Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Request-ID
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
X-Content-Security-Policy
Status
X-AspNetMvc-Version
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Ua-Compatible
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
EagleId
X-AH-Environment
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-WebKit-CSP
X-Dns-Prefetch-Control
Report-To
X-Ac
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Response-Time
X-Server-Id
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Cloud-Trace-Context
X-Origin-Cache
X-Readtime
X-Cdn
X-Cache-Lookup
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
Surrogate-Control
X-Country
X-Ws-Request-Id
Rating
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Pinterest-Generated-By
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
X-Akam-SW-Version
X-Varnish-TTL
X-TtlSet
X-PC
X-MS-InvokeApp
X-Vname
X-Instart-Request-ID
X-Ruxit-JS-Agent
Accept-Ch
X-Url
Edge-Control
Verso
X-Powered-By-Plesk
X-Mod-Pagespeed
SPRequestGuid
X-B3-TraceId
X-D2id
X-Middleton-Response
X-Sol
Response
Display
X-Middleton-Display
X-Trace
X-SharePointHealthScore
X-VARITI-CCR
Pagespeed
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
RTSS
X-Exp-Variant
Service-Worker-Allowed
X-Server-ID
Accept-Ch-Lifetime
X-Server-Name
X-ESI
X-GitHub-Request-Id
SPIisLatency
SPRequestDuration
X-Navigation-Version
X-Powered-CMS
X-Debug
X-Abt-Application-Version
Content-MD5
X-Vcache
X-CST
X-Vcap-Request-Id
Public-Key-Pins
X-Amz-Server-Side-Encryption
MS-Author-Via
X-Upstream
Charset
X-Px
X-Version
X-Amz-Rid
X-NF-Request-ID
X-Forwarded-Proto
X-TTL
DynaTrace
X-Cached
X-Aspnetmvc-Version
Realpath
X-Shard
TCN
Fastly-Restarts
X-Recruiting
MicrosoftSharePointTeamServices
Edge-Cache-Tag
X-Ezoic-Cdn
Arr-Disable-Session-Affinity
X-MSEdge-Ref
X-Pinterest-Rid
Pinterest-Version
Access-Control-Request-Method
X-Shield-Request-Id
X-DynaTrace-JS-Agent
X-TEC-API-VERSION
X-TEC-API-ROOT
X-XRDS-Location
X-TEC-API-ORIGIN
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Nginx-Cache
X-Ser
S
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Fastly-Request-ID
Front-End-Https
X-Accel-Expires
X-Ah-Environment
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Goog-Storage-Class
X-Ttl
X-Id
X-Client-IP
X-Varnish-Age
X-Element-Page-Cache
X-T
X-FTR-Backend
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-Country-Code-Real
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
X-FTR-Expires
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Amzn-Trace-Id
X-RateLimit-Remaining
X-Dw-Request-Base-Id
Fastcgi-Cache
NR-ENABLED
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
X-Content-Digest
Powered
Cache-Tag
X-Hits
X-Correlation-Id
X-Kinsta-Cache
X-Fastcgi-Cache
X-Litespeed-Cache
X-Grace
X-HS-Cache-Config
ServerID
X-FTR-Cache-Host
X-Forwarded-For
AR-ATIME
AR-CACHE
AR-PoweredBy
TP-Cache
X-Webkit-Csp
TP-L2-Cache
X-Cache-Hit
Alternate-Protocol
X-Node-Name
Ar-Sid
X-Request-Received
PB-RID
