Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
X-Content-Security-Policy
Status
Content-Encoding
X-AspNetMvc-Version
X-Buckets
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Ua-Compatible
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
EagleId
X-AH-Environment
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Rq
Report-To
X-Dns-Prefetch-Control
X-Ac
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Response-Time
X-Server-Id
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Cloud-Trace-Context
X-Origin-Cache
X-Readtime
X-Cdn
X-Cache-Lookup
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
Surrogate-Control
X-Ws-Request-Id
X-Country
Rating
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
Pinterest-Generated-By
X-Goog-Hash
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-Akam-SW-Version
X-MS-InvokeApp
X-Varnish-TTL
X-Vname
X-Instart-Request-ID
X-PC
X-TtlSet
Accept-Ch
X-Ruxit-JS-Agent
X-Url
Edge-Control
Verso
X-Powered-By-Plesk
X-Mod-Pagespeed
SPRequestGuid
X-B3-TraceId
Response
X-Middleton-Response
X-D2id
X-Sol
X-Middleton-Display
Display
X-SharePointHealthScore
X-Trace
Pagespeed
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-VARITI-CCR
RTSS
Service-Worker-Allowed
X-Server-ID
Accept-Ch-Lifetime
X-Server-Name
X-ESI
X-GitHub-Request-Id
SPIisLatency
SPRequestDuration
X-Navigation-Version
X-Powered-CMS
X-Abt-Application-Version
X-Debug
Content-MD5
X-CST
X-Vcache
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
Public-Key-Pins
MS-Author-Via
X-Px
Charset
X-Upstream
X-Amz-Rid
X-Version
X-NF-Request-ID
X-Forwarded-Proto
X-TTL
DynaTrace
X-Cached
X-Aspnetmvc-Version
Realpath
X-Shard
TCN
Fastly-Restarts
X-Recruiting
MicrosoftSharePointTeamServices
Edge-Cache-Tag
X-Ezoic-Cdn
Arr-Disable-Session-Affinity
X-MSEdge-Ref
X-Pinterest-Rid
Pinterest-Version
Access-Control-Request-Method
X-Shield-Request-Id
X-DynaTrace-JS-Agent
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Nginx-Cache
X-XRDS-Location
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Fastly-Request-ID
Front-End-Https
X-Accel-Expires
X-Ah-Environment
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Ttl
X-Goog-Storage-Class
X-Client-IP
X-Id
X-Element-Page-Cache
X-Varnish-Age
X-T
X-FTR-Backend-Server
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-FTR-Expires
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-RateLimit-Remaining
Fastcgi-Cache
NR-ENABLED
X-HS-Content-Id
X-HS-Hub-Id
X-Content-Digest
X-Frontend
Cache-Tag
X-Hits
Powered
X-Correlation-Id
X-Fastcgi-Cache
X-Litespeed-Cache
X-Kinsta-Cache
ServerID
X-Grace
X-HS-Cache-Config
X-FTR-Cache-Host
X-Forwarded-For
AR-ATIME
X-Webkit-Csp
AR-CACHE
AR-PoweredBy
X-Cache-Hit
Alternate-Protocol
X-Node-Name
TP-L2-Cache
TP-Cache
Ar-Sid
PB-RID
X-Hp-Webp
PB-PID
X-Request-Processing-Time
X-Request-Received
Arc-Version
X-Mobile-Rewrite
X-N
AMP-Access-Control-Allow-Source-Origin
X-Webapp-Samesite-None-Activated-N
