Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Kinja-Server-Push
CF-Ray
X-Turbo-Charged-By
X-AH-Environment
X-Via
X-Ua-Compatible
X-Age
X-Cache-Group
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Hacker
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Request-Context
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-WebKit-CSP
X-Rq
X-Server-Id
Report-To
EagleEye-TraceId
X-Response-Time
X-Ac
X-Host
X-OneAgent-JS-Injection
X-Ws-Request-Id
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Origin-Cache
X-Cache-Lookup
X-Dns-Prefetch-Control
NEL
X-Readtime
X-Cloud-Trace-Context
X-Vhost
P3p
X-HW
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cdn
Allow
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Rack-Cache
Surrogate-Control
X-Origin-Upstream-Status
X-DynaTrace
Rating
X-Country
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-FTR-Request-ID
X-Akam-SW-Version
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
X-Instart-Request-ID
Pinterest-Generated-By
X-PC
X-Vname
X-TtlSet
X-Ruxit-JS-Agent
Edge-Control
X-Mod-Pagespeed
X-B3-TraceId
X-Url
X-MS-InvokeApp
Verso
SPRequestGuid
Accept-Ch
X-Powered-By-Plesk
X-D2id
X-Trace
X-ESI
X-VARITI-CCR
X-SharePointHealthScore
X-Server-Name
X-GitHub-Request-Id
Pagespeed
X-Middleton-Response
X-Sol
Response
Service-Worker-Allowed
Display
X-Middleton-Display
X-Use-Magma
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
Content-MD5
RTSS
X-TTL
SPRequestDuration
SPIisLatency
X-Navigation-Version
X-Abt-Application-Version
X-Powered-CMS
X-Debug
Accept-Ch-Lifetime
X-Vcache
X-Forwarded-Proto
X-Upstream
X-Cached
X-Amz-Server-Side-Encryption
X-Vcap-Request-Id
X-CST
Public-Key-Pins
Charset
MS-Author-Via
X-Version
DynaTrace
X-NF-Request-ID
X-Amz-Rid
Realpath
Edge-Cache-Tag
X-Px
MicrosoftSharePointTeamServices
X-Shard
X-DynaTrace-JS-Agent
Arr-Disable-Session-Affinity
TCN
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Ezoic-Cdn
X-Shield-Request-Id
X-MSEdge-Ref
X-Pinterest-Rid
Pinterest-Version
X-Server-ID
X-Ser
Access-Control-Request-Method
X-Fastly-Request-ID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
Fastly-Restarts
X-Accel-Expires
X-DIS-Request-ID
X-XRDS-Location
X-Client-IP
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
Front-End-Https
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-T
X-Id
X-Element-Page-Cache
X-Goog-Storage-Class
X-Varnish-Age
Nginx-Cache
X-Webapp-Samesite-None-Activated-N
X-Country-Code-Real
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-FTR-Expires
X-Amzn-Trace-Id
Cache-Tag
X-Dw-Request-Base-Id
Fastcgi-Cache
X-Content-Digest
X-Frontend
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
NR-ENABLED
Powered
X-Ttl
X-Hits
X-Correlation-Id
X-Fastcgi-Cache
X-Hp-Webp
X-Kinsta-Cache
Alternate-Protocol
X-FTR-Cache-Host
X-Aspnetmvc-Version
X-Webkit-Csp
X-Request-Processing-Time
X-Request-Received
ServerID
X-N
X-Content-Type
X-Microsite
X-RateLimit-Remaining
X-Request-Handler-Origin-Region
Server-Name
X-Grace
X-HS-Combine-CSS
