Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Iinfo
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-AH-Environment
X-Ua-Compatible
X-Age
X-Cache-Group
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Rq
Report-To
EagleEye-TraceId
X-Ac
X-Response-Time
X-OneAgent-JS-Injection
X-Host
Request-Id
X-Server-Id
X-Cnection
X-Backend-Server
X-DataDome
X-Node
Content-Location
X-Origin-Cache
X-Cloud-Trace-Context
X-Dns-Prefetch-Control
X-Readtime
X-Cdn
X-Cache-Lookup
NEL
X-Vhost
X-Ws-Request-Id
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
P3p
Allow
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
X-Origin-Upstream-Status
Surrogate-Control
Rating
X-FTR-Request-ID
X-Country
X-Country-Code
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-Akam-SW-Version
Fusion-Component-Id
X-Goog-Hash
Pinterest-Generated-By
X-Varnish-TTL
X-Vname
X-Instart-Request-ID
X-PC
X-TtlSet
X-Ruxit-JS-Agent
X-MS-InvokeApp
Edge-Control
X-B3-TraceId
X-Url
X-Mod-Pagespeed
Verso
X-Server-ID
X-Powered-By-Plesk
SPRequestGuid
X-D2id
X-Trace
Response
X-Middleton-Response
Pagespeed
X-Sol
X-SharePointHealthScore
Accept-Ch
X-VARITI-CCR
Display
X-Middleton-Display
RTSS
X-Kinja-Revision
X-Server-Name
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-GitHub-Request-Id
Service-Worker-Allowed
X-ESI
SPIisLatency
SPRequestDuration
X-Navigation-Version
Content-MD5
X-Powered-CMS
X-Abt-Application-Version
X-Debug
X-TTL
X-Vcache
X-Vcap-Request-Id
X-CST
Public-Key-Pins
X-Amz-Server-Side-Encryption
MS-Author-Via
X-Upstream
X-Cached
Charset
X-Forwarded-Proto
Accept-Ch-Lifetime
X-NF-Request-ID
X-Amz-Rid
Realpath
X-Px
X-Version
DynaTrace
Edge-Cache-Tag
X-Shard
MicrosoftSharePointTeamServices
TCN
Arr-Disable-Session-Affinity
X-Pinterest-Rid
Fastly-Restarts
Pinterest-Version
X-Ezoic-Cdn
X-Ser
X-MSEdge-Ref
X-XRDS-Location
X-Shield-Request-Id
X-DynaTrace-JS-Agent
Access-Control-Request-Method
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TEC-API-ROOT
X-Fastly-Request-ID
X-TEC-API-ORIGIN
X-TEC-API-VERSION
S
X-Recruiting
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-DIS-Request-ID
X-Accel-Expires
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Front-End-Https
Nginx-Cache
X-Client-IP
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-T
X-Id
X-Element-Page-Cache
X-Varnish-Age
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-Ttl
Cache-Tag
Fastcgi-Cache
X-Webapp-Samesite-None-Activated-N
X-HS-Cache-Config
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
NR-ENABLED
Powered
X-Hits
X-Correlation-Id
X-Kinsta-Cache
X-Litespeed-Cache
X-Fastcgi-Cache
X-RateLimit-Remaining
X-FTR-Cache-Host
Alternate-Protocol
X-Grace
X-Aspnetmvc-Version
ServerID
X-Hp-Webp
X-Webkit-Csp
X-N
X-Request-Processing-Time
X-Request-Received
TP-L2-Cache
TP-Cache
X-Node-Name
X-Cache-Hit
X-Request-Handler-Origin-Region
X-Microsite
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
AMP-Access-Control-Allow-Source-Origin
X-HS-Combine-CSS
Server-Name
