Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Xss-Protection
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-Request-ID
X-Template
X-Language
X-Iinfo
X-DNS-Prefetch-Control
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
X-AspNetMvc-Version
Upgrade
Access-Control-Expose-Headers
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-CDN
X-Via
X-Cache-Group
X-Age
CF-Ray
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Backend
EagleId
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-UA-Device
X-AH-Environment
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
X-Server
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-Cdn
X-Ac
X-WebKit-CSP
Report-To
EagleEye-TraceId
X-Server-Id
X-Response-Time
X-Cnection
X-OneAgent-JS-Injection
Request-Id
X-Host
X-Backend-Server
X-DataDome
Content-Location
X-Cloud-Trace-Context
X-Node
X-Origin-Cache
X-Readtime
X-Cache-Lookup
X-Vhost
NEL
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
X-Aspnetmvc-Version
X-Country
Rating
Surrogate-Control
X-DynaTrace
Pinterest-Generated-By
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Accept-Ch
X-Akam-SW-Version
X-MS-InvokeApp
X-Varnish-TTL
X-Vname
X-TtlSet
X-PC
X-Ws-Request-Id
X-Url
X-Instart-Request-ID
X-B3-TraceId
X-Ruxit-JS-Agent
Edge-Control
X-Powered-By-Plesk
Verso
SPRequestGuid
X-Mod-Pagespeed
Accept-Ch-Lifetime
X-Middleton-Response
X-Sol
Response
Display
X-Middleton-Display
X-D2id
X-Ah-Environment
X-SharePointHealthScore
X-Trace
X-VARITI-CCR
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Use-Magma
X-Exp-Id
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
RTSS
Service-Worker-Allowed
X-Server-Name
X-GitHub-Request-Id
SPIisLatency
SPRequestDuration
X-Server-ID
X-Navigation-Version
X-CST
X-ESI
X-Powered-CMS
Pagespeed
X-Debug
X-Vcap-Request-Id
Public-Key-Pins
Content-MD5
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Px
MS-Author-Via
X-Version
Charset
X-Upstream
X-Amz-Rid
X-Vcache
X-NF-Request-ID
X-Forwarded-Proto
Realpath
DynaTrace
X-Shard
X-Cached
Fastly-Restarts
X-Recruiting
X-TTL
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
TCN
X-SERVER
Arr-Disable-Session-Affinity
Pinterest-Version
X-Pinterest-Rid
X-Shield-Request-Id
X-MSEdge-Ref
Edge-Cache-Tag
Access-Control-Request-Method
X-DynaTrace-JS-Agent
Nginx-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
S
X-Ser
X-XRDS-Location
X-Fastly-Request-ID
Front-End-Https
X-Ttl
X-Amz-Meta-S3cmd-Attrs
X-Accel-Expires
X-DIS-Request-ID
X-Goog-Storage-Class
X-Id
X-Element-Page-Cache
X-Varnish-Age
X-Client-IP
X-T
X-B3-TraceId-Primal
X-FTR-Backend-Server
X-FTR-Balancer
Mrf-Cache-Status
X-FTR-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-Mrf-Item-Lastmod
X-FTR-DC
X-RateLimit-Remaining
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-Webkit-Csp
Fastcgi-Cache
NR-ENABLED
X-HS-Content-Id
X-Trafficlayer-App-Scope
X-HS-Hub-Id
X-Trafficlayer-App-Name
X-Frontend
X-Content-Digest
X-Hits
Powered
X-Correlation-Id
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
ServerID
