Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Iinfo
X-Language
X-AspNetMvc-Version
X-Content-Security-Policy
Status
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Ua-Compatible
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
EagleId
X-AH-Environment
X-Server
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Rq
Report-To
EagleEye-TraceId
X-Ac
X-Server-Id
X-Response-Time
X-OneAgent-JS-Injection
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Cloud-Trace-Context
X-Origin-Cache
X-Readtime
X-Dns-Prefetch-Control
X-Cache-Lookup
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
X-Cdn
P3p
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-Ws-Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
Surrogate-Control
X-Country
Rating
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
X-Akam-SW-Version
Pinterest-Generated-By
X-PC
X-TtlSet
X-Vname
X-MS-InvokeApp
X-Instart-Request-ID
X-Url
X-Ruxit-JS-Agent
X-Varnish-TTL
Edge-Control
Verso
X-Powered-By-Plesk
X-Mod-Pagespeed
SPRequestGuid
Accept-Ch
X-B3-TraceId
X-D2id
X-Trace
Pagespeed
X-Middleton-Response
X-Sol
Response
X-SharePointHealthScore
X-Middleton-Display
Display
X-VARITI-CCR
RTSS
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Server-ID
X-Server-Name
X-GitHub-Request-Id
Service-Worker-Allowed
X-ESI
SPRequestDuration
SPIisLatency
X-Vcache
X-Navigation-Version
Content-MD5
X-Powered-CMS
X-Debug
X-Abt-Application-Version
X-Vcap-Request-Id
X-CST
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
Public-Key-Pins
MS-Author-Via
Charset
X-Upstream
X-Forwarded-Proto
X-Px
X-TTL
X-NF-Request-ID
X-Amz-Rid
DynaTrace
X-Version
X-Cached
Realpath
X-Shard
TCN
Edge-Cache-Tag
MicrosoftSharePointTeamServices
Fastly-Restarts
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Arr-Disable-Session-Affinity
X-Ezoic-Cdn
X-Recruiting
X-MSEdge-Ref
Access-Control-Request-Method
X-Shield-Request-Id
Pinterest-Version
X-Pinterest-Rid
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-Ser
X-SRCache-Fetch-Status
S
X-Fastly-Request-ID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
Nginx-Cache
X-XRDS-Location
Front-End-Https
X-DIS-Request-ID
X-Accel-Expires
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-Ttl
X-Trafficlayer-App-Scope
X-Element-Page-Cache
X-Trafficlayer-App-Name
X-Id
X-Client-IP
X-T
X-Varnish-Age
Mrf-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-Mrf-Item-Lastmod
X-FTR-DC
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-FTR-Cache-Status
X-Webkit-Csp
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
X-Fastcgi-Cache
NR-ENABLED
X-Content-Digest
Cache-Tag
X-Frontend
X-HS-Content-Id
X-HS-Hub-Id
X-RateLimit-Remaining
X-Hits
Powered
X-Kinsta-Cache
X-Correlation-Id
X-Litespeed-Cache
X-HS-Cache-Config
X-Grace
X-FTR-Cache-Host
ServerID
X-Webapp-Samesite-None-Activated-N
X-Aspnetmvc-Version
TP-Cache
Alternate-Protocol
TP-L2-Cache
X-Hp-Webp
X-Cache-Hit
X-Node-Name
X-Request-Processing-Time
X-Request-Received
X-Forwarded-For
X-Request-Handler-Origin-Region
