Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Kinja-Server-Push
X-Turbo-Charged-By
X-Via
X-AH-Environment
X-Ua-Compatible
X-Cache-Group
X-Age
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Rq
X-Server-Id
X-WebKit-CSP
Report-To
EagleEye-TraceId
X-Ac
X-Response-Time
X-OneAgent-JS-Injection
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
X-Node
Content-Location
X-Ws-Request-Id
X-Origin-Cache
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Cloud-Trace-Context
X-Readtime
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
X-Cdn
Allow
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
Surrogate-Control
X-DynaTrace
X-Country
Rating
X-FTR-Request-ID
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Akam-SW-Version
X-Country-Code
X-Goog-Hash
Pinterest-Generated-By
X-Instart-Request-ID
X-PC
X-Vname
X-Ruxit-JS-Agent
X-TtlSet
Edge-Control
X-Varnish-TTL
X-MS-InvokeApp
X-Mod-Pagespeed
X-Url
Verso
SPRequestGuid
X-Powered-By-Plesk
X-B3-TraceId
X-D2id
X-ESI
X-Trace
X-SharePointHealthScore
X-VARITI-CCR
Pagespeed
X-Sol
X-Middleton-Response
Response
X-Middleton-Display
Display
Service-Worker-Allowed
X-GitHub-Request-Id
X-Server-Name
X-Kinja-Server
X-Exp-Id
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
RTSS
Content-MD5
X-TTL
Accept-Ch
SPIisLatency
SPRequestDuration
X-Navigation-Version
X-Powered-CMS
X-Vcache
X-Abt-Application-Version
X-Debug
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
X-Vcap-Request-Id
Charset
X-Upstream
Public-Key-Pins
X-Cached
MS-Author-Via
X-CST
DynaTrace
X-NF-Request-ID
X-Amz-Rid
X-Version
Realpath
Edge-Cache-Tag
X-Px
MicrosoftSharePointTeamServices
Accept-Ch-Lifetime
X-Shard
TCN
Arr-Disable-Session-Affinity
X-Ezoic-Cdn
X-Server-ID
X-Trafficlayer-App-Name
X-Pinterest-Rid
Pinterest-Version
Access-Control-Request-Method
X-Trafficlayer-App-Scope
X-DynaTrace-JS-Agent
X-Shield-Request-Id
X-MSEdge-Ref
X-Ser
Fastly-Restarts
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
X-Fastly-Request-ID
X-TEC-API-ORIGIN
X-Accel-Expires
X-TEC-API-VERSION
X-TEC-API-ROOT
X-DIS-Request-ID
X-XRDS-Location
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Recruiting
Front-End-Https
X-Client-IP
X-Amz-Meta-S3cmd-Attrs
X-Id
Nginx-Cache
X-Goog-Storage-Class
X-T
X-Element-Page-Cache
X-Varnish-Age
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
Mrf-Cache-Status
X-FTR-Backend
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Expires
X-Amzn-Trace-Id
Cache-Tag
X-Dw-Request-Base-Id
X-Webapp-Samesite-None-Activated-N
Fastcgi-Cache
X-Fastcgi-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
X-HS-Cache-Config
X-Content-Digest
NR-ENABLED
Powered
X-Hits
X-Ttl
X-Correlation-Id
X-Kinsta-Cache
Accept-CH
Alternate-Protocol
X-FTR-Cache-Host
X-Hp-Webp
Accept-CH-Lifetime
X-Aspnetmvc-Version
X-Webkit-Csp
ServerID
X-Request-Received
X-Request-Processing-Time
X-RateLimit-Remaining
X-N
Server-Name
X-Cache-Hit
X-Grace
X-Request-Handler-Origin-Region
X-HS-Combine-CSS
X-Microsite
