Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Iinfo
X-Language
X-AspNetMvc-Version
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
X-CDN
Upgrade
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Cache-Group
X-Age
X-Pass-Why
X-Backend
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
EagleId
X-AH-Environment
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Rq
Report-To
X-Ac
EagleEye-TraceId
X-Server-Id
X-OneAgent-JS-Injection
X-Response-Time
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Cloud-Trace-Context
X-Origin-Cache
X-Readtime
X-Cache-Lookup
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
X-Ws-Request-Id
Allow
X-Cdn
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dns-Prefetch-Control
X-Origin-Upstream-Status
Surrogate-Control
X-Country
Rating
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
X-Goog-Hash
X-Akam-SW-Version
Pinterest-Generated-By
X-Varnish-TTL
X-PC
X-Vname
X-TtlSet
X-Instart-Request-ID
X-Url
X-MS-InvokeApp
Edge-Control
X-Ruxit-JS-Agent
X-Mod-Pagespeed
Verso
X-Powered-By-Plesk
SPRequestGuid
Accept-Ch
X-B3-TraceId
X-D2id
Pagespeed
X-Middleton-Response
Response
X-Sol
X-Trace
X-Middleton-Display
Display
X-SharePointHealthScore
RTSS
X-VARITI-CCR
Service-Worker-Allowed
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja-Revision
X-Cdn-Fetch
X-Server-Name
X-GitHub-Request-Id
SPIisLatency
SPRequestDuration
X-Server-ID
X-Navigation-Version
X-ESI
Content-MD5
X-Powered-CMS
X-Debug
X-Abt-Application-Version
X-Vcache
Accept-Ch-Lifetime
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-CST
Public-Key-Pins
X-TTL
Charset
MS-Author-Via
X-Upstream
X-Cached
X-Forwarded-Proto
X-Version
X-Px
X-NF-Request-ID
X-Amz-Rid
DynaTrace
Realpath
X-Shard
Edge-Cache-Tag
TCN
Fastly-Restarts
MicrosoftSharePointTeamServices
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Arr-Disable-Session-Affinity
X-Ezoic-Cdn
X-MSEdge-Ref
X-Recruiting
X-XRDS-Location
Access-Control-Request-Method
X-Shield-Request-Id
X-Pinterest-Rid
Pinterest-Version
X-DynaTrace-JS-Agent
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
X-Fastly-Request-ID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Nginx-Cache
Front-End-Https
X-Accel-Expires
X-DIS-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-Goog-Storage-Class
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Element-Page-Cache
X-Varnish-Age
X-Id
X-T
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-Ttl
X-FTR-Backend
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
X-RateLimit-Remaining
Cache-Tag
X-HS-Hub-Id
X-HS-Content-Id
NR-ENABLED
X-Content-Digest
X-Frontend
X-Hits
Powered
X-Fastcgi-Cache
X-Kinsta-Cache
X-HS-Cache-Config
X-Correlation-Id
ServerID
X-Webapp-Samesite-None-Activated-N
X-Litespeed-Cache
X-Grace
Alternate-Protocol
X-FTR-Cache-Host
TP-Cache
X-Hp-Webp
TP-L2-Cache
X-Cache-Hit
X-Node-Name
X-Request-Processing-Time
X-Request-Received
X-Aspnetmvc-Version
PB-PID
X-Microsite
PB-RID
X-Request-Handler-Origin-Region
