Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
CF-Ray
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
X-Turbo-Charged-By
X-AH-Environment
X-Ua-Compatible
X-Age
X-Cache-Group
X-Pass-Why
X-Via
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Hacker
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Feature-Policy
Server-Timing
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Device
X-WebKit-CSP
X-Rq
Report-To
X-Ws-Request-Id
EagleEye-TraceId
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
Request-Id
X-Cnection
X-Backend-Server
Content-Location
X-Origin-Cache
X-DataDome
X-Node
X-Dns-Prefetch-Control
NEL
X-Cache-Lookup
X-Readtime
X-Cloud-Trace-Context
X-Vhost
P3p
X-HW
X-ORACLE-DMS-ECID
X-Dispatcher
X-Application-Context
X-ORACLE-DMS-RID
X-Cdn
Allow
Surrogate-Control
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
Rating
X-Country
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Edge-Control
X-Instart-Request-ID
X-PC
X-TtlSet
X-Vname
Pinterest-Generated-By
X-B3-TraceId
X-Varnish-TTL
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Url
X-MS-InvokeApp
Verso
X-TTL
SPRequestGuid
Accept-Ch
X-Powered-By-Plesk
X-D2id
X-Trace
X-ESI
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
Content-MD5
Service-Worker-Allowed
X-SharePointHealthScore
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
Pagespeed
Response
X-Middleton-Response
RTSS
X-Sol
Display
X-Middleton-Display
X-Vcache
X-Navigation-Version
X-Powered-CMS
X-Abt-Application-Version
SPRequestDuration
SPIisLatency
X-Debug
X-Forwarded-Proto
Accept-Ch-Lifetime
X-Upstream
X-Amz-Server-Side-Encryption
X-Cached
Public-Key-Pins
X-Vcap-Request-Id
Charset
X-CST
DynaTrace
MS-Author-Via
X-Version
X-NF-Request-ID
X-Amz-Rid
Realpath
Edge-Cache-Tag
X-Px
X-DynaTrace-JS-Agent
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-Shard
TCN
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Shield-Request-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-Ezoic-Cdn
X-SRCache-Store-Status
X-Fastly-Request-ID
Access-Control-Request-Method
X-Pinterest-Rid
Pinterest-Version
X-Accel-Expires
X-Ser
S
X-DIS-Request-ID
Fastly-Restarts
X-Webapp-Samesite-None-Activated-N
X-Client-IP
Front-End-Https
X-Goog-Stored-Content-Length
X-XRDS-Location
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Amz-Meta-S3cmd-Attrs
X-T
X-Recruiting
X-Element-Page-Cache
X-Id
X-Varnish-Age
X-Goog-Storage-Class
Cache-Tag
X-Webkit-Csp
X-Amzn-Trace-Id
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-Server-ID
X-Dw-Request-Base-Id
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
X-FTR-Expires
X-Fastcgi-Cache
Nginx-Cache
Fastcgi-Cache
X-Content-Digest
X-Frontend
X-Hits
NR-ENABLED
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
Powered
X-Hp-Webp
X-Correlation-Id
Alternate-Protocol
X-Kinsta-Cache
X-FTR-Cache-Host
X-Aspnetmvc-Version
X-Content-Type
X-Request-Processing-Time
X-Request-Received
Server-Name
X-RateLimit-Remaining
X-Request-Handler-Origin-Region
X-Microsite
