Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
Status
X-Content-Security-Policy
X-AspNetMvc-Version
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Kinja-Server-Push
X-Turbo-Charged-By
CF-Ray
X-AH-Environment
X-Via
X-Age
X-Cache-Group
X-Pass-Why
X-Backend
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
EagleId
X-Amz-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-Server
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Request-Context
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-Rq
Report-To
X-Server-Id
EagleEye-TraceId
X-Ac
X-Response-Time
X-Host
X-OneAgent-JS-Injection
Request-Id
X-Cnection
X-Backend-Server
X-Node
X-DataDome
X-Ws-Request-Id
Content-Location
X-Origin-Cache
X-Cache-Lookup
X-Cloud-Trace-Context
X-Readtime
NEL
X-Dns-Prefetch-Control
X-Cdn
X-Vhost
X-Application-Context
X-Dispatcher
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
P3p
Allow
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
Surrogate-Control
X-DynaTrace
Rating
X-Country
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-FTR-Request-ID
X-Akam-SW-Version
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
X-Instart-Request-ID
X-Ruxit-JS-Agent
Pinterest-Generated-By
Edge-Control
X-TtlSet
X-PC
X-Vname
X-MS-InvokeApp
X-Url
X-Mod-Pagespeed
Verso
X-B3-TraceId
SPRequestGuid
X-Powered-By-Plesk
X-SharePointHealthScore
X-Trace
Accept-Ch
X-VARITI-CCR
X-D2id
Response
Pagespeed
X-Server-Name
X-Middleton-Response
X-Sol
Service-Worker-Allowed
X-Middleton-Display
Display
X-GitHub-Request-Id
X-Use-Magma
X-ESI
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
Content-MD5
RTSS
SPIisLatency
SPRequestDuration
X-Powered-CMS
X-Abt-Application-Version
X-Debug
X-Navigation-Version
X-Vcache
X-TTL
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
X-Upstream
Charset
Public-Key-Pins
X-Vcap-Request-Id
X-Cached
MS-Author-Via
X-CST
DynaTrace
X-NF-Request-ID
X-Amz-Rid
X-Version
Realpath
X-Server-ID
Edge-Cache-Tag
X-Px
Accept-Ch-Lifetime
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-Shard
TCN
Arr-Disable-Session-Affinity
X-Ezoic-Cdn
Access-Control-Request-Method
X-MSEdge-Ref
Pinterest-Version
X-Pinterest-Rid
X-XRDS-Location
X-Ser
X-Shield-Request-Id
X-SRCache-Store-Status
Fastly-Restarts
X-SRCache-Fetch-Status
S
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Fastly-Request-ID
X-Accel-Expires
X-DynaTrace-JS-Agent
X-DIS-Request-ID
Front-End-Https
X-Goog-Stored-Content-Encoding
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Goog-Stored-Content-Length
X-TEC-API-VERSION
X-Goog-Metageneration
X-Goog-Generation
X-Recruiting
X-Client-IP
X-Amz-Meta-S3cmd-Attrs
X-Id
X-T
X-Goog-Storage-Class
X-Element-Page-Cache
Nginx-Cache
X-Varnish-Age
X-Ttl
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
Cache-Tag
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-Amzn-Trace-Id
X-FTR-Expires
X-Webapp-Samesite-None-Activated-N
X-Dw-Request-Base-Id
Fastcgi-Cache
X-Frontend
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
NR-ENABLED
X-Content-Digest
Powered
X-Hits
X-Fastcgi-Cache
X-Correlation-Id
