Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Iinfo
X-Language
X-AspNetMvc-Version
X-Content-Security-Policy
Status
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Ua-Compatible
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
EagleId
X-AH-Environment
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-WebKit-CSP
Report-To
X-Ac
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Response-Time
X-Server-Id
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
X-Host
Content-Location
X-Node
X-Cloud-Trace-Context
X-Origin-Cache
X-Readtime
X-Cache-Lookup
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
X-Cdn
Allow
X-Dns-Prefetch-Control
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Ws-Request-Id
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
Surrogate-Control
X-Country
Rating
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
X-Akam-SW-Version
Pinterest-Generated-By
X-PC
X-Vname
X-TtlSet
X-Ruxit-JS-Agent
X-Instart-Request-ID
X-MS-InvokeApp
X-Url
X-Varnish-TTL
Edge-Control
Verso
X-Mod-Pagespeed
X-Powered-By-Plesk
SPRequestGuid
Accept-Ch
X-D2id
X-Trace
Response
X-Middleton-Response
Pagespeed
X-Sol
Display
X-Middleton-Display
X-SharePointHealthScore
X-VARITI-CCR
RTSS
X-B3-TraceId
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Revision
X-Server-ID
Service-Worker-Allowed
X-Server-Name
X-GitHub-Request-Id
X-ESI
SPIisLatency
SPRequestDuration
X-Vcache
X-Navigation-Version
X-Powered-CMS
Content-MD5
X-Debug
X-Abt-Application-Version
X-Vcap-Request-Id
X-CST
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
Public-Key-Pins
MS-Author-Via
Charset
X-Upstream
X-Version
X-Forwarded-Proto
X-NF-Request-ID
X-Amz-Rid
X-Px
X-TTL
DynaTrace
X-Cached
Realpath
X-Shard
TCN
Fastly-Restarts
Edge-Cache-Tag
MicrosoftSharePointTeamServices
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Ezoic-Cdn
Arr-Disable-Session-Affinity
X-Recruiting
X-MSEdge-Ref
X-Shield-Request-Id
X-Pinterest-Rid
Access-Control-Request-Method
Pinterest-Version
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-Ser
X-SRCache-Fetch-Status
S
X-Fastly-Request-ID
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Nginx-Cache
X-XRDS-Location
Front-End-Https
X-DIS-Request-ID
X-Accel-Expires
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-Goog-Storage-Class
X-Ttl
X-Id
X-Varnish-Age
X-Element-Page-Cache
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-T
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
X-Fastcgi-Cache
X-HS-Content-Id
X-HS-Hub-Id
NR-ENABLED
Cache-Tag
X-Content-Digest
X-Frontend
Powered
X-Correlation-Id
X-Hits
X-RateLimit-Remaining
X-Kinsta-Cache
X-HS-Cache-Config
X-Litespeed-Cache
X-Grace
X-FTR-Cache-Host
ServerID
X-Webapp-Samesite-None-Activated-N
X-Aspnetmvc-Version
X-Webkit-Csp
Alternate-Protocol
TP-L2-Cache
TP-Cache
X-Hp-Webp
X-Node-Name
X-Cache-Hit
X-Request-Received
X-Request-Processing-Time
X-Forwarded-For
PB-PID
PB-RID
X-Ah-Environment
X-Request-Handler-Origin-Region
X-N
X-Microsite
