Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
X-FRAME-OPTIONS
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-Buckets
X-CONTENT-TYPE-OPTIONS
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-XSS-PROTECTION
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
X-Ua-Compatible
EagleId
X-AH-Environment
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Rq
Report-To
X-Ac
EagleEye-TraceId
X-Server-Id
X-OneAgent-JS-Injection
X-Response-Time
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Cloud-Trace-Context
X-Origin-Cache
X-Readtime
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Cdn
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ws-Request-Id
X-Origin-Upstream-Status
Surrogate-Control
X-Country
Rating
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
X-Akam-SW-Version
Pinterest-Generated-By
X-Varnish-TTL
X-Vname
X-TtlSet
X-PC
X-MS-InvokeApp
X-Url
X-Instart-Request-ID
X-Ruxit-JS-Agent
Accept-Ch
Edge-Control
Verso
X-Mod-Pagespeed
X-Powered-By-Plesk
SPRequestGuid
X-B3-TraceId
X-D2id
X-Sol
X-Middleton-Response
Response
X-Trace
Display
X-Middleton-Display
X-SharePointHealthScore
X-VARITI-CCR
RTSS
X-Use-Magma
X-Kinja
Pagespeed
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
Service-Worker-Allowed
X-Server-Name
X-GitHub-Request-Id
SPRequestDuration
SPIisLatency
Accept-Ch-Lifetime
X-Server-ID
X-Navigation-Version
X-ESI
X-Powered-CMS
Content-MD5
X-Debug
X-Abt-Application-Version
X-Vcap-Request-Id
X-CST
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Vcache
X-TTL
MS-Author-Via
Charset
X-Upstream
X-Version
X-Forwarded-Proto
X-Px
X-Amz-Rid
X-NF-Request-ID
DynaTrace
X-Cached
Realpath
X-Shard
TCN
X-Aspnetmvc-Version
Fastly-Restarts
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Edge-Cache-Tag
MicrosoftSharePointTeamServices
X-Recruiting
X-Ezoic-Cdn
Arr-Disable-Session-Affinity
X-MSEdge-Ref
X-Pinterest-Rid
X-Shield-Request-Id
Pinterest-Version
Access-Control-Request-Method
X-XRDS-Location
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
S
Nginx-Cache
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Fastly-Request-ID
Front-End-Https
X-Accel-Expires
X-DIS-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-Ah-Environment
X-Client-IP
X-Id
X-Element-Page-Cache
X-Varnish-Age
X-T
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-Ttl
X-Country-Code-Real
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-RateLimit-Remaining
Fastcgi-Cache
NR-ENABLED
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
X-Content-Digest
Cache-Tag
Powered
X-Hits
X-Fastcgi-Cache
X-Kinsta-Cache
X-Correlation-Id
X-HS-Cache-Config
ServerID
X-Grace
X-Litespeed-Cache
TP-Cache
X-FTR-Cache-Host
TP-L2-Cache
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-ATIME
Alternate-Protocol
X-Cache-Hit
X-Hp-Webp
X-Node-Name
X-Forwarded-For
X-Webapp-Samesite-None-Activated-N
X-Request-Processing-Time
X-Request-Received
PB-RID
PB-PID
X-Request-Handler-Origin-Region
