Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Iinfo
X-Language
X-AspNetMvc-Version
X-Content-Security-Policy
Status
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Ua-Compatible
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
EagleId
X-AH-Environment
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-WebKit-CSP
Report-To
X-Ac
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Server-Id
X-Response-Time
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
X-Host
Content-Location
X-Node
X-Cloud-Trace-Context
X-Origin-Cache
X-Readtime
X-Cache-Lookup
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
X-Cdn
Allow
X-Dns-Prefetch-Control
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Ws-Request-Id
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
Surrogate-Control
X-Country
Rating
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
X-Akam-SW-Version
Pinterest-Generated-By
X-PC
X-Vname
X-TtlSet
X-Ruxit-JS-Agent
X-Instart-Request-ID
X-MS-InvokeApp
X-Url
X-Varnish-TTL
Edge-Control
Verso
X-Mod-Pagespeed
X-Powered-By-Plesk
SPRequestGuid
Accept-Ch
X-D2id
X-Trace
Response
X-Middleton-Response
Pagespeed
X-Sol
Display
X-Middleton-Display
X-SharePointHealthScore
X-VARITI-CCR
RTSS
X-B3-TraceId
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Use-Magma
X-GoogleNews-Bot
Service-Worker-Allowed
X-Server-Name
X-Server-ID
X-GitHub-Request-Id
X-ESI
SPIisLatency
SPRequestDuration
X-Vcache
X-Navigation-Version
X-Powered-CMS
Content-MD5
X-Debug
X-Abt-Application-Version
X-Vcap-Request-Id
X-CST
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
Public-Key-Pins
MS-Author-Via
Charset
X-Upstream
X-Forwarded-Proto
X-TTL
X-Version
X-Px
X-NF-Request-ID
X-Amz-Rid
DynaTrace
X-Cached
Realpath
X-Shard
TCN
Fastly-Restarts
Edge-Cache-Tag
MicrosoftSharePointTeamServices
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Ezoic-Cdn
Arr-Disable-Session-Affinity
X-Recruiting
X-MSEdge-Ref
X-Shield-Request-Id
Access-Control-Request-Method
X-Pinterest-Rid
Pinterest-Version
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-Ser
X-SRCache-Fetch-Status
S
X-Fastly-Request-ID
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Nginx-Cache
X-XRDS-Location
Front-End-Https
X-Accel-Expires
X-DIS-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-Goog-Storage-Class
X-Ttl
X-Id
X-Element-Page-Cache
X-Varnish-Age
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-T
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
X-Fastcgi-Cache
Cache-Tag
X-HS-Content-Id
NR-ENABLED
X-HS-Hub-Id
X-Frontend
X-Content-Digest
Powered
X-Hits
X-Correlation-Id
X-RateLimit-Remaining
X-Kinsta-Cache
X-HS-Cache-Config
X-Litespeed-Cache
X-Grace
X-FTR-Cache-Host
ServerID
X-Webapp-Samesite-None-Activated-N
X-Aspnetmvc-Version
X-Webkit-Csp
Alternate-Protocol
TP-L2-Cache
TP-Cache
X-Hp-Webp
X-Node-Name
X-Cache-Hit
X-Request-Received
X-Request-Processing-Time
X-Forwarded-For
PB-PID
PB-RID
X-Ah-Environment
X-Request-Handler-Origin-Region
X-N
X-Microsite