X-Forwarded-For
X-Fastcgi-Cache
X-Grace
X-Kinsta-Cache
Cache-Tag
X-FTR-Cache-Host
X-Litespeed-Cache
X-HS-Cache-Config
X-Cache-Hit
TP-Cache
TP-L2-Cache
X-Oneagent-Js-Injection
X-Node-Name
AMP-Access-Control-Allow-Source-Origin
X-N
PB-RID
PB-PID
X-Request-Received
X-Srv
Arc-Version
X-Request-Processing-Time
X-Mobile-Rewrite
X-Content-Type
Alternate-Protocol
X-Request-Handler-Origin-Region
X-Microsite
X-Zen-Fury
X-Hp-Webp
X-FastCGI-Cache
Server-Name
X-Rid
Server-Node
X-User-Agent
X-Analytics
Backend-Timing
X-Revision
X-Via-JSL
Healthy
X-LB-Cache
AR-Request-ID
X-AppVersion
X-Activity-Id
Paypal-Debug-Id
X-Az
Cache-Status
Retry-After
X-Logged-In
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-Webapp-Samesite-None-Activated-N
X-Ruxit-Js-Agent
X-IPLB-Instance
X-Type
X-Cached-By
X-Amzn-RequestId
X-NWS-LOG-UUID
X-Amz-Apigw-Id
X-GUploader-UploadID
X-HS-Combine-CSS
X-Varnish-Grace
X-Cache-Age
FilterID
X-Pad
X-B3-Sampled
X-Mobile-URL
X-F-Cache
Refresh
Accept-Charset
X-Content-Options
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Jobs
X-AOL-HN
X-App-Environment
X-Page-Id
X-Instance
X-FB-Debug
Source
X-Debug-Info
X-Request-Guid
X-B
Actual-Object-TTL
X-Framework
Host
X-Cluster
X-Seen-By
X-Geo-Country
Access-Control-Allow-Method
X-PHP-Backend
X-Whom
DC
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-PressLabs-Stats
Upgrade-Insecure-Requests
MS-CV
X-Cache-Key
X-Esi
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Powered-By
X-WebKit-CSP-Report-Only
X-Varnish-Backend
X-ATG-Version
X-Host-Name
X-Cache-2
X-Time
Fastcgi-Useragent
X-Git-Hash
X-TT
X-Cache-Control
X-Cache-TTL
X-VCache
Surrogate-Key
X-Cache-Rule
X-Cache-Operation
X-Forwarded-Host
X-TA-CDN-Provider
X-Amz-Replication-Status
Cache
X-Daa-Tunnel
Frame-Options
X-FW-Static
X-FW-Server
X-Kong-Proxy-Latency
X-FW-Type
X-FW-Serve
X-FW-Hash
X-Kong-Upstream-Latency
X-Wix-Request-Id
Xserver
NGB
X-Response-Served-From
X-Mobile
Tracecode
X-Origin-Server
X-B-Cache
X-Signature
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Eomportal-Instance
X-Region
X-RequestSource
X-UA-Device-Type
X-Hyper-Cache
X-GeoIP
Cache-Tv-Group
WPE-Backend
X-Cache-NE
X-Cache-Action
Filters
Host-Header
X-Adobe-Content
X-Adobe-Loc
X-App-Server
Webserver
Payment
X-Drupal-Cache-Tags
X-TX-ID
From-Origin
Cleartype
X-Cacheable-TTL
X-ProcessESI
X-RemovedCookies
X-Handled-By
X-EdgeConnect-Cache-Status
X-RateLimit-Limit
Ms-Operation-Id
X-Cache-Enabled
X-RTag
X-Webkit-CSP
Datacenter
X-Cache-TTL-Remaining
X-UA
X-Status
Accept-CH-Lifetime
X-Akamai-Transformed
X-Contextid
X-NewRelic-App-Data
Accept-CH
X-Cache-Server
Liferay-Portal
X-Load-Cache
X-Hostname
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-TT-TIMESTAMP
X-BCube-Filmed-By
X-Edge-Location
X-XRDS-LOCATION
X-FW-Dynamic
X-Varnish-Hostname
Odigeo-Trace-Id
Server-Info
Version
X-IP
X-App-Version
X-Cache-Var
X-Varnish-Server
X-Cache-Var-Map
Load-Balancing
X-ES-SERVER
Meta-Geo
X-Path-Route
X-RN-RSRV
X-Viewer-Country
X-Rule
X-Xfnlog-Site
X-PCL
X-OCL
X-UUID
X-CCM
X-Debug-Cache