X-Cache-Hit
PB-RID
PB-PID
Arc-Version
X-Rid
TP-L2-Cache
TP-Cache
X-Mobile-Rewrite
X-Node-Name
Healthy
X-User-Agent
X-Akamai-Edgescape
X-Revision
X-Analytics
Backend-Timing
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Zen-Fury
AMP-Access-Control-Allow-Source-Origin
X-Logged-In
X-LB-Cache
Server-Node
X-Pad
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Mobile-URL
X-Az
X-Activity-Id
X-AppVersion
X-Oneagent-Js-Injection
X-Varnish-Grace
Cache-Status
X-Cached-By
Accept-CH
Accept-CH-Lifetime
X-FastCGI-Cache
X-NWS-LOG-UUID
X-B3-Sampled
X-GUploader-UploadID
X-Content-Options
X-IPLB-Instance
Refresh
Retry-After
X-Ruxit-Js-Agent
X-F-Cache
X-Type
X-Geo-Country
Upgrade-Insecure-Requests
X-Varnish-Backend
X-Tumblr-Pixel-0
X-App-Environment
X-Tumblr-User
X-Tumblr-Pixel
Paypal-Debug-Id
FilterID
X-FB-Debug
X-Srv
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Jobs
X-PHP-Backend
X-Request-Guid
DC
X-Cluster
X-Instance
X-Framework
X-Page-Id
Access-Control-Allow-Method
Source
Host
Actual-Object-TTL
Accept-Charset
X-Debug-Info
X-AOL-HN
X-WebKit-CSP-Report-Only
X-Cache-2
X-B
X-Erf-Bev-Bev
X-ATG-Version
X-Erf-Bev-Bev-Is-Generated
X-Cache-Key
X-Cache-Age
X-TT
Cache
X-Seen-By
Fastcgi-Useragent
Ar-Sid
MS-CV
X-Git-Hash
X-Via-JSL
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-TTL
X-PressLabs-Stats
X-Amz-Replication-Status
X-Whom
Host-Header
X-Signature
X-B-Cache
X-Cache-Control
X-Daa-Tunnel
X-Wix-Request-Id
X-Cache-Enabled
NGB
X-Response-Served-From
X-UA
Surrogate-Key
X-Origin-Server
X-Host-Name
X-RequestSource
X-Mobile
X-TA-CDN-Provider
X-Tumblr-Pixel-2
X-GeoIP
Cache-Tv-Group
X-Tumblr-Pixel-1
Filters
X-FW-Static
X-FW-Server
X-FW-Type
X-Handled-By
X-Hyper-Cache
X-FW-Serve
X-EdgeConnect-Cache-Status
Eomportal-Instance
AR-Request-ID
Payment
WPE-Backend
Cleartype
X-FW-Hash
X-Litespeed-Cache
X-Drupal-Cache-Tags
X-Region
X-Cacheable-TTL
X-TX-ID
X-Cache-NE
X-SERVER
Frame-Options
Xserver
X-Adobe-Loc
X-Adobe-Content
X-ATS-Timestamp
X-Cache-Action
Webserver
X-Kong-Upstream-Latency
X-Cache-Operation
Datacenter
X-Kong-Proxy-Latency
X-Cache-Rule
X-Esi
From-Origin
X-Hostname
X-Load-Cache
X-Akamai-Transformed
X-NewRelic-App-Data
X-ProcessESI
X-RemovedCookies
X-UA-Device-Type
X-Edge-Location
X-Forwarded-Host
X-RTag
Ms-Operation-Id
X-Cache-TTL-Remaining
Liferay-Portal
X-Cache-Server
X-XRDS-LOCATION
X-Yottaa-Metrics
X-Status
X-Varnish-Server
X-Yottaa-Optimizations
X-Varnish-Hostname
X-App-Server
X-Oss-Storage-Class
X-Oss-Object-Type
X-Rule
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Contextid
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-VCache
Country
Odigeo-Trace-Id
X-Upgrade-Enabled
X-TT-TIMESTAMP
X-BCube-Filmed-By
Load-Balancing
X-ES-SERVER
X-UUID
Meta-Geo
X-Path-Route
X-Cache-Var
X-Cache-Var-Map
X-RN-RSRV
DSUID
X-Time
X-Rocket-Nginx-Bypass
X-R9-Blue-Green-Version
X-Origin-Hint
Mn-Server-Ip
Webcakes-Region
TWC-Connection-Speed
Webcakes-App-Version
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-VCT
X-CCM
Release
Property-Id
