Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
X-Powered-By
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
X-Turbo-Charged-By
CF-Ray
X-AH-Environment
X-Age
X-Cache-Group
X-Pass-Why
X-Via
X-Backend
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Hacker
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Feature-Policy
Server-Timing
Cf-Railgun
X-Amz-Version-Id
X-WebKit-CSP
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Device
X-Rq
Report-To
X-Ws-Request-Id
EagleEye-TraceId
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
X-Cnection
Request-Id
X-Backend-Server
Content-Location
X-Origin-Cache
X-DataDome
X-Node
NEL
X-Cache-Lookup
X-Readtime
X-Dns-Prefetch-Control
X-Vhost
X-Cloud-Trace-Context
X-HW
X-ORACLE-DMS-ECID
X-Dispatcher
X-Application-Context
X-ORACLE-DMS-RID
P3p
X-Cdn
Surrogate-Control
Allow
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
Rating
X-Country
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
Edge-Control
X-Ruxit-JS-Agent
X-Instart-Request-ID
X-PC
X-TtlSet
X-Vname
Pinterest-Generated-By
X-B3-TraceId
X-Mod-Pagespeed
X-Url
Accept-Ch
X-TTL
X-MS-InvokeApp
Verso
SPRequestGuid
X-Powered-By-Plesk
X-ESI
X-D2id
X-Server-Name
X-Trace
X-VARITI-CCR
Content-MD5
Service-Worker-Allowed
X-GitHub-Request-Id
X-Kinja
X-Kinja-Revision
X-SharePointHealthScore
X-GoogleNews-Bot
RTSS
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Variant
X-Use-Magma
Pagespeed
Response
X-Middleton-Response
X-Sol
X-Middleton-Display
Display
Accept-Ch-Lifetime
X-Navigation-Version
X-Vcache
X-Abt-Application-Version
X-Powered-CMS
X-Debug
SPIisLatency
SPRequestDuration
X-Forwarded-Proto
X-Upstream
X-Cached
Public-Key-Pins
X-Amz-Server-Side-Encryption
Charset
X-Version
X-Vcap-Request-Id
DynaTrace
MS-Author-Via
X-NF-Request-ID
X-CST
Edge-Cache-Tag
X-Amz-Rid
Realpath
X-Px
X-DynaTrace-JS-Agent
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
X-Shard
TCN
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-Ezoic-Cdn
X-MSEdge-Ref
X-SRCache-Store-Status
Access-Control-Request-Method
X-Fastly-Request-ID
X-Accel-Expires
S
Pinterest-Version
X-DIS-Request-ID
X-Pinterest-Rid
X-TEC-API-VERSION
X-Ser
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Fastly-Restarts
X-Client-IP
X-Webapp-Samesite-None-Activated-N
Front-End-Https
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Amz-Meta-S3cmd-Attrs
X-Id
X-T
X-Recruiting
X-Varnish-Age
X-Element-Page-Cache
Cache-Tag
X-XRDS-Location
X-Goog-Storage-Class
X-Amzn-Trace-Id
X-FTR-DC
X-FTR-Cache-Status
X-Dw-Request-Base-Id
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-FTR-Expires
X-Server-ID
Nginx-Cache
X-Fastcgi-Cache
Fastcgi-Cache
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Frontend
NR-ENABLED
X-Hits
Powered
X-Correlation-Id
X-Hp-Webp
Alternate-Protocol
X-FTR-Cache-Host
X-Kinsta-Cache
X-RateLimit-Remaining
X-Content-Type
Server-Name
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
X-Aspnetmvc-Version
ServerID
PB-RID
X-Microsite
PB-PID