Cache-Tags
Country
DB-Nickname
Azure-SlotName
Azure-SiteName
Cache-Name
TWC-Locale-Group
Azure-Version
Azure-InstanceId
TWC-Privacy
X-EIG-Tracking-Id
Property-Id
Mn-Server-Ip
X-Info
TWC-GeoIP-LatLong
X-From
L5d-Success-Class
Azure-RegionName
Webcakes-App-Name
X-Rocket-Nginx-Bypass
X-Pubstack
X-Proxy
Webcakes-Region
Webcakes-App-Version
TWC-Device-Class
X-ServerID
X-Origin
X-Real-IP
X-R9-Blue-Green-Version
TWC-Connection-Speed
X-Cache-Host
TWC-GeoIP-Country
X-Upgrade-Enabled
X-Content-Age
X-Origin-Hint
X-Via-Fastly
X-Cache-Config
X-Varnish-Cache-Hits
X-Goog-Meta-Goog-Reserved-File-Mtime
DSUID
X-FC-Vary-Parameters
Fastly-SSL
X-Drupal-Cache-Contexts
X-Cluster-Name
X-Generated
Decoy-Debug-Key
X-Format
Decoy-Debug-TTL
X-FireWall-Port
Decoy-Debug-Status
X-Cache-Time
X-Akamai-Request-ID2
X-Backend-Name
X-Section
X-Human
X-Proto
S-Cnection
S-Rt
X-Proxy-Build
X-PERF
X-Timing-Wait
X-Origin-Response-Time
X-ApacheServer
Release
X-Akamai-Request-ID
Origin-Edge-Control
X-Rendered-As
X-Web-Node
X-Hosted-By
X-VCT
Origin-Cache-Control
X-JoinUs
X-Access
Selected-Fe
X-Labrador-Cache-Channel
X-Time-Microsecs
X-Redis-Cache
X-Varnish-Hits
X-Vgn-Hpd-Reason
X-Origin-TTL
X-WA-Info
X-Loop
X-Origin-CC
X-Soup
X-TNCMS
X-Www-Served-By
Viewport
GEO-INFO
X-Locale
X-Site-Version
Ec-Rule-Version
X-NWS-UUID-VERIFY
Cache-Key
X-Storage
NGX
Rt-Fastcgi-Cache
X-Cache-Grace
Vix-Hermes-Req-Id
X-Guploader-Uploadid
X-Cache-Remote
X-Is-Bot
Cteonnt-Length
X-B3-SpanId
X-ProxyCache-Key
Cache-Hits
X-BYPASS-REASON
X-ProxyCache-Status
X-Hit
X-Backend-TTL
Uber-Trace-Id
X-NCache
X-GoCache-CacheStatus
X-ATS-Timestamp
Origin
X-Device-Type
X-Cache-Backend
X-Oss-Storage-Class
Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-PHP-Host
X-Trace-Id
X-CS
X-Generated-By
Mime-Version
X-SS-Set-Cookie
X-Tumblr-Pixel-3
Akamai-GRN
X-Amzn-Remapped-Content-Length
Hostname
Accept-Language
X-CF-Powered-By
X-UnsetCookies
X-OVcl-Cache
X-OVcl
X-S
X-Accel-Buffering
X-Nginx-Cache-Key
X-Cluster-Node
X-Via-CDN
X-FB-TRIP-ID
Fastcgi-X-Cache-Version
X-No-Session
X-ORACLE-APMCS-TAG
X-Cdn-Forward
X-Uri
X-ORACLE-APMCS-REQUEST-ID
X-Environment-Context
X-L-Path
Now
X-Tb
X-B3-Traceid
X-URL
Access-Control-Request-Headers
X-MServer
ServerName
User-Cache-Control
X-FW-Version
Node
Mobile-Detection-Method
Rendered-Blocks
T-Server
Viewtype
VivaBuild
Meta-Geo-Continent
Rt-Proxy-Cache
Request-EU
Request-Country
BehaviorPad-Version
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
Arc-Country
X-A
IsBot
Machine
Cross-Origin-Window-Policy
Content-Style-Type
AsisCache
Content-Script-Type
MD5-Digest
X-Accel-Expires-Debug
X-ScT
X-Server-Time
X-Session-Fingerprint
X-SIPLIST1
X-S-Cookie
X-Rojux
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-SRCache-Key
X-Svr
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Processor
X-PAYTM-SRV-ID
X-AIR-PT
X-Application
X-ARC
X-B-Cookie
X-Aed
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Dgt
X-CF-Lambda-Fn
X-Connection-Hash
X-External-Request-Id
X-G
X-Hl-Ver
X-DPWN-IS-SECURE
X-Detected-As
X-D
