Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
Referrer-Policy
CF-Ray
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Template
X-Language
X-Ua-Compatible
Status
Upgrade
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Server
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
Xkey
X-Page-Speed
X-Request-ID
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
EagleEye-TraceId
X-Backend-Server
X-Host
X-Node
X-Vhost
X-Response-Time
NEL
X-WebKit-CSP
X-Dispatcher
X-Ac
X-Cache-Lookup
X-Readtime
X-Origin-Upstream-Status
Surrogate-Control
Content-Location
Request-Id
X-Application-Context
X-Ruxit-JS-Agent
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-HW
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Cnection
X-Country
X-DataDome
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Akam-SW-Version
Edge-Control
X-Rack-Cache
Rating
X-Url
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
RTSS
X-PC
X-TtlSet
X-Vname
X-FTR-Request-ID
X-Goog-Hash
X-DynaTrace
X-ASPNET-VERSION
X-Varnish-TTL
X-Country-Code
X-Instart-Request-ID
Allow
Service-Worker-Allowed
Content-MD5
Verso
X-GitHub-Request-Id
X-Server-Name
X-D2id
Pinterest-Generated-By
X-ESI
X-Use-Magma
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Server
X-MS-InvokeApp
SPRequestGuid
X-Cached
X-Navigation-Version
X-Powered-By-Plesk
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-Debug
X-Amz-Rid
Fusion-Deployment-Id
X-Trace
X-Vcache
Public-Key-Pins
TCN
X-TEC-API-VERSION
X-Fastly-Request-ID
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-SharePointHealthScore
Nginx-Cache
X-MSEdge-Ref
X-B3-TraceId
X-VARITI-CCR
X-Server-ID
X-Vcap-Request-Id
MS-Author-Via
X-Ttl
Charset
Arr-Disable-Session-Affinity
Accept-Ch
X-Px
X-Accel-Expires
X-NF-Request-ID
Accept-CH
X-Cache-TTL
SPRequestDuration
SPIisLatency
X-Webkit-Csp
Edge-Cache-Tag
Realpath
Response
X-Middleton-Display
X-Middleton-Response
Display
Pagespeed
X-Content-Type
X-Fastcgi-Cache
X-Ser
X-Sol
X-Client-IP
Cache-Tag
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Version
X-DynaTrace-JS-Agent
Accept-Ch-Lifetime
Accept-CH-Lifetime
NR-ENABLED
X-Powered-CMS
Front-End-Https
Pinterest-Version
X-Id
X-Pinterest-Rid
X-Dns-Prefetch-Control
X-Grace
Access-Control-Request-Method
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Jurisdiction
X-Hp-Webp
X-Upstream
S
X-Forwarded-For
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-T
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Hits
X-Content-Digest
X-Amz-Meta-S3cmd-Attrs
X-Element-Page-Cache
DynaTrace
X-Dw-Request-Base-Id
AR-CACHE
Ar-Sid
Fastcgi-Cache
X-Shield-Request-Id
ServerID
X-Mobile-URL
X-Node-Name
X-Cache-Hit
PB-PID
PB-RID
X-Recruiting
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Country-Code-Real
X-Goog-Storage-Class
X-FTR-Backend
Powered
X-Goog-Metageneration
