Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
Keep-Alive
X-Kinja-Server-Push
CF-Ray
X-Turbo-Charged-By
X-AH-Environment
X-Ua-Compatible
X-Age
X-Via
X-Cache-Group
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
X-Hacker
Request-Context
Ali-Swift-Global-Savetime
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Server-Id
X-Rq
X-WebKit-CSP
Report-To
EagleEye-TraceId
X-Ws-Request-Id
X-Host
X-Response-Time
X-Ac
X-OneAgent-JS-Injection
Request-Id
X-Cnection
X-Backend-Server
Content-Location
X-DataDome
X-Origin-Cache
X-Node
X-Cache-Lookup
X-Dns-Prefetch-Control
NEL
X-Readtime
X-Cloud-Trace-Context
X-Vhost
P3p
X-HW
X-Application-Context
X-ORACLE-DMS-ECID
X-Dispatcher
X-ORACLE-DMS-RID
X-Cdn
Allow
X-Clacks-Overhead
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
X-Rack-Cache
X-DynaTrace
X-Country
Rating
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
X-Akam-SW-Version
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
Pinterest-Generated-By
X-Instart-Request-ID
X-Ruxit-JS-Agent
Edge-Control
X-Vname
X-PC
X-TtlSet
X-B3-TraceId
X-Mod-Pagespeed
Accept-Ch
X-Url
X-MS-InvokeApp
Verso
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-TTL
X-ESI
X-Trace
X-VARITI-CCR
X-Server-Name
Service-Worker-Allowed
X-GitHub-Request-Id
X-SharePointHealthScore
Content-MD5
X-Sol
Pagespeed
X-Middleton-Response
Response
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Variant
X-Middleton-Display
Display
RTSS
Accept-Ch-Lifetime
X-Navigation-Version
SPRequestDuration
SPIisLatency
X-Abt-Application-Version
X-Powered-CMS
X-Debug
X-Forwarded-Proto
X-Vcache
X-Upstream
X-Amz-Server-Side-Encryption
X-Cached
Public-Key-Pins
X-Vcap-Request-Id
Charset
MS-Author-Via
DynaTrace
X-CST
X-NF-Request-ID
X-Version
X-Amz-Rid
Realpath
Edge-Cache-Tag
X-Px
X-DynaTrace-JS-Agent
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Shard
TCN
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Shield-Request-Id
X-Ezoic-Cdn
X-MSEdge-Ref
X-SRCache-Fetch-Status
Pinterest-Version
Access-Control-Request-Method
X-Pinterest-Rid
X-Ser
X-SRCache-Store-Status
X-Fastly-Request-ID
S
X-Accel-Expires
X-TEC-API-VERSION
X-DIS-Request-ID
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Fastly-Restarts
X-XRDS-Location
X-Client-IP
Front-End-Https
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Webapp-Samesite-None-Activated-N
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-T
X-Varnish-Age
X-Element-Page-Cache
X-Goog-Storage-Class
X-FTR-Cache-Status
Cache-Tag
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Amzn-Trace-Id
X-Server-ID
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Nginx-Cache
X-Dw-Request-Base-Id
X-FTR-Expires
X-Fastcgi-Cache
Fastcgi-Cache
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Content-Digest
X-Frontend
Powered
NR-ENABLED
X-Hits
X-Hp-Webp
X-Kinsta-Cache
Alternate-Protocol
X-Correlation-Id
X-Aspnetmvc-Version
X-Webkit-Csp
X-FTR-Cache-Host
X-Request-Processing-Time
X-Request-Received
X-Content-Type
X-Ttl
X-RateLimit-Remaining
Server-Name
