Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Xss-Protection
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
X-AspNetMvc-Version
Upgrade
Access-Control-Expose-Headers
X-Kinja-Server-Push
Xkey
Access-Control-Max-Age
Keep-Alive
X-CDN
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Via
X-Cache-Group
X-Ua-Compatible
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
EagleId
X-Amz-Id-2
X-Robots-Tag
X-Amz-Request-Id
X-AH-Environment
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
X-Hacker
X-Server
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-Dns-Prefetch-Control
X-Ac
Report-To
EagleEye-TraceId
X-WebKit-CSP
X-Cdn
X-OneAgent-JS-Injection
X-Server-Id
X-Response-Time
Request-Id
X-Cnection
X-Backend-Server
X-Host
X-DataDome
Content-Location
X-Cloud-Trace-Context
X-Node
X-Readtime
X-Origin-Cache
X-Cache-Lookup
X-Vhost
NEL
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
X-Country
Surrogate-Control
Rating
Pinterest-Generated-By
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-Akam-SW-Version
X-MS-InvokeApp
X-TtlSet
X-Vname
X-PC
X-Ruxit-JS-Agent
X-Instart-Request-ID
X-Url
Accept-Ch
X-Aspnetmvc-Version
X-Varnish-TTL
X-Ws-Request-Id
X-Powered-By-Plesk
Edge-Control
Verso
X-B3-TraceId
SPRequestGuid
X-Mod-Pagespeed
X-Sol
Response
X-Middleton-Response
X-Middleton-Display
X-D2id
Display
X-SharePointHealthScore
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
X-Exp-Variant
X-Kinja-Revision
X-Exp-Id
X-Trace
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Build
X-VARITI-CCR
X-Server-ID
X-Server-Name
Accept-Ch-Lifetime
RTSS
Service-Worker-Allowed
SPRequestDuration
X-GitHub-Request-Id
SPIisLatency
X-ESI
X-CST
X-Navigation-Version
X-Powered-CMS
X-Vcap-Request-Id
Pagespeed
X-Debug
X-Abt-Application-Version
Public-Key-Pins
Content-MD5
X-Px
X-Amz-Server-Side-Encryption
X-Ah-Environment
X-TTL
MS-Author-Via
X-Version
X-Upstream
Charset
X-Amz-Rid
X-NF-Request-ID
Realpath
X-Forwarded-Proto
X-Vcache
DynaTrace
X-Cached
X-Shard
X-Recruiting
Fastly-Restarts
TCN
X-SERVER
MicrosoftSharePointTeamServices
X-TEC-API-VERSION
X-TEC-API-ROOT
Pinterest-Version
X-Pinterest-Rid
X-TEC-API-ORIGIN
X-Ezoic-Cdn
Arr-Disable-Session-Affinity
X-MSEdge-Ref
Nginx-Cache
Access-Control-Request-Method
X-Shield-Request-Id
Edge-Cache-Tag
X-DynaTrace-JS-Agent
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
Front-End-Https
X-Ser
X-Fastly-Request-ID
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
X-Accel-Expires
X-DIS-Request-ID
X-Goog-Storage-Class
X-Id
X-T
X-Varnish-Age
X-Element-Page-Cache
X-Client-IP
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-FTR-Expires
X-Ttl
X-Amzn-Trace-Id
X-RateLimit-Remaining
X-Dw-Request-Base-Id
Fastcgi-Cache
NR-ENABLED
X-Fastcgi-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
X-Content-Digest
Ar-Sid
AR-ATIME
Powered
AR-CACHE
AR-PoweredBy
X-Hits
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Forwarded-For
X-Correlation-Id
X-Grace
ServerID
X-Litespeed-Cache
X-Kinsta-Cache
X-FTR-Cache-Host
Cache-Tag
X-Cache-Hit