ServerID
PB-PID
PB-RID
X-HS-Combine-CSS
Arc-Version
X-Mobile-Rewrite
TP-Cache
TP-L2-Cache
X-N
X-Rid
X-Cache-Hit
X-Akamai-Edgescape
Healthy
X-Forwarded-For
X-User-Agent
X-Grace
X-Revision
X-Content-Security-Policy-Report-Only
X-Pad
X-Node-Name
X-Logged-In
X-Mobile-URL
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Analytics
X-Zen-Fury
Backend-Timing
AMP-Access-Control-Allow-Source-Origin
X-LB-Cache
X-Ttl
X-Varnish-Grace
X-Oneagent-Js-Injection
Server-Node
X-Activity-Id
X-AppVersion
X-Az
X-Cached-By
X-B3-Sampled
Cache-Status
Accept-CH-Lifetime
Accept-CH
X-F-Cache
Refresh
X-Content-Options
X-GUploader-UploadID
X-Geo-Country
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
Upgrade-Insecure-Requests
X-IPLB-Instance
X-Varnish-Backend
Retry-After
X-Type
FilterID
X-Cache-2
X-App-Environment
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Jobs
X-Srv
X-FB-Debug
X-Request-Guid
Actual-Object-TTL
X-Cluster
Paypal-Debug-Id
X-B
X-Page-Id
Accept-Charset
X-Framework
Host
X-AOL-HN
DC
X-PHP-Backend
X-WebKit-CSP-Report-Only
Source
X-Instance
Access-Control-Allow-Method
X-Debug-Info
X-TT
X-ATG-Version
Cache
AR-ATIME
AR-CACHE
AR-PoweredBy
Fastcgi-Useragent
X-Cache-Age
X-Seen-By
X-FastCGI-Cache
X-Git-Hash
X-Erf-Bev-Bev-Is-Generated
MS-CV
X-Cache-Key
X-Erf-Bev-Bev
X-Content-Powered-By
Host-Header
X-B-Cache
X-Signature
X-PressLabs-Stats
VIX-Pulpo-Node
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
Ar-Sid
X-Via-JSL
X-TA-CDN-Provider
X-Cache-TTL
Xserver
X-Cache-Enabled
X-Origin-Server
X-Whom
X-Cache-Control
X-Wix-Request-Id
NGB
X-Mobile
X-Response-Served-From
X-Daa-Tunnel
X-ATS-Timestamp
X-UA
Cache-Tv-Group
X-GeoIP
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Frame-Options
X-Hyper-Cache
X-RequestSource
Cleartype
Filters
Eomportal-Instance
Datacenter
Surrogate-Key
X-Cacheable-TTL
X-Host-Name
X-Litespeed-Cache
X-FW-Server
X-FW-Static
X-FW-Type
Payment
X-FW-Serve
WPE-Backend
X-FW-Hash
X-Adobe-Content
X-Adobe-Loc
X-TX-ID
X-Handled-By
X-Cache-NE
X-SERVER
Webserver
X-Region
X-Drupal-Cache-Tags
X-Esi
X-Cache-Action
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Load-Cache
X-XRDS-LOCATION
X-EdgeConnect-Cache-Status
X-Akamai-Transformed
X-Hostname
From-Origin
AR-Request-ID
X-Edge-Location
X-NewRelic-App-Data
X-Cache-TTL-Remaining
X-ProcessESI
X-RemovedCookies
X-UA-Device-Type
X-Cache-Rule
X-Cache-Operation
Liferay-Portal
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-RTag
Ms-Operation-Id
X-Varnish-Hostname
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Cache-Server
X-Rule
X-Varnish-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Forwarded-Host
X-Status
Country
X-Upgrade-Enabled
Odigeo-Trace-Id
X-Contextid
X-App-Server
X-UUID
X-RN-RSRV
X-Path-Route
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
Load-Balancing
Meta-Geo
DSUID
X-From
X-BCube-Filmed-By
Release
X-R9-Blue-Green-Version
X-Rocket-Nginx-Bypass
X-Debug-Cache
DB-Nickname
X-EIG-Tracking-Id
X-CCM
X-Proxy-Build
Azure-SlotName
Azure-SiteName
