Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Iinfo
X-Language
X-AspNetMvc-Version
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Ua-Compatible
X-Cache-Group
X-Age
X-AH-Environment
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-WebKit-CSP
Report-To
X-Ac
EagleEye-TraceId
X-Response-Time
X-Server-Id
X-OneAgent-JS-Injection
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Cloud-Trace-Context
X-Dns-Prefetch-Control
X-Origin-Cache
X-Readtime
X-Cache-Lookup
NEL
X-Vhost
P3p
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-Ws-Request-Id
X-HW
X-Cdn
X-ORACLE-DMS-RID
Allow
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
Surrogate-Control
X-DynaTrace
X-Country
Rating
X-FTR-Request-ID
X-Country-Code
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-Goog-Hash
X-Akam-SW-Version
X-PC
Pinterest-Generated-By
X-Vname
X-TtlSet
X-Ruxit-JS-Agent
X-Instart-Request-ID
X-Url
X-MS-InvokeApp
X-Varnish-TTL
Edge-Control
Verso
X-B3-TraceId
X-Mod-Pagespeed
X-Powered-By-Plesk
SPRequestGuid
X-D2id
X-Trace
Response
Pagespeed
X-Middleton-Response
X-Sol
Display
X-SharePointHealthScore
X-Middleton-Display
Accept-Ch
RTSS
X-VARITI-CCR
Service-Worker-Allowed
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Server-Name
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Server-ID
X-GitHub-Request-Id
X-ESI
SPRequestDuration
SPIisLatency
X-Navigation-Version
X-Vcache
Content-MD5
X-Powered-CMS
X-Debug
X-Abt-Application-Version
X-TTL
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-CST
Public-Key-Pins
Charset
X-Upstream
MS-Author-Via
X-Forwarded-Proto
X-Cached
Accept-Ch-Lifetime
X-Amz-Rid
X-NF-Request-ID
X-Version
X-Px
DynaTrace
Realpath
Edge-Cache-Tag
X-Shard
TCN
MicrosoftSharePointTeamServices
Fastly-Restarts
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ezoic-Cdn
Access-Control-Request-Method
X-MSEdge-Ref
X-Shield-Request-Id
X-DynaTrace-JS-Agent
X-Pinterest-Rid
Pinterest-Version
X-Ser
X-Recruiting
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
X-Fastly-Request-ID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-XRDS-Location
X-Accel-Expires
X-DIS-Request-ID
Front-End-Https
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Client-IP
X-Goog-Storage-Class
X-Varnish-Age
X-Element-Page-Cache
X-Id
X-T
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Expires
X-Webkit-Csp
X-Amzn-Trace-Id
X-Ttl
X-Dw-Request-Base-Id
Cache-Tag
Fastcgi-Cache
X-Fastcgi-Cache
X-HS-Hub-Id
X-HS-Content-Id
X-Content-Digest
X-Frontend
NR-ENABLED
Powered
X-Hits
X-HS-Cache-Config
X-Correlation-Id
X-Kinsta-Cache
X-Webapp-Samesite-None-Activated-N
X-Litespeed-Cache
X-RateLimit-Remaining
X-Grace
X-FTR-Cache-Host
ServerID
X-Aspnetmvc-Version
Alternate-Protocol
X-Hp-Webp
TP-L2-Cache
TP-Cache
X-Request-Received
X-Node-Name
X-Request-Processing-Time
X-Cache-Hit
X-N
X-Microsite
X-Request-Handler-Origin-Region
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
Server-Name
Accept-CH
