Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Request-Id
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Request-ID
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-Template
X-Language
X-DNS-Prefetch-Control
X-Iinfo
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
X-AspNetMvc-Version
Upgrade
Access-Control-Expose-Headers
X-Kinja-Server-Push
Xkey
Access-Control-Max-Age
Keep-Alive
X-CDN
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Via
X-Cache-Group
X-Ua-Compatible
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-AH-Environment
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
X-Hacker
X-Server
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-WebKit-CSP
X-Ac
Report-To
EagleEye-TraceId
X-Cdn
X-OneAgent-JS-Injection
X-Server-Id
X-Response-Time
Request-Id
X-Cnection
X-Host
X-Backend-Server
X-DataDome
Content-Location
X-Cloud-Trace-Context
X-Node
X-Readtime
X-Origin-Cache
X-Cache-Lookup
X-Vhost
NEL
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
X-Country
Rating
Surrogate-Control
Pinterest-Generated-By
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
X-Akam-SW-Version
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-Ruxit-JS-Agent
X-Instart-Request-ID
Accept-Ch
X-Aspnetmvc-Version
X-Ws-Request-Id
X-Url
X-Powered-By-Plesk
Edge-Control
Verso
X-B3-TraceId
SPRequestGuid
X-Mod-Pagespeed
X-Sol
X-Middleton-Response
Response
X-Middleton-Display
Display
X-D2id
X-SharePointHealthScore
X-Trace
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-VARITI-CCR
RTSS
X-Server-Name
X-Server-ID
Accept-Ch-Lifetime
Service-Worker-Allowed
X-GitHub-Request-Id
SPIisLatency
SPRequestDuration
X-ESI
X-CST
X-Navigation-Version
X-Powered-CMS
Pagespeed
X-Vcap-Request-Id
X-Debug
X-Abt-Application-Version
Public-Key-Pins
Content-MD5
X-Ah-Environment
X-Px
X-Amz-Server-Side-Encryption
X-TTL
MS-Author-Via
X-Version
X-Upstream
Charset
X-Amz-Rid
X-NF-Request-ID
Realpath
X-Vcache
X-Forwarded-Proto
DynaTrace
X-Shard
X-Cached
X-Recruiting
Fastly-Restarts
TCN
X-SERVER
MicrosoftSharePointTeamServices
X-Pinterest-Rid
Pinterest-Version
X-Ezoic-Cdn
X-MSEdge-Ref
Arr-Disable-Session-Affinity
X-Shield-Request-Id
Nginx-Cache
Access-Control-Request-Method
Edge-Cache-Tag
X-XRDS-Location
X-DynaTrace-JS-Agent
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
X-Ser
X-Fastly-Request-ID
Front-End-Https
X-Amz-Meta-S3cmd-Attrs
X-Accel-Expires
X-DIS-Request-ID
X-Goog-Storage-Class
X-Id
X-Element-Page-Cache
X-Varnish-Age
X-T
X-Client-IP
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-RateLimit-Remaining
X-FTR-Expires
X-Ttl
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
NR-ENABLED
X-HS-Content-Id
X-HS-Hub-Id
X-Content-Digest
X-Frontend
Powered
AR-PoweredBy
AR-ATIME
X-Trafficlayer-App-Scope
AR-CACHE
X-Hits
X-Trafficlayer-App-Name
X-Correlation-Id
X-Forwarded-For
ServerID
X-Grace
Ar-Sid
X-Fastcgi-Cache
X-Kinsta-Cache
X-Litespeed-Cache
Cache-Tag
X-FTR-Cache-Host
TP-Cache
TP-L2-Cache
X-Cache-Hit
X-HS-Cache-Config
X-Node-Name
X-Webkit-Csp