TP-Cache
TP-L2-Cache
X-HS-Cache-Config
X-Node-Name
X-Webkit-Csp
AMP-Access-Control-Allow-Source-Origin
PB-RID
X-N
PB-PID
X-Content-Type
X-Request-Received
X-Mobile-Rewrite
Arc-Version
X-Request-Processing-Time
X-Srv
X-Zen-Fury
X-Microsite
X-Request-Handler-Origin-Region
Alternate-Protocol
X-Hp-Webp
Server-Node
Server-Name
X-Rid
X-Via-JSL
X-User-Agent
X-LB-Cache
X-Revision
Healthy
AR-Request-ID
Backend-Timing
X-Analytics
Paypal-Debug-Id
X-AppVersion
X-Activity-Id
Cache-Status
X-FastCGI-Cache
X-Az
X-Logged-In
Retry-After
X-Webapp-Samesite-None-Activated-N
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-IPLB-Instance
X-Type
X-Oneagent-Js-Injection
X-NWS-LOG-UUID
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cached-By
X-Cache-Age
X-HS-Combine-CSS
X-Ruxit-Js-Agent
FilterID
X-GUploader-UploadID
X-Varnish-Grace
X-Pad
X-Webkit-CSP
X-B3-Sampled
X-F-Cache
Refresh
X-Mobile-URL
X-Content-Options
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
Accept-Charset
X-Seen-By
X-FB-Debug
X-Debug-Info
X-Instance
X-Request-Guid
X-Page-Id
X-Geo-Country
X-PHP-Backend
X-Framework
X-Jobs
Access-Control-Allow-Method
X-Cluster
Actual-Object-TTL
Source
X-App-Environment
X-B
DC
X-AOL-HN
X-Whom
Host
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
MS-CV
X-Content-Powered-By
X-Cache-Key
Upgrade-Insecure-Requests
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Fastcgi-Useragent
X-WebKit-CSP-Report-Only
X-Varnish-Backend
X-Host-Name
X-ATG-Version
X-Cache-2
X-Git-Hash
X-Time
X-PressLabs-Stats
X-VCache
X-Cache-Control
X-TT
X-TA-CDN-Provider
X-Forwarded-Host
X-Cache-Operation
X-Cache-Rule
X-Cache-TTL
X-Esi
Surrogate-Key
X-Amz-Replication-Status
Accept-CH-Lifetime
Frame-Options
X-Kong-Upstream-Latency
X-FW-Hash
X-Wix-Request-Id
X-Kong-Proxy-Latency
X-Daa-Tunnel
Cache
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
Accept-CH
X-Mobile
X-Response-Served-From
NGB
Tracecode
Xserver
X-Origin-Server
X-UA-Device-Type
Host-Header
X-RemovedCookies
X-Signature
X-ProcessESI
X-B-Cache
Cache-Tv-Group
X-Tumblr-Pixel-2
WPE-Backend
X-Tumblr-Pixel-1
Payment
X-Handled-By
X-GeoIP
X-Hyper-Cache
X-Region
X-TX-ID
X-RequestSource
X-Drupal-Cache-Tags
X-Cacheable-TTL
Filters
Eomportal-Instance
From-Origin
Webserver
X-Cache-NE
Cleartype
X-Cache-Action
X-App-Server
X-Adobe-Loc
X-Adobe-Content
Ms-Operation-Id
X-RTag
X-Cache-Enabled
X-EdgeConnect-Cache-Status
Datacenter
X-RateLimit-Limit
X-UA
X-Cache-TTL-Remaining
X-Status
X-Akamai-Transformed
X-Contextid
X-Hostname
X-NewRelic-App-Data
X-Cache-Server
X-BCube-Filmed-By
Liferay-Portal
X-TT-TIMESTAMP
X-XRDS-LOCATION
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Load-Cache
X-Edge-Location
Odigeo-Trace-Id
X-FW-Dynamic
Version
Server-Info
X-IP
X-Varnish-Hostname
X-Path-Route
Meta-Geo
X-Cache-Var-Map
Load-Balancing
X-Cache-Var
GEO-INFO
X-ES-SERVER
X-RN-RSRV
X-Varnish-Server
X-Viewer-Country
X-Xfnlog-Site
X-CCM
X-OCL
X-Rule
X-R9-Blue-Green-Version
X-Via-Fastly
Country
X-UUID
DB-Nickname
X-PCL
X-Pubstack
X-Info
X-Cache-Config
Cache-Tags