X-Date
X-Destination
X-A-Ccd
X-CF-Lambda-Version
X-Tec-Api-Version
X-Presslabs-Stats
X-CACHE-KEY
X-Tec-Api-Origin
X-Tec-Api-Root
X-CSRF-TOKEN
X-NC
OT-Force-Account-Verify
X-Endurance-Cache-Level
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Cache-Bucket
Web-Mar-Node
RNT-Time
CDCHOST
X-Parent-Response-Time
RNT-Machine
X-Cache-Debug
Server-Int
Server-Host
Thinkindot-CacheControl
X-Clara-WADP
X-Request-URI
X-Proxy-Upstream
X-Proxy-Cache-Status
X-S-Maxage
X-WADP-Cache
ServedBy
X-Thinkindot-L3
X-NX-Host
X-Matched-Rule
X-Debug-Cookies
X-Cms-Context
A
X-Debug-Log
X-Developer
X-Hnp-Log
X-Gen-Mode
X-Cache-Info
X-Block-Status
Mail-Subject
We-Hiring
X-ShopId
X-ShardId
NtCoent-Length
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-SaId
X-Alternate-Cache-Key
X-Sucuri-Id
Proxy-Connection
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Policy
X-Backend-State
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Irp-Debug
X-RateLimit-Remaining-Second
X-Request-Start
X-BBXSRF
X-Instart-Isnd
X-Reqid
X-Release
X-Key
X-Reboot
Magicmarker
X-RateLimit-Limit-Second
SD-X-WS
X-Ms-Request-Id
True-Client-Country-4JS
X-Ms-Version
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Magnolia-Registration
X-Epic-Correlation-Id
X-Location
X-Old-Content-Length
X-Origin-Date
X-Origin-Expires
X-Wikidot-Static-Cache
X-App-Name
X-Level-Front-Cache
X-Amz-Meta-Cache-Control
X-Auto-Login
X-IN-APIGATEWAY
X-Generated-In
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-CUA
X-Core-Mission
X-Generated-On
X-WebServer
X-Sn-Servicetimems
X-TrackingId
Cache-Host
X-VG-TLSProxy
X-Distributor
X-Eu-Site
X-Distil-CS
X-Dispatcher-Server
X-Fastly-Cache
X-Developers
X-Dispatch
X-Compress-Hint
Esi-Enabled
X-Cache-Id
HA-Ipaddr
Ha-Gx-Prefs
X-Webstats-RespID
X-Cache-FS-Status
W
X-Wikidot-Backend
X-C
Kp-EeAlive
Gh-Request-Id
X-SD-PageType
X-CGP
Fastly-Soc-X-Request-Id
X-Generation-Time
X-Cdn-Srv
X-Service
X-Hash
X-Cache-URL
X-Cdn-Origin
X-IN-APIGATEWAYSSL
X-B3-Parentspanid
Cache-Provider
X-Nc
X-GeoIP-City
X-Has-Esi
X-Geo-Header
X-Skip-Cache
X-Clientip
X-ServiceProvider
X-Server-IP
Locale
X-Bip
X-Scheme
Is-Eu
Heartbleed
IBM-Web2-Location
Countrycode
X-We-Are-Hiring
X-Variation
X-Device-Os
X-User
X-VC-Cache
AKAMAI
X-VServer
Adler-Geo
X-Urbn-Site-Id
X-Urbn-Context-Path
X-SVT-ORM-RULES
Content-Disposition
X-SVT-ORM-VERSION
X-Swa-Ws
X-Up
X-Thanos
X-Internal-Host
L
X-MSEdge-Features
X-Li-Fabric
X-MSEdge-Flight
X-Node-Id
X-Agile-Id
X-Agile
X-Li-Pop
X-LI-UUID
V-Age
X-Logging-Id
X-Method
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
Served-By
X-Agile-Age
Pramga
PFcat
Platform
Memcached
X-Is-Gdpr
X-JWT-State
X-Qloud-Router
X-Platform-Server
Section-Io-Cache
X-Owner
X-APP-VERSION
X-NodeID
X-LI-Proto
Server-ID
X-Geo
X-Core-Value
X-Dc
X-Lb-Id
X-Vdms-Version
Srv
X-Servername
CF-IPCountry
GEO-REGION-INFO
Environment
X-GRACE
X-EC-Lua
Cdnsip
X-Sigma
X-Sigma-Backend
X-AK-Request-ID
X-Rocket-Build-Number
Tcn
X-Shopify-Generated-Cart-Token
Request-Time
X-Sucuri-Cache
Cdncip
X-Newrelic-Synthetics
