Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
X-Powered-By
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
CF-Ray
X-Turbo-Charged-By
X-AH-Environment
X-Ua-Compatible
X-Age
X-Cache-Group
X-Via
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Hacker
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Feature-Policy
Server-Timing
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Server-Id
X-Device
X-Rq
Report-To
X-Ws-Request-Id
EagleEye-TraceId
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
Request-Id
X-Cnection
X-Backend-Server
Content-Location
X-Origin-Cache
X-DataDome
X-Node
NEL
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Readtime
X-Cloud-Trace-Context
X-Vhost
P3p
X-HW
X-Dispatcher
X-ORACLE-DMS-ECID
X-Application-Context
X-ORACLE-DMS-RID
X-Cdn
Allow
Surrogate-Control
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
Rating
X-Country
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
Edge-Control
X-Instart-Request-ID
X-PC
X-TtlSet
X-Vname
Pinterest-Generated-By
X-B3-TraceId
X-Mod-Pagespeed
X-Url
Accept-Ch
X-Ruxit-JS-Agent
X-MS-InvokeApp
Verso
X-TTL
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-ESI
X-Trace
X-Server-Name
X-VARITI-CCR
X-GitHub-Request-Id
Service-Worker-Allowed
Content-MD5
X-SharePointHealthScore
Pagespeed
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
Response
X-Middleton-Response
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Sol
X-Cdn-Fetch
X-Use-Magma
RTSS
X-Middleton-Display
Display
Accept-Ch-Lifetime
X-Navigation-Version
X-Vcache
X-Abt-Application-Version
X-Powered-CMS
SPRequestDuration
SPIisLatency
X-Debug
X-Forwarded-Proto
X-Upstream
X-Cached
X-Amz-Server-Side-Encryption
Public-Key-Pins
X-Vcap-Request-Id
Charset
X-Version
X-CST
MS-Author-Via
DynaTrace
X-NF-Request-ID
X-Amz-Rid
Edge-Cache-Tag
Realpath
X-Px
X-DynaTrace-JS-Agent
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-Shard
TCN
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Shield-Request-Id
X-TEC-API-VERSION
X-Ezoic-Cdn
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
Access-Control-Request-Method
X-Accel-Expires
Pinterest-Version
X-Pinterest-Rid
S
X-Ser
X-DIS-Request-ID
Fastly-Restarts
X-XRDS-Location
X-Client-IP
X-Webapp-Samesite-None-Activated-N
Front-End-Https
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Amz-Meta-S3cmd-Attrs
X-T
X-Recruiting
X-Id
X-Varnish-Age
X-Element-Page-Cache
Cache-Tag
X-Goog-Storage-Class
X-Amzn-Trace-Id
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-Server-ID
X-Dw-Request-Base-Id
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-FTR-Expires
X-Fastcgi-Cache
Nginx-Cache
Fastcgi-Cache
X-Content-Digest
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
X-Hits
NR-ENABLED
Powered
X-Hp-Webp
Alternate-Protocol
X-Correlation-Id
X-Kinsta-Cache
X-RateLimit-Remaining
X-Aspnetmvc-Version
X-Webkit-Csp
X-Content-Type
X-FTR-Cache-Host
X-Request-Processing-Time
X-Request-Received
Server-Name
X-HS-Combine-CSS
X-Request-Handler-Origin-Region
ServerID