AMP-Access-Control-Allow-Source-Origin
X-Zen-Fury
X-User-Agent
X-Rid
Accept-CH-Lifetime
Healthy
X-Content-Type
X-Forwarded-For
X-Revision
X-Analytics
Backend-Timing
AR-ATIME
AR-CACHE
AR-PoweredBy
Server-Node
Ar-Sid
X-HS-Combine-CSS
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-LB-Cache
X-Logged-In
X-Az
Cache-Status
X-Activity-Id
X-AppVersion
X-Pad
X-Amz-Apigw-Id
X-Amzn-RequestId
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
Retry-After
X-IPLB-Instance
X-Cached-By
X-FastCGI-Cache
X-Srv
X-Varnish-Grace
X-Type
X-Mobile-URL
X-Via-JSL
Paypal-Debug-Id
X-B3-Sampled
X-Ruxit-Js-Agent
X-GUploader-UploadID
X-F-Cache
X-Content-Options
Refresh
FilterID
X-Cache-Age
Upgrade-Insecure-Requests
X-FB-Debug
X-Instance
X-Tumblr-Pixel-0
X-Debug-Info
X-Tumblr-User
Accept-Charset
X-Tumblr-Pixel
X-Geo-Country
X-Cluster
X-Request-Guid
X-AOL-HN
Access-Control-Allow-Method
Host
X-Page-Id
X-Erf-Bev-Bev
X-App-Environment
X-Erf-Bev-Bev-Is-Generated
X-Jobs
Source
X-PHP-Backend
X-B
Actual-Object-TTL
X-Varnish-Backend
AR-Request-ID
DC
X-Framework
X-Seen-By
X-WebKit-CSP-Report-Only
X-ATG-Version
X-Cache-Key
MS-CV
Fastcgi-Useragent
X-Content-Powered-By
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Whom
X-PressLabs-Stats
X-TT
X-Git-Hash
X-Cache-2
X-Cache-TTL
Cache
X-Cache-Control
X-Esi
X-Host-Name
X-Amz-Replication-Status
X-TA-CDN-Provider
X-UA
X-Wix-Request-Id
Surrogate-Key
X-Signature
X-B-Cache
X-Daa-Tunnel
Host-Header
NGB
X-Cache-Rule
X-Response-Served-From
X-Cache-Operation
Frame-Options
X-FW-Serve
Xserver
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Server
X-Origin-Server
X-Ah-Environment
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Cache-Tv-Group
WPE-Backend
X-Hyper-Cache
X-Region
Cleartype
X-Cache-NE
X-TX-ID
X-Forwarded-Host
X-RequestSource
Webserver
Payment
X-GeoIP
X-Cache-Action
X-Drupal-Cache-Tags
X-Mobile
X-Cache-Enabled
X-Adobe-Content
X-Handled-By
X-Cacheable-TTL
X-Adobe-Loc
Eomportal-Instance
X-SERVER
Filters
From-Origin
X-UA-Device-Type
X-Time
X-ProcessESI
X-RemovedCookies
X-EdgeConnect-Cache-Status
Datacenter
X-RTag
X-Load-Cache
Ms-Operation-Id
X-Hostname
X-NewRelic-App-Data
X-Akamai-Transformed
X-Cache-TTL-Remaining
X-App-Server
Tracecode
X-Cache-Server
X-Status
X-Contextid
X-Edge-Location
Liferay-Portal
X-XRDS-LOCATION
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-Hostname
X-BCube-Filmed-By
X-TT-TIMESTAMP
X-Varnish-Server
Odigeo-Trace-Id
X-Rule
X-ATS-Timestamp
Country
Meta-Geo
X-FW-Dynamic
Load-Balancing
X-ES-SERVER
X-Cache-Var
X-RN-RSRV
Server-Info
X-Path-Route
X-Cache-Var-Map
X-Viewer-Country
X-Xfnlog-Site
X-Via-Fastly
Cache-Tags
X-CCM
X-Debug-Cache
Version
DB-Nickname
X-Upgrade-Enabled
X-OCL
X-PCL
X-Rocket-Nginx-Bypass
X-Cache-Config
Webcakes-App-Version
Webcakes-Region
X-Origin-Response-Time
X-Cache-Host
X-Origin
X-Real-IP
X-Proxy
Azure-Version
TWC-Locale-Group
Webcakes-App-Name
TWC-Privacy
Azure-InstanceId
Azure-RegionName
X-Proto
Azure-SlotName
Azure-SiteName