X-Webkit-Csp
X-Mobile-Rewrite
Arc-Version
X-N
AMP-Access-Control-Allow-Source-Origin
Server-Name
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-ATIME
X-Content-Type
X-Zen-Fury
X-Rid
X-User-Agent
X-Forwarded-For
Healthy
X-Ah-Environment
X-Revision
Backend-Timing
X-Analytics
Server-Node
X-Content-Security-Policy-Report-Only
X-LB-Cache
X-Akamai-Edgescape
X-Logged-In
X-HS-Combine-CSS
X-Ruxit-Js-Agent
X-AppVersion
X-Activity-Id
X-Az
X-FastCGI-Cache
Cache-Status
X-IPLB-Instance
X-Amzn-RequestId
X-Pad
X-Amz-Apigw-Id
Retry-After
X-Srv
X-NWS-LOG-UUID
X-Cached-By
X-Type
Paypal-Debug-Id
X-Varnish-Grace
X-Via-JSL
X-Oneagent-Js-Injection
X-GUploader-UploadID
X-Mobile-URL
Accept-CH-Lifetime
Accept-CH
X-B3-Sampled
FilterID
X-Content-Options
Refresh
X-F-Cache
X-Cache-Age
AR-Request-ID
X-Geo-Country
X-FB-Debug
X-Tumblr-Pixel
X-Instance
Upgrade-Insecure-Requests
X-Tumblr-User
X-Tumblr-Pixel-0
Accept-Charset
X-Debug-Info
Access-Control-Allow-Method
X-Request-Guid
X-Page-Id
Source
X-AOL-HN
X-Cluster
X-Jobs
Host
X-App-Environment
X-Erf-Bev-Bev-Is-Generated
Actual-Object-TTL
X-Erf-Bev-Bev
X-PHP-Backend
X-B
X-Varnish-Backend
DC
X-Framework
X-PressLabs-Stats
X-Seen-By
X-WebKit-CSP-Report-Only
X-ATG-Version
X-Esi
Fastcgi-Useragent
MS-CV
X-Content-Powered-By
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Whom
X-Cache-Key
X-Git-Hash
X-TT
X-Cache-2
X-Cache-Control
X-Host-Name
Cache
X-Amz-Replication-Status
X-Cache-TTL
Surrogate-Key
X-TA-CDN-Provider
X-Wix-Request-Id
X-Signature
X-B-Cache
Frame-Options
X-Cache-Rule
X-Cache-Operation
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Kong-Upstream-Latency
Xserver
NGB
X-Time
X-Daa-Tunnel
X-FW-Type
X-FW-Static
X-Kong-Proxy-Latency
X-Response-Served-From
Host-Header
X-UA
X-Origin-Server
X-Forwarded-Host
X-Tumblr-Pixel-2
Cache-Tv-Group
X-Tumblr-Pixel-1
X-Region
X-Drupal-Cache-Tags
X-Mobile
X-TX-ID
Webserver
X-Cache-NE
X-Hyper-Cache
WPE-Backend
X-RequestSource
X-Cache-Action
Payment
Cleartype
X-GeoIP
X-Cacheable-TTL
X-Adobe-Content
Eomportal-Instance
X-Adobe-Loc
X-Handled-By
X-Cache-Enabled
Filters
From-Origin
X-UA-Device-Type
X-ProcessESI
X-RemovedCookies
X-SERVER
X-EdgeConnect-Cache-Status
Datacenter
Ms-Operation-Id
X-RTag
X-App-Server
X-Cache-TTL-Remaining
X-Hostname
X-Akamai-Transformed
X-NewRelic-App-Data
Tracecode
X-Load-Cache
X-Status
X-Cache-Server
X-Contextid
X-Edge-Location
Liferay-Portal
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-BCube-Filmed-By
X-VCache
X-RateLimit-Limit
X-B3-Traceid
X-Varnish-Hostname
X-TT-TIMESTAMP
X-Varnish-Server
X-Rule
Odigeo-Trace-Id
Server-Info
X-FW-Dynamic
Load-Balancing
X-Cache-Var
X-Path-Route
X-Cache-Var-Map
X-RN-RSRV
Country
X-ES-SERVER
Meta-Geo
X-Viewer-Country
X-ATS-Timestamp
X-Xfnlog-Site
X-CCM
X-Upgrade-Enabled
X-OCL
X-Cache-Config
X-IP
X-UUID
DB-Nickname
Version
X-PCL
Cache-Tags
X-Debug-Cache
X-Via-Fastly
X-Rocket-Nginx-Bypass
TWC-Connection-Speed
S-Rt
X-Varnish-Cache-Hits
TWC-Device-Class
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
