Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Request-ID
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
X-AspNetMvc-Version
Access-Control-Expose-Headers
Upgrade
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
X-CDN
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Backend
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-AH-Environment
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-UA-Device
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Dns-Prefetch-Control
X-Rq
Report-To
X-Ac
EagleEye-TraceId
X-WebKit-CSP
X-Server-Id
X-Response-Time
X-OneAgent-JS-Injection
X-Host
X-Cnection
Request-Id
X-Backend-Server
X-DataDome
X-Cdn
Content-Location
X-Cloud-Trace-Context
X-Node
X-Origin-Cache
X-Readtime
X-Cache-Lookup
X-Vhost
NEL
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
X-Country
Surrogate-Control
Rating
X-DynaTrace
X-FTR-Request-ID
Pinterest-Generated-By
X-Country-Code
X-Ws-Request-Id
X-Goog-Hash
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Akam-SW-Version
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
Accept-Ch
X-Url
X-Instart-Request-ID
X-Ruxit-JS-Agent
Edge-Control
X-B3-TraceId
Verso
X-Powered-By-Plesk
X-Mod-Pagespeed
X-Aspnetmvc-Version
SPRequestGuid
X-Sol
X-Middleton-Response
Response
X-D2id
Display
X-Middleton-Display
X-SharePointHealthScore
X-Trace
X-VARITI-CCR
Accept-Ch-Lifetime
RTSS
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
Service-Worker-Allowed
X-Server-Name
X-GitHub-Request-Id
SPRequestDuration
Pagespeed
SPIisLatency
X-Server-ID
X-Navigation-Version
X-ESI
X-Powered-CMS
X-Debug
X-CST
X-Vcap-Request-Id
Content-MD5
X-Abt-Application-Version
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Vcache
X-Px
MS-Author-Via
X-Version
Charset
X-Ah-Environment
X-Upstream
X-Amz-Rid
X-NF-Request-ID
X-Forwarded-Proto
DynaTrace
Realpath
X-Cached
X-Shard
X-TTL
Fastly-Restarts
X-Recruiting
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
Edge-Cache-Tag
TCN
Arr-Disable-Session-Affinity
X-MSEdge-Ref
Pinterest-Version
X-Pinterest-Rid
Access-Control-Request-Method
X-Shield-Request-Id
X-DynaTrace-JS-Agent
Nginx-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
S
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Ser
X-Fastly-Request-ID
X-XRDS-Location
Front-End-Https
X-Ttl
X-Amz-Meta-S3cmd-Attrs
X-Accel-Expires
X-DIS-Request-ID
X-Goog-Storage-Class
X-Id
X-Element-Page-Cache
X-Client-IP
X-Varnish-Age
X-T
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-FTR-Cache-Status
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Expires
X-Amzn-Trace-Id
X-RateLimit-Remaining
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-SERVER
X-Dw-Request-Base-Id
X-Webkit-Csp
Fastcgi-Cache
NR-ENABLED
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
X-Content-Digest
Powered
X-Hits
X-Correlation-Id
X-Kinsta-Cache
Cache-Tag
X-Fastcgi-Cache
X-Grace
ServerID
AR-ATIME
AR-PoweredBy
AR-CACHE
X-FTR-Cache-Host
Ar-Sid
X-HS-Cache-Config
X-Litespeed-Cache
X-Forwarded-For
X-Cache-Hit
TP-L2-Cache
TP-Cache
