Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Request-ID
X-Adblock-Key
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
X-Turbo-Charged-By
CF-Ray
X-AH-Environment
X-Age
X-Cache-Group
X-Pass-Why
X-Via
X-Backend
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Hacker
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Feature-Policy
Server-Timing
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Device
X-Rq
Report-To
X-Ws-Request-Id
EagleEye-TraceId
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
X-Cnection
X-Backend-Server
Request-Id
Content-Location
X-Origin-Cache
X-DataDome
X-Node
NEL
X-Cache-Lookup
X-Readtime
X-Dns-Prefetch-Control
X-Vhost
X-Cloud-Trace-Context
X-HW
X-Dispatcher
X-ORACLE-DMS-ECID
X-Application-Context
X-ORACLE-DMS-RID
P3p
X-Cdn
Surrogate-Control
X-Origin-Upstream-Status
Allow
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
Rating
X-Country
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
X-Ruxit-JS-Agent
Edge-Control
X-Instart-Request-ID
X-PC
X-TtlSet
X-Vname
Pinterest-Generated-By
X-B3-TraceId
X-Mod-Pagespeed
X-Url
Accept-Ch
X-MS-InvokeApp
Verso
X-TTL
SPRequestGuid
X-Powered-By-Plesk
X-ESI
X-D2id
X-Server-Name
X-Trace
X-VARITI-CCR
X-GitHub-Request-Id
Content-MD5
Service-Worker-Allowed
X-Kinja-Revision
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-SharePointHealthScore
RTSS
Pagespeed
Response
X-Middleton-Response
X-Sol
X-Middleton-Display
Display
Accept-Ch-Lifetime
X-Navigation-Version
X-Vcache
X-Abt-Application-Version
X-Debug
X-Powered-CMS
SPIisLatency
SPRequestDuration
X-Forwarded-Proto
X-Upstream
X-Cached
Public-Key-Pins
X-Version
X-Vcap-Request-Id
DynaTrace
MS-Author-Via
X-Amz-Server-Side-Encryption
X-CST
Charset
X-NF-Request-ID
X-Amz-Rid
Realpath
Edge-Cache-Tag
X-Px
X-DynaTrace-JS-Agent
Arr-Disable-Session-Affinity
MicrosoftSharePointTeamServices
TCN
X-Shard
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Shield-Request-Id
X-SRCache-Store-Status
X-MSEdge-Ref
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-Fastly-Request-ID
X-Accel-Expires
Pinterest-Version
X-Pinterest-Rid
X-DIS-Request-ID
Access-Control-Request-Method
X-TEC-API-VERSION
X-Ser
S
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Client-IP
Fastly-Restarts
X-Webapp-Samesite-None-Activated-N
Front-End-Https
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-T
X-Id
X-Varnish-Age
X-Element-Page-Cache
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
Cache-Tag
X-Goog-Storage-Class
X-Amzn-Trace-Id
X-FTR-Realm
X-Dw-Request-Base-Id
X-FTR-Backend
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Expires
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Server-ID
Nginx-Cache
X-Fastcgi-Cache
Fastcgi-Cache
X-Content-Digest
Powered
X-Correlation-Id
X-Hits
X-HS-Content-Id
X-Frontend
X-HS-Cache-Config
X-HS-Hub-Id
NR-ENABLED
X-Hp-Webp
Alternate-Protocol
X-FTR-Cache-Host
X-Kinsta-Cache
X-RateLimit-Remaining
X-Content-Type
X-Request-Processing-Time
X-Request-Received
X-Aspnetmvc-Version
Server-Name
ServerID
