Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-Request-ID
X-Template
X-DNS-Prefetch-Control
X-Language
X-Iinfo
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
X-AspNetMvc-Version
Upgrade
Access-Control-Expose-Headers
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-CDN
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Backend
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-AH-Environment
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
X-Server
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Dns-Prefetch-Control
X-Rq
X-Cdn
X-WebKit-CSP
X-Ac
Report-To
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Server-Id
X-Response-Time
X-Cnection
Request-Id
X-Host
X-Backend-Server
X-DataDome
Content-Location
X-Cloud-Trace-Context
X-Node
X-Origin-Cache
X-Readtime
X-Cache-Lookup
X-Vhost
NEL
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
X-Aspnetmvc-Version
X-Country
Surrogate-Control
Rating
X-DynaTrace
X-FTR-Request-ID
Pinterest-Generated-By
X-Country-Code
X-Goog-Hash
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Accept-Ch
X-Akam-SW-Version
X-Ws-Request-Id
X-MS-InvokeApp
X-Varnish-TTL
X-Vname
X-PC
X-TtlSet
X-Url
X-Instart-Request-ID
X-B3-TraceId
X-Ruxit-JS-Agent
Edge-Control
X-Powered-By-Plesk
Verso
SPRequestGuid
X-Mod-Pagespeed
Accept-Ch-Lifetime
X-Sol
Response
X-Middleton-Response
Display
X-Middleton-Display
X-D2id
X-Ah-Environment
X-SharePointHealthScore
X-Trace
X-VARITI-CCR
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Kinja-Revision
RTSS
X-Server-Name
Service-Worker-Allowed
X-GitHub-Request-Id
SPRequestDuration
SPIisLatency
X-Server-ID
X-Navigation-Version
X-ESI
X-CST
X-Powered-CMS
X-Debug
Pagespeed
X-Abt-Application-Version
X-Vcap-Request-Id
Public-Key-Pins
Content-MD5
X-Amz-Server-Side-Encryption
X-Px
MS-Author-Via
X-Version
X-Upstream
Charset
X-TTL
X-Amz-Rid
X-Forwarded-Proto
X-NF-Request-ID
DynaTrace
Realpath
X-Shard
X-Cached
Fastly-Restarts
X-Recruiting
TCN
X-Vcache
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
X-SERVER
Pinterest-Version
X-Pinterest-Rid
Arr-Disable-Session-Affinity
X-MSEdge-Ref
X-Shield-Request-Id
Access-Control-Request-Method
Edge-Cache-Tag
X-DynaTrace-JS-Agent
X-XRDS-Location
Nginx-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
S
X-Ser
Front-End-Https
X-Fastly-Request-ID
X-Accel-Expires
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Goog-Storage-Class
X-Id
X-Varnish-Age
X-Element-Page-Cache
X-Client-IP
X-T
X-FTR-Cache-Status
X-FTR-DC
X-Ttl
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-FTR-Expires
X-RateLimit-Remaining
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
NR-ENABLED
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
X-Content-Digest
X-Hits
Powered
AR-ATIME
Ar-Sid
X-Fastcgi-Cache
AR-CACHE
AR-PoweredBy
X-Forwarded-For
ServerID
X-Kinsta-Cache
Cache-Tag
X-Correlation-Id
X-Grace
X-Litespeed-Cache
TP-Cache
TP-L2-Cache
X-HS-Cache-Config
X-Cache-Hit
X-FTR-Cache-Host
X-N
X-Node-Name
AMP-Access-Control-Allow-Source-Origin