X-Request-Handler-Origin-Region
Arc-Version
X-Mobile-Rewrite
X-Webkit-Csp
TP-Cache
TP-L2-Cache
X-Forwarded-For
X-Rid
X-Cache-Hit
X-Grace
X-Akamai-Edgescape
Healthy
X-User-Agent
X-N
X-Revision
X-Analytics
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Pad
X-Logged-In
X-Node-Name
X-Mobile-URL
X-Amzn-RequestId
X-Amz-Apigw-Id
AMP-Access-Control-Allow-Source-Origin
X-Zen-Fury
X-Varnish-Grace
X-LB-Cache
Server-Node
X-AppVersion
X-Az
X-Activity-Id
X-Cached-By
X-B3-Sampled
X-Content-Options
X-Ttl
Cache-Status
Refresh
X-F-Cache
X-GUploader-UploadID
X-Oneagent-Js-Injection
X-Geo-Country
Upgrade-Insecure-Requests
X-Type
X-Cache-2
X-IPLB-Instance
X-NWS-LOG-UUID
X-Varnish-Backend
Retry-After
X-Ruxit-Js-Agent
X-Srv
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-App-Environment
X-Tumblr-User
Host
X-FB-Debug
X-Jobs
Paypal-Debug-Id
DC
Actual-Object-TTL
X-Debug-Info
X-Page-Id
X-Request-Guid
X-Instance
X-Framework
X-B
X-Cluster
X-AOL-HN
X-PHP-Backend
Accept-Charset
Source
X-WebKit-CSP-Report-Only
FilterID
Access-Control-Allow-Method
X-FastCGI-Cache
X-Litespeed-Cache
X-TT
Accept-CH-Lifetime
Cache
X-ATG-Version
Accept-CH
AR-PoweredBy
AR-ATIME
AR-CACHE
Fastcgi-Useragent
X-Cache-Age
X-Seen-By
X-Git-Hash
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
MS-CV
X-Content-Powered-By
X-TA-CDN-Provider
X-Signature
X-B-Cache
X-Cache-Key
Host-Header
X-Amz-Replication-Status
VIX-Pulpo-Node
X-Via-JSL
VIX-Pulpo-Upstream-Status
Ar-Sid
Xserver
X-Origin-Server
X-Cache-TTL
X-ATS-Timestamp
X-PressLabs-Stats
X-Cache-Enabled
X-Mobile
X-Cache-Control
X-Wix-Request-Id
X-Whom
NGB
X-Response-Served-From
X-XRDS-LOCATION
X-RequestSource
Surrogate-Key
X-UA
X-Tumblr-Pixel-2
Cache-Tv-Group
X-GeoIP
X-Tumblr-Pixel-1
Frame-Options
X-Daa-Tunnel
Cleartype
WPE-Backend
X-FW-Serve
X-FW-Server
X-FW-Hash
X-Cache-NE
X-Cacheable-TTL
X-Hyper-Cache
X-FW-Static
Eomportal-Instance
Filters
Payment
X-FW-Type
Datacenter
X-Adobe-Loc
X-Adobe-Content
X-Region
X-Host-Name
X-TX-ID
X-Handled-By
Webserver
X-Cache-Action
X-Drupal-Cache-Tags
X-Load-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Hostname
X-Akamai-Transformed
X-EdgeConnect-Cache-Status
X-SERVER
X-Esi
X-Edge-Location
X-Cache-Rule
X-Cache-Operation
From-Origin
X-NewRelic-App-Data
AR-Request-ID
X-Cache-TTL-Remaining
X-RemovedCookies
X-ProcessESI
X-UA-Device-Type
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Liferay-Portal
X-Varnish-Hostname
Ms-Operation-Id
X-RTag
X-Cache-Server
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Object-Type
X-Varnish-Server
X-Rule
X-Forwarded-Host
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Status
Country
X-Upgrade-Enabled
X-Contextid
X-UUID
Odigeo-Trace-Id
X-Path-Route
X-ES-SERVER
X-App-Server
X-Cache-Var-Map
X-Cache-Var
X-RN-RSRV
Load-Balancing
Meta-Geo
DSUID
X-BCube-Filmed-By
X-From
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
X-TT-TIMESTAMP
X-VCT
Mn-Server-Ip
Property-Id
X-CCM
X-EIG-Tracking-Id
TWC-GeoIP-LatLong
X-Debug-Cache
TWC-GeoIP-Country
