Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
X-Check
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Iinfo
X-Language
X-AspNetMvc-Version
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Ua-Compatible
X-Cache-Group
X-Age
X-AH-Environment
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-LiteSpeed-Cache
X-WebKit-CSP
X-Rq
Report-To
X-Ac
EagleEye-TraceId
X-Response-Time
X-Server-Id
X-OneAgent-JS-Injection
X-Host
X-Cnection
Request-Id
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Origin-Cache
X-Cloud-Trace-Context
X-Readtime
X-Cache-Lookup
X-Cdn
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
P3p
X-Ws-Request-Id
X-HW
X-ORACLE-DMS-RID
Allow
X-Dns-Prefetch-Control
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
Surrogate-Control
X-Country
X-DynaTrace
Rating
X-FTR-Request-ID
X-Country-Code
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-Goog-Hash
X-Akam-SW-Version
X-Varnish-TTL
X-TtlSet
X-Vname
Pinterest-Generated-By
X-PC
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Url
X-MS-InvokeApp
Edge-Control
X-B3-TraceId
Verso
X-Mod-Pagespeed
X-Powered-By-Plesk
SPRequestGuid
Accept-Ch
X-D2id
X-Trace
X-Sol
Pagespeed
X-Middleton-Response
Response
X-Middleton-Display
Display
RTSS
X-SharePointHealthScore
X-VARITI-CCR
Service-Worker-Allowed
X-Server-ID
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Server-Name
X-GoogleNews-Bot
X-Kinja
X-GitHub-Request-Id
X-ESI
X-Navigation-Version
X-Vcache
SPRequestDuration
SPIisLatency
Content-MD5
X-Powered-CMS
X-Abt-Application-Version
X-Debug
X-TTL
X-Vcap-Request-Id
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
X-CST
Public-Key-Pins
Charset
X-Upstream
MS-Author-Via
X-Forwarded-Proto
X-Cached
X-NF-Request-ID
X-Version
X-Px
X-Amz-Rid
DynaTrace
Realpath
X-Shard
Edge-Cache-Tag
TCN
Fastly-Restarts
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Ezoic-Cdn
X-MSEdge-Ref
Access-Control-Request-Method
X-Shield-Request-Id
X-Pinterest-Rid
Pinterest-Version
X-Ser
X-DynaTrace-JS-Agent
X-Recruiting
S
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastly-Request-ID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-XRDS-Location
X-Goog-Stored-Content-Encoding
Nginx-Cache
X-Accel-Expires
X-DIS-Request-ID
Front-End-Https
X-Amz-Meta-S3cmd-Attrs
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Client-IP
X-Goog-Storage-Class
X-Varnish-Age
X-Element-Page-Cache
X-Id
X-T
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-FTR-DC
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Expires
X-Amzn-Trace-Id
X-Ttl
X-Dw-Request-Base-Id
Cache-Tag
Fastcgi-Cache
X-Fastcgi-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-Content-Digest
X-Frontend
NR-ENABLED
X-Hits
Powered
X-HS-Cache-Config
X-RateLimit-Remaining
X-Kinsta-Cache
X-Correlation-Id
X-Webapp-Samesite-None-Activated-N
X-Litespeed-Cache
X-Grace
X-FTR-Cache-Host
ServerID
Alternate-Protocol
X-Aspnetmvc-Version
X-Hp-Webp
X-Webkit-Csp
TP-Cache
TP-L2-Cache
X-Node-Name
X-Cache-Hit
X-N