X-Request-Handler-Origin-Region
X-Microsite
X-Zen-Fury
X-Content-Type
Server-Name
X-User-Agent
X-Rid
X-FastCGI-Cache
X-Srv
X-Analytics
Server-Node
Backend-Timing
X-Revision
Healthy
X-LB-Cache
X-Content-Security-Policy-Report-Only
X-Activity-Id
X-Az
X-AppVersion
X-Akamai-Edgescape
Cache-Status
X-Logged-In
Retry-After
X-Via-JSL
X-SERVER
X-IPLB-Instance
X-HS-Combine-CSS
X-Oneagent-Js-Injection
Paypal-Debug-Id
X-Amz-Apigw-Id
X-GUploader-UploadID
X-Amzn-RequestId
X-NWS-LOG-UUID
X-Cached-By
X-Type
X-Pad
AR-Request-ID
X-Varnish-Grace
X-Ruxit-Js-Agent
X-B3-Sampled
X-Mobile-URL
FilterID
X-Cache-Age
X-Content-Options
X-F-Cache
Refresh
X-Tumblr-User
X-Tumblr-Pixel-0
X-Geo-Country
X-Instance
X-Tumblr-Pixel
Source
X-App-Environment
X-Debug-Info
X-Request-Guid
X-Page-Id
X-Framework
Access-Control-Allow-Method
Accept-Charset
X-Seen-By
Upgrade-Insecure-Requests
X-Cluster
Host
X-PHP-Backend
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-FB-Debug
X-AOL-HN
DC
Actual-Object-TTL
X-Jobs
X-B
X-WebKit-CSP-Report-Only
X-Varnish-Backend
MS-CV
X-Cache-Key
Fastcgi-Useragent
X-Whom
X-ATG-Version
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Powered-By
X-Git-Hash
X-PressLabs-Stats
X-Cache-2
X-TT
X-Host-Name
X-Cache-Control
X-Esi
X-TA-CDN-Provider
Surrogate-Key
X-Cache-TTL
Accept-CH-Lifetime
Cache
X-Amz-Replication-Status
X-Time
X-Cache-Operation
X-Cache-Rule
X-Wix-Request-Id
Accept-CH
X-FW-Server
Frame-Options
X-Forwarded-Host
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Type
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
NGB
X-Response-Served-From
X-B-Cache
Host-Header
X-Signature
X-Daa-Tunnel
X-Origin-Server
X-Mobile
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Tumblr-Pixel-2
Payment
Filters
X-RequestSource
WPE-Backend
X-TX-ID
Eomportal-Instance
From-Origin
X-Drupal-Cache-Tags
Webserver
X-UA
X-Cache-Action
X-Hyper-Cache
X-Region
X-Handled-By
X-UA-Device-Type
X-GeoIP
X-Cacheable-TTL
X-Cache-NE
X-Adobe-Content
Xserver
X-Adobe-Loc
X-Cache-Enabled
Cleartype
X-RemovedCookies
Tracecode
X-ProcessESI
X-EdgeConnect-Cache-Status
X-RTag
Ms-Operation-Id
X-App-Server
Datacenter
X-Cache-TTL-Remaining
X-NewRelic-App-Data
X-Hostname
X-Akamai-Transformed
X-Status
X-Contextid
X-Load-Cache
X-RateLimit-Limit
Liferay-Portal
X-VCache
X-Cache-Server
X-Yottaa-Optimizations
X-Edge-Location
X-Yottaa-Metrics
X-TT-TIMESTAMP
X-B3-Traceid
X-BCube-Filmed-By
Odigeo-Trace-Id
X-FW-Dynamic
Server-Info
X-Varnish-Hostname
Load-Balancing
X-Cache-Var
X-ES-SERVER
X-Rule
X-Cache-Var-Map
X-RN-RSRV
X-Path-Route
Meta-Geo
X-Viewer-Country
X-IP
X-Xfnlog-Site
X-Varnish-Server
X-OCL
X-PCL
X-CCM
Country
Cache-Tags
X-Rocket-Nginx-Bypass
X-UUID
X-Cache-Config
X-Debug-Cache
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Privacy
Webcakes-App-Name
X-Varnish-Cache-Hits
X-Real-IP
Webcakes-Region
Webcakes-App-Version
S-Rt
Property-Id
Azure-Version
X-Via-Fastly
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Cache-Name