X-Microsite
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
TP-L2-Cache
TP-Cache
X-N
X-Cache-Hit
X-Rid
Healthy
X-Akamai-Edgescape
X-Pad
X-Grace
X-User-Agent
X-Forwarded-For
X-Revision
X-Ruxit-Js-Agent
Backend-Timing
X-Analytics
X-Content-Security-Policy-Report-Only
X-Node-Name
X-Logged-In
X-Mobile-URL
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Zen-Fury
AMP-Access-Control-Allow-Source-Origin
X-LB-Cache
X-Varnish-Grace
X-Ttl
Server-Node
X-Oneagent-Js-Injection
X-Cached-By
X-Az
X-Activity-Id
X-AppVersion
Cache-Status
X-B3-Sampled
X-Content-Options
X-F-Cache
Refresh
X-Geo-Country
X-GUploader-UploadID
Upgrade-Insecure-Requests
X-NWS-LOG-UUID
X-Type
X-IPLB-Instance
X-Varnish-Backend
X-Cache-2
FilterID
Retry-After
X-Tumblr-Pixel
X-App-Environment
X-Tumblr-Pixel-0
X-Tumblr-User
X-Srv
Host
X-FB-Debug
X-Jobs
Paypal-Debug-Id
X-AOL-HN
X-Debug-Info
Accept-Charset
X-B
Actual-Object-TTL
DC
X-Cluster
X-Framework
X-Page-Id
Accept-CH-Lifetime
X-Request-Guid
X-Instance
X-PHP-Backend
X-WebKit-CSP-Report-Only
Source
Access-Control-Allow-Method
Accept-CH
X-TT
X-ATG-Version
AR-CACHE
AR-ATIME
AR-PoweredBy
Fastcgi-Useragent
Cache
X-PressLabs-Stats
X-Cache-Age
X-Git-Hash
X-FastCGI-Cache
X-Seen-By
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
MS-CV
X-Content-Powered-By
X-B-Cache
X-Signature
Host-Header
VIX-Pulpo-Upstream-Status
X-Amz-Replication-Status
X-Via-JSL
VIX-Pulpo-Node
Ar-Sid
Xserver
X-Cache-TTL
X-Cache-Key
X-TA-CDN-Provider
X-Origin-Server
X-ATS-Timestamp
X-Cache-Enabled
X-Whom
X-Cache-Control
X-Response-Served-From
X-Mobile
X-Wix-Request-Id
NGB
X-Daa-Tunnel
X-UA
X-RequestSource
Surrogate-Key
X-GeoIP
Cache-Tv-Group
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-FW-Serve
X-Cacheable-TTL
X-FW-Static
X-FW-Type
X-Cache-NE
X-FW-Server
Filters
Cleartype
Frame-Options
Datacenter
Eomportal-Instance
Payment
WPE-Backend
X-FW-Hash
X-Hyper-Cache
X-Adobe-Loc
X-Litespeed-Cache
X-Host-Name
X-Adobe-Content
X-Handled-By
X-Region
X-TX-ID
X-SERVER
X-Cache-Action
Webserver
X-Drupal-Cache-Tags
X-Esi
X-Load-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-EdgeConnect-Cache-Status
X-Hostname
X-Akamai-Transformed
X-Cache-Operation
From-Origin
X-Cache-Rule
X-Edge-Location
AR-Request-ID
X-Cache-TTL-Remaining
X-RemovedCookies
Liferay-Portal
X-ProcessESI
X-NewRelic-App-Data
X-UA-Device-Type
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-RTag
Ms-Operation-Id
X-Varnish-Hostname
X-Cache-Server
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Varnish-Server
X-Forwarded-Host
X-Rule
X-XRDS-LOCATION
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Status
Country
X-Upgrade-Enabled
X-Contextid
Odigeo-Trace-Id
X-UUID
X-App-Server
Load-Balancing
X-RN-RSRV
X-Path-Route
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
Meta-Geo
X-BCube-Filmed-By
DSUID
X-From
TWC-Privacy
X-CCM
X-EIG-Tracking-Id
Webcakes-App-Version
Webcakes-Region
Mn-Server-Ip
Release
Webcakes-App-Name
TWC-Connection-Speed
X-Origin-Hint
X-Debug-Cache
TWC-GeoIP-LatLong