X-Content-Type
PB-RID
X-Node-Name
PB-PID
X-Mobile-Rewrite
Arc-Version
X-User-Agent
X-Rid
TP-L2-Cache
TP-Cache
Healthy
X-Revision
Backend-Timing
X-Zen-Fury
X-Analytics
X-Akamai-Edgescape
AMP-Access-Control-Allow-Source-Origin
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Logged-In
X-Pad
Server-Node
X-LB-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Activity-Id
X-Az
X-AppVersion
Cache-Status
X-Mobile-URL
X-Oneagent-Js-Injection
X-Cached-By
X-NWS-LOG-UUID
X-Varnish-Grace
X-IPLB-Instance
X-B3-Sampled
Retry-After
Refresh
X-Content-Options
X-Type
AR-CACHE
X-Ruxit-Js-Agent
AR-PoweredBy
AR-ATIME
X-F-Cache
Upgrade-Insecure-Requests
X-Geo-Country
X-GUploader-UploadID
X-FastCGI-Cache
Paypal-Debug-Id
X-Varnish-Backend
X-Srv
X-App-Environment
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-FB-Debug
Source
X-Instance
X-Page-Id
X-Cluster
DC
X-Debug-Info
X-PHP-Backend
Host
X-Framework
X-Request-Guid
Access-Control-Allow-Method
X-Jobs
Accept-Charset
Actual-Object-TTL
X-B
X-WebKit-CSP-Report-Only
X-AOL-HN
FilterID
X-Cache-Age
Ar-Sid
X-Cache-Key
X-ATG-Version
X-Erf-Bev-Bev-Is-Generated
X-Cache-2
X-Erf-Bev-Bev
Cache
X-Via-JSL
X-Seen-By
X-TT
Fastcgi-Useragent
MS-CV
X-Content-Powered-By
X-Git-Hash
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-TTL
X-Whom
X-PressLabs-Stats
X-Amz-Replication-Status
X-UA
X-Signature
X-Cache-Control
Host-Header
X-B-Cache
AR-Request-ID
X-Wix-Request-Id
X-Daa-Tunnel
Surrogate-Key
X-Host-Name
X-TA-CDN-Provider
X-Response-Served-From
NGB
X-Cache-Enabled
X-RequestSource
Cache-Tv-Group
X-GeoIP
X-Mobile
WPE-Backend
X-Origin-Server
X-EdgeConnect-Cache-Status
Frame-Options
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Payment
Eomportal-Instance
Cleartype
X-Drupal-Cache-Tags
Filters
X-FW-Hash
X-Handled-By
X-FW-Type
X-Hyper-Cache
X-Region
X-TX-ID
X-FW-Server
X-FW-Static
X-FW-Serve
X-Cache-Action
X-Cacheable-TTL
X-Litespeed-Cache
Xserver
X-Cache-NE
X-Adobe-Loc
Webserver
X-SERVER
X-Adobe-Content
X-Cache-Operation
X-Cache-Rule
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Esi
From-Origin
X-Hostname
X-RemovedCookies
X-Akamai-Transformed
X-UA-Device-Type
X-Load-Cache
X-ProcessESI
X-Forwarded-Host
X-ATS-Timestamp
Datacenter
X-NewRelic-App-Data
X-RTag
Ms-Operation-Id
X-Cache-TTL-Remaining
X-Edge-Location
X-Cache-Server
Liferay-Portal
X-App-Server
X-Status
X-XRDS-LOCATION
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-B3-Traceid
X-Contextid
X-Varnish-Hostname
X-Time
X-Varnish-Server
X-Rule
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
Odigeo-Trace-Id
Country
X-ORACLE-APMCS-TAG
X-TT-TIMESTAMP
X-ORACLE-APMCS-REQUEST-ID
Tracecode
X-BCube-Filmed-By
Load-Balancing
X-Path-Route
X-ES-SERVER
X-Upgrade-Enabled
Meta-Geo
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Var
X-Viewer-Country
DSUID
X-Xfnlog-Site
X-Debug-Cache
X-UUID
Webcakes-Region
Mn-Server-Ip
Property-Id
Release
TWC-Device-Class
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-Locale-Group
TWC-Privacy
