Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
CF-Ray
Referrer-Policy
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Template
X-Language
X-Ua-Compatible
Status
Upgrade
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Server
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
X-Page-Speed
X-Request-ID
X-Hacker
X-Server-Powered-By
X-Pingback
Server-Timing
Feature-Policy
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Device
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
EagleEye-TraceId
X-Backend-Server
X-Host
X-Vhost
X-Node
X-Response-Time
NEL
X-Dispatcher
X-WebKit-CSP
X-Ac
X-Cache-Lookup
X-Readtime
X-Origin-Upstream-Status
Surrogate-Control
Content-Location
Request-Id
X-Application-Context
X-Ruxit-JS-Agent
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Country
X-DataDome
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Url
Edge-Control
X-Rack-Cache
Rating
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
X-FTR-Request-ID
X-DynaTrace
X-ASPNET-VERSION
X-Varnish-TTL
X-Country-Code
X-Instart-Request-ID
Allow
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
Content-MD5
X-Dns-Prefetch-Control
X-Server-Name
X-D2id
Pinterest-Generated-By
X-Use-Magma
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-MS-InvokeApp
X-ESI
SPRequestGuid
X-Cached
X-Powered-By-Plesk
X-Navigation-Version
X-Vcache
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-B3-TraceId
X-Abt-Application-Version
Fusion-Deployment-Id
X-Debug
X-Amz-Rid
TCN
X-Trace
Public-Key-Pins
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Fastly-Request-ID
Nginx-Cache
X-MSEdge-Ref
X-SharePointHealthScore
X-Vcap-Request-Id
X-Server-ID
X-VARITI-CCR
X-Ttl
Arr-Disable-Session-Affinity
MS-Author-Via
Charset
Accept-Ch
X-Px
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
Accept-CH
X-Webkit-Csp
SPIisLatency
SPRequestDuration
Edge-Cache-Tag
Realpath
X-Middleton-Response
X-Middleton-Display
Pagespeed
Display
Response
X-Content-Type
X-Fastcgi-Cache
X-Ser
X-Client-IP
X-Sol
Cache-Tag
X-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-DynaTrace-JS-Agent
Accept-Ch-Lifetime
NR-ENABLED
Accept-CH-Lifetime
X-Powered-CMS
Front-End-Https
X-Pinterest-Rid
Pinterest-Version
X-Id
Access-Control-Request-Method
X-Grace
X-Jurisdiction
X-Hp-Webp
AR-ATIME
AR-PoweredBy
AR-Request-ID
S
X-Upstream
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Hits
X-T
X-Content-Digest
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
DynaTrace
X-Forwarded-For
X-Dw-Request-Base-Id
Ar-Sid
AR-CACHE
Fastcgi-Cache
ServerID
X-Mobile-URL
X-Shield-Request-Id
X-Node-Name
X-Cache-Hit
X-Goog-Generation
PB-RID
PB-PID
X-Goog-Metageneration
X-Goog-Storage-Class
X-Recruiting
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Powered
X-FTR-Backend
X-Country-Code-Real
X-Frontend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
Server-Node
WPE-Backend
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
TP-Cache
Arc-Version
X-Mobile-Rewrite
TP-L2-Cache
X-Amzn-Trace-Id
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
Upgrade-Insecure-Requests
