Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
CF-Ray
Referrer-Policy
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-AspNetMvc-Version
X-Language
X-Ua-Compatible
Status
Upgrade
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Pass-Why
X-Cache-Group
X-Server
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
X-Page-Speed
X-Request-ID
X-Hacker
X-Pingback
Server-Timing
X-Server-Powered-By
Feature-Policy
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Origin-Cache
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
EagleEye-TraceId
X-Backend-Server
X-Host
X-Node
X-Vhost
X-Response-Time
NEL
X-Dispatcher
X-WebKit-CSP
X-Ac
X-Cache-Lookup
X-Readtime
Surrogate-Control
X-Origin-Upstream-Status
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Country
X-Mod-Pagespeed
X-DataDome
X-Cloud-Trace-Context
X-Akam-SW-Version
Edge-Control
X-Rack-Cache
Rating
X-Url
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
X-DynaTrace
X-Varnish-TTL
X-ASPNET-VERSION
X-Country-Code
X-Instart-Request-ID
Allow
Content-MD5
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
X-ESI
X-Server-Name
Pinterest-Generated-By
X-D2id
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-MS-InvokeApp
SPRequestGuid
X-Cached
X-Powered-By-Plesk
X-Navigation-Version
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Debug
X-Vcache
X-Abt-Application-Version
X-Amz-Rid
X-Webkit-Csp
Public-Key-Pins
X-Trace
X-Fastly-Request-ID
X-MSEdge-Ref
X-B3-TraceId
X-SharePointHealthScore
Nginx-Cache
Accept-Ch
X-Server-ID
TCN
X-Vcap-Request-Id
X-VARITI-CCR
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Fusion-Deployment-Id
MS-Author-Via
Arr-Disable-Session-Affinity
Charset
X-Px
X-NF-Request-ID
X-Accel-Expires
X-Cache-TTL
Edge-Cache-Tag
SPIisLatency
SPRequestDuration
X-Ttl
Realpath
Response
Pagespeed
Display
X-Middleton-Display
X-Middleton-Response
Accept-Ch-Lifetime
X-Content-Type
X-Ser
X-Sol
X-Fastcgi-Cache
X-Client-IP
Accept-CH
X-Version
X-SRCache-Store-Status
Cache-Tag
X-SRCache-Fetch-Status
X-DynaTrace-JS-Agent
X-Powered-CMS
Front-End-Https
Pinterest-Version
X-Pinterest-Rid
NR-ENABLED
X-Dns-Prefetch-Control
X-Id
Access-Control-Request-Method
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Jurisdiction
X-Hp-Webp
X-Grace
X-Upstream
Mrf-Cache-Status
X-Forwarded-For
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
S
Accept-CH-Lifetime
X-T
X-Hits
X-Content-Digest
X-Amz-Meta-S3cmd-Attrs
X-Element-Page-Cache
DynaTrace
Ar-Sid
AR-CACHE
X-Dw-Request-Base-Id
Fastcgi-Cache
ServerID
X-TTL
X-Node-Name
X-Mobile-URL
X-Cache-Hit
X-Shield-Request-Id
PB-PID
PB-RID
X-Recruiting
X-FTR-Backend
X-FTR-DC
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend-Server
X-Goog-Generation
Server-Node
X-FTR-Cache-Status
X-FTR-Realm
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Mobile-Rewrite
Arc-Version
X-Amzn-Trace-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
TP-Cache
TP-L2-Cache
Powered
X-Frontend
X-FTR-Expires
AMP-Access-Control-Allow-Source-Origin
X-Shard
Upgrade-Insecure-Requests
X-Ezoic-Cdn
WPE-Backend
X-DIS-Request-ID
X-Request-Processing-Time
X-Request-Received
X-NWS-LOG-UUID
