Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Kinja-Server-Push
CF-Ray
X-Turbo-Charged-By
X-AH-Environment
X-Via
X-Ua-Compatible
X-Age
X-Cache-Group
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
X-Nginx-Cache-Status
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Rq
X-Server-Id
X-WebKit-CSP
Report-To
EagleEye-TraceId
X-Response-Time
X-Ac
X-Host
X-OneAgent-JS-Injection
Request-Id
X-Ws-Request-Id
X-Cnection
X-Backend-Server
X-Node
X-DataDome
Content-Location
X-Origin-Cache
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Cloud-Trace-Context
NEL
X-Readtime
X-Vhost
X-Application-Context
X-HW
X-Dispatcher
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cdn
Allow
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Surrogate-Control
X-Origin-Upstream-Status
X-DynaTrace
Rating
X-Country
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
X-FTR-Request-ID
X-Akam-SW-Version
X-Country-Code
X-Goog-Hash
X-Instart-Request-ID
Pinterest-Generated-By
X-TtlSet
X-Vname
X-Ruxit-JS-Agent
X-PC
Edge-Control
X-Varnish-TTL
X-MS-InvokeApp
X-B3-TraceId
X-Url
X-Mod-Pagespeed
Verso
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-ESI
Accept-Ch
X-Trace
X-SharePointHealthScore
X-VARITI-CCR
X-GitHub-Request-Id
X-Server-Name
X-Middleton-Response
Response
X-Sol
Pagespeed
Service-Worker-Allowed
Display
X-Middleton-Display
Content-MD5
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
RTSS
X-TTL
SPIisLatency
X-Navigation-Version
SPRequestDuration
X-Powered-CMS
X-Vcache
X-Abt-Application-Version
X-Debug
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Upstream
Charset
X-Cached
Public-Key-Pins
X-Vcap-Request-Id
MS-Author-Via
X-CST
Accept-Ch-Lifetime
DynaTrace
X-NF-Request-ID
X-Amz-Rid
X-Version
Edge-Cache-Tag
Realpath
X-Px
MicrosoftSharePointTeamServices
X-Shard
X-DynaTrace-JS-Agent
Arr-Disable-Session-Affinity
TCN
X-Ezoic-Cdn
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
Access-Control-Request-Method
X-Shield-Request-Id
X-MSEdge-Ref
X-Pinterest-Rid
Pinterest-Version
X-Server-ID
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
S
Fastly-Restarts
X-Accel-Expires
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-DIS-Request-ID
X-XRDS-Location
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Client-IP
Front-End-Https
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-Id
X-T
X-Element-Page-Cache
X-Varnish-Age
Nginx-Cache
X-Webapp-Samesite-None-Activated-N
Cache-Tag
X-Mrf-Item-Lastmod
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Country-Code-Real
Mrf-Cache-Status
MRF-Tech
X-Amzn-Trace-Id
X-FTR-Expires
X-Dw-Request-Base-Id
X-Webkit-Csp
Fastcgi-Cache
X-Fastcgi-Cache
X-Frontend
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Content-Digest
NR-ENABLED
Powered
X-Ttl
X-Hits
X-Correlation-Id
X-Kinsta-Cache
Alternate-Protocol
X-Hp-Webp
X-FTR-Cache-Host
X-Aspnetmvc-Version
X-Request-Received
X-Request-Processing-Time
ServerID
X-N
X-HS-Combine-CSS
X-Content-Type
Server-Name
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Hit