X-DIS-Request-ID
X-TTL
X-Request-Processing-Time
X-Request-Received
X-Shard
X-Ezoic-Cdn
Refresh
Alternate-Protocol
X-HS-Combine-CSS
X-NWS-LOG-UUID
Fastly-Restarts
X-Logged-In
X-XRDS-Location
X-Correlation-Id
X-Varnish-Age
X-Request-Handler-Origin-Region
X-Microsite
Server-Name
X-B
X-F-Cache
X-LB-Cache
X-Page-Id
Backend-Timing
X-Akamai-Edgescape
X-ATS-Timestamp
X-FTR-Cache-Host
X-Rid
X-Geo-Country
X-User-Agent
X-Content-Security-Policy-Report-Only
X-N
MicrosoftSharePointTeamServices
Host-Header
X-XRDS-LOCATION
X-Via-JSL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Host
X-Zen-Fury
Cache-Status
X-Origin-Server
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Varnish-Grace
X-Kinsta-Cache
X-Content-Options
Healthy
X-B3-Sampled
X-AOL-HN
X-ATG-Version
X-Revision
X-TT
Section-Io-Cache
X-B-Cache
X-Type
X-Tumblr-User
X-Jobs
X-Amz-Replication-Status
X-Cache-Action
Paypal-Debug-Id
Actual-Object-TTL
X-Tumblr-Pixel
X-Signature
X-FB-Debug
X-Instance
X-Tumblr-Pixel-0
X-Request-Guid
X-Debug-Info
X-Git-Hash
Access-Control-Allow-Method
X-App-Environment
Frame-Options
X-WebKit-CSP-Report-Only
X-Varnish-Backend
Fastcgi-Useragent
X-Whom
X-Hostname
X-Amz-Apigw-Id
Liferay-Portal
X-Content-Powered-By
X-Cluster
X-Seen-By
X-Tt-Trace-Tag
X-Cache-Rule
X-Tt-Trace-Host
X-Cache-Operation
X-Erf-Bev-Bev
Trailer
X-Cache-Age
X-Erf-Bev-Bev-Is-Generated
X-FastCGI-Cache
X-Amzn-Requestid
X-FireWall-Port
X-Az
X-Activity-Id
X-PHP-Backend
X-AppVersion
X-Endurance-Cache-Level
X-Contextid
X-Framework
Tracecode
X-Cache-Key
X-Srv
X-Daa-Tunnel
X-Cached-By
X-WA-Info
X-Host-Name
Retry-After
X-Mobile
X-Upgrade-Enabled
Source
X-IPLB-Instance
X-Accel-Buffering
NGB
X-Response-Served-From
X-ProcessESI
Accept-Charset
X-RemovedCookies
X-RateLimit-Remaining
Srv
X-UUID
X-Adobe-Content
Surrogate-Key
Xserver
X-Adobe-Loc
X-Tumblr-Pixel-1
X-FW-Serve
DC
X-Environment-Context
X-Region
X-FW-Hash
X-FW-Static
X-Is-Bot
X-Varnish-Server
X-Tumblr-Pixel-2
X-RequestSource
X-FW-Type
Payment
X-Presslabs-Stats
Eomportal-Instance
X-Cache-NE
X-Rendered-As
X-L-Path
X-FW-Server
X-Cacheable-TTL
X-GeoIP
X-Handled-By
X-Varnish-Hostname
Filters
X-Origin-Response-Time
From-Origin
X-UA-Device-Type
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Backend-Name
X-Cache-2
Server-Info
X-APP-VERSION
X-Esi
X-Cache-Server
Cache-Tv-Group
X-CST
Filterid
MS-CV
X-NGENIX-Cache
Datacenter
X-TIME
X-Akamai-Transformed
Version
X-Unique-Id
X-Cache-Enabled
X-Status
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
S-Cnection
X-Cache-Time
X-Mode
X-Cache-Control
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Path-Route
X-Cache-Var
X-CCM
X-ES-SERVER
Meta-Geo
X-Cache-Var-Map
X-Dc
X-RN-RSRV
Cache-Tags
Cleartype
X-R9-Blue-Green-Version
X-Ua-Device
X-PERF
X-ApacheServer
Country
Webserver
X-Forwarded-Host
ServedBy
X-Via-Fastly
X-Hl-Ver
Decoy-Debug-Key
DB-Nickname
X-ServerID
X-ShopId
X-Shopify-Generated-Cart-Token
X-Origin
Decoy-Debug-Status
X-Redis-Cache
Akamai-GRN
Cache-Key
Section-Io-Id
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Alternate-Cache-Key
X-ProxyCache-Key