X-Oneagent-Js-Injection
X-Node-Name
Alternate-Protocol
X-N
X-Request-Received
X-Request-Processing-Time
PB-RID
PB-PID
AMP-Access-Control-Allow-Source-Origin
X-Mobile-Rewrite
X-Request-Handler-Origin-Region
Arc-Version
X-Hp-Webp
X-Microsite
X-Content-Type
X-Zen-Fury
Server-Name
X-User-Agent
X-Srv
X-Rid
X-Webapp-Samesite-None-Activated-N
Backend-Timing
Server-Node
X-Analytics
X-Revision
Healthy
X-FastCGI-Cache
X-LB-Cache
X-Activity-Id
X-AppVersion
X-Content-Security-Policy-Report-Only
X-Az
X-Via-JSL
X-Ruxit-Js-Agent
Cache-Status
X-Akamai-Edgescape
X-Logged-In
Retry-After
Paypal-Debug-Id
AR-Request-ID
X-IPLB-Instance
X-Type
X-HS-Combine-CSS
X-Cached-By
X-Amzn-RequestId
X-Amz-Apigw-Id
X-NWS-LOG-UUID
X-GUploader-UploadID
X-Varnish-Grace
X-Pad
FilterID
X-B3-Sampled
X-Cache-Age
X-Mobile-URL
X-F-Cache
X-Content-Options
Refresh
X-Tumblr-Pixel-0
X-Tumblr-User
Accept-Charset
X-Tumblr-Pixel
X-Debug-Info
X-FB-Debug
X-Instance
X-Page-Id
X-Jobs
X-AOL-HN
Source
X-App-Environment
Host
Actual-Object-TTL
X-Geo-Country
X-Framework
X-Request-Guid
X-Cluster
X-B
Access-Control-Allow-Method
X-Seen-By
DC
X-PHP-Backend
X-PressLabs-Stats
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Upgrade-Insecure-Requests
X-Whom
X-Cache-Key
X-Varnish-Backend
MS-CV
X-Esi
X-WebKit-CSP-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-ATG-Version
X-Content-Powered-By
Fastcgi-Useragent
X-Cache-2
X-Host-Name
X-TT
X-Git-Hash
X-Cache-Control
X-Cache-TTL
X-Time
Surrogate-Key
X-TA-CDN-Provider
X-Amz-Replication-Status
Cache
X-Cache-Operation
X-Cache-Rule
Frame-Options
X-Forwarded-Host
X-FW-Type
X-Kong-Upstream-Latency
X-FW-Static
X-FW-Hash
Accept-CH-Lifetime
X-Wix-Request-Id
X-Kong-Proxy-Latency
X-FW-Serve
X-FW-Server
NGB
Xserver
X-Response-Served-From
X-Signature
X-B-Cache
X-Origin-Server
Accept-CH
X-Daa-Tunnel
X-Mobile
Host-Header
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Region
X-Cache-Action
X-RequestSource
Cache-Tv-Group
X-Hyper-Cache
WPE-Backend
X-Cache-NE
Filters
X-GeoIP
Eomportal-Instance
X-TX-ID
X-UA-Device-Type
X-Adobe-Content
X-Drupal-Cache-Tags
X-Adobe-Loc
Webserver
Payment
Tracecode
Cleartype
X-Cacheable-TTL
From-Origin
X-App-Server
X-Handled-By
X-Cache-Enabled
X-ProcessESI
X-EdgeConnect-Cache-Status
X-RemovedCookies
X-VCache
X-Webkit-CSP
X-UA
Ms-Operation-Id
X-RTag
Datacenter
X-Cache-TTL-Remaining
X-RateLimit-Limit
X-Akamai-Transformed
X-Status
X-Contextid
X-NewRelic-App-Data
X-Load-Cache
X-Cache-Server
X-Hostname
Liferay-Portal
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Edge-Location
X-TT-TIMESTAMP
X-BCube-Filmed-By
X-Varnish-Hostname
X-XRDS-LOCATION
X-FW-Dynamic
Odigeo-Trace-Id
X-Varnish-Server
Server-Info
Version
X-Cache-Var-Map
X-Rule
X-ES-SERVER
X-RN-RSRV
Meta-Geo
X-IP
X-Path-Route
X-Cache-Var
Load-Balancing
X-Viewer-Country
X-Xfnlog-Site
X-PCL
X-Debug-Cache
DB-Nickname
X-CCM
X-OCL
X-UUID
X-Rocket-Nginx-Bypass
Country
Cache-Tags
X-Origin-Hint
Cache-Name
X-From
X-Info
X-Origin
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-InstanceId
L5d-Success-Class
Property-Id
