Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
CF-RAY
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Request-ID
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
X-Content-Security-Policy
Status
Content-Encoding
X-AspNetMvc-Version
X-Buckets
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
CF-Ray
X-Ua-Compatible
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
EagleId
X-AH-Environment
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-WebKit-CSP
Report-To
X-Ac
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Response-Time
X-Server-Id
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Cloud-Trace-Context
X-Origin-Cache
X-Dns-Prefetch-Control
X-Readtime
X-Cdn
X-Cache-Lookup
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
Surrogate-Control
X-Country
Rating
X-Ws-Request-Id
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Pinterest-Generated-By
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-Akam-SW-Version
X-Vname
X-TtlSet
X-PC
X-MS-InvokeApp
X-Url
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Varnish-TTL
Edge-Control
Accept-Ch
X-Powered-By-Plesk
Verso
X-B3-TraceId
X-Mod-Pagespeed
SPRequestGuid
X-D2id
X-Sol
Response
X-Middleton-Response
X-SharePointHealthScore
Display
X-Middleton-Display
X-Trace
X-VARITI-CCR
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Kinja-Server
RTSS
Pagespeed
X-Server-ID
X-Server-Name
Service-Worker-Allowed
X-GitHub-Request-Id
X-ESI
SPIisLatency
SPRequestDuration
X-Navigation-Version
Accept-Ch-Lifetime
X-Powered-CMS
X-Debug
Content-MD5
X-Vcap-Request-Id
X-Abt-Application-Version
X-Vcache
X-CST
Public-Key-Pins
X-Amz-Server-Side-Encryption
MS-Author-Via
Charset
X-Px
X-Upstream
X-Version
X-Amz-Rid
X-NF-Request-ID
X-Forwarded-Proto
X-TTL
DynaTrace
X-Aspnetmvc-Version
Realpath
X-Cached
X-Shard
TCN
Fastly-Restarts
MicrosoftSharePointTeamServices
X-Recruiting
X-TEC-API-VERSION
Edge-Cache-Tag
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Ezoic-Cdn
Arr-Disable-Session-Affinity
X-MSEdge-Ref
Pinterest-Version
X-Pinterest-Rid
X-DynaTrace-JS-Agent
Access-Control-Request-Method
X-Shield-Request-Id
Nginx-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
S
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Fastly-Request-ID
Front-End-Https
X-XRDS-Location
X-Ah-Environment
X-Accel-Expires
X-DIS-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-Ttl
X-Id
X-Element-Page-Cache
X-T
X-Varnish-Age
X-Client-IP
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Webkit-Csp
X-FTR-Expires
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
NR-ENABLED
X-RateLimit-Remaining
X-Fastcgi-Cache
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
X-Content-Digest
Cache-Tag
Powered
X-Hits
X-Kinsta-Cache
X-Correlation-Id
X-Grace
X-Litespeed-Cache
ServerID
X-FTR-Cache-Host
X-HS-Cache-Config
X-Forwarded-For
AR-PoweredBy
Ar-Sid
AR-ATIME
AR-CACHE
TP-L2-Cache
TP-Cache
X-Cache-Hit
X-Node-Name
Alternate-Protocol
PB-PID
X-Hp-Webp
X-Request-Processing-Time
PB-RID
