Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
X-Turbo-Charged-By
CF-Ray
X-Age
X-Cache-Group
X-Via
X-Pass-Why
X-AH-Environment
X-Backend
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Hacker
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Device
X-WebKit-CSP
X-Rq
Report-To
X-Ws-Request-Id
EagleEye-TraceId
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
Request-Id
X-Cnection
X-Backend-Server
Content-Location
X-DataDome
X-Origin-Cache
X-Node
NEL
X-Cache-Lookup
X-Readtime
X-Dns-Prefetch-Control
X-Cloud-Trace-Context
X-Vhost
X-HW
X-Dispatcher
X-ORACLE-DMS-ECID
X-Application-Context
P3p
X-ORACLE-DMS-RID
X-Cdn
Allow
Surrogate-Control
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country
X-DynaTrace
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
X-Ruxit-JS-Agent
Pinterest-Generated-By
Edge-Control
X-Instart-Request-ID
X-TtlSet
X-PC
X-Vname
X-Mod-Pagespeed
X-Url
X-B3-TraceId
Accept-Ch
X-MS-InvokeApp
Verso
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-Trace
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
Service-Worker-Allowed
Content-MD5
X-SharePointHealthScore
X-TTL
X-ESI
Response
X-Middleton-Response
Pagespeed
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Variant
X-Sol
X-Exp-Id
Display
RTSS
X-Middleton-Display
Accept-Ch-Lifetime
X-Navigation-Version
X-Vcache
SPRequestDuration
SPIisLatency
X-Abt-Application-Version
X-Powered-CMS
X-Debug
X-Forwarded-Proto
X-Upstream
X-Cached
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
Charset
X-Version
DynaTrace
MS-Author-Via
X-CST
X-NF-Request-ID
X-Amz-Rid
Edge-Cache-Tag
Realpath
X-Px
X-DynaTrace-JS-Agent
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Shard
TCN
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Ezoic-Cdn
X-Shield-Request-Id
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastly-Request-ID
Access-Control-Request-Method
Pinterest-Version
X-Ser
X-Pinterest-Rid
S
X-Accel-Expires
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-DIS-Request-ID
Fastly-Restarts
X-Client-IP
X-XRDS-Location
Front-End-Https
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Webapp-Samesite-None-Activated-N
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-T
X-Id
X-Varnish-Age
X-Element-Page-Cache
X-Goog-Storage-Class
Cache-Tag
X-Amzn-Trace-Id
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Dw-Request-Base-Id
Mrf-Cache-Status
X-FTR-Expires
Nginx-Cache
X-Server-ID
Fastcgi-Cache
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Frontend
NR-ENABLED
Powered
X-Hits
X-Fastcgi-Cache
X-Correlation-Id
X-Hp-Webp
X-Ttl
Alternate-Protocol
X-Kinsta-Cache
X-FTR-Cache-Host
X-Content-Type
X-Request-Processing-Time
X-Request-Received
Server-Name
X-RateLimit-Remaining
ServerID
X-Aspnetmvc-Version
X-HS-Combine-CSS
X-Request-Handler-Origin-Region
X-Microsite
X-Webkit-Csp
PB-PID
PB-RID
X-Mobile-Rewrite
TP-L2-Cache
X-Grace
Arc-Version
TP-Cache
X-N
X-Cache-Hit
X-Rid
Healthy
X-Akamai-Edgescape
X-User-Agent
