Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
X-XSS-PROTECTION
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Ua-Compatible
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
EagleId
X-AH-Environment
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Rq
Report-To
X-Ac
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Response-Time
X-Server-Id
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Cloud-Trace-Context
X-Node
X-Origin-Cache
X-Dns-Prefetch-Control
X-Readtime
X-Cdn
X-Cache-Lookup
NEL
X-Vhost
P3p
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
Surrogate-Control
X-Country
Rating
X-Ws-Request-Id
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Pinterest-Generated-By
X-Akam-SW-Version
X-Varnish-TTL
X-Vname
X-PC
X-TtlSet
X-MS-InvokeApp
X-Ruxit-JS-Agent
X-Instart-Request-ID
X-Url
Edge-Control
Accept-Ch
Verso
X-B3-TraceId
X-Powered-By-Plesk
X-Mod-Pagespeed
SPRequestGuid
X-D2id
Response
X-Sol
X-Middleton-Response
X-Trace
X-Middleton-Display
Display
X-SharePointHealthScore
X-VARITI-CCR
RTSS
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
X-Use-Magma
Pagespeed
X-Kinja-Build
X-Kinja-Server
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Server-ID
Service-Worker-Allowed
X-Server-Name
X-GitHub-Request-Id
SPIisLatency
SPRequestDuration
X-Navigation-Version
Accept-Ch-Lifetime
X-Powered-CMS
X-ESI
X-Debug
X-Abt-Application-Version
Content-MD5
X-CST
X-Vcache
X-Vcap-Request-Id
Public-Key-Pins
X-Amz-Server-Side-Encryption
Charset
MS-Author-Via
X-Px
X-Upstream
X-Version
X-Forwarded-Proto
X-NF-Request-ID
X-Amz-Rid
X-TTL
DynaTrace
X-Cached
X-Aspnetmvc-Version
Realpath
X-Shard
Fastly-Restarts
TCN
X-Recruiting
X-TEC-API-ROOT
Edge-Cache-Tag
X-TEC-API-VERSION
X-TEC-API-ORIGIN
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
Arr-Disable-Session-Affinity
X-MSEdge-Ref
Pinterest-Version
X-Pinterest-Rid
Access-Control-Request-Method
X-DynaTrace-JS-Agent
X-Shield-Request-Id
X-XRDS-Location
X-SRCache-Fetch-Status
Nginx-Cache
X-SRCache-Store-Status
S
X-Ser
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Fastly-Request-ID
Front-End-Https
X-Accel-Expires
X-Ah-Environment
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Goog-Storage-Class
X-Ttl
X-Client-IP
X-Id
X-Varnish-Age
X-Element-Page-Cache
X-T
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
Mrf-Cache-Status
X-FTR-Expires
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Amzn-Trace-Id
X-RateLimit-Remaining
X-Dw-Request-Base-Id
Fastcgi-Cache
NR-ENABLED
X-HS-Hub-Id
X-HS-Content-Id
X-Content-Digest
X-Frontend
Powered
X-Hits
Cache-Tag
X-Correlation-Id
X-Kinsta-Cache
X-Grace
X-Fastcgi-Cache
X-Litespeed-Cache
ServerID
X-HS-Cache-Config
X-FTR-Cache-Host
TP-L2-Cache
TP-Cache
Ar-Sid
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Webkit-Csp
X-Cache-Hit
X-Node-Name
Alternate-Protocol
X-Hp-Webp
X-Forwarded-For
X-Request-Processing-Time
X-Request-Received
PB-PID
X-Webapp-Samesite-None-Activated-N
X-Microsite
X-N
PB-RID
