Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Request-ID
Timing-Allow-Origin
X-Template
X-DNS-Prefetch-Control
X-Language
X-Iinfo
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
X-AspNetMvc-Version
Upgrade
Access-Control-Expose-Headers
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-CDN
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Backend
EagleId
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-AH-Environment
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Server
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Device
X-Cdn
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Dns-Prefetch-Control
X-Rq
X-Ac
Report-To
EagleEye-TraceId
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Server-Id
X-Response-Time
X-Cnection
Request-Id
X-Host
X-Backend-Server
X-DataDome
Content-Location
X-Cloud-Trace-Context
X-Node
X-Origin-Cache
X-Readtime
X-Cache-Lookup
X-Vhost
NEL
X-Aspnetmvc-Version
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
X-EdgeConnect-Origin-MEX-Latency
X-Country
Surrogate-Control
Rating
X-DynaTrace
X-FTR-Request-ID
Pinterest-Generated-By
X-Country-Code
X-Goog-Hash
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Accept-Ch
X-Akam-SW-Version
X-Ws-Request-Id
X-MS-InvokeApp
X-Varnish-TTL
X-PC
X-Ruxit-JS-Agent
X-TtlSet
X-Vname
X-Url
X-Instart-Request-ID
X-B3-TraceId
Edge-Control
X-Powered-By-Plesk
Verso
SPRequestGuid
X-Mod-Pagespeed
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Display
X-D2id
X-Ah-Environment
X-SharePointHealthScore
X-Trace
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-VARITI-CCR
X-Kinja-Build
X-Cdn-Fetch
X-Use-Magma
Accept-Ch-Lifetime
RTSS
Service-Worker-Allowed
X-Server-Name
SPRequestDuration
X-GitHub-Request-Id
SPIisLatency
X-Server-ID
X-Navigation-Version
X-CST
X-SERVER
X-Powered-CMS
X-Debug
Pagespeed
X-Abt-Application-Version
X-Vcap-Request-Id
Public-Key-Pins
Content-MD5
X-ESI
X-Amz-Server-Side-Encryption
X-Px
MS-Author-Via
X-Version
X-Upstream
Charset
X-Amz-Rid
X-Vcache
X-NF-Request-ID
X-Forwarded-Proto
Realpath
DynaTrace
X-Cached
X-Shard
Fastly-Restarts
X-Recruiting
TCN
X-TTL
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
Pinterest-Version
Arr-Disable-Session-Affinity
X-Pinterest-Rid
X-MSEdge-Ref
X-Shield-Request-Id
Edge-Cache-Tag
Access-Control-Request-Method
X-XRDS-Location
X-DynaTrace-JS-Agent
Nginx-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
S
X-Ser
Front-End-Https
X-Fastly-Request-ID
X-Ttl
X-Accel-Expires
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Goog-Storage-Class
X-Id
X-Varnish-Age
X-Element-Page-Cache
X-Client-IP
X-T
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-FTR-Expires
X-RateLimit-Remaining
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
NR-ENABLED
X-HS-Content-Id
X-HS-Hub-Id
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Frontend
X-Content-Digest
X-Hits
X-Correlation-Id
Powered
Ar-Sid
X-Fastcgi-Cache
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Forwarded-For
X-Grace
ServerID
X-Kinsta-Cache
Cache-Tag
X-FTR-Cache-Host
