Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
CF-Ray
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
X-Turbo-Charged-By
X-AH-Environment
X-Age
X-Cache-Group
X-Via
X-Pass-Why
X-Backend
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
X-Nginx-Cache-Status
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Device
X-WebKit-CSP
X-Rq
Report-To
X-Ws-Request-Id
EagleEye-TraceId
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
Request-Id
X-Backend-Server
X-Cnection
Content-Location
X-DataDome
X-Origin-Cache
X-Node
NEL
X-Cache-Lookup
X-Readtime
X-Dns-Prefetch-Control
X-Cdn
X-Cloud-Trace-Context
X-Vhost
X-HW
X-ORACLE-DMS-ECID
X-Dispatcher
X-Application-Context
X-ORACLE-DMS-RID
P3p
Allow
Surrogate-Control
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
Rating
X-Country
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
X-Ruxit-JS-Agent
Pinterest-Generated-By
Edge-Control
X-Instart-Request-ID
X-PC
X-TtlSet
X-Vname
X-B3-TraceId
X-Mod-Pagespeed
X-Url
X-MS-InvokeApp
Verso
Accept-Ch
SPRequestGuid
X-Powered-By-Plesk
X-TTL
X-D2id
X-Trace
X-VARITI-CCR
X-Server-Name
X-GitHub-Request-Id
Service-Worker-Allowed
Content-MD5
X-SharePointHealthScore
X-ESI
X-Sol
X-Middleton-Response
Pagespeed
Response
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
RTSS
Display
X-Middleton-Display
X-Navigation-Version
X-Vcache
SPRequestDuration
SPIisLatency
X-Abt-Application-Version
X-Powered-CMS
X-Debug
Accept-Ch-Lifetime
X-Forwarded-Proto
X-Upstream
X-Cached
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
Charset
X-Version
DynaTrace
X-CST
MS-Author-Via
X-NF-Request-ID
X-Amz-Rid
Edge-Cache-Tag
Realpath
X-Px
X-DynaTrace-JS-Agent
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Shard
TCN
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Shield-Request-Id
X-Ezoic-Cdn
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
Access-Control-Request-Method
Pinterest-Version
X-Pinterest-Rid
S
X-Ser
X-Accel-Expires
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-DIS-Request-ID
Fastly-Restarts
X-Client-IP
X-XRDS-Location
Front-End-Https
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Webapp-Samesite-None-Activated-N
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-T
X-Id
X-Element-Page-Cache
X-Varnish-Age
X-Goog-Storage-Class
Cache-Tag
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-Mrf-Section-Lastmod
MRF-Tech
X-FTR-Expires
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
Nginx-Cache
X-Server-ID
Fastcgi-Cache
X-Content-Digest
X-HS-Content-Id
X-Frontend
X-HS-Cache-Config
X-HS-Hub-Id
NR-ENABLED
Powered
X-Fastcgi-Cache
X-Hits
X-Correlation-Id
X-Hp-Webp
Alternate-Protocol
X-Kinsta-Cache
X-FTR-Cache-Host
X-Content-Type
X-Request-Processing-Time
X-Request-Received
Server-Name
X-RateLimit-Remaining
ServerID
X-Aspnetmvc-Version
X-HS-Combine-CSS
X-Microsite
X-Request-Handler-Origin-Region
PB-RID
X-Webkit-Csp
PB-PID
X-Mobile-Rewrite
TP-L2-Cache
X-Grace
X-N
TP-Cache