ServerID
X-N
X-Microsite
X-Request-Handler-Origin-Region
X-HS-Combine-CSS
TP-Cache
PB-PID
PB-RID
TP-L2-Cache
X-Mobile-Rewrite
X-Grace
Arc-Version
X-Cache-Hit
Healthy
X-Rid
X-Akamai-Edgescape
X-User-Agent
X-Revision
X-Analytics
Backend-Timing
X-Node-Name
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-Logged-In
X-Pad
AMP-Access-Control-Allow-Source-Origin
X-Zen-Fury
X-Mobile-URL
X-Amzn-RequestId
X-Amz-Apigw-Id
X-LB-Cache
Server-Node
X-Oneagent-Js-Injection
X-AppVersion
X-Activity-Id
X-Az
Cache-Status
X-Varnish-Grace
X-Cached-By
X-B3-Sampled
X-NWS-LOG-UUID
X-F-Cache
X-Content-Options
X-GUploader-UploadID
Refresh
X-Ruxit-Js-Agent
X-IPLB-Instance
X-Geo-Country
Upgrade-Insecure-Requests
X-Type
X-Varnish-Backend
Retry-After
X-FastCGI-Cache
FilterID
Paypal-Debug-Id
X-Tumblr-Pixel-0
X-Cache-2
X-Tumblr-Pixel
Accept-Charset
X-Tumblr-User
Host
X-Jobs
X-Srv
X-FB-Debug
X-Framework
X-Debug-Info
Accept-CH-Lifetime
X-Instance
DC
X-B
X-App-Environment
X-AOL-HN
Actual-Object-TTL
Access-Control-Allow-Method
X-Cluster
Source
X-PHP-Backend
Accept-CH
X-Page-Id
X-WebKit-CSP-Report-Only
X-Request-Guid
AR-ATIME
AR-PoweredBy
X-ATG-Version
AR-CACHE
X-TT
Cache
X-Cache-Age
X-Erf-Bev-Bev-Is-Generated
X-Seen-By
X-Erf-Bev-Bev
Fastcgi-Useragent
X-PressLabs-Stats
MS-CV
X-Cache-Key
X-Git-Hash
X-Content-Powered-By
X-Via-JSL
Ar-Sid
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Signature
X-Cache-TTL
X-B-Cache
X-Whom
X-Amz-Replication-Status
Host-Header
X-Wix-Request-Id
X-Daa-Tunnel
X-Origin-Server
NGB
X-Cache-Control
X-Response-Served-From
X-Mobile
Surrogate-Key
Xserver
X-Cache-Enabled
X-UA
X-TA-CDN-Provider
X-RequestSource
X-GeoIP
Cache-Tv-Group
X-ATS-Timestamp
X-Tumblr-Pixel-2
X-Hyper-Cache
X-FW-Type
X-Host-Name
X-Tumblr-Pixel-1
X-FW-Serve
Payment
Filters
Cleartype
WPE-Backend
X-Cache-NE
X-FW-Server
X-FW-Hash
X-FW-Static
Eomportal-Instance
X-Cacheable-TTL
X-Handled-By
Datacenter
X-Adobe-Loc
X-Adobe-Content
Frame-Options
X-Litespeed-Cache
X-Region
X-Cache-Action
X-TX-ID
X-Drupal-Cache-Tags
X-SERVER
X-EdgeConnect-Cache-Status
Webserver
X-Esi
X-Load-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Hostname
AR-Request-ID
X-Cache-Rule
X-Akamai-Transformed
X-Cache-Operation
From-Origin
X-NewRelic-App-Data
X-Edge-Location
X-RemovedCookies
X-ProcessESI
X-Cache-TTL-Remaining
X-UA-Device-Type
Liferay-Portal
X-RTag
Ms-Operation-Id
X-Cache-Server
X-Varnish-Hostname
X-Forwarded-Host
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-XRDS-LOCATION
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Varnish-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Status
Country
Odigeo-Trace-Id
X-Rule
X-Upgrade-Enabled
X-App-Server
X-Contextid
X-VCache
X-UUID
Load-Balancing
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
X-BCube-Filmed-By
X-Cache-Var-Map
X-Path-Route
Meta-Geo
X-TT-TIMESTAMP
DSUID
TWC-Device-Class
X-R9-Blue-Green-Version
Mn-Server-Ip
X-EIG-Tracking-Id
TWC-Connection-Speed
X-Origin-Hint
Release
X-CCM
X-VCT
Property-Id
Webcakes-Region
TWC-GeoIP-Country