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Mobile-Rewrite
Arc-Version
X-Webkit-Csp
X-N
X-Content-Type
X-Zen-Fury
Server-Name
X-User-Agent
X-Rid
X-Revision
X-Analytics
Healthy
Backend-Timing
Server-Node
X-LB-Cache
X-FastCGI-Cache
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
X-Akamai-Edgescape
X-Logged-In
X-AppVersion
X-Activity-Id
X-Srv
X-Az
Cache-Status
Retry-After
X-HS-Combine-CSS
X-IPLB-Instance
X-Via-JSL
X-Cached-By
X-Amzn-RequestId
Paypal-Debug-Id
X-Amz-Apigw-Id
X-SERVER
X-Type
X-NWS-LOG-UUID
X-Pad
X-Varnish-Grace
X-GUploader-UploadID
X-Oneagent-Js-Injection
AR-Request-ID
FilterID
X-Mobile-URL
X-B3-Sampled
X-F-Cache
X-Cache-Age
X-Content-Options
X-Geo-Country
Refresh
X-Instance
X-Tumblr-Pixel
X-FB-Debug
X-Tumblr-Pixel-0
Accept-Charset
X-Debug-Info
X-Tumblr-User
X-Jobs
X-AOL-HN
X-App-Environment
X-Page-Id
X-Cluster
X-Request-Guid
Host
Source
Access-Control-Allow-Method
Upgrade-Insecure-Requests
X-Framework
Actual-Object-TTL
X-B
X-PHP-Backend
DC
X-Seen-By
X-Varnish-Backend
X-Erf-Bev-Bev
X-PressLabs-Stats
X-Erf-Bev-Bev-Is-Generated
X-WebKit-CSP-Report-Only
X-Esi
X-Whom
MS-CV
Fastcgi-Useragent
X-ATG-Version
Accept-CH-Lifetime
VIX-Pulpo-Node
Accept-CH
VIX-Pulpo-Upstream-Status
X-Content-Powered-By
X-Cache-Key
X-Git-Hash
X-Cache-2
X-TT
X-Host-Name
X-Cache-Control
X-Time
X-Cache-TTL
Cache
X-Amz-Replication-Status
Surrogate-Key
X-Wix-Request-Id
X-Cache-Rule
X-Cache-Operation
Frame-Options
X-TA-CDN-Provider
X-Kong-Proxy-Latency
X-FW-Hash
X-B-Cache
X-FW-Type
X-Kong-Upstream-Latency
X-FW-Server
X-FW-Serve
X-FW-Static
X-Signature
NGB
X-Daa-Tunnel
Xserver
X-Response-Served-From
Host-Header
X-Forwarded-Host
X-Origin-Server
X-Mobile
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Hyper-Cache
X-Region
X-TX-ID
X-GeoIP
X-RequestSource
Webserver
Eomportal-Instance
X-Cache-Action
Filters
Payment
WPE-Backend
X-Drupal-Cache-Tags
X-Cache-NE
X-Adobe-Loc
X-UA
X-Adobe-Content
From-Origin
X-Handled-By
X-Cacheable-TTL
Cleartype
X-UA-Device-Type
X-Cache-Enabled
X-EdgeConnect-Cache-Status
X-ProcessESI
X-App-Server
X-RemovedCookies
Tracecode
X-VCache
Ms-Operation-Id
X-RTag
Datacenter
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-Hostname
X-NewRelic-App-Data
X-Status
X-Contextid
X-RateLimit-Limit
X-Load-Cache
Liferay-Portal
X-Cache-Server
X-Edge-Location
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-BCube-Filmed-By
X-TT-TIMESTAMP
X-B3-Traceid
X-Varnish-Hostname
X-FW-Dynamic
X-Varnish-Server
Odigeo-Trace-Id
Server-Info
X-Rule
X-Cache-Var
Meta-Geo
Load-Balancing
X-RN-RSRV
X-Cache-Var-Map
X-Path-Route
X-ES-SERVER
X-IP
X-Viewer-Country
Version
X-Xfnlog-Site
Country
X-OCL
DB-Nickname
X-Rocket-Nginx-Bypass
X-UUID
X-Debug-Cache
X-CCM
X-PCL
X-Cache-Config
Cache-Tags
Cache-Name
Azure-SlotName
Azure-Version
Azure-SiteName
X-From
X-Hosted-By
X-Real-IP
X-FC-Vary-Parameters
X-R9-Blue-Green-Version
X-Pubstack
Azure-InstanceId
X-Varnish-Cache-Hits
X-Proxy
Azure-RegionName
X-Origin-Response-Time