X-TT-TIMESTAMP
X-VCT
X-Rocket-Nginx-Bypass
TWC-GeoIP-Country
TWC-Locale-Group
DB-Nickname
TWC-Device-Class
X-R9-Blue-Green-Version
Property-Id
X-Cache-Time
X-Cache-Host
X-Cache-Config
X-BYPASS-REASON
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-Hosted-By
X-FW-Dynamic
X-FireWall-Port
X-Akamai-Request-ID
Uber-Trace-Id
Fastly-SSL
Cache-Tags
Cache-Name
L5d-Success-Class
Origin-Cache-Control
Selected-Fe
S-Rt
Origin-Edge-Control
X-Human
X-IP
X-Soup
X-ServerID
X-Real-IP
X-Timing-Wait
X-TNCMS
X-Viewer-Country
X-Via-Fastly
X-Vgn-Hpd-Reason
X-Pubstack
X-ProxyCache-Key
X-Origin
X-OCL
X-Loop
X-Origin-Response-Time
X-PCL
X-Proxy-Build
X-Proxy
X-Proto
Azure-Version
X-ProxyCache-Status
X-Redis-Cache
Azure-SlotName
Azure-InstanceId
X-Accel-Buffering
Azure-RegionName
Azure-SiteName
X-Varnish-Hits
X-Cluster-Name
X-Rendered-As
Version
X-Www-Served-By
X-Backend-Name
Viewport
X-Akamai-Request-ID2
X-Access
X-Xfnlog-Site
X-JoinUs
X-Content-Age
X-Section
X-Is-Bot
Ec-Rule-Version
X-Locale
X-Generated
X-Site-Version
X-Format
X-Labrador-Cache-Channel
Decoy-Debug-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
Decoy-Debug-TTL
Decoy-Debug-Key
X-Web-Node
NGX
X-Generated-By
X-Cache-Backend
Server-Info
X-Varnish-Cache-Hits
X-PHP-Host
S-Cnection
X-Time-Microsecs
X-NWS-UUID-VERIFY
X-SaId
X-Time
X-Amzn-Remapped-Content-Length
X-PERF
X-ApacheServer
X-App-Version
X-Info
X-Storage
Akamai-GRN
X-Origin-TTL
X-Origin-CC
X-URL
Tracecode
X-VCache
X-WA-Info
X-Nginx-Cache-Key
X-CACHE-KEY
Rt-Fastcgi-Cache
X-Geo
Cteonnt-Length
X-MServer
X-No-Session
Time
X-Environment-Context
X-L-Path
X-CF-Powered-By
X-Guploader-Uploadid
X-Cache-Remote
X-RateLimit-Limit
Origin
Access-Control-Request-Headers
X-Tb
Accept-Language
X-FB-TRIP-ID
Cache-Key
GEO-INFO
X-Say-TTL
X-Say-Cacheable
X-Presslabs-Stats
X-EC-Lua
X-SayCDN-TTL
X-RCS-CacheZone
X-B3-SpanId
X-GoCache-CacheStatus
X-Unique-Id
X-NCache
X-Backend-TTL
X-Shopify-Stage
Vix-Hermes-Req-Id
X-Sorting-Hat-ShopId
X-Hit
Mime-Version
X-Shopify-Generated-Cart-Token
X-TIME
Cache-Hits
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-APP-VERSION
X-Source
X-Dc
OT-Force-Account-Verify
X-Trace-Id
X-CDN-Forward
X-Device-Type
X-S
X-Upstream-Ct
X-Tumblr-Pixel-3
X-Upstream-Ht
X-CS
X-Endurance-Cache-Level
Srv
X-Application
X-Aed
X-AIR-PT
Machine
X-Accel-Expires-Debug
AsisCache
X-A
VivaBuild
X-B-Cookie
Server-Host
Content-Style-Type
T-Server
X-ARC
Cross-Origin-Window-Policy
BehaviorPad-Version
IsBot
Fastcgi-X-Cache-Version
Arc-Country
Apple-News-Services-Parsed-Url
Meta-Geo-Continent
X-A-Dgt
Viewtype
X-A-Dcw
Mobile-Detection-Method
Rendered-Blocks
X-A-Dam
Node
X-A-Ccd
X-Magnolia-Registration
Request-Country
User-Cache-Control
Apple-News-Services-Host
Apple-News-Services-Handled
Request-EU
Rt-Proxy-Cache
X-A-Wwc
MD5-Digest
Apple-News-Services-Request-Url
X-DPWN-IS-SECURE
X-Region-Sid
Content-Script-Type
X-VG-WebServer
X-VG-WebCache
X-Request-UUID
X-Svr
X-Vtex-Processado-Em
X-CSRF-TOKEN
X-Rewrite-Enabled
X-Vdms-Version
X-CF-Lambda-Fn
X-PAYTM-SRV-ID
