Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Iinfo
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-AH-Environment
X-Ua-Compatible
X-Cache-Group
X-Age
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Proxy-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Hacker
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-LiteSpeed-Cache
X-WebKit-CSP
X-Rq
Report-To
EagleEye-TraceId
X-Ac
X-Server-Id
X-Response-Time
X-OneAgent-JS-Injection
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
X-Node
Content-Location
X-Origin-Cache
X-Readtime
X-Cdn
X-Cloud-Trace-Context
X-Cache-Lookup
NEL
X-Vhost
X-Ws-Request-Id
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-HW
Allow
X-Dns-Prefetch-Control
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
X-DynaTrace
Surrogate-Control
Rating
X-FTR-Request-ID
X-Country
X-Country-Code
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-Akam-SW-Version
X-Goog-Hash
Pinterest-Generated-By
X-Varnish-TTL
X-Vname
X-TtlSet
X-PC
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-MS-InvokeApp
Edge-Control
X-B3-TraceId
X-Url
X-Mod-Pagespeed
Verso
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-Trace
X-Middleton-Response
Response
Pagespeed
X-Sol
X-SharePointHealthScore
X-Middleton-Display
Accept-Ch
X-VARITI-CCR
Display
X-Cdn-Fetch
Service-Worker-Allowed
RTSS
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Server-Name
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-GitHub-Request-Id
X-Server-ID
X-ESI
Content-MD5
SPRequestDuration
SPIisLatency
X-Navigation-Version
X-Vcache
X-Abt-Application-Version
X-Debug
X-Powered-CMS
X-TTL
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-CST
Public-Key-Pins
Charset
MS-Author-Via
X-Upstream
X-Forwarded-Proto
X-Cached
Accept-Ch-Lifetime
X-NF-Request-ID
X-Px
X-Version
X-Amz-Rid
Realpath
DynaTrace
Edge-Cache-Tag
X-Shard
MicrosoftSharePointTeamServices
TCN
Arr-Disable-Session-Affinity
Fastly-Restarts
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Pinterest-Rid
Pinterest-Version
X-Ezoic-Cdn
X-Ser
Access-Control-Request-Method
X-Shield-Request-Id
X-MSEdge-Ref
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
S
X-SRCache-Fetch-Status
X-Fastly-Request-ID
X-Recruiting
X-XRDS-Location
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Goog-Generation
X-Goog-Stored-Content-Length
X-DIS-Request-ID
X-Accel-Expires
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Front-End-Https
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-Goog-Storage-Class
X-Element-Page-Cache
X-Id
X-Varnish-Age
X-T
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-Ttl
Cache-Tag
Fastcgi-Cache
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Frontend
X-Webapp-Samesite-None-Activated-N
X-Content-Digest
Powered
NR-ENABLED
X-Hits
X-RateLimit-Remaining
X-Correlation-Id
X-Kinsta-Cache
X-Fastcgi-Cache
X-Litespeed-Cache
X-FTR-Cache-Host
Alternate-Protocol
X-Grace
X-Hp-Webp
ServerID
X-Aspnetmvc-Version
X-N
X-Webkit-Csp
X-Cache-Hit
X-Request-Processing-Time