Webcakes-App-Name
X-From
Webcakes-App-Version
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
DB-Nickname
L5d-Success-Class
Cache-Name
X-FW-Dynamic
X-Loop
Cache-Tags
X-Proto
Azure-SiteName
Azure-InstanceId
X-Proxy-Build
X-Vgn-Hpd-Reason
X-Origin
Azure-RegionName
X-Origin-Response-Time
Azure-SlotName
Fastly-SSL
X-Via-Fastly
Azure-Version
X-TNCMS
X-Cache-Time
X-Timing-Wait
Selected-Fe
X-Rocket-Nginx-Bypass
X-ServerID
X-Debug-Cache
X-Viewer-Country
X-Cache-Host
X-Cache-Config
X-Time
X-Akamai-Request-ID
X-Soup
X-Pubstack
X-Drupal-Cache-Contexts
X-Human
Ec-Rule-Version
X-Labrador-Cache-Channel
X-Akamai-Request-ID2
X-Backend-Name
X-Access
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Content-Age
Origin-Edge-Control
NGX
X-FC-Vary-Parameters
X-Cluster-Name
X-JoinUs
X-Hosted-By
Origin-Cache-Control
S-Rt
Viewport
X-Redis-Cache
X-ProxyCache-Key
X-Real-IP
X-FireWall-Port
X-Section
X-BYPASS-REASON
X-Www-Served-By
X-Xfnlog-Site
X-Proxy
X-ProxyCache-Status
X-Format
X-Varnish-Hits
X-NWS-UUID-VERIFY
X-OCL
X-PCL
Version
X-Generated
X-Varnish-Cache-Hits
Uber-Trace-Id
X-Site-Version
X-Web-Node
X-Locale
S-Cnection
X-Accel-Buffering
X-IP
X-Time-Microsecs
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Cache-Backend
X-Generated-By
Tracecode
X-PHP-Host
Server-Info
X-Rendered-As
X-Is-Bot
X-ApacheServer
X-PERF
X-Amzn-Remapped-Content-Length
X-SaId
X-Origin-CC
X-Storage
X-Origin-TTL
Akamai-GRN
X-Info
X-App-Version
X-URL
Rt-Fastcgi-Cache
X-WA-Info
X-Nginx-Cache-Key
X-CF-Powered-By
X-Geo
Cteonnt-Length
X-Guploader-Uploadid
Cache-Key
X-No-Session
X-MServer
X-Environment-Context
X-L-Path
Origin
Time
X-Cache-Remote
X-RateLimit-Limit
Access-Control-Request-Headers
X-FB-TRIP-ID
X-Tec-Api-Version
GEO-INFO
X-Tec-Api-Origin
X-Tec-Api-Root
Accept-Language
X-Tb
X-Presslabs-Stats
X-GoCache-CacheStatus
X-CACHE-KEY
X-EC-Lua
X-Say-TTL
X-Backend-TTL
X-B3-SpanId
X-Unique-Id
Vix-Hermes-Req-Id
X-Say-Cacheable
Cache-Hits
X-SayCDN-TTL
X-Hit
X-NCache
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-APP-VERSION
X-Shopify-Stage
X-RCS-CacheZone
X-Alternate-Cache-Key
X-Shopify-Generated-Cart-Token
X-Trace-Id
X-ShardId
X-ShopId
X-Device-Type
X-Source
Srv
X-CDN-Forward
X-Tumblr-Pixel-3
X-CS
X-S
Mime-Version
OT-Force-Account-Verify
X-SS-Set-Cookie
X-Dc
X-TIME
Rt-Proxy-Cache
X-Application
IsBot
Machine
MD5-Digest
X-AIR-PT
Server-Host
VivaBuild
Viewtype
X-G
T-Server
Request-EU
Request-Country
X-Ah-Environment
X-Hl-Ver
X-Request-UUID
X-Rewrite-Enabled
X-B-Cookie
Rendered-Blocks
X-ARC
Meta-Geo-Continent
Mobile-Detection-Method
X-Region-Sid
Node
Fastcgi-X-Cache-Version
Cross-Origin-Window-Policy
Apple-News-Services-Handled
Apple-News-Services-Host
X-D
X-A-Dgt
X-A-Wwc
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-S-Cookie
X-A-Dcw
BehaviorPad-Version
Arc-Country
X-PAYTM-SRV-ID
X-A-Dam
X-Aed
Content-Style-Type
X-Magnolia-Registration
X-Processor
Content-Script-Type
X-External-Request-Id
X-A-Ccd
X-A
X-Accel-Expires-Debug
X-Endurance-Cache-Level
AsisCache
X-Rojux
X-Trv-Group
X-Destination
