Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Request-ID
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Ua-Compatible
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
EagleId
X-AH-Environment
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-WebKit-CSP
X-Dns-Prefetch-Control
Report-To
X-Ac
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Response-Time
X-Server-Id
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Cloud-Trace-Context
X-Origin-Cache
X-Readtime
X-Cdn
X-Cache-Lookup
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
Surrogate-Control
X-Country
X-Ws-Request-Id
Rating
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Pinterest-Generated-By
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-Akam-SW-Version
X-Varnish-TTL
X-MS-InvokeApp
X-TtlSet
X-PC
X-Vname
X-Instart-Request-ID
Accept-Ch
X-Ruxit-JS-Agent
X-Url
Edge-Control
Verso
X-Powered-By-Plesk
X-Mod-Pagespeed
SPRequestGuid
X-B3-TraceId
X-D2id
X-Sol
Response
X-Middleton-Response
Display
X-Middleton-Display
X-Trace
X-SharePointHealthScore
X-VARITI-CCR
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
Pagespeed
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
RTSS
X-Use-Magma
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Server-ID
X-Server-Name
X-ESI
X-GitHub-Request-Id
SPRequestDuration
SPIisLatency
X-Navigation-Version
X-Powered-CMS
X-Debug
Content-MD5
X-Abt-Application-Version
X-Vcache
X-Vcap-Request-Id
X-CST
X-Amz-Server-Side-Encryption
Public-Key-Pins
MS-Author-Via
X-Upstream
Charset
X-Px
X-Version
X-Amz-Rid
X-NF-Request-ID
X-Forwarded-Proto
X-TTL
DynaTrace
X-Cached
X-Aspnetmvc-Version
Realpath
X-Shard
Fastly-Restarts
TCN
X-Recruiting
MicrosoftSharePointTeamServices
Edge-Cache-Tag
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Ezoic-Cdn
Arr-Disable-Session-Affinity
X-MSEdge-Ref
X-Pinterest-Rid
Pinterest-Version
X-Shield-Request-Id
Access-Control-Request-Method
X-DynaTrace-JS-Agent
X-XRDS-Location
Nginx-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
X-Ser
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Fastly-Request-ID
Front-End-Https
X-Accel-Expires
X-Ah-Environment
X-DIS-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-Ttl
X-Client-IP
X-Id
X-Element-Page-Cache
X-Varnish-Age
X-T
X-FTR-Balancer
Mrf-Cache-Status
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-Mrf-Item-Lastmod
X-FTR-Backend-Server
X-FTR-Backend
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Country-Code-Real
X-FTR-Expires
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-RateLimit-Remaining
Fastcgi-Cache
NR-ENABLED
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
X-Content-Digest
Powered
Cache-Tag
X-Hits
X-Correlation-Id
X-Kinsta-Cache
X-Grace
X-Fastcgi-Cache
X-Litespeed-Cache
ServerID
X-HS-Cache-Config
X-FTR-Cache-Host
X-Forwarded-For
AR-CACHE
AR-ATIME
AR-PoweredBy
TP-L2-Cache
X-Webkit-Csp
TP-Cache
X-Cache-Hit
Alternate-Protocol
X-Node-Name
Ar-Sid
PB-RID
X-Request-Processing-Time
PB-PID
