Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Xss-Protection
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-Request-ID
X-Template
X-Language
X-Iinfo
X-DNS-Prefetch-Control
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
X-AspNetMvc-Version
Upgrade
Access-Control-Expose-Headers
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-CDN
CF-Ray
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Backend
EagleId
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-AH-Environment
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
X-Server
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Device
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-Cdn
X-Ac
Report-To
X-WebKit-CSP
EagleEye-TraceId
X-Server-Id
X-Response-Time
X-Cnection
Request-Id
X-OneAgent-JS-Injection
X-Host
X-Backend-Server
X-DataDome
Content-Location
X-Cloud-Trace-Context
X-Node
X-Origin-Cache
X-Readtime
X-Cache-Lookup
X-Vhost
NEL
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
X-Aspnetmvc-Version
X-Country
Surrogate-Control
Rating
X-DynaTrace
X-FTR-Request-ID
Pinterest-Generated-By
X-Country-Code
X-Goog-Hash
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Accept-Ch
X-Akam-SW-Version
X-Ws-Request-Id
X-MS-InvokeApp
X-Varnish-TTL
X-Vname
X-TtlSet
X-PC
X-Url
X-Instart-Request-ID
X-B3-TraceId
X-Ruxit-JS-Agent
Edge-Control
X-Powered-By-Plesk
Verso
SPRequestGuid
X-Mod-Pagespeed
Accept-Ch-Lifetime
X-Sol
X-Middleton-Response
Response
X-Middleton-Display
Display
X-D2id
X-Ah-Environment
X-SharePointHealthScore
X-Trace
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-VARITI-CCR
X-Kinja-Build
X-Kinja
X-Exp-Variant
RTSS
Service-Worker-Allowed
X-Server-Name
X-GitHub-Request-Id
SPRequestDuration
SPIisLatency
X-Server-ID
X-Navigation-Version
X-ESI
X-CST
X-Powered-CMS
Pagespeed
X-Debug
X-Abt-Application-Version
X-Vcap-Request-Id
Public-Key-Pins
Content-MD5
X-Amz-Server-Side-Encryption
X-Px
MS-Author-Via
X-Version
X-Upstream
Charset
X-Amz-Rid
X-Vcache
X-Forwarded-Proto
X-NF-Request-ID
DynaTrace
Realpath
X-Shard
X-Cached
Fastly-Restarts
X-Recruiting
X-TTL
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
TCN
X-SERVER
Pinterest-Version
Arr-Disable-Session-Affinity
X-MSEdge-Ref
X-Pinterest-Rid
X-Shield-Request-Id
X-DynaTrace-JS-Agent
Edge-Cache-Tag
Access-Control-Request-Method
Nginx-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
S
X-Ser
X-XRDS-Location
Front-End-Https
X-Fastly-Request-ID
X-Ttl
X-Accel-Expires
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Goog-Storage-Class
X-Id
X-Element-Page-Cache
X-Varnish-Age
X-Client-IP
X-T
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-Country-Code-Real
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-FTR-Expires
X-RateLimit-Remaining
X-Amzn-Trace-Id
X-Webkit-Csp
X-Dw-Request-Base-Id
Fastcgi-Cache
NR-ENABLED
X-Trafficlayer-App-Scope
X-HS-Hub-Id
X-Trafficlayer-App-Name
X-HS-Content-Id
X-Frontend
X-Content-Digest
X-Correlation-Id
X-Hits
Powered
AR-PoweredBy
Ar-Sid
X-Fastcgi-Cache
AR-CACHE
AR-ATIME
X-Forwarded-For
ServerID