TWC-Device-Class
Release
TWC-Connection-Speed
X-Rocket-Nginx-Bypass
DB-Nickname
X-Origin-Hint
X-R9-Blue-Green-Version
X-Accel-Buffering
TWC-Privacy
TWC-Locale-Group
Selected-Fe
Origin-Cache-Control
S-Rt
Cache-Name
L5d-Success-Class
Cache-Tags
Fastly-SSL
Uber-Trace-Id
X-Human
X-Viewer-Country
Azure-Version
X-Via-Fastly
X-Vgn-Hpd-Reason
X-TNCMS
X-Origin-Response-Time
X-Real-IP
X-Pubstack
X-Proxy-Build
X-Proxy
X-Proto
X-PCL
X-ProxyCache-Status
X-ProxyCache-Key
X-Timing-Wait
X-Soup
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-Cache-Time
X-Cache-Host
X-BYPASS-REASON
X-Cache-Config
X-FireWall-Port
X-FW-Dynamic
X-Origin
X-ServerID
X-OCL
X-Loop
X-Hosted-By
X-IP
X-Akamai-Request-ID
Origin-Edge-Control
Azure-InstanceId
X-Redis-Cache
Version
Azure-RegionName
Azure-SlotName
Azure-SiteName
X-Locale
X-Labrador-Cache-Channel
X-Rendered-As
X-Format
Viewport
X-Generated
X-JoinUs
X-Cluster-Name
X-Akamai-Request-ID2
X-Site-Version
X-Access
Ec-Rule-Version
X-Varnish-Hits
X-Www-Served-By
X-Xfnlog-Site
X-Section
X-Is-Bot
X-Backend-Name
X-Content-Age
X-Generated-By
Decoy-Debug-Status
Decoy-Debug-Key
NGX
X-Web-Node
Decoy-Debug-TTL
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Time-Microsecs
X-PHP-Host
X-Cache-Backend
X-Varnish-Cache-Hits
S-Cnection
Server-Info
X-SaId
X-Amzn-Remapped-Content-Length
X-Presslabs-Stats
X-ApacheServer
X-NWS-UUID-VERIFY
X-Storage
X-PERF
Akamai-GRN
X-WA-Info
X-Info
X-Geo
X-Origin-TTL
Tracecode
X-Origin-CC
X-Nginx-Cache-Key
X-URL
GEO-INFO
X-CF-Powered-By
X-VCache
X-MServer
X-No-Session
Rt-Fastcgi-Cache
X-TIME
X-Unique-Id
Cteonnt-Length
X-Environment-Context
X-L-Path
X-Time
X-Cache-Remote
X-CACHE-KEY
Origin
Time
X-APP-VERSION
X-App-Version
Access-Control-Request-Headers
X-Tb
X-Guploader-Uploadid
X-EC-Lua
X-Backend-TTL
X-Say-TTL
X-FB-TRIP-ID
X-Say-Cacheable
X-SayCDN-TTL
Accept-Language
Cache-Key
X-RCS-CacheZone
X-CDN-Forward
X-GoCache-CacheStatus
X-Shopify-Stage
X-Tec-Api-Version
Mime-Version
X-Sorting-Hat-ShopId
X-CLOUD-TRACE-CONTEXT
X-Sorting-Hat-PodId
X-Tec-Api-Origin
X-Tec-Api-Root
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Generated-Cart-Token
X-NCache
X-RateLimit-Limit
Vix-Hermes-Req-Id
X-Hit
X-Dc
Cache-Hits
X-Source
OT-Force-Account-Verify
X-Trace-Id
X-Device-Type
X-Endurance-Cache-Level
X-Upstream-Ht
X-Upstream-Ct
X-Tumblr-Pixel-3
X-B3-SpanId
X-CS
X-S
X-A-Wwc
X-Vdms-Version
Machine
X-Processor
X-Vtex-Processado-Em
IsBot
X-DPWN-IS-SECURE
X-PAYTM-SRV-ID
X-Vtex-Remote-Cache
MD5-Digest
User-Cache-Control
X-Detected-As
X-Destination
Meta-Geo-Continent
X-CF-Lambda-Version
X-A-Dcw
X-VG-WebCache
X-A-Dgt
X-External-Request-Id
X-VG-WebServer
X-Region-Sid
X-G
Content-Script-Type
Content-Style-Type
Cross-Origin-Window-Policy
X-B-Cookie
BehaviorPad-Version
AsisCache
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Now
Fastcgi-X-Cache-Version
X-Application
X-AIR-PT
X-Aed
X-Accel-Expires-Debug
Xc-Version
X-ARC
X-Magnolia-Registration
X-Hl-Ver
X-ND-Cache
Node
Mobile-Detection-Method
X-Trv-Group