Selected-Fe
Cache-Name
X-IP
Azure-RegionName
Fastly-SSL
Azure-Version
Azure-InstanceId
X-Accel-Buffering
S-Rt
Origin-Edge-Control
X-Origin-Hint
X-Proto
X-Hosted-By
Mn-Server-Ip
X-Loop
X-Proxy
Origin-Cache-Control
Property-Id
TWC-Privacy
X-Cache-Time
X-Soup
X-FW-Dynamic
X-Cache-Host
X-Cache-Config
X-ServerID
X-Timing-Wait
X-TNCMS
X-VCT
X-Vgn-Hpd-Reason
X-FC-Vary-Parameters
X-FireWall-Port
X-TT-TIMESTAMP
X-Viewer-Country
X-Via-Fastly
TWC-GeoIP-Country
X-Real-IP
TWC-Device-Class
TWC-Connection-Speed
X-Pubstack
X-Redis-Cache
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
L5d-Success-Class
X-BYPASS-REASON
X-Drupal-Cache-Contexts
X-Backend-Name
X-Content-Age
X-Generated
Ec-Rule-Version
Uber-Trace-Id
X-Akamai-Request-ID
X-Human
X-Cluster-Name
Viewport
X-ProxyCache-Status
X-ProxyCache-Key
X-PCL
X-Origin-Response-Time
X-Akamai-Request-ID2
X-Www-Served-By
X-Varnish-Hits
X-Site-Version
X-Is-Bot
X-Origin
X-Rendered-As
X-JoinUs
Version
X-Labrador-Cache-Channel
X-OCL
X-Locale
Cache-Tags
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated-By
Decoy-Debug-Key
Decoy-Debug-Status
X-Xfnlog-Site
NGX
X-Web-Node
Decoy-Debug-TTL
Server-Info
X-Time-Microsecs
X-Cache-Backend
X-PHP-Host
X-Format
X-NWS-UUID-VERIFY
X-Section
X-Access
X-SaId
X-Varnish-Cache-Hits
X-Amzn-Remapped-Content-Length
S-Cnection
X-Info
X-Storage
Tracecode
X-PERF
X-ApacheServer
X-Origin-CC
X-URL
Akamai-GRN
X-Origin-TTL
X-Geo
X-Nginx-Cache-Key
X-WA-Info
X-Time
Rt-Fastcgi-Cache
X-App-Version
X-No-Session
X-Guploader-Uploadid
X-CF-Powered-By
X-Environment-Context
X-MServer
X-L-Path
Time
X-Presslabs-Stats
GEO-INFO
Cteonnt-Length
X-TIME
Origin
X-Cache-Remote
X-Unique-Id
Access-Control-Request-Headers
Cache-Key
X-Tb
Accept-Language
X-FB-TRIP-ID
X-Say-TTL
X-APP-VERSION
X-CACHE-KEY
X-SayCDN-TTL
X-EC-Lua
X-Say-Cacheable
X-RateLimit-Limit
X-GoCache-CacheStatus
X-B3-SpanId
X-Backend-TTL
X-NCache
X-Alternate-Cache-Key
X-Shopify-Stage
Cache-Hits
X-ShardId
X-ShopId
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Vix-Hermes-Req-Id
X-RCS-CacheZone
Mime-Version
X-Hit
X-Trace-Id
X-VCache
X-Dc
OT-Force-Account-Verify
X-Source
X-CDN-Forward
X-Device-Type
X-Upstream-Ct
X-Tumblr-Pixel-3
X-Upstream-Ht
X-CS
X-S
X-Endurance-Cache-Level
Srv
Server-Host
Request-EU
Rt-Proxy-Cache
T-Server
Request-Country
Rendered-Blocks
Mobile-Detection-Method
Node
Meta-Geo-Continent
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Viewtype
Apple-News-Services-Handled
X-Vtex-Remote-Cache
X-Magnolia-Registration
Xc-Version
Arc-Country
AsisCache
Fastcgi-X-Cache-Version
IsBot
Machine
Cross-Origin-Window-Policy
Content-Style-Type
BehaviorPad-Version
Content-Script-Type
MD5-Digest
X-ARC
X-Rojux
X-S-Cookie
X-ScT
X-Server-Time
X-Rewrite-Enabled
X-Request-UUID
X-ND-Cache
X-PAYTM-SRV-ID
X-Processor
X-Region-Sid
X-Service
X-Session-Fingerprint
X-Twitter-Response-Tags
X-Vdms-Version
X-VG-WebCache
X-VG-WebServer
X-Trv-Group
X-Transaction
X-SIPLIST1
X-SRCache-Key
X-Svr
X-Hl-Ver
X-G
X-Accel-Expires-Debug
