Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
CF-RAY
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
P3P
X-Amz-Cf-Id
X-Served-By
X-UA-Compatible
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Ua-Compatible
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
P3p
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-Content-Security-Policy
X-AspNetMvc-Version
X-Buckets
Content-Encoding
X-CDN
Access-Control-Expose-Headers
X-Request-ID
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Cache-Group
X-Server
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
EagleId
Xkey
X-Page-Speed
X-Hacker
Feature-Policy
X-Server-Powered-By
Request-Context
X-Pingback
Server-Timing
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Report-To
Cf-Railgun
X-OneAgent-JS-Injection
X-Rq
X-LiteSpeed-Cache
X-Server-Id
X-Device
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
NEL
X-Node
X-Response-Time
X-Dispatcher
X-Ac
X-WebKit-CSP
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Origin-Upstream-Status
Surrogate-Control
Request-Id
X-Readtime
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Component-Id
Content-Location
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-DataDome
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Url
X-Rack-Cache
X-Cloud-Trace-Context
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-TtlSet
X-PC
X-Vname
X-Goog-Hash
X-FTR-Request-ID
Fusion-Deployment-Id
X-Country-Code
X-ASPNET-VERSION
X-DynaTrace
X-Varnish-TTL
Verso
Allow
X-GitHub-Request-Id
Service-Worker-Allowed
X-Instart-Request-ID
X-MS-InvokeApp
X-D2id
Accept-CH
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
Content-MD5
X-Server-Name
SPRequestGuid
Pinterest-Generated-By
X-Forwarded-Proto
X-Cached
X-Powered-By-Plesk
X-Trace
X-Navigation-Version
TCN
Accept-CH-Lifetime
X-Abt-Application-Version
X-SharePointHealthScore
X-Amz-Rid
X-Amz-Server-Side-Encryption
X-Fastly-Request-ID
Public-Key-Pins
X-Vcap-Request-Id
Nginx-Cache
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Debug
X-MSEdge-Ref
SPRequestDuration
SPIisLatency
X-VARITI-CCR
X-DynaTrace-JS-Agent
Arr-Disable-Session-Affinity
X-Ttl
X-Vcache
X-Accel-Expires
X-ESI
Charset
X-B3-TraceId
X-Cache-TTL
MS-Author-Via
NR-ENABLED
Response
X-Middleton-Response
X-NF-Request-ID
Display
X-Middleton-Display
Pagespeed
X-Sol
X-Px
X-Content-Type
Realpath
X-Client-IP
Cache-Tag
S
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
Access-Control-Request-Method
X-Id
X-Server-ID
WPE-Backend
Pinterest-Version
Edge-Cache-Tag
X-Pinterest-Rid
X-Grace
X-Powered-CMS
X-Webkit-Csp
X-Hp-Webp
X-Shield-Request-Id
X-Jurisdiction
Front-End-Https
X-T
X-Upstream
