Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
X-Powered-By
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
X-Ua-Compatible
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
CF-Ray
X-Turbo-Charged-By
X-AH-Environment
X-Age
X-Cache-Group
X-Pass-Why
X-Via
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Hacker
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Feature-Policy
Server-Timing
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Device
X-Rq
X-WebKit-CSP
Report-To
X-Ws-Request-Id
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Host
X-Response-Time
X-Ac
Request-Id
X-Cnection
X-OneAgent-JS-Injection
X-Backend-Server
Content-Location
X-Origin-Cache
X-DataDome
X-Node
NEL
X-Cache-Lookup
X-Readtime
X-Cloud-Trace-Context
X-Vhost
P3p
X-HW
X-Dispatcher
X-ORACLE-DMS-ECID
X-Application-Context
X-ORACLE-DMS-RID
X-Cdn
Allow
Surrogate-Control
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
Rating
X-Country
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
Edge-Control
X-Instart-Request-ID
X-PC
X-TtlSet
X-Vname
Pinterest-Generated-By
X-B3-TraceId
X-Mod-Pagespeed
X-Url
Accept-Ch
X-Ruxit-JS-Agent
X-MS-InvokeApp
Verso
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-TTL
X-Trace
X-ESI
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
Content-MD5
Service-Worker-Allowed
X-SharePointHealthScore
Pagespeed
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
Response
X-Middleton-Response
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Sol
X-Cdn-Fetch
X-Use-Magma
RTSS
X-Middleton-Display
Display
X-Vcache
Accept-Ch-Lifetime
X-Navigation-Version
X-Abt-Application-Version
SPRequestDuration
X-Powered-CMS
SPIisLatency
X-Debug
X-Forwarded-Proto
X-Upstream
X-Cached
X-Amz-Server-Side-Encryption
Public-Key-Pins
X-Vcap-Request-Id
Charset
X-Version
X-CST
MS-Author-Via
DynaTrace
X-NF-Request-ID
X-Amz-Rid
Edge-Cache-Tag
Realpath
X-Px
X-DynaTrace-JS-Agent
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-Shard
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Shield-Request-Id
X-Ezoic-Cdn
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
Access-Control-Request-Method
X-Accel-Expires
TCN
X-Pinterest-Rid
Pinterest-Version
S
X-Ser
X-DIS-Request-ID
Fastly-Restarts
X-Client-IP
X-Webapp-Samesite-None-Activated-N
Front-End-Https
X-Goog-Stored-Content-Length
X-XRDS-Location
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-T
X-Id
X-Varnish-Age
X-Element-Page-Cache
Cache-Tag
X-Goog-Storage-Class
X-Webkit-Csp
X-Amzn-Trace-Id
X-FTR-DC
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Realm
X-Dw-Request-Base-Id
X-Server-ID
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-FTR-Expires
X-Fastcgi-Cache
Nginx-Cache
Fastcgi-Cache
X-Content-Digest
X-Frontend
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
NR-ENABLED
X-Hits
Powered
X-Correlation-Id
X-Hp-Webp
Alternate-Protocol
X-Kinsta-Cache
X-Oneagent-Js-Injection
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Aspnetmvc-Version
X-Content-Type
