Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Iinfo
X-Language
X-AspNetMvc-Version
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Ua-Compatible
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
EagleId
X-AH-Environment
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Rq
Report-To
X-Ac
EagleEye-TraceId
X-Server-Id
X-Response-Time
X-OneAgent-JS-Injection
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Cloud-Trace-Context
X-Dns-Prefetch-Control
X-Origin-Cache
X-Readtime
X-Cache-Lookup
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
X-Cdn
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Ws-Request-Id
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Upstream-Status
Surrogate-Control
X-Country
Rating
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
X-Akam-SW-Version
Pinterest-Generated-By
X-Varnish-TTL
X-PC
X-Vname
X-TtlSet
X-MS-InvokeApp
X-Ruxit-JS-Agent
X-Instart-Request-ID
Edge-Control
X-Url
Verso
X-Mod-Pagespeed
X-Powered-By-Plesk
SPRequestGuid
Accept-Ch
X-D2id
X-Sol
X-Trace
X-Middleton-Response
Response
Pagespeed
X-Middleton-Display
Display
X-SharePointHealthScore
X-VARITI-CCR
RTSS
X-B3-TraceId
X-Kinja
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
Service-Worker-Allowed
X-Server-Name
X-Server-ID
X-GitHub-Request-Id
X-ESI
SPIisLatency
SPRequestDuration
X-Vcache
X-Navigation-Version
X-Powered-CMS
Content-MD5
X-Debug
X-Abt-Application-Version
X-Vcap-Request-Id
X-CST
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
Public-Key-Pins
Charset
MS-Author-Via
X-Upstream
X-TTL
X-Forwarded-Proto
X-Version
X-Amz-Rid
X-Px
X-NF-Request-ID
X-Cached
DynaTrace
Realpath
X-Shard
Edge-Cache-Tag
TCN
Fastly-Restarts
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Ezoic-Cdn
X-Recruiting
X-MSEdge-Ref
X-Shield-Request-Id
Access-Control-Request-Method
Pinterest-Version
X-Pinterest-Rid
X-DynaTrace-JS-Agent
X-XRDS-Location
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
X-Fastly-Request-ID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Nginx-Cache
Front-End-Https
X-Accel-Expires
X-DIS-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-Goog-Storage-Class
X-Ttl
X-Id
X-Varnish-Age
X-Element-Page-Cache
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-T
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
X-RateLimit-Remaining
NR-ENABLED
X-HS-Hub-Id
Cache-Tag
X-HS-Content-Id
X-Frontend
X-Content-Digest
X-Hits
Powered
X-Correlation-Id
X-Kinsta-Cache
X-HS-Cache-Config
X-Litespeed-Cache
X-Fastcgi-Cache
X-Grace
X-FTR-Cache-Host
ServerID
X-Webapp-Samesite-None-Activated-N
X-Aspnetmvc-Version
X-Webkit-Csp
Alternate-Protocol
TP-Cache
TP-L2-Cache
X-Node-Name
X-Hp-Webp
X-Cache-Hit
X-Request-Received
X-Request-Processing-Time
X-Forwarded-For
PB-RID
PB-PID
X-Request-Handler-Origin-Region
X-N
X-Microsite
X-Ah-Environment
Arc-Version
X-Mobile-Rewrite
AR-ATIME
AR-PoweredBy
AR-CACHE
AMP-Access-Control-Allow-Source-Origin
Server-Name
X-Zen-Fury
X-Content-Type
Ar-Sid