X-Hp-Webp
X-Request-Processing-Time
PB-PID
X-Request-Handler-Origin-Region
X-Microsite
X-Webapp-Samesite-None-Activated-N
X-N
X-Mobile-Rewrite
AMP-Access-Control-Allow-Source-Origin
Arc-Version
X-Zen-Fury
X-Content-Type
Server-Name
X-FastCGI-Cache
X-Rid
X-User-Agent
X-Revision
Server-Node
Backend-Timing
Healthy
X-Analytics
X-Srv
X-LB-Cache
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-Az
X-AppVersion
Cache-Status
X-Activity-Id
X-Logged-In
Retry-After
X-Via-JSL
X-SERVER
X-IPLB-Instance
X-HS-Combine-CSS
X-Oneagent-Js-Injection
Paypal-Debug-Id
X-GUploader-UploadID
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cached-By
X-Type
X-NWS-LOG-UUID
X-Pad
AR-Request-ID
X-Varnish-Grace
X-Ruxit-Js-Agent
FilterID
X-Mobile-URL
X-B3-Sampled
X-Cache-Age
X-F-Cache
X-Content-Options
Refresh
X-Geo-Country
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Instance
Accept-Charset
X-Debug-Info
X-FB-Debug
Source
Access-Control-Allow-Method
Host
X-AOL-HN
X-Jobs
X-Page-Id
X-Request-Guid
X-App-Environment
X-Cluster
X-B
X-Seen-By
X-Framework
Actual-Object-TTL
X-Erf-Bev-Bev-Is-Generated
X-PHP-Backend
DC
X-Erf-Bev-Bev
Upgrade-Insecure-Requests
X-Varnish-Backend
X-WebKit-CSP-Report-Only
MS-CV
X-Cache-Key
X-Whom
X-ATG-Version
Fastcgi-Useragent
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Powered-By
X-TT
X-Cache-2
X-PressLabs-Stats
X-Git-Hash
X-Host-Name
X-Cache-Control
X-Esi
X-Cache-TTL
X-TA-CDN-Provider
Surrogate-Key
Accept-CH-Lifetime
X-Time
X-Amz-Replication-Status
Cache
X-Cache-Operation
X-Cache-Rule
X-Wix-Request-Id
Frame-Options
Accept-CH
X-FW-Static
X-FW-Hash
X-FW-Type
X-Kong-Upstream-Latency
X-Forwarded-Host
X-FW-Server
X-Kong-Proxy-Latency
X-FW-Serve
X-Response-Served-From
X-B-Cache
NGB
X-Signature
X-Daa-Tunnel
Host-Header
X-Origin-Server
Cache-Tv-Group
X-Mobile
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RequestSource
X-Cache-NE
Eomportal-Instance
X-Drupal-Cache-Tags
WPE-Backend
Webserver
Filters
X-Cache-Action
Payment
X-GeoIP
X-Hyper-Cache
X-TX-ID
X-Region
X-UA-Device-Type
X-Cacheable-TTL
X-Adobe-Loc
From-Origin
X-Adobe-Content
X-Handled-By
X-UA
Cleartype
Xserver
X-Cache-Enabled
X-RemovedCookies
X-App-Server
Tracecode
X-ProcessESI
X-EdgeConnect-Cache-Status
X-RTag
Ms-Operation-Id
Datacenter
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-NewRelic-App-Data
X-Hostname
X-Status
X-Contextid
X-Load-Cache
X-RateLimit-Limit
Liferay-Portal
X-VCache
X-Cache-Server
X-Edge-Location
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-BCube-Filmed-By
X-B3-Traceid
X-TT-TIMESTAMP
Odigeo-Trace-Id
X-Varnish-Hostname
X-FW-Dynamic
X-Varnish-Server
Server-Info
X-Rule
X-RN-RSRV
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
X-Path-Route
X-ES-SERVER
Load-Balancing
Version
X-Viewer-Country
X-Xfnlog-Site
X-IP
X-Debug-Cache
X-Cache-Config
X-OCL
X-PCL
X-Rocket-Nginx-Bypass
X-CCM
Country
DB-Nickname
X-UUID
Cache-Tags
X-Cache-Host
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
X-Akamai-Request-ID
X-Drupal-Cache-Contexts
Webcakes-Region
