Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
X-FRAME-OPTIONS
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Upgrade
X-CONTENT-TYPE-OPTIONS
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-XSS-PROTECTION
X-Turbo-Charged-By
X-Via
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
X-Ua-Compatible
EagleId
X-AH-Environment
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
CONTENT-SECURITY-POLICY
X-WebKit-CSP
X-Rq
Report-To
X-Ac
EagleEye-TraceId
X-Server-Id
X-OneAgent-JS-Injection
X-Response-Time
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Cloud-Trace-Context
X-Origin-Cache
X-Readtime
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Cdn
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ws-Request-Id
X-Origin-Upstream-Status
Surrogate-Control
X-Country
Rating
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
X-Akam-SW-Version
Pinterest-Generated-By
X-Varnish-TTL
X-MS-InvokeApp
X-TtlSet
X-Vname
X-PC
X-Instart-Request-ID
X-Url
X-Ruxit-JS-Agent
Accept-Ch
Edge-Control
Verso
X-Mod-Pagespeed
X-Powered-By-Plesk
SPRequestGuid
X-B3-TraceId
X-D2id
X-Trace
Response
X-Sol
X-Middleton-Response
X-SharePointHealthScore
Display
X-Middleton-Display
X-VARITI-CCR
RTSS
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
Pagespeed
Service-Worker-Allowed
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Variant
X-Server-Name
X-GitHub-Request-Id
SPIisLatency
SPRequestDuration
Accept-Ch-Lifetime
X-Server-ID
X-Navigation-Version
X-ESI
X-Powered-CMS
Content-MD5
X-Debug
X-Abt-Application-Version
X-Vcap-Request-Id
X-CST
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Vcache
X-TTL
MS-Author-Via
Charset
X-Upstream
X-Px
X-Amz-Rid
X-Forwarded-Proto
X-NF-Request-ID
X-Version
DynaTrace
X-Cached
Realpath
X-Shard
X-Aspnetmvc-Version
Fastly-Restarts
TCN
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Edge-Cache-Tag
MicrosoftSharePointTeamServices
X-Recruiting
Arr-Disable-Session-Affinity
X-Ezoic-Cdn
X-MSEdge-Ref
Access-Control-Request-Method
X-Shield-Request-Id
Pinterest-Version
X-Pinterest-Rid
X-DynaTrace-JS-Agent
X-XRDS-Location
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
X-Ser
Nginx-Cache
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Fastly-Request-ID
Front-End-Https
X-Accel-Expires
X-DIS-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-Client-IP
X-Ah-Environment
X-Id
X-Varnish-Age
X-Element-Page-Cache
X-T
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Ttl
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-RateLimit-Remaining
Fastcgi-Cache
X-HS-Hub-Id
NR-ENABLED
X-HS-Content-Id
X-Frontend
X-Content-Digest
Cache-Tag
Powered
X-Hits
X-Fastcgi-Cache
X-Kinsta-Cache
X-Correlation-Id
X-HS-Cache-Config
ServerID
X-Grace
X-Litespeed-Cache
TP-Cache
X-FTR-Cache-Host
TP-L2-Cache
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-ATIME
Alternate-Protocol
X-Cache-Hit
X-Hp-Webp
X-Forwarded-For
X-Webapp-Samesite-None-Activated-N
X-Request-Received
X-Request-Processing-Time
PB-RID