X-Rid
X-User-Agent
Healthy
Server-Node
Backend-Timing
X-Revision
X-Analytics
X-FastCGI-Cache
X-Content-Security-Policy-Report-Only
X-LB-Cache
X-Akamai-Edgescape
X-Logged-In
X-Activity-Id
Cache-Status
X-Az
X-AppVersion
X-HS-Combine-CSS
X-Srv
Retry-After
X-IPLB-Instance
X-GUploader-UploadID
X-Amzn-RequestId
X-Pad
X-Amz-Apigw-Id
X-Oneagent-Js-Injection
X-NWS-LOG-UUID
X-Cached-By
Accept-CH
X-Via-JSL
Accept-CH-Lifetime
X-Type
Paypal-Debug-Id
X-Varnish-Grace
X-Mobile-URL
X-Ruxit-Js-Agent
X-B3-Sampled
FilterID
X-F-Cache
Refresh
AR-Request-ID
X-Content-Options
X-Cache-Age
X-Geo-Country
X-Tumblr-User
X-Instance
X-Tumblr-Pixel-0
X-Debug-Info
X-FB-Debug
Accept-Charset
X-Tumblr-Pixel
Access-Control-Allow-Method
Upgrade-Insecure-Requests
Source
X-Jobs
Host
X-App-Environment
X-AOL-HN
X-Request-Guid
X-Cluster
X-Page-Id
Actual-Object-TTL
X-B
X-Erf-Bev-Bev-Is-Generated
X-PHP-Backend
X-Erf-Bev-Bev
X-Framework
X-Varnish-Backend
DC
X-Seen-By
X-WebKit-CSP-Report-Only
X-ATG-Version
X-Cache-Key
MS-CV
Fastcgi-Useragent
X-Content-Powered-By
X-Whom
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-TT
X-PressLabs-Stats
X-Git-Hash
X-Cache-2
X-Host-Name
X-Cache-Control
X-Esi
X-Amz-Replication-Status
Cache
X-Cache-TTL
Surrogate-Key
X-Wix-Request-Id
X-TA-CDN-Provider
X-Cache-Rule
X-Cache-Operation
Frame-Options
X-Signature
X-B-Cache
X-FW-Serve
NGB
X-FW-Hash
X-FW-Server
X-Kong-Proxy-Latency
X-FW-Type
X-FW-Static
X-Daa-Tunnel
X-Kong-Upstream-Latency
X-Response-Served-From
Host-Header
X-Time
X-UA
X-Forwarded-Host
X-Origin-Server
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Drupal-Cache-Tags
X-Cache-NE
X-Mobile
Webserver
Filters
Cleartype
Eomportal-Instance
X-Cache-Action
Payment
WPE-Backend
X-Region
X-Hyper-Cache
X-TX-ID
X-GeoIP
X-RequestSource
X-Adobe-Loc
X-Cacheable-TTL
X-B3-Traceid
X-Handled-By
X-Adobe-Content
Xserver
X-UA-Device-Type
X-SERVER
X-Cache-Enabled
From-Origin
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
X-App-Server
X-RTag
Datacenter
Ms-Operation-Id
Tracecode
X-Cache-TTL-Remaining
X-Hostname
X-Akamai-Transformed
X-Load-Cache
X-NewRelic-App-Data
X-Status
X-Contextid
X-Cache-Server
Liferay-Portal
X-Edge-Location
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-BCube-Filmed-By
X-TT-TIMESTAMP
X-RateLimit-Limit
X-Varnish-Hostname
Odigeo-Trace-Id
X-Varnish-Server
Server-Info
X-FW-Dynamic
X-Rule
X-Path-Route
X-Cache-Var-Map
X-RN-RSRV
X-ES-SERVER
X-Cache-Var
Load-Balancing
Meta-Geo
Country
X-Viewer-Country
X-Xfnlog-Site
X-Rocket-Nginx-Bypass
X-IP
X-Cache-Config
X-PCL
X-Debug-Cache
X-OCL
X-CCM
X-UUID
DB-Nickname
Version
X-Via-Fastly
Cache-Tags
Webcakes-App-Version
TWC-Privacy
X-Drupal-Cache-Contexts
Webcakes-App-Name
X-Akamai-Request-ID
X-Cache-Time
X-Cache-Host
X-Redis-Cache
Webcakes-Region
TWC-Device-Class
Property-Id
Azure-Version
Azure-SlotName
Cache-Name
Mn-Server-Ip
Fastly-SSL
L5d-Success-Class
Azure-SiteName
Azure-RegionName
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-FC-Vary-Parameters