X-Grace
X-Kinsta-Cache
Cache-Tag
X-FTR-Cache-Host
X-Litespeed-Cache
X-HS-Cache-Config
TP-Cache
TP-L2-Cache
X-Cache-Hit
X-Oneagent-Js-Injection
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
PB-PID
X-N
PB-RID
Arc-Version
X-Mobile-Rewrite
X-Content-Type
X-Request-Received
X-Request-Processing-Time
X-Srv
X-Request-Handler-Origin-Region
X-Microsite
Alternate-Protocol
X-Zen-Fury
X-Hp-Webp
Server-Name
X-FastCGI-Cache
X-User-Agent
X-Rid
Server-Node
X-Revision
X-Analytics
Backend-Timing
X-Via-JSL
Healthy
X-LB-Cache
AR-Request-ID
X-Az
X-Activity-Id
X-AppVersion
Paypal-Debug-Id
Retry-After
Cache-Status
X-Content-Security-Policy-Report-Only
X-Logged-In
X-Akamai-Edgescape
X-Ruxit-Js-Agent
X-Webapp-Samesite-None-Activated-N
X-IPLB-Instance
X-Type
X-Cached-By
X-Amz-Apigw-Id
X-Amzn-RequestId
X-NWS-LOG-UUID
X-GUploader-UploadID
X-HS-Combine-CSS
X-Varnish-Grace
X-Cache-Age
X-Pad
FilterID
X-B3-Sampled
X-Mobile-URL
X-F-Cache
X-Content-Options
X-FB-Debug
X-Instance
X-Debug-Info
X-Tumblr-User
Accept-Charset
Refresh
X-Geo-Country
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Cluster
X-AOL-HN
X-Seen-By
X-App-Environment
Source
X-Jobs
X-Page-Id
X-Request-Guid
X-Framework
Host
X-B
Actual-Object-TTL
DC
X-PHP-Backend
X-Whom
X-Erf-Bev-Bev-Is-Generated
X-PressLabs-Stats
X-Erf-Bev-Bev
X-Cache-Key
Upgrade-Insecure-Requests
MS-CV
X-Esi
X-WebKit-CSP-Report-Only
Fastcgi-Useragent
VIX-Pulpo-Node
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
X-ATG-Version
X-Cache-2
X-Host-Name
X-Git-Hash
X-Time
X-TT
X-Cache-Control
X-Cache-TTL
X-VCache
X-Cache-Rule
X-Cache-Operation
Surrogate-Key
X-Forwarded-Host
X-Amz-Replication-Status
X-TA-CDN-Provider
Frame-Options
Cache
X-FW-Static
X-Kong-Proxy-Latency
X-Wix-Request-Id
X-FW-Hash
X-FW-Type
X-Kong-Upstream-Latency
X-FW-Server
X-FW-Serve
X-Daa-Tunnel
NGB
X-Response-Served-From
Xserver
X-Mobile
X-Signature
X-B-Cache
Tracecode
X-Origin-Server
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Tumblr-Pixel-2
Host-Header
X-TX-ID
X-Drupal-Cache-Tags
X-GeoIP
X-UA-Device-Type
WPE-Backend
X-Region
Filters
Eomportal-Instance
X-Cache-Action
Payment
X-Hyper-Cache
X-RequestSource
Webserver
X-Cache-NE
X-Adobe-Loc
From-Origin
X-Adobe-Content
X-Cacheable-TTL
X-Handled-By
X-App-Server
Cleartype
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
X-Webkit-CSP
Ms-Operation-Id
X-RTag
X-Cache-Enabled
X-RateLimit-Limit
Datacenter
X-UA
X-Cache-TTL-Remaining
X-Status
Accept-CH-Lifetime
X-Contextid
X-Akamai-Transformed
X-NewRelic-App-Data
Liferay-Portal
Accept-CH
X-Cache-Server
X-BCube-Filmed-By
X-Load-Cache
X-Hostname
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-TT-TIMESTAMP
X-Edge-Location
X-XRDS-LOCATION
X-FW-Dynamic
X-Varnish-Hostname
Odigeo-Trace-Id
X-IP
Version
X-App-Version
Server-Info
Meta-Geo
X-Varnish-Server
Load-Balancing
X-ES-SERVER
X-Path-Route
X-Cache-Var
X-Cache-Var-Map
X-RN-RSRV
X-Xfnlog-Site
X-Viewer-Country
X-Rule
X-Cache-Config
X-UUID
X-PCL
X-CCM
Cache-Tags
Country
X-OCL
X-Debug-Cache
DB-Nickname
Webcakes-App-Version
X-Labrador-Cache-Channel