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
X-Drupal-Cache-Contexts
X-Cache-Host
X-Akamai-Request-ID
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-EIG-Tracking-Id
X-Origin-Hint
L5d-Success-Class
Mn-Server-Ip
Property-Id
TWC-Device-Class
TWC-Connection-Speed
S-Rt
Fastly-SSL
X-Proto
X-Via-Fastly
X-Loop
X-Labrador-Cache-Channel
X-Origin
X-Web-Node
X-ServerID
X-Info
X-TNCMS
X-Upgrade-Enabled
S-Cnection
X-Origin-CC
Selected-Fe
X-PERF
Release
X-Cache-Time
Decoy-Debug-TTL
DSUID
Ec-Rule-Version
Decoy-Debug-Status
Decoy-Debug-Key
Origin-Edge-Control
Origin-Cache-Control
X-Origin-TTL
X-Generated
X-VCT
X-FireWall-Port
X-Content-Age
X-Proxy-Build
X-Section
X-Rendered-As
X-Format
X-Redis-Cache
X-Human
X-Cluster-Name
X-JoinUs
X-Akamai-Request-ID2
X-Access
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ApacheServer
X-Backend-Name
X-Timing-Wait
X-Vgn-Hpd-Reason
X-Time-Microsecs
X-Varnish-Hits
X-Soup
X-ATS-Timestamp
NGX
X-Www-Served-By
X-NWS-UUID-VERIFY
X-XRDS-LOCATION
X-Locale
Viewport
X-Storage
X-Site-Version
Rt-Fastcgi-Cache
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Is-Bot
X-App-Version
X-Oss-Object-Type
X-Oss-Server-Time
X-WA-Info
Cache-Key
X-BYPASS-REASON
X-Guploader-Uploadid
X-ProxyCache-Status
X-ProxyCache-Key
Uber-Trace-Id
Cteonnt-Length
Vix-Hermes-Req-Id
X-GoCache-CacheStatus
X-PHP-Host
Time
X-Cache-Remote
X-Cache-Backend
Cache-Hits
X-Generated-By
GEO-INFO
X-Hit
X-Amzn-Remapped-Content-Length
X-Cache-Grace
X-NCache
X-SS-Set-Cookie
X-Backend-TTL
X-Webkit-CSP
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Akamai-GRN
Origin
X-Accel-Buffering
X-Trace-Id
X-CS
X-Device-Type
X-Tumblr-Pixel-3
X-Nginx-Cache-Key
Accept-Language
X-B3-SpanId
X-OVcl-Cache
X-FB-TRIP-ID
X-OVcl
X-No-Session
X-L-Path
X-CF-Powered-By
X-CACHE-KEY
X-Environment-Context
X-S
Mime-Version
X-Tb
X-MServer
Hostname
X-Cluster-Node
X-Uri
Access-Control-Request-Headers
Fastcgi-X-Cache-Version
X-UnsetCookies
X-Say-TTL
X-SaId
X-Via-CDN
X-CSRF-TOKEN
X-APP-VERSION
X-Say-Cacheable
X-SayCDN-TTL
X-URL
Now
User-Cache-Control
ServerName
X-FW-Version
Arc-Country
X-B-Cookie
X-Tec-Api-Version
X-A
X-Tec-Api-Origin
X-Tec-Api-Root
X-A-Dam
VivaBuild
X-A-Wwc
X-AIR-PT
X-Aed
X-Application
X-A-Dgt
X-Accel-Expires-Debug
X-A-Dcw
X-ARC
X-A-Ccd
Request-Country
BehaviorPad-Version
Content-Script-Type
Content-Style-Type
Cross-Origin-Window-Policy
AsisCache
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
IsBot
Machine
X-CF-Lambda-Version
Request-EU
Rt-Proxy-Cache
T-Server
Rendered-Blocks
Node
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Viewtype
X-CF-Lambda-Fn
X-PAYTM-SRV-ID
X-Processor
X-Svr
X-Transaction
X-Trv-Group
X-VG-WebCache
X-Twitter-Response-Tags
X-SRCache-Key
X-SIPLIST1
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-ScT
X-Region-Sid
X-Session-Fingerprint
X-Server-Time
X-Request-UUID
X-Hl-Ver
X-D
X-Date
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Connection-Hash
X-VG-WebServer
X-Presslabs-Stats