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
Server-Node
X-Goog-Generation
X-FTR-Cache-Status
X-FTR-Realm
X-HS-Hub-Id
X-Frontend
X-HS-Content-Id
X-HS-Cache-Config
WPE-Backend
Arc-Version
X-Mobile-Rewrite
TP-L2-Cache
TP-Cache
AMP-Access-Control-Allow-Source-Origin
X-Amzn-Trace-Id
X-FTR-Expires
Upgrade-Insecure-Requests
X-DIS-Request-ID
X-TTL
X-Shard
X-Request-Processing-Time
X-Ezoic-Cdn
X-Request-Received
Refresh
Alternate-Protocol
X-HS-Combine-CSS
X-NWS-LOG-UUID
Fastly-Restarts
X-XRDS-Location
X-Logged-In
X-Correlation-Id
X-Varnish-Age
X-Request-Handler-Origin-Region
X-Microsite
Server-Name
X-Page-Id
X-FTR-Cache-Host
X-F-Cache
X-B
X-Akamai-Edgescape
Backend-Timing
X-LB-Cache
X-ATS-Timestamp
X-Rid
X-User-Agent
X-Geo-Country
X-N
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
Host-Header
X-XRDS-LOCATION
X-Via-JSL
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Host
X-Zen-Fury
Cache-Status
X-Origin-Server
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Kinsta-Cache
X-Content-Options
X-Varnish-Grace
Healthy
X-Revision
X-B3-Sampled
X-TT
X-ATG-Version
X-AOL-HN
X-B-Cache
Paypal-Debug-Id
X-Instance
X-Request-Guid
X-Cache-Action
X-Signature
X-FB-Debug
X-Amz-Replication-Status
X-Jobs
X-Tumblr-User
X-Tumblr-Pixel-0
X-App-Environment
X-Tumblr-Pixel
Actual-Object-TTL
Section-Io-Cache
X-Type
Access-Control-Allow-Method
X-Debug-Info
X-Git-Hash
Frame-Options
X-Varnish-Backend
X-Whom
Fastcgi-Useragent
X-Hostname
X-WebKit-CSP-Report-Only
X-Amz-Apigw-Id
Liferay-Portal
X-Content-Powered-By
X-Cluster
X-Seen-By
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cache-Rule
X-Cache-Operation
X-Erf-Bev-Bev
Trailer
X-Cache-Age
X-Erf-Bev-Bev-Is-Generated
X-FastCGI-Cache
X-Srv
X-Amzn-Requestid
X-FireWall-Port
X-PHP-Backend
Tracecode
X-Activity-Id
X-Contextid
X-Framework
X-Az
X-AppVersion
X-Endurance-Cache-Level
X-Cache-Key
X-Daa-Tunnel
X-Cached-By
X-WA-Info
Source
X-Host-Name
X-Mobile
X-Presslabs-Stats
X-IPLB-Instance
Retry-After
X-Upgrade-Enabled
NGB
X-Accel-Buffering
X-Response-Served-From
X-RemovedCookies
X-ProcessESI
Accept-Charset
X-RateLimit-Remaining
Srv
Surrogate-Key
Xserver
X-Adobe-Content
X-UUID
X-Adobe-Loc
X-Tumblr-Pixel-1
X-Environment-Context
X-Tumblr-Pixel-2
X-GeoIP
X-Region
X-FW-Serve
X-FW-Hash
X-Varnish-Server
X-L-Path
X-RequestSource
X-Is-Bot
X-Rendered-As
DC
Eomportal-Instance
X-FW-Type
X-Cache-NE
X-FW-Server
X-FW-Static
X-Cacheable-TTL
X-Handled-By
Payment
Filters
X-Varnish-Hostname
X-Origin-Response-Time
From-Origin
X-UA-Device-Type
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
VIX-Pulpo-Node
X-EdgeConnect-Cache-Status
VIX-Pulpo-Upstream-Status
X-Wix-Request-Id
X-Backend-Name
X-APP-VERSION
Server-Info
X-Cache-2
X-Cache-Server
Cache-Tv-Group
X-CST
Filterid
MS-CV
X-NGENIX-Cache
Datacenter
Version
X-Unique-Id
X-TIME
X-Akamai-Transformed
