Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Iinfo
X-Language
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
X-Ua-Compatible
EagleId
X-AH-Environment
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-WebKit-CSP
Report-To
X-Ac
EagleEye-TraceId
X-Server-Id
X-Response-Time
X-Host
X-Cnection
Request-Id
X-OneAgent-JS-Injection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Cloud-Trace-Context
X-Origin-Cache
X-Readtime
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Cdn
X-Vhost
NEL
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ws-Request-Id
X-Origin-Upstream-Status
Surrogate-Control
X-Country
Rating
X-DynaTrace
X-Country-Code
X-FTR-Request-ID
X-Goog-Hash
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-Akam-SW-Version
Pinterest-Generated-By
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
X-Url
X-MS-InvokeApp
X-Instart-Request-ID
X-Ruxit-JS-Agent
Accept-Ch
Edge-Control
Verso
X-Powered-By-Plesk
X-Mod-Pagespeed
SPRequestGuid
X-B3-TraceId
X-D2id
Response
X-Sol
X-Middleton-Response
X-Trace
Display
X-Middleton-Display
X-SharePointHealthScore
X-VARITI-CCR
RTSS
Pagespeed
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
Service-Worker-Allowed
X-Server-Name
X-GitHub-Request-Id
SPIisLatency
SPRequestDuration
Accept-Ch-Lifetime
X-Server-ID
X-Navigation-Version
X-ESI
X-Powered-CMS
X-Debug
Content-MD5
X-Vcache
X-Abt-Application-Version
X-Vcap-Request-Id
X-CST
X-Amz-Server-Side-Encryption
Public-Key-Pins
Charset
MS-Author-Via
X-Upstream
X-Px
X-Version
X-Amz-Rid
X-Forwarded-Proto
X-NF-Request-ID
DynaTrace
X-Cached
Realpath
X-Shard
X-TTL
X-Aspnetmvc-Version
TCN
Fastly-Restarts
MicrosoftSharePointTeamServices
Edge-Cache-Tag
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Recruiting
Arr-Disable-Session-Affinity
X-Ezoic-Cdn
X-MSEdge-Ref
X-Shield-Request-Id
Pinterest-Version
Access-Control-Request-Method
X-Pinterest-Rid
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
S
Nginx-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Fastly-Request-ID
X-XRDS-Location
Front-End-Https
X-Accel-Expires
X-Ttl
X-DIS-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-Client-IP
X-Ah-Environment
X-Id
X-Varnish-Age
X-Element-Page-Cache
X-T
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
X-Trafficlayer-App-Scope
X-FTR-Cache-Status
X-Trafficlayer-App-Name
X-Country-Code-Real
X-FTR-Expires
X-Amzn-Trace-Id
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-Webkit-Csp
X-Dw-Request-Base-Id
X-RateLimit-Remaining
Fastcgi-Cache
NR-ENABLED
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
Cache-Tag
X-Content-Digest
Powered
X-Hits
X-Correlation-Id
X-Fastcgi-Cache
X-Kinsta-Cache
X-Grace
ServerID
X-HS-Cache-Config
X-Litespeed-Cache
X-FTR-Cache-Host
TP-L2-Cache
X-Oneagent-Js-Injection
TP-Cache
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-ATIME
X-Cache-Hit
Alternate-Protocol
X-Node-Name
X-Webapp-Samesite-None-Activated-N
X-Hp-Webp
X-Request-Processing-Time
X-Request-Received
X-Forwarded-For
X-Request-Handler-Origin-Region
