Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
X-Powered-By
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Request-ID
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
CF-Ray
X-Turbo-Charged-By
X-AH-Environment
X-Ua-Compatible
X-Age
X-Cache-Group
X-Pass-Why
X-Via
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Hacker
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Feature-Policy
Server-Timing
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Device
X-Rq
X-WebKit-CSP
Report-To
X-Ws-Request-Id
EagleEye-TraceId
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
X-Cnection
Request-Id
X-Backend-Server
Content-Location
X-Origin-Cache
X-DataDome
X-Node
NEL
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Readtime
X-Cloud-Trace-Context
X-Vhost
P3p
X-HW
X-Dispatcher
X-ORACLE-DMS-ECID
X-Application-Context
X-ORACLE-DMS-RID
X-Cdn
Allow
Surrogate-Control
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
Rating
X-Country
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Edge-Control
X-Instart-Request-ID
X-PC
X-Vname
X-TtlSet
Pinterest-Generated-By
X-Ruxit-JS-Agent
X-Varnish-TTL
X-Mod-Pagespeed
X-Url
X-B3-TraceId
X-MS-InvokeApp
Verso
X-TTL
SPRequestGuid
Accept-Ch
X-Powered-By-Plesk
X-D2id
X-Trace
X-ESI
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
Content-MD5
Service-Worker-Allowed
X-SharePointHealthScore
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Middleton-Response
X-Sol
X-Cdn-Fetch
X-Use-Magma
Response
Pagespeed
X-Kinja-Server
RTSS
X-Middleton-Display
Display
X-Vcache
X-Navigation-Version
X-Abt-Application-Version
SPRequestDuration
SPIisLatency
X-Powered-CMS
X-Debug
X-Forwarded-Proto
Accept-Ch-Lifetime
X-Upstream
X-Cached
X-Amz-Server-Side-Encryption
Public-Key-Pins
X-Vcap-Request-Id
Charset
X-CST
DynaTrace
X-Version
MS-Author-Via
X-NF-Request-ID
X-Amz-Rid
Realpath
Edge-Cache-Tag
X-Px
X-DynaTrace-JS-Agent
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-Shard
TCN
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-TEC-API-ORIGIN
X-Shield-Request-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Ezoic-Cdn
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
Access-Control-Request-Method
X-Accel-Expires
S
Pinterest-Version
X-Pinterest-Rid
X-Ser
X-DIS-Request-ID
Fastly-Restarts
X-Client-IP
X-Webapp-Samesite-None-Activated-N
Front-End-Https
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Recruiting
X-T
X-Varnish-Age
X-Element-Page-Cache
Cache-Tag
X-Goog-Storage-Class
X-Amzn-Trace-Id
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-Server-ID
X-Dw-Request-Base-Id
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-FTR-Expires
X-Fastcgi-Cache
Nginx-Cache
Fastcgi-Cache
X-Content-Digest
X-HS-Hub-Id
X-Frontend
X-HS-Content-Id
X-HS-Cache-Config
Powered
NR-ENABLED
X-Hits
X-Correlation-Id
X-Hp-Webp
Alternate-Protocol
X-Kinsta-Cache
X-FTR-Cache-Host
X-Aspnetmvc-Version
X-Webkit-Csp
X-Content-Type
X-Request-Processing-Time
X-Request-Received
Server-Name
X-RateLimit-Remaining
X-HS-Combine-CSS
ServerID
