Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-Request-ID
X-Template
X-DNS-Prefetch-Control
X-Language
X-Iinfo
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
X-AspNetMvc-Version
Upgrade
Access-Control-Expose-Headers
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-CDN
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Backend
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-AH-Environment
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
X-Server
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Dns-Prefetch-Control
X-Rq
X-Cdn
X-WebKit-CSP
X-Ac
Report-To
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Response-Time
X-Cnection
Request-Id
X-Host
X-Backend-Server
X-Server-Id
X-DataDome
Content-Location
X-Cloud-Trace-Context
X-Node
X-Origin-Cache
X-Readtime
X-Cache-Lookup
X-Vhost
NEL
X-Application-Context
X-Dispatcher
P3p
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
X-EdgeConnect-Origin-MEX-Latency
X-Aspnetmvc-Version
X-Country
Surrogate-Control
Rating
X-DynaTrace
X-FTR-Request-ID
Pinterest-Generated-By
X-Country-Code
X-Goog-Hash
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Accept-Ch
X-Akam-SW-Version
X-Ws-Request-Id
X-MS-InvokeApp
X-Varnish-TTL
X-Vname
X-TtlSet
X-PC
X-Url
X-Instart-Request-ID
X-B3-TraceId
X-Ruxit-JS-Agent
Edge-Control
X-Powered-By-Plesk
Verso
SPRequestGuid
X-Mod-Pagespeed
X-Server-ID
Accept-Ch-Lifetime
X-Middleton-Response
Response
X-Sol
Display
X-Middleton-Display
X-D2id
X-Ah-Environment
X-SharePointHealthScore
X-Trace
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
X-VARITI-CCR
X-Kinja-Server
X-Use-Magma
X-Exp-Id
RTSS
X-Server-Name
Service-Worker-Allowed
X-GitHub-Request-Id
SPRequestDuration
SPIisLatency
X-Navigation-Version
X-CST
X-ESI
X-Powered-CMS
Pagespeed
X-Debug
X-Abt-Application-Version
X-Vcap-Request-Id
Public-Key-Pins
Content-MD5
X-Amz-Server-Side-Encryption
X-Px
MS-Author-Via
X-Version
X-Upstream
Charset
X-TTL
X-Amz-Rid
X-Vcache
X-NF-Request-ID
X-Forwarded-Proto
Realpath
DynaTrace
X-Cached
X-Shard
X-Recruiting
Fastly-Restarts
TCN
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
X-SERVER
Arr-Disable-Session-Affinity
X-Pinterest-Rid
X-MSEdge-Ref
Pinterest-Version
X-Shield-Request-Id
Access-Control-Request-Method
Edge-Cache-Tag
X-DynaTrace-JS-Agent
X-XRDS-Location
Nginx-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
S
X-Ser
Front-End-Https
X-Fastly-Request-ID
X-Accel-Expires
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Goog-Storage-Class
X-Id
X-Element-Page-Cache
X-Varnish-Age
X-Client-IP
X-T
X-FTR-DC
X-Ttl
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
X-FTR-Expires
X-RateLimit-Remaining
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
NR-ENABLED
X-HS-Hub-Id
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-HS-Content-Id
X-Frontend
X-Content-Digest
X-Hits
Powered
AR-CACHE
X-Fastcgi-Cache
Ar-Sid
AR-ATIME
AR-PoweredBy
X-Forwarded-For
ServerID
X-Kinsta-Cache
Cache-Tag
X-Correlation-Id
X-FTR-Cache-Host
X-Grace
X-Litespeed-Cache