Mn-Server-Ip
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
L5d-Success-Class
Fastly-SSL
X-Web-Node
X-TNCMS
Webcakes-App-Version
X-Labrador-Cache-Channel
X-Hosted-By
X-Pubstack
X-From
X-Loop
X-Proxy
X-Origin-Response-Time
X-Origin-Hint
X-Origin
X-FC-Vary-Parameters
X-EIG-Tracking-Id
X-Akamai-Request-ID
Webcakes-Region
X-Proto
X-ServerID
X-Cache-Host
X-Drupal-Cache-Contexts
X-R9-Blue-Green-Version
X-Cache-Time
Webcakes-App-Name
X-Real-IP
X-Redis-Cache
Release
Decoy-Debug-Key
Decoy-Debug-Status
S-Cnection
Cache-Name
Origin-Cache-Control
Selected-Fe
Decoy-Debug-TTL
DSUID
Origin-Edge-Control
X-Section
X-Rendered-As
X-Timing-Wait
Ec-Rule-Version
X-VCT
X-PERF
X-Proxy-Build
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Human
X-Origin-TTL
X-Cluster-Name
X-Content-Age
X-FireWall-Port
X-Format
X-Generated
X-JoinUs
X-Info
X-Backend-Name
X-Origin-CC
X-Akamai-Request-ID2
Viewport
X-ApacheServer
X-Access
X-Soup
NGX
X-Varnish-Hits
X-Www-Served-By
X-Time-Microsecs
X-Vgn-Hpd-Reason
X-NWS-UUID-VERIFY
X-Locale
X-Site-Version
X-XRDS-LOCATION
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Storage
X-Oss-Request-Id
X-Is-Bot
Rt-Fastcgi-Cache
Uber-Trace-Id
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
Cache-Key
X-Guploader-Uploadid
X-WA-Info
X-PHP-Host
X-App-Version
Cteonnt-Length
X-ORACLE-APMCS-TAG
Vix-Hermes-Req-Id
X-Generated-By
X-Cache-Backend
X-ORACLE-APMCS-REQUEST-ID
X-Amzn-Remapped-Content-Length
X-GoCache-CacheStatus
X-Hit
X-NCache
X-Accel-Buffering
X-Cache-Remote
Cache-Hits
Akamai-GRN
X-SS-Set-Cookie
Time
X-Backend-TTL
Origin
X-Cache-Grace
X-Nginx-Cache-Key
GEO-INFO
X-CS
X-Trace-Id
X-Device-Type
X-Tumblr-Pixel-3
X-FB-TRIP-ID
X-APP-VERSION
X-Environment-Context
Accept-Language
X-L-Path
X-CACHE-KEY
X-OVcl-Cache
X-OVcl
X-No-Session
X-CF-Powered-By
X-Tb
X-SaId
X-MServer
X-S
Access-Control-Request-Headers
X-Cluster-Node
X-Say-Cacheable
X-Uri
X-SayCDN-TTL
X-Say-TTL
Mime-Version
X-CSRF-TOKEN
Fastcgi-X-Cache-Version
Hostname
X-B3-SpanId
X-URL
X-UnsetCookies
X-Via-CDN
Now
User-Cache-Control
X-CF-Lambda-Version
X-Session-Fingerprint
X-A-Wwc
X-A-Dgt
Apple-News-Services-Request-Url
X-Tec-Api-Origin
X-SIPLIST1
X-Detected-As
X-B-Cookie
Apple-News-Services-Host
X-Connection-Hash
X-ScT
Apple-News-Services-Parsed-Url
VivaBuild
Cross-Origin-Window-Policy
X-S-Cookie
X-Aed
IsBot
X-CF-Lambda-Fn
X-AIR-PT
X-Svr
X-Accel-Expires-Debug
X-A-Ccd
Apple-News-Services-Handled
X-SRCache-Key
X-ARC
Arc-Country
AsisCache
X-Tec-Api-Version
X-A
BehaviorPad-Version
X-Request-UUID
X-A-Dcw
X-Tec-Api-Root
X-A-Dam
X-Server-Time
X-Application
X-Region-Sid
X-Transaction
Xc-Version
X-External-Request-Id
T-Server
X-Hl-Ver
X-Processor
Mobile-Detection-Method
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Meta-Geo-Continent
X-Date
Rendered-Blocks
Request-Country
X-PAYTM-SRV-ID
X-FW-Version
Rt-Proxy-Cache
X-Rewrite-Enabled
X-VG-WebCache
X-VG-WebServer
Request-EU
X-G
X-Rojux
X-Presslabs-Stats
MD5-Digest
Node
Machine
Viewtype
Content-Script-Type