X-Request-Handler-Origin-Region
X-Microsite
X-HS-Combine-CSS
PB-RID
X-Webkit-Csp
PB-PID
X-Mobile-Rewrite
Arc-Version
TP-Cache
TP-L2-Cache
X-Rid
X-Forwarded-For
X-Grace
Healthy
X-Akamai-Edgescape
X-Cache-Hit
X-N
X-Analytics
Backend-Timing
X-User-Agent
X-Revision
X-Logged-In
X-Pad
X-Mobile-URL
X-Content-Security-Policy-Report-Only
X-Node-Name
AMP-Access-Control-Allow-Source-Origin
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Varnish-Grace
X-Zen-Fury
X-LB-Cache
Server-Node
X-Cached-By
X-B3-Sampled
X-AppVersion
X-Activity-Id
X-Az
Cache-Status
X-Ttl
X-Content-Options
Refresh
X-Oneagent-Js-Injection
X-Geo-Country
X-F-Cache
X-GUploader-UploadID
Upgrade-Insecure-Requests
X-Type
X-Cache-2
X-Varnish-Backend
X-IPLB-Instance
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
Retry-After
X-Tumblr-User
X-App-Environment
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Srv
X-Jobs
Host
X-FB-Debug
X-Page-Id
X-Request-Guid
X-B
X-Cluster
X-Framework
X-PHP-Backend
DC
Paypal-Debug-Id
Actual-Object-TTL
X-AOL-HN
X-Instance
X-Debug-Info
Accept-Charset
FilterID
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
Source
X-TT
Accept-CH-Lifetime
X-Litespeed-Cache
X-FastCGI-Cache
Cache
Accept-CH
X-ATG-Version
AR-PoweredBy
Fastcgi-Useragent
AR-ATIME
AR-CACHE
X-Seen-By
X-Cache-Age
X-Git-Hash
X-Erf-Bev-Bev-Is-Generated
MS-CV
X-Erf-Bev-Bev
X-Content-Powered-By
X-TA-CDN-Provider
X-Signature
X-B-Cache
Host-Header
X-Amz-Replication-Status
X-Cache-Key
Ar-Sid
X-Origin-Server
X-Via-JSL
VIX-Pulpo-Upstream-Status
Xserver
VIX-Pulpo-Node
X-ATS-Timestamp
X-Cache-TTL
X-PressLabs-Stats
X-Cache-Enabled
X-Cache-Control
X-Mobile
X-Whom
NGB
X-Wix-Request-Id
X-Response-Served-From
X-XRDS-LOCATION
X-RequestSource
Surrogate-Key
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Cache-Tv-Group
X-GeoIP
Datacenter
Eomportal-Instance
Filters
Cleartype
Payment
X-Cache-NE
X-FW-Server
X-FW-Hash
X-FW-Static
X-FW-Type
X-Hyper-Cache
X-Cacheable-TTL
X-FW-Serve
Frame-Options
X-Adobe-Loc
X-Adobe-Content
WPE-Backend
X-Daa-Tunnel
X-UA
X-Host-Name
X-Region
Webserver
X-Handled-By
X-Drupal-Cache-Tags
X-TX-ID
X-Load-Cache
X-Cache-Action
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Akamai-Transformed
X-EdgeConnect-Cache-Status
X-SERVER
X-Hostname
X-Edge-Location
X-Esi
From-Origin
X-Cache-Rule
X-Cache-Operation
AR-Request-ID
X-NewRelic-App-Data
X-ProcessESI
X-Cache-TTL-Remaining
X-RemovedCookies
X-ORACLE-APMCS-REQUEST-ID
Liferay-Portal
X-ORACLE-APMCS-TAG
X-UA-Device-Type
X-Varnish-Hostname
Ms-Operation-Id
X-RTag
X-Oss-Storage-Class
X-Oss-Server-Time
X-Cache-Server
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Varnish-Server
X-Rule
X-Forwarded-Host
X-Yottaa-Metrics
X-Yottaa-Optimizations
Country
X-Status
X-Upgrade-Enabled
X-UUID
Odigeo-Trace-Id
X-Contextid
X-Path-Route
X-Cache-Var
Load-Balancing
Meta-Geo
X-RN-RSRV
X-ES-SERVER
X-App-Server
X-Cache-Var-Map
X-From
DSUID
X-BCube-Filmed-By
TWC-Privacy
Property-Id
X-VCT
X-Rocket-Nginx-Bypass
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
Release
TWC-Device-Class