X-HS-Cache-Config
TP-Cache
TP-L2-Cache
X-Cache-Hit
X-N
X-Node-Name
AMP-Access-Control-Allow-Source-Origin
PB-PID
PB-RID
X-Content-Type
X-Mobile-Rewrite
Arc-Version
X-Srv
X-Request-Processing-Time
X-Request-Received
Alternate-Protocol
X-Microsite
X-Request-Handler-Origin-Region
X-Webkit-Csp
X-Zen-Fury
X-Hp-Webp
X-User-Agent
Server-Name
X-Rid
X-FastCGI-Cache
Server-Node
X-Via-JSL
X-Analytics
Healthy
Backend-Timing
X-Revision
X-LB-Cache
AR-Request-ID
X-AppVersion
X-Az
X-Activity-Id
Paypal-Debug-Id
Cache-Status
Retry-After
X-Logged-In
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-Ruxit-Js-Agent
X-Webapp-Samesite-None-Activated-N
X-IPLB-Instance
X-Type
X-NWS-LOG-UUID
X-Cached-By
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Oneagent-Js-Injection
X-GUploader-UploadID
X-HS-Combine-CSS
X-Cache-Age
X-Varnish-Grace
FilterID
X-Pad
X-B3-Sampled
X-Mobile-URL
X-F-Cache
X-Content-Options
Refresh
Accept-Charset
X-Tumblr-User
X-Debug-Info
X-FB-Debug
X-Tumblr-Pixel-0
X-Geo-Country
X-Tumblr-Pixel
X-Instance
Source
Access-Control-Allow-Method
X-App-Environment
X-Jobs
X-Seen-By
X-AOL-HN
X-Cluster
X-Request-Guid
X-Page-Id
Host
Actual-Object-TTL
X-Framework
X-B
DC
X-PHP-Backend
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-PressLabs-Stats
X-Whom
Upgrade-Insecure-Requests
MS-CV
X-Esi
X-Time
X-WebKit-CSP-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Powered-By
Fastcgi-Useragent
X-Varnish-Backend
X-ATG-Version
X-Cache-2
X-Host-Name
X-Cache-Key
X-Git-Hash
X-TT
X-Cache-Control
X-Cache-TTL
X-VCache
X-Cache-Operation
Surrogate-Key
X-Cache-Rule
X-Forwarded-Host
X-TA-CDN-Provider
X-Amz-Replication-Status
Frame-Options
Cache
X-FW-Server
X-FW-Hash
X-FW-Type
X-FW-Serve
X-FW-Static
X-Kong-Upstream-Latency
X-Daa-Tunnel
X-Kong-Proxy-Latency
X-Wix-Request-Id
X-Response-Served-From
NGB
Xserver
X-Signature
X-B-Cache
X-Mobile
Tracecode
X-Origin-Server
X-Tumblr-Pixel-2
Cache-Tv-Group
Host-Header
X-Tumblr-Pixel-1
X-Cache-Action
Webserver
Eomportal-Instance
X-Drupal-Cache-Tags
X-Hyper-Cache
X-Cache-NE
X-GeoIP
X-Region
Payment
X-RequestSource
WPE-Backend
Filters
X-UA-Device-Type
X-TX-ID
X-Cacheable-TTL
X-Handled-By
From-Origin
X-Adobe-Content
X-App-Server
X-Adobe-Loc
Cleartype
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
Ms-Operation-Id
X-Cache-Enabled
X-RateLimit-Limit
X-RTag
X-Webkit-CSP
Datacenter
X-Cache-TTL-Remaining
X-UA
X-Status
Accept-CH-Lifetime
X-Akamai-Transformed
X-Contextid
X-Hostname
X-NewRelic-App-Data
Accept-CH
Liferay-Portal
X-Cache-Server
X-BCube-Filmed-By
X-Load-Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-TT-TIMESTAMP
X-Edge-Location
X-FW-Dynamic
Odigeo-Trace-Id
X-Varnish-Hostname
Version
X-IP
Server-Info
X-App-Version
Meta-Geo
X-Varnish-Server
X-Path-Route
X-RN-RSRV
X-ES-SERVER
X-Cache-Var-Map
Load-Balancing
X-Cache-Var
X-Rule
X-Viewer-Country
X-Xfnlog-Site
DB-Nickname
X-CCM
Country
X-UUID
X-Debug-Cache
X-Cache-Config
X-PCL
Cache-Tags
X-OCL
Cache-Name
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-RegionName
Webcakes-App-Name