X-Kinsta-Cache
Alternate-Protocol
X-Hp-Webp
X-FTR-Cache-Host
ServerID
X-RateLimit-Remaining
X-Grace
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
Server-Name
X-Content-Type
X-Request-Handler-Origin-Region
X-Microsite
X-N
X-Cache-Hit
X-Webkit-Csp
PB-PID
TP-L2-Cache
PB-RID
TP-Cache
X-User-Agent
Accept-CH-Lifetime
X-Node-Name
X-Mobile-Rewrite
X-Rid
Arc-Version
Healthy
X-Revision
X-Analytics
Backend-Timing
X-Akamai-Edgescape
X-Forwarded-For
AMP-Access-Control-Allow-Source-Origin
X-Content-Security-Policy-Report-Only
Accept-CH
X-Zen-Fury
X-Logged-In
Server-Node
X-LB-Cache
X-Pad
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Mobile-URL
X-Az
X-AppVersion
X-Activity-Id
X-SERVER
X-Varnish-Grace
X-NWS-LOG-UUID
X-GUploader-UploadID
X-Cached-By
Cache-Status
X-FastCGI-Cache
X-B3-Sampled
X-Oneagent-Js-Injection
X-IPLB-Instance
X-Content-Options
Retry-After
X-F-Cache
X-Type
Refresh
Upgrade-Insecure-Requests
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Geo-Country
X-Srv
X-Ruxit-Js-Agent
FilterID
X-Tumblr-User
Paypal-Debug-Id
X-Tumblr-Pixel
X-App-Environment
X-Varnish-Backend
X-Tumblr-Pixel-0
X-Instance
Source
X-Jobs
X-Cluster
Access-Control-Allow-Method
X-Framework
X-Request-Guid
X-Debug-Info
DC
X-FB-Debug
Accept-Charset
Actual-Object-TTL
X-Page-Id
Host
X-PHP-Backend
X-AOL-HN
X-WebKit-CSP-Report-Only
X-Cache-Key
X-B
X-Cache-2
X-Cache-Age
Ar-Sid
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Cache
X-ATG-Version
X-Seen-By
X-TT
X-Via-JSL
Fastcgi-Useragent
MS-CV
X-Git-Hash
X-Content-Powered-By
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-PressLabs-Stats
X-Cache-TTL
X-Whom
X-Signature
X-B-Cache
X-Amz-Replication-Status
X-UA
X-TA-CDN-Provider
X-Cache-Control
X-Esi
X-Daa-Tunnel
Host-Header
X-Wix-Request-Id
Surrogate-Key
AR-Request-ID
X-Host-Name
X-Response-Served-From
NGB
X-Origin-Server
X-Cache-Enabled
X-RequestSource
Frame-Options
X-Mobile
Cache-Tv-Group
WPE-Backend
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-GeoIP
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Hash
X-Handled-By
X-Hyper-Cache
X-Region
Eomportal-Instance
Filters
X-TX-ID
Payment
X-FW-Type
X-Cacheable-TTL
X-Cache-Action
X-Drupal-Cache-Tags
X-EdgeConnect-Cache-Status
X-Adobe-Content
X-Adobe-Loc
X-Cache-NE
Cleartype
X-Cache-Operation
X-Cache-Rule
Webserver
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Xserver
X-Litespeed-Cache
X-Hostname
X-NewRelic-App-Data
From-Origin
X-ATS-Timestamp
X-Load-Cache
X-RemovedCookies
X-UA-Device-Type
X-ProcessESI
Datacenter
X-Akamai-Transformed
X-Edge-Location
X-Cache-TTL-Remaining
Ms-Operation-Id
X-RTag
X-Forwarded-Host
Liferay-Portal
X-Cache-Server
X-Time
X-App-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Contextid
X-Status
X-Varnish-Hostname
X-Varnish-Server
X-Rule
X-VCache
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
Country
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
Odigeo-Trace-Id
X-BCube-Filmed-By
X-TT-TIMESTAMP
X-Upgrade-Enabled
X-Path-Route
X-ES-SERVER
X-RN-RSRV
X-Cache-Var-Map
Load-Balancing
X-Cache-Var
Tracecode
Meta-Geo
