Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-Request-ID
X-Template
X-DNS-Prefetch-Control
X-Language
X-Iinfo
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
X-AspNetMvc-Version
Upgrade
Access-Control-Expose-Headers
X-Kinja-Server-Push
Xkey
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-CDN
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Backend
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
X-Server
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Dns-Prefetch-Control
X-Rq
X-Cdn
X-WebKit-CSP
X-Ac
Report-To
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Server-Id
X-Response-Time
X-Cnection
Request-Id
X-Host
X-Backend-Server
X-DataDome
Content-Location
X-Cloud-Trace-Context
X-Node
X-Origin-Cache
X-Readtime
X-Cache-Lookup
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
X-Aspnetmvc-Version
X-Country
Surrogate-Control
Rating
X-DynaTrace
X-FTR-Request-ID
Pinterest-Generated-By
X-Country-Code
X-Goog-Hash
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Accept-Ch
X-Akam-SW-Version
X-MS-InvokeApp
X-Ws-Request-Id
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
X-Url
X-Instart-Request-ID
X-B3-TraceId
X-Ruxit-JS-Agent
Edge-Control
X-Powered-By-Plesk
Verso
SPRequestGuid
X-Mod-Pagespeed
Accept-Ch-Lifetime
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
X-D2id
Display
X-Ah-Environment
X-SharePointHealthScore
X-Trace
X-VARITI-CCR
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
RTSS
Service-Worker-Allowed
X-Server-Name
X-GitHub-Request-Id
SPIisLatency
SPRequestDuration
X-Server-ID
X-Navigation-Version
X-CST
X-ESI
X-Powered-CMS
Pagespeed
X-Debug
X-Abt-Application-Version
X-Vcap-Request-Id
Public-Key-Pins
Content-MD5
X-Amz-Server-Side-Encryption
X-Px
MS-Author-Via
X-Version
X-Upstream
Charset
X-TTL
X-Amz-Rid
X-NF-Request-ID
X-Forwarded-Proto
DynaTrace
Realpath
X-Shard
X-Cached
Fastly-Restarts
X-Recruiting
TCN
X-Vcache
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
X-SERVER
Arr-Disable-Session-Affinity
Pinterest-Version
X-Pinterest-Rid
X-MSEdge-Ref
X-Shield-Request-Id
Access-Control-Request-Method
Edge-Cache-Tag
X-DynaTrace-JS-Agent
Nginx-Cache
X-XRDS-Location
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
S
X-Ser
Front-End-Https
X-Fastly-Request-ID
X-Accel-Expires
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Goog-Storage-Class
X-Id
X-Varnish-Age
X-Element-Page-Cache
X-Client-IP
X-T
X-Ttl
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
Mrf-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-FTR-Backend
X-FTR-Backend-Server
X-RateLimit-Remaining
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
NR-ENABLED
X-HS-Hub-Id
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-HS-Content-Id
X-Frontend
X-Content-Digest
Powered
X-Hits
AR-CACHE
AR-PoweredBy
Ar-Sid
X-Fastcgi-Cache
AR-ATIME
X-Forwarded-For
ServerID
X-Kinsta-Cache
X-Correlation-Id
Cache-Tag
X-Grace
X-Litespeed-Cache
TP-Cache
TP-L2-Cache
X-HS-Cache-Config
X-FTR-Cache-Host
X-Cache-Hit
X-N
AMP-Access-Control-Allow-Source-Origin