X-Request-Received
X-N
X-Mobile-Rewrite
X-Request-Handler-Origin-Region
X-Webapp-Samesite-None-Activated-N
Arc-Version
X-Microsite
AMP-Access-Control-Allow-Source-Origin
X-Zen-Fury
X-Content-Type
Server-Name
X-Rid
X-User-Agent
X-Revision
X-Srv
Healthy
Server-Node
X-LB-Cache
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-Activity-Id
X-AppVersion
X-Az
Cache-Status
X-Analytics
Backend-Timing
Retry-After
X-Logged-In
X-SERVER
X-FastCGI-Cache
X-Via-JSL
X-IPLB-Instance
X-HS-Combine-CSS
Paypal-Debug-Id
X-Oneagent-Js-Injection
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cached-By
X-NWS-LOG-UUID
AR-Request-ID
X-Type
X-Pad
X-Varnish-Grace
X-Ruxit-Js-Agent
X-GUploader-UploadID
X-Cache-Age
X-Mobile-URL
X-B3-Sampled
FilterID
X-F-Cache
X-Content-Options
Refresh
X-FB-Debug
X-Geo-Country
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Accept-Charset
X-Cluster
Access-Control-Allow-Method
Source
X-AOL-HN
X-App-Environment
X-Instance
X-Jobs
X-Page-Id
X-Request-Guid
X-B
X-Seen-By
Host
Actual-Object-TTL
X-Framework
X-Debug-Info
X-PHP-Backend
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
DC
X-Varnish-Backend
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
Accept-CH-Lifetime
Accept-CH
MS-CV
X-Whom
X-Cache-Key
X-ATG-Version
Fastcgi-Useragent
X-Content-Powered-By
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-TT
X-PressLabs-Stats
X-Git-Hash
X-Host-Name
X-Cache-2
X-Cache-Control
X-Esi
X-TA-CDN-Provider
X-Time
X-Cache-TTL
X-Amz-Replication-Status
X-Wix-Request-Id
Cache
Surrogate-Key
Frame-Options
X-Cache-Rule
X-Cache-Operation
X-FW-Serve
X-FW-Server
X-Kong-Proxy-Latency
NGB
X-Signature
X-Kong-Upstream-Latency
X-B-Cache
X-FW-Type
X-FW-Static
X-FW-Hash
X-Response-Served-From
X-Forwarded-Host
Host-Header
X-Daa-Tunnel
Xserver
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Mobile
Cache-Tv-Group
X-Origin-Server
Webserver
X-GeoIP
Filters
X-TX-ID
Eomportal-Instance
X-Hyper-Cache
X-Region
Payment
X-UA
X-Cache-Action
X-UA-Device-Type
X-Drupal-Cache-Tags
X-Cacheable-TTL
X-Handled-By
X-Adobe-Loc
X-Adobe-Content
WPE-Backend
X-Cache-NE
From-Origin
Cleartype
X-RequestSource
X-EdgeConnect-Cache-Status
X-Cache-Enabled
X-App-Server
X-RemovedCookies
X-ProcessESI
Tracecode
Ms-Operation-Id
X-RTag
Datacenter
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-NewRelic-App-Data
X-Status
X-Hostname
X-Contextid
X-Load-Cache
X-Cache-Server
Liferay-Portal
X-VCache
X-Yottaa-Metrics
X-XRDS-LOCATION
X-Yottaa-Optimizations
X-BCube-Filmed-By
X-Edge-Location
X-RateLimit-Limit
X-TT-TIMESTAMP
Odigeo-Trace-Id
X-Varnish-Hostname
X-FW-Dynamic
X-Path-Route
Server-Info
X-RN-RSRV
Meta-Geo
Load-Balancing
X-Varnish-Server
X-ES-SERVER
X-Cache-Var
X-Rule
X-Cache-Var-Map
Version
X-IP
X-Viewer-Country
X-CCM
X-Debug-Cache
X-Rocket-Nginx-Bypass
Country
X-Xfnlog-Site
X-Cache-Config
DB-Nickname
X-Loop
Azure-SiteName
Azure-SlotName
Fastly-SSL
Azure-Version
X-Labrador-Cache-Channel
X-Via-Fastly
Azure-InstanceId
S-Rt
X-UUID
X-Web-Node
X-Hosted-By