AMP-Access-Control-Allow-Source-Origin
PB-PID
X-N
PB-RID
X-Request-Received
X-Request-Processing-Time
Arc-Version
X-Mobile-Rewrite
X-Content-Type
X-FastCGI-Cache
X-Srv
X-Zen-Fury
X-Request-Handler-Origin-Region
X-Microsite
Alternate-Protocol
X-Hp-Webp
Server-Node
X-Via-JSL
X-Rid
X-User-Agent
Server-Name
X-Revision
Healthy
Backend-Timing
X-LB-Cache
X-Analytics
Paypal-Debug-Id
AR-Request-ID
Cache-Status
X-Activity-Id
X-AppVersion
X-Az
X-Logged-In
Retry-After
X-Webapp-Samesite-None-Activated-N
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-IPLB-Instance
X-Oneagent-Js-Injection
X-Type
X-GUploader-UploadID
X-NWS-LOG-UUID
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cached-By
X-Cache-Age
X-HS-Combine-CSS
X-Varnish-Grace
X-Ruxit-Js-Agent
X-Pad
FilterID
X-B3-Sampled
Refresh
X-F-Cache
X-Mobile-URL
Accept-Charset
X-Debug-Info
X-FB-Debug
X-Content-Options
X-Tumblr-Pixel-0
X-Seen-By
X-Tumblr-Pixel
X-Tumblr-User
X-Instance
X-Page-Id
X-Framework
X-Jobs
X-Cluster
X-App-Environment
X-PHP-Backend
Access-Control-Allow-Method
X-Geo-Country
X-AOL-HN
X-Request-Guid
X-B
Source
DC
Actual-Object-TTL
Host
X-Whom
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
MS-CV
X-Content-Powered-By
Upgrade-Insecure-Requests
X-Cache-Key
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Fastcgi-Useragent
X-WebKit-CSP-Report-Only
X-Varnish-Backend
X-Host-Name
X-ATG-Version
X-Cache-2
X-Git-Hash
X-Time
X-PressLabs-Stats
X-VCache
X-TT
X-Cache-Control
X-TA-CDN-Provider
X-Forwarded-Host
X-Cache-Operation
X-Cache-Rule
X-Esi
X-Cache-TTL
Surrogate-Key
X-Amz-Replication-Status
Accept-CH-Lifetime
Frame-Options
X-FW-Static
X-FW-Type
X-Kong-Proxy-Latency
X-FW-Server
X-Kong-Upstream-Latency
X-FW-Serve
Cache
X-Daa-Tunnel
X-Wix-Request-Id
X-FW-Hash
Accept-CH
X-Mobile
NGB
Tracecode
X-Response-Served-From
X-Origin-Server
Host-Header
X-B-Cache
X-Signature
Cache-Tv-Group
WPE-Backend
X-ProcessESI
X-RemovedCookies
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-UA-Device-Type
Filters
X-Region
Eomportal-Instance
Cleartype
X-TX-ID
X-RequestSource
X-Cache-Action
X-Hyper-Cache
X-Cacheable-TTL
X-Cache-NE
Payment
Webserver
X-GeoIP
X-Drupal-Cache-Tags
From-Origin
X-App-Server
X-Handled-By
X-Webkit-CSP
X-Adobe-Loc
X-Adobe-Content
Xserver
X-RTag
Ms-Operation-Id
X-Cache-Enabled
X-EdgeConnect-Cache-Status
X-RateLimit-Limit
Datacenter
X-Cache-TTL-Remaining
X-UA
X-Akamai-Transformed
X-Status
X-Contextid
X-Hostname
X-NewRelic-App-Data
X-Cache-Server
X-BCube-Filmed-By
Liferay-Portal
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-TT-TIMESTAMP
X-Load-Cache
X-Edge-Location
Odigeo-Trace-Id
X-FW-Dynamic
Version
X-Varnish-Hostname
Server-Info
X-IP
GEO-INFO
X-RN-RSRV
Load-Balancing
X-Path-Route
Meta-Geo
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
X-Xfnlog-Site
X-Viewer-Country
X-Via-Fastly
X-Varnish-Server
Country
Cache-Tags
X-UUID
X-Info
X-Rule
X-Debug-Cache
DB-Nickname
X-PCL
X-OCL
X-CCM
X-Pubstack
X-R9-Blue-Green-Version
X-Cache-Config
X-Proxy
X-Proto
X-EIG-Tracking-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Privacy
