Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Kinja-Server-Push
CF-Ray
X-Turbo-Charged-By
X-AH-Environment
X-Via
X-Ua-Compatible
X-Age
X-Cache-Group
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-UA-Device
X-Proxy-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Hacker
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Request-Context
X-Varnish-Cache
Grace
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-Rq
X-Server-Id
Report-To
EagleEye-TraceId
X-Response-Time
X-Ac
X-Host
X-OneAgent-JS-Injection
Request-Id
X-Ws-Request-Id
X-Cnection
X-Backend-Server
X-Node
X-DataDome
Content-Location
X-Origin-Cache
X-Cache-Lookup
X-Dns-Prefetch-Control
NEL
X-Readtime
X-Cloud-Trace-Context
X-Vhost
P3p
X-Application-Context
X-HW
X-Dispatcher
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cdn
Allow
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
Surrogate-Control
X-Origin-Upstream-Status
X-DynaTrace
Rating
X-Country
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-FTR-Request-ID
X-Akam-SW-Version
X-Country-Code
X-Goog-Hash
X-Varnish-TTL
X-Instart-Request-ID
Pinterest-Generated-By
Edge-Control
X-Ruxit-JS-Agent
X-Vname
X-TtlSet
X-PC
X-Mod-Pagespeed
X-B3-TraceId
X-MS-InvokeApp
X-Url
Verso
SPRequestGuid
X-Powered-By-Plesk
Accept-Ch
X-D2id
X-ESI
X-Trace
X-VARITI-CCR
X-SharePointHealthScore
X-Server-Name
Service-Worker-Allowed
X-Sol
Pagespeed
X-GitHub-Request-Id
X-Middleton-Response
Response
Display
X-Middleton-Display
X-Exp-Variant
Content-MD5
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
RTSS
X-TTL
X-Navigation-Version
SPRequestDuration
SPIisLatency
X-Powered-CMS
X-Abt-Application-Version
X-Vcache
X-Debug
Accept-Ch-Lifetime
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Upstream
Charset
X-Cached
Public-Key-Pins
X-Vcap-Request-Id
MS-Author-Via
X-CST
X-NF-Request-ID
DynaTrace
X-Version
Edge-Cache-Tag
X-Amz-Rid
Realpath
X-Px
MicrosoftSharePointTeamServices
X-DynaTrace-JS-Agent
X-Shard
Arr-Disable-Session-Affinity
TCN
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Ezoic-Cdn
Access-Control-Request-Method
X-Shield-Request-Id
X-MSEdge-Ref
X-Pinterest-Rid
X-Server-ID
Pinterest-Version
X-Ser
S
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
Fastly-Restarts
X-Accel-Expires
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-DIS-Request-ID
X-XRDS-Location
X-Client-IP
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
Front-End-Https
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Id
X-T
X-Goog-Storage-Class
X-Element-Page-Cache
Nginx-Cache
X-Varnish-Age
X-Webapp-Samesite-None-Activated-N
X-FTR-Backend-Server
MRF-Tech
X-FTR-Cache-Status
Cache-Tag
X-FTR-Backend
X-Mrf-Section-Lastmod
X-Country-Code-Real
X-FTR-DC
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-FTR-Balancer
X-FTR-Realm
Mrf-Cache-Status
X-Amzn-Trace-Id
X-FTR-Expires
X-Dw-Request-Base-Id
Fastcgi-Cache
X-Fastcgi-Cache
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
X-Content-Digest
NR-ENABLED
Powered
X-Hits
X-Ttl
X-Correlation-Id
X-Kinsta-Cache
Alternate-Protocol
X-Hp-Webp