X-Hp-Webp
X-Request-Received
Arc-Version
X-Mobile-Rewrite
X-Webapp-Samesite-None-Activated-N
X-N
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
X-Zen-Fury
X-Content-Type
Server-Name
X-Rid
X-User-Agent
X-FastCGI-Cache
X-Srv
Backend-Timing
Healthy
X-Analytics
Server-Node
X-Revision
X-LB-Cache
X-Content-Security-Policy-Report-Only
Cache-Status
X-Az
X-AppVersion
X-Akamai-Edgescape
X-Activity-Id
X-Logged-In
Retry-After
X-Via-JSL
X-SERVER
X-HS-Combine-CSS
X-IPLB-Instance
X-GUploader-UploadID
Paypal-Debug-Id
X-Oneagent-Js-Injection
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cached-By
X-Type
X-NWS-LOG-UUID
AR-Request-ID
X-Pad
X-Varnish-Grace
X-Ruxit-Js-Agent
X-Cache-Age
FilterID
X-B3-Sampled
X-Mobile-URL
X-F-Cache
X-Content-Options
Refresh
X-Geo-Country
X-Instance
X-Debug-Info
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-FB-Debug
Accept-Charset
Host
X-Cluster
X-Jobs
Source
Access-Control-Allow-Method
X-Page-Id
X-AOL-HN
X-Request-Guid
X-App-Environment
X-Seen-By
Actual-Object-TTL
X-Framework
X-B
DC
X-Erf-Bev-Bev
Upgrade-Insecure-Requests
X-Erf-Bev-Bev-Is-Generated
X-PHP-Backend
X-Varnish-Backend
X-WebKit-CSP-Report-Only
X-Whom
X-Cache-Key
MS-CV
Fastcgi-Useragent
X-ATG-Version
X-Content-Powered-By
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Git-Hash
X-PressLabs-Stats
X-TT
X-Cache-2
X-Host-Name
X-Cache-Control
X-Esi
X-TA-CDN-Provider
X-Cache-TTL
Surrogate-Key
Accept-CH-Lifetime
X-Time
Cache
X-Amz-Replication-Status
X-Cache-Operation
X-Cache-Rule
X-Wix-Request-Id
Accept-CH
Frame-Options
X-FW-Type
X-FW-Serve
X-FW-Server
X-Forwarded-Host
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-FW-Hash
X-FW-Static
X-Response-Served-From
NGB
X-Signature
X-B-Cache
X-Daa-Tunnel
Host-Header
X-Origin-Server
X-Mobile
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Cache-Tv-Group
X-TX-ID
X-RequestSource
X-GeoIP
X-Region
Webserver
Filters
Eomportal-Instance
X-Cache-Action
WPE-Backend
Payment
X-Hyper-Cache
X-Cache-NE
X-Drupal-Cache-Tags
X-UA-Device-Type
X-Adobe-Loc
X-Adobe-Content
X-Handled-By
From-Origin
X-UA
X-Cacheable-TTL
Xserver
X-Cache-Enabled
Cleartype
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
X-App-Server
Tracecode
X-RTag
Ms-Operation-Id
Datacenter
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-Hostname
X-Status
X-Contextid
X-Load-Cache
X-RateLimit-Limit
Liferay-Portal
X-NewRelic-App-Data
X-Cache-Server
X-VCache
X-Yottaa-Metrics
X-B3-Traceid
X-Yottaa-Optimizations
X-Edge-Location
X-BCube-Filmed-By
X-TT-TIMESTAMP
X-Varnish-Hostname
Odigeo-Trace-Id
X-FW-Dynamic
X-Varnish-Server
Server-Info
X-Rule
Meta-Geo
X-Cache-Var-Map
Load-Balancing
X-RN-RSRV
X-Path-Route
X-ES-SERVER
X-Cache-Var
X-Xfnlog-Site
X-IP
Version
X-Viewer-Country
X-Rocket-Nginx-Bypass
Cache-Tags
X-CCM
X-Cache-Config
X-Debug-Cache
X-UUID
Country
DB-Nickname
X-PCL
X-OCL
Webcakes-Region
X-Real-IP
X-R9-Blue-Green-Version
X-Origin-Hint
X-Info
X-Drupal-Cache-Contexts
X-ServerID
S-Rt
Mn-Server-Ip
Cache-Name