X-Debug-Cache
Azure-Version
Cache-Name
X-Labrador-Cache-Channel
X-Human
Azure-SiteName
X-Drupal-Cache-Contexts
Azure-SlotName
Azure-RegionName
X-FC-Vary-Parameters
X-From
Azure-InstanceId
X-Hosted-By
X-EIG-Tracking-Id
X-Origin-Hint
Webcakes-App-Name
X-Varnish-Cache-Hits
TWC-Privacy
TWC-Locale-Group
X-Proto
TWC-GeoIP-LatLong
Webcakes-App-Version
X-Upgrade-Enabled
X-Proxy
X-TNCMS
X-Cache-Time
X-Cache-Host
Webcakes-Region
X-Akamai-Request-ID
TWC-GeoIP-Country
TWC-Device-Class
X-ServerID
Origin-Cache-Control
Mn-Server-Ip
X-Origin
X-Real-IP
L5d-Success-Class
Origin-Edge-Control
Property-Id
S-Rt
TWC-Connection-Speed
X-Web-Node
Release
X-Origin-Response-Time
X-Rocket-Nginx-Bypass
X-Loop
Fastly-SSL
X-Content-Age
X-Cluster-Name
Decoy-Debug-Key
X-FireWall-Port
X-Format
X-Generated
Decoy-Debug-Status
X-Akamai-Request-ID2
DSUID
X-Backend-Name
X-ApacheServer
X-Access
Viewport
X-JoinUs
Ec-Rule-Version
Decoy-Debug-TTL
X-Goog-Meta-Goog-Reserved-File-Mtime
S-Cnection
X-Soup
X-Site-Version
X-Time-Microsecs
X-Timing-Wait
X-Www-Served-By
X-Vgn-Hpd-Reason
X-VCT
X-Locale
X-Section
X-PERF
X-Proxy-Build
X-Redis-Cache
Selected-Fe
X-Rendered-As
X-Varnish-Hits
Rt-Fastcgi-Cache
X-WA-Info
X-App-Version
X-Cache-Grace
Cache-Key
X-Origin-TTL
X-Origin-CC
X-Storage
X-NWS-UUID-VERIFY
X-Guploader-Uploadid
NGX
X-B3-Traceid
Cache-Hits
Vix-Hermes-Req-Id
Cteonnt-Length
X-Is-Bot
X-Cache-Remote
X-GoCache-CacheStatus
X-Hit
X-NCache
Uber-Trace-Id
X-Backend-TTL
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-Trace-Id
Time
Origin
X-SS-Set-Cookie
Hostname
X-Cache-Backend
X-Device-Type
X-CF-Powered-By
X-CS
X-PHP-Host
X-Tumblr-Pixel-3
X-Generated-By
X-UnsetCookies
Mime-Version
X-B3-SpanId
X-ATS-Timestamp
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Amzn-Remapped-Content-Length
X-Oss-Object-Type
Akamai-GRN
Accept-Language
X-OVcl-Cache
X-OVcl
X-Cluster-Node
X-Via-CDN
X-Presslabs-Stats
X-S
X-Cdn-Forward
X-Nginx-Cache-Key
X-Accel-Buffering
X-FB-TRIP-ID
Fastcgi-X-Cache-Version
X-Uri
X-URL
X-L-Path
X-Environment-Context
Now
X-No-Session
X-ORACLE-APMCS-REQUEST-ID
X-FW-Version
X-ORACLE-APMCS-TAG
X-MServer
X-Tb
X-Tec-Api-Root
X-Tec-Api-Origin
X-CACHE-KEY
X-Tec-Api-Version
OT-Force-Account-Verify
User-Cache-Control
ServerName
Access-Control-Request-Headers
X-Destination
Apple-News-Services-Host
Apple-News-Services-Handled
X-Hl-Ver
X-Processor
A
X-CF-Lambda-Fn
X-Region-Sid
Apple-News-Services-Request-Url
Arc-Country
X-B-Cookie
Apple-News-Services-Parsed-Url
X-SayCDN-TTL
X-CF-Lambda-Version
Xc-Version
AsisCache
Rendered-Blocks
X-APP-VERSION
X-SRCache-Key
IsBot
Rt-Proxy-Cache
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Date
ServedBy
X-Say-Cacheable
X-Say-TTL
X-PAYTM-SRV-ID
BehaviorPad-Version
Request-Country
X-D
Request-EU
T-Server
Node
X-S-Cookie
X-A-Dcw
X-Developer
X-A-Dam
X-Rojux
X-A
X-Session-Fingerprint
X-A-Ccd
X-Svr
X-A-Dgt
X-Detected-As
X-Server-Time
X-Accel-Expires-Debug
X-AIR-PT
X-A-Wwc
X-ScT
X-Transaction
X-Trv-Group
X-Connection-Hash
Machine
X-Request-UUID
X-VG-WebCache
X-Rewrite-Enabled
