Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
X-Powered-By
CF-RAY
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
CF-Ray
X-Turbo-Charged-By
X-AH-Environment
X-Ua-Compatible
X-Age
X-Cache-Group
X-Pass-Why
X-Via
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Hacker
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Feature-Policy
Server-Timing
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Device
X-Rq
X-WebKit-CSP
Report-To
X-Ws-Request-Id
EagleEye-TraceId
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
Request-Id
X-Cnection
X-Backend-Server
Content-Location
X-Origin-Cache
X-DataDome
X-Node
NEL
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Readtime
X-Cloud-Trace-Context
X-Vhost
X-HW
X-Dispatcher
X-ORACLE-DMS-ECID
X-Application-Context
X-ORACLE-DMS-RID
X-Cdn
Allow
Surrogate-Control
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
Rating
X-Country
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Edge-Control
X-Instart-Request-ID
X-Vname
X-PC
X-TtlSet
Pinterest-Generated-By
X-Ruxit-JS-Agent
X-Varnish-TTL
X-Mod-Pagespeed
X-Url
X-B3-TraceId
X-MS-InvokeApp
Verso
X-TTL
Accept-Ch
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-Trace
X-ESI
X-Server-Name
X-VARITI-CCR
X-GitHub-Request-Id
Content-MD5
Service-Worker-Allowed
X-SharePointHealthScore
X-Sol
Pagespeed
Response
X-Middleton-Response
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
RTSS
Display
X-Middleton-Display
X-Vcache
X-Navigation-Version
X-Abt-Application-Version
SPIisLatency
SPRequestDuration
X-Powered-CMS
X-Debug
X-Forwarded-Proto
Accept-Ch-Lifetime
X-Upstream
X-Cached
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
Charset
DynaTrace
X-Version
MS-Author-Via
X-CST
X-NF-Request-ID
X-Amz-Rid
Realpath
Edge-Cache-Tag
X-Px
X-DynaTrace-JS-Agent
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-Shard
TCN
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Shield-Request-Id
X-Ezoic-Cdn
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastly-Request-ID
Access-Control-Request-Method
S
X-Pinterest-Rid
Pinterest-Version
X-Accel-Expires
X-Ser
X-DIS-Request-ID
Fastly-Restarts
X-Client-IP
X-Webapp-Samesite-None-Activated-N
Front-End-Https
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-XRDS-Location
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-T
X-Varnish-Age
X-Element-Page-Cache
Cache-Tag
X-Aspnet-Version
X-Goog-Storage-Class
X-Amzn-Trace-Id
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-Dw-Request-Base-Id
X-Server-ID
Mrf-Cache-Status
X-B3-TraceId-Primal
X-FTR-Expires
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-Fastcgi-Cache
Nginx-Cache
Fastcgi-Cache
X-Content-Digest
X-Frontend
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
NR-ENABLED
Powered
X-Hits
X-Correlation-Id
X-Hp-Webp
Alternate-Protocol
X-Kinsta-Cache
X-FTR-Cache-Host
X-Aspnetmvc-Version
X-Content-Type
X-Webkit-Csp
X-Request-Received
X-Request-Processing-Time
Server-Name
X-RateLimit-Remaining
X-HS-Combine-CSS
ServerID