X-Litespeed-Cache
TP-L2-Cache
X-HS-Cache-Config
TP-Cache
X-Cache-Hit
X-N
X-Node-Name
AMP-Access-Control-Allow-Source-Origin
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Content-Type
X-Request-Processing-Time
X-Request-Received
X-Srv
Alternate-Protocol
X-Request-Handler-Origin-Region
X-Microsite
X-Webkit-Csp
X-Zen-Fury
X-Hp-Webp
X-User-Agent
X-Rid
X-FastCGI-Cache
Server-Name
Server-Node
Healthy
X-Analytics
Backend-Timing
X-Via-JSL
X-Revision
X-LB-Cache
AR-Request-ID
X-Az
X-AppVersion
Paypal-Debug-Id
X-Activity-Id
Cache-Status
Retry-After
X-Logged-In
X-Content-Security-Policy-Report-Only
X-Webapp-Samesite-None-Activated-N
X-Akamai-Edgescape
X-GUploader-UploadID
X-IPLB-Instance
X-Type
X-Amz-Apigw-Id
X-Cached-By
X-Amzn-RequestId
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
X-HS-Combine-CSS
X-Esi
X-Cache-Age
X-Varnish-Grace
X-Pad
FilterID
X-B3-Sampled
X-Mobile-URL
X-F-Cache
X-Ruxit-Js-Agent
X-Content-Options
X-Webkit-CSP
Refresh
X-Tumblr-Pixel-0
Accept-Charset
X-Tumblr-Pixel
X-FB-Debug
X-Geo-Country
X-Tumblr-User
X-Instance
X-Debug-Info
X-Cluster
X-App-Environment
X-AOL-HN
X-Seen-By
X-Request-Guid
Source
X-Page-Id
X-Jobs
Access-Control-Allow-Method
Host
Actual-Object-TTL
X-Framework
X-B
DC
X-PHP-Backend
X-Whom
X-Erf-Bev-Bev-Is-Generated
X-PressLabs-Stats
X-Erf-Bev-Bev
X-Cache-Key
Upgrade-Insecure-Requests
MS-CV
Fastcgi-Useragent
VIX-Pulpo-Upstream-Status
X-Time
VIX-Pulpo-Node
X-WebKit-CSP-Report-Only
X-Content-Powered-By
X-Varnish-Backend
X-ATG-Version
X-Cache-2
X-Host-Name
X-Git-Hash
X-TT
X-Cache-Control
X-VCache
X-Cache-TTL
Surrogate-Key
X-Cache-Operation
X-Cache-Rule
X-Forwarded-Host
X-TA-CDN-Provider
X-Amz-Replication-Status
Cache
Frame-Options
X-FW-Type
X-FW-Static
X-FW-Hash
X-Daa-Tunnel
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Wix-Request-Id
X-FW-Server
X-FW-Serve
Accept-CH-Lifetime
Xserver
NGB
X-Response-Served-From
X-Mobile
X-Signature
X-B-Cache
X-Origin-Server
Tracecode
Cache-Tv-Group
X-Tumblr-Pixel-1
Host-Header
X-Tumblr-Pixel-2
Payment
X-Cache-NE
WPE-Backend
Webserver
X-Cache-Action
Filters
X-Region
X-UA-Device-Type
X-GeoIP
X-TX-ID
X-RequestSource
Eomportal-Instance
X-Hyper-Cache
X-Drupal-Cache-Tags
X-Cacheable-TTL
X-Adobe-Content
From-Origin
X-Adobe-Loc
X-Handled-By
X-App-Server
Cleartype
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
X-Cache-Enabled
X-RateLimit-Limit
X-RTag
Ms-Operation-Id
Datacenter
X-UA
X-Cache-TTL-Remaining
X-Status
X-Akamai-Transformed
X-Contextid
X-Hostname
X-NewRelic-App-Data
X-Cache-Server
Accept-CH
Liferay-Portal
X-BCube-Filmed-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-TT-TIMESTAMP
X-Load-Cache
X-Edge-Location
X-FW-Dynamic
Odigeo-Trace-Id
X-Varnish-Hostname
Version
Server-Info
X-IP
X-App-Version
X-Varnish-Server
X-Cache-Var-Map
X-RN-RSRV
X-Path-Route
X-ES-SERVER
X-Cache-Var
Meta-Geo
Load-Balancing
X-Rule
X-Xfnlog-Site
X-Viewer-Country
Cache-Tags
X-OCL
DB-Nickname
Country
X-Cache-Config
X-CCM
X-UUID
X-Debug-Cache
X-PCL
L5d-Success-Class
Fastly-SSL
X-Origin
Cache-Name
X-Origin-Hint
X-Proxy
X-Pubstack
