Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Iinfo
X-Language
X-AspNetMvc-Version
Status
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-AH-Environment
X-Cache-Group
X-Age
X-Ua-Compatible
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-WebKit-CSP
Report-To
EagleEye-TraceId
X-Ac
X-Server-Id
X-Response-Time
X-OneAgent-JS-Injection
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
X-Node
Content-Location
X-Origin-Cache
X-Cloud-Trace-Context
X-Dns-Prefetch-Control
X-Readtime
X-Cache-Lookup
X-Cdn
NEL
X-Vhost
X-Ws-Request-Id
P3p
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-HW
Allow
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
X-DynaTrace
Surrogate-Control
Rating
X-FTR-Request-ID
X-Country
X-Country-Code
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-Akam-SW-Version
X-Goog-Hash
Pinterest-Generated-By
X-TtlSet
X-Instart-Request-ID
X-Vname
X-PC
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Varnish-TTL
Edge-Control
X-B3-TraceId
X-Url
X-Mod-Pagespeed
Verso
SPRequestGuid
X-Powered-By-Plesk
X-D2id
X-Trace
X-SharePointHealthScore
Pagespeed
X-Middleton-Response
X-Sol
Response
Display
X-VARITI-CCR
X-Middleton-Display
RTSS
X-Kinja-Revision
Service-Worker-Allowed
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Server-Name
X-GoogleNews-Bot
X-GitHub-Request-Id
X-Server-ID
X-ESI
SPIisLatency
X-TTL
SPRequestDuration
Accept-Ch
Content-MD5
X-Navigation-Version
X-Vcache
X-Powered-CMS
X-Debug
X-Abt-Application-Version
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
Public-Key-Pins
X-CST
Charset
MS-Author-Via
X-Upstream
X-Forwarded-Proto
X-Cached
X-NF-Request-ID
X-Amz-Rid
X-Px
Realpath
X-Version
DynaTrace
Edge-Cache-Tag
MicrosoftSharePointTeamServices
Accept-Ch-Lifetime
X-Shard
TCN
Arr-Disable-Session-Affinity
Fastly-Restarts
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Pinterest-Version
X-Ezoic-Cdn
X-Pinterest-Rid
X-Shield-Request-Id
X-Ser
Access-Control-Request-Method
X-MSEdge-Ref
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
X-Fastly-Request-ID
X-Recruiting
X-XRDS-Location
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Accel-Expires
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-DIS-Request-ID
Front-End-Https
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-Goog-Storage-Class
X-Id
X-T
X-Varnish-Age
X-Element-Page-Cache
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-Webkit-Csp
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Cache-Tag
Fastcgi-Cache
X-HS-Hub-Id
X-HS-Cache-Config
X-Fastcgi-Cache
X-HS-Content-Id
X-Webapp-Samesite-None-Activated-N
X-Frontend
X-Content-Digest
NR-ENABLED
Powered
X-Hits
X-Ttl
X-Correlation-Id
X-Kinsta-Cache
Accept-CH
X-Litespeed-Cache
X-RateLimit-Remaining
X-FTR-Cache-Host
Accept-CH-Lifetime
Alternate-Protocol
X-Grace
X-Hp-Webp
X-Aspnetmvc-Version
ServerID
X-N
X-Cache-Hit
X-Request-Processing-Time
X-Request-Received
TP-Cache
TP-L2-Cache
X-Node-Name
X-Microsite
PB-RID
PB-PID
X-Request-Handler-Origin-Region
