Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-Cache-Status
Pragma
Link
X-Powered-By
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
X-AspNetMvc-Version
Upgrade
Access-Control-Expose-Headers
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-CDN
X-Drupal-Dynamic-Cache
CF-Ray
X-Turbo-Charged-By
X-Via
X-Ua-Compatible
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-AH-Environment
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Server
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-Dns-Prefetch-Control
X-Ac
Report-To
EagleEye-TraceId
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Server-Id
X-Response-Time
X-Cdn
X-Cnection
Request-Id
X-Host
X-Backend-Server
X-DataDome
Content-Location
X-Cloud-Trace-Context
X-Node
X-Origin-Cache
X-Readtime
X-Cache-Lookup
X-Vhost
NEL
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
X-Country
Surrogate-Control
Rating
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
Pinterest-Generated-By
X-Goog-Hash
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-Ws-Request-Id
X-Akam-SW-Version
X-MS-InvokeApp
X-Vname
X-PC
X-TtlSet
X-Url
X-Ruxit-JS-Agent
X-Instart-Request-ID
Accept-Ch
X-Varnish-TTL
X-B3-TraceId
X-Aspnetmvc-Version
Edge-Control
Verso
X-Powered-By-Plesk
SPRequestGuid
X-Mod-Pagespeed
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Display
X-D2id
X-SharePointHealthScore
X-Trace
X-VARITI-CCR
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
X-Server-ID
RTSS
Accept-Ch-Lifetime
X-Server-Name
Service-Worker-Allowed
X-ESI
X-GitHub-Request-Id
SPIisLatency
SPRequestDuration
Pagespeed
X-Navigation-Version
X-CST
X-Powered-CMS
X-Debug
X-Vcap-Request-Id
X-Abt-Application-Version
Content-MD5
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Ah-Environment
X-Vcache
X-Px
MS-Author-Via
X-Version
X-Upstream
Charset
X-Amz-Rid
X-NF-Request-ID
X-Forwarded-Proto
X-TTL
DynaTrace
Realpath
X-Cached
X-Shard
Fastly-Restarts
TCN
X-Recruiting
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
Edge-Cache-Tag
X-Pinterest-Rid
Pinterest-Version
Arr-Disable-Session-Affinity
X-MSEdge-Ref
X-Shield-Request-Id
Access-Control-Request-Method
X-DynaTrace-JS-Agent
Nginx-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
S
X-Goog-Stored-Content-Length
X-Ser
Front-End-Https
X-Fastly-Request-ID
X-XRDS-Location
X-Accel-Expires
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Goog-Storage-Class
X-Ttl
X-Id
X-Varnish-Age
X-Element-Page-Cache
X-Client-IP
X-T
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-FTR-Expires
X-Webkit-Csp
X-SERVER
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
X-RateLimit-Remaining
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Fastcgi-Cache
NR-ENABLED
X-Fastcgi-Cache
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
X-Content-Digest
X-Hits
Powered
X-Correlation-Id
X-Forwarded-For
X-Kinsta-Cache
Cache-Tag
X-Grace
X-Litespeed-Cache
ServerID
AR-ATIME
AR-CACHE
Ar-Sid
AR-PoweredBy
X-FTR-Cache-Host
X-HS-Cache-Config
TP-L2-Cache
TP-Cache
X-Cache-Hit
X-Node-Name
