Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Alt-Svc
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Iinfo
X-Language
X-AspNetMvc-Version
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Ua-Compatible
X-Cache-Group
X-Age
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-AH-Environment
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Rq
Report-To
X-Ac
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Server-Id
X-Response-Time
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Origin-Cache
X-Readtime
X-Cloud-Trace-Context
X-Cdn
X-Cache-Lookup
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-Dns-Prefetch-Control
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Ws-Request-Id
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
Surrogate-Control
X-Country
Rating
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
X-Goog-Hash
X-Akam-SW-Version
Pinterest-Generated-By
X-Varnish-TTL
X-TtlSet
X-Vname
X-PC
X-Ruxit-JS-Agent
X-Instart-Request-ID
X-MS-InvokeApp
X-Url
Edge-Control
Accept-Ch
Verso
X-Mod-Pagespeed
X-Powered-By-Plesk
SPRequestGuid
X-B3-TraceId
X-D2id
X-Trace
Response
X-Sol
Pagespeed
X-Middleton-Response
X-Middleton-Display
Display
X-SharePointHealthScore
X-VARITI-CCR
RTSS
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
X-GoogleNews-Bot
Service-Worker-Allowed
X-Server-ID
X-Server-Name
X-GitHub-Request-Id
X-ESI
SPRequestDuration
SPIisLatency
X-Vcache
X-Navigation-Version
Accept-Ch-Lifetime
Content-MD5
X-Powered-CMS
X-Abt-Application-Version
X-Debug
X-Vcap-Request-Id
X-CST
X-Amz-Server-Side-Encryption
Public-Key-Pins
Charset
MS-Author-Via
X-Upstream
X-TTL
X-Forwarded-Proto
X-Px
X-NF-Request-ID
X-Version
X-Cached
DynaTrace
X-Amz-Rid
Realpath
X-Shard
TCN
Fastly-Restarts
Edge-Cache-Tag
MicrosoftSharePointTeamServices
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Ezoic-Cdn
Arr-Disable-Session-Affinity
X-Recruiting
X-MSEdge-Ref
Access-Control-Request-Method
Pinterest-Version
X-Pinterest-Rid
X-Shield-Request-Id
X-DynaTrace-JS-Agent
X-Ser
S
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
Nginx-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-XRDS-Location
Front-End-Https
X-DIS-Request-ID
X-Accel-Expires
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-Ttl
X-Goog-Storage-Class
X-Varnish-Age
X-Element-Page-Cache
X-Trafficlayer-App-Scope
X-Id
X-Trafficlayer-App-Name
X-T
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
X-RateLimit-Remaining
X-Fastcgi-Cache
NR-ENABLED
X-HS-Hub-Id
Cache-Tag
X-HS-Content-Id
X-Frontend
X-Content-Digest
Powered
X-Hits
X-Kinsta-Cache
X-Correlation-Id
X-HS-Cache-Config
X-Litespeed-Cache
X-Grace
X-FTR-Cache-Host
ServerID
X-Webapp-Samesite-None-Activated-N
X-Aspnetmvc-Version
X-Webkit-Csp
Alternate-Protocol
TP-Cache
TP-L2-Cache
X-Node-Name
X-Hp-Webp
X-Cache-Hit
X-Request-Received
X-Request-Processing-Time
X-Forwarded-For
PB-RID
PB-PID
X-Request-Handler-Origin-Region
X-N
X-Microsite
X-Ah-Environment
Arc-Version