X-Xfnlog-Site
DSUID
X-UUID
X-OCL
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Cache-Config
TWC-Privacy
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Viewer-Country
TWC-Connection-Speed
Mn-Server-Ip
X-Debug-Cache
X-Origin-Hint
X-PCL
X-Pubstack
Release
X-VCT
X-CCM
Cache-Tags
Property-Id
Azure-SlotName
Azure-SiteName
Azure-Version
X-R9-Blue-Green-Version
Cache-Name
Azure-RegionName
Azure-InstanceId
X-Proxy-Build
X-Proxy
X-From
X-Akamai-Request-ID2
X-Soup
X-Web-Node
X-Real-IP
X-Timing-Wait
NGX
X-Loop
S-Rt
Selected-Fe
X-TNCMS
X-Rocket-Nginx-Bypass
DB-Nickname
Fastly-SSL
X-Vgn-Hpd-Reason
L5d-Success-Class
X-Cache-Host
X-Akamai-Request-ID
X-FW-Dynamic
X-IP
X-FC-Vary-Parameters
X-Human
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NWS-UUID-VERIFY
X-EIG-Tracking-Id
X-Drupal-Cache-Contexts
X-Origin-Response-Time
X-Proto
S-Cnection
X-Locale
X-Labrador-Cache-Channel
X-Site-Version
X-Redis-Cache
X-ServerID
Ec-Rule-Version
Origin-Cache-Control
X-Section
Version
Origin-Edge-Control
X-Varnish-Cache-Hits
Decoy-Debug-Status
X-Content-Age
X-Origin
Server-Info
X-PERF
X-Backend-Name
X-ApacheServer
X-Via-Fastly
X-Access
Decoy-Debug-Key
Decoy-Debug-TTL
X-Format
X-Generated
X-FireWall-Port
X-JoinUs
X-Cache-Time
X-Rendered-As
X-Cluster-Name
X-Is-Bot
X-Time-Microsecs
Uber-Trace-Id
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-XRDS-LOCATION
X-Www-Served-By
Viewport
X-Storage
X-Varnish-Hits
X-Accel-Buffering
X-Tec-Api-Origin
X-Generated-By
X-Info
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-Backend
X-PHP-Host
X-Origin-CC
X-Origin-TTL
X-B3-Traceid
X-Amzn-Remapped-Content-Length
Rt-Fastcgi-Cache
Akamai-GRN
Time
X-URL
X-WA-Info
X-RateLimit-Limit
X-App-Version
X-Nginx-Cache-Key
Cache-Key
X-CF-Powered-By
Cteonnt-Length
X-Geo
X-SaId
X-Presslabs-Stats
X-No-Session
X-Environment-Context
GEO-INFO
X-MServer
X-Cache-Remote
Origin
X-L-Path
X-Unique-Id
X-GoCache-CacheStatus
Accept-Language
X-Guploader-Uploadid
Cache-Hits
Vix-Hermes-Req-Id
X-Backend-TTL
X-Tb
X-FB-TRIP-ID
X-NCache
Access-Control-Request-Headers
X-CDN-Forward
X-Trace-Id
X-Hit
X-SayCDN-TTL
Srv
X-Say-Cacheable
X-Say-TTL
X-SS-Set-Cookie
X-APP-VERSION
X-Device-Type
X-B3-SpanId
X-CS
X-Tumblr-Pixel-3
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-ShopId
X-ShardId
X-CSRF-TOKEN
X-OVcl
X-OVcl-Cache
X-EC-Lua
X-Parent-Response-Time
X-Cluster-Node
User-Cache-Control
X-S
ServedBy
NtCoent-Length
X-RCS-CacheZone
Cross-Origin-Window-Policy
Fastcgi-X-Cache-Version
Content-Style-Type
Viewtype
Xc-Version
X-A-Wwc
X-SIPLIST1
X-Connection-Hash
X-A-Dgt
X-CF-Lambda-Fn
X-Vtex-Processado-Em
X-CF-Lambda-Version
X-Vtex-Remote-Cache
X-D
Content-Script-Type
X-Date
X-Cache-Grace
Request-EU
X-Server-Time
X-ScT
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-External-Request-Id
Apple-News-Services-Handled
Apple-News-Services-Host
Arc-Country
X-Hl-Ver
X-A
X-Accel-Expires-Debug
X-Detected-As
X-Session-Fingerprint
X-Aed
AsisCache
BehaviorPad-Version
X-DPWN-IS-SECURE
X-Destination
X-PAYTM-SRV-ID
X-Twitter-Response-Tags
X-Application
X-Trv-Group
X-AIR-PT
X-Transaction