X-Microsite
PB-RID
PB-PID
AMP-Access-Control-Allow-Source-Origin
X-Mobile-Rewrite
X-N
Arc-Version
Server-Name
X-Content-Type
X-Zen-Fury
X-User-Agent
X-Rid
Backend-Timing
X-Analytics
X-Revision
Server-Node
Healthy
X-Content-Security-Policy-Report-Only
X-FastCGI-Cache
X-LB-Cache
X-Akamai-Edgescape
X-Ruxit-Js-Agent
X-Az
X-AppVersion
X-Activity-Id
X-Logged-In
X-Srv
Cache-Status
Retry-After
X-HS-Combine-CSS
X-Via-JSL
X-Amz-Apigw-Id
Paypal-Debug-Id
X-Amzn-RequestId
X-IPLB-Instance
X-Cached-By
X-Type
X-SERVER
X-NWS-LOG-UUID
X-Pad
X-GUploader-UploadID
X-Varnish-Grace
AR-Request-ID
FilterID
X-Mobile-URL
X-B3-Sampled
X-Cache-Age
X-Content-Options
X-F-Cache
Refresh
X-Geo-Country
Accept-Charset
X-Tumblr-Pixel
X-FB-Debug
X-Tumblr-Pixel-0
X-Debug-Info
X-Tumblr-User
X-Instance
Host
X-AOL-HN
X-Jobs
X-Page-Id
Source
X-App-Environment
Upgrade-Insecure-Requests
Actual-Object-TTL
Access-Control-Allow-Method
X-Framework
X-Request-Guid
X-Cluster
X-B
X-PHP-Backend
X-Varnish-Backend
DC
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-PressLabs-Stats
X-Seen-By
X-WebKit-CSP-Report-Only
X-Cache-Key
X-Esi
X-Whom
X-ATG-Version
MS-CV
Accept-CH-Lifetime
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Accept-CH
Fastcgi-Useragent
X-TT
X-Git-Hash
X-Cache-2
X-Host-Name
X-Cache-Control
X-Cache-TTL
Cache
X-Time
Surrogate-Key
X-Amz-Replication-Status
X-Cache-Operation
X-Cache-Rule
X-TA-CDN-Provider
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Frame-Options
X-Wix-Request-Id
Xserver
X-FW-Server
X-FW-Static
X-FW-Hash
X-FW-Type
NGB
X-Response-Served-From
X-Daa-Tunnel
X-FW-Serve
X-B-Cache
X-Signature
X-Forwarded-Host
X-Origin-Server
Host-Header
Cache-Tv-Group
X-Tumblr-Pixel-1
X-Mobile
X-Tumblr-Pixel-2
X-GeoIP
WPE-Backend
X-Cache-Action
Webserver
X-Cache-NE
X-Drupal-Cache-Tags
X-Region
X-Hyper-Cache
Filters
X-RequestSource
Eomportal-Instance
X-UA
X-TX-ID
X-Adobe-Loc
X-Cacheable-TTL
Payment
X-Adobe-Content
From-Origin
Cleartype
X-UA-Device-Type
X-Handled-By
X-Cache-Enabled
X-ProcessESI
X-RemovedCookies
X-EdgeConnect-Cache-Status
X-App-Server
Tracecode
X-RTag
Ms-Operation-Id
Datacenter
X-Cache-TTL-Remaining
X-NewRelic-App-Data
X-Akamai-Transformed
X-Hostname
X-Status
X-Contextid
X-Load-Cache
X-RateLimit-Limit
Liferay-Portal
X-Cache-Server
X-Edge-Location
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-BCube-Filmed-By
X-VCache
X-TT-TIMESTAMP
X-B3-Traceid
X-Varnish-Hostname
X-XRDS-LOCATION
Odigeo-Trace-Id
X-Varnish-Server
X-FW-Dynamic
Server-Info
X-Rule
Load-Balancing
X-Path-Route
X-RN-RSRV
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
X-IP
Country
X-Viewer-Country
Version
X-Xfnlog-Site
DB-Nickname
X-Debug-Cache
Cache-Tags
X-Rocket-Nginx-Bypass
X-Cache-Config
X-UUID
X-CCM
X-OCL
X-PCL
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-Region
Azure-InstanceId
TWC-Privacy
Azure-SiteName
Azure-RegionName
X-Labrador-Cache-Channel
X-Cache-Host
Webcakes-App-Name
X-Drupal-Cache-Contexts
X-Varnish-Cache-Hits
TWC-Locale-Group
Webcakes-App-Version