AR-CACHE
Arc-Version
AR-ATIME
X-Mobile-Rewrite
Ar-Sid
AR-PoweredBy
AMP-Access-Control-Allow-Source-Origin
Server-Name
X-Zen-Fury
X-Content-Type
X-User-Agent
X-Rid
Healthy
Backend-Timing
X-Revision
X-Analytics
Server-Node
X-LB-Cache
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-Logged-In
X-Az
X-Activity-Id
Cache-Status
X-AppVersion
X-HS-Combine-CSS
X-Srv
Retry-After
X-IPLB-Instance
X-Oneagent-Js-Injection
X-FastCGI-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cached-By
X-Pad
X-NWS-LOG-UUID
Accept-CH
X-Via-JSL
Accept-CH-Lifetime
X-Type
Paypal-Debug-Id
X-Varnish-Grace
X-GUploader-UploadID
X-Mobile-URL
X-Ruxit-Js-Agent
X-B3-Sampled
FilterID
X-Content-Options
Refresh
X-F-Cache
AR-Request-ID
X-Cache-Age
X-Geo-Country
X-FB-Debug
X-Instance
X-Debug-Info
X-Tumblr-Pixel-0
Accept-Charset
X-Tumblr-User
X-Tumblr-Pixel
Access-Control-Allow-Method
Upgrade-Insecure-Requests
X-App-Environment
Host
Source
X-AOL-HN
X-Request-Guid
X-Page-Id
X-Jobs
X-Cluster
Actual-Object-TTL
X-B
X-PHP-Backend
X-Framework
X-Varnish-Backend
DC
X-Erf-Bev-Bev
X-Seen-By
X-Erf-Bev-Bev-Is-Generated
X-WebKit-CSP-Report-Only
X-Cache-Key
X-ATG-Version
Fastcgi-Useragent
MS-CV
X-Whom
X-Content-Powered-By
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-TT
X-PressLabs-Stats
X-Git-Hash
X-Cache-2
X-Host-Name
X-Cache-Control
X-Esi
X-Cache-TTL
Cache
X-Amz-Replication-Status
Surrogate-Key
X-TA-CDN-Provider
X-Wix-Request-Id
X-Cache-Operation
X-Cache-Rule
X-Signature
X-B-Cache
Frame-Options
X-Kong-Proxy-Latency
X-Response-Served-From
NGB
X-Kong-Upstream-Latency
X-FW-Type
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Static
Host-Header
X-Daa-Tunnel
X-Time
X-Forwarded-Host
X-UA
Xserver
X-Origin-Server
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Cache-Tv-Group
X-Cache-NE
X-GeoIP
X-Mobile
X-Cache-Action
Webserver
X-TX-ID
X-Region
X-RequestSource
WPE-Backend
Cleartype
Payment
Eomportal-Instance
Filters
X-Hyper-Cache
X-Drupal-Cache-Tags
X-Cacheable-TTL
X-B3-Traceid
X-Handled-By
From-Origin
X-Adobe-Content
X-Adobe-Loc
X-Cache-Enabled
X-UA-Device-Type
X-SERVER
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
X-App-Server
Datacenter
Ms-Operation-Id
X-RTag
Tracecode
X-NewRelic-App-Data
X-Cache-TTL-Remaining
X-Hostname
X-Akamai-Transformed
X-Load-Cache
X-Status
X-Contextid
X-Cache-Server
X-Edge-Location
Liferay-Portal
X-XRDS-LOCATION
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-BCube-Filmed-By
X-TT-TIMESTAMP
X-Varnish-Hostname
Odigeo-Trace-Id
X-Varnish-Server
X-FW-Dynamic
X-Rule
Server-Info
X-RateLimit-Limit
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
X-Cache-Var-Map
Load-Balancing
X-Path-Route
Meta-Geo
Country
X-Viewer-Country
X-Xfnlog-Site
Version
X-IP
X-Via-Fastly
X-OCL
X-UUID
Cache-Tags
X-PCL
X-Debug-Cache
DB-Nickname
X-CCM
X-Rocket-Nginx-Bypass
X-Cache-Config
X-Loop
Azure-SlotName
Cache-Name
Azure-SiteName
Azure-Version
X-EIG-Tracking-Id
X-Proxy
X-Pubstack
X-R9-Blue-Green-Version
X-Proto
X-Origin-Response-Time