AR-CACHE
Arc-Version
AR-ATIME
X-Mobile-Rewrite
Ar-Sid
AR-PoweredBy
AMP-Access-Control-Allow-Source-Origin
Server-Name
X-Zen-Fury
X-Content-Type
X-User-Agent
X-Rid
Healthy
Backend-Timing
X-Revision
X-Analytics
Server-Node
X-Content-Security-Policy-Report-Only
X-LB-Cache
X-Akamai-Edgescape
X-Logged-In
X-AppVersion
X-Az
X-HS-Combine-CSS
X-Activity-Id
Cache-Status
X-Srv
Retry-After
X-IPLB-Instance
X-FastCGI-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cached-By
X-Oneagent-Js-Injection
X-Pad
X-NWS-LOG-UUID
X-Via-JSL
Accept-CH
X-Type
Accept-CH-Lifetime
Paypal-Debug-Id
X-Varnish-Grace
X-Ruxit-Js-Agent
X-Mobile-URL
X-GUploader-UploadID
X-B3-Sampled
FilterID
X-Content-Options
Refresh
AR-Request-ID
X-Cache-Age
X-F-Cache
X-Geo-Country
X-Debug-Info
Accept-Charset
X-Instance
X-FB-Debug
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Access-Control-Allow-Method
Host
X-App-Environment
X-Cluster
X-Page-Id
Source
X-AOL-HN
X-Jobs
X-PHP-Backend
Upgrade-Insecure-Requests
X-Varnish-Backend
Actual-Object-TTL
X-B
X-Request-Guid
X-Framework
X-Erf-Bev-Bev-Is-Generated
DC
X-Erf-Bev-Bev
X-Seen-By
X-WebKit-CSP-Report-Only
X-Cache-Key
X-ATG-Version
Fastcgi-Useragent
MS-CV
X-Whom
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-TT
X-PressLabs-Stats
X-Git-Hash
X-Cache-2
X-Host-Name
X-Cache-Control
X-Esi
X-Cache-TTL
Cache
X-Amz-Replication-Status
Surrogate-Key
X-TA-CDN-Provider
X-Wix-Request-Id
X-Cache-Rule
X-Cache-Operation
Frame-Options
X-Daa-Tunnel
Host-Header
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
NGB
X-Response-Served-From
X-B-Cache
X-Signature
X-FW-Server
X-Time
X-FW-Type
X-FW-Hash
X-Forwarded-Host
Xserver
X-FW-Static
X-FW-Serve
X-UA
X-Origin-Server
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Tumblr-Pixel-2
X-RequestSource
Payment
Filters
Eomportal-Instance
Cleartype
X-Cache-Action
Webserver
X-Region
WPE-Backend
X-Cache-NE
X-Mobile
X-TX-ID
X-Drupal-Cache-Tags
X-GeoIP
X-Hyper-Cache
X-Adobe-Content
From-Origin
X-Handled-By
X-Cacheable-TTL
X-Adobe-Loc
X-Cache-Enabled
X-B3-Traceid
X-UA-Device-Type
X-SERVER
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
X-App-Server
Datacenter
X-RTag
Ms-Operation-Id
Tracecode
X-Cache-TTL-Remaining
X-NewRelic-App-Data
X-Hostname
X-Akamai-Transformed
X-Load-Cache
X-Status
X-Cache-Server
X-Contextid
X-Edge-Location
Liferay-Portal
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-XRDS-LOCATION
X-BCube-Filmed-By
X-TT-TIMESTAMP
X-Varnish-Hostname
Odigeo-Trace-Id
X-Varnish-Server
X-RateLimit-Limit
X-Rule
Server-Info
X-Cache-Var
X-RN-RSRV
X-ES-SERVER
X-Cache-Var-Map
X-FW-Dynamic
Load-Balancing
X-Path-Route
Meta-Geo
Country
X-Viewer-Country
X-Xfnlog-Site
X-CCM
X-Debug-Cache
X-OCL
X-Cache-Config
Version
Cache-Tags
DB-Nickname
X-PCL
X-UUID
X-IP
X-Via-Fastly
X-Rocket-Nginx-Bypass
TWC-Locale-Group
X-Upgrade-Enabled
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Connection-Speed
L5d-Success-Class
X-Web-Node
Cache-Name
Mn-Server-Ip
Property-Id
X-TNCMS
S-Rt
