Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-AspNetMvc-Version
X-Language
Status
X-Ua-Compatible
Upgrade
X-CDN
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-Request-ID
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Server
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Server-Id
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
EagleEye-TraceId
X-Backend-Server
X-Host
X-Node
X-Vhost
NEL
X-Cache-Lookup
X-Dispatcher
X-Ac
X-Response-Time
Surrogate-Control
X-Readtime
X-Origin-Upstream-Status
X-WebKit-CSP
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Country
X-DataDome
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Url
Edge-Control
X-Rack-Cache
Rating
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Vname
X-Goog-Hash
X-TtlSet
X-PC
X-FTR-Request-ID
X-Country-Code
X-DynaTrace
X-Instart-Request-ID
Allow
X-Varnish-TTL
X-ASPNET-VERSION
Content-MD5
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
X-Server-Name
X-D2id
Pinterest-Generated-By
X-ESI
X-Use-Magma
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-Kinja-Server
X-MS-InvokeApp
X-Webkit-Csp
SPRequestGuid
X-Powered-By-Plesk
X-Navigation-Version
X-Cached
X-Vcache
X-B3-TraceId
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-Debug
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Amz-Rid
Public-Key-Pins
X-Trace
X-Fastly-Request-ID
X-SharePointHealthScore
X-MSEdge-Ref
Nginx-Cache
Fusion-Deployment-Id
X-Vcap-Request-Id
TCN
X-VARITI-CCR
X-Ttl
Accept-Ch
X-Server-ID
MS-Author-Via
Charset
Arr-Disable-Session-Affinity
X-Px
X-Fastcgi-Cache
X-Accel-Expires
X-NF-Request-ID
X-Cache-TTL
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
Realpath
X-Middleton-Display
Display
Response
X-Middleton-Response
Pagespeed
Accept-CH
X-Content-Type
X-Ser
X-Sol
Accept-Ch-Lifetime
X-Client-IP
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Cache-Tag
X-DynaTrace-JS-Agent
NR-ENABLED
Front-End-Https
X-Powered-CMS
Access-Control-Request-Method
X-Pinterest-Rid
Pinterest-Version
X-Id
X-Grace
X-Hp-Webp
Accept-CH-Lifetime
X-Jurisdiction
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Upstream
S
X-Forwarded-For
X-Dns-Prefetch-Control
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-T
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Hits
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Element-Page-Cache
DynaTrace
X-Dw-Request-Base-Id
Ar-Sid
AR-CACHE
Fastcgi-Cache
ServerID
X-Mobile-URL
X-Node-Name
X-Shield-Request-Id
X-Cache-Hit
PB-RID
PB-PID
X-Country-Code-Real
X-Recruiting
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-GUploader-UploadID