TWC-Connection-Speed
Azure-InstanceId
S-Rt
TWC-Locale-Group
X-EIG-Tracking-Id
X-Origin-Hint
X-Origin-Response-Time
X-Origin
X-Loop
X-Labrador-Cache-Channel
X-Real-IP
X-Proto
X-Origin-CC
X-Pubstack
X-R9-Blue-Green-Version
X-Proxy
X-Origin-TTL
X-ServerID
X-Hosted-By
X-Web-Node
X-From
X-Varnish-Cache-Hits
X-Info
X-ATS-Timestamp
X-TNCMS
X-Upgrade-Enabled
S-Cnection
X-Www-Served-By
X-Rendered-As
X-Section
Release
Origin-Edge-Control
X-VCT
Origin-Cache-Control
X-PERF
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cluster-Name
X-Human
X-Content-Age
X-Generated
Ec-Rule-Version
X-Format
X-JoinUs
X-Backend-Name
X-FireWall-Port
X-Proxy-Build
Viewport
X-Access
X-ApacheServer
X-Akamai-Request-ID2
Selected-Fe
X-Timing-Wait
Decoy-Debug-Key
Decoy-Debug-Status
X-XRDS-LOCATION
Decoy-Debug-TTL
DSUID
X-VCache
X-Soup
X-Time-Microsecs
NGX
X-Varnish-Hits
X-Vgn-Hpd-Reason
X-NWS-UUID-VERIFY
X-Site-Version
X-Locale
X-Storage
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
Rt-Fastcgi-Cache
X-Is-Bot
X-URL
Uber-Trace-Id
X-BYPASS-REASON
X-ProxyCache-Key
Cache-Key
X-ProxyCache-Status
X-WA-Info
Cteonnt-Length
GEO-INFO
Vix-Hermes-Req-Id
X-PHP-Host
X-Generated-By
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-GoCache-CacheStatus
X-Cache-Backend
X-Cache-Grace
X-Amzn-Remapped-Content-Length
Cache-Hits
X-Hit
X-App-Version
X-SS-Set-Cookie
X-NCache
X-Backend-TTL
X-Tec-Api-Root
X-Cache-Remote
X-Tec-Api-Origin
Time
X-Tec-Api-Version
X-Guploader-Uploadid
Akamai-GRN
X-Accel-Buffering
Origin
X-Trace-Id
X-APP-VERSION
X-Nginx-Cache-Key
X-CS
X-Device-Type
X-Tumblr-Pixel-3
X-Presslabs-Stats
Accept-Language
X-FB-TRIP-ID
X-OVcl-Cache
X-OVcl
X-L-Path
X-Environment-Context
X-No-Session
X-CF-Powered-By
X-S
X-SaId
X-MServer
X-Tb
Hostname
X-Cluster-Node
X-Uri
Access-Control-Request-Headers
X-B3-SpanId
X-Say-Cacheable
X-Via-CDN
Fastcgi-X-Cache-Version
X-UnsetCookies
X-Say-TTL
X-SayCDN-TTL
Mime-Version
X-CACHE-KEY
X-CSRF-TOKEN
User-Cache-Control
Now
ServerName
X-Geo
Xc-Version
MD5-Digest
X-Application
X-Processor
X-G
IsBot
Mobile-Detection-Method
Apple-News-Services-Parsed-Url
X-B-Cookie
Node
X-Hl-Ver
Rendered-Blocks
Request-Country
Apple-News-Services-Host
X-ARC
Apple-News-Services-Handled
X-PAYTM-SRV-ID
Request-EU
X-External-Request-Id
Meta-Geo-Continent
X-Accel-Expires-Debug
X-Svr
Viewtype
VivaBuild
X-SRCache-Key
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Transaction
X-Trv-Group
Apple-News-Services-Request-Url
X-A-Dgt
X-Destination
X-Request-UUID
X-SIPLIST1
X-D
X-Date
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-ScT
X-A
X-Session-Fingerprint
Cross-Origin-Window-Policy
X-Connection-Hash
X-Server-Time
X-Twitter-Response-Tags
X-FW-Version
X-Vtex-Remote-Cache
X-CF-Lambda-Version
X-DPWN-IS-SECURE
X-Vtex-Processado-Em
Machine
X-Aed
X-AIR-PT
Arc-Country
Rt-Proxy-Cache
AsisCache
X-CF-Lambda-Fn
BehaviorPad-Version
Content-Style-Type
X-VG-WebServer
X-Detected-As
T-Server
X-A-Wwc
X-VG-WebCache
X-Region-Sid
