Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
X-Powered-By
CF-RAY
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
CF-Ray
X-Turbo-Charged-By
X-AH-Environment
X-Ua-Compatible
X-Age
X-Cache-Group
X-Pass-Why
X-Via
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Hacker
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Feature-Policy
Server-Timing
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Device
X-Rq
X-WebKit-CSP
Report-To
X-Ws-Request-Id
EagleEye-TraceId
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
X-Cnection
Request-Id
X-Backend-Server
Content-Location
X-Origin-Cache
X-DataDome
X-Node
NEL
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Readtime
X-Cloud-Trace-Context
X-Vhost
X-HW
X-Dispatcher
X-ORACLE-DMS-ECID
X-Application-Context
X-ORACLE-DMS-RID
X-Cdn
Allow
Surrogate-Control
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
Rating
X-Country
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Edge-Control
X-Instart-Request-ID
X-Vname
X-TtlSet
X-PC
Pinterest-Generated-By
X-Ruxit-JS-Agent
X-B3-TraceId
X-Varnish-TTL
X-Mod-Pagespeed
X-Url
X-MS-InvokeApp
Verso
X-TTL
SPRequestGuid
Accept-Ch
X-Powered-By-Plesk
X-D2id
X-Trace
X-ESI
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
Content-MD5
Service-Worker-Allowed
X-SharePointHealthScore
X-Sol
X-Cdn-Fetch
X-Use-Magma
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
Response
X-Middleton-Response
X-Kinja-Build
Pagespeed
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
RTSS
X-Middleton-Display
Display
X-Vcache
X-Navigation-Version
X-Abt-Application-Version
SPRequestDuration
SPIisLatency
X-Powered-CMS
X-Debug
X-Forwarded-Proto
Accept-Ch-Lifetime
X-Upstream
X-Cached
X-Amz-Server-Side-Encryption
Public-Key-Pins
X-Vcap-Request-Id
Charset
X-CST
DynaTrace
X-Version
MS-Author-Via
X-NF-Request-ID
X-Amz-Rid
Edge-Cache-Tag
Realpath
X-Px
X-DynaTrace-JS-Agent
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-Shard
TCN
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-TEC-API-ROOT
X-Shield-Request-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ezoic-Cdn
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
Access-Control-Request-Method
X-Accel-Expires
S
X-Pinterest-Rid
Pinterest-Version
X-Ser
X-DIS-Request-ID
Fastly-Restarts
X-Client-IP
X-Webapp-Samesite-None-Activated-N
Front-End-Https
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-XRDS-Location
X-Goog-Generation
X-Goog-Metageneration
X-Recruiting
X-Id
X-T
X-Amz-Meta-S3cmd-Attrs
X-Element-Page-Cache
X-Varnish-Age
Cache-Tag
X-Goog-Storage-Class
X-Webkit-Csp
X-Amzn-Trace-Id
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
X-Server-ID
X-Dw-Request-Base-Id
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-FTR-Expires
X-Fastcgi-Cache
Nginx-Cache
Fastcgi-Cache
X-Content-Digest
X-Frontend
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Hits
NR-ENABLED
Powered
X-Correlation-Id
X-Hp-Webp
Alternate-Protocol
X-Kinsta-Cache
X-FTR-Cache-Host
X-Aspnetmvc-Version
X-Content-Type
X-Request-Received
