Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Iinfo
X-Language
X-AspNetMvc-Version
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Ua-Compatible
X-Cache-Group
X-Age
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
EagleId
X-AH-Environment
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Rq
Report-To
X-Ac
EagleEye-TraceId
X-Response-Time
X-Server-Id
X-OneAgent-JS-Injection
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Cloud-Trace-Context
X-Origin-Cache
X-Readtime
X-Cdn
X-Cache-Lookup
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-Dns-Prefetch-Control
X-Clacks-Overhead
X-ORACLE-DMS-RID
X-Rack-Cache
X-Ws-Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
Surrogate-Control
Rating
X-DynaTrace
X-Country
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
X-Akam-SW-Version
Pinterest-Generated-By
X-Varnish-TTL
X-Vname
X-TtlSet
X-PC
X-Instart-Request-ID
X-MS-InvokeApp
X-Ruxit-JS-Agent
Edge-Control
X-Url
Verso
X-Mod-Pagespeed
X-Powered-By-Plesk
SPRequestGuid
Accept-Ch
X-B3-TraceId
X-D2id
Response
Pagespeed
X-Sol
X-Middleton-Response
X-Trace
Display
X-Middleton-Display
X-SharePointHealthScore
X-VARITI-CCR
RTSS
X-GoogleNews-Bot
X-Kinja
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Kinja-Server
X-Exp-Variant
Service-Worker-Allowed
X-Server-ID
X-Server-Name
X-GitHub-Request-Id
SPRequestDuration
SPIisLatency
X-Vcache
X-Navigation-Version
Content-MD5
X-Powered-CMS
X-ESI
X-Debug
X-Abt-Application-Version
X-Vcap-Request-Id
X-CST
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
Public-Key-Pins
Charset
MS-Author-Via
X-Upstream
X-TTL
X-Version
X-Amz-Rid
X-Forwarded-Proto
X-NF-Request-ID
DynaTrace
X-Cached
X-Px
Realpath
X-Shard
TCN
Edge-Cache-Tag
Fastly-Restarts
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Recruiting
X-MSEdge-Ref
X-Shield-Request-Id
Access-Control-Request-Method
X-DynaTrace-JS-Agent
X-Pinterest-Rid
X-XRDS-Location
Pinterest-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastly-Request-ID
X-Ser
S
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Nginx-Cache
Front-End-Https
X-Accel-Expires
X-DIS-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-Client-IP
X-Ttl
X-Varnish-Age
X-Id
X-Element-Page-Cache
X-Trafficlayer-App-Scope
X-T
X-Trafficlayer-App-Name
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
X-RateLimit-Remaining
Cache-Tag
NR-ENABLED
X-HS-Hub-Id
X-Content-Digest
X-HS-Content-Id
X-Frontend
X-Hits
Powered
X-Correlation-Id
X-Kinsta-Cache
X-Litespeed-Cache
X-Fastcgi-Cache
X-HS-Cache-Config
X-Grace
X-FTR-Cache-Host
ServerID
X-Aspnetmvc-Version
X-Webapp-Samesite-None-Activated-N
X-Webkit-Csp
TP-Cache
TP-L2-Cache
Alternate-Protocol
X-Node-Name
X-Cache-Hit
X-Hp-Webp
X-Request-Received
X-Request-Processing-Time
X-Request-Handler-Origin-Region
X-Ah-Environment
X-Microsite
PB-PID
PB-RID
X-N
Arc-Version
X-Mobile-Rewrite
AR-ATIME
AR-CACHE
AR-PoweredBy
AMP-Access-Control-Allow-Source-Origin
X-Zen-Fury
Server-Name
X-Content-Type