Accept-CH
X-Rid
X-Zen-Fury
Healthy
X-Content-Type
Accept-CH-Lifetime
X-Revision
X-User-Agent
Backend-Timing
X-Analytics
X-Akamai-Edgescape
Server-Node
X-Content-Security-Policy-Report-Only
X-Logged-In
X-LB-Cache
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Az
X-Activity-Id
X-AppVersion
Cache-Status
X-FastCGI-Cache
X-Forwarded-For
Ar-Sid
X-Pad
X-Amzn-RequestId
X-Amz-Apigw-Id
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
X-GUploader-UploadID
X-IPLB-Instance
X-Cached-By
Retry-After
X-Varnish-Grace
X-Mobile-URL
X-Type
X-B3-Sampled
X-Content-Options
X-Ruxit-Js-Agent
X-Srv
Paypal-Debug-Id
Refresh
X-F-Cache
Upgrade-Insecure-Requests
FilterID
X-Geo-Country
X-Via-JSL
X-Tumblr-User
X-App-Environment
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Source
X-Instance
X-FB-Debug
X-Jobs
X-Varnish-Backend
Accept-Charset
X-AOL-HN
X-Framework
X-Cluster
X-Cache-Age
X-Debug-Info
Host
X-Request-Guid
X-PHP-Backend
Actual-Object-TTL
DC
X-Page-Id
Access-Control-Allow-Method
X-B
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-WebKit-CSP-Report-Only
X-ATG-Version
X-Seen-By
X-Cache-Key
AR-Request-ID
MS-CV
Fastcgi-Useragent
X-Git-Hash
X-TT
X-Cache-TTL
X-Content-Powered-By
X-Cache-2
X-Whom
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Esi
Cache
X-PressLabs-Stats
X-UA
X-TA-CDN-Provider
X-Cache-Control
X-Amz-Replication-Status
X-Host-Name
Surrogate-Key
X-Wix-Request-Id
Host-Header
X-Signature
X-B-Cache
NGB
X-Response-Served-From
X-Daa-Tunnel
X-Mobile
X-FW-Hash
X-FW-Server
X-FW-Serve
X-Cache-Rule
X-FW-Static
X-Kong-Proxy-Latency
X-GeoIP
X-RequestSource
X-Kong-Upstream-Latency
X-Cache-Operation
X-FW-Type
X-Origin-Server
Frame-Options
Cache-Tv-Group
X-Tumblr-Pixel-1
X-Cache-Enabled
WPE-Backend
X-Drupal-Cache-Tags
X-Tumblr-Pixel-2
Payment
Eomportal-Instance
X-Cache-Action
Filters
X-Cacheable-TTL
X-Handled-By
Cleartype
Webserver
X-Region
X-Cache-NE
X-Hyper-Cache
X-Adobe-Loc
X-Adobe-Content
X-SERVER
X-TX-ID
X-UA-Device-Type
X-Forwarded-Host
From-Origin
X-EdgeConnect-Cache-Status
X-ProcessESI
X-RemovedCookies
Xserver
X-Time
Datacenter
X-Load-Cache
X-Hostname
X-RTag
Ms-Operation-Id
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-App-Server
X-NewRelic-App-Data
X-Cache-Server
X-Edge-Location
Liferay-Portal
X-Status
Tracecode
X-Contextid
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-ATS-Timestamp
X-VCache
X-Varnish-Hostname
X-Varnish-Server
X-BCube-Filmed-By
Odigeo-Trace-Id
X-Rule
X-TT-TIMESTAMP
Country
X-Cache-Var-Map
X-ES-SERVER
X-Path-Route
Load-Balancing
X-RN-RSRV
Meta-Geo
X-Cache-Var
DSUID
X-VCT
Server-Info
X-Upgrade-Enabled
Release
X-FW-Dynamic
TWC-Connection-Speed
Property-Id
X-Soup
Mn-Server-Ip
Version
TWC-Privacy
X-Debug-Cache
X-Varnish-Cache-Hits
X-CCM
X-Cache-Host
X-Rocket-Nginx-Bypass
X-EIG-Tracking-Id
TWC-Device-Class
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Origin-Hint
X-R9-Blue-Green-Version
Webcakes-App-Version
Webcakes-App-Name
X-Proto
DB-Nickname
L5d-Success-Class