PB-RID
X-Node-Name
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Srv
X-Request-Received
X-Request-Processing-Time
X-Content-Type
X-Request-Handler-Origin-Region
X-Microsite
Alternate-Protocol
X-Zen-Fury
X-Webkit-Csp
X-Hp-Webp
X-FastCGI-Cache
X-User-Agent
X-Rid
Server-Name
Server-Node
Healthy
X-Analytics
Backend-Timing
X-Via-JSL
X-Revision
X-LB-Cache
AR-Request-ID
X-Az
X-AppVersion
X-Activity-Id
Paypal-Debug-Id
Cache-Status
Retry-After
X-Logged-In
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-Webapp-Samesite-None-Activated-N
X-Ruxit-Js-Agent
X-IPLB-Instance
X-Type
X-Cached-By
X-NWS-LOG-UUID
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Oneagent-Js-Injection
X-GUploader-UploadID
X-HS-Combine-CSS
X-Cache-Age
X-Pad
FilterID
X-Varnish-Grace
X-B3-Sampled
X-F-Cache
X-Mobile-URL
X-Content-Options
Accept-Charset
X-FB-Debug
X-Debug-Info
Refresh
X-Instance
X-Tumblr-Pixel
X-Geo-Country
X-Tumblr-Pixel-0
X-Tumblr-User
X-AOL-HN
Access-Control-Allow-Method
X-Cluster
X-Jobs
X-Seen-By
X-Framework
X-App-Environment
X-B
Source
Host
Actual-Object-TTL
X-Request-Guid
DC
X-Page-Id
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Whom
X-VCache
X-PressLabs-Stats
X-PHP-Backend
Upgrade-Insecure-Requests
MS-CV
X-Esi
X-Content-Powered-By
Fastcgi-Useragent
X-Time
X-WebKit-CSP-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
X-ATG-Version
X-Cache-2
X-Cache-Key
X-Host-Name
X-Git-Hash
X-TT
X-Cache-Control
X-Cache-TTL
X-Cache-Operation
Surrogate-Key
X-Cache-Rule
X-Forwarded-Host
X-TA-CDN-Provider
X-Amz-Replication-Status
Frame-Options
Cache
X-Wix-Request-Id
X-Daa-Tunnel
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-FW-Hash
X-FW-Type
X-FW-Serve
X-FW-Static
X-FW-Server
X-Response-Served-From
NGB
Xserver
X-Mobile
X-B-Cache
X-Signature
X-Origin-Server
Tracecode
X-Tumblr-Pixel-2
Cache-Tv-Group
X-Tumblr-Pixel-1
X-Region
X-Hyper-Cache
X-UA-Device-Type
Webserver
Payment
X-Cache-Action
X-RequestSource
WPE-Backend
Filters
X-TX-ID
X-Cache-NE
Eomportal-Instance
X-Drupal-Cache-Tags
X-GeoIP
From-Origin
X-Adobe-Content
X-App-Server
Host-Header
X-Adobe-Loc
X-Handled-By
Cleartype
X-Cacheable-TTL
X-ProcessESI
X-RemovedCookies
X-EdgeConnect-Cache-Status
X-RTag
X-Webkit-CSP
Ms-Operation-Id
X-RateLimit-Limit
X-Cache-Enabled
Datacenter
X-Cache-TTL-Remaining
X-UA
Accept-CH-Lifetime
X-Status
X-Akamai-Transformed
X-Hostname
X-Contextid
X-NewRelic-App-Data
Liferay-Portal
Accept-CH
X-Cache-Server
X-BCube-Filmed-By
X-TT-TIMESTAMP
X-Load-Cache
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Edge-Location
X-FW-Dynamic
X-Varnish-Hostname
Odigeo-Trace-Id
Version
X-App-Version
X-Cache-Var
X-Path-Route
X-RN-RSRV
Load-Balancing
Meta-Geo
X-ES-SERVER
Server-Info
X-Cache-Var-Map
X-Varnish-Server
X-Rule
X-Xfnlog-Site
X-Viewer-Country
X-IP
Country
Cache-Tags
X-UUID
X-PCL
X-CCM
X-OCL
X-Cache-Config
DB-Nickname
X-Rocket-Nginx-Bypass
X-Varnish-Cache-Hits
Webcakes-Region
X-Akamai-Request-ID
X-Upgrade-Enabled
X-Hosted-By
Mn-Server-Ip
Property-Id
X-Via-Fastly
Webcakes-App-Version