Arc-Version
X-Cache-Hit
X-Rid
X-Ttl
X-Akamai-Edgescape
Healthy
X-Pad
X-User-Agent
X-Analytics
X-Revision
Backend-Timing
X-Node-Name
X-Content-Security-Policy-Report-Only
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-Mobile-URL
X-Amzn-RequestId
X-Zen-Fury
X-Amz-Apigw-Id
X-Forwarded-For
X-LB-Cache
Server-Node
X-Varnish-Grace
X-Az
X-AppVersion
X-Activity-Id
X-Cached-By
X-B3-Sampled
Cache-Status
X-GUploader-UploadID
X-Content-Options
Refresh
X-Oneagent-Js-Injection
X-F-Cache
X-Geo-Country
Accept-CH-Lifetime
Accept-CH
X-FastCGI-Cache
Upgrade-Insecure-Requests
X-NWS-LOG-UUID
X-IPLB-Instance
X-Type
Retry-After
FilterID
X-Varnish-Backend
X-Ruxit-Js-Agent
X-Cache-2
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-FB-Debug
X-Jobs
Paypal-Debug-Id
Host
X-Debug-Info
X-Framework
X-Instance
X-Page-Id
X-Request-Guid
X-PHP-Backend
Accept-Charset
X-AOL-HN
Actual-Object-TTL
DC
X-Cluster
X-App-Environment
X-B
Source
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-Srv
Cache
AR-ATIME
AR-CACHE
X-TT
X-ATG-Version
AR-PoweredBy
Fastcgi-Useragent
X-Cache-Age
X-Seen-By
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Cache-Key
X-Git-Hash
MS-CV
X-Content-Powered-By
X-PressLabs-Stats
X-Via-JSL
X-TA-CDN-Provider
X-Signature
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-B-Cache
X-Cache-TTL
X-Amz-Replication-Status
Host-Header
X-Whom
Ar-Sid
X-Esi
X-Origin-Server
X-Cache-Control
X-Wix-Request-Id
X-Cache-Enabled
X-Response-Served-From
NGB
X-Mobile
Surrogate-Key
X-UA
X-ATS-Timestamp
X-RequestSource
X-Daa-Tunnel
Cache-Tv-Group
X-Tumblr-Pixel-1
X-GeoIP
X-Tumblr-Pixel-2
X-FW-Server
X-FW-Type
X-FW-Serve
X-FW-Static
X-Cacheable-TTL
WPE-Backend
X-Cache-NE
Payment
X-Hyper-Cache
Filters
X-FW-Hash
X-Host-Name
Eomportal-Instance
Cleartype
Frame-Options
Datacenter
X-Adobe-Loc
Xserver
X-Adobe-Content
X-TX-ID
X-Region
X-Handled-By
X-Cache-Action
X-Drupal-Cache-Tags
X-Load-Cache
Webserver
X-EdgeConnect-Cache-Status
X-Litespeed-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Hostname
X-SERVER
X-Akamai-Transformed
X-Cache-Rule
AR-Request-ID
X-Cache-Operation
From-Origin
X-Cache-TTL-Remaining
X-Edge-Location
X-XRDS-LOCATION
X-RemovedCookies
X-ProcessESI
X-NewRelic-App-Data
Liferay-Portal
X-UA-Device-Type
X-RTag
Ms-Operation-Id
X-Cache-Server
X-Varnish-Hostname
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-ORACLE-APMCS-TAG
X-Forwarded-Host
X-ORACLE-APMCS-REQUEST-ID
X-Varnish-Server
X-Rule
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Status
Country
X-Upgrade-Enabled
X-Contextid
X-App-Server
X-UUID
Odigeo-Trace-Id
Meta-Geo
X-ES-SERVER
X-BCube-Filmed-By
X-RN-RSRV
X-Cache-Var-Map
Load-Balancing
X-Cache-Var
X-Path-Route
DSUID
X-TT-TIMESTAMP
X-Rocket-Nginx-Bypass
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
X-VCT
DB-Nickname
X-R9-Blue-Green-Version
Webcakes-App-Name
Webcakes-App-Version
Release
TWC-Connection-Speed
X-EIG-Tracking-Id
X-CCM
X-Origin-Hint
X-Debug-Cache
Property-Id