Content-Script-Type
X-Endurance-Cache-Level
X-Debug-Log
X-Gen-Mode
X-Hnp-Log
X-Cache-Info
X-Debug-Cookies
CDCHOST
X-Cms-Context
X-Cache-Bucket
X-Clara-WADP
X-Cache-Debug
X-Core-Value
RNT-Machine
X-NC
X-Reboot
Server-Int
Server-Host
X-WADP-Cache
RNT-Time
X-Proxy-Cache-Status
X-Proxy-Upstream
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Service
Web-Mar-Node
X-S-Maxage
X-Request-URI
X-CDN-Forward
Thinkindot-Control
X-Thinkindot-L3
X-NX-Host
Srv
Proxy-Connection
X-Location
X-Matched-Rule
Mail-Subject
We-Hiring
X-Block-Status
OT-Force-Account-Verify
X-Sorting-Hat-PodId
NtCoent-Length
X-ShardId
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShopId
X-B3-Parentspanid
X-Sorting-Hat-ShopId
X-Backend-State
X-Auto-Login
X-Cdn-Srv
X-Core-Mission
X-7Graus-Varnish-XKeys
X-BBXSRF
X-C
X-Cache-FS-Status
X-Azure-Ref
X-CGP
X-Cache-URL
X-Amz-Meta-Cache-Control
X-Clientip
X-CUA
X-App-Name
X-Compress-Hint
X-Cache-Id
X-Azure-Ref-OriginShield
X-Magnolia-Registration
X-WebServer
X-RateLimit-Limit-Second
X-We-Are-Hiring
X-7Graus-Varnish-Cache-Control
X-VServer
X-RateLimit-Remaining-Second
X-Webstats-RespID
X-Wikidot-Backend
X-Origin-Date
X-Old-Content-Length
X-Origin-Expires
X-Platform-Server
X-Wikidot-Static-Cache
X-Policy
X-VG-TLSProxy
X-VC-Cache
X-Request-Start
X-SVT-ORM-RULES
X-Skip-Cache
X-Server-IP
X-Scheme
X-SD-PageType
X-SVT-ORM-VERSION
X-Reqid
X-Release
X-Variation
X-User
X-Up
X-TrackingId
X-Ms-Version
X-Ms-Request-Id
X-Fastly-Cache
X-Eu-Site
X-Generated-In
X-Generated-On
X-Geo-Header
X-Generation-Time
X-Epic-Correlation-Id
X-Distributor
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Developers
X-Dispatch
X-Distil-CS
X-Dispatcher-Server
X-GeoIP-City
X-Has-Esi
X-Level-Front-Cache
X-Key
X-Li-Fabric
X-Li-Pop
X-Method
X-LI-UUID
X-JWT-State
X-Is-Gdpr
X-IN-APIGATEWAY
X-Hash
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Irp-Debug
X-Debug-Cache-Expiry
Platform
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Fastly-Soc-X-Request-Id
IBM-Web2-Location
Is-Eu
Memcached
Magicmarker
L
Kp-EeAlive
Esi-Enabled
Countrycode
X-Varnish-Beresp-Grace
X-Parent-Response-Time
Wxu-Next-Region
X-Unique-Id
X-Varnish-Beresp-Ttl
Adler-Geo
Content-Disposition
Cache-Host
AKAMAI
PFcat
X-Varnish-Beresp-Status
Wxu-Next-Hostname
SD-X-WS
ServedBy
Served-By
W
Section-Io-Cache
True-Client-Country-4JS
Wxu-Next-Commit
Cache-Provider
X-Dc
X-Nc
X-Agile-Id
X-Urbn-Context-Path
X-Developer
X-Logging-Id
X-LI-Proto
X-Agile-Age
A
X-Internal-Host
X-Cdn-Forward
X-ServiceProvider
X-Agile
Heartbleed
X-Urbn-Site-Id
X-Owner
Pramga
X-Swa-Ws
X-Bip
X-Vdms-Version
X-Qloud-Router
Locale
X-MSEdge-Features
V-Age
X-Thanos
X-MSEdge-Flight
X-Shopify-Generated-Cart-Token
X-Rocket-Build-Number
X-Sn-Servicetimems
Cdncip
X-NodeID
X-B3-Spanid
X-Sigma
X-AK-Request-ID
Cdnsip
X-Cdn-Origin
X-Sucuri-Cache
Server-ID
X-Sigma-Backend
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Node-Id
X-Device-Os
CF-IPCountry
X-Servername
X-Sucuri-Id
X-GRACE
X-Via-NSCOPI