X-CCM
Webcakes-App-Version
Cache-Tags
TWC-Connection-Speed
X-Cache-Config
TWC-GeoIP-Country
DB-Nickname
X-R9-Blue-Green-Version
X-Rocket-Nginx-Bypass
X-PCL
X-Origin-Hint
X-VCT
X-Pubstack
X-Via-Fastly
X-OCL
X-NWS-UUID-VERIFY
S-Rt
X-Hosted-By
X-Proxy
X-Akamai-Request-ID2
X-FW-Dynamic
X-Akamai-Request-ID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-IP
X-Labrador-Cache-Channel
X-TNCMS
Cache-Name
X-Timing-Wait
Selected-Fe
X-Soup
Server-Info
X-Origin
X-Human
X-Cache-Host
X-From
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-Real-IP
X-Varnish-Cache-Hits
X-Proto
X-Proxy-Build
X-EIG-Tracking-Id
X-Vgn-Hpd-Reason
X-Redis-Cache
X-Loop
X-Web-Node
X-Origin-Response-Time
X-Cache-Time
Fastly-SSL
L5d-Success-Class
NGX
Origin-Edge-Control
S-Cnection
X-Generated
X-Cluster-Name
X-Section
X-Format
X-Content-Age
X-FireWall-Port
X-PERF
X-Rendered-As
X-ServerID
X-Site-Version
Viewport
X-Locale
X-Is-Bot
X-Access
X-Backend-Name
X-ApacheServer
X-Www-Served-By
Origin-Cache-Control
Azure-Version
Decoy-Debug-Key
Azure-SlotName
Azure-SiteName
Version
Azure-RegionName
Decoy-Debug-Status
Azure-InstanceId
Decoy-Debug-TTL
Ec-Rule-Version
X-ProxyCache-Status
X-Time-Microsecs
X-BYPASS-REASON
X-ProxyCache-Key
X-JoinUs
X-VCache
Uber-Trace-Id
X-Varnish-Hits
X-Storage
X-Info
X-Generated-By
X-Guploader-Uploadid
X-Cache-Backend
X-PHP-Host
X-Origin-TTL
X-Origin-CC
X-Accel-Buffering
X-Amzn-Remapped-Content-Length
Rt-Fastcgi-Cache
X-URL
Akamai-GRN
X-Webkit-CSP
X-Presslabs-Stats
Time
X-RateLimit-Limit
X-WA-Info
Cache-Key
X-App-Version
X-Nginx-Cache-Key
GEO-INFO
Cteonnt-Length
X-Geo
X-Tec-Api-Origin
X-SaId
X-Tec-Api-Version
X-Tec-Api-Root
X-No-Session
X-CF-Powered-By
X-L-Path
Cache-Hits
Vix-Hermes-Req-Id
X-Environment-Context
Origin
X-MServer
X-GoCache-CacheStatus
X-Cache-Remote
X-APP-VERSION
X-NCache
Accept-Language
X-FB-TRIP-ID
X-Backend-TTL
X-Tb
X-Trace-Id
X-Unique-Id
X-Hit
Access-Control-Request-Headers
X-SS-Set-Cookie
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Device-Type
X-Tumblr-Pixel-3
X-CS
X-B3-SpanId
Srv
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-ShopId
X-OVcl-Cache
X-CDN-Forward
X-OVcl
User-Cache-Control
X-Cluster-Node
X-CACHE-KEY
ServedBy
X-S
X-Cache-Grace
X-Parent-Response-Time
X-Dc
VivaBuild
Viewtype
Server-Host
Request-Country
Request-EU
Rt-Proxy-Cache
T-Server
X-B-Cookie
X-PAYTM-SRV-ID
X-Application
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-AIR-PT
X-A-Dgt
X-A-Dcw
Rendered-Blocks
X-A
X-A-Ccd
X-A-Dam
X-ARC
Node
X-Date
IsBot
X-D
Content-Script-Type
X-Hl-Ver
X-Destination
Content-Style-Type
Fastcgi-X-Cache-Version
X-G
Cross-Origin-Window-Policy
X-DPWN-IS-SECURE
X-Detected-As
BehaviorPad-Version
AsisCache
Meta-Geo-Continent
X-Connection-Hash
Mobile-Detection-Method
X-External-Request-Id
X-CF-Lambda-Version
Apple-News-Services-Handled
Apple-News-Services-Host
Machine
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
MD5-Digest
X-CF-Lambda-Fn
X-Processor
X-ScT
X-Server-Time
X-Service