X-From
X-Via-Fastly
X-Varnish-Cache-Hits
X-Web-Node
X-Hosted-By
X-Labrador-Cache-Channel
X-Info
X-Rocket-Nginx-Bypass
X-Upgrade-Enabled
X-TNCMS
X-Real-IP
X-EIG-Tracking-Id
X-R9-Blue-Green-Version
X-ServerID
X-Proxy
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-Proto
X-Origin-Response-Time
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
S-Rt
X-Pubstack
Mn-Server-Ip
Property-Id
TWC-Locale-Group
TWC-Privacy
X-Origin
X-Cache-Host
X-Origin-Hint
X-Akamai-Request-ID
Webcakes-Region
X-Loop
Webcakes-App-Version
Fastly-SSL
L5d-Success-Class
X-Content-Age
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Format
X-FireWall-Port
Ec-Rule-Version
DSUID
X-JoinUs
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Cluster-Name
X-Cache-Time
X-ApacheServer
Selected-Fe
X-Akamai-Request-ID2
X-Access
S-Cnection
Release
Origin-Cache-Control
Origin-Edge-Control
X-Backend-Name
X-PERF
X-Human
X-Rendered-As
X-Section
X-Time-Microsecs
X-VCT
X-Proxy-Build
X-Timing-Wait
X-Soup
X-Redis-Cache
X-Varnish-Hits
X-Vgn-Hpd-Reason
X-Origin-CC
X-WA-Info
Rt-Fastcgi-Cache
X-Origin-TTL
GEO-INFO
X-Storage
Viewport
X-XRDS-LOCATION
X-Locale
X-Site-Version
X-Www-Served-By
X-NWS-UUID-VERIFY
NGX
X-Cache-Grace
Cache-Key
Vix-Hermes-Req-Id
X-Is-Bot
X-Cache-Remote
X-Guploader-Uploadid
X-ProxyCache-Status
X-Hit
Uber-Trace-Id
X-BYPASS-REASON
X-ProxyCache-Key
X-GoCache-CacheStatus
Cache-Hits
Cteonnt-Length
X-B3-SpanId
X-Backend-TTL
X-NCache
Time
Origin
X-SS-Set-Cookie
X-ATS-Timestamp
X-PHP-Host
X-Device-Type
X-Generated-By
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-CS
X-Oss-Storage-Class
X-Trace-Id
X-Oss-Request-Id
X-Oss-Server-Time
X-Cache-Backend
X-Amzn-Remapped-Content-Length
X-Tumblr-Pixel-3
Mime-Version
Hostname
Accept-Language
X-CF-Powered-By
Akamai-GRN
X-OVcl
X-UnsetCookies
X-OVcl-Cache
X-S
X-Nginx-Cache-Key
X-Accel-Buffering
X-CACHE-KEY
X-Cluster-Node
X-Via-CDN
X-FB-TRIP-ID
Fastcgi-X-Cache-Version
X-No-Session
X-ORACLE-APMCS-TAG
X-Cdn-Forward
X-Environment-Context
X-ORACLE-APMCS-REQUEST-ID
X-L-Path
X-Uri
Now
X-Tb
X-CSRF-TOKEN
X-MServer
X-FW-Version
X-B3-Traceid
X-URL
Access-Control-Request-Headers
User-Cache-Control
ServerName
X-SayCDN-TTL
X-Say-Cacheable
OT-Force-Account-Verify
X-Say-TTL
X-Date
X-Connection-Hash
X-CF-Lambda-Version
X-D
Machine
Meta-Geo-Continent
X-Processor
X-PAYTM-SRV-ID
MD5-Digest
IsBot
Cross-Origin-Window-Policy
X-CF-Lambda-Fn
Arc-Country
X-Transaction
Mobile-Detection-Method
X-Twitter-Response-Tags
X-Trv-Group
Apple-News-Services-Host
X-G
X-External-Request-Id
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Detected-As
Content-Script-Type
Content-Style-Type
X-DPWN-IS-SECURE
BehaviorPad-Version
AsisCache
Xc-Version
X-Destination
Request-Country
X-S-Cookie
X-Rojux
X-A-Wwc
X-VG-WebServer
X-ScT
X-Rewrite-Enabled
X-Request-UUID
X-Svr
X-Tec-Api-Origin
X-Tec-Api-Version
X-Accel-Expires-Debug
T-Server
X-VG-WebCache
X-A-Dgt
X-Session-Fingerprint
X-A-Ccd
X-SIPLIST1
X-SRCache-Key
X-A
X-Server-Time
VivaBuild
X-Presslabs-Stats
X-A-Dcw
X-A-Dam
Viewtype