Fastly-SSL
X-R9-Blue-Green-Version
X-Web-Node
X-IP
X-Akamai-Request-ID
X-TNCMS
TWC-GeoIP-LatLong
X-Hosted-By
X-From
X-Drupal-Cache-Contexts
X-UUID
X-Cache-Time
X-FC-Vary-Parameters
X-Labrador-Cache-Channel
Mn-Server-Ip
X-Pubstack
TWC-GeoIP-Country
L5d-Success-Class
X-Origin-Hint
X-Varnish-Cache-Hits
TWC-Device-Class
X-Loop
Property-Id
TWC-Connection-Speed
X-ServerID
X-EIG-Tracking-Id
S-Rt
X-Redis-Cache
S-Cnection
X-Timing-Wait
X-Goog-Meta-Goog-Reserved-File-Mtime
Selected-Fe
X-Info
Decoy-Debug-Status
Decoy-Debug-TTL
X-Proxy-Build
X-JoinUs
Viewport
X-Generated
X-FireWall-Port
X-Cluster-Name
X-Content-Age
DSUID
X-Format
X-VCT
X-Access
X-Rendered-As
X-ApacheServer
X-Backend-Name
Decoy-Debug-Key
Ec-Rule-Version
Origin-Cache-Control
Release
NGX
X-Human
Cache-Name
X-PERF
X-Akamai-Request-ID2
Origin-Edge-Control
X-Section
X-RateLimit-Limit
X-Time-Microsecs
X-VCache
X-Www-Served-By
X-Vgn-Hpd-Reason
X-Varnish-Hits
X-NWS-UUID-VERIFY
X-Soup
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Origin-TTL
X-Oss-Object-Type
X-Oss-Request-Id
X-Origin-CC
X-Oss-Server-Time
X-Is-Bot
X-Storage
X-Site-Version
X-Locale
X-Guploader-Uploadid
X-B3-Traceid
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
Rt-Fastcgi-Cache
Uber-Trace-Id
X-ORACLE-APMCS-REQUEST-ID
Cache-Key
X-ORACLE-APMCS-TAG
X-PHP-Host
X-WA-Info
X-Generated-By
X-Cache-Backend
Vix-Hermes-Req-Id
X-Amzn-Remapped-Content-Length
X-SS-Set-Cookie
Akamai-GRN
X-Accel-Buffering
Cteonnt-Length
X-GoCache-CacheStatus
Time
X-App-Version
Cache-Hits
X-Hit
X-NCache
GEO-INFO
X-Cache-Remote
X-Backend-TTL
Origin
X-Cache-Grace
X-Nginx-Cache-Key
X-APP-VERSION
X-FB-TRIP-ID
X-Presslabs-Stats
X-CF-Powered-By
X-CS
X-Device-Type
X-Trace-Id
X-Tumblr-Pixel-3
Accept-Language
X-L-Path
X-SaId
X-Environment-Context
X-No-Session
X-Tb
X-OVcl
X-MServer
X-OVcl-Cache
Access-Control-Request-Headers
X-S
X-SayCDN-TTL
X-Say-Cacheable
X-URL
X-Say-TTL
X-Geo
X-B3-SpanId
X-Uri
X-Cluster-Node
X-Tec-Api-Origin
Mime-Version
X-Tec-Api-Root
Fastcgi-X-Cache-Version
X-CACHE-KEY
X-Tec-Api-Version
X-Via-CDN
User-Cache-Control
Hostname
Request-EU
X-Connection-Hash
X-ScT
IsBot
X-Processor
Rendered-Blocks
Request-Country
Apple-News-Services-Handled
X-Destination
X-PAYTM-SRV-ID
Rt-Proxy-Cache
X-SIPLIST1
X-B-Cookie
X-Server-Time
X-Session-Fingerprint
Content-Style-Type
Now
X-Request-UUID
X-Region-Sid
Meta-Geo-Continent
Mobile-Detection-Method
Node
X-DPWN-IS-SECURE
X-D
MD5-Digest
X-Rojux
X-S-Cookie
Content-Script-Type
X-Rewrite-Enabled
X-Hl-Ver
Machine
X-Date
BehaviorPad-Version
X-Twitter-Response-Tags
X-Accel-Expires-Debug
X-Aed
X-Trv-Group
X-A-Wwc
X-A-Dcw
X-A-Dgt
X-Transaction
X-AIR-PT
X-Unique-Id
X-ARC
Apple-News-Services-Host
X-VG-WebCache
X-Application
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
Xc-Version
X-A-Dam
X-UnsetCookies
Arc-Country
X-SRCache-Key
AsisCache
X-Detected-As
Cross-Origin-Window-Policy
X-G
T-Server
X-CF-Lambda-Version
X-CF-Lambda-Fn
Apple-News-Services-Parsed-Url
X-A