TP-L2-Cache
X-Request-Received
TP-Cache
PB-PID
X-Node-Name
X-Microsite
PB-RID
X-Request-Handler-Origin-Region
X-HS-Combine-CSS
X-Mobile-Rewrite
Arc-Version
Accept-CH
Server-Name
AMP-Access-Control-Allow-Source-Origin
Healthy
X-Rid
X-User-Agent
X-Content-Type
X-Zen-Fury
Accept-CH-Lifetime
X-Revision
Backend-Timing
X-Analytics
X-Akamai-Edgescape
Server-Node
X-Content-Security-Policy-Report-Only
X-LB-Cache
X-Logged-In
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Activity-Id
X-AppVersion
Cache-Status
X-Forwarded-For
X-Az
X-FastCGI-Cache
Ar-Sid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Pad
X-Oneagent-Js-Injection
X-NWS-LOG-UUID
X-IPLB-Instance
X-Cached-By
X-Varnish-Grace
X-GUploader-UploadID
Retry-After
X-Mobile-URL
X-Type
X-Srv
X-Content-Options
X-B3-Sampled
X-Ruxit-Js-Agent
Paypal-Debug-Id
X-F-Cache
Refresh
X-Via-JSL
X-Geo-Country
X-App-Environment
X-Tumblr-Pixel
X-Tumblr-User
Upgrade-Insecure-Requests
X-Tumblr-Pixel-0
X-FB-Debug
Host
X-Debug-Info
X-Varnish-Backend
Accept-Charset
X-Jobs
X-Page-Id
X-PHP-Backend
X-Request-Guid
X-Cluster
Access-Control-Allow-Method
DC
Actual-Object-TTL
FilterID
X-Instance
X-B
Source
X-Erf-Bev-Bev
X-Framework
X-AOL-HN
X-Erf-Bev-Bev-Is-Generated
X-Cache-Age
X-WebKit-CSP-Report-Only
X-ATG-Version
X-Seen-By
X-Cache-Key
AR-Request-ID
MS-CV
Fastcgi-Useragent
X-Content-Powered-By
X-Git-Hash
X-Cache-TTL
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-2
X-TT
X-Whom
X-Esi
X-PressLabs-Stats
X-TA-CDN-Provider
X-Amz-Replication-Status
X-Cache-Control
X-Host-Name
X-UA
X-B-Cache
Cache
X-Signature
Surrogate-Key
Host-Header
X-Wix-Request-Id
Frame-Options
X-Response-Served-From
NGB
X-Mobile
X-GeoIP
X-Cache-Operation
X-Cache-Rule
X-FW-Server
X-Kong-Upstream-Latency
X-Origin-Server
X-Kong-Proxy-Latency
X-FW-Type
X-FW-Serve
X-FW-Static
X-RequestSource
X-FW-Hash
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Cache-Tv-Group
X-Daa-Tunnel
X-Drupal-Cache-Tags
X-Cacheable-TTL
X-Handled-By
Cleartype
Filters
WPE-Backend
X-TX-ID
Webserver
X-Cache-NE
X-Cache-Enabled
Payment
X-Region
Xserver
X-Hyper-Cache
Eomportal-Instance
X-UA-Device-Type
X-Cache-Action
X-SERVER
From-Origin
X-Forwarded-Host
X-Adobe-Content
X-ProcessESI
X-Adobe-Loc
X-EdgeConnect-Cache-Status
X-RemovedCookies
X-Time
Datacenter
X-Load-Cache
X-RTag
Ms-Operation-Id
X-Hostname
X-Akamai-Transformed
X-Cache-TTL-Remaining
X-App-Server
X-NewRelic-App-Data
X-Cache-Server
X-Edge-Location
Tracecode
X-Status
Liferay-Portal
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-XRDS-LOCATION
X-ATS-Timestamp
X-Contextid
X-Varnish-Hostname
X-Varnish-Server
X-BCube-Filmed-By
Odigeo-Trace-Id
X-Rule
X-TT-TIMESTAMP
Country
X-Cache-Var-Map
X-Path-Route
X-RN-RSRV
Meta-Geo
X-ES-SERVER
Load-Balancing
X-Cache-Var
X-Upgrade-Enabled
X-Debug-Cache
X-Xfnlog-Site
X-Viewer-Country
X-VCT
DSUID
X-FW-Dynamic
Release
X-Rocket-Nginx-Bypass
TWC-Connection-Speed
TWC-Privacy
Webcakes-App-Name
TWC-Locale-Group
X-OCL
X-CCM
DB-Nickname
X-Origin-Hint
TWC-GeoIP-Country
TWC-Device-Class