X-FC-Vary-Parameters
X-From
TWC-Locale-Group
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
Azure-InstanceId
TWC-Device-Class
Azure-RegionName
X-TNCMS
X-Proto
X-EIG-Tracking-Id
X-Origin-Response-Time
X-Labrador-Cache-Channel
X-Origin-Hint
X-Origin
Fastly-SSL
X-Loop
TWC-Privacy
X-Info
X-ServerID
X-Pubstack
Azure-SiteName
X-Debug-Cache
X-Proxy
X-Drupal-Cache-Contexts
Azure-SlotName
Cache-Name
Azure-Version
X-R9-Blue-Green-Version
X-Cache-Host
L5d-Success-Class
X-Content-Age
Selected-Fe
S-Cnection
S-Rt
X-Access
X-ApacheServer
X-Akamai-Request-ID2
Release
Origin-Edge-Control
Decoy-Debug-TTL
Decoy-Debug-Status
DSUID
Ec-Rule-Version
Origin-Cache-Control
X-Backend-Name
X-Cache-Time
X-Real-IP
X-Proxy-Build
X-Time-Microsecs
X-Timing-Wait
X-Web-Node
X-VCT
X-PERF
X-JoinUs
X-Format
X-Cluster-Name
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Human
Decoy-Debug-Key
X-Section
X-Vgn-Hpd-Reason
X-Redis-Cache
X-Soup
X-Varnish-Hits
X-FireWall-Port
X-Origin-TTL
X-Origin-CC
Rt-Fastcgi-Cache
X-WA-Info
X-Storage
X-Www-Served-By
X-Site-Version
GEO-INFO
Viewport
X-Rendered-As
X-XRDS-LOCATION
Cache-Key
X-Cache-Grace
X-NWS-UUID-VERIFY
NGX
X-Locale
X-Guploader-Uploadid
Vix-Hermes-Req-Id
X-Cache-Remote
X-ProxyCache-Key
X-BYPASS-REASON
Cache-Hits
Cteonnt-Length
X-Hit
X-B3-SpanId
Uber-Trace-Id
X-ProxyCache-Status
X-GoCache-CacheStatus
Time
X-NCache
X-Backend-TTL
X-Is-Bot
X-PHP-Host
X-ATS-Timestamp
Origin
X-SS-Set-Cookie
X-CS
X-Oss-Request-Id
X-Device-Type
X-Oss-Server-Time
X-Generated-By
X-Oss-Storage-Class
X-Cache-Backend
X-Trace-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Amzn-Remapped-Content-Length
X-Tumblr-Pixel-3
Mime-Version
X-CF-Powered-By
Akamai-GRN
Accept-Language
Hostname
X-OVcl
X-UnsetCookies
X-OVcl-Cache
X-S
X-Accel-Buffering
X-Nginx-Cache-Key
X-Cluster-Node
X-Via-CDN
X-CACHE-KEY
Fastcgi-X-Cache-Version
X-FB-TRIP-ID
X-Environment-Context
X-L-Path
X-No-Session
X-ORACLE-APMCS-TAG
X-Cdn-Forward
X-ORACLE-APMCS-REQUEST-ID
X-Uri
Now
X-CSRF-TOKEN
X-MServer
X-Tb
X-FW-Version
Access-Control-Request-Headers
X-B3-Traceid
X-URL
OT-Force-Account-Verify
User-Cache-Control
ServerName
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
Content-Style-Type
X-ARC
Content-Script-Type
X-A-Dam
Rendered-Blocks
X-B-Cookie
X-Destination
X-CF-Lambda-Fn
X-D
X-Connection-Hash
X-VG-WebServer
X-Date
Request-EU
Node
Cross-Origin-Window-Policy
X-CF-Lambda-Version
Request-Country
X-Detected-As
X-Hl-Ver
Apple-News-Services-Request-Url
Meta-Geo-Continent
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Machine
X-AIR-PT
Apple-News-Services-Handled
Arc-Country
AsisCache
X-G
IsBot
X-VG-WebCache
X-A-Ccd
BehaviorPad-Version
Mobile-Detection-Method
X-External-Request-Id
X-DPWN-IS-SECURE
MD5-Digest
X-Application
X-A-Dgt
X-A-Wwc
X-Request-UUID
X-Svr
X-Rewrite-Enabled
X-Region-Sid
VivaBuild
X-Trv-Group
X-Twitter-Response-Tags
X-Transaction
X-Tec-Api-Origin
X-Tec-Api-Version
X-Rojux
Viewtype
X-A-Dcw
X-Server-Time
X-Session-Fingerprint
T-Server
X-SIPLIST1
X-Presslabs-Stats
X-SRCache-Key
X-S-Cookie