Refresh
Fastly-Restarts
Alternate-Protocol
X-HS-Combine-CSS
X-Logged-In
X-Varnish-Age
X-Correlation-Id
X-Request-Handler-Origin-Region
X-Microsite
Server-Name
X-XRDS-LOCATION
X-Page-Id
X-FTR-Cache-Host
X-LB-Cache
X-B
X-Akamai-Edgescape
X-ATS-Timestamp
X-Rid
Backend-Timing
X-F-Cache
X-User-Agent
X-XRDS-Location
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
X-Geo-Country
X-N
X-Via-JSL
X-Kong-Proxy-Latency
Host
Host-Header
X-Kong-Upstream-Latency
X-Zen-Fury
Cache-Status
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Origin-Server
X-Varnish-Grace
X-Content-Options
X-Kinsta-Cache
X-Revision
X-B3-Sampled
X-ATG-Version
X-AOL-HN
X-TT
Paypal-Debug-Id
X-Instance
X-Amz-Replication-Status
X-Tumblr-Pixel
X-Cache-Action
Healthy
Actual-Object-TTL
X-Type
X-Tumblr-User
X-App-Environment
X-Tumblr-Pixel-0
X-FB-Debug
X-Request-Guid
X-Amz-Apigw-Id
X-B-Cache
Section-Io-Cache
X-Signature
X-Jobs
Access-Control-Allow-Method
X-Git-Hash
X-Varnish-Backend
Fastcgi-Useragent
X-WebKit-CSP-Report-Only
X-Debug-Info
Frame-Options
X-Whom
X-Content-Powered-By
Liferay-Portal
X-Hostname
X-Cluster
X-Tt-Trace-Host
X-Srv
X-Tt-Trace-Tag
X-Seen-By
X-Cache-Rule
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Cache-Operation
X-Activity-Id
X-Daa-Tunnel
X-Az
X-AppVersion
X-Amzn-Requestid
X-Cache-Age
X-PHP-Backend
X-FireWall-Port
X-Cached-By
X-Framework
X-FastCGI-Cache
X-Endurance-Cache-Level
Tracecode
X-Contextid
X-Cache-Key
X-WA-Info
X-Mobile
X-Host-Name
Retry-After
X-Presslabs-Stats
Source
X-IPLB-Instance
X-Response-Served-From
X-Accel-Buffering
NGB
X-Upgrade-Enabled
X-RemovedCookies
X-ProcessESI
Srv
Eomportal-Instance
Trailer
Accept-Charset
Xserver
X-UUID
X-FW-Type
X-GeoIP
X-Environment-Context
X-FW-Static
X-FW-Server
Surrogate-Key
X-FW-Hash
X-FW-Serve
DC
X-L-Path
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Adobe-Content
X-RequestSource
X-Rendered-As
Filters
X-Cache-NE
Payment
X-Adobe-Loc
X-Is-Bot
X-Cacheable-TTL
X-Origin-Response-Time
X-Region
X-Varnish-Hostname
X-Handled-By
X-Varnish-Server
X-RateLimit-Remaining
X-UA-Device-Type
From-Origin
X-CST
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
X-EdgeConnect-Cache-Status
X-Cache-2
Server-Info
X-Wix-Request-Id
X-Backend-Name
X-Cache-Server
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-APP-VERSION
Cache-Tv-Group
MS-CV
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-NGENIX-Cache
X-TIME
X-Akamai-Transformed
Version
X-Cache-Enabled
Datacenter
X-Status
Filterid
S-Cnection
X-Unique-Id
X-Dc
X-B3-Traceid
X-Mode
X-Cache-Time
GEO-INFO
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Control
Meta-Geo
X-Path-Route
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
X-CCM
X-IPS-LoggedIn
X-RN-RSRV
X-Pad
X-Hl-Ver
X-Forwarded-Host
X-PERF
X-ApacheServer
X-Cache-Status-Check
Cleartype
ServedBy
Country
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
Cache-Tags
X-Via-Fastly
X-R9-Blue-Green-Version
X-Ua-Device
X-Goog-Meta-Goog-Reserved-File-Mtime
X-EIG-Tracking-Id
X-AWS-Id
X-Device-Type
X-FW-Dynamic
X-Debug-Cache
X-Alternate-Cache-Key
X-FC-Vary-Parameters
Webcakes-Region
TWC-GeoIP-Country
X-Tb
TWC-Device-Class