X-A-Ccd
Apple-News-Services-Request-Url
VivaBuild
X-Svr
Viewtype
X-External-Request-Id
X-Endurance-Cache-Level
ServerName
X-CSRF-TOKEN
X-FW-Version
CDCHOST
X-Hnp-Log
RNT-Machine
Web-Mar-Node
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Cache-Info
X-Cache-Debug
X-Block-Status
X-Cache-Bucket
Thinkindot-CacheControl
X-Clara-WADP
X-Debug-Cookies
X-Debug-Log
X-Core-Value
RNT-Time
Server-Int
X-Cms-Context
X-Gen-Mode
X-Matched-Rule
X-NX-Host
X-CDN-Forward
X-Proxy-Cache-Status
X-Service
X-WADP-Cache
Srv
OT-Force-Account-Verify
X-Reboot
We-Hiring
Mail-Subject
X-Proxy-Upstream
X-Thinkindot-L3
X-Request-URI
Server-Host
X-S-Maxage
X-Location
X-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-PodId
NtCoent-Length
X-Sorting-Hat-ShopId
X-NC
X-B3-Parentspanid
Wxu-Next-Commit
X-CGP
Wxu-Next-Hostname
X-Skip-Cache
X-Dispatcher-Server
X-Generated-On
X-SD-PageType
X-Compress-Hint
X-Clientip
X-CUA
X-Dispatch
Wxu-Next-Region
Served-By
X-Variation
X-We-Are-Hiring
X-WebServer
X-Cache-FS-Status
X-C
X-VC-Cache
X-Backend-State
X-Webstats-RespID
X-VServer
X-VG-TLSProxy
X-Up
X-Cache-Id
X-Cache-URL
X-SVT-ORM-VERSION
X-Cdn-Srv
ServedBy
X-Scheme
Kp-EeAlive
X-Wikidot-Backend
X-TrackingId
X-Wikidot-Static-Cache
Cache-Host
X-SVT-ORM-RULES
X-Debug-Cache-Expiry
X-GeoIP-City
X-Has-Esi
X-Origin-Expires
X-Origin-Date
X-Geo-Header
X-Generation-Time
X-Generated-In
X-Platform-Server
X-Reqid
X-Old-Content-Length
X-Irp-Debug
X-Key
X-Li-Fabric
X-Li-Pop
X-JWT-State
X-Is-Gdpr
X-User
X-Method
X-Magnolia-Registration
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-LI-UUID
X-Debug-Cache-Fetch
X-Level-Front-Cache
X-Instart-Isnd
X-Request-Start
X-IN-APIGATEWAY
X-Core-Mission
X-IN-APIGATEWAYSSL
X-Debug-Cache-Store
X-Ms-Request-Id
X-Ms-Version
X-Fastly-Cache
X-Policy
X-Eu-Site
X-Epic-Correlation-Id
X-Developers
X-Distil-CS
X-Distributor
X-Hash
X-Azure-Ref
Magicmarker
L
Is-Eu
Memcached
PFcat
Section-Io-Cache
SD-X-WS
Platform
IBM-Web2-Location
HA-Ipaddr
Countrycode
Fastly-Soc-X-Request-Id
Esi-Enabled
Content-Disposition
AKAMAI
Ha-Gx-Prefs
Gh-Request-Id
Adler-Geo
X-Varnish-Beresp-Ttl
Proxy-Connection
X-Varnish-Beresp-Status
X-Parent-Response-Time
X-7Graus-Varnish-Cache-Control
X-Amz-Meta-Cache-Control
X-App-Name
X-Azure-Ref-OriginShield
X-Auto-Login
W
X-7Graus-Varnish-XKeys
X-Varnish-Beresp-Grace
True-Client-Country-4JS
X-Shopify-Generated-Cart-Token
X-Nc
X-Cdn-Forward
X-Dc
X-Owner
Cdncip
X-Qloud-Router
Cdnsip
Heartbleed
X-Agile-Id
X-Internal-Host
X-BBXSRF
X-Bip
X-ServiceProvider
X-MSEdge-Features
X-MSEdge-Flight
X-Release
X-LI-Proto
X-Urbn-Site-Id
X-Urbn-Context-Path
Pramga
X-Agile-Age
X-Agile
X-Logging-Id
Locale
X-Thanos
X-Vdms-Version
V-Age
X-AK-Request-ID
X-Swa-Ws
X-Server-IP
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-Sucuri-Cache
X-EC-Lua
Cache-Provider
X-Developer
Server-ID
X-B3-Spanid
A
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-NodeID
X-RCS-CacheZone
X-Upstream-Ht
X-Cdn-Origin
X-Upstream-Ct