X-Varnish-Cache-Hits
TWC-Device-Class
X-Cache-Host
X-R9-Blue-Green-Version
X-Loop
X-Labrador-Cache-Channel
X-Origin
X-Origin-Hint
X-Proto
X-Pubstack
X-Origin-Response-Time
X-Info
X-Hosted-By
X-Drupal-Cache-Contexts
X-ServerID
X-Cache-Time
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-From
X-Real-IP
X-Proxy
X-Akamai-Request-ID
X-Origin-CC
X-ATS-Timestamp
X-Redis-Cache
X-Origin-TTL
Release
S-Cnection
X-Access
X-Akamai-Request-ID2
Viewport
Selected-Fe
Origin-Edge-Control
DSUID
Decoy-Debug-TTL
Ec-Rule-Version
Fastly-SSL
Origin-Cache-Control
X-ApacheServer
X-FireWall-Port
X-Rendered-As
X-Proxy-Build
X-Section
X-Timing-Wait
X-Www-Served-By
X-VCT
X-PERF
X-JoinUs
Decoy-Debug-Status
X-Cluster-Name
X-Format
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Human
X-Backend-Name
X-Generated
Azure-InstanceId
Decoy-Debug-Key
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Vgn-Hpd-Reason
NGX
X-Varnish-Hits
X-Content-Age
X-Time-Microsecs
X-Soup
X-VCache
X-NWS-UUID-VERIFY
X-Storage
X-Site-Version
X-Locale
X-Oss-Storage-Class
X-Is-Bot
X-Guploader-Uploadid
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Rt-Fastcgi-Cache
X-ProxyCache-Status
Cache-Key
X-BYPASS-REASON
Uber-Trace-Id
X-ProxyCache-Key
X-WA-Info
X-Webkit-CSP
Cteonnt-Length
GEO-INFO
Vix-Hermes-Req-Id
X-PHP-Host
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Cache-Backend
X-GoCache-CacheStatus
X-Generated-By
X-SS-Set-Cookie
X-Amzn-Remapped-Content-Length
X-Hit
Cache-Hits
X-NCache
X-Cache-Grace
X-App-Version
Akamai-GRN
X-Backend-TTL
Time
X-Cache-Remote
X-Accel-Buffering
Origin
X-APP-VERSION
X-Trace-Id
X-Device-Type
X-CS
X-Nginx-Cache-Key
X-Tumblr-Pixel-3
X-Presslabs-Stats
X-FB-TRIP-ID
Accept-Language
X-OVcl
X-L-Path
X-OVcl-Cache
X-Environment-Context
X-No-Session
X-CF-Powered-By
X-S
X-Tb
X-MServer
Mime-Version
X-SaId
X-Cluster-Node
X-B3-SpanId
X-URL
Access-Control-Request-Headers
X-Uri
Hostname
Fastcgi-X-Cache-Version
X-SayCDN-TTL
X-Say-Cacheable
X-Via-CDN
X-UnsetCookies
X-Say-TTL
X-Tec-Api-Version
X-Tec-Api-Origin
X-CACHE-KEY
X-Tec-Api-Root
ServerName
X-Geo
Now
User-Cache-Control
X-Vtex-Processado-Em
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Cross-Origin-Window-Policy
Content-Script-Type
Content-Style-Type
Xc-Version
BehaviorPad-Version
AsisCache
Machine
X-Vtex-Remote-Cache
Apple-News-Services-Host
X-SRCache-Key
X-Hl-Ver
X-PAYTM-SRV-ID
X-G
X-External-Request-Id
X-DPWN-IS-SECURE
X-A-Dgt
X-B-Cookie
T-Server
Viewtype
X-Region-Sid
X-Processor
X-Detected-As
X-Destination
X-A-Dam
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-A-Dcw
X-A-Ccd
X-Connection-Hash
X-Date
X-D
VivaBuild
X-A
X-Request-UUID
X-Rewrite-Enabled
X-Trv-Group
X-Twitter-Response-Tags
X-Transaction
X-Svr
Mobile-Detection-Method
X-AIR-PT
X-VG-WebCache
Meta-Geo-Continent
X-ARC
X-VG-WebServer
X-Application
Node
X-Session-Fingerprint
X-A-Wwc
X-S-Cookie
Request-EU
X-Rojux
X-ScT
Request-Country
Rendered-Blocks
X-Server-Time
X-Aed
X-Accel-Expires-Debug
MD5-Digest
Rt-Proxy-Cache
