Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Request-ID
Timing-Allow-Origin
X-Template
X-DNS-Prefetch-Control
X-Language
X-Iinfo
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
X-AspNetMvc-Version
X-Ua-Compatible
Upgrade
Access-Control-Expose-Headers
X-Kinja-Server-Push
Xkey
Access-Control-Max-Age
X-CDN
Keep-Alive
X-Turbo-Charged-By
X-Via
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
EagleId
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-AH-Environment
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
X-Hacker
X-Server
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Dns-Prefetch-Control
X-Rq
X-Ac
Report-To
X-WebKit-CSP
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Server-Id
X-Response-Time
X-Cdn
Request-Id
X-Cnection
X-Host
X-Backend-Server
Content-Location
X-Cloud-Trace-Context
X-DataDome
X-Node
X-Readtime
X-Origin-Cache
X-Cache-Lookup
X-Vhost
NEL
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-Origin-Upstream-Status
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
Surrogate-Control
Rating
X-DynaTrace
Pinterest-Generated-By
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
X-MS-InvokeApp
X-Akam-SW-Version
X-Varnish-TTL
X-Vname
X-TtlSet
X-PC
Accept-Ch
X-Instart-Request-ID
X-Url
X-B3-TraceId
X-Ruxit-JS-Agent
X-Aspnetmvc-Version
X-Powered-By-Plesk
Edge-Control
Verso
X-Ws-Request-Id
SPRequestGuid
X-Mod-Pagespeed
X-Sol
Response
X-Middleton-Response
X-Middleton-Display
Display
X-SharePointHealthScore
X-Ah-Environment
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-D2id
X-VARITI-CCR
X-Trace
Accept-Ch-Lifetime
X-ESI
X-Server-Name
RTSS
SPIisLatency
X-GitHub-Request-Id
SPRequestDuration
Service-Worker-Allowed
X-Server-ID
X-CST
X-Powered-CMS
X-Vcap-Request-Id
X-Debug
X-Navigation-Version
X-Abt-Application-Version
Public-Key-Pins
X-Px
X-TTL
Pagespeed
X-Amz-Server-Side-Encryption
Content-MD5
MS-Author-Via
X-Version
X-Upstream
Charset
X-Amz-Rid
X-NF-Request-ID
Realpath
X-Forwarded-Proto
X-Recruiting
DynaTrace
X-Shard
X-Cached
Fastly-Restarts
TCN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Pinterest-Rid
MicrosoftSharePointTeamServices
Pinterest-Version
X-Ezoic-Cdn
X-SERVER
Nginx-Cache
X-XRDS-Location
Access-Control-Request-Method
X-Vcache
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-MSEdge-Ref
X-DynaTrace-JS-Agent
Edge-Cache-Tag
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
Front-End-Https
X-Ser
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Accel-Expires
X-DIS-Request-ID
X-Goog-Storage-Class
X-Id
X-T
X-Element-Page-Cache
X-Varnish-Age
X-Client-IP
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Realm
X-RateLimit-Remaining
X-FTR-Balancer
X-FTR-DC
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-Fastcgi-Cache
X-Ttl
NR-ENABLED
Fastcgi-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-CACHE
X-Content-Digest
Powered
X-Forwarded-For
X-Hits
ServerID
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Kinsta-Cache
X-Grace
X-Correlation-Id
Cache-Tag
X-Litespeed-Cache
X-Cache-Hit
TP-Cache
TP-L2-Cache