X-Pad
X-Forwarded-For
Backend-Timing
X-Analytics
X-Revision
X-Node-Name
X-Content-Security-Policy-Report-Only
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-Mobile-URL
X-Amz-Apigw-Id
X-Zen-Fury
X-Amzn-RequestId
X-LB-Cache
Server-Node
X-Varnish-Grace
X-Activity-Id
X-Az
X-AppVersion
X-Cached-By
Cache-Status
X-B3-Sampled
X-Content-Options
X-GUploader-UploadID
Refresh
X-F-Cache
X-Oneagent-Js-Injection
X-Geo-Country
Upgrade-Insecure-Requests
X-FastCGI-Cache
X-NWS-LOG-UUID
X-Type
X-IPLB-Instance
Retry-After
X-Varnish-Backend
X-Ruxit-Js-Agent
X-Cache-2
X-Srv
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-App-Environment
X-Tumblr-User
Paypal-Debug-Id
X-Jobs
X-FB-Debug
Host
X-AOL-HN
X-Cluster
X-PHP-Backend
X-B
X-Instance
Accept-Charset
X-Debug-Info
Actual-Object-TTL
X-Framework
DC
X-Request-Guid
X-Page-Id
Source
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
FilterID
Cache
Accept-CH-Lifetime
AR-CACHE
X-TT
AR-PoweredBy
AR-ATIME
X-ATG-Version
Accept-CH
Fastcgi-Useragent
X-Cache-Age
X-Seen-By
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Git-Hash
X-Cache-Key
MS-CV
X-Content-Powered-By
X-PressLabs-Stats
X-Via-JSL
X-TA-CDN-Provider
Ar-Sid
X-B-Cache
X-Signature
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Amz-Replication-Status
Host-Header
X-Cache-TTL
X-Whom
X-Esi
X-Origin-Server
X-Cache-Control
X-Wix-Request-Id
X-Cache-Enabled
X-Response-Served-From
X-Mobile
Xserver
NGB
X-ATS-Timestamp
X-UA
Surrogate-Key
X-RequestSource
X-Daa-Tunnel
X-GeoIP
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Tumblr-Pixel-2
Payment
WPE-Backend
X-Cache-NE
X-Ah-Environment
X-Cacheable-TTL
Cleartype
Frame-Options
X-FW-Hash
Datacenter
Eomportal-Instance
Filters
X-Host-Name
X-FW-Static
X-FW-Serve
X-FW-Server
X-FW-Type
X-Hyper-Cache
X-Adobe-Loc
X-Adobe-Content
X-Handled-By
X-Region
X-TX-ID
X-Drupal-Cache-Tags
Webserver
X-Cache-Action
X-Load-Cache
X-EdgeConnect-Cache-Status
X-Kong-Upstream-Latency
X-Litespeed-Cache
X-Kong-Proxy-Latency
X-Hostname
X-SERVER
X-Akamai-Transformed
AR-Request-ID
X-Cache-Operation
X-Cache-Rule
From-Origin
X-Edge-Location
X-Cache-TTL-Remaining
X-XRDS-LOCATION
X-ProcessESI
X-RemovedCookies
X-NewRelic-App-Data
X-UA-Device-Type
Liferay-Portal
Ms-Operation-Id
X-RTag
X-Varnish-Hostname
X-Cache-Server
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-ORACLE-APMCS-TAG
X-Forwarded-Host
X-ORACLE-APMCS-REQUEST-ID
X-Varnish-Server
X-Rule
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Status
Country
X-Upgrade-Enabled
X-Contextid
X-App-Server
X-UUID
Odigeo-Trace-Id
X-Path-Route
X-BCube-Filmed-By
Load-Balancing
X-RN-RSRV
X-Cache-Var-Map
Meta-Geo
X-Cache-Var
X-ES-SERVER
X-TT-TIMESTAMP
DSUID
X-Debug-Cache
Webcakes-Region
X-From
X-Rocket-Nginx-Bypass
X-CCM
X-EIG-Tracking-Id
Webcakes-App-Name
TWC-GeoIP-Country
X-Origin-Hint
X-VCT
TWC-Locale-Group
Mn-Server-Ip
TWC-Device-Class
X-R9-Blue-Green-Version
TWC-Connection-Speed
Release
Property-Id
TWC-Privacy
TWC-GeoIP-LatLong
