Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
Alt-Svc
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Iinfo
X-Language
X-AspNetMvc-Version
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
X-Ua-Compatible
Access-Control-Expose-Headers
Upgrade
X-CDN
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Backend
EagleId
X-AH-Environment
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
X-Hacker
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Rq
Report-To
X-Ac
EagleEye-TraceId
X-Response-Time
X-Server-Id
X-OneAgent-JS-Injection
X-Host
Request-Id
X-Cnection
X-Backend-Server
X-DataDome
Content-Location
X-Node
X-Cloud-Trace-Context
X-Origin-Cache
X-Readtime
X-Cache-Lookup
NEL
X-Vhost
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
X-Cdn
Allow
X-Dns-Prefetch-Control
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-Ws-Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Upstream-Status
Surrogate-Control
X-Country
P3p
Rating
X-DynaTrace
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
X-Akam-SW-Version
Pinterest-Generated-By
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
X-MS-InvokeApp
X-Instart-Request-ID
X-Ruxit-JS-Agent
Edge-Control
X-Url
Verso
X-Mod-Pagespeed
X-Powered-By-Plesk
SPRequestGuid
Accept-Ch
X-D2id
X-Sol
X-Trace
Pagespeed
X-Middleton-Response
Response
Display
X-Middleton-Display
X-SharePointHealthScore
X-VARITI-CCR
RTSS
X-B3-TraceId
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
Service-Worker-Allowed
X-Server-ID
X-Server-Name
X-GitHub-Request-Id
X-ESI
SPRequestDuration
SPIisLatency
X-Vcache
X-Navigation-Version
X-Powered-CMS
Content-MD5
X-Debug
X-Abt-Application-Version
X-Vcap-Request-Id
X-CST
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
Public-Key-Pins
Charset
MS-Author-Via
X-Upstream
X-Forwarded-Proto
X-TTL
X-Version
X-Amz-Rid
X-NF-Request-ID
X-Cached
X-Px
DynaTrace
Realpath
X-Shard
Edge-Cache-Tag
TCN
Fastly-Restarts
MicrosoftSharePointTeamServices
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Arr-Disable-Session-Affinity
X-Ezoic-Cdn
X-Recruiting
X-MSEdge-Ref
X-Shield-Request-Id
Access-Control-Request-Method
X-DynaTrace-JS-Agent
X-Pinterest-Rid
Pinterest-Version
X-XRDS-Location
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
S
X-Fastly-Request-ID
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Nginx-Cache
Front-End-Https
X-DIS-Request-ID
X-Accel-Expires
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-Client-IP
X-Ttl
X-Id
X-Element-Page-Cache
X-Varnish-Age
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-T
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Expires
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
X-RateLimit-Remaining
Cache-Tag
NR-ENABLED
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
X-Content-Digest
Powered
X-Hits
X-Correlation-Id
X-Kinsta-Cache
X-HS-Cache-Config
X-Fastcgi-Cache
X-Litespeed-Cache
X-Grace
X-FTR-Cache-Host
ServerID
X-Webapp-Samesite-None-Activated-N
X-Aspnetmvc-Version
Alternate-Protocol
X-Webkit-Csp
TP-Cache
TP-L2-Cache
X-Cache-Hit