X-External-Request-Id
X-G
X-DPWN-IS-SECURE
X-Detected-As
X-Destination
X-Endurance-Cache-Level
X-Cdn-Forward
OT-Force-Account-Verify
CDCHOST
X-WADP-Cache
X-Thinkindot-L3
X-S-Maxage
Thinkindot-CacheControl
X-Gen-Mode
X-Hnp-Log
X-Location
X-Matched-Rule
X-Debug-Cookies
X-Block-Status
X-Cms-Context
X-Cache-Info
X-Cache-Debug
X-Cache-Bucket
Web-Mar-Node
X-NX-Host
Server-Int
Server-Host
X-Request-URI
RNT-Time
X-Reboot
X-Clara-WADP
X-Proxy-Cache-Status
X-Proxy-Upstream
Thinkindot-Control
Thinkindot-CacheControl-Type
RNT-Machine
X-Debug-Log
We-Hiring
Mail-Subject
Proxy-Connection
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-NC
X-Varnish-Beresp-Ttl
X-Azure-Ref
X-Azure-Ref-OriginShield
X-LI-UUID
X-Auto-Login
X-Magnolia-Registration
X-App-Name
X-Ms-Request-Id
X-Backend-State
X-Li-Pop
X-Geo
X-Key
X-C
X-Level-Front-Cache
X-BBXSRF
X-Li-Fabric
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
Wxu-Next-Commit
Wxu-Next-Hostname
W
X-Policy
True-Client-Country-4JS
X-Distributor
Wxu-Next-Region
X-7Graus-Varnish-Cache-Control
Adler-Geo
X-Ms-Version
X-Old-Content-Length
X-Origin-Date
X-7Graus-Varnish-XKeys
X-Origin-Expires
X-Cache-FS-Status
X-Cache-Id
X-Generation-Time
X-Generated-On
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Has-Esi
X-Debug-Cache-Expiry
X-Generated-In
X-Fastly-Cache
X-Dispatcher-Server
X-Distil-CS
X-Dispatch
X-Epic-Correlation-Id
X-Developers
X-Eu-Site
X-Hash
X-IN-APIGATEWAY
Srv
X-CGP
X-Cdn-Srv
X-Cache-URL
X-JWT-State
X-Is-Gdpr
X-Irp-Debug
X-Internal-Host
X-Core-Mission
X-CUA
X-IN-APIGATEWAYSSL
X-Compress-Hint
X-Clientip
X-Instart-Isnd
X-Service
X-Platform-Server
X-User
Kp-EeAlive
Is-Eu
IBM-Web2-Location
Ha-Gx-Prefs
HA-Ipaddr
X-Up
Magicmarker
Platform
X-Skip-Cache
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Memcached
X-TrackingId
X-Variation
Gh-Request-Id
Esi-Enabled
X-Wikidot-Backend
X-Wikidot-Static-Cache
Countrycode
X-Core-Value
Content-Disposition
Fastly-Soc-X-Request-Id
X-Webstats-RespID
X-VServer
X-VG-TLSProxy
X-Parent-Response-Time
X-We-Are-Hiring
X-WebServer
X-Shopify-Stage
X-Nc
Section-Io-Cache
SD-X-WS
X-Request-Start
X-Server-IP
Served-By
ServedBy
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Release
X-Reqid
Cache-Host
X-SD-PageType
X-ShopId
X-ShardId
X-B3-Parentspanid
Cache-Provider
NtCoent-Length
V-Age
Pramga
X-GeoIP-City
X-Method
X-Scheme
X-VC-Cache
X-Logging-Id
A
X-Geo-Header
PFcat
X-SVT-ORM-VERSION
X-Developer
L
AKAMAI
X-Agile-Id
X-SVT-ORM-RULES
X-Vdms-Version
X-Urbn-Context-Path
X-Urbn-Site-Id
X-ServiceProvider
Locale
X-MSEdge-Flight
X-GRACE
X-MSEdge-Features
X-Qloud-Router
X-Agile-Age
X-LI-Proto
X-Agile
X-Thanos
X-Bip
Heartbleed
X-Owner
X-Swa-Ws
X-Sucuri-Id
X-CDN-Forward
X-NodeID
X-Dc
Server-ID
X-Sigma
X-Rocket-Build-Number
X-Sucuri-Cache
X-Shopify-Generated-Cart-Token
X-AK-Request-ID
X-Sigma-Backend
Cdncip
X-Unique-Id
X-Cdn-Origin
X-Node-Id
X-Servername
Cdnsip
X-Sn-Servicetimems
X-Device-Os
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Lb-Id