X-Grace
PB-PID
Accept-CH
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Node-Name
Accept-CH-Lifetime
X-Rid
TP-Cache
TP-L2-Cache
Healthy
X-User-Agent
X-Revision
X-Akamai-Edgescape
X-RateLimit-Remaining
Backend-Timing
X-Analytics
X-Content-Security-Policy-Report-Only
X-Forwarded-For
X-Zen-Fury
AMP-Access-Control-Allow-Source-Origin
X-Logged-In
Server-Node
X-LB-Cache
X-Pad
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Mobile-URL
X-AppVersion
X-Az
X-Activity-Id
X-Oneagent-Js-Injection
X-Varnish-Grace
X-NWS-LOG-UUID
Cache-Status
X-Cached-By
X-IPLB-Instance
X-Content-Options
X-F-Cache
X-B3-Sampled
Refresh
X-Ruxit-Js-Agent
Retry-After
X-Geo-Country
Upgrade-Insecure-Requests
X-Type
X-GUploader-UploadID
X-FastCGI-Cache
FilterID
X-Varnish-Backend
X-App-Environment
X-Srv
Paypal-Debug-Id
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Source
X-FB-Debug
X-Instance
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Framework
X-Cluster
DC
Access-Control-Allow-Method
X-PHP-Backend
X-Request-Guid
X-Jobs
X-Debug-Info
X-Page-Id
Accept-Charset
Actual-Object-TTL
X-WebKit-CSP-Report-Only
Host
X-Cache-2
X-AOL-HN
X-B
X-ATG-Version
X-Cache-Key
X-Cache-Age
X-Erf-Bev-Bev
Cache
X-Erf-Bev-Bev-Is-Generated
X-TT
X-Seen-By
Fastcgi-Useragent
Ar-Sid
X-Via-JSL
MS-CV
X-Git-Hash
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Powered-By
X-Cache-TTL
X-PressLabs-Stats
X-Amz-Replication-Status
X-Whom
X-B-Cache
X-Signature
Host-Header
X-Daa-Tunnel
X-UA
X-Cache-Control
X-Wix-Request-Id
NGB
X-Cache-Enabled
X-Response-Served-From
Surrogate-Key
X-Host-Name
X-RequestSource
X-Origin-Server
X-TA-CDN-Provider
X-Mobile
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Cache-Tv-Group
X-GeoIP
WPE-Backend
Payment
Cleartype
AR-Request-ID
Eomportal-Instance
Filters
X-FW-Serve
Frame-Options
X-Handled-By
X-Region
X-FW-Hash
X-FW-Server
X-FW-Type
X-FW-Static
X-Hyper-Cache
X-TX-ID
X-Cache-Action
Xserver
X-EdgeConnect-Cache-Status
X-Drupal-Cache-Tags
X-Cacheable-TTL
X-Litespeed-Cache
X-Adobe-Loc
X-Adobe-Content
X-Cache-NE
X-SERVER
Webserver
X-ATS-Timestamp
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Datacenter
X-Cache-Operation
X-Esi
X-Cache-Rule
X-Hostname
From-Origin
X-Load-Cache
X-Akamai-Transformed
X-RemovedCookies
X-UA-Device-Type
X-ProcessESI
X-NewRelic-App-Data
X-Edge-Location
Ms-Operation-Id
X-Forwarded-Host
X-RTag
X-Cache-TTL-Remaining
X-Cache-Server
Liferay-Portal
X-Yottaa-Metrics
X-XRDS-LOCATION
X-Yottaa-Optimizations
X-Varnish-Hostname
X-Varnish-Server
X-Status
X-Contextid
X-App-Server
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-Rule
X-Oss-Request-Id
X-Oss-Server-Time
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Country
Odigeo-Trace-Id
X-Upgrade-Enabled
Load-Balancing
X-RN-RSRV
X-ES-SERVER
X-TT-TIMESTAMP
X-Cache-Var
X-UUID
X-BCube-Filmed-By
X-Cache-Var-Map
Meta-Geo
X-Path-Route
DSUID
X-Xfnlog-Site
X-Time
X-Origin-Hint
X-Cache-Config
Webcakes-Region
X-From
X-Debug-Cache
X-OCL
X-VCT
TWC-Privacy
X-CCM
TWC-Connection-Speed
