Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
X-Powered-By
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
X-FRAME-OPTIONS
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-Request-ID
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
CF-Ray
X-Turbo-Charged-By
X-AH-Environment
X-Ua-Compatible
X-Age
X-Cache-Group
X-Pass-Why
X-Via
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Hacker
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Feature-Policy
Server-Timing
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Device
X-Rq
X-WebKit-CSP
Report-To
X-Ws-Request-Id
EagleEye-TraceId
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
X-Host
Request-Id
X-Cnection
X-Backend-Server
Content-Location
X-Origin-Cache
X-DataDome
X-Node
NEL
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Readtime
X-Cloud-Trace-Context
X-Vhost
X-HW
X-Dispatcher
X-ORACLE-DMS-ECID
X-Application-Context
X-ORACLE-DMS-RID
X-Cdn
Allow
Surrogate-Control
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
Rating
X-Country
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
Edge-Control
X-Instart-Request-ID
X-Vname
X-PC
X-TtlSet
Pinterest-Generated-By
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Url
X-B3-TraceId
X-MS-InvokeApp
Verso
X-TTL
SPRequestGuid
Accept-Ch
X-Powered-By-Plesk
X-D2id
X-Trace
X-ESI
X-VARITI-CCR
X-Server-Name
Content-MD5
X-GitHub-Request-Id
Service-Worker-Allowed
X-SharePointHealthScore
Response
Pagespeed
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Middleton-Response
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-Sol
RTSS
X-Middleton-Display
Display
X-Vcache
X-Navigation-Version
X-Abt-Application-Version
X-Powered-CMS
SPIisLatency
SPRequestDuration
X-Debug
X-Forwarded-Proto
Accept-Ch-Lifetime
X-Upstream
X-Cached
X-Amz-Server-Side-Encryption
Public-Key-Pins
X-Vcap-Request-Id
Charset
X-Version
X-CST
DynaTrace
MS-Author-Via
X-NF-Request-ID
X-Amz-Rid
Edge-Cache-Tag
Realpath
X-Px
X-DynaTrace-JS-Agent
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-Shard
TCN
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Shield-Request-Id
X-TEC-API-ROOT
X-Ezoic-Cdn
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastly-Request-ID
Access-Control-Request-Method
X-Accel-Expires
Pinterest-Version
X-Pinterest-Rid
S
X-Ser
X-DIS-Request-ID
Fastly-Restarts
X-Client-IP
X-Webapp-Samesite-None-Activated-N
Front-End-Https
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Recruiting
X-T
X-Varnish-Age
X-Element-Page-Cache
Cache-Tag
X-Goog-Storage-Class
X-Amzn-Trace-Id
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-Server-ID
X-Dw-Request-Base-Id
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-FTR-Expires
X-Fastcgi-Cache
Nginx-Cache
Fastcgi-Cache
X-Content-Digest
X-HS-Hub-Id
X-Frontend
X-HS-Content-Id
X-HS-Cache-Config
Powered
NR-ENABLED
X-Hits
X-Correlation-Id
X-Hp-Webp
Alternate-Protocol
X-Kinsta-Cache
X-FTR-Cache-Host
X-Aspnetmvc-Version
X-Webkit-Csp
X-Content-Type
X-Request-Processing-Time
X-Request-Received
Server-Name