TWC-GeoIP-Country
X-Drupal-Cache-Contexts
Cache-Name
Webcakes-App-Version
Webcakes-Region
X-Cache-Time
X-Akamai-Request-ID
Azure-InstanceId
Webcakes-App-Name
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-FC-Vary-Parameters
X-Hosted-By
Property-Id
Release
X-Web-Node
X-Origin-Response-Time
X-Loop
Origin-Edge-Control
X-Cache-Host
Origin-Cache-Control
X-Origin-Hint
Mn-Server-Ip
X-Varnish-Cache-Hits
X-Upgrade-Enabled
X-Labrador-Cache-Channel
TWC-Connection-Speed
X-Human
X-Origin
X-Rocket-Nginx-Bypass
S-Rt
X-TNCMS
X-ServerID
X-Real-IP
Fastly-SSL
X-From
L5d-Success-Class
X-Content-Age
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Locale
DSUID
X-PERF
Decoy-Debug-Status
Decoy-Debug-TTL
Ec-Rule-Version
X-Format
S-Cnection
Selected-Fe
X-Access
Viewport
X-Akamai-Request-ID2
X-ApacheServer
X-FireWall-Port
X-Cluster-Name
X-Backend-Name
X-Proxy-Build
Decoy-Debug-Key
X-Vgn-Hpd-Reason
X-Redis-Cache
X-Time-Microsecs
X-Timing-Wait
X-VCT
X-Www-Served-By
X-Site-Version
X-Soup
X-Section
X-XRDS-LOCATION
X-Rendered-As
X-App-Version
Rt-Fastcgi-Cache
X-Varnish-Hits
X-Cache-Grace
X-WA-Info
X-Origin-TTL
Cache-Key
X-Origin-CC
X-Storage
X-NWS-UUID-VERIFY
NGX
X-B3-Traceid
X-URL
Cache-Hits
Vix-Hermes-Req-Id
Cteonnt-Length
X-Cache-Remote
X-Is-Bot
X-GoCache-CacheStatus
X-Hit
Uber-Trace-Id
X-Backend-TTL
X-NCache
X-ProxyCache-Key
X-BYPASS-REASON
X-ProxyCache-Status
Time
X-Trace-Id
Origin
X-SS-Set-Cookie
X-CS
X-Device-Type
X-CF-Powered-By
X-Tec-Api-Root
X-PHP-Host
X-Cache-Backend
X-Tec-Api-Version
X-Guploader-Uploadid
Hostname
X-Tec-Api-Origin
X-Tumblr-Pixel-3
X-UnsetCookies
X-B3-SpanId
X-Generated-By
X-Oss-Server-Time
X-Oss-Storage-Class
X-ATS-Timestamp
X-Amzn-Remapped-Content-Length
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-OVcl-Cache
Akamai-GRN
X-OVcl
Accept-Language
X-Cluster-Node
X-Presslabs-Stats
X-S
Mime-Version
X-Via-CDN
X-Nginx-Cache-Key
X-FB-TRIP-ID
Fastcgi-X-Cache-Version
X-Accel-Buffering
X-Uri
Now
X-Environment-Context
X-No-Session
X-L-Path
X-FW-Version
X-ORACLE-APMCS-REQUEST-ID
X-Cdn-Forward
X-ORACLE-APMCS-TAG
X-Tb
X-CSRF-TOKEN
X-MServer
X-CACHE-KEY
Access-Control-Request-Headers
User-Cache-Control
ServerName
X-NC
OT-Force-Account-Verify
X-Region-Sid
X-Destination
BehaviorPad-Version
Content-Script-Type
AsisCache
Cross-Origin-Window-Policy
MD5-Digest
X-Detected-As
Machine
IsBot
X-Processor
X-Date
Content-Style-Type
Apple-News-Services-Request-Url
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-Server-Time
Xc-Version
X-Hl-Ver
X-PAYTM-SRV-ID
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-ScT
A
Arc-Country
X-Connection-Hash
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Rojux
X-A-Dam
X-A
X-External-Request-Id
X-Svr
X-SRCache-Key
X-Accel-Expires-Debug
X-Aed
X-B-Cookie
X-CF-Lambda-Fn
X-S-Cookie
X-Session-Fingerprint
X-SIPLIST1
X-ARC
X-AIR-PT
X-DPWN-IS-SECURE
X-Application
X-Rewrite-Enabled
X-Transaction
X-CF-Lambda-Version
Rendered-Blocks
X-G
X-VG-WebServer
X-D
X-Vtex-Processado-Em
Meta-Geo-Continent
Mobile-Detection-Method
Node
