Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Request-ID
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
X-Content-Security-Policy
Status
Content-Encoding
X-AspNetMvc-Version
X-Buckets
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Ua-Compatible
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
EagleId
X-AH-Environment
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-WebKit-CSP
X-Dns-Prefetch-Control
Report-To
X-Ac
EagleEye-TraceId
X-Response-Time
X-Server-Id
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-OneAgent-JS-Injection
X-DataDome
Content-Location
X-Node
X-Cloud-Trace-Context
X-Origin-Cache
X-Readtime
X-Cdn
X-Cache-Lookup
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
Surrogate-Control
X-Country
X-Ws-Request-Id
Rating
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Pinterest-Generated-By
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-Akam-SW-Version
X-Varnish-TTL
X-MS-InvokeApp
X-TtlSet
X-PC
X-Vname
X-Instart-Request-ID
X-Url
Accept-Ch
Edge-Control
X-Ruxit-JS-Agent
Verso
X-Powered-By-Plesk
X-Mod-Pagespeed
X-B3-TraceId
SPRequestGuid
X-Sol
X-D2id
Response
X-Middleton-Response
Display
X-Middleton-Display
X-Trace
X-SharePointHealthScore
X-VARITI-CCR
Pagespeed
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
RTSS
X-Use-Magma
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Server-ID
X-Server-Name
X-ESI
X-GitHub-Request-Id
SPRequestDuration
SPIisLatency
X-Navigation-Version
X-Powered-CMS
X-Debug
Content-MD5
X-Abt-Application-Version
X-Vcache
X-Vcap-Request-Id
X-CST
Public-Key-Pins
X-Amz-Server-Side-Encryption
MS-Author-Via
X-Upstream
Charset
X-Px
X-Version
X-Amz-Rid
X-NF-Request-ID
X-Forwarded-Proto
DynaTrace
X-Cached
X-Aspnetmvc-Version
Realpath
X-Shard
Fastly-Restarts
Edge-Cache-Tag
X-Recruiting
MicrosoftSharePointTeamServices
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TTL
X-Ezoic-Cdn
Arr-Disable-Session-Affinity
TCN
X-MSEdge-Ref
X-Pinterest-Rid
Pinterest-Version
Access-Control-Request-Method
X-Shield-Request-Id
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
Nginx-Cache
X-SRCache-Store-Status
S
X-Ser
X-Ttl
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Fastly-Request-ID
Front-End-Https
X-XRDS-Location
X-Accel-Expires
X-Ah-Environment
X-DIS-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-Client-IP
X-Id
X-Element-Page-Cache
X-Varnish-Age
X-T
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Webkit-Csp
X-FTR-Expires
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-RateLimit-Remaining
Fastcgi-Cache
X-Fastcgi-Cache
NR-ENABLED
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
X-Content-Digest
X-Hits
Cache-Tag
Powered
X-Correlation-Id
X-Kinsta-Cache
X-Litespeed-Cache
X-Grace
ServerID
X-HS-Cache-Config
X-FTR-Cache-Host
X-Oneagent-Js-Injection
X-Forwarded-For
Ar-Sid
AR-ATIME
AR-PoweredBy
AR-CACHE
TP-Cache
TP-L2-Cache
X-Cache-Hit
Alternate-Protocol
X-Node-Name
X-Hp-Webp
PB-PID
X-Request-Received
PB-RID