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Content-Type
X-Request-Received
X-Srv
X-Request-Processing-Time
X-Request-Handler-Origin-Region
Alternate-Protocol
X-Microsite
X-Webkit-Csp
X-Zen-Fury
X-Hp-Webp
X-User-Agent
X-Rid
Server-Name
X-FastCGI-Cache
Server-Node
Backend-Timing
X-Via-JSL
X-Revision
X-Analytics
Healthy
X-LB-Cache
AR-Request-ID
Paypal-Debug-Id
X-Az
X-AppVersion
X-Activity-Id
Retry-After
Cache-Status
X-Logged-In
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
X-Akamai-Edgescape
X-Webapp-Samesite-None-Activated-N
X-IPLB-Instance
X-Type
X-Amzn-RequestId
X-Cached-By
X-Amz-Apigw-Id
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
X-GUploader-UploadID
X-HS-Combine-CSS
X-Cache-Age
X-Varnish-Grace
X-Pad
FilterID
X-B3-Sampled
X-Mobile-URL
X-F-Cache
X-Content-Options
X-FB-Debug
X-Tumblr-User
Refresh
Accept-Charset
X-Geo-Country
X-Instance
X-Debug-Info
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Request-Guid
Source
X-AOL-HN
X-Page-Id
X-Cluster
X-App-Environment
X-Jobs
X-Seen-By
X-B
Host
Actual-Object-TTL
X-Framework
X-PHP-Backend
DC
X-VCache
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-PressLabs-Stats
X-Whom
Upgrade-Insecure-Requests
MS-CV
X-Esi
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Fastcgi-Useragent
X-Content-Powered-By
X-WebKit-CSP-Report-Only
X-Time
X-Varnish-Backend
X-ATG-Version
X-Cache-2
X-Host-Name
X-Cache-Key
X-Git-Hash
X-TT
X-Cache-Control
X-Cache-TTL
X-Cache-Operation
Surrogate-Key
X-Cache-Rule
X-Forwarded-Host
X-TA-CDN-Provider
X-Amz-Replication-Status
Frame-Options
Cache
X-FW-Type
X-Kong-Upstream-Latency
X-Wix-Request-Id
X-Kong-Proxy-Latency
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Daa-Tunnel
NGB
Xserver
X-Response-Served-From
X-Signature
X-Mobile
X-B-Cache
Tracecode
X-Origin-Server
Cache-Tv-Group
Host-Header
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Drupal-Cache-Tags
Filters
X-GeoIP
X-Cache-NE
X-UA-Device-Type
Eomportal-Instance
Payment
X-Region
X-Cache-Action
WPE-Backend
X-RequestSource
Webserver
X-Hyper-Cache
X-TX-ID
From-Origin
X-Adobe-Loc
X-Adobe-Content
X-Handled-By
X-Cacheable-TTL
X-App-Server
Cleartype
X-ProcessESI
X-RemovedCookies
X-EdgeConnect-Cache-Status
X-Cache-Enabled
Ms-Operation-Id
X-RateLimit-Limit
X-RTag
X-Webkit-CSP
Datacenter
X-Cache-TTL-Remaining
X-UA
X-Status
Accept-CH-Lifetime
X-Akamai-Transformed
X-Contextid
X-Hostname
X-NewRelic-App-Data
X-Cache-Server
Accept-CH
Liferay-Portal
X-BCube-Filmed-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-TT-TIMESTAMP
X-Load-Cache
X-Edge-Location
X-FW-Dynamic
X-Varnish-Hostname
Odigeo-Trace-Id
Server-Info
Version
X-App-Version
X-IP
Meta-Geo
X-Cache-Var
X-Path-Route
X-Cache-Var-Map
X-RN-RSRV
Load-Balancing
X-Varnish-Server
X-ES-SERVER
X-Xfnlog-Site
X-Rule
X-Viewer-Country
Cache-Tags
DB-Nickname
X-UUID
Country
X-Cache-Config
X-PCL
X-OCL
X-Debug-Cache
X-CCM
X-EIG-Tracking-Id
X-Drupal-Cache-Contexts
X-Origin-Response-Time
X-Rocket-Nginx-Bypass
X-Via-Fastly
X-Web-Node
X-Origin-Hint
X-Proto
X-Origin
X-Info
X-Hosted-By