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Request-Handler-Origin-Region
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
AMP-Access-Control-Allow-Source-Origin
X-Zen-Fury
Server-Name
X-Rid
X-User-Agent
X-Content-Type
Healthy
X-Forwarded-For
X-Analytics
Backend-Timing
X-Revision
AR-CACHE
X-HS-Combine-CSS
Server-Node
AR-PoweredBy
AR-ATIME
Ar-Sid
X-Content-Security-Policy-Report-Only
X-LB-Cache
X-Akamai-Edgescape
X-Logged-In
X-AppVersion
Cache-Status
X-Az
X-Activity-Id
X-Pad
X-Amzn-RequestId
X-Amz-Apigw-Id
X-IPLB-Instance
Retry-After
X-Oneagent-Js-Injection
X-NWS-LOG-UUID
X-Cached-By
X-GUploader-UploadID
X-FastCGI-Cache
Accept-CH-Lifetime
Accept-CH
X-Srv
X-Varnish-Grace
X-Type
X-Mobile-URL
X-Via-JSL
X-Ruxit-Js-Agent
Paypal-Debug-Id
X-B3-Sampled
X-F-Cache
X-Content-Options
FilterID
Refresh
X-Tumblr-Pixel-0
X-Debug-Info
X-FB-Debug
X-Cache-Age
X-Tumblr-User
X-Tumblr-Pixel
X-Geo-Country
X-Instance
Accept-Charset
X-Cluster
X-Erf-Bev-Bev
X-App-Environment
X-Page-Id
Upgrade-Insecure-Requests
Source
X-Request-Guid
Host
X-Erf-Bev-Bev-Is-Generated
Access-Control-Allow-Method
X-Jobs
Actual-Object-TTL
X-PHP-Backend
X-B
AR-Request-ID
X-AOL-HN
X-Varnish-Backend
DC
X-Seen-By
X-Framework
X-WebKit-CSP-Report-Only
X-ATG-Version
MS-CV
X-Content-Powered-By
Fastcgi-Useragent
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-PressLabs-Stats
X-Git-Hash
X-Whom
X-Cache-Key
X-TT
X-Cache-2
X-Cache-TTL
X-Esi
X-Host-Name
Cache
X-Cache-Control
X-TA-CDN-Provider
X-Amz-Replication-Status
X-UA
X-Signature
X-Wix-Request-Id
X-B-Cache
Surrogate-Key
Host-Header
X-Daa-Tunnel
X-Cache-Operation
Frame-Options
NGB
X-Cache-Rule
X-Response-Served-From
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Type
X-FW-Static
Xserver
X-Ah-Environment
X-Kong-Proxy-Latency
X-Origin-Server
X-Kong-Upstream-Latency
Cache-Tv-Group
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Drupal-Cache-Tags
X-GeoIP
WPE-Backend
X-Cache-NE
Cleartype
Webserver
X-Forwarded-Host
X-TX-ID
X-RequestSource
X-Hyper-Cache
X-Mobile
X-Cache-Action
X-Region
Payment
X-Cacheable-TTL
X-Handled-By
X-SERVER
Filters
X-Cache-Enabled
Eomportal-Instance
X-Time
X-UA-Device-Type
From-Origin
X-ProcessESI
X-RemovedCookies
X-Adobe-Content
X-Adobe-Loc
X-EdgeConnect-Cache-Status
X-Load-Cache
Ms-Operation-Id
X-RTag
Datacenter
X-Hostname
X-App-Server
X-NewRelic-App-Data
X-Akamai-Transformed
X-Cache-TTL-Remaining
Tracecode
X-Cache-Server
X-Edge-Location
X-Status
X-Contextid
X-XRDS-LOCATION
Liferay-Portal
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-BCube-Filmed-By
X-Varnish-Hostname
Odigeo-Trace-Id
X-Varnish-Server
X-TT-TIMESTAMP
X-ATS-Timestamp
X-Rule
X-ES-SERVER
X-FW-Dynamic
X-Path-Route
X-RN-RSRV
X-Cache-Var
X-Cache-Var-Map
Meta-Geo
Load-Balancing
Country
X-Xfnlog-Site
X-Viewer-Country
Version
X-Debug-Cache
X-Cache-Config
X-PCL
X-Via-Fastly
Server-Info
DB-Nickname
Cache-Tags
X-Upgrade-Enabled
X-Rocket-Nginx-Bypass
X-OCL
X-CCM
X-ServerID
TWC-Device-Class
S-Rt
TWC-Privacy
TWC-GeoIP-Country
X-TNCMS
X-Hosted-By