Ar-Sid
X-Forwarded-For
X-User-Agent
X-Rid
Healthy
Backend-Timing
X-Analytics
Server-Node
X-FastCGI-Cache
X-Revision
X-LB-Cache
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
Cache-Status
X-Activity-Id
X-AppVersion
X-Az
X-Logged-In
X-HS-Combine-CSS
Retry-After
X-IPLB-Instance
X-Amzn-RequestId
X-Amz-Apigw-Id
X-GUploader-UploadID
X-Oneagent-Js-Injection
X-Cached-By
X-Pad
X-NWS-LOG-UUID
X-Via-JSL
Accept-CH
X-Type
X-Srv
Paypal-Debug-Id
Accept-CH-Lifetime
X-Varnish-Grace
X-Mobile-URL
X-Ruxit-Js-Agent
X-B3-Sampled
FilterID
AR-Request-ID
X-F-Cache
X-Content-Options
Refresh
X-Cache-Age
X-Geo-Country
Accept-Charset
X-Instance
X-Debug-Info
X-FB-Debug
X-App-Environment
X-Jobs
X-AOL-HN
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Request-Guid
Host
Access-Control-Allow-Method
X-B
Source
Upgrade-Insecure-Requests
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Cluster
X-PHP-Backend
X-Seen-By
X-Esi
DC
X-Page-Id
Actual-Object-TTL
X-Framework
X-Varnish-Backend
X-ATG-Version
X-WebKit-CSP-Report-Only
Fastcgi-Useragent
X-Cache-Key
MS-CV
X-Whom
X-Content-Powered-By
X-PressLabs-Stats
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Git-Hash
X-TT
X-Cache-2
X-Host-Name
X-Cache-Control
X-Amz-Replication-Status
X-Cache-TTL
Cache
Surrogate-Key
X-TA-CDN-Provider
X-Wix-Request-Id
X-Cache-Operation
X-Cache-Rule
X-Signature
X-B-Cache
Frame-Options
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Response-Served-From
X-FW-Static
X-FW-Type
Host-Header
NGB
X-UA
X-Daa-Tunnel
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Forwarded-Host
X-Time
X-Origin-Server
Cache-Tv-Group
X-RequestSource
X-Cache-NE
X-Drupal-Cache-Tags
WPE-Backend
X-TX-ID
X-Cache-Action
Filters
Cleartype
Eomportal-Instance
X-Hyper-Cache
X-Region
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Payment
X-Adobe-Content
X-Cacheable-TTL
Webserver
X-Adobe-Loc
X-Mobile
X-Handled-By
X-GeoIP
Xserver
X-SERVER
From-Origin
X-Cache-Enabled
X-RemovedCookies
X-ProcessESI
X-UA-Device-Type
X-App-Server
X-EdgeConnect-Cache-Status
Datacenter
X-RTag
Ms-Operation-Id
Tracecode
X-Cache-TTL-Remaining
X-Hostname
X-Akamai-Transformed
X-Load-Cache
X-NewRelic-App-Data
X-Status
X-Contextid
X-Cache-Server
X-Edge-Location
X-Yottaa-Optimizations
X-B3-Traceid
Liferay-Portal
X-Yottaa-Metrics
X-BCube-Filmed-By
X-RateLimit-Limit
X-TT-TIMESTAMP
X-Varnish-Hostname
Odigeo-Trace-Id
X-Varnish-Server
X-FW-Dynamic
Server-Info
X-Rule
X-ES-SERVER
X-Cache-Var-Map
X-Path-Route
X-RN-RSRV
Load-Balancing
X-Cache-Var
Meta-Geo
X-Viewer-Country
X-Xfnlog-Site
X-OCL
X-CCM
X-PCL
X-IP
Version
X-Debug-Cache
Country
X-Via-Fastly
Cache-Tags
DB-Nickname
X-UUID
X-Akamai-Request-ID
Webcakes-App-Version
Webcakes-Region
X-Cache-Host
Webcakes-App-Name
X-Redis-Cache
X-Cache-Time
X-Drupal-Cache-Contexts
X-Cache-Config
TWC-GeoIP-Country
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
Cache-Name
Fastly-SSL
Mn-Server-Ip
Property-Id
TWC-GeoIP-LatLong
TWC-Locale-Group