Cache-Tags
Fastly-SSL
X-Web-Node
X-PCL
Azure-SlotName
X-Loop
X-Proxy-Build
X-OCL
Azure-InstanceId
Azure-RegionName
X-Pubstack
Azure-Version
Azure-SiteName
Cache-Name
X-TNCMS
X-From
X-Hosted-By
X-ServerID
X-Cache-Config
Selected-Fe
X-Proxy
X-Origin-Response-Time
X-Akamai-Request-ID
X-FC-Vary-Parameters
X-Human
X-UUID
Origin-Cache-Control
X-Real-IP
Origin-Edge-Control
X-Timing-Wait
X-IP
X-Drupal-Cache-Contexts
S-Rt
X-Via-Fastly
NGX
X-Redis-Cache
X-NWS-UUID-VERIFY
X-RateLimit-Limit
X-Origin
X-Locale
X-Labrador-Cache-Channel
X-XRDS-LOCATION
X-Section
X-Viewer-Country
X-Vgn-Hpd-Reason
X-Content-Age
Viewport
X-JoinUs
X-Backend-Name
X-Format
X-FireWall-Port
X-Akamai-Request-ID2
X-Generated
X-Www-Served-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Access
X-Cache-Time
X-Site-Version
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Xfnlog-Site
X-Oss-Object-Type
Ec-Rule-Version
X-Oss-Hash-Crc64ecma
X-PERF
X-Info
X-ApacheServer
Decoy-Debug-Key
S-Cnection
X-Rendered-As
X-Cluster-Name
Decoy-Debug-TTL
Decoy-Debug-Status
X-Varnish-Hits
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Time-Microsecs
X-Is-Bot
Uber-Trace-Id
X-Origin-CC
X-ProxyCache-Status
X-BYPASS-REASON
Rt-Fastcgi-Cache
X-URL
X-ProxyCache-Key
X-Origin-TTL
X-Cache-Backend
X-Storage
X-Generated-By
X-PHP-Host
Cteonnt-Length
X-Accel-Buffering
X-WA-Info
X-Amzn-Remapped-Content-Length
X-Presslabs-Stats
Cache-Key
Akamai-GRN
X-SS-Set-Cookie
Time
X-App-Version
GEO-INFO
Cache-Hits
X-Guploader-Uploadid
X-GoCache-CacheStatus
X-Hit
Vix-Hermes-Req-Id
X-Nginx-Cache-Key
X-NCache
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Cache-Remote
X-SaId
X-Backend-TTL
X-Trace-Id
X-CF-Powered-By
Origin
X-FB-TRIP-ID
X-APP-VERSION
X-Device-Type
X-MServer
Accept-Language
X-Environment-Context
X-No-Session
X-L-Path
X-CS
X-Cache-Grace
X-B3-Traceid
X-Tb
X-Tumblr-Pixel-3
X-CDN-Forward
X-Geo
Access-Control-Request-Headers
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-OVcl
X-OVcl-Cache
X-Unique-Id
X-B3-SpanId
X-S
Srv
X-Cluster-Node
X-Uri
X-CSRF-TOKEN
X-CACHE-KEY
X-Via-CDN
Fastcgi-X-Cache-Version
User-Cache-Control
X-Shopify-Stage
X-Trv-Group
X-A-Ccd
X-A
X-A-Dam
X-Region-Sid
X-A-Dgt
X-EC-Lua
X-A-Dcw
X-Detected-As
X-Transaction
X-Connection-Hash
X-Rewrite-Enabled
X-Accel-Expires-Debug
X-SIPLIST1
X-Sorting-Hat-ShopId
Content-Style-Type
X-Sorting-Hat-PodId
Content-Script-Type
X-Request-UUID
X-VG-WebCache
Rendered-Blocks
X-AIR-PT
X-ShopId
Arc-Country
Request-EU
X-PAYTM-SRV-ID
Apple-News-Services-Request-Url
X-Alternate-Cache-Key
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Request-Country
X-Processor
X-Rojux
X-Date
X-ARC
X-Twitter-Response-Tags
X-Application
X-A-Wwc
Apple-News-Services-Handled
AsisCache
BehaviorPad-Version
X-ShardId
X-DPWN-IS-SECURE
X-Server-Time
X-Service
X-Session-Fingerprint
IsBot
X-CF-Lambda-Fn
X-External-Request-Id
Mobile-Detection-Method
X-G
T-Server
Meta-Geo-Continent
MD5-Digest
Server-Host
X-SRCache-Key
Machine
X-Vtex-Remote-Cache