X-Request-Processing-Time
Arc-Version
X-Mobile-Rewrite
X-Request-Handler-Origin-Region
X-Webapp-Samesite-None-Activated-N
X-N
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Zen-Fury
X-Content-Type
X-User-Agent
X-Rid
Server-Name
X-Ruxit-Js-Agent
Backend-Timing
Server-Node
X-Srv
X-Revision
X-Analytics
Healthy
X-LB-Cache
X-Content-Security-Policy-Report-Only
Cache-Status
X-Akamai-Edgescape
X-Activity-Id
X-AppVersion
X-Az
Retry-After
X-Logged-In
X-FastCGI-Cache
X-SERVER
X-Via-JSL
X-HS-Combine-CSS
X-IPLB-Instance
Paypal-Debug-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Type
X-Cached-By
X-NWS-LOG-UUID
AR-Request-ID
X-Pad
X-Varnish-Grace
X-GUploader-UploadID
FilterID
X-B3-Sampled
X-Mobile-URL
X-Cache-Age
X-F-Cache
X-Content-Options
X-Geo-Country
Refresh
Accept-Charset
X-FB-Debug
X-Debug-Info
X-Tumblr-User
X-Tumblr-Pixel
X-Instance
X-Tumblr-Pixel-0
X-Request-Guid
Host
Source
X-Cluster
X-Page-Id
X-App-Environment
X-AOL-HN
X-Jobs
Access-Control-Allow-Method
X-B
X-Seen-By
X-Framework
Actual-Object-TTL
X-Erf-Bev-Bev
X-PHP-Backend
DC
X-Erf-Bev-Bev-Is-Generated
Upgrade-Insecure-Requests
X-Varnish-Backend
X-PressLabs-Stats
X-WebKit-CSP-Report-Only
X-Whom
X-Cache-Key
MS-CV
X-ATG-Version
Fastcgi-Useragent
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Powered-By
X-Cache-2
X-TT
X-Host-Name
X-Git-Hash
X-Cache-Control
X-Esi
X-TA-CDN-Provider
X-Cache-TTL
Surrogate-Key
Accept-CH-Lifetime
Cache
X-Time
X-Amz-Replication-Status
X-Cache-Operation
X-Cache-Rule
X-Wix-Request-Id
Frame-Options
Accept-CH
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-FW-Server
X-FW-Serve
X-FW-Static
X-Forwarded-Host
X-FW-Hash
X-FW-Type
NGB
X-Signature
X-B-Cache
X-Response-Served-From
Xserver
Host-Header
X-Daa-Tunnel
X-Origin-Server
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Mobile
Cache-Tv-Group
X-GeoIP
X-Drupal-Cache-Tags
X-Cache-NE
X-Region
X-Hyper-Cache
Payment
X-RequestSource
X-Cache-Action
Eomportal-Instance
Filters
WPE-Backend
Webserver
X-TX-ID
X-Adobe-Loc
From-Origin
X-UA
X-Handled-By
X-Cacheable-TTL
X-Adobe-Content
X-UA-Device-Type
Cleartype
X-Cache-Enabled
X-EdgeConnect-Cache-Status
X-ProcessESI
X-App-Server
X-RemovedCookies
Tracecode
X-RTag
Ms-Operation-Id
Datacenter
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-NewRelic-App-Data
X-Status
X-Contextid
X-Load-Cache
X-RateLimit-Limit
X-VCache
X-Cache-Server
Liferay-Portal
X-Hostname
X-Edge-Location
X-XRDS-LOCATION
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-BCube-Filmed-By
X-TT-TIMESTAMP
X-Varnish-Hostname
Odigeo-Trace-Id
X-FW-Dynamic
X-Varnish-Server
Server-Info
X-Path-Route
Load-Balancing
X-Rule
X-Cache-Var
X-Cache-Var-Map
Meta-Geo
X-ES-SERVER
X-RN-RSRV
Version
X-Xfnlog-Site
X-Viewer-Country
X-IP
X-OCL
X-Debug-Cache
X-Rocket-Nginx-Bypass
Country
Cache-Tags
DB-Nickname
X-Cache-Config
X-UUID
X-CCM
X-PCL
Cache-Name
X-ServerID
X-Pubstack
Azure-Version
Azure-RegionName
Azure-InstanceId
X-Real-IP
X-R9-Blue-Green-Version
Azure-SlotName
X-TNCMS
Azure-SiteName
X-Proto