X-Ah-Environment
PB-RID
X-Microsite
PB-PID
X-N
Arc-Version
X-Mobile-Rewrite
AR-ATIME
AR-CACHE
AR-PoweredBy
Ar-Sid
AMP-Access-Control-Allow-Source-Origin
Server-Name
X-Zen-Fury
X-Rid
X-Content-Type
X-User-Agent
Healthy
X-Revision
Server-Node
X-LB-Cache
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-Logged-In
X-Analytics
X-Activity-Id
Backend-Timing
X-AppVersion
X-Az
X-Srv
X-HS-Combine-CSS
Cache-Status
Retry-After
X-IPLB-Instance
X-Oneagent-Js-Injection
X-FastCGI-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cached-By
X-NWS-LOG-UUID
X-Pad
X-Via-JSL
Paypal-Debug-Id
Accept-CH
X-Type
X-Varnish-Grace
Accept-CH-Lifetime
X-Ruxit-Js-Agent
X-GUploader-UploadID
X-Mobile-URL
FilterID
AR-Request-ID
Refresh
X-B3-Sampled
X-F-Cache
X-Cache-Age
X-Content-Options
X-Geo-Country
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-FB-Debug
X-AOL-HN
Source
Accept-Charset
X-App-Environment
Access-Control-Allow-Method
X-Jobs
X-Page-Id
X-Request-Guid
X-Cluster
X-Instance
Actual-Object-TTL
X-B
X-Framework
X-PHP-Backend
Host
X-Debug-Info
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Upgrade-Insecure-Requests
X-Varnish-Backend
X-Seen-By
DC
X-WebKit-CSP-Report-Only
X-ATG-Version
X-Cache-Key
Fastcgi-Useragent
MS-CV
X-Content-Powered-By
X-Whom
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-TT
X-PressLabs-Stats
X-Git-Hash
X-Cache-2
X-Host-Name
X-Cache-Control
X-Esi
X-Amz-Replication-Status
X-Cache-TTL
Cache
X-TA-CDN-Provider
X-Wix-Request-Id
Surrogate-Key
X-Signature
X-B-Cache
Frame-Options
X-Daa-Tunnel
Host-Header
NGB
X-Response-Served-From
X-Cache-Rule
X-Cache-Operation
X-FW-Static
X-UA
X-Time
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-FW-Serve
X-FW-Type
X-FW-Hash
X-FW-Server
Xserver
Cache-Tv-Group
X-Tumblr-Pixel-1
X-Forwarded-Host
X-Tumblr-Pixel-2
X-Origin-Server
Webserver
X-Hyper-Cache
Eomportal-Instance
X-GeoIP
X-Mobile
Cleartype
Filters
X-Drupal-Cache-Tags
X-TX-ID
X-Adobe-Content
X-Cache-Action
Payment
WPE-Backend
X-Adobe-Loc
X-Region
X-Cacheable-TTL
X-Handled-By
X-Cache-NE
From-Origin
X-RequestSource
X-SERVER
X-Cache-Enabled
X-UA-Device-Type
X-ProcessESI
X-RemovedCookies
X-App-Server
X-EdgeConnect-Cache-Status
Ms-Operation-Id
Datacenter
X-RTag
Tracecode
X-NewRelic-App-Data
X-Akamai-Transformed
X-Cache-TTL-Remaining
X-Hostname
X-Load-Cache
X-Status
X-Contextid
X-Cache-Server
Liferay-Portal
X-Yottaa-Metrics
X-B3-Traceid
X-Yottaa-Optimizations
X-XRDS-LOCATION
X-Edge-Location
X-BCube-Filmed-By
X-TT-TIMESTAMP
X-Varnish-Hostname
Odigeo-Trace-Id
X-Varnish-Server
X-RateLimit-Limit
X-FW-Dynamic
X-Rule
Server-Info
Load-Balancing
X-ES-SERVER
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Var
X-Path-Route
Meta-Geo
X-Viewer-Country
Country
X-IP
X-CCM
Version
X-Cache-Config
DB-Nickname
X-Rocket-Nginx-Bypass
X-Debug-Cache
X-Via-Fastly
X-Xfnlog-Site
X-Cache-Host
X-Web-Node
X-UUID
X-FC-Vary-Parameters
X-Hosted-By
X-From
X-Redis-Cache
X-EIG-Tracking-Id
Fastly-SSL
Azure-Version
Cache-Name
Cache-Tags
Azure-SlotName
Azure-SiteName
X-Info
Azure-InstanceId