TWC-Locale-Group
TWC-GeoIP-LatLong
Cache-Tags
Property-Id
TWC-GeoIP-Country
X-Viewer-Country
X-R9-Blue-Green-Version
X-Pubstack
Webcakes-App-Version
X-Rocket-Nginx-Bypass
TWC-Device-Class
Webcakes-App-Name
X-PCL
Release
X-Via-Fastly
Selected-Fe
S-Rt
X-Vgn-Hpd-Reason
Tracecode
X-Timing-Wait
X-TNCMS
Mn-Server-Ip
X-Web-Node
Cache-Name
Azure-Version
X-Cache-Host
Fastly-SSL
DB-Nickname
L5d-Success-Class
X-Akamai-Request-ID
X-Akamai-Request-ID2
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Human
X-IP
X-Origin-Response-Time
X-Loop
X-FW-Dynamic
X-FC-Vary-Parameters
X-Real-IP
X-Soup
X-Proxy-Build
X-Proxy
X-Drupal-Cache-Contexts
X-Proto
Azure-SlotName
NGX
Azure-InstanceId
X-EIG-Tracking-Id
Azure-SiteName
X-Redis-Cache
Azure-RegionName
X-Access
Server-Info
X-Labrador-Cache-Channel
X-Varnish-Cache-Hits
X-Backend-Name
Viewport
X-Site-Version
X-Generated
X-Locale
X-Format
X-Content-Age
S-Cnection
X-Section
X-ServerID
X-Origin
Ec-Rule-Version
X-NWS-UUID-VERIFY
X-FireWall-Port
Origin-Cache-Control
Decoy-Debug-TTL
X-Cache-Time
Origin-Edge-Control
Decoy-Debug-Key
X-Www-Served-By
Decoy-Debug-Status
Version
X-Time-Microsecs
X-Cluster-Name
X-Rendered-As
X-ApacheServer
Uber-Trace-Id
X-BYPASS-REASON
X-ProxyCache-Key
X-Is-Bot
X-JoinUs
X-PERF
X-ProxyCache-Status
X-Generated-By
X-Varnish-Hits
X-VCache
X-Cache-Backend
X-Storage
X-Accel-Buffering
X-Info
X-Guploader-Uploadid
X-PHP-Host
X-Amzn-Remapped-Content-Length
X-URL
Akamai-GRN
X-Origin-CC
X-Origin-TTL
Rt-Fastcgi-Cache
X-SaId
X-Geo
X-Presslabs-Stats
X-WA-Info
Time
X-Nginx-Cache-Key
X-App-Version
Cteonnt-Length
Cache-Key
GEO-INFO
X-CF-Powered-By
X-No-Session
X-MServer
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
Origin
X-Environment-Context
X-L-Path
Vix-Hermes-Req-Id
X-Tb
X-Cache-Remote
Cache-Hits
X-FB-TRIP-ID
X-RateLimit-Limit
Accept-Language
X-GoCache-CacheStatus
Access-Control-Request-Headers
X-NCache
X-APP-VERSION
X-Trace-Id
X-Say-Cacheable
X-SayCDN-TTL
X-Unique-Id
X-Hit
X-Say-TTL
X-Backend-TTL
X-B3-Traceid
X-Device-Type
X-SS-Set-Cookie
X-ShardId
X-CS
X-Shopify-Stage
X-EC-Lua
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Generated-Cart-Token
Srv
X-B3-SpanId
X-Tumblr-Pixel-3
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-CDN-Forward
X-OVcl
X-OVcl-Cache
User-Cache-Control
X-Dc
X-CACHE-KEY
X-S
X-Parent-Response-Time
X-Cluster-Node
X-Source
NtCoent-Length
ServedBy
X-TIME
VivaBuild
X-Destination
X-A-Ccd
X-Detected-As
X-A
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-A-Wwc
X-ARC
X-Connection-Hash
X-Application
X-B-Cookie
X-CF-Lambda-Version
X-DPWN-IS-SECURE
X-CF-Lambda-Fn
X-AIR-PT
Apple-News-Services-Handled
X-A-Dgt
X-A-Dcw
X-Date
X-Accel-Expires-Debug
Viewtype
X-D
X-Aed
X-A-Dam
X-Processor
X-Session-Fingerprint
X-Service
X-SIPLIST1
X-SRCache-Key
X-Svr
X-Server-Time
X-ScT
X-Request-UUID
X-External-Request-Id
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
MD5-Digest
X-Transaction
X-Vtex-Processado-Em
Fastcgi-X-Cache-Version
X-Vtex-Remote-Cache
Machine
Xc-Version
X-VG-WebServer
