Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Iinfo
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-AH-Environment
X-Cache-Group
X-Age
X-Ua-Compatible
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Proxy-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Rq
Report-To
EagleEye-TraceId
X-Ac
X-Server-Id
X-Response-Time
X-OneAgent-JS-Injection
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
X-Node
Content-Location
X-Origin-Cache
X-Readtime
X-Cdn
X-Cache-Lookup
X-Cloud-Trace-Context
NEL
X-Vhost
X-Ws-Request-Id
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
Allow
X-Dns-Prefetch-Control
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
X-DynaTrace
Surrogate-Control
Rating
X-FTR-Request-ID
X-Country
X-Country-Code
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
X-Akam-SW-Version
X-Goog-Hash
Pinterest-Generated-By
X-Varnish-TTL
X-TtlSet
X-Instart-Request-ID
X-PC
X-Vname
X-Ruxit-JS-Agent
X-MS-InvokeApp
Edge-Control
X-B3-TraceId
X-Url
X-Mod-Pagespeed
Verso
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-Trace
X-Sol
X-Middleton-Response
Response
Pagespeed
X-SharePointHealthScore
Accept-Ch
X-Middleton-Display
Display
X-VARITI-CCR
RTSS
X-GoogleNews-Bot
X-Server-Name
X-Cdn-Fetch
X-Kinja-Server
X-Kinja
X-Exp-Variant
X-Kinja-Build
Service-Worker-Allowed
X-Exp-Id
X-Kinja-Revision
X-Use-Magma
X-GitHub-Request-Id
X-Server-ID
X-ESI
SPRequestDuration
SPIisLatency
Content-MD5
X-Navigation-Version
X-Vcache
X-Powered-CMS
X-Debug
X-Abt-Application-Version
X-TTL
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
Public-Key-Pins
X-CST
Charset
MS-Author-Via
X-Upstream
X-Forwarded-Proto
X-Cached
Accept-Ch-Lifetime
X-NF-Request-ID
X-Amz-Rid
X-Px
Realpath
X-Version
Edge-Cache-Tag
DynaTrace
X-Shard
MicrosoftSharePointTeamServices
TCN
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Fastly-Restarts
X-Ezoic-Cdn
X-Pinterest-Rid
Pinterest-Version
X-Ser
X-Shield-Request-Id
Access-Control-Request-Method
X-MSEdge-Ref
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
X-Fastly-Request-ID
X-Recruiting
X-XRDS-Location
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Accel-Expires
X-Trafficlayer-App-Name
X-DIS-Request-ID
X-Trafficlayer-App-Scope
Front-End-Https
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-Goog-Storage-Class
X-Id
X-T
X-Varnish-Age
X-Element-Page-Cache
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-Amzn-Trace-Id
X-Ttl
X-Dw-Request-Base-Id
Cache-Tag
Fastcgi-Cache
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Webapp-Samesite-None-Activated-N
X-Frontend
X-Content-Digest
NR-ENABLED
Powered
X-RateLimit-Remaining
X-Hits
X-Correlation-Id
X-Kinsta-Cache
X-Litespeed-Cache
X-Fastcgi-Cache
X-FTR-Cache-Host
Alternate-Protocol
X-Grace
X-Hp-Webp
ServerID
X-Aspnetmvc-Version
X-N
X-Webkit-Csp
X-Cache-Hit
X-Request-Processing-Time
X-Request-Received
TP-Cache
TP-L2-Cache
X-Node-Name
PB-PID
X-Request-Handler-Origin-Region
PB-RID
X-Microsite
Arc-Version
X-Mobile-Rewrite