X-From
X-FC-Vary-Parameters
X-Labrador-Cache-Channel
X-Loop
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
X-Varnish-Cache-Hits
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Device-Class
X-Pubstack
Property-Id
S-Rt
TWC-Connection-Speed
Webcakes-App-Version
Webcakes-Region
Azure-Version
X-Proxy
X-TNCMS
X-Upgrade-Enabled
X-ServerID
X-Real-IP
X-Akamai-Request-ID
X-Cache-Host
X-R9-Blue-Green-Version
Cache-Name
Mn-Server-Ip
L5d-Success-Class
X-Content-Age
X-Goog-Meta-Goog-Reserved-File-Mtime
Fastly-SSL
X-Format
Ec-Rule-Version
X-Generated
DSUID
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-FireWall-Port
X-Cluster-Name
S-Cnection
X-Akamai-Request-ID2
Selected-Fe
X-Access
Release
X-ApacheServer
X-Cache-Time
X-Backend-Name
Origin-Cache-Control
Origin-Edge-Control
X-JoinUs
X-Human
X-Time-Microsecs
X-Proxy-Build
X-Section
X-Timing-Wait
X-VCT
X-Rendered-As
X-PERF
X-Redis-Cache
X-Soup
X-Vgn-Hpd-Reason
X-Varnish-Hits
X-Origin-CC
X-WA-Info
Rt-Fastcgi-Cache
X-Origin-TTL
X-XRDS-LOCATION
GEO-INFO
X-Locale
X-Www-Served-By
X-Site-Version
X-Storage
Viewport
X-NWS-UUID-VERIFY
Cache-Key
NGX
X-Cache-Grace
X-Cache-Remote
X-Is-Bot
Vix-Hermes-Req-Id
X-Guploader-Uploadid
X-ProxyCache-Status
Uber-Trace-Id
X-Hit
X-BYPASS-REASON
X-ProxyCache-Key
X-GoCache-CacheStatus
Cteonnt-Length
X-B3-SpanId
Cache-Hits
X-Backend-TTL
Time
X-NCache
Origin
X-ATS-Timestamp
X-PHP-Host
X-SS-Set-Cookie
X-Device-Type
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Generated-By
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-CS
X-Trace-Id
X-Cache-Backend
Mime-Version
X-Tumblr-Pixel-3
X-Amzn-Remapped-Content-Length
Accept-Language
Hostname
X-CF-Powered-By
Akamai-GRN
X-OVcl
X-OVcl-Cache
X-UnsetCookies
X-S
X-Accel-Buffering
X-Nginx-Cache-Key
X-CACHE-KEY
X-Via-CDN
X-Cluster-Node
Fastcgi-X-Cache-Version
X-FB-TRIP-ID
X-ORACLE-APMCS-REQUEST-ID
X-Environment-Context
X-L-Path
X-Uri
X-Cdn-Forward
X-No-Session
X-ORACLE-APMCS-TAG
Now
X-Tb
X-FW-Version
X-MServer
X-CSRF-TOKEN
X-B3-Traceid
Access-Control-Request-Headers
X-URL
X-SayCDN-TTL
User-Cache-Control
X-Say-TTL
OT-Force-Account-Verify
X-Say-Cacheable
ServerName
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Connection-Hash
X-Twitter-Response-Tags
X-D
Meta-Geo-Continent
X-Date
MD5-Digest
Mobile-Detection-Method
Machine
X-PAYTM-SRV-ID
IsBot
X-Trv-Group
X-Transaction
Apple-News-Services-Parsed-Url
X-Processor
Apple-News-Services-Host
Apple-News-Services-Handled
X-Hl-Ver
X-G
X-External-Request-Id
Apple-News-Services-Request-Url
Arc-Country
X-Destination
Content-Script-Type
Content-Style-Type
X-Detected-As
X-DPWN-IS-SECURE
AsisCache
BehaviorPad-Version
Xc-Version
Cross-Origin-Window-Policy
Request-Country
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S-Cookie
X-A-Dgt
X-VG-WebCache
T-Server
X-Tec-Api-Root
X-Tec-Api-Version
X-Region-Sid
X-A-Wwc
X-A-Dcw
X-ScT
X-Server-Time
X-A
X-Session-Fingerprint
X-SIPLIST1
VivaBuild
Viewtype
X-Presslabs-Stats
X-SRCache-Key
X-A-Dam
X-A-Ccd
X-Tec-Api-Origin
X-VG-WebServer
X-Vtex-Processado-Em