PB-PID
PB-RID
X-N
AMP-Access-Control-Allow-Source-Origin
Arc-Version
Alternate-Protocol
X-Mobile-Rewrite
X-Request-Received
X-Request-Processing-Time
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Type
X-Srv
X-Zen-Fury
X-Hp-Webp
X-User-Agent
X-Rid
Server-Name
Server-Node
X-Revision
Backend-Timing
X-Analytics
Healthy
X-LB-Cache
X-Webapp-Samesite-None-Activated-N
X-Via-JSL
Cache-Status
X-Activity-Id
X-AppVersion
X-Az
Retry-After
X-Content-Security-Policy-Report-Only
X-FastCGI-Cache
X-Akamai-Edgescape
X-Logged-In
Paypal-Debug-Id
AR-Request-ID
X-IPLB-Instance
X-Oneagent-Js-Injection
X-Type
X-Amzn-RequestId
X-Amz-Apigw-Id
X-NWS-LOG-UUID
X-Cached-By
X-HS-Combine-CSS
X-Pad
X-Varnish-Grace
X-GUploader-UploadID
X-Ruxit-Js-Agent
X-Cache-Age
FilterID
X-B3-Sampled
X-Mobile-URL
X-F-Cache
X-Content-Options
X-Tumblr-Pixel
Refresh
X-FB-Debug
X-Tumblr-Pixel-0
X-Geo-Country
X-Tumblr-User
Accept-Charset
X-Debug-Info
X-Instance
X-Cluster
X-Jobs
X-Request-Guid
Host
Access-Control-Allow-Method
X-App-Environment
X-AOL-HN
X-Page-Id
X-Seen-By
Source
X-B
Actual-Object-TTL
X-Framework
X-Erf-Bev-Bev
DC
X-Erf-Bev-Bev-Is-Generated
X-PHP-Backend
X-Whom
Upgrade-Insecure-Requests
MS-CV
X-WebKit-CSP-Report-Only
X-Cache-Key
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Fastcgi-Useragent
X-Content-Powered-By
X-ATG-Version
X-Host-Name
X-Cache-2
X-Git-Hash
X-PressLabs-Stats
X-Time
X-TT
X-Cache-Control
X-TA-CDN-Provider
X-Cache-TTL
X-Esi
Surrogate-Key
X-Cache-Operation
X-Cache-Rule
Accept-CH-Lifetime
X-Amz-Replication-Status
X-Forwarded-Host
Cache
X-Wix-Request-Id
X-Daa-Tunnel
Frame-Options
X-Kong-Upstream-Latency
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Type
X-Kong-Proxy-Latency
X-FW-Static
Accept-CH
X-Response-Served-From
NGB
X-B-Cache
X-Signature
Xserver
X-Origin-Server
X-Mobile
Host-Header
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Cache-Tv-Group
X-Cache-Action
X-Drupal-Cache-Tags
X-GeoIP
WPE-Backend
X-UA-Device-Type
X-TX-ID
X-Cache-NE
X-RequestSource
X-Region
Webserver
X-Hyper-Cache
Tracecode
Filters
Eomportal-Instance
X-VCache
Payment
X-Cacheable-TTL
X-Adobe-Content
From-Origin
X-Adobe-Loc
X-Webkit-CSP
X-Handled-By
X-App-Server
Cleartype
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
X-Cache-Enabled
X-UA
X-RTag
Ms-Operation-Id
Datacenter
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-Status
X-Contextid
X-Hostname
X-RateLimit-Limit
X-Load-Cache
X-NewRelic-App-Data
X-Cache-Server
Liferay-Portal
X-Yottaa-Optimizations
X-XRDS-LOCATION
X-BCube-Filmed-By
X-Yottaa-Metrics
X-Edge-Location
X-TT-TIMESTAMP
Odigeo-Trace-Id
X-FW-Dynamic
X-Varnish-Hostname
Server-Info
Meta-Geo
X-RN-RSRV
X-Cache-Var
Load-Balancing
X-ES-SERVER
Version
X-Cache-Var-Map
X-Varnish-Server
X-IP
X-Path-Route
X-Xfnlog-Site
X-Viewer-Country
X-Rule
X-UUID
X-Debug-Cache
X-Cache-Config
Cache-Tags
X-OCL
DB-Nickname
X-PCL
X-Rocket-Nginx-Bypass
Country
X-CCM
Azure-SlotName
Cache-Name
Azure-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
S-Rt
X-Info
X-Hosted-By