Server-Name
X-HS-Combine-CSS
AMP-Access-Control-Allow-Source-Origin
Accept-CH
X-Zen-Fury
X-User-Agent
X-Rid
Healthy
Accept-CH-Lifetime
X-Content-Type
X-Revision
Backend-Timing
X-Analytics
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
Server-Node
X-Logged-In
X-LB-Cache
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Activity-Id
X-AppVersion
X-Forwarded-For
Cache-Status
X-Az
X-FastCGI-Cache
X-Pad
X-Amzn-RequestId
Ar-Sid
X-Amz-Apigw-Id
X-NWS-LOG-UUID
X-GUploader-UploadID
X-Oneagent-Js-Injection
X-IPLB-Instance
X-Cached-By
Retry-After
X-Varnish-Grace
X-Mobile-URL
X-Type
X-Srv
X-B3-Sampled
X-Content-Options
X-Ruxit-Js-Agent
Paypal-Debug-Id
Refresh
X-F-Cache
X-Via-JSL
X-Geo-Country
Upgrade-Insecure-Requests
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-App-Environment
Host
X-Varnish-Backend
Source
X-Jobs
Accept-Charset
X-Debug-Info
X-FB-Debug
X-Instance
X-Request-Guid
X-AOL-HN
DC
X-B
X-PHP-Backend
X-Cluster
X-Page-Id
X-Framework
Actual-Object-TTL
FilterID
X-Cache-Age
Access-Control-Allow-Method
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-WebKit-CSP-Report-Only
X-Seen-By
X-Cache-Key
X-ATG-Version
AR-Request-ID
MS-CV
X-TT
Fastcgi-Useragent
X-Content-Powered-By
X-Cache-TTL
X-Git-Hash
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Whom
X-Cache-2
X-Esi
X-UA
X-PressLabs-Stats
X-Cache-Control
X-Amz-Replication-Status
X-TA-CDN-Provider
X-Host-Name
Surrogate-Key
X-Wix-Request-Id
Cache
X-Signature
X-B-Cache
Host-Header
Frame-Options
NGB
X-Response-Served-From
X-Mobile
X-Daa-Tunnel
X-FW-Server
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-FW-Static
X-Cache-Operation
X-FW-Serve
X-Cache-Rule
X-RequestSource
X-Origin-Server
X-FW-Hash
X-GeoIP
X-FW-Type
X-Tumblr-Pixel-2
X-Cache-Enabled
Cache-Tv-Group
X-Tumblr-Pixel-1
X-Drupal-Cache-Tags
WPE-Backend
X-Cacheable-TTL
X-Hyper-Cache
X-Region
X-Cache-NE
X-Handled-By
Payment
X-TX-ID
Cleartype
Eomportal-Instance
Filters
Webserver
X-Cache-Action
Xserver
X-Adobe-Content
X-Adobe-Loc
X-UA-Device-Type
X-SERVER
From-Origin
X-Forwarded-Host
X-EdgeConnect-Cache-Status
X-RemovedCookies
X-ProcessESI
X-Time
Datacenter
X-Akamai-Transformed
Ms-Operation-Id
X-Hostname
X-RTag
X-Load-Cache
X-Cache-TTL-Remaining
X-App-Server
X-NewRelic-App-Data
X-Cache-Server
X-Edge-Location
X-Status
Liferay-Portal
X-Contextid
Tracecode
X-XRDS-LOCATION
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-ATS-Timestamp
X-Varnish-Hostname
X-Varnish-Server
X-BCube-Filmed-By
Odigeo-Trace-Id
X-TT-TIMESTAMP
X-Rule
Country
X-Cache-Var
X-Path-Route
X-ES-SERVER
X-Cache-Var-Map
Load-Balancing
Meta-Geo
X-RN-RSRV
Release
X-Xfnlog-Site
X-FW-Dynamic
X-VCT
X-Upgrade-Enabled
X-Debug-Cache
Server-Info
DSUID
X-Viewer-Country
X-Rocket-Nginx-Bypass
X-Cache-Host
X-Origin-Hint
X-CCM
X-R9-Blue-Green-Version
X-Soup
X-Via-Fastly
Property-Id
Mn-Server-Ip
X-OCL
X-Cache-Config
X-Varnish-Cache-Hits
X-EIG-Tracking-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-Locale-Group
Cache-Tags
X-Pubstack
Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
TWC-Privacy
X-PCL
DB-Nickname
Webcakes-Region
Webcakes-App-Version
Azure-InstanceId
Cache-Name
Fastly-SSL
Origin-Cache-Control
Azure-RegionName
Azure-Version
L5d-Success-Class
Azure-SlotName
Azure-SiteName
X-Proxy-Build
X-ServerID
X-Drupal-Cache-Contexts
X-Hosted-By
X-Loop
X-Cache-Time
X-Timing-Wait
X-TNCMS
X-From
X-Web-Node
X-FC-Vary-Parameters
X-UUID
X-Akamai-Request-ID2
X-Akamai-Request-ID
Selected-Fe
X-Origin
X-Labrador-Cache-Channel
S-Rt
X-Origin-Response-Time
X-Proto
X-Real-IP
X-Human
X-IP
X-Proxy
Origin-Edge-Control
NGX
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Redis-Cache
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-NWS-UUID-VERIFY
S-Cnection
X-Goog-Meta-Goog-Reserved-File-Mtime
X-JoinUs
X-PERF
X-Rendered-As
X-Generated
X-Locale
X-Format
X-Content-Age
X-ApacheServer
X-Cluster-Name
Viewport
X-Section
X-FireWall-Port
X-Backend-Name
X-Access
X-RateLimit-Limit
X-Www-Served-By
Ec-Rule-Version
X-Site-Version
Decoy-Debug-Status
Decoy-Debug-Key
X-Vgn-Hpd-Reason
Decoy-Debug-TTL
X-Time-Microsecs
X-Varnish-Hits
X-VCache
X-Info
X-ORACLE-APMCS-TAG
X-Is-Bot
X-ORACLE-APMCS-REQUEST-ID
X-Storage
X-BYPASS-REASON
X-ProxyCache-Status
Uber-Trace-Id
X-ProxyCache-Key
X-Origin-TTL
Rt-Fastcgi-Cache
X-Origin-CC
X-URL
X-Generated-By
X-Cache-Backend
X-PHP-Host
Cache-Key
Cteonnt-Length
X-Amzn-Remapped-Content-Length
X-Presslabs-Stats
X-Accel-Buffering
X-WA-Info
Akamai-GRN
Vix-Hermes-Req-Id
X-SS-Set-Cookie
Time
X-App-Version
GEO-INFO
Cache-Hits
X-Guploader-Uploadid
X-GoCache-CacheStatus
X-Hit
X-NCache
X-Nginx-Cache-Key
X-CF-Powered-By
X-Cache-Remote
X-Trace-Id
Origin
X-Backend-TTL
X-SaId
X-No-Session
Accept-Language
X-FB-TRIP-ID
X-APP-VERSION
X-Device-Type
X-MServer
X-L-Path
X-Environment-Context
X-Cache-Grace
X-CS
X-Tb
X-Geo
X-B3-Traceid
X-Tumblr-Pixel-3
X-CDN-Forward
Access-Control-Request-Headers
X-SayCDN-TTL
X-Say-Cacheable
X-OVcl-Cache
X-OVcl
X-Say-TTL
X-S
X-Unique-Id
X-B3-SpanId
X-Cluster-Node
X-Uri
X-Tec-Api-Origin
X-CACHE-KEY
User-Cache-Control
X-Tec-Api-Version
X-Tec-Api-Root
Srv
Fastcgi-X-Cache-Version
X-Via-CDN
Arc-Country
IsBot
Cross-Origin-Window-Policy
Apple-News-Services-Request-Url
X-Destination
Apple-News-Services-Parsed-Url
X-Date
X-VG-WebCache
AsisCache
BehaviorPad-Version
Content-Script-Type
Content-Style-Type
X-VG-WebServer
X-Vtex-Processado-Em
X-Detected-As
X-ShardId
X-ShopId
X-PAYTM-SRV-ID
X-Alternate-Cache-Key
X-Processor
X-G
X-Hl-Ver
ServedBy
X-Shopify-Stage
X-DPWN-IS-SECURE
Apple-News-Services-Handled
Apple-News-Services-Host
X-External-Request-Id
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Xc-Version
Machine
X-Vtex-Remote-Cache
X-Request-UUID
X-A-Dam
X-Service
X-A-Dcw
X-Server-Time
X-Session-Fingerprint
X-SIPLIST1
VivaBuild
X-A
X-SRCache-Key
X-A-Dgt
X-A-Wwc
X-Application
X-CF-Lambda-Fn
X-ARC
X-AIR-PT
X-Aed
X-Accel-Expires-Debug
X-CF-Lambda-Version
X-ScT
X-Svr
X-Connection-Hash
X-B-Cookie
X-Rewrite-Enabled
Node
X-Rojux
X-D
Mobile-Detection-Method