Azure-RegionName
S-Rt
X-Cache-Time
X-Real-IP
X-PCL
X-R9-Blue-Green-Version
X-Pubstack
X-Origin-TTL
X-Proxy
X-Proto
X-ServerID
X-Labrador-Cache-Channel
X-Origin-CC
X-Loop
X-OCL
X-TNCMS
Origin-Edge-Control
Origin-Cache-Control
Release
TWC-Connection-Speed
Selected-Fe
L5d-Success-Class
Property-Id
X-Proxy-Build
X-Rendered-As
Decoy-Debug-Status
Decoy-Debug-TTL
DSUID
X-Www-Served-By
TWC-Device-Class
Ec-Rule-Version
TWC-Privacy
Decoy-Debug-Key
X-Content-Age
X-Cluster-Name
X-Varnish-Cache-Hits
X-Drupal-Cache-Contexts
X-Upgrade-Enabled
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-FireWall-Port
X-Origin
X-Origin-Hint
X-Timing-Wait
Viewport
X-JoinUs
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-App-Version
X-Origin-Response-Time
X-Akamai-Request-ID2
X-Akamai-Request-ID
Webcakes-Region
TWC-GeoIP-Country
X-Backend-Name
X-Varnish-Hits
X-VCT
NGX
X-ApacheServer
X-Time-Microsecs
X-Human
X-PERF
X-Soup
S-Cnection
X-Vgn-Hpd-Reason
X-VCache
X-NWS-UUID-VERIFY
Mn-Server-Ip
X-Section
X-Format
X-Site-Version
X-Storage
X-Access
X-Locale
X-Oss-Hash-Crc64ecma
X-Guploader-Uploadid
X-Oss-Request-Id
X-ATS-Timestamp
X-Oss-Object-Type
X-Oss-Server-Time
X-Is-Bot
X-Oss-Storage-Class
Rt-Fastcgi-Cache
Cache-Key
X-ProxyCache-Status
X-ProxyCache-Key
X-WA-Info
X-BYPASS-REASON
Uber-Trace-Id
X-PHP-Host
Vix-Hermes-Req-Id
Cteonnt-Length
GEO-INFO
X-Cache-Backend
X-GoCache-CacheStatus
X-Generated-By
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-App-Version
X-NCache
X-Amzn-Remapped-Content-Length
Cache-Hits
X-Cache-Grace
X-Backend-TTL
Time
X-Accel-Buffering
X-Hit
X-Cache-Remote
X-SS-Set-Cookie
Akamai-GRN
X-Device-Type
X-CS
X-Trace-Id
X-Tumblr-Pixel-3
Origin
X-Nginx-Cache-Key
X-APP-VERSION
Accept-Language
X-FB-TRIP-ID
X-OVcl-Cache
X-No-Session
X-OVcl
X-S
X-L-Path
X-Environment-Context
X-CF-Powered-By
X-Presslabs-Stats
X-SaId
X-B3-SpanId
X-Cluster-Node
X-Tb
Mime-Version
X-URL
Hostname
X-MServer
X-Uri
X-SayCDN-TTL
X-UnsetCookies
X-Say-TTL
Access-Control-Request-Headers
X-Via-CDN
Fastcgi-X-Cache-Version
X-Say-Cacheable
X-CACHE-KEY
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
ServerName
X-Geo
User-Cache-Control
Now
Cross-Origin-Window-Policy
Content-Style-Type
MD5-Digest
X-ARC
Xc-Version
Machine
X-Accel-Expires-Debug
X-Application
IsBot
X-AIR-PT
X-B-Cookie
Apple-News-Services-Handled
X-Aed
X-A-Dam
X-A-Dcw
Apple-News-Services-Host
X-A-Dgt
AsisCache
BehaviorPad-Version
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Content-Script-Type
X-CF-Lambda-Fn
Request-Country
Request-EU
X-Hl-Ver
X-A-Wwc
X-G
VivaBuild
X-SRCache-Key
X-SIPLIST1
X-Session-Fingerprint
Viewtype
X-PAYTM-SRV-ID
X-Region-Sid
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
X-S-Cookie
T-Server
X-Server-Time
X-ScT
X-Processor
X-External-Request-Id
X-Svr
Node
X-VG-WebServer
X-D
X-VG-WebCache
Mobile-Detection-Method
Meta-Geo-Continent
X-Vtex-Processado-Em
X-CF-Lambda-Version
X-Connection-Hash
X-Twitter-Response-Tags
X-Date
X-DPWN-IS-SECURE
Rendered-Blocks
X-Transaction
X-Detected-As