X-Twitter-Response-Tags
X-CF-Lambda-Version
X-Transaction
X-Detected-As
X-Upstream-Ct
X-SRCache-Key
X-Svr
X-Vdms-Version
X-CSRF-TOKEN
X-Connection-Hash
Xc-Version
X-Cluster-Node
X-Date
X-Vtex-Remote-Cache
X-VG-WebCache
X-VG-WebServer
X-Vtex-Processado-Em
X-Upstream-Ht
X-CF-Lambda-Fn
X-ScT
X-SIPLIST1
X-Service
X-Session-Fingerprint
X-DPWN-IS-SECURE
X-Server-Time
X-OVcl
ServerName
X-OVcl-Cache
X-Parent-Response-Time
ServedBy
X-Matched-Rule
Thinkindot-Control
X-Location
X-IN-APIGATEWAY
X-ND-Cache
X-Via-NSCOPI
We-Hiring
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Thinkindot-CacheControl-Type
X-CUA
X-Instart-Isnd
X-Level-Front-Cache
X-Core-Value
Served-By
Mail-Subject
X-IN-APIGATEWAYSSL
Thinkindot-CacheControl
Server-Int
X-Generated-On
X-Hash
X-Nc
X-Dispatcher-Server
X-Dispatch
X-Reboot
X-Cache-Bucket
Now
User-Cache-Control
X-Thinkindot-L3
X-Uri
X-SRV
NtCoent-Length
Proxy-Connection
X-Epic-Correlation-Id
Pramga
X-Geo-Header
X-GeoIP-City
RNT-Machine
X-Cache-Debug
RNT-Time
X-Eu-Site
X-Bip
X-Agile-Id
X-Core-Mission
X-Compress-Hint
X-Developers
X-Cms-Context
X-Has-Esi
X-C
X-Agile
X-Debug-Cache-Store
X-FW-Version
X-Debug-Cache-Expiry
W
X-App-Name
X-Debug-Cache-Fetch
X-Azure-Ref-OriginShield
X-Azure-Ref
X-B3-Parentspanid
X-Auto-Login
X-Distil-CS
X-Cache-FS-Status
Section-Io-Cache
X-Generation-Time
X-CGP
X-Clientip
X-Distributor
X-Debug-Cookies
X-Debug-Log
X-Agile-Age
AKAMAI
X-Request-Start
X-Release
X-RateLimit-Remaining-Second
X-Request-URI
X-Rocket-Build-Number
X-Server-IP
X-Scheme
X-S-Maxage
X-RateLimit-Limit-Second
X-Qloud-Router
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Owner
X-Planisys-CDN-TTL
Platform
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Sigma
X-Sigma-Backend
X-VC-Cache
X-Variation
X-User
X-VG-TLSProxy
X-VServer
X-Cache-Grace
X-Webstats-RespID
X-WebServer
X-Up
X-Varnish-Beresp-Grace
X-SVT-ORM-RULES
X-Sucuri-Cache
X-Skip-Cache
X-SVT-ORM-VERSION
X-Thanos
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Adler-Geo
X-Platform-Server
Ha-Gx-Prefs
HA-Ipaddr
X-Li-Fabric
X-Origin-Expires
X-LI-UUID
X-Li-Pop
Heartbleed
IBM-Web2-Location
Magicmarker
PFcat
X-Is-Gdpr
X-JWT-State
Is-Eu
L
X-Logging-Id
Gh-Request-Id
X-Ms-Version
Content-Disposition
Countrycode
X-Old-Content-Length
CDCHOST
Cache-Host
X-Origin-Date
Esi-Enabled
X-NX-Host
X-Method
X-Ms-Request-Id
Fastly-Soc-X-Request-Id
X-Internal-Host
X-We-Are-Hiring
X-WADP-Cache
X-Hnp-Log
X-Wikidot-Backend
X-Generated-In
Server-ID
X-Wikidot-Static-Cache
X-Irp-Debug
X-SD-PageType
X-Gen-Mode
X-LI-Proto
X-Trafficlayer-App-Version
X-Fastly-Cache
X-Policy
X-Swa-Ws
X-Reqid
X-Key
X-TrackingId
X-Cache-Info
X-Amz-Meta-Cache-Control
X-Clara-WADP
X-Backend-State
Kp-EeAlive
Memcached
Web-Mar-Node
SD-X-WS
X-Block-Status
X-BBXSRF
X-Cache-URL
X-Cache-Id
X-Cdn-Srv
X-Cdn-Forward
Cache-Provider
X-Via-CDN
Cdnsip
X-Urbn-Context-Path
Locale
True-Client-Country-4JS
X-MSEdge-Features
V-Age
Powered-By-ChinaCache
Cdncip
X-NodeID
X-ServiceProvider
X-Urbn-Site-Id
X-MSEdge-Flight
X-AK-Request-ID
Environment