Azure-InstanceId
X-FC-Vary-Parameters
X-Origin-Hint
Azure-RegionName
L5d-Success-Class
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Version
Webcakes-Region
X-From
X-Cache-Time
X-Cache-Host
X-Akamai-Request-ID
TWC-GeoIP-Country
TWC-Device-Class
X-Info
X-Labrador-Cache-Channel
X-Real-IP
Fastly-SSL
Mn-Server-Ip
X-Hosted-By
TWC-Connection-Speed
S-Rt
Property-Id
X-Drupal-Cache-Contexts
X-Origin
X-Origin-CC
X-ServerID
X-TNCMS
X-Upgrade-Enabled
X-Web-Node
X-Varnish-Cache-Hits
X-ATS-Timestamp
X-Origin-TTL
X-Redis-Cache
X-Rendered-As
Origin-Cache-Control
X-JoinUs
Origin-Edge-Control
X-Format
DSUID
Ec-Rule-Version
X-FireWall-Port
X-Www-Served-By
X-Content-Age
Release
X-Akamai-Request-ID2
X-Cluster-Name
X-ApacheServer
X-Backend-Name
X-Access
Viewport
S-Cnection
Selected-Fe
X-Generated
Decoy-Debug-TTL
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Human
X-Section
X-PERF
Decoy-Debug-Status
X-Proxy-Build
X-Timing-Wait
X-VCT
Decoy-Debug-Key
X-VCache
X-Time-Microsecs
NGX
X-Varnish-Hits
X-Vgn-Hpd-Reason
X-Soup
X-NWS-UUID-VERIFY
X-Site-Version
X-Locale
X-Storage
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Is-Bot
X-Oss-Hash-Crc64ecma
Rt-Fastcgi-Cache
X-Guploader-Uploadid
X-ProxyCache-Status
Uber-Trace-Id
X-BYPASS-REASON
Cache-Key
X-ProxyCache-Key
X-Webkit-CSP
X-WA-Info
Cteonnt-Length
GEO-INFO
Vix-Hermes-Req-Id
X-PHP-Host
X-GoCache-CacheStatus
X-ORACLE-APMCS-TAG
X-Cache-Backend
X-ORACLE-APMCS-REQUEST-ID
X-Generated-By
X-Amzn-Remapped-Content-Length
X-SS-Set-Cookie
X-Hit
X-NCache
X-App-Version
Cache-Hits
X-Cache-Grace
X-Cache-Remote
Time
X-Backend-TTL
Akamai-GRN
X-Accel-Buffering
Origin
X-Trace-Id
X-Nginx-Cache-Key
X-Device-Type
X-APP-VERSION
X-CS
X-Tumblr-Pixel-3
X-Presslabs-Stats
X-FB-TRIP-ID
Accept-Language
X-L-Path
X-OVcl
X-Environment-Context
X-OVcl-Cache
X-No-Session
X-CF-Powered-By
X-S
X-SaId
X-MServer
X-Tb
Mime-Version
X-Uri
X-URL
X-B3-SpanId
Access-Control-Request-Headers
X-Cluster-Node
Hostname
Fastcgi-X-Cache-Version
X-SayCDN-TTL
X-Via-CDN
X-UnsetCookies
X-Say-TTL
X-Say-Cacheable
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-CACHE-KEY
X-Geo
Now
User-Cache-Control
ServerName
X-A
X-VG-WebCache
VivaBuild
X-VG-WebServer
Apple-News-Services-Request-Url
X-A-Ccd
X-A-Dgt
X-A-Wwc
Apple-News-Services-Handled
Apple-News-Services-Host
X-A-Dcw
X-A-Dam
X-Trv-Group
X-Transaction
X-Vtex-Processado-Em
X-Twitter-Response-Tags
T-Server
Rendered-Blocks
IsBot
X-Accel-Expires-Debug
Request-Country
Node
Mobile-Detection-Method
Machine
MD5-Digest
Meta-Geo-Continent
Cross-Origin-Window-Policy
Content-Style-Type
AsisCache
X-Vtex-Remote-Cache
Viewtype
BehaviorPad-Version
Xc-Version
Request-EU
Content-Script-Type
Rt-Proxy-Cache
Arc-Country
X-ARC
X-Destination
X-Detected-As
X-Rojux
X-Hl-Ver
X-Processor
X-S-Cookie
X-PAYTM-SRV-ID
X-DPWN-IS-SECURE
X-Rewrite-Enabled
X-CF-Lambda-Version
X-Region-Sid
X-Aed
X-Request-UUID
X-External-Request-Id
X-G
X-CF-Lambda-Fn
X-Date
X-Connection-Hash
X-FW-Version
X-Svr
X-B-Cookie
Apple-News-Services-Parsed-Url