X-Mobile-Rewrite
AR-ATIME
Ar-Sid
AR-CACHE
AR-PoweredBy
AMP-Access-Control-Allow-Source-Origin
X-Zen-Fury
Server-Name
X-Content-Type
X-Rid
X-User-Agent
Healthy
X-Analytics
Server-Node
Backend-Timing
X-Revision
X-LB-Cache
X-Content-Security-Policy-Report-Only
X-Logged-In
X-Akamai-Edgescape
Cache-Status
X-AppVersion
X-Az
X-Activity-Id
X-HS-Combine-CSS
X-Srv
Retry-After
X-IPLB-Instance
X-FastCGI-Cache
X-Cached-By
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Oneagent-Js-Injection
X-NWS-LOG-UUID
X-GUploader-UploadID
X-Pad
X-Via-JSL
X-Type
Paypal-Debug-Id
X-Varnish-Grace
X-Mobile-URL
X-Ruxit-Js-Agent
FilterID
X-B3-Sampled
AR-Request-ID
X-Content-Options
X-F-Cache
Refresh
X-Cache-Age
X-Geo-Country
X-Tumblr-User
X-Instance
X-Tumblr-Pixel-0
Accept-Charset
X-FB-Debug
X-Debug-Info
X-Tumblr-Pixel
Host
Source
X-Jobs
X-App-Environment
X-Page-Id
Access-Control-Allow-Method
X-Cluster
X-Request-Guid
Upgrade-Insecure-Requests
Actual-Object-TTL
X-B
X-PHP-Backend
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
DC
X-AOL-HN
X-Framework
Accept-CH-Lifetime
X-Seen-By
X-WebKit-CSP-Report-Only
Accept-CH
X-ATG-Version
MS-CV
Fastcgi-Useragent
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Whom
X-PressLabs-Stats
X-Git-Hash
X-Cache-Key
X-Cache-2
X-TT
X-Host-Name
X-Cache-Control
X-Esi
X-Amz-Replication-Status
Cache
X-Cache-TTL
X-TA-CDN-Provider
Surrogate-Key
X-Wix-Request-Id
X-Cache-Rule
X-Cache-Operation
Frame-Options
X-Signature
X-B-Cache
X-FW-Serve
NGB
X-FW-Hash
X-FW-Server
X-Kong-Proxy-Latency
X-FW-Type
X-FW-Static
X-Daa-Tunnel
X-Kong-Upstream-Latency
Host-Header
X-Response-Served-From
Xserver
X-UA
X-Forwarded-Host
X-Time
X-Origin-Server
Cache-Tv-Group
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cache-NE
X-RequestSource
Filters
X-Drupal-Cache-Tags
X-Mobile
X-TX-ID
Cleartype
Payment
Webserver
X-GeoIP
WPE-Backend
From-Origin
X-Handled-By
X-Hyper-Cache
X-Cache-Action
Eomportal-Instance
X-Cacheable-TTL
X-Region
X-Cache-Enabled
X-UA-Device-Type
X-SERVER
X-ProcessESI
X-Adobe-Content
X-Adobe-Loc
X-RemovedCookies
X-App-Server
X-EdgeConnect-Cache-Status
X-RTag
Ms-Operation-Id
Datacenter
Tracecode
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-Hostname
X-NewRelic-App-Data
X-Load-Cache
X-Status
X-Contextid
X-Cache-Server
X-Edge-Location
Liferay-Portal
X-B3-Traceid
X-Yottaa-Optimizations
X-XRDS-LOCATION
X-Yottaa-Metrics
X-BCube-Filmed-By
X-Varnish-Hostname
X-TT-TIMESTAMP
Odigeo-Trace-Id
X-Varnish-Server
X-Rule
X-RateLimit-Limit
X-FW-Dynamic
X-Cache-Var-Map
Server-Info
X-Path-Route
X-RN-RSRV
X-Cache-Var
Meta-Geo
X-ES-SERVER
Load-Balancing
Country
X-Viewer-Country
X-Xfnlog-Site
X-Cache-Config
X-OCL
Version
X-PCL
X-Rocket-Nginx-Bypass
X-IP
X-CCM
Cache-Tags
X-Via-Fastly
X-UUID
X-Debug-Cache
DB-Nickname
TWC-Privacy
Webcakes-App-Name
X-EIG-Tracking-Id
Webcakes-App-Version
X-Cache-Time
X-Redis-Cache
X-Drupal-Cache-Contexts
Webcakes-Region
X-Cache-Host
TWC-Device-Class
Azure-Version
Azure-SlotName
Property-Id
Mn-Server-Ip