X-PCL
Cache-Tags
TWC-GeoIP-LatLong
X-Varnish-Cache-Hits
X-Soup
Webcakes-Region
X-Via-Fastly
X-Pubstack
Property-Id
X-Cache-Config
Webcakes-App-Version
Mn-Server-Ip
X-IP
X-Human
X-ServerID
X-Loop
X-Real-IP
Origin-Cache-Control
Origin-Edge-Control
S-Rt
X-Timing-Wait
X-Hosted-By
Server-Info
Azure-InstanceId
Azure-RegionName
X-Proxy-Build
X-Proxy
X-Origin
Fastly-SSL
X-Cache-Time
L5d-Success-Class
Azure-SiteName
Azure-SlotName
Azure-Version
X-R9-Blue-Green-Version
Selected-Fe
X-TNCMS
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Akamai-Request-ID2
X-Oss-Request-Id
X-Oss-Server-Time
X-Cache-Host
X-Oss-Storage-Class
X-Drupal-Cache-Contexts
Version
X-FC-Vary-Parameters
X-From
X-Redis-Cache
X-EIG-Tracking-Id
X-Backend-Name
X-Format
X-RateLimit-Limit
X-Origin-Response-Time
X-PERF
X-Cluster-Name
Viewport
X-FireWall-Port
X-Locale
X-Labrador-Cache-Channel
X-Generated
X-Access
X-ApacheServer
X-Akamai-Request-ID
X-JoinUs
Cache-Name
Decoy-Debug-TTL
X-Site-Version
X-Vgn-Hpd-Reason
X-Web-Node
X-Www-Served-By
X-Section
X-UUID
X-Proto
Decoy-Debug-Status
Decoy-Debug-Key
X-Rendered-As
Ec-Rule-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
S-Cnection
X-Time-Microsecs
X-VCache
X-NWS-UUID-VERIFY
X-Varnish-Hits
X-Content-Age
X-ORACLE-APMCS-REQUEST-ID
X-Is-Bot
X-ORACLE-APMCS-TAG
NGX
X-Info
X-Storage
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
Uber-Trace-Id
X-Origin-TTL
Rt-Fastcgi-Cache
X-Origin-CC
X-URL
X-Generated-By
X-Cache-Backend
X-PHP-Host
Cteonnt-Length
X-Accel-Buffering
X-Presslabs-Stats
X-Amzn-Remapped-Content-Length
Cache-Key
Time
Akamai-GRN
X-SS-Set-Cookie
X-App-Version
Vix-Hermes-Req-Id
X-WA-Info
X-Guploader-Uploadid
GEO-INFO
X-Hit
X-NCache
X-SaId
X-Nginx-Cache-Key
Cache-Hits
X-GoCache-CacheStatus
X-Backend-TTL
X-APP-VERSION
X-Cache-Remote
X-No-Session
Accept-Language
X-FB-TRIP-ID
X-CF-Powered-By
Origin
X-Trace-Id
X-MServer
X-Device-Type
X-L-Path
X-Cache-Grace
X-Environment-Context
X-Geo
X-Tumblr-Pixel-3
X-B3-Traceid
X-CS
Access-Control-Request-Headers
X-OVcl-Cache
X-OVcl
X-SayCDN-TTL
X-B3-SpanId
X-Unique-Id
X-S
X-Say-Cacheable
X-Tb
X-CDN-Forward
X-Say-TTL
X-Cluster-Node
X-Uri
X-Tec-Api-Version
User-Cache-Control
X-CACHE-KEY
X-Tec-Api-Origin
X-Tec-Api-Root
X-Via-CDN
Srv
Fastcgi-X-Cache-Version
Apple-News-Services-Request-Url
AsisCache
Content-Script-Type
BehaviorPad-Version
Apple-News-Services-Parsed-Url
X-Rewrite-Enabled
Apple-News-Services-Handled
X-Request-UUID
X-Processor
ServedBy
X-Region-Sid
We-Hiring
Mail-Subject
X-PAYTM-SRV-ID
Apple-News-Services-Host
Rt-Proxy-Cache
X-ARC
X-B-Cookie
X-G
X-Application
X-AIR-PT
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-External-Request-Id
X-CF-Lambda-Fn
X-Destination
X-Detected-As
X-DPWN-IS-SECURE
X-Date
X-D
X-CF-Lambda-Version
X-Connection-Hash
X-A-Dgt
X-A-Dcw
Node
Rendered-Blocks
Request-Country
Mobile-Detection-Method
Meta-Geo-Continent
Cross-Origin-Window-Policy
Machine
MD5-Digest
Request-EU
Server-Host
X-A
X-A-Ccd
X-A-Dam
VivaBuild
Viewtype
X-Hl-Ver
T-Server
Content-Style-Type
