Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
CF-RAY
CF-Cache-Status
Pragma
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Request-ID
Timing-Allow-Origin
X-Template
X-DNS-Prefetch-Control
X-Language
X-Iinfo
X-Content-Security-Policy
Status
Content-Encoding
X-Buckets
X-AspNetMvc-Version
Upgrade
Access-Control-Expose-Headers
Xkey
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Via
X-CDN
X-Cache-Group
X-Age
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Backend
EagleId
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-UA-Device
X-AH-Environment
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
X-Hacker
X-Server
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Request-Context
Grace
X-Varnish-Cache
Server-Timing
Feature-Policy
Cf-Railgun
X-Amz-Version-Id
X-Device
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Dns-Prefetch-Control
X-Rq
X-Cdn
X-WebKit-CSP
X-Ac
Report-To
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Server-Id
X-Response-Time
X-Cnection
Request-Id
X-Host
X-Backend-Server
X-DataDome
Content-Location
X-Cloud-Trace-Context
X-Node
X-Origin-Cache
X-Readtime
X-Cache-Lookup
X-Vhost
NEL
X-Application-Context
X-Dispatcher
X-ORACLE-DMS-ECID
X-HW
Allow
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-Rack-Cache
X-Origin-Upstream-Status
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Aspnetmvc-Version
X-Country
Surrogate-Control
Rating
X-DynaTrace
X-FTR-Request-ID
Pinterest-Generated-By
X-Country-Code
X-Goog-Hash
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Accept-Ch
X-Akam-SW-Version
X-Ws-Request-Id
X-MS-InvokeApp
X-Varnish-TTL
X-TtlSet
X-Vname
X-PC
X-Ruxit-JS-Agent
X-Url
X-Instart-Request-ID
X-B3-TraceId
Edge-Control
X-Powered-By-Plesk
Verso
SPRequestGuid
X-Mod-Pagespeed
Accept-Ch-Lifetime
Response
X-Middleton-Response
X-Sol
X-Middleton-Display
X-D2id
Display
X-Ah-Environment
X-SharePointHealthScore
X-Trace
X-Kinja-Server
X-Kinja-Build
X-VARITI-CCR
X-Exp-Variant
X-Use-Magma
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
RTSS
Service-Worker-Allowed
X-Server-Name
SPIisLatency
SPRequestDuration
X-GitHub-Request-Id
X-Server-ID
X-Navigation-Version
X-ESI
X-CST
X-Powered-CMS
X-Debug
Pagespeed
X-Abt-Application-Version
X-Vcap-Request-Id
Public-Key-Pins
Content-MD5
X-Amz-Server-Side-Encryption
X-Px
MS-Author-Via
X-Version
X-Upstream
Charset
X-Amz-Rid
X-Vcache
X-NF-Request-ID
X-Forwarded-Proto
Realpath
DynaTrace
X-Cached
X-Shard
X-Recruiting
Fastly-Restarts
TCN
X-TTL
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
MicrosoftSharePointTeamServices
X-Ezoic-Cdn
X-SERVER
Arr-Disable-Session-Affinity