X-A-Ccd
X-Vdms-Version
X-ARC
OT-Force-Account-Verify
IsBot
VivaBuild
X-A-Dam
Rendered-Blocks
X-Rojux
X-A-Dcw
X-CACHE-KEY
X-Svr
X-S-Cookie
X-SRCache-Key
X-Request-UUID
X-Rewrite-Enabled
Request-Country
Rt-Proxy-Cache
X-VG-WebCache
T-Server
Meta-Geo-Continent
X-G
X-VG-WebServer
MD5-Digest
Machine
X-Region-Sid
X-Processor
X-B-Cookie
Node
Mobile-Detection-Method
X-Endurance-Cache-Level
ServerName
X-Magnolia-Registration
X-Source
X-Dc
X-Debug-Log
Server-Int
Web-Mar-Node
X-Cache-Bucket
X-Dispatch
X-Cache-Info
Served-By
Server-Host
Wxu-Next-Hostname
X-CUA
Wxu-Next-Commit
Wxu-Next-Region
CDCHOST
X-Block-Status
X-Debug-Cookies
X-Ah-Environment
X-Ms-Version
X-NX-Host
X-RateLimit-Remaining-Second
X-Instart-Isnd
X-Service
X-Uri
X-Ms-Request-Id
X-Location
Proxy-Connection
X-RateLimit-Limit-Second
X-IN-APIGATEWAYSSL
Mime-Version
X-Gen-Mode
X-Proxy-Upstream
X-Webstats-RespID
X-Proxy-Cache-Status
X-IN-APIGATEWAY
X-Hnp-Log
X-Hash
X-Rocket-Build-Number
X-Request-URI
X-App-Name
X-Server-IP
X-Reboot
X-Agile-Id
X-Qloud-Router
X-Backend-State
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Release
X-Auto-Login
X-Reqid
X-Sigma-Backend
X-VServer
X-VG-TLSProxy
X-User
X-WADP-Cache
X-We-Are-Hiring
X-Wikidot-Static-Cache
W
X-Wikidot-Backend
X-Up
X-TrackingId
X-BBXSRF
X-Sigma
X-Agile
X-Skip-Cache
X-Sucuri-Cache
X-Thinkindot-L3
X-Thanos
X-Swa-Ws
X-Agile-Age
X-Planisys-CDN-TTL
X-JWT-State
X-Is-Gdpr
X-Developers
X-Key
X-Level-Front-Cache
X-Debug-Cache-Store
X-Matched-Rule
X-Logging-Id
X-Irp-Debug
X-Dispatcher-Server
X-Generated-On
X-Generated-In
X-Fastly-Cache
X-Generation-Time
X-Has-Esi
X-Distil-CS
X-Eu-Site
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Cache-URL
X-Cdn-Srv
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-FW-Version
X-C
X-Policy
X-Cache-Debug
X-CGP
X-Clara-WADP
X-Core-Mission
X-Core-Value
X-Origin-Date
X-Origin-Expires
X-Compress-Hint
X-Clientip
X-Cms-Context
X-Bip
Thinkindot-CacheControl
X-Varnish-Beresp-Grace
Gh-Request-Id
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Upstream-Ht
X-Upstream-Ct
Kp-EeAlive
Esi-Enabled
Cache-Host
Magicmarker
Memcached
Content-Disposition
Now
Countrycode
Pramga
Fastly-Soc-X-Request-Id
Heartbleed
IBM-Web2-Location
HA-Ipaddr
Thinkindot-CacheControl-Type
Ha-Gx-Prefs
Thinkindot-Control
Section-Io-Cache
We-Hiring
Mail-Subject
RNT-Machine
RNT-Time
X-Via-CDN
Cache-Provider
X-B3-Parentspanid
X-NC
X-SRV
X-SVT-ORM-VERSION
Cdncip
X-ServiceProvider
X-Li-Pop
X-Distributor
Cdnsip
X-Request-Start
X-NodeID
X-Old-Content-Length
X-Owner
X-Internal-Host
X-Method
X-Li-Fabric
X-LI-UUID
X-GeoIP-City
X-Geo-Header
X-S-Maxage
X-Scheme
X-Epic-Correlation-Id
AKAMAI
X-Platform-Server
Adler-Geo
X-SD-PageType
X-SVT-ORM-RULES
Platform
X-ND-Cache
True-Client-Country-4JS
L
X-Cache-FS-Status
Locale
X-MSEdge-Flight
X-MSEdge-Features
PFcat
X-WebServer
SD-X-WS
X-Cache-Id
X-VC-Cache
X-Variation
X-Via-NSCOPI
Is-Eu
X-Urbn-Context-Path
X-Urbn-Site-Id
X-AK-Request-ID
X-Amz-Meta-Cache-Control
X-TIME
X-Nc
X-LI-Proto
V-Age
Hostname
X-B3-Spanid
Server-ID
X-Servername
X-UnsetCookies
Powered-By-ChinaCache