X-Node-Name
PB-PID
X-Request-Handler-Origin-Region
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Mobile-Rewrite
Arc-Version
X-Webkit-Csp
X-N
X-Content-Type
X-Zen-Fury
Server-Name
X-User-Agent
X-Rid
X-Revision
X-Analytics
Healthy
Backend-Timing
Server-Node
X-LB-Cache
X-FastCGI-Cache
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
X-Akamai-Edgescape
X-Logged-In
X-AppVersion
X-Activity-Id
X-Srv
X-Az
Cache-Status
Retry-After
X-HS-Combine-CSS
X-IPLB-Instance
X-Via-JSL
X-Cached-By
Paypal-Debug-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
X-SERVER
X-Type
X-NWS-LOG-UUID
X-Pad
X-GUploader-UploadID
X-Oneagent-Js-Injection
AR-Request-ID
X-Varnish-Grace
FilterID
X-Mobile-URL
X-B3-Sampled
X-F-Cache
X-Cache-Age
X-Content-Options
Refresh
X-Geo-Country
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Instance
X-FB-Debug
X-Debug-Info
Accept-Charset
X-Tumblr-User
Access-Control-Allow-Method
X-Jobs
X-AOL-HN
X-Cluster
Host
Source
X-App-Environment
Upgrade-Insecure-Requests
X-Framework
Actual-Object-TTL
X-B
X-Request-Guid
DC
X-Page-Id
X-Seen-By
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Varnish-Backend
X-PressLabs-Stats
X-PHP-Backend
X-WebKit-CSP-Report-Only
X-Esi
X-Whom
MS-CV
X-ATG-Version
Fastcgi-Useragent
Accept-CH-Lifetime
Accept-CH
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Powered-By
X-Cache-Key
X-Cache-2
X-TT
X-Git-Hash
X-Host-Name
X-Cache-Control
X-Cache-TTL
Cache
X-Time
X-Amz-Replication-Status
Surrogate-Key
X-Cache-Operation
X-Wix-Request-Id
X-Cache-Rule
X-TA-CDN-Provider
Frame-Options
X-FW-Type
X-Kong-Proxy-Latency
X-FW-Hash
X-Signature
X-B-Cache
X-Kong-Upstream-Latency
X-FW-Serve
X-FW-Server
X-FW-Static
X-Daa-Tunnel
NGB
Xserver
X-Response-Served-From
X-Forwarded-Host
X-Origin-Server
X-Mobile
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Host-Header
Cache-Tv-Group
X-RequestSource
X-Region
X-TX-ID
X-Hyper-Cache
Webserver
Eomportal-Instance
X-Cache-Action
Filters
Payment
X-Drupal-Cache-Tags
WPE-Backend
X-GeoIP
X-Cache-NE
X-Handled-By
X-Adobe-Loc
X-Adobe-Content
From-Origin
X-UA
X-UA-Device-Type
Cleartype
X-Cacheable-TTL
X-Cache-Enabled
X-EdgeConnect-Cache-Status
X-ProcessESI
X-RemovedCookies
X-App-Server
Tracecode
X-VCache
Ms-Operation-Id
X-RTag
Datacenter
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-Hostname
X-NewRelic-App-Data
X-Status
X-Load-Cache
X-RateLimit-Limit
X-Contextid
X-Cache-Server
Liferay-Portal
X-Edge-Location
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-BCube-Filmed-By
X-TT-TIMESTAMP
X-B3-Traceid
X-Varnish-Hostname
X-FW-Dynamic
Odigeo-Trace-Id
X-Varnish-Server
X-Rule
Meta-Geo
X-Cache-Var
Load-Balancing
Server-Info
X-RN-RSRV
X-Cache-Var-Map
X-Path-Route
X-ES-SERVER
Country
X-Viewer-Country
X-Xfnlog-Site
Version
X-PCL
Cache-Tags
DB-Nickname
X-OCL
X-UUID
X-Cache-Config
X-Rocket-Nginx-Bypass
X-CCM
Azure-SiteName
Azure-RegionName
Azure-Version
Cache-Name
Azure-SlotName
Azure-InstanceId
X-Hosted-By
X-R9-Blue-Green-Version
X-FC-Vary-Parameters