X-Via-Fastly
X-Web-Node
X-Labrador-Cache-Channel
X-Proto
X-Proxy
X-Loop
X-Varnish-Cache-Hits
X-Upgrade-Enabled
X-Real-IP
X-FC-Vary-Parameters
X-EIG-Tracking-Id
X-From
X-Pubstack
X-TNCMS
X-ServerID
X-Cache-Host
X-Akamai-Request-ID
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-Drupal-Cache-Contexts
Property-Id
X-R9-Blue-Green-Version
Mn-Server-Ip
X-Origin
TWC-GeoIP-LatLong
X-Origin-Response-Time
Webcakes-App-Version
Webcakes-Region
X-Origin-Hint
Webcakes-App-Name
TWC-Locale-Group
TWC-Privacy
Fastly-SSL
L5d-Success-Class
Selected-Fe
S-Cnection
X-Access
X-Akamai-Request-ID2
X-Backend-Name
X-ApacheServer
Release
GEO-INFO
DSUID
Decoy-Debug-TTL
Ec-Rule-Version
Origin-Cache-Control
Origin-Edge-Control
X-Cache-Time
X-Cluster-Name
X-Rendered-As
X-Proxy-Build
X-Section
X-Time-Microsecs
X-VCT
X-Timing-Wait
X-PERF
X-JoinUs
X-Format
X-Content-Age
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Human
Decoy-Debug-Status
X-FireWall-Port
Decoy-Debug-Key
X-Redis-Cache
X-Soup
X-Varnish-Hits
X-Origin-TTL
X-Vgn-Hpd-Reason
X-Origin-CC
Rt-Fastcgi-Cache
X-App-Version
X-NWS-UUID-VERIFY
X-Www-Served-By
Viewport
X-Storage
X-Site-Version
X-WA-Info
X-Locale
NGX
X-Cache-Grace
Cache-Key
X-Guploader-Uploadid
X-Is-Bot
Vix-Hermes-Req-Id
X-ProxyCache-Key
X-Cache-Remote
Uber-Trace-Id
X-BYPASS-REASON
Cteonnt-Length
X-ProxyCache-Status
X-GoCache-CacheStatus
X-Hit
X-ATS-Timestamp
Cache-Hits
X-Oss-Hash-Crc64ecma
X-NCache
X-Oss-Object-Type
X-B3-SpanId
X-Backend-TTL
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
Time
X-PHP-Host
X-SS-Set-Cookie
Origin
X-Generated-By
X-Cache-Backend
X-Device-Type
X-CS
X-Trace-Id
X-Amzn-Remapped-Content-Length
Mime-Version
X-CF-Powered-By
X-Tumblr-Pixel-3
Akamai-GRN
Accept-Language
Hostname
X-OVcl
X-Presslabs-Stats
X-OVcl-Cache
X-UnsetCookies
X-S
X-Accel-Buffering
X-Nginx-Cache-Key
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Via-CDN
X-FB-TRIP-ID
X-Cluster-Node
X-No-Session
X-Uri
X-L-Path
X-Environment-Context
Fastcgi-X-Cache-Version
X-URL
X-Cdn-Forward
X-B3-Traceid
X-MServer
X-Tb
Now
X-Tec-Api-Root
Access-Control-Request-Headers
X-Tec-Api-Version
X-FW-Version
X-Tec-Api-Origin
X-CACHE-KEY
X-Say-TTL
User-Cache-Control
X-Say-Cacheable
ServerName
X-SayCDN-TTL
Mobile-Detection-Method
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Xc-Version
Machine
Content-Script-Type
Content-Style-Type
Cross-Origin-Window-Policy
BehaviorPad-Version
AsisCache
Apple-News-Services-Request-Url
IsBot
Meta-Geo-Continent
MD5-Digest
Arc-Country
Apple-News-Services-Host
X-A-Wwc
X-DPWN-IS-SECURE
X-Detected-As
X-External-Request-Id
X-G
X-Hl-Ver
X-Destination
X-Date
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
X-Svr
X-PAYTM-SRV-ID
X-SRCache-Key
X-S-Cookie
X-Session-Fingerprint
X-Server-Time
X-ScT
X-Rojux
X-Rewrite-Enabled
X-Processor
X-SIPLIST1
X-Region-Sid
X-Request-UUID
X-D
X-Connection-Hash
VivaBuild
Viewtype
X-A
X-A-Ccd
X-A-Dcw
T-Server
Rt-Proxy-Cache
Node
Rendered-Blocks
Request-Country
Request-EU
X-A-Dgt
X-Accel-Expires-Debug
X-ARC
