Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
CF-RAY
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
P3P
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-Ua-Compatible
Timing-Allow-Origin
P3p
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-Content-Security-Policy
X-AspNetMvc-Version
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
EagleId
Xkey
X-Page-Speed
Feature-Policy
X-Hacker
X-Server-Powered-By
Request-Context
X-Pingback
Server-Timing
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Report-To
Cf-Railgun
X-OneAgent-JS-Injection
X-Rq
X-Server-Id
X-Device
X-LiteSpeed-Cache
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
NEL
X-Node
X-Response-Time
X-Dispatcher
X-Ac
X-Cache-Lookup
X-Origin-Upstream-Status
X-WebKit-CSP
X-Dns-Prefetch-Control
Surrogate-Control
Request-Id
X-Readtime
X-Ruxit-JS-Agent
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
X-Application-Context
Content-Location
X-DataDome
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Rack-Cache
X-Url
X-Clacks-Overhead
RTSS
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Fusion-Deployment-Id
X-PC
X-Vname
X-FTR-Request-ID
X-Goog-Hash
X-TtlSet
X-Country-Code
X-ASPNET-VERSION
X-DynaTrace
X-Varnish-TTL
Allow
Verso
X-GitHub-Request-Id
Service-Worker-Allowed
X-Instart-Request-ID
X-MS-InvokeApp
X-D2id
Accept-CH
X-Kinja-Server
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
Content-MD5
X-Server-Name
SPRequestGuid
Pinterest-Generated-By
X-Powered-By-Plesk
X-Forwarded-Proto
X-Cached
X-Trace
X-Navigation-Version
TCN
X-Amz-Server-Side-Encryption
X-Amz-Rid
X-Abt-Application-Version
X-SharePointHealthScore
Accept-CH-Lifetime
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Public-Key-Pins
X-Fastly-Request-ID
X-Vcap-Request-Id
Nginx-Cache
X-Debug
X-MSEdge-Ref
X-Vcache
SPRequestDuration
SPIisLatency
Arr-Disable-Session-Affinity
X-VARITI-CCR
X-DynaTrace-JS-Agent
Charset
X-Cache-TTL
X-Accel-Expires
X-ESI
X-B3-TraceId
NR-ENABLED
MS-Author-Via
Response
Pagespeed
X-NF-Request-ID
X-Middleton-Response
Display
X-Middleton-Display
X-Ttl
X-Sol
X-Px
X-Content-Type
Realpath
X-Client-IP
Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
Access-Control-Request-Method
X-Ser
X-Id
WPE-Backend
X-Server-ID
Edge-Cache-Tag
X-Powered-CMS
Pinterest-Version
X-Pinterest-Rid
X-Grace
X-Webkit-Csp
Front-End-Https
X-Hp-Webp
X-Jurisdiction
X-Shield-Request-Id
X-T
X-Upstream
X-Hits
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Version
X-Content-Digest
X-Fastcgi-Cache
X-Dw-Request-Base-Id
DynaTrace
X-Node-Name
X-Cache-Hit
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