X-Proxy
X-Varnish-Cache-Hits
X-From
X-Pubstack
L5d-Success-Class
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-Region
X-Akamai-Request-ID
X-Origin-Response-Time
X-Debug-Cache
X-Cache-Host
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Drupal-Cache-Contexts
X-EIG-Tracking-Id
X-Origin-Hint
Mn-Server-Ip
X-Info
TWC-Device-Class
TWC-Connection-Speed
Property-Id
Fastly-SSL
X-Proto
X-Upgrade-Enabled
X-Labrador-Cache-Channel
X-Via-Fastly
X-Loop
X-Origin
X-TNCMS
X-ServerID
Selected-Fe
X-Cluster-Name
X-Akamai-Request-ID2
X-Cache-Time
X-Redis-Cache
X-Content-Age
X-Backend-Name
X-IP
X-Origin-CC
X-ApacheServer
Ec-Rule-Version
X-JoinUs
X-Section
DSUID
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Format
X-PERF
X-Proxy-Build
X-VCT
Release
S-Cnection
S-Rt
X-Real-IP
X-Timing-Wait
X-Access
X-Generated
X-Origin-TTL
X-Web-Node
X-Human
X-Goog-Meta-Goog-Reserved-File-Mtime
Origin-Cache-Control
Origin-Edge-Control
X-FireWall-Port
X-Soup
X-Varnish-Hits
X-Time-Microsecs
X-Vgn-Hpd-Reason
NGX
X-ATS-Timestamp
X-NWS-UUID-VERIFY
X-Storage
X-XRDS-LOCATION
X-Site-Version
X-Www-Served-By
X-Rendered-As
Viewport
Rt-Fastcgi-Cache
X-Locale
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
Cache-Key
X-WA-Info
X-App-Version
X-ProxyCache-Key
X-Guploader-Uploadid
X-ProxyCache-Status
X-BYPASS-REASON
Uber-Trace-Id
X-Is-Bot
Vix-Hermes-Req-Id
Cteonnt-Length
X-PHP-Host
X-GoCache-CacheStatus
X-Cache-Backend
GEO-INFO
X-Generated-By
Time
X-Hit
X-Cache-Remote
Cache-Hits
X-SS-Set-Cookie
X-Cache-Grace
X-NCache
X-Backend-TTL
X-Amzn-Remapped-Content-Length
Akamai-GRN
X-ORACLE-APMCS-TAG
X-Webkit-CSP
X-ORACLE-APMCS-REQUEST-ID
Origin
X-Accel-Buffering
X-Trace-Id
X-Device-Type
X-CS
X-Tumblr-Pixel-3
X-Nginx-Cache-Key
Accept-Language
X-B3-SpanId
X-OVcl-Cache
X-FB-TRIP-ID
X-OVcl
X-No-Session
X-L-Path
X-CF-Powered-By
X-CACHE-KEY
X-S
X-Environment-Context
Mime-Version
X-MServer
X-Tb
Hostname
X-Cluster-Node
X-Uri
Access-Control-Request-Headers
Fastcgi-X-Cache-Version
X-UnsetCookies
X-Say-TTL
X-SaId
X-Via-CDN
X-CSRF-TOKEN
X-APP-VERSION
X-Say-Cacheable
X-SayCDN-TTL
X-URL
Now
User-Cache-Control
ServerName
X-FW-Version
Arc-Country
X-B-Cookie
X-Tec-Api-Version
X-A
X-Tec-Api-Origin
X-Tec-Api-Root
X-A-Dam
VivaBuild
X-A-Wwc
X-AIR-PT
X-Aed
X-Application
X-A-Dgt
X-Accel-Expires-Debug
X-A-Dcw
X-ARC
X-A-Ccd
Request-Country
BehaviorPad-Version
Content-Script-Type
Content-Style-Type
Cross-Origin-Window-Policy
AsisCache
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
IsBot
Machine
X-CF-Lambda-Version
Request-EU
Rt-Proxy-Cache
T-Server
Rendered-Blocks
Node
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Viewtype
X-CF-Lambda-Fn
X-PAYTM-SRV-ID
X-Processor
X-Svr
X-Transaction
X-Trv-Group
X-VG-WebCache
X-Twitter-Response-Tags
X-SRCache-Key
X-SIPLIST1
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-ScT
X-Region-Sid
X-Session-Fingerprint
X-Server-Time
X-Request-UUID
X-Hl-Ver
X-D
X-Date
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Connection-Hash
X-VG-WebServer