X-Hits
X-Element-Page-Cache
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Version
X-Content-Digest
X-Amz-Meta-S3cmd-Attrs
X-Dw-Request-Base-Id
DynaTrace
X-Node-Name
X-Cache-Hit
ServerID
Fastcgi-Cache
X-Mrf-Item-Lastmod
X-Fastcgi-Cache
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
AMP-Access-Control-Allow-Source-Origin
X-Recruiting
X-Correlation-Id
X-Mobile-URL
Ar-Sid
Accept-Ch
AR-CACHE
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-FTR-Balancer
X-FTR-Realm
X-Request-Processing-Time
X-Request-Received
X-FTR-Cache-Status
X-FTR-DC
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
Powered
TP-L2-Cache
Server-Node
TP-Cache
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
X-HS-Cache-Config
PB-RID
PB-PID
X-FTR-Expires
X-DIS-Request-ID
Upgrade-Insecure-Requests
X-TTL
Arc-Version
X-Mobile-Rewrite
X-Ezoic-Cdn
Refresh
X-Shard
X-Forwarded-For
Host-Header
X-HS-Combine-CSS
Alternate-Protocol
X-FastCGI-Cache
X-Geo-Country
X-XRDS-Location
Server-Name
Accept-Ch-Lifetime
X-Amzn-Trace-Id
X-Microsite
X-N
X-Request-Handler-Origin-Region
Fastly-Restarts
X-Akamai-Edgescape
X-NWS-LOG-UUID
X-LB-Cache
X-Rid
X-Page-Id
X-F-Cache
X-B
X-Logged-In
X-ATS-Timestamp
X-FTR-Cache-Host
Backend-Timing
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-User-Agent
X-Aspnetmvc-Version
X-Varnish-Age
X-Content-Security-Policy-Report-Only
X-Cache-Key
X-XRDS-LOCATION
X-Esi
MicrosoftSharePointTeamServices
X-Zen-Fury
X-Cdn
X-Kinsta-Cache
Healthy
X-Amzn-Requestid
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Jobs
X-Origin-Server
X-Revision
X-Varnish-Grace
X-Request-Guid
X-Cache-Age
Fastcgi-Useragent
Paypal-Debug-Id
X-App-Environment
X-Varnish-Backend
X-Tumblr-Pixel-0
X-Tumblr-User
X-Instance
X-Type
X-Amz-Replication-Status
X-Tumblr-Pixel
X-Git-Hash
X-FB-Debug
Actual-Object-TTL
X-B3-Sampled
X-AOL-HN
X-B-Cache
X-Hostname
X-Cluster
X-Seen-By
X-ATG-Version
X-Signature
Host
X-Whom
X-TT
Section-Io-Cache
X-Debug-Info
X-Presslabs-Stats
X-WebKit-CSP-Report-Only
X-Cache-Action
Frame-Options
X-Content-Options
Cache-Status
Access-Control-Allow-Method
X-Cache-Rule
X-Endurance-Cache-Level
X-Cache-Operation
X-Contextid
Trailer
X-Host-Name
X-Content-Powered-By
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Source
X-SERVER
Tracecode
Accept-Charset
X-APP-VERSION
X-Az
X-Activity-Id
X-AppVersion
DC
Liferay-Portal
X-FireWall-Port
X-Upgrade-Enabled
X-Tt-Trace-Tag
X-IPLB-Instance
X-Tt-Trace-Host
X-Daa-Tunnel
From-Origin
X-Amz-Apigw-Id
X-PHP-Backend
NGB
X-Framework
X-Response-Served-From
X-Accel-Buffering
X-RemovedCookies
X-ProcessESI
Retry-After
X-RateLimit-Remaining
X-WA-Info
Surrogate-Key
X-FW-Serve