X-Varnish-Cache-Hits
Webcakes-App-Version
X-Via-Fastly
X-Upgrade-Enabled
X-Cache-Config
X-EIG-Tracking-Id
TWC-Connection-Speed
TWC-Privacy
Webcakes-App-Name
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
X-Cache-Host
Webcakes-Region
X-Pubstack
X-Origin-TTL
Mn-Server-Ip
X-R9-Blue-Green-Version
X-Real-IP
X-ServerID
X-Origin-CC
X-Proxy
Fastly-SSL
X-FireWall-Port
X-Akamai-Request-ID
X-ApacheServer
X-Akamai-Request-ID2
X-Format
X-Goog-Meta-Goog-Reserved-File-Mtime
Selected-Fe
S-Rt
Origin-Edge-Control
Decoy-Debug-TTL
DSUID
Origin-Cache-Control
X-FC-Vary-Parameters
Decoy-Debug-Status
Decoy-Debug-Key
X-Access
X-Backend-Name
S-Cnection
Release
X-Generated
X-PERF
X-Proxy-Build
X-Rendered-As
X-Proto
X-Origin-Response-Time
X-Redis-Cache
X-App-Version
X-Web-Node
X-Timing-Wait
X-Content-Age
X-VCT
X-Drupal-Cache-Contexts
X-Cluster-Name
X-Cache-Time
X-Section
X-JoinUs
X-Hosted-By
X-Human
X-Labrador-Cache-Channel
X-Varnish-Hits
X-Vgn-Hpd-Reason
X-Soup
X-Loop
X-TNCMS
NGX
X-Site-Version
X-Locale
Ec-Rule-Version
Viewport
X-Www-Served-By
X-Time-Microsecs
X-WA-Info
X-Storage
Rt-Fastcgi-Cache
X-NWS-UUID-VERIFY
Cache-Key
X-Is-Bot
X-ATS-Timestamp
GEO-INFO
X-Guploader-Uploadid
Vix-Hermes-Req-Id
X-ProxyCache-Status
X-ProxyCache-Key
X-B3-Traceid
X-BYPASS-REASON
X-Cache-Grace
Uber-Trace-Id
X-Oss-Hash-Crc64ecma
Cteonnt-Length
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Hit
Cache-Hits
X-NCache
X-Backend-TTL
X-GoCache-CacheStatus
X-Generated-By
X-PHP-Host
X-Cache-Backend
X-B3-SpanId
X-Cache-Remote
Origin
X-CS
Akamai-GRN
X-Device-Type
X-Amzn-Remapped-Content-Length
X-SS-Set-Cookie
X-Trace-Id
Time
X-CF-Powered-By
X-Tumblr-Pixel-3
Accept-Language
X-Accel-Buffering
X-OVcl-Cache
Mime-Version
X-OVcl
X-ORACLE-APMCS-TAG
X-Nginx-Cache-Key
X-ORACLE-APMCS-REQUEST-ID
Hostname
X-S
X-UnsetCookies
X-Environment-Context
X-Cluster-Node
X-FB-TRIP-ID
X-No-Session
X-L-Path
Fastcgi-X-Cache-Version
X-Via-CDN
X-Uri
X-Tb
Now
Access-Control-Request-Headers
X-MServer
X-URL
X-Cdn-Forward
X-Say-Cacheable
ServerName
User-Cache-Control
X-Say-TTL
X-SayCDN-TTL
X-AIR-PT
X-Tec-Api-Version
Content-Style-Type
X-Connection-Hash
Content-Script-Type
X-CF-Lambda-Version
X-B-Cookie
IsBot
X-Processor
X-Application
X-PAYTM-SRV-ID
X-ARC
X-CF-Lambda-Fn
Cross-Origin-Window-Policy
Apple-News-Services-Request-Url
T-Server
Apple-News-Services-Handled
Apple-News-Services-Host
X-G
X-Destination
X-DPWN-IS-SECURE
X-Detected-As
X-External-Request-Id
Apple-News-Services-Parsed-Url
Machine
X-D
X-SaId
X-Tec-Api-Origin
X-Date
BehaviorPad-Version
X-Hl-Ver
Arc-Country
AsisCache
X-Tec-Api-Root
MD5-Digest
Request-Country
X-SRCache-Key
Request-EU
X-Svr
Rendered-Blocks
X-SIPLIST1
X-A-Dam
X-A-Ccd
X-A
X-Aed
X-Transaction
X-Trv-Group
VivaBuild
Viewtype
X-FW-Version
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Twitter-Response-Tags
X-VG-WebCache
X-VG-WebServer
Rt-Proxy-Cache
X-Session-Fingerprint
X-CSRF-TOKEN
X-Rewrite-Enabled
Meta-Geo-Continent
X-Rojux
X-CACHE-KEY
X-Presslabs-Stats
X-Accel-Expires-Debug
X-A-Wwc
X-S-Cookie