X-FTR-Balancer
Server-Node
Powered
X-Amzn-Trace-Id
Arc-Version
X-Frontend
X-Mobile-Rewrite
TP-Cache
X-HS-Content-Id
X-HS-Hub-Id
TP-L2-Cache
X-HS-Cache-Config
X-FTR-Expires
WPE-Backend
AMP-Access-Control-Allow-Source-Origin
X-DIS-Request-ID
X-Ezoic-Cdn
Upgrade-Insecure-Requests
X-Shard
X-Request-Processing-Time
X-Request-Received
X-NWS-LOG-UUID
Refresh
Alternate-Protocol
Fastly-Restarts
X-TTL
X-HS-Combine-CSS
X-Logged-In
X-Correlation-Id
X-Varnish-Age
X-XRDS-LOCATION
X-Microsite
X-Request-Handler-Origin-Region
Server-Name
X-FTR-Cache-Host
X-F-Cache
X-B
X-Akamai-Edgescape
X-LB-Cache
X-Page-Id
X-User-Agent
X-Rid
MicrosoftSharePointTeamServices
X-Geo-Country
X-Content-Security-Policy-Report-Only
X-XRDS-Location
X-N
X-ATS-Timestamp
Backend-Timing
X-Via-JSL
X-Kong-Proxy-Latency
Host-Header
X-Kong-Upstream-Latency
Host
X-Zen-Fury
X-ORACLE-APMCS-TAG
Cache-Status
X-Origin-Server
X-ORACLE-APMCS-REQUEST-ID
X-Content-Options
X-Varnish-Grace
X-Kinsta-Cache
X-Revision
X-B3-Sampled
Healthy
X-AOL-HN
X-ATG-Version
X-TT
X-Tumblr-User
X-Jobs
X-Instance
X-Signature
X-Tumblr-Pixel
Paypal-Debug-Id
Actual-Object-TTL
X-Amz-Replication-Status
X-App-Environment
X-Cache-Action
X-B-Cache
X-FB-Debug
X-Tumblr-Pixel-0
X-Request-Guid
Access-Control-Allow-Method
Section-Io-Cache
X-Type
X-Amz-Apigw-Id
X-Varnish-Backend
X-Git-Hash
X-Debug-Info
Fastcgi-Useragent
Frame-Options
X-Whom
X-WebKit-CSP-Report-Only
Liferay-Portal
X-Content-Powered-By
X-Cluster
X-Hostname
X-Seen-By
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Daa-Tunnel
X-Cache-Rule
X-Cache-Age
X-Srv
X-Cache-Operation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Cache-Key
X-Az
X-Activity-Id
X-AppVersion
X-PHP-Backend
X-Framework
X-Endurance-Cache-Level
X-FireWall-Port
Tracecode
X-Cached-By
Trailer
X-Contextid
X-Amzn-Requestid
X-WA-Info
X-Mobile
Retry-After
Source
Xserver
X-IPLB-Instance
X-Host-Name
X-Accel-Buffering
NGB
X-Response-Served-From
X-Upgrade-Enabled
Srv
X-ProcessESI
Accept-Charset
X-RemovedCookies
Surrogate-Key
X-Presslabs-Stats
Payment
X-Adobe-Content
X-Adobe-Loc
X-Tumblr-Pixel-1
X-L-Path
X-UUID
X-Environment-Context
Eomportal-Instance
DC
X-Rendered-As
X-Is-Bot
X-GeoIP
X-Tumblr-Pixel-2
X-Region
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-Varnish-Server
X-FW-Type
X-Cacheable-TTL
X-Handled-By
X-Varnish-Hostname
Filters
X-Cache-NE
X-RequestSource
X-Origin-Response-Time
X-FastCGI-Cache
X-UA-Device-Type
From-Origin
X-RateLimit-Remaining
X-CST
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
VIX-Pulpo-Upstream-Status
X-Backend-Name
VIX-Pulpo-Node