X-OVcl
Viewtype
X-SRCache-Key
X-Twitter-Response-Tags
T-Server
X-SIPLIST1
Arc-Country
X-Connection-Hash
X-OVcl-Cache
Rt-Proxy-Cache
Server-Host
VivaBuild
X-ScT
X-Date
X-S-Cookie
X-Server-Time
X-Rewrite-Enabled
X-A-Dam
X-Request-UUID
Rendered-Blocks
X-D
X-Session-Fingerprint
X-Svr
X-A-Ccd
Request-EU
X-Rojux
X-CF-Lambda-Fn
X-Service
Request-Country
X-A
X-Transaction
X-SS-Set-Cookie
X-Cluster-Node
ServerName
Srv
X-Parent-Response-Time
ServedBy
Served-By
Thinkindot-CacheControl
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Generated-On
X-Dispatcher-Server
Wxu-Next-Hostname
X-Dispatch
Wxu-Next-Region
X-CUA
X-Core-Value
X-Hash
X-IN-APIGATEWAY
Thinkindot-Control
Wxu-Next-Commit
X-Cache-Bucket
Thinkindot-CacheControl-Type
We-Hiring
X-Level-Front-Cache
X-Reboot
X-Matched-Rule
X-Ah-Environment
X-Thinkindot-L3
X-Webstats-RespID
X-Via-NSCOPI
X-Location
Mail-Subject
Proxy-Connection
X-SVT-ORM-VERSION
X-Thanos
X-SVT-ORM-RULES
X-Sucuri-Cache
X-JWT-State
X-Cache-URL
X-Uri
X-Up
X-TrackingId
X-Skip-Cache
X-Cdn-Srv
X-Sigma-Backend
X-Clientip
X-Is-Gdpr
X-Cms-Context
X-Compress-Hint
X-Clara-WADP
X-SD-PageType
X-Sigma
X-CGP
X-Server-IP
X-Cache-Info
X-Cache-FS-Status
X-Bip
X-Block-Status
X-C
X-Wikidot-Backend
X-BBXSRF
X-Backend-State
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Wikidot-Static-Cache
X-B3-Parentspanid
X-Key
X-Cache-Debug
X-VG-TLSProxy
X-VC-Cache
X-Variation
X-User
X-Li-Fabric
X-VServer
X-WebServer
X-We-Are-Hiring
X-WADP-Cache
X-Scheme
X-Core-Mission
X-Fastly-Cache
X-FW-Version
X-Origin-Date
X-Gen-Mode
X-Origin-Expires
X-Eu-Site
X-Distributor
X-Planisys-CDN-Cache
X-Owner
X-Epic-Correlation-Id
X-Old-Content-Length
X-Generation-Time
X-Hnp-Log
X-Ms-Request-Id
X-Method
X-LI-UUID
X-Ms-Version
X-NX-Host
X-Geo-Header
X-GeoIP-City
X-Has-Esi
X-Distil-CS
X-Planisys-CDN-Rules
X-Request-Start
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Azure-Ref-OriginShield
X-Irp-Debug
X-S-Maxage
X-Rocket-Build-Number
X-Request-URI
X-Debug-Cookies
X-Debug-Log
X-Developers
X-Proxy-Cache-Status
X-Platform-Server
X-Planisys-CDN-TTL
X-Proxy-Upstream
X-Qloud-Router
X-Reqid
X-Release
X-Li-Pop
X-Logging-Id
X-Agile
L
Magicmarker
Is-Eu
IBM-Web2-Location
Heartbleed
PFcat
Platform
SD-X-WS
RNT-Time
RNT-Machine
Pramga
HA-Ipaddr
Ha-Gx-Prefs
CDCHOST
Cache-Host
AKAMAI
Adler-Geo
Content-Disposition
Countrycode
X-Azure-Ref
Gh-Request-Id
Fastly-Soc-X-Request-Id
Esi-Enabled
Section-Io-Cache
Memcached
X-Auto-Login
X-App-Name
X-Agile-Id
Web-Mar-Node
X-Agile-Age
W
Server-ID
Server-Int
X-Amz-Meta-Cache-Control
X-CSRF-TOKEN
NtCoent-Length
X-SRV
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Internal-Host
Kp-EeAlive
X-Generated-In
X-Swa-Ws
X-Trafficlayer-App-Version
X-LI-Proto
X-Policy
X-Cache-Id
Powered-By-ChinaCache
X-HTML-Minification-Powered-By
X-Nc
X-B3-Spanid
Environment
X-Urbn-Context-Path
X-Req
V-Age
Locid
Locale
Cdnsip
Cdncip
X-AK-Request-ID
X-Served-From
X-ServiceProvider
True-Client-Country-4JS
X-NodeID
X-NC
X-Urbn-Site-Id
X-Cache-Grace