X-EIG-Tracking-Id
X-Pubstack
X-R9-Blue-Green-Version
X-From
X-Upgrade-Enabled
Azure-SlotName
X-Real-IP
X-Proxy
TWC-Device-Class
S-Rt
X-Akamai-Request-ID
X-Origin
Azure-Version
L5d-Success-Class
X-Origin-Response-Time
X-Info
TWC-Connection-Speed
X-ServerID
Cache-Name
X-Via-Fastly
X-Web-Node
Property-Id
Mn-Server-Ip
X-Origin-Hint
Release
Origin-Edge-Control
Origin-Cache-Control
X-JoinUs
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Generated
DSUID
X-FC-Vary-Parameters
X-Human
X-Goog-Meta-Goog-Reserved-File-Mtime
Fastly-SSL
Selected-Fe
X-Proxy-Build
X-Cache-Time
X-FireWall-Port
X-Backend-Name
X-Format
X-Origin-TTL
X-VCT
X-Section
X-Cluster-Name
X-Timing-Wait
X-Access
X-Hosted-By
X-Origin-CC
X-ApacheServer
X-Proto
X-PERF
X-Content-Age
X-Akamai-Request-ID2
X-Redis-Cache
S-Cnection
X-Rendered-As
X-Time-Microsecs
X-Soup
X-Varnish-Hits
X-Vgn-Hpd-Reason
X-Loop
NGX
X-ATS-Timestamp
X-TNCMS
X-Locale
X-NWS-UUID-VERIFY
X-Storage
X-Site-Version
Viewport
X-Www-Served-By
Ec-Rule-Version
X-App-Version
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Is-Bot
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
Rt-Fastcgi-Cache
Cache-Key
X-WA-Info
X-Guploader-Uploadid
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
Uber-Trace-Id
Vix-Hermes-Req-Id
Cteonnt-Length
X-PHP-Host
X-Cache-Remote
X-Hit
X-Cache-Backend
Cache-Hits
X-Generated-By
GEO-INFO
X-SS-Set-Cookie
X-Cache-Grace
X-GoCache-CacheStatus
X-Backend-TTL
X-Amzn-Remapped-Content-Length
X-NCache
X-ORACLE-APMCS-REQUEST-ID
Akamai-GRN
X-ORACLE-APMCS-TAG
X-Webkit-CSP
Time
X-Accel-Buffering
Origin
X-Device-Type
X-CS
X-Trace-Id
X-Tumblr-Pixel-3
X-Nginx-Cache-Key
X-B3-SpanId
Accept-Language
X-FB-TRIP-ID
X-OVcl
X-OVcl-Cache
X-No-Session
X-Environment-Context
X-L-Path
X-S
X-CF-Powered-By
Mime-Version
X-MServer
X-Tb
Hostname
X-Cluster-Node
X-UnsetCookies
X-Uri
Access-Control-Request-Headers
Fastcgi-X-Cache-Version
X-SaId
X-Via-CDN
X-APP-VERSION
X-Say-Cacheable
X-CSRF-TOKEN
X-Say-TTL
X-SayCDN-TTL
X-URL
Now
ServerName
User-Cache-Control
X-Aed
X-AIR-PT
X-CF-Lambda-Version
X-Accel-Expires-Debug
Content-Style-Type
X-Application
X-CF-Lambda-Fn
IsBot
Apple-News-Services-Handled
X-Presslabs-Stats
Cross-Origin-Window-Policy
Machine
X-CACHE-KEY
X-B-Cookie
X-ARC
X-A-Dcw
Node
X-Tec-Api-Version
T-Server
Rendered-Blocks
X-Tec-Api-Root
Request-Country
Rt-Proxy-Cache
X-Tec-Api-Origin
Mobile-Detection-Method
Meta-Geo-Continent
X-A-Dam
X-Connection-Hash
X-A-Dgt
X-A-Ccd
X-A
Viewtype
VivaBuild
MD5-Digest
X-A-Wwc
Content-Script-Type
X-SIPLIST1
X-SRCache-Key
X-Svr
X-Session-Fingerprint
X-Server-Time
X-S-Cookie
Apple-News-Services-Request-Url
X-ScT
Apple-News-Services-Parsed-Url
X-Transaction
X-Vtex-Remote-Cache
Apple-News-Services-Host
Xc-Version
X-Vtex-Processado-Em
X-VG-WebServer
X-Trv-Group
X-Twitter-Response-Tags
X-VG-WebCache
X-D
X-Rojux
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-Detected-As
X-Destination
X-Date
Request-EU
X-Rewrite-Enabled
X-Hl-Ver
X-Processor
X-Region-Sid
X-Request-UUID
X-PAYTM-SRV-ID
Arc-Country