Fastcgi-Cache
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Recruiting
ServerID
AMP-Access-Control-Allow-Source-Origin
X-Mobile-URL
X-TTL
AR-CACHE
Accept-Ch
Ar-Sid
X-FTR-Realm
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-FTR-DC
X-Country-Code-Real
X-Goog-Stored-Content-Length
X-FTR-Cache-Status
X-Goog-Generation
X-FTR-Balancer
X-GUploader-UploadID
X-FTR-Backend
X-FTR-Backend-Server
X-Request-Received
X-Correlation-Id
X-Request-Processing-Time
X-Frontend
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Server-Node
TP-Cache
TP-L2-Cache
Powered
PB-RID
PB-PID
X-FTR-Expires
X-DIS-Request-ID
Upgrade-Insecure-Requests
X-Mobile-Rewrite
Arc-Version
X-Ezoic-Cdn
Refresh
X-Shard
X-Forwarded-For
X-HS-Combine-CSS
Host-Header
Alternate-Protocol
Server-Name
X-Geo-Country
X-XRDS-Location
Accept-Ch-Lifetime
X-Amzn-Trace-Id
X-N
X-Request-Handler-Origin-Region
X-Microsite
Fastly-Restarts
X-Akamai-Edgescape
X-NWS-LOG-UUID
X-F-Cache
X-FastCGI-Cache
X-LB-Cache
X-Page-Id
X-Rid
X-FTR-Cache-Host
X-B
X-ATS-Timestamp
Backend-Timing
X-Kong-Proxy-Latency
X-Logged-In
X-Kong-Upstream-Latency
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Varnish-Age
X-XRDS-LOCATION
X-Esi
MicrosoftSharePointTeamServices
X-Cache-Key
X-Zen-Fury
X-Kinsta-Cache
Healthy
X-Amzn-Requestid
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-Varnish-Grace
X-Jobs
X-Revision
X-Origin-Server
X-Cache-Age
X-Request-Guid
X-App-Environment
Paypal-Debug-Id
Fastcgi-Useragent
X-Varnish-Backend
X-Seen-By
X-Tumblr-Pixel-0
X-Signature
X-Instance
X-Amz-Replication-Status
X-B-Cache
X-Tumblr-User
X-Tumblr-Pixel
X-Type
X-Git-Hash
X-Cluster
X-B3-Sampled
X-AOL-HN
X-FB-Debug
Section-Io-Cache
X-Hostname
X-TT
Host
Actual-Object-TTL
X-ATG-Version
X-Whom
X-Debug-Info
Frame-Options
X-Presslabs-Stats
X-WebKit-CSP-Report-Only
X-Cache-Action
X-Webkit-CSP
Cache-Status
X-Content-Options
Access-Control-Allow-Method
X-Endurance-Cache-Level
X-Cache-Operation
X-Cache-Rule
X-Contextid
Trailer
X-Content-Powered-By
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Host-Name
Source
X-SERVER
Tracecode
Accept-Charset
X-APP-VERSION
X-Az
X-AppVersion
X-Activity-Id
DC
X-FireWall-Port
X-IPLB-Instance
X-Upgrade-Enabled
Liferay-Portal
X-Daa-Tunnel
X-Tt-Trace-Tag
X-Tt-Trace-Host
From-Origin
X-Amz-Apigw-Id
X-PHP-Backend
X-WA-Info
X-RateLimit-Remaining
NGB
VIX-Pulpo-Node
X-Framework
VIX-Pulpo-Upstream-Status
X-Accel-Buffering
X-Response-Served-From
X-RemovedCookies
X-ProcessESI
Retry-After
X-FW-Static
X-FW-Type
X-Tumblr-Pixel-1
X-FW-Server
X-Rendered-As
X-FW-Hash
X-FW-Serve
X-Tumblr-Pixel-2
Surrogate-Key
X-Is-Bot
X-UUID
Eomportal-Instance