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Status
X-Cache-Enabled
X-Cache-Time
X-B3-Traceid
X-Cache-Control
X-Mode
S-Cnection
X-Yottaa-Metrics
GEO-INFO
X-Yottaa-Optimizations
X-Path-Route
X-CCM
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
X-RN-RSRV
X-Dc
Cache-Tags
Webserver
X-PERF
X-Via-Fastly
X-ApacheServer
X-Ua-Device
X-Hl-Ver
X-Forwarded-Host
ServedBy
Country
X-R9-Blue-Green-Version
X-Alternate-Cache-Key
X-AWS-Id
X-BYPASS-REASON
X-Cache-Status-Check
Akamai-GRN
X-Akamai-Request-ID2
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Debug-Cache
X-Device-Type
Origin-Edge-Control
X-ProxyCache-Status
X-Pubstack
X-Origin-Hint
X-Origin
X-EIG-Tracking-Id
X-Human
X-LJ-Flow-ID
TWC-Privacy
Cache-Key
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
NGX
Origin-Cache-Control
Property-Id
Now
TWC-Connection-Speed
Decoy-Debug-TTL
Cleartype
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
Decoy-Debug-Status
Decoy-Debug-Key
DB-Nickname
X-RCS-CacheZone
X-ProxyCache-Key
X-Vgn-Hpd-Reason
X-Tb
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-VWS-Id
X-IPS-LoggedIn
OT-Force-Account-Verify
X-FW-Dynamic
X-Redis-Cache
X-Proto
X-Shopify-Stage
X-ServerID
X-TX-ID
X-ShopId
X-ShardId
X-Shopify-Generated-Cart-Token
X-Hosted-By
X-IP
X-Proxy-Cache-Status
X-FC-Vary-Parameters
X-Detected-As
X-Web-Node
X-TNCMS
X-Soup
X-Locale
X-Say-TTL
X-Cache-Config
X-SayCDN-TTL
X-Say-Cacheable
X-Loop
X-Xfnlog-Site
X-NCache
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proxied
X-Section
X-Routing-Service
X-SaId
X-Generated
X-Format
X-Zipkin-Id
Access-Control-Request-Headers
Ec-Rule-Version
X-Access
X-Www-Served-By
X-Site-Version
X-Content-Age
X-Amzn-Remapped-Content-Length
Content-Disposition
X-Pad
Azure-InstanceId
Azure-RegionName
X-Esi
Azure-SiteName
Azure-Version
Azure-SlotName
Mn-Server-Ip
Cross-Origin-Window-Policy
X-Adobe-Source
X-Varnish-Hits
X-Viewer-Country
S-Rt
X-FB-TRIP-ID
X-Request-Time
X-MP-GENERATED-AT
X-Real-IP
X-NYM-Debug-Backend
Cache-Hits
X-Cache-Remote
X-EC-Lua
X-CACHE-KEY
X-Akamai-Request-ID
X-Cdn
Selected-Fe
X-HTML-Minification-Powered-By
X-Proxy-Build
X-Timing-Wait
X-Generated-By
X-BCube-Filmed-By
Node
X-Geo
X-PressLabs-Stats
Odigeo-Trace-Id
Nel
X-NewRelic-App-Data
X-No-Session
X-Microcachable
X-Rule
Accept-Language
X-Drupal-Cache-Tags
X-SS-Set-Cookie
X-Amzn-RequestId
FilterID
X-Uri
Cf-Ipcountry
X-Cache-NGX
X-Azure-Ref
X-From
X-RateLimit-Limit
X-App-Server
X-CF-Powered-By
X-RTag
Time
X-Backend-TTL
Ms-Operation-Id
X-Qloud-Router
X-Source
X-PCL
X-OCL
X-NWS-UUID-VERIFY
User-Agent
X-Varnish-Cache-Hits
X-Edge-O15-RID
Proxy-Connection
X-PHP-Host
X-Labrador-Cache-Channel
X-Hyper-Cache
X-Old-Content-Length
X-Info
X-GoCache-CacheStatus
X-Cache-Grace
X-Storage
Cache-Name
X-UA
X-Newrelic-Synthetics
Uber-Trace-Id
X-Nginx-Cache
ServerName
T-Server
X-SRCache-Key
A
X-Connection-Hash