Fastly-SSL
L5d-Success-Class
Azure-SiteName
Azure-RegionName
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
S-Rt
Azure-InstanceId
TWC-Locale-Group
X-FC-Vary-Parameters
X-Origin-Hint
X-TNCMS
X-Upgrade-Enabled
X-Origin-TTL
X-ServerID
X-Proxy
X-Origin-CC
X-R9-Blue-Green-Version
X-Pubstack
X-Real-IP
X-Loop
X-Origin
X-Labrador-Cache-Channel
X-Hosted-By
X-From
X-Info
X-ATS-Timestamp
X-Varnish-Cache-Hits
X-VCT
Origin-Edge-Control
X-Web-Node
X-Www-Served-By
S-Cnection
Origin-Cache-Control
Release
X-Section
X-Rendered-As
X-Timing-Wait
X-Proto
X-Content-Age
X-Cluster-Name
X-JoinUs
X-Human
X-Generated
X-FireWall-Port
DSUID
X-Backend-Name
X-ApacheServer
Viewport
X-Format
X-Proxy-Build
X-PERF
X-Origin-Response-Time
X-Akamai-Request-ID
X-Access
Selected-Fe
X-Akamai-Request-ID2
Cache-Name
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Vgn-Hpd-Reason
X-VCache
X-Varnish-Hits
X-Soup
X-Goog-Meta-Goog-Reserved-File-Mtime
Ec-Rule-Version
X-Time-Microsecs
X-NWS-UUID-VERIFY
NGX
X-Site-Version
X-Locale
X-Storage
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Is-Bot
X-Oss-Object-Type
X-Oss-Server-Time
Rt-Fastcgi-Cache
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
Uber-Trace-Id
X-WA-Info
Cache-Key
Cteonnt-Length
X-PHP-Host
Vix-Hermes-Req-Id
GEO-INFO
X-Cache-Backend
X-ORACLE-APMCS-TAG
X-GoCache-CacheStatus
X-Generated-By
X-ORACLE-APMCS-REQUEST-ID
X-Hit
X-NCache
X-SS-Set-Cookie
X-App-Version
X-Cache-Grace
X-Amzn-Remapped-Content-Length
Cache-Hits
Time
X-Backend-TTL
Akamai-GRN
X-Guploader-Uploadid
X-Accel-Buffering
X-Cache-Remote
Origin
X-Trace-Id
X-Device-Type
X-APP-VERSION
X-CS
X-Presslabs-Stats
X-CACHE-KEY
X-Nginx-Cache-Key
X-Tumblr-Pixel-3
Accept-Language
X-FB-TRIP-ID
X-Environment-Context
X-No-Session
X-OVcl-Cache
X-L-Path
X-OVcl
X-S
X-CF-Powered-By
X-SaId
X-MServer
Mime-Version
X-B3-SpanId
X-Uri
X-Cluster-Node
X-Tb
Access-Control-Request-Headers
X-URL
Hostname
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-Via-CDN
X-UnsetCookies
Fastcgi-X-Cache-Version
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
User-Cache-Control
X-Geo
ServerName
Now
BehaviorPad-Version
X-Application
AsisCache
X-AIR-PT
Cross-Origin-Window-Policy
Content-Style-Type
X-Aed
Content-Script-Type
Xc-Version
X-A-Dam
X-A-Wwc
X-ARC
X-A-Dgt
X-A-Dcw
X-A
Apple-News-Services-Handled
Apple-News-Services-Host
X-Accel-Expires-Debug
Apple-News-Services-Request-Url
X-A-Ccd
Apple-News-Services-Parsed-Url
Arc-Country
X-VG-WebServer
X-S-Cookie
Node
X-Detected-As
X-DPWN-IS-SECURE
Rt-Proxy-Cache
X-ScT
X-Server-Time
X-Date
X-Destination
X-External-Request-Id
X-Rojux
X-Hl-Ver
X-PAYTM-SRV-ID
X-Region-Sid
Request-EU
Request-Country
X-Rewrite-Enabled
X-Request-UUID
X-G
X-Session-Fingerprint
X-SRCache-Key
MD5-Digest
Meta-Geo-Continent
X-Twitter-Response-Tags
X-CF-Lambda-Fn
Machine
X-VG-WebCache
X-Vtex-Processado-Em
X-Processor
X-B-Cookie
VivaBuild
X-Trv-Group
X-Svr
Mobile-Detection-Method
X-D
T-Server
X-Transaction
Viewtype
X-CF-Lambda-Version