X-Cacheable-TTL
X-GeoIP
Payment
X-Wix-Request-Id
X-Adobe-Content
X-Adobe-Loc
X-L-Path
X-Varnish-Server
X-Time-Microsecs
X-RequestSource
X-Region
X-Cache-NE
Filters
X-Environment-Context
X-Mobile
X-Unique-Id
X-Handled-By
Srv
X-TIME
X-Proxy
X-UA-Device-Type
X-Cached-By
X-NGENIX-Cache
X-Varnish-Hostname
X-Origin-Response-Time
X-Cache-Control
Datacenter
GEO-INFO
X-EdgeConnect-Cache-Status
X-Cache-TTL-Remaining
X-Cache-Server
X-B3-Traceid
X-Cache-Time
Xserver
X-CST
X-Akamai-Transformed
Filterid
MS-CV
X-Backend-Name
X-Litespeed-Cache
Version
X-Rule
X-Srv
Odigeo-Trace-Id
Cache-Tags
X-Mode
X-Status
S-Cnection
Cache-Tv-Group
X-Yottaa-Optimizations
X-Yottaa-Metrics
Server-Info
X-ES-SERVER
Meta-Geo
X-FW-Dynamic
X-CCM
X-Cache-Var-Map
X-Ua-Device
X-IP
X-Path-Route
X-Cache-Enabled
X-Cache-2
X-URL
X-Cache-Var
Azure-RegionName
Azure-SiteName
Azure-InstanceId
OT-Force-Account-Verify
Webserver
Cross-Origin-Window-Policy
Azure-Version
S-Rt
X-FC-Vary-Parameters
X-Redis-Cache
X-Loop
X-MP-GENERATED-AT
X-Detected-As
X-Amzn-Remapped-Content-Length
DB-Nickname
Ec-Rule-Version
X-RN-RSRV
Country
Azure-SlotName
X-TNCMS
Origin-Edge-Control
Decoy-Debug-TTL
X-Forwarded-Host
Decoy-Debug-Status
Origin-Cache-Control
X-PERF
Webcakes-App-Version
X-Via-Fastly
Webcakes-Region
Decoy-Debug-Key
X-ApacheServer
TWC-GeoIP-Country
X-Cache-NGX
X-TX-ID
Cleartype
X-Adobe-Source
X-Akamai-Request-ID2
Content-Disposition
X-Hosted-By
Webcakes-App-Name
X-Pubstack
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
X-Human
TWC-Locale-Group
X-Origin-Hint
X-Origin
ServedBy
X-NCache
TWC-Connection-Speed
Property-Id
TWC-Device-Class
X-Real-IP
TWC-Privacy
Akamai-GRN
X-Locale
X-Cache-Config
X-AWS-Id
Section-Origin-Responded
Section-Io-Id
Now
NGX
X-Access
Section-Io-Origin-Status
X-Alternate-Cache-Key
Section-Io-Origin-Time-Seconds
Cache-Hits
X-Say-TTL
X-Format
X-Site-Version
Node
X-Sorting-Hat-PodId
X-Device-Type
X-Shopify-Stage
X-Generated
X-Hl-Ver
X-No-Session
X-NYM-Debug-Backend
X-RCS-CacheZone
X-LJ-Flow-ID
X-Sorting-Hat-ShopId
X-VWS-Id
X-EIG-Tracking-Id
X-Section
X-Pinterest-Direct
X-Cache-Status-Check
X-ServerID
X-Web-Node
X-ShopId
X-SayCDN-TTL
X-ShardId
X-Say-Cacheable
X-ProxyCache-Status
X-Backend-TTL
X-Proxy-Build
X-Proxy-Cache-Status
X-Vgn-Hpd-Reason
X-ProxyCache-Key
X-Viewer-Country
X-FB-TRIP-ID
X-Content-Age
X-BCube-Filmed-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-JoinUs
X-BYPASS-REASON
X-Xfnlog-Site
Mn-Server-Ip
Access-Control-Request-Headers
X-Zipkin-Id
X-SaId
X-Proxied
X-Microcachable
X-HTML-Minification-Powered-By
Cache-Key
X-Dc
X-Www-Served-By
Selected-Fe
X-Timing-Wait
X-Routing-Service
X-Tb