X-FTR-Cache-Host
X-Aspnetmvc-Version
X-Webkit-Csp
X-Request-Received
X-Request-Processing-Time
ServerID
X-N
X-HS-Combine-CSS
Server-Name
X-Request-Handler-Origin-Region
X-RateLimit-Remaining
X-Microsite
X-Cache-Hit
X-Grace
X-Content-Type
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-Rid
X-Node-Name
X-User-Agent
TP-Cache
TP-L2-Cache
Healthy
X-Akamai-Edgescape
X-Revision
X-Analytics
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Forwarded-For
X-Zen-Fury
AMP-Access-Control-Allow-Source-Origin
X-Logged-In
Server-Node
X-LB-Cache
X-Pad
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Mobile-URL
X-Az
X-Activity-Id
X-AppVersion
X-Oneagent-Js-Injection
X-Varnish-Grace
Cache-Status
X-NWS-LOG-UUID
Accept-CH
Accept-CH-Lifetime
X-Cached-By
X-GUploader-UploadID
X-B3-Sampled
X-Content-Options
X-IPLB-Instance
X-F-Cache
Refresh
X-Ruxit-Js-Agent
Retry-After
Upgrade-Insecure-Requests
X-Type
X-Geo-Country
X-FastCGI-Cache
FilterID
X-Varnish-Backend
X-App-Environment
Paypal-Debug-Id
X-Tumblr-Pixel-0
X-Srv
X-Tumblr-Pixel
X-Tumblr-User
AR-PoweredBy
Source
AR-CACHE
X-Instance
X-FB-Debug
AR-ATIME
DC
Access-Control-Allow-Method
X-PHP-Backend
X-Request-Guid
X-Debug-Info
X-Cluster
X-Jobs
Actual-Object-TTL
Host
Accept-Charset
X-Page-Id
X-WebKit-CSP-Report-Only
X-Cache-2
X-AOL-HN
X-Framework
X-B
X-ATG-Version
Cache
X-Cache-Age
X-Erf-Bev-Bev
X-TT
X-Erf-Bev-Bev-Is-Generated
X-Seen-By
Fastcgi-Useragent
Ar-Sid
MS-CV
X-Git-Hash
X-Via-JSL
X-Cache-Key
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Powered-By
X-Cache-TTL
X-PressLabs-Stats
X-Signature
X-B-Cache
X-Amz-Replication-Status
Host-Header
X-Whom
X-UA
X-Daa-Tunnel
X-Cache-Control
X-Wix-Request-Id
X-Cache-Enabled
X-Response-Served-From
NGB
Surrogate-Key
X-Origin-Server
X-Host-Name
X-TA-CDN-Provider
X-RequestSource
X-Mobile
X-GeoIP
Cache-Tv-Group
WPE-Backend
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-EdgeConnect-Cache-Status
X-FW-Server
X-FW-Static
Payment
X-FW-Serve
Frame-Options
X-TX-ID
X-FW-Hash
X-Hyper-Cache
AR-Request-ID
X-FW-Type
Cleartype
X-Region
Filters
Eomportal-Instance
X-Handled-By
X-Cache-Action
Xserver
X-Cacheable-TTL
X-Drupal-Cache-Tags
X-Litespeed-Cache
X-Cache-NE
X-SERVER
X-Adobe-Loc
X-Adobe-Content
X-ATS-Timestamp
Webserver
Datacenter
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Esi
X-Cache-Rule
X-Cache-Operation
X-Hostname
From-Origin
X-Load-Cache
X-NewRelic-App-Data
X-Akamai-Transformed
X-ProcessESI
X-RemovedCookies
X-UA-Device-Type
X-Edge-Location
X-Cache-TTL-Remaining
Ms-Operation-Id
X-Forwarded-Host
X-RTag
Liferay-Portal
X-Cache-Server
X-XRDS-LOCATION
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-Server
X-Status
X-Varnish-Hostname
X-Contextid
X-Oss-Storage-Class
X-App-Server
X-Oss-Hash-Crc64ecma
X-Rule
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Odigeo-Trace-Id
Country
X-Upgrade-Enabled
X-UUID
Meta-Geo
X-TT-TIMESTAMP
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
X-BCube-Filmed-By
X-Path-Route
X-RN-RSRV
Load-Balancing
X-Time
DSUID
X-Xfnlog-Site
X-Pubstack
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Device-Class