Azure-SlotName
Property-Id
X-Origin
X-Cache-Host
X-Loop
Azure-InstanceId
X-Akamai-Request-ID
X-Pubstack
Azure-SiteName
Azure-RegionName
Azure-Version
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-Web-Node
TWC-Device-Class
Fastly-SSL
X-From
X-Via-Fastly
X-Proxy
X-Hosted-By
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
X-TNCMS
X-Upgrade-Enabled
X-Varnish-Cache-Hits
X-Origin-Response-Time
X-Labrador-Cache-Channel
X-Proto
L5d-Success-Class
X-Origin-TTL
X-Origin-CC
S-Cnection
X-Access
X-ApacheServer
Release
X-Akamai-Request-ID2
Origin-Edge-Control
Decoy-Debug-TTL
Decoy-Debug-Status
DSUID
Ec-Rule-Version
Origin-Cache-Control
X-Cluster-Name
X-Content-Age
X-XRDS-LOCATION
X-PERF
X-Rendered-As
X-Section
X-VCT
X-Cache-Time
X-JoinUs
X-Format
X-FireWall-Port
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Human
Decoy-Debug-Key
X-Backend-Name
X-Redis-Cache
X-Soup
X-Vgn-Hpd-Reason
X-Time-Microsecs
X-Varnish-Hits
NGX
X-Site-Version
X-Proxy-Build
Rt-Fastcgi-Cache
X-Storage
X-Timing-Wait
Selected-Fe
X-Locale
X-Www-Served-By
X-NWS-UUID-VERIFY
Viewport
X-ATS-Timestamp
GEO-INFO
X-Is-Bot
X-URL
Cache-Key
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-App-Version
Uber-Trace-Id
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-WA-Info
Cteonnt-Length
Vix-Hermes-Req-Id
X-Cache-Grace
X-GoCache-CacheStatus
X-Webkit-CSP
X-PHP-Host
X-Hit
Cache-Hits
X-Cache-Remote
X-NCache
X-Backend-TTL
X-Generated-By
X-Cache-Backend
Time
X-SS-Set-Cookie
X-Guploader-Uploadid
X-Amzn-Remapped-Content-Length
Akamai-GRN
Origin
X-ORACLE-APMCS-TAG
X-Trace-Id
X-ORACLE-APMCS-REQUEST-ID
X-Device-Type
X-CS
Accept-Language
X-Tumblr-Pixel-3
X-Accel-Buffering
X-CF-Powered-By
X-Presslabs-Stats
X-Nginx-Cache-Key
X-OVcl-Cache
X-OVcl
X-FB-TRIP-ID
X-S
X-B3-SpanId
Hostname
X-No-Session
X-L-Path
X-Environment-Context
X-UnsetCookies
Mime-Version
X-Via-CDN
X-APP-VERSION
X-Cluster-Node
Fastcgi-X-Cache-Version
X-Uri
X-Tb
X-MServer
Access-Control-Request-Headers
X-Tec-Api-Root
X-Tec-Api-Origin
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Tec-Api-Version
X-SaId
X-CACHE-KEY
Now
X-CSRF-TOKEN
User-Cache-Control
ServerName
X-FW-Version
Meta-Geo-Continent
MD5-Digest
Mobile-Detection-Method
Apple-News-Services-Request-Url
Content-Script-Type
Arc-Country
BehaviorPad-Version
AsisCache
Content-Style-Type
Apple-News-Services-Parsed-Url
IsBot
Apple-News-Services-Handled
Apple-News-Services-Host
Cross-Origin-Window-Policy
Machine
X-B-Cookie
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S-Cookie
X-ScT
X-Region-Sid
X-Processor
X-External-Request-Id
X-G
X-Hl-Ver
X-PAYTM-SRV-ID
X-Server-Time
X-Session-Fingerprint
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-SIPLIST1
X-SRCache-Key
X-Svr
X-Transaction
X-DPWN-IS-SECURE
X-Detected-As
X-A
VivaBuild
X-A-Ccd
X-A-Dam
X-A-Dgt
Viewtype
T-Server
Rendered-Blocks
Request-Country
Request-EU
Rt-Proxy-Cache
X-A-Wwc
X-Accel-Expires-Debug
X-Connection-Hash
X-D
X-Date
X-Destination
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Aed