BehaviorPad-Version
AsisCache
X-FW-Version
X-Endurance-Cache-Level
X-Cdn-Forward
CDCHOST
X-Cache-Debug
X-Matched-Rule
X-NX-Host
X-Hnp-Log
X-Gen-Mode
X-Debug-Log
X-Proxy-Cache-Status
X-Proxy-Upstream
X-WADP-Cache
X-Thinkindot-L3
X-S-Maxage
X-Request-URI
X-Cms-Context
X-Clara-WADP
Thinkindot-CacheControl
Server-Int
Server-Host
RNT-Time
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Cache-Info
X-Cache-Bucket
X-Block-Status
Web-Mar-Node
RNT-Machine
X-Debug-Cookies
X-Geo
Mail-Subject
Proxy-Connection
We-Hiring
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
OT-Force-Account-Verify
X-NC
X-Dispatch
X-Dispatcher-Server
X-Distil-CS
X-Developers
X-Debug-Cache-Store
X-CUA
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Distributor
X-Epic-Correlation-Id
X-Generation-Time
Wxu-Next-Region
Wxu-Next-Hostname
X-Generated-On
X-Generated-In
X-Eu-Site
X-Fastly-Cache
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Core-Mission
X-Amz-Meta-Cache-Control
X-BBXSRF
X-C
X-Backend-State
X-Azure-Ref-OriginShield
Srv
X-Auto-Login
X-Azure-Ref
X-Cache-FS-Status
X-Cache-Id
X-CGP
X-Clientip
X-Compress-Hint
X-Hash
X-Alternate-Cache-Key
X-Cache-URL
X-Cdn-Srv
X-App-Name
X-IN-APIGATEWAY
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-TrackingId
X-Up
X-Skip-Cache
X-Shopify-Stage
X-Server-IP
X-ShardId
X-ShopId
X-User
X-Variation
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Core-Value
X-Service
X-Webstats-RespID
X-WebServer
X-VG-TLSProxy
X-Parent-Response-Time
X-We-Are-Hiring
X-SD-PageType
X-Request-Start
X-Level-Front-Cache
X-Location
X-Magnolia-Registration
X-Ms-Request-Id
X-Key
X-Irp-Debug
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Internal-Host
X-Old-Content-Length
X-Origin-Date
X-Reboot
X-Release
X-Reqid
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Origin-Expires
X-Platform-Server
X-Policy
Wxu-Next-Commit
X-Ms-Version
Esi-Enabled
True-Client-Country-4JS
Platform
Ha-Gx-Prefs
Countrycode
Gh-Request-Id
Cache-Host
ServedBy
Fastly-Soc-X-Request-Id
HA-Ipaddr
Adler-Geo
Content-Disposition
W
Is-Eu
Magicmarker
Kp-EeAlive
SD-X-WS
X-B3-Parentspanid
NtCoent-Length
X-Nc
Cache-Provider
Pramga
X-Thanos
X-Urbn-Context-Path
X-Swa-Ws
X-ServiceProvider
X-MSEdge-Flight
X-Is-Gdpr
X-JWT-State
Memcached
Heartbleed
IBM-Web2-Location
X-Has-Esi
Locale
X-Li-Fabric
X-Li-Pop
X-Owner
X-Developer
X-Vdms-Version
X-MSEdge-Features
X-LI-UUID
X-Logging-Id
X-Qloud-Router
X-Urbn-Site-Id
X-Agile-Id
X-SVT-ORM-RULES
X-Agile
A
X-Geo-Header
X-Scheme
X-Method
X-GeoIP-City
X-VServer
V-Age
L
AKAMAI
Section-Io-Cache
X-Agile-Age
Served-By
X-VC-Cache
X-SVT-ORM-VERSION
X-Bip
PFcat
X-Sucuri-Id
X-LI-Proto
X-NodeID
Server-ID
X-CDN-Forward
X-Dc
X-Shopify-Generated-Cart-Token
X-Sucuri-Cache
X-Sigma-Backend
X-AK-Request-ID
X-Rocket-Build-Number
X-Sigma
Cdnsip
X-Device-Os
Cdncip
X-Sn-Servicetimems
X-Cdn-Origin
X-Node-Id
X-Unique-Id
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Servername
GEO-REGION-INFO
X-Lb-Id
CF-IPCountry
X-GRACE
X-B3-Spanid
Environment
X-Via-NSCOPI