X-Request-Processing-Time
Server-Name
X-HS-Combine-CSS
X-RateLimit-Remaining
ServerID
X-Microsite
X-Request-Handler-Origin-Region
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
TP-Cache
TP-L2-Cache
X-Cache-Hit
X-N
X-Rid
X-Akamai-Edgescape
Healthy
X-Grace
X-User-Agent
X-Forwarded-For
X-Revision
X-Analytics
Backend-Timing
X-Pad
X-Content-Security-Policy-Report-Only
X-Node-Name
X-Logged-In
X-Mobile-URL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Zen-Fury
AMP-Access-Control-Allow-Source-Origin
X-LB-Cache
X-Ttl
X-Varnish-Grace
Server-Node
X-Oneagent-Js-Injection
X-Cached-By
Accept-CH-Lifetime
X-Az
X-Activity-Id
Accept-CH
X-AppVersion
Cache-Status
X-Content-Options
X-B3-Sampled
Refresh
X-F-Cache
X-Geo-Country
Upgrade-Insecure-Requests
X-GUploader-UploadID
X-NWS-LOG-UUID
X-Ruxit-Js-Agent
X-Type
X-IPLB-Instance
X-Varnish-Backend
Retry-After
X-Cache-2
FilterID
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-App-Environment
X-Jobs
Host
X-FB-Debug
X-Srv
X-PHP-Backend
X-Request-Guid
Actual-Object-TTL
X-Instance
X-Cluster
Paypal-Debug-Id
X-B
Accept-Charset
X-Debug-Info
X-AOL-HN
X-Framework
X-Page-Id
DC
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
Source
X-TT
Cache
X-ATG-Version
AR-CACHE
AR-ATIME
AR-PoweredBy
Fastcgi-Useragent
X-Cache-Age
X-Seen-By
X-FastCGI-Cache
X-Git-Hash
X-Erf-Bev-Bev
X-Cache-Key
MS-CV
X-Erf-Bev-Bev-Is-Generated
X-Content-Powered-By
Host-Header
X-B-Cache
X-Signature
X-PressLabs-Stats
VIX-Pulpo-Upstream-Status
X-Amz-Replication-Status
VIX-Pulpo-Node
X-Via-JSL
Ar-Sid
Xserver
X-TA-CDN-Provider
X-Cache-TTL
X-Origin-Server
X-ATS-Timestamp
X-Whom
X-Cache-Enabled
X-Cache-Control
X-Wix-Request-Id
X-Response-Served-From
NGB
X-Mobile
X-Daa-Tunnel
Surrogate-Key
X-UA
X-RequestSource
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Cache-Tv-Group
X-GeoIP
X-FW-Hash
X-FW-Serve
X-FW-Server
WPE-Backend
X-Cache-NE
X-FW-Static
X-Cacheable-TTL
Payment
X-Hyper-Cache
Frame-Options
X-FW-Type
Filters
Datacenter
Eomportal-Instance
Cleartype
X-Adobe-Loc
X-Host-Name
X-Adobe-Content
X-Litespeed-Cache
X-SERVER
X-Handled-By
X-Region
Webserver
X-Cache-Action
X-Drupal-Cache-Tags
X-TX-ID
X-Esi
X-Load-Cache
X-Kong-Upstream-Latency
X-XRDS-LOCATION
X-EdgeConnect-Cache-Status
X-Kong-Proxy-Latency
X-Hostname
X-Akamai-Transformed
X-Edge-Location
X-Cache-Operation
From-Origin
X-Cache-Rule
AR-Request-ID
X-Cache-TTL-Remaining
X-NewRelic-App-Data
X-ProcessESI
X-RemovedCookies
X-UA-Device-Type
X-ORACLE-APMCS-TAG
Liferay-Portal
X-ORACLE-APMCS-REQUEST-ID
X-RTag
Ms-Operation-Id
X-Varnish-Hostname
X-Oss-Object-Type
X-Cache-Server
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-Varnish-Server
X-Rule
X-Forwarded-Host
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Status
Country
X-Upgrade-Enabled
Odigeo-Trace-Id
X-Contextid
X-UUID
X-App-Server
Load-Balancing
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
X-RN-RSRV
Meta-Geo
X-Path-Route
X-From
X-BCube-Filmed-By
DSUID
X-TT-TIMESTAMP
DB-Nickname
TWC-GeoIP-LatLong
X-VCT
X-Origin-Hint
TWC-GeoIP-Country
Release