X-Trv-Group
X-Transaction
X-ND-Cache
X-Twitter-Response-Tags
X-OVcl
X-Parent-Response-Time
X-Processor
X-OVcl-Cache
X-Hl-Ver
X-Rojux
X-D
X-Ah-Environment
X-Date
X-Server-Time
X-Service
X-Session-Fingerprint
X-CF-Lambda-Version
X-Connection-Hash
X-S-Cookie
X-Destination
X-ScT
X-SRCache-Key
X-Vtex-Remote-Cache
X-G
X-External-Request-Id
X-Detected-As
X-SIPLIST1
Xc-Version
ServerName
Now
X-Cluster-Node
ServedBy
X-SS-Set-Cookie
X-Matched-Rule
X-Thinkindot-L3
X-Reboot
Thinkindot-CacheControl
X-Generated-On
X-Webstats-RespID
X-Hash
Wxu-Next-Region
X-Dispatcher-Server
X-Dispatch
X-Cache-Bucket
X-Core-Value
X-CUA
Wxu-Next-Hostname
Wxu-Next-Commit
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Level-Front-Cache
Served-By
Server-Int
Thinkindot-CacheControl-Type
X-IN-APIGATEWAY
X-Via-NSCOPI
X-Nc
X-Location
Thinkindot-Control
X-Tec-Api-Origin
X-Tec-Api-Root
Mail-Subject
We-Hiring
X-Tec-Api-Version
NtCoent-Length
X-SRV
Proxy-Connection
X-Gen-Mode
X-Generation-Time
X-Geo-Header
X-FW-Version
X-Fastly-Cache
X-Epic-Correlation-Id
X-LI-UUID
X-Eu-Site
X-GeoIP-City
X-Li-Pop
X-Irp-Debug
X-Key
X-Is-Gdpr
X-Distributor
X-Li-Fabric
X-Has-Esi
X-Hnp-Log
X-JWT-State
X-Debug-Log
X-Cache-Info
X-Cache-URL
X-Cdn-Srv
X-CGP
X-Cache-FS-Status
X-Cache-Debug
X-BBXSRF
X-Bip
X-Block-Status
X-C
X-Clara-WADP
X-Clientip
X-Debug-Cache-Store
X-Debug-Cookies
X-Logging-Id
X-Developers
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Cms-Context
X-Compress-Hint
X-Core-Mission
X-Distil-CS
X-Ms-Request-Id
X-TrackingId
Powered-By-ChinaCache
X-Up
X-Uri
X-Thanos
X-SVT-ORM-VERSION
X-Sigma-Backend
X-Skip-Cache
X-Sucuri-Cache
X-SVT-ORM-RULES
X-User
X-Variation
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-WebServer
X-We-Are-Hiring
X-VC-Cache
X-VG-TLSProxy
X-VServer
X-WADP-Cache
X-Sigma
X-Server-IP
X-Owner
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Origin-Expires
Content-Disposition
X-Backend-State
X-Ms-Version
X-NX-Host
X-Old-Content-Length
X-Platform-Server
X-Proxy-Cache-Status
X-Rocket-Build-Number
X-S-Maxage
X-Scheme
X-SD-PageType
X-Request-URI
X-Request-Start
X-Proxy-Upstream
X-Qloud-Router
X-Release
X-Reqid
X-Method
X-Origin-Date
Web-Mar-Node
Heartbleed
W
IBM-Web2-Location
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
CDCHOST
Pramga
Fastly-Soc-X-Request-Id
Gh-Request-Id
Cache-Host
L
PFcat
SD-X-WS
RNT-Time
RNT-Machine
Platform
Section-Io-Cache
Adler-Geo
Magicmarker
AKAMAI
Server-ID
Memcached
Countrycode
Esi-Enabled
X-Auto-Login
X-Azure-Ref
X-App-Name
X-Agile-Age
X-Agile-Id
X-Amz-Meta-Cache-Control
X-Azure-Ref-OriginShield
X-Agile
X-B3-Parentspanid
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Internal-Host
X-LI-Proto
Kp-EeAlive
X-Generated-In
X-Policy
X-Trafficlayer-App-Version
X-Swa-Ws
X-Cache-Id
Environment
X-Cache-Grace
X-Cdn-Forward
Cache-Provider
X-Urbn-Context-Path
X-Req
X-Served-From
X-MSEdge-Flight
X-MSEdge-Features
X-Urbn-Site-Id
Locale
Cdnsip
Cdncip
X-ServiceProvider
X-NodeID
Locid
X-AK-Request-ID
V-Age
True-Client-Country-4JS