Server-Info
X-Cache-2
X-Cache-Server
Cache-Tv-Group
MS-CV
X-APP-VERSION
X-NGENIX-Cache
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
Filterid
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
Version
Datacenter
X-Akamai-Transformed
X-Cache-Enabled
X-TIME
X-Unique-Id
X-Status
X-Mode
X-Cache-Time
S-Cnection
X-Yottaa-Metrics
X-Yottaa-Optimizations
Meta-Geo
X-Dc
X-ES-SERVER
X-Cache-Control
X-CCM
X-Cache-Var
X-Path-Route
X-Cache-Var-Map
X-RN-RSRV
ServedBy
X-Via-Fastly
GEO-INFO
X-IPS-LoggedIn
X-R9-Blue-Green-Version
Country
Cleartype
X-Hl-Ver
OT-Force-Account-Verify
Origin-Edge-Control
X-ShopId
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Redis-Cache
Cache-Tags
X-Sorting-Hat-PodId
Origin-Cache-Control
X-ShardId
NGX
X-Akamai-Request-ID2
Decoy-Debug-TTL
Now
X-ServerID
Decoy-Debug-Status
DB-Nickname
Decoy-Debug-Key
X-Pubstack
X-TX-ID
X-PERF
X-Debug-Cache
X-Alternate-Cache-Key
X-VWS-Id
X-AWS-Id
X-Proto
X-Device-Type
X-EIG-Tracking-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-LJ-Flow-ID
X-FW-Dynamic
X-Forwarded-Host
X-FC-Vary-Parameters
X-Pad
X-Cache-Status-Check
X-Vgn-Hpd-Reason
X-ApacheServer
Webcakes-Region
Cross-Origin-Window-Policy
X-JoinUs
X-Hosted-By
X-Generated
Webcakes-App-Version
Content-Disposition
X-IP
X-Loop
X-Origin
Azure-SiteName
Azure-SlotName
Azure-Version
Webcakes-App-Name
X-NCache
X-Locale
TWC-Privacy
X-Cache-Config
X-Amzn-Remapped-Content-Length
TWC-Connection-Speed
X-Proxied
X-Proxy-Build
Selected-Fe
Property-Id
TWC-Device-Class
X-Content-Age
TWC-Locale-Group
X-Proxy-Cache-Status
Ec-Rule-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Detected-As
Azure-RegionName
Azure-InstanceId
Section-Io-Origin-Status
X-Soup
Section-Io-Origin-Time-Seconds
X-Site-Version
X-Human
Section-Origin-Responded
Section-Io-Id
Cache-Key
X-Www-Served-By
X-Web-Node
X-Zipkin-Id
X-TNCMS
X-Tb
X-Timing-Wait
X-SayCDN-TTL
X-BYPASS-REASON
X-Say-Cacheable
X-Origin-Hint
X-SaId
X-Routing-Service
Akamai-GRN
X-ProxyCache-Status
X-Say-TTL
X-ProxyCache-Key
X-Xfnlog-Site
X-NYM-Debug-Backend
X-Access
X-RCS-CacheZone
Access-Control-Request-Headers
X-Viewer-Country
X-Varnish-Hits
X-NewRelic-App-Data
X-MP-GENERATED-AT
Mn-Server-Ip
S-Rt
X-Format
X-Ua-Device
X-Section
X-FB-TRIP-ID
X-Real-IP
X-Request-Time
Webserver
X-Geo
X-EC-Lua
X-BCube-Filmed-By
Cache-Hits
X-Generated-By
X-Cache-Remote
X-Esi
X-HTML-Minification-Powered-By
X-PressLabs-Stats
X-Adobe-Source
X-Akamai-Request-ID
Node
X-CACHE-KEY
X-Cdn
X-Amzn-RequestId
Odigeo-Trace-Id
X-Edge-O15-RID
FilterID
X-Microcachable
X-No-Session
X-B3-Traceid
X-SS-Set-Cookie
X-Rule
Nel
Accept-Language