Pinterest-Version
X-Pinterest-Rid
X-Shield-Request-Id
Edge-Cache-Tag
X-MSEdge-Ref
X-XRDS-Location
X-DynaTrace-JS-Agent
Access-Control-Request-Method
Nginx-Cache
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
S
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
Front-End-Https
X-Fastly-Request-ID
X-Ttl
X-Accel-Expires
X-Amz-Meta-S3cmd-Attrs
X-DIS-Request-ID
X-Goog-Storage-Class
X-Id
X-Element-Page-Cache
X-Varnish-Age
X-Client-IP
X-T
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-Country-Code-Real
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-FTR-Expires
X-RateLimit-Remaining
X-Amzn-Trace-Id
X-Dw-Request-Base-Id
Fastcgi-Cache
NR-ENABLED
X-HS-Content-Id
X-Trafficlayer-App-Scope
X-HS-Hub-Id
X-Trafficlayer-App-Name
X-Frontend
X-Content-Digest
X-Correlation-Id
Powered
X-Hits
AR-CACHE
AR-PoweredBy
AR-ATIME
Ar-Sid
X-Fastcgi-Cache
X-Forwarded-For
X-Grace
ServerID
X-Kinsta-Cache
Cache-Tag
X-FTR-Cache-Host
X-Litespeed-Cache
TP-Cache
X-HS-Cache-Config
TP-L2-Cache
X-Cache-Hit
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
PB-RID
X-N
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Content-Type
X-Request-Processing-Time
X-Request-Received
X-Request-Handler-Origin-Region
X-Microsite
X-Webkit-Csp
Alternate-Protocol
X-Hp-Webp
X-Zen-Fury
X-User-Agent
Server-Name
X-FastCGI-Cache
Server-Node
X-Rid
X-Srv
X-Revision
X-Via-JSL
Healthy
X-Analytics
Backend-Timing
X-LB-Cache
AR-Request-ID
Paypal-Debug-Id
Cache-Status
Retry-After
X-Logged-In
X-Activity-Id
X-Az
X-AppVersion
X-Webapp-Samesite-None-Activated-N
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-IPLB-Instance
X-GUploader-UploadID
X-Type
X-NWS-LOG-UUID
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cached-By
X-Oneagent-Js-Injection
X-HS-Combine-CSS
X-Cache-Age
X-Varnish-Grace
FilterID
X-Pad
X-B3-Sampled
X-Ruxit-Js-Agent
X-Mobile-URL
X-F-Cache
X-Content-Options
X-Geo-Country
Accept-Charset
X-Debug-Info
X-FB-Debug
X-Instance
Refresh
X-App-Environment
X-Cluster
X-Tumblr-Pixel-0
X-Jobs
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Page-Id
X-Tumblr-User
X-Request-Guid
Source
X-AOL-HN
X-Framework
Actual-Object-TTL
X-Seen-By
Host
X-PHP-Backend
X-B
X-Erf-Bev-Bev
X-Whom
X-PressLabs-Stats
DC
X-Erf-Bev-Bev-Is-Generated
Upgrade-Insecure-Requests
MS-CV
X-Esi
VIX-Pulpo-Upstream-Status
X-Content-Powered-By
VIX-Pulpo-Node
Fastcgi-Useragent
X-Time
X-Varnish-Backend
X-WebKit-CSP-Report-Only
X-ATG-Version
X-Cache-2
X-Cache-Key
X-Host-Name
X-Git-Hash
X-TT
X-Cache-Control
X-VCache
X-Cache-TTL
X-Cache-Rule
X-Cache-Operation
Surrogate-Key
X-Forwarded-Host
X-TA-CDN-Provider
Frame-Options
X-Amz-Replication-Status