X-Rocket-Nginx-Bypass
TWC-Locale-Group
X-R9-Blue-Green-Version
Webcakes-App-Name
Webcakes-App-Version
TWC-Connection-Speed
TWC-Privacy
Webcakes-Region
TWC-Device-Class
X-EIG-Tracking-Id
X-Debug-Cache
X-CCM
Property-Id
X-Cache-Host
X-Cache-Config
X-BYPASS-REASON
X-Akamai-Request-ID
X-Cache-Time
X-Drupal-Cache-Contexts
X-FW-Dynamic
X-FireWall-Port
X-FC-Vary-Parameters
Uber-Trace-Id
Selected-Fe
Fastly-SSL
Cache-Tags
Cache-Name
L5d-Success-Class
Mn-Server-Ip
S-Rt
Origin-Edge-Control
Origin-Cache-Control
X-Hosted-By
X-Human
X-Soup
X-ServerID
X-Real-IP
X-Pubstack
X-Timing-Wait
X-TNCMS
X-Viewer-Country
X-Via-Fastly
X-Vgn-Hpd-Reason
X-ProxyCache-Status
X-ProxyCache-Key
X-OCL
X-Loop
X-IP
X-Origin
X-Origin-Response-Time
X-Proxy
X-Proto
X-PCL
Azure-Version
X-Proxy-Build
Azure-InstanceId
Azure-SlotName
X-Accel-Buffering
X-Redis-Cache
Azure-SiteName
Azure-RegionName
X-Backend-Name
X-Www-Served-By
Version
X-Varnish-Hits
X-Rendered-As
X-Site-Version
X-Is-Bot
X-Section
X-JoinUs
X-Generated
Ec-Rule-Version
X-Content-Age
X-Cluster-Name
X-Access
X-Format
X-Akamai-Request-ID2
X-Labrador-Cache-Channel
X-Locale
Viewport
X-Xfnlog-Site
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Web-Node
X-Generated-By
Decoy-Debug-Status
Decoy-Debug-TTL
NGX
Decoy-Debug-Key
S-Cnection
X-PHP-Host
X-Cache-Backend
X-Varnish-Cache-Hits
X-Time-Microsecs
Server-Info
X-NWS-UUID-VERIFY
X-SaId
X-Amzn-Remapped-Content-Length
X-ApacheServer
X-PERF
X-Info
Akamai-GRN
X-Storage
X-Origin-CC
X-URL
X-Origin-TTL
Tracecode
X-Geo
X-WA-Info
X-Time
X-Nginx-Cache-Key
X-Presslabs-Stats
Rt-Fastcgi-Cache
X-App-Version
Cteonnt-Length
X-CF-Powered-By
GEO-INFO
X-MServer
X-No-Session
Time
X-Guploader-Uploadid
X-Environment-Context
X-L-Path
Origin
X-Cache-Remote
X-TIME
Access-Control-Request-Headers
X-Tb
X-FB-TRIP-ID
X-Unique-Id
Accept-Language
X-APP-VERSION
Cache-Key
X-EC-Lua
X-Say-Cacheable
X-SayCDN-TTL
X-CACHE-KEY
X-Say-TTL
X-GoCache-CacheStatus
X-RateLimit-Limit
X-B3-SpanId
X-RCS-CacheZone
X-NCache
X-Backend-TTL
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-ShopId
Mime-Version
X-Hit
Vix-Hermes-Req-Id
Cache-Hits
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-ShopId
X-ShardId
X-Source
OT-Force-Account-Verify
X-VCache
X-Dc
X-Trace-Id
X-CDN-Forward
X-Device-Type
X-Tumblr-Pixel-3
X-Upstream-Ct
X-S
X-Upstream-Ht
X-CS
X-Endurance-Cache-Level
X-Accel-Expires-Debug
BehaviorPad-Version
Content-Style-Type
X-ARC
X-B-Cookie
X-Application
X-AIR-PT
AsisCache
X-A-Wwc
Cross-Origin-Window-Policy
X-Aed
Arc-Country
Apple-News-Services-Parsed-Url
IsBot
Request-Country
Fastcgi-X-Cache-Version
Apple-News-Services-Handled
Apple-News-Services-Host
Rendered-Blocks
Machine
Meta-Geo-Continent
Mobile-Detection-Method
Node
X-Magnolia-Registration
Request-EU
Rt-Proxy-Cache
X-A
Apple-News-Services-Request-Url
X-A-Ccd
X-A-Dam
X-A-Dcw
User-Cache-Control
MD5-Digest
Server-Host
T-Server
Viewtype
VivaBuild
X-A-Dgt
X-DPWN-IS-SECURE
X-Trv-Group
X-Twitter-Response-Tags
X-Transaction
X-ND-Cache
X-PAYTM-SRV-ID
X-Vdms-Version
X-VG-WebCache
Content-Script-Type