X-Request-Processing-Time
X-Request-Received
X-Ttl
Server-Name
X-HS-Combine-CSS
ServerID
X-Request-Handler-Origin-Region
X-Microsite
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
TP-L2-Cache
TP-Cache
X-Rid
X-N
X-Cache-Hit
Healthy
X-Akamai-Edgescape
X-Grace
X-Pad
X-Forwarded-For
X-User-Agent
X-Revision
Backend-Timing
X-Analytics
X-Ruxit-Js-Agent
X-Content-Security-Policy-Report-Only
X-Node-Name
X-Logged-In
X-Mobile-URL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Zen-Fury
AMP-Access-Control-Allow-Source-Origin
X-LB-Cache
X-Varnish-Grace
Server-Node
X-Cached-By
X-AppVersion
X-Az
X-Activity-Id
X-B3-Sampled
Cache-Status
X-Content-Options
X-F-Cache
Refresh
X-Geo-Country
Upgrade-Insecure-Requests
X-GUploader-UploadID
X-NWS-LOG-UUID
X-Type
X-IPLB-Instance
X-Varnish-Backend
FilterID
Retry-After
X-Cache-2
X-Tumblr-Pixel-0
X-App-Environment
X-Tumblr-User
X-Tumblr-Pixel
X-Jobs
X-FB-Debug
Host
X-Srv
Accept-Charset
Actual-Object-TTL
DC
X-AOL-HN
Paypal-Debug-Id
X-B
X-Framework
X-Request-Guid
X-PHP-Backend
X-Page-Id
X-Instance
X-Debug-Info
Accept-CH-Lifetime
X-Cluster
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
Source
Accept-CH
X-ATG-Version
X-TT
AR-ATIME
AR-CACHE
AR-PoweredBy
Cache
Fastcgi-Useragent
X-PressLabs-Stats
X-Cache-Age
X-FastCGI-Cache
X-Git-Hash
X-Seen-By
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
MS-CV
X-Cache-Key
X-Content-Powered-By
X-Signature
X-B-Cache
Host-Header
VIX-Pulpo-Node
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
X-Via-JSL
Ar-Sid
Xserver
X-TA-CDN-Provider
X-Cache-TTL
X-Origin-Server
X-ATS-Timestamp
X-Whom
X-Cache-Enabled
X-Cache-Control
X-Mobile
X-Wix-Request-Id
NGB
X-Response-Served-From
X-Daa-Tunnel
Surrogate-Key
X-UA
X-RequestSource
X-GeoIP
Cache-Tv-Group
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-Cache-NE
X-FW-Hash
WPE-Backend
Payment
Datacenter
Eomportal-Instance
Filters
X-Hyper-Cache
Cleartype
X-Cacheable-TTL
Frame-Options
X-Adobe-Loc
X-Adobe-Content
X-Litespeed-Cache
X-Host-Name
X-Handled-By
X-SERVER
X-Region
X-TX-ID
X-Cache-Action
Webserver
X-Drupal-Cache-Tags
X-Esi
X-Load-Cache
X-XRDS-LOCATION
X-Kong-Upstream-Latency
X-EdgeConnect-Cache-Status
X-Kong-Proxy-Latency
X-Akamai-Transformed
X-Cache-Rule
From-Origin
X-Cache-Operation
X-Edge-Location
AR-Request-ID
X-Cache-TTL-Remaining
X-Hostname
X-NewRelic-App-Data
X-RemovedCookies
X-ProcessESI
X-UA-Device-Type
Liferay-Portal
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Varnish-Hostname
Ms-Operation-Id
X-RTag
X-Cache-Server
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Varnish-Server
X-Forwarded-Host
X-Rule
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Status
Country
X-Upgrade-Enabled
X-Contextid
Odigeo-Trace-Id
X-UUID
X-App-Server
Meta-Geo
X-Path-Route
X-RN-RSRV
X-Cache-Var-Map
Load-Balancing
X-Cache-Var
X-ES-SERVER
X-From
DSUID
X-BCube-Filmed-By
X-R9-Blue-Green-Version
Release
TWC-Device-Class
X-Origin-Hint
TWC-GeoIP-Country
X-EIG-Tracking-Id
Webcakes-App-Name
TWC-Connection-Speed
X-Debug-Cache
X-CCM
TWC-Privacy
