Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
CF-Ray
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Kinja-Server-Push
X-Turbo-Charged-By
X-AH-Environment
X-Via
X-Age
X-Cache-Group
X-Pass-Why
X-Backend
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Request-Context
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-Rq
Report-To
X-Server-Id
EagleEye-TraceId
X-Ac
X-Response-Time
X-Host
X-OneAgent-JS-Injection
Request-Id
X-Cnection
X-Backend-Server
X-Node
X-DataDome
X-Ws-Request-Id
Content-Location
X-Origin-Cache
X-Cache-Lookup
X-Cloud-Trace-Context
X-Readtime
NEL
X-Dns-Prefetch-Control
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
P3p
X-Cdn
Allow
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
Surrogate-Control
X-DynaTrace
X-Country
Rating
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
X-FTR-Request-ID
X-Akam-SW-Version
X-Country-Code
X-Goog-Hash
X-Ruxit-JS-Agent
X-Varnish-TTL
X-Instart-Request-ID
Pinterest-Generated-By
X-Vname
X-PC
X-TtlSet
Edge-Control
X-Url
X-MS-InvokeApp
X-Mod-Pagespeed
X-B3-TraceId
Verso
SPRequestGuid
X-Powered-By-Plesk
Accept-Ch
X-ESI
X-D2id
X-Trace
X-SharePointHealthScore
X-VARITI-CCR
Pagespeed
X-Server-Name
X-Sol
X-Middleton-Response
Response
Service-Worker-Allowed
Display
X-Middleton-Display
X-GitHub-Request-Id
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Use-Magma
X-Kinja
X-Kinja-Server
RTSS
Content-MD5
SPRequestDuration
SPIisLatency
X-Server-ID
X-Navigation-Version
X-TTL
X-Powered-CMS
X-Abt-Application-Version
X-Debug
X-Vcache
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
X-Upstream
Charset
X-Vcap-Request-Id
Public-Key-Pins
Accept-Ch-Lifetime
X-Cached
MS-Author-Via
DynaTrace
X-NF-Request-ID
X-CST
X-Version
X-Amz-Rid
Edge-Cache-Tag
Realpath
X-Px
MicrosoftSharePointTeamServices
X-Shard
TCN
Arr-Disable-Session-Affinity
X-Trafficlayer-App-Name
X-Ezoic-Cdn
X-Trafficlayer-App-Scope
X-XRDS-Location
Access-Control-Request-Method
X-DynaTrace-JS-Agent
X-Pinterest-Rid
Pinterest-Version
X-MSEdge-Ref
X-Shield-Request-Id
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Fastly-Restarts
X-Fastly-Request-ID
S
X-Accel-Expires
X-DIS-Request-ID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Front-End-Https
X-Recruiting
X-TEC-API-VERSION
X-Client-IP
X-Amz-Meta-S3cmd-Attrs
X-T
X-Id
X-Goog-Storage-Class
X-Element-Page-Cache
Nginx-Cache
X-Varnish-Age
Mrf-Cache-Status
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-Country-Code-Real
Cache-Tag
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-Webapp-Samesite-None-Activated-N
X-Ttl
Fastcgi-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Frontend
X-Content-Digest
NR-ENABLED
Powered
X-Hits
X-Correlation-Id
X-Kinsta-Cache
Alternate-Protocol
X-Hp-Webp
X-FTR-Cache-Host
X-Fastcgi-Cache
X-Request-Processing-Time
ServerID
X-Request-Received
X-RateLimit-Remaining
X-Content-Type
X-HS-Combine-CSS
X-Aspnetmvc-Version
X-N
Server-Name
X-Request-Handler-Origin-Region
X-Cache-Hit
X-Microsite
X-Webkit-Csp