X-Presslabs-Stats
X-External-Request-Id
X-G
X-DPWN-IS-SECURE
X-Detected-As
X-Destination
X-Endurance-Cache-Level
X-Cdn-Forward
OT-Force-Account-Verify
CDCHOST
X-WADP-Cache
X-Thinkindot-L3
X-S-Maxage
Thinkindot-CacheControl
X-Gen-Mode
X-Hnp-Log
X-Location
X-Matched-Rule
X-Debug-Cookies
X-Block-Status
X-Cms-Context
X-Cache-Info
X-Cache-Debug
X-Cache-Bucket
Web-Mar-Node
X-NX-Host
Server-Int
Server-Host
X-Request-URI
RNT-Time
X-Reboot
X-Clara-WADP
X-Proxy-Cache-Status
X-Proxy-Upstream
Thinkindot-Control
Thinkindot-CacheControl-Type
RNT-Machine
X-Debug-Log
We-Hiring
Mail-Subject
Proxy-Connection
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-NC
X-Varnish-Beresp-Ttl
X-Auto-Login
X-Azure-Ref
X-Magnolia-Registration
X-Ms-Request-Id
X-Amz-Meta-Cache-Control
X-App-Name
X-Azure-Ref-OriginShield
X-LI-UUID
X-C
X-Geo
X-Level-Front-Cache
X-Li-Fabric
X-Li-Pop
X-BBXSRF
X-Alternate-Cache-Key
X-Ms-Version
W
Wxu-Next-Commit
X-Policy
X-Distributor
X-Service
True-Client-Country-4JS
Wxu-Next-Hostname
Wxu-Next-Region
X-Old-Content-Length
Adler-Geo
X-Origin-Date
X-Origin-Expires
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Cache-FS-Status
X-Cache-Id
X-Generation-Time
X-Generated-On
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Has-Esi
X-Debug-Cache-Expiry
X-Generated-In
X-Fastly-Cache
X-Dispatcher-Server
X-Distil-CS
X-Dispatch
X-Epic-Correlation-Id
X-Developers
X-Eu-Site
X-Hash
X-IN-APIGATEWAY
Srv
X-CGP
X-Cdn-Srv
X-Cache-URL
X-JWT-State
X-Is-Gdpr
X-Irp-Debug
X-Internal-Host
X-Core-Mission
X-CUA
X-IN-APIGATEWAYSSL
X-Compress-Hint
X-Clientip
X-Instart-Isnd
X-RateLimit-Limit-Second
X-Platform-Server
Platform
X-VServer
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-VG-TLSProxy
X-Skip-Cache
X-Parent-Response-Time
Kp-EeAlive
X-WebServer
X-We-Are-Hiring
X-Shopify-Stage
Gh-Request-Id
X-Nc
X-Up
IBM-Web2-Location
Is-Eu
X-User
Magicmarker
Memcached
X-Variation
Ha-Gx-Prefs
HA-Ipaddr
X-TrackingId
Fastly-Soc-X-Request-Id
X-Webstats-RespID
Content-Disposition
Served-By
X-Wikidot-Backend
ServedBy
X-Core-Value
X-RateLimit-Remaining-Second
X-Release
X-Reqid
X-Request-Start
Section-Io-Cache
Cache-Host
X-ShardId
X-ShopId
Esi-Enabled
Countrycode
X-Wikidot-Static-Cache
X-Server-IP
X-B3-Parentspanid
NtCoent-Length
PFcat
X-Method
X-Developer
X-GeoIP-City
X-Geo-Header
Heartbleed
AKAMAI
X-Vdms-Version
L
X-Backend-State
X-Owner
X-SD-PageType
X-ServiceProvider
X-MSEdge-Flight
X-GRACE
X-MSEdge-Features
SD-X-WS
X-VC-Cache
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
A
V-Age
X-Scheme
X-Agile
X-Agile-Age
X-Qloud-Router
X-LI-Proto
X-Bip
X-Key
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Thanos
X-Agile-Id
Pramga
X-Logging-Id
X-Swa-Ws
Cache-Provider
X-Sucuri-Id
X-CDN-Forward
X-NodeID
X-Dc
Server-ID
X-Sigma
X-Rocket-Build-Number
X-Sucuri-Cache
X-Shopify-Generated-Cart-Token
X-AK-Request-ID
X-Sigma-Backend
Cdncip
X-Unique-Id
X-Cdn-Origin
X-Node-Id
X-Servername
Cdnsip
X-Sn-Servicetimems
X-Device-Os