Meta-Geo-Continent
X-G
VivaBuild
X-Twitter-Response-Tags
Mobile-Detection-Method
Content-Script-Type
X-SIPLIST1
Cross-Origin-Window-Policy
X-DPWN-IS-SECURE
MD5-Digest
X-External-Request-Id
Content-Style-Type
X-Aed
X-ARC
X-Application
Viewtype
X-CSRF-TOKEN
X-Nc
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Endurance-Cache-Level
X-Varnish-Beresp-Ttl
X-Reboot
X-NC
X-Clara-WADP
Thinkindot-Control
X-Proxy-Upstream
Cache-Host
X-Cdn-Origin
Thinkindot-CacheControl-Type
X-Hnp-Log
X-Generated-On
X-WADP-Cache
X-S-Maxage
X-Debug-Log
X-Debug-Cookies
X-Sn-Servicetimems
X-Device-Os
X-Cms-Context
CDCHOST
X-Gen-Mode
Web-Mar-Node
X-Request-URI
X-Instart-Isnd
X-Proxy-Cache-Status
X-Node-Id
X-Cache-Debug
Mail-Subject
X-Level-Front-Cache
X-Ms-Version
X-Cache-Info
X-Location
We-Hiring
Thinkindot-CacheControl
X-Ms-Request-Id
RNT-Machine
X-Thinkindot-L3
Server-Host
X-Block-Status
RNT-Time
X-Matched-Rule
Server-Int
X-Cache-Bucket
X-NX-Host
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-B3-Parentspanid
X-Shopify-Stage
Proxy-Connection
NtCoent-Length
X-CUA
X-Agile-Id
X-Compress-Hint
X-Core-Mission
X-Cache-Id
X-BBXSRF
X-Backend-State
X-C
X-Cache-URL
X-Bip
X-Cdn-Srv
X-Azure-Ref-OriginShield
X-CGP
X-App-Name
X-Clientip
X-Auto-Login
X-Cache-FS-Status
X-Azure-Ref
X-Amz-Meta-Cache-Control
X-Key
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Release
X-Thanos
X-Reqid
X-VServer
X-Qloud-Router
X-User
X-Variation
X-Origin-Expires
X-Owner
X-Platform-Server
X-Agile-Age
X-Policy
X-Request-Start
X-TrackingId
X-SD-PageType
X-Scheme
X-Server-IP
X-Service
X-Skip-Cache
X-We-Are-Hiring
X-WebServer
X-SVT-ORM-RULES
X-Wikidot-Static-Cache
X-Swa-Ws
X-Wikidot-Backend
X-Webstats-RespID
X-SVT-ORM-VERSION
X-Up
X-Origin-Date
X-Old-Content-Length
X-Fastly-Cache
X-Eu-Site
X-Generated-In
X-Generation-Time
X-GeoIP-City
X-Geo-Header
X-Epic-Correlation-Id
X-Distributor
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Developers
X-Dispatch
X-Distil-CS
X-Dispatcher-Server
X-Has-Esi
X-Hash
X-Logging-Id
X-LI-UUID
X-Magnolia-Registration
X-Method
X-VG-TLSProxy
X-VC-Cache
X-Li-Pop
X-Li-Fabric
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Internal-Host
X-Irp-Debug
X-JWT-State
X-Is-Gdpr
X-Debug-Cache-Expiry
X-7Graus-Varnish-XKeys
X-Agile
L
Kp-EeAlive
Is-Eu
Magicmarker
AKAMAI
Pramga
Platform
PFcat
IBM-Web2-Location
Heartbleed
Esi-Enabled
Countrycode
Content-Disposition
Adler-Geo
X-SaId
Fastly-Soc-X-Request-Id
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
SD-X-WS
Memcached
Wxu-Next-Region
True-Client-Country-4JS
Section-Io-Cache
Wxu-Next-Hostname
W
Wxu-Next-Commit
X-7Graus-Varnish-Cache-Control
Served-By
Cache-Provider
X-NodeID
X-Sucuri-Id
X-Lb-Id
V-Age
X-LI-Proto
Locale
X-Urbn-Context-Path
X-MSEdge-Features
X-Dc
X-ServiceProvider
X-MSEdge-Flight
X-Parent-Response-Time
X-Urbn-Site-Id
X-Core-Value
Server-ID
X-Geo
X-Servername
X-Vdms-Version
X-GRACE
X-EC-Lua
Request-Time
X-Newrelic-Synthetics
GEO-REGION-INFO
X-Sucuri-Cache
CF-IPCountry
Environment
X-GEO
X-Shopify-Generated-Cart-Token
X-Sigma-Backend