X-VG-WebCache
X-Developer
Viewtype
VivaBuild
X-Trv-Group
X-Request-UUID
T-Server
Rt-Proxy-Cache
Request-Country
Request-EU
X-Twitter-Response-Tags
X-Vtex-Remote-Cache
X-A-Ccd
ServedBy
X-APP-VERSION
X-Varnish-Beresp-Ttl
X-Endurance-Cache-Level
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Block-Status
Web-Mar-Node
X-Cache-Bucket
X-Cdn-Origin
Thinkindot-Control
X-Clara-WADP
X-Cache-Info
Server-Int
RNT-Machine
CDCHOST
RNT-Time
Server-Host
Thinkindot-CacheControl
X-Cms-Context
Thinkindot-CacheControl-Type
X-Debug-Log
X-Reboot
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Request-URI
X-S-Maxage
X-WADP-Cache
X-Thinkindot-L3
X-Sn-Servicetimems
X-NX-Host
X-Ms-Version
X-Generated-On
X-Gen-Mode
Cache-Host
X-Hnp-Log
X-Level-Front-Cache
X-Ms-Request-Id
X-Matched-Rule
X-Location
X-Debug-Cookies
X-Instart-Isnd
We-Hiring
Mail-Subject
X-Alternate-Cache-Key
X-Parent-Response-Time
X-ShardId
NtCoent-Length
X-Shopify-Stage
X-ShopId
X-B3-Parentspanid
X-Sorting-Hat-ShopId
Proxy-Connection
X-Sorting-Hat-PodId
X-Hash
X-Dispatcher-Server
X-IN-APIGATEWAY
X-Device-Os
X-Dispatch
X-Distil-CS
X-Distributor
X-Fastly-Cache
X-Geo-Header
X-Generated-In
X-Developers
X-GeoIP-City
X-Has-Esi
X-Epic-Correlation-Id
X-Eu-Site
X-Generation-Time
X-Debug-Cache-Fetch
X-BBXSRF
X-Bip
X-C
X-Cache-Debug
X-Backend-State
X-Azure-Ref-OriginShield
X-Amz-Meta-Cache-Control
X-App-Name
X-Auto-Login
X-Azure-Ref
X-Cache-FS-Status
X-Cache-Id
X-Core-Mission
X-CUA
X-Debug-Cache-Expiry
X-IN-APIGATEWAYSSL
X-Compress-Hint
X-Clientip
X-Cache-URL
X-Cdn-Srv
X-CGP
X-Debug-Cache-Store
X-Irp-Debug
X-SVT-ORM-VERSION
X-Swa-Ws
X-Thanos
X-TrackingId
X-SVT-ORM-RULES
X-Skip-Cache
X-Scheme
X-SD-PageType
X-Server-IP
X-Service
X-Up
X-User
X-WebServer
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-We-Are-Hiring
X-VServer
X-Variation
X-VC-Cache
X-VG-TLSProxy
X-Request-Start
X-Reqid
X-LI-UUID
X-Logging-Id
X-Magnolia-Registration
X-Method
X-Li-Pop
X-Li-Fabric
X-Agile-Id
X-Is-Gdpr
X-JWT-State
X-Key
X-Node-Id
X-Old-Content-Length
X-Qloud-Router
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Release
X-Policy
X-Platform-Server
X-Origin-Date
X-Origin-Expires
X-Owner
X-Internal-Host
X-SaId
Pramga
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
AKAMAI
SD-X-WS
L
Section-Io-Cache
Wxu-Next-Region
Magicmarker
W
PFcat
Wxu-Next-Commit
Platform
Wxu-Next-Hostname
Memcached
Kp-EeAlive
Is-Eu
Adler-Geo
Served-By
True-Client-Country-4JS
X-Agile
X-Agile-Age
Content-Disposition
Countrycode
Esi-Enabled
HA-Ipaddr
Heartbleed
IBM-Web2-Location
Ha-Gx-Prefs
Gh-Request-Id
Fastly-Soc-X-Request-Id
X-Nc
Cache-Provider
X-MSEdge-Flight
X-Sucuri-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
X-NodeID
Locale
X-LI-Proto
X-MSEdge-Features
X-Dc
X-Lb-Id
X-ServiceProvider
V-Age
X-Core-Value
X-Geo
Server-ID
CF-IPCountry
X-Servername
X-Vdms-Version
X-GRACE
Srv
X-EC-Lua
X-Sucuri-Cache
GEO-REGION-INFO
Request-Time
X-Newrelic-Synthetics
X-CDN-Forward
Environment
Cdnsip
X-NGENIX-Cache
X-AK-Request-ID
X-Sigma-Backend
X-Sigma
X-Be
X-Rocket-Build-Number