X-Cache-Config
X-CCM
TWC-Connection-Speed
Webcakes-Region
Webcakes-App-Version
X-PCL
Release
X-Rocket-Nginx-Bypass
Webcakes-App-Name
X-Origin-Hint
X-OCL
Property-Id
X-R9-Blue-Green-Version
TWC-Locale-Group
X-Viewer-Country
Mn-Server-Ip
X-VCT
TWC-GeoIP-Country
X-From
X-Debug-Cache
Cache-Tags
X-Drupal-Cache-Contexts
X-Akamai-Request-ID
Azure-Version
Cache-Name
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Akamai-Request-ID2
L5d-Success-Class
X-Timing-Wait
X-Human
X-TNCMS
NGX
X-Vgn-Hpd-Reason
X-IP
X-Soup
X-Real-IP
X-Origin-Response-Time
X-Loop
S-Rt
Tracecode
X-Via-Fastly
X-Hosted-By
X-Proxy-Build
Fastly-SSL
DB-Nickname
X-FW-Dynamic
X-Redis-Cache
X-Proxy
X-Cache-Host
X-Goog-Meta-Goog-Reserved-File-Mtime
Selected-Fe
X-Proto
X-EIG-Tracking-Id
X-Web-Node
X-FC-Vary-Parameters
Origin-Cache-Control
X-ServerID
X-Origin
X-Labrador-Cache-Channel
X-Varnish-Cache-Hits
X-Site-Version
X-Locale
X-Section
X-FireWall-Port
X-Cache-Time
X-Content-Age
X-Backend-Name
X-Access
X-Format
X-Generated
X-Www-Served-By
Origin-Edge-Control
Viewport
S-Cnection
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-NWS-UUID-VERIFY
Ec-Rule-Version
Server-Info
Uber-Trace-Id
X-Time-Microsecs
X-Rendered-As
X-ApacheServer
X-ProxyCache-Status
Version
X-ProxyCache-Key
X-JoinUs
X-Is-Bot
X-Cluster-Name
X-PERF
X-BYPASS-REASON
X-Storage
X-Cache-Backend
X-Generated-By
X-VCache
X-Accel-Buffering
X-Varnish-Hits
X-Info
X-PHP-Host
X-Amzn-Remapped-Content-Length
X-Origin-TTL
Akamai-GRN
X-Origin-CC
X-URL
Rt-Fastcgi-Cache
X-SaId
X-Presslabs-Stats
X-Geo
X-WA-Info
Time
Cache-Key
GEO-INFO
Cteonnt-Length
X-Nginx-Cache-Key
X-CF-Powered-By
X-App-Version
X-Guploader-Uploadid
X-No-Session
X-Tec-Api-Origin
Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-MServer
X-L-Path
X-Environment-Context
X-Tb
X-FB-TRIP-ID
X-GoCache-CacheStatus
X-RateLimit-Limit
Vix-Hermes-Req-Id
X-Backend-TTL
Accept-Language
Cache-Hits
X-Unique-Id
X-Cache-Remote
X-CACHE-KEY
Access-Control-Request-Headers
X-APP-VERSION
X-NCache
X-Trace-Id
X-Hit
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-CDN-Forward
X-SS-Set-Cookie
X-B3-Traceid
X-Device-Type
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
Srv
X-Alternate-Cache-Key
X-EC-Lua
X-B3-SpanId
X-Tumblr-Pixel-3
X-Sorting-Hat-ShopId
X-CS
X-Dc
X-OVcl
User-Cache-Control
X-RCS-CacheZone
X-OVcl-Cache
ServedBy
NtCoent-Length
X-Source
X-S
X-TIME
X-Cluster-Node
Server-Host
X-PAYTM-SRV-ID
X-Processor
X-AIR-PT
X-Region-Sid
Rt-Proxy-Cache
Apple-News-Services-Parsed-Url
X-Connection-Hash
Mobile-Detection-Method
X-DPWN-IS-SECURE
Node
X-G
X-External-Request-Id
X-Detected-As
X-Destination
X-D
Machine
X-Date
IsBot
Meta-Geo-Continent
Fastcgi-X-Cache-Version
Cross-Origin-Window-Policy
Apple-News-Services-Request-Url
Arc-Country
Apple-News-Services-Host
Apple-News-Services-Handled
Request-Country
Rendered-Blocks
AsisCache
BehaviorPad-Version
Content-Script-Type
Content-Style-Type
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Hl-Ver
Request-EU
Mime-Version
X-B-Cookie
X-Parent-Response-Time
X-A-Dam