Arc-Version
X-HS-Combine-CSS
Server-Name
X-Mobile-Rewrite
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
Healthy
X-Zen-Fury
X-Rid
X-Content-Type
X-Revision
X-Analytics
Backend-Timing
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
Server-Node
X-Logged-In
X-LB-Cache
AR-ATIME
AR-PoweredBy
AR-CACHE
Cache-Status
X-Az
X-Activity-Id
X-AppVersion
X-Forwarded-For
X-Pad
X-Amz-Apigw-Id
Ar-Sid
X-Amzn-RequestId
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
X-IPLB-Instance
X-Cached-By
Retry-After
X-Varnish-Grace
X-Mobile-URL
X-Type
X-FastCGI-Cache
X-Srv
X-B3-Sampled
X-Ruxit-Js-Agent
X-Content-Options
Paypal-Debug-Id
X-GUploader-UploadID
X-F-Cache
Refresh
X-Geo-Country
X-Via-JSL
Upgrade-Insecure-Requests
X-Tumblr-Pixel-0
X-Varnish-Backend
X-Tumblr-User
X-Tumblr-Pixel
X-App-Environment
X-Instance
X-Jobs
Source
Accept-Charset
X-FB-Debug
Host
X-Debug-Info
Actual-Object-TTL
X-Framework
X-Request-Guid
FilterID
X-AOL-HN
X-Cluster
DC
Access-Control-Allow-Method
X-PHP-Backend
X-Cache-Age
X-Page-Id
X-B
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-WebKit-CSP-Report-Only
X-Seen-By
X-ATG-Version
X-Cache-Key
AR-Request-ID
MS-CV
X-TT
X-Content-Powered-By
Fastcgi-Useragent
X-Git-Hash
X-Cache-TTL
X-Cache-2
X-Whom
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Cache
X-Esi
X-UA
X-PressLabs-Stats
X-Cache-Control
X-TA-CDN-Provider
X-Amz-Replication-Status
X-Host-Name
X-Wix-Request-Id
X-B-Cache
Surrogate-Key
X-Signature
Host-Header
X-Response-Served-From
Frame-Options
NGB
X-Daa-Tunnel
X-Mobile
X-Cache-Rule
X-GeoIP
X-RequestSource
X-Origin-Server
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-Kong-Proxy-Latency
X-FW-Type
X-Kong-Upstream-Latency
X-Cache-Operation
WPE-Backend
X-Tumblr-Pixel-2
Cache-Tv-Group
X-Cache-Enabled
X-Drupal-Cache-Tags
X-Tumblr-Pixel-1
X-Region
X-Cacheable-TTL
X-Cache-NE
Payment
Webserver
Filters
Eomportal-Instance
X-Cache-Action
X-Hyper-Cache
X-Handled-By
X-TX-ID
Cleartype
X-Adobe-Loc
X-Adobe-Content
Xserver
X-UA-Device-Type
X-SERVER
From-Origin
X-EdgeConnect-Cache-Status
X-Forwarded-Host
X-RemovedCookies
X-ProcessESI
X-Time
Datacenter
X-RTag
X-Load-Cache
X-Akamai-Transformed
X-Hostname
Ms-Operation-Id
X-Cache-TTL-Remaining
X-App-Server
X-NewRelic-App-Data
X-Cache-Server
X-Edge-Location
X-Status
Liferay-Portal
Tracecode
X-Contextid
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-XRDS-LOCATION
X-ATS-Timestamp
X-Varnish-Hostname
X-Varnish-Server
X-BCube-Filmed-By
X-Rule
X-TT-TIMESTAMP
Odigeo-Trace-Id
Country
X-Cache-Var
X-ES-SERVER
X-Path-Route
X-Cache-Var-Map
X-RN-RSRV
Load-Balancing
Meta-Geo
Server-Info
X-Upgrade-Enabled
X-FW-Dynamic
Release
X-VCT
X-Xfnlog-Site
X-Viewer-Country
X-Debug-Cache
DSUID
X-PCL
Webcakes-Region
X-Rocket-Nginx-Bypass
TWC-Locale-Group
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
TWC-GeoIP-Country
X-Cache-Config
X-Cache-Host
TWC-Device-Class
X-Pubstack
TWC-Privacy
DB-Nickname
X-EIG-Tracking-Id
Version
Cache-Tags
X-CCM
TWC-Connection-Speed
Webcakes-App-Version