X-R9-Blue-Green-Version
X-Proto
X-Origin-Response-Time
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-Version
X-Loop
X-Cache-Host
X-Akamai-Request-ID
Webcakes-Region
Webcakes-App-Version
X-Info
X-Drupal-Cache-Contexts
X-From
X-FC-Vary-Parameters
X-EIG-Tracking-Id
X-Hosted-By
Webcakes-App-Name
TWC-Privacy
X-Labrador-Cache-Channel
S-Rt
Property-Id
X-Real-IP
TWC-Connection-Speed
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Mn-Server-Ip
Azure-InstanceId
X-Via-Fastly
X-Varnish-Cache-Hits
X-Upgrade-Enabled
X-TNCMS
X-Rocket-Nginx-Bypass
X-Web-Node
X-Content-Age
X-ServerID
X-Akamai-Request-ID2
Decoy-Debug-TTL
DSUID
Decoy-Debug-Status
X-Access
Selected-Fe
Ec-Rule-Version
X-Backend-Name
X-VCT
Origin-Cache-Control
Origin-Edge-Control
S-Cnection
X-Section
X-JoinUs
X-ApacheServer
X-Cache-Time
Release
Decoy-Debug-Key
X-Human
X-Time-Microsecs
X-PERF
X-Format
X-Cluster-Name
X-FireWall-Port
X-Timing-Wait
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Rendered-As
X-Generated
X-Proxy-Build
X-Vgn-Hpd-Reason
X-Redis-Cache
X-Soup
X-Varnish-Hits
X-Origin-CC
X-WA-Info
Rt-Fastcgi-Cache
X-Origin-TTL
X-Locale
X-XRDS-LOCATION
GEO-INFO
X-Site-Version
X-Storage
X-Www-Served-By
Viewport
X-Cache-Grace
Cache-Key
X-NWS-UUID-VERIFY
NGX
X-Is-Bot
X-Cache-Remote
Vix-Hermes-Req-Id
Cteonnt-Length
X-ProxyCache-Status
Uber-Trace-Id
X-B3-SpanId
X-BYPASS-REASON
X-ProxyCache-Key
X-GoCache-CacheStatus
Cache-Hits
X-Hit
X-Backend-TTL
X-NCache
Time
X-ATS-Timestamp
X-PHP-Host
Origin
X-SS-Set-Cookie
X-Oss-Storage-Class
X-Device-Type
X-Oss-Request-Id
X-Generated-By
X-Oss-Server-Time
X-Cache-Backend
X-Trace-Id
X-CF-Powered-By
X-CS
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Mime-Version
X-Amzn-Remapped-Content-Length
X-Tumblr-Pixel-3
X-Guploader-Uploadid
Hostname
Akamai-GRN
Accept-Language
X-OVcl
X-UnsetCookies
X-OVcl-Cache
X-S
X-Accel-Buffering
X-Nginx-Cache-Key
X-Cluster-Node
X-Via-CDN
X-FB-TRIP-ID
Fastcgi-X-Cache-Version
X-ORACLE-APMCS-REQUEST-ID
X-Uri
X-Environment-Context
X-L-Path
X-No-Session
X-ORACLE-APMCS-TAG
Now
X-MServer
X-FW-Version
X-Tb
X-CSRF-TOKEN
Access-Control-Request-Headers
X-NC
X-B3-Traceid
X-URL
X-Say-Cacheable
X-SayCDN-TTL
OT-Force-Account-Verify
X-Cdn-Forward
X-Say-TTL
User-Cache-Control
ServerName
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Machine
X-Connection-Hash
X-D
IsBot
X-Hl-Ver
X-B-Cookie
X-PAYTM-SRV-ID
X-VG-WebCache
Rendered-Blocks
X-Region-Sid
X-ScT
Apple-News-Services-Host
Node
X-Date
X-Server-Time
X-Svr
X-SRCache-Key
X-External-Request-Id
X-Destination
AsisCache
X-G
X-Detected-As
X-SIPLIST1
Content-Script-Type
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Cross-Origin-Window-Policy
X-DPWN-IS-SECURE
Content-Style-Type
X-Session-Fingerprint
BehaviorPad-Version
Request-EU
X-Vtex-Remote-Cache
X-Transaction
X-A
X-A-Ccd
VivaBuild
Viewtype
X-Rojux
X-Rewrite-Enabled
X-CF-Lambda-Fn
X-Tec-Api-Version
X-Tec-Api-Root
X-Request-UUID
X-Accel-Expires-Debug
X-Application
X-A-Wwc
X-A-Dgt
X-A-Dam
X-A-Dcw
X-Tec-Api-Origin
X-ARC
X-Aed
X-Twitter-Response-Tags
T-Server
X-Presslabs-Stats