Viewtype
X-Session-Fingerprint
X-Transaction
OT-Force-Account-Verify
X-Server-Time
X-Ah-Environment
X-SIPLIST1
VivaBuild
X-A
X-Twitter-Response-Tags
X-Trv-Group
X-Accel-Expires-Debug
X-Aed
X-A-Ccd
X-SRCache-Key
X-Vtex-Remote-Cache
X-Svr
Xc-Version
X-Service
X-Request-UUID
X-Rewrite-Enabled
X-A-Dcw
X-VG-WebServer
X-A-Dgt
X-Vtex-Processado-Em
T-Server
X-A-Wwc
X-VG-WebCache
MD5-Digest
X-ScT
X-S-Cookie
X-Rojux
X-Application
X-Vdms-Version
X-ARC
X-Cache-Grace
X-Magnolia-Registration
X-CSRF-TOKEN
X-Endurance-Cache-Level
ServerName
X-Dispatch
X-Gen-Mode
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Hnp-Log
X-Webstats-RespID
X-Generated-On
CDCHOST
X-Hash
X-Via-NSCOPI
X-Debug-Log
X-Upstream-Ht
X-Proxy-Cache-Status
X-Upstream-Ct
X-Block-Status
X-Core-Value
X-Proxy-Upstream
X-RateLimit-Limit-Second
Proxy-Connection
X-CUA
X-Reboot
X-RateLimit-Remaining-Second
Served-By
X-Cache-Bucket
X-Location
Wxu-Next-Commit
X-Level-Front-Cache
Wxu-Next-Hostname
Wxu-Next-Region
Web-Mar-Node
X-Cache-Info
X-NX-Host
X-Ms-Version
X-Ms-Request-Id
X-Debug-Cookies
X-Instart-Isnd
Now
X-SRV
X-Uri
X-Core-Mission
X-C
X-B3-Parentspanid
X-Backend-State
X-Bip
X-App-Name
X-BBXSRF
X-Cache-Debug
X-Azure-Ref-OriginShield
X-Clara-WADP
X-Clientip
X-Cms-Context
X-CGP
X-Auto-Login
X-Cache-URL
X-Cdn-Srv
X-Compress-Hint
X-Qloud-Router
X-SVT-ORM-RULES
X-Sucuri-Cache
X-SVT-ORM-VERSION
X-Swa-Ws
X-Thanos
X-Skip-Cache
X-Sigma-Backend
X-Rocket-Build-Number
X-Reqid
X-Scheme
X-Server-IP
X-Sigma
X-Thinkindot-L3
X-TrackingId
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Dispatcher-Server
X-Request-URI
X-ND-Cache
X-We-Are-Hiring
X-WADP-Cache
X-Up
X-User
X-VC-Cache
X-VG-TLSProxy
X-Release
X-Policy
X-Generated-In
X-FW-Version
X-Generation-Time
X-Geo-Header
X-GeoIP-City
X-Fastly-Cache
X-Eu-Site
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Developers
X-Distil-CS
X-Has-Esi
X-Irp-Debug
X-Origin-Expires
X-Origin-Date
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Method
X-Matched-Rule
X-Is-Gdpr
X-JWT-State
X-Key
X-Logging-Id
X-Debug-Cache-Expiry
X-Azure-Ref
Heartbleed
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Kp-EeAlive
L
PFcat
Memcached
Magicmarker
Fastly-Soc-X-Request-Id
Esi-Enabled
Cache-Host
Mail-Subject
AKAMAI
We-Hiring
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Countrycode
Content-Disposition
X-Varnish-Beresp-Grace
Pramga
IBM-Web2-Location
Thinkindot-CacheControl-Type
RNT-Machine
Section-Io-Cache
Server-Int
X-Agile-Id
Thinkindot-CacheControl
Thinkindot-Control
RNT-Time
X-Agile
W
X-Agile-Age
X-Via-CDN
X-Nc
Cache-Provider
X-Urbn-Site-Id
X-Urbn-Context-Path
X-VServer
X-Owner
X-AK-Request-ID
X-Internal-Host
True-Client-Country-4JS
Cdnsip
X-NodeID
X-ServiceProvider
X-WebServer
X-Variation
Cdncip
Is-Eu
X-Epic-Correlation-Id
X-Distributor
X-Cache-Id
X-Cache-FS-Status
X-Li-Fabric
X-Request-Start
X-Old-Content-Length
X-LI-UUID
X-Platform-Server
X-Li-Pop
Adler-Geo
Locale
Platform
SD-X-WS
X-SD-PageType
X-MSEdge-Features
X-S-Maxage
X-MSEdge-Flight
X-Amz-Meta-Cache-Control
X-NC
X-Trafficlayer-App-Version
V-Age
Server-ID