X-FC-Vary-Parameters
TWC-Device-Class
S-Rt
TWC-Connection-Speed
TWC-Privacy
X-EIG-Tracking-Id
X-Origin-TTL
X-R9-Blue-Green-Version
X-Origin-CC
X-Origin-Response-Time
X-Origin-Hint
X-Rocket-Nginx-Bypass
X-TNCMS
X-Web-Node
X-ATS-Timestamp
X-Varnish-Cache-Hits
X-Upgrade-Enabled
X-Origin
X-Pubstack
X-Info
X-Hosted-By
X-Labrador-Cache-Channel
X-From
X-Loop
X-Timing-Wait
DSUID
X-ServerID
X-Section
X-Content-Age
X-Goog-Meta-Goog-Reserved-File-Mtime
L5d-Success-Class
Decoy-Debug-TTL
Ec-Rule-Version
X-Rendered-As
X-Generated
X-Www-Served-By
X-Format
X-Real-IP
X-Proto
X-Proxy
Viewport
X-PERF
X-Access
X-Proxy-Build
X-FireWall-Port
X-ApacheServer
Origin-Edge-Control
S-Cnection
Selected-Fe
X-Human
Origin-Cache-Control
X-Akamai-Request-ID2
X-XRDS-LOCATION
Decoy-Debug-Status
Decoy-Debug-Key
X-JoinUs
Release
NGX
X-Varnish-Hits
X-Time-Microsecs
X-VCache
X-VCT
X-Soup
X-Vgn-Hpd-Reason
X-NWS-UUID-VERIFY
X-Site-Version
X-Cluster-Name
X-Backend-Name
X-Storage
X-Locale
X-Is-Bot
Rt-Fastcgi-Cache
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-URL
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
Cache-Key
Uber-Trace-Id
X-WA-Info
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
GEO-INFO
Cteonnt-Length
X-PHP-Host
X-Generated-By
X-GoCache-CacheStatus
X-Cache-Backend
X-NCache
X-App-Version
X-SS-Set-Cookie
X-Hit
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Cache-Hits
X-Cache-Grace
Vix-Hermes-Req-Id
X-Amzn-Remapped-Content-Length
X-Cache-Remote
X-Backend-TTL
Time
Akamai-GRN
X-Guploader-Uploadid
Origin
X-Accel-Buffering
X-Trace-Id
X-Nginx-Cache-Key
X-APP-VERSION
X-CS
X-Tumblr-Pixel-3
X-Presslabs-Stats
Accept-Language
X-FB-TRIP-ID
X-Device-Type
X-L-Path
X-Environment-Context
X-OVcl-Cache
X-No-Session
X-OVcl
X-S
X-CF-Powered-By
X-MServer
X-Tb
X-SaId
X-B3-SpanId
X-Uri
X-Cluster-Node
Access-Control-Request-Headers
Hostname
X-Via-CDN
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
Fastcgi-X-Cache-Version
X-UnsetCookies
X-Tec-Api-Version
X-CACHE-KEY
X-Tec-Api-Root
X-Tec-Api-Origin
X-CSRF-TOKEN
Mime-Version
User-Cache-Control
X-Geo
ServerName
X-A-Wwc
BehaviorPad-Version
Content-Style-Type
X-ARC
Machine
Cross-Origin-Window-Policy
X-B-Cookie
IsBot
Content-Script-Type
Apple-News-Services-Parsed-Url
X-Aed
X-AIR-PT
X-A-Ccd
X-A-Dam
X-Accel-Expires-Debug
X-A-Dcw
X-CF-Lambda-Fn
X-A-Dgt
Arc-Country
AsisCache
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Application
X-CF-Lambda-Version
X-G
X-Session-Fingerprint
X-Hl-Ver
Request-Country
T-Server
X-External-Request-Id
X-Svr
X-SRCache-Key
X-SIPLIST1
X-PAYTM-SRV-ID
Rt-Proxy-Cache
X-Processor
X-Region-Sid
X-Request-UUID
Request-EU
X-Rojux
X-Server-Time
X-ScT
X-S-Cookie
X-DPWN-IS-SECURE
X-Detected-As
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
X-VG-WebServer
X-Vtex-Processado-Em
X-D
X-Vtex-Remote-Cache
X-Rewrite-Enabled
X-Connection-Hash
X-A
X-VG-WebCache
X-Trv-Group
X-Transaction
Node
Viewtype
X-Destination
X-Twitter-Response-Tags
VivaBuild
X-Date