TWC-Locale-Group
X-Debug-Cache
X-From
Webcakes-App-Name
TWC-Privacy
X-Hosted-By
X-Akamai-Request-ID
X-Drupal-Cache-Contexts
X-FW-Dynamic
X-Cache-Config
Azure-InstanceId
X-PCL
Azure-Version
Selected-Fe
X-Human
S-Rt
Fastly-SSL
X-IP
L5d-Success-Class
X-Loop
X-OCL
Azure-SlotName
Azure-SiteName
X-Proto
X-Origin-Response-Time
Cache-Tags
Cache-Name
Azure-RegionName
X-Proxy-Build
X-Proxy
X-Redis-Cache
X-TNCMS
DB-Nickname
Tracecode
X-Vgn-Hpd-Reason
X-FC-Vary-Parameters
X-Soup
X-Pubstack
X-EIG-Tracking-Id
X-Timing-Wait
X-Real-IP
X-Via-Fastly
X-Viewer-Country
X-Varnish-Cache-Hits
Viewport
Origin-Cache-Control
X-Xfnlog-Site
X-Origin
NGX
X-Akamai-Request-ID2
X-Generated
X-NWS-UUID-VERIFY
X-Content-Age
X-Format
X-Web-Node
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ServerID
X-Access
Origin-Edge-Control
X-Backend-Name
X-Www-Served-By
X-FireWall-Port
X-Cache-Host
Ec-Rule-Version
X-Section
X-Site-Version
X-Cache-Time
X-Locale
Server-Info
Decoy-Debug-Key
X-ProxyCache-Key
X-Rendered-As
Decoy-Debug-Status
Decoy-Debug-TTL
X-Labrador-Cache-Channel
X-Is-Bot
X-ProxyCache-Status
Uber-Trace-Id
S-Cnection
X-Cluster-Name
X-JoinUs
X-BYPASS-REASON
X-Time-Microsecs
Version
X-Accel-Buffering
X-Generated-By
X-Tec-Api-Root
X-Varnish-Hits
X-Tec-Api-Origin
X-PERF
X-ApacheServer
X-Tec-Api-Version
X-Info
X-Cache-Backend
X-Amzn-Remapped-Content-Length
X-Storage
X-PHP-Host
X-URL
X-Origin-CC
X-Origin-TTL
Akamai-GRN
Rt-Fastcgi-Cache
X-Presslabs-Stats
X-SaId
X-WA-Info
X-Geo
X-Nginx-Cache-Key
Cteonnt-Length
GEO-INFO
X-CF-Powered-By
Cache-Key
X-App-Version
Time
X-Guploader-Uploadid
X-No-Session
X-MServer
Origin
X-L-Path
X-Environment-Context
X-FB-TRIP-ID
X-RateLimit-Limit
X-Backend-TTL
X-Unique-Id
X-GoCache-CacheStatus
X-Cache-Remote
Access-Control-Request-Headers
X-APP-VERSION
X-NCache
X-Tb
Accept-Language
Cache-Hits
Vix-Hermes-Req-Id
X-Hit
X-Say-TTL
X-Say-Cacheable
X-CDN-Forward
X-SayCDN-TTL
X-Trace-Id
X-B3-Traceid
X-SS-Set-Cookie
X-Device-Type
X-CS
X-ShardId
X-ShopId
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-EC-Lua
Srv
X-Alternate-Cache-Key
X-Tumblr-Pixel-3
X-B3-SpanId
X-Dc
X-CACHE-KEY
X-OVcl
X-OVcl-Cache
X-RCS-CacheZone
X-S
X-TIME
X-Cluster-Node
X-Source
X-Twitter-Response-Tags
Apple-News-Services-Handled
X-Region-Sid
X-A-Dcw
X-A-Ccd
X-D
X-A
X-A-Dam
X-Vdms-Version
X-External-Request-Id
X-VG-WebCache
X-Vtex-Processado-Em
User-Cache-Control
X-Vtex-Remote-Cache
X-VG-WebServer
Apple-News-Services-Host
X-DPWN-IS-SECURE
Request-EU
X-SIPLIST1
Request-Country
X-Request-UUID
IsBot
X-SRCache-Key
Rt-Proxy-Cache
X-ScT
Machine
Rendered-Blocks
X-Destination
Node
X-Session-Fingerprint
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
X-Server-Time
X-Svr
Server-Host
BehaviorPad-Version
X-Transaction
X-Service
X-Trv-Group
AsisCache
Apple-News-Services-Request-Url
Arc-Country
VivaBuild
Viewtype
T-Server
Fastcgi-X-Cache-Version
X-Processor
Cross-Origin-Window-Policy
Content-Style-Type
X-Detected-As
Content-Script-Type
Apple-News-Services-Parsed-Url
X-Ah-Environment
X-S-Cookie