X-Request-Handler-Origin-Region
X-Microsite
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
TP-L2-Cache
TP-Cache
X-Cache-Hit
X-Rid
X-N
X-Akamai-Edgescape
Healthy
X-Grace
X-Revision
X-User-Agent
X-Analytics
Backend-Timing
X-Forwarded-For
X-Pad
X-Content-Security-Policy-Report-Only
X-Node-Name
X-Logged-In
X-Mobile-URL
X-Amzn-RequestId
X-Amz-Apigw-Id
AMP-Access-Control-Allow-Source-Origin
X-Zen-Fury
X-LB-Cache
X-Varnish-Grace
X-Ttl
X-Cached-By
Server-Node
X-Oneagent-Js-Injection
X-Activity-Id
X-AppVersion
Accept-CH-Lifetime
Accept-CH
X-Az
Cache-Status
X-Content-Options
X-B3-Sampled
X-F-Cache
Refresh
X-Geo-Country
X-GUploader-UploadID
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
Upgrade-Insecure-Requests
X-IPLB-Instance
X-Type
X-Varnish-Backend
Retry-After
FilterID
X-Tumblr-Pixel
X-Cache-2
X-App-Environment
X-Tumblr-User
X-Tumblr-Pixel-0
Host
X-Srv
X-FB-Debug
Paypal-Debug-Id
Accept-Charset
Actual-Object-TTL
DC
X-Cluster
X-Jobs
X-Page-Id
X-PHP-Backend
X-Framework
X-Instance
X-Debug-Info
X-B
X-AOL-HN
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-Request-Guid
Source
X-TT
X-ATG-Version
Cache
AR-PoweredBy
AR-ATIME
AR-CACHE
Fastcgi-Useragent
X-Cache-Age
X-Seen-By
X-FastCGI-Cache
X-Git-Hash
MS-CV
X-Cache-Key
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Content-Powered-By
X-B-Cache
X-PressLabs-Stats
Host-Header
X-Signature
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
X-Via-JSL
VIX-Pulpo-Node
Ar-Sid
Xserver
X-TA-CDN-Provider
X-Cache-TTL
X-ATS-Timestamp
X-Origin-Server
X-Cache-Enabled
X-Whom
X-Cache-Control
NGB
X-Response-Served-From
X-Mobile
X-Wix-Request-Id
X-Daa-Tunnel
Surrogate-Key
X-UA
X-RequestSource
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-GeoIP
Cache-Tv-Group
Datacenter
Frame-Options
Eomportal-Instance
Payment
X-Cacheable-TTL
WPE-Backend
Filters
Cleartype
X-Cache-NE
X-Hyper-Cache
X-FW-Server
X-Adobe-Content
X-Litespeed-Cache
X-FW-Hash
X-FW-Type
X-Host-Name
X-FW-Serve
X-Adobe-Loc
X-FW-Static
X-SERVER
X-Region
X-Handled-By
X-Cache-Action
X-TX-ID
X-Drupal-Cache-Tags
Webserver
X-Load-Cache
X-Esi
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-EdgeConnect-Cache-Status
X-XRDS-LOCATION
X-Akamai-Transformed
X-Hostname
X-Cache-Rule
From-Origin
X-Edge-Location
X-Cache-Operation
AR-Request-ID
X-NewRelic-App-Data
X-Cache-TTL-Remaining
X-ProcessESI
X-RemovedCookies
X-UA-Device-Type
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Liferay-Portal
Ms-Operation-Id
X-RTag
X-Varnish-Hostname
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Cache-Server
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Varnish-Server
X-Forwarded-Host
X-Rule
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Status
Country
X-Upgrade-Enabled
Odigeo-Trace-Id
X-Contextid
X-UUID
X-App-Server
Load-Balancing
X-ES-SERVER
Meta-Geo
X-Cache-Var
X-RN-RSRV
X-Cache-Var-Map
X-Path-Route
X-BCube-Filmed-By
X-From
DSUID
DB-Nickname
Webcakes-App-Version
TWC-GeoIP-Country
Webcakes-Region
Release
Property-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