Request-EU
Rt-Proxy-Cache
X-ARC
X-Vtex-Remote-Cache
X-Application
X-Aed
X-AIR-PT
Rendered-Blocks
X-Svr
X-Accel-Expires-Debug
X-B-Cookie
Node
X-Endurance-Cache-Level
X-NC
Web-Mar-Node
RNT-Machine
X-Gen-Mode
X-Cache-Debug
X-Cache-Info
X-Cache-Bucket
X-Clara-WADP
Server-Host
X-Debug-Log
X-Block-Status
CDCHOST
X-Developer
X-Debug-Cookies
Thinkindot-CacheControl
Server-Int
Thinkindot-Control
RNT-Time
X-Cms-Context
Thinkindot-CacheControl-Type
A
Mail-Subject
We-Hiring
X-Proxy-Cache-Status
X-Parent-Response-Time
X-Location
X-Thinkindot-L3
X-WADP-Cache
ServedBy
X-NX-Host
X-Matched-Rule
X-S-Maxage
X-Request-URI
X-Reboot
X-Hnp-Log
X-Proxy-Upstream
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Sorting-Hat-ShopId
X-ShardId
NtCoent-Length
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Varnish-Beresp-Status
Proxy-Connection
X-SaId
X-Sucuri-Id
X-Amz-Meta-Cache-Control
X-We-Are-Hiring
X-Eu-Site
X-App-Name
X-Internal-Host
X-Fastly-Cache
X-Auto-Login
X-Skip-Cache
X-RateLimit-Limit-Second
X-BBXSRF
X-TrackingId
X-Policy
X-Backend-State
X-Azure-Ref-OriginShield
X-Instart-Isnd
X-Azure-Ref
X-RateLimit-Remaining-Second
X-IN-APIGATEWAYSSL
X-User
X-Variation
X-SD-PageType
X-Server-IP
X-Service
X-Up
X-7Graus-Varnish-XKeys
X-Sn-Servicetimems
X-VG-TLSProxy
X-Generation-Time
X-VServer
X-Hash
X-IN-APIGATEWAY
X-Release
X-Reqid
X-Generated-On
X-Generated-In
X-Request-Start
X-Platform-Server
X-C
X-Debug-Cache-Store
X-Distributor
X-WebServer
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-CUA
X-Wikidot-Static-Cache
X-Magnolia-Registration
X-LI-UUID
X-Li-Pop
X-Wikidot-Backend
X-Dispatch
X-Dispatcher-Server
X-Developers
X-Webstats-RespID
X-Li-Fabric
X-Level-Front-Cache
X-Key
X-Core-Mission
X-Ms-Request-Id
X-Cache-FS-Status
X-Cache-Id
X-Old-Content-Length
X-Is-Gdpr
Wxu-Next-Region
X-Distil-CS
X-Origin-Expires
X-Origin-Date
X-Cache-URL
X-JWT-State
X-Clientip
X-Ms-Version
X-Compress-Hint
X-CGP
X-Epic-Correlation-Id
X-Cdn-Origin
X-Cdn-Srv
X-Has-Esi
X-Irp-Debug
X-7Graus-Varnish-Cache-Control
IBM-Web2-Location
HA-Ipaddr
Ha-Gx-Prefs
Is-Eu
Kp-EeAlive
Memcached
Magicmarker
Gh-Request-Id
Fastly-Soc-X-Request-Id
X-Nc
Wxu-Next-Hostname
Cache-Host
Content-Disposition
Esi-Enabled
Countrycode
Platform
Adler-Geo
Wxu-Next-Commit
W
Served-By
SD-X-WS
Section-Io-Cache
True-Client-Country-4JS
X-B3-Parentspanid
Cache-Provider
X-MSEdge-Flight
X-Agile-Age
X-Agile
Heartbleed
X-MSEdge-Features
X-Urbn-Context-Path
X-Device-Os
X-LI-Proto
X-ServiceProvider
V-Age
X-Method
X-Urbn-Site-Id
X-Agile-Id
X-Swa-Ws
X-Node-Id
X-Scheme
X-Qloud-Router
PFcat
Pramga
X-Thanos
X-VC-Cache
X-SVT-ORM-VERSION
L
X-Owner
X-SVT-ORM-RULES
Locale
X-Logging-Id
X-Geo-Header
X-GeoIP-City
X-Bip
AKAMAI
X-GRACE
X-APP-VERSION
X-Lb-Id
X-Dc
Server-ID
X-NodeID
X-Core-Value
X-Geo
Srv
X-Vdms-Version
X-Servername
CF-IPCountry
GEO-REGION-INFO
X-GEO
Environment
X-EC-Lua
X-AK-Request-ID
Cdnsip
X-Sigma-Backend
X-Sucuri-Cache
X-Rocket-Build-Number
X-Sigma
X-Shopify-Generated-Cart-Token
Cdncip
Request-Time
X-Newrelic-Synthetics