X-Info
Property-Id
Fastly-SSL
X-Proto
X-Varnish-Cache-Hits
X-Loop
X-EIG-Tracking-Id
TWC-Privacy
Azure-SlotName
Azure-SiteName
Azure-Version
L5d-Success-Class
X-FC-Vary-Parameters
Cache-Name
Azure-RegionName
Azure-InstanceId
Webcakes-App-Name
X-Upgrade-Enabled
Mn-Server-Ip
X-Akamai-Request-ID
X-From
X-TNCMS
X-Hosted-By
Webcakes-Region
S-Rt
X-Web-Node
X-Rocket-Nginx-Bypass
TWC-GeoIP-Country
X-Content-Age
X-Origin-Hint
X-Real-IP
X-Origin-Response-Time
X-Drupal-Cache-Contexts
X-Proxy
X-Pubstack
TWC-Connection-Speed
X-R9-Blue-Green-Version
TWC-Locale-Group
X-ServerID
TWC-Device-Class
X-Cache-Host
X-Via-Fastly
TWC-GeoIP-LatLong
X-Origin
X-Access
X-Rendered-As
X-PERF
X-ApacheServer
X-Backend-Name
Selected-Fe
Release
X-Proxy-Build
DSUID
Ec-Rule-Version
X-Akamai-Request-ID2
Decoy-Debug-TTL
Decoy-Debug-Status
X-FireWall-Port
Decoy-Debug-Key
X-VCT
X-Time-Microsecs
X-Cache-Time
X-Format
Origin-Cache-Control
X-Human
X-JoinUs
Origin-Edge-Control
X-Section
X-Goog-Meta-Goog-Reserved-File-Mtime
S-Cnection
X-Cluster-Name
X-Timing-Wait
X-Generated
X-Redis-Cache
X-Varnish-Hits
X-Vgn-Hpd-Reason
X-Soup
Rt-Fastcgi-Cache
X-Origin-TTL
X-Origin-CC
X-WA-Info
GEO-INFO
X-Storage
X-Www-Served-By
Viewport
X-Locale
X-Site-Version
X-Cache-Grace
X-NWS-UUID-VERIFY
NGX
Cache-Key
X-Is-Bot
X-Guploader-Uploadid
Vix-Hermes-Req-Id
X-Cache-Remote
Uber-Trace-Id
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
Cteonnt-Length
X-B3-SpanId
Cache-Hits
X-Hit
X-GoCache-CacheStatus
X-Backend-TTL
X-NCache
Time
Origin
X-PHP-Host
X-ATS-Timestamp
X-SS-Set-Cookie
X-Oss-Server-Time
X-Oss-Object-Type
X-CS
X-Trace-Id
X-Oss-Request-Id
X-Oss-Storage-Class
X-Cache-Backend
X-Generated-By
X-Oss-Hash-Crc64ecma
X-Device-Type
Mime-Version
X-Tumblr-Pixel-3
X-Amzn-Remapped-Content-Length
Akamai-GRN
Hostname
X-CF-Powered-By
Accept-Language
X-OVcl-Cache
X-UnsetCookies
X-OVcl
X-S
X-Accel-Buffering
X-Nginx-Cache-Key
X-Cluster-Node
X-Via-CDN
X-FB-TRIP-ID
Fastcgi-X-Cache-Version
X-ORACLE-APMCS-TAG
X-Uri
X-ORACLE-APMCS-REQUEST-ID
X-No-Session
X-L-Path
X-Cdn-Forward
X-Environment-Context
Now
X-Tb
X-FW-Version
X-MServer
X-URL
Access-Control-Request-Headers
X-B3-Traceid
X-Say-TTL
User-Cache-Control
X-Say-Cacheable
X-SayCDN-TTL
OT-Force-Account-Verify
ServerName
Rendered-Blocks
Mobile-Detection-Method
Request-Country
Node
Rt-Proxy-Cache
VivaBuild
T-Server
Viewtype
Request-EU
Apple-News-Services-Request-Url
Arc-Country
AsisCache
X-A
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
BehaviorPad-Version
Content-Script-Type
Machine
MD5-Digest
IsBot
Cross-Origin-Window-Policy
Content-Style-Type
Meta-Geo-Continent
X-Aed
X-ScT
X-Server-Time
X-Session-Fingerprint
X-SIPLIST1
X-S-Cookie
X-Rojux
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-SRCache-Key
X-Svr
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Processor
X-PAYTM-SRV-ID
X-AIR-PT
X-Application
X-ARC
X-B-Cookie
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Dgt
X-CF-Lambda-Fn
X-Connection-Hash
X-External-Request-Id
X-G
X-Hl-Ver
X-DPWN-IS-SECURE
X-Detected-As
X-D
X-Date