X-Trv-Group
X-Destination
X-A-Ccd
X-A
X-Vtex-Remote-Cache
Rt-Proxy-Cache
X-FW-Version
X-CSRF-TOKEN
X-Endurance-Cache-Level
X-Cache-Debug
X-Cache-Bucket
X-Cache-Info
X-Block-Status
X-Cms-Context
X-Clara-WADP
Thinkindot-Control
Server-Int
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Cdn-Forward
Web-Mar-Node
X-Debug-Cookies
X-Request-URI
X-Reboot
X-S-Maxage
X-Service
X-WADP-Cache
X-Thinkindot-L3
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Gen-Mode
X-Debug-Log
X-Location
X-Matched-Rule
X-NX-Host
X-Core-Value
X-Hnp-Log
Mail-Subject
Proxy-Connection
OT-Force-Account-Verify
We-Hiring
NtCoent-Length
X-B3-Parentspanid
X-NC
X-Geo-Header
X-7Graus-Varnish-XKeys
X-Generation-Time
X-Generated-On
X-GeoIP-City
X-Generated-In
X-Fastly-Cache
X-Hash
X-Is-Gdpr
X-JWT-State
X-Key
X-Irp-Debug
X-Instart-Isnd
X-Alternate-Cache-Key
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Has-Esi
X-Dispatch
X-Cache-FS-Status
X-Cache-Id
X-Cdn-Srv
X-BBXSRF
X-Auto-Login
X-Amz-Meta-Cache-Control
X-App-Name
X-Clientip
X-Compress-Hint
X-Debug-Cache-Store
X-Level-Front-Cache
X-Dispatcher-Server
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Core-Mission
X-CUA
X-Distributor
X-Method
X-Sorting-Hat-ShopId
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Sorting-Hat-PodId
X-Skip-Cache
X-ShardId
X-ShopId
X-Shopify-Stage
X-TrackingId
X-Up
X-We-Are-Hiring
X-WebServer
X-Webstats-RespID
X-VServer
X-VC-Cache
X-User
X-Variation
X-Server-IP
X-SD-PageType
X-Ms-Version
X-Old-Content-Length
X-Origin-Date
X-Ms-Request-Id
X-7Graus-Varnish-Cache-Control
X-Li-Pop
X-Magnolia-Registration
X-Origin-Expires
X-Platform-Server
X-Reqid
X-Request-Start
X-Scheme
X-Release
X-RateLimit-Remaining-Second
X-Policy
X-RateLimit-Limit-Second
X-Li-Fabric
X-LI-UUID
Countrycode
CDCHOST
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Kp-EeAlive
Content-Disposition
Magicmarker
Served-By
AKAMAI
Adler-Geo
Memcached
X-Varnish-Beresp-Grace
Cache-Host
PFcat
RNT-Time
RNT-Machine
SD-X-WS
Gh-Request-Id
Section-Io-Cache
ServedBy
IBM-Web2-Location
Is-Eu
Platform
True-Client-Country-4JS
Esi-Enabled
Srv
X-Nc
Cache-Provider
X-Vdms-Version
X-VG-TLSProxy
X-CDN-Forward
X-Developers
X-Developer
X-Distil-CS
X-Wikidot-Backend
X-Epic-Correlation-Id
X-Eu-Site
X-Internal-Host
Heartbleed
X-ServiceProvider
X-MSEdge-Flight
X-Owner
Fastly-Soc-X-Request-Id
V-Age
Ha-Gx-Prefs
HA-Ipaddr
X-MSEdge-Features
X-Dc
X-Thanos
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Swa-Ws
Locale
L
X-Logging-Id
X-LI-Proto
Pramga
X-Wikidot-Static-Cache
X-Backend-State
Wxu-Next-Region
X-Cache-URL
X-Azure-Ref
A
X-C
X-CGP
X-Azure-Ref-OriginShield
Wxu-Next-Commit
W
Wxu-Next-Hostname
X-Bip
X-Parent-Response-Time
X-Agile
Server-ID
X-Qloud-Router
X-Agile-Id
X-Agile-Age
X-Sn-Servicetimems
X-Shopify-Generated-Cart-Token
Cdnsip
X-NodeID
X-Unique-Id
X-Cdn-Origin
X-AK-Request-ID
X-B3-Spanid
Cdncip
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Device-Os
X-Sigma
X-Rocket-Build-Number
X-Node-Id
X-Sucuri-Id
X-Sucuri-Cache
X-Sigma-Backend