X-EC-Lua
X-Ah-Environment
X-S-Cookie
NtCoent-Length
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Version
X-CSRF-TOKEN
X-Transaction
X-VG-WebCache
X-SIPLIST1
X-SRCache-Key
X-Svr
X-VG-WebServer
Mime-Version
X-Session-Fingerprint
Xc-Version
X-Region-Sid
X-Endurance-Cache-Level
OT-Force-Account-Verify
ServerName
X-RCS-CacheZone
X-Dispatcher-Server
We-Hiring
Served-By
X-RateLimit-Limit-Second
X-Block-Status
X-Generated-On
X-NX-Host
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Gen-Mode
Server-Int
X-Cache-Bucket
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Core-Value
Mail-Subject
X-Cms-Context
X-Clara-WADP
Now
X-CUA
X-Cache-Info
X-Debug-Log
RNT-Time
X-Hash
X-Debug-Cookies
RNT-Machine
X-Thinkindot-L3
X-Cache-Debug
X-Dispatch
Proxy-Connection
X-Location
Wxu-Next-Hostname
X-Level-Front-Cache
X-Magnolia-Registration
X-Instart-Isnd
Web-Mar-Node
Wxu-Next-Region
X-Webstats-RespID
X-Ms-Request-Id
X-Ms-Version
X-Matched-Rule
X-Request-URI
X-Source
X-IN-APIGATEWAYSSL
Wxu-Next-Commit
X-IN-APIGATEWAY
X-WADP-Cache
Cache-Host
X-Hnp-Log
X-RateLimit-Remaining-Second
CDCHOST
X-Reboot
X-Uri
X-SRV
X-Via-CDN
X-B3-Parentspanid
X-VC-Cache
X-C
X-VG-TLSProxy
X-We-Are-Hiring
X-Cdn-Srv
X-BBXSRF
X-Via-NSCOPI
X-Azure-Ref-OriginShield
X-Azure-Ref
X-WebServer
X-App-Name
X-Cache-Id
X-Bip
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Cache-URL
X-Backend-State
X-Auto-Login
X-VServer
X-SVT-ORM-VERSION
X-Key
X-JWT-State
X-Scheme
X-S-Maxage
X-Rocket-Build-Number
X-Is-Gdpr
X-Irp-Debug
X-Has-Esi
X-Sigma-Backend
X-Sigma
X-Server-IP
X-Logging-Id
X-Method
X-Planisys-CDN-TTL
X-Policy
X-Agile-Id
X-Qloud-Router
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Reqid
X-Release
X-Origin-Date
X-Origin-Expires
X-GeoIP-City
X-Geo-Header
X-TrackingId
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Core-Mission
X-Compress-Hint
X-Clientip
X-Variation
X-User
X-Up
X-Thanos
X-Swa-Ws
X-Generated-In
X-Sucuri-Cache
X-Generation-Time
X-Skip-Cache
X-FW-Version
X-Fastly-Cache
X-Developers
X-Distil-CS
X-Eu-Site
X-SVT-ORM-RULES
X-CGP
X-Agile-Age
Ha-Gx-Prefs
HA-Ipaddr
Section-Io-Cache
Adler-Geo
X-Upstream-Ht
AKAMAI
Heartbleed
IBM-Web2-Location
Platform
L
X-TIME
Kp-EeAlive
Is-Eu
True-Client-Country-4JS
X-Upstream-Ct
Magicmarker
X-Varnish-Beresp-Grace
Esi-Enabled
Memcached
X-Agile
Fastly-Soc-X-Request-Id
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Content-Disposition
PFcat
Countrycode
W
Gh-Request-Id
Pramga
Cache-Provider
X-Nc
X-ND-Cache
X-Distributor
Cdnsip
Locale
Cdncip
X-NC
X-Li-Fabric
X-Platform-Server
X-Internal-Host
X-Owner
X-Cache-FS-Status
X-Request-Start
X-ServiceProvider
X-AK-Request-ID
X-Amz-Meta-Cache-Control
X-SD-PageType
X-Old-Content-Length
SD-X-WS
X-Epic-Correlation-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
X-NodeID
X-Li-Pop
X-LI-UUID
X-Cdn-Forward
Hostname
Server-ID
X-MSEdge-Features
X-MSEdge-Flight
X-B3-Spanid
X-LI-Proto
X-UnsetCookies
V-Age
X-Servername
Powered-By-ChinaCache