X-TT-TIMESTAMP
X-Origin-Hint
X-CCM
X-Debug-Cache
Webcakes-App-Version
DB-Nickname
X-EIG-Tracking-Id
Webcakes-Region
Webcakes-App-Name
X-R9-Blue-Green-Version
TWC-Connection-Speed
Mn-Server-Ip
X-Accel-Buffering
Azure-SiteName
Azure-SlotName
Cache-Name
Azure-Version
Fastly-SSL
X-Real-IP
Origin-Cache-Control
S-Rt
L5d-Success-Class
Selected-Fe
Azure-RegionName
X-Hosted-By
X-FW-Dynamic
X-Human
X-IP
X-Loop
X-FireWall-Port
X-FC-Vary-Parameters
X-Cache-Time
X-BYPASS-REASON
X-Akamai-Request-ID
X-Drupal-Cache-Contexts
X-Origin
Uber-Trace-Id
X-Vgn-Hpd-Reason
X-Via-Fastly
X-TNCMS
X-Timing-Wait
X-Soup
X-ProxyCache-Status
X-ProxyCache-Key
X-Origin-Response-Time
X-Proto
X-Proxy
X-Proxy-Build
X-ServerID
Origin-Edge-Control
Azure-InstanceId
X-Redis-Cache
X-Format
X-Section
X-Generated
X-Site-Version
X-Cache-Config
X-Backend-Name
X-Viewer-Country
X-OCL
X-Pubstack
X-Cluster-Name
X-Rendered-As
X-Is-Bot
X-JoinUs
Cache-Tags
X-Varnish-Hits
X-Content-Age
X-Www-Served-By
Version
X-Locale
Viewport
X-Access
X-Cache-Host
Ec-Rule-Version
X-PCL
X-Generated-By
X-Akamai-Request-ID2
NGX
X-Web-Node
X-Labrador-Cache-Channel
X-Goog-Meta-Goog-Reserved-File-Mtime
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Time-Microsecs
X-PHP-Host
S-Cnection
X-Xfnlog-Site
Server-Info
X-Varnish-Cache-Hits
X-SaId
X-Cache-Backend
X-Amzn-Remapped-Content-Length
X-Presslabs-Stats
X-NWS-UUID-VERIFY
X-WA-Info
X-Info
Akamai-GRN
X-PERF
X-Nginx-Cache-Key
X-Geo
X-ApacheServer
X-Origin-CC
Tracecode
X-Origin-TTL
X-Storage
GEO-INFO
X-URL
X-CF-Powered-By
Rt-Fastcgi-Cache
X-MServer
Cteonnt-Length
X-Unique-Id
X-Cache-Remote
X-CACHE-KEY
X-Time
X-VCache
X-No-Session
X-TIME
X-APP-VERSION
Time
Origin
X-L-Path
X-Environment-Context
X-App-Version
Access-Control-Request-Headers
X-Guploader-Uploadid
X-EC-Lua
X-Tb
X-Backend-TTL
X-FB-TRIP-ID
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-CDN-Forward
X-RCS-CacheZone
Cache-Key
X-GoCache-CacheStatus
Accept-Language
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-NCache
X-CLOUD-TRACE-CONTEXT
X-ShardId
X-Shopify-Generated-Cart-Token
Mime-Version
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-Dc
X-Tec-Api-Origin
X-Tec-Api-Version
X-Hit
X-RateLimit-Limit
X-Tec-Api-Root
OT-Force-Account-Verify
X-Source
Vix-Hermes-Req-Id
Cache-Hits
X-Device-Type
X-CS
X-Upstream-Ht
X-Tumblr-Pixel-3
X-S
X-B3-SpanId
X-Trace-Id
X-Upstream-Ct
X-Endurance-Cache-Level
Request-EU
AsisCache
Apple-News-Services-Request-Url
Arc-Country
Rt-Proxy-Cache
BehaviorPad-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Magnolia-Registration
Now
Apple-News-Services-Handled
Content-Script-Type
Content-Style-Type
Meta-Geo-Continent
Mobile-Detection-Method
Node
Rendered-Blocks
MD5-Digest
Machine
Cross-Origin-Window-Policy
Fastcgi-X-Cache-Version
IsBot
Request-Country
X-CF-Lambda-Fn
X-ScT
X-S-Cookie
X-Server-Time
X-Service
X-Session-Fingerprint
X-Rojux
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-Processor
X-Region-Sid
X-Request-UUID
X-SIPLIST1
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-Svr