X-EIG-Tracking-Id
TWC-Connection-Speed
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Cache-Name
Azure-Version
Fastly-SSL
L5d-Success-Class
TWC-Device-Class
TWC-GeoIP-Country
X-From
S-Rt
Mn-Server-Ip
Property-Id
TWC-GeoIP-LatLong
X-FC-Vary-Parameters
X-Origin-Hint
X-Origin-Response-Time
X-Origin
X-ServerID
X-R9-Blue-Green-Version
X-Proto
X-Proxy
X-Origin-TTL
X-Real-IP
X-Origin-CC
X-Pubstack
X-TNCMS
X-Loop
X-Via-Fastly
X-Hosted-By
X-Web-Node
X-Varnish-Cache-Hits
X-Info
X-Labrador-Cache-Channel
X-Upgrade-Enabled
X-Cache-Time
Origin-Cache-Control
Origin-Edge-Control
Decoy-Debug-TTL
Ec-Rule-Version
X-Section
X-Timing-Wait
X-Rendered-As
X-VCT
X-Proxy-Build
X-Human
X-Content-Age
X-Cluster-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-FireWall-Port
Decoy-Debug-Status
X-JoinUs
X-Backend-Name
Selected-Fe
S-Cnection
X-Format
X-PERF
X-ApacheServer
X-Access
Release
X-Akamai-Request-ID2
Decoy-Debug-Key
X-XRDS-LOCATION
X-Redis-Cache
X-Soup
X-Varnish-Hits
X-Time-Microsecs
X-Vgn-Hpd-Reason
DSUID
NGX
X-Locale
Rt-Fastcgi-Cache
Viewport
X-Www-Served-By
X-Storage
X-Site-Version
X-NWS-UUID-VERIFY
GEO-INFO
X-ATS-Timestamp
X-WA-Info
X-Is-Bot
Cache-Key
X-URL
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-App-Version
Uber-Trace-Id
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
Cteonnt-Length
Vix-Hermes-Req-Id
X-GoCache-CacheStatus
X-Cache-Grace
X-Hit
X-Webkit-CSP
Cache-Hits
X-PHP-Host
X-NCache
X-Cache-Remote
X-Generated-By
X-Cache-Backend
X-Backend-TTL
Time
X-SS-Set-Cookie
X-Amzn-Remapped-Content-Length
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Guploader-Uploadid
Akamai-GRN
Origin
X-Trace-Id
X-CS
X-ORACLE-APMCS-REQUEST-ID
X-Device-Type
X-ORACLE-APMCS-TAG
Accept-Language
X-Accel-Buffering
X-Tumblr-Pixel-3
X-CF-Powered-By
X-Nginx-Cache-Key
X-Presslabs-Stats
X-OVcl
X-OVcl-Cache
X-B3-SpanId
Hostname
X-S
X-FB-TRIP-ID
X-UnsetCookies
X-No-Session
X-Environment-Context
X-L-Path
X-Via-CDN
Mime-Version
X-APP-VERSION
X-Cluster-Node
Fastcgi-X-Cache-Version
X-MServer
X-Uri
X-Tb
Access-Control-Request-Headers
X-CSRF-TOKEN
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-SaId
X-CACHE-KEY
Now
ServerName
X-FW-Version
User-Cache-Control
X-Vtex-Remote-Cache
X-VG-WebServer
X-Vtex-Processado-Em
Machine
Xc-Version
Apple-News-Services-Host
IsBot
BehaviorPad-Version
Content-Script-Type
Content-Style-Type
AsisCache
Arc-Country
Cross-Origin-Window-Policy
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Request-Country
X-Connection-Hash
X-D
VivaBuild
X-A
X-CF-Lambda-Version
X-Date
Viewtype
T-Server
X-DPWN-IS-SECURE
X-Detected-As
X-Destination
X-CF-Lambda-Fn
X-B-Cookie
X-A-Ccd
X-A-Dgt
X-A-Dam
X-A-Dcw
X-A-Wwc
X-Accel-Expires-Debug
X-ARC
X-Application
X-AIR-PT
X-Aed
X-External-Request-Id
X-G
X-Transaction
X-Trv-Group
X-Svr
X-SRCache-Key
X-SIPLIST1
X-Twitter-Response-Tags
X-VG-WebCache
Meta-Geo-Continent
Mobile-Detection-Method
Node
Rendered-Blocks
X-Session-Fingerprint
X-Server-Time
X-Region-Sid
X-Processor
X-PAYTM-SRV-ID
X-Hl-Ver