Mobile-Detection-Method
Node
X-Server-Time
X-A-Dcw
X-Region-Sid
X-ScT
X-Request-UUID
X-A-Dgt
X-Endurance-Cache-Level
Proxy-Connection
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Server-Int
Thinkindot-Control
Server-Host
X-Debug-Cookies
RNT-Machine
Web-Mar-Node
X-Clara-WADP
X-Cms-Context
X-Cache-Info
X-Cache-Debug
X-Cache-Bucket
RNT-Time
X-Debug-Log
CDCHOST
X-Block-Status
We-Hiring
X-Request-URI
Mail-Subject
X-Gen-Mode
X-Proxy-Upstream
X-Proxy-Cache-Status
X-NX-Host
X-Hnp-Log
X-Matched-Rule
X-S-Maxage
OT-Force-Account-Verify
X-APP-VERSION
X-WADP-Cache
X-NC
X-Thinkindot-L3
X-Varnish-Beresp-Status
ServedBy
X-Varnish-Beresp-Grace
NtCoent-Length
X-Varnish-Beresp-Ttl
X-Service
X-SD-PageType
X-Eu-Site
X-ShardId
X-ShopId
Wxu-Next-Region
X-Shopify-Stage
X-Fastly-Cache
X-Generated-In
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Alternate-Cache-Key
X-Reboot
X-Release
X-Request-Start
X-Reqid
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Webstats-RespID
True-Client-Country-4JS
X-WebServer
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Distil-CS
X-Distributor
X-Dispatch
X-Epic-Correlation-Id
Wxu-Next-Commit
Wxu-Next-Hostname
X-Developer
X-Developers
W
X-VG-TLSProxy
X-TrackingId
X-Amz-Meta-Cache-Control
X-App-Name
X-Ms-Request-Id
X-IN-APIGATEWAYSSL
X-Magnolia-Registration
X-CGP
X-Ms-Version
X-Old-Content-Length
X-Debug-Cache-Store
X-Location
X-Compress-Hint
X-Irp-Debug
X-Instart-Isnd
X-Debug-Cache-Expiry
X-CUA
X-Key
X-Level-Front-Cache
X-Core-Mission
X-Cdn-Srv
X-Cache-URL
X-Azure-Ref
X-IN-APIGATEWAY
X-Backend-State
X-Auto-Login
X-Hash
X-Generated-On
X-Generation-Time
X-BBXSRF
X-Dispatcher-Server
X-Cache-Id
X-Origin-Date
X-Cache-FS-Status
X-Origin-Expires
X-C
X-Policy
X-Debug-Cache-Fetch
X-Azure-Ref-OriginShield
SD-X-WS
Kp-EeAlive
Fastly-Soc-X-Request-Id
Magicmarker
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Cache-Host
A
Esi-Enabled
X-Geo
X-Sucuri-Id
Cache-Provider
X-Parent-Response-Time
X-B3-Parentspanid
X-Nc
X-GeoIP-City
X-Variation
X-Geo-Header
X-User
X-Has-Esi
X-Is-Gdpr
X-Internal-Host
X-Urbn-Site-Id
X-VC-Cache
X-JWT-State
Content-Disposition
X-Clientip
Countrycode
X-We-Are-Hiring
X-VServer
Adler-Geo
AKAMAI
X-Core-Value
X-Urbn-Context-Path
X-Qloud-Router
X-Platform-Server
X-MSEdge-Flight
X-Scheme
X-Server-IP
X-SVT-ORM-VERSION
X-Skip-Cache
X-ServiceProvider
X-Swa-Ws
X-MSEdge-Features
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Logging-Id
X-Up
X-Thanos
X-Method
X-SVT-ORM-RULES
X-Owner
Locale
Served-By
PFcat
X-Agile-Id
X-Agile-Age
Memcached
X-Bip
X-Agile
V-Age
L
IBM-Web2-Location
Heartbleed
Section-Io-Cache
Pramga
X-7Graus-Varnish-Cache-Control
Is-Eu
X-7Graus-Varnish-XKeys
Platform
Srv
X-Device-Os
X-LI-Proto
X-Node-Id
X-Dc
X-Sn-Servicetimems
X-Cdn-Origin
X-NodeID
Server-ID
X-Vdms-Version
X-Lb-Id
X-EC-Lua
Cdncip
X-CDN-Forward
X-Rocket-Build-Number
CF-IPCountry
Cdnsip
X-Servername
X-AK-Request-ID
GEO-REGION-INFO
X-Sigma-Backend
X-Sucuri-Cache
X-Shopify-Generated-Cart-Token
X-Sigma
X-GRACE
Environment
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Unique-Id