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-UUID
X-FW-Type
X-FW-Static
VIX-Pulpo-Upstream-Status
X-FW-Server
VIX-Pulpo-Node
X-FW-Hash
X-Adobe-Loc
X-Adobe-Content
Payment
Eomportal-Instance
X-Cacheable-TTL
X-Rendered-As
X-GeoIP
X-Is-Bot
Filters
X-L-Path
X-Wix-Request-Id
X-RequestSource
X-Environment-Context
X-Region
X-Cache-NE
X-Varnish-Server
Srv
X-Time-Microsecs
X-Mobile
X-Unique-Id
X-Handled-By
X-TIME
X-Proxy
X-UA-Device-Type
X-Cached-By
X-NGENIX-Cache
X-Origin-Response-Time
X-Varnish-Hostname
X-EdgeConnect-Cache-Status
Datacenter
X-Webkit-CSP
X-Cache-TTL-Remaining
X-Cache-Control
GEO-INFO
X-B3-Traceid
Filterid
X-Cache-Server
X-Cache-Time
X-Akamai-Transformed
X-CST
Xserver
X-Backend-Name
MS-CV
X-Litespeed-Cache
Version
Odigeo-Trace-Id
X-Rule
X-Srv
X-Mode
X-Status
Cache-Tv-Group
Cache-Tags
S-Cnection
Server-Info
X-Yottaa-Metrics
X-ES-SERVER
X-FW-Dynamic
Meta-Geo
X-Cache-Var-Map
X-IP
X-CCM
X-Cache-Var
X-Ua-Device
X-Cache-2
X-Yottaa-Optimizations
X-URL
X-Path-Route
X-Cache-Enabled
X-FC-Vary-Parameters
OT-Force-Account-Verify
X-Amzn-Remapped-Content-Length
X-Detected-As
Webserver
X-Loop
Azure-SlotName
Azure-SiteName
Ec-Rule-Version
X-TNCMS
X-Redis-Cache
X-RN-RSRV
S-Rt
Azure-Version
X-MP-GENERATED-AT
Azure-InstanceId
Azure-RegionName
TWC-Device-Class
TWC-Connection-Speed
X-Real-IP
X-R9-Blue-Green-Version
TWC-GeoIP-Country
X-Cache-NGX
Origin-Cache-Control
Property-Id
DB-Nickname
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
Country
Webcakes-Region
X-Adobe-Source
Cleartype
Cross-Origin-Window-Policy
X-NCache
Webcakes-App-Version
X-Origin
X-Origin-Hint
X-Forwarded-Host
X-Human
Origin-Edge-Control
X-Hosted-By
X-Access
Akamai-GRN
ServedBy
Cache-Hits
Content-Disposition
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-Akamai-Request-ID2
NGX
X-Alternate-Cache-Key
Node
X-ServerID
X-ShardId
X-ShopId
X-Say-TTL
X-PERF
X-RCS-CacheZone
X-Shopify-Stage
X-Sorting-Hat-PodId
X-NYM-Debug-Backend
X-Say-Cacheable
X-Web-Node
X-Cache-Status-Check
X-Sorting-Hat-ShopId
X-TX-ID
X-Hl-Ver
X-Site-Version
X-Device-Type
X-Via-Fastly
X-Locale
X-Pinterest-Direct
X-Pubstack
X-EIG-Tracking-Id
X-Section
X-Generated
X-SayCDN-TTL
X-Format
X-ApacheServer
X-SaId
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-VWS-Id
X-Vgn-Hpd-Reason
X-Timing-Wait
X-Content-Age
X-FB-TRIP-ID
X-AWS-Id
X-BCube-Filmed-By
X-Cache-Config
X-Goog-Meta-Goog-Reserved-File-Mtime
X-JoinUs
X-Proxy-Build
Selected-Fe
X-No-Session
X-LJ-Flow-ID
X-Www-Served-By
Mn-Server-Ip
X-Dc
X-Backend-TTL
Access-Control-Request-Headers
X-Microcachable
Now
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
X-Tb
X-Shopify-Generated-Cart-Token
X-ProxyCache-Key
X-VCache