Powered-By-ChinaCache
X-Upstream-Ht
X-Upstream-Ct
X-Source
X-Nginx-Cache
X-EC-Lua
X-RCS-CacheZone
X-Servedbyhost
X-ND-Cache
X-FPC
X-Be
X-Zone
Request-Time
X-Newrelic-Synthetics
X-Trafficlayer-App-Version
X-VHOST
Resin-Trace
X-Microcachable
Geo-Info
Tcn
X-Pjax-Url
X-Tb-Optimization-Total-Bytes-Saved
X-NGENIX-Cache
X-ElasticPress-Search
X-Req
X-Instart-Info
Locid
X-ECACHE
X-Unique-ID
X-GEO
X-Backend-Host
X-Oracle-Dms-Rid
FNAC-ModuleRouting
X-Gamma-Serve
X-Served-From
X-Backend-Url
Group
X-DC
X-IPS-LoggedIn
X-SRV
X-VWS-Id
X-AWS-Id
Backend-Name
X-VCL-Version
X-Var-Ttl
CF-Cached-On
X-LJ-Flow-ID
Memory
X-Refresh
X-Dynatrace
N-Cache
Gannett-Cam-Experience-Id
ProcessTime
X-COUNTRY
X-Pf-Uncompressing
X-Sucuri-ID
X-Correlation-ID
X-Check-Cacheable
Fly-Cache
Cf-Ipcountry
X-Ratelimit-Remaining
X-Render-Time
Pics-Label
Lfy
TTL
Cache-Prefix
Amp-Access-Control-Allow-Source-Origin
Pagetype
Fly-Request-Id
X-TIME
Ohc-File-Size
SRV
X-HTML-Minification-Powered-By
Ohc-Cache-HIT
X-Worker
X-FORWARDED-FOR
GeoIP-Latitude
X-Bc
X-NU-AKA-ACS-Version
GeoIP-Country-Code
X-Pod
PICS-Label
GeoIP-City
X-Upstream-HT
X-Upstream-CT
X-Via-SSL
X-Cache-Miss-From
X-Via-Ucdn
X-GeoIP-Country-Code
X-Via-Edge
Ttl
GeoIp-Country-Code
REQUESTUUID
X-CSRF-Token
Geoip-City
Geoip-Latitude
X-Sedo-Request-Id
Cdn
X-Mode
XServer
X-Server-W
X-Vcl-Version
M-TraceId
X-APP
X-Fetched-On
X-CLOUD-TRACE-CONTEXT
Fastly-SIE
X-Wa
X-Rebelmouse-Cache-Control
X-Fstrz
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-LiteSpeed-Cache-Control
MIME-Version
X-MP-GENERATED-AT
X-ZONE
Cache-Cookie-Set-Idcheck
X-Fastly-Country-Code
Cache-Cookie-Set-From
HitType
Cache-Cookie-Set-Lfrom
X-PF-Uncompressing
X-Ua
X-Ratelimit-Limit
HostName
X-HS-Status
Host-ID
X-Dynatrace-Js-Agent
X-Tt-Trace-Tag
Pragrma
X-GDPR
User-Agent
On-Server
X-BC
X-Swift-Error
X-Zipkin-Id
X-Proxied
X-HostName
X-Routing-Service
X-Cache-Tag
X-Ftr-Request-Id
X-WR-MODIFICATION
URI
X-Cdn-Request-ID
X-Aicache-OS
X-Edge-Server
X-ServedByHost
Cdn-Request-Time
X-NGINX-Cache
Cdn-Host
X-PJAX-URL
X-SN
X-TT-LOGID
X-BE
X-Upstream-Proxy
X-WA
Who
X-Ratelimit-Reset
PageSpeed
X-Ftr-Cache-Host
CACHE
X-RateLimit-Reset
X-Fpc
X-DI
X-Cf-Powered-By
X-Edge-O15-RID
X-Org
X-DB
X-Cache-Ttl
X-Response-By
X-TH-Server
X-Hello
Powered-By
X-RPM
X-DW
X-RPS
CDN
X-Action
X-RSL
X-ABtesting
X-DSS
SS
X-Flog
X-UPSTREAM-Address
X-Fastly-Backend-Reqs
Dynatrace
SN
X-Varnish-Cacheable
Media-Length
X-Varnish-URL
X-LAGOON
X-Ftr-Backend
DataCenter
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Ftr-Dc
X-Ftr-Realm
X-Request-Time
Requestid
Is-Session-Tracking
Debug
Server-Id
LB
X-ServerName
Get-Access-Time
X-LB-ID
X-Protected-By
Cneonction
RequestUuid
X-Gen-Id
Country-Code
X-Varnish-Beresp-TTL
X-Nananana
X-Page-Type
Lb
NnCoection
X-Request-Url
XxX-Cache-Status
X-Akamai-ERPolicy
X-LiteSpeed-Tag
X-Akamai-ERRuleID
X-Amzn-Remapped-Connection
Warning
Xet-Cookie
RequestId
Correlation-Id
X-Amzn-Remapped-Date
X-SB
X-Fastly-Cache-Hits
Application
Product
SID
X-Li-Proto
X-Dw-Trace-Id
Thinkindot-Cache-Type
X-VC