X-From
Mn-Server-Ip
Webcakes-Region
TWC-Device-Class
TWC-GeoIP-LatLong
Azure-Version
S-Rt
Origin-Edge-Control
L5d-Success-Class
Cache-Tags
Fastly-SSL
Cache-Name
Selected-Fe
X-Akamai-Request-ID
X-IP
X-Vgn-Hpd-Reason
X-Via-Fastly
X-Hosted-By
X-Viewer-Country
Azure-SlotName
X-TNCMS
X-Timing-Wait
X-Human
X-Real-IP
X-ServerID
X-Soup
X-Pubstack
X-FW-Dynamic
X-Proxy-Build
X-Origin-Response-Time
X-Loop
X-Cache-Time
X-Cache-Host
X-Cache-Config
X-Drupal-Cache-Contexts
X-PCL
X-FireWall-Port
X-Proxy
X-FC-Vary-Parameters
X-Origin
X-Proto
X-OCL
Origin-Cache-Control
X-Redis-Cache
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-ProxyCache-Status
X-Access
X-Akamai-Request-ID2
X-Xfnlog-Site
Viewport
X-Section
X-Rendered-As
X-Backend-Name
X-JoinUs
X-ProxyCache-Key
X-Format
X-Generated
X-Locale
X-Is-Bot
Uber-Trace-Id
X-BYPASS-REASON
X-Cluster-Name
X-Site-Version
X-Content-Age
X-Labrador-Cache-Channel
X-Www-Served-By
Ec-Rule-Version
X-Accel-Buffering
X-Varnish-Hits
X-Web-Node
NGX
X-Goog-Meta-Goog-Reserved-File-Mtime
Version
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
S-Cnection
X-Time-Microsecs
X-Varnish-Cache-Hits
X-Generated-By
Server-Info
X-Cache-Backend
X-NWS-UUID-VERIFY
X-PHP-Host
Tracecode
X-Amzn-Remapped-Content-Length
X-PERF
X-ApacheServer
X-Info
X-SaId
X-Storage
X-Time
X-Origin-CC
X-Origin-TTL
X-Geo
Akamai-GRN
X-WA-Info
X-Nginx-Cache-Key
Cteonnt-Length
X-URL
Rt-Fastcgi-Cache
X-VCache
Time
X-CF-Powered-By
X-Presslabs-Stats
X-MServer
X-No-Session
Origin
X-Unique-Id
X-APP-VERSION
X-L-Path
X-Environment-Context
X-Cache-Remote
X-App-Version
GEO-INFO
X-Guploader-Uploadid
Access-Control-Request-Headers
X-Backend-TTL
Cache-Key
X-Tb
Accept-Language
X-FB-TRIP-ID
X-RateLimit-Limit
X-EC-Lua
X-TIME
X-Say-Cacheable
X-CDN-Forward
X-Say-TTL
X-GoCache-CacheStatus
X-SayCDN-TTL
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-NCache
X-CACHE-KEY
Vix-Hermes-Req-Id
X-Hit
Cache-Hits
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Generated-Cart-Token
X-Alternate-Cache-Key
X-RCS-CacheZone
X-ShopId
X-ShardId
X-Dc
X-Trace-Id
X-Device-Type
OT-Force-Account-Verify
X-Tumblr-Pixel-3
X-Source
X-CS
X-S
X-SS-Set-Cookie
X-B3-SpanId
Srv
X-SRV
X-Magnolia-Registration
X-Parent-Response-Time
Mime-Version
X-Endurance-Cache-Level
X-OVcl-Cache
X-OVcl
Request-EU
Rt-Proxy-Cache
Request-Country
Rendered-Blocks
Arc-Country
AsisCache
BehaviorPad-Version
Content-Script-Type
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Content-Style-Type
Cross-Origin-Window-Policy
Meta-Geo-Continent
Mobile-Detection-Method
MD5-Digest
Machine
Fastcgi-X-Cache-Version
IsBot
Node
X-DPWN-IS-SECURE
X-ScT
X-S-Cookie
X-Server-Time
X-Service
X-Session-Fingerprint
X-Rojux
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-Processor
X-Region-Sid
X-Request-UUID
X-SIPLIST1
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-Svr
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Hl-Ver
X-G
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Dcw