X-HTML-Minification-Powered-By
X-BYPASS-REASON
X-ProxyCache-Status
X-Proxy-Cache-Status
Cache-Key
X-Soup
X-Proto
X-Debug-Cache
X-Request-Time
X-Cache-Remote
X-Xfnlog-Site
X-Viewer-Country
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-EC-Lua
Nel
X-Varnish-Hits
X-From
X-Akamai-Request-ID
Accept-Language
X-Generated-By
Time
X-COUNTRY
X-CF-Powered-By
X-Drupal-Cache-Tags
X-Pad
Cf-Ipcountry
X-NC
X-NewRelic-App-Data
X-Azure-Ref
X-IPS-LoggedIn
X-Old-Content-Length
X-RateLimit-Limit
Uber-Trace-Id
X-FORWARDED-FOR
X-Edge
X-MCACHE
X-Geo
X-VCT
FilterID
X-UA
X-Source
X-RTag
Cache-Name
X-Cache-Grace
X-CS
X-NWS-UUID-VERIFY
Ms-Operation-Id
X-Uri
X-ECACHE
User-Agent
X-GoCache-CacheStatus
X-APP
X-PHP-Host
X-Labrador-Cache-Channel
X-CDN-Forward
X-Qloud-Router
X-Mid
X-PCL
X-Drupal-Cache-Contexts
X-Varnish-Cache-Hits
X-Edge-Location
Cache
X-OCL
X-PressLabs-Stats
X-Nginx-Cache
X-Tumblr-Pixel-3
X-Magnolia-Registration
X-FW-Version
X-Processor
True-Client-Country-4JS
X-Destination
X-PAYTM-SRV-ID
X-Date
Request-EU
Rendered-Blocks
X-Request-URI
X-Rewrite-Enabled
X-Region-Sid
X-Reboot
X-Rocket-Nginx-Bypass
X-Request-UUID
X-D
Apple-News-Services-Handled
Request-Country
Arc-Country
X-GeoIP-Country-Code
X-Geo-Header
X-Has-Esi
GEO-REGION-INFO
X-Cdn-Srv
X-CF-Lambda-Fn
X-G
X-CF-Lambda-Version
Memcached
Meta-Geo-Continent
MD5-Digest
Machine
X-External-Request-Id
X-DPWN-IS-SECURE
ServerName
X-Connection-Hash
AsisCache
BehaviorPad-Version
Mobile-Detection-Method
Apple-News-Services-Request-Url
X-Developer
Apple-News-Services-Parsed-Url
X-JWT-State
X-Is-Gdpr
Fastcgi-X-Cache-Version
X-Info
X-Instart-Info
T-Server
X-Rojux
Apple-News-Services-Host
Proxy-Connection
X-Aed
X-A-Dgt
X-Transaction
X-Vtex-Remote-Cache
X-Hyper-Cache
X-SRCache-Key
X-Vtex-Processado-Em
X-Accel-Expires-Debug
X-ARC
X-Trv-Group
X-Twitter-Response-Tags
X-Cache-Bucket
X-A-Wwc
X-A-Ccd
X-A
Xc-Version
X-B-Cookie
X-Newrelic-Synthetics
X-Oneagent-Js-Injection
X-Application
X-A-Dcw
X-S-Cookie
X-A-Dam
X-Vdms-Version
X-Session-Fingerprint
Viewtype
X-S
X-ScT
X-VG-WebServer
VivaBuild
X-VG-WebCache
X-S-Maxage
X-Sucuri-ID
X-Generation-Time
Gh-Request-Id
X-VServer
Server-Host
X-GeoIP-City
Server-Surrogate-Control
X-VG-TLSProxy
Rt-Fastcgi-Cache
AKAMAI
X-Developers
X-DevSite-Last-Modified
X-Bc-Bl
X-BBXSRF
X-Backend-State
X-Core-Value
X-Contensis-Viewer-Groups
N-Cache
X-Wikidot-Static-Cache
Server-Cache-Control
X-We-Are-Hiring
X-Gamma-Serve
X-Webstats-RespID
X-Fastly-Cache
X-Micro-Cache
X-Wikidot-Backend
X-Served-From
Heartbleed
X-LI-Proto
X-TrackingId
X-Thinkindot-L3
X-Sn-Servicetimems
X-Trafficlayer-App-Name
User-Cache-Control
Content-Style-Type
X-Trafficlayer-App-Scope
X-Cdn-Origin