X-FW-Version
X-Endurance-Cache-Level
X-CSRF-TOKEN
X-Cache-Debug
X-Cache-Bucket
X-Block-Status
X-Cache-Info
X-Clara-WADP
X-Cms-Context
Web-Mar-Node
X-Cdn-Forward
Thinkindot-CacheControl-Type
RNT-Machine
IsBot
RNT-Time
Server-Host
X-Core-Value
Thinkindot-CacheControl
Thinkindot-Control
X-Debug-Cookies
X-S-Maxage
X-NC
X-Request-URI
X-Service
X-SIPLIST1
X-WADP-Cache
X-Thinkindot-L3
X-Reboot
X-Proxy-Upstream
We-Hiring
X-Gen-Mode
X-Debug-Log
X-Location
X-Matched-Rule
X-Proxy-Cache-Status
X-NX-Host
CDCHOST
X-Hnp-Log
Proxy-Connection
OT-Force-Account-Verify
Mail-Subject
X-B3-Parentspanid
NtCoent-Length
X-Is-Gdpr
X-JWT-State
X-Level-Front-Cache
X-Key
X-Irp-Debug
X-IN-APIGATEWAYSSL
X-Has-Esi
X-GeoIP-City
X-Hash
X-IN-APIGATEWAY
X-Instart-Isnd
X-Li-Fabric
X-Unique-Id
X-7Graus-Varnish-Cache-Control
X-Ms-Request-Id
True-Client-Country-4JS
X-Method
Adler-Geo
AKAMAI
X-Old-Content-Length
X-Ms-Version
X-Magnolia-Registration
X-LI-UUID
Wxu-Next-Region
X-Alternate-Cache-Key
Wxu-Next-Hostname
Wxu-Next-Commit
W
X-Li-Pop
X-7Graus-Varnish-XKeys
X-Geo-Header
X-Dispatch
X-Cache-URL
X-Developers
X-Varnish-Beresp-Status
X-Cache-Id
X-Dispatcher-Server
X-Cache-FS-Status
X-Cdn-Srv
X-CGP
X-Compress-Hint
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Clientip
X-Debug-Cache-Store
X-Varnish-Beresp-Ttl
X-Distil-CS
X-C
X-Generated-On
X-Azure-Ref
X-Auto-Login
X-Generation-Time
X-CUA
X-App-Name
X-Azure-Ref-OriginShield
X-Generated-In
X-Epic-Correlation-Id
X-Distributor
X-Eu-Site
X-BBXSRF
X-Backend-State
X-Fastly-Cache
X-Amz-Meta-Cache-Control
Server-Int
Gh-Request-Id
X-Sorting-Hat-ShopId
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Up
X-TrackingId
Ha-Gx-Prefs
HA-Ipaddr
Kp-EeAlive
L
X-Origin-Date
IBM-Web2-Location
X-Sorting-Hat-PodId
Fastly-Soc-X-Request-Id
Esi-Enabled
X-WebServer
X-We-Are-Hiring
Cache-Host
X-Webstats-RespID
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VServer
Content-Disposition
Countrycode
X-User
X-Variation
X-VC-Cache
X-VG-TLSProxy
X-Skip-Cache
Is-Eu
X-RateLimit-Limit-Second
X-Policy
X-RateLimit-Remaining-Second
X-Release
Platform
X-Shopify-Stage
X-Platform-Server
X-Origin-Expires
ServedBy
X-Varnish-Beresp-Grace
Served-By
Section-Io-Cache
SD-X-WS
X-Request-Start
X-Reqid
X-SD-PageType
X-Server-IP
Magicmarker
Memcached
X-ShardId
X-Scheme
PFcat
X-ShopId
X-Parent-Response-Time
X-Nc
Srv
Cache-Provider
X-Owner
X-ServiceProvider
X-CDN-Forward
X-Vdms-Version
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Swa-Ws
X-Qloud-Router
X-Thanos
X-Internal-Host
X-LI-Proto
X-Developer
X-Logging-Id
X-Bip
A
V-Age
X-Dc
Pramga
X-Agile-Age
X-Agile
Heartbleed
Locale
X-Core-Mission
X-Agile-Id
X-Shopify-Generated-Cart-Token
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-AK-Request-ID
Cdnsip
Cdncip
Server-ID
X-NodeID
X-MSEdge-Features
X-MSEdge-Flight
X-Sn-Servicetimems
X-Sucuri-Cache
X-B3-Spanid
X-Cdn-Origin
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Device-Os
X-Node-Id
X-Planisys-CDN-Rules
X-Servername
X-Sucuri-Id