X-IPS-LoggedIn
Cache-Provider
X-NODE
X-Gamma-Serve
CF-IPCountry
X-Servername
FNAC-ModuleRouting
X-Newrelic-Synthetics
X-Via-CDN
X-MSEdge-Flight
X-MSEdge-Features
X-Be
X-Lb-Id
GEO-REGION-INFO
X-B3-Traceid
X-Cdn-Forward
X-GRACE
X-Edge-O15-RID
X-Refresh
X-Render-Time
X-FPC
X-MP-GENERATED-AT
X-Mode
X-Sucuri-Id
X-NU-AKA-ACS-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Zone
X-Sucuri-ID
ProcessTime
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
Hostname
X-UnsetCookies
X-GeoIP-Country-Code
X-Nginx-Cache
X-VHOST
X-VWS-Id
X-AWS-Id
Geo-Info
X-LJ-Flow-ID
X-Microcachable
Tcn
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-Developer
A
X-Servedbyhost
X-Pjax-Url
X-Device-Os
X-Sn-Servicetimems
X-Cdn-Origin
X-Pf-Uncompressing
X-CSRF-Token
X-Node-Id
TTL
X-FORWARDED-FOR
X-Ratelimit-Limit
GeoIp-Country-Code
Resin-Trace
Geoip-Latitude
X-COUNTRY
X-Bc
Cache-Cookie-Set-From
Gannett-Cam-Experience-Id
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Memory
X-Request-Time
X-Correlation-ID
Amp-Access-Control-Allow-Source-Origin
Request-Time
X-Vcl-Version
HostName
PICS-Label
X-DC
CF-Cached-On
M-TraceId
X-Pod
X-Cdn-Request-ID
Cf-Ipcountry
Pics-Label
X-Ratelimit-Remaining
X-ZONE
GeoIP-Latitude
X-Via-SSL
GeoIP-City
X-Via-Edge
Cdn
X-VCL-Version
GeoIP-Country-Code
X-TH-Server
X-NGINX-Cache
X-Unique-ID
Host-ID
Group
Ohc-File-Size
Powered-By
X-ECACHE
X-ElasticPress-Search
X-Instart-Info
Ttl
Geoip-City
Ohc-Cache-HIT
X-UPSTREAM-Address
X-Swift-Error
X-BC
X-PF-Uncompressing
Media-Length
HitType
X-APP
MIME-Version
X-Backend-Host
X-Backend-Url
X-Fastly-Country-Code
X-Var-Ttl
XServer
URI
X-ServedByHost
X-Check-Cacheable
X-Hp-Ccpa-Warning
SRV
Backend-Name
X-HS-Status
Lfy
User-Agent
On-Server
X-Cache-Tag
FSS-Cache
N-Cache
X-PJAX-URL
Pagetype
X-Tt-Trace-Tag
FSS-Proxy
X-Tt-Trace-Host
REQUESTUUID
X-HostName
X-NYM-Debug-Backend
X-NGENIX-Cache
UCS
X-Aicache-OS
Fly-Request-Id
X-WR-MODIFICATION
X-Fstrz
Cache-Prefix
Fly-Cache
X-LiteSpeed-Cache-Control
Who
X-Cache-Tags
X-Via-Ucdn
X-WA
X-Worker
AR-SID
Processtime
X-Varnish-Authentication
X-Sedo-Request-Id
X-Fetched-On
X-Contensis-Viewer-Groups
Server-Cache-Control
Pragrma
CDN
Server-Surrogate-Control
X-Cache-ASPX
X-BE
X-Cache-Miss-From
Country-Code
X-LB-ID
X-LAGOON
X-Varnish-URL
X-Varnish-Cacheable
X-Fpc
X-GEO
X-Server-W
Location
Fastly-Backend-Name
X-Cf-Powered-By
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Fastly-SIE
Fastly-SWR
X-Store
Debug
Filterid
X-Wa
X-Fastly-Backend-Reqs
X-ServerName
X-Ftr-Cache-Host
X-Ua
X-Akamai-ERPolicy
Ohc-Response-Time
X-Varnish-Beresp-TTL
RequestId
X-Akamai-ERRuleID
X-Response-By
X-Protected-By
LB
X-Upstream-HT
X-Upstream-CT
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Hits
WP-Super-Cache
X-Apw-Access-Object
SID
X-Amzn-Remapped-Date
X-Gen-Id
X-Fastly-Cache-Hits
X-Li-Proto
Thinkindot-Cache-Type
X-TT-LOGID
X-Dw-Trace-Id
X-Amzn-Remapped-Connection
Application
Product
Cneonction
X-SB
X-VC
XxX-Cache-Status
X-Nananana
X-Request-Url
NnCoection
Xet-Cookie