X-Slack-Backend
Vix-Hermes-Req-Id
X-Level-Front-Cache
X-Server-W
X-Cache-URL
X-Backend-Host
X-Servername
X-Request-Host
Viewport
X-Auto-Login
X-Trafficlayer-App-Version
Cache-Cookie-Set-From
Thinkindot-Control
X-Varnish-Authentication
X-Li-Fabric
Cache-Cookie-Set-Idcheck
X-LI-UUID
Cache-Cookie-Set-Lfrom
X-Generated-On
Countrycode
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Li-Pop
X-Matched-Rule
Content-Script-Type
X-Cache-ASPX
X-Cluster-Node
X-Cluster-Name
X-Block-Status
X-Clara-WADP
X-Clientip
X-Cms-Context
X-C
X-Cache-PHP
X-Rebelmouse-Surrogate-Control
X-Urbn-Site-Id
X-Var-Ttl
X-Variation
X-Varnish-Cacheable
X-Urbn-Context-Path
X-TT-TIMESTAMP
X-SIPLIST1
X-Vdms-Path
X-SN
X-Scheme
X-VC-Cache
X-Thanos
X-Agile-Id
X-Bip
X-Cache-FS-Status
X-Dispatch
X-Agile-Age
X-Logging-Id
X-WADP-Cache
X-Skip-Cache
X-Owner
X-Agile
X-Sigma-Backend
X-Sigma
X-Fetched-On
X-Fmm-Version
X-Gen-Mode
X-Hash
X-Epic-Correlation-Id
X-Distributor
X-CUA
X-Device-Os
X-Dispatcher-Server
X-Distil-CS
X-Hnp-Log
X-IN-APIGATEWAY
X-Platform-Server
X-Rebelmouse-Cache-Control
X-Rocket-Build-Number
X-ServiceProvider
X-Origin-Expires
X-Origin-Date
X-IN-APIGATEWAYSSL
X-Irp-Debug
X-Nginx-Cache-Key
X-Core-Mission
X-Cache-Info
Proxy-Firewall
Platform
Fastly-SWR
Fastly-Drupal-HTML
SD-X-WS
X-App-Name
Is-Eu
NM-Fastcgi-Cache
On-Server
Locale
IsBot
W
Fastly-SIE
Wxu-Next-Hostname
Wxu-Next-Region
Web-Mar-Node
Adler-Geo
Wxu-Next-Commit
X-UnsetCookies
X-Amzn-RequestId
X-B3-Spanid
L5d-Success-Class
Kp-EeAlive
X-Req
X-RateLimit-Remaining-Second
X-LAGOON
X-Eu-Site
X-WebServer
Locid
X-RateLimit-Limit-Second
CDCHOST
HA-Ipaddr
Country-Code
X-Hit
FNAC-ModuleRouting
A
Mail-Subject
X-Response-By
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Ha-Gx-Prefs
Group
X-Storage
Cache-Host
X-CSRF-Token
CF-Cached-On
RNT-Machine
RNT-Time
X-NodeID
X-Ms-Version
Request-Time
Server-ID
X-Swa-Ws
We-Hiring
X-Cache-Tags
V-Age
X-Trace-Id
X-Ms-Request-Id
X-CGP
X-Debug-Log
X-Cache-Expired-At
X-Proxy-Upstream
X-App-Server
X-Generated-In
X-SS-Set-Cookie
X-RESPONSE-TIME
X-Debug-Cookies
X-NX-Host
X-Refresh
X-OVcl-Cache
X-Protected-By
Server-Ext
Pagetype
Server-Hostname
Sever-Int
X-CLOUD-TRACE-CONTEXT
M-TraceId
X-OVcl
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Varnish-Beresp-Ttl
X-Debug-Cache-Expiry
X-Instart-Isnd
X-TA-CDN-Provider
X-FPC
X-Method
PFcat
X-CACHE-GROUP
X-Node-Id
HostName
X-Worker
XServer
X-Parent-Response-Time
X-GEO
Magicmarker
X-SRV
X-Varnish-URL
PICS-Label
X-Via-PopV
Geoip-City
X-MSEdge-Features
Geoip-Latitude
X-Varnish-Ttl
X-Request-Start
X-Wa
X-Branch-Name
X-MSEdge-Flight
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-PopH
Mime-Version