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
X-From
TWC-GeoIP-Country
X-Hosted-By
Webcakes-App-Name
Webcakes-App-Version
X-Drupal-Cache-Contexts
X-Cache-Host
X-Akamai-Request-ID
X-EIG-Tracking-Id
X-FC-Vary-Parameters
Webcakes-Region
X-Info
TWC-Device-Class
X-Proxy
Mn-Server-Ip
X-Via-Fastly
X-Web-Node
X-Varnish-Cache-Hits
Fastly-SSL
X-Origin-Response-Time
X-Origin-Hint
S-Rt
TWC-Connection-Speed
X-Labrador-Cache-Channel
X-Loop
X-Origin
Property-Id
X-Upgrade-Enabled
L5d-Success-Class
X-Origin-CC
X-Origin-TTL
Decoy-Debug-Status
DSUID
Decoy-Debug-Key
Decoy-Debug-TTL
X-Cache-Time
Release
X-Format
X-PERF
Ec-Rule-Version
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
Origin-Cache-Control
Origin-Edge-Control
S-Cnection
Selected-Fe
X-JoinUs
X-Human
X-Content-Age
X-FireWall-Port
X-Backend-Name
X-Cluster-Name
X-Timing-Wait
X-ApacheServer
X-Akamai-Request-ID2
X-Access
X-Redis-Cache
X-Proxy-Build
X-VCT
X-Rendered-As
X-Section
X-Varnish-Hits
X-Vgn-Hpd-Reason
X-Soup
NGX
X-Time-Microsecs
X-App-Version
X-Storage
Viewport
Rt-Fastcgi-Cache
X-Site-Version
X-Www-Served-By
X-Locale
X-NWS-UUID-VERIFY
X-ATS-Timestamp
X-Guploader-Uploadid
X-B3-Traceid
X-Is-Bot
X-WA-Info
Cache-Key
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-ProxyCache-Status
Uber-Trace-Id
X-BYPASS-REASON
X-ProxyCache-Key
Cteonnt-Length
Vix-Hermes-Req-Id
GEO-INFO
X-GoCache-CacheStatus
X-Cache-Grace
Cache-Hits
X-Webkit-CSP
X-PHP-Host
X-Hit
X-NCache
X-Backend-TTL
X-Generated-By
X-Cache-Backend
X-SS-Set-Cookie
Time
X-Amzn-Remapped-Content-Length
Akamai-GRN
X-CF-Powered-By
Origin
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Device-Type
X-CS
X-Cache-Remote
X-Trace-Id
X-B3-SpanId
Accept-Language
X-Accel-Buffering
X-Tumblr-Pixel-3
X-Nginx-Cache-Key
X-OVcl
Mime-Version
X-OVcl-Cache
X-S
Hostname
X-FB-TRIP-ID
X-No-Session
X-UnsetCookies
X-L-Path
X-Environment-Context
X-Via-CDN
X-Cluster-Node
X-MServer
X-URL
X-Tb
Fastcgi-X-Cache-Version
X-Uri
Access-Control-Request-Headers
X-Tec-Api-Origin
X-Tec-Api-Root
Now
X-Say-TTL
X-SayCDN-TTL
X-Tec-Api-Version
X-SaId
X-CACHE-KEY
X-Say-Cacheable
X-Presslabs-Stats
X-FW-Version
User-Cache-Control
X-Cdn-Forward
ServerName
MD5-Digest
Apple-News-Services-Handled
Meta-Geo-Continent
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Mobile-Detection-Method
AsisCache
Content-Style-Type
Machine
IsBot
Content-Script-Type
Cross-Origin-Window-Policy
BehaviorPad-Version
Arc-Country
X-B-Cookie
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S-Cookie
X-ScT
X-Region-Sid
X-Processor
X-External-Request-Id
X-G
X-Hl-Ver
X-PAYTM-SRV-ID
X-Server-Time
X-Session-Fingerprint
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-SIPLIST1
X-SRCache-Key
X-Svr
X-Transaction
X-DPWN-IS-SECURE
X-Detected-As
X-A
VivaBuild
X-A-Ccd
X-A-Dam
X-A-Dcw
Viewtype
T-Server
Rendered-Blocks
Request-Country
Request-EU
Rt-Proxy-Cache
X-A-Dgt
X-A-Wwc
X-Connection-Hash
X-D
X-Date
X-Destination
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Aed