X-HTML-Minification-Powered-By
X-Via-CDN
X-Servername
X-B3-Traceid
X-Gamma-Serve
X-Newrelic-Synthetics
FNAC-ModuleRouting
X-Sucuri-Id
X-IPS-LoggedIn
X-GRACE
X-Be
X-NC
GEO-REGION-INFO
X-CLOUD-TRACE-CONTEXT
X-Lb-Id
X-B3-Spanid
X-Nginx-Cache
X-Render-Time
Geo-Info
X-Zone
X-Refresh
CF-IPCountry
ProcessTime
X-NU-AKA-ACS-Version
X-Mode
X-Tb-Optimization-Total-Bytes-Saved
X-UnsetCookies
X-MP-GENERATED-AT
Hostname
X-VHOST
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
X-FPC
X-Edge-O15-RID
Tcn
X-GeoIP-Country-Code
X-Correlation-ID
A
X-Pjax-Url
X-Developer
X-Microcachable
X-Servedbyhost
X-Sucuri-ID
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-VWS-Id
X-AWS-Id
X-Cdn-Origin
X-Device-Os
X-Sn-Servicetimems
X-LJ-Flow-ID
X-FORWARDED-FOR
X-Node-Id
Gannett-Cam-Experience-Id
TTL
X-COUNTRY
Memory
X-Pf-Uncompressing
X-Bc
Cf-Ipcountry
Cache-Cookie-Set-Idcheck
X-DC
Pics-Label
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Resin-Trace
Amp-Access-Control-Allow-Source-Origin
Request-Time
X-Unique-ID
X-CSRF-Token
CF-Cached-On
X-Vcl-Version
GeoIp-Country-Code
X-Request-Time
Geoip-Latitude
X-Pod
GeoIP-Latitude
GeoIP-Country-Code
X-Ratelimit-Remaining
HostName
PICS-Label
GeoIP-City
M-TraceId
X-VCL-Version
Cdn
X-Cdn-Request-ID
X-Via-Edge
X-Via-SSL
X-Ratelimit-Limit
X-NODE
X-TH-Server
X-ZONE
Group
Host-ID
X-ECACHE
Ttl
X-ElasticPress-Search
X-Instart-Info
X-PF-Uncompressing
Geoip-City
X-Swift-Error
X-APP
X-NGINX-Cache
X-Backend-Host
Ohc-File-Size
Ohc-Cache-HIT
Powered-By
MIME-Version
X-Backend-Url
HitType
X-Var-Ttl
X-UPSTREAM-Address
XServer
X-BC
X-Check-Cacheable
URI
Media-Length
X-Fastly-Country-Code
Backend-Name
Pagetype
X-ServedByHost
REQUESTUUID
Lfy
X-HS-Status
N-Cache
User-Agent
On-Server
X-NGENIX-Cache
X-Hp-Ccpa-Warning
SRV
X-HostName
X-Tt-Trace-Host
FSS-Proxy
X-PJAX-URL
X-Aicache-OS
FSS-Cache
Fly-Cache
Fly-Request-Id
X-Tt-Trace-Tag
X-WR-MODIFICATION
Cache-Prefix
X-Fstrz
X-LiteSpeed-Cache-Control
X-Via-Ucdn
Who
X-Worker
X-Cache-Tag
X-WA
X-NYM-Debug-Backend
UCS
X-Ftr-Cache-Host
AR-SID
X-GEO
X-BE
X-Sedo-Request-Id
CDN
Pragrma
X-Cache-Tags
X-Fpc
X-Cache-Miss-From
X-Fetched-On
X-LAGOON
X-Varnish-Authentication
X-Varnish-URL
Processtime
X-LB-ID
Server-Cache-Control
Server-Surrogate-Control
X-Cache-ASPX
X-Server-W
X-Contensis-Viewer-Groups
X-Varnish-Cacheable
X-Cf-Powered-By
X-Rebelmouse-Surrogate-Control
Location
X-Rebelmouse-Cache-Control
X-ServerName
X-Store
Country-Code
X-Wa
Debug
Fastly-SWR
Fastly-SIE
X-Fastly-Backend-Reqs
Fastly-Backend-Name
CACHE
X-Ua
X-Protected-By
X-Response-By
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Varnish-Beresp-TTL
X-Upstream-CT
X-Upstream-HT
X-BACKEND-TTL
Ohc-Response-Time
RequestId
X-Apw-Access-Token
X-Apw-Access-Action
WP-Super-Cache
X-Apw-Access-Object
X-Apw-Hits
Lb
NnCoection
X-Fastly-Cache-Hits
X-Dw-Trace-Id
Application
Thinkindot-Cache-Type
X-Gen-Id
X-Li-Proto
X-Amzn-Remapped-Connection
SID
Product
X-Request-Url
Cneonction
X-SB
X-VC
XxX-Cache-Status
X-Nananana
X-TT-LOGID
X-Amzn-Remapped-Date
Xet-Cookie