X-Trv-Group
X-CACHE-KEY
X-VG-WebServer
Rt-Proxy-Cache
X-Vtex-Processado-Em
X-AIR-PT
X-S-Cookie
Xc-Version
X-CF-Lambda-Version
X-Processor
Apple-News-Services-Handled
Request-Country
X-Endurance-Cache-Level
X-Block-Status
X-Cache-Bucket
X-Cache-Debug
X-Cache-Info
X-Cms-Context
Server-Int
Server-Host
RNT-Time
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Web-Mar-Node
Thinkindot-Control
RNT-Machine
X-S-Maxage
X-Debug-Log
CDCHOST
X-Debug-Cookies
X-Request-URI
X-Clara-WADP
X-Thinkindot-L3
X-Developer
A
X-Parent-Response-Time
X-Hnp-Log
X-NX-Host
X-Gen-Mode
X-Matched-Rule
X-WADP-Cache
Mail-Subject
ServedBy
X-Proxy-Upstream
X-Location
X-Proxy-Cache-Status
We-Hiring
X-Reboot
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-SaId
X-Alternate-Cache-Key
X-Varnish-Beresp-Ttl
X-Sucuri-Id
X-ShopId
X-ShardId
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Sorting-Hat-PodId
Proxy-Connection
W
X-Wikidot-Static-Cache
True-Client-Country-4JS
X-Policy
Served-By
X-Li-Fabric
X-CGP
X-Level-Front-Cache
X-Key
X-JWT-State
X-VServer
X-Li-Pop
X-LI-UUID
X-Platform-Server
Section-Io-Cache
SD-X-WS
X-Magnolia-Registration
X-Ms-Request-Id
X-Azure-Ref-OriginShield
X-Origin-Date
X-Azure-Ref
X-Request-Start
X-Old-Content-Length
X-Auto-Login
X-Backend-State
X-Cache-Id
X-Origin-Expires
X-C
X-Cache-FS-Status
X-Release
X-BBXSRF
X-Reqid
X-App-Name
X-Amz-Meta-Cache-Control
X-Is-Gdpr
X-Wikidot-Backend
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
Wxu-Next-Hostname
Wxu-Next-Region
X-Webstats-RespID
X-WebServer
X-Cache-URL
X-We-Are-Hiring
X-Cdn-Origin
X-Cdn-Srv
X-Ms-Version
Wxu-Next-Commit
X-Internal-Host
X-Generation-Time
Content-Disposition
X-Skip-Cache
X-Sn-Servicetimems
X-Generated-In
X-Generated-On
X-User
Countrycode
Fastly-Soc-X-Request-Id
X-Service
X-Hash
X-Irp-Debug
X-Has-Esi
Cache-Host
X-RateLimit-Limit-Second
X-Dispatcher-Server
X-Dispatch
X-Distributor
X-Distil-CS
X-TrackingId
X-Epic-Correlation-Id
Adler-Geo
X-Fastly-Cache
X-RateLimit-Remaining-Second
X-Eu-Site
X-Up
X-Developers
X-Variation
Esi-Enabled
X-IN-APIGATEWAYSSL
Magicmarker
X-IN-APIGATEWAY
X-SD-PageType
Kp-EeAlive
X-Debug-Cache-Store
X-VG-TLSProxy
Memcached
Platform
X-Clientip
X-Compress-Hint
X-Instart-Isnd
X-Core-Mission
Is-Eu
X-CUA
Gh-Request-Id
X-Debug-Cache-Expiry
IBM-Web2-Location
X-Server-IP
X-Debug-Cache-Fetch
HA-Ipaddr
Ha-Gx-Prefs
X-B3-Parentspanid
NtCoent-Length
Cache-Provider
X-Device-Os
X-Owner
X-Method
X-GeoIP-City
X-Qloud-Router
X-Geo-Header
X-Logging-Id
X-Node-Id
X-MSEdge-Features
X-MSEdge-Flight
X-LI-Proto
Locale
Heartbleed
L
X-Thanos
PFcat
X-Swa-Ws
AKAMAI
X-SVT-ORM-RULES
X-Bip
X-SVT-ORM-VERSION
X-Scheme
Pramga
X-Agile-Age
X-Agile-Id
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Agile
V-Age
X-ServiceProvider
X-VC-Cache
X-APP-VERSION
X-Nc
X-Geo
X-Core-Value
Server-ID
X-Lb-Id
X-NodeID
CF-IPCountry
X-Servername
Srv
X-Vdms-Version
X-Dc
X-CDN-Forward
GEO-REGION-INFO
X-GRACE
Environment
X-EC-Lua
X-Sucuri-Cache
X-AK-Request-ID
Cdnsip
X-Shopify-Generated-Cart-Token
Cdncip
X-Unique-Id
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