X-CF-Lambda-Version
X-Svr
X-D
X-Hl-Ver
X-Vtex-Processado-Em
X-Aed
X-Ah-Environment
VivaBuild
X-ScT
Rt-Proxy-Cache
X-Destination
X-B-Cookie
X-VG-WebServer
X-S-Cookie
Xc-Version
Node
Cross-Origin-Window-Policy
Viewtype
ServedBy
X-Dc
ServerName
OT-Force-Account-Verify
NtCoent-Length
Wxu-Next-Region
X-IN-APIGATEWAY
Wxu-Next-Commit
Wxu-Next-Hostname
X-Hash
X-Generated-On
X-Matched-Rule
X-Level-Front-Cache
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Instart-Isnd
X-IN-APIGATEWAYSSL
Served-By
Thinkindot-Control
Kp-EeAlive
X-Location
Server-Int
X-Core-Value
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Webstats-RespID
X-User
We-Hiring
Mail-Subject
X-Cache-Bucket
X-Varnish-Beresp-Grace
X-Debug-Log
X-Debug-Cookies
X-UnsetCookies
Hostname
X-NX-Host
X-Reqid
X-Request-URI
X-Cache-Info
X-Thinkindot-L3
X-Dispatch
X-Shopify-Generated-Cart-Token
X-FW-Version
X-Reboot
X-CUA
Mime-Version
X-B3-Parentspanid
Now
X-Bip
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Clara-WADP
X-Cache-URL
X-CGP
X-Fastly-Cache
X-C
X-Cdn-Srv
Section-Io-Cache
SD-X-WS
X-Debug-Cache-Store
X-Cache-FS-Status
RNT-Machine
RNT-Time
X-Cache-Debug
X-Block-Status
X-Epic-Correlation-Id
X-Developers
X-Distributor
X-App-Name
X-Auto-Login
X-Azure-Ref
X-Amz-Meta-Cache-Control
X-Dispatcher-Server
X-Distil-CS
X-Agile
X-Agile-Age
X-Agile-Id
X-Core-Mission
X-Azure-Ref-OriginShield
X-Gen-Mode
X-Cms-Context
X-Clientip
X-Eu-Site
True-Client-Country-4JS
X-Endurance-Cache-Level
X-Compress-Hint
Web-Mar-Node
W
X-Backend-State
X-BBXSRF
X-RateLimit-Remaining-Second
X-Rocket-Build-Number
Proxy-Connection
X-Request-Start
X-S-Maxage
X-Scheme
X-Sigma
X-Server-IP
X-SD-PageType
X-Release
X-RateLimit-Limit-Second
X-Owner
X-Origin-Date
X-Old-Content-Length
X-Platform-Server
X-Proxy-Cache-Status
X-Qloud-Router
X-Proxy-Upstream
X-Sigma-Backend
X-Skip-Cache
X-WADP-Cache
X-NC
X-VServer
X-We-Are-Hiring
X-Wikidot-Backend
X-Vdms-Version
X-Wikidot-Static-Cache
X-VG-TLSProxy
X-VC-Cache
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sucuri-Cache
X-Swa-Ws
X-Thanos
X-Up
X-TrackingId
AKAMAI
X-Origin-Expires
HA-Ipaddr
Heartbleed
IBM-Web2-Location
Ha-Gx-Prefs
Gh-Request-Id
X-Key
X-JWT-State
X-Irp-Debug
L
X-Hnp-Log
X-Geo-Header
X-Generation-Time
Pramga
PFcat
X-GeoIP-City
Magicmarker
Memcached
X-Has-Esi
X-Li-Fabric
X-Is-Gdpr
Content-Disposition
Countrycode
X-Logging-Id
X-Magnolia-Registration
X-Ms-Request-Id
Esi-Enabled
X-Method
X-Ms-Version
X-Li-Pop
Cache-Host
Fastly-Soc-X-Request-Id
X-LI-UUID
CDCHOST
X-Nc
Cache-Provider
X-Parent-Response-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-MSEdge-Flight
X-LI-Proto
X-Planisys-CDN-TTL
X-Internal-Host
X-Variation
X-Generated-In
X-WebServer
X-Policy
X-MSEdge-Features
X-7Graus-Varnish-XKeys
Adler-Geo
Is-Eu
Platform
X-Cache-Id
X-7Graus-Varnish-Cache-Control
X-RCS-CacheZone
X-B3-Spanid
X-NodeID
X-Urbn-Site-Id
Powered-By-ChinaCache
V-Age
X-ServiceProvider
X-Via-NSCOPI
X-Urbn-Context-Path
X-Upstream-Ht
X-Upstream-Ct
X-Source
Cdnsip