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
TWC-GeoIP-LatLong
X-TX-ID
TWC-Connection-Speed
Origin-Edge-Control
Origin-Cache-Control
Now
OT-Force-Account-Verify
DB-Nickname
X-VWS-Id
Property-Id
X-LJ-Flow-ID
X-ShopId
X-Proto
Webcakes-App-Version
X-Origin-Hint
X-Origin
X-Akamai-Request-ID2
NGX
X-ShardId
X-Pubstack
Webcakes-App-Name
Akamai-GRN
X-Redis-Cache
TWC-Locale-Group
Webserver
X-ServerID
TWC-Privacy
X-Amzn-Remapped-Content-Length
X-Access
Selected-Fe
X-NCache
X-Zipkin-Id
Cache-Key
Section-Io-Id
X-Xfnlog-Site
X-Www-Served-By
X-Vgn-Hpd-Reason
X-Web-Node
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-ProxyCache-Status
X-RCS-CacheZone
X-ProxyCache-Key
X-Human
Section-Origin-Responded
X-BYPASS-REASON
X-Varnish-Hits
X-Timing-Wait
X-Locale
X-Proxied
X-Proxy-Build
X-IP
X-Hosted-By
X-Detected-As
X-Format
X-Proxy-Cache-Status
X-Routing-Service
X-Site-Version
X-Soup
X-Section
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
X-Cache-Config
Mn-Server-Ip
Azure-InstanceId
Azure-Version
Ec-Rule-Version
Azure-RegionName
Content-Disposition
Azure-SlotName
Azure-SiteName
X-MP-GENERATED-AT
X-Akamai-Request-ID
X-TNCMS
Access-Control-Request-Headers
X-FB-TRIP-ID
X-Content-Age
X-JoinUs
X-Loop
X-Viewer-Country
S-Rt
X-SaId
X-NYM-Debug-Backend
X-Real-IP
X-Generated-By
X-Cache-Remote
X-CACHE-KEY
X-Cdn
X-Request-Time
Cross-Origin-Window-Policy
X-Generated
X-HTML-Minification-Powered-By
Cache-Hits
X-BCube-Filmed-By
X-NewRelic-App-Data
X-Adobe-Source
X-Edge-O15-RID
Node
FilterID
X-SS-Set-Cookie
Nel
X-EC-Lua
X-Geo
X-PressLabs-Stats
X-No-Session
X-Microcachable
Odigeo-Trace-Id
X-Rule
X-Drupal-Cache-Tags
Accept-Language
X-Amzn-RequestId
X-Uri
X-App-Server
Cf-Ipcountry
Ms-Operation-Id
X-Azure-Ref
X-RTag
X-Qloud-Router
X-PCL
X-OCL
X-From
X-Esi
X-NWS-UUID-VERIFY
X-CF-Powered-By
X-Source
Time
X-Cache-NGX
X-RateLimit-Limit
X-Varnish-Cache-Hits
User-Agent
X-Labrador-Cache-Channel
X-UA
X-Backend-TTL
X-PHP-Host
X-Hyper-Cache
Proxy-Connection
X-Info
X-Old-Content-Length
X-Storage
X-GoCache-CacheStatus
X-Nc
X-Newrelic-Synthetics
X-Cache-Grace
Cache-Name
Uber-Trace-Id
X-External-Request-Id
X-GeoIP-Country-Code
X-G
X-Request-UUID
X-Drupal-Cache-Contexts
X-Rojux
X-Vdms-Version
X-VG-WebCache
X-Vtex-Processado-Em
X-VG-WebServer
X-Rewrite-Enabled
X-Request-URI
X-OVcl-Cache
X-OVcl
X-PAYTM-SRV-ID
X-S-Cookie
X-Region-Sid
X-Processor
X-ScT
X-A-Dcw
Mobile-Detection-Method
Apple-News-Services-Handled
Meta-Geo-Continent
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
A
Rendered-Blocks
X-Transaction
X-Trv-Group
Request-EU
Request-Country
Apple-News-Services-Request-Url
X-Twitter-Response-Tags
Content-Script-Type
BehaviorPad-Version
AsisCache
X-Vtex-Remote-Cache
Arc-Country
Content-Style-Type
MD5-Digest
Machine
GEO-REGION-INFO
Fastcgi-X-Cache-Version
ServerName
T-Server
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cdn-Srv
X-SRCache-Key
X-B-Cookie
X-Connection-Hash
X-D
X-DPWN-IS-SECURE
X-Developer
X-Destination
X-Date
X-ARC
X-Application
X-A
VivaBuild
Viewtype
True-Client-Country-4JS
X-A-Ccd
X-A-Dam
X-Aed
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
X-Session-Fingerprint