X-LI-Proto
X-B3-Spanid
Powered-By-ChinaCache
X-Servername
Hostname
CF-IPCountry
Environment
X-GRACE
X-Cdn-Forward
X-UnsetCookies
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
X-Be
Locid
X-Served-From
FNAC-ModuleRouting
X-Req
X-Lb-Id
GEO-REGION-INFO
X-HTML-Minification-Powered-By
X-FPC
X-Newrelic-Synthetics
X-Sucuri-Id
X-Refresh
X-Gamma-Serve
X-CLOUD-TRACE-CONTEXT
X-VHOST
A
X-Developer
X-Nginx-Cache
X-Zone
Tcn
X-Sucuri-ID
X-Sn-Servicetimems
X-Device-Os
X-Render-Time
ProcessTime
X-Microcachable
X-Cdn-Origin
Geo-Info
X-Servedbyhost
X-Webkit-CSP
X-Edge-O15-RID
X-IPS-LoggedIn
X-Tb-Optimization-Total-Bytes-Saved
X-Node-Id
X-NU-AKA-ACS-Version
X-GeoIP-Country-Code
X-Pjax-Url
X-Mode
X-MP-GENERATED-AT
X-Ratelimit-Remaining
Request-Time
X-LJ-Flow-ID
X-VWS-Id
X-FORWARDED-FOR
X-AWS-Id
Memory
X-Pf-Uncompressing
Gannett-Cam-Experience-Id
X-COUNTRY
X-Correlation-ID
X-DC
X-Routing-Service
Geoip-Latitude
GeoIp-Country-Code
X-VCL-Version
X-Proxied
Amp-Access-Control-Allow-Source-Origin
Resin-Trace
TTL
X-Zipkin-Id
CF-Cached-On
XServer
X-CSRF-Token
Cf-Ipcountry
Group
X-Bc
PICS-Label
Pics-Label
X-Pod
GeoIP-Latitude
X-ElasticPress-Search
MIME-Version
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
GeoIP-Country-Code
X-Via-Edge
GeoIP-City
X-Instart-Info
X-Via-SSL
X-ECACHE
X-ZONE
M-TraceId
Geoip-City
X-Unique-ID
X-Ratelimit-Limit
X-Backend-Url
X-Var-Ttl
Host-ID
X-Backend-Host
Cdn
X-Vcl-Version
HostName
Backend-Name
X-Request-Time
X-Cdn-Request-ID
Ttl
X-APP
X-Swift-Error
X-NGINX-Cache
X-NGENIX-Cache
Pagetype
X-PF-Uncompressing
HitType
Ohc-File-Size
X-BC
REQUESTUUID
N-Cache
Lfy
X-Check-Cacheable
X-TH-Server
Ohc-Cache-HIT
Fly-Cache
X-PJAX-URL
Fly-Request-Id
URI
X-Fstrz
Cache-Prefix
X-UPSTREAM-Address
User-Agent
X-Fastly-Country-Code
X-ServedByHost
On-Server
X-Via-Ucdn
SRV
Powered-By
X-Worker
X-HostName
X-Tt-Trace-Tag
X-Cache-Miss-From
Media-Length
X-WR-MODIFICATION
Pragrma
CDN
X-Cache-Tag
X-Sedo-Request-Id
X-LiteSpeed-Cache-Control
Who
X-HS-Status
X-GEO
X-Server-W
X-Fetched-On
X-Aicache-OS
X-WA
AR-SID
X-Wa
Fastly-SIE
X-BE
X-Tt-Trace-Host
X-Rebelmouse-Cache-Control
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Upstream-CT
X-Hp-Ccpa-Warning
X-Upstream-HT
FSS-Proxy
FSS-Cache
X-LAGOON
X-Varnish-Cacheable
X-Fpc
X-Varnish-URL
UCS
X-Dynatrace-Js-Agent
X-LB-ID
X-Cf-Powered-By
X-Cache-Tags
X-Store
Debug
X-TT-LOGID
X-Fastly-Backend-Reqs
Processtime
X-ServerName
X-NYM-Debug-Backend
X-Ua
X-Ftr-Cache-Host
Server-Cache-Control
X-GDPR
X-Protected-By
X-Varnish-Beresp-TTL
Server-Id
X-Akamai-ERRuleID
Country-Code
X-Akamai-ERPolicy
X-Varnish-Authentication
X-Cache-ASPX
X-Contensis-Viewer-Groups
Server-Surrogate-Control
DataCenter
X-Apw-Access-Token
Xet-Cookie
X-Apw-Hits
WP-Super-Cache
X-VC
Location
Fastly-Backend-Name
X-SB
X-Apw-Access-Action
X-Edge-Server
X-Apw-Access-Object
XxX-Cache-Status
SID
X-Li-Proto
Thinkindot-Cache-Type
X-Gen-Id
X-Fastly-Cache-Hits
Product
Application
X-Dw-Trace-Id
X-Amzn-Remapped-Date
X-Request-Url
Cneonction
Cdn-Host
X-SN
X-Nananana
X-Amzn-Remapped-Connection
NnCoection
Cdn-Request-Time