X-Origin-Hint
X-TT-TIMESTAMP
X-Rocket-Nginx-Bypass
X-Debug-Cache
X-EIG-Tracking-Id
X-VCT
X-R9-Blue-Green-Version
X-CCM
X-Drupal-Cache-Contexts
X-Pubstack
Mn-Server-Ip
Origin-Cache-Control
X-Cache-Time
X-OCL
X-Cache-Host
X-Real-IP
X-Loop
X-FC-Vary-Parameters
Cache-Tags
Cache-Name
Azure-Version
Azure-SlotName
X-Human
X-IP
X-FireWall-Port
X-Proto
L5d-Success-Class
S-Rt
Selected-Fe
X-ProxyCache-Key
X-ProxyCache-Status
X-Akamai-Request-ID
Uber-Trace-Id
X-Vgn-Hpd-Reason
X-Via-Fastly
X-PCL
X-Proxy-Build
X-Hosted-By
X-Proxy
X-TNCMS
X-Origin-Response-Time
Azure-SiteName
X-Cache-Config
X-ServerID
X-Soup
X-Timing-Wait
X-BYPASS-REASON
X-Origin
X-Viewer-Country
Origin-Edge-Control
X-Accel-Buffering
Azure-RegionName
Azure-InstanceId
X-Redis-Cache
Viewport
X-Akamai-Request-ID2
X-Site-Version
X-Section
X-Labrador-Cache-Channel
X-Www-Served-By
X-Varnish-Hits
X-Xfnlog-Site
X-JoinUs
X-Is-Bot
X-Generated
Version
X-FW-Dynamic
X-Format
X-Cluster-Name
X-Locale
Ec-Rule-Version
X-Backend-Name
X-Access
X-Rendered-As
Fastly-SSL
X-Web-Node
NGX
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated-By
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Content-Age
Server-Info
S-Cnection
X-Time-Microsecs
X-PHP-Host
X-Cache-Backend
X-Varnish-Cache-Hits
X-SaId
X-NWS-UUID-VERIFY
X-Amzn-Remapped-Content-Length
X-PERF
X-ApacheServer
Akamai-GRN
X-Info
X-Storage
X-Origin-CC
Tracecode
X-Geo
X-URL
X-Origin-TTL
X-WA-Info
X-Time
X-Nginx-Cache-Key
X-Presslabs-Stats
Rt-Fastcgi-Cache
GEO-INFO
Cteonnt-Length
X-CF-Powered-By
X-App-Version
X-No-Session
X-MServer
Time
X-Guploader-Uploadid
Origin
X-Cache-Remote
X-L-Path
X-Environment-Context
Access-Control-Request-Headers
X-Tb
X-TIME
X-APP-VERSION
X-FB-TRIP-ID
Cache-Key
Accept-Language
X-Unique-Id
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-EC-Lua
X-CACHE-KEY
X-RateLimit-Limit
X-GoCache-CacheStatus
X-Backend-TTL
X-NCache
X-RCS-CacheZone
X-Hit
Mime-Version
X-ShardId
X-Sorting-Hat-ShopId
Cache-Hits
Vix-Hermes-Req-Id
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Generated-Cart-Token
X-Alternate-Cache-Key
X-Source
X-Trace-Id
X-VCache
OT-Force-Account-Verify
X-B3-SpanId
X-Dc
X-B3-Traceid
X-CDN-Forward
X-Device-Type
X-Tumblr-Pixel-3
X-CS
X-S
X-Endurance-Cache-Level
X-Destination
X-B-Cookie
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
Node
X-ARC
X-Detected-As
X-Processor
Content-Script-Type
X-ND-Cache
X-Magnolia-Registration
Content-Style-Type
BehaviorPad-Version
AsisCache
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Arc-Country
Cross-Origin-Window-Policy
Fastcgi-X-Cache-Version
X-Region-Sid
X-DPWN-IS-SECURE
MD5-Digest
Meta-Geo-Continent
Machine
User-Cache-Control
X-PAYTM-SRV-ID
X-Hl-Ver
X-G
X-External-Request-Id
Mobile-Detection-Method
X-AIR-PT
X-Transaction
Viewtype
X-Trv-Group
X-Twitter-Response-Tags
VivaBuild
X-Vtex-Remote-Cache
X-Application
X-Svr
X-Connection-Hash
X-A-Dgt
Server-Host
X-Parent-Response-Time
X-OVcl-Cache
X-CF-Lambda-Fn
X-VG-WebCache
X-A-Ccd
X-A
X-Vdms-Version