X-RateLimit-Remaining
X-HS-Combine-CSS
ServerID
X-Microsite
X-Request-Handler-Origin-Region
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
TP-Cache
TP-L2-Cache
X-Cache-Hit
X-N
X-Rid
X-Akamai-Edgescape
Healthy
X-Forwarded-For
X-User-Agent
X-Grace
X-Analytics
Backend-Timing
X-Revision
X-Content-Security-Policy-Report-Only
X-Pad
X-Node-Name
X-Mobile-URL
X-Logged-In
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Zen-Fury
AMP-Access-Control-Allow-Source-Origin
X-LB-Cache
X-Varnish-Grace
X-Ttl
Server-Node
X-Cached-By
X-Oneagent-Js-Injection
X-Az
X-Activity-Id
Accept-CH
X-AppVersion
Accept-CH-Lifetime
Cache-Status
X-B3-Sampled
X-Content-Options
Refresh
X-F-Cache
X-Geo-Country
X-GUploader-UploadID
Upgrade-Insecure-Requests
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
X-Type
X-IPLB-Instance
X-Varnish-Backend
X-Cache-2
Retry-After
FilterID
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-App-Environment
X-Srv
X-FB-Debug
X-Jobs
Host
Accept-Charset
Paypal-Debug-Id
X-Instance
X-Framework
X-Page-Id
X-PHP-Backend
X-Request-Guid
Actual-Object-TTL
X-Debug-Info
X-AOL-HN
DC
X-B
X-Cluster
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
Source
X-TT
X-ATG-Version
Cache
AR-ATIME
AR-PoweredBy
AR-CACHE
Fastcgi-Useragent
X-Cache-Age
X-Seen-By
X-FastCGI-Cache
X-Git-Hash
X-Cache-Key
X-Erf-Bev-Bev
MS-CV
X-Erf-Bev-Bev-Is-Generated
X-Content-Powered-By
Host-Header
X-B-Cache
X-PressLabs-Stats
X-Signature
X-Via-JSL
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Amz-Replication-Status
Ar-Sid
Xserver
X-TA-CDN-Provider
X-Cache-TTL
X-ATS-Timestamp
X-Origin-Server
X-Cache-Enabled
X-Whom
X-Cache-Control
NGB
X-Mobile
X-Wix-Request-Id
X-Response-Served-From
X-Daa-Tunnel
X-UA
Surrogate-Key
X-RequestSource
X-Tumblr-Pixel-2
X-GeoIP
Cache-Tv-Group
X-Tumblr-Pixel-1
Payment
X-FW-Static
X-Cache-NE
X-FW-Type
Datacenter
Filters
X-FW-Hash
X-FW-Server
Frame-Options
Eomportal-Instance
X-Cacheable-TTL
WPE-Backend
Cleartype
X-Hyper-Cache
X-FW-Serve
X-Host-Name
X-Adobe-Loc
X-Adobe-Content
X-Litespeed-Cache
X-TX-ID
X-Region
X-SERVER
X-Handled-By
X-Drupal-Cache-Tags
Webserver
X-Cache-Action
X-Load-Cache
X-Esi
X-Kong-Upstream-Latency
X-XRDS-LOCATION
X-Kong-Proxy-Latency
X-EdgeConnect-Cache-Status
X-Akamai-Transformed
X-Hostname
X-Edge-Location
X-Cache-Operation
From-Origin
X-Cache-Rule
X-NewRelic-App-Data
AR-Request-ID
X-ProcessESI
X-Cache-TTL-Remaining
X-RemovedCookies
X-UA-Device-Type
Liferay-Portal
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Ms-Operation-Id
X-Varnish-Hostname
X-RTag
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Cache-Server
X-Oss-Object-Type
X-Oss-Request-Id
X-Varnish-Server
X-Forwarded-Host
X-Rule
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Status
Country
X-Upgrade-Enabled
X-Contextid
Odigeo-Trace-Id
X-UUID
X-App-Server
X-Path-Route
X-RN-RSRV
X-Cache-Var-Map
X-ES-SERVER
Load-Balancing
X-Cache-Var
Meta-Geo
DSUID
X-From
X-BCube-Filmed-By
TWC-Privacy
X-Debug-Cache
X-TT-TIMESTAMP
X-VCT
TWC-Locale-Group
Mn-Server-Ip
DB-Nickname