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Application
X-AIR-PT
X-Vtex-Processado-Em
X-Aed
X-VG-WebServer
X-VG-WebCache
X-Vtex-Remote-Cache
X-A-Dam
X-APP-VERSION
X-NC
OT-Force-Account-Verify
X-Endurance-Cache-Level
X-SaId
X-CSRF-TOKEN
X-Cache-Debug
X-Developer
X-WADP-Cache
X-Cache-Bucket
X-Proxy-Cache-Status
X-Matched-Rule
A
X-Reboot
X-Debug-Log
X-Debug-Cookies
X-Cms-Context
Thinkindot-CacheControl
X-Clara-WADP
X-Thinkindot-L3
X-Cache-Info
X-Block-Status
CDCHOST
X-NX-Host
X-Proxy-Upstream
X-S-Maxage
X-Request-URI
Server-Host
X-Hnp-Log
RNT-Time
Web-Mar-Node
RNT-Machine
We-Hiring
X-Location
Thinkindot-Control
Mail-Subject
Server-Int
Thinkindot-CacheControl-Type
X-Gen-Mode
ServedBy
X-Parent-Response-Time
Proxy-Connection
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Origin-Date
X-Azure-Ref
X-Origin-Expires
X-BBXSRF
X-Azure-Ref-OriginShield
X-Backend-State
X-Request-Start
W
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-C
Wxu-Next-Region
X-7Graus-Varnish-Cache-Control
X-Reqid
X-Release
Wxu-Next-Hostname
Wxu-Next-Commit
X-Policy
X-Platform-Server
X-App-Name
X-7Graus-Varnish-XKeys
X-Alternate-Cache-Key
X-Amz-Meta-Cache-Control
X-Auto-Login
X-Clientip
X-Generated-On
X-Generation-Time
X-Has-Esi
X-Hash
X-Generated-In
X-Li-Pop
X-Eu-Site
X-Fastly-Cache
X-LI-UUID
X-Li-Fabric
X-Level-Front-Cache
X-Is-Gdpr
X-JWT-State
X-Key
X-Irp-Debug
X-Internal-Host
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Epic-Correlation-Id
X-Magnolia-Registration
X-CGP
X-Compress-Hint
X-Core-Mission
X-CUA
X-Cdn-Srv
X-Cdn-Origin
X-Cache-Id
X-Old-Content-Length
X-Cache-URL
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Dispatcher-Server
X-Distil-CS
X-Distributor
X-Dispatch
X-Developers
X-Debug-Cache-Store
X-Ms-Version
X-Ms-Request-Id
X-Cache-FS-Status
True-Client-Country-4JS
X-TrackingId
X-Wikidot-Static-Cache
X-Skip-Cache
Adler-Geo
X-Shopify-Stage
X-ShardId
X-ShopId
Fastly-Soc-X-Request-Id
X-Sn-Servicetimems
Memcached
HA-Ipaddr
IBM-Web2-Location
Is-Eu
Ha-Gx-Prefs
Gh-Request-Id
X-Sorting-Hat-PodId
Magicmarker
X-Sorting-Hat-ShopId
X-Up
Esi-Enabled
Cache-Host
Section-Io-Cache
SD-X-WS
X-SD-PageType
Served-By
X-VServer
X-Webstats-RespID
X-WebServer
X-We-Are-Hiring
X-VG-TLSProxy
X-Server-IP
X-User
X-Wikidot-Backend
Platform
Kp-EeAlive
X-Service
X-Variation
Content-Disposition
Countrycode
X-Nc
NtCoent-Length
X-B3-Parentspanid
X-Geo
Cache-Provider
Pramga
X-ServiceProvider
X-LI-Proto
X-Urbn-Site-Id
X-Scheme
PFcat
X-Urbn-Context-Path
X-MSEdge-Flight
X-MSEdge-Features
V-Age
X-GeoIP-City
X-Dc
X-Geo-Header
L
X-VC-Cache
X-Sucuri-Id
X-Node-Id
X-Bip
Heartbleed
Locale
X-SVT-ORM-RULES
X-Device-Os
X-Owner
X-SVT-ORM-VERSION
X-Swa-Ws
X-Core-Value
X-Agile-Age
X-Agile
X-Qloud-Router
AKAMAI
X-Agile-Id
X-Method
X-Logging-Id
X-Thanos
Srv
X-Vdms-Version
X-NodeID
Server-ID
X-Lb-Id
X-Servername
X-EC-Lua
X-GRACE
X-Sigma
Cdncip
Cdnsip
X-AK-Request-ID
X-Rocket-Build-Number
X-Unique-Id
X-Shopify-Generated-Cart-Token
CF-IPCountry
GEO-REGION-INFO
X-Sigma-Backend
X-Sucuri-Cache
X-Newrelic-Synthetics