TWC-Connection-Speed
X-Redis-Cache
TWC-Locale-Group
X-Loop
Azure-InstanceId
X-Real-IP
Fastly-SSL
X-Proxy
L5d-Success-Class
Webcakes-Region
X-Cache-Host
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
Property-Id
TWC-GeoIP-LatLong
X-Origin-Hint
X-Drupal-Cache-Contexts
X-From
X-Cache-Time
X-FC-Vary-Parameters
Mn-Server-Ip
Webcakes-App-Name
X-Origin
X-IP
X-Varnish-Cache-Hits
X-Labrador-Cache-Channel
X-Pubstack
Webcakes-App-Version
X-Human
X-Timing-Wait
Decoy-Debug-Key
Selected-Fe
X-Generated
X-FireWall-Port
Origin-Cache-Control
X-Proto
X-JoinUs
Decoy-Debug-TTL
Decoy-Debug-Status
X-Format
X-Rendered-As
X-Section
X-VCT
X-Backend-Name
X-UUID
X-Akamai-Request-ID2
X-EIG-Tracking-Id
X-Proxy-Build
X-PERF
Origin-Edge-Control
X-Web-Node
X-R9-Blue-Green-Version
X-ApacheServer
DSUID
Release
X-Origin-Response-Time
Viewport
X-Cluster-Name
X-Akamai-Request-ID
X-RateLimit-Limit
X-Access
S-Cnection
X-Www-Served-By
X-Time-Microsecs
X-Soup
X-Varnish-Hits
X-NWS-UUID-VERIFY
Cache-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
Ec-Rule-Version
X-Content-Age
X-Vgn-Hpd-Reason
X-VCache
X-Info
X-Origin-CC
X-Origin-TTL
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Storage
NGX
X-Locale
X-Site-Version
X-Is-Bot
X-B3-Traceid
X-ProxyCache-Key
X-ProxyCache-Status
Uber-Trace-Id
X-BYPASS-REASON
Rt-Fastcgi-Cache
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-PHP-Host
Cache-Key
X-Generated-By
X-Cache-Backend
Vix-Hermes-Req-Id
X-Amzn-Remapped-Content-Length
Akamai-GRN
Time
X-WA-Info
X-Accel-Buffering
X-App-Version
X-SS-Set-Cookie
Cteonnt-Length
Cache-Hits
X-NCache
X-Hit
X-Guploader-Uploadid
X-Backend-TTL
X-GoCache-CacheStatus
GEO-INFO
X-Cache-Remote
X-Cache-Grace
Origin
X-APP-VERSION
X-Nginx-Cache-Key
X-FB-TRIP-ID
X-Trace-Id
X-CF-Powered-By
X-Device-Type
X-Presslabs-Stats
Accept-Language
X-Environment-Context
X-CACHE-KEY
X-SaId
X-L-Path
X-Tumblr-Pixel-3
X-CS
X-No-Session
X-MServer
X-OVcl-Cache
X-OVcl
X-S
X-Tb
Access-Control-Request-Headers
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-B3-SpanId
X-Geo
X-URL
X-Uri
X-Cluster-Node
X-Tec-Api-Origin
Fastcgi-X-Cache-Version
Mime-Version
X-Tec-Api-Root
X-Tec-Api-Version
Hostname
User-Cache-Control
X-Via-CDN
X-Date
X-ScT
X-Destination
X-Svr
X-Detected-As
X-Session-Fingerprint
X-SRCache-Key
X-Server-Time
X-DPWN-IS-SECURE
X-Request-UUID
Apple-News-Services-Request-Url
X-Processor
Arc-Country
AsisCache
Apple-News-Services-Parsed-Url
X-PAYTM-SRV-ID
X-Hl-Ver
Apple-News-Services-Handled
Apple-News-Services-Host
BehaviorPad-Version
X-AIR-PT
X-Rojux
X-S-Cookie
Content-Style-Type
X-Rewrite-Enabled
Content-Script-Type
X-G
X-Region-Sid
X-External-Request-Id
Cross-Origin-Window-Policy
X-Trv-Group
Request-Country
Request-EU
X-CF-Lambda-Version
Rendered-Blocks
X-ARC
Xc-Version
X-A
Node
X-B-Cookie
VivaBuild
T-Server
X-Accel-Expires-Debug
X-CF-Lambda-Fn
X-Application
Rt-Proxy-Cache
Viewtype
X-A-Wwc
X-CDN-Forward
Now
Mobile-Detection-Method
X-A-Dam
X-UnsetCookies
X-VG-WebCache
X-D
X-A-Dgt
X-Transaction
X-A-Dcw