X-ScT
X-SRCache-Key
X-D
X-Server-Time
X-AIR-PT
X-Session-Fingerprint
X-Application
X-SIPLIST1
X-CSRF-TOKEN
X-Endurance-Cache-Level
X-Hnp-Log
X-Gen-Mode
X-Debug-Cookies
X-Core-Value
CDCHOST
X-Location
X-Debug-Log
X-Clara-WADP
X-Request-URI
X-S-Maxage
X-Cache-Bucket
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Service
Web-Mar-Node
X-Cms-Context
X-Thinkindot-L3
X-Block-Status
X-Cache-Debug
X-Cache-Info
X-Reboot
X-Proxy-Upstream
X-Proxy-Cache-Status
X-NX-Host
RNT-Time
Server-Host
Thinkindot-CacheControl
X-WADP-Cache
Server-Int
X-Matched-Rule
RNT-Machine
Proxy-Connection
Mail-Subject
OT-Force-Account-Verify
X-Cdn-Forward
X-NC
We-Hiring
NtCoent-Length
X-B3-Parentspanid
X-Epic-Correlation-Id
X-Eu-Site
X-Fastly-Cache
X-Distributor
X-Alternate-Cache-Key
X-Dispatch
X-Dispatcher-Server
X-Distil-CS
X-Unique-Id
X-Generated-In
X-Hash
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Has-Esi
X-GeoIP-City
X-Generated-On
X-Generation-Time
X-Geo-Header
X-Developers
X-Debug-Cache-Store
X-Cache-Id
X-Cache-URL
X-Cdn-Srv
X-CGP
X-Cache-FS-Status
X-C
X-Azure-Ref-OriginShield
X-Backend-State
X-BBXSRF
X-Clientip
X-Compress-Hint
X-Instart-Isnd
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-CUA
X-Amz-Meta-Cache-Control
X-Auto-Login
X-App-Name
X-Core-Mission
X-Azure-Ref
X-Is-Gdpr
X-Sorting-Hat-ShopId
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-TrackingId
X-Sorting-Hat-PodId
X-Skip-Cache
X-Server-IP
X-ShardId
X-ShopId
X-Shopify-Stage
X-Up
X-User
X-WebServer
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-We-Are-Hiring
X-VServer
X-Variation
X-VC-Cache
X-VG-TLSProxy
X-SD-PageType
X-Scheme
AKAMAI
X-Magnolia-Registration
X-Method
X-Ms-Request-Id
X-Li-Pop
X-Li-Fabric
X-Varnish-Beresp-Grace
X-JWT-State
X-Key
X-Level-Front-Cache
X-Ms-Version
X-Old-Content-Length
X-RateLimit-Remaining-Second
X-Release
X-Reqid
X-Request-Start
X-RateLimit-Limit-Second
X-Policy
X-Origin-Date
X-Origin-Expires
X-Platform-Server
X-Irp-Debug
X-LI-UUID
Cache-Host
ServedBy
Content-Disposition
Served-By
Adler-Geo
Is-Eu
Kp-EeAlive
W
Magicmarker
Memcached
Countrycode
Section-Io-Cache
PFcat
HA-Ipaddr
Platform
Ha-Gx-Prefs
IBM-Web2-Location
Gh-Request-Id
SD-X-WS
Esi-Enabled
Fastly-Soc-X-Request-Id
Wxu-Next-Commit
True-Client-Country-4JS
Wxu-Next-Region
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
Wxu-Next-Hostname
L
Srv
Cache-Provider
X-Nc
X-Parent-Response-Time
X-LI-Proto
X-MSEdge-Features
X-Swa-Ws
X-Qloud-Router
X-Thanos
X-MSEdge-Flight
X-ServiceProvider
Heartbleed
X-Agile
X-Agile-Id
X-Agile-Age
X-Developer
X-Urbn-Context-Path
X-Internal-Host
X-Dc
Pramga
X-Logging-Id
X-Owner
X-Bip
A
Locale
X-Urbn-Site-Id
X-Vdms-Version
V-Age
X-CDN-Forward
X-Sigma
X-Sigma-Backend
X-NodeID
X-Rocket-Build-Number
Cdnsip
X-Sucuri-Cache
Server-ID
X-B3-Spanid
X-AK-Request-ID
X-Shopify-Generated-Cart-Token
X-Cdn-Origin
Cdncip
X-Sn-Servicetimems
X-Node-Id
X-Planisys-CDN-TTL
X-Sucuri-Id
X-Device-Os
X-Planisys-CDN-Cache
X-Servername
X-Planisys-CDN-Rules
X-GRACE