X-Vtex-Processado-Em
X-Tec-Api-Root
X-Hl-Ver
X-Vtex-Remote-Cache
Rendered-Blocks
X-AIR-PT
Rt-Proxy-Cache
X-ARC
Request-EU
X-Application
X-B-Cookie
X-Aed
X-Region-Sid
Node
X-Endurance-Cache-Level
X-NC
X-Gen-Mode
Web-Mar-Node
X-Cache-Debug
X-Cache-Bucket
X-Block-Status
X-Cache-Info
X-Cms-Context
X-Debug-Log
Thinkindot-CacheControl
Server-Host
Server-Int
X-Developer
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Clara-WADP
RNT-Machine
CDCHOST
RNT-Time
X-Debug-Cookies
A
Mail-Subject
ServedBy
X-Proxy-Upstream
X-Reboot
X-Location
X-Proxy-Cache-Status
X-Thinkindot-L3
X-Matched-Rule
X-NX-Host
X-Parent-Response-Time
We-Hiring
X-WADP-Cache
X-Request-URI
X-Hnp-Log
X-S-Maxage
NtCoent-Length
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-ShardId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-ShopId
X-Varnish-Beresp-Status
Proxy-Connection
X-Sucuri-Id
X-SaId
X-WebServer
X-Auto-Login
X-Fastly-Cache
X-We-Are-Hiring
X-App-Name
X-Internal-Host
X-Sn-Servicetimems
X-Azure-Ref
X-RateLimit-Remaining-Second
X-BBXSRF
X-Webstats-RespID
X-C
X-Backend-State
X-Azure-Ref-OriginShield
X-Amz-Meta-Cache-Control
X-RateLimit-Limit-Second
X-Irp-Debug
X-Instart-Isnd
X-VG-TLSProxy
X-Server-IP
X-Has-Esi
X-Variation
X-Service
X-7Graus-Varnish-Cache-Control
X-Skip-Cache
X-User
X-SD-PageType
X-Generation-Time
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Generated-In
X-VServer
X-Release
X-Generated-On
X-Request-Start
X-Reqid
X-Is-Gdpr
X-JWT-State
X-Ms-Request-Id
X-Epic-Correlation-Id
X-Magnolia-Registration
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Wikidot-Static-Cache
X-Ms-Version
X-Debug-Cache-Expiry
X-Up
X-Wikidot-Backend
X-Level-Front-Cache
X-Dispatcher-Server
X-Distil-CS
X-Dispatch
X-Developers
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-CUA
X-Core-Mission
X-Cache-Id
X-Key
X-Cache-URL
Wxu-Next-Region
X-Cache-FS-Status
X-Distributor
X-Platform-Server
X-Origin-Expires
X-Cdn-Origin
X-Origin-Date
X-Old-Content-Length
X-Compress-Hint
X-TrackingId
X-Clientip
X-Eu-Site
X-Cdn-Srv
X-Hash
X-CGP
X-Policy
X-7Graus-Varnish-XKeys
Kp-EeAlive
Is-Eu
IBM-Web2-Location
Magicmarker
Memcached
Platform
X-Nc
Ha-Gx-Prefs
Gh-Request-Id
Wxu-Next-Hostname
Cache-Host
Adler-Geo
Content-Disposition
Countrycode
Fastly-Soc-X-Request-Id
Esi-Enabled
SD-X-WS
HA-Ipaddr
W
Section-Io-Cache
Served-By
Wxu-Next-Commit
True-Client-Country-4JS
Cache-Provider
X-B3-Parentspanid
X-Urbn-Context-Path
X-Scheme
X-Thanos
X-ServiceProvider
X-Swa-Ws
V-Age
X-SVT-ORM-RULES
X-Device-Os
X-Owner
X-Logging-Id
X-Geo-Header
X-GeoIP-City
X-LI-Proto
X-Method
X-MSEdge-Features
X-Urbn-Site-Id
AKAMAI
X-Node-Id
X-MSEdge-Flight
X-Qloud-Router
X-SVT-ORM-VERSION
X-VC-Cache
L
X-Agile-Age
Locale
Pramga
PFcat
X-Bip
X-Agile
X-Agile-Id
Heartbleed
X-GRACE
X-APP-VERSION
X-Lb-Id
X-NodeID
Server-ID
X-Core-Value
X-Dc
Srv
X-Geo
X-Servername
X-Vdms-Version
CF-IPCountry
GEO-REGION-INFO
Environment
X-GEO
X-EC-Lua
Cdnsip
Cdncip
X-Shopify-Generated-Cart-Token
X-Sigma
X-Sigma-Backend
X-AK-Request-ID
Request-Time