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-Connection-Hash
X-B-Cookie
X-Application
X-Rewrite-Enabled
OT-Force-Account-Verify
X-Date
X-Parent-Response-Time
X-AIR-PT
NtCoent-Length
X-Aed
X-CF-Lambda-Fn
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
X-Hl-Ver
X-Rojux
X-ARC
Mime-Version
X-G
Xc-Version
X-Magnolia-Registration
X-CSRF-TOKEN
ServerName
ServedBy
X-Endurance-Cache-Level
X-Cache-Grace
X-Webstats-RespID
X-Instart-Isnd
X-Location
X-Cache-Bucket
Server-Int
Served-By
X-Dispatch
X-Matched-Rule
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Level-Front-Cache
X-IN-APIGATEWAYSSL
X-Thinkindot-L3
Wxu-Next-Hostname
X-Generated-On
X-Upstream-Ht
X-Upstream-Ct
X-Via-NSCOPI
X-Reboot
X-CUA
X-Core-Value
X-IN-APIGATEWAY
X-Hash
Wxu-Next-Commit
Wxu-Next-Region
Now
X-Uri
X-SRV
X-Core-Mission
RNT-Machine
RNT-Time
X-Cache-URL
X-Clara-WADP
X-Cdn-Srv
Pramga
X-Server-IP
X-Debug-Log
X-Compress-Hint
X-Clientip
X-Cms-Context
X-CGP
X-Rocket-Build-Number
X-Auto-Login
X-Debug-Cache-Fetch
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Debug-Cache-Store
X-App-Name
X-Debug-Cache-Expiry
X-Agile
X-Agile-Age
PFcat
X-Agile-Id
X-B3-Parentspanid
Web-Mar-Node
X-C
X-Scheme
X-Cache-Debug
X-Cache-Info
X-Block-Status
X-Debug-Cookies
X-Backend-State
X-BBXSRF
W
X-Bip
Section-Io-Cache
X-VC-Cache
X-Hnp-Log
X-Dispatcher-Server
X-Has-Esi
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Irp-Debug
X-RateLimit-Remaining-Second
X-Varnish-Beresp-Grace
X-GeoIP-City
X-Geo-Header
X-Sigma
X-FW-Version
X-Wikidot-Static-Cache
Mail-Subject
Proxy-Connection
X-Generation-Time
X-Gen-Mode
X-Is-Gdpr
X-JWT-State
X-Proxy-Upstream
X-Origin-Expires
X-Origin-Date
X-Proxy-Cache-Status
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-ND-Cache
X-NX-Host
X-Method
X-Logging-Id
X-Key
X-RateLimit-Limit-Second
X-Ms-Request-Id
X-Qloud-Router
X-Ms-Version
X-Wikidot-Backend
We-Hiring
X-Distil-CS
X-Sucuri-Cache
Gh-Request-Id
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Fastly-Cache
Esi-Enabled
Fastly-Soc-X-Request-Id
X-Skip-Cache
Ha-Gx-Prefs
Magicmarker
Memcached
X-Sigma-Backend
X-Developers
L
HA-Ipaddr
Heartbleed
IBM-Web2-Location
Content-Disposition
Countrycode
X-User
X-Eu-Site
X-VG-TLSProxy
X-VServer
X-We-Are-Hiring
X-WADP-Cache
X-Release
X-Up
CDCHOST
X-TrackingId
X-Thanos
X-Reqid
AKAMAI
Cache-Host
Cache-Provider
X-Via-CDN
X-Nc
X-Policy
X-MSEdge-Flight
X-Internal-Host
X-Generated-In
X-MSEdge-Features
X-Swa-Ws
X-Epic-Correlation-Id
X-Li-Fabric
X-Li-Pop
X-Cache-FS-Status
X-Amz-Meta-Cache-Control
Is-Eu
Platform
SD-X-WS
X-LI-UUID
X-Old-Content-Length
X-SD-PageType
X-Variation
X-WebServer
X-S-Maxage
X-Request-URI
X-Owner
X-Platform-Server
X-Request-Start
Adler-Geo
X-Distributor
Kp-EeAlive
X-NC
Locale
X-LI-Proto
Cdnsip
True-Client-Country-4JS
X-Trafficlayer-App-Version
X-NodeID
Server-ID
X-AK-Request-ID
X-Cache-Id
X-ServiceProvider
X-Urbn-Site-Id
Cdncip
X-Urbn-Context-Path
X-B3-Spanid
X-Servername
V-Age
Powered-By-ChinaCache
Hostname
X-Cdn-Forward
X-GRACE
X-UnsetCookies