X-Microsite
X-Request-Handler-Origin-Region
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
TP-Cache
TP-L2-Cache
X-Cache-Hit
X-N
X-Rid
X-Akamai-Edgescape
Healthy
X-Forwarded-For
X-User-Agent
X-Grace
X-Analytics
Backend-Timing
X-Revision
X-Content-Security-Policy-Report-Only
X-Pad
X-Node-Name
X-Logged-In
X-Mobile-URL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Zen-Fury
AMP-Access-Control-Allow-Source-Origin
X-LB-Cache
X-Varnish-Grace
X-Ttl
Server-Node
X-Oneagent-Js-Injection
X-Cached-By
Accept-CH-Lifetime
X-Activity-Id
Accept-CH
X-AppVersion
X-Az
Cache-Status
X-B3-Sampled
X-Content-Options
X-F-Cache
Refresh
X-Geo-Country
X-GUploader-UploadID
Upgrade-Insecure-Requests
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
X-Type
X-IPLB-Instance
X-Varnish-Backend
Retry-After
FilterID
X-Cache-2
X-App-Environment
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Jobs
X-Srv
X-FB-Debug
Host
X-PHP-Backend
X-Page-Id
X-Request-Guid
Paypal-Debug-Id
Actual-Object-TTL
Accept-Charset
X-AOL-HN
X-B
X-Debug-Info
DC
X-Framework
X-Instance
X-Cluster
Source
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-TT
X-ATG-Version
Cache
AR-ATIME
AR-CACHE
AR-PoweredBy
Fastcgi-Useragent
X-Cache-Age
X-Seen-By
X-FastCGI-Cache
X-Git-Hash
X-Erf-Bev-Bev
MS-CV
X-Cache-Key
X-Erf-Bev-Bev-Is-Generated
X-Content-Powered-By
Host-Header
X-B-Cache
X-Signature
X-PressLabs-Stats
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Amz-Replication-Status
X-Via-JSL
Ar-Sid
Xserver
X-TA-CDN-Provider
X-Cache-TTL
X-ATS-Timestamp
X-Origin-Server
X-Whom
X-Cache-Enabled
X-Cache-Control
X-Response-Served-From
NGB
X-Mobile
X-Wix-Request-Id
X-Daa-Tunnel
X-RequestSource
X-UA
Surrogate-Key
X-Tumblr-Pixel-2
Cache-Tv-Group
X-GeoIP
X-Tumblr-Pixel-1
X-FW-Hash
Filters
Eomportal-Instance
X-Hyper-Cache
X-Cache-NE
X-FW-Type
X-FW-Static
X-Cacheable-TTL
WPE-Backend
Payment
Cleartype
Frame-Options
Datacenter
X-FW-Serve
X-FW-Server
X-Adobe-Content
X-Adobe-Loc
X-Host-Name
X-Litespeed-Cache
X-SERVER
X-Region
X-TX-ID
X-Handled-By
X-Drupal-Cache-Tags
X-Cache-Action
Webserver
X-Esi
X-Load-Cache
X-Kong-Proxy-Latency
X-XRDS-LOCATION
X-Kong-Upstream-Latency
X-EdgeConnect-Cache-Status
X-Hostname
X-Akamai-Transformed
X-Edge-Location
X-Cache-Operation
X-Cache-Rule
From-Origin
X-NewRelic-App-Data
AR-Request-ID
X-RemovedCookies
X-Cache-TTL-Remaining
X-ProcessESI
Liferay-Portal
X-UA-Device-Type
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Ms-Operation-Id
X-Varnish-Hostname
X-RTag
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Cache-Server
X-Oss-Object-Type
X-Oss-Request-Id
X-Varnish-Server
X-Forwarded-Host
X-Rule
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Status
Country
X-Upgrade-Enabled
Odigeo-Trace-Id
X-Contextid
X-UUID
X-App-Server
X-Path-Route
X-RN-RSRV
X-Cache-Var-Map
X-Cache-Var
Meta-Geo
Load-Balancing
X-ES-SERVER
X-From
DSUID
X-BCube-Filmed-By
X-VCT
X-TT-TIMESTAMP
X-R9-Blue-Green-Version
Webcakes-Region
X-EIG-Tracking-Id
TWC-Locale-Group
X-Debug-Cache
Webcakes-App-Name
TWC-GeoIP-LatLong
X-Rocket-Nginx-Bypass