PB-PID
PB-RID
X-Node-Name
TP-L2-Cache
Arc-Version
X-Mobile-Rewrite
TP-Cache
X-User-Agent
X-Grace
X-Rid
Healthy
X-Revision
X-Analytics
X-Akamai-Edgescape
X-Forwarded-For
Backend-Timing
AMP-Access-Control-Allow-Source-Origin
X-Content-Security-Policy-Report-Only
X-Zen-Fury
Accept-CH
Accept-CH-Lifetime
X-Logged-In
X-FastCGI-Cache
Server-Node
X-LB-Cache
X-Pad
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Mobile-URL
X-AppVersion
X-Az
X-Activity-Id
X-GUploader-UploadID
X-NWS-LOG-UUID
X-Varnish-Grace
X-Cached-By
Cache-Status
X-B3-Sampled
X-Oneagent-Js-Injection
X-IPLB-Instance
X-Content-Options
Retry-After
X-F-Cache
Refresh
X-Type
AR-CACHE
AR-ATIME
Upgrade-Insecure-Requests
AR-PoweredBy
X-Geo-Country
X-Srv
X-Ruxit-Js-Agent
FilterID
X-Varnish-Backend
X-Tumblr-Pixel
X-App-Environment
Paypal-Debug-Id
X-Tumblr-Pixel-0
X-Tumblr-User
Source
X-Instance
X-FB-Debug
X-Framework
Access-Control-Allow-Method
X-Debug-Info
X-Cluster
X-Request-Guid
DC
X-PHP-Backend
X-Jobs
X-Page-Id
Host
Accept-Charset
Actual-Object-TTL
X-WebKit-CSP-Report-Only
X-AOL-HN
X-B
X-Cache-2
X-Litespeed-Cache
X-Cache-Age
Ar-Sid
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-ATG-Version
Cache
X-Seen-By
X-Via-JSL
X-TT
Fastcgi-Useragent
X-Cache-Key
MS-CV
X-Git-Hash
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-TTL
X-PressLabs-Stats
X-Whom
X-Amz-Replication-Status
X-Signature
X-B-Cache
X-UA
X-TA-CDN-Provider
Host-Header
X-Cache-Control
X-Daa-Tunnel
X-Wix-Request-Id
AR-Request-ID
Surrogate-Key
X-Host-Name
X-Response-Served-From
NGB
X-Cache-Enabled
X-Origin-Server
X-RequestSource
X-Mobile
Cache-Tv-Group
X-Tumblr-Pixel-1
WPE-Backend
Frame-Options
X-Tumblr-Pixel-2
X-GeoIP
Payment
Eomportal-Instance
X-Handled-By
X-Hyper-Cache
Filters
X-Region
X-FW-Hash
X-FW-Static
X-TX-ID
X-FW-Type
X-FW-Server
Cleartype
X-FW-Serve
X-Cache-Action
X-Cacheable-TTL
X-Drupal-Cache-Tags
X-EdgeConnect-Cache-Status
X-Adobe-Loc
X-Adobe-Content
X-Cache-NE
X-Kong-Proxy-Latency
X-Cache-Rule
Webserver
X-Kong-Upstream-Latency
X-Cache-Operation
Xserver
X-Hostname
X-NewRelic-App-Data
From-Origin
X-SERVER
X-ATS-Timestamp
Datacenter
X-RemovedCookies
X-ProcessESI
X-UA-Device-Type
X-Akamai-Transformed
X-Load-Cache
X-Esi
X-Forwarded-Host
X-RTag
X-Edge-Location
Ms-Operation-Id
X-Cache-TTL-Remaining
Liferay-Portal
X-Cache-Server
X-Yottaa-Metrics
X-App-Server
X-Time
X-Yottaa-Optimizations
X-Status
X-Contextid
X-Varnish-Server
X-Varnish-Hostname
X-Rule
X-VCache
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
Country
Odigeo-Trace-Id
X-BCube-Filmed-By
X-ORACLE-APMCS-REQUEST-ID
X-Upgrade-Enabled
X-ORACLE-APMCS-TAG
X-TT-TIMESTAMP
Meta-Geo
X-Path-Route
Tracecode
X-RN-RSRV
X-Cache-Var
Load-Balancing
X-Cache-Var-Map
X-UUID
X-ES-SERVER
DSUID
X-Xfnlog-Site
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
X-Cache-Config
X-VCT
X-Pubstack
Release
X-OCL
X-PCL
Mn-Server-Ip
Cache-Tags
TWC-Connection-Speed
X-R9-Blue-Green-Version
TWC-GeoIP-Country
X-Origin-Hint
X-Viewer-Country
TWC-Device-Class