Request-Time
X-Newrelic-Synthetics
X-Pjax-Url
X-ECACHE
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-GEO
X-NGENIX-Cache
X-Servedbyhost
X-Planisys-CDN-Rules
X-FPC
X-Via-NSCOPI
X-Be
X-Upstream-Ct
Resin-Trace
Powered-By-ChinaCache
X-Upstream-Ht
X-Microcachable
X-Nginx-Cache
X-VHOST
X-Instart-Info
X-Tb-Optimization-Total-Bytes-Saved
X-ElasticPress-Search
X-Zone
Tcn
Group
X-ND-Cache
X-Source
X-Backend-Host
X-Backend-Url
X-B3-Spanid
X-RCS-CacheZone
X-DC
PageSpeed
X-Trafficlayer-App-Version
Backend-Name
Memory
X-Var-Ttl
CF-Cached-On
X-Unique-ID
X-IPS-LoggedIn
Ohc-File-Size
Ohc-Cache-HIT
SRV
X-Oracle-Dms-Rid
N-Cache
X-VCL-Version
Locid
X-VWS-Id
Fly-Request-Id
X-Req
Lfy
Fly-Cache
Cache-Prefix
X-AWS-Id
Pagetype
X-LJ-Flow-ID
X-Dynatrace
X-Upstream-CT
X-Upstream-HT
Geo-Info
X-Served-From
X-COUNTRY
Gannett-Cam-Experience-Id
X-Worker
Cdn
X-Refresh
FNAC-ModuleRouting
X-Gamma-Serve
X-Correlation-ID
GeoIP-Latitude
GeoIP-City
X-Via-Ucdn
X-Check-Cacheable
Amp-Access-Control-Allow-Source-Origin
Pics-Label
X-Ratelimit-Remaining
GeoIP-Country-Code
X-Ua
TTL
X-Sedo-Request-Id
X-Fetched-On
X-Bc
Cf-Ipcountry
X-Pod
Ttl
X-Cache-Miss-From
X-Pf-Uncompressing
X-Server-W
PICS-Label
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Via-Edge
ProcessTime
REQUESTUUID
X-CSRF-Token
X-PF-Uncompressing
X-Wa
Fastly-SIE
Fastly-SWR
Geoip-City
GeoIp-Country-Code
X-Render-Time
Geoip-Latitude
X-Via-SSL
X-Sucuri-ID
X-Upstream-Proxy
XServer
X-Ratelimit-Reset
M-TraceId
X-Datadome
X-APP
X-NU-AKA-ACS-Version
X-HTML-Minification-Powered-By
X-CLOUD-TRACE-CONTEXT
X-GeoIP-Country-Code
X-Fstrz
X-HS-Status
X-Tt-Trace-Tag
X-ZONE
X-Vcl-Version
X-LiteSpeed-Cache-Control
X-Mode
X-SRV
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-GDPR
Cache-Cookie-Set-Idcheck
X-TIME
X-Ratelimit-Limit
X-Edge-Server
Cdn-Host
Cdn-Request-Time
On-Server
X-Fastly-Country-Code
X-Cache-Tag
X-Dynatrace-Js-Agent
User-Agent
X-SN
HitType
Pragrma
MIME-Version
X-MP-GENERATED-AT
X-HostName
X-Swift-Error
X-ABtesting
X-BC
X-Flog
X-Org
X-Aicache-OS
X-Hello
Host-ID
X-BE
X-NGINX-Cache
X-WR-MODIFICATION
HostName
X-FORWARDED-FOR
X-ServedByHost
X-Response-By
URI
SS
Who
X-TT-LOGID
X-WA
CACHE
X-RateLimit-Reset
X-Cdn-Request-ID
X-UPSTREAM-Address
Requestid
X-DW
X-Fastly-Backend-Reqs
X-RPM
X-RPS
X-DB
X-Cache-Ttl
X-DSS
SN
X-Action
X-Edge-O15-RID
X-PJAX-URL
X-DI
X-RSL
X-Routing-Service
X-Zipkin-Id
Dynatrace
X-Proxied
X-Cf-Powered-By
X-LAGOON
X-TH-Server
X-Varnish-URL
X-Varnish-Cacheable
Country-Code
RequestUuid
X-Fpc
X-Page-Type
Lb
DataCenter
LB
X-ServerName
Debug
Server-Id
Powered-By
CDN
Get-Access-Time
Is-Session-Tracking
X-Ftr-Cache-Host
X-Gen-Id
X-Nananana
X-Varnish-Beresp-TTL
X-Edge
Media-Length
X-SB
X-VC
XxX-Cache-Status
X-Tt-Trace-Host
X-Protected-By
X-MCACHE
X-MID
UCS
X-Request-Url
NnCoection
X-LB-ID
RequestId
X-LiteSpeed-Tag
X-Akamai-ERPolicy
Thinkindot-Cache-Type
X-Request-Time
X-Dw-Trace-Id
X-Amzn-Remapped-Connection
X-Akamai-ERRuleID
X-Li-Proto
Xet-Cookie
Warning
Application
X-Fastly-Cache-Hits
X-Amzn-Remapped-Date
SID
Correlation-Id
Product