GEO-REGION-INFO
Environment
CF-IPCountry
X-B3-Spanid
Powered-By-ChinaCache
X-Upstream-Ht
X-Upstream-Ct
X-Via-NSCOPI
X-RCS-CacheZone
X-Source
X-EC-Lua
X-Nginx-Cache
X-Servedbyhost
X-FPC
X-Be
X-ND-Cache
X-Zone
X-VHOST
Request-Time
X-Newrelic-Synthetics
X-Microcachable
Resin-Trace
X-Trafficlayer-App-Version
Geo-Info
Tcn
X-Pjax-Url
X-Correlation-ID
X-GEO
X-NGENIX-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Instart-Info
X-ECACHE
X-Req
X-ElasticPress-Search
Locid
X-Unique-ID
X-Oracle-Dms-Rid
Memory
X-Backend-Host
Group
X-Gamma-Serve
X-Served-From
FNAC-ModuleRouting
X-Backend-Url
X-SRV
X-IPS-LoggedIn
X-DC
X-Var-Ttl
X-VCL-Version
X-VWS-Id
CF-Cached-On
X-Refresh
X-AWS-Id
Backend-Name
X-LJ-Flow-ID
X-Dynatrace
X-Pf-Uncompressing
N-Cache
X-COUNTRY
Gannett-Cam-Experience-Id
ProcessTime
X-Sucuri-ID
Cache-Prefix
Fly-Request-Id
TTL
GeoIP-Country-Code
X-Render-Time
Lfy
Pics-Label
Fly-Cache
GeoIP-Latitude
Pagetype
GeoIP-City
Amp-Access-Control-Allow-Source-Origin
Cf-Ipcountry
X-Ratelimit-Remaining
X-Check-Cacheable
X-HTML-Minification-Powered-By
SRV
X-TIME
Ohc-File-Size
Ohc-Cache-HIT
PICS-Label
X-Worker
X-Bc
X-FORWARDED-FOR
X-Pod
X-NU-AKA-ACS-Version
X-Upstream-CT
X-Upstream-HT
Cdn
Ttl
X-Via-Ucdn
X-GeoIP-Country-Code
Geoip-City
GeoIp-Country-Code
Geoip-Latitude
X-Via-SSL
REQUESTUUID
X-CSRF-Token
X-Via-Edge
X-Cache-Miss-From
X-Sedo-Request-Id
X-Mode
XServer
M-TraceId
X-Fetched-On
X-Server-W
X-Vcl-Version
X-APP
X-CLOUD-TRACE-CONTEXT
Fastly-SIE
Fastly-SWR
X-PF-Uncompressing
X-LiteSpeed-Cache-Control
X-Fstrz
X-Wa
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-MP-GENERATED-AT
MIME-Version
X-ZONE
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Fastly-Country-Code
HitType
X-Ratelimit-Limit
X-Ua
Host-ID
HostName
X-HS-Status
X-Dynatrace-Js-Agent
Pragrma
X-GDPR
X-Tt-Trace-Tag
On-Server
User-Agent
X-Swift-Error
X-BC
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-HostName
X-WR-MODIFICATION
X-PJAX-URL
X-Cache-Tag
X-Cdn-Request-ID
X-Aicache-OS
X-ServedByHost
X-Edge-Server
Cdn-Host
URI
X-NGINX-Cache
Cdn-Request-Time
PageSpeed
X-BE
X-TT-LOGID
Who
X-Ftr-Cache-Host
X-SN
X-TH-Server
X-Upstream-Proxy
X-Ratelimit-Reset
X-WA
X-RateLimit-Reset
CACHE
X-Response-By
X-DB
X-RPS
X-RSL
X-DI
X-DW
Powered-By
X-RPM
X-UPSTREAM-Address
X-DSS
X-Hello
X-Flog
X-ABtesting
CDN
X-Org
X-Fastly-Backend-Reqs
X-Cache-Ttl
X-Edge-O15-RID
X-Fpc
X-Action
SS
X-Cf-Powered-By
Dynatrace
Media-Length
X-Varnish-URL
X-LAGOON
SN
X-Varnish-Cacheable
DataCenter
X-Request-Time
Debug
X-ServerName
LB
Is-Session-Tracking
X-LB-ID
Get-Access-Time
Requestid
Server-Id
X-Gen-Id
X-Nananana
RequestUuid
Country-Code
X-Page-Type
X-Protected-By
Lb
X-Varnish-Beresp-TTL
Cneonction
X-SB
XxX-Cache-Status
X-VC
Xet-Cookie
NnCoection
Correlation-Id
RequestId
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Li-Proto
X-Dw-Trace-Id
SID
X-LiteSpeed-Tag
Product
Thinkindot-Cache-Type
Application
X-Fastly-Cache-Hits
Warning
X-Request-Url