X-Varnish-Beresp-Grace
X-Time
X-Nginx-Cache
X-Cluster-Node
Xc-Version
X-Varnish-Beresp-Status
X-S
X-Cluster-Name
X-CS
X-Cdn-Origin
Server-Host
X-Trafficlayer-App-Name
X-UnsetCookies
Powered-By-ChinaCache
PFcat
X-Generated-On
X-Level-Front-Cache
X-Thinkindot-L3
X-IN-APIGATEWAYSSL
X-Load-Cache
X-GeoIP-City
X-Geo-Header
X-Rocket-Nginx-Bypass
X-Matched-Rule
X-Core-Value
X-Edge-Location
X-ServiceProvider
Viewport
X-Sn-Servicetimems
X-Reboot
X-VG-TLSProxy
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
Thinkindot-CacheControl
X-IN-APIGATEWAY
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Magnolia-Registration
X-Served-From
X-S-Maxage
User-Cache-Control
X-Slack-Backend
X-C
X-Block-Status
X-Bip
X-CGP
X-Clara-WADP
X-Cms-Context
X-Contensis-Viewer-Groups
X-Cache-URL
X-Cache-Info
X-Cache-Bucket
X-Cache-Expired-At
X-Cache-FS-Status
X-Cache-ASPX
X-WADP-Cache
X-Agile
X-Agile-Age
X-Agile-Id
X-VCache
Wxu-Next-Region
Web-Mar-Node
Wxu-Next-Commit
Wxu-Next-Hostname
X-CUA
X-Trace-Id
X-BBXSRF
X-Thanos
X-Bc-Bl
X-Backend-State
X-Backend-Host
X-App-Name
X-Auto-Login
X-Swa-Ws
X-Distributor
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Logging-Id
X-Li-Fabric
X-LAGOON
X-Server-W
X-Irp-Debug
X-Is-Gdpr
X-JWT-State
X-Micro-Cache
X-Ms-Request-Id
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Req
X-Rocket-Build-Number
X-Proxy-Upstream
X-Owner
X-Ms-Version
X-Nginx-Cache-Key
X-NodeID
X-NX-Host
X-Instart-Isnd
X-Hnp-Log
X-Device-Os
X-Sigma-Backend
X-Dispatch
X-Dispatcher-Server
X-Developers
X-Debug-Log
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cookies
X-Distil-CS
We-Hiring
X-Gen-Mode
X-Generated-In
X-Generation-Time
X-Has-Esi
X-Gamma-Serve
X-FW-Version
X-Sigma
X-Eu-Site
X-Fastly-Cache
X-Fetched-On
X-SIPLIST1
X-TrackingId
Heartbleed
X-Urbn-Context-Path
IsBot
Ha-Gx-Prefs
Group
Cache-Cookie-Set-Lfrom
Gh-Request-Id
Kp-EeAlive
L5d-Success-Class
N-Cache
On-Server
Memcached
Mail-Subject
Locale
Locid
FNAC-ModuleRouting
X-Urbn-Site-Id
X-Varnish-Cacheable
X-Varnish-Authentication
X-Wikidot-Backend
X-Webstats-RespID
X-VC-Cache
X-WebServer
AKAMAI
X-Wikidot-Static-Cache
X-Var-Ttl
W
CDCHOST
Cache-Host
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Tumblr-Pixel-3
HA-Ipaddr
Server-Surrogate-Control
X-Varnish-Beresp-Ttl
Pramga
Server-ID
Server-Cache-Control
V-Age
RNT-Time
X-VServer
RNT-Machine
X-TT-TIMESTAMP
X-NC
Rt-Fastcgi-Cache
X-VCT
X-Epic-Correlation-Id
X-Fmm-Version
Geo-Info
Mime-Version
X-Origin-Expires
Fastly-SIE
X-Service
Cloudfront-Viewer-Country
X-Hash
X-Servername
X-Platform-Server
Country-Code
Adler-Geo
X-DevSite-Last-Modified
Countrycode
Fastly-SWR
X-Request-Host
X-Rebelmouse-Cache-Control
X-Lb-Id
X-ND-Cache
X-We-Are-Hiring
X-Skip-Cache
X-Rebelmouse-Surrogate-Control
X-Origin-Date
Platform
Fastly-Drupal-HTML
X-Clientip
X-Cache-Tags
X-Core-Mission
X-Variation
Is-Eu
X-Sucuri-ID
X-VHOST
X-Node-Id
X-Scheme
X-RESPONSE-TIME
HitType
X-TA-CDN-Provider
X-Response-By
X-Hit
X-Refresh
X-URL
Environment
X-BACKEND-TTL
X-CLOUD-TRACE-CONTEXT
X-Instart-Info
SD-X-WS
Cache
X-B3-Spanid
X-SN
X-MCACHE
X-Edge
X-Varnish-URL
X-APP
Hostname
Proxy-Firewall
X-CDN-Forward
X-Parent-Response-Time