MD5-Digest
Meta-Geo-Continent
X-Twitter-Response-Tags
Rendered-Blocks
Request-Country
T-Server
Viewtype
X-S-Cookie
Server-Host
X-Transaction
Request-EU
Rt-Proxy-Cache
X-Trv-Group
X-Region-Sid
X-A-Ccd
Mail-Subject
We-Hiring
X-CSRF-TOKEN
Mime-Version
X-Ah-Environment
X-EC-Lua
ServerName
X-Dc
Now
OT-Force-Account-Verify
NtCoent-Length
X-Matched-Rule
Thinkindot-CacheControl-Type
X-NX-Host
X-Ms-Version
X-Ms-Request-Id
X-UnsetCookies
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Varnish-Beresp-Grace
X-Reboot
X-CUA
X-Proxy-Upstream
Thinkindot-CacheControl
X-FW-Version
X-Proxy-Cache-Status
Thinkindot-Control
X-Debug-Log
X-Hash
X-Hnp-Log
X-IN-APIGATEWAY
X-Endurance-Cache-Level
RNT-Time
X-Gen-Mode
RNT-Machine
X-Generated-On
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Varnish-Beresp-Status
Kp-EeAlive
X-Location
Server-Int
X-Level-Front-Cache
Served-By
X-Dispatcher-Server
X-Dispatch
X-Debug-Cookies
X-Varnish-Beresp-Ttl
X-Thinkindot-L3
X-Shopify-Generated-Cart-Token
Proxy-Connection
X-Clara-WADP
X-Cms-Context
Hostname
X-User
X-WADP-Cache
X-Webstats-RespID
X-Block-Status
X-Cache-Bucket
X-Cache-Debug
X-Core-Value
X-Cache-Info
X-S-Maxage
Wxu-Next-Hostname
X-Reqid
Wxu-Next-Commit
Cache-Host
Web-Mar-Node
Wxu-Next-Region
X-Request-URI
CDCHOST
X-B3-Parentspanid
X-C
X-Bip
X-Azure-Ref
X-Epic-Correlation-Id
X-Azure-Ref-OriginShield
X-Backend-State
X-BBXSRF
X-Distributor
X-Cache-FS-Status
X-Debug-Cache-Fetch
X-CGP
X-Clientip
X-Debug-Cache-Store
X-Compress-Hint
X-Cdn-Srv
X-Cache-URL
X-Cache-Id
X-Core-Mission
X-Developers
X-Debug-Cache-Expiry
X-Eu-Site
X-Distil-CS
X-LI-UUID
X-Sucuri-Cache
X-Skip-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Swa-Ws
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-Scheme
X-SD-PageType
X-Server-IP
X-Thanos
X-TrackingId
X-WebServer
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Vdms-Version
X-We-Are-Hiring
X-VServer
X-Up
X-Variation
X-VC-Cache
X-VG-TLSProxy
X-NC
X-Request-Start
X-JWT-State
X-Key
X-Li-Fabric
X-Li-Pop
X-Is-Gdpr
X-Irp-Debug
X-Generated-In
X-Geo-Header
X-GeoIP-City
X-Has-Esi
X-Auto-Login
X-Logging-Id
X-Platform-Server
X-Policy
X-Qloud-Router
X-Release
X-Owner
X-Origin-Expires
X-Magnolia-Registration
X-Method
X-Old-Content-Length
X-Origin-Date
X-Fastly-Cache
X-Generation-Time
L
Magicmarker
Is-Eu
IBM-Web2-Location
HA-Ipaddr
Heartbleed
Memcached
PFcat
Section-Io-Cache
True-Client-Country-4JS
SD-X-WS
Pramga
Platform
X-Agile
X-Agile-Age
Content-Disposition
Countrycode
X-App-Name
AKAMAI
Adler-Geo
Esi-Enabled
X-Amz-Meta-Cache-Control
Gh-Request-Id
W
X-Agile-Id
Fastly-Soc-X-Request-Id
Ha-Gx-Prefs
X-Nc
Cache-Provider
X-Parent-Response-Time
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Cdncip
X-LI-Proto
X-Urbn-Context-Path
X-MSEdge-Features
X-AK-Request-ID
X-ServiceProvider
X-Urbn-Site-Id
Cdnsip
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
Locale
V-Age
X-NodeID
X-Internal-Host
X-Planisys-CDN-Cache
X-MSEdge-Flight
X-RCS-CacheZone
X-Via-NSCOPI
X-B3-Spanid