X-VG-WebServer
X-A-Dam
X-OVcl
X-CF-Lambda-Version
X-Vtex-Processado-Em
X-A-Dcw
Apple-News-Services-Parsed-Url
T-Server
X-Session-Fingerprint
X-Date
X-Ah-Environment
Request-EU
X-Upstream-Ht
X-Upstream-Ct
X-Service
Rt-Proxy-Cache
X-Aed
X-Server-Time
X-D
Rendered-Blocks
Xc-Version
X-SRCache-Key
X-ScT
X-A-Wwc
X-Accel-Expires-Debug
Request-Country
X-SS-Set-Cookie
ServerName
X-Cluster-Node
Now
ServedBy
IsBot
X-Level-Front-Cache
X-Generated-On
Wxu-Next-Region
X-CUA
X-Core-Value
Served-By
X-Dispatch
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Instart-Isnd
Thinkindot-Control
Wxu-Next-Commit
Wxu-Next-Hostname
X-Cache-Bucket
X-Hash
X-Dispatcher-Server
Mail-Subject
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Via-NSCOPI
X-Thinkindot-L3
X-Reboot
We-Hiring
X-Webstats-RespID
X-Location
Srv
X-Matched-Rule
X-SIPLIST1
X-SRV
X-CSRF-TOKEN
NtCoent-Length
Proxy-Connection
X-Compress-Hint
X-Sigma
X-Clara-WADP
X-SVT-ORM-RULES
X-TrackingId
X-Thanos
X-SVT-ORM-VERSION
X-Clientip
X-Cms-Context
X-Sucuri-Cache
X-Sigma-Backend
X-Skip-Cache
X-CGP
X-Variation
X-C
X-Block-Status
X-Wikidot-Static-Cache
X-Cache-Debug
X-Wikidot-Backend
X-Bip
X-BBXSRF
X-B3-Parentspanid
X-Backend-State
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Cache-FS-Status
X-Cache-Info
X-VC-Cache
X-Debug-Cache-Expiry
X-User
X-Uri
X-Cdn-Srv
X-VG-TLSProxy
X-WebServer
X-We-Are-Hiring
X-WADP-Cache
X-VServer
X-Up
X-Debug-Cache-Fetch
X-Owner
X-Planisys-CDN-Cache
X-Origin-Expires
X-Irp-Debug
X-Origin-Date
X-Hnp-Log
X-Planisys-CDN-Rules
X-Geo-Header
X-GeoIP-City
X-Has-Esi
X-Planisys-CDN-TTL
X-Is-Gdpr
X-Old-Content-Length
X-Li-Pop
X-Method
X-LI-UUID
X-Logging-Id
X-Li-Fabric
X-Ms-Request-Id
X-JWT-State
X-NX-Host
X-Ms-Version
X-Key
X-Generation-Time
X-Platform-Server
X-Developers
X-Rocket-Build-Number
X-Request-URI
X-Request-Start
X-S-Maxage
X-Scheme
X-SD-PageType
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Distil-CS
X-Distributor
X-Fastly-Cache
X-FW-Version
X-Proxy-Cache-Status
X-Gen-Mode
X-Proxy-Upstream
X-Qloud-Router
X-Reqid
X-Release
X-Epic-Correlation-Id
X-Eu-Site
X-Server-IP
X-Agile-Age
Magicmarker
Memcached
Powered-By-ChinaCache
Is-Eu
IBM-Web2-Location
PFcat
Platform
SD-X-WS
RNT-Time
RNT-Machine
Pramga
Heartbleed
HA-Ipaddr
X-Azure-Ref-OriginShield
CDCHOST
Cache-Host
AKAMAI
Adler-Geo
Content-Disposition
Countrycode
Ha-Gx-Prefs
Gh-Request-Id
Fastly-Soc-X-Request-Id
Esi-Enabled
Section-Io-Cache
L
Server-ID
X-Azure-Ref
X-Auto-Login
X-Amz-Meta-Cache-Control
Web-Mar-Node
W
X-Agile-Id
X-Agile
Server-Int
X-Nc
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Policy
X-Generated-In
X-Cache-Id
X-Cache-URL
Kp-EeAlive
X-LI-Proto
X-Trafficlayer-App-Version
X-Swa-Ws
X-App-Name
X-Core-Mission
Environment
X-Cdn-Forward
Cache-Provider
X-Cache-Grace
X-MSEdge-Features
X-Internal-Host
X-MSEdge-Flight
X-HTML-Minification-Powered-By
X-Req
True-Client-Country-4JS
Locid
Locale
Cdnsip
V-Age
X-AK-Request-ID
X-Urbn-Context-Path
X-ServiceProvider
X-Served-From
X-NodeID
X-Urbn-Site-Id
Cdncip