X-Sucuri-Cache
X-Rocket-Build-Number
X-Newrelic-Synthetics
X-Be
X-NGENIX-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-ECACHE
X-CDN-Forward
X-Pjax-Url
X-Servedbyhost
X-FPC
Powered-By-ChinaCache
X-Upstream-Ct
X-Tb-Optimization-Total-Bytes-Saved
X-ElasticPress-Search
X-Nginx-Cache
X-Microcachable
X-VHOST
X-Upstream-Ht
X-Via-NSCOPI
Resin-Trace
X-Instart-Info
X-Unique-Id
X-Unique-ID
X-ND-Cache
X-Backend-Host
X-Backend-Url
Group
Tcn
X-Source
X-Zone
X-Correlation-ID
X-RCS-CacheZone
X-B3-Spanid
Memory
Backend-Name
PageSpeed
X-Var-Ttl
X-Trafficlayer-App-Version
CF-Cached-On
Ohc-File-Size
X-IPS-LoggedIn
SRV
Ohc-Cache-HIT
X-Oracle-Dms-Rid
N-Cache
X-DC
Fly-Request-Id
Pagetype
Fly-Cache
X-VWS-Id
Cache-Prefix
X-Req
X-AWS-Id
X-LJ-Flow-ID
Locid
X-VCL-Version
Lfy
X-Upstream-CT
X-Dynatrace
X-Upstream-HT
Cdn
X-COUNTRY
X-Gamma-Serve
Gannett-Cam-Experience-Id
X-Served-From
X-Worker
FNAC-ModuleRouting
Geo-Info
Cf-Ipcountry
GeoIP-Latitude
Pics-Label
TTL
GeoIP-Country-Code
GeoIP-City
Amp-Access-Control-Allow-Source-Origin
X-Refresh
X-Check-Cacheable
X-Ratelimit-Remaining
X-Via-Ucdn
X-Ua
X-Cache-Miss-From
X-Pf-Uncompressing
PICS-Label
X-Pod
X-Sedo-Request-Id
X-Server-W
X-Fetched-On
X-Bc
X-Via-Edge
ProcessTime
X-Wa
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Via-SSL
Geoip-City
REQUESTUUID
X-Render-Time
Geoip-Latitude
GeoIp-Country-Code
Ttl
X-CSRF-Token
X-PF-Uncompressing
Fastly-SWR
Fastly-SIE
X-Upstream-Proxy
XServer
X-Sucuri-ID
X-Datadome
X-APP
X-NU-AKA-ACS-Version
M-TraceId
X-Vcl-Version
X-Ratelimit-Reset
X-HTML-Minification-Powered-By
X-CLOUD-TRACE-CONTEXT
X-ZONE
X-Fstrz
X-HS-Status
X-LiteSpeed-Cache-Control
X-Tt-Trace-Tag
X-GeoIP-Country-Code
X-Mode
X-SRV
Cache-Cookie-Set-Lfrom
X-GDPR
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Ratelimit-Limit
X-TIME
Cdn-Host
On-Server
X-Fastly-Country-Code
X-Edge-Server
Cdn-Request-Time
X-Dynatrace-Js-Agent
User-Agent
Pragrma
X-SN
HitType
X-Cache-Tag
MIME-Version
X-HostName
X-MP-GENERATED-AT
X-Swift-Error
X-WR-MODIFICATION
X-FORWARDED-FOR
HostName
X-Flog
X-Aicache-OS
X-Response-By
X-Hello
X-Org
X-BC
SS
X-ServedByHost
URI
X-NGINX-Cache
Host-ID
X-ABtesting
X-WA
X-BE
Who
X-TT-LOGID
X-RateLimit-Reset
CACHE
X-UPSTREAM-Address
X-PJAX-URL
X-Action
X-DB
Requestid
SN
X-Cdn-Request-ID
X-Cache-Ttl
X-Edge-O15-RID
X-DSS
X-DI
X-RSL
X-Fastly-Backend-Reqs
X-Fpc
X-DW
X-RPS
X-RPM
X-Routing-Service
X-Zipkin-Id
Dynatrace
X-Proxied
X-Varnish-URL
X-TH-Server
X-Cf-Powered-By
Country-Code
X-LAGOON
X-Page-Type
RequestUuid
X-Varnish-Cacheable
Lb
DataCenter
Debug
Powered-By
X-ServerName
LB
CDN
Server-Id
Is-Session-Tracking
Get-Access-Time
X-Ftr-Cache-Host
X-Edge
X-SB
X-Nananana
X-VC
X-Gen-Id
UCS
X-Tt-Trace-Host
Media-Length
XxX-Cache-Status
X-MID
X-Protected-By
X-MCACHE
X-Varnish-Beresp-TTL
Correlation-Id
X-Request-Time
X-App
NnCoection
Xet-Cookie
Application
Thinkindot-Cache-Type
X-Li-Proto
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-LiteSpeed-Tag
Warning
X-Dw-Trace-Id
Product
RequestId
X-Fastly-Cache-Hits
SID
X-LB-ID
X-Request-Url