Arc-Country
Mime-Version
X-Ah-Environment
X-Server-Time
X-Service
X-ScT
X-Trv-Group
X-Transaction
X-Vtex-Processado-Em
X-EC-Lua
X-CSRF-TOKEN
X-Twitter-Response-Tags
Xc-Version
X-VG-WebCache
X-Session-Fingerprint
X-Rojux
X-S-Cookie
X-SRCache-Key
X-Svr
X-Vtex-Remote-Cache
X-VG-WebServer
Now
X-ShopId
NtCoent-Length
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Alternate-Cache-Key
X-Shopify-Stage
OT-Force-Account-Verify
ServerName
X-Cache-Bucket
X-S-Maxage
X-Block-Status
X-Webstats-RespID
Wxu-Next-Region
X-Cache-Debug
Wxu-Next-Commit
Cache-Host
Served-By
Web-Mar-Node
CDCHOST
X-Gen-Mode
Wxu-Next-Hostname
X-SIPLIST1
X-Location
Hostname
X-Level-Front-Cache
Proxy-Connection
IsBot
X-User
X-Dispatch
X-UnsetCookies
X-Dispatcher-Server
X-Generated-On
X-Ms-Version
X-Ms-Request-Id
X-Endurance-Cache-Level
X-Hash
X-IN-APIGATEWAY
X-Reboot
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
RNT-Machine
X-Proxy-Cache-Status
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Instart-Isnd
X-IN-APIGATEWAYSSL
X-Hnp-Log
X-Varnish-Beresp-Ttl
X-Cms-Context
X-Dc
X-Request-URI
X-FW-Version
X-Reqid
X-Clara-WADP
X-WADP-Cache
RNT-Time
X-Shopify-Generated-Cart-Token
X-Has-Esi
X-GeoIP-City
X-SVT-ORM-RULES
True-Client-Country-4JS
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
X-Sucuri-Cache
X-Cache-Info
X-Core-Value
X-CUA
X-SVT-ORM-VERSION
X-Core-Mission
X-Compress-Hint
X-CGP
X-Epic-Correlation-Id
X-Clientip
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Thanos
X-Developers
X-Distil-CS
X-TrackingId
X-Debug-Log
X-Debug-Cache-Store
X-Debug-Cookies
X-Cdn-Srv
X-Eu-Site
X-Amz-Meta-Cache-Control
X-Generation-Time
X-App-Name
X-Variation
X-Geo-Header
X-Agile-Age
X-Agile-Id
X-Auto-Login
X-Generated-In
X-Cache-FS-Status
Server-Int
X-Cache-URL
X-C
X-Bip
X-Backend-State
X-BBXSRF
X-Agile
PFcat
X-Policy
X-LI-UUID
X-Platform-Server
X-Matched-Rule
Fastly-Soc-X-Request-Id
Gh-Request-Id
Ha-Gx-Prefs
X-Li-Pop
X-Qloud-Router
Heartbleed
HA-Ipaddr
X-Owner
X-NC
X-Thinkindot-L3
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Old-Content-Length
X-NX-Host
Content-Disposition
X-Sigma
Adler-Geo
AKAMAI
Countrycode
X-Sigma-Backend
X-Server-IP
Is-Eu
X-Scheme
X-Rocket-Build-Number
X-Is-Gdpr
X-Skip-Cache
Kp-EeAlive
X-Irp-Debug
Platform
X-Vdms-Version
SD-X-WS
X-We-Are-Hiring
Pramga
X-WebServer
X-JWT-State
X-SD-PageType
X-Li-Fabric
L
Memcached
X-Key
X-Request-Start
X-B3-Parentspanid
X-Nc
Cache-Provider
X-Distributor
X-Up
X-Origin-Date
X-Planisys-CDN-Cache
X-Origin-Expires
X-Planisys-CDN-Rules
X-Swa-Ws
X-Release
X-Planisys-CDN-TTL
X-ServiceProvider
X-Urbn-Site-Id
Locale
Magicmarker
X-VG-TLSProxy
X-VC-Cache
X-Fastly-Cache
IBM-Web2-Location
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
X-Internal-Host
Section-Io-Cache
V-Age
X-VServer
W
X-AK-Request-ID
X-LI-Proto
Cdnsip
X-Urbn-Context-Path
Cdncip
X-MSEdge-Flight
X-Cache-Id
X-NodeID
Esi-Enabled
X-MSEdge-Features
X-Method
X-Magnolia-Registration
X-Logging-Id
X-Azure-Ref
X-Azure-Ref-OriginShield
X-RCS-CacheZone
X-Parent-Response-Time