Cache
X-Kong-Upstream-Latency
X-Daa-Tunnel
X-Kong-Proxy-Latency
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Server
X-FW-Hash
X-Wix-Request-Id
NGB
Xserver
X-Response-Served-From
X-B-Cache
X-Mobile
X-Signature
X-Origin-Server
Tracecode
Host-Header
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Webserver
X-Hyper-Cache
Payment
WPE-Backend
X-Drupal-Cache-Tags
X-RequestSource
X-TX-ID
X-UA-Device-Type
X-Cache-Action
X-Cache-NE
X-Cacheable-TTL
X-Adobe-Loc
X-Adobe-Content
From-Origin
X-Region
X-Handled-By
X-GeoIP
Eomportal-Instance
X-App-Server
Filters
Cleartype
X-RemovedCookies
X-ProcessESI
Cache-Tv-Group
X-Webkit-CSP
X-RTag
X-Cache-Enabled
X-EdgeConnect-Cache-Status
Ms-Operation-Id
X-RateLimit-Limit
Datacenter
X-Cache-TTL-Remaining
X-UA
X-Status
Accept-CH-Lifetime
X-Contextid
X-Akamai-Transformed
X-Hostname
X-NewRelic-App-Data
Liferay-Portal
Accept-CH
X-BCube-Filmed-By
X-Cache-Server
X-Yottaa-Metrics
X-TT-TIMESTAMP
X-Yottaa-Optimizations
X-Edge-Location
X-Load-Cache
X-FW-Dynamic
X-Varnish-Hostname
Odigeo-Trace-Id
Server-Info
Version
X-IP
X-App-Version
X-ES-SERVER
X-Path-Route
X-RN-RSRV
X-Cache-Var-Map
X-Cache-Var
Meta-Geo
X-Varnish-Server
Load-Balancing
X-Rule
X-Viewer-Country
X-Xfnlog-Site
X-Debug-Cache
X-Cache-Config
X-CCM
X-PCL
X-OCL
X-UUID
Country
Cache-Tags
DB-Nickname
Mn-Server-Ip
Cache-Name
X-Origin
Azure-RegionName
X-Proto
X-Pubstack
X-R9-Blue-Green-Version
X-Origin-Response-Time
X-Origin-Hint
Azure-SlotName
Azure-SiteName
Azure-Version
S-Rt
X-Info
X-Cache-Host
X-Akamai-Request-ID
Webcakes-Region
X-Drupal-Cache-Contexts
X-Hosted-By
X-From
X-FC-Vary-Parameters
X-EIG-Tracking-Id
Webcakes-App-Version
Webcakes-App-Name
TWC-Connection-Speed
X-Labrador-Cache-Channel
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Loop
Azure-InstanceId
X-Via-Fastly
X-TNCMS
X-Rocket-Nginx-Bypass
X-Content-Age
X-Varnish-Cache-Hits
X-Web-Node
X-Timing-Wait
L5d-Success-Class
X-ApacheServer
X-Backend-Name
Origin-Cache-Control
X-JoinUs
X-Generated
X-Upgrade-Enabled
S-Cnection
X-VCT
Selected-Fe
Release
X-Cache-Time
Ec-Rule-Version
Origin-Edge-Control
X-Human
X-FireWall-Port
X-Real-IP
Fastly-SSL
X-Rendered-As
DSUID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PERF
X-Time-Microsecs
X-ServerID
X-Cluster-Name
X-Proxy-Build
X-Proxy
X-Vgn-Hpd-Reason
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Access
X-Redis-Cache
X-Format
X-Section
X-Varnish-Hits
X-Soup
X-Akamai-Request-ID2
X-WA-Info
X-Origin-TTL
X-Origin-CC
Viewport
GEO-INFO
X-Locale
X-Www-Served-By
X-Site-Version
X-XRDS-LOCATION
X-Storage
X-Cache-Grace
Cache-Key
Rt-Fastcgi-Cache
X-NWS-UUID-VERIFY
NGX
X-Cache-Remote