X-Request-UUID
X-Rewrite-Enabled
Request-EU
X-ScT
X-S-Cookie
X-Rojux
MD5-Digest
Rt-Proxy-Cache
Proxy-Connection
X-NC
X-Endurance-Cache-Level
OT-Force-Account-Verify
RNT-Time
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Cache-Info
Server-Host
X-S-Maxage
X-Request-URI
RNT-Machine
X-Geo
X-NX-Host
X-Debug-Cookies
X-Debug-Log
X-Hnp-Log
X-Gen-Mode
X-Location
X-Matched-Rule
CDCHOST
X-Cache-Debug
X-Cms-Context
X-Clara-WADP
X-Reboot
Server-Int
X-WADP-Cache
Thinkindot-CacheControl-Type
Thinkindot-Control
Mail-Subject
Thinkindot-CacheControl
X-Thinkindot-L3
We-Hiring
X-Cache-Bucket
X-Block-Status
Web-Mar-Node
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Cdn-Forward
X-Varnish-Beresp-Grace
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Alternate-Cache-Key
NtCoent-Length
X-Distil-CS
X-Distributor
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Dispatch
X-Developers
X-Debug-Cache-Expiry
X-Developer
X-Compress-Hint
X-Eu-Site
X-Cdn-Srv
X-BBXSRF
X-Cache-URL
X-Cache-Id
X-Cache-FS-Status
X-C
X-Backend-State
X-CGP
X-App-Name
X-Core-Mission
X-CUA
X-Auto-Login
X-Clientip
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Amz-Meta-Cache-Control
X-Instart-Isnd
X-Shopify-Stage
X-ShopId
X-Skip-Cache
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
X-Server-IP
X-Release
X-Reqid
X-Request-Start
X-SD-PageType
X-TrackingId
X-Up
X-Wikidot-Backend
X-Webstats-RespID
X-Wikidot-Static-Cache
X-Core-Value
X-Service
X-WebServer
X-We-Are-Hiring
X-User
X-Variation
X-VG-TLSProxy
X-VServer
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-7Graus-Varnish-XKeys
X-IN-APIGATEWAYSSL
X-Internal-Host
X-Irp-Debug
X-Is-Gdpr
X-IN-APIGATEWAY
X-Hash
X-Generated-In
X-Generated-On
X-Generation-Time
X-Has-Esi
X-JWT-State
X-Level-Front-Cache
X-Origin-Date
X-Old-Content-Length
X-Origin-Expires
X-Platform-Server
X-Policy
X-Ms-Version
X-Ms-Request-Id
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Magnolia-Registration
X-Fastly-Cache
X-Key
Content-Disposition
Magicmarker
Is-Eu
ServedBy
W
A
Memcached
Section-Io-Cache
Served-By
True-Client-Country-4JS
Cache-Host
SD-X-WS
Platform
Wxu-Next-Commit
Ha-Gx-Prefs
Kp-EeAlive
HA-Ipaddr
X-Parent-Response-Time
X-7Graus-Varnish-Cache-Control
IBM-Web2-Location
Wxu-Next-Hostname
Gh-Request-Id
Countrycode
Wxu-Next-Region
Fastly-Soc-X-Request-Id
Adler-Geo
Esi-Enabled
Srv
X-B3-Parentspanid
X-Nc
Cache-Provider
X-ServiceProvider
Pramga
X-MSEdge-Features
X-Dc
X-Logging-Id
X-LI-Proto
Heartbleed
Locale
X-Swa-Ws
X-Owner
X-CDN-Forward
X-MSEdge-Flight
X-Qloud-Router
X-Vdms-Version
X-Method
X-Agile-Id
X-GeoIP-City
X-VC-Cache
X-Scheme
V-Age
X-Thanos
X-SVT-ORM-VERSION
X-Geo-Header
X-Bip
AKAMAI
X-Urbn-Site-Id
X-Urbn-Context-Path
X-SVT-ORM-RULES
X-Agile
PFcat
L
X-Agile-Age
X-Unique-Id
X-Device-Os
Server-ID
X-Sn-Servicetimems
X-Sucuri-Id
X-Cdn-Origin
X-NodeID
X-Node-Id
X-Sigma-Backend
X-Shopify-Generated-Cart-Token
X-Sucuri-Cache
X-Sigma
X-AK-Request-ID
Cdncip
Cdnsip
X-Lb-Id
X-Rocket-Build-Number
X-Servername
CF-IPCountry
X-EC-Lua
X-B3-Spanid