X-Node-Name
X-Hp-Webp
X-Request-Processing-Time
X-Request-Received
X-Forwarded-For
X-Microsite
X-Ah-Environment
X-Request-Handler-Origin-Region
PB-RID
PB-PID
X-N
AR-ATIME
AR-PoweredBy
X-Mobile-Rewrite
Arc-Version
AR-CACHE
AMP-Access-Control-Allow-Source-Origin
Server-Name
X-Zen-Fury
X-Content-Type
X-User-Agent
X-Rid
Ar-Sid
Healthy
Server-Node
Backend-Timing
X-Analytics
X-Revision
X-FastCGI-Cache
X-Content-Security-Policy-Report-Only
X-LB-Cache
X-Akamai-Edgescape
X-Logged-In
X-AppVersion
X-Activity-Id
Cache-Status
X-HS-Combine-CSS
X-Az
X-Srv
Retry-After
X-IPLB-Instance
X-Amzn-RequestId
X-GUploader-UploadID
X-Oneagent-Js-Injection
X-Amz-Apigw-Id
X-Pad
X-Cached-By
X-NWS-LOG-UUID
X-Via-JSL
Accept-CH
X-Type
Accept-CH-Lifetime
Paypal-Debug-Id
X-Varnish-Grace
X-Mobile-URL
X-Ruxit-Js-Agent
X-B3-Sampled
FilterID
X-F-Cache
Refresh
X-Content-Options
AR-Request-ID
X-Cache-Age
X-Geo-Country
X-Tumblr-User
X-FB-Debug
X-Instance
Accept-Charset
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Debug-Info
Upgrade-Insecure-Requests
X-Jobs
X-Page-Id
X-Request-Guid
X-Cluster
X-App-Environment
Source
X-AOL-HN
Host
Access-Control-Allow-Method
Actual-Object-TTL
X-B
X-Erf-Bev-Bev-Is-Generated
X-PHP-Backend
X-Framework
X-Erf-Bev-Bev
DC
X-Varnish-Backend
X-Seen-By
X-WebKit-CSP-Report-Only
X-ATG-Version
X-Cache-Key
MS-CV
Fastcgi-Useragent
X-Whom
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
X-TT
VIX-Pulpo-Node
X-PressLabs-Stats
X-Git-Hash
X-Cache-2
X-Host-Name
X-Cache-Control
X-Esi
X-Cache-TTL
X-Amz-Replication-Status
Cache
Surrogate-Key
X-TA-CDN-Provider
X-Wix-Request-Id
X-Cache-Operation
X-Cache-Rule
X-Signature
X-B-Cache
Frame-Options
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Host-Header
X-FW-Static
X-FW-Type
NGB
X-FW-Server
X-FW-Serve
X-Response-Served-From
X-FW-Hash
X-Daa-Tunnel
X-Forwarded-Host
X-UA
X-Time
X-Origin-Server
Cache-Tv-Group
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Filters
X-Cache-Action
Payment
WPE-Backend
Webserver
X-Cache-NE
Eomportal-Instance
X-Mobile
Cleartype
X-Drupal-Cache-Tags
X-TX-ID
X-Region
X-Hyper-Cache
X-GeoIP
X-RequestSource
X-Adobe-Loc
X-B3-Traceid
X-Adobe-Content
X-Handled-By
X-Cacheable-TTL
X-UA-Device-Type
Xserver
From-Origin
X-Cache-Enabled
X-SERVER
X-RemovedCookies
X-ProcessESI
X-App-Server
X-EdgeConnect-Cache-Status
Datacenter
Ms-Operation-Id
X-RTag
Tracecode
X-Cache-TTL-Remaining
X-Hostname
X-Load-Cache
X-Akamai-Transformed
X-Status
X-NewRelic-App-Data
X-Contextid
X-Cache-Server
X-Edge-Location
Liferay-Portal
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-BCube-Filmed-By
X-TT-TIMESTAMP
X-RateLimit-Limit
X-Varnish-Hostname
Odigeo-Trace-Id
X-Varnish-Server
X-FW-Dynamic
Server-Info
X-Rule
X-RN-RSRV
X-Path-Route
X-ES-SERVER
Load-Balancing
X-Cache-Var-Map
X-Cache-Var
Meta-Geo
Country
X-Viewer-Country
X-Xfnlog-Site
X-Rocket-Nginx-Bypass
X-IP
X-Cache-Config
X-PCL
X-Debug-Cache
X-OCL
X-CCM
X-UUID
DB-Nickname
Version
X-Via-Fastly
Cache-Tags
Webcakes-App-Version
TWC-Privacy
X-Drupal-Cache-Contexts
Webcakes-App-Name
X-Akamai-Request-ID
X-Cache-Time