Webcakes-App-Name
X-Via-Fastly
X-Varnish-Cache-Hits
X-Origin-Hint
X-OCL
Property-Id
X-Soup
Mn-Server-Ip
Selected-Fe
S-Rt
Origin-Edge-Control
X-Akamai-Request-ID
X-Akamai-Request-ID2
X-Drupal-Cache-Contexts
X-Cache-Time
Origin-Cache-Control
NGX
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-Version
Cache-Name
L5d-Success-Class
Fastly-SSL
X-FC-Vary-Parameters
X-Hosted-By
X-ServerID
X-Real-IP
X-Proxy-Build
X-Timing-Wait
X-TNCMS
X-Web-Node
X-UUID
X-Proxy
X-Proto
X-IP
X-Human
X-Labrador-Cache-Channel
X-Loop
X-Origin-Response-Time
X-Origin
Azure-InstanceId
X-From
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Redis-Cache
X-Oss-Object-Type
X-NWS-UUID-VERIFY
X-Oss-Storage-Class
X-Backend-Name
X-PERF
X-ApacheServer
X-Access
X-Vgn-Hpd-Reason
X-Site-Version
X-FireWall-Port
X-Section
Viewport
X-Www-Served-By
X-Rendered-As
Ec-Rule-Version
X-Format
X-Cluster-Name
X-Content-Age
X-Goog-Meta-Goog-Reserved-File-Mtime
X-RateLimit-Limit
X-Locale
X-JoinUs
S-Cnection
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Generated
X-VCache
X-Info
X-Time-Microsecs
X-Varnish-Hits
X-ORACLE-APMCS-REQUEST-ID
X-Is-Bot
X-ORACLE-APMCS-TAG
X-Storage
X-Guploader-Uploadid
Uber-Trace-Id
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
X-Origin-CC
X-URL
Rt-Fastcgi-Cache
X-Origin-TTL
X-Generated-By
X-Cache-Backend
X-PHP-Host
Cache-Key
Cteonnt-Length
X-Accel-Buffering
X-Amzn-Remapped-Content-Length
X-WA-Info
X-Presslabs-Stats
Akamai-GRN
X-App-Version
GEO-INFO
Time
Vix-Hermes-Req-Id
X-SS-Set-Cookie
Cache-Hits
X-GoCache-CacheStatus
X-NCache
X-Nginx-Cache-Key
X-Hit
X-SaId
Origin
X-Trace-Id
X-Cache-Remote
X-Backend-TTL
X-CF-Powered-By
X-APP-VERSION
X-FB-TRIP-ID
X-No-Session
Accept-Language
X-Environment-Context
X-L-Path
X-Device-Type
X-MServer
X-Cache-Grace
X-CS
X-Geo
X-B3-Traceid
X-Tb
X-Tumblr-Pixel-3
Access-Control-Request-Headers
X-OVcl
X-Say-Cacheable
X-OVcl-Cache
X-Say-TTL
X-SayCDN-TTL
X-B3-SpanId
X-Unique-Id
X-S
X-Cluster-Node
X-Uri
X-Tec-Api-Origin
X-CACHE-KEY
X-Tec-Api-Version
X-CDN-Forward
X-Tec-Api-Root
User-Cache-Control
Fastcgi-X-Cache-Version
Srv
X-Via-CDN
X-Hl-Ver
X-PAYTM-SRV-ID
Machine
MD5-Digest
AsisCache
Content-Script-Type
Content-Style-Type
X-Processor
IsBot
Cross-Origin-Window-Policy
BehaviorPad-Version
Arc-Country
X-Sorting-Hat-PodId
X-ScT
X-ShopId
X-Server-Time
X-ShardId
X-Alternate-Cache-Key
X-S-Cookie
ServedBy
X-Shopify-Stage
X-G
X-Region-Sid
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Request-UUID
X-Rewrite-Enabled
X-Sorting-Hat-ShopId
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Request-Country
X-B-Cookie
X-A-Ccd
X-Rojux
X-A-Dam
X-VG-WebServer
X-Vtex-Processado-Em
X-Connection-Hash
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-A
X-A-Dcw
X-VG-WebCache
X-Aed
X-Transaction
X-Accel-Expires-Debug
X-A-Wwc
X-AIR-PT
X-Application
X-ARC
X-A-Dgt
X-Twitter-Response-Tags
X-D
X-Svr
Node
Rendered-Blocks
X-Detected-As
X-Trv-Group
Xc-Version
X-DPWN-IS-SECURE
X-External-Request-Id
X-Service