DB-Nickname
Webcakes-App-Version
Origin-Edge-Control
Origin-Cache-Control
X-Akamai-Request-ID
Azure-SlotName
Azure-RegionName
Selected-Fe
Azure-InstanceId
Azure-Version
X-Cache-Time
Azure-SiteName
Fastly-SSL
X-Cache-Config
L5d-Success-Class
Cache-Tags
X-Cache-Host
Cache-Name
X-Timing-Wait
X-ServerID
X-Vgn-Hpd-Reason
X-Origin-Response-Time
X-Via-Fastly
X-PCL
X-FW-Dynamic
X-Viewer-Country
X-Hosted-By
X-Pubstack
X-Real-IP
X-OCL
X-TNCMS
X-Origin
X-Human
X-IP
S-Rt
X-Soup
X-Loop
X-Proxy
X-FireWall-Port
X-Redis-Cache
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-Proto
X-Proxy-Build
Uber-Trace-Id
X-Is-Bot
X-Section
X-Xfnlog-Site
X-Accel-Buffering
X-BYPASS-REASON
X-Access
X-Labrador-Cache-Channel
X-Locale
X-JoinUs
X-Cluster-Name
X-ProxyCache-Key
X-Site-Version
X-Rendered-As
X-Format
Viewport
X-Backend-Name
X-Generated
X-Akamai-Request-ID2
X-Www-Served-By
X-Varnish-Hits
Ec-Rule-Version
X-Content-Age
X-ProxyCache-Status
X-Web-Node
Version
X-Goog-Meta-Goog-Reserved-File-Mtime
NGX
Decoy-Debug-TTL
Decoy-Debug-Key
X-Time
Decoy-Debug-Status
X-Time-Microsecs
X-Generated-By
S-Cnection
X-Varnish-Cache-Hits
Server-Info
X-NWS-UUID-VERIFY
X-PHP-Host
X-Cache-Backend
Tracecode
X-ApacheServer
X-Amzn-Remapped-Content-Length
X-PERF
X-Info
X-Storage
X-SaId
X-Origin-TTL
X-Geo
X-Origin-CC
Akamai-GRN
X-WA-Info
X-Nginx-Cache-Key
X-VCache
X-URL
Cteonnt-Length
Rt-Fastcgi-Cache
Time
X-No-Session
X-Presslabs-Stats
X-CF-Powered-By
X-MServer
X-Environment-Context
X-APP-VERSION
X-L-Path
Origin
X-Unique-Id
GEO-INFO
X-App-Version
X-Cache-Remote
X-Backend-TTL
Access-Control-Request-Headers
X-Tb
X-Guploader-Uploadid
Cache-Key
X-RateLimit-Limit
Accept-Language
X-FB-TRIP-ID
X-EC-Lua
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-CDN-Forward
X-GoCache-CacheStatus
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-NCache
X-Hit
Cache-Hits
X-CACHE-KEY
Vix-Hermes-Req-Id
X-RCS-CacheZone
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Trace-Id
OT-Force-Account-Verify
X-Device-Type
Mime-Version
X-TIME
X-B3-Traceid
X-Tumblr-Pixel-3
X-S
X-Source
X-CS
Srv
X-SS-Set-Cookie
X-B3-SpanId
X-Dc
X-Parent-Response-Time
X-OVcl-Cache
X-Endurance-Cache-Level
X-OVcl
Apple-News-Services-Request-Url
Node
Apple-News-Services-Parsed-Url
T-Server
X-Region-Sid
X-Connection-Hash
X-Detected-As
AsisCache
X-Destination
Arc-Country
BehaviorPad-Version
X-D
Apple-News-Services-Handled
X-Vdms-Version
Rendered-Blocks
X-PAYTM-SRV-ID
X-Application
Rt-Proxy-Cache
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-VG-WebCache
X-External-Request-Id
X-G
Meta-Geo-Continent
Xc-Version
X-Processor
X-ARC
X-VG-WebServer
Server-Host
User-Cache-Control
MD5-Digest
Apple-News-Services-Host
X-Request-UUID
X-SRCache-Key
X-Cluster-Node
X-A-Dgt
X-Svr
X-A-Dcw
X-SIPLIST1
X-Session-Fingerprint
X-A
X-A-Ccd
X-A-Dam
X-A-Wwc
X-AIR-PT
X-Vtex-Remote-Cache
X-Transaction
X-B-Cookie
X-Trv-Group
Cross-Origin-Window-Policy
IsBot
X-Accel-Expires-Debug
X-Aed
X-Hl-Ver
X-Service