Vix-Hermes-Req-Id
X-Is-Bot
Cteonnt-Length
Uber-Trace-Id
X-ProxyCache-Key
X-B3-SpanId
X-Hit
X-BYPASS-REASON
X-ProxyCache-Status
Cache-Hits
X-GoCache-CacheStatus
Time
X-Backend-TTL
X-NCache
X-SS-Set-Cookie
X-PHP-Host
X-ATS-Timestamp
Origin
X-Generated-By
X-Cache-Backend
X-Device-Type
X-CF-Powered-By
X-CS
X-Trace-Id
Mime-Version
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Guploader-Uploadid
Hostname
Akamai-GRN
X-Amzn-Remapped-Content-Length
Accept-Language
X-OVcl
X-Tumblr-Pixel-3
X-UnsetCookies
X-OVcl-Cache
X-S
X-Nginx-Cache-Key
X-Accel-Buffering
X-Via-CDN
X-Cluster-Node
X-FB-TRIP-ID
Fastcgi-X-Cache-Version
X-CACHE-KEY
X-L-Path
X-Environment-Context
X-Uri
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
Now
X-No-Session
X-CSRF-TOKEN
X-Tb
X-MServer
X-FW-Version
X-NC
Access-Control-Request-Headers
X-B3-Traceid
X-URL
X-Cdn-Forward
OT-Force-Account-Verify
X-SayCDN-TTL
ServerName
User-Cache-Control
X-Say-Cacheable
X-Say-TTL
X-DPWN-IS-SECURE
X-Session-Fingerprint
Cross-Origin-Window-Policy
X-Svr
Content-Script-Type
Content-Style-Type
X-SIPLIST1
X-SRCache-Key
Apple-News-Services-Handled
X-Trv-Group
X-External-Request-Id
X-Twitter-Response-Tags
X-G
X-PAYTM-SRV-ID
X-Transaction
X-Server-Time
Arc-Country
X-Region-Sid
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
BehaviorPad-Version
MD5-Digest
X-Request-UUID
X-Accel-Expires-Debug
X-Aed
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A-Dam
X-A-Dcw
X-AIR-PT
X-Application
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Date
X-ARC
X-B-Cookie
X-A
VivaBuild
Mobile-Detection-Method
Node
X-ScT
Meta-Geo-Continent
X-Destination
IsBot
Machine
Rendered-Blocks
Request-Country
X-Rojux
X-Rewrite-Enabled
Viewtype
T-Server
X-S-Cookie
Request-EU
Rt-Proxy-Cache
X-Detected-As
AsisCache
X-Tec-Api-Root
X-VG-WebCache
X-Tec-Api-Origin
X-Hl-Ver
X-Tec-Api-Version
X-Presslabs-Stats
X-Vtex-Remote-Cache
X-VG-WebServer
X-Processor
Xc-Version
X-Vtex-Processado-Em
Web-Mar-Node
ServedBy
CDCHOST
X-Request-URI
X-Debug-Cookies
X-Reboot
X-NX-Host
A
Thinkindot-CacheControl-Type
X-S-Maxage
RNT-Machine
X-Proxy-Upstream
X-Matched-Rule
X-Debug-Log
RNT-Time
X-Developer
X-Thinkindot-L3
Thinkindot-CacheControl
Server-Int
Server-Host
Thinkindot-Control
X-Parent-Response-Time
X-Gen-Mode
X-Clara-WADP
X-Cache-Bucket
X-Block-Status
X-Cache-Info
We-Hiring
X-Hnp-Log
X-Proxy-Cache-Status
Mail-Subject
X-WADP-Cache
X-Cache-Debug
Proxy-Connection
X-Sucuri-Id
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Endurance-Cache-Level
X-SaId
X-Shopify-Stage
X-Varnish-Beresp-Ttl
X-Sorting-Hat-PodId
X-ShopId
X-Varnish-Beresp-Grace
X-ShardId
X-Varnish-Beresp-Status