X-Web-Node
Mn-Server-Ip
L5d-Success-Class
Fastly-SSL
DB-Nickname
Azure-SlotName
X-Akamai-Request-ID
X-Proto
X-FC-Vary-Parameters
X-Origin-Hint
X-Info
X-Origin-Response-Time
X-Origin-CC
X-From
X-R9-Blue-Green-Version
X-Origin-TTL
X-Pubstack
X-Proxy
X-Drupal-Cache-Contexts
Ec-Rule-Version
DSUID
X-Section
Decoy-Debug-TTL
Decoy-Debug-Status
X-VCT
X-PERF
Decoy-Debug-Key
X-Proxy-Build
S-Cnection
X-EIG-Tracking-Id
X-Access
X-Format
X-ApacheServer
X-Backend-Name
X-Cache-Host
X-Upgrade-Enabled
X-Hosted-By
X-Human
X-ServerID
X-TNCMS
Release
Selected-Fe
X-Timing-Wait
X-Labrador-Cache-Channel
X-Loop
X-Origin
X-Akamai-Request-ID2
Version
X-XRDS-LOCATION
X-Redis-Cache
X-FireWall-Port
X-Time-Microsecs
X-Cluster-Name
X-Rendered-As
Origin-Cache-Control
Origin-Edge-Control
X-Cache-Time
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Content-Age
X-Soup
X-Vgn-Hpd-Reason
NGX
X-Www-Served-By
X-Generated
X-JoinUs
X-Locale
X-NWS-UUID-VERIFY
Rt-Fastcgi-Cache
X-Storage
Viewport
X-Site-Version
GEO-INFO
X-Varnish-Hits
X-ATS-Timestamp
X-WA-Info
Cache-Key
X-Is-Bot
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-App-Version
X-URL
X-Oss-Object-Type
Uber-Trace-Id
Cteonnt-Length
Vix-Hermes-Req-Id
X-GoCache-CacheStatus
X-Cache-Grace
X-Webkit-CSP
Cache-Hits
X-SS-Set-Cookie
X-NCache
Time
X-Generated-By
X-Backend-TTL
X-PHP-Host
X-Cache-Backend
X-Hit
X-Cache-Remote
X-Guploader-Uploadid
X-Tec-Api-Root
X-Amzn-Remapped-Content-Length
X-Tec-Api-Origin
X-Tec-Api-Version
Origin
Akamai-GRN
X-Device-Type
X-Trace-Id
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Accept-Language
X-Tumblr-Pixel-3
X-Accel-Buffering
X-Presslabs-Stats
X-CF-Powered-By
X-CS
X-Nginx-Cache-Key
X-OVcl-Cache
X-OVcl
X-FB-TRIP-ID
X-B3-SpanId
Hostname
X-S
X-UnsetCookies
X-L-Path
X-No-Session
X-Environment-Context
Mime-Version
X-Via-CDN
X-Cluster-Node
X-MServer
X-APP-VERSION
Fastcgi-X-Cache-Version
X-Tb
Access-Control-Request-Headers
X-SayCDN-TTL
X-CACHE-KEY
X-Uri
Now
X-Say-Cacheable
X-Say-TTL
X-CSRF-TOKEN
User-Cache-Control
ServerName
X-FW-Version
Xc-Version
MD5-Digest
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Vtex-Remote-Cache
Arc-Country
BehaviorPad-Version
IsBot
Machine
Apple-News-Services-Handled
Cross-Origin-Window-Policy
Content-Script-Type
Content-Style-Type
AsisCache
X-Server-Time
X-Detected-As
X-DPWN-IS-SECURE
X-Destination
X-Date
X-D
X-External-Request-Id
X-G
X-Hl-Ver
VivaBuild
X-A
X-A-Ccd
X-Connection-Hash
X-CF-Lambda-Version
X-A-Dcw
X-Aed
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
X-A-Dam
X-AIR-PT
X-CF-Lambda-Fn
X-B-Cookie
X-ARC
X-Application
X-PAYTM-SRV-ID
Viewtype
X-Twitter-Response-Tags
X-VG-WebCache
X-Trv-Group
X-Transaction
X-Svr
X-VG-WebServer
Request-Country
Meta-Geo-Continent
Mobile-Detection-Method
Node
Rendered-Blocks
X-SRCache-Key
X-SIPLIST1
X-Rewrite-Enabled
X-Request-UUID
X-Region-Sid
X-Processor
T-Server
X-Rojux
X-Session-Fingerprint
Request-EU
X-ScT
X-S-Cookie
X-Vtex-Processado-Em