X-Upstream-Ht
X-Via-NSCOPI
GEO-REGION-INFO
X-Lb-Id
Powered-By-ChinaCache
X-Upstream-Ct
Environment
CF-IPCountry
X-RCS-CacheZone
X-Source
X-EC-Lua
X-Be
X-ND-Cache
X-FPC
X-Trafficlayer-App-Version
X-VHOST
X-Zone
Resin-Trace
X-Microcachable
X-Nginx-Cache
Tcn
X-Servedbyhost
Request-Time
X-Newrelic-Synthetics
X-Req
Locid
X-Tb-Optimization-Total-Bytes-Saved
X-Pjax-Url
X-Ratelimit-Remaining
X-ECACHE
X-ElasticPress-Search
Geo-Info
X-Served-From
X-NGENIX-Cache
X-Gamma-Serve
FNAC-ModuleRouting
X-Instart-Info
X-Oracle-Dms-Rid
X-SRV
X-Backend-Url
X-Sucuri-ID
X-Refresh
Group
X-Pf-Uncompressing
X-Backend-Host
X-TIME
X-Dynatrace
X-VCL-Version
X-AWS-Id
Memory
X-LJ-Flow-ID
X-VWS-Id
Gannett-Cam-Experience-Id
X-COUNTRY
X-GEO
ProcessTime
X-IPS-LoggedIn
CF-Cached-On
Backend-Name
X-Var-Ttl
X-DC
X-Correlation-ID
X-Unique-ID
N-Cache
X-Render-Time
TTL
X-HTML-Minification-Powered-By
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
X-CSRF-Token
Fly-Cache
Lfy
X-NU-AKA-ACS-Version
Cache-Prefix
X-Pod
Pagetype
SRV
PICS-Label
Fly-Request-Id
GeoIp-Country-Code
Geoip-City
Geoip-Latitude
X-Check-Cacheable
X-FORWARDED-FOR
Pics-Label
X-Via-SSL
X-HOST
REQUESTUUID
X-Bc
X-GeoIP-Country-Code
X-Via-Edge
GeoIP-Latitude
GeoIP-Country-Code
X-Worker
GeoIP-City
XServer
Ohc-File-Size
Ohc-Cache-HIT
X-Via-Ucdn
X-Upstream-CT
M-TraceId
X-Sedo-Request-Id
X-Cache-Miss-From
Ttl
X-Vcl-Version
X-APP
Cdn
X-Upstream-HT
X-Ratelimit-Limit
X-Mode
X-CLOUD-TRACE-CONTEXT
X-Server-W
X-Fstrz
X-Fetched-On
X-MP-GENERATED-AT
MIME-Version
X-ZONE
X-Rebelmouse-Cache-Control
X-Fastly-Country-Code
X-Wa
X-Rebelmouse-Surrogate-Control
X-LiteSpeed-Cache-Control
Fastly-SIE
X-PF-Uncompressing
HitType
Fastly-SWR
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Host-ID
Cache-Cookie-Set-Idcheck
X-HS-Status
HostName
X-NGINX-Cache
X-Dynatrace-Js-Agent
User-Agent
X-ServedByHost
Pragrma
On-Server
X-Swift-Error
X-HostName
X-BC
X-Routing-Service
X-Varnish-Ttl
X-Proxied
X-Zipkin-Id
X-Cache-Tag
X-PJAX-URL
X-Aicache-OS
X-Cdn-Request-ID
X-GDPR
X-WR-MODIFICATION
URI
X-Ua
X-Tt-Trace-Tag
Who
X-Edge-Server
X-TT-LOGID
X-WA
Cdn-Request-Time
Cdn-Host
X-TH-Server
CACHE
X-RateLimit-Reset
X-Hello
X-Flog
Powered-By
X-ABtesting
X-BE
X-Fastly-Backend-Reqs
X-Cache-Ttl
X-UPSTREAM-Address
X-Cf-Powered-By
X-SN
X-Edge-O15-RID
CDN
Dynatrace
X-Varnish-URL
SS
Media-Length
X-Org
X-Action
X-Fpc
X-Response-By
X-RSL
X-RPS
X-RPM
X-Varnish-Cacheable
X-DW
X-DI
X-LAGOON
X-DSS
X-DB
X-Request-Time
DataCenter
Get-Access-Time
X-Upstream-Proxy
Server-Id
Is-Session-Tracking
X-ServerName
X-LB-ID
X-Ratelimit-Reset
SN
LB
Debug
X-Ftr-Cache-Host
X-Gen-Id
X-Protected-By
Cneonction
X-Varnish-Beresp-TTL
Requestid
Correlation-Id
Country-Code
RequestUuid
XxX-Cache-Status
X-Varnish-Info
X-Page-Type
X-Nananana
Lb
NnCoection
Product
X-Akamai-ERPolicy
X-Li-Proto
Thinkindot-Cache-Type
X-Akamai-ERRuleID
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-LiteSpeed-Tag
Warning
Application
X-Dw-Trace-Id
RequestId
X-Fastly-Cache-Hits
SID
X-Request-Url