X-VG-WebServer
X-Parent-Response-Time
X-OVcl
X-Processor
X-Svr
X-Session-Fingerprint
X-SIPLIST1
X-ScT
X-Server-Time
X-Service
X-S-Cookie
X-Rojux
X-SRCache-Key
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-Vtex-Processado-Em
X-OVcl-Cache
X-Date
X-G
X-Ah-Environment
X-Destination
Xc-Version
X-External-Request-Id
X-Detected-As
X-D
X-Vtex-Remote-Cache
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Hl-Ver
X-Connection-Hash
X-Cluster-Node
Now
X-SS-Set-Cookie
ServerName
ServedBy
X-Cache-Bucket
X-Dispatch
X-Thinkindot-L3
X-CUA
X-Reboot
X-Core-Value
X-Location
Thinkindot-CacheControl
Server-Int
X-Hash
X-IN-APIGATEWAY
Wxu-Next-Hostname
Thinkindot-CacheControl-Type
Wxu-Next-Commit
Served-By
X-Generated-On
X-Level-Front-Cache
X-Via-NSCOPI
X-Matched-Rule
X-Instart-Isnd
Wxu-Next-Region
X-IN-APIGATEWAYSSL
X-Webstats-RespID
X-Dispatcher-Server
Thinkindot-Control
X-Tec-Api-Root
Mail-Subject
X-Tec-Api-Origin
We-Hiring
X-Tec-Api-Version
Srv
X-CSRF-TOKEN
NtCoent-Length
Proxy-Connection
X-SRV
X-Geo-Header
X-FW-Version
X-Epic-Correlation-Id
X-Eu-Site
X-Fastly-Cache
X-Gen-Mode
X-Generation-Time
X-Hnp-Log
X-Key
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-JWT-State
X-Is-Gdpr
X-Has-Esi
X-Distributor
X-Irp-Debug
X-GeoIP-City
X-Debug-Cookies
X-Cache-FS-Status
X-Cache-Info
X-Cdn-Srv
X-CGP
X-Cache-Debug
X-C
X-BBXSRF
X-Bip
X-Block-Status
X-Clara-WADP
X-Clientip
X-Debug-Cache-Store
X-Logging-Id
X-Debug-Log
X-Developers
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Cms-Context
X-Compress-Hint
X-Core-Mission
X-Distil-CS
X-Ms-Version
X-TrackingId
Powered-By-ChinaCache
X-Up
X-Uri
X-Thanos
X-SVT-ORM-VERSION
X-Sigma-Backend
X-Skip-Cache
X-Sucuri-Cache
X-SVT-ORM-RULES
X-User
X-Variation
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-WebServer
X-We-Are-Hiring
X-VC-Cache
X-VG-TLSProxy
X-VServer
X-WADP-Cache
X-Sigma
X-Server-IP
X-Owner
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Origin-Expires
X-Origin-Date
X-Ms-Request-Id
X-Backend-State
X-NX-Host
CDCHOST
X-Platform-Server
X-Proxy-Cache-Status
X-Rocket-Build-Number
X-S-Maxage
X-Scheme
X-SD-PageType
X-Request-URI
X-Request-Start
X-Proxy-Upstream
X-Qloud-Router
X-Release
X-Reqid
X-Method
X-Old-Content-Length
Adler-Geo
L
Magicmarker
X-Agile
X-Agile-Age
Web-Mar-Node
Is-Eu
X-Agile-Id
Memcached
PFcat
Section-Io-Cache
Server-ID
W
SD-X-WS
RNT-Time
Platform
Pramga
RNT-Machine
Heartbleed
IBM-Web2-Location
X-Amz-Meta-Cache-Control
Cache-Host
X-Auto-Login
X-Azure-Ref
Content-Disposition
X-Azure-Ref-OriginShield
X-B3-Parentspanid
Countrycode
Esi-Enabled
Gh-Request-Id
Ha-Gx-Prefs
Fastly-Soc-X-Request-Id
HA-Ipaddr
AKAMAI
X-Nc
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Trafficlayer-App-Version
X-Internal-Host
X-Generated-In
Kp-EeAlive
X-LI-Proto
X-Policy
X-Swa-Ws
X-Cache-Id
X-Cache-URL
X-App-Name
Cache-Provider
Environment
X-Cache-Grace
X-Cdn-Forward
X-Served-From
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Req
X-MSEdge-Features
X-NodeID
X-ServiceProvider
X-AK-Request-ID
Cdnsip
Cdncip
X-MSEdge-Flight
V-Age