X-Destination
X-A-Ccd
X-CF-Lambda-Version
X-CSRF-TOKEN
X-Tec-Api-Origin
X-Presslabs-Stats
X-Tec-Api-Version
X-CACHE-KEY
X-Tec-Api-Root
X-NC
X-Endurance-Cache-Level
Thinkindot-Control
X-Cache-Bucket
X-Cache-Debug
Thinkindot-CacheControl-Type
Web-Mar-Node
Server-Host
X-Parent-Response-Time
CDCHOST
RNT-Machine
RNT-Time
Server-Int
X-Cache-Info
Thinkindot-CacheControl
X-Cms-Context
X-Reboot
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Request-URI
X-S-Maxage
ServedBy
X-WADP-Cache
X-Thinkindot-L3
X-NX-Host
X-Matched-Rule
X-Debug-Log
X-Debug-Cookies
A
X-Developer
X-Gen-Mode
X-Location
X-Hnp-Log
X-Clara-WADP
X-Block-Status
Mail-Subject
We-Hiring
X-Alternate-Cache-Key
NtCoent-Length
X-Sorting-Hat-ShopId
Proxy-Connection
X-ShopId
X-Shopify-Stage
X-Varnish-Beresp-Grace
X-Sorting-Hat-PodId
X-Sucuri-Id
X-ShardId
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-SaId
X-Amz-Meta-Cache-Control
X-Key
X-App-Name
X-JWT-State
X-Backend-State
X-Is-Gdpr
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Auto-Login
X-7Graus-Varnish-XKeys
W
X-Magnolia-Registration
X-Ms-Request-Id
X-Ms-Version
X-Old-Content-Length
X-Eu-Site
Wxu-Next-Commit
Wxu-Next-Hostname
X-Li-Pop
X-Li-Fabric
X-LI-UUID
X-Irp-Debug
Wxu-Next-Region
X-7Graus-Varnish-Cache-Control
X-Level-Front-Cache
X-IN-APIGATEWAYSSL
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Adler-Geo
X-Generated-On
X-Core-Mission
X-CUA
X-Generated-In
X-Developers
X-Fastly-Cache
X-Epic-Correlation-Id
X-Distributor
X-Distil-CS
X-Dispatch
X-Dispatcher-Server
X-Generation-Time
X-Compress-Hint
X-IN-APIGATEWAY
X-Cache-FS-Status
X-C
Served-By
X-Internal-Host
X-Instart-Isnd
X-Cache-Id
X-Cache-URL
X-CGP
X-Clientip
X-Has-Esi
X-Hash
X-Cdn-Origin
X-Cdn-Srv
X-BBXSRF
True-Client-Country-4JS
Ha-Gx-Prefs
HA-Ipaddr
X-Server-IP
Gh-Request-Id
X-WebServer
X-Service
IBM-Web2-Location
Section-Io-Cache
X-Webstats-RespID
Memcached
Magicmarker
X-SD-PageType
Kp-EeAlive
X-Skip-Cache
X-We-Are-Hiring
Cache-Host
X-Up
X-User
X-Variation
X-VServer
X-VG-TLSProxy
X-TrackingId
Content-Disposition
X-Sn-Servicetimems
Fastly-Soc-X-Request-Id
Esi-Enabled
X-Nc
Countrycode
X-Wikidot-Backend
Is-Eu
X-Release
X-Origin-Date
X-RateLimit-Limit-Second
SD-X-WS
Platform
X-Reqid
X-Request-Start
X-Wikidot-Static-Cache
X-Platform-Server
X-Origin-Expires
X-Policy
X-RateLimit-Remaining-Second
X-B3-Parentspanid
Cache-Provider
X-GeoIP-City
X-Geo-Header
X-Node-Id
X-VC-Cache
AKAMAI
X-Device-Os
V-Age
X-Urbn-Site-Id
X-MSEdge-Flight
X-Thanos
X-Method
X-Swa-Ws
X-Urbn-Context-Path
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-MSEdge-Features
X-Owner
L
X-LI-Proto
Heartbleed
X-Agile
Locale
X-Agile-Age
X-Agile-Id
X-Scheme
X-Logging-Id
PFcat
X-ServiceProvider
Pramga
X-Qloud-Router
X-Bip
X-APP-VERSION
X-Geo
X-Lb-Id
X-Dc
X-NodeID
Server-ID
X-Core-Value
Tcn
Srv
X-Vdms-Version
GEO-REGION-INFO
X-Servername
CF-IPCountry
X-EC-Lua
Environment
X-GRACE
X-FPC
Cdnsip
Request-Time
X-Sigma
X-Rocket-Build-Number
X-Shopify-Generated-Cart-Token
X-AK-Request-ID
X-Sigma-Backend
Cdncip
X-Sucuri-Cache
X-Newrelic-Synthetics