X-Cache-Host
X-Redis-Cache
Webcakes-Region
TWC-Device-Class
Property-Id
Azure-Version
Azure-SlotName
Cache-Name
Mn-Server-Ip
Fastly-SSL
L5d-Success-Class
Azure-SiteName
Azure-RegionName
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-FC-Vary-Parameters
TWC-Connection-Speed
Azure-InstanceId
S-Rt
TWC-Locale-Group
X-EIG-Tracking-Id
X-Origin-Hint
X-Origin-Response-Time
X-Origin
X-Loop
X-Labrador-Cache-Channel
X-Real-IP
X-Proto
X-Origin-CC
X-Pubstack
X-R9-Blue-Green-Version
X-Proxy
X-Origin-TTL
X-ServerID
X-Hosted-By
X-Web-Node
X-From
X-Varnish-Cache-Hits
X-Info
X-ATS-Timestamp
X-TNCMS
X-Upgrade-Enabled
S-Cnection
X-Www-Served-By
X-Rendered-As
X-Section
Release
Origin-Edge-Control
X-VCT
Origin-Cache-Control
X-PERF
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cluster-Name
X-Human
X-Content-Age
X-Generated
Ec-Rule-Version
X-Format
X-JoinUs
X-Backend-Name
X-FireWall-Port
X-Proxy-Build
Viewport
X-Access
X-ApacheServer
X-Akamai-Request-ID2
Selected-Fe
X-Timing-Wait
X-XRDS-LOCATION
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
DSUID
X-Time-Microsecs
X-Soup
X-Varnish-Hits
NGX
X-VCache
X-Vgn-Hpd-Reason
X-NWS-UUID-VERIFY
X-Locale
X-Site-Version
X-Storage
X-Oss-Hash-Crc64ecma
X-Is-Bot
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Object-Type
Rt-Fastcgi-Cache
X-Oss-Server-Time
X-URL
X-ProxyCache-Status
Uber-Trace-Id
X-BYPASS-REASON
X-ProxyCache-Key
Cache-Key
X-WA-Info
Cteonnt-Length
GEO-INFO
X-PHP-Host
X-Cache-Backend
X-ORACLE-APMCS-TAG
X-GoCache-CacheStatus
X-ORACLE-APMCS-REQUEST-ID
X-Generated-By
X-Amzn-Remapped-Content-Length
X-Hit
Vix-Hermes-Req-Id
X-NCache
X-SS-Set-Cookie
Cache-Hits
X-App-Version
X-Cache-Grace
Time
X-Guploader-Uploadid
X-Backend-TTL
Akamai-GRN
X-Cache-Remote
Origin
X-Accel-Buffering
X-Nginx-Cache-Key
X-APP-VERSION
X-CS
X-Trace-Id
X-Device-Type
X-Presslabs-Stats
X-Tumblr-Pixel-3
X-FB-TRIP-ID
Accept-Language
X-L-Path
X-OVcl-Cache
X-OVcl
X-No-Session
X-Environment-Context
X-S
X-CF-Powered-By
X-SaId
X-Tb
X-MServer
Hostname
Access-Control-Request-Headers
X-Cluster-Node
X-B3-SpanId
X-Uri
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-UnsetCookies
Fastcgi-X-Cache-Version
X-Via-CDN
X-Tec-Api-Root
X-Tec-Api-Origin
X-CSRF-TOKEN
X-Tec-Api-Version
X-CACHE-KEY
Mime-Version
X-Geo
User-Cache-Control
ServerName
Now
X-CF-Lambda-Fn
IsBot
Apple-News-Services-Handled
X-PAYTM-SRV-ID
X-G
Cross-Origin-Window-Policy
BehaviorPad-Version
X-Detected-As
X-Destination
X-DPWN-IS-SECURE
AsisCache
Apple-News-Services-Request-Url
Arc-Country
Content-Script-Type
Content-Style-Type
X-Hl-Ver
X-D
X-Connection-Hash
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-External-Request-Id
X-Date
X-CF-Lambda-Version
X-ARC
X-Aed
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-Region-Sid
X-AIR-PT
X-Application
X-A
X-A-Ccd
Rt-Proxy-Cache
X-Transaction
X-Accel-Expires-Debug
X-A-Dcw
X-Svr
X-SRCache-Key
T-Server
X-Session-Fingerprint
X-A-Dgt
X-FW-Version
X-Server-Time
X-A-Wwc
X-A-Dam
X-SIPLIST1
Request-EU
X-Processor
Meta-Geo-Continent
X-S-Cookie
Mobile-Detection-Method