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Trafficlayer-App-Version
X-GRACE
Environment
X-Req
X-Be
Locid
X-Lb-Id
GEO-REGION-INFO
CF-IPCountry
X-Developer
FNAC-ModuleRouting
X-Served-From
A
X-Newrelic-Synthetics
X-Sucuri-Id
X-FPC
X-VHOST
X-Device-Os
X-Cdn-Origin
X-Nginx-Cache
X-Refresh
X-Gamma-Serve
X-HTML-Minification-Powered-By
X-Sn-Servicetimems
X-Zone
ProcessTime
Tcn
X-Node-Id
X-Servedbyhost
Geo-Info
X-Sucuri-ID
X-Microcachable
X-Render-Time
X-Tb-Optimization-Total-Bytes-Saved
X-Ratelimit-Remaining
X-NU-AKA-ACS-Version
X-Pjax-Url
Memory
X-IPS-LoggedIn
Request-Time
X-Pf-Uncompressing
X-AWS-Id
X-GeoIP-Country-Code
X-FORWARDED-FOR
X-LJ-Flow-ID
X-VWS-Id
X-MP-GENERATED-AT
X-Mode
Resin-Trace
X-VCL-Version
X-COUNTRY
Gannett-Cam-Experience-Id
Cf-Ipcountry
X-Edge-O15-RID
X-Correlation-ID
X-DC
Geoip-Latitude
Group
TTL
Amp-Access-Control-Allow-Source-Origin
GeoIp-Country-Code
XServer
CF-Cached-On
X-CSRF-Token
Geoip-City
X-ECACHE
X-Instart-Info
X-Pod
Pics-Label
PICS-Label
X-Bc
X-ElasticPress-Search
MIME-Version
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-HOST
GeoIP-Latitude
GeoIP-Country-Code
X-Var-Ttl
X-Via-SSL
Cdn
X-Backend-Url
X-Backend-Host
GeoIP-City
X-Via-Edge
X-Unique-ID
X-ZONE
Cache-Cookie-Set-Idcheck
Host-ID
Cache-Cookie-Set-From
X-NGENIX-Cache
M-TraceId
X-Vcl-Version
Backend-Name
Ttl
Cache-Cookie-Set-Lfrom
HostName
X-CLOUD-TRACE-CONTEXT
Lfy
Pagetype
X-Check-Cacheable
X-APP
X-Ratelimit-Limit
N-Cache
REQUESTUUID
Ohc-File-Size
Ohc-Cache-HIT
Fly-Request-Id
Cache-Prefix
X-Fstrz
HitType
X-Cdn-Request-ID
Fly-Cache
X-BC
X-PF-Uncompressing
X-Swift-Error
X-NGINX-Cache
X-Via-Ucdn
X-TH-Server
X-PJAX-URL
X-Request-Time
X-Worker
X-Dynatrace-Js-Agent
SRV
X-Sedo-Request-Id
X-Fastly-Country-Code
URI
X-Cache-Tag
On-Server
X-Cache-Miss-From
X-ServedByHost
Pragrma
X-GEO
User-Agent
X-LiteSpeed-Cache-Control
X-HostName
X-Varnish-Ttl
X-Fetched-On
X-UPSTREAM-Address
X-Aicache-OS
CDN
X-WR-MODIFICATION
X-HS-Status
X-Tt-Trace-Tag
X-Server-W
Powered-By
X-Rebelmouse-Surrogate-Control
Who
X-WA
Media-Length
X-Rebelmouse-Cache-Control
X-Wa
X-Upstream-CT
X-Upstream-HT
Fastly-SIE
Fastly-SWR
AR-SID
X-BE
X-Tt-Trace-Host
X-Varnish-Cacheable
X-Fpc
FSS-Cache
X-Varnish-URL
X-TT-LOGID
FSS-Proxy
X-LB-ID
X-LAGOON
DataCenter
X-Cf-Powered-By
X-Hp-Ccpa-Warning
X-Fastly-Backend-Reqs
X-GDPR
Debug
Server-Id
UCS
X-ServerName
X-Ftr-Cache-Host
Filterid
X-Ua
X-Store
X-Cache-Tags
X-Akamai-ERPolicy
X-Edge-Server
Cdn-Request-Time
X-Varnish-Beresp-TTL
Cdn-Host
X-SN
X-Akamai-ERRuleID
X-Protected-By
Processtime
X-NYM-Debug-Backend
XxX-Cache-Status
NnCoection
Xet-Cookie
Country-Code
X-SB
X-Nananana
WP-Super-Cache
Cneonction
X-VC
X-RPS
X-DI
Is-Session-Tracking
Get-Access-Time
X-DSS
X-Flog
X-DW
X-DB
LB
X-ABtesting
X-Action
Warning
SS
Requestid
X-Hello
X-LiteSpeed-Tag
SID
X-Li-Proto
X-Gen-Id
X-Fastly-Cache-Hits
Product
Application
Thinkindot-Cache-Type
X-Dw-Trace-Id
X-RPM
X-RateLimit-Reset
X-RSL
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Request-Url