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Lb-Id
GEO-REGION-INFO
Environment
CF-IPCountry
X-B3-Spanid
Powered-By-ChinaCache
X-Upstream-Ht
X-Upstream-Ct
X-Via-NSCOPI
X-RCS-CacheZone
X-Source
X-EC-Lua
X-Nginx-Cache
X-Servedbyhost
X-FPC
X-Be
X-ND-Cache
X-Zone
X-VHOST
Request-Time
X-Newrelic-Synthetics
X-Microcachable
Resin-Trace
X-Trafficlayer-App-Version
Geo-Info
Tcn
X-Pjax-Url
X-Correlation-ID
X-GEO
X-NGENIX-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Instart-Info
X-ECACHE
X-Req
X-ElasticPress-Search
Locid
X-Unique-ID
X-Oracle-Dms-Rid
Memory
X-Backend-Host
Group
X-Gamma-Serve
X-Served-From
FNAC-ModuleRouting
X-Backend-Url
X-SRV
X-IPS-LoggedIn
X-DC
X-Var-Ttl
X-VCL-Version
X-VWS-Id
CF-Cached-On
X-Refresh
X-AWS-Id
Backend-Name
X-LJ-Flow-ID
X-Dynatrace
X-Pf-Uncompressing
N-Cache
X-COUNTRY
Gannett-Cam-Experience-Id
ProcessTime
X-Sucuri-ID
Cache-Prefix
Fly-Request-Id
TTL
GeoIP-Country-Code
X-Render-Time
Lfy
Pics-Label
Fly-Cache
GeoIP-Latitude
Pagetype
GeoIP-City
X-Check-Cacheable
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
X-Ratelimit-Remaining
Ohc-Cache-HIT
X-TIME
Ohc-File-Size
X-HTML-Minification-Powered-By
SRV
X-Bc
X-Worker
X-FORWARDED-FOR
PICS-Label
X-NU-AKA-ACS-Version
X-Pod
X-Upstream-HT
X-Upstream-CT
X-GeoIP-Country-Code
REQUESTUUID
Ttl
Cdn
X-CSRF-Token
X-Via-Ucdn
Geoip-City
Geoip-Latitude
X-Sedo-Request-Id
X-Via-SSL
X-Cache-Miss-From
GeoIp-Country-Code
X-Via-Edge
X-Mode
XServer
M-TraceId
X-Fetched-On
X-Server-W
X-Vcl-Version
X-CLOUD-TRACE-CONTEXT
Fastly-SWR
X-APP
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-LiteSpeed-Cache-Control
X-Rebelmouse-Cache-Control
X-PF-Uncompressing
X-Fstrz
X-Wa
X-MP-GENERATED-AT
X-ZONE
MIME-Version
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Fastly-Country-Code
X-Ratelimit-Limit
X-Ua
HitType
HostName
X-HS-Status
Host-ID
X-Dynatrace-Js-Agent
X-GDPR
X-Tt-Trace-Tag
User-Agent
Pragrma
On-Server
X-Swift-Error
X-BC
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-HostName
X-WR-MODIFICATION
X-PJAX-URL
X-Cache-Tag
X-Cdn-Request-ID
X-Aicache-OS
X-ServedByHost
X-Edge-Server
Cdn-Host
URI
X-NGINX-Cache
Cdn-Request-Time
PageSpeed
X-BE
X-TT-LOGID
Who
X-Ratelimit-Reset
X-SN
X-TH-Server
X-Upstream-Proxy
X-WA
CACHE
X-RateLimit-Reset
X-Ftr-Cache-Host
X-Response-By
X-DB
X-RPS
X-RSL
X-DI
X-DW
Powered-By
X-RPM
X-UPSTREAM-Address
X-DSS
X-Hello
X-Flog
X-ABtesting
CDN
X-Org
X-Fastly-Backend-Reqs
X-Cache-Ttl
X-Edge-O15-RID
X-Fpc
X-Action
SS
X-Cf-Powered-By
Dynatrace
Media-Length
X-Varnish-URL
X-LAGOON
SN
X-Varnish-Cacheable
DataCenter
X-Request-Time
Debug
X-ServerName
LB
Is-Session-Tracking
X-LB-ID
Get-Access-Time
Requestid
Server-Id
X-Gen-Id
X-Nananana
RequestUuid
Country-Code
X-Page-Type
X-Protected-By
Lb
X-Varnish-Beresp-TTL
Cneonction
X-SB
XxX-Cache-Status
X-VC
Xet-Cookie
NnCoection
Correlation-Id
RequestId
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Li-Proto
X-Dw-Trace-Id
SID
X-LiteSpeed-Tag
Product
Thinkindot-Cache-Type
Application
X-Fastly-Cache-Hits
Warning
X-Request-Url