Rt-Proxy-Cache
X-NC
X-SaId
Proxy-Connection
X-Endurance-Cache-Level
Server-Host
Server-Int
X-Debug-Log
X-Debug-Cookies
X-Hnp-Log
CDCHOST
X-NX-Host
X-Matched-Rule
X-Geo
X-Location
X-Cms-Context
X-Clara-WADP
Thinkindot-Control
RNT-Time
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Web-Mar-Node
X-Block-Status
X-Cache-Info
X-Proxy-Cache-Status
X-Cache-Bucket
RNT-Machine
X-Gen-Mode
X-WADP-Cache
X-Thinkindot-L3
X-S-Maxage
X-Proxy-Upstream
X-Reboot
X-Cdn-Forward
OT-Force-Account-Verify
X-C
X-User
X-VG-TLSProxy
X-BBXSRF
X-Core-Value
X-Backend-State
X-Service
X-Cache-Debug
ServedBy
X-CGP
X-Cdn-Srv
X-Cache-URL
X-Up
X-TrackingId
X-Azure-Ref-OriginShield
X-Azure-Ref
X-VServer
Wxu-Next-Commit
W
True-Client-Country-4JS
X-We-Are-Hiring
X-Wikidot-Backend
Wxu-Next-Hostname
Wxu-Next-Region
X-App-Name
X-Auto-Login
NtCoent-Length
X-Wikidot-Static-Cache
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Webstats-RespID
X-Compress-Hint
X-Internal-Host
X-Irp-Debug
X-Is-Gdpr
X-Instart-Isnd
X-IN-APIGATEWAYSSL
X-Reqid
X-IN-APIGATEWAY
X-JWT-State
X-Level-Front-Cache
X-Ms-Version
X-RateLimit-Limit-Second
X-Policy
X-Ms-Request-Id
X-RateLimit-Remaining-Second
X-Release
X-Magnolia-Registration
X-Request-URI
X-Has-Esi
X-Debug-Cache-Store
X-Server-IP
X-Developer
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Skip-Cache
X-CUA
X-Developers
X-Dispatch
X-Generated-In
X-Generated-On
X-Generation-Time
Served-By
X-Fastly-Cache
X-Distil-CS
X-Eu-Site
X-Clientip
X-Key
Kp-EeAlive
Mail-Subject
Magicmarker
Section-Io-Cache
Countrycode
Cache-Host
Content-Disposition
Memcached
Fastly-Soc-X-Request-Id
Esi-Enabled
Gh-Request-Id
X-Parent-Response-Time
A
HA-Ipaddr
Ha-Gx-Prefs
We-Hiring
IBM-Web2-Location
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-B3-Parentspanid
Cache-Provider
Srv
X-Nc
X-CDN-Forward
X-Logging-Id
Adler-Geo
X-Core-Mission
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Hash
X-Li-Fabric
X-Li-Pop
X-MSEdge-Flight
X-LI-UUID
X-Distributor
X-Platform-Server
X-WebServer
AKAMAI
X-Vdms-Version
X-Variation
X-Urbn-Site-Id
L
X-Geo-Header
X-SVT-ORM-VERSION
X-VC-Cache
X-SVT-ORM-RULES
X-Scheme
X-Method
X-Urbn-Context-Path
X-Thanos
X-Request-Start
X-SD-PageType
X-Qloud-Router
X-Origin-Expires
X-Origin-Date
X-ServiceProvider
X-ShardId
X-Sorting-Hat-ShopId
X-Swa-Ws
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Old-Content-Length
X-MSEdge-Features
Platform
SD-X-WS
Pramga
X-Cache-FS-Status
X-Cache-Id
X-Bip
X-Agile
X-Amz-Meta-Cache-Control
X-Alternate-Cache-Key
X-Agile-Id
X-Agile-Age
Is-Eu
Locale
Heartbleed
X-Dc
X-Sucuri-Id
PFcat
X-Unique-Id
X-Cdn-Origin
X-GeoIP-City
X-Owner
X-Sn-Servicetimems
V-Age
X-LI-Proto
X-NodeID
X-Device-Os
X-Node-Id
Cdnsip
X-Servername
X-AK-Request-ID
Server-ID
X-Rocket-Build-Number
X-Sucuri-Cache
X-Lb-Id
X-Sigma-Backend
Cdncip
X-Sigma
X-GRACE
CF-IPCountry
X-B3-Spanid
X-EC-Lua
X-Planisys-CDN-Cache
GEO-REGION-INFO
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-FPC