X-AIR-PT
X-Application
X-ARC
Node
X-Accel-Expires-Debug
X-APP-VERSION
X-CSRF-TOKEN
OT-Force-Account-Verify
Proxy-Connection
X-Endurance-Cache-Level
X-Request-URI
X-Cms-Context
X-Reboot
X-Hnp-Log
X-Gen-Mode
Server-Int
X-Clara-WADP
X-S-Maxage
CDCHOST
X-Proxy-Upstream
X-Debug-Cookies
X-Location
X-Matched-Rule
X-NX-Host
RNT-Machine
X-Proxy-Cache-Status
RNT-Time
X-Geo
X-Debug-Log
Server-Host
X-Cache-Bucket
X-Nc
Web-Mar-Node
X-WADP-Cache
Mail-Subject
X-Block-Status
X-Thinkindot-L3
X-Cache-Debug
Thinkindot-CacheControl-Type
Thinkindot-Control
We-Hiring
X-Cache-Info
Thinkindot-CacheControl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-App-Name
X-Developer
X-Distributor
X-Epic-Correlation-Id
X-Amz-Meta-Cache-Control
X-Developers
X-Auto-Login
X-Eu-Site
X-Distil-CS
X-Dispatch
X-Fastly-Cache
X-Dispatcher-Server
X-BBXSRF
X-Clientip
X-Cache-FS-Status
X-Compress-Hint
X-Generated-In
X-Cache-Id
X-Cdn-Srv
X-CGP
X-Core-Mission
X-C
X-Backend-State
X-Debug-Cache-Store
X-Azure-Ref-OriginShield
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-CUA
X-Cache-URL
X-Azure-Ref
X-Is-Gdpr
X-Skip-Cache
X-NC
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-TrackingId
X-Shopify-Stage
X-ShopId
X-Request-Start
X-SD-PageType
X-Server-IP
X-ShardId
X-Up
X-User
X-Wikidot-Static-Cache
X-Wikidot-Backend
NtCoent-Length
X-Core-Value
X-Service
X-Webstats-RespID
X-WebServer
X-Variation
X-VG-TLSProxy
X-VServer
X-We-Are-Hiring
X-Reqid
X-Release
X-Irp-Debug
X-Internal-Host
X-Alternate-Cache-Key
X-JWT-State
X-Key
X-Instart-Isnd
X-IN-APIGATEWAYSSL
X-Generation-Time
X-Has-Esi
X-Hash
X-IN-APIGATEWAY
X-Level-Front-Cache
X-Li-Pop
X-Platform-Server
X-Origin-Expires
X-Policy
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Origin-Date
X-Old-Content-Length
X-LI-UUID
X-Magnolia-Registration
X-Ms-Request-Id
X-Ms-Version
X-Generated-On
X-Li-Fabric
W
Platform
Fastly-Soc-X-Request-Id
Wxu-Next-Commit
Is-Eu
Countrycode
Wxu-Next-Hostname
Esi-Enabled
SD-X-WS
True-Client-Country-4JS
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
ServedBy
Served-By
IBM-Web2-Location
Section-Io-Cache
Wxu-Next-Region
Kp-EeAlive
Memcached
A
Adler-Geo
Cache-Host
Magicmarker
Content-Disposition
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
Cache-Provider
Srv
X-B3-Parentspanid
X-Sucuri-Id
X-VC-Cache
X-SVT-ORM-VERSION
Locale
X-SVT-ORM-RULES
Heartbleed
X-Scheme
X-Geo-Header
X-GeoIP-City
X-MSEdge-Features
X-Dc
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Thanos
X-Swa-Ws
X-ServiceProvider
X-Parent-Response-Time
X-Vdms-Version
X-Qloud-Router
AKAMAI
L
X-LI-Proto
X-Logging-Id
X-Owner
X-MSEdge-Flight
PFcat
X-Method
X-Agile
X-Agile-Age
Pramga
X-Agile-Id
X-Bip
V-Age
X-Cdn-Origin
X-Sn-Servicetimems
X-NodeID
X-Device-Os
Server-ID
Tcn
X-Node-Id
X-Sucuri-Cache
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-CDN-Forward
Cdncip
X-AK-Request-ID
X-Shopify-Generated-Cart-Token
X-Lb-Id
Cdnsip
X-GRACE
X-EC-Lua
X-Planisys-CDN-TTL
X-Unique-Id
X-Planisys-CDN-Rules
GEO-REGION-INFO