Mobile-Detection-Method
X-Destination
Request-EU
X-SIPLIST1
X-Date
X-SRCache-Key
VivaBuild
X-Session-Fingerprint
Viewtype
X-Vtex-Remote-Cache
Rt-Proxy-Cache
Server-Host
Meta-Geo-Continent
T-Server
Mail-Subject
We-Hiring
X-Ah-Environment
Mime-Version
NtCoent-Length
X-CSRF-TOKEN
X-EC-Lua
ServerName
Now
X-Dc
OT-Force-Account-Verify
X-Endurance-Cache-Level
X-Ms-Version
X-Gen-Mode
X-NX-Host
Hostname
RNT-Time
X-Proxy-Cache-Status
X-Generated-On
RNT-Machine
X-Ms-Request-Id
X-Location
X-Level-Front-Cache
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Hnp-Log
X-Matched-Rule
X-Hash
X-Instart-Isnd
X-Dispatcher-Server
X-Cms-Context
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Clara-WADP
X-FW-Version
X-Block-Status
X-Cache-Bucket
X-Cache-Debug
X-Cache-Info
Web-Mar-Node
X-Core-Value
X-Debug-Log
Server-Int
X-Dispatch
X-Proxy-Upstream
X-Debug-Cookies
Thinkindot-CacheControl
X-CUA
X-UnsetCookies
Thinkindot-Control
Thinkindot-CacheControl-Type
Served-By
Kp-EeAlive
X-Reqid
X-User
X-Webstats-RespID
Cache-Host
X-Varnish-Beresp-Ttl
X-WADP-Cache
X-S-Maxage
CDCHOST
X-Request-URI
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-RateLimit-Remaining-Second
X-Thinkindot-L3
X-Shopify-Generated-Cart-Token
X-Reboot
X-RateLimit-Limit-Second
Proxy-Connection
X-B3-Parentspanid
X-VServer
X-Developers
X-Core-Mission
X-VG-TLSProxy
X-Thanos
X-TrackingId
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Up
X-Variation
X-VC-Cache
X-Debug-Cache-Fetch
X-Swa-Ws
X-Clientip
X-Vdms-Version
X-C
X-Wikidot-Static-Cache
X-Bip
X-BBXSRF
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Backend-State
X-Wikidot-Backend
X-Cache-FS-Status
X-CGP
X-We-Are-Hiring
X-SVT-ORM-VERSION
X-Cdn-Srv
X-WebServer
X-Cache-Id
X-Cache-URL
X-Compress-Hint
X-Sigma
X-LI-UUID
X-Auto-Login
X-Logging-Id
X-Li-Pop
X-Li-Fabric
X-Is-Gdpr
X-JWT-State
X-Key
X-Magnolia-Registration
X-Method
X-Owner
X-Platform-Server
X-Policy
X-Origin-Expires
X-Origin-Date
X-Release
X-Old-Content-Length
X-Irp-Debug
X-Request-Start
X-Qloud-Router
X-Server-IP
X-SD-PageType
X-Sigma-Backend
X-Distributor
X-Sucuri-Cache
X-Skip-Cache
X-Distil-CS
X-Epic-Correlation-Id
X-Eu-Site
X-GeoIP-City
X-Has-Esi
X-Rocket-Build-Number
X-Generation-Time
X-Generated-In
X-Fastly-Cache
X-Scheme
X-SVT-ORM-RULES
X-Geo-Header
Heartbleed
PFcat
IBM-Web2-Location
HA-Ipaddr
W
Pramga
AKAMAI
Gh-Request-Id
True-Client-Country-4JS
X-NC
Memcached
Magicmarker
X-Parent-Response-Time
L
Adler-Geo
Is-Eu
Section-Io-Cache
SD-X-WS
Platform
Ha-Gx-Prefs
X-Agile
X-Amz-Meta-Cache-Control
X-Agile-Age
X-Agile-Id
Esi-Enabled
Content-Disposition
Countrycode
X-App-Name
Fastly-Soc-X-Request-Id
X-Nc
Cache-Provider
Cdnsip
X-ServiceProvider
Cdncip
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-LI-Proto
X-Urbn-Site-Id
Locale
X-Planisys-CDN-Cache
X-AK-Request-ID
X-7Graus-Varnish-XKeys
X-Internal-Host
X-MSEdge-Flight
X-NodeID
X-Urbn-Context-Path
X-7Graus-Varnish-Cache-Control
X-MSEdge-Features
V-Age
X-Cdn-Forward
X-RCS-CacheZone
X-Source
X-B3-Spanid