X-AK-Request-ID
Cdncip
Locale
X-COUNTRY
X-SRV
A
X-Developer
X-ND-Cache
X-Servername
Server-ID
CF-IPCountry
X-GRACE
X-Cdn-Forward
X-Cdn-Origin
X-Sn-Servicetimems
X-Trafficlayer-App-Version
GEO-REGION-INFO
X-Device-Os
X-Be
Environment
X-TIME
X-Lb-Id
X-Sucuri-Id
X-Node-Id
X-FPC
X-Nginx-Cache
X-FORWARDED-FOR
X-VHOST
X-Gamma-Serve
X-Microcachable
X-Served-From
X-Servedbyhost
Locid
Geo-Info
X-Req
X-Sucuri-ID
Tcn
X-Webkit-CSP
X-Newrelic-Synthetics
X-Refresh
FNAC-ModuleRouting
Request-Time
X-Zone
Resin-Trace
X-Tb-Optimization-Total-Bytes-Saved
X-Ratelimit-Remaining
ProcessTime
X-IPS-LoggedIn
X-HTML-Minification-Powered-By
X-Pf-Uncompressing
Memory
X-Pjax-Url
X-Render-Time
XServer
X-Instart-Info
X-VWS-Id
X-ECACHE
Gannett-Cam-Experience-Id
X-NU-AKA-ACS-Version
Group
X-ElasticPress-Search
X-AWS-Id
X-LJ-Flow-ID
X-VCL-Version
CF-Cached-On
X-Correlation-ID
X-GeoIP-Country-Code
X-Edge-O15-RID
GeoIp-Country-Code
Amp-Access-Control-Allow-Source-Origin
X-NGENIX-Cache
X-Var-Ttl
Geoip-Latitude
X-DC
Geoip-City
X-Backend-Url
X-Backend-Host
MIME-Version
TTL
PICS-Label
Cf-Ipcountry
Backend-Name
Pics-Label
X-Pod
X-Unique-ID
X-MP-GENERATED-AT
X-Mode
N-Cache
GeoIP-City
Lfy
Pagetype
REQUESTUUID
X-CSRF-Token
X-Via-SSL
GeoIP-Country-Code
X-ZONE
GeoIP-Latitude
X-Via-Edge
X-APP
Ttl
Cdn
X-GEO
X-Check-Cacheable
Fly-Request-Id
Fly-Cache
X-Bc
M-TraceId
Cache-Prefix
X-CLOUD-TRACE-CONTEXT
Ohc-File-Size
X-Via-Ucdn
Host-ID
Ohc-Cache-HIT
X-Fstrz
X-Vcl-Version
X-Ratelimit-Limit
X-Worker
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-HS-Status
X-Cache-Miss-From
Cache-Cookie-Set-Lfrom
X-PF-Uncompressing
X-Sedo-Request-Id
HitType
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
HostName
X-BC
X-Swift-Error
X-Fastly-Country-Code
X-Fetched-On
X-Upstream-CT
X-PJAX-URL
X-Cdn-Request-ID
X-LiteSpeed-Cache-Control
X-Server-W
X-Upstream-HT
X-Dynatrace-Js-Agent
SRV
X-NGINX-Cache
X-Cache-Tag
Pragrma
Fastly-SWR
On-Server
URI
Fastly-SIE
User-Agent
X-Wa
X-Rebelmouse-Cache-Control
X-TH-Server
X-Rebelmouse-Surrogate-Control
X-HostName
X-Aicache-OS
X-ServedByHost
Powered-By
X-UPSTREAM-Address
X-WR-MODIFICATION
X-Tt-Trace-Tag
X-Request-Time
CDN
X-TT-LOGID
X-WA
Who
CACHE
X-RateLimit-Reset
X-BE
Media-Length
X-GDPR
X-LB-ID
Dynatrace
X-Fastly-Backend-Reqs
X-Varnish-URL
Cdn-Request-Time
Cdn-Host
X-Fpc
X-LAGOON
X-Varnish-Cacheable
X-Edge-Server
X-Cf-Powered-By
DataCenter
X-ABtesting
FSS-Cache
SS
FSS-Proxy
Is-Session-Tracking
LB
X-Hello
X-ServerName
X-Flog
Debug
Get-Access-Time
Server-Id
X-SN
X-Ftr-Cache-Host
X-Ua
AR-SID
X-Tt-Trace-Host
X-Varnish-Beresp-TTL
X-RPS
X-DW
X-Action
X-DI
X-Protected-By
X-DSS
X-Gen-Id
X-DB
SN
X-RSL
X-Org
X-RPM
X-Response-By
Cneonction
XxX-Cache-Status
SID
X-Akamai-ERRuleID
X-Amzn-Remapped-Date
X-VC
Xet-Cookie
X-SB
UCS
Processtime
X-Akamai-ERPolicy
X-Nananana
Product
Warning
X-Dw-Trace-Id
RequestId
Requestid
Thinkindot-Cache-Type
X-LiteSpeed-Tag
NnCoection
X-Fastly-Cache-Hits
X-Li-Proto
Application
X-Amzn-Remapped-Connection
X-Request-Url