X-Via-NSCOPI
Powered-By-ChinaCache
X-Sn-Servicetimems
X-Servername
X-Source
X-GRACE
X-Device-Os
X-Sucuri-Id
X-Node-Id
GEO-REGION-INFO
X-ND-Cache
Environment
CF-IPCountry
X-FPC
X-Nginx-Cache
X-Trafficlayer-App-Version
X-Lb-Id
X-Be
X-Zone
X-VHOST
X-SRV
X-Servedbyhost
Tcn
X-Req
X-Microcachable
X-Tb-Optimization-Total-Bytes-Saved
Locid
Geo-Info
X-Newrelic-Synthetics
X-TIME
X-Webkit-CSP
Resin-Trace
X-Served-From
FNAC-ModuleRouting
Request-Time
X-Gamma-Serve
X-Sucuri-ID
X-Refresh
X-Pjax-Url
X-Ratelimit-Remaining
X-FORWARDED-FOR
ProcessTime
X-ECACHE
X-ElasticPress-Search
X-Pf-Uncompressing
Memory
X-Instart-Info
X-NGENIX-Cache
X-HTML-Minification-Powered-By
CF-Cached-On
X-VCL-Version
Group
Gannett-Cam-Experience-Id
X-LJ-Flow-ID
X-AWS-Id
X-COUNTRY
X-Backend-Host
X-Backend-Url
X-DC
X-IPS-LoggedIn
X-VWS-Id
X-Render-Time
Cf-Ipcountry
X-Correlation-ID
X-Var-Ttl
Amp-Access-Control-Allow-Source-Origin
TTL
X-NU-AKA-ACS-Version
Backend-Name
X-CSRF-Token
X-Unique-ID
GeoIp-Country-Code
Geoip-Latitude
X-GEO
Geoip-City
Pics-Label
X-GeoIP-Country-Code
PICS-Label
N-Cache
X-Pod
X-Bc
GeoIP-Country-Code
GeoIP-Latitude
Cache-Prefix
REQUESTUUID
Fly-Request-Id
GeoIP-City
X-Check-Cacheable
Pagetype
M-TraceId
Fly-Cache
Cdn
X-Via-SSL
X-Mode
Lfy
X-Via-Edge
XServer
Ttl
X-APP
X-MP-GENERATED-AT
X-Vcl-Version
SRV
X-Worker
MIME-Version
X-CLOUD-TRACE-CONTEXT
X-Ratelimit-Limit
X-Via-Ucdn
X-Fstrz
Ohc-File-Size
X-Cache-Miss-From
Ohc-Cache-HIT
X-LiteSpeed-Cache-Control
X-Sedo-Request-Id
X-Upstream-HT
X-Upstream-CT
X-ZONE
HitType
HostName
X-Fetched-On
X-Server-W
Host-ID
X-PF-Uncompressing
X-Rebelmouse-Surrogate-Control
Cache-Cookie-Set-Idcheck
X-Fastly-Country-Code
Fastly-SIE
X-HS-Status
X-Zipkin-Id
X-Routing-Service
X-Rebelmouse-Cache-Control
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Wa
Fastly-SWR
X-Proxied
X-Dynatrace-Js-Agent
X-Swift-Error
X-ServedByHost
User-Agent
Pragrma
X-Cache-Tag
X-Oracle-Dms-Rid
URI
X-Cdn-Request-ID
X-PJAX-URL
On-Server
X-Varnish-Ttl
X-Dynatrace
X-HostName
X-BC
X-Aicache-OS
X-WR-MODIFICATION
X-NGINX-Cache
X-Tt-Trace-Tag
X-TH-Server
Powered-By
X-GDPR
Who
X-WA
X-TT-LOGID
X-UPSTREAM-Address
CACHE
X-RateLimit-Reset
Cdn-Request-Time
X-Fastly-Backend-Reqs
CDN
X-Edge-O15-RID
Cdn-Host
X-Request-Time
X-Edge-Server
X-BE
Dynatrace
X-Ua
X-Varnish-Cacheable
X-Hello
X-ABtesting
X-Flog
X-Varnish-URL
Media-Length
X-SN
X-LAGOON
X-LB-ID
X-Fpc
DataCenter
X-Cf-Powered-By
X-Response-By
X-Org
Debug
X-DW
X-DSS
X-DB
X-RPS
SN
X-DI
X-Action
X-RPM
Is-Session-Tracking
LB
Server-Id
Get-Access-Time
SS
X-RSL
X-ServerName
X-Ftr-Cache-Host
X-Cache-Ttl
FSS-Cache
X-Varnish-Beresp-TTL
X-Protected-By
FSS-Proxy
X-Gen-Id
X-Upstream-Proxy
Requestid
X-Nananana
Warning
X-Tt-Trace-Host
Cneonction
NnCoection
XxX-Cache-Status
SID
X-Amzn-Remapped-Connection
X-Request-Url
X-Fastly-Cache-Hits
Product
Thinkindot-Cache-Type
X-Li-Proto
X-Dw-Trace-Id
RequestId
X-Akamai-ERRuleID
Application
X-Amzn-Remapped-Date
X-LiteSpeed-Tag
X-Akamai-ERPolicy