X-VG-WebCache
OT-Force-Account-Verify
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Version
Cross-Origin-Window-Policy
X-Region-Sid
Rt-Proxy-Cache
Server-Host
X-Ah-Environment
Meta-Geo-Continent
Request-Country
BehaviorPad-Version
X-Hl-Ver
Mime-Version
X-G
Arc-Country
AsisCache
T-Server
IsBot
Request-EU
Mobile-Detection-Method
Content-Style-Type
Content-Script-Type
X-PAYTM-SRV-ID
Rendered-Blocks
Node
X-RCS-CacheZone
X-Endurance-Cache-Level
X-CSRF-TOKEN
X-Magnolia-Registration
X-Cache-Grace
ServerName
Web-Mar-Node
Server-Int
Served-By
Wxu-Next-Commit
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Ms-Request-Id
X-Ms-Version
X-NX-Host
X-Matched-Rule
X-Location
X-Instart-Isnd
X-Level-Front-Cache
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Via-NSCOPI
X-Webstats-RespID
X-Thinkindot-L3
X-Reboot
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Core-Value
X-CUA
X-Cache-Info
X-Cache-Bucket
Wxu-Next-Region
X-Block-Status
X-Debug-Cookies
X-Debug-Log
X-Hash
X-Hnp-Log
X-Generated-On
X-Gen-Mode
X-Dispatch
Wxu-Next-Hostname
Thinkindot-CacheControl
Proxy-Connection
CDCHOST
X-Uri
Now
X-SRV
X-Developers
X-Upstream-Ct
X-Eu-Site
X-Upstream-Ht
X-Distil-CS
X-Fastly-Cache
X-Generated-In
X-Has-Esi
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-GeoIP-City
X-Geo-Header
X-Varnish-Beresp-Ttl
X-Generation-Time
X-FW-Version
X-Debug-Cache-Store
X-Bip
X-C
X-Cache-Debug
X-BBXSRF
X-Backend-State
X-Azure-Ref
X-Azure-Ref-OriginShield
X-B3-Parentspanid
X-Cdn-Srv
X-CGP
We-Hiring
Mail-Subject
X-Debug-Cache-Expiry
X-Core-Mission
X-Cms-Context
X-Clara-WADP
X-Clientip
X-Debug-Cache-Fetch
X-Irp-Debug
X-Up
X-User
X-VC-Cache
X-TrackingId
X-Thanos
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Swa-Ws
X-VG-TLSProxy
X-VServer
X-Dispatcher-Server
X-Request-URI
X-ND-Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-WADP-Cache
X-We-Are-Hiring
X-Sucuri-Cache
X-Skip-Cache
X-Origin-Expires
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Origin-Date
X-Method
X-JWT-State
X-Key
X-Logging-Id
X-Planisys-CDN-TTL
X-Policy
X-Server-IP
X-Sigma
X-Sigma-Backend
X-Scheme
X-Rocket-Build-Number
X-Release
X-Reqid
X-Auto-Login
X-Is-Gdpr
Section-Io-Cache
Cache-Host
IBM-Web2-Location
Fastly-Soc-X-Request-Id
Magicmarker
L
Heartbleed
HA-Ipaddr
PFcat
W
Gh-Request-Id
AKAMAI
Ha-Gx-Prefs
Esi-Enabled
Kp-EeAlive
X-Agile-Id
Memcached
Content-Disposition
Pramga
X-Agile-Age
Countrycode
X-Agile
X-Via-CDN
X-Nc
Cache-Provider
True-Client-Country-4JS
X-NodeID
Is-Eu
Platform
Cdnsip
X-MSEdge-Flight
X-Qloud-Router
Cdncip
RNT-Time
X-Urbn-Context-Path
X-Urbn-Site-Id
X-MSEdge-Features
Locale
X-ServiceProvider
RNT-Machine
Adler-Geo
X-Old-Content-Length
SD-X-WS
X-LI-UUID
X-AK-Request-ID
X-Li-Fabric
X-Compress-Hint
X-Owner
X-Platform-Server
X-SD-PageType
X-Variation
X-S-Maxage
X-Request-Start
X-Cache-URL
X-WebServer
X-Epic-Correlation-Id
X-Li-Pop
X-Cache-FS-Status
X-Distributor
X-App-Name
X-Cache-Id
X-Amz-Meta-Cache-Control
X-NC
X-Cdn-Forward
X-Trafficlayer-App-Version
X-Internal-Host