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-Content-Type
X-Node-Name
X-HS-Cache-Config
PB-RID
PB-PID
X-Srv
Arc-Version
X-Request-Received
X-Mobile-Rewrite
X-Request-Processing-Time
X-Zen-Fury
X-N
X-Microsite
X-Request-Handler-Origin-Region
X-Webkit-Csp
Alternate-Protocol
X-Via-JSL
X-Hp-Webp
Server-Name
Server-Node
X-Rid
Paypal-Debug-Id
AR-Request-ID
X-User-Agent
X-LB-Cache
Healthy
X-Revision
Backend-Timing
X-Analytics
X-Logged-In
Cache-Status
Retry-After
X-Activity-Id
X-Az
X-AppVersion
X-Ruxit-Js-Agent
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-FastCGI-Cache
X-IPLB-Instance
X-Webapp-Samesite-None-Activated-N
X-Type
X-NWS-LOG-UUID
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cached-By
X-VCache
X-Cache-Age
X-GUploader-UploadID
X-Oneagent-Js-Injection
FilterID
X-Varnish-Grace
X-Pad
X-HS-Combine-CSS
X-B3-Sampled
X-Webkit-CSP
X-F-Cache
Refresh
X-Content-Options
X-Tumblr-Pixel
X-Instance
X-Debug-Info
X-Tumblr-Pixel-0
Accept-Charset
X-Seen-By
X-Tumblr-User
X-Mobile-URL
X-Framework
X-Jobs
X-PHP-Backend
X-B
X-Request-Guid
X-Whom
X-Page-Id
X-Cluster
DC
X-App-Environment
Access-Control-Allow-Method
X-FB-Debug
Source
Actual-Object-TTL
X-Geo-Country
X-AOL-HN
X-Erf-Bev-Bev
X-PressLabs-Stats
X-Erf-Bev-Bev-Is-Generated
Host
X-Content-Powered-By
MS-CV
X-Time
Upgrade-Insecure-Requests
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Fastcgi-Useragent
X-Cache-2
X-Varnish-Backend
X-WebKit-CSP-Report-Only
X-TA-CDN-Provider
X-Cache-Key
X-ATG-Version
X-Host-Name
X-Git-Hash
X-Cache-Control
X-TT
X-Forwarded-Host
X-Cache-Rule
X-Cache-Operation
X-Cache-TTL
Surrogate-Key
X-Amz-Replication-Status
Frame-Options
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Type
X-FW-Server
X-Daa-Tunnel
X-Esi
X-Kong-Upstream-Latency
Cache
X-Wix-Request-Id
X-Kong-Proxy-Latency
Tracecode
X-Mobile
X-Response-Served-From
Xserver
NGB
X-Origin-Server
X-UA-Device-Type
X-B-Cache
X-Signature
WPE-Backend
X-App-Server
X-Tumblr-Pixel-1
Host-Header
X-Tumblr-Pixel-2
X-RemovedCookies
X-ProcessESI
X-Handled-By
X-Hyper-Cache
X-RequestSource
X-TX-ID
X-Region
X-GeoIP
Cleartype
Webserver
From-Origin
Payment
X-Drupal-Cache-Tags
X-RateLimit-Limit
X-Cache-NE
X-Cacheable-TTL
Eomportal-Instance
Cache-Tv-Group
X-Adobe-Loc
X-Adobe-Content
X-Cache-Action
Filters
Ms-Operation-Id
X-RTag
X-Cache-Enabled
Accept-CH-Lifetime
X-EdgeConnect-Cache-Status
Datacenter
X-Cache-TTL-Remaining
Accept-CH
X-Akamai-Transformed
X-Status
X-NewRelic-App-Data
X-Contextid
X-UA
X-Hostname
X-Cache-Server
Liferay-Portal
X-TT-TIMESTAMP
X-BCube-Filmed-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Edge-Location
X-FW-Dynamic
Odigeo-Trace-Id
X-Load-Cache
X-IP
Version
X-App-Version
Server-Info
X-Varnish-Hostname
X-RN-RSRV
Load-Balancing
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
Meta-Geo
X-Path-Route
X-Varnish-Server
X-Xfnlog-Site
X-Viewer-Country
X-OCL
X-Info
X-Content-Age
X-Cache-Config
X-Via-Fastly
X-Debug-Cache
Country
DB-Nickname
X-Pubstack
X-PCL
X-Rule
X-CCM
Cache-Tags
Azure-SlotName
X-Real-IP
Azure-Version
Azure-InstanceId
X-Human
Azure-RegionName