X-Drupal-Cache-Tags
X-RESPONSE-TIME
X-Uri
Cf-Ipcountry
X-App-Server
X-RTag
Ms-Operation-Id
X-Azure-Ref
X-NWS-UUID-VERIFY
Time
X-From
X-OCL
X-Cache-NGX
X-PCL
X-CF-Powered-By
X-Qloud-Router
User-Agent
X-Varnish-Cache-Hits
X-Source
X-RateLimit-Limit
Proxy-Connection
X-Hyper-Cache
X-PHP-Host
X-Labrador-Cache-Channel
X-Info
X-Nginx-Cache
X-Old-Content-Length
X-Backend-TTL
X-UA
X-Nc
X-Time
X-GoCache-CacheStatus
X-Storage
X-Cache-Grace
X-Newrelic-Synthetics
Cache-Name
Uber-Trace-Id
X-GeoIP-Country-Code
AsisCache
Arc-Country
Fastcgi-X-Cache-Version
X-B-Cookie
X-G
Machine
X-DPWN-IS-SECURE
X-External-Request-Id
GEO-REGION-INFO
A
X-Varnish-Beresp-Status
X-OVcl-Cache
Xc-Version
X-PAYTM-SRV-ID
X-Cdn-Srv
X-OVcl
X-Vtex-Processado-Em
MD5-Digest
X-CF-Lambda-Fn
X-Vtex-Remote-Cache
X-Processor
Meta-Geo-Continent
X-A-Ccd
X-A-Dam
X-A
X-D
X-Date
X-A-Dcw
X-A-Dgt
X-Connection-Hash
X-CF-Lambda-Version
X-Aed
X-Accel-Expires-Debug
X-A-Wwc
VivaBuild
Viewtype
Request-Country
Request-EU
X-Varnish-Beresp-Grace
Rendered-Blocks
Mobile-Detection-Method
X-Developer
X-ARC
True-Client-Country-4JS
T-Server
ServerName
X-Destination
X-Application
BehaviorPad-Version
X-Request-URI
X-S
X-S-Cookie
X-Request-UUID
X-Rewrite-Enabled
X-Vdms-Version
X-VG-WebServer
X-Cluster-Node
X-ScT
X-Region-Sid
X-Rojux
X-Session-Fingerprint
X-VG-WebCache
X-SRCache-Key
X-Trv-Group
X-Transaction
X-Twitter-Response-Tags
X-CS
X-Cluster-Name
X-Trafficlayer-App-Scope
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Magnolia-Registration
X-Trafficlayer-App-Version
X-IN-APIGATEWAY
X-Trafficlayer-App-Name
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Content-Style-Type
X-ServiceProvider
Server-Host
X-VG-TLSProxy
X-Reboot
X-Sn-Servicetimems
PFcat
X-UnsetCookies
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Generated-On
Content-Script-Type
X-Geo-Header
X-Served-From
Viewport
Thinkindot-Control
X-Thinkindot-L3
X-GeoIP-City
X-IN-APIGATEWAYSSL
X-Rocket-Nginx-Bypass
X-Level-Front-Cache
X-Cache-Expired-At
X-Core-Value
X-Cdn-Origin
X-Drupal-Cache-Contexts
X-Matched-Rule
Geo-Info
Rt-Fastcgi-Cache
X-S-Maxage
User-Cache-Control
Server-ID
Server-Cache-Control
X-Bip
X-VC-Cache
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Thanos
Server-Surrogate-Control
X-Debug-Cookies
X-Cache-ASPX
X-Dispatch
X-Device-Os
X-Dispatcher-Server
X-Cache-FS-Status
On-Server
X-Cache-Bucket
Pramga
X-Debug-Log
X-Swa-Ws
X-Cache-URL
X-Slack-Backend
X-Block-Status
X-Backend-State
X-Clara-WADP
X-Cms-Context
X-CGP
X-Var-Ttl
X-Debug-Cache-Expiry
X-Contensis-Viewer-Groups
X-Urbn-Site-Id
N-Cache
X-Urbn-Context-Path