X-Served-From
X-Servername
X-B3-Traceid
Locid
X-Req
X-NC
X-Sucuri-Id
X-GRACE
X-Be
X-Lb-Id
X-HTML-Minification-Powered-By
X-Gamma-Serve
FNAC-ModuleRouting
GEO-REGION-INFO
Hostname
X-B3-Spanid
X-Newrelic-Synthetics
X-UnsetCookies
X-Nginx-Cache
CF-IPCountry
X-Refresh
Geo-Info
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-VHOST
X-IPS-LoggedIn
X-FPC
X-Render-Time
ProcessTime
A
X-Zone
X-Servedbyhost
X-Tb-Optimization-Total-Bytes-Saved
Tcn
X-Developer
X-Webkit-CSP
X-MP-GENERATED-AT
X-Edge-O15-RID
X-Mode
X-GeoIP-Country-Code
X-Cdn-Origin
X-Device-Os
X-NU-AKA-ACS-Version
X-Correlation-ID
X-Microcachable
X-Sn-Servicetimems
X-Sucuri-ID
X-Pjax-Url
X-Node-Id
X-Ratelimit-Remaining
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-FORWARDED-FOR
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-COUNTRY
TTL
Request-Time
Memory
Gannett-Cam-Experience-Id
X-Pf-Uncompressing
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
X-DC
Pics-Label
X-Unique-ID
CF-Cached-On
X-CSRF-Token
X-Pod
Resin-Trace
X-Bc
X-VCL-Version
GeoIP-Latitude
GeoIp-Country-Code
Geoip-Latitude
GeoIP-Country-Code
X-Via-SSL
Group
HostName
M-TraceId
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Via-Edge
X-ZONE
GeoIP-City
Cdn
Cache-Cookie-Set-From
PICS-Label
X-Ratelimit-Limit
X-Request-Time
X-Vcl-Version
Host-ID
X-Swift-Error
XServer
X-ElasticPress-Search
X-NODE
X-Instart-Info
Geoip-City
X-ECACHE
MIME-Version
X-CLOUD-TRACE-CONTEXT
X-Cdn-Request-ID
X-TH-Server
Ttl
X-PF-Uncompressing
X-Var-Ttl
X-Backend-Host
X-Backend-Url
Backend-Name
HitType
X-APP
X-Check-Cacheable
X-BC
X-NGINX-Cache
URI
REQUESTUUID
Powered-By
Pagetype
Ohc-File-Size
Ohc-Cache-HIT
N-Cache
Lfy
X-NGENIX-Cache
X-UPSTREAM-Address
X-Fastly-Country-Code
X-Fstrz
Fly-Cache
Fly-Request-Id
On-Server
User-Agent
Cache-Prefix
X-PJAX-URL
X-HostName
X-Via-Ucdn
X-Aicache-OS
Media-Length
X-WR-MODIFICATION
X-Cache-Tag
X-Worker
X-ServedByHost
X-LiteSpeed-Cache-Control
SRV
Who
X-Cache-Miss-From
X-Fetched-On
X-Sedo-Request-Id
X-HS-Status
Pragrma
X-Tt-Trace-Tag
X-WA
FSS-Cache
FSS-Proxy
X-Hp-Ccpa-Warning
CDN
X-Ftr-Cache-Host
AR-SID
X-Tt-Trace-Host
UCS
X-GEO
X-Server-W
X-Fpc
X-BE
X-NYM-Debug-Backend
Processtime
Fastly-SWR
X-Varnish-URL
X-Varnish-Cacheable
X-Rebelmouse-Surrogate-Control
X-Wa
X-LB-ID
Fastly-SIE
X-Rebelmouse-Cache-Control
X-Cache-Tags
X-LAGOON
X-Cf-Powered-By
X-Upstream-CT
X-Upstream-HT
X-Store
X-Varnish-Authentication
X-ServerName
Debug
X-Fastly-Backend-Reqs
X-Cache-ASPX
X-Contensis-Viewer-Groups
Server-Surrogate-Control
Server-Cache-Control
X-Ua
X-Varnish-Beresp-TTL
X-Akamai-ERPolicy
X-Apw-Hits
X-Apw-Access-Object
X-Akamai-ERRuleID
X-Apw-Access-Token
X-Protected-By
X-TT-LOGID
X-Apw-Access-Action
Fastly-Backend-Name
Country-Code
Location
X-BACKEND-TTL
Xet-Cookie
WP-Super-Cache
X-VC
SID
X-Li-Proto
X-Gen-Id
X-Fastly-Cache-Hits
Thinkindot-Cache-Type
X-Dw-Trace-Id
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Application
Server-Id
X-Nananana
XxX-Cache-Status
Cneonction
NnCoection
X-Request-Url
X-GDPR
Product
X-SB