X-Hosted-By
Origin-Cache-Control
X-Cache-Host
X-UUID
X-Proto
L5d-Success-Class
Mn-Server-Ip
X-Labrador-Cache-Channel
Cache-Name
X-Proxy
X-From
Azure-SiteName
X-R9-Blue-Green-Version
Webcakes-Region
X-Varnish-Cache-Hits
TWC-Connection-Speed
X-Drupal-Cache-Contexts
S-Rt
X-Origin-Hint
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
X-Loop
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
X-TNCMS
TWC-GeoIP-LatLong
X-EIG-Tracking-Id
GEO-INFO
X-Origin
X-Cache-Time
X-Akamai-Request-ID
X-ServerID
X-FC-Vary-Parameters
Origin-Edge-Control
X-Origin-Response-Time
Release
Property-Id
X-Web-Node
X-FireWall-Port
X-Format
Viewport
X-Generated
X-JoinUs
DSUID
X-Cluster-Name
X-Access
X-Goog-Meta-Goog-Reserved-File-Mtime
S-Cnection
Selected-Fe
X-Akamai-Request-ID2
X-Locale
X-ApacheServer
Ec-Rule-Version
X-Backend-Name
X-Section
X-WA-Info
X-Rendered-As
X-Proxy-Build
X-Redis-Cache
X-Www-Served-By
X-Site-Version
X-Soup
X-Time-Microsecs
X-Timing-Wait
X-VCT
X-Upgrade-Enabled
Fastly-SSL
X-Vgn-Hpd-Reason
X-PERF
Decoy-Debug-Key
Decoy-Debug-TTL
X-Varnish-Hits
X-Cache-Grace
Decoy-Debug-Status
Rt-Fastcgi-Cache
X-Rocket-Nginx-Bypass
X-Storage
Cache-Key
X-XRDS-LOCATION
X-NWS-UUID-VERIFY
X-Origin-CC
X-Origin-TTL
NGX
Cteonnt-Length
X-Cache-Remote
Cache-Hits
Vix-Hermes-Req-Id
X-Guploader-Uploadid
X-Hit
X-Is-Bot
X-B3-SpanId
X-NCache
X-GoCache-CacheStatus
X-ProxyCache-Key
X-ProxyCache-Status
Uber-Trace-Id
Time
X-Backend-TTL
X-BYPASS-REASON
X-Trace-Id
X-CF-Powered-By
X-CS
Origin
Hostname
X-SS-Set-Cookie
X-Device-Type
X-UnsetCookies
X-Tumblr-Pixel-3
X-PHP-Host
X-Cache-Backend
Mime-Version
X-Generated-By
X-Amzn-Remapped-Content-Length
X-OVcl-Cache
X-OVcl
Accept-Language
Akamai-GRN
X-Cluster-Node
X-S
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-ATS-Timestamp
X-Oss-Object-Type
X-Via-CDN
X-Oss-Request-Id
X-Cdn-Forward
X-CACHE-KEY
X-Nginx-Cache-Key
Fastcgi-X-Cache-Version
X-FB-TRIP-ID
X-Accel-Buffering
X-Uri
Now
X-L-Path
X-Environment-Context
X-FW-Version
X-CSRF-TOKEN
X-URL
X-Tb
X-B3-Traceid
X-No-Session
OT-Force-Account-Verify
X-MServer
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
ServerName
User-Cache-Control
ServedBy
Content-Style-Type
Content-Script-Type
X-Hl-Ver
AsisCache
BehaviorPad-Version
Cross-Origin-Window-Policy
X-External-Request-Id
IsBot
X-Detected-As
X-Developer
X-DPWN-IS-SECURE
Arc-Country
X-G
Apple-News-Services-Parsed-Url
X-PAYTM-SRV-ID
X-Application
X-Processor
X-Tec-Api-Origin
X-Region-Sid
X-Say-Cacheable
X-SayCDN-TTL
Apple-News-Services-Host
X-Destination
Apple-News-Services-Handled
Access-Control-Request-Headers
A
Apple-News-Services-Request-Url
Machine
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
Viewtype
VivaBuild
X-A-Dgt
X-A-Wwc
X-AIR-PT
X-ARC
X-B-Cookie
X-Aed
X-Accel-Expires-Debug
T-Server
X-CF-Lambda-Fn
X-Date
Node
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
X-D
X-Connection-Hash
Rt-Proxy-Cache
X-CF-Lambda-Version
Request-EU
Request-Country
Rendered-Blocks
X-Tec-Api-Root
X-Say-TTL
X-Session-Fingerprint
Xc-Version
X-SIPLIST1
X-Server-Time
X-ScT
X-Transaction