X-Destination
X-Twitter-Response-Tags
X-DPWN-IS-SECURE
Content-Style-Type
X-D
X-Trv-Group
X-Endurance-Cache-Level
ServerName
Srv
X-Geo
Web-Mar-Node
X-Service
X-Matched-Rule
X-Clara-WADP
X-Block-Status
X-Request-URI
X-Thinkindot-L3
RNT-Machine
X-Debug-Cookies
X-Gen-Mode
X-Cms-Context
Server-Host
RNT-Time
X-NX-Host
Server-Int
X-Reboot
X-Debug-Log
We-Hiring
X-Proxy-Upstream
X-Cache-Info
X-WADP-Cache
X-Location
X-Proxy-Cache-Status
CDCHOST
Mail-Subject
X-Cache-Debug
X-Cache-Bucket
Thinkindot-CacheControl
X-S-Maxage
X-Hnp-Log
Thinkindot-Control
X-Core-Value
Thinkindot-CacheControl-Type
OT-Force-Account-Verify
X-Sorting-Hat-ShopId
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Stage
X-Parent-Response-Time
X-Sorting-Hat-PodId
X-B3-Parentspanid
W
X-Origin-Expires
True-Client-Country-4JS
X-Method
ServedBy
Wxu-Next-Commit
Wxu-Next-Hostname
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
Wxu-Next-Region
X-Origin-Date
X-Developers
X-Epic-Correlation-Id
Served-By
X-IN-APIGATEWAY
X-Eu-Site
X-Fastly-Cache
X-LI-UUID
X-IN-APIGATEWAYSSL
X-JWT-State
X-CUA
X-Instart-Isnd
X-Key
X-Debug-Cache-Expiry
X-Li-Pop
X-GeoIP-City
X-Generated-On
X-Debug-Cache-Store
X-Geo-Header
X-Generated-In
X-Level-Front-Cache
X-Li-Fabric
X-Hash
X-Debug-Cache-Fetch
X-Has-Esi
X-Irp-Debug
X-Magnolia-Registration
X-C
X-Cache-FS-Status
X-Cache-Id
X-Generation-Time
X-Backend-State
X-Azure-Ref-OriginShield
X-Amz-Meta-Cache-Control
X-App-Name
X-Auto-Login
X-Azure-Ref
X-Ms-Version
X-Cache-URL
X-Distributor
X-Clientip
X-Compress-Hint
X-Core-Mission
X-Distil-CS
X-Dispatcher-Server
X-Cdn-Srv
X-CGP
X-Ms-Request-Id
X-Dispatch
X-Old-Content-Length
X-SVT-ORM-VERSION
X-Is-Gdpr
X-SVT-ORM-RULES
Proxy-Connection
Section-Io-Cache
X-Varnish-Beresp-Ttl
X-CDN-Forward
X-Skip-Cache
X-Wikidot-Backend
X-Scheme
Content-Disposition
Cache-Host
X-SD-PageType
Adler-Geo
AKAMAI
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Cdn-Forward
X-VServer
X-We-Are-Hiring
X-Wikidot-Static-Cache
X-Webstats-RespID
X-WebServer
X-VG-TLSProxy
X-Nc
X-Up
X-TrackingId
X-User
X-Variation
X-VC-Cache
Countrycode
X-NC
X-RateLimit-Limit-Second
L
X-RateLimit-Remaining-Second
Magicmarker
Gh-Request-Id
Kp-EeAlive
Ha-Gx-Prefs
IBM-Web2-Location
Esi-Enabled
Is-Eu
HA-Ipaddr
PFcat
Memcached
X-Reqid
X-Policy
X-Request-Start
Fastly-Soc-X-Request-Id
SD-X-WS
Platform
X-Platform-Server
NtCoent-Length
Pramga
X-Thanos
X-Logging-Id
X-Owner
X-Unique-Id
X-LI-Proto
X-Vdms-Version
Locale
X-Urbn-Site-Id
V-Age
X-Urbn-Context-Path
X-Qloud-Router
Heartbleed
X-Bip
X-ServiceProvider
X-MSEdge-Features
X-BBXSRF
X-MSEdge-Flight
X-Swa-Ws
X-Release
X-Agile
X-Agile-Age
X-Agile-Id
X-Server-IP
X-Shopify-Generated-Cart-Token
X-Dc
X-GRACE
X-B3-Spanid
Cache-Provider
Server-ID
X-Internal-Host
X-Rocket-Build-Number
Cdnsip
X-AK-Request-ID
X-Sigma
X-Sigma-Backend
X-NodeID
A
Cdncip
X-Developer
X-Sucuri-Cache
X-EC-Lua
X-Sucuri-Id
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Sn-Servicetimems
X-Cdn-Origin
X-Planisys-CDN-TTL
X-Servername