Powered-By-ChinaCache
X-Via-NSCOPI
X-Upstream-Ht
X-Upstream-Ct
Server-ID
X-COUNTRY
X-SRV
X-Developer
A
X-Servername
X-ND-Cache
X-GRACE
X-Trafficlayer-App-Version
GEO-REGION-INFO
X-Device-Os
X-Sn-Servicetimems
X-Be
X-Cdn-Origin
X-Nginx-Cache
CF-IPCountry
Environment
X-TIME
X-Node-Id
X-Sucuri-Id
X-FPC
X-Lb-Id
X-Req
X-FORWARDED-FOR
Locid
X-VHOST
FNAC-ModuleRouting
Geo-Info
X-Gamma-Serve
X-Microcachable
X-Served-From
Tcn
X-Sucuri-ID
X-Servedbyhost
X-Zone
X-Newrelic-Synthetics
X-Webkit-CSP
X-Refresh
Request-Time
ProcessTime
X-Tb-Optimization-Total-Bytes-Saved
X-Ratelimit-Remaining
X-Pjax-Url
Resin-Trace
X-HTML-Minification-Powered-By
X-IPS-LoggedIn
X-AWS-Id
X-Pf-Uncompressing
X-VWS-Id
X-Render-Time
X-LJ-Flow-ID
Memory
X-NU-AKA-ACS-Version
Gannett-Cam-Experience-Id
X-Edge-O15-RID
Group
X-ECACHE
X-ElasticPress-Search
X-VCL-Version
X-Instart-Info
X-Correlation-ID
Cf-Ipcountry
CF-Cached-On
GeoIp-Country-Code
X-Backend-Host
Amp-Access-Control-Allow-Source-Origin
X-GeoIP-Country-Code
X-NGENIX-Cache
Geoip-Latitude
XServer
X-Backend-Url
X-DC
TTL
Geoip-City
X-Var-Ttl
X-CSRF-Token
X-Pod
Pics-Label
Backend-Name
PICS-Label
X-MP-GENERATED-AT
X-Unique-ID
X-Bc
X-Mode
MIME-Version
Lfy
N-Cache
X-Via-SSL
X-Via-Edge
Cdn
GeoIP-City
Pagetype
REQUESTUUID
GeoIP-Latitude
GeoIP-Country-Code
X-Check-Cacheable
X-Vcl-Version
X-ZONE
Fly-Request-Id
Ttl
X-APP
M-TraceId
X-GEO
Cache-Prefix
Fly-Cache
X-CLOUD-TRACE-CONTEXT
X-Fstrz
X-Worker
Ohc-Cache-HIT
Ohc-File-Size
HostName
Host-ID
X-Ratelimit-Limit
X-Via-Ucdn
X-Routing-Service
X-Zipkin-Id
X-Proxied
Cache-Cookie-Set-Idcheck
SRV
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-HS-Status
HitType
X-Cache-Miss-From
X-PF-Uncompressing
X-Sedo-Request-Id
X-Swift-Error
X-LiteSpeed-Cache-Control
X-Fetched-On
X-Upstream-HT
X-Fastly-Country-Code
X-Cdn-Request-ID
X-Upstream-CT
X-PJAX-URL
X-BC
X-Server-W
X-Dynatrace-Js-Agent
On-Server
URI
X-ServedByHost
X-TH-Server
Fastly-SIE
X-Cache-Tag
X-Rebelmouse-Cache-Control
Pragrma
User-Agent
X-Rebelmouse-Surrogate-Control
Fastly-SWR
X-Wa
X-Varnish-Ttl
X-HostName
X-Aicache-OS
X-Tt-Trace-Tag
X-WR-MODIFICATION
X-NGINX-Cache
Powered-By
X-UPSTREAM-Address
X-Request-Time
Who
X-WA
X-TT-LOGID
CDN
CACHE
X-RateLimit-Reset
X-GDPR
X-LB-ID
Media-Length
X-BE
Dynatrace
X-Varnish-Cacheable
X-Varnish-URL
X-Fpc
X-LAGOON
X-Fastly-Backend-Reqs
Cdn-Request-Time
X-Edge-Server
Cdn-Host
X-Cf-Powered-By
DataCenter
FSS-Proxy
Debug
SS
X-ServerName
X-Hello
X-ABtesting
X-Flog
Is-Session-Tracking
Get-Access-Time
FSS-Cache
X-SN
Server-Id
LB
X-Ftr-Cache-Host
Filterid
X-Ua
AR-SID
X-RSL
X-Tt-Trace-Host
X-Protected-By
X-RPM
X-RPS
X-Action
X-DSS
X-Response-By
X-Org
X-Gen-Id
X-DB
X-DI
SN
X-DW
X-Varnish-Beresp-TTL
X-LiteSpeed-Tag
XxX-Cache-Status
Warning
X-VC
Xet-Cookie
X-SB
UCS
RequestId
Requestid
Cneonction
NnCoection
X-Request-Url
X-Li-Proto
SID
Product
X-Fastly-Cache-Hits
Thinkindot-Cache-Type
X-Dw-Trace-Id
X-Akamai-ERPolicy
Application
X-Akamai-ERRuleID
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Nananana