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Rocket-Nginx-Bypass
X-R9-Blue-Green-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Release
Property-Id
X-CCM
TWC-Connection-Speed
TWC-Device-Class
X-Origin-Hint
Azure-Version
L5d-Success-Class
Cache-Name
Cache-Tags
S-Rt
Fastly-SSL
Origin-Cache-Control
Selected-Fe
Uber-Trace-Id
X-Via-Fastly
X-OCL
X-Loop
X-Cache-Host
X-Real-IP
X-Origin
X-Origin-Response-Time
X-Cache-Config
X-IP
X-Human
X-Cache-Time
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-FireWall-Port
X-Hosted-By
X-FW-Dynamic
X-BYPASS-REASON
X-PCL
X-EIG-Tracking-Id
X-Akamai-Request-ID
X-Vgn-Hpd-Reason
X-TNCMS
X-Soup
X-Timing-Wait
X-Viewer-Country
Azure-SlotName
X-Proxy
X-Proto
X-Proxy-Build
X-ProxyCache-Key
X-Pubstack
X-ProxyCache-Status
X-ServerID
Origin-Edge-Control
X-Accel-Buffering
X-Redis-Cache
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-Varnish-Hits
X-Format
X-Cluster-Name
X-Generated
X-Www-Served-By
Viewport
X-Labrador-Cache-Channel
X-Backend-Name
X-Rendered-As
X-Section
X-Access
X-Locale
X-Site-Version
X-Is-Bot
X-JoinUs
X-Xfnlog-Site
Version
Ec-Rule-Version
X-Akamai-Request-ID2
X-Content-Age
Decoy-Debug-Status
Decoy-Debug-TTL
X-Generated-By
Decoy-Debug-Key
X-Web-Node
NGX
X-Goog-Meta-Goog-Reserved-File-Mtime
S-Cnection
X-Cache-Backend
X-Varnish-Cache-Hits
X-PHP-Host
Server-Info
X-Time-Microsecs
X-SaId
X-NWS-UUID-VERIFY
X-Amzn-Remapped-Content-Length
X-ApacheServer
X-PERF
Akamai-GRN
X-Info
X-Storage
X-Origin-CC
X-URL
X-Geo
Tracecode
X-Origin-TTL
X-Nginx-Cache-Key
X-Time
X-WA-Info
X-Presslabs-Stats
Rt-Fastcgi-Cache
Cteonnt-Length
X-App-Version
X-MServer
X-CF-Powered-By
GEO-INFO
X-No-Session
Time
X-Guploader-Uploadid
X-L-Path
X-Environment-Context
X-Cache-Remote
Origin
X-Unique-Id
X-TIME
X-Tb
Access-Control-Request-Headers
Accept-Language
X-APP-VERSION
X-FB-TRIP-ID
Cache-Key
X-Backend-TTL
X-Say-Cacheable
X-CACHE-KEY
X-Say-TTL
X-SayCDN-TTL
X-EC-Lua
X-RCS-CacheZone
X-RateLimit-Limit
X-GoCache-CacheStatus
X-NCache
Mime-Version
X-Hit
Vix-Hermes-Req-Id
Cache-Hits
X-B3-Traceid
X-ShardId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-PodId
X-Source
X-Trace-Id
OT-Force-Account-Verify
X-VCache
X-B3-SpanId
X-Dc
X-Device-Type
X-CDN-Forward
X-CS
X-Upstream-Ht
X-Tumblr-Pixel-3
X-S
X-Upstream-Ct
X-Endurance-Cache-Level
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Content-Script-Type
BehaviorPad-Version
Arc-Country
AsisCache
Apple-News-Services-Host
Request-EU
Request-Country
MD5-Digest
Machine
X-Magnolia-Registration
Meta-Geo-Continent
Mobile-Detection-Method
IsBot
Apple-News-Services-Handled
Cross-Origin-Window-Policy
Fastcgi-X-Cache-Version
Rendered-Blocks
Node
Content-Style-Type
X-CF-Lambda-Version
X-S-Cookie
X-Rojux
X-ScT
X-Server-Time
X-Service
X-Rewrite-Enabled
X-Request-UUID
X-ND-Cache
X-PAYTM-SRV-ID
X-Processor
X-Region-Sid
X-Session-Fingerprint
X-SIPLIST1
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Twitter-Response-Tags
X-SRCache-Key
X-Svr
X-Transaction
X-Trv-Group
X-Hl-Ver
X-G
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-A-Ccd