X-Debug-Cache
X-Shopify-Generated-Cart-Token
X-Cdn
X-Proto
X-Soup
X-Cache-Remote
X-Request-Time
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-EC-Lua
Nel
X-Varnish-Hits
X-From
Accept-Language
X-Drupal-Cache-Tags
X-Generated-By
X-Akamai-Request-ID
Time
X-COUNTRY
X-CF-Powered-By
X-Pad
Cf-Ipcountry
FilterID
X-NewRelic-App-Data
X-Geo
X-NC
X-Azure-Ref
X-IPS-LoggedIn
X-Old-Content-Length
X-VCache
X-RateLimit-Limit
Uber-Trace-Id
X-Edge
X-MCACHE
X-FORWARDED-FOR
X-VCT
X-UA
X-Source
X-CS
Cache-Name
X-RTag
X-Cache-Grace
Ms-Operation-Id
X-NWS-UUID-VERIFY
X-ECACHE
X-Uri
User-Agent
X-APP
X-CLOUD-TRACE-CONTEXT
X-GoCache-CacheStatus
X-CDN-Forward
X-OCL
X-PCL
X-Labrador-Cache-Channel
X-PHP-Host
X-Qloud-Router
X-Mid
Proxy-Connection
Cache
X-Edge-Location
X-Drupal-Cache-Contexts
X-Magnolia-Registration
X-Varnish-Cache-Hits
X-Tumblr-Pixel-3
X-Nginx-Cache
X-PressLabs-Stats
X-FW-Version
Machine
X-Rojux
X-Oneagent-Js-Injection
X-Rewrite-Enabled
User-Cache-Control
Request-Country
X-Has-Esi
X-Rocket-Nginx-Bypass
X-S
X-Instart-Info
X-Session-Fingerprint
X-JWT-State
X-Developer
X-Info
X-DPWN-IS-SECURE
X-Request-UUID
X-S-Cookie
X-ScT
Request-EU
GEO-REGION-INFO
MD5-Digest
AsisCache
Arc-Country
Memcached
Apple-News-Services-Request-Url
BehaviorPad-Version
X-G
Meta-Geo-Continent
X-Geo-Header
X-Processor
Mobile-Detection-Method
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Fastcgi-X-Cache-Version
Rendered-Blocks
X-Request-URI
X-PAYTM-SRV-ID
X-External-Request-Id
X-Region-Sid
X-Is-Gdpr
Apple-News-Services-Handled
X-Reboot
X-GeoIP-Country-Code
X-SRCache-Key
X-Vtex-Remote-Cache
X-A
X-A-Ccd
X-A-Dam
X-Vtex-Processado-Em
X-VG-WebServer
X-D
X-CF-Lambda-Version
X-VG-WebCache
X-A-Dcw
X-A-Dgt
X-Connection-Hash
X-Application
X-ARC
X-B-Cookie
X-Aed
X-Accel-Expires-Debug
X-A-Wwc
Xc-Version
X-Newrelic-Synthetics
Vix-Hermes-Req-Id
X-Vdms-Version
X-Destination
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
X-Cdn-Srv
True-Client-Country-4JS
X-Hyper-Cache
X-Date
ServerName
VivaBuild
T-Server
Viewtype
X-CF-Lambda-Fn
X-Cache-Bucket
X-Sucuri-ID
X-S-Maxage
X-Block-Status
N-Cache
X-BBXSRF
X-Backend-Host
X-Cache-URL
X-GeoIP-City
X-Backend-State
Heartbleed
X-Clara-WADP
Locale
X-Hnp-Log
X-Bc-Bl
X-Cdn-Origin
X-Cache-ASPX
X-Fmm-Version
Thinkindot-CacheControl-Type
Rt-Fastcgi-Cache
X-DevSite-Last-Modified
Thinkindot-Control
Thinkindot-CacheControl
Server-Cache-Control
Server-Surrogate-Control
X-Developers
Server-Host
Viewport
Web-Mar-Node
X-Gamma-Serve
X-Gen-Mode
On-Server
X-Auto-Login
X-Cms-Context
X-Core-Value
X-Contensis-Viewer-Groups
X-Fastly-Cache
X-Generation-Time
Cache-Cookie-Set-From