Xc-Version
Rendered-Blocks
X-FW-Version
Now
X-Endurance-Cache-Level
X-Hnp-Log
X-Cms-Context
Thinkindot-CacheControl-Type
X-S-Maxage
X-Request-URI
X-Core-Value
X-Clara-WADP
X-Cache-Debug
X-Cache-Info
CDCHOST
X-Location
X-Matched-Rule
X-Block-Status
Srv
X-Cache-Bucket
X-Gen-Mode
X-Reboot
Proxy-Connection
Server-Int
Server-Host
Web-Mar-Node
X-CDN-Forward
Thinkindot-Control
RNT-Machine
OT-Force-Account-Verify
RNT-Time
X-NC
X-WADP-Cache
Thinkindot-CacheControl
X-Thinkindot-L3
X-Service
NtCoent-Length
X-Shopify-Stage
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-ShopId
X-B3-Parentspanid
X-Sorting-Hat-PodId
X-ShardId
X-Cache-URL
X-Developers
X-Clientip
X-Core-Mission
X-CUA
X-Compress-Hint
X-Debug-Cookies
X-Cdn-Srv
X-Debug-Log
X-App-Name
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Unique-Id
Wxu-Next-Region
Wxu-Next-Hostname
True-Client-Country-4JS
W
Wxu-Next-Commit
X-Amz-Meta-Cache-Control
X-Dispatch
X-BBXSRF
X-C
X-Cache-FS-Status
X-Backend-State
X-Azure-Ref-OriginShield
X-Auto-Login
X-Azure-Ref
X-Cache-Id
X-IN-APIGATEWAY
X-Scheme
X-SD-PageType
X-Server-IP
X-Skip-Cache
X-Release
X-RateLimit-Remaining-Second
X-Platform-Server
X-Proxy-Cache-Status
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-We-Are-Hiring
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-VG-TLSProxy
X-Up
X-Variation
X-VC-Cache
X-Origin-Expires
X-Origin-Date
X-Has-Esi
X-Hash
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-GeoIP-City
X-Geo-Header
X-Distributor
X-Epic-Correlation-Id
X-Fastly-Cache
X-Generated-On
X-Is-Gdpr
X-JWT-State
X-Ms-Request-Id
X-Ms-Version
X-NX-Host
X-Old-Content-Length
X-Method
X-LI-UUID
X-Level-Front-Cache
X-Li-Fabric
X-Li-Pop
X-Dispatcher-Server
X-Generation-Time
PFcat
L
Memcached
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Platform
IBM-Web2-Location
X-Varnish-Beresp-Ttl
Mail-Subject
Is-Eu
We-Hiring
X-Parent-Response-Time
Countrycode
Cache-Host
ServedBy
Served-By
Content-Disposition
Esi-Enabled
AKAMAI
Magicmarker
Section-Io-Cache
SD-X-WS
Fastly-Soc-X-Request-Id
Adler-Geo
X-Nc
Cache-Provider
X-Dc
Kp-EeAlive
X-ServiceProvider
X-Request-Start
Locale
X-CGP
X-Debug-Cache-Expiry
X-Developer
A
X-Owner
X-Policy
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
X-Cdn-Forward
Heartbleed
X-Qloud-Router
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Reqid
X-Urbn-Context-Path
X-Agile
X-Magnolia-Registration
X-Agile-Age
X-Agile-Id
X-WebServer
X-Swa-Ws
X-Logging-Id
X-LI-Proto
X-Irp-Debug
X-Internal-Host
V-Age
X-Key
X-Generated-In
X-Eu-Site
X-MSEdge-Features
X-TrackingId
Pramga
X-Distil-CS
X-Bip
X-Urbn-Site-Id
X-MSEdge-Flight
X-Vdms-Version
X-Thanos
X-User
X-Shopify-Generated-Cart-Token
X-Sucuri-Cache
Server-ID
X-Sn-Servicetimems
X-AK-Request-ID
Cdncip
Cdnsip
X-B3-Spanid
X-Cdn-Origin
X-NodeID
X-Node-Id
X-Servername
CF-IPCountry
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-Sucuri-Id
X-COUNTRY
X-Device-Os
X-GRACE
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Via-NSCOPI