Served-By
X-Origin-Date
X-Debug-Cache-Expiry
X-Core-Mission
X-Ms-Request-Id
X-Platform-Server
X-Debug-Cache-Fetch
X-Wikidot-Static-Cache
X-Clientip
X-Debug-Cache-Store
X-Compress-Hint
X-CGP
SD-X-WS
Platform
X-Cms-Context
X-Origin-Expires
Section-Io-Cache
X-Wikidot-Backend
X-BBXSRF
X-App-Name
X-Reqid
X-Amz-Meta-Cache-Control
X-Release
X-We-Are-Hiring
X-Backend-State
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Old-Content-Length
X-Request-Start
X-Auto-Login
X-WebServer
X-Webstats-RespID
W
X-Cache-URL
X-Ms-Version
True-Client-Country-4JS
X-Cdn-Origin
Wxu-Next-Commit
Wxu-Next-Hostname
X-Cache-Id
X-Cache-FS-Status
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
Wxu-Next-Region
X-Cdn-Srv
X-Magnolia-Registration
X-Level-Front-Cache
Cache-Host
X-Distributor
X-RateLimit-Remaining-Second
X-Key
X-Li-Fabric
X-Sn-Servicetimems
X-Up
X-Eu-Site
X-RateLimit-Limit-Second
X-Li-Pop
X-Skip-Cache
X-CUA
X-Fastly-Cache
X-Internal-Host
X-Epic-Correlation-Id
X-VG-TLSProxy
X-Irp-Debug
X-TrackingId
Adler-Geo
X-Instart-Isnd
X-User
X-IN-APIGATEWAY
X-Variation
X-IN-APIGATEWAYSSL
Countrycode
X-VServer
Kp-EeAlive
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
X-SD-PageType
X-Location
X-Policy
X-Hash
Memcached
Magicmarker
Gh-Request-Id
IBM-Web2-Location
X-Service
X-Generated-In
X-Distil-CS
Esi-Enabled
X-Dispatch
X-Dispatcher-Server
X-LI-UUID
X-Generated-On
X-Server-IP
Cache-Provider
NtCoent-Length
X-B3-Parentspanid
X-Owner
X-Qloud-Router
X-Has-Esi
X-GeoIP-City
X-Bip
X-Generation-Time
X-C
X-VC-Cache
X-MSEdge-Features
Fastly-Soc-X-Request-Id
V-Age
X-LI-Proto
Content-Disposition
X-Device-Os
X-Developers
Pramga
X-Method
X-Logging-Id
L
X-MSEdge-Flight
PFcat
X-JWT-State
X-Agile-Id
X-Is-Gdpr
X-Swa-Ws
X-Thanos
X-Agile-Age
X-Agile
X-Node-Id
X-Geo
X-APP-VERSION
X-Nc
X-Lb-Id
X-NodeID
X-Geo-Header
Locale
X-Urbn-Context-Path
AKAMAI
X-ServiceProvider
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Urbn-Site-Id
Heartbleed
X-Core-Value
Server-ID
X-Scheme
CF-IPCountry
X-Servername
X-Vdms-Version
Srv
X-Dc
GEO-REGION-INFO
X-CDN-Forward
Environment
X-EC-Lua
X-GRACE
X-AK-Request-ID
X-Sucuri-Cache
Request-Time
Cdnsip
X-Sigma-Backend
X-Sigma
Cdncip
X-Unique-Id
X-Shopify-Generated-Cart-Token
X-Rocket-Build-Number
X-Newrelic-Synthetics
X-NGENIX-Cache
X-ECACHE
X-Servedbyhost
X-GEO
X-FPC
X-Pjax-Url
Powered-By-ChinaCache
Resin-Trace
X-Instart-Info
X-Be
X-Planisys-CDN-TTL
X-Nginx-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Via-NSCOPI
X-ElasticPress-Search
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-VHOST
X-Source
X-Zone
Group
X-Backend-Host
X-ND-Cache
X-Upstream-Ht
X-Microcachable