X-ScT
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Tec-Api-Root
X-Accel-Expires-Debug
X-A
Rt-Proxy-Cache
X-Processor
X-Aed
X-PAYTM-SRV-ID
X-NC
X-Endurance-Cache-Level
X-Matched-Rule
A
Thinkindot-Control
X-Cache-Debug
Server-Host
X-Proxy-Cache-Status
X-Request-URI
X-Gen-Mode
X-Location
X-NX-Host
X-Debug-Cookies
X-WADP-Cache
Server-Int
X-Parent-Response-Time
X-Clara-WADP
Thinkindot-CacheControl
X-Debug-Log
X-Proxy-Upstream
RNT-Time
X-Cache-Info
CDCHOST
X-Developer
X-S-Maxage
X-Thinkindot-L3
RNT-Machine
X-Reboot
Web-Mar-Node
X-Hnp-Log
X-Cms-Context
We-Hiring
Thinkindot-CacheControl-Type
X-Cache-Bucket
Mail-Subject
X-Block-Status
ServedBy
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Proxy-Connection
X-Varnish-Beresp-Grace
X-SaId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Sucuri-Id
X-Shopify-Stage
X-ShardId
NtCoent-Length
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
X-CGP
X-7Graus-Varnish-XKeys
X-C
X-Auto-Login
X-Nc
X-Azure-Ref-OriginShield
X-Clientip
X-7Graus-Varnish-Cache-Control
X-Cache-URL
X-BBXSRF
X-Cdn-Srv
X-App-Name
X-Cache-Id
X-Cdn-Origin
X-Cache-FS-Status
X-Azure-Ref
X-Origin-Expires
X-RateLimit-Limit-Second
X-Policy
X-RateLimit-Remaining-Second
X-Release
X-Request-Start
X-Reqid
X-Platform-Server
Wxu-Next-Hostname
X-Ms-Request-Id
X-Magnolia-Registration
X-Ms-Version
X-Old-Content-Length
X-Origin-Date
X-Server-IP
X-Service
X-We-Are-Hiring
X-VServer
X-WebServer
X-Webstats-RespID
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VG-TLSProxy
X-Variation
X-Sn-Servicetimems
X-Skip-Cache
X-TrackingId
X-Up
X-User
X-LI-UUID
X-Li-Pop
X-Distil-CS
X-Dispatcher-Server
X-Distributor
X-Epic-Correlation-Id
X-Fastly-Cache
X-Eu-Site
X-Dispatch
X-Developers
X-CUA
X-Core-Mission
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Generated-In
X-Generated-On
X-Is-Gdpr
X-Irp-Debug
X-JWT-State
X-Level-Front-Cache
X-Li-Fabric
X-Internal-Host
X-Instart-Isnd
X-Has-Esi
X-Generation-Time
X-Hash
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Compress-Hint
Wxu-Next-Region
Memcached
Magicmarker
Countrycode
Content-Disposition
Adler-Geo
Cache-Host
Esi-Enabled
Fastly-Soc-X-Request-Id
IBM-Web2-Location
Ha-Gx-Prefs
Is-Eu
Kp-EeAlive
Gh-Request-Id
HA-Ipaddr
Platform
Served-By
True-Client-Country-4JS
W
Section-Io-Cache
Wxu-Next-Commit
X-B3-Parentspanid
X-MSEdge-Flight
X-Swa-Ws
X-SVT-ORM-VERSION
X-MSEdge-Features
X-Thanos
X-Urbn-Context-Path
X-Owner
X-VC-Cache
X-Urbn-Site-Id
X-SVT-ORM-RULES
X-Node-Id
X-Device-Os
X-Key
X-LI-Proto
X-Logging-Id
X-Scheme
X-GeoIP-City
X-Geo-Header
X-ServiceProvider
AKAMAI
X-Qloud-Router
X-Method
X-SD-PageType
Pramga
PFcat
X-Backend-State
X-Bip
X-Agile-Age
X-Agile
V-Age
Heartbleed
SD-X-WS
Locale
X-Agile-Id
L
X-GRACE
Cache-Provider
X-APP-VERSION
Server-ID
X-Core-Value
X-Dc
X-NodeID
X-Lb-Id
Srv
X-Servername
X-Vdms-Version
X-Geo
GEO-REGION-INFO
CF-IPCountry
X-GEO
X-EC-Lua
Environment
X-AK-Request-ID
Cdncip
X-Shopify-Generated-Cart-Token
Request-Time
Cdnsip
X-Sigma
X-Sigma-Backend
X-Sucuri-Cache
X-Rocket-Build-Number