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Be
X-CDN-Forward
X-Planisys-CDN-TTL
X-Pjax-Url
X-NGENIX-Cache
X-ECACHE
X-GEO
X-FPC
X-Upstream-Ht
X-Nginx-Cache
X-Via-NSCOPI
X-Unique-Id
X-Microcachable
X-ElasticPress-Search
X-Servedbyhost
Powered-By-ChinaCache
X-Instart-Info
Resin-Trace
X-VHOST
X-Upstream-Ct
X-Tb-Optimization-Total-Bytes-Saved
X-Unique-ID
X-ND-Cache
X-Backend-Host
Group
X-Backend-Url
X-Zone
X-Source
X-RCS-CacheZone
X-B3-Spanid
PageSpeed
X-Var-Ttl
Backend-Name
CF-Cached-On
X-Trafficlayer-App-Version
Ohc-Cache-HIT
Ohc-File-Size
SRV
X-IPS-LoggedIn
X-Oracle-Dms-Rid
X-DC
N-Cache
Memory
Lfy
Pagetype
X-LJ-Flow-ID
X-VCL-Version
X-VWS-Id
Cache-Prefix
Locid
Fly-Cache
X-AWS-Id
X-Req
Fly-Request-Id
X-Upstream-HT
X-Upstream-CT
X-Dynatrace
Gannett-Cam-Experience-Id
X-Served-From
Cdn
X-COUNTRY
Geo-Info
X-Gamma-Serve
X-Worker
FNAC-ModuleRouting
X-Correlation-ID
Cf-Ipcountry
X-Refresh
TTL
X-Check-Cacheable
X-Via-Ucdn
X-Ratelimit-Remaining
Amp-Access-Control-Allow-Source-Origin
Pics-Label
X-Ua
PICS-Label
X-CSRF-Token
X-Sedo-Request-Id
X-Cache-Miss-From
GeoIP-City
X-Fetched-On
X-Pod
GeoIP-Latitude
GeoIP-Country-Code
X-Pf-Uncompressing
X-Server-W
X-Bc
X-Rebelmouse-Surrogate-Control
ProcessTime
X-Wa
X-Via-Edge
X-Via-SSL
X-Render-Time
Geoip-City
X-APP
Fastly-SWR
Ttl
X-Rebelmouse-Cache-Control
REQUESTUUID
Fastly-SIE
GeoIp-Country-Code
Geoip-Latitude
X-Upstream-Proxy
X-Sucuri-ID
XServer
X-Vcl-Version
X-PF-Uncompressing
M-TraceId
X-Ratelimit-Reset
X-HTML-Minification-Powered-By
X-Datadome
X-CLOUD-TRACE-CONTEXT
X-TIME
X-NU-AKA-ACS-Version
X-GeoIP-Country-Code
X-Fstrz
X-HS-Status
X-ZONE
X-LiteSpeed-Cache-Control
X-Tt-Trace-Tag
X-Mode
X-SRV
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-GDPR
Cache-Cookie-Set-From
X-HostName
X-Ratelimit-Limit
X-Edge-Server
X-Fastly-Country-Code
Cdn-Host
Cdn-Request-Time
X-Dynatrace-Js-Agent
X-SN
X-Cache-Tag
User-Agent
On-Server
Pragrma
HitType
X-Swift-Error
X-MP-GENERATED-AT
MIME-Version
X-ABtesting
URI
Host-ID
X-Response-By
X-FORWARDED-FOR
X-NGINX-Cache
X-ServedByHost
SS
X-BC
X-Aicache-OS
X-WR-MODIFICATION
X-Flog
X-Org
X-Hello
HostName
X-TT-LOGID
X-WA
Who
X-BE
CACHE
X-RateLimit-Reset
Requestid
X-Fastly-Backend-Reqs
X-DW
X-RPM
X-DB
SN
X-Action
X-RPS
X-DI
X-DSS
X-Cdn-Request-ID
X-UPSTREAM-Address
X-PJAX-URL
X-Edge-O15-RID
X-RSL
X-Cache-Ttl
X-Zipkin-Id
Dynatrace
X-Routing-Service
X-Proxied
X-Varnish-Cacheable
X-Page-Type
X-Cf-Powered-By
X-Fpc
X-Varnish-URL
X-LAGOON
RequestUuid
Country-Code
Lb
DataCenter
CDN
Server-Id
X-TH-Server
X-ServerName
Powered-By
Get-Access-Time
LB
Is-Session-Tracking
Debug
X-Ftr-Cache-Host
UCS
X-SB
X-VC
X-MCACHE
X-MID
XxX-Cache-Status
X-Nananana
Media-Length
X-Varnish-Beresp-TTL
X-Tt-Trace-Host
X-Gen-Id
X-Edge
X-Protected-By
X-Request-Url
NnCoection
Warning
X-LB-ID
X-LiteSpeed-Tag
X-Akamai-ERPolicy
RequestId
Correlation-Id
X-Request-Time
Xet-Cookie
X-Akamai-ERRuleID
X-Amzn-Remapped-Connection
SID
X-Fastly-Cache-Hits
Application
X-Li-Proto
Thinkindot-Cache-Type
X-Amzn-Remapped-Date
X-Dw-Trace-Id
Product