X-Server-Time
X-DPWN-IS-SECURE
X-Twitter-Response-Tags
X-Rewrite-Enabled
Request-Country
VivaBuild
X-Upstream-Ct
X-Date
Viewtype
X-Upstream-Ht
Mobile-Detection-Method
X-Rojux
X-ScT
Machine
Content-Script-Type
Content-Style-Type
X-S-Cookie
Request-EU
X-Vtex-Processado-Em
Fastcgi-X-Cache-Version
X-Magnolia-Registration
Now
ServerName
ServedBy
X-IN-APIGATEWAYSSL
X-CUA
X-Hash
X-IN-APIGATEWAY
X-Instart-Isnd
X-Level-Front-Cache
X-Core-Value
X-Generated-On
X-Cache-Bucket
X-Webstats-RespID
X-Reboot
X-Location
Mail-Subject
X-Thinkindot-L3
Wxu-Next-Commit
X-Dispatcher-Server
Wxu-Next-Region
Wxu-Next-Hostname
X-Dispatch
We-Hiring
X-ND-Cache
Served-By
X-Via-NSCOPI
X-Matched-Rule
X-CSRF-TOKEN
Server-Int
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Uri
Proxy-Connection
X-Debug-Cache-Fetch
X-Debug-Log
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Debug-Cookies
X-Cache-FS-Status
X-Bip
X-Block-Status
X-C
X-BBXSRF
X-Backend-State
X-Azure-Ref
X-Azure-Ref-OriginShield
X-B3-Parentspanid
X-Cache-Debug
X-Cache-Info
X-Clientip
X-Cms-Context
X-Compress-Hint
X-Clara-WADP
X-CGP
X-Cache-URL
X-Cdn-Srv
X-Core-Mission
X-Ms-Request-Id
X-S-Maxage
X-Rocket-Build-Number
X-Request-URI
X-Scheme
X-WebServer
X-Server-IP
X-SD-PageType
X-Request-Start
X-Reqid
X-Qloud-Router
X-Wikidot-Static-Cache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Release
X-Wikidot-Backend
X-Sigma
X-Sigma-Backend
X-User
X-Up
X-VServer
X-Variation
X-VG-TLSProxy
X-VC-Cache
X-WADP-Cache
X-TrackingId
X-Skip-Cache
X-We-Are-Hiring
X-Sucuri-Cache
X-SVT-ORM-RULES
X-Thanos
X-SVT-ORM-VERSION
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Has-Esi
X-GeoIP-City
X-Geo-Header
X-Hnp-Log
X-Irp-Debug
X-JWT-State
X-Is-Gdpr
X-Generation-Time
X-Gen-Mode
X-Distributor
X-Distil-CS
X-Epic-Correlation-Id
X-Eu-Site
X-FW-Version
X-Fastly-Cache
X-Key
X-Li-Fabric
X-Owner
X-Origin-Expires
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Platform-Server
X-Planisys-CDN-TTL
X-Origin-Date
X-Old-Content-Length
X-LI-UUID
X-Li-Pop
X-Logging-Id
X-Method
X-NX-Host
X-Ms-Version
X-Developers
X-Auto-Login
RNT-Time
RNT-Machine
Ha-Gx-Prefs
SD-X-WS
Section-Io-Cache
Countrycode
Magicmarker
Fastly-Soc-X-Request-Id
Pramga
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Memcached
PFcat
L
X-App-Name
Platform
Is-Eu
Esi-Enabled
X-Agile
Cache-Host
CDCHOST
AKAMAI
X-Agile-Age
X-Amz-Meta-Cache-Control
Adler-Geo
X-Agile-Id
IBM-Web2-Location
X-Varnish-Beresp-Grace
Heartbleed
Content-Disposition
W
HA-Ipaddr
Gh-Request-Id
Web-Mar-Node
X-SRV
Cache-Provider
NtCoent-Length
X-Swa-Ws
Kp-EeAlive
X-LI-Proto
Powered-By-ChinaCache
Server-ID
X-Cache-Id
X-Internal-Host
X-Trafficlayer-App-Version
X-Cache-Grace
X-Generated-In
X-Policy
X-NC
X-B3-Spanid
X-Nc
X-NodeID
Cdnsip
Cdncip
Locale
True-Client-Country-4JS
V-Age
X-Newrelic-Synthetics
X-Urbn-Site-Id
X-Urbn-Context-Path
X-AK-Request-ID
X-ServiceProvider
Environment
X-Via-CDN
X-MSEdge-Flight
CF-IPCountry
Locid
X-Servername
X-HTML-Minification-Powered-By