X-CACHE-KEY
X-Nc
X-Be
X-Policy
GeoIp-Country-Code
Origin
Powered-By-ChinaCache
X-Ruxit-Js-Agent
X-Time
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Lb-Id
X-Planisys-CDN-Cache
Memory
Pramga
X-Ratelimit-Remaining
Geo-Info
X-SERVER-NAME
X-C-Zone
X-C-Key
Esi-Enabled
X-ND-Cache
Cloudfront-Viewer-Country
X-Service
X-Load-Cache
Who
HitType
Cteonnt-Length
Dt-Cache-Category
X-Via-Ucdn
X-HS-Status
Environment
X-Reqid
X-Pjax-Url
X-ECache
X-Azure-Ref-OriginShield
X-BACKEND-TTL
X-Newrelic-App-Data
X-Myra-Origin2
X-Wix-Viewer-Type
X-Country-IP
X-DC
X-Referer
X-Zone
X-CSRF-TOKEN
X-Bc
X-VCL-Version
X-Servedbyhost
NtCoent-Length
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Cache-Metadata
Fastly-Backend-Name
TTL
X-BC
UCS
Ttl
X-Up
Product
X-ZONE
X-Ua
SRV
X-Cdn-Forward
X-Origin-TTL
X-Cache-Host
X-NGINX-Cache
X-Origin-CC
X-Vcl-Version
X-Ratelimit-Limit
X-Server-Time
X-ServedByHost
X-Swift-Error
X-Fastly-Country-Code
X-Server-IP
X-Pf-Uncompressing
Resin-Trace
Pragrma
X-TT-LOGID
Cdn-Host
FSS-Cache
X-Edge-Server
Hostname
X-Correlation-ID
Cdn
Cdn-Request-Time
CACHE
X-AIR-PT
X-AK-Request-ID
C-Via
Cdncip
Release
Cdnsip
X-PJAX-URL
X-App-Version
Lb
LB
X-Node-ID
X-NU-AKA-ACS-Version
Load-Balancing
Sid
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Warning
X-Location
X-Cache-Backend
X-WPE-Loopback-Upstream-Addr
GeoIP-Country-Code
X-Configured-By
X-UPSTREAM-Address
MIME-Version
X-BE
X-WA
GeoIP-Latitude
Dnion-Transfer-Encoding
GeoIP-City
X-Air-Hostname
My-App
X-Sucuri-Cache
Ohc-File-Size
X-RAMCache
X-Tb-Optimization-Total-Bytes-Saved
X-Mvc-Supplant-Cachable
X-Cache-Id
X-Powered-Y
X-Esi-Check
X-Svr
X-Gzip
X-VarnishDD-TTL
X-Varnish-Url
Lfy
Ohc-Cache-HIT
X-TH-Server
X-Varnish-Beresp-TTL
X-Fastly-Request-Id
RequestId
X-Mvc-Supplant-OutputCached
X-Fastly-Backend-Reqs
X-Cache-Debug
X-LiteSpeed-Cache-Control
Pics-Label
Processtime
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
CDN
X-MID
IBM-Web2-Location
CF-IPCountry
X-Fpc
X-B3-SpanId
Xet-Cookie
X-Agile-Brick-Ok
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Host-ID
X-ElasticPress-Query
X-B3-Parentspanid
X-Zalando-Child-Request-Id
X-Flow-Id
X-ElasticPress-Search
Requestid
X-User
Fastly-SSL
X-Page-Impression-Id
X-Via-NSCOPI
Server-Int
X-Unique-ID
Cneonction
X-Ocache
X-SD-PageType
X-Debug-Controller
X-Debug-Revision
X-Aicache-OS
X-Check-Cacheable
X-Sucuri-Id
X-RPS
X-RSL
X-Envoy-Decorator-Operation
X-DSS
X-Action
X-Compress-Hint
X-DI
X-RPM
X-DW
X-DB
X-Edge-O15-RID
X-Cache-Tag
DataCenter
X-Dw-Trace-Id
X-Request-Url
X-Fastly-Cache-Hits
X-Request-URL
URI
X-Nananana
CloudFront-Viewer-Country
X-Akamai-ERPolicy
Powered-By
X-LB-ID
X-MiniProfiler-Ids
X-Akamai-ERRuleID