X-Request-Handler-Origin-Region
AMP-Access-Control-Allow-Source-Origin
X-Mobile-Rewrite
Arc-Version
X-Content-Type
X-Zen-Fury
Server-Name
X-FastCGI-Cache
X-User-Agent
X-Rid
X-Analytics
Server-Node
X-Revision
Backend-Timing
Healthy
X-LB-Cache
X-Content-Security-Policy-Report-Only
X-Activity-Id
Cache-Status
X-AppVersion
X-Az
X-Akamai-Edgescape
Retry-After
X-Logged-In
X-Srv
X-SERVER
X-Via-JSL
X-HS-Combine-CSS
Paypal-Debug-Id
X-IPLB-Instance
X-GUploader-UploadID
X-Oneagent-Js-Injection
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cached-By
X-NWS-LOG-UUID
X-Type
AR-Request-ID
X-Pad
X-Varnish-Grace
X-Ruxit-Js-Agent
FilterID
X-Cache-Age
X-Mobile-URL
X-B3-Sampled
X-F-Cache
X-Geo-Country
Refresh
X-Content-Options
X-Debug-Info
X-FB-Debug
X-Instance
Accept-Charset
X-Cluster
X-AOL-HN
X-Page-Id
X-Tumblr-Pixel-0
Access-Control-Allow-Method
X-Request-Guid
X-Tumblr-User
X-Tumblr-Pixel
Actual-Object-TTL
Host
Source
X-Framework
X-B
X-Seen-By
X-Esi
X-Jobs
X-App-Environment
X-Erf-Bev-Bev
Upgrade-Insecure-Requests
DC
X-PHP-Backend
X-Erf-Bev-Bev-Is-Generated
Accept-CH-Lifetime
X-Varnish-Backend
Accept-CH
X-WebKit-CSP-Report-Only
X-Whom
X-Cache-Key
MS-CV
X-PressLabs-Stats
Fastcgi-Useragent
X-ATG-Version
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Git-Hash
X-Cache-2
X-TT
X-Host-Name
X-Cache-Control
X-TA-CDN-Provider
X-Time
X-Amz-Replication-Status
Surrogate-Key
Cache
X-Cache-TTL
X-Cache-Rule
X-Cache-Operation
X-Wix-Request-Id
Frame-Options
X-FW-Serve
X-Forwarded-Host
X-FW-Hash
X-FW-Static
X-FW-Server
X-FW-Type
NGB
X-Response-Served-From
X-Signature
X-B-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Daa-Tunnel
Host-Header
Xserver
X-Origin-Server
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Tumblr-Pixel-2
X-Mobile
X-Cache-Action
X-Hyper-Cache
X-TX-ID
X-Cache-NE
Eomportal-Instance
Payment
X-Region
Webserver
Filters
WPE-Backend
From-Origin
X-Adobe-Content
X-Cacheable-TTL
X-Drupal-Cache-Tags
X-Adobe-Loc
X-GeoIP
X-Handled-By
X-UA-Device-Type
Cleartype
X-UA
X-RequestSource
X-ProcessESI
X-Cache-Enabled
X-App-Server
X-RemovedCookies
Tracecode
X-EdgeConnect-Cache-Status
X-RTag
Ms-Operation-Id
Datacenter
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-NewRelic-App-Data
X-Status
X-Hostname
X-Contextid
X-Load-Cache
X-RateLimit-Limit
X-VCache
Liferay-Portal
X-Cache-Server
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Edge-Location
X-BCube-Filmed-By
X-TT-TIMESTAMP
Odigeo-Trace-Id
X-Varnish-Hostname
X-FW-Dynamic
Server-Info
X-Cache-Var-Map
X-Path-Route
Meta-Geo
X-Rule
X-Varnish-Server
X-ES-SERVER
X-Cache-Var
X-RN-RSRV
Load-Balancing
X-Xfnlog-Site
Version
X-Viewer-Country
X-IP
DB-Nickname
X-OCL
Country
X-Cache-Config
X-UUID
X-Rocket-Nginx-Bypass
X-PCL
X-CCM
Cache-Tags
Azure-SlotName
X-Pubstack
X-R9-Blue-Green-Version
X-Proxy
X-Proto
X-From
X-FC-Vary-Parameters
X-Real-IP
X-Drupal-Cache-Contexts
X-Upgrade-Enabled
X-Web-Node
X-Debug-Cache
X-TNCMS
X-ServerID
X-Akamai-Request-ID
S-Rt
X-Info
Azure-Version