X-Core-Mission
X-CUA
Web-Mar-Node
We-Hiring
X-Tumblr-Pixel-3
X-Trace-Id
X-BBXSRF
X-Bc-Bl
V-Age
X-TrackingId
X-Backend-Host
X-Debug-Cache-Fetch
X-App-Name
X-Auto-Login
X-Varnish-Authentication
X-Debug-Cache-Store
X-Eu-Site
X-Li-Fabric
X-VCT
X-LAGOON
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Edge-Location
X-JWT-State
X-Is-Gdpr
AKAMAI
X-Cache-Info
Cache-Host
X-SIPLIST1
X-WADP-Cache
X-VServer
X-Irp-Debug
X-Logging-Id
X-Micro-Cache
Powered-By-ChinaCache
X-Varnish-Beresp-Ttl
X-Request-Host
X-Load-Cache
X-Proxy-Upstream
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Owner
X-Origin-Expires
X-Nginx-Cache-Key
X-Ms-Version
X-Ms-Request-Id
X-NodeID
X-NX-Host
X-Origin-Date
X-Rocket-Build-Number
X-Hnp-Log
X-Instart-Isnd
X-Webstats-RespID
IsBot
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Group
Kp-EeAlive
L5d-Success-Class
X-Distributor
X-Sigma-Backend
Memcached
X-Sigma
Locale
Mail-Subject
X-Fastly-Cache
Heartbleed
X-Gen-Mode
X-Gamma-Serve
X-Hash
X-Has-Esi
X-Generated-In
Country-Code
X-FW-Version
X-Server-W
X-Varnish-Ttl
X-WebServer
X-Fetched-On
X-Generation-Time
X-Wikidot-Static-Cache
X-Distil-CS
X-Cache-Tags
X-Rebelmouse-Cache-Control
X-Req
X-Rebelmouse-Surrogate-Control
X-Skip-Cache
X-Variation
X-We-Are-Hiring
X-Lb-Id
X-TT-TIMESTAMP
X-Varnish-Cacheable
X-Wikidot-Backend
X-Developers
X-Clientip
X-Platform-Server
Wxu-Next-Commit
RNT-Time
RNT-Machine
X-DevSite-Last-Modified
W
Adler-Geo
CDCHOST
Cloudfront-Viewer-Country
Countrycode
FNAC-ModuleRouting
Is-Eu
X-Servername
Platform
Fastly-SIE
Fastly-SWR
Wxu-Next-Hostname
Wxu-Next-Region
Locid
X-Epic-Correlation-Id
Fastly-Drupal-HTML
Mime-Version
X-Agile-Age
X-Agile-Id
X-Agile
X-Fmm-Version
X-NC
X-Node-Id
X-Sucuri-ID
X-Service
X-Response-By
X-BACKEND-TTL
X-Hit
X-Refresh
X-ND-Cache
X-C
X-Scheme
X-VHOST
HitType
X-TA-CDN-Provider
Cache
SD-X-WS
Environment
X-Instart-Info
X-MCACHE
X-SN
X-Edge
X-CLOUD-TRACE-CONTEXT
X-Ratelimit-Remaining
X-APP
X-B3-Spanid
X-Pjax-Url
X-Varnish-URL
X-Cdn-Forward
X-CSRF-Token
X-App-Version
Proxy-Firewall
Hostname
Origin
Vix-Hermes-Req-Id
X-VCache
X-Parent-Response-Time
X-CDN-Forward
X-MSEdge-Features
M-TraceId
X-Cache-PHP
X-MSEdge-Flight
Request-Time
X-Origin-TTL
X-Origin-CC
X-Up
X-Correlation-ID
X-Mid
NM-Fastcgi-Cache
CF-Cached-On
Fastly-Backend-Name
X-Vdms-Path
X-Wa
X-FPC
X-Server-Time
Geoip-City
X-ECACHE
Geoip-Latitude
X-CSRF-TOKEN
X-Be
Server-Hostname
X-TT-LOGID
X-Edge-Server
X-ECache
Pragrma
GeoIp-Country-Code
Server-Ext
Cdn-Request-Time
PICS-Label
Cdn-Host
Pagetype
Sever-Int
TTL
X-Ua
NtCoent-Length
Cdn
X-Webkit-CSP
X-Vcl-Version
X-Wix-Viewer-Type