TWC-Privacy
Webcakes-App-Version
Property-Id
TWC-GeoIP-Country
X-Origin-Hint
Mn-Server-Ip
Release
DB-Nickname
TWC-Device-Class
X-CCM
TWC-Connection-Speed
Cache-Tags
L5d-Success-Class
Fastly-SSL
Azure-Version
Uber-Trace-Id
Selected-Fe
S-Rt
Cache-Name
Origin-Cache-Control
X-Via-Fastly
X-Loop
X-Cache-Host
X-OCL
X-Real-IP
X-Cache-Config
X-Origin
X-IP
X-Human
X-Cache-Time
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-FireWall-Port
X-Hosted-By
X-FW-Dynamic
X-Origin-Response-Time
X-BYPASS-REASON
X-Akamai-Request-ID
X-Viewer-Country
X-Vgn-Hpd-Reason
X-TNCMS
X-Soup
X-Timing-Wait
Azure-SlotName
X-Pubstack
X-Proto
X-PCL
X-Proxy
X-Proxy-Build
X-ProxyCache-Status
X-ProxyCache-Key
X-ServerID
Origin-Edge-Control
X-Accel-Buffering
X-Redis-Cache
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-Format
X-Labrador-Cache-Channel
X-Cluster-Name
X-Varnish-Hits
X-Generated
Viewport
X-Locale
X-Rendered-As
X-Content-Age
X-Backend-Name
X-Section
X-Site-Version
X-Access
X-Www-Served-By
X-JoinUs
X-Is-Bot
Version
Ec-Rule-Version
X-Xfnlog-Site
X-Akamai-Request-ID2
Decoy-Debug-Status
Decoy-Debug-TTL
X-Generated-By
Decoy-Debug-Key
X-Web-Node
NGX
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PHP-Host
Server-Info
X-Varnish-Cache-Hits
X-Time-Microsecs
X-Cache-Backend
S-Cnection
X-NWS-UUID-VERIFY
X-SaId
X-Amzn-Remapped-Content-Length
X-ApacheServer
X-PERF
Akamai-GRN
X-Info
X-Storage
X-URL
Tracecode
X-Origin-CC
X-Geo
X-Origin-TTL
X-Nginx-Cache-Key
X-WA-Info
X-Time
X-Presslabs-Stats
Rt-Fastcgi-Cache
Cteonnt-Length
X-App-Version
X-MServer
X-CF-Powered-By
GEO-INFO
X-No-Session
Time
X-Guploader-Uploadid
X-L-Path
X-Environment-Context
X-Cache-Remote
Origin
X-Unique-Id
X-TIME
X-Tb
Access-Control-Request-Headers
X-APP-VERSION
Accept-Language
X-FB-TRIP-ID
Cache-Key
X-Say-Cacheable
X-Say-TTL
X-CACHE-KEY
X-SayCDN-TTL
X-EC-Lua
X-RateLimit-Limit
X-RCS-CacheZone
X-GoCache-CacheStatus
X-NCache
X-Backend-TTL
X-Shopify-Stage
Cache-Hits
Vix-Hermes-Req-Id
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Generated-Cart-Token
X-Alternate-Cache-Key
X-Hit
X-ShardId
Mime-Version
X-ShopId
X-Source
X-B3-Traceid
OT-Force-Account-Verify
X-Trace-Id
X-Dc
X-VCache
X-B3-SpanId
X-Device-Type
X-CDN-Forward
X-Upstream-Ht
X-Upstream-Ct
X-CS
X-Tumblr-Pixel-3
X-S
X-Endurance-Cache-Level
Content-Script-Type
Content-Style-Type
BehaviorPad-Version
Apple-News-Services-Host
Arc-Country
AsisCache
Request-EU
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Request-Country
Machine
MD5-Digest
Meta-Geo-Continent
X-Magnolia-Registration
IsBot
Node
Fastcgi-X-Cache-Version
Apple-News-Services-Handled
Mobile-Detection-Method
Rendered-Blocks
Cross-Origin-Window-Policy
X-CF-Lambda-Version
X-S-Cookie
X-Rojux
X-ScT
X-Server-Time
X-Service
X-Rewrite-Enabled
X-Request-UUID
X-ND-Cache
X-PAYTM-SRV-ID
X-Processor
X-Region-Sid
X-Session-Fingerprint
X-SIPLIST1
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Twitter-Response-Tags
X-SRCache-Key
X-Svr
X-Transaction
X-Trv-Group
X-Hl-Ver
X-G
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-A-Ccd