X-Hosted-By
Azure-SiteName
Azure-RegionName
Cache-Name
X-Labrador-Cache-Channel
X-Origin
X-Origin-Response-Time
X-Via-Fastly
Fastly-SSL
X-Loop
Azure-InstanceId
L5d-Success-Class
X-Origin-CC
X-Origin-TTL
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
Webcakes-App-Version
TWC-Privacy
TWC-Connection-Speed
Webcakes-App-Name
Property-Id
Ec-Rule-Version
Decoy-Debug-TTL
Decoy-Debug-Status
Mn-Server-Ip
Origin-Cache-Control
Webcakes-Region
Origin-Edge-Control
S-Cnection
X-Access
X-PERF
X-Origin-Hint
X-Human
X-XRDS-LOCATION
X-Rendered-As
X-Cache-Time
X-Varnish-Cache-Hits
X-Section
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Cache-Host
X-Backend-Name
X-ApacheServer
X-Cluster-Name
X-Content-Age
X-Format
X-FireWall-Port
X-EIG-Tracking-Id
Decoy-Debug-Key
X-JoinUs
X-Redis-Cache
Release
X-VCT
Selected-Fe
X-Time-Microsecs
X-Soup
X-Vgn-Hpd-Reason
X-Timing-Wait
X-Varnish-Hits
X-Akamai-Request-ID2
X-Proxy-Build
NGX
X-NWS-UUID-VERIFY
X-Storage
Viewport
X-Site-Version
X-Locale
DSUID
Rt-Fastcgi-Cache
X-Www-Served-By
X-ATS-Timestamp
X-B3-Traceid
X-Is-Bot
X-WA-Info
Cache-Key
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-App-Version
Uber-Trace-Id
Cteonnt-Length
GEO-INFO
Vix-Hermes-Req-Id
X-GoCache-CacheStatus
X-Cache-Grace
X-Hit
X-PHP-Host
X-Webkit-CSP
Cache-Hits
X-Cache-Backend
X-Cache-Remote
X-SS-Set-Cookie
X-NCache
X-Backend-TTL
Time
X-Guploader-Uploadid
X-Generated-By
X-Amzn-Remapped-Content-Length
Akamai-GRN
Origin
X-Trace-Id
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-CS
X-Tumblr-Pixel-3
X-Accel-Buffering
X-Device-Type
X-Nginx-Cache-Key
X-CF-Powered-By
Accept-Language
X-OVcl
X-OVcl-Cache
Hostname
X-S
X-B3-SpanId
X-L-Path
X-Environment-Context
X-No-Session
X-UnsetCookies
X-APP-VERSION
X-Cluster-Node
X-Via-CDN
Mime-Version
X-Tb
X-URL
Fastcgi-X-Cache-Version
X-Uri
X-FB-TRIP-ID
X-MServer
X-Tec-Api-Version
X-Tec-Api-Root
Now
X-Tec-Api-Origin
X-SaId
X-Presslabs-Stats
X-CACHE-KEY
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-CSRF-TOKEN
X-FW-Version
User-Cache-Control
X-G
IsBot
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
X-External-Request-Id
X-Hl-Ver
X-Processor
Cross-Origin-Window-Policy
X-Destination
Apple-News-Services-Request-Url
Content-Script-Type
Arc-Country
X-Detected-As
BehaviorPad-Version
X-DPWN-IS-SECURE
Apple-News-Services-Parsed-Url
Content-Style-Type
X-Connection-Hash
Apple-News-Services-Handled
X-D
X-Date
Apple-News-Services-Host
AsisCache
X-CF-Lambda-Version
Viewtype
X-AIR-PT
Rt-Proxy-Cache
T-Server
X-Aed
X-Vtex-Remote-Cache
X-SIPLIST1
X-Application
Request-Country
Request-EU
X-Server-Time
Access-Control-Request-Headers
X-SRCache-Key
X-Vtex-Processado-Em
X-Accel-Expires-Debug
X-A-Dgt
X-Twitter-Response-Tags
X-Trv-Group
X-A-Wwc
X-A-Dcw
X-Svr
X-A-Ccd
X-VG-WebServer
X-VG-WebCache
X-A-Dam
X-A
X-Session-Fingerprint
Mobile-Detection-Method
Node
X-ARC
MD5-Digest
VivaBuild
X-Request-UUID
X-Transaction
Xc-Version
X-B-Cookie
X-Region-Sid
X-S-Cookie
Rendered-Blocks
X-ScT
X-Rojux