X-Source
X-Upstream-Ct
Powered-By-ChinaCache
Server-ID
X-Upstream-Ht
X-COUNTRY
X-SRV
X-Developer
A
X-Servername
X-ND-Cache
CF-IPCountry
X-GRACE
X-Cdn-Forward
X-Cdn-Origin
X-Device-Os
GEO-REGION-INFO
X-Be
X-Trafficlayer-App-Version
X-Sn-Servicetimems
Environment
X-CLOUD-TRACE-CONTEXT
X-Sucuri-Id
X-Node-Id
X-Lb-Id
X-TIME
X-FPC
X-FORWARDED-FOR
X-Req
X-Nginx-Cache
X-VHOST
Locid
Tcn
X-Served-From
X-Microcachable
FNAC-ModuleRouting
Geo-Info
X-Gamma-Serve
X-Sucuri-ID
X-Zone
X-Servedbyhost
X-Webkit-CSP
X-Newrelic-Synthetics
X-Refresh
ProcessTime
Request-Time
X-Pjax-Url
X-Tb-Optimization-Total-Bytes-Saved
X-HTML-Minification-Powered-By
Resin-Trace
X-IPS-LoggedIn
X-AWS-Id
X-Pf-Uncompressing
X-VWS-Id
Memory
X-Edge-O15-RID
X-LJ-Flow-ID
X-Render-Time
Group
X-NU-AKA-ACS-Version
Gannett-Cam-Experience-Id
X-VCL-Version
X-ECACHE
X-Instart-Info
X-ElasticPress-Search
CF-Cached-On
X-Correlation-ID
X-Backend-Url
X-NGENIX-Cache
X-Backend-Host
X-DC
Geoip-Latitude
XServer
X-Ratelimit-Remaining
Amp-Access-Control-Allow-Source-Origin
GeoIp-Country-Code
Geoip-City
TTL
X-GeoIP-Country-Code
X-Var-Ttl
X-CSRF-Token
PICS-Label
Cf-Ipcountry
Pics-Label
Backend-Name
X-Pod
MIME-Version
X-MP-GENERATED-AT
X-Mode
X-Unique-ID
X-Bc
Cdn
X-Via-SSL
Lfy
GeoIP-Country-Code
GeoIP-Latitude
GeoIP-City
X-Via-Edge
REQUESTUUID
N-Cache
Pagetype
Ttl
X-ZONE
Cache-Prefix
Fly-Cache
Fly-Request-Id
X-GEO
X-Check-Cacheable
X-APP
M-TraceId
X-Vcl-Version
X-Worker
Host-ID
X-Fstrz
X-Via-Ucdn
HostName
Ohc-File-Size
Ohc-Cache-HIT
X-Ratelimit-Limit
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-Cache-Miss-From
X-HS-Status
HitType
SRV
X-PF-Uncompressing
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Sedo-Request-Id
X-Swift-Error
X-Server-W
X-Fastly-Country-Code
X-Fetched-On
X-Cdn-Request-ID
X-PJAX-URL
X-Upstream-HT
X-Upstream-CT
X-BC
X-LiteSpeed-Cache-Control
X-NGINX-Cache
X-Dynatrace-Js-Agent
User-Agent
Pragrma
X-TH-Server
X-Cache-Tag
CACHE
On-Server
URI
X-ServedByHost
Fastly-SWR
X-Rebelmouse-Cache-Control
Fastly-SIE
X-Wa
X-Rebelmouse-Surrogate-Control
X-HostName
X-Aicache-OS
X-Tt-Trace-Tag
Powered-By
X-WR-MODIFICATION
X-UPSTREAM-Address
X-Request-Time
Who
X-WA
CDN
X-TT-LOGID
X-RateLimit-Reset
X-LB-ID
Media-Length
X-BE
X-GDPR
Dynatrace
X-Varnish-URL
X-Varnish-Cacheable
X-Fpc
Cdn-Host
Cdn-Request-Time
X-LAGOON
X-Edge-Server
X-Fastly-Backend-Reqs
X-Cf-Powered-By
DataCenter
FSS-Cache
FSS-Proxy
X-Hello
X-ServerName
Get-Access-Time
X-SN
Server-Id
LB
Debug
Is-Session-Tracking
X-ABtesting
SS
X-Flog
Filterid
X-Ftr-Cache-Host
X-Ua
AR-SID
SN
X-DI
X-Varnish-Beresp-TTL
X-DSS
X-Protected-By
X-Gen-Id
X-DW
X-Org
X-Action
X-RSL
X-DB
X-Response-By
X-RPM
X-Tt-Trace-Host
X-RPS
X-VC
Xet-Cookie
X-Amzn-Remapped-Date
Cneonction
X-Akamai-ERPolicy
X-SB
XxX-Cache-Status
X-Amzn-Remapped-Connection
RequestId
UCS
X-LiteSpeed-Tag
Thinkindot-Cache-Type
Application
X-Fastly-Cache-Hits
X-Li-Proto
SID
X-Akamai-ERRuleID
Product
Requestid
NnCoection
Warning
X-Dw-Trace-Id
X-Request-Url
X-Nananana