X-Connection-Hash
X-Vtex-Remote-Cache
Rendered-Blocks
X-FW-Version
X-Endurance-Cache-Level
X-CSRF-TOKEN
X-NC
X-S-Maxage
RNT-Machine
X-Debug-Log
RNT-Time
X-SIPLIST1
X-Service
X-Debug-Cookies
X-Block-Status
X-Cache-Bucket
X-Reboot
X-Cache-Debug
X-Proxy-Upstream
X-Cache-Info
X-Proxy-Cache-Status
X-Request-URI
X-Hnp-Log
X-Gen-Mode
Proxy-Connection
X-CDN-Forward
X-Cms-Context
Mail-Subject
OT-Force-Account-Verify
Web-Mar-Node
CDCHOST
X-WADP-Cache
X-Core-Value
X-NX-Host
IsBot
Server-Host
X-Location
X-Clara-WADP
We-Hiring
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-ShopId
X-ShopId
NtCoent-Length
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Distil-CS
X-Core-Mission
X-Epic-Correlation-Id
X-Distributor
X-Dispatcher-Server
X-Debug-Cache-Expiry
X-Compress-Hint
X-Debug-Cache-Store
X-Developers
X-Debug-Cache-Fetch
X-Dispatch
X-Eu-Site
X-Unique-Id
X-Amz-Meta-Cache-Control
X-App-Name
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Auto-Login
X-Backend-State
X-Cache-URL
X-Cdn-Srv
X-CGP
X-Cache-Id
X-Cache-FS-Status
X-BBXSRF
X-C
X-Clientip
X-Irp-Debug
X-Scheme
X-SD-PageType
X-Server-IP
X-Skip-Cache
X-Request-Start
X-Reqid
X-Policy
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Release
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-WebServer
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-We-Are-Hiring
X-Variation
X-Thinkindot-L3
X-TrackingId
X-Up
X-User
X-Platform-Server
X-Old-Content-Length
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Instart-Isnd
W
X-Hash
X-Has-Esi
X-Generated-In
X-Generation-Time
X-Geo-Header
X-GeoIP-City
X-Is-Gdpr
X-JWT-State
X-Matched-Rule
X-Method
X-Ms-Request-Id
X-Ms-Version
X-LI-UUID
X-Li-Pop
X-Key
X-Level-Front-Cache
X-Li-Fabric
X-Fastly-Cache
X-Generated-On
Content-Disposition
Countrycode
Esi-Enabled
Fastly-Soc-X-Request-Id
Cache-Host
SD-X-WS
ServedBy
Served-By
Memcached
Gh-Request-Id
Ha-Gx-Prefs
Kp-EeAlive
L
Magicmarker
PFcat
Is-Eu
HA-Ipaddr
Platform
IBM-Web2-Location
X-Varnish-Beresp-Grace
Section-Io-Cache
X-Varnish-Beresp-Ttl
Thinkindot-CacheControl-Type
Thinkindot-Control
Adler-Geo
AKAMAI
X-Varnish-Beresp-Status
Server-Int
Thinkindot-CacheControl
True-Client-Country-4JS
Cache-Provider
X-Nc
X-B3-Parentspanid
X-Dc
Srv
X-Cdn-Forward
Locale
Heartbleed
X-VServer
X-CUA
X-Vdms-Version
X-VC-Cache
X-Developer
X-VG-TLSProxy
X-Thanos
X-MSEdge-Flight
X-MSEdge-Features
X-Origin-Date
X-Origin-Expires
X-Owner
X-Magnolia-Registration
X-ServiceProvider
X-Qloud-Router
X-Urbn-Context-Path
X-Internal-Host
X-Swa-Ws
X-LI-Proto
X-Urbn-Site-Id
A
X-Agile-Age
X-Agile
X-Agile-Id
X-Azure-Ref
X-Bip
X-Azure-Ref-OriginShield
V-Age
Pramga
X-Parent-Response-Time
X-Shopify-Generated-Cart-Token
X-Sucuri-Cache
X-Rocket-Build-Number
X-Sigma-Backend
X-NodeID
X-AK-Request-ID
X-Sigma
X-Sn-Servicetimems
X-Logging-Id
X-Cdn-Origin
Cdnsip
Server-ID
Cdncip
X-B3-Spanid
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Device-Os
X-Servername
X-Planisys-CDN-TTL
X-Sucuri-Id
X-Node-Id