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-SRCache-Key
X-Twitter-Response-Tags
X-Trv-Group
X-VG-WebCache
X-VG-WebServer
X-Svr
X-Presslabs-Stats
X-NC
X-S-Cookie
X-Rojux
X-Request-UUID
X-Rewrite-Enabled
X-Tec-Api-Version
X-Endurance-Cache-Level
X-Clara-WADP
X-Sn-Servicetimems
X-Cache-Debug
X-Location
X-Sorting-Hat-ShopId
X-Cache-Info
X-Request-URI
RNT-Machine
RNT-Time
X-Hnp-Log
CDCHOST
Cache-Host
Server-Int
X-Cdn-Origin
X-Sorting-Hat-PodId
X-Proxy-Cache-Status
X-Proxy-Upstream
X-S-Maxage
X-Cache-Bucket
X-WADP-Cache
Mail-Subject
We-Hiring
X-Shopify-Stage
X-ShopId
X-Debug-Cookies
X-ShardId
X-Debug-Log
X-NX-Host
X-Node-Id
X-Alternate-Cache-Key
Web-Mar-Node
X-Instart-Isnd
X-Cms-Context
X-Block-Status
X-Ms-Version
X-Ms-Request-Id
X-Device-Os
X-Gen-Mode
X-B3-Parentspanid
NtCoent-Length
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Proxy-Connection
X-Sucuri-Id
X-Nc
X-Varnish-Beresp-Ttl
X-BBXSRF
X-User
X-Variation
X-CUA
X-VC-Cache
X-Core-Mission
X-Up
X-Webstats-RespID
X-We-Are-Hiring
X-Debug-Cache-Fetch
X-CGP
X-Debug-Cache-Expiry
X-Wikidot-Static-Cache
X-Compress-Hint
X-VG-TLSProxy
X-Cdn-Srv
X-Clientip
X-Azure-Ref
X-Cache-Id
X-Cache-URL
X-WebServer
X-Cache-FS-Status
X-Wikidot-Backend
X-Bip
X-Azure-Ref-OriginShield
X-Auto-Login
X-VServer
X-Backend-State
X-Generated-In
X-Matched-Rule
X-Magnolia-Registration
X-Method
X-Level-Front-Cache
X-Old-Content-Length
X-Reboot
X-Logging-Id
X-Key
X-JWT-State
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Origin-Date
X-Generated-On
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Release
X-Reqid
X-Request-Start
X-Qloud-Router
Thinkindot-CacheControl-Type
X-Owner
X-Origin-Expires
X-Platform-Server
X-Policy
Thinkindot-Control
X-Scheme
X-Is-Gdpr
X-Distil-CS
X-Dispatcher-Server
X-Distributor
X-SVT-ORM-VERSION
X-Epic-Correlation-Id
X-Thinkindot-L3
X-Developers
Thinkindot-CacheControl
Server-Host
X-TrackingId
X-Thanos
X-Swa-Ws
X-Eu-Site
X-SVT-ORM-RULES
X-Irp-Debug
X-Internal-Host
X-Service
X-Server-IP
X-SD-PageType
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-GeoIP-City
X-Fastly-Cache
X-Has-Esi
X-Hash
X-Skip-Cache
X-Debug-Cache-Store
X-Dispatch
PFcat
Memcached
Magicmarker
Platform
Pramga
Served-By
Fastly-Soc-X-Request-Id
SD-X-WS
Adler-Geo
Countrycode
Ha-Gx-Prefs
Gh-Request-Id
Esi-Enabled
HA-Ipaddr
IBM-Web2-Location
L
Kp-EeAlive
Is-Eu
True-Client-Country-4JS
Section-Io-Cache
X-Agile
Wxu-Next-Region
W
Wxu-Next-Commit
Wxu-Next-Hostname
X-Agile-Id
X-Agile-Age
X-Amz-Meta-Cache-Control
X-App-Name
X-GRACE
X-Parent-Response-Time
Cache-Provider
X-Geo-Header
X-7Graus-Varnish-XKeys
X-C
X-Generation-Time
X-LI-Proto
X-NodeID
X-SaId
Content-Disposition
AKAMAI
X-MSEdge-Flight
X-MSEdge-Features
X-Lb-Id
X-Urbn-Context-Path
Heartbleed
X-7Graus-Varnish-Cache-Control
X-Urbn-Site-Id
Locale
V-Age
X-APP-VERSION
X-Dc
Server-ID
X-ServiceProvider
X-GEO
X-Servername
PageSpeed
X-Core-Value
Request-Time
X-Vdms-Version
CF-IPCountry
X-ECACHE
Environment
X-NGENIX-Cache
Srv
X-Geo
X-Pjax-Url
GEO-REGION-INFO
X-Newrelic-Synthetics
X-FPC
X-EC-Lua
X-Sucuri-Cache
X-Servedbyhost
X-ElasticPress-Search