X-A-Ccd
T-Server
Viewtype
VivaBuild
X-A
X-AIR-PT
X-Application
X-Date
X-Destination
X-Detected-As
X-External-Request-Id
X-D
X-Connection-Hash
X-ARC
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
Server-Host
X-A-Dam
User-Cache-Control
X-Upstream-Ht
X-Cluster-Node
X-Upstream-Ct
ServedBy
ServerName
Now
X-IN-APIGATEWAY
X-Generated-On
X-Hash
X-Instart-Isnd
We-Hiring
X-Reboot
Mail-Subject
X-Matched-Rule
X-Location
X-IN-APIGATEWAYSSL
X-Dispatcher-Server
Wxu-Next-Commit
X-Core-Value
Wxu-Next-Hostname
Wxu-Next-Region
X-Cache-Bucket
X-CUA
Thinkindot-Control
X-Dispatch
X-Ah-Environment
Server-Int
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Served-By
X-Level-Front-Cache
X-ND-Cache
X-Thinkindot-L3
X-Via-NSCOPI
X-CSRF-TOKEN
X-Webstats-RespID
Proxy-Connection
X-Uri
X-Developers
X-VG-TLSProxy
X-Azure-Ref-OriginShield
X-VServer
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-WADP-Cache
X-VC-Cache
X-User
X-Epic-Correlation-Id
X-Eu-Site
X-Fastly-Cache
X-FW-Version
X-Distributor
X-TrackingId
X-Debug-Cache-Fetch
X-Up
X-Distil-CS
X-Variation
X-We-Are-Hiring
X-Cache-FS-Status
X-Cache-Info
X-Cache-URL
X-Cdn-Srv
X-Cache-Debug
X-Backend-State
X-Bip
X-Block-Status
X-C
X-CGP
X-Clara-WADP
X-Wikidot-Backend
X-B3-Parentspanid
X-WebServer
X-BBXSRF
X-Wikidot-Static-Cache
X-Core-Mission
X-Clientip
X-Cms-Context
X-Compress-Hint
X-Debug-Cache-Expiry
X-Thanos
X-Origin-Expires
X-Owner
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Origin-Date
X-Old-Content-Length
X-Method
X-Ms-Request-Id
X-Ms-Version
X-NX-Host
X-Planisys-CDN-TTL
X-Platform-Server
X-Release
X-Reqid
X-Request-Start
X-Request-URI
X-RateLimit-Remaining-Second
X-S-Maxage
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Qloud-Router
X-RateLimit-Limit-Second
X-Scheme
X-SD-PageType
X-Hnp-Log
X-SVT-ORM-RULES
X-Sucuri-Cache
X-Skip-Cache
X-SVT-ORM-VERSION
X-Has-Esi
X-Rocket-Build-Number
X-Generation-Time
X-Geo-Header
X-GeoIP-City
X-Irp-Debug
X-Is-Gdpr
X-Li-Pop
X-LI-UUID
X-Server-IP
X-Logging-Id
X-Li-Fabric
X-Azure-Ref
X-JWT-State
X-Sigma-Backend
X-Sigma
X-Gen-Mode
X-Key
Memcached
PFcat
Magicmarker
L
IBM-Web2-Location
Platform
Pramga
Section-Io-Cache
W
SD-X-WS
RNT-Time
RNT-Machine
Heartbleed
HA-Ipaddr
Cache-Host
CDCHOST
X-Auto-Login
AKAMAI
Adler-Geo
Content-Disposition
Countrycode
Ha-Gx-Prefs
Gh-Request-Id
Fastly-Soc-X-Request-Id
Esi-Enabled
Web-Mar-Node
Is-Eu
X-Varnish-Beresp-Ttl
X-Amz-Meta-Cache-Control
X-App-Name
X-Agile-Id
X-Agile
X-Agile-Age
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Cache-Provider
NtCoent-Length
X-LI-Proto
X-Trafficlayer-App-Version
X-Internal-Host
X-Policy
Server-ID
X-Swa-Ws
X-Generated-In
X-Cache-Grace
Kp-EeAlive
Powered-By-ChinaCache
X-Cache-Id
X-NC
X-B3-Spanid
X-Nc
X-Urbn-Context-Path
X-Urbn-Site-Id
X-AK-Request-ID
X-NodeID
Cdnsip
X-Newrelic-Synthetics
X-ServiceProvider
True-Client-Country-4JS
V-Age
Locale
Cdncip
X-Via-CDN
Environment
X-MSEdge-Flight
CF-IPCountry
X-MSEdge-Features