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-CDN-Forward
X-Pjax-Url
X-Be
X-NGENIX-Cache
X-FPC
X-Servedbyhost
X-ECACHE
Powered-By-ChinaCache
X-Upstream-Ct
X-Microcachable
X-Upstream-Ht
X-Unique-Id
Resin-Trace
X-Via-NSCOPI
X-Nginx-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-VHOST
X-ElasticPress-Search
X-Instart-Info
X-Unique-ID
Group
X-Backend-Url
X-Backend-Host
X-Source
Tcn
X-Zone
X-ND-Cache
X-Correlation-ID
X-B3-Spanid
X-RCS-CacheZone
Memory
Backend-Name
CF-Cached-On
PageSpeed
X-Var-Ttl
X-Trafficlayer-App-Version
SRV
Ohc-Cache-HIT
X-IPS-LoggedIn
Ohc-File-Size
X-DC
X-Oracle-Dms-Rid
N-Cache
X-AWS-Id
X-VCL-Version
Fly-Cache
Locid
Cache-Prefix
X-LJ-Flow-ID
Fly-Request-Id
X-VWS-Id
X-Req
Lfy
Pagetype
X-Upstream-CT
X-Dynatrace
X-Upstream-HT
X-Worker
FNAC-ModuleRouting
X-Served-From
Cdn
Geo-Info
Gannett-Cam-Experience-Id
X-Gamma-Serve
X-COUNTRY
Cf-Ipcountry
X-Ratelimit-Remaining
GeoIP-Country-Code
X-Refresh
TTL
GeoIP-City
GeoIP-Latitude
Pics-Label
X-Check-Cacheable
X-Via-Ucdn
Amp-Access-Control-Allow-Source-Origin
X-Ua
PICS-Label
X-Sedo-Request-Id
X-Pod
X-Pf-Uncompressing
X-Fetched-On
X-Cache-Miss-From
X-Server-W
X-Bc
Geoip-Latitude
X-Render-Time
X-Via-Edge
X-Via-SSL
GeoIp-Country-Code
Fastly-SWR
Fastly-SIE
ProcessTime
X-APP
X-PF-Uncompressing
X-CSRF-Token
Ttl
REQUESTUUID
Geoip-City
X-Rebelmouse-Surrogate-Control
X-Wa
X-Rebelmouse-Cache-Control
XServer
X-Sucuri-ID
X-Upstream-Proxy
X-NU-AKA-ACS-Version
X-Ratelimit-Reset
X-Datadome
M-TraceId
X-HTML-Minification-Powered-By
X-Vcl-Version
X-CLOUD-TRACE-CONTEXT
X-Fstrz
X-ZONE
X-GeoIP-Country-Code
X-HS-Status
X-LiteSpeed-Cache-Control
X-Tt-Trace-Tag
X-Mode
X-SRV
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-GDPR
Cache-Cookie-Set-Lfrom
X-Ratelimit-Limit
X-TIME
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-Fastly-Country-Code
X-Dynatrace-Js-Agent
On-Server
HitType
X-SN
User-Agent
Pragrma
X-Cache-Tag
X-MP-GENERATED-AT
X-HostName
MIME-Version
X-Swift-Error
X-WR-MODIFICATION
X-Aicache-OS
HostName
URI
X-ABtesting
SS
Host-ID
X-BC
X-Org
X-Flog
X-ServedByHost
X-Hello
X-NGINX-Cache
X-Response-By
X-FORWARDED-FOR
X-TT-LOGID
X-BE
Who
X-Ftr-Cache-Host
X-WA
CACHE
X-RateLimit-Reset
X-Edge-O15-RID
Requestid
X-RPM
X-RPS
X-RSL
X-Cdn-Request-ID
X-UPSTREAM-Address
SN
X-DSS
X-PJAX-URL
X-Action
X-Fastly-Backend-Reqs
X-Fpc
X-Cache-Ttl
X-DI
X-DB
X-DW
X-Zipkin-Id
X-Routing-Service
Dynatrace
X-Proxied
X-Varnish-URL
X-Varnish-Cacheable
X-Page-Type
X-TH-Server
X-Cf-Powered-By
RequestUuid
Country-Code
X-LAGOON
DataCenter
Lb
Powered-By
CDN
Server-Id
X-ServerName
Debug
Is-Session-Tracking
Get-Access-Time
LB
X-VC
X-SB
UCS
X-Tt-Trace-Host
Media-Length
X-MCACHE
X-MID
XxX-Cache-Status
X-Edge
X-Gen-Id
X-Protected-By
X-Nananana
X-Varnish-Beresp-TTL
X-Request-Url
NnCoection
X-Dw-Trace-Id
X-LiteSpeed-Tag
Correlation-Id
Xet-Cookie
Warning
RequestId
X-LB-ID
X-Request-Time
X-Akamai-ERPolicy
X-Akamai-ERRuleID
SID
X-Fastly-Cache-Hits
Application
X-Li-Proto
Thinkindot-Cache-Type
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Product