X-A
Server-Host
T-Server
Viewtype
VivaBuild
X-AIR-PT
X-Application
X-Destination
X-Detected-As
X-DPWN-IS-SECURE
X-External-Request-Id
X-Date
X-D
X-ARC
X-B-Cookie
X-CF-Lambda-Fn
X-Connection-Hash
Rt-Proxy-Cache
X-Aed
X-Parent-Response-Time
X-Ah-Environment
X-OVcl-Cache
User-Cache-Control
X-OVcl
Now
X-SS-Set-Cookie
ServedBy
X-Cluster-Node
ServerName
X-CUA
X-Dispatch
Thinkindot-Control
X-Core-Value
Server-Int
X-Reboot
Mail-Subject
Thinkindot-CacheControl
Wxu-Next-Hostname
X-Hash
We-Hiring
X-Dispatcher-Server
Thinkindot-CacheControl-Type
Wxu-Next-Region
Wxu-Next-Commit
X-Thinkindot-L3
X-Cache-Bucket
X-Via-NSCOPI
X-Level-Front-Cache
Srv
X-Webstats-RespID
X-Tec-Api-Root
X-Generated-On
X-Tec-Api-Version
X-Instart-Isnd
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Matched-Rule
X-Location
Served-By
X-Tec-Api-Origin
Proxy-Connection
X-CSRF-TOKEN
X-SRV
NtCoent-Length
X-Cache-FS-Status
X-Cache-Debug
X-Gen-Mode
X-Cache-Info
X-FW-Version
X-C
X-Cache-URL
X-Generation-Time
X-BBXSRF
X-Backend-State
X-Has-Esi
X-Bip
X-Block-Status
X-Geo-Header
X-GeoIP-City
X-Fastly-Cache
X-CGP
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Core-Mission
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Developers
X-Compress-Hint
X-Distil-CS
X-Epic-Correlation-Id
X-Eu-Site
X-Clara-WADP
X-Clientip
X-Cms-Context
X-Distributor
X-Cdn-Srv
X-Li-Pop
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Thanos
X-TrackingId
Powered-By-ChinaCache
X-Sucuri-Cache
X-Skip-Cache
X-SD-PageType
X-Scheme
X-Server-IP
X-Sigma
X-Sigma-Backend
X-Up
X-Uri
X-Wikidot-Backend
X-WebServer
X-Wikidot-Static-Cache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-We-Are-Hiring
X-WADP-Cache
X-Variation
X-User
X-VC-Cache
X-VG-TLSProxy
X-VServer
X-S-Maxage
X-Rocket-Build-Number
X-Ms-Request-Id
X-Method
X-Ms-Version
X-NX-Host
X-Old-Content-Length
X-Logging-Id
X-LI-UUID
X-Is-Gdpr
X-Irp-Debug
X-Key
X-Li-Fabric
X-B3-Parentspanid
X-Origin-Date
X-Origin-Expires
X-Release
X-Qloud-Router
X-Reqid
X-Request-Start
X-Request-URI
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Planisys-CDN-Cache
X-Owner
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Platform-Server
X-Hnp-Log
X-JWT-State
PFcat
Platform
Memcached
Magicmarker
L
Pramga
RNT-Machine
Server-ID
W
Section-Io-Cache
SD-X-WS
RNT-Time
Is-Eu
IBM-Web2-Location
Content-Disposition
Countrycode
CDCHOST
Cache-Host
Adler-Geo
Esi-Enabled
Fastly-Soc-X-Request-Id
Heartbleed
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Web-Mar-Node
AKAMAI
X-Auto-Login
X-Azure-Ref
X-Agile-Age
X-App-Name
X-Agile-Id
X-Amz-Meta-Cache-Control
X-Agile
X-Azure-Ref-OriginShield
X-Nc
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Policy
X-Trafficlayer-App-Version
X-Generated-In
Kp-EeAlive
X-Cache-Id
X-LI-Proto
X-Internal-Host
X-Swa-Ws
Cache-Provider
Environment
X-Cdn-Forward
X-Cache-Grace
X-ServiceProvider
X-Urbn-Site-Id
X-Served-From
X-Req
X-AK-Request-ID
Locale
Cdnsip
Cdncip
X-HTML-Minification-Powered-By
Locid
X-Urbn-Context-Path
V-Age
True-Client-Country-4JS