X-Aed
X-AIR-PT
X-Vtex-Processado-Em
X-A-Wwc
X-A-Dcw
X-A
X-A-Ccd
X-A-Dam
X-Application
X-B-Cookie
X-Destination
X-Detected-As
X-DPWN-IS-SECURE
X-External-Request-Id
X-Date
X-D
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
VivaBuild
X-A-Dgt
X-OVcl-Cache
X-OVcl
X-Ah-Environment
User-Cache-Control
Now
ServerName
X-Parent-Response-Time
X-Cluster-Node
ServedBy
X-Reboot
X-Hash
Mail-Subject
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Matched-Rule
X-Level-Front-Cache
X-Dispatcher-Server
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Cache-Bucket
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
Thinkindot-CacheControl
Server-Int
X-Dispatch
We-Hiring
X-CUA
Served-By
X-Core-Value
X-Generated-On
X-Location
X-Via-NSCOPI
X-Thinkindot-L3
X-Webstats-RespID
NtCoent-Length
X-SRV
X-CSRF-TOKEN
Proxy-Connection
X-SS-Set-Cookie
X-Variation
X-VServer
X-VC-Cache
X-Core-Mission
X-User
X-Debug-Cache-Store
X-Fastly-Cache
X-FW-Version
X-Gen-Mode
X-Up
X-Uri
X-Debug-Cache-Fetch
X-Debug-Cookies
X-Debug-Log
X-Debug-Cache-Expiry
X-We-Are-Hiring
X-RateLimit-Limit-Second
X-Block-Status
X-WebServer
X-Bip
X-RateLimit-Remaining-Second
X-Auto-Login
X-B3-Parentspanid
X-BBXSRF
X-Cache-Debug
X-Cache-FS-Status
X-Cms-Context
X-Compress-Hint
X-TrackingId
X-Clientip
X-Clara-WADP
X-Cache-Info
X-Cache-URL
X-Cdn-Srv
X-WADP-Cache
X-GeoIP-City
X-Owner
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Origin-Expires
X-Origin-Date
X-Ms-Version
X-NX-Host
X-Old-Content-Length
X-Platform-Server
X-Proxy-Cache-Status
X-Reqid
X-Request-Start
X-Request-URI
X-Scheme
X-Release
X-Proxy-Upstream
X-Server-IP
X-SD-PageType
X-Ms-Request-Id
X-Method
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Skip-Cache
X-Thanos
X-Hnp-Log
X-Geo-Header
X-S-Maxage
X-Has-Esi
X-Irp-Debug
X-Is-Gdpr
X-LI-UUID
X-Amz-Meta-Cache-Control
X-Logging-Id
X-Li-Pop
X-Li-Fabric
X-JWT-State
X-Key
Powered-By-ChinaCache
X-Generation-Time
X-Distributor
SD-X-WS
Adler-Geo
Heartbleed
IBM-Web2-Location
Countrycode
Esi-Enabled
AKAMAI
Section-Io-Cache
Wxu-Next-Commit
Gh-Request-Id
Is-Eu
Wxu-Next-Region
Platform
Magicmarker
PFcat
Memcached
Wxu-Next-Hostname
Pramga
Content-Disposition
Cache-Host
Server-ID
Web-Mar-Node
X-Nc
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Rocket-Build-Number
CDCHOST
RNT-Machine
RNT-Time
X-Distil-CS
HA-Ipaddr
Kp-EeAlive
X-LI-Proto
L
Ha-Gx-Prefs
X-Eu-Site
X-Qloud-Router
Fastly-Soc-X-Request-Id
X-Agile-Id
X-Epic-Correlation-Id
X-Developers
X-Sigma
X-Generated-In
X-Agile-Age
X-Wikidot-Static-Cache
X-App-Name
X-Backend-State
X-Policy
X-Agile
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Trafficlayer-App-Version
X-C
X-Wikidot-Backend
X-Sucuri-Cache
W
X-Sigma-Backend
X-Internal-Host
X-CGP
X-Swa-Ws
X-VG-TLSProxy
X-Cache-Id
X-Cache-Grace
X-Cdn-Forward
Cache-Provider
Environment
True-Client-Country-4JS
V-Age
X-AK-Request-ID
X-NodeID
X-Served-From
X-ServiceProvider
X-Urbn-Site-Id
X-HTML-Minification-Powered-By
X-Urbn-Context-Path
X-MSEdge-Features
Cdnsip
Cdncip