Azure-RegionName
Cache-Tags
X-Info
X-TNCMS
X-Proto
Cache-Name
X-FC-Vary-Parameters
X-Pubstack
X-Origin-TTL
X-From
X-Origin-CC
X-R9-Blue-Green-Version
X-Cache-Host
X-Proxy
X-Real-IP
X-ServerID
X-PCL
X-OCL
X-EIG-Tracking-Id
X-Proxy-Build
X-FireWall-Port
Mn-Server-Ip
X-Backend-Name
X-Drupal-Cache-Contexts
X-Generated
Decoy-Debug-TTL
X-Cluster-Name
X-Origin-Response-Time
Decoy-Debug-Key
X-Content-Age
DSUID
Decoy-Debug-Status
Ec-Rule-Version
Release
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
TWC-Locale-Group
Webcakes-Region
TWC-GeoIP-LatLong
Webcakes-App-Version
X-Varnish-Cache-Hits
TWC-Privacy
Webcakes-App-Name
X-Rendered-As
X-Upgrade-Enabled
X-JoinUs
X-Akamai-Request-ID
X-Origin-Hint
X-Timing-Wait
Property-Id
Origin-Edge-Control
X-Akamai-Request-ID2
Selected-Fe
X-Cache-Time
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Origin-Cache-Control
L5d-Success-Class
X-Redis-Cache
X-Vgn-Hpd-Reason
X-Soup
X-PERF
S-Cnection
X-Varnish-Hits
X-VCT
X-ApacheServer
X-Human
NGX
X-Time-Microsecs
X-Section
X-Www-Served-By
Rt-Fastcgi-Cache
X-Site-Version
Viewport
X-Storage
X-Access
X-Format
X-Locale
X-Guploader-Uploadid
X-NWS-UUID-VERIFY
X-WA-Info
X-Is-Bot
X-B3-Traceid
Cache-Key
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
GEO-INFO
X-Oss-Object-Type
X-Oss-Storage-Class
X-App-Version
X-BYPASS-REASON
Uber-Trace-Id
X-ProxyCache-Key
Vix-Hermes-Req-Id
X-ProxyCache-Status
X-GoCache-CacheStatus
X-Cache-Grace
X-ATS-Timestamp
Cteonnt-Length
X-PHP-Host
X-Webkit-CSP
Cache-Hits
X-Cache-Backend
X-Generated-By
X-NCache
X-Backend-TTL
Time
X-Amzn-Remapped-Content-Length
X-Hit
X-SS-Set-Cookie
Akamai-GRN
X-Device-Type
X-ORACLE-APMCS-REQUEST-ID
X-CS
X-Cache-Remote
X-ORACLE-APMCS-TAG
X-B3-SpanId
X-Trace-Id
X-Tumblr-Pixel-3
Accept-Language
X-Accel-Buffering
Origin
X-Nginx-Cache-Key
X-CF-Powered-By
X-OVcl-Cache
X-OVcl
X-S
Mime-Version
X-FB-TRIP-ID
Hostname
X-UnsetCookies
X-Presslabs-Stats
X-L-Path
X-Environment-Context
X-No-Session
X-Via-CDN
X-Cluster-Node
Fastcgi-X-Cache-Version
X-APP-VERSION
X-Uri
X-URL
X-MServer
X-Tb
X-Tec-Api-Version
X-Tec-Api-Origin
X-SayCDN-TTL
Access-Control-Request-Headers
Now
X-Tec-Api-Root
X-Say-Cacheable
X-Say-TTL
X-CACHE-KEY
X-SaId
X-FW-Version
ServerName
X-Cdn-Forward
User-Cache-Control
Content-Script-Type
Cross-Origin-Window-Policy
X-Trv-Group
Content-Style-Type
IsBot
X-SRCache-Key
X-Svr
BehaviorPad-Version
Machine
X-Transaction
Arc-Country
Apple-News-Services-Handled
Apple-News-Services-Host
X-Vtex-Processado-Em
X-SIPLIST1
X-VG-WebServer
Apple-News-Services-Parsed-Url
X-Twitter-Response-Tags
Xc-Version
X-Vtex-Remote-Cache
X-VG-WebCache
Apple-News-Services-Request-Url
AsisCache
X-Server-Time
X-Hl-Ver
X-G
X-Accel-Expires-Debug
X-Aed
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A-Dam
X-A-Dcw
X-AIR-PT
X-External-Request-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Destination
X-B-Cookie
X-DPWN-IS-SECURE
X-Application
X-Detected-As
X-A
X-PAYTM-SRV-ID
X-ScT
Rendered-Blocks
Request-Country
Request-EU
X-Date