X-Newrelic-Synthetics
X-CDN-Forward
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-NGENIX-Cache
X-Servedbyhost
X-Planisys-CDN-Rules
X-Be
X-ECACHE
X-FPC
X-Pjax-Url
X-Unique-Id
Resin-Trace
X-Nginx-Cache
X-Microcachable
X-Upstream-Ct
X-Via-NSCOPI
Powered-By-ChinaCache
X-Tb-Optimization-Total-Bytes-Saved
X-Upstream-Ht
X-VHOST
X-Instart-Info
X-ElasticPress-Search
X-Unique-ID
Tcn
X-Backend-Host
X-Zone
X-Backend-Url
Group
X-Source
X-ND-Cache
X-B3-Spanid
X-Correlation-ID
X-RCS-CacheZone
X-Trafficlayer-App-Version
X-Var-Ttl
PageSpeed
Memory
CF-Cached-On
Backend-Name
Ohc-Cache-HIT
X-IPS-LoggedIn
Ohc-File-Size
SRV
X-Oracle-Dms-Rid
X-DC
N-Cache
X-AWS-Id
X-Req
Fly-Cache
Locid
X-VCL-Version
Pagetype
Lfy
Cache-Prefix
X-VWS-Id
Fly-Request-Id
X-LJ-Flow-ID
X-Upstream-CT
X-Upstream-HT
X-Dynatrace
X-Served-From
X-Gamma-Serve
Gannett-Cam-Experience-Id
X-Worker
X-COUNTRY
FNAC-ModuleRouting
Cdn
Geo-Info
Cf-Ipcountry
GeoIP-City
Amp-Access-Control-Allow-Source-Origin
GeoIP-Country-Code
Pics-Label
X-Refresh
X-Check-Cacheable
GeoIP-Latitude
X-Via-Ucdn
TTL
X-Ratelimit-Remaining
X-Ua
X-Cache-Miss-From
X-Pod
X-Pf-Uncompressing
X-Sedo-Request-Id
X-Server-W
X-Fetched-On
PICS-Label
X-Bc
X-Render-Time
X-Wa
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-PF-Uncompressing
X-CSRF-Token
Geoip-City
REQUESTUUID
X-Via-Edge
ProcessTime
Fastly-SIE
X-Via-SSL
GeoIp-Country-Code
Geoip-Latitude
Ttl
X-Sucuri-ID
XServer
X-Upstream-Proxy
X-Vcl-Version
X-Datadome
M-TraceId
X-NU-AKA-ACS-Version
X-APP
X-Ratelimit-Reset
X-CLOUD-TRACE-CONTEXT
X-HS-Status
X-LiteSpeed-Cache-Control
X-ZONE
X-GeoIP-Country-Code
X-Tt-Trace-Tag
X-Fstrz
X-Mode
X-SRV
X-HTML-Minification-Powered-By
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-GDPR
Cache-Cookie-Set-From
X-Ratelimit-Limit
X-TIME
Cdn-Host
X-Edge-Server
X-Fastly-Country-Code
Cdn-Request-Time
X-Dynatrace-Js-Agent
Pragrma
User-Agent
X-Cache-Tag
On-Server
X-SN
X-MP-GENERATED-AT
X-HostName
MIME-Version
X-Swift-Error
X-Org
X-ABtesting
X-Aicache-OS
X-ServedByHost
X-Flog
HitType
X-Hello
X-WR-MODIFICATION
URI
X-FORWARDED-FOR
X-NGINX-Cache
Host-ID
X-Response-By
X-BC
SS
HostName
X-BE
X-WA
Who
X-TT-LOGID
CACHE
X-Ftr-Cache-Host
X-RateLimit-Reset
X-Cdn-Request-ID
X-UPSTREAM-Address
X-DB
SN
X-Action
X-PJAX-URL
X-Fpc
Requestid
X-Cache-Ttl
X-Edge-O15-RID
X-DSS
X-DI
X-DW
X-Fastly-Backend-Reqs
X-RSL
X-RPM
X-RPS
X-Routing-Service
X-Zipkin-Id
Dynatrace
X-Proxied
X-LAGOON
X-TH-Server
X-Varnish-URL
X-Varnish-Cacheable
X-Cf-Powered-By
X-Page-Type
Country-Code
RequestUuid
Lb
DataCenter
Is-Session-Tracking
Debug
CDN
X-ServerName
Powered-By
Get-Access-Time
LB
Server-Id
UCS
X-Protected-By
Media-Length
X-SB
X-Tt-Trace-Host
X-Edge
XxX-Cache-Status
X-MID
X-MCACHE
X-VC
X-Nananana
X-Varnish-Beresp-TTL
X-Gen-Id
NnCoection
X-LB-ID
X-Dw-Trace-Id
Warning
X-LiteSpeed-Tag
X-Amzn-Remapped-Date
X-Akamai-ERRuleID
X-Akamai-ERPolicy
RequestId
Thinkindot-Cache-Type
Product
Application
SID
X-Fastly-Cache-Hits
Xet-Cookie
Correlation-Id
X-Request-Time
X-Li-Proto
X-Request-Url
X-Amzn-Remapped-Connection