL
Thinkindot-CacheControl-Type
CDCHOST
Mime-Version
X-Uri
X-Ah-Environment
Proxy-Connection
X-B3-Parentspanid
X-Cache-Debug
Mail-Subject
X-Clientip
We-Hiring
X-C
X-Request-URI
X-Clara-WADP
X-Reqid
X-Bip
X-Cdn-Srv
X-Cache-URL
X-CGP
X-Rocket-Build-Number
X-Sigma
X-Agile-Age
X-Agile-Id
X-Sigma-Backend
X-Skip-Cache
X-SVT-ORM-RULES
X-Sucuri-Cache
X-Server-IP
X-App-Name
X-Backend-State
X-Cms-Context
X-Scheme
X-Azure-Ref-OriginShield
X-Auto-Login
X-Azure-Ref
X-BBXSRF
X-Core-Mission
X-Origin-Expires
X-Origin-Date
X-FW-Version
X-Fastly-Cache
X-Varnish-Beresp-Grace
X-Planisys-CDN-Cache
X-Eu-Site
Esi-Enabled
X-Logging-Id
X-GeoIP-City
X-Has-Esi
X-Geo-Header
X-Generation-Time
X-Generated-In
X-Method
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Qloud-Router
X-Upstream-Ht
X-Release
X-SVT-ORM-VERSION
X-Debug-Cache-Store
X-Upstream-Ct
X-Distil-CS
X-Varnish-Beresp-Status
X-Dispatcher-Server
X-Varnish-Beresp-Ttl
X-Policy
X-Developers
X-Compress-Hint
X-Agile
X-We-Are-Hiring
X-Swa-Ws
PFcat
Now
X-Wikidot-Static-Cache
X-Wikidot-Backend
Pramga
Cache-Host
RNT-Time
Section-Io-Cache
RNT-Machine
X-VC-Cache
X-VServer
X-VG-TLSProxy
Memcached
Magicmarker
HA-Ipaddr
Heartbleed
Ha-Gx-Prefs
Gh-Request-Id
Fastly-Soc-X-Request-Id
X-Key
IBM-Web2-Location
X-Via-NSCOPI
X-JWT-State
Content-Disposition
L
Kp-EeAlive
Countrycode
AKAMAI
X-WADP-Cache
X-TrackingId
X-User
X-Up
X-Irp-Debug
W
X-Thanos
X-Is-Gdpr
Cache-Provider
X-Via-CDN
X-NC
True-Client-Country-4JS
X-ServiceProvider
Locale
Cdncip
X-Li-Pop
Cdnsip
X-S-Maxage
X-MSEdge-Features
X-Distributor
X-Old-Content-Length
X-LI-UUID
X-ND-Cache
X-NodeID
X-Epic-Correlation-Id
X-Owner
X-Platform-Server
Is-Eu
X-Internal-Host
X-MSEdge-Flight
X-TIME
X-Cache-FS-Status
X-Cache-Id
X-Li-Fabric
X-SD-PageType
X-Variation
Adler-Geo
SD-X-WS
X-Request-Start
X-Urbn-Site-Id
X-WebServer
X-AK-Request-ID
Platform
X-Amz-Meta-Cache-Control
X-Urbn-Context-Path
X-Nc
V-Age
X-LI-Proto
Hostname
X-Servername
X-Trafficlayer-App-Version
Server-ID
X-UnsetCookies
Powered-By-ChinaCache
X-B3-Spanid
CF-IPCountry
Environment
X-Lb-Id
GEO-REGION-INFO
X-Be
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Sucuri-Id
X-Cdn-Forward
X-GRACE
X-Newrelic-Synthetics
X-Req
FNAC-ModuleRouting
X-Served-From
X-FPC
Locid
X-HTML-Minification-Powered-By
X-Nginx-Cache
X-Servedbyhost
A
X-Refresh
X-Gamma-Serve
Geo-Info
X-Developer
X-Device-Os
X-Sn-Servicetimems
X-Cdn-Origin
X-VHOST
X-Microcachable
X-Edge-O15-RID
X-Render-Time
Tcn
X-Node-Id
X-Sucuri-ID
ProcessTime
X-IPS-LoggedIn
X-Webkit-CSP
Memory
X-Zone
X-Tb-Optimization-Total-Bytes-Saved