X-Via-CDN
X-NC
X-Servername
X-Gamma-Serve
X-B3-Spanid
FNAC-ModuleRouting
X-IPS-LoggedIn
X-GRACE
GEO-REGION-INFO
X-Be
X-CLOUD-TRACE-CONTEXT
X-Lb-Id
X-Newrelic-Synthetics
X-Nginx-Cache
X-Refresh
CF-IPCountry
X-Zone
X-Render-Time
X-FPC
X-Sucuri-Id
ProcessTime
X-Edge-O15-RID
X-Tb-Optimization-Total-Bytes-Saved
X-MP-GENERATED-AT
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
X-VHOST
X-UnsetCookies
X-NU-AKA-ACS-Version
Hostname
X-GeoIP-Country-Code
Geo-Info
Tcn
X-Mode
X-Sucuri-ID
X-Webkit-CSP
X-Developer
X-Microcachable
X-Pjax-Url
A
X-Servedbyhost
X-Device-Os
X-Cdn-Origin
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-Sn-Servicetimems
X-Ratelimit-Remaining
X-Node-Id
X-FORWARDED-FOR
X-Pf-Uncompressing
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-COUNTRY
X-Bc
X-CSRF-Token
Memory
Gannett-Cam-Experience-Id
TTL
X-Correlation-ID
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
Cache-Cookie-Set-Lfrom
Geoip-Latitude
GeoIp-Country-Code
Resin-Trace
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Request-Time
X-DC
X-Ratelimit-Limit
CF-Cached-On
HostName
X-Pod
PICS-Label
X-Request-Time
X-Vcl-Version
Pics-Label
Cdn
GeoIP-City
X-Via-SSL
X-Via-Edge
M-TraceId
GeoIP-Latitude
GeoIP-Country-Code
X-VCL-Version
X-Cdn-Request-ID
X-Unique-ID
Host-ID
X-NODE
X-TH-Server
Group
X-ZONE
X-ElasticPress-Search
Ttl
X-Instart-Info
X-ECACHE
Geoip-City
X-Swift-Error
X-APP
X-Var-Ttl
HitType
X-NGINX-Cache
X-Backend-Url
Ohc-Cache-HIT
X-Backend-Host
MIME-Version
Powered-By
Ohc-File-Size
X-PF-Uncompressing
XServer
X-UPSTREAM-Address
Media-Length
Backend-Name
X-BC
URI
X-Check-Cacheable
X-ServedByHost
X-Fastly-Country-Code
SRV
Lfy
X-HS-Status
Pagetype
On-Server
N-Cache
User-Agent
REQUESTUUID
X-Varnish-Ttl
X-HostName
X-NGENIX-Cache
X-Hp-Ccpa-Warning
X-Cache-Tag
X-Fstrz
FSS-Cache
X-Tt-Trace-Host
Fly-Cache
X-PJAX-URL
FSS-Proxy
Cache-Prefix
Fly-Request-Id
X-Aicache-OS
X-Tt-Trace-Tag
X-WR-MODIFICATION
X-LiteSpeed-Cache-Control
Who
X-WA
UCS
X-Via-Ucdn
X-NYM-Debug-Backend
X-Worker
AR-SID
X-BE
X-Sedo-Request-Id
X-Fetched-On
X-Cache-Tags
Pragrma
CDN
X-Cache-Miss-From
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Varnish-Authentication
X-Server-W
X-Varnish-URL
X-Varnish-Cacheable
X-LAGOON
Server-Surrogate-Control
Server-Cache-Control
X-Fpc
X-GEO
X-LB-ID
Processtime
X-Cf-Powered-By
X-Rebelmouse-Cache-Control
X-Store
Fastly-SIE
X-Fastly-Backend-Reqs
X-Rebelmouse-Surrogate-Control
X-ServerName
Country-Code
Debug
Fastly-SWR
X-Wa
Location
X-Ua
X-Ftr-Cache-Host
X-Response-By
X-Akamai-ERPolicy
X-Varnish-Beresp-TTL
X-Protected-By
X-Akamai-ERRuleID
Fastly-Backend-Name
X-BACKEND-TTL
X-Upstream-HT
X-Upstream-CT
X-Apw-Hits
RequestId
Ohc-Response-Time
LB
X-Apw-Access-Action
X-Apw-Access-Token
WP-Super-Cache
X-Apw-Access-Object
X-Gen-Id
SID
X-Amzn-Remapped-Date
X-Fastly-Cache-Hits
X-Amzn-Remapped-Connection
X-Li-Proto
X-TT-LOGID
X-Dw-Trace-Id
Thinkindot-Cache-Type
Application
Product
Cneonction
X-SB
X-VC
XxX-Cache-Status
X-Nananana
X-Request-Url
NnCoection
Xet-Cookie