X-AIR-PT
X-Application
X-ARC
Node
X-A-Dcw
X-NC
X-Endurance-Cache-Level
Proxy-Connection
OT-Force-Account-Verify
X-Reboot
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Clara-WADP
RNT-Time
X-Geo
Mail-Subject
X-S-Maxage
X-Request-URI
X-Cms-Context
CDCHOST
X-Debug-Log
X-Hnp-Log
X-Gen-Mode
We-Hiring
X-Debug-Cookies
X-NX-Host
X-Matched-Rule
X-Location
X-Cache-Info
RNT-Machine
X-WADP-Cache
Thinkindot-CacheControl-Type
X-Thinkindot-L3
Thinkindot-Control
Thinkindot-CacheControl
X-Cache-Bucket
Web-Mar-Node
Server-Host
X-Cache-Debug
Server-Int
X-Block-Status
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Cdn-Forward
X-Alternate-Cache-Key
X-Epic-Correlation-Id
X-Auto-Login
X-Eu-Site
X-Fastly-Cache
X-Azure-Ref
X-Developer
X-App-Name
X-Distributor
X-Distil-CS
X-Dispatcher-Server
X-Dispatch
X-Developers
X-Debug-Cache-Store
X-Backend-State
X-Generated-In
X-Amz-Meta-Cache-Control
X-CGP
X-Cdn-Srv
X-Cache-URL
X-Cache-Id
X-C
X-Compress-Hint
X-BBXSRF
X-Debug-Cache-Expiry
X-Azure-Ref-OriginShield
X-Parent-Response-Time
X-CUA
X-Core-Mission
X-Cache-FS-Status
X-Debug-Cache-Fetch
X-Is-Gdpr
X-Skip-Cache
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-TrackingId
X-ShopId
X-ShardId
X-Reqid
X-Request-Start
X-SD-PageType
X-Server-IP
X-Up
X-User
X-Wikidot-Static-Cache
X-Wikidot-Backend
NtCoent-Length
X-Core-Value
X-Service
X-Webstats-RespID
X-WebServer
X-Variation
X-VG-TLSProxy
X-VServer
X-We-Are-Hiring
X-Release
X-RateLimit-Remaining-Second
X-Irp-Debug
X-Internal-Host
X-7Graus-Varnish-XKeys
X-JWT-State
X-Level-Front-Cache
X-Instart-Isnd
X-IN-APIGATEWAYSSL
X-Generation-Time
X-Has-Esi
X-Hash
X-IN-APIGATEWAY
X-Li-Fabric
X-Li-Pop
X-Origin-Expires
X-Platform-Server
X-Policy
X-RateLimit-Limit-Second
X-Origin-Date
X-Old-Content-Length
X-LI-UUID
X-Magnolia-Registration
X-Ms-Request-Id
X-Ms-Version
X-Generated-On
X-Key
Memcached
Magicmarker
Kp-EeAlive
Is-Eu
Platform
SD-X-WS
ServedBy
Served-By
Section-Io-Cache
HA-Ipaddr
Ha-Gx-Prefs
Adler-Geo
A
X-7Graus-Varnish-Cache-Control
Cache-Host
Content-Disposition
Gh-Request-Id
Fastly-Soc-X-Request-Id
Esi-Enabled
True-Client-Country-4JS
IBM-Web2-Location
Wxu-Next-Hostname
Wxu-Next-Commit
W
Wxu-Next-Region
X-Nc
Cache-Provider
Srv
X-B3-Parentspanid
X-Dc
Pramga
X-Method
X-GeoIP-City
X-Qloud-Router
X-Logging-Id
X-VC-Cache
Locale
X-MSEdge-Features
X-MSEdge-Flight
X-SVT-ORM-VERSION
X-Owner
X-Geo-Header
Countrycode
X-SVT-ORM-RULES
X-Scheme
X-Agile-Id
X-Bip
X-Agile
X-Thanos
X-ServiceProvider
X-CDN-Forward
V-Age
X-LI-Proto
X-Swa-Ws
X-Clientip
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Vdms-Version
X-Agile-Age
Heartbleed
PFcat
L
AKAMAI
X-Node-Id
X-Unique-Id
X-Sn-Servicetimems
X-Device-Os
X-NodeID
X-Cdn-Origin
Server-ID
X-Sucuri-Id
X-Shopify-Generated-Cart-Token
X-Lb-Id
X-Rocket-Build-Number
X-Sigma-Backend
X-Servername
X-Sigma
Cdnsip
X-AK-Request-ID
X-Sucuri-Cache
Cdncip
X-GRACE
X-B3-Spanid
CF-IPCountry
X-EC-Lua
GEO-REGION-INFO
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Environment