X-NU-AKA-ACS-Version
X-MP-GENERATED-AT
Request-Time
X-GeoIP-Country-Code
X-Pjax-Url
X-AWS-Id
X-Mode
X-VWS-Id
X-LJ-Flow-ID
X-Ratelimit-Remaining
X-Pf-Uncompressing
X-DC
XServer
X-FORWARDED-FOR
X-VCL-Version
X-COUNTRY
Gannett-Cam-Experience-Id
Resin-Trace
X-Correlation-ID
X-ZONE
Amp-Access-Control-Allow-Source-Origin
GeoIp-Country-Code
Pics-Label
X-Routing-Service
X-Zipkin-Id
X-Proxied
Group
Geoip-Latitude
CF-Cached-On
MIME-Version
X-ElasticPress-Search
X-Instart-Info
GeoIP-Latitude
X-Pod
TTL
GeoIP-Country-Code
X-ECACHE
PICS-Label
Geoip-City
Cf-Ipcountry
X-Dynatrace-Js-Agent
X-Via-SSL
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
GeoIP-City
Cache-Cookie-Set-Lfrom
X-Backend-Host
X-Via-Edge
X-Var-Ttl
X-Backend-Url
M-TraceId
X-Bc
Ttl
X-CSRF-Token
X-Unique-ID
X-BC
X-NGENIX-Cache
Backend-Name
HostName
Cdn
Host-ID
X-CLOUD-TRACE-CONTEXT
Ohc-Cache-HIT
Ohc-File-Size
REQUESTUUID
N-Cache
Pagetype
X-APP
X-Check-Cacheable
X-Request-Time
X-Cdn-Request-ID
X-PF-Uncompressing
Lfy
X-Ratelimit-Limit
X-Vcl-Version
X-Swift-Error
X-TH-Server
X-Fstrz
Cache-Prefix
X-PJAX-URL
HitType
Fly-Request-Id
X-NGINX-Cache
Fly-Cache
URI
X-Worker
X-Via-Ucdn
X-Fastly-Country-Code
X-UPSTREAM-Address
On-Server
X-Tt-Trace-Tag
X-Cache-Tag
User-Agent
X-GEO
X-Cache-Miss-From
Pragrma
Powered-By
X-Sedo-Request-Id
X-HostName
X-LiteSpeed-Cache-Control
X-ServedByHost
X-Server-W
X-WR-MODIFICATION
X-HS-Status
Media-Length
CDN
X-Fetched-On
SRV
X-Upstream-CT
Fastly-SWR
X-WA
X-Rebelmouse-Cache-Control
X-Aicache-OS
Who
X-Wa
X-Upstream-HT
X-Rebelmouse-Surrogate-Control
Fastly-SIE
AR-SID
X-Tt-Trace-Host
X-BE
X-Hp-Ccpa-Warning
UCS
FSS-Proxy
X-Varnish-Cacheable
FSS-Cache
X-Fpc
X-LAGOON
X-Varnish-URL
X-TT-LOGID
X-LB-ID
X-Cf-Powered-By
DataCenter
Debug
X-ServerName
X-Fastly-Backend-Reqs
Processtime
X-GDPR
X-Cache-Tags
X-NYM-Debug-Backend
X-Store
Server-Id
X-Ua
X-Ftr-Cache-Host
Server-Cache-Control
X-Varnish-Authentication
Server-Surrogate-Control
X-Protected-By
X-Contensis-Viewer-Groups
X-Cache-ASPX
Country-Code
Cdn-Request-Time
X-Varnish-Beresp-TTL
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Cdn-Host
X-Edge-Server
X-SN
X-RPS
X-SB
XxX-Cache-Status
X-RSL
X-ABtesting
X-Action
Cneonction
X-VC
X-DI
X-DSS
X-DW
X-Flog
X-DB
X-RateLimit-Reset
Xet-Cookie
WP-Super-Cache
X-RPM
Warning
Requestid
X-Request-Url
Thinkindot-Cache-Type
X-Dw-Trace-Id
X-Li-Proto
SID
X-Fastly-Cache-Hits
X-Gen-Id
Product
X-LiteSpeed-Tag
X-Amzn-Remapped-Date
X-Nananana
Application
X-Hello
LB
NnCoection
X-Amzn-Remapped-Connection
Get-Access-Time
Is-Session-Tracking
SS