X-A
Server-Host
T-Server
Viewtype
VivaBuild
X-AIR-PT
X-Application
X-Destination
X-Detected-As
X-DPWN-IS-SECURE
X-External-Request-Id
X-Date
X-D
X-ARC
X-B-Cookie
X-CF-Lambda-Fn
X-Connection-Hash
Rt-Proxy-Cache
X-Aed
X-OVcl
User-Cache-Control
X-OVcl-Cache
X-Ah-Environment
X-Parent-Response-Time
Now
X-SS-Set-Cookie
X-Cluster-Node
ServerName
ServedBy
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Int
Wxu-Next-Commit
Wxu-Next-Hostname
We-Hiring
X-Webstats-RespID
Mail-Subject
Wxu-Next-Region
X-Dispatch
X-Dispatcher-Server
Srv
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Generated-On
X-Instart-Isnd
X-Level-Front-Cache
X-CUA
Served-By
X-Matched-Rule
X-Location
X-Hash
X-Reboot
X-Cache-Bucket
X-Core-Value
X-Thinkindot-L3
X-Tec-Api-Root
X-Via-NSCOPI
X-Tec-Api-Version
X-Tec-Api-Origin
Proxy-Connection
X-SRV
NtCoent-Length
X-CSRF-TOKEN
X-Block-Status
X-Fastly-Cache
X-Wikidot-Backend
X-Eu-Site
X-C
X-Wikidot-Static-Cache
X-Epic-Correlation-Id
X-FW-Version
X-Gen-Mode
X-Core-Mission
X-Backend-State
X-Generation-Time
X-BBXSRF
X-Compress-Hint
X-Bip
X-Debug-Cache-Expiry
X-RateLimit-Limit-Second
X-Debug-Cache-Fetch
X-RateLimit-Remaining-Second
X-Cdn-Srv
X-Cache-URL
X-CGP
X-Debug-Log
X-Debug-Cache-Store
X-Debug-Cookies
X-Cache-Info
X-Developers
X-Cache-Debug
X-Distil-CS
X-Distributor
X-Cache-FS-Status
X-Cms-Context
X-Clara-WADP
X-Clientip
X-Geo-Header
X-JWT-State
X-Sigma-Backend
X-Sigma
X-Skip-Cache
X-Sucuri-Cache
X-SVT-ORM-RULES
X-Server-IP
X-SD-PageType
X-Request-URI
X-Request-Start
X-Rocket-Build-Number
X-S-Maxage
X-Scheme
X-SVT-ORM-VERSION
X-Thanos
X-Variation
X-We-Are-Hiring
X-VC-Cache
X-VG-TLSProxy
X-VServer
X-User
X-Uri
X-TrackingId
Powered-By-ChinaCache
X-Up
X-WebServer
X-Reqid
X-Release
X-LI-UUID
X-Li-Pop
X-Logging-Id
X-Method
X-Ms-Request-Id
X-B3-Parentspanid
X-Li-Fabric
X-Hnp-Log
X-Has-Esi
X-Irp-Debug
X-WADP-Cache
X-Key
X-Ms-Version
X-NX-Host
X-Platform-Server
X-Planisys-CDN-TTL
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Qloud-Router
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Old-Content-Length
X-Origin-Date
X-Origin-Expires
X-Owner
X-GeoIP-City
X-Is-Gdpr
PFcat
Platform
Memcached
Magicmarker
L
Pramga
RNT-Machine
Server-ID
W
Section-Io-Cache
SD-X-WS
RNT-Time
Is-Eu
IBM-Web2-Location
Content-Disposition
Countrycode
CDCHOST
Cache-Host
AKAMAI
Esi-Enabled
Fastly-Soc-X-Request-Id
Heartbleed
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Web-Mar-Node
Adler-Geo
X-Auto-Login
X-Agile-Id
X-Agile-Age
X-Agile
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Amz-Meta-Cache-Control
X-App-Name
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Nc
X-Varnish-Beresp-Grace
X-Trafficlayer-App-Version
X-Cache-Id
Kp-EeAlive
X-Policy
X-Swa-Ws
X-LI-Proto
X-Internal-Host
X-Generated-In
Cache-Provider
Environment
X-Cache-Grace
X-Cdn-Forward
X-Req
X-Urbn-Context-Path
X-ServiceProvider
X-Urbn-Site-Id
Locid
Locale
X-Served-From
Cdnsip
Cdncip
X-HTML-Minification-Powered-By
True-Client-Country-4JS
V-Age
X-NodeID
X-AK-Request-ID