Tcn
X-Planisys-CDN-Rules
X-Newrelic-Synthetics
X-Upstream-Ht
X-Upstream-Ct
Request-Time
X-Be
Powered-By-ChinaCache
X-Via-NSCOPI
X-Nginx-Cache
X-FPC
X-Zone
X-B3-Spanid
X-Pjax-Url
X-Servedbyhost
X-Tb-Optimization-Total-Bytes-Saved
X-RCS-CacheZone
Resin-Trace
X-ND-Cache
X-Microcachable
X-VHOST
X-ECACHE
X-Source
X-NGENIX-Cache
X-Instart-Info
X-ElasticPress-Search
X-Trafficlayer-App-Version
X-GEO
X-Unique-ID
X-Backend-Url
X-Backend-Host
Group
X-Req
X-Oracle-Dms-Rid
X-Var-Ttl
Geo-Info
X-IPS-LoggedIn
Backend-Name
Locid
X-DC
Memory
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
N-Cache
X-Served-From
X-VCL-Version
X-Gamma-Serve
FNAC-ModuleRouting
CF-Cached-On
SRV
Ohc-Cache-HIT
Ohc-File-Size
X-Dynatrace
Cache-Prefix
Lfy
Fly-Request-Id
Gannett-Cam-Experience-Id
X-Refresh
X-COUNTRY
Pagetype
Fly-Cache
X-Correlation-ID
Cdn
X-Ratelimit-Remaining
Pics-Label
TTL
X-Pf-Uncompressing
X-Check-Cacheable
X-Worker
X-Upstream-HT
Amp-Access-Control-Allow-Source-Origin
Cf-Ipcountry
X-Upstream-CT
ProcessTime
GeoIP-City
PICS-Label
GeoIP-Country-Code
X-TIME
X-Render-Time
X-Sucuri-ID
GeoIP-Latitude
X-CSRF-Token
M-TraceId
X-Pod
X-SRV
X-Bc
X-Via-Ucdn
X-Sedo-Request-Id
X-Cache-Miss-From
GeoIp-Country-Code
Geoip-Latitude
X-Fetched-On
X-HTML-Minification-Powered-By
REQUESTUUID
Geoip-City
Ttl
X-Server-W
X-Via-Edge
X-Via-SSL
XServer
PageSpeed
X-NU-AKA-ACS-Version
X-Vcl-Version
X-Wa
X-Mode
X-GeoIP-Country-Code
X-Ua
X-Rebelmouse-Cache-Control
Fastly-SWR
X-APP
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-CLOUD-TRACE-CONTEXT
X-PF-Uncompressing
X-LiteSpeed-Cache-Control
X-Fstrz
X-FORWARDED-FOR
X-HS-Status
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-ZONE
X-Ratelimit-Limit
X-Upstream-Proxy
X-Tt-Trace-Tag
HitType
X-MP-GENERATED-AT
X-Cache-Tag
X-Fastly-Country-Code
MIME-Version
X-Ratelimit-Reset
X-HostName
X-GDPR
X-Dynatrace-Js-Agent
User-Agent
Cdn-Host
Pragrma
On-Server
HostName
X-Edge-Server
Host-ID
Cdn-Request-Time
X-Swift-Error
X-ServedByHost
X-NGINX-Cache
X-Aicache-OS
URI
X-WR-MODIFICATION
X-BC
X-SN
X-BE
X-Zipkin-Id
X-Cdn-Request-ID
X-WA
X-Routing-Service
X-Proxied
X-PJAX-URL
X-TT-LOGID
X-Flog
X-Org
X-ABtesting
Who
SS
X-Hello
X-Response-By
X-RateLimit-Reset
CACHE
X-DI
X-DB
X-Action
X-Edge-O15-RID
X-Cache-Ttl
X-DW
X-DSS
SN
X-Fastly-Backend-Reqs
X-RSL
X-RPS
X-UPSTREAM-Address
X-RPM
Dynatrace
X-Fpc
Powered-By
X-TH-Server
Requestid
X-Varnish-Cacheable
X-LAGOON
X-Varnish-URL
X-Cf-Powered-By
CDN
Lb
DataCenter
Debug
X-Page-Type
X-ServerName
Is-Session-Tracking
LB
Server-Id
RequestUuid
Get-Access-Time
Country-Code
Media-Length
X-Ftr-Cache-Host
X-Request-Time
X-SB
X-Protected-By
X-VC
X-Nananana
X-Varnish-Beresp-TTL
X-LB-ID
X-Gen-Id
NnCoection
X-LiteSpeed-Tag
Warning
UCS
X-Edge
X-Dw-Trace-Id
SID
X-Amzn-Remapped-Connection
XxX-Cache-Status
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-MCACHE
X-MID
Application
X-Li-Proto
X-Fastly-Cache-Hits
X-Amzn-Remapped-Date
Product
X-Tt-Trace-Host
RequestId
Thinkindot-Cache-Type
X-Request-Url
Correlation-Id
Xet-Cookie