X-GEO
Cdncip
X-Shopify-Generated-Cart-Token
X-FPC
X-ECACHE
X-B3-Spanid
X-Planisys-CDN-Rules
X-Instart-Info
X-ElasticPress-Search
X-VHOST
X-Planisys-CDN-TTL
X-Pjax-Url
X-Planisys-CDN-Cache
X-Servedbyhost
X-Unique-Id
X-Microcachable
X-Backend-Url
X-Backend-Host
Resin-Trace
Powered-By-ChinaCache
X-Upstream-Ht
X-Upstream-Ct
X-Tb-Optimization-Total-Bytes-Saved
Tcn
X-Via-NSCOPI
Group
X-Nginx-Cache
X-ND-Cache
Backend-Name
PageSpeed
X-Var-Ttl
Ohc-File-Size
X-Source
SRV
Ohc-Cache-HIT
X-Zone
X-Unique-ID
CF-Cached-On
N-Cache
Memory
X-Trafficlayer-App-Version
X-Oracle-Dms-Rid
X-RCS-CacheZone
X-IPS-LoggedIn
Pagetype
Lfy
Cache-Prefix
Fly-Request-Id
Fly-Cache
X-VCL-Version
X-Upstream-CT
X-DC
X-Dynatrace
X-Upstream-HT
X-Worker
X-LJ-Flow-ID
X-Check-Cacheable
X-Served-From
X-AWS-Id
Gannett-Cam-Experience-Id
Locid
X-Req
X-COUNTRY
X-VWS-Id
X-Correlation-ID
Amp-Access-Control-Allow-Source-Origin
Cdn
X-Ratelimit-Remaining
X-Via-Ucdn
X-Pf-Uncompressing
XServer
X-Gamma-Serve
X-Refresh
FNAC-ModuleRouting
X-Ua
Geoip-Latitude
X-Sucuri-ID
Cf-Ipcountry
Geoip-City
TTL
X-Pod
X-Fetched-On
PICS-Label
GeoIp-Country-Code
X-Sedo-Request-Id
Pics-Label
X-Cache-Miss-From
X-Server-W
X-Via-Edge
GeoIP-Latitude
X-Wa
Ttl
X-Rebelmouse-Cache-Control
X-Via-SSL
GeoIP-Country-Code
Fastly-SWR
Fastly-SIE
REQUESTUUID
X-Rebelmouse-Surrogate-Control
GeoIP-City
X-CSRF-Token
X-Upstream-Proxy
X-Bc
X-Datadome
M-TraceId
X-Render-Time
X-APP
Geo-Info
X-Ratelimit-Reset
X-PF-Uncompressing
X-TIME
X-CLOUD-TRACE-CONTEXT
X-HS-Status
X-Tt-Trace-Tag
X-LiteSpeed-Cache-Control
X-Vcl-Version
X-Fstrz
X-ZONE
X-NU-AKA-ACS-Version
X-HTML-Minification-Powered-By
X-SRV
ProcessTime
X-GDPR
X-GeoIP-Country-Code
X-Ratelimit-Limit
X-Fastly-Country-Code
X-Edge-Server
Cache-Cookie-Set-Lfrom
MIME-Version
X-Mode
Cdn-Host
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cdn-Request-Time
X-Dynatrace-Js-Agent
On-Server
User-Agent
X-SN
X-NGINX-Cache
X-Cache-Tag
Pragrma
X-HostName
X-Swift-Error
SS
X-ServedByHost
URI
X-Flog
X-Hello
X-Aicache-OS
X-Org
X-FORWARDED-FOR
X-BC
HitType
X-Response-By
Host-ID
X-ABtesting
X-WR-MODIFICATION
X-PJAX-URL
HostName
X-WA
Who
X-TT-LOGID
X-MP-GENERATED-AT
X-RateLimit-Reset
CACHE
X-UPSTREAM-Address
X-BE
SN
X-DSS
X-Fastly-Backend-Reqs
X-RPM
Requestid
X-RSL
X-Edge-O15-RID
X-DB
X-DI
X-Cache-Ttl
X-DW
X-RPS
X-Action
Dynatrace
Country-Code
X-Cf-Powered-By
RequestUuid
X-Page-Type
X-Cdn-Request-ID
CDN
X-LAGOON
X-Varnish-URL
X-Fpc
X-Varnish-Cacheable
Lb
DataCenter
X-ServerName
Debug
X-TH-Server
X-Proxied
Server-Id
LB
Get-Access-Time
X-Routing-Service
X-Zipkin-Id
Is-Session-Tracking
X-Ftr-Cache-Host
X-VC
X-Nananana
X-MID
X-SB
X-Varnish-Beresp-TTL
X-Protected-By
AR-SID
X-Tt-Trace-Host
X-MCACHE
X-Edge
X-Gen-Id
UCS
Processtime
X-Dw-Trace-Id
Warning
X-Li-Proto
X-Request-Time
NnCoection
Media-Length
Powered-By
X-LiteSpeed-Tag
Thinkindot-Cache-Type
Xet-Cookie
X-Request-Url
X-Amzn-Remapped-Date
X-Akamai-ERPolicy
RequestId
SID
X-Fastly-Cache-Hits
X-Akamai-ERRuleID
X-LB-ID
X-Amzn-Remapped-Connection
Product
Application
Correlation-Id