X-GRACE
GEO-REGION-INFO
X-Upstream-Ht
X-Via-NSCOPI
X-Upstream-Ct
Powered-By-ChinaCache
X-Lb-Id
X-Source
X-RCS-CacheZone
X-EC-Lua
Environment
CF-IPCountry
X-FPC
X-Be
X-ND-Cache
X-Trafficlayer-App-Version
X-VHOST
X-Zone
Tcn
X-Microcachable
Request-Time
X-Nginx-Cache
Resin-Trace
X-Newrelic-Synthetics
X-Servedbyhost
X-Req
X-Pjax-Url
Locid
X-Tb-Optimization-Total-Bytes-Saved
X-Ratelimit-Remaining
X-ECACHE
FNAC-ModuleRouting
X-Gamma-Serve
X-Instart-Info
Geo-Info
X-NGENIX-Cache
X-ElasticPress-Search
X-Oracle-Dms-Rid
X-Served-From
X-SRV
X-Pf-Uncompressing
Group
X-TIME
X-Backend-Host
X-Refresh
X-Sucuri-ID
X-Backend-Url
X-Dynatrace
X-Var-Ttl
X-VCL-Version
Backend-Name
X-GEO
CF-Cached-On
X-VWS-Id
X-LJ-Flow-ID
Memory
X-AWS-Id
ProcessTime
X-DC
Gannett-Cam-Experience-Id
X-COUNTRY
X-IPS-LoggedIn
X-Correlation-ID
X-Unique-ID
Amp-Access-Control-Allow-Source-Origin
X-Render-Time
Cf-Ipcountry
X-HTML-Minification-Powered-By
TTL
N-Cache
X-CSRF-Token
Fly-Request-Id
X-Check-Cacheable
Lfy
X-NU-AKA-ACS-Version
Pics-Label
X-Pod
X-FORWARDED-FOR
PICS-Label
GeoIp-Country-Code
Geoip-City
Cache-Prefix
Geoip-Latitude
Pagetype
Fly-Cache
SRV
X-GeoIP-Country-Code
X-Worker
X-Via-Edge
X-Via-SSL
GeoIP-Country-Code
GeoIP-City
REQUESTUUID
GeoIP-Latitude
X-Bc
XServer
Ohc-Cache-HIT
Ohc-File-Size
X-Sedo-Request-Id
X-HOST
Ttl
X-Via-Ucdn
X-APP
X-Upstream-CT
X-Cache-Miss-From
X-Vcl-Version
M-TraceId
X-Upstream-HT
Cdn
X-CLOUD-TRACE-CONTEXT
X-Ratelimit-Limit
X-Mode
X-Fetched-On
X-Fstrz
X-Server-W
X-MP-GENERATED-AT
X-ZONE
MIME-Version
Fastly-SIE
X-Fastly-Country-Code
X-Rebelmouse-Surrogate-Control
X-PF-Uncompressing
X-Rebelmouse-Cache-Control
HitType
X-LiteSpeed-Cache-Control
Fastly-SWR
X-Wa
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-HS-Status
Host-ID
HostName
X-Dynatrace-Js-Agent
Pragrma
X-NGINX-Cache
X-ServedByHost
User-Agent
On-Server
X-BC
X-Routing-Service
X-Proxied
X-Varnish-Ttl
X-Zipkin-Id
X-HostName
X-Swift-Error
X-Tt-Trace-Tag
X-Cache-Tag
X-GDPR
X-Aicache-OS
X-PJAX-URL
URI
X-Cdn-Request-ID
X-WR-MODIFICATION
X-Ua
X-TH-Server
Cdn-Host
X-WA
Cdn-Request-Time
Who
X-TT-LOGID
X-Edge-Server
X-RateLimit-Reset
CACHE
Powered-By
X-Flog
X-Fastly-Backend-Reqs
X-Cache-Ttl
X-Hello
X-Edge-O15-RID
X-Cf-Powered-By
X-BE
CDN
X-ABtesting
X-SN
X-UPSTREAM-Address
Dynatrace
X-DSS
X-DW
X-RSL
SS
X-Response-By
X-LAGOON
X-DI
X-Fpc
X-DB
X-Org
X-Varnish-URL
X-RPM
Media-Length
X-Action
X-RPS
X-Varnish-Cacheable
DataCenter
LB
X-Ratelimit-Reset
Is-Session-Tracking
X-ServerName
X-Upstream-Proxy
X-LB-ID
Server-Id
X-Request-Time
Debug
SN
Get-Access-Time
X-Ftr-Cache-Host
X-Gen-Id
Requestid
Cneonction
X-Varnish-Beresp-TTL
X-Protected-By
XxX-Cache-Status
X-Varnish-Info
X-Nananana
NnCoection
Correlation-Id
Country-Code
Lb
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Amzn-Remapped-Connection
RequestUuid
X-Page-Type
Warning
X-LiteSpeed-Tag
X-Amzn-Remapped-Date
X-Dw-Trace-Id
X-Fastly-Cache-Hits
Application
Product
SID
X-Li-Proto
RequestId
Thinkindot-Cache-Type
X-Request-Url