X-LI-Proto
V-Age
Server-ID
Powered-By-ChinaCache
X-B3-Spanid
X-Servername
Hostname
X-UnsetCookies
X-GRACE
Environment
X-Served-From
X-Be
GEO-REGION-INFO
Locid
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
X-Lb-Id
X-HTML-Minification-Powered-By
X-Nginx-Cache
CF-IPCountry
X-Sucuri-Id
X-Refresh
X-Req
X-FPC
FNAC-ModuleRouting
X-Gamma-Serve
X-VHOST
X-Newrelic-Synthetics
X-Developer
A
X-Ratelimit-Remaining
X-Zone
ProcessTime
X-Microcachable
X-Device-Os
X-Render-Time
Geo-Info
X-Cdn-Origin
X-Servedbyhost
X-Sn-Servicetimems
Tcn
X-Edge-O15-RID
X-Webkit-CSP
X-IPS-LoggedIn
X-Sucuri-ID
X-Tb-Optimization-Total-Bytes-Saved
X-Node-Id
X-NU-AKA-ACS-Version
X-Pjax-Url
X-MP-GENERATED-AT
X-GeoIP-Country-Code
Memory
X-AWS-Id
Request-Time
X-Pf-Uncompressing
X-LJ-Flow-ID
X-VWS-Id
X-FORWARDED-FOR
X-Mode
X-COUNTRY
Gannett-Cam-Experience-Id
X-Correlation-ID
X-DC
X-VCL-Version
TTL
Geoip-Latitude
Cf-Ipcountry
Resin-Trace
Amp-Access-Control-Allow-Source-Origin
GeoIp-Country-Code
CF-Cached-On
XServer
X-CSRF-Token
X-Pod
PICS-Label
Pics-Label
Group
X-Bc
X-Proxied
X-Routing-Service
X-Zipkin-Id
Geoip-City
X-ECACHE
X-ElasticPress-Search
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-ZONE
M-TraceId
GeoIP-Latitude
X-Via-Edge
MIME-Version
X-Via-SSL
Cache-Cookie-Set-Lfrom
X-Instart-Info
GeoIP-City
GeoIP-Country-Code
X-Unique-ID
X-Ratelimit-Limit
Host-ID
HostName
X-Backend-Host
Cdn
X-Var-Ttl
X-Backend-Url
X-Vcl-Version
X-CLOUD-TRACE-CONTEXT
X-APP
Ttl
X-Cdn-Request-ID
X-Request-Time
Backend-Name
X-Swift-Error
X-NGENIX-Cache
Ohc-Cache-HIT
X-BC
Ohc-File-Size
Pagetype
X-Check-Cacheable
N-Cache
X-PF-Uncompressing
REQUESTUUID
Lfy
X-TH-Server
HitType
Fly-Request-Id
Cache-Prefix
X-PJAX-URL
URI
X-Fstrz
X-NGINX-Cache
Fly-Cache
X-UPSTREAM-Address
On-Server
User-Agent
X-Via-Ucdn
X-ServedByHost
X-Worker
X-Fastly-Country-Code
Powered-By
X-HostName
SRV
X-Tt-Trace-Tag
X-Cache-Miss-From
Media-Length
X-Sedo-Request-Id
X-Varnish-Ttl
Pragrma
CDN
X-WR-MODIFICATION
X-Cache-Tag
X-LiteSpeed-Cache-Control
X-Aicache-OS
X-Server-W
Who
X-HS-Status
X-Fetched-On
X-GEO
X-WA
AR-SID
X-Tt-Trace-Host
X-BE
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Wa
Fastly-SIE
Fastly-SWR
X-Upstream-CT
X-Upstream-HT
X-Hp-Ccpa-Warning
FSS-Proxy
UCS
FSS-Cache
X-Varnish-Cacheable
X-LB-ID
X-Varnish-URL
X-Dynatrace-Js-Agent
X-LAGOON
X-Fpc
X-Cf-Powered-By
Debug
X-Store
Processtime
X-Fastly-Backend-Reqs
X-TT-LOGID
X-Cache-Tags
X-ServerName
X-NYM-Debug-Backend
X-Ftr-Cache-Host
X-Ua
X-GDPR
Country-Code
Server-Id
Server-Cache-Control
X-Protected-By
Server-Surrogate-Control
X-Varnish-Beresp-TTL
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Akamai-ERPolicy
X-Akamai-ERRuleID
DataCenter
X-BACKEND-TTL
X-SB
Thinkindot-Cache-Type
X-Dw-Trace-Id
WP-Super-Cache
Fastly-Backend-Name
Location
Xet-Cookie
X-VC
X-Nananana
X-Gen-Id
X-Amzn-Remapped-Connection
X-Li-Proto
X-Fastly-Cache-Hits
X-Request-Url
Product
X-SN
X-Edge-Server
SID
XxX-Cache-Status
Cneonction
Cdn-Request-Time
Cdn-Host
NnCoection
Application
X-Amzn-Remapped-Date