Locale
True-Client-Country-4JS
Locid
X-HTML-Minification-Powered-By
X-NC
X-Via-CDN
FNAC-ModuleRouting
X-B3-Traceid
X-Gamma-Serve
X-Servername
X-IPS-LoggedIn
X-GRACE
X-Lb-Id
GEO-REGION-INFO
X-CLOUD-TRACE-CONTEXT
X-Be
X-B3-Spanid
X-Nginx-Cache
X-Newrelic-Synthetics
X-Refresh
CF-IPCountry
X-Sucuri-Id
X-Render-Time
X-Zone
X-FPC
ProcessTime
X-Edge-O15-RID
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
Hostname
X-NU-AKA-ACS-Version
X-Tb-Optimization-Total-Bytes-Saved
X-UnsetCookies
X-MP-GENERATED-AT
X-VHOST
Tcn
Geo-Info
X-GeoIP-Country-Code
X-Sucuri-ID
X-Mode
X-Pjax-Url
A
X-Microcachable
X-Developer
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-Cdn-Origin
X-Servedbyhost
X-Sn-Servicetimems
X-Device-Os
X-Ratelimit-Remaining
X-FORWARDED-FOR
X-Pf-Uncompressing
X-Node-Id
X-Routing-Service
X-Zipkin-Id
X-Proxied
Gannett-Cam-Experience-Id
X-COUNTRY
TTL
X-Bc
Memory
X-CSRF-Token
Cf-Ipcountry
X-Correlation-ID
Cache-Cookie-Set-From
Geoip-Latitude
GeoIp-Country-Code
Amp-Access-Control-Allow-Source-Origin
Resin-Trace
Request-Time
X-DC
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Ratelimit-Limit
CF-Cached-On
X-Request-Time
HostName
PICS-Label
X-Pod
Pics-Label
X-Vcl-Version
M-TraceId
X-VCL-Version
X-Via-SSL
GeoIP-Latitude
Cdn
X-Via-Edge
X-Cdn-Request-ID
GeoIP-City
GeoIP-Country-Code
X-Unique-ID
X-TH-Server
X-ZONE
X-NODE
Host-ID
Group
Ttl
X-ECACHE
Geoip-City
X-Instart-Info
X-ElasticPress-Search
X-Swift-Error
Powered-By
HitType
X-PF-Uncompressing
X-Backend-Url
X-APP
X-Backend-Host
X-NGINX-Cache
X-Var-Ttl
Ohc-Cache-HIT
Ohc-File-Size
MIME-Version
XServer
X-UPSTREAM-Address
X-Check-Cacheable
Media-Length
X-ServedByHost
URI
Backend-Name
X-Fastly-Country-Code
X-BC
SRV
On-Server
Pagetype
REQUESTUUID
User-Agent
X-HS-Status
N-Cache
Lfy
X-Varnish-Ttl
X-Hp-Ccpa-Warning
X-HostName
X-NGENIX-Cache
FSS-Cache
X-Tt-Trace-Host
X-Aicache-OS
X-Cache-Tag
Fly-Request-Id
X-PJAX-URL
X-Tt-Trace-Tag
Cache-Prefix
FSS-Proxy
X-WR-MODIFICATION
X-Fstrz
Fly-Cache
X-LiteSpeed-Cache-Control
X-Worker
X-WA
Who
X-Via-Ucdn
X-NYM-Debug-Backend
UCS
AR-SID
Pragrma
X-Fetched-On
X-Cache-Miss-From
X-Cache-Tags
X-BE
X-Sedo-Request-Id
CDN
X-Varnish-Authentication
X-Varnish-Cacheable
X-Varnish-URL
X-Cache-ASPX
Processtime
X-Server-W
Server-Cache-Control
X-LAGOON
X-LB-ID
X-Fpc
Server-Surrogate-Control
X-Contensis-Viewer-Groups
X-GEO
X-Cf-Powered-By
Location
Fastly-Backend-Name
Country-Code
X-Store
Fastly-SIE
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Fastly-SWR
Debug
X-ServerName
X-Fastly-Backend-Reqs
X-Wa
X-Ftr-Cache-Host
X-Ua
X-Varnish-Beresp-TTL
X-Akamai-ERPolicy
X-Protected-By
X-Akamai-ERRuleID
X-Response-By
X-Upstream-HT
X-BACKEND-TTL
X-Upstream-CT
X-Apw-Access-Object
X-Apw-Access-Token
RequestId
X-Apw-Hits
WP-Super-Cache
LB
Ohc-Response-Time
X-Apw-Access-Action
X-Amzn-Remapped-Connection
X-Fastly-Cache-Hits
X-Gen-Id
SID
X-Nananana
NnCoection
X-Request-Url
Product
Application
XxX-Cache-Status
X-Li-Proto
X-TT-LOGID
X-SB
X-VC
X-Amzn-Remapped-Date
Cneonction
Thinkindot-Cache-Type
X-Dw-Trace-Id
Xet-Cookie