X-Via-NSCOPI
Powered-By-ChinaCache
X-Upstream-Ct
X-Be
X-Upstream-Ht
Environment
X-Newrelic-Synthetics
X-VHOST
X-ND-Cache
Request-Time
X-RCS-CacheZone
X-Servedbyhost
X-Source
Resin-Trace
X-Microcachable
X-Zone
X-Trafficlayer-App-Version
Tcn
X-Nginx-Cache
X-Pjax-Url
X-Instart-Info
X-ECACHE
X-NGENIX-Cache
X-ElasticPress-Search
X-Tb-Optimization-Total-Bytes-Saved
X-GEO
X-Backend-Url
X-Oracle-Dms-Rid
X-Backend-Host
Group
X-Req
X-Served-From
FNAC-ModuleRouting
Locid
X-Var-Ttl
X-VCL-Version
CF-Cached-On
Memory
Backend-Name
X-Dynatrace
X-IPS-LoggedIn
X-Unique-ID
X-DC
Gannett-Cam-Experience-Id
X-LJ-Flow-ID
X-AWS-Id
X-COUNTRY
X-Pf-Uncompressing
X-Gamma-Serve
X-Refresh
N-Cache
Geo-Info
X-VWS-Id
X-Sucuri-ID
X-Correlation-ID
XServer
Lfy
Pagetype
Fly-Request-Id
Fly-Cache
Cache-Prefix
X-Ratelimit-Remaining
Amp-Access-Control-Allow-Source-Origin
X-Check-Cacheable
X-TIME
Ohc-Cache-HIT
Ohc-File-Size
SRV
Pics-Label
GeoIp-Country-Code
PICS-Label
TTL
Geoip-City
X-SRV
Cf-Ipcountry
X-Pod
X-Worker
X-Render-Time
Geoip-Latitude
X-Upstream-HT
X-HTML-Minification-Powered-By
X-Upstream-CT
X-Via-Ucdn
X-Sedo-Request-Id
GeoIP-Country-Code
Cdn
X-Via-SSL
X-Cache-Miss-From
ProcessTime
X-CSRF-Token
GeoIP-Latitude
X-Via-Edge
GeoIP-City
X-NU-AKA-ACS-Version
REQUESTUUID
M-TraceId
X-Bc
X-GeoIP-Country-Code
Ttl
X-Server-W
X-Fetched-On
X-CLOUD-TRACE-CONTEXT
Fastly-SIE
X-Mode
X-Wa
X-Fstrz
Fastly-SWR
X-LiteSpeed-Cache-Control
X-Rebelmouse-Cache-Control
X-APP
X-Vcl-Version
X-Rebelmouse-Surrogate-Control
X-ZONE
X-FORWARDED-FOR
MIME-Version
X-PF-Uncompressing
X-Ua
X-Ratelimit-Limit
Cache-Cookie-Set-Idcheck
X-HS-Status
Cache-Cookie-Set-Lfrom
X-MP-GENERATED-AT
HitType
Cache-Cookie-Set-From
X-Fastly-Country-Code
X-Dynatrace-Js-Agent
X-NGINX-Cache
Host-ID
Pragrma
X-Tt-Trace-Tag
User-Agent
On-Server
X-GDPR
X-Swift-Error
X-HostName
X-BC
X-Aicache-OS
URI
HostName
X-WR-MODIFICATION
X-Cache-Tag
X-PJAX-URL
Cdn-Host
X-Edge-Server
X-ServedByHost
Cdn-Request-Time
X-TT-LOGID
Who
X-Zipkin-Id
X-Upstream-Proxy
X-Proxied
X-SN
PageSpeed
X-Routing-Service
X-WA
X-Ratelimit-Reset
X-RateLimit-Reset
CACHE
X-Cdn-Request-ID
X-UPSTREAM-Address
X-RSL
X-RPM
X-Response-By
X-RPS
X-Cache-Ttl
X-Cf-Powered-By
X-DW
X-DSS
X-Action
SS
X-BE
X-DB
X-DI
X-Edge-O15-RID
X-Org
X-ABtesting
X-Flog
X-Fastly-Backend-Reqs
CDN
X-Hello
Dynatrace
X-Fpc
X-LAGOON
X-Varnish-Cacheable
X-Varnish-URL
X-TH-Server
SN
DataCenter
Is-Session-Tracking
Powered-By
Get-Access-Time
Debug
LB
Requestid
Server-Id
X-ServerName
X-Ftr-Cache-Host
Media-Length
X-Request-Time
RequestUuid
Lb
X-Protected-By
X-Gen-Id
X-Page-Type
X-Nananana
Country-Code
X-Varnish-Beresp-TTL
X-LB-ID
Processtime
AR-SID
X-Akamai-ERRuleID
X-Amzn-Remapped-Connection
NnCoection
X-Amzn-Remapped-Date
X-Akamai-ERPolicy
X-VC
Xet-Cookie
XxX-Cache-Status
SID
RequestId
X-SB
X-Li-Proto
X-Fastly-Cache-Hits
Product
Application
X-Request-Url
Correlation-Id
X-LiteSpeed-Tag
Warning
X-Dw-Trace-Id
Thinkindot-Cache-Type