X-Upstream-Ct
GEO-REGION-INFO
Powered-By-ChinaCache
X-Upstream-Ht
X-Lb-Id
X-EC-Lua
X-RCS-CacheZone
Environment
X-Be
X-ND-Cache
X-FPC
X-Source
X-Servedbyhost
X-Trafficlayer-App-Version
X-VHOST
X-Zone
X-Nginx-Cache
Tcn
X-Microcachable
Request-Time
X-Newrelic-Synthetics
X-Webkit-CSP
X-Tb-Optimization-Total-Bytes-Saved
Locid
Resin-Trace
X-Req
X-NGENIX-Cache
X-Pjax-Url
X-Instart-Info
X-Oracle-Dms-Rid
FNAC-ModuleRouting
X-Gamma-Serve
X-ElasticPress-Search
X-ECACHE
X-Served-From
Geo-Info
X-SRV
X-TIME
X-Refresh
X-Backend-Host
X-Pf-Uncompressing
X-VCL-Version
X-Backend-Url
Group
X-Sucuri-ID
X-Dynatrace
X-GEO
X-IPS-LoggedIn
CF-Cached-On
X-DC
X-LJ-Flow-ID
Gannett-Cam-Experience-Id
Memory
X-AWS-Id
X-Var-Ttl
X-COUNTRY
X-VWS-Id
Backend-Name
X-Unique-ID
X-Correlation-ID
X-Render-Time
X-HTML-Minification-Powered-By
X-Ratelimit-Remaining
Amp-Access-Control-Allow-Source-Origin
N-Cache
XServer
ProcessTime
Geoip-Latitude
Cache-Prefix
GeoIp-Country-Code
Pics-Label
Geoip-City
PICS-Label
Fly-Cache
X-Check-Cacheable
X-Pod
X-NU-AKA-ACS-Version
Lfy
TTL
X-FORWARDED-FOR
Pagetype
Cf-Ipcountry
Fly-Request-Id
X-Worker
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
M-TraceId
REQUESTUUID
X-GeoIP-Country-Code
Ttl
X-Bc
X-Via-SSL
X-Via-Edge
X-CSRF-Token
SRV
Ohc-Cache-HIT
Ohc-File-Size
X-Via-Ucdn
Cdn
X-APP
MIME-Version
X-Cache-Miss-From
X-Upstream-HT
X-Sedo-Request-Id
X-Upstream-CT
X-CLOUD-TRACE-CONTEXT
X-Mode
X-Fstrz
X-Vcl-Version
X-LiteSpeed-Cache-Control
X-Server-W
X-Fetched-On
X-ZONE
X-MP-GENERATED-AT
X-Wa
X-Fastly-Country-Code
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Fastly-SWR
Fastly-SIE
X-PF-Uncompressing
HitType
X-Ratelimit-Limit
Host-ID
HostName
Cache-Cookie-Set-From
X-HS-Status
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-NGINX-Cache
X-Dynatrace-Js-Agent
User-Agent
X-PJAX-URL
Pragrma
On-Server
X-BC
X-Zipkin-Id
X-Proxied
X-HostName
X-Routing-Service
X-Swift-Error
X-ServedByHost
X-Cache-Tag
X-Aicache-OS
X-Cdn-Request-ID
URI
X-Ua
X-GDPR
X-WR-MODIFICATION
X-Tt-Trace-Tag
Cdn-Request-Time
Who
Cdn-Host
X-WA
X-Edge-Server
X-TT-LOGID
X-TH-Server
CACHE
X-RateLimit-Reset
X-BE
Powered-By
X-UPSTREAM-Address
X-Flog
X-Edge-O15-RID
X-Cf-Powered-By
X-Cache-Ttl
X-SN
X-Fastly-Backend-Reqs
X-Hello
CDN
X-ABtesting
Dynatrace
X-LAGOON
X-Varnish-Cacheable
X-Fpc
Media-Length
X-Varnish-URL
X-Response-By
X-DW
X-Org
X-RPS
X-DSS
X-DI
SS
X-Action
X-DB
X-RSL
X-RPM
DataCenter
X-Request-Time
Server-Id
X-Ratelimit-Reset
Debug
X-Upstream-Proxy
SN
LB
Is-Session-Tracking
Get-Access-Time
X-LB-ID
X-ServerName
X-Ftr-Cache-Host
X-Varnish-Beresp-TTL
Requestid
Cneonction
X-Protected-By
AR-SID
X-Gen-Id
Processtime
Thinkindot-Cache-Type
X-Li-Proto
NnCoection
Lb
X-Nananana
RequestUuid
X-Dw-Trace-Id
XxX-Cache-Status
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Amzn-Remapped-Connection
Country-Code
X-Page-Type
Product
Application
RequestId
Warning
X-Request-Url
Correlation-Id
X-Amzn-Remapped-Date
X-LiteSpeed-Tag
SID
X-Fastly-Cache-Hits