X-Twitter-Response-Tags
X-VG-WebServer
X-Aed
MD5-Digest
X-Connection-Hash
Meta-Geo-Continent
Machine
X-Vtex-Remote-Cache
X-A-Ccd
X-Vtex-Processado-Em
X-Unique-Id
ServerName
X-Endurance-Cache-Level
X-CSRF-TOKEN
X-FW-Version
X-Cms-Context
X-Clara-WADP
X-Hnp-Log
CDCHOST
X-Debug-Cookies
X-Debug-Log
Web-Mar-Node
IsBot
X-Block-Status
X-Cache-Bucket
X-Cache-Debug
RNT-Time
RNT-Machine
X-Cache-Info
X-Gen-Mode
Mail-Subject
X-Reboot
X-Proxy-Upstream
OT-Force-Account-Verify
X-Proxy-Cache-Status
We-Hiring
X-S-Maxage
Server-Host
X-WADP-Cache
Srv
X-SIPLIST1
X-Service
X-Request-URI
X-NX-Host
X-Location
ServedBy
NtCoent-Length
X-NC
X-App-Name
X-Dispatch
X-Dispatcher-Server
X-Cdn-Srv
X-Cache-URL
X-Alternate-Cache-Key
X-Cache-Id
X-Generated-On
Wxu-Next-Region
X-CGP
Served-By
X-Clientip
X-Webstats-RespID
Wxu-Next-Commit
X-Hash
Wxu-Next-Hostname
X-User
X-IN-APIGATEWAY
X-RateLimit-Limit-Second
X-Ms-Version
X-Ms-Request-Id
X-Shopify-Stage
X-Auto-Login
X-Reqid
X-ShopId
X-RateLimit-Remaining-Second
X-Level-Front-Cache
Kp-EeAlive
X-IN-APIGATEWAYSSL
X-ShardId
X-Sorting-Hat-ShopId
X-C
X-Instart-Isnd
X-Sorting-Hat-PodId
X-Backend-State
X-Cache-FS-Status
X-Core-Mission
X-Geo-Header
X-GeoIP-City
X-Policy
X-Generation-Time
X-Generated-In
X-Eu-Site
X-Request-Start
X-Amz-Meta-Cache-Control
X-Platform-Server
X-Old-Content-Length
X-Key
X-Li-Fabric
X-Li-Pop
X-JWT-State
X-Is-Gdpr
X-Has-Esi
X-Matched-Rule
X-Irp-Debug
X-Scheme
X-Epic-Correlation-Id
X-LI-UUID
X-Core-Value
X-Variation
X-We-Are-Hiring
X-WebServer
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Compress-Hint
X-TrackingId
X-Debug-Cache-Expiry
X-Skip-Cache
X-Distil-CS
X-SD-PageType
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Thinkindot-L3
Cache-Host
X-Developers
Server-Int
Adler-Geo
Is-Eu
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
AKAMAI
Proxy-Connection
Platform
Memcached
X-Varnish-Beresp-Ttl
SD-X-WS
L
Thinkindot-Control
True-Client-Country-4JS
X-Varnish-Beresp-Grace
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
Fastly-Soc-X-Request-Id
X-Varnish-Beresp-Status
Countrycode
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
PFcat
Content-Disposition
X-B3-Parentspanid
X-Nc
Esi-Enabled
X-MSEdge-Flight
X-Shopify-Generated-Cart-Token
X-Origin-Date
X-MSEdge-Features
X-LI-Proto
X-Server-IP
X-Vdms-Version
X-Method
X-Origin-Expires
X-Internal-Host
X-Sigma-Backend
Cdncip
X-ServiceProvider
Cdnsip
X-Rocket-Build-Number
X-Thanos
X-Sigma
X-Fastly-Cache
X-BBXSRF
X-Sucuri-Cache
X-VG-TLSProxy
X-Agile
X-Agile-Age
Pramga
Heartbleed
X-Dc
V-Age
X-Agile-Id
X-CUA
X-Bip
X-Azure-Ref
X-Azure-Ref-OriginShield
W
X-AK-Request-ID
Section-Io-Cache
Locale
X-VC-Cache
X-Magnolia-Registration
X-Qloud-Router
IBM-Web2-Location
X-VServer
Magicmarker
X-Distributor
X-Up
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Owner
Cache-Provider
X-EC-Lua
X-Parent-Response-Time
X-Release
X-Swa-Ws
X-Logging-Id
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-NodeID
X-Planisys-CDN-TTL
Server-ID
A
X-Developer
X-B3-Spanid