X-GRACE
X-Planisys-CDN-Cache
GEO-REGION-INFO
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Environment
X-Via-NSCOPI
X-Upstream-Ct
X-Upstream-Ht
X-FPC
X-Be
Powered-By-ChinaCache
Request-Time
X-Servedbyhost
X-Newrelic-Synthetics
X-VHOST
X-ND-Cache
X-RCS-CacheZone
X-Source
Tcn
Resin-Trace
X-Trafficlayer-App-Version
X-Microcachable
X-Zone
X-Nginx-Cache
X-Instart-Info
X-NGENIX-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-ElasticPress-Search
X-ECACHE
X-Pjax-Url
X-Backend-Host
X-Oracle-Dms-Rid
X-Backend-Url
Group
Locid
X-Req
X-GEO
FNAC-ModuleRouting
X-Served-From
Backend-Name
X-VCL-Version
Memory
CF-Cached-On
X-Var-Ttl
X-Gamma-Serve
X-Unique-ID
X-Dynatrace
X-IPS-LoggedIn
X-Pf-Uncompressing
X-VWS-Id
N-Cache
X-Refresh
X-LJ-Flow-ID
Gannett-Cam-Experience-Id
X-COUNTRY
Geo-Info
X-AWS-Id
X-DC
X-Sucuri-ID
X-Correlation-ID
X-Check-Cacheable
Pagetype
Lfy
Fly-Cache
Fly-Request-Id
X-Ratelimit-Remaining
XServer
Cache-Prefix
Amp-Access-Control-Allow-Source-Origin
Ohc-Cache-HIT
X-TIME
SRV
Ohc-File-Size
X-Pod
Pics-Label
X-Render-Time
TTL
Geoip-Latitude
X-Worker
Geoip-City
GeoIp-Country-Code
Cf-Ipcountry
PICS-Label
X-SRV
X-Upstream-HT
X-Upstream-CT
X-HTML-Minification-Powered-By
X-Via-Ucdn
X-Cache-Miss-From
X-CSRF-Token
Ttl
Cdn
GeoIP-Latitude
X-NU-AKA-ACS-Version
GeoIP-Country-Code
GeoIP-City
X-Via-SSL
X-Via-Edge
REQUESTUUID
ProcessTime
X-Sedo-Request-Id
X-Bc
X-GeoIP-Country-Code
X-Fetched-On
X-Server-W
M-TraceId
X-CLOUD-TRACE-CONTEXT
X-Fstrz
X-Rebelmouse-Surrogate-Control
X-Mode
Fastly-SWR
X-Rebelmouse-Cache-Control
X-LiteSpeed-Cache-Control
X-Wa
X-APP
Fastly-SIE
X-Vcl-Version
X-FORWARDED-FOR
X-ZONE
MIME-Version
X-PF-Uncompressing
X-Ratelimit-Limit
X-Ua
Cache-Cookie-Set-From
X-MP-GENERATED-AT
X-HS-Status
X-Fastly-Country-Code
Cache-Cookie-Set-Lfrom
HitType
Cache-Cookie-Set-Idcheck
X-NGINX-Cache
X-Dynatrace-Js-Agent
Pragrma
X-Tt-Trace-Tag
X-GDPR
User-Agent
HostName
Host-ID
On-Server
X-BC
X-Swift-Error
X-HostName
X-PJAX-URL
X-Cache-Tag
X-Aicache-OS
Cdn-Host
Cdn-Request-Time
X-WR-MODIFICATION
X-ServedByHost
X-Edge-Server
URI
X-Cdn-Request-ID
Who
X-Zipkin-Id
X-WA
X-TT-LOGID
X-SN
PageSpeed
X-Routing-Service
X-Ratelimit-Reset
X-Proxied
X-Upstream-Proxy
X-RateLimit-Reset
CACHE
X-Hello
X-Edge-O15-RID
X-Flog
X-DW
X-ABtesting
X-BE
X-DSS
X-Cache-Ttl
X-RPS
X-RSL
X-RPM
X-Response-By
X-DI
SS
X-TH-Server
X-Action
CDN
X-DB
X-Fastly-Backend-Reqs
X-Cf-Powered-By
X-Org
X-UPSTREAM-Address
Dynatrace
SN
X-Varnish-URL
X-Fpc
X-Varnish-Cacheable
X-LAGOON
Powered-By
DataCenter
Get-Access-Time
Server-Id
Media-Length
Requestid
Is-Session-Tracking
Debug
X-ServerName
LB
X-Ftr-Cache-Host
X-Varnish-Beresp-TTL
X-LB-ID
Country-Code
X-Request-Time
Lb
X-Protected-By
X-Nananana
AR-SID
X-Page-Type
X-Gen-Id
RequestUuid
Processtime
X-Request-Url
XxX-Cache-Status
X-VC
NnCoection
X-SB
X-Dw-Trace-Id
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Warning
X-LiteSpeed-Tag
RequestId
Correlation-Id
X-Fastly-Cache-Hits
Application
SID
X-Li-Proto
Xet-Cookie
Thinkindot-Cache-Type
Product