X-Be
Cdnsip
X-Rocket-Build-Number
X-Sigma
X-Shopify-Generated-Cart-Token
X-Instart-Info
Cdncip
X-Sigma-Backend
X-AK-Request-ID
X-Datadome
X-Unique-ID
Group
X-Nginx-Cache
X-VHOST
X-Backend-Url
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Tb-Optimization-Total-Bytes-Saved
X-Backend-Host
Ohc-Cache-HIT
Ohc-File-Size
X-CDN-Forward
SRV
X-Upstream-Ct
X-Upstream-Ht
Resin-Trace
Tcn
X-Microcachable
Powered-By-ChinaCache
X-Via-NSCOPI
X-Var-Ttl
Backend-Name
X-B3-Spanid
X-Correlation-ID
X-Source
X-ND-Cache
X-Unique-Id
Memory
N-Cache
X-Zone
X-IPS-LoggedIn
X-DC
Cache-Prefix
Pagetype
CF-Cached-On
Fly-Request-Id
X-Oracle-Dms-Rid
Lfy
Fly-Cache
X-RCS-CacheZone
X-Trafficlayer-App-Version
X-Upstream-CT
X-Upstream-HT
X-Ua
X-AWS-Id
X-Worker
X-LJ-Flow-ID
X-VWS-Id
Cdn
X-VCL-Version
X-Dynatrace
Gannett-Cam-Experience-Id
X-Via-Ucdn
X-Check-Cacheable
Locid
X-Served-From
X-Req
X-COUNTRY
Cf-Ipcountry
GeoIP-Latitude
X-Gamma-Serve
FNAC-ModuleRouting
Amp-Access-Control-Allow-Source-Origin
GeoIP-Country-Code
Pics-Label
TTL
X-Server-W
X-Ratelimit-Remaining
X-Refresh
GeoIP-City
X-Ratelimit-Reset
X-Fetched-On
X-Pod
X-Pf-Uncompressing
Fastly-SIE
X-Sedo-Request-Id
X-Cache-Miss-From
Geo-Info
X-Wa
X-Rebelmouse-Surrogate-Control
X-PF-Uncompressing
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Upstream-Proxy
X-Via-Edge
REQUESTUUID
X-CSRF-Token
M-TraceId
PICS-Label
X-Via-SSL
GeoIp-Country-Code
Geoip-Latitude
Ttl
Geoip-City
X-Bc
X-Tt-Trace-Tag
XServer
X-Sucuri-ID
X-Vcl-Version
X-Render-Time
X-APP
X-HS-Status
X-ZONE
X-CLOUD-TRACE-CONTEXT
X-LiteSpeed-Cache-Control
ProcessTime
X-GDPR
X-Fstrz
X-NU-AKA-ACS-Version
X-HTML-Minification-Powered-By
X-SRV
Cache-Cookie-Set-Lfrom
Cdn-Request-Time
Cdn-Host
Cache-Cookie-Set-From
X-GeoIP-Country-Code
X-Edge-Server
X-Mode
Cache-Cookie-Set-Idcheck
X-Ratelimit-Limit
X-TIME
X-SN
X-Fastly-Country-Code
X-Aicache-OS
X-Dynatrace-Js-Agent
User-Agent
SS
X-Hello
On-Server
Pragrma
X-Org
X-Cache-Tag
X-ABtesting
X-Response-By
X-Flog
X-Swift-Error
X-HostName
MIME-Version
URI
X-NGINX-Cache
X-ServedByHost
Host-ID
X-BC
X-WR-MODIFICATION
X-FORWARDED-FOR
HitType
X-TT-LOGID
X-WA
X-BE
Requestid
Who
X-Ftr-Cache-Host
X-MP-GENERATED-AT
HostName
X-RateLimit-Reset
CACHE
X-Fastly-Backend-Reqs
X-Page-Type
X-Edge-O15-RID
X-Cache-Ttl
SN
X-UPSTREAM-Address
X-Action
X-RSL
X-DW
X-RPM
Country-Code
X-DSS
X-DB
X-PJAX-URL
X-DI
X-RPS
Dynatrace
X-Varnish-Cacheable
X-Varnish-URL
X-Cdn-Request-ID
RequestUuid
X-LAGOON
X-Fpc
X-Cf-Powered-By
DataCenter
Lb
X-ServerName
X-TH-Server
Debug
UCS
Get-Access-Time
Server-Id
X-Tt-Trace-Host
X-Varnish-Beresp-TTL
Is-Session-Tracking
X-Proxied
X-Routing-Service
X-Edge
LB
CDN
X-Zipkin-Id
X-SB
X-Request-Time
Powered-By
X-Protected-By
X-Nananana
X-MCACHE
X-MID
X-VC
X-Gen-Id
X-Dw-Trace-Id
Warning
Proxy-Firewall
NnCoection
X-Mid
X-LiteSpeed-Tag
Media-Length
X-Amzn-Remapped-Connection
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-LB-ID
Thinkindot-Cache-Type
Correlation-Id
X-Fastly-Cache-Hits
X-Amzn-Remapped-Date
SID
X-Li-Proto
Application
X-Request-Url
V-Cache
RequestId
Product
Xet-Cookie