Meta-Geo-Continent
Machine
X-Rewrite-Enabled
X-Endurance-Cache-Level
ServerName
X-NC
OT-Force-Account-Verify
X-Block-Status
X-Cache-Bucket
X-Gen-Mode
Server-Int
X-Cms-Context
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Debug-Log
X-Cache-Debug
Thinkindot-CacheControl
RNT-Machine
X-Clara-WADP
X-Debug-Cookies
RNT-Time
CDCHOST
X-Cache-Info
X-Proxy-Upstream
Proxy-Connection
X-Request-URI
X-NX-Host
X-Thinkindot-L3
X-Geo
X-S-Maxage
X-Matched-Rule
X-Location
X-Reboot
Mail-Subject
We-Hiring
X-Hnp-Log
X-WADP-Cache
X-Proxy-Cache-Status
Web-Mar-Node
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Cdn-Forward
X-Request-Start
X-SD-PageType
X-Server-IP
X-Reqid
X-ShardId
X-Azure-Ref-OriginShield
X-Release
X-Backend-State
X-BBXSRF
X-Azure-Ref
X-Auto-Login
X-ShopId
X-WebServer
X-We-Are-Hiring
X-VServer
X-VG-TLSProxy
X-Wikidot-Backend
X-7Graus-Varnish-XKeys
X-Service
X-Core-Value
X-Wikidot-Static-Cache
X-Variation
X-User
X-Shopify-Stage
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
X-Skip-Cache
X-Sorting-Hat-PodId
X-Up
X-TrackingId
X-Sorting-Hat-ShopId
X-App-Name
X-Cache-Id
X-Distributor
X-Epic-Correlation-Id
X-Eu-Site
X-Key
X-Distil-CS
X-Developers
X-Li-Fabric
X-Developer
X-Level-Front-Cache
X-JWT-State
X-Is-Gdpr
X-Has-Esi
X-Generated-In
X-Generated-On
X-Fastly-Cache
X-IN-APIGATEWAY
X-Irp-Debug
X-Internal-Host
X-IN-APIGATEWAYSSL
X-Li-Pop
X-LI-UUID
X-Cdn-Srv
X-Origin-Expires
X-Origin-Date
X-CGP
X-Cache-URL
X-Platform-Server
X-Cache-FS-Status
X-Policy
X-Generation-Time
X-Old-Content-Length
X-Clientip
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Magnolia-Registration
X-Debug-Cache-Expiry
X-Ms-Request-Id
X-Compress-Hint
X-Core-Mission
X-Ms-Version
X-C
X-7Graus-Varnish-Cache-Control
Platform
X-Parent-Response-Time
HA-Ipaddr
Ha-Gx-Prefs
Adler-Geo
Gh-Request-Id
Esi-Enabled
IBM-Web2-Location
Magicmarker
A
Kp-EeAlive
Memcached
Is-Eu
Cache-Host
SD-X-WS
Countrycode
Content-Disposition
True-Client-Country-4JS
ServedBy
Server-Host
W
Section-Io-Cache
Fastly-Soc-X-Request-Id
Cache-Provider
NtCoent-Length
X-B3-Parentspanid
Srv
X-Nc
X-VC-Cache
X-CDN-Forward
X-SVT-ORM-RULES
X-Dispatch
X-Dispatcher-Server
X-Method
X-GeoIP-City
X-Scheme
X-SVT-ORM-VERSION
X-Hash
X-Swa-Ws
X-Owner
X-Thanos
X-Urbn-Context-Path
X-Dc
X-Qloud-Router
X-ServiceProvider
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-MSEdge-Flight
X-MSEdge-Features
X-Webstats-RespID
AKAMAI
L
X-Instart-Isnd
X-LI-Proto
X-Urbn-Site-Id
X-Logging-Id
X-Vdms-Version
PFcat
X-Geo-Header
X-Agile-Id
X-Agile-Age
Pramga
X-Bip
Locale
Heartbleed
Served-By
X-Agile
X-CUA
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
V-Age
X-NodeID
X-Node-Id
Server-ID
X-Sucuri-Id
X-Cdn-Origin
X-Unique-Id
X-Sn-Servicetimems
X-Device-Os
X-Rocket-Build-Number
X-Sucuri-Cache
Cdncip
X-Servername
Cdnsip
X-Sigma-Backend
X-Sigma
X-AK-Request-ID
X-Shopify-Generated-Cart-Token
X-GRACE
CF-IPCountry
X-B3-Spanid
GEO-REGION-INFO
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Lb-Id