X-VG-WebCache
X-Request-URI
Apple-News-Services-Parsed-Url
X-Processor
X-PAYTM-SRV-ID
X-VG-WebServer
Apple-News-Services-Handled
Apple-News-Services-Host
X-Aed
X-OVcl
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cdn-Srv
Request-EU
X-Drupal-Cache-Contexts
Request-Country
Rendered-Blocks
X-CS
X-DPWN-IS-SECURE
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-OVcl-Cache
X-Destination
Fastcgi-X-Cache-Version
X-GeoIP-Country-Code
X-Vtex-Processado-Em
Arc-Country
X-External-Request-Id
GEO-REGION-INFO
X-Twitter-Response-Tags
X-A-Wwc
X-Trv-Group
X-Transaction
Apple-News-Services-Request-Url
Meta-Geo-Continent
MD5-Digest
X-Vdms-Version
X-G
X-B-Cookie
X-A-Dgt
X-A-Dcw
X-A
X-A-Ccd
X-S
X-ARC
X-S-Cookie
X-Rojux
Xc-Version
X-Application
X-ScT
Viewtype
X-Rewrite-Enabled
X-Request-UUID
X-Vtex-Remote-Cache
X-Developer
X-Accel-Expires-Debug
X-D
X-Session-Fingerprint
X-A-Dam
BehaviorPad-Version
X-Date
True-Client-Country-4JS
VivaBuild
Machine
X-Region-Sid
AsisCache
Mobile-Detection-Method
X-Cluster-Name
X-Time
X-NC
X-Cluster-Node
Cache-Cookie-Set-From
X-Core-Value
Cache-Cookie-Set-Lfrom
X-Generated-On
Cache-Cookie-Set-Idcheck
X-GeoIP-City
X-Geo-Header
PFcat
X-ServiceProvider
Thinkindot-CacheControl-Type
X-Trafficlayer-App-Name
X-Sn-Servicetimems
Content-Script-Type
X-VCache
Thinkindot-Control
X-Reboot
X-Rocket-Nginx-Bypass
X-VG-TLSProxy
X-Trafficlayer-App-Version
X-Served-From
X-Trafficlayer-App-Scope
X-Thinkindot-L3
Thinkindot-CacheControl
X-Level-Front-Cache
X-IN-APIGATEWAY
X-Edge-Location
Content-Style-Type
X-Matched-Rule
X-VCT
X-IN-APIGATEWAYSSL
Server-Host
X-Cdn-Origin
X-UnsetCookies
X-S-Maxage
X-Nc
User-Cache-Control
X-CUA
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Cache-FS-Status
X-Block-Status
X-Cache-ASPX
X-Cache-Bucket
X-Bc-Bl
X-BBXSRF
X-DevSite-Last-Modified
X-App-Name
X-Backend-Host
X-Cache-Expired-At
X-Debug-Cookies
X-Clara-WADP
X-Cms-Context
X-Contensis-Viewer-Groups
X-CGP
X-Cache-URL
X-Backend-State
X-Cache-Info
X-Core-Mission
X-Origin-Expires
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Trace-Id
X-Server-W
X-Tumblr-Pixel-3
X-TT-TIMESTAMP
X-Sigma
X-Sigma-Backend
X-TrackingId
X-Swa-Ws
X-Owner
X-Slack-Backend
X-SIPLIST1
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Rocket-Build-Number
X-Wikidot-Backend
X-Webstats-RespID
X-WADP-Cache
N-Cache
X-Req
X-RateLimit-Remaining-Second
X-VC-Cache
X-Agile-Id
X-Var-Ttl
X-Wikidot-Static-Cache
X-Varnish-Authentication
X-Varnish-Cacheable
Memcached
X-Origin-Date
X-Fastly-Cache
X-Eu-Site
X-Fetched-On
Rt-Fastcgi-Cache
X-Gamma-Serve
X-Fmm-Version
X-Epic-Correlation-Id
X-Distributor
X-Device-Os
X-Developers
X-Dispatch
X-Dispatcher-Server
X-Distil-CS
X-Gen-Mode
X-Generated-In
X-Ms-Request-Id
X-Micro-Cache
X-Ms-Version
X-Nginx-Cache-Key
X-NX-Host
X-NodeID
X-Magnolia-Registration
X-Logging-Id
X-Hnp-Log
X-Hash
X-Instart-Isnd