X-Backend-Url
X-Upstream-Ct
Tcn
X-B3-Spanid
X-DC
X-RCS-CacheZone
PageSpeed
X-Trafficlayer-App-Version
X-Var-Ttl
Memory
Backend-Name
CF-Cached-On
X-IPS-LoggedIn
Ohc-Cache-HIT
X-Unique-ID
Ohc-File-Size
SRV
N-Cache
X-Oracle-Dms-Rid
X-VCL-Version
Locid
X-VWS-Id
Fly-Request-Id
X-Req
Pagetype
Fly-Cache
Cache-Prefix
X-AWS-Id
Lfy
X-LJ-Flow-ID
X-Upstream-HT
X-Upstream-CT
X-Dynatrace
Gannett-Cam-Experience-Id
X-Worker
X-Served-From
X-COUNTRY
FNAC-ModuleRouting
Cdn
Geo-Info
X-Refresh
X-Correlation-ID
GeoIP-Latitude
X-Ratelimit-Remaining
GeoIP-Country-Code
X-Via-Ucdn
X-Check-Cacheable
Pics-Label
Amp-Access-Control-Allow-Source-Origin
GeoIP-City
X-Gamma-Serve
X-Ua
X-Sedo-Request-Id
X-Pf-Uncompressing
PICS-Label
X-Fetched-On
X-Bc
Cf-Ipcountry
TTL
X-Cache-Miss-From
Ttl
X-Server-W
X-Pod
X-SRV
X-Rebelmouse-Cache-Control
REQUESTUUID
X-Via-Edge
X-CSRF-Token
X-Rebelmouse-Surrogate-Control
X-PF-Uncompressing
Geoip-City
X-Wa
Fastly-SIE
Fastly-SWR
GeoIp-Country-Code
X-Via-SSL
X-Render-Time
Geoip-Latitude
ProcessTime
X-Sucuri-ID
X-Upstream-Proxy
XServer
X-Ratelimit-Reset
X-APP
M-TraceId
X-Datadome
X-NU-AKA-ACS-Version
X-HTML-Minification-Powered-By
X-CLOUD-TRACE-CONTEXT
X-ZONE
X-Fstrz
X-GeoIP-Country-Code
X-HS-Status
X-LiteSpeed-Cache-Control
X-Tt-Trace-Tag
X-Vcl-Version
X-Mode
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-GDPR
X-TIME
X-Ratelimit-Limit
Cdn-Host
X-Edge-Server
X-Fastly-Country-Code
On-Server
Cdn-Request-Time
X-Dynatrace-Js-Agent
X-SN
Pragrma
HitType
User-Agent
X-Cache-Tag
X-HostName
MIME-Version
X-Swift-Error
X-ABtesting
X-Org
X-Aicache-OS
X-Response-By
X-Flog
X-Hello
X-BC
Host-ID
X-NGINX-Cache
X-WR-MODIFICATION
HostName
X-FORWARDED-FOR
X-ServedByHost
SS
URI
X-WA
X-MP-GENERATED-AT
Who
X-BE
X-TT-LOGID
CACHE
X-RateLimit-Reset
X-Cdn-Request-ID
X-UPSTREAM-Address
Requestid
X-DW
X-Fastly-Backend-Reqs
X-RPM
X-RPS
X-DB
X-Cache-Ttl
X-DSS
SN
X-Action
X-Edge-O15-RID
X-PJAX-URL
X-DI
X-RSL
X-Routing-Service
X-Zipkin-Id
Dynatrace
X-Proxied
X-Cf-Powered-By
X-LAGOON
X-TH-Server
X-Varnish-URL
X-Varnish-Cacheable
Country-Code
RequestUuid
X-Fpc
X-Page-Type
Lb
DataCenter
LB
X-ServerName
Debug
Server-Id
Powered-By
CDN
Get-Access-Time
Is-Session-Tracking
X-Ftr-Cache-Host
X-Gen-Id
X-Nananana
X-Varnish-Beresp-TTL
X-Edge
Media-Length
X-SB
X-VC
XxX-Cache-Status
X-Tt-Trace-Host
X-Protected-By
X-MCACHE
X-MID
UCS
X-Request-Url
NnCoection
X-LB-ID
RequestId
X-LiteSpeed-Tag
X-Akamai-ERPolicy
Thinkindot-Cache-Type
X-Request-Time
X-Dw-Trace-Id
X-Amzn-Remapped-Connection
X-Akamai-ERRuleID
X-Li-Proto
Xet-Cookie
Warning
Application
X-Fastly-Cache-Hits
X-Amzn-Remapped-Date
SID
Correlation-Id
Product