MD5-Digest
X-Request-UUID
X-Rojux
X-Rewrite-Enabled
Machine
Request-Country
X-B-Cookie
Node
Rendered-Blocks
X-VG-WebServer
X-VG-WebCache
X-ScT
Viewtype
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
VivaBuild
X-Endurance-Cache-Level
Thinkindot-CacheControl-Type
Web-Mar-Node
Thinkindot-Control
X-Debug-Cookies
X-Clara-WADP
X-Cms-Context
X-Cache-Info
X-Cache-Debug
X-Block-Status
X-Cache-Bucket
X-Core-Value
X-Gen-Mode
CDCHOST
Server-Int
Server-Host
X-Debug-Log
RNT-Machine
RNT-Time
Thinkindot-CacheControl
X-Location
X-Proxy-Cache-Status
X-Proxy-Upstream
X-NC
Proxy-Connection
X-Request-URI
X-CDN-Forward
OT-Force-Account-Verify
Mail-Subject
We-Hiring
X-WADP-Cache
X-NX-Host
X-Thinkindot-L3
X-Service
X-Hnp-Log
Srv
X-Matched-Rule
X-Reboot
X-S-Maxage
X-B3-Parentspanid
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
NtCoent-Length
X-ShopId
X-VServer
X-RateLimit-Limit-Second
X-Auto-Login
Wxu-Next-Region
X-Backend-State
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-C
X-BBXSRF
X-Webstats-RespID
X-Azure-Ref-OriginShield
X-We-Are-Hiring
X-Azure-Ref
X-Variation
X-Request-Start
X-Skip-Cache
X-Reqid
X-SVT-ORM-RULES
X-Server-IP
X-SD-PageType
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Scheme
X-Release
X-SVT-ORM-VERSION
X-VG-TLSProxy
X-Amz-Meta-Cache-Control
X-App-Name
X-VC-Cache
X-Policy
X-TrackingId
X-Up
X-User
X-RateLimit-Remaining-Second
X-Origin-Date
X-JWT-State
X-Is-Gdpr
X-Irp-Debug
X-Instart-Isnd
X-Key
X-Distributor
X-Developers
X-Dispatch
X-Dispatcher-Server
X-Distil-CS
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Generated-In
X-Generated-On
X-Generation-Time
X-Geo-Header
X-Has-Esi
X-Hash
X-Epic-Correlation-Id
X-Eu-Site
X-Fastly-Cache
X-Level-Front-Cache
X-Li-Fabric
X-CGP
X-Old-Content-Length
X-Clientip
X-Compress-Hint
X-GeoIP-City
X-Origin-Expires
X-Cache-FS-Status
X-Cache-Id
X-Cache-URL
X-Cdn-Srv
X-Ms-Version
X-Core-Mission
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-LI-UUID
X-Li-Pop
X-Magnolia-Registration
X-Debug-Cache-Expiry
X-Ms-Request-Id
X-CUA
X-Method
X-Platform-Server
Platform
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Fastly-Soc-X-Request-Id
IBM-Web2-Location
Is-Eu
Memcached
Magicmarker
L
Kp-EeAlive
Esi-Enabled
Countrycode
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Parent-Response-Time
Wxu-Next-Hostname
X-Varnish-Beresp-Ttl
X-Unique-Id
Content-Disposition
Cache-Host
AKAMAI
PFcat
Adler-Geo
True-Client-Country-4JS
Served-By
ServedBy
W
SD-X-WS
Wxu-Next-Commit
Section-Io-Cache
X-Nc
Cache-Provider
X-Dc
A
X-Developer
X-Agile-Id
X-Agile
X-Logging-Id
X-Internal-Host
X-ServiceProvider
X-LI-Proto
X-Cdn-Forward
Heartbleed
X-Agile-Age
X-Qloud-Router
X-MSEdge-Features
X-Bip
X-Urbn-Site-Id
Pramga
X-Thanos
X-Urbn-Context-Path
X-Owner
X-Vdms-Version
Locale
X-MSEdge-Flight
X-WebServer
V-Age
X-Swa-Ws
X-Shopify-Generated-Cart-Token
Server-ID
X-B3-Spanid
X-Sigma-Backend
X-Sucuri-Cache
X-Sn-Servicetimems
X-NodeID
Cdncip
X-Sigma
Cdnsip
X-Rocket-Build-Number
X-AK-Request-ID
X-Cdn-Origin
X-Servername
X-Node-Id
CF-IPCountry
X-Device-Os
X-Sucuri-Id