DB-Nickname
Webcakes-Region
Mn-Server-Ip
Webcakes-App-Version
TWC-GeoIP-LatLong
X-TT-TIMESTAMP
X-VCT
TWC-Locale-Group
X-Rocket-Nginx-Bypass
Property-Id
X-Cache-Time
X-Cache-Host
X-Cache-Config
X-BYPASS-REASON
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-Hosted-By
X-FW-Dynamic
X-FireWall-Port
X-Akamai-Request-ID
Uber-Trace-Id
Fastly-SSL
Cache-Tags
Cache-Name
L5d-Success-Class
Origin-Cache-Control
Selected-Fe
S-Rt
Origin-Edge-Control
X-Human
X-IP
X-Soup
X-ServerID
X-Real-IP
X-Timing-Wait
X-TNCMS
X-Viewer-Country
X-Via-Fastly
X-Vgn-Hpd-Reason
X-Pubstack
X-ProxyCache-Status
X-Origin
X-OCL
X-Loop
X-Origin-Response-Time
X-PCL
X-Proxy-Build
X-Proxy
X-Proto
Azure-Version
X-ProxyCache-Key
Azure-InstanceId
X-Accel-Buffering
X-Redis-Cache
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-Xfnlog-Site
X-Www-Served-By
X-Akamai-Request-ID2
X-Content-Age
X-Section
X-Backend-Name
X-Access
X-Format
X-JoinUs
X-Varnish-Hits
X-Rendered-As
X-Site-Version
X-Locale
X-Labrador-Cache-Channel
X-Is-Bot
Viewport
X-Generated
X-Cluster-Name
Version
Ec-Rule-Version
X-Web-Node
Decoy-Debug-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
NGX
Decoy-Debug-TTL
Decoy-Debug-Status
X-Generated-By
X-Time-Microsecs
X-Cache-Backend
X-Varnish-Cache-Hits
X-PHP-Host
Server-Info
S-Cnection
X-SaId
X-NWS-UUID-VERIFY
X-Amzn-Remapped-Content-Length
X-PERF
X-ApacheServer
X-App-Version
X-Info
X-Storage
Akamai-GRN
X-Geo
X-URL
X-Origin-CC
Tracecode
X-Origin-TTL
X-Nginx-Cache-Key
X-WA-Info
X-Time
Rt-Fastcgi-Cache
X-No-Session
X-MServer
Cteonnt-Length
X-Environment-Context
Time
X-CF-Powered-By
X-Guploader-Uploadid
X-L-Path
Origin
X-Cache-Remote
X-RateLimit-Limit
X-TIME
X-Tb
Access-Control-Request-Headers
X-FB-TRIP-ID
Accept-Language
Cache-Key
GEO-INFO
X-EC-Lua
X-Presslabs-Stats
X-CACHE-KEY
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Unique-Id
X-GoCache-CacheStatus
X-B3-SpanId
X-RCS-CacheZone
X-NCache
X-Backend-TTL
Cache-Hits
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Hit
Vix-Hermes-Req-Id
Mime-Version
X-Alternate-Cache-Key
X-ShopId
X-ShardId
X-Shopify-Generated-Cart-Token
X-Source
X-APP-VERSION
X-VCache
X-Dc
OT-Force-Account-Verify
X-Trace-Id
X-Device-Type
X-CDN-Forward
X-Upstream-Ct
X-CS
X-Tumblr-Pixel-3
X-Upstream-Ht
X-S
Srv
X-Endurance-Cache-Level
X-ARC
Request-Country
X-Application
Viewtype
X-A-Wwc
X-Magnolia-Registration
Request-EU
X-B-Cookie
X-Aed
Server-Host
Rt-Proxy-Cache
T-Server
X-A-Dgt
VivaBuild
X-A
X-CF-Lambda-Fn
X-A-Ccd
X-CF-Lambda-Version
X-A-Dam
X-Connection-Hash
User-Cache-Control
Node
Rendered-Blocks
X-Accel-Expires-Debug
X-AIR-PT
X-A-Dcw
Apple-News-Services-Handled
Cross-Origin-Window-Policy
Fastcgi-X-Cache-Version
X-ND-Cache
X-PAYTM-SRV-ID
X-Svr
BehaviorPad-Version
IsBot
X-Trv-Group
Mobile-Detection-Method
Arc-Country
X-Transaction
AsisCache
X-Processor
Content-Style-Type
X-Session-Fingerprint
X-S-Cookie
X-ScT
X-Server-Time
X-Service
X-SIPLIST1
X-Rojux
X-Region-Sid
X-SRCache-Key
X-Request-UUID
X-Rewrite-Enabled
X-Twitter-Response-Tags