X-Human
X-Origin-Hint
X-Goog-Meta-Goog-Reserved-File-Mtime
X-EIG-Tracking-Id
X-BYPASS-REASON
TWC-GeoIP-Country
TWC-Device-Class
Now
Origin-Cache-Control
NGX
X-Pubstack
X-RCS-CacheZone
Origin-Edge-Control
Property-Id
Section-Origin-Responded
TWC-Connection-Speed
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-ProxyCache-Status
Decoy-Debug-TTL
X-ShardId
OT-Force-Account-Verify
X-Tb
X-FW-Dynamic
X-IPS-LoggedIn
X-Vgn-Hpd-Reason
X-FC-Vary-Parameters
X-Shopify-Stage
X-TX-ID
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Loop
X-Locale
X-IP
X-PressLabs-Stats
GEO-INFO
X-Amzn-Remapped-Content-Length
X-Detected-As
X-Proxied
X-Hosted-By
Selected-Fe
X-AWS-Id
X-Debug-Cache
X-Content-Age
X-TNCMS
X-Format
X-Web-Node
X-Generated
X-Proxy-Build
X-SayCDN-TTL
X-Akamai-Request-ID2
X-Access
X-Say-Cacheable
X-Cache-Status-Check
X-Say-TTL
X-Proto
X-Cache-Config
Azure-SiteName
X-JoinUs
X-VWS-Id
Content-Disposition
X-SaId
Azure-Version
X-Zipkin-Id
X-Routing-Service
X-Section
Azure-RegionName
X-Www-Served-By
X-Site-Version
Cross-Origin-Window-Policy
X-Timing-Wait
Ec-Rule-Version
Azure-InstanceId
X-Xfnlog-Site
X-LJ-Flow-ID
Azure-SlotName
X-Proxy-Cache-Status
X-NCache
X-Soup
X-Varnish-Hits
X-Viewer-Country
X-Real-IP
X-Request-Time
X-NYM-Debug-Backend
X-MP-GENERATED-AT
Mn-Server-Ip
S-Rt
X-FB-TRIP-ID
Access-Control-Request-Headers
X-Adobe-Source
X-Akamai-Request-ID
Cache-Hits
X-Cache-Remote
X-EC-Lua
X-Cdn
X-CACHE-KEY
X-Pad
X-Device-Type
X-BCube-Filmed-By
X-Generated-By
X-HTML-Minification-Powered-By
Node
X-NewRelic-App-Data
X-B3-Traceid
X-Geo
Odigeo-Trace-Id
Nel
X-Microcachable
X-No-Session
X-Rule
X-Drupal-Cache-Tags
Accept-Language
X-SS-Set-Cookie
X-Amzn-RequestId
FilterID
X-Uri
Cf-Ipcountry
X-Cache-NGX
X-Azure-Ref
X-From
X-RateLimit-Limit
X-RTag
Ms-Operation-Id
X-App-Server
X-CF-Powered-By
X-Qloud-Router
Time
X-Backend-TTL
X-OCL
X-Source
X-PCL
User-Agent
X-NWS-UUID-VERIFY
X-Edge-O15-RID
X-Varnish-Cache-Hits
X-Labrador-Cache-Channel
Proxy-Connection
X-Hyper-Cache
X-PHP-Host
X-Info
X-Nginx-Cache
X-Old-Content-Length
X-GoCache-CacheStatus
X-Storage
Cache-Name
X-Cache-Grace
X-UA
Uber-Trace-Id
Rendered-Blocks
X-A-Dcw
Mobile-Detection-Method
X-A-Dam
Request-Country
Viewtype
X-A
VivaBuild
X-A-Ccd
Meta-Geo-Continent
ServerName
T-Server
Request-EU
GEO-REGION-INFO
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Drupal-Cache-Contexts
Apple-News-Services-Host
A
Apple-News-Services-Handled
Arc-Country
X-A-Dgt
Fastcgi-X-Cache-Version
Machine
BehaviorPad-Version
X-CS
AsisCache
MD5-Digest
X-CF-Lambda-Fn
X-S
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-Rojux
X-Rewrite-Enabled
X-Region-Sid
X-Request-URI
X-Request-UUID
X-SRCache-Key
X-Transaction
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Version
X-Processor
X-PAYTM-SRV-ID
X-Cdn-Srv
X-CF-Lambda-Version
X-Connection-Hash
X-B-Cookie
X-ARC
X-Accel-Expires-Debug
X-Aed
X-Application
X-D
X-Date
X-GeoIP-Country-Code
X-OVcl
X-OVcl-Cache
X-G
X-External-Request-Id
X-Destination
X-Developer
X-DPWN-IS-SECURE
X-A-Wwc
True-Client-Country-4JS
X-Varnish-Beresp-Status
X-Newrelic-Synthetics