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-ND-Cache
X-Hl-Ver
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Aed
X-AIR-PT
X-A-Dam
X-A-Ccd
T-Server
Viewtype
VivaBuild
X-A
X-Application
X-ARC
X-Detected-As
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-Destination
X-Date
X-B-Cookie
X-CF-Lambda-Version
X-Connection-Hash
X-D
Server-Host
X-Accel-Expires-Debug
X-OVcl-Cache
X-OVcl
X-Parent-Response-Time
X-SS-Set-Cookie
X-Cluster-Node
ServerName
X-Ah-Environment
Wxu-Next-Commit
Wxu-Next-Region
Thinkindot-Control
Thinkindot-CacheControl
Mail-Subject
X-Via-NSCOPI
X-Thinkindot-L3
Srv
X-Reboot
Served-By
Thinkindot-CacheControl-Type
X-CUA
X-Hash
X-Generated-On
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Level-Front-Cache
X-Location
We-Hiring
X-Core-Value
X-Dispatch
X-Dispatcher-Server
X-Matched-Rule
X-Cache-Bucket
Wxu-Next-Hostname
User-Cache-Control
X-Webstats-RespID
ServedBy
X-Agile-Age
X-Agile-Id
X-Agile
X-Reqid
X-Request-Start
X-Release
X-Amz-Meta-Cache-Control
X-Logging-Id
X-App-Name
X-Qloud-Router
X-Epic-Correlation-Id
X-Platform-Server
Content-Disposition
X-Rocket-Build-Number
AKAMAI
X-JWT-State
W
X-Li-Pop
X-Debug-Cache-Expiry
X-Li-Fabric
Adler-Geo
X-SD-PageType
X-LI-UUID
X-Auto-Login
X-S-Maxage
X-Scheme
X-Fastly-Cache
X-Eu-Site
X-Azure-Ref
X-Cdn-Srv
X-Old-Content-Length
X-Origin-Date
X-Cache-URL
X-Developers
X-Origin-Expires
X-CGP
X-Clara-WADP
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Core-Mission
X-Compress-Hint
X-Clientip
X-Cms-Context
X-Method
X-Cache-FS-Status
X-Backend-State
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-B3-Parentspanid
X-Azure-Ref-OriginShield
X-Planisys-CDN-TTL
X-BBXSRF
X-Owner
X-Distil-CS
X-Cache-Debug
X-C
X-Distributor
X-Bip
X-FW-Version
X-Server-IP
Heartbleed
IBM-Web2-Location
HA-Ipaddr
Ha-Gx-Prefs
X-Uri
Is-Eu
Cache-Host
Magicmarker
X-Wikidot-Static-Cache
X-Up
L
X-Has-Esi
Gh-Request-Id
X-User
X-Irp-Debug
Esi-Enabled
Countrycode
X-Is-Gdpr
X-WADP-Cache
X-Key
Fastly-Soc-X-Request-Id
X-VC-Cache
X-Variation
X-VG-TLSProxy
X-We-Are-Hiring
X-VServer
X-GeoIP-City
Memcached
X-Sigma
X-Generation-Time
X-Sigma-Backend
X-Sucuri-Cache
Pramga
RNT-Machine
RNT-Time
Server-ID
Server-Int
X-Wikidot-Backend
Section-Io-Cache
SD-X-WS
X-SVT-ORM-RULES
X-Skip-Cache
Platform
X-WebServer
X-TrackingId
X-Geo-Header
X-Thanos
X-SVT-ORM-VERSION
PFcat
X-Varnish-Beresp-Status
Proxy-Connection
NtCoent-Length
X-SRV
X-Varnish-Beresp-Grace
X-CSRF-TOKEN
X-Varnish-Beresp-Ttl
X-Debug-Cookies
X-Gen-Mode
X-LI-Proto
X-Trafficlayer-App-Version
X-Hnp-Log
X-Ms-Request-Id
X-Debug-Log
X-Internal-Host
X-RateLimit-Remaining-Second
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Block-Status
X-Request-URI
Web-Mar-Node
Powered-By-ChinaCache
X-Swa-Ws
CDCHOST
X-Cache-Info
X-RateLimit-Limit-Second
X-NX-Host
X-Ms-Version
X-B3-Spanid
Environment
X-Nc
Kp-EeAlive
X-Generated-In
X-Req
X-HTML-Minification-Powered-By
X-NC
X-Cache-Id
X-Policy
X-Served-From
Locid
X-Cache-Grace
X-IPS-LoggedIn
Cache-Provider
X-Urbn-Context-Path
X-Urbn-Site-Id