Powered-By-ChinaCache
X-Upstream-Ct
X-Upstream-Ht
X-Via-NSCOPI
X-FPC
X-Be
Request-Time
X-Servedbyhost
X-RCS-CacheZone
X-ND-Cache
X-VHOST
X-Newrelic-Synthetics
X-Source
Resin-Trace
X-Trafficlayer-App-Version
Tcn
X-Microcachable
X-Zone
X-Nginx-Cache
X-ElasticPress-Search
X-Instart-Info
X-Pjax-Url
X-ECACHE
X-Tb-Optimization-Total-Bytes-Saved
X-NGENIX-Cache
Locid
X-GEO
Group
X-Req
X-Backend-Host
X-Backend-Url
X-Oracle-Dms-Rid
X-Served-From
X-Var-Ttl
CF-Cached-On
X-Gamma-Serve
Memory
FNAC-ModuleRouting
X-VCL-Version
Backend-Name
X-IPS-LoggedIn
X-Dynatrace
X-Unique-ID
Geo-Info
X-AWS-Id
Gannett-Cam-Experience-Id
X-COUNTRY
X-VWS-Id
X-Pf-Uncompressing
X-DC
N-Cache
X-Refresh
X-LJ-Flow-ID
X-Sucuri-ID
X-Correlation-ID
Cache-Prefix
Fly-Cache
XServer
Lfy
Amp-Access-Control-Allow-Source-Origin
Pagetype
X-Ratelimit-Remaining
Fly-Request-Id
X-Check-Cacheable
X-TIME
Ohc-Cache-HIT
Ohc-File-Size
SRV
Geoip-Latitude
GeoIp-Country-Code
X-Pod
X-SRV
PICS-Label
TTL
Cf-Ipcountry
X-Render-Time
Pics-Label
X-Worker
Geoip-City
X-HTML-Minification-Powered-By
X-Upstream-CT
X-Upstream-HT
X-Via-Ucdn
GeoIP-Latitude
X-Via-Edge
REQUESTUUID
X-Cache-Miss-From
X-Via-SSL
X-NU-AKA-ACS-Version
Ttl
ProcessTime
GeoIP-Country-Code
X-Sedo-Request-Id
GeoIP-City
X-CSRF-Token
Cdn
X-Bc
X-GeoIP-Country-Code
M-TraceId
X-Server-W
X-Fetched-On
X-CLOUD-TRACE-CONTEXT
X-Wa
X-Mode
X-Rebelmouse-Surrogate-Control
X-APP
X-Rebelmouse-Cache-Control
X-LiteSpeed-Cache-Control
Fastly-SWR
Fastly-SIE
X-Fstrz
X-Vcl-Version
MIME-Version
X-FORWARDED-FOR
X-ZONE
X-PF-Uncompressing
X-Ratelimit-Limit
X-Ua
X-HS-Status
X-MP-GENERATED-AT
Cache-Cookie-Set-Lfrom
HitType
X-Fastly-Country-Code
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-NGINX-Cache
X-Dynatrace-Js-Agent
User-Agent
HostName
X-GDPR
X-Tt-Trace-Tag
Pragrma
Host-ID
On-Server
X-HostName
X-Swift-Error
X-BC
X-Edge-Server
X-Aicache-OS
Cdn-Request-Time
X-Cache-Tag
X-PJAX-URL
URI
Cdn-Host
X-ServedByHost
X-WR-MODIFICATION
X-Cdn-Request-ID
Who
X-Ratelimit-Reset
X-WA
X-Upstream-Proxy
PageSpeed
X-TT-LOGID
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-SN
X-RateLimit-Reset
CACHE
X-DB
X-DI
X-Cache-Ttl
X-Flog
X-Hello
X-ABtesting
X-BE
X-RSL
X-Action
SS
X-RPS
X-RPM
X-DSS
X-Response-By
X-TH-Server
X-Cf-Powered-By
X-Org
X-DW
CDN
X-Edge-O15-RID
X-UPSTREAM-Address
X-Fastly-Backend-Reqs
Dynatrace
X-Varnish-URL
X-Varnish-Cacheable
X-Fpc
SN
X-LAGOON
Powered-By
DataCenter
Media-Length
Requestid
Is-Session-Tracking
Server-Id
X-ServerName
Debug
Get-Access-Time
LB
X-Ftr-Cache-Host
Lb
X-Newrelic-App-Data
RequestUuid
X-Gen-Id
X-Nananana
X-Varnish-Beresp-TTL
Country-Code
X-Protected-By
X-Request-Time
X-Page-Type
AR-SID
X-LB-ID
Processtime
X-Request-Url
XxX-Cache-Status
NnCoection
X-Dw-Trace-Id
X-Akamai-ERRuleID
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Akamai-ERPolicy
X-LiteSpeed-Tag
X-VC
Warning
RequestId
Thinkindot-Cache-Type
Xet-Cookie
X-Fastly-Cache-Hits
Application
SID
Correlation-Id
X-Li-Proto
X-SB
Product