X-Varnish-Beresp-Grace
X-Time
X-NC
X-Cluster-Name
X-Cluster-Node
Geo-Info
X-VG-TLSProxy
PFcat
X-Thinkindot-L3
Thinkindot-CacheControl
X-Reboot
Content-Style-Type
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Content-Script-Type
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Matched-Rule
X-Level-Front-Cache
X-ServiceProvider
X-Rocket-Nginx-Bypass
X-Oneagent-Js-Injection
X-GeoIP-City
X-Geo-Header
X-Cache-Expired-At
Viewport
X-Sn-Servicetimems
X-Core-Value
X-Generated-On
X-Served-From
X-Cdn-Origin
X-Edge-Location
X-VCT
X-Nc
User-Cache-Control
X-S-Maxage
X-Agile-Age
X-Agile-Id
X-Agile
X-Magnolia-Registration
X-RateLimit-Limit-Second
X-FW-Version
X-Logging-Id
X-Backend-Host
X-BBXSRF
X-Auto-Login
X-Irp-Debug
X-App-Name
X-LAGOON
X-Has-Esi
X-Is-Gdpr
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Web-Mar-Node
W
X-Origin-Date
X-JWT-State
X-NodeID
X-IN-APIGATEWAYSSL
X-Micro-Cache
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache-Key
X-Owner
X-Origin-Expires
X-Bip
X-Fetched-On
X-Debug-Cache-Expiry
X-Backend-State
X-Fmm-Version
X-Core-Mission
X-Gamma-Serve
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Device-Os
X-Distil-CS
X-Developers
X-Distributor
X-Fastly-Cache
X-Epic-Correlation-Id
X-Contensis-Viewer-Groups
X-Gen-Mode
X-DevSite-Last-Modified
X-Cache-Bucket
X-Cache-ASPX
X-IN-APIGATEWAY
X-RateLimit-Remaining-Second
X-Block-Status
X-Hnp-Log
X-Cache-FS-Status
X-Clara-WADP
X-Cms-Context
X-Generated-In
X-Cache-URL
Rt-Fastcgi-Cache
X-Cache-Info
X-Bc-Bl
V-Age
X-TT-TIMESTAMP
Gh-Request-Id
X-Tumblr-Pixel-3
X-Servername
X-Urbn-Context-Path
FNAC-ModuleRouting
Group
X-Trafficlayer-App-Version
X-Trace-Id
Locale
X-TrackingId
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Heartbleed
Fastly-Drupal-HTML
X-Urbn-Site-Id
CDCHOST
X-Wikidot-Backend
Cache-Host
X-Wikidot-Static-Cache
X-Varnish-Beresp-Ttl
AKAMAI
X-Webstats-RespID
X-WebServer
X-Varnish-Authentication
Country-Code
X-Varnish-Cacheable
X-VC-Cache
X-WADP-Cache
Memcached
Locid
IsBot
RNT-Machine
RNT-Time
X-Rocket-Build-Number
X-VServer
X-LI-Proto
X-Server-W
Server-Cache-Control
Server-Host
X-Request-Host
X-Req
Server-Surrogate-Control
X-Li-Fabric
Server-ID
Pramga
X-Li-Pop
On-Server
X-SIPLIST1
Powered-By-ChinaCache
X-Swa-Ws
X-Thanos
N-Cache
X-Sigma-Backend
X-Slack-Backend
X-LI-UUID
X-Sigma
X-UnsetCookies
X-Eu-Site
X-Dispatcher-Server
Fastly-SIE
Platform
Fastly-SWR
Adler-Geo
Countrycode
X-Hash
X-Instart-Isnd
X-Var-Ttl
X-Variation
X-Generation-Time
X-Hit
X-NX-Host
X-Proxy-Upstream
X-Debug-Cookies
L5d-Success-Class
Mail-Subject
Kp-EeAlive
Is-Eu
X-Rebelmouse-Cache-Control
We-Hiring
X-Skip-Cache
X-Platform-Server
X-Dispatch
X-C
X-Clientip
HA-Ipaddr
X-CGP
X-Scheme
X-Debug-Log
X-Rebelmouse-Surrogate-Control
X-We-Are-Hiring
X-CUA
Ha-Gx-Prefs
X-Load-Cache
Mime-Version
X-Node-Id
X-Sucuri-ID
X-VHOST
X-RESPONSE-TIME
X-Lb-Id
X-ND-Cache
X-Service
X-Refresh
X-Cache-Tags
X-Response-By
Cloudfront-Viewer-Country
Cache
X-CLOUD-TRACE-CONTEXT
HitType
X-TA-CDN-Provider
X-Edge
X-Instart-Info
SD-X-WS
X-MCACHE
X-B3-Spanid
Environment
X-APP
X-SN
X-CDN-Forward