Environment
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Request-Time
X-CDN-Forward
X-FPC
X-Be
X-VHOST
X-Via-NSCOPI
X-Upstream-Ht
X-Pjax-Url
Powered-By-ChinaCache
X-Upstream-Ct
X-NGENIX-Cache
X-ECACHE
X-GEO
X-ND-Cache
X-Microcachable
X-Tb-Optimization-Total-Bytes-Saved
X-Servedbyhost
X-Instart-Info
X-ElasticPress-Search
Tcn
Resin-Trace
X-Zone
X-RCS-CacheZone
X-B3-Spanid
Group
X-Backend-Url
X-Trafficlayer-App-Version
X-Nginx-Cache
X-Source
X-Backend-Host
X-Ratelimit-Remaining
X-Oracle-Dms-Rid
CF-Cached-On
X-Var-Ttl
Backend-Name
X-Unique-ID
Locid
X-Req
N-Cache
X-IPS-LoggedIn
Memory
Ohc-File-Size
Ohc-Cache-HIT
SRV
X-Dynatrace
X-VCL-Version
X-Served-From
FNAC-ModuleRouting
Lfy
Gannett-Cam-Experience-Id
X-COUNTRY
Pagetype
X-Gamma-Serve
Fly-Request-Id
X-LJ-Flow-ID
Fly-Cache
Cache-Prefix
X-DC
X-AWS-Id
X-VWS-Id
Cf-Ipcountry
X-Correlation-ID
X-Refresh
X-Pf-Uncompressing
TTL
X-Check-Cacheable
X-Worker
Amp-Access-Control-Allow-Source-Origin
Cdn
X-Upstream-CT
X-Upstream-HT
X-CSRF-Token
Geoip-Latitude
X-Pod
Geoip-City
GeoIp-Country-Code
X-Cache-Miss-From
PICS-Label
X-Sucuri-ID
Geo-Info
X-Via-Ucdn
X-Sedo-Request-Id
Pics-Label
X-Bc
REQUESTUUID
ProcessTime
X-Via-SSL
GeoIP-City
GeoIP-Latitude
X-Via-Edge
X-Fetched-On
GeoIP-Country-Code
X-Server-W
X-Render-Time
XServer
PageSpeed
X-TIME
X-APP
Ttl
X-Rebelmouse-Surrogate-Control
X-HTML-Minification-Powered-By
X-Wa
X-Rebelmouse-Cache-Control
Fastly-SIE
X-Vcl-Version
X-Ua
M-TraceId
Fastly-SWR
X-NU-AKA-ACS-Version
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-PF-Uncompressing
X-HS-Status
X-LiteSpeed-Cache-Control
X-GeoIP-Country-Code
X-Fstrz
X-Mode
X-SRV
X-ZONE
X-Tt-Trace-Tag
X-Upstream-Proxy
X-Ratelimit-Reset
X-GDPR
X-Fastly-Country-Code
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Dynatrace-Js-Agent
X-ServedByHost
HitType
On-Server
Pragrma
Cdn-Request-Time
X-Edge-Server
X-NGINX-Cache
X-Cache-Tag
Cdn-Host
User-Agent
X-Swift-Error
MIME-Version
X-Varnish-Ttl
X-MP-GENERATED-AT
X-HostName
X-SN
X-FORWARDED-FOR
HostName
X-Aicache-OS
Host-ID
URI
X-WR-MODIFICATION
Who
SS
X-TT-LOGID
X-Flog
X-Org
X-Response-By
X-BC
X-Hello
X-ABtesting
X-WA
CACHE
X-RateLimit-Reset
X-Cdn-Request-ID
X-UPSTREAM-Address
X-DB
X-Edge-O15-RID
X-RPS
X-RSL
X-Fastly-Backend-Reqs
SN
X-RPM
X-PJAX-URL
X-DI
X-Cache-Ttl
X-BE
X-DSS
X-Action
X-DW
Dynatrace
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-LAGOON
Requestid
X-Varnish-URL
X-Varnish-Cacheable
X-TH-Server
X-Cf-Powered-By
X-Fpc
DataCenter
Lb
Powered-By
RequestUuid
X-ServerName
Debug
X-Page-Type
Country-Code
Get-Access-Time
CDN
Server-Id
Is-Session-Tracking
LB
X-Ftr-Cache-Host
XxX-Cache-Status
X-SB
X-VC
X-Gen-Id
X-Nananana
X-Varnish-Beresp-TTL
X-Protected-By
Media-Length
X-Request-Url
Warning
X-MID
RequestId
UCS
NnCoection
X-LB-ID
X-LiteSpeed-Tag
X-Li-Proto
X-Amzn-Remapped-Connection
X-Akamai-ERRuleID
X-MCACHE
Thinkindot-Cache-Type
X-Tt-Trace-Host
X-Amzn-Remapped-Date
X-Akamai-ERPolicy
X-Edge
X-Dw-Trace-Id
Application
X-Fastly-Cache-Hits
Correlation-Id
SID
Xet-Cookie
Product