X-Rocket-Nginx-Bypass
X-Debug-Cache
X-CCM
Property-Id
X-Akamai-Request-ID2
X-Akamai-Request-ID
Selected-Fe
X-Cache-Host
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-EIG-Tracking-Id
S-Rt
NGX
Azure-Version
Azure-SlotName
Azure-SiteName
Cache-Name
DB-Nickname
L5d-Success-Class
Fastly-SSL
X-FW-Dynamic
X-Goog-Meta-Goog-Reserved-File-Mtime
X-TNCMS
X-Timing-Wait
X-Soup
X-Vgn-Hpd-Reason
X-Via-Fastly
X-From
X-Web-Node
X-Real-IP
X-Proxy-Build
X-Human
X-Hosted-By
X-IP
X-Loop
X-Proxy
X-Origin-Response-Time
Azure-RegionName
X-Proto
X-Redis-Cache
X-NWS-UUID-VERIFY
Azure-InstanceId
X-Cache-Time
X-Content-Age
Server-Info
X-Backend-Name
Viewport
Origin-Edge-Control
S-Cnection
X-FireWall-Port
X-Access
X-Generated
X-ServerID
X-Site-Version
X-Varnish-Cache-Hits
X-Www-Served-By
X-Section
X-Origin
Origin-Cache-Control
X-Labrador-Cache-Channel
X-Locale
X-Format
Version
Ec-Rule-Version
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Rendered-As
X-PERF
X-Time-Microsecs
X-ApacheServer
X-JoinUs
X-Is-Bot
X-Cluster-Name
X-ProxyCache-Status
Uber-Trace-Id
X-BYPASS-REASON
X-ProxyCache-Key
X-XRDS-LOCATION
X-Varnish-Hits
X-Storage
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Info
X-Accel-Buffering
X-Cache-Backend
X-Generated-By
X-B3-Traceid
X-Origin-TTL
X-Origin-CC
X-PHP-Host
X-Amzn-Remapped-Content-Length
Rt-Fastcgi-Cache
Akamai-GRN
X-App-Version
X-URL
Time
X-WA-Info
X-RateLimit-Limit
Cache-Key
X-CF-Powered-By
X-Nginx-Cache-Key
Cteonnt-Length
X-SaId
X-Geo
X-Presslabs-Stats
X-No-Session
X-MServer
X-L-Path
GEO-INFO
Origin
X-Environment-Context
X-Cache-Remote
X-Guploader-Uploadid
Accept-Language
X-GoCache-CacheStatus
Cache-Hits
Vix-Hermes-Req-Id
X-NCache
X-Tb
X-FB-TRIP-ID
Access-Control-Request-Headers
X-Hit
X-Trace-Id
X-SayCDN-TTL
X-Say-Cacheable
Srv
X-Backend-TTL
X-SS-Set-Cookie
X-Say-TTL
X-APP-VERSION
X-Unique-Id
X-CACHE-KEY
X-B3-SpanId
X-Device-Type
X-CS
X-CDN-Forward
X-Tumblr-Pixel-3
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-ShopId
X-OVcl
X-CSRF-TOKEN
X-OVcl-Cache
X-Cluster-Node
User-Cache-Control
X-Parent-Response-Time
X-S
NtCoent-Length
X-EC-Lua
ServedBy
X-A-Wwc
X-Rojux
X-RCS-CacheZone
MD5-Digest
X-Accel-Expires-Debug
X-A-Dgt
X-Request-UUID
X-ARC
X-Application
X-B-Cookie
Cross-Origin-Window-Policy
Content-Script-Type
X-AIR-PT
Fastcgi-X-Cache-Version
X-A-Dcw
Machine
X-Aed
IsBot
X-Transaction
Node
Viewtype
VivaBuild
X-Region-Sid
Apple-News-Services-Handled
T-Server
Server-Host
Request-EU
Rt-Proxy-Cache
Request-Country
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-A-Ccd
BehaviorPad-Version
Mobile-Detection-Method
Meta-Geo-Continent
X-A
Rendered-Blocks
Apple-News-Services-Request-Url
Arc-Country
AsisCache
X-A-Dam
X-Connection-Hash
X-VG-WebServer
Xc-Version
X-Vtex-Processado-Em
X-G
X-External-Request-Id
X-Detected-As
Content-Style-Type
X-DPWN-IS-SECURE
X-Server-Time
X-Rewrite-Enabled
X-Cache-Grace
X-Vtex-Remote-Cache
X-Processor
X-Hl-Ver
X-Svr
X-PAYTM-SRV-ID
X-SRCache-Key
X-Destination
X-ScT
X-Vdms-Version