Apple-News-Services-Request-Url
X-DPWN-IS-SECURE
MD5-Digest
X-External-Request-Id
X-G
X-OVcl
X-Detected-As
X-Destination
X-Ah-Environment
Meta-Geo-Continent
X-D
X-Date
Xc-Version
X-Vtex-Remote-Cache
Machine
X-VG-WebCache
X-VG-WebServer
X-Vdms-Version
X-Parent-Response-Time
X-OVcl-Cache
Apple-News-Services-Host
Content-Script-Type
Apple-News-Services-Parsed-Url
X-Vtex-Processado-Em
X-Hl-Ver
X-Cluster-Node
ServerName
X-SS-Set-Cookie
ServedBy
Now
X-Dispatcher-Server
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Via-NSCOPI
X-Hash
X-Generated-On
X-Instart-Isnd
X-Level-Front-Cache
X-Reboot
X-Matched-Rule
X-Location
X-Thinkindot-L3
X-Webstats-RespID
X-Dispatch
X-Nc
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Int
Wxu-Next-Commit
Wxu-Next-Hostname
X-CUA
X-Core-Value
X-Cache-Bucket
Wxu-Next-Region
Served-By
Thinkindot-Control
Mail-Subject
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
We-Hiring
X-CSRF-TOKEN
Proxy-Connection
NtCoent-Length
X-SRV
X-FW-Version
X-Geo-Header
X-Generation-Time
X-Epic-Correlation-Id
X-Fastly-Cache
X-Gen-Mode
X-Eu-Site
X-Hnp-Log
X-Key
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-JWT-State
X-Is-Gdpr
X-Has-Esi
X-Distributor
X-Irp-Debug
X-GeoIP-City
X-Debug-Cookies
X-Cache-Info
X-Cache-URL
X-Cdn-Srv
X-CGP
X-Cache-FS-Status
X-Cache-Debug
X-BBXSRF
X-Bip
X-Block-Status
X-C
X-Clara-WADP
X-Clientip
X-Debug-Cache-Store
X-Logging-Id
X-Debug-Log
X-Developers
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Cms-Context
X-Compress-Hint
X-Core-Mission
X-Distil-CS
X-Ms-Version
X-TrackingId
Powered-By-ChinaCache
X-Up
X-Uri
X-Thanos
X-SVT-ORM-VERSION
X-Sigma-Backend
X-Skip-Cache
X-Sucuri-Cache
X-SVT-ORM-RULES
X-User
X-Variation
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-WebServer
X-We-Are-Hiring
X-VC-Cache
X-VG-TLSProxy
X-VServer
X-WADP-Cache
X-Sigma
X-Server-IP
X-Owner
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Origin-Expires
Content-Disposition
X-Ms-Request-Id
X-Backend-State
X-NX-Host
X-Old-Content-Length
X-Platform-Server
X-Proxy-Cache-Status
X-Rocket-Build-Number
X-S-Maxage
X-Scheme
X-SD-PageType
X-Request-URI
X-Request-Start
X-Proxy-Upstream
X-Qloud-Router
X-Release
X-Reqid
X-Method
X-Origin-Date
HA-Ipaddr
W
Heartbleed
IBM-Web2-Location
Is-Eu
Web-Mar-Node
Ha-Gx-Prefs
Countrycode
CDCHOST
Esi-Enabled
Fastly-Soc-X-Request-Id
Gh-Request-Id
L
Server-ID
PFcat
RNT-Time
RNT-Machine
Platform
Pramga
Memcached
Adler-Geo
AKAMAI
Magicmarker
Section-Io-Cache
SD-X-WS
X-Agile
Cache-Host
X-App-Name
X-Agile-Id
X-Auto-Login
X-Azure-Ref
X-B3-Parentspanid
X-Azure-Ref-OriginShield
X-Agile-Age
X-Amz-Meta-Cache-Control
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Kp-EeAlive
X-Internal-Host
X-Cache-Id
X-LI-Proto
X-Trafficlayer-App-Version
X-Swa-Ws
X-Policy
X-Generated-In
Cache-Provider
Environment
X-Cache-Grace
X-Cdn-Forward
X-Served-From
True-Client-Country-4JS
Cdncip
X-ServiceProvider
Tcn
X-MSEdge-Features
X-MSEdge-Flight
X-AK-Request-ID
Cdnsip
V-Age
Locale
X-HTML-Minification-Powered-By
X-Req
X-NodeID