X-GRACE
X-Via-NSCOPI
X-Upstream-Ht
GEO-REGION-INFO
X-Upstream-Ct
Powered-By-ChinaCache
X-Lb-Id
CF-IPCountry
X-Source
X-RCS-CacheZone
Environment
X-EC-Lua
X-FPC
X-ND-Cache
X-CLOUD-TRACE-CONTEXT
X-Be
X-VHOST
X-Trafficlayer-App-Version
X-Zone
Resin-Trace
Request-Time
Tcn
X-Microcachable
X-Newrelic-Synthetics
X-Servedbyhost
X-Nginx-Cache
X-Webkit-CSP
X-Pjax-Url
X-Req
Locid
X-ECACHE
X-ElasticPress-Search
X-NGENIX-Cache
X-Tb-Optimization-Total-Bytes-Saved
Geo-Info
X-Oracle-Dms-Rid
FNAC-ModuleRouting
X-Instart-Info
X-Gamma-Serve
X-Served-From
X-SRV
X-Sucuri-ID
X-TIME
X-Pf-Uncompressing
Group
X-Refresh
X-Backend-Url
X-Backend-Host
X-Dynatrace
X-GEO
Gannett-Cam-Experience-Id
X-VCL-Version
X-VWS-Id
X-IPS-LoggedIn
CF-Cached-On
Backend-Name
X-Var-Ttl
X-LJ-Flow-ID
Memory
X-AWS-Id
X-DC
X-COUNTRY
ProcessTime
X-Correlation-ID
X-Unique-ID
X-Render-Time
TTL
X-HTML-Minification-Powered-By
X-Ratelimit-Remaining
N-Cache
Amp-Access-Control-Allow-Source-Origin
X-CSRF-Token
Cf-Ipcountry
Cache-Prefix
Geoip-City
X-Check-Cacheable
PICS-Label
Fly-Cache
X-FORWARDED-FOR
Pagetype
Pics-Label
Geoip-Latitude
Fly-Request-Id
GeoIp-Country-Code
X-NU-AKA-ACS-Version
Lfy
X-Pod
SRV
X-GeoIP-Country-Code
REQUESTUUID
X-Worker
X-Via-SSL
X-Via-Edge
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
X-Bc
Ohc-Cache-HIT
Ohc-File-Size
XServer
X-Vcl-Version
X-APP
Ttl
X-Via-Ucdn
X-Sedo-Request-Id
X-Cache-Miss-From
X-Upstream-HT
X-Upstream-CT
Cdn
M-TraceId
X-Mode
X-Ratelimit-Limit
X-Fetched-On
X-Fstrz
X-Server-W
X-ZONE
X-MP-GENERATED-AT
MIME-Version
X-Fastly-Country-Code
X-Rebelmouse-Surrogate-Control
HitType
X-LiteSpeed-Cache-Control
Fastly-SIE
Fastly-SWR
X-Wa
X-Rebelmouse-Cache-Control
X-PF-Uncompressing
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Host-ID
HostName
X-HS-Status
X-NGINX-Cache
X-Dynatrace-Js-Agent
X-ServedByHost
Pragrma
On-Server
User-Agent
X-BC
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-HostName
X-Swift-Error
X-Cdn-Request-ID
X-Aicache-OS
X-Cache-Tag
URI
X-GDPR
X-Ua
X-PJAX-URL
X-Tt-Trace-Tag
X-WR-MODIFICATION
X-WA
X-TT-LOGID
X-Edge-Server
Cdn-Host
X-TH-Server
Cdn-Request-Time
Who
X-RateLimit-Reset
CACHE
X-Hello
X-Flog
X-Cache-Ttl
X-Cf-Powered-By
X-SN
X-ABtesting
X-Edge-O15-RID
X-Fastly-Backend-Reqs
X-BE
Powered-By
X-UPSTREAM-Address
CDN
Dynatrace
X-DB
X-DI
Media-Length
X-DW
X-DSS
X-RPM
X-LAGOON
X-RSL
X-Fpc
X-RPS
X-Response-By
X-Org
X-Varnish-URL
X-Varnish-Cacheable
X-Action
SS
DataCenter
X-Request-Time
X-LB-ID
Get-Access-Time
X-ServerName
X-Upstream-Proxy
SN
Is-Session-Tracking
LB
X-Ratelimit-Reset
Debug
Server-Id
X-Ftr-Cache-Host
X-Protected-By
Cneonction
Requestid
X-Gen-Id
X-Varnish-Beresp-TTL
NnCoection
Warning
X-LiteSpeed-Tag
RequestUuid
Country-Code
X-Page-Type
XxX-Cache-Status
RequestId
Correlation-Id
X-Nananana
X-Akamai-ERPolicy
Application
Product
X-Li-Proto
Lb
X-Fastly-Cache-Hits
Thinkindot-Cache-Type
X-Dw-Trace-Id
X-Akamai-ERRuleID
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Request-Url
SID