OT-Force-Account-Verify
X-Twitter-Response-Tags
X-Service
X-Session-Fingerprint
X-Trv-Group
X-VG-WebCache
X-D
X-SIPLIST1
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Date
X-S-Cookie
X-Magnolia-Registration
X-Endurance-Cache-Level
ServerName
X-Source
X-Dc
Server-Int
X-Matched-Rule
X-Instart-Isnd
X-Ms-Version
Thinkindot-CacheControl
X-NX-Host
X-Ms-Request-Id
X-Level-Front-Cache
Served-By
X-Location
X-Hash
X-RateLimit-Limit-Second
X-CUA
X-Proxy-Upstream
X-Debug-Cookies
X-Debug-Log
X-Core-Value
X-RateLimit-Remaining-Second
X-Cache-Info
X-Reboot
X-Cache-Bucket
X-Block-Status
X-Dispatch
X-Proxy-Cache-Status
X-Hnp-Log
X-Webstats-RespID
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Thinkindot-L3
Web-Mar-Node
Wxu-Next-Commit
X-Gen-Mode
X-Generated-On
Wxu-Next-Region
Wxu-Next-Hostname
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Uri
X-Ah-Environment
Proxy-Connection
CDCHOST
Mime-Version
Now
X-B3-Parentspanid
X-Server-IP
X-Policy
X-Dispatcher-Server
X-Release
X-CGP
X-Up
X-Request-URI
X-Qloud-Router
X-Thanos
X-TrackingId
X-Origin-Expires
Esi-Enabled
X-Sigma-Backend
X-User
X-JWT-State
X-Clientip
X-Cms-Context
X-VG-TLSProxy
X-Skip-Cache
X-Is-Gdpr
X-Reqid
X-Clara-WADP
W
X-VC-Cache
X-Irp-Debug
X-Agile
X-Agile-Age
X-Bip
We-Hiring
X-Geo-Header
X-BBXSRF
X-Sucuri-Cache
X-C
Mail-Subject
X-Generation-Time
X-Generated-In
X-Cache-URL
X-Cache-Debug
X-Backend-State
X-SVT-ORM-RULES
X-App-Name
X-Swa-Ws
X-Cdn-Srv
X-Has-Esi
X-Agile-Id
X-SVT-ORM-VERSION
X-Auto-Login
X-Distil-CS
X-Azure-Ref-OriginShield
X-Azure-Ref
X-GeoIP-City
X-Scheme
X-VServer
L
X-Planisys-CDN-TTL
Kp-EeAlive
X-Varnish-Beresp-Ttl
Countrycode
Content-Disposition
X-Fastly-Cache
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
Memcached
X-Debug-Cache-Store
Magicmarker
X-Varnish-Beresp-Status
IBM-Web2-Location
X-FW-Version
X-Method
X-Planisys-CDN-Cache
X-Developers
X-Origin-Date
X-Planisys-CDN-Rules
Gh-Request-Id
Heartbleed
HA-Ipaddr
Ha-Gx-Prefs
X-Logging-Id
Fastly-Soc-X-Request-Id
X-Via-NSCOPI
RNT-Machine
RNT-Time
X-We-Are-Hiring
X-Core-Mission
X-Upstream-Ht
X-Sigma
X-Compress-Hint
X-Nc
X-Key
X-WADP-Cache
Section-Io-Cache
X-Upstream-Ct
AKAMAI
X-Rocket-Build-Number
PFcat
Cache-Host
X-Varnish-Beresp-Grace
X-Eu-Site
X-Wikidot-Static-Cache
X-Wikidot-Backend
Pramga
Cache-Provider
X-Via-CDN
X-SRV
X-TIME
X-ServiceProvider
Cdnsip
X-Urbn-Context-Path
X-Owner
X-LI-UUID
X-Epic-Correlation-Id
Platform
X-Li-Pop
Adler-Geo
X-Request-Start
Locale
X-NodeID
X-Old-Content-Length
Is-Eu
Cdncip
X-ND-Cache
X-Li-Fabric
X-WebServer
X-Distributor
X-Platform-Server
X-AK-Request-ID
X-Amz-Meta-Cache-Control
X-Cache-FS-Status
X-Internal-Host
X-Urbn-Site-Id
SD-X-WS
X-S-Maxage
X-SD-PageType
True-Client-Country-4JS
X-Variation
X-Cache-Id
X-GRACE
X-MSEdge-Features
X-MSEdge-Flight
X-LI-Proto
V-Age
X-NC
X-Cdn-Forward
Hostname
X-Trafficlayer-App-Version
X-B3-Spanid
X-UnsetCookies
Powered-By-ChinaCache
X-Servername
Server-ID
Environment
X-Lb-Id
X-Be
GEO-REGION-INFO
CF-IPCountry