X-Be
X-NGENIX-Cache
X-CDN-Forward
X-ECACHE
X-GEO
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Pjax-Url
X-Planisys-CDN-Rules
X-Microcachable
X-Nginx-Cache
X-VHOST
X-ElasticPress-Search
Resin-Trace
Powered-By-ChinaCache
X-Unique-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Via-NSCOPI
X-Upstream-Ct
X-Upstream-Ht
X-Servedbyhost
X-Instart-Info
X-Unique-ID
X-Source
X-Backend-Url
X-Zone
X-ND-Cache
Group
X-Backend-Host
X-RCS-CacheZone
X-B3-Spanid
X-Trafficlayer-App-Version
Backend-Name
X-Var-Ttl
PageSpeed
CF-Cached-On
X-IPS-LoggedIn
Ohc-Cache-HIT
SRV
Ohc-File-Size
X-DC
Memory
N-Cache
X-Oracle-Dms-Rid
X-AWS-Id
X-LJ-Flow-ID
Lfy
Locid
X-VCL-Version
Cache-Prefix
Fly-Cache
Fly-Request-Id
Pagetype
X-VWS-Id
X-Req
X-Upstream-HT
X-Dynatrace
X-Upstream-CT
Gannett-Cam-Experience-Id
X-Gamma-Serve
FNAC-ModuleRouting
Cdn
X-Served-From
X-COUNTRY
X-Worker
Geo-Info
X-Correlation-ID
Cf-Ipcountry
TTL
X-Refresh
Amp-Access-Control-Allow-Source-Origin
X-Via-Ucdn
X-Ratelimit-Remaining
X-Pf-Uncompressing
X-Check-Cacheable
Pics-Label
X-Ua
X-CSRF-Token
X-Pod
GeoIP-City
Geoip-City
X-Cache-Miss-From
X-Server-W
GeoIP-Country-Code
X-Fetched-On
GeoIp-Country-Code
PICS-Label
X-Sedo-Request-Id
Geoip-Latitude
GeoIP-Latitude
X-Bc
X-Via-SSL
X-Wa
ProcessTime
X-Rebelmouse-Cache-Control
X-Via-Edge
X-Rebelmouse-Surrogate-Control
X-APP
Fastly-SWR
Fastly-SIE
REQUESTUUID
Ttl
X-Render-Time
X-Upstream-Proxy
XServer
X-Sucuri-ID
X-TIME
X-Datadome
X-PF-Uncompressing
X-Ratelimit-Reset
M-TraceId
X-Vcl-Version
X-NU-AKA-ACS-Version
X-HTML-Minification-Powered-By
X-CLOUD-TRACE-CONTEXT
X-GeoIP-Country-Code
X-Fstrz
X-HS-Status
X-ZONE
X-LiteSpeed-Cache-Control
X-Tt-Trace-Tag
X-Mode
X-SRV
X-GDPR
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-HostName
Cache-Cookie-Set-Lfrom
X-Ratelimit-Limit
Cdn-Request-Time
X-Edge-Server
X-Fastly-Country-Code
Cdn-Host
X-Dynatrace-Js-Agent
User-Agent
X-SN
Pragrma
On-Server
X-ServedByHost
X-Cache-Tag
HitType
X-Swift-Error
MIME-Version
X-MP-GENERATED-AT
X-Response-By
X-ABtesting
Host-ID
URI
X-BC
X-FORWARDED-FOR
X-NGINX-Cache
SS
X-Aicache-OS
X-Flog
X-Hello
HostName
X-WR-MODIFICATION
X-Org
X-TT-LOGID
X-WA
X-BE
Who
CACHE
X-RateLimit-Reset
X-RPM
X-RPS
X-Fastly-Backend-Reqs
Requestid
X-DI
X-Action
SN
X-DB
X-RSL
X-DSS
X-DW
X-Cdn-Request-ID
X-Edge-O15-RID
X-PJAX-URL
X-Cache-Ttl
X-UPSTREAM-Address
X-Zipkin-Id
Dynatrace
X-Routing-Service
X-Proxied
X-ServerName
RequestUuid
X-Cf-Powered-By
X-Varnish-URL
X-Page-Type
X-Varnish-Cacheable
X-Fpc
X-TH-Server
Country-Code
X-LAGOON
DataCenter
Lb
Debug
CDN
Powered-By
Server-Id
Is-Session-Tracking
Get-Access-Time
LB
X-Ftr-Cache-Host
UCS
X-VC
X-Nananana
X-SB
X-MCACHE
X-MID
Media-Length
X-Edge
X-Varnish-Beresp-TTL
X-Tt-Trace-Host
X-Gen-Id
X-Protected-By
XxX-Cache-Status
X-Request-Url
NnCoection
Warning
X-LB-ID
X-LiteSpeed-Tag
X-Akamai-ERPolicy
RequestId
Correlation-Id
X-Request-Time
Xet-Cookie
X-Akamai-ERRuleID
X-Amzn-Remapped-Connection
SID
X-Fastly-Cache-Hits
Application
X-Li-Proto
Thinkindot-Cache-Type
X-Amzn-Remapped-Date
X-Dw-Trace-Id
Product