X-MSEdge-Features
X-Served-From
X-Req
X-Lb-Id
X-Gamma-Serve
GEO-REGION-INFO
FNAC-ModuleRouting
X-IPS-LoggedIn
X-Cdn-Forward
X-Sucuri-Id
X-GRACE
X-CLOUD-TRACE-CONTEXT
X-FPC
X-Refresh
X-Be
Hostname
X-Nginx-Cache
X-UnsetCookies
Geo-Info
X-Render-Time
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
ProcessTime
X-VHOST
X-MP-GENERATED-AT
X-Mode
X-NU-AKA-ACS-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Zone
A
X-Servedbyhost
Tcn
X-GeoIP-Country-Code
X-Microcachable
X-Developer
X-Sucuri-ID
X-Webkit-CSP
X-Edge-O15-RID
X-Cdn-Origin
X-Sn-Servicetimems
X-Device-Os
X-Pjax-Url
Memory
X-Zipkin-Id
X-VWS-Id
X-Node-Id
X-AWS-Id
X-LJ-Flow-ID
X-Routing-Service
X-Proxied
X-Pf-Uncompressing
X-Ratelimit-Remaining
X-FORWARDED-FOR
X-DC
TTL
X-COUNTRY
Request-Time
Gannett-Cam-Experience-Id
X-CSRF-Token
Resin-Trace
X-Correlation-ID
Geoip-Latitude
X-VCL-Version
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
GeoIp-Country-Code
Amp-Access-Control-Allow-Source-Origin
PICS-Label
X-ZONE
CF-Cached-On
X-Bc
GeoIP-Country-Code
X-Request-Time
GeoIP-Latitude
M-TraceId
X-Pod
Pics-Label
X-Ratelimit-Limit
HostName
Cf-Ipcountry
X-Swift-Error
GeoIP-City
X-Cdn-Request-ID
X-Via-Edge
X-Via-SSL
Cdn
X-Vcl-Version
Group
X-Unique-ID
Ttl
X-TH-Server
X-Instart-Info
X-ECACHE
X-NODE
X-ElasticPress-Search
XServer
Host-ID
Geoip-City
X-BC
MIME-Version
Ohc-File-Size
X-Backend-Host
X-NGINX-Cache
X-Backend-Url
Ohc-Cache-HIT
X-Var-Ttl
HitType
X-APP
X-Check-Cacheable
Powered-By
Backend-Name
X-PF-Uncompressing
X-UPSTREAM-Address
X-Oracle-Dms-Rid
X-Fastly-Country-Code
Media-Length
REQUESTUUID
Lfy
X-NGENIX-Cache
N-Cache
URI
Pagetype
X-PJAX-URL
On-Server
Cache-Prefix
X-ServedByHost
Fly-Cache
Fly-Request-Id
X-HS-Status
X-Fstrz
X-Tt-Trace-Tag
User-Agent
X-HostName
SRV
X-Hp-Ccpa-Warning
FSS-Cache
FSS-Proxy
X-Tt-Trace-Host
X-Cache-Tag
X-Dynatrace
X-Via-Ucdn
X-Aicache-OS
X-WR-MODIFICATION
X-Worker
X-LiteSpeed-Cache-Control
X-BE
X-WA
X-Sedo-Request-Id
X-Fetched-On
X-Cache-Miss-From
Pragrma
Who
UCS
CDN
X-NYM-Debug-Backend
AR-SID
X-Server-W
X-Cache-Tags
Server-Surrogate-Control
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Varnish-Cacheable
X-Varnish-URL
X-Rebelmouse-Surrogate-Control
X-GEO
Fastly-SIE
X-LB-ID
Processtime
Fastly-SWR
Server-Cache-Control
X-Rebelmouse-Cache-Control
X-LAGOON
X-Fpc
X-Wa
X-Cf-Powered-By
X-Fastly-Backend-Reqs
Country-Code
X-ServerName
X-Store
Fastly-Backend-Name
X-Upstream-CT
Debug
Filterid
Location
X-Upstream-HT
X-Ftr-Cache-Host
X-Ua
X-Varnish-Beresp-TTL
X-Response-By
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-TT-LOGID
X-Protected-By
Product
X-Dw-Trace-Id
X-GDPR
Application
X-Apw-Access-Action
X-Apw-Access-Object
Ohc-Response-Time
RequestId
Lb
X-Request-Url
X-Apw-Access-Token
X-Apw-Hits
X-Amzn-Remapped-Date
NnCoection
X-Fastly-Cache-Hits
X-Li-Proto
Server-Id
Cneonction
XxX-Cache-Status
X-Gen-Id
X-Nananana
X-SB
Thinkindot-Cache-Type
SID
WP-Super-Cache
Xet-Cookie
X-VC
X-Amzn-Remapped-Connection