X-Urbn-Site-Id
X-Cluster-Node
X-Request-Host
X-Varnish-Authentication
X-VG-TLSProxy
X-VServer
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Urbn-Context-Path
X-Trafficlayer-App-Version
X-TrackingId
X-Thinkindot-L3
X-Sn-Servicetimems
X-Trafficlayer-App-Name
X-ServiceProvider
X-Trafficlayer-App-Scope
X-Server-W
X-Servername
X-WADP-Cache
X-We-Are-Hiring
X-Li-Pop
X-LI-Proto
X-Level-Front-Cache
X-Micro-Cache
X-Served-From
Gh-Request-Id
Countrycode
X-Li-Fabric
X-LI-UUID
X-Matched-Rule
Content-Script-Type
X-Wikidot-Backend
X-Webstats-RespID
Content-Style-Type
X-Wikidot-Static-Cache
X-Generated-On
AKAMAI
X-Slack-Backend
X-Cluster-Name
X-UnsetCookies
X-Dispatch
X-Cache-FS-Status
X-Nginx-Cache-Key
X-Hash
X-Bip
X-Clientip
X-Origin-Date
X-Origin-Expires
X-Agile
X-Agile-Age
X-Agile-Id
X-Logging-Id
X-Ms-Request-Id
X-Thanos
X-Skip-Cache
X-Scheme
X-Vdms-Path
X-Cache-PHP
X-LAGOON
X-IN-APIGATEWAYSSL
X-Platform-Server
X-Ms-Version
X-NodeID
X-Owner
X-IN-APIGATEWAY
X-WebServer
X-Distil-CS
X-Dispatcher-Server
X-Rocket-Build-Number
X-TT-TIMESTAMP
X-Epic-Correlation-Id
X-Irp-Debug
X-Sigma
X-Device-Os
X-SN
X-Sigma-Backend
X-Storage
X-Fetched-On
X-Var-Ttl
X-Rebelmouse-Surrogate-Control
X-Core-Mission
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-SIPLIST1
X-Cache-Info
X-VC-Cache
X-Variation
X-Req
X-Varnish-Cacheable
X-CUA
X-RateLimit-Limit-Second
X-Distributor
Platform
NM-Fastcgi-Cache
Mail-Subject
CDCHOST
RNT-Machine
Server-ID
SD-X-WS
RNT-Time
Locid
IsBot
Fastly-SIE
Country-Code
Fastly-Drupal-HTML
Fastly-SWR
FNAC-ModuleRouting
Is-Eu
Group
V-Age
Proxy-Firewall
Wxu-Next-Commit
We-Hiring
X-App-Name
X-C
Adler-Geo
Wxu-Next-Region
W
Wxu-Next-Hostname
Cache-Host
X-Amzn-RequestId
X-B3-Spanid
X-Proxy-Upstream
X-Generated-In
Ha-Gx-Prefs
CF-Cached-On
X-CGP
X-Response-By
L5d-Success-Class
X-Hit
Kp-EeAlive
HA-Ipaddr
X-CSRF-Token
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
A
X-Cache-Tags
Request-Time
X-Eu-Site
X-Trace-Id
X-Swa-Ws
X-App-Server
X-Debug-Cookies
X-Debug-Log
X-NX-Host
X-RESPONSE-TIME
X-Cache-Expired-At
X-Refresh
X-SS-Set-Cookie
X-OVcl-Cache
X-Protected-By
Pagetype
Sever-Int
Server-Ext
X-Varnish-Beresp-Ttl
X-OVcl
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-CACHE-KEY
X-Instart-Isnd
M-TraceId
Server-Hostname
X-Debug-Cache-Expiry
X-TA-CDN-Provider
HostName
X-Method
X-FPC
PFcat
X-Node-Id
X-Parent-Response-Time
Mime-Version
X-Via-PopH
X-Worker
Magicmarker
X-Via-PopV
X-SRV
X-Wa
X-Varnish-URL
X-Varnish-Ttl
Geoip-Latitude
Geoip-City
X-MSEdge-Features
X-MSEdge-Flight
PICS-Label
X-Request-Start
X-Branch-Name
X-Envoy-Upstream-Healthchecked-Cluster
XServer
X-Be
X-Nc
X-GEO