X-Req
Locid
X-HTML-Minification-Powered-By
X-Served-From
X-Servername
X-Gamma-Serve
FNAC-ModuleRouting
X-B3-Traceid
GEO-REGION-INFO
X-GRACE
X-IPS-LoggedIn
X-Cdn-Forward
X-FPC
X-CLOUD-TRACE-CONTEXT
X-Refresh
X-Be
X-Lb-Id
X-UnsetCookies
Hostname
X-Nginx-Cache
Geo-Info
X-7Graus-Varnish-XKeys
X-Sucuri-Id
X-7Graus-Varnish-Cache-Control
X-Render-Time
ProcessTime
X-Sucuri-ID
X-NU-AKA-ACS-Version
X-Tb-Optimization-Total-Bytes-Saved
X-MP-GENERATED-AT
X-Mode
X-FORWARDED-FOR
X-VHOST
X-Zone
X-Developer
X-GeoIP-Country-Code
A
X-Servedbyhost
Tcn
X-Microcachable
X-Edge-O15-RID
X-Webkit-CSP
X-Sn-Servicetimems
X-Cdn-Origin
X-Device-Os
X-Node-Id
X-VWS-Id
X-Pjax-Url
X-Zipkin-Id
X-Proxied
X-AWS-Id
X-Pf-Uncompressing
Memory
X-LJ-Flow-ID
X-Routing-Service
X-Ratelimit-Remaining
Request-Time
TTL
X-CSRF-Token
Resin-Trace
Gannett-Cam-Experience-Id
X-COUNTRY
X-Correlation-ID
Geoip-Latitude
GeoIp-Country-Code
Cache-Cookie-Set-Lfrom
Amp-Access-Control-Allow-Source-Origin
X-DC
X-VCL-Version
Cache-Cookie-Set-From
PICS-Label
Cache-Cookie-Set-Idcheck
X-ZONE
X-Bc
XServer
CF-Cached-On
GeoIP-Country-Code
M-TraceId
GeoIP-Latitude
Cf-Ipcountry
X-Ratelimit-Limit
HostName
Pics-Label
X-Request-Time
X-Pod
X-Swift-Error
X-Via-SSL
X-Cdn-Request-ID
X-Vcl-Version
GeoIP-City
X-Via-Edge
MIME-Version
Cdn
Group
X-Unique-ID
X-ECACHE
X-ElasticPress-Search
Host-ID
X-Instart-Info
X-TH-Server
X-NODE
Geoip-City
Ttl
X-BC
X-Backend-Host
Ohc-File-Size
X-Var-Ttl
Ohc-Cache-HIT
X-Backend-Url
X-NGINX-Cache
X-APP
HitType
X-PF-Uncompressing
Powered-By
Backend-Name
X-Check-Cacheable
X-UPSTREAM-Address
Media-Length
Pagetype
N-Cache
Lfy
X-PJAX-URL
X-NGENIX-Cache
REQUESTUUID
URI
Fly-Cache
X-HS-Status
User-Agent
On-Server
X-Fstrz
Cache-Prefix
Fly-Request-Id
X-Fastly-Country-Code
X-ServedByHost
X-Tt-Trace-Tag
SRV
X-Hp-Ccpa-Warning
AR-SID
X-HostName
X-Tt-Trace-Host
X-WR-MODIFICATION
X-Worker
X-Via-Ucdn
FSS-Cache
FSS-Proxy
X-Cache-Tag
CDN
X-Aicache-OS
X-LiteSpeed-Cache-Control
X-Sedo-Request-Id
X-NYM-Debug-Backend
X-BE
X-WA
Pragrma
Who
UCS
X-Fetched-On
X-Cache-Miss-From
X-Server-W
X-LB-ID
X-Cache-Tags
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Varnish-Cacheable
X-Varnish-URL
X-LAGOON
X-Wa
Server-Cache-Control
X-GEO
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Fastly-SIE
Fastly-SWR
Server-Surrogate-Control
Processtime
X-Fpc
X-Cf-Powered-By
X-Store
X-Upstream-HT
X-ServerName
Debug
Location
X-Upstream-CT
X-Fastly-Backend-Reqs
Country-Code
Fastly-Backend-Name
X-Ftr-Cache-Host
X-Ua
X-Akamai-ERPolicy
X-Protected-By
X-Response-By
X-TT-LOGID
X-Akamai-ERRuleID
X-Varnish-Beresp-TTL
Lb
X-Apw-Hits
X-Apw-Access-Object
RequestId
Ohc-Response-Time
X-Apw-Access-Action
WP-Super-Cache
X-Apw-Access-Token
Product
SID
X-Gen-Id
X-Fastly-Cache-Hits
X-Li-Proto
Thinkindot-Cache-Type
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Dw-Trace-Id
Application
X-Request-Url
Cneonction
X-SB
X-VC
XxX-Cache-Status
X-Nananana
X-GDPR
Server-Id
NnCoection
Xet-Cookie