Cdncip
Srv
X-Pjax-Url
X-Sigma
X-Rocket-Build-Number
X-Be
Cdnsip
X-AK-Request-ID
X-ECACHE
X-NGENIX-Cache
X-FPC
X-B3-Spanid
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-VHOST
X-Instart-Info
X-Unique-Id
X-ElasticPress-Search
X-CDN-Forward
SRV
X-Microcachable
Powered-By-ChinaCache
Tcn
X-Servedbyhost
X-Backend-Host
X-Tb-Optimization-Total-Bytes-Saved
X-Backend-Url
X-Upstream-Ht
Group
X-Upstream-Ct
X-Via-NSCOPI
X-Nginx-Cache
Backend-Name
Resin-Trace
PageSpeed
X-Var-Ttl
X-ND-Cache
Ohc-File-Size
X-Zone
X-Ratelimit-Remaining
X-Unique-ID
Ohc-Cache-HIT
X-Source
Memory
N-Cache
CF-Cached-On
X-Oracle-Dms-Rid
X-RCS-CacheZone
X-Trafficlayer-App-Version
X-IPS-LoggedIn
Lfy
Cache-Prefix
Fly-Request-Id
Pagetype
Fly-Cache
X-Dynatrace
X-Upstream-CT
X-Upstream-HT
X-DC
X-Served-From
Gannett-Cam-Experience-Id
X-Req
Locid
X-COUNTRY
X-Worker
X-Check-Cacheable
X-AWS-Id
X-VCL-Version
X-VWS-Id
X-LJ-Flow-ID
Cdn
X-Correlation-ID
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
FNAC-ModuleRouting
X-Via-Ucdn
X-Gamma-Serve
X-Refresh
X-Pf-Uncompressing
TTL
X-CSRF-Token
X-Ua
X-Sucuri-ID
X-Server-W
PICS-Label
Geoip-Latitude
GeoIp-Country-Code
X-Sedo-Request-Id
Geoip-City
X-Fetched-On
X-Cache-Miss-From
Pics-Label
X-Pod
GeoIP-City
X-Rebelmouse-Surrogate-Control
GeoIP-Country-Code
REQUESTUUID
M-TraceId
X-Rebelmouse-Cache-Control
X-Wa
X-HOST
Fastly-SIE
X-Via-Edge
X-Via-SSL
GeoIP-Latitude
Fastly-SWR
X-Bc
XServer
X-Upstream-Proxy
Geo-Info
X-APP
Ttl
X-Ratelimit-Reset
X-Render-Time
X-Datadome
X-Vcl-Version
X-PF-Uncompressing
X-TIME
ProcessTime
X-CLOUD-TRACE-CONTEXT
X-Ratelimit-Limit
X-NU-AKA-ACS-Version
X-Fstrz
X-Tt-Trace-Tag
X-ZONE
X-HS-Status
X-LiteSpeed-Cache-Control
X-HTML-Minification-Powered-By
X-SRV
X-GeoIP-Country-Code
X-GDPR
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cdn-Host
X-Fastly-Country-Code
X-Mode
X-Edge-Server
Cdn-Request-Time
X-Cache-Tag
X-Dynatrace-Js-Agent
X-ServedByHost
X-NGINX-Cache
User-Agent
X-Aicache-OS
Pragrma
On-Server
X-SN
X-Swift-Error
X-Varnish-Ttl
X-HostName
MIME-Version
X-WR-MODIFICATION
X-BC
X-Flog
X-Hello
X-ABtesting
URI
SS
HitType
X-FORWARDED-FOR
X-Response-By
Host-ID
X-Org
Who
X-MP-GENERATED-AT
X-TT-LOGID
HostName
X-WA
X-RateLimit-Reset
CACHE
Requestid
X-Cache-Ttl
X-UPSTREAM-Address
X-Edge-O15-RID
X-DW
X-RPM
X-RPS
X-BE
X-DSS
X-DI
SN
X-Action
X-DB
X-Fastly-Backend-Reqs
X-RSL
X-PJAX-URL
Dynatrace
X-LAGOON
X-Fpc
RequestUuid
X-Cf-Powered-By
X-Page-Type
Country-Code
X-Cdn-Request-ID
X-Varnish-URL
X-Varnish-Cacheable
Lb
DataCenter
X-TH-Server
X-Zipkin-Id
Get-Access-Time
LB
Is-Session-Tracking
Server-Id
X-ServerName
X-Proxied
CDN
Debug
X-Routing-Service
X-Ftr-Cache-Host
X-Gen-Id
X-VC
X-Nananana
X-SB
X-MCACHE
Powered-By
X-Protected-By
X-MID
X-Varnish-Beresp-TTL
X-Tt-Trace-Host
UCS
X-Edge
NnCoection
Media-Length
Product
X-Request-Url
X-Li-Proto
Warning
Correlation-Id
X-Dw-Trace-Id
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Xet-Cookie
RequestId
X-Request-Time
X-Fastly-Cache-Hits
X-LB-ID
SID
Thinkindot-Cache-Type
X-LiteSpeed-Tag
Application