V-Age
X-Gamma-Serve
X-AK-Request-ID
Cdncip
X-NodeID
X-ServiceProvider
Cdnsip
CF-IPCountry
X-Servername
Locale
True-Client-Country-4JS
X-Newrelic-Synthetics
X-Via-CDN
X-MSEdge-Features
X-MSEdge-Flight
FNAC-ModuleRouting
X-Lb-Id
GEO-REGION-INFO
X-NODE
X-Be
X-B3-Traceid
X-Edge-O15-RID
X-GRACE
X-Cdn-Forward
X-Refresh
X-FPC
X-Render-Time
X-Mode
X-MP-GENERATED-AT
X-Tb-Optimization-Total-Bytes-Saved
X-Zone
X-Sucuri-Id
X-NU-AKA-ACS-Version
ProcessTime
X-Sucuri-ID
X-VHOST
X-GeoIP-Country-Code
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Nginx-Cache
X-UnsetCookies
Hostname
Tcn
Geo-Info
X-Zipkin-Id
X-VWS-Id
X-AWS-Id
X-Proxied
X-LJ-Flow-ID
X-Routing-Service
A
X-Pjax-Url
X-Developer
X-Microcachable
X-Servedbyhost
X-Sn-Servicetimems
X-Device-Os
X-Pf-Uncompressing
X-Cdn-Origin
X-CSRF-Token
TTL
X-Node-Id
X-FORWARDED-FOR
X-Ratelimit-Limit
Resin-Trace
Gannett-Cam-Experience-Id
X-Bc
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-COUNTRY
Cache-Cookie-Set-From
Geoip-Latitude
Memory
GeoIp-Country-Code
X-Correlation-ID
X-Request-Time
Request-Time
PICS-Label
X-DC
HostName
Amp-Access-Control-Allow-Source-Origin
X-Vcl-Version
CF-Cached-On
X-Ratelimit-Remaining
Cf-Ipcountry
M-TraceId
X-Cdn-Request-ID
Pics-Label
X-Pod
X-ZONE
X-Via-SSL
X-NGINX-Cache
GeoIP-Latitude
X-VCL-Version
X-TH-Server
GeoIP-City
GeoIP-Country-Code
X-Via-Edge
Cdn
X-Unique-ID
Host-ID
Group
Powered-By
X-ECACHE
Ttl
X-Instart-Info
X-ElasticPress-Search
Geoip-City
X-Swift-Error
X-UPSTREAM-Address
Ohc-File-Size
X-APP
X-Var-Ttl
X-Fastly-Country-Code
Ohc-Cache-HIT
X-PF-Uncompressing
X-BC
X-Backend-Host
X-Backend-Url
HitType
Media-Length
MIME-Version
XServer
SRV
X-ServedByHost
X-Check-Cacheable
X-HS-Status
X-Hp-Ccpa-Warning
Backend-Name
URI
FSS-Cache
User-Agent
On-Server
FSS-Proxy
X-Tt-Trace-Host
X-Cache-Tag
X-Tt-Trace-Tag
REQUESTUUID
Pagetype
Lfy
N-Cache
X-NYM-Debug-Backend
X-HostName
X-NGENIX-Cache
UCS
X-WR-MODIFICATION
X-PJAX-URL
Fly-Cache
Cache-Prefix
Fly-Request-Id
X-Aicache-OS
X-Fstrz
X-LiteSpeed-Cache-Control
X-Via-Ucdn
X-Worker
X-WA
Who
X-Cache-Tags
AR-SID
Server-Surrogate-Control
X-Sedo-Request-Id
X-Cache-ASPX
CDN
Pragrma
X-BE
X-Cache-Miss-From
Server-Cache-Control
X-Fetched-On
X-Contensis-Viewer-Groups
Processtime
X-Varnish-Authentication
X-Varnish-Cacheable
X-Varnish-URL
X-GEO
Fastly-Backend-Name
X-LAGOON
X-Server-W
Location
X-Fpc
X-LB-ID
X-Cf-Powered-By
X-Rebelmouse-Surrogate-Control
Country-Code
X-Rebelmouse-Cache-Control
X-Store
X-Wa
Fastly-SWR
Debug
Fastly-SIE
X-ServerName
X-Fastly-Backend-Reqs
X-Ftr-Cache-Host
Filterid
X-Ua
X-Protected-By
X-Response-By
RequestId
X-Akamai-ERRuleID
LB
X-Varnish-Beresp-TTL
X-Akamai-ERPolicy
X-Upstream-CT
X-Upstream-HT
X-Dw-Trace-Id
Thinkindot-Cache-Type
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-TT-LOGID
Ohc-Response-Time
X-Apw-Access-Action
X-SB
Product
XxX-Cache-Status
X-Amzn-Remapped-Date
X-Request-Url
X-Nananana
NnCoection
X-Amzn-Remapped-Connection
Application
Cneonction
Xet-Cookie
WP-Super-Cache
X-VC
SID
X-Fastly-Cache-Hits
X-Gen-Id
X-Li-Proto