Vix-Hermes-Req-Id
Origin
X-Ratelimit-Remaining
X-Pjax-Url
X-Cdn-Forward
X-Varnish-Ttl
X-Origin-TTL
X-Origin-CC
X-Cache-PHP
X-Correlation-ID
X-MSEdge-Features
X-MSEdge-Flight
M-TraceId
X-App-Version
Request-Time
X-Up
Fastly-Backend-Name
X-CSRF-Token
X-CSRF-TOKEN
PICS-Label
X-Wa
X-ECACHE
X-FPC
X-Vdms-Path
X-Server-Time
Geoip-City
Geoip-Latitude
NM-Fastcgi-Cache
X-Be
CF-Cached-On
X-Mid
Pragrma
X-TT-LOGID
X-Edge-Server
GeoIp-Country-Code
Cdn-Host
Cdn-Request-Time
Sever-Int
Server-Ext
Pagetype
X-Wix-Viewer-Type
Server-Hostname
X-HS-Status
TTL
CACHE
X-Ua
X-AK-Request-ID
X-ECache
Cdncip
X-Vcl-Version
Cdnsip
NtCoent-Length
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Method
Ohc-File-Size
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Myra-Origin2
Cdn
X-Newrelic-App-Data
X-Cache-Host
HostName
Cteonnt-Length
X-ZONE
X-BC
X-Litespeed-Cache
X-Air-Hostname
X-NU-AKA-ACS-Version
Magicmarker
X-Worker
X-Protected-By
X-GEO
X-Cache-Metadata
Resin-Trace
XServer
X-Via-PopV
X-Branch-Name
X-Envoy-Upstream-Healthchecked-Cluster
X-Referer
X-Via-PopH
X-Request-Start
X-Servedbyhost
Memory
X-Dynatrace-Js-Agent
X-Ratelimit-Limit
SRV
X-Zone
X-Bc
X-Pf-Uncompressing
X-Policy
X-ServedByHost
X-Azure-Ref-OriginShield
X-FORWARDED-FOR
Release
X-Cache-Debug
X-Oneagent-Js-Injection
X-NGINX-Cache
Dt-Cache-Category
RequestId
X-Swift-Error
Load-Balancing
X-Planisys-CDN-Rules
Ohc-Cache-HIT
X-Planisys-CDN-TTL
X-TH-Server
X-Planisys-CDN-Cache
X-DC
X-C-Key
X-C-Zone
X-Unique-ID
Esi-Enabled
X-Reqid
X-VCL-Version
IBM-Web2-Location
Lb
Who
X-Esi-Check
X-Cache-Id
X-AIR-PT
Server-Int
Dnion-Transfer-Encoding
Ttl
X-Configured-By
X-Ruxit-Js-Agent
Pics-Label
X-Gzip
X-Datadome
GeoIP-Country-Code
X-Fastly-Country-Code
X-COUNTRY
Powered-By
X-Ocache
X-Tb-Optimization-Total-Bytes-Saved
X-Node-ID
X-Via-Ucdn
Tcn
GeoIP-City
X-WA
X-SRV
GeoIP-Latitude
UCS
X-Country-IP
X-Pinterest-Direct
MIME-Version
FSS-Cache
Fastly-Soc-X-Request-Id
Product
X-B3-SpanId
X-VarnishDD-TTL
LB
X-Fpc
Fastly-SSL
X-Action
X-SERVER-NAME
X-RAMCache
X-PF-Uncompressing
X-Svr
X-PJAX-URL
X-Powered-Y
X-DW
X-DSS
X-DB
X-DI
X-Fastly-Request-Id
X-RPM
X-Varnish-Url
X-Fastly-Backend-Reqs
Lfy
X-RPS
X-Hello
X-RSL
X-Flog
X-ABtesting
X-WPE-Loopback-Upstream-Addr
X-Server-IP
X-MID
X-SD-PageType
X-Varnish-Beresp-TTL
X-HostName
Sid
FSS-Proxy
Host-ID
X-Cache-Backend
X-LiteSpeed-Cache-Control
Requestid
X-Amzn-Remapped-Connection
Xet-Cookie
X-Flow-Id
X-Agile-Brick-Ok
X-Page-Impression-Id
X-Amzn-Remapped-Date
X-Apw-Hits
Amp-Access-Control-Allow-Source-Origin
X-Zalando-Child-Request-Id
X-Render-Time
CDN
X-ElasticPress-Search
ProcessTime
X-Via-CDN
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
CF-IPCountry
SN
X-Aicache-OS
X-B3-Parentspanid
WZWS-RAY
X-BE
X-User
C-Via
X-Debug-Controller
X-Debug-Revision
X-Check-Cacheable
Cneonction
L
X-Compress-Hint
X-UPSTREAM-Address
X-Litespeed-Cache-Control
X-Request-URL
X-Beluga-Status
X-Dw-Trace-Id
DataCenter
X-App
X-Nananana
CloudFront-Viewer-Country
X-LB-ID
X-MiniProfiler-Ids
X-Beluga-Trace
X-Request-Url
X-Beluga-Record
X-Beluga-Node
X-Key
X-Beluga-Response-Time
X-Fastly-Cache-Hits
X-Internal-Host
X-Beluga-Cache-Status