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Sucuri-Id
X-Served-From
X-Newrelic-Synthetics
Locid
FNAC-ModuleRouting
X-Req
X-HTML-Minification-Powered-By
X-Nginx-Cache
A
X-FPC
X-Refresh
X-Servedbyhost
X-Developer
X-Gamma-Serve
Geo-Info
X-Sn-Servicetimems
X-Cdn-Origin
X-Device-Os
X-VHOST
X-Microcachable
X-Edge-O15-RID
Tcn
ProcessTime
X-Render-Time
X-Node-Id
X-Sucuri-ID
X-Webkit-CSP
X-IPS-LoggedIn
X-Tb-Optimization-Total-Bytes-Saved
Memory
X-NU-AKA-ACS-Version
X-Zone
X-GeoIP-Country-Code
X-Mode
X-Pjax-Url
X-MP-GENERATED-AT
X-AWS-Id
X-VWS-Id
Request-Time
X-LJ-Flow-ID
X-Ratelimit-Remaining
X-FORWARDED-FOR
X-Pf-Uncompressing
X-VCL-Version
X-DC
XServer
Gannett-Cam-Experience-Id
X-COUNTRY
Resin-Trace
X-ZONE
X-Correlation-ID
Pics-Label
TTL
X-Zipkin-Id
X-Routing-Service
X-Proxied
Cf-Ipcountry
Group
Geoip-Latitude
GeoIp-Country-Code
Amp-Access-Control-Allow-Source-Origin
MIME-Version
CF-Cached-On
X-Unique-ID
X-ECACHE
GeoIP-Country-Code
Geoip-City
X-Pod
X-ElasticPress-Search
GeoIP-Latitude
PICS-Label
X-Instart-Info
X-Via-SSL
X-Backend-Host
X-Via-Edge
X-CSRF-Token
M-TraceId
X-Backend-Url
X-Bc
Cache-Cookie-Set-Idcheck
X-Var-Ttl
Cache-Cookie-Set-Lfrom
GeoIP-City
Cache-Cookie-Set-From
Host-ID
Cdn
HostName
Backend-Name
Ttl
X-NGENIX-Cache
Ohc-Cache-HIT
X-CLOUD-TRACE-CONTEXT
Ohc-File-Size
X-Request-Time
REQUESTUUID
X-APP
X-BC
Pagetype
N-Cache
X-Vcl-Version
X-Cdn-Request-ID
X-PF-Uncompressing
X-Ratelimit-Limit
X-Check-Cacheable
Lfy
X-Swift-Error
X-NGINX-Cache
Fly-Cache
HitType
X-TH-Server
Cache-Prefix
X-PJAX-URL
Fly-Request-Id
X-Fstrz
URI
X-Via-Ucdn
X-Worker
X-Fastly-Country-Code
X-Dynatrace-Js-Agent
X-UPSTREAM-Address
User-Agent
X-Tt-Trace-Tag
Pragrma
On-Server
X-Cache-Miss-From
X-Cache-Tag
Powered-By
X-GEO
X-Sedo-Request-Id
X-LiteSpeed-Cache-Control
X-HostName
Media-Length
X-HS-Status
CDN
X-Server-W
X-ServedByHost
X-WR-MODIFICATION
X-Fetched-On
SRV
X-Aicache-OS
X-Upstream-CT
X-Upstream-HT
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Wa
Fastly-SIE
X-WA
Who
X-Rebelmouse-Cache-Control
AR-SID
X-Tt-Trace-Host
X-Fpc
X-BE
X-Hp-Ccpa-Warning
X-LAGOON
X-Varnish-Cacheable
X-LB-ID
X-Varnish-URL
FSS-Cache
X-TT-LOGID
UCS
FSS-Proxy
X-Cf-Powered-By
DataCenter
X-Store
X-ServerName
Server-Id
X-GDPR
Debug
X-Cache-Tags
Processtime
X-NYM-Debug-Backend
X-Fastly-Backend-Reqs
X-Ua
X-Ftr-Cache-Host
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Protected-By
X-Edge-Server
Server-Surrogate-Control
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Varnish-Beresp-TTL
Cdn-Host
Server-Cache-Control
Cdn-Request-Time
X-SN
Country-Code
X-BACKEND-TTL
Location
XxX-Cache-Status
Xet-Cookie
X-VC
X-Nananana
WP-Super-Cache
X-SB
NnCoection
Cneonction
X-Amzn-Remapped-Connection
X-Action
X-Flog
X-ABtesting
Warning
X-RateLimit-Reset
SS
X-DB
X-DI
X-RPS
X-RPM
X-RSL
X-DW
X-DSS
Requestid
X-Amzn-Remapped-Date
SID
X-LiteSpeed-Tag
X-Gen-Id
X-Fastly-Cache-Hits
Product
Application
X-Li-Proto
Thinkindot-Cache-Type
Is-Session-Tracking
LB
X-Hello
X-Dw-Trace-Id
Get-Access-Time
X-Request-Url