X-Cdn-Forward
X-Sn-Servicetimems
X-Servername
X-Via-NSCOPI
X-RCS-CacheZone
X-Cdn-Origin
X-Upstream-Ht
X-Upstream-Ct
Powered-By-ChinaCache
X-Source
CF-IPCountry
X-GRACE
X-Node-Id
X-Device-Os
GEO-REGION-INFO
X-ND-Cache
X-Sucuri-Id
X-Be
X-Trafficlayer-App-Version
X-FPC
X-Lb-Id
Environment
X-CLOUD-TRACE-CONTEXT
X-Zone
X-VHOST
X-SRV
X-Nginx-Cache
X-Req
X-Servedbyhost
X-Newrelic-Synthetics
Locid
Geo-Info
Tcn
X-Microcachable
X-TIME
X-Webkit-CSP
FNAC-ModuleRouting
X-Tb-Optimization-Total-Bytes-Saved
Resin-Trace
X-Gamma-Serve
Request-Time
X-Served-From
X-Sucuri-ID
X-Pjax-Url
X-Refresh
ProcessTime
X-FORWARDED-FOR
X-ECACHE
X-ElasticPress-Search
X-Instart-Info
X-Pf-Uncompressing
Memory
X-NGENIX-Cache
CF-Cached-On
X-HTML-Minification-Powered-By
X-LJ-Flow-ID
X-IPS-LoggedIn
Gannett-Cam-Experience-Id
X-Backend-Host
X-DC
Group
X-Backend-Url
X-Render-Time
X-VWS-Id
X-COUNTRY
X-VCL-Version
X-AWS-Id
X-Correlation-ID
X-Ratelimit-Remaining
X-NU-AKA-ACS-Version
Amp-Access-Control-Allow-Source-Origin
Backend-Name
X-Var-Ttl
TTL
X-CSRF-Token
X-Unique-ID
X-GEO
Pics-Label
PICS-Label
Cf-Ipcountry
X-GeoIP-Country-Code
X-Pod
Geoip-Latitude
N-Cache
Geoip-City
GeoIp-Country-Code
X-Bc
GeoIP-Latitude
GeoIP-City
Cache-Prefix
GeoIP-Country-Code
Cdn
REQUESTUUID
X-Via-SSL
X-Check-Cacheable
Fly-Request-Id
Lfy
M-TraceId
Fly-Cache
X-Via-Edge
Pagetype
X-Mode
XServer
MIME-Version
X-Vcl-Version
X-Worker
X-APP
X-MP-GENERATED-AT
Ttl
SRV
X-Sedo-Request-Id
X-Fstrz
X-LiteSpeed-Cache-Control
X-Via-Ucdn
Ohc-Cache-HIT
X-Cache-Miss-From
Ohc-File-Size
X-Ratelimit-Limit
X-ZONE
X-Upstream-HT
X-Upstream-CT
HitType
Host-ID
X-PF-Uncompressing
HostName
X-Fetched-On
X-Server-W
X-Routing-Service
Fastly-SIE
Fastly-SWR
X-Proxied
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Fastly-Country-Code
X-Zipkin-Id
X-Wa
X-HS-Status
X-Swift-Error
X-Dynatrace-Js-Agent
X-NGINX-Cache
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
URI
X-ServedByHost
User-Agent
X-Cdn-Request-ID
X-PJAX-URL
Pragrma
Cache-Cookie-Set-From
X-Cache-Tag
X-Oracle-Dms-Rid
On-Server
X-BC
X-HostName
X-Dynatrace
X-Aicache-OS
X-TH-Server
X-WR-MODIFICATION
Powered-By
Who
X-UPSTREAM-Address
X-WA
X-TT-LOGID
X-Tt-Trace-Tag
X-GDPR
X-RateLimit-Reset
CACHE
X-BE
Cdn-Request-Time
X-Request-Time
X-Fastly-Backend-Reqs
Cdn-Host
X-Edge-Server
CDN
X-Edge-O15-RID
Dynatrace
X-Ua
X-Flog
X-Varnish-URL
X-Varnish-Cacheable
X-Hello
X-LAGOON
X-LB-ID
X-Fpc
X-ABtesting
Media-Length
X-SN
X-Cf-Powered-By
DataCenter
X-RPS
SN
X-RPM
LB
Is-Session-Tracking
X-RSL
Server-Id
Debug
Get-Access-Time
X-Action
X-DB
X-Org
SS
X-DI
X-DSS
X-DW
X-ServerName
X-Response-By
X-Ftr-Cache-Host
X-Cache-Ttl
X-Gen-Id
FSS-Proxy
X-Protected-By
X-Varnish-Beresp-TTL
FSS-Cache
X-Upstream-Proxy
NnCoection
XxX-Cache-Status
X-Nananana
Cneonction
X-Dw-Trace-Id
X-Akamai-ERPolicy
X-Akamai-ERRuleID
RequestId
X-LiteSpeed-Tag
Requestid
Warning
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Application
Product
X-Fastly-Cache-Hits
SID
Thinkindot-Cache-Type
X-Li-Proto
X-Request-Url