X-Planisys-CDN-Cache
X-Servername
Environment
CF-IPCountry
Powered-By-ChinaCache
X-Via-NSCOPI
X-Upstream-Ht
X-Be
X-FPC
X-Upstream-Ct
X-B3-Spanid
X-Zone
Request-Time
X-Nginx-Cache
X-ND-Cache
X-Newrelic-Synthetics
X-RCS-CacheZone
X-VHOST
X-Source
X-Servedbyhost
X-Tb-Optimization-Total-Bytes-Saved
X-Pjax-Url
X-Microcachable
Resin-Trace
X-Trafficlayer-App-Version
X-NGENIX-Cache
X-Instart-Info
X-ElasticPress-Search
X-ECACHE
X-Unique-ID
Group
X-Req
Locid
Geo-Info
X-Backend-Host
X-Oracle-Dms-Rid
X-Backend-Url
X-GEO
X-Gamma-Serve
Memory
FNAC-ModuleRouting
CF-Cached-On
Backend-Name
X-Var-Ttl
X-Served-From
X-Dynatrace
X-IPS-LoggedIn
X-Pf-Uncompressing
X-COUNTRY
N-Cache
X-LJ-Flow-ID
X-Refresh
X-VWS-Id
X-VCL-Version
Gannett-Cam-Experience-Id
X-DC
X-AWS-Id
X-Correlation-ID
Cf-Ipcountry
Pagetype
Pics-Label
Fly-Cache
Amp-Access-Control-Allow-Source-Origin
X-Ratelimit-Remaining
TTL
Cache-Prefix
Lfy
Fly-Request-Id
X-Check-Cacheable
ProcessTime
X-CSRF-Token
Ohc-Cache-HIT
Ohc-File-Size
X-TIME
SRV
GeoIp-Country-Code
X-Render-Time
Cdn
X-Pod
Geoip-Latitude
X-Worker
Geoip-City
X-Bc
X-Sucuri-ID
X-SRV
X-Upstream-CT
X-HTML-Minification-Powered-By
X-Upstream-HT
GeoIP-Country-Code
X-Via-Ucdn
PICS-Label
X-Via-SSL
REQUESTUUID
GeoIP-City
GeoIP-Latitude
X-Cache-Miss-From
X-Sedo-Request-Id
X-NU-AKA-ACS-Version
X-Via-Edge
M-TraceId
XServer
X-Server-W
X-Vcl-Version
Ttl
X-GeoIP-Country-Code
X-Fetched-On
X-CLOUD-TRACE-CONTEXT
Fastly-SIE
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Mode
X-LiteSpeed-Cache-Control
X-Wa
X-Rebelmouse-Surrogate-Control
X-Fstrz
X-APP
X-FORWARDED-FOR
X-PF-Uncompressing
X-HostName
X-Ratelimit-Limit
X-Ua
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-ZONE
X-MP-GENERATED-AT
X-Fastly-Country-Code
MIME-Version
X-HS-Status
HitType
X-Dynatrace-Js-Agent
X-Cache-Tag
X-ServedByHost
User-Agent
On-Server
Pragrma
X-GDPR
HostName
X-Tt-Trace-Tag
Host-ID
X-Swift-Error
X-Aicache-OS
X-WR-MODIFICATION
Cdn-Request-Time
X-Edge-Server
URI
Cdn-Host
X-NGINX-Cache
X-Routing-Service
X-TT-LOGID
X-Upstream-Proxy
X-WA
X-Ratelimit-Reset
X-SN
X-Zipkin-Id
PageSpeed
X-BC
X-PJAX-URL
Who
X-Proxied
X-Cdn-Request-ID
CACHE
X-RateLimit-Reset
X-Action
X-Fastly-Backend-Reqs
X-Response-By
SS
X-Hello
X-BE
X-DI
X-DSS
X-Cache-Ttl
X-RSL
X-RPS
X-RPM
X-Flog
X-UPSTREAM-Address
X-Org
X-ABtesting
X-TH-Server
X-DB
X-DW
X-Edge-O15-RID
Dynatrace
X-Cf-Powered-By
X-LAGOON
Powered-By
X-Varnish-URL
X-ServerName
SN
CDN
X-Fpc
X-Varnish-Cacheable
DataCenter
Media-Length
Debug
LB
Is-Session-Tracking
Server-Id
Requestid
Get-Access-Time
X-Ftr-Cache-Host
X-Gen-Id
X-Nananana
X-LB-ID
Lb
RequestUuid
Country-Code
X-Request-Time
X-Protected-By
X-Varnish-Beresp-TTL
X-Page-Type
XxX-Cache-Status
X-SB
X-VC
NnCoection
Xet-Cookie
Correlation-Id
Product
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Amzn-Remapped-Connection
X-Li-Proto
Thinkindot-Cache-Type
X-Amzn-Remapped-Date
X-LiteSpeed-Tag
SID
X-Dw-Trace-Id
RequestId
Application
X-Fastly-Cache-Hits
Warning
X-Request-Url