GEO-REGION-INFO
X-Node-Id
X-Via-NSCOPI
X-RCS-CacheZone
Powered-By-ChinaCache
CF-IPCountry
X-Device-Os
X-Upstream-Ht
X-Upstream-Ct
X-Source
Environment
X-ND-Cache
X-Lb-Id
X-Nginx-Cache
Geo-Info
X-FPC
X-Servedbyhost
X-Be
X-Trafficlayer-App-Version
X-Zone
X-VHOST
X-SRV
X-Microcachable
Locid
X-Req
X-Tb-Optimization-Total-Bytes-Saved
Request-Time
Tcn
X-Newrelic-Synthetics
X-Correlation-ID
X-Webkit-CSP
X-Served-From
X-Pjax-Url
X-Gamma-Serve
Resin-Trace
FNAC-ModuleRouting
X-NGENIX-Cache
X-ElasticPress-Search
X-Instart-Info
X-Oracle-Dms-Rid
X-Refresh
X-ECACHE
X-FORWARDED-FOR
X-Unique-ID
X-GEO
ProcessTime
X-DC
X-VWS-Id
X-IPS-LoggedIn
Group
X-Pf-Uncompressing
X-AWS-Id
X-Sucuri-ID
X-TIME
X-LJ-Flow-ID
X-Backend-Url
X-VCL-Version
X-Backend-Host
X-Dynatrace
X-HTML-Minification-Powered-By
Memory
X-Render-Time
CF-Cached-On
X-Var-Ttl
X-COUNTRY
Gannett-Cam-Experience-Id
Backend-Name
Cf-Ipcountry
GeoIP-City
N-Cache
GeoIP-Country-Code
Pics-Label
TTL
X-Ratelimit-Remaining
Amp-Access-Control-Allow-Source-Origin
X-NU-AKA-ACS-Version
GeoIP-Latitude
X-Bc
X-GeoIP-Country-Code
X-Check-Cacheable
X-Pod
Cache-Prefix
PICS-Label
Lfy
M-TraceId
Fly-Cache
Fly-Request-Id
Pagetype
X-CSRF-Token
X-Worker
X-Via-SSL
Geoip-Latitude
Geoip-City
REQUESTUUID
X-Via-Edge
GeoIp-Country-Code
Cdn
X-Mode
X-APP
Ttl
Ohc-File-Size
XServer
Ohc-Cache-HIT
SRV
X-Upstream-HT
X-Upstream-CT
X-Sedo-Request-Id
X-Via-Ucdn
X-Vcl-Version
X-Cache-Miss-From
MIME-Version
X-LiteSpeed-Cache-Control
X-MP-GENERATED-AT
X-CLOUD-TRACE-CONTEXT
X-Fetched-On
X-Fstrz
X-Server-W
HitType
X-PF-Uncompressing
X-ZONE
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Fastly-SWR
Host-ID
Fastly-SIE
X-Wa
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
HostName
X-Fastly-Country-Code
Cache-Cookie-Set-Lfrom
X-Ratelimit-Limit
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-HS-Status
X-Dynatrace-Js-Agent
X-Swift-Error
Pragrma
On-Server
User-Agent
URI
X-PJAX-URL
X-Cdn-Request-ID
X-Tt-Trace-Tag
X-HostName
X-BC
X-NGINX-Cache
X-Cache-Tag
X-ServedByHost
X-Aicache-OS
X-WR-MODIFICATION
X-Ua
X-TH-Server
X-GDPR
X-UPSTREAM-Address
Powered-By
X-TT-LOGID
X-Ftr-Cache-Host
Cdn-Host
X-WA
Who
Cdn-Request-Time
X-Edge-Server
X-BE
CACHE
X-RateLimit-Reset
X-Fpc
X-Flog
X-SN
CDN
X-Request-Time
X-Edge-O15-RID
X-Hello
X-Cf-Powered-By
X-ABtesting
X-Cache-Ttl
X-Fastly-Backend-Reqs
Dynatrace
Media-Length
X-DB
X-DSS
X-LB-ID
X-Response-By
X-DW
X-RSL
X-DI
X-LAGOON
X-Varnish-Cacheable
X-Varnish-URL
SS
X-RPM
X-Action
X-Org
X-RPS
DataCenter
X-Ratelimit-Reset
X-ServerName
LB
SN
X-Upstream-Proxy
Debug
Get-Access-Time
Server-Id
Is-Session-Tracking
X-Protected-By
FSS-Proxy
FSS-Cache
X-Gen-Id
Requestid
X-Varnish-Beresp-TTL
RequestUuid
X-Nananana
RequestId
NnCoection
X-Page-Type
Lb
Correlation-Id
X-Tt-Trace-Host
Country-Code
Cneonction
XxX-Cache-Status
Warning
X-LiteSpeed-Tag
Product
Thinkindot-Cache-Type
Application
X-Li-Proto
SID
X-Dw-Trace-Id
X-Request-Url
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Fastly-Cache-Hits