X-Planisys-CDN-Cache
X-GRACE
GEO-REGION-INFO
Powered-By-ChinaCache
X-Servername
X-Via-NSCOPI
X-Lb-Id
Environment
CF-IPCountry
X-EC-Lua
X-RCS-CacheZone
X-Be
X-FPC
X-ND-Cache
X-Upstream-Ct
X-Upstream-Ht
X-Source
X-Trafficlayer-App-Version
X-Nginx-Cache
X-VHOST
X-Zone
X-Microcachable
Request-Time
X-Servedbyhost
X-Newrelic-Synthetics
Resin-Trace
Tcn
X-Webkit-CSP
X-Pjax-Url
X-Served-From
X-Gamma-Serve
X-NGENIX-Cache
X-Oracle-Dms-Rid
X-Req
X-ECACHE
Locid
X-ElasticPress-Search
X-Instart-Info
Geo-Info
X-Tb-Optimization-Total-Bytes-Saved
X-SRV
X-Ratelimit-Remaining
X-Backend-Host
X-Backend-Url
FNAC-ModuleRouting
X-TIME
X-Pf-Uncompressing
X-Refresh
Group
X-Dynatrace
X-DC
CF-Cached-On
X-VWS-Id
X-IPS-LoggedIn
X-AWS-Id
X-Var-Ttl
Backend-Name
X-LJ-Flow-ID
Gannett-Cam-Experience-Id
X-COUNTRY
X-GEO
X-VCL-Version
Memory
X-Sucuri-ID
X-Correlation-ID
X-Unique-ID
ProcessTime
X-HTML-Minification-Powered-By
Amp-Access-Control-Allow-Source-Origin
Cf-Ipcountry
TTL
N-Cache
X-CSRF-Token
Lfy
Geoip-City
X-Check-Cacheable
Geoip-Latitude
X-FORWARDED-FOR
GeoIp-Country-Code
Pics-Label
X-NU-AKA-ACS-Version
Cache-Prefix
Fly-Request-Id
X-Render-Time
Pagetype
X-Pod
Fly-Cache
SRV
X-GeoIP-Country-Code
PICS-Label
X-Worker
REQUESTUUID
X-Via-Edge
GeoIP-Latitude
X-Via-SSL
X-Bc
GeoIP-Country-Code
GeoIP-City
Ohc-File-Size
XServer
Ohc-Cache-HIT
X-Upstream-CT
X-Vcl-Version
X-Sedo-Request-Id
X-Cache-Miss-From
X-APP
Cdn
Ttl
M-TraceId
X-Via-Ucdn
X-Upstream-HT
X-CLOUD-TRACE-CONTEXT
X-Fstrz
X-Fetched-On
X-Server-W
X-Ratelimit-Limit
MIME-Version
X-ZONE
X-PF-Uncompressing
X-Wa
X-Mode
X-Fastly-Country-Code
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-MP-GENERATED-AT
X-LiteSpeed-Cache-Control
Fastly-SWR
X-Rebelmouse-Cache-Control
HostName
X-HS-Status
Cache-Cookie-Set-Lfrom
HitType
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Dynatrace-Js-Agent
Host-ID
On-Server
User-Agent
X-ServedByHost
Pragrma
X-HostName
X-Swift-Error
X-BC
X-Cdn-Request-ID
X-PJAX-URL
URI
X-WR-MODIFICATION
X-Cache-Tag
X-Aicache-OS
X-NGINX-Cache
X-Varnish-Ttl
X-Tt-Trace-Tag
X-Ua
X-GDPR
X-WA
X-TT-LOGID
X-Edge-Server
X-TH-Server
X-Zipkin-Id
Cdn-Host
X-Routing-Service
Who
Cdn-Request-Time
X-Proxied
CACHE
X-RateLimit-Reset
X-BE
X-UPSTREAM-Address
X-Flog
X-Edge-O15-RID
X-ABtesting
X-Hello
X-Cf-Powered-By
X-Fastly-Backend-Reqs
X-Cache-Ttl
X-SN
CDN
Powered-By
Dynatrace
X-Action
X-DW
X-RSL
X-Org
X-LAGOON
X-RPS
X-RPM
X-Response-By
Media-Length
X-DSS
X-Varnish-URL
X-DB
X-Fpc
SS
X-Varnish-Cacheable
X-DI
DataCenter
X-ServerName
Debug
Get-Access-Time
Is-Session-Tracking
X-LB-ID
SN
X-Upstream-Proxy
X-Ratelimit-Reset
Server-Id
LB
X-Ftr-Cache-Host
Requestid
X-Protected-By
X-Gen-Id
X-Varnish-Beresp-TTL
Cneonction
X-Request-Time
NnCoection
Correlation-Id
X-Li-Proto
Lb
XxX-Cache-Status
X-Dw-Trace-Id
X-Page-Type
X-Nananana
Country-Code
X-Amzn-Remapped-Date
X-Akamai-ERPolicy
X-Fastly-Cache-Hits
Warning
X-LiteSpeed-Tag
SID
X-Akamai-ERRuleID
Application
X-Request-Url
X-Amzn-Remapped-Connection
Thinkindot-Cache-Type
RequestId
Product
RequestUuid