HostName
CACHE
Cdncip
X-AK-Request-ID
X-HS-Status
Cdnsip
X-Protected-By
X-URL
X-Worker
Ohc-File-Size
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Method
X-Newrelic-App-Data
X-Via-PopV
X-Myra-Origin2
X-Via-PopH
X-Cache-Host
X-Request-Start
X-Air-Hostname
X-Ratelimit-Limit
Memory
X-Litespeed-Cache
X-NU-AKA-ACS-Version
X-Zone
X-Branch-Name
X-Referer
X-Envoy-Upstream-Healthchecked-Cluster
Magicmarker
X-Bc
X-Cache-Metadata
Cteonnt-Length
Resin-Trace
X-Azure-Ref-OriginShield
Dt-Cache-Category
X-Policy
X-ServedByHost
X-ZONE
X-Servedbyhost
X-BC
SRV
X-Dynatrace-Js-Agent
X-DC
X-C-Zone
X-C-Key
X-Planisys-CDN-TTL
RequestId
Release
X-Planisys-CDN-Cache
X-Cache-Debug
X-Planisys-CDN-Rules
X-Oneagent-Js-Injection
X-FORWARDED-FOR
X-Pf-Uncompressing
X-Pinterest-Direct
X-GEO
X-Swift-Error
Ohc-Cache-HIT
Load-Balancing
X-TH-Server
X-Unique-ID
XServer
X-NGINX-Cache
X-VCL-Version
Esi-Enabled
X-Reqid
Who
IBM-Web2-Location
Lb
X-Tec-Api-Version
X-Esi-Check
Server-Int
GeoIP-Country-Code
X-Configured-By
Pics-Label
Ttl
X-SRV
X-Cache-Id
X-AIR-PT
X-Tec-Api-Origin
X-Tec-Api-Root
Dnion-Transfer-Encoding
X-Ruxit-Js-Agent
GeoIP-City
Powered-By
X-WA
X-Gzip
GeoIP-Latitude
X-COUNTRY
X-Country-IP
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Ucdn
UCS
X-Ocache
X-Datadome
X-Fastly-Country-Code
X-Node-ID
LB
Tcn
X-Fpc
Product
X-B3-SpanId
FSS-Cache
MIME-Version
Fastly-Soc-X-Request-Id
X-VarnishDD-TTL
Fastly-SSL
X-RAMCache
X-Svr
X-Powered-Y
Sid
X-Action
X-PF-Uncompressing
X-SERVER-NAME
X-RSL
X-Varnish-Url
X-DB
X-PJAX-URL
X-RPM
X-Server-IP
X-Fastly-Request-Id
X-RPS
X-Flog
X-DSS
X-DI
X-Hello
X-Fastly-Backend-Reqs
X-DW
X-ABtesting
Lfy
X-WPE-Loopback-Upstream-Addr
X-HostName
X-MID
FSS-Proxy
X-SD-PageType
X-Varnish-Beresp-TTL
Host-ID
X-Cache-Backend
X-Apw-Hits
Requestid
Amp-Access-Control-Allow-Source-Origin
X-Page-Impression-Id
Xet-Cookie
C-Via
X-Flow-Id
X-Zalando-Child-Request-Id
X-BE
X-LiteSpeed-Cache-Control
ProcessTime
X-Agile-Brick-Ok
X-Via-CDN
X-Render-Time
X-Apw-Access-Action
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Apw-Access-Token
X-Apw-Access-Object
X-ElasticPress-Search
CF-IPCountry
X-User
SN
X-Debug-Controller
X-Aicache-OS
X-Compress-Hint
X-B3-Parentspanid
WebServer
CDN
Cneonction
X-Debug-Revision
X-Check-Cacheable
WZWS-RAY
L
X-Litespeed-Cache-Control
X-UPSTREAM-Address
X-Beluga-Node
X-Beluga-Cache-Status
X-Fastly-Cache-Hits
X-Request-Url
X-Beluga-Record
X-Beluga-Trace
X-Beluga-Status
X-Beluga-Response-Time
X-Key
X-Dw-Trace-Id
X-Request-URL
X-Internal-Host
X-MiniProfiler-Ids
X-Nananana
DataCenter
X-LB-ID
CloudFront-Viewer-Country
X-App