X-Session-Fingerprint
Meta-Geo-Continent
Mobile-Detection-Method
Node
Rt-Proxy-Cache
T-Server
X-Request-UUID
X-Region-Sid
X-Processor
VivaBuild
X-Rewrite-Enabled
Viewtype
X-S-Cookie
X-Rojux
MD5-Digest
X-ARC
Proxy-Connection
X-CSRF-TOKEN
X-Endurance-Cache-Level
OT-Force-Account-Verify
X-Request-URI
X-Geo
X-S-Maxage
X-Matched-Rule
X-NC
X-Cache-Info
X-Reboot
X-Proxy-Upstream
X-Debug-Cookies
X-Location
X-NX-Host
X-Cms-Context
X-Debug-Log
X-Cache-Bucket
X-Proxy-Cache-Status
X-Clara-WADP
X-Cache-Debug
Thinkindot-CacheControl
Server-Host
Web-Mar-Node
X-Hnp-Log
X-WADP-Cache
Mail-Subject
X-Gen-Mode
We-Hiring
X-Block-Status
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Thinkindot-L3
Server-Int
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Fastly-Cache
X-Distributor
X-Debug-Cache-Store
X-Dispatcher-Server
X-Generated-On
X-Generation-Time
X-Dispatch
X-Developer
X-Generated-In
X-Cache-URL
X-Auto-Login
X-BBXSRF
X-Cache-FS-Status
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Cache-Id
X-Has-Esi
X-CUA
X-Debug-Cache-Expiry
X-Core-Mission
X-Compress-Hint
X-Cdn-Srv
X-Clientip
X-Debug-Cache-Fetch
X-Level-Front-Cache
X-Shopify-Stage
X-Skip-Cache
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Reqid
X-Request-Start
X-SD-PageType
X-Server-IP
X-TrackingId
X-Up
X-WebServer
X-Webstats-RespID
X-Core-Value
X-Service
X-We-Are-Hiring
X-VServer
X-User
X-Variation
NtCoent-Length
X-Release
X-RateLimit-Remaining-Second
X-Is-Gdpr
X-JWT-State
X-Key
True-Client-Country-4JS
X-Irp-Debug
X-Internal-Host
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Li-Pop
X-LI-UUID
X-Origin-Expires
X-Platform-Server
X-Policy
X-RateLimit-Limit-Second
X-Origin-Date
X-Old-Content-Length
X-Magnolia-Registration
X-Ms-Request-Id
X-Ms-Version
X-Hash
X-Li-Fabric
Platform
Memcached
Magicmarker
RNT-Machine
RNT-Time
Served-By
Section-Io-Cache
SD-X-WS
Kp-EeAlive
Is-Eu
Cache-Host
Adler-Geo
A
CDCHOST
Content-Disposition
Gh-Request-Id
Esi-Enabled
Countrycode
ServedBy
IBM-Web2-Location
X-B3-Parentspanid
Srv
X-Nc
Cache-Provider
Fastly-Soc-X-Request-Id
X-SVT-ORM-VERSION
X-LI-Proto
X-Logging-Id
X-Dc
Wxu-Next-Commit
Wxu-Next-Hostname
X-SVT-ORM-RULES
Ha-Gx-Prefs
X-Epic-Correlation-Id
X-Distil-CS
Locale
X-Eu-Site
X-Urbn-Context-Path
X-MSEdge-Features
HA-Ipaddr
Heartbleed
Wxu-Next-Region
X-Method
X-ServiceProvider
V-Age
X-Wikidot-Backend
X-VG-TLSProxy
X-Vdms-Version
X-Urbn-Site-Id
X-Thanos
X-Swa-Ws
X-Wikidot-Static-Cache
AKAMAI
X-GeoIP-City
X-Developers
X-Scheme
X-Owner
X-Geo-Header
PFcat
W
X-MSEdge-Flight
X-VC-Cache
X-Azure-Ref
X-Azure-Ref-OriginShield
Pramga
X-Backend-State
X-C
X-App-Name
X-CGP
X-Bip
X-Parent-Response-Time
X-NodeID
X-Sn-Servicetimems
X-Agile
L
X-Agile-Id
X-Agile-Age
Server-ID
X-Sucuri-Id
X-Qloud-Router
X-Cdn-Origin
X-Node-Id
X-Device-Os
X-Unique-Id
Cdncip
Cdnsip
X-Lb-Id
X-Shopify-Generated-Cart-Token
X-CDN-Forward
X-AK-Request-ID
X-EC-Lua
X-GRACE
X-Sigma
X-Planisys-CDN-Rules
GEO-REGION-INFO
X-Planisys-CDN-TTL
X-Sigma-Backend
X-Sucuri-Cache