Locid
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Via-CDN
X-B3-Traceid
FNAC-ModuleRouting
X-Gamma-Serve
X-IPS-LoggedIn
X-GRACE
X-Sucuri-Id
X-Newrelic-Synthetics
X-Be
GEO-REGION-INFO
X-NC
X-CLOUD-TRACE-CONTEXT
X-Servername
X-Lb-Id
X-B3-Spanid
X-Nginx-Cache
CF-IPCountry
X-Render-Time
X-Refresh
X-FPC
Geo-Info
X-Zone
ProcessTime
X-Edge-O15-RID
X-Mode
X-NU-AKA-ACS-Version
X-Tb-Optimization-Total-Bytes-Saved
Hostname
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
X-VHOST
X-MP-GENERATED-AT
X-UnsetCookies
X-GeoIP-Country-Code
X-Pjax-Url
X-Microcachable
A
X-Developer
X-Sucuri-ID
X-Zipkin-Id
X-Sn-Servicetimems
X-Device-Os
X-AWS-Id
X-LJ-Flow-ID
X-Cdn-Origin
X-Servedbyhost
X-Proxied
X-VWS-Id
X-Routing-Service
X-FORWARDED-FOR
X-Pf-Uncompressing
X-Node-Id
TTL
X-COUNTRY
Gannett-Cam-Experience-Id
X-Bc
X-CSRF-Token
Memory
X-Correlation-ID
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
GeoIp-Country-Code
Geoip-Latitude
X-DC
Request-Time
Resin-Trace
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Pics-Label
X-Unique-ID
CF-Cached-On
HostName
X-Request-Time
X-Ratelimit-Remaining
X-Pod
X-Vcl-Version
Cdn
X-Via-SSL
X-Via-Edge
M-TraceId
GeoIP-City
GeoIP-Latitude
X-Cdn-Request-ID
PICS-Label
GeoIP-Country-Code
X-VCL-Version
X-Ratelimit-Limit
X-ZONE
X-NODE
X-TH-Server
Host-ID
Group
X-ECACHE
Ttl
X-ElasticPress-Search
Geoip-City
X-Instart-Info
X-Swift-Error
X-Backend-Url
X-Backend-Host
Ohc-File-Size
Ohc-Cache-HIT
MIME-Version
X-NGINX-Cache
Powered-By
X-APP
HitType
X-Var-Ttl
X-PF-Uncompressing
X-UPSTREAM-Address
X-HostName
XServer
X-Check-Cacheable
Media-Length
URI
Backend-Name
X-BC
X-Fastly-Country-Code
X-ServedByHost
User-Agent
Lfy
N-Cache
Pagetype
REQUESTUUID
X-HS-Status
On-Server
SRV
X-Hp-Ccpa-Warning
X-NGENIX-Cache
X-WR-MODIFICATION
X-Tt-Trace-Tag
X-Fstrz
Cache-Prefix
FSS-Cache
X-PJAX-URL
Fly-Request-Id
X-Aicache-OS
X-Tt-Trace-Host
FSS-Proxy
Fly-Cache
X-LiteSpeed-Cache-Control
X-Cache-Tag
Who
X-WA
X-NYM-Debug-Backend
X-Via-Ucdn
X-Worker
UCS
AR-SID
X-BE
X-Cache-Tags
CDN
Pragrma
X-Sedo-Request-Id
X-Cache-Miss-From
X-Fetched-On
X-Varnish-Cacheable
X-ServerName
Server-Cache-Control
X-LB-ID
X-LAGOON
X-Fpc
Server-Surrogate-Control
Processtime
X-Varnish-URL
X-Varnish-Authentication
X-GEO
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Server-W
X-Cf-Powered-By
Location
X-Rebelmouse-Cache-Control
X-Wa
X-Rebelmouse-Surrogate-Control
X-Fastly-Backend-Reqs
Fastly-SWR
X-Store
Debug
Fastly-SIE
Fastly-Backend-Name
Country-Code
X-Ua
CACHE
X-Ftr-Cache-Host
X-Varnish-Beresp-TTL
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Protected-By
X-Response-By
X-Upstream-HT
X-BACKEND-TTL
X-Upstream-CT
Application
X-Fastly-Cache-Hits
Product
X-Request-Url
X-Apw-Access-Action
X-Gen-Id
X-Apw-Access-Object
Ohc-Response-Time
RequestId
LB
X-Dw-Trace-Id
X-Apw-Hits
X-Apw-Access-Token
SID
X-Li-Proto
X-Amzn-Remapped-Date
XxX-Cache-Status
X-Amzn-Remapped-Connection
Cneonction
X-Nananana
X-SB
NnCoection
X-TT-LOGID
WP-Super-Cache
Xet-Cookie
X-VC
Thinkindot-Cache-Type