Proxy-Firewall
X-VCache
X-Varnish-URL
X-BACKEND-TTL
Vix-Hermes-Req-Id
X-Parent-Response-Time
Origin
X-Cache-PHP
X-Varnish-Ttl
X-ECACHE
X-Pjax-Url
Hostname
X-CSRF-TOKEN
X-Wa
X-Mid
X-App-Version
X-Vdms-Path
X-Correlation-ID
Request-Time
M-TraceId
X-MSEdge-Flight
X-MSEdge-Features
CF-Cached-On
X-CSRF-Token
X-Origin-TTL
X-Origin-CC
Fastly-Backend-Name
X-Cdn-Forward
X-Up
PICS-Label
NM-Fastcgi-Cache
X-Ruxit-Js-Agent
X-Ratelimit-Remaining
Server-Ext
Server-Hostname
X-FPC
X-Server-Time
Sever-Int
X-Be
X-Ua
X-Edge-Server
X-TT-LOGID
Pragrma
X-Webkit-CSP
Geoip-Latitude
Cdn-Request-Time
Geoip-City
X-Wix-Viewer-Type
Pagetype
Cdn-Host
HostName
X-FORWARDED-FOR
TTL
GeoIp-Country-Code
NtCoent-Length
X-ECache
X-HS-Status
X-Method
X-URL
Cdncip
Cdnsip
Cdn
X-Newrelic-App-Data
X-AK-Request-ID
X-Via-PopV
X-Via-PopH
X-Worker
Magicmarker
X-Myra-Origin2
X-Protected-By
CACHE
X-Vcl-Version
X-Zone
X-Litespeed-Cache
X-Bc
X-Referer
X-Envoy-Upstream-Healthchecked-Cluster
X-Request-Start
Resin-Trace
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Servedbyhost
Ohc-File-Size
X-GEO
X-Cache-Metadata
X-Azure-Ref-OriginShield
Memory
XServer
X-NU-AKA-ACS-Version
Dt-Cache-Category
X-Policy
X-Air-Hostname
X-Branch-Name
X-Cache-Host
X-DC
SRV
Cteonnt-Length
X-Dynatrace-Js-Agent
X-Pinterest-Direct
Release
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-C-Zone
X-Planisys-CDN-Cache
X-BC
X-C-Key
X-ZONE
X-Ratelimit-Limit
X-Cache-Debug
X-ServedByHost
Esi-Enabled
X-SRV
X-Pf-Uncompressing
Load-Balancing
RequestId
X-VCL-Version
Lb
X-Swift-Error
X-NGINX-Cache
Who
X-TH-Server
Ttl
Ohc-Cache-HIT
X-Cache-Id
GeoIP-Country-Code
Dnion-Transfer-Encoding
X-Reqid
X-Esi-Check
X-Configured-By
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
IBM-Web2-Location
X-AIR-PT
X-Via-Ucdn
X-Unique-ID
X-Gzip
X-COUNTRY
Server-Int
X-Datadome
X-Country-IP
GeoIP-Latitude
X-Fastly-Country-Code
X-Node-ID
Pics-Label
GeoIP-City
X-Tb-Optimization-Total-Bytes-Saved
FSS-Cache
X-Fpc
X-Ocache
UCS
Powered-By
MIME-Version
LB
Product
X-VarnishDD-TTL
X-WA
X-B3-SpanId
X-RAMCache
X-Svr
X-PJAX-URL
X-Powered-Y
X-SERVER-NAME
Fastly-Soc-X-Request-Id
X-PF-Uncompressing
Sid
Fastly-SSL
X-Action
X-Fastly-Request-Id
X-WPE-Loopback-Upstream-Addr
X-Varnish-Url
X-Fastly-Backend-Reqs
X-Server-IP
Lfy
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
X-Hello
X-Flog
X-MID
X-Apw-Access-Action
X-DI
X-SD-PageType
X-ABtesting
X-DB
FSS-Proxy
X-Varnish-Beresp-TTL
X-DW
X-RPM
X-RPS
X-DSS
X-RSL
X-Page-Impression-Id
X-Agile-Brick-Ok
X-Flow-Id
X-Render-Time
X-Zalando-Child-Request-Id
X-LiteSpeed-Cache-Control
CDN
X-BE
X-ElasticPress-Search
Host-ID
Xet-Cookie
Tcn
Amp-Access-Control-Allow-Source-Origin
C-Via
Requestid
CF-IPCountry
X-Aicache-OS
ProcessTime
Cneonction
X-Via-CDN
L
X-Compress-Hint
SN
X-LB-ID
X-B3-Parentspanid
X-Debug-Revision
X-Debug-Controller
X-Cache-Backend
X-Amzn-Remapped-Date
X-Check-Cacheable
X-Amzn-Remapped-Connection
X-HostName
X-MiniProfiler-Ids
X-Dw-Trace-Id
My-App
X-User
WZWS-RAY
X-Request-URL
X-App
X-Fastly-Cache-Hits
X-Nananana
DataCenter
CloudFront-Viewer-Country
X-Request-Url