X-Planisys-CDN-Rules
X-EC-Lua
Environment
X-Upstream-Ht
X-FPC
Powered-By-ChinaCache
X-Via-NSCOPI
X-Upstream-Ct
X-RCS-CacheZone
X-Be
X-Nginx-Cache
X-Servedbyhost
X-ND-Cache
Request-Time
X-Newrelic-Synthetics
X-VHOST
X-Source
Resin-Trace
X-Trafficlayer-App-Version
X-Microcachable
X-Zone
Tcn
X-ECACHE
X-NGENIX-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Pjax-Url
X-Instart-Info
X-ElasticPress-Search
X-Req
X-GEO
X-Oracle-Dms-Rid
Locid
X-Backend-Url
X-Backend-Host
Group
Geo-Info
X-SRV
FNAC-ModuleRouting
X-Var-Ttl
X-Served-From
X-VCL-Version
CF-Cached-On
Memory
Backend-Name
X-Gamma-Serve
X-Dynatrace
X-Unique-ID
X-IPS-LoggedIn
N-Cache
Gannett-Cam-Experience-Id
X-Pf-Uncompressing
X-Refresh
X-COUNTRY
X-DC
X-Correlation-ID
X-Sucuri-ID
X-VWS-Id
X-Ratelimit-Remaining
Amp-Access-Control-Allow-Source-Origin
Cache-Prefix
X-AWS-Id
X-Check-Cacheable
Fly-Cache
Fly-Request-Id
Pagetype
X-LJ-Flow-ID
Lfy
Ohc-Cache-HIT
Ohc-File-Size
SRV
X-TIME
ProcessTime
X-Worker
X-Pod
Pics-Label
X-Render-Time
PICS-Label
X-FORWARDED-FOR
TTL
Cf-Ipcountry
X-Upstream-HT
X-HTML-Minification-Powered-By
X-Upstream-CT
Ttl
X-Via-SSL
Geoip-Latitude
X-Cache-Miss-From
GeoIp-Country-Code
Geoip-City
X-Via-Edge
Cdn
REQUESTUUID
X-Via-Ucdn
X-CSRF-Token
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
X-NU-AKA-ACS-Version
X-Sedo-Request-Id
X-Bc
XServer
X-GeoIP-Country-Code
M-TraceId
X-Fetched-On
X-Server-W
X-CLOUD-TRACE-CONTEXT
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Fastly-SWR
X-APP
Fastly-SIE
X-Fstrz
X-Mode
X-Vcl-Version
X-LiteSpeed-Cache-Control
X-Wa
X-ZONE
MIME-Version
X-PF-Uncompressing
X-Ua
X-Ratelimit-Limit
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Fastly-Country-Code
Cache-Cookie-Set-Idcheck
HitType
X-MP-GENERATED-AT
X-HS-Status
X-Dynatrace-Js-Agent
User-Agent
Pragrma
X-Tt-Trace-Tag
On-Server
X-GDPR
HostName
Host-ID
X-BC
X-HostName
X-Swift-Error
X-Cache-Tag
X-PJAX-URL
X-WR-MODIFICATION
X-Aicache-OS
X-NGINX-Cache
Cdn-Host
Cdn-Request-Time
URI
X-Edge-Server
X-ServedByHost
X-TT-LOGID
X-Routing-Service
X-Upstream-Proxy
X-SN
X-Ratelimit-Reset
PageSpeed
X-Cdn-Request-ID
X-Proxied
Who
X-WA
X-Zipkin-Id
CACHE
X-RateLimit-Reset
X-Action
X-TH-Server
SS
X-BE
X-UPSTREAM-Address
CDN
X-DSS
X-Flog
X-Hello
X-DI
X-RPS
X-ABtesting
X-RPM
X-Response-By
X-Cache-Ttl
X-Org
X-Cf-Powered-By
X-Edge-O15-RID
X-DB
X-DW
X-RSL
X-Fastly-Backend-Reqs
Dynatrace
X-Varnish-URL
X-Varnish-Cacheable
X-Fpc
X-LAGOON
SN
Powered-By
DataCenter
LB
Requestid
X-ServerName
X-LB-ID
Media-Length
Get-Access-Time
Server-Id
Debug
Is-Session-Tracking
X-Ftr-Cache-Host
X-Request-Time
X-Protected-By
X-Page-Type
X-Varnish-Beresp-TTL
Country-Code
Lb
RequestUuid
X-Gen-Id
X-Nananana
X-SB
X-Request-Url
NnCoection
XxX-Cache-Status
Cneonction
Xet-Cookie
X-Akamai-ERRuleID
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Akamai-ERPolicy
RequestId
Warning
X-LiteSpeed-Tag
X-Dw-Trace-Id
Correlation-Id
X-Fastly-Cache-Hits
Application
SID
X-VC
Thinkindot-Cache-Type
X-Li-Proto
Product