X-Planisys-CDN-Cache
X-Rocket-Build-Number
X-Servername
CF-IPCountry
Environment
X-Be
X-Upstream-Ct
Powered-By-ChinaCache
X-Via-NSCOPI
X-FPC
X-Upstream-Ht
X-B3-Spanid
X-Zone
X-ND-Cache
Request-Time
X-Newrelic-Synthetics
X-VHOST
X-Nginx-Cache
Resin-Trace
X-Servedbyhost
Tcn
X-Microcachable
X-Pjax-Url
X-Trafficlayer-App-Version
X-RCS-CacheZone
X-Instart-Info
X-Source
X-ECACHE
X-NGENIX-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-ElasticPress-Search
X-GEO
Group
X-Backend-Host
X-Oracle-Dms-Rid
X-Backend-Url
X-Ratelimit-Remaining
Locid
Memory
X-Var-Ttl
X-Served-From
X-Gamma-Serve
Backend-Name
CF-Cached-On
X-Req
X-Dynatrace
X-IPS-LoggedIn
X-Unique-ID
X-VWS-Id
X-DC
Geo-Info
Gannett-Cam-Experience-Id
X-AWS-Id
X-Refresh
X-COUNTRY
FNAC-ModuleRouting
X-VCL-Version
X-Pf-Uncompressing
N-Cache
X-LJ-Flow-ID
X-Correlation-ID
Pagetype
X-Check-Cacheable
Cache-Prefix
TTL
Fly-Request-Id
X-Sucuri-ID
Cf-Ipcountry
Lfy
Fly-Cache
Amp-Access-Control-Allow-Source-Origin
Ohc-File-Size
Ohc-Cache-HIT
X-TIME
SRV
X-CSRF-Token
GeoIp-Country-Code
X-Bc
Cdn
X-Pod
X-Worker
Geoip-Latitude
X-SRV
Geoip-City
ProcessTime
Pics-Label
X-HTML-Minification-Powered-By
X-Upstream-HT
X-Upstream-CT
X-Via-Edge
X-NU-AKA-ACS-Version
X-Render-Time
X-Via-Ucdn
X-Via-SSL
M-TraceId
REQUESTUUID
X-Sedo-Request-Id
PICS-Label
GeoIP-City
X-Cache-Miss-From
GeoIP-Latitude
GeoIP-Country-Code
XServer
Ttl
X-Vcl-Version
X-GeoIP-Country-Code
X-Server-W
X-Fetched-On
X-CLOUD-TRACE-CONTEXT
Fastly-SIE
X-APP
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Wa
X-LiteSpeed-Cache-Control
X-Mode
Fastly-SWR
X-Fstrz
X-Ratelimit-Limit
X-FORWARDED-FOR
X-PF-Uncompressing
X-Ua
MIME-Version
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-HS-Status
X-ZONE
X-Fastly-Country-Code
X-MP-GENERATED-AT
X-Dynatrace-Js-Agent
X-ServedByHost
On-Server
X-Cache-Tag
X-GDPR
Pragrma
Host-ID
X-Tt-Trace-Tag
User-Agent
HitType
HostName
X-HostName
X-Swift-Error
X-Aicache-OS
X-Edge-Server
X-NGINX-Cache
Cdn-Host
X-Varnish-Ttl
X-WR-MODIFICATION
Cdn-Request-Time
URI
X-WA
Who
X-Routing-Service
PageSpeed
X-PJAX-URL
X-BC
X-Ratelimit-Reset
X-Proxied
X-SN
X-Upstream-Proxy
X-Cdn-Request-ID
X-Zipkin-Id
X-TT-LOGID
CACHE
X-RateLimit-Reset
X-TH-Server
SS
X-BE
X-Action
X-DB
X-Cache-Ttl
X-DI
X-Edge-O15-RID
X-Fastly-Backend-Reqs
X-Flog
X-RPM
X-Response-By
X-Hello
X-Org
X-ABtesting
X-RSL
X-RPS
X-DSS
X-UPSTREAM-Address
X-DW
Dynatrace
CDN
X-LAGOON
X-Fpc
Powered-By
X-Cf-Powered-By
SN
X-Varnish-URL
X-Varnish-Cacheable
DataCenter
X-ServerName
Server-Id
Media-Length
Requestid
Is-Session-Tracking
LB
Get-Access-Time
Debug
X-Ftr-Cache-Host
X-Protected-By
X-Page-Type
RequestUuid
X-Varnish-Beresp-TTL
X-LB-ID
X-Gen-Id
Country-Code
Lb
X-Nananana
Thinkindot-Cache-Type
NnCoection
RequestId
X-SB
SID
X-VC
XxX-Cache-Status
X-LiteSpeed-Tag
X-Li-Proto
X-Akamai-ERPolicy
X-Request-Time
X-Akamai-ERRuleID
Product
Application
Xet-Cookie
Correlation-Id
X-Dw-Trace-Id
X-Request-Url
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Warning
X-Fastly-Cache-Hits