X-Planisys-CDN-TTL
X-Upstream-Ht
Powered-By-ChinaCache
GEO-REGION-INFO
X-Upstream-Ct
X-RCS-CacheZone
X-EC-Lua
Environment
X-Lb-Id
X-ND-Cache
X-Source
X-Be
X-FPC
X-Servedbyhost
X-VHOST
X-Nginx-Cache
X-SRV
X-Zone
X-Newrelic-Synthetics
X-Trafficlayer-App-Version
Tcn
X-Microcachable
Request-Time
X-Webkit-CSP
Resin-Trace
X-Tb-Optimization-Total-Bytes-Saved
X-Req
Locid
X-Pjax-Url
X-Served-From
X-ECACHE
X-Gamma-Serve
X-Instart-Info
X-Oracle-Dms-Rid
Geo-Info
X-ElasticPress-Search
X-NGENIX-Cache
FNAC-ModuleRouting
X-Refresh
X-Backend-Host
X-Backend-Url
Group
X-VCL-Version
X-TIME
X-Sucuri-ID
X-FORWARDED-FOR
X-Pf-Uncompressing
X-Dynatrace
X-Var-Ttl
X-LJ-Flow-ID
X-DC
Memory
Gannett-Cam-Experience-Id
X-VWS-Id
Backend-Name
CF-Cached-On
X-GEO
X-AWS-Id
X-Unique-ID
ProcessTime
X-Correlation-ID
Amp-Access-Control-Allow-Source-Origin
X-HTML-Minification-Powered-By
X-Ratelimit-Remaining
N-Cache
X-IPS-LoggedIn
X-Render-Time
XServer
PICS-Label
X-Check-Cacheable
X-NU-AKA-ACS-Version
Fly-Cache
Pagetype
Cf-Ipcountry
Lfy
Fly-Request-Id
TTL
Geoip-Latitude
X-Pod
Cache-Prefix
Geoip-City
Pics-Label
GeoIp-Country-Code
M-TraceId
GeoIP-Latitude
GeoIP-City
Ttl
X-CSRF-Token
X-Via-Edge
X-Bc
X-GeoIP-Country-Code
X-Worker
REQUESTUUID
GeoIP-Country-Code
X-Via-SSL
Ohc-File-Size
Ohc-Cache-HIT
SRV
X-Cache-Miss-From
X-Sedo-Request-Id
Cdn
X-Via-Ucdn
MIME-Version
X-APP
X-Upstream-CT
X-Upstream-HT
X-CLOUD-TRACE-CONTEXT
X-Mode
X-Fetched-On
X-Server-W
X-Fstrz
X-Vcl-Version
X-ZONE
X-MP-GENERATED-AT
HitType
X-Rebelmouse-Cache-Control
X-Fastly-Country-Code
X-PF-Uncompressing
X-Rebelmouse-Surrogate-Control
X-Wa
Fastly-SWR
X-LiteSpeed-Cache-Control
Fastly-SIE
X-Ratelimit-Limit
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Host-ID
HostName
X-HS-Status
Cache-Cookie-Set-Lfrom
X-Dynatrace-Js-Agent
Pragrma
On-Server
X-PJAX-URL
User-Agent
X-Proxied
X-Routing-Service
X-Swift-Error
X-BC
X-HostName
X-Zipkin-Id
X-Cdn-Request-ID
X-ServedByHost
X-Ua
URI
X-NGINX-Cache
X-GDPR
X-Tt-Trace-Tag
X-WR-MODIFICATION
X-Cache-Tag
X-Aicache-OS
X-WA
X-Edge-Server
Cdn-Host
Cdn-Request-Time
X-TT-LOGID
X-TH-Server
Who
X-RateLimit-Reset
CACHE
X-Edge-O15-RID
CDN
X-ABtesting
X-Fastly-Backend-Reqs
X-UPSTREAM-Address
X-Flog
X-SN
X-Hello
X-BE
X-Cache-Ttl
X-Cf-Powered-By
Dynatrace
Media-Length
SS
X-Response-By
X-RPS
Powered-By
X-RSL
X-Fpc
X-RPM
X-Varnish-Cacheable
X-DSS
X-DW
X-LAGOON
X-DI
X-DB
X-Org
X-Action
X-Varnish-URL
X-Request-Time
DataCenter
X-ServerName
X-Upstream-Proxy
LB
X-Ratelimit-Reset
SN
X-LB-ID
Get-Access-Time
Debug
Is-Session-Tracking
Server-Id
X-Ftr-Cache-Host
X-Protected-By
X-Gen-Id
Requestid
X-Varnish-Beresp-TTL
AR-SID
NnCoection
Warning
RequestUuid
X-LiteSpeed-Tag
X-Nananana
Cneonction
XxX-Cache-Status
Lb
RequestId
X-Page-Type
X-Akamai-ERPolicy
Thinkindot-Cache-Type
X-Dw-Trace-Id
X-Fastly-Cache-Hits
Correlation-Id
X-Li-Proto
Application
Product
X-Amzn-Remapped-Connection
X-Akamai-ERRuleID
X-Request-Url
Country-Code
X-Amzn-Remapped-Date
SID