CF-IPCountry
Environment
X-7Graus-Varnish-XKeys
X-Lb-Id
GEO-REGION-INFO
X-Trafficlayer-App-Version
X-7Graus-Varnish-Cache-Control
X-Cdn-Forward
X-GRACE
X-Sucuri-Id
X-Served-From
Locid
FNAC-ModuleRouting
X-Req
X-Newrelic-Synthetics
X-FPC
X-Be
X-Nginx-Cache
X-HTML-Minification-Powered-By
X-Servedbyhost
A
X-Refresh
X-Developer
X-Gamma-Serve
Geo-Info
X-Device-Os
X-Sn-Servicetimems
X-Cdn-Origin
X-Microcachable
X-VHOST
X-Edge-O15-RID
X-Render-Time
ProcessTime
X-Sucuri-ID
X-Node-Id
Tcn
X-Webkit-CSP
X-IPS-LoggedIn
X-Tb-Optimization-Total-Bytes-Saved
Memory
X-NU-AKA-ACS-Version
X-Zone
Request-Time
X-GeoIP-Country-Code
X-Mode
X-MP-GENERATED-AT
X-LJ-Flow-ID
X-AWS-Id
X-Pjax-Url
X-VWS-Id
X-Ratelimit-Remaining
X-DC
X-Pf-Uncompressing
X-VCL-Version
XServer
X-FORWARDED-FOR
Gannett-Cam-Experience-Id
X-COUNTRY
Resin-Trace
X-Correlation-ID
X-ZONE
Geoip-Latitude
Group
Amp-Access-Control-Allow-Source-Origin
GeoIp-Country-Code
X-Zipkin-Id
X-Proxied
X-Routing-Service
CF-Cached-On
MIME-Version
X-ElasticPress-Search
Cf-Ipcountry
Geoip-City
GeoIP-Latitude
GeoIP-Country-Code
X-Instart-Info
Pics-Label
X-Pod
TTL
PICS-Label
X-ECACHE
X-Via-SSL
X-Via-Edge
Ttl
X-Bc
X-Var-Ttl
GeoIP-City
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Backend-Url
M-TraceId
X-CSRF-Token
X-Backend-Host
X-Dynatrace-Js-Agent
X-Unique-ID
Backend-Name
X-NGENIX-Cache
X-BC
Host-ID
Cdn
HostName
Ohc-Cache-HIT
X-CLOUD-TRACE-CONTEXT
Ohc-File-Size
X-Check-Cacheable
X-Vcl-Version
X-Request-Time
REQUESTUUID
N-Cache
X-Cdn-Request-ID
Lfy
X-Ratelimit-Limit
X-APP
Pagetype
X-Swift-Error
Cache-Prefix
X-Fstrz
HitType
X-PF-Uncompressing
X-NGINX-Cache
Fly-Cache
X-PJAX-URL
X-TH-Server
Fly-Request-Id
X-Via-Ucdn
X-Worker
X-Fastly-Country-Code
URI
X-Cache-Tag
X-UPSTREAM-Address
X-GEO
Powered-By
Pragrma
User-Agent
X-Tt-Trace-Tag
X-Cache-Miss-From
X-Sedo-Request-Id
On-Server
X-HostName
X-LiteSpeed-Cache-Control
CDN
X-Server-W
X-WR-MODIFICATION
X-HS-Status
Media-Length
X-ServedByHost
X-Fetched-On
SRV
X-Aicache-OS
X-WA
X-BE
Who
X-Wa
Fastly-SWR
Fastly-SIE
X-Upstream-HT
X-Upstream-CT
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
AR-SID
X-Tt-Trace-Host
X-Hp-Ccpa-Warning
X-Varnish-Cacheable
X-LAGOON
FSS-Proxy
FSS-Cache
X-Fpc
X-LB-ID
X-Varnish-URL
UCS
X-TT-LOGID
X-Cf-Powered-By
DataCenter
X-Fastly-Backend-Reqs
X-ServerName
Debug
Processtime
X-Store
X-GDPR
Server-Id
X-Cache-Tags
X-NYM-Debug-Backend
X-Ua
X-Ftr-Cache-Host
X-Varnish-Beresp-TTL
X-Protected-By
X-Edge-Server
X-Varnish-Authentication
X-Akamai-ERRuleID
X-Contensis-Viewer-Groups
X-Akamai-ERPolicy
X-Cache-ASPX
Cdn-Host
Cdn-Request-Time
Country-Code
X-SN
Server-Surrogate-Control
Server-Cache-Control
XxX-Cache-Status
WP-Super-Cache
X-Hello
NnCoection
Xet-Cookie
X-VC
X-LiteSpeed-Tag
Cneonction
X-SB
X-Nananana
X-RPS
X-DB
Get-Access-Time
Thinkindot-Cache-Type
X-Li-Proto
SS
X-ABtesting
X-Dw-Trace-Id
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
LB
Is-Session-Tracking
X-Action
X-DI
SID
Product
Requestid
X-RPM
X-Request-Url
X-RateLimit-Reset
X-RSL
Application
X-DSS
X-Gen-Id
Warning
X-Fastly-Cache-Hits
X-DW
X-Flog