GeoIp-Country-Code
X-Ruxit-Js-Agent
Powered-By-ChinaCache
Origin
X-Policy
X-Time
Memory
X-Planisys-CDN-TTL
Pramga
X-Planisys-CDN-Rules
X-Lb-Id
X-Planisys-CDN-Cache
X-Ratelimit-Remaining
Geo-Info
Cloudfront-Viewer-Country
Esi-Enabled
X-ND-Cache
X-C-Key
X-Service
X-C-Zone
X-SERVER-NAME
X-Load-Cache
HitType
Who
X-Pjax-Url
Cteonnt-Length
X-Reqid
X-Via-Ucdn
Dt-Cache-Category
X-HS-Status
X-ECache
Environment
X-BACKEND-TTL
X-Country-IP
X-Azure-Ref-OriginShield
X-Newrelic-App-Data
X-Wix-Viewer-Type
X-Myra-Origin2
X-DC
SRV
X-Servedbyhost
X-CSRF-TOKEN
X-Bc
X-Zone
X-Referer
X-VCL-Version
X-Correlation-ID
TTL
X-Cache-Metadata
NtCoent-Length
X-Vcl-Version
Fastly-Backend-Name
X-Up
Product
X-ZONE
Ttl
UCS
X-BC
X-Cdn-Forward
X-Ua
X-NGINX-Cache
X-ServedByHost
X-Origin-TTL
X-Cache-Host
X-Origin-CC
X-Ratelimit-Limit
X-Server-Time
X-Swift-Error
X-Pf-Uncompressing
X-Fastly-Country-Code
X-Server-IP
Pragrma
Resin-Trace
X-TT-LOGID
Cdn
FSS-Cache
Hostname
Cdn-Host
Cdn-Request-Time
X-Edge-Server
CACHE
Release
Cdnsip
Cdncip
X-Tec-Api-Root
C-Via
X-AIR-PT
X-AK-Request-ID
X-Tec-Api-Origin
X-PJAX-URL
X-Tec-Api-Version
X-App-Version
Lb
LB
Sid
X-NU-AKA-ACS-Version
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Node-ID
Load-Balancing
Warning
GeoIP-Country-Code
X-Configured-By
My-App
X-WPE-Loopback-Upstream-Addr
X-Cache-Backend
X-Location
MIME-Version
X-UPSTREAM-Address
X-WA
GeoIP-City
X-BE
X-Sucuri-Cache
Dnion-Transfer-Encoding
X-Air-Hostname
GeoIP-Latitude
Ohc-File-Size
X-Gzip
X-Mvc-Supplant-Cachable
X-Esi-Check
X-Varnish-Url
X-RAMCache
X-Tb-Optimization-Total-Bytes-Saved
X-Powered-Y
X-Cache-Id
X-Svr
RequestId
X-Cache-Debug
X-Fastly-Request-Id
X-TH-Server
Ohc-Cache-HIT
X-Mvc-Supplant-OutputCached
Lfy
X-Fastly-Backend-Reqs
X-Varnish-Beresp-TTL
X-VarnishDD-TTL
X-LiteSpeed-Cache-Control
X-B3-SpanId
IBM-Web2-Location
X-Fpc
Processtime
CF-IPCountry
Pics-Label
Fastly-SSL
X-MID
CDN
X-User
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Agile-Brick-Ok
X-ElasticPress-Search
Requestid
X-B3-Parentspanid
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-ElasticPress-Query
X-Page-Impression-Id
Host-ID
X-Flow-Id
X-Zalando-Child-Request-Id
Xet-Cookie
X-Via-NSCOPI
X-Check-Cacheable
X-Unique-ID
X-Debug-Controller
X-Debug-Revision
X-Ocache
Server-Int
X-Aicache-OS
Cneonction
X-SD-PageType
X-Sucuri-Id
X-Envoy-Decorator-Operation
X-DI
X-RPM
X-RPS
X-RSL
X-DW
X-DSS
X-Compress-Hint
X-DB
X-Akamai-ERRuleID
X-Action
X-Fastly-Cache-Hits
Powered-By
X-MiniProfiler-Ids
X-Request-URL
X-Edge-O15-RID
X-Dw-Trace-Id
X-LB-ID
DataCenter
X-Nananana
X-Cache-Tag
X-Request-Url
URI
CloudFront-Viewer-Country
X-Akamai-ERPolicy