Locale
X-MSEdge-Flight
X-Via-CDN
X-Req
X-Gamma-Serve
Locid
X-B3-Traceid
X-NC
X-IPS-LoggedIn
X-GRACE
FNAC-ModuleRouting
GEO-REGION-INFO
X-Newrelic-Synthetics
X-Be
X-Servername
X-Lb-Id
X-CLOUD-TRACE-CONTEXT
X-B3-Spanid
X-Zone
X-Sucuri-Id
CF-IPCountry
X-Refresh
X-Nginx-Cache
X-FPC
X-Edge-O15-RID
ProcessTime
X-VHOST
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
X-NU-AKA-ACS-Version
X-Mode
X-UnsetCookies
Hostname
X-Render-Time
X-MP-GENERATED-AT
X-Tb-Optimization-Total-Bytes-Saved
X-GeoIP-Country-Code
Geo-Info
Tcn
X-Sucuri-ID
X-Developer
X-Pjax-Url
X-Microcachable
A
X-AWS-Id
X-Routing-Service
X-Proxied
X-VWS-Id
X-Servedbyhost
X-Cdn-Origin
X-LJ-Flow-ID
X-Zipkin-Id
X-Sn-Servicetimems
X-Device-Os
X-Ratelimit-Remaining
X-Node-Id
X-FORWARDED-FOR
X-Pf-Uncompressing
TTL
Gannett-Cam-Experience-Id
X-CSRF-Token
X-Bc
X-COUNTRY
Memory
Cf-Ipcountry
X-Correlation-ID
X-DC
Cache-Cookie-Set-Lfrom
GeoIp-Country-Code
Request-Time
Geoip-Latitude
Amp-Access-Control-Allow-Source-Origin
Cache-Cookie-Set-Idcheck
Resin-Trace
Cache-Cookie-Set-From
CF-Cached-On
HostName
X-Vcl-Version
X-Pod
X-Ratelimit-Limit
Pics-Label
X-Request-Time
GeoIP-Country-Code
X-Cdn-Request-ID
M-TraceId
X-Via-Edge
PICS-Label
X-Via-SSL
X-VCL-Version
GeoIP-City
GeoIP-Latitude
Cdn
X-Unique-ID
Group
X-NODE
X-TH-Server
Host-ID
X-ZONE
Ttl
X-ECACHE
X-ElasticPress-Search
X-Instart-Info
Geoip-City
X-Swift-Error
X-PF-Uncompressing
X-Backend-Host
X-Backend-Url
Powered-By
HitType
MIME-Version
Ohc-Cache-HIT
X-NGINX-Cache
X-Var-Ttl
X-APP
Ohc-File-Size
X-UPSTREAM-Address
XServer
URI
X-ServedByHost
Backend-Name
Media-Length
X-BC
X-Fastly-Country-Code
X-Check-Cacheable
Lfy
REQUESTUUID
Pagetype
User-Agent
On-Server
N-Cache
X-HostName
X-NGENIX-Cache
SRV
X-Hp-Ccpa-Warning
Fly-Cache
X-Fstrz
X-WR-MODIFICATION
X-HS-Status
X-Tt-Trace-Tag
X-Varnish-Ttl
X-Tt-Trace-Host
Cache-Prefix
Fly-Request-Id
X-PJAX-URL
X-Aicache-OS
X-LiteSpeed-Cache-Control
X-Worker
FSS-Proxy
X-Cache-Tag
Who
UCS
X-Via-Ucdn
FSS-Cache
X-WA
AR-SID
X-NYM-Debug-Backend
X-BE
X-Cache-Tags
CDN
X-Cache-Miss-From
Pragrma
X-Sedo-Request-Id
X-Fetched-On
X-Server-W
X-LB-ID
X-Varnish-Cacheable
X-Fpc
X-LAGOON
Processtime
X-Varnish-URL
X-GEO
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
Server-Surrogate-Control
Server-Cache-Control
X-Cf-Powered-By
Fastly-Backend-Name
Location
X-Store
Country-Code
Fastly-SIE
X-Fastly-Backend-Reqs
Fastly-SWR
Debug
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Wa
X-ServerName
X-Ua
X-Ftr-Cache-Host
X-Response-By
X-Varnish-Beresp-TTL
X-Protected-By
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Upstream-CT
X-Upstream-HT
X-BACKEND-TTL
Application
X-Gen-Id
Ohc-Response-Time
RequestId
SID
LB
X-Fastly-Cache-Hits
X-Apw-Access-Object
X-Apw-Access-Action
Product
X-Apw-Hits
X-Apw-Access-Token
X-SB
X-TT-LOGID
Cneonction
XxX-Cache-Status
X-Nananana
X-Amzn-Remapped-Connection
NnCoection
X-Dw-Trace-Id
X-Request-Url
WP-Super-Cache
Thinkindot-Cache-Type
Xet-Cookie
X-VC
X-Amzn-Remapped-Date
X-Li-Proto