X-Via-CDN
X-NC
X-B3-Spanid
X-Gamma-Serve
X-MSEdge-Features
X-Servername
X-MSEdge-Flight
FNAC-ModuleRouting
X-GRACE
X-IPS-LoggedIn
X-Newrelic-Synthetics
GEO-REGION-INFO
X-CLOUD-TRACE-CONTEXT
X-Lb-Id
X-Be
X-Sucuri-Id
X-Refresh
CF-IPCountry
X-Render-Time
X-FPC
X-Zone
X-Edge-O15-RID
ProcessTime
X-Nginx-Cache
Hostname
X-7Graus-Varnish-XKeys
X-Tb-Optimization-Total-Bytes-Saved
X-MP-GENERATED-AT
X-UnsetCookies
X-VHOST
X-7Graus-Varnish-Cache-Control
X-NU-AKA-ACS-Version
X-Mode
X-GeoIP-Country-Code
Geo-Info
Tcn
X-Sucuri-ID
X-Webkit-CSP
X-Microcachable
X-Developer
X-Pjax-Url
A
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Routing-Service
X-Zipkin-Id
X-Device-Os
X-Proxied
X-Sn-Servicetimems
X-Cdn-Origin
X-Servedbyhost
X-Ratelimit-Remaining
X-FORWARDED-FOR
X-Node-Id
X-Pf-Uncompressing
TTL
X-Bc
X-COUNTRY
Gannett-Cam-Experience-Id
X-CSRF-Token
Memory
X-Correlation-ID
Cf-Ipcountry
Cache-Cookie-Set-From
X-DC
Amp-Access-Control-Allow-Source-Origin
GeoIp-Country-Code
Request-Time
Resin-Trace
Cache-Cookie-Set-Idcheck
Geoip-Latitude
Cache-Cookie-Set-Lfrom
X-Ratelimit-Limit
CF-Cached-On
Pics-Label
X-Request-Time
PICS-Label
X-Vcl-Version
X-Pod
HostName
GeoIP-Latitude
GeoIP-Country-Code
X-Cdn-Request-ID
M-TraceId
X-Via-Edge
GeoIP-City
X-VCL-Version
Cdn
X-Via-SSL
X-Unique-ID
X-TH-Server
X-ZONE
Host-ID
X-NODE
Group
X-NGINX-Cache
Ttl
X-ECACHE
X-ElasticPress-Search
X-Instart-Info
Geoip-City
X-Swift-Error
X-Backend-Host
Powered-By
MIME-Version
Ohc-File-Size
Ohc-Cache-HIT
X-Backend-Url
X-APP
X-Var-Ttl
X-PF-Uncompressing
HitType
XServer
X-UPSTREAM-Address
URI
X-Check-Cacheable
X-BC
SRV
Backend-Name
X-Fastly-Country-Code
Media-Length
X-ServedByHost
Lfy
User-Agent
On-Server
N-Cache
Pagetype
REQUESTUUID
X-HS-Status
X-Hp-Ccpa-Warning
X-HostName
X-NGENIX-Cache
X-Varnish-Ttl
X-Fstrz
X-WR-MODIFICATION
X-Cache-Tag
Fly-Request-Id
FSS-Proxy
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Aicache-OS
Cache-Prefix
FSS-Cache
Fly-Cache
X-PJAX-URL
X-LiteSpeed-Cache-Control
X-Via-Ucdn
Who
X-Worker
X-NYM-Debug-Backend
X-WA
UCS
AR-SID
X-Cache-Miss-From
X-Fetched-On
X-BE
CDN
X-Sedo-Request-Id
X-Cache-Tags
Pragrma
X-Varnish-Cacheable
X-Varnish-Authentication
X-Varnish-URL
Server-Cache-Control
X-LB-ID
X-LAGOON
Server-Surrogate-Control
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Fpc
Processtime
X-GEO
X-Server-W
X-Cf-Powered-By
Fastly-SIE
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Country-Code
Location
Fastly-Backend-Name
X-Store
Fastly-SWR
Debug
X-ServerName
X-Wa
X-Fastly-Backend-Reqs
X-Ftr-Cache-Host
X-Ua
X-Response-By
X-Protected-By
X-Akamai-ERRuleID
X-Varnish-Beresp-TTL
X-Akamai-ERPolicy
X-Upstream-HT
X-BACKEND-TTL
X-Upstream-CT
Product
Application
X-TT-LOGID
X-Apw-Access-Token
Ohc-Response-Time
RequestId
LB
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
X-VC
X-Amzn-Remapped-Date
X-Li-Proto
X-Dw-Trace-Id
XxX-Cache-Status
X-Amzn-Remapped-Connection
NnCoection
X-Nananana
Cneonction
X-Request-Url
Xet-Cookie
WP-Super-Cache
Thinkindot-Cache-Type
X-SB
SID
X-Gen-Id
X-Fastly-Cache-Hits