CF-IPCountry
Environment
X-Served-From
X-Be
X-Req
Locid
X-7Graus-Varnish-XKeys
GEO-REGION-INFO
X-7Graus-Varnish-Cache-Control
X-Lb-Id
X-HTML-Minification-Powered-By
X-Gamma-Serve
FNAC-ModuleRouting
X-Sucuri-Id
X-FPC
X-Newrelic-Synthetics
X-Refresh
A
X-VHOST
X-Developer
X-Nginx-Cache
X-Render-Time
X-Sn-Servicetimems
X-Servedbyhost
X-Cdn-Origin
X-Zone
X-Sucuri-ID
X-Device-Os
Tcn
Geo-Info
X-Webkit-CSP
X-Edge-O15-RID
X-IPS-LoggedIn
X-Tb-Optimization-Total-Bytes-Saved
X-NU-AKA-ACS-Version
X-Microcachable
X-Node-Id
ProcessTime
X-MP-GENERATED-AT
X-Mode
X-GeoIP-Country-Code
X-Ratelimit-Remaining
X-FORWARDED-FOR
X-Pjax-Url
X-Pf-Uncompressing
Memory
Request-Time
Gannett-Cam-Experience-Id
X-COUNTRY
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
X-Correlation-ID
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-VCL-Version
TTL
Amp-Access-Control-Allow-Source-Origin
Geoip-Latitude
Resin-Trace
X-DC
GeoIp-Country-Code
CF-Cached-On
X-CSRF-Token
XServer
PICS-Label
X-Pod
Pics-Label
Cf-Ipcountry
Group
MIME-Version
X-Bc
GeoIP-City
GeoIP-Latitude
X-Instart-Info
X-ZONE
X-ElasticPress-Search
M-TraceId
X-ECACHE
GeoIP-Country-Code
Cache-Cookie-Set-From
X-Via-SSL
Cache-Cookie-Set-Idcheck
Geoip-City
X-Via-Edge
Cache-Cookie-Set-Lfrom
X-Ratelimit-Limit
X-Unique-ID
X-Vcl-Version
Host-ID
HostName
Cdn
X-NODE
X-Var-Ttl
X-Backend-Host
X-Backend-Url
X-CLOUD-TRACE-CONTEXT
X-APP
Ttl
Backend-Name
X-Request-Time
X-Cdn-Request-ID
X-NGINX-Cache
X-Swift-Error
X-NGENIX-Cache
Pagetype
Ohc-Cache-HIT
N-Cache
Lfy
Ohc-File-Size
X-TH-Server
REQUESTUUID
X-BC
HitType
X-PF-Uncompressing
X-Check-Cacheable
X-PJAX-URL
URI
Fly-Request-Id
X-Fstrz
Fly-Cache
Cache-Prefix
X-UPSTREAM-Address
On-Server
X-Fastly-Country-Code
X-Worker
X-Via-Ucdn
User-Agent
Powered-By
X-HostName
CDN
X-Cache-Tag
Pragrma
X-ServedByHost
Media-Length
X-WR-MODIFICATION
X-Cache-Miss-From
X-Tt-Trace-Tag
X-Sedo-Request-Id
SRV
X-LiteSpeed-Cache-Control
X-HS-Status
X-Server-W
Who
X-Fetched-On
X-GEO
X-Aicache-OS
X-WA
AR-SID
Fastly-SIE
FSS-Cache
FSS-Proxy
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Wa
Fastly-SWR
X-BE
X-Tt-Trace-Host
X-Hp-Ccpa-Warning
X-Upstream-HT
X-Upstream-CT
Processtime
X-Varnish-Cacheable
X-Dynatrace-Js-Agent
X-LB-ID
X-Varnish-URL
UCS
X-LAGOON
X-Fpc
X-Cf-Powered-By
X-TT-LOGID
X-Store
Debug
X-Fastly-Backend-Reqs
X-Cache-Tags
X-NYM-Debug-Backend
X-ServerName
X-Ftr-Cache-Host
X-Ua
X-Akamai-ERRuleID
Server-Cache-Control
Server-Surrogate-Control
X-Akamai-ERPolicy
X-Cache-ASPX
X-Varnish-Beresp-TTL
X-GDPR
Server-Id
X-Protected-By
X-Contensis-Viewer-Groups
X-Varnish-Authentication
DataCenter
WP-Super-Cache
X-Edge-Server
Xet-Cookie
X-Apw-Hits
X-VC
X-Apw-Access-Token
X-Apw-Access-Action
X-SB
Fastly-Backend-Name
Country-Code
Location
X-Apw-Access-Object
Cdn-Host
SID
X-Li-Proto
Thinkindot-Cache-Type
X-Gen-Id
X-Fastly-Cache-Hits
Product
Application
X-Dw-Trace-Id
NnCoection
Cneonction
X-Request-Url
Cdn-Request-Time
XxX-Cache-Status
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Nananana
X-SN