X-NodeID
X-NC
X-Via-CDN
X-B3-Spanid
X-MSEdge-Flight
X-Servername
X-MSEdge-Features
FNAC-ModuleRouting
X-Gamma-Serve
X-GRACE
X-IPS-LoggedIn
GEO-REGION-INFO
X-Newrelic-Synthetics
X-Lb-Id
X-CLOUD-TRACE-CONTEXT
X-Be
CF-IPCountry
X-Render-Time
X-Zone
X-Refresh
X-FPC
X-Sucuri-Id
X-Edge-O15-RID
ProcessTime
X-7Graus-Varnish-Cache-Control
X-Nginx-Cache
Hostname
X-UnsetCookies
X-Tb-Optimization-Total-Bytes-Saved
X-Mode
X-VHOST
X-NU-AKA-ACS-Version
X-7Graus-Varnish-XKeys
X-MP-GENERATED-AT
X-Sucuri-ID
X-GeoIP-Country-Code
Geo-Info
Tcn
X-Webkit-CSP
X-Pjax-Url
A
X-Microcachable
X-Developer
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Cdn-Origin
X-Device-Os
X-Sn-Servicetimems
X-Servedbyhost
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-Ratelimit-Remaining
X-Node-Id
X-FORWARDED-FOR
X-Pf-Uncompressing
TTL
X-COUNTRY
X-CSRF-Token
Memory
Gannett-Cam-Experience-Id
X-Bc
Cf-Ipcountry
X-Correlation-ID
X-DC
Amp-Access-Control-Allow-Source-Origin
Cache-Cookie-Set-Idcheck
Resin-Trace
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Request-Time
GeoIp-Country-Code
Geoip-Latitude
X-Ratelimit-Limit
CF-Cached-On
X-Pod
X-Vcl-Version
Pics-Label
PICS-Label
HostName
X-Request-Time
X-HOST
X-VCL-Version
GeoIP-City
GeoIP-Latitude
GeoIP-Country-Code
X-Cdn-Request-ID
M-TraceId
Cdn
X-Via-Edge
X-Via-SSL
X-Unique-ID
X-NODE
Host-ID
Group
X-TH-Server
X-ZONE
X-NGINX-Cache
X-ElasticPress-Search
X-ECACHE
Ttl
Geoip-City
X-Instart-Info
X-Swift-Error
HitType
Powered-By
MIME-Version
X-APP
X-PF-Uncompressing
X-Var-Ttl
X-Backend-Url
Ohc-Cache-HIT
X-Backend-Host
Ohc-File-Size
X-UPSTREAM-Address
XServer
Backend-Name
X-BC
URI
X-Fastly-Country-Code
Media-Length
SRV
X-Check-Cacheable
X-ServedByHost
X-HS-Status
On-Server
REQUESTUUID
Pagetype
N-Cache
Lfy
User-Agent
X-HostName
X-NGENIX-Cache
X-Hp-Ccpa-Warning
Cache-Prefix
Fly-Request-Id
X-Aicache-OS
X-Fstrz
X-Cache-Tag
Fly-Cache
X-WR-MODIFICATION
X-Tt-Trace-Host
X-Tt-Trace-Tag
FSS-Proxy
FSS-Cache
X-PJAX-URL
X-LiteSpeed-Cache-Control
X-Via-Ucdn
X-WA
Who
X-NYM-Debug-Backend
UCS
X-Worker
AR-SID
X-Cache-Tags
CDN
X-BE
X-Fetched-On
X-Cache-Miss-From
Pragrma
X-Sedo-Request-Id
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Varnish-Authentication
X-LAGOON
X-Varnish-Cacheable
X-Varnish-URL
X-GEO
X-LB-ID
X-Server-W
Server-Cache-Control
X-Fpc
Server-Surrogate-Control
Processtime
X-Cf-Powered-By
Fastly-Backend-Name
X-Fastly-Backend-Reqs
Fastly-SIE
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Location
X-Store
Country-Code
Debug
X-Wa
X-ServerName
Fastly-SWR
X-Ftr-Cache-Host
X-Ua
X-Akamai-ERRuleID
X-Protected-By
X-Varnish-Beresp-TTL
X-Akamai-ERPolicy
X-Response-By
X-Upstream-CT
X-Upstream-HT
LB
Ohc-Response-Time
RequestId
X-Apw-Hits
X-Apw-Access-Token
WP-Super-Cache
X-Apw-Access-Action
X-Apw-Access-Object
XxX-Cache-Status
X-TT-LOGID
X-Request-Url
X-Dw-Trace-Id
SID
Product
Application
X-Fastly-Cache-Hits
X-Gen-Id
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Cneonction
X-SB
X-VC
Thinkindot-Cache-Type
X-Nananana
NnCoection
X-Li-Proto
Xet-Cookie