X-Via-NSCOPI
Server-ID
X-Upstream-Ht
X-Upstream-Ct
Powered-By-ChinaCache
X-Source
X-COUNTRY
X-SRV
X-B3-Spanid
X-Servername
X-ND-Cache
A
X-Developer
CF-IPCountry
X-Cdn-Forward
X-GRACE
X-Sn-Servicetimems
X-Device-Os
X-Cdn-Origin
GEO-REGION-INFO
X-Trafficlayer-App-Version
X-Be
X-Lb-Id
X-Node-Id
X-CLOUD-TRACE-CONTEXT
X-FPC
X-TIME
X-Sucuri-Id
Environment
Locid
X-VHOST
X-FORWARDED-FOR
X-Req
X-Nginx-Cache
X-Served-From
X-Zone
X-Servedbyhost
X-Gamma-Serve
FNAC-ModuleRouting
X-Sucuri-ID
Tcn
Geo-Info
X-Newrelic-Synthetics
X-Webkit-CSP
Request-Time
X-Refresh
ProcessTime
X-Microcachable
Resin-Trace
X-Tb-Optimization-Total-Bytes-Saved
X-HTML-Minification-Powered-By
X-Pjax-Url
X-IPS-LoggedIn
X-Render-Time
Memory
X-VWS-Id
X-Pf-Uncompressing
X-LJ-Flow-ID
X-AWS-Id
X-Edge-O15-RID
X-ElasticPress-Search
X-VCL-Version
Gannett-Cam-Experience-Id
X-Instart-Info
Group
X-NU-AKA-ACS-Version
X-ECACHE
X-Correlation-ID
CF-Cached-On
X-GeoIP-Country-Code
X-Backend-Url
X-DC
X-Var-Ttl
XServer
Amp-Access-Control-Allow-Source-Origin
Geoip-Latitude
GeoIp-Country-Code
X-NGENIX-Cache
TTL
Geoip-City
X-Backend-Host
X-Ratelimit-Remaining
X-CSRF-Token
X-Pod
Backend-Name
Cf-Ipcountry
Pics-Label
PICS-Label
MIME-Version
X-Mode
X-Unique-ID
X-MP-GENERATED-AT
X-Bc
GeoIP-Latitude
Lfy
REQUESTUUID
Cdn
GeoIP-City
X-Via-Edge
X-Via-SSL
GeoIP-Country-Code
N-Cache
Pagetype
M-TraceId
Cache-Prefix
X-APP
Ttl
X-Vcl-Version
X-ZONE
Fly-Cache
Fly-Request-Id
X-Check-Cacheable
X-GEO
X-Fstrz
X-Worker
HostName
Host-ID
Ohc-File-Size
Ohc-Cache-HIT
X-Via-Ucdn
X-Zipkin-Id
X-Proxied
X-Ratelimit-Limit
X-Routing-Service
X-PF-Uncompressing
HitType
X-HS-Status
X-Cache-Miss-From
X-Sedo-Request-Id
SRV
X-Swift-Error
X-Fastly-Country-Code
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Upstream-HT
X-LiteSpeed-Cache-Control
X-BC
X-Upstream-CT
X-Server-W
X-Cdn-Request-ID
Cache-Cookie-Set-Lfrom
X-PJAX-URL
X-Fetched-On
X-NGINX-Cache
X-Dynatrace-Js-Agent
URI
Fastly-SIE
Pragrma
Fastly-SWR
X-TH-Server
X-ServedByHost
User-Agent
X-Cache-Tag
On-Server
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Wa
CACHE
X-HostName
X-WR-MODIFICATION
Powered-By
X-Aicache-OS
X-UPSTREAM-Address
X-Request-Time
X-WA
CDN
X-Tt-Trace-Tag
Who
X-TT-LOGID
X-RateLimit-Reset
X-GDPR
Media-Length
X-LB-ID
X-BE
Dynatrace
X-Varnish-Cacheable
Cdn-Host
Cdn-Request-Time
X-Varnish-URL
X-Fastly-Backend-Reqs
X-LAGOON
X-Fpc
X-Edge-Server
X-Cf-Powered-By
DataCenter
X-Hello
SS
X-ABtesting
FSS-Proxy
X-ServerName
FSS-Cache
Get-Access-Time
Server-Id
X-Flog
Is-Session-Tracking
Debug
LB
X-SN
X-Ua
Filterid
X-Ftr-Cache-Host
X-Protected-By
X-DB
X-DI
X-RSL
AR-SID
X-DW
X-DSS
X-RPS
X-RPM
X-Action
SN
X-Org
X-Response-By
X-Varnish-Beresp-TTL
X-Gen-Id
XxX-Cache-Status
RequestId
Application
Thinkindot-Cache-Type
Cneonction
X-Li-Proto
Xet-Cookie
UCS
X-Tt-Trace-Host
SID
X-Dw-Trace-Id
X-Nananana
X-Fastly-Cache-Hits
Requestid
Warning
X-LiteSpeed-Tag
X-Request-Url
X-Akamai-ERRuleID
X-Amzn-Remapped-Date
Product
NnCoection
X-Amzn-Remapped-Connection
X-Akamai-ERPolicy