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-GRACE
X-Lb-Id
X-Upstream-Ct
GEO-REGION-INFO
X-Upstream-Ht
Powered-By-ChinaCache
X-Via-NSCOPI
Environment
X-EC-Lua
X-RCS-CacheZone
X-Be
X-Source
X-FPC
X-ND-Cache
X-VHOST
X-Trafficlayer-App-Version
X-Servedbyhost
X-Zone
X-Microcachable
Tcn
Request-Time
X-Newrelic-Synthetics
X-Nginx-Cache
X-Webkit-CSP
X-Tb-Optimization-Total-Bytes-Saved
X-Req
Locid
Resin-Trace
FNAC-ModuleRouting
X-Gamma-Serve
X-Pjax-Url
X-Instart-Info
X-Oracle-Dms-Rid
X-NGENIX-Cache
Geo-Info
X-ElasticPress-Search
X-ECACHE
X-Served-From
X-SRV
Group
X-TIME
X-Sucuri-ID
X-Backend-Host
X-Refresh
X-Backend-Url
X-Pf-Uncompressing
X-VCL-Version
X-Dynatrace
X-COUNTRY
X-DC
X-Var-Ttl
X-GEO
X-VWS-Id
Backend-Name
X-AWS-Id
CF-Cached-On
X-IPS-LoggedIn
Memory
X-LJ-Flow-ID
Gannett-Cam-Experience-Id
X-Correlation-ID
X-Unique-ID
N-Cache
X-Render-Time
Amp-Access-Control-Allow-Source-Origin
XServer
X-Ratelimit-Remaining
X-HTML-Minification-Powered-By
ProcessTime
Lfy
X-Check-Cacheable
Cf-Ipcountry
X-FORWARDED-FOR
TTL
Cache-Prefix
PICS-Label
Pagetype
X-NU-AKA-ACS-Version
Fly-Request-Id
Fly-Cache
X-Pod
Geoip-City
Geoip-Latitude
GeoIp-Country-Code
Pics-Label
REQUESTUUID
GeoIP-Latitude
GeoIP-Country-Code
M-TraceId
X-GeoIP-Country-Code
Ttl
GeoIP-City
X-Via-SSL
X-Worker
X-CSRF-Token
X-Bc
X-Via-Edge
SRV
Ohc-File-Size
Ohc-Cache-HIT
X-Via-Ucdn
Cdn
MIME-Version
X-Upstream-HT
X-Upstream-CT
X-APP
X-Cache-Miss-From
X-Sedo-Request-Id
X-Mode
X-CLOUD-TRACE-CONTEXT
X-Vcl-Version
X-Server-W
X-Fetched-On
X-LiteSpeed-Cache-Control
X-Fstrz
X-ZONE
X-MP-GENERATED-AT
X-Fastly-Country-Code
X-Wa
X-PF-Uncompressing
HitType
Fastly-SIE
X-Rebelmouse-Surrogate-Control
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Ratelimit-Limit
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Host-ID
HostName
X-HS-Status
X-NGINX-Cache
X-Dynatrace-Js-Agent
User-Agent
On-Server
X-PJAX-URL
Pragrma
X-Zipkin-Id
X-Routing-Service
X-BC
X-Proxied
X-Swift-Error
X-HostName
X-GDPR
X-Cdn-Request-ID
X-Cache-Tag
X-Ua
X-Tt-Trace-Tag
X-Aicache-OS
URI
X-WR-MODIFICATION
X-ServedByHost
X-TT-LOGID
Cdn-Request-Time
X-WA
Cdn-Host
X-Edge-Server
X-TH-Server
Who
CACHE
X-RateLimit-Reset
Powered-By
X-UPSTREAM-Address
X-SN
X-Cache-Ttl
X-BE
X-Cf-Powered-By
X-ABtesting
X-Edge-O15-RID
CDN
X-Flog
X-Hello
X-Fastly-Backend-Reqs
Dynatrace
SS
X-Fpc
X-DB
X-Varnish-URL
X-Varnish-Cacheable
X-LAGOON
X-Action
Media-Length
X-DW
X-Response-By
X-DSS
X-Org
X-RPM
X-DI
X-RPS
X-RSL
DataCenter
X-Request-Time
LB
X-ServerName
Get-Access-Time
X-Ratelimit-Reset
X-Upstream-Proxy
Debug
SN
Is-Session-Tracking
Server-Id
X-LB-ID
X-Ftr-Cache-Host
AR-SID
X-Gen-Id
Requestid
X-Protected-By
Cneonction
X-Varnish-Beresp-TTL
Processtime
X-Newrelic-App-Data
X-Akamai-ERPolicy
XxX-Cache-Status
Country-Code
NnCoection
Correlation-Id
X-Amzn-Remapped-Date
X-Nananana
X-Amzn-Remapped-Connection
X-Dw-Trace-Id
Warning
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
SID
Thinkindot-Cache-Type
RequestUuid
Application
Product
RequestId
X-LiteSpeed-Tag
X-Request-Url
X-Li-Proto
Lb
X-Page-Type