X-Irp-Debug
X-LAGOON
X-Debug-Log
X-VServer
Locale
Locid
L5d-Success-Class
Kp-EeAlive
IsBot
Mail-Subject
On-Server
X-Li-Pop
Pramga
X-LI-Proto
X-LI-UUID
Heartbleed
HA-Ipaddr
Country-Code
AKAMAI
Cache-Host
CDCHOST
Powered-By-ChinaCache
Fastly-Drupal-HTML
FNAC-ModuleRouting
Ha-Gx-Prefs
Group
Gh-Request-Id
X-Servername
RNT-Machine
X-Li-Fabric
We-Hiring
RNT-Time
X-Agile-Age
W
X-Varnish-Beresp-Ttl
Web-Mar-Node
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
Viewport
X-Is-Gdpr
Server-ID
Server-Cache-Control
X-Agile
X-JWT-State
Server-Surrogate-Control
V-Age
X-Has-Esi
X-FW-Version
X-Generation-Time
X-Request-Host
X-Scheme
X-Skip-Cache
X-Hit
X-WebServer
X-Lb-Id
X-Variation
X-Thanos
X-We-Are-Hiring
Is-Eu
Platform
Cloudfront-Viewer-Country
Fastly-SIE
X-Platform-Server
X-Auto-Login
X-Bip
X-C
Adler-Geo
X-Cache-Tags
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Fastly-SWR
Geo-Info
X-VHOST
X-Sucuri-ID
X-Load-Cache
X-Node-Id
Mime-Version
X-URL
X-RESPONSE-TIME
Countrycode
X-Service
X-ND-Cache
X-Refresh
X-Clientip
X-Response-By
Cache
X-TA-CDN-Provider
HitType
X-Instart-Info
X-MCACHE
X-Edge
SD-X-WS
X-CLOUD-TRACE-CONTEXT
Environment
Proxy-Firewall
X-APP
X-CDN-Forward
X-B3-Spanid
X-SN
X-Varnish-URL
X-BACKEND-TTL
Vix-Hermes-Req-Id
X-Parent-Response-Time
Request-Time
X-Varnish-Ttl
X-ECACHE
X-Pjax-Url
Origin
Hostname
X-Vdms-Path
NM-Fastcgi-Cache
X-Correlation-ID
M-TraceId
CF-Cached-On
X-CSRF-TOKEN
X-MSEdge-Features
X-MSEdge-Flight
X-Mid
X-Wa
X-Cache-PHP
X-App-Version
X-CSRF-Token
X-Origin-TTL
X-Origin-CC
PICS-Label
X-Up
X-Cdn-Forward
Fastly-Backend-Name
X-Ruxit-Js-Agent
X-Be
X-Ratelimit-Remaining
Geoip-City
Geoip-Latitude
X-FPC
Sever-Int
Pagetype
Server-Ext
Server-Hostname
X-Server-Time
X-Ua
X-TT-LOGID
X-Edge-Server
X-Wix-Viewer-Type
X-Webkit-CSP
GeoIp-Country-Code
Cdn-Host
Cdn-Request-Time
Pragrma
HostName
X-HS-Status
X-ECache
X-Method
NtCoent-Length
TTL
X-Protected-By
Cdn
Cdncip
X-AK-Request-ID
X-Newrelic-App-Data
Cdnsip
X-Worker
X-Via-PopV
X-Myra-Origin2
Magicmarker
X-Via-PopH
CACHE
X-Vcl-Version
X-Referer
Resin-Trace
X-Litespeed-Cache
X-Envoy-Upstream-Healthchecked-Cluster
X-Bc
X-SVT-ORM-VERSION
X-Servedbyhost
X-Request-Start
X-Branch-Name
X-SVT-ORM-RULES
X-Zone
Ohc-File-Size
X-GEO
X-Cache-Metadata
X-Air-Hostname
X-NU-AKA-ACS-Version
XServer
X-Policy
Dt-Cache-Category
X-Azure-Ref-OriginShield
X-Cache-Host
Memory
SRV
X-DC
Cteonnt-Length
X-Dynatrace-Js-Agent
X-Pinterest-Direct
X-NGINX-Cache
Release
X-FORWARDED-FOR
X-BC
X-ZONE
X-C-Key
X-Oneagent-Js-Injection
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-C-Zone
X-Ratelimit-Limit
X-Pf-Uncompressing
Load-Balancing
X-Cache-Debug
X-ServedByHost
Esi-Enabled
RequestId
Lb
X-VCL-Version
X-Swift-Error
X-Reqid
Ttl
X-TH-Server
Who
Ohc-Cache-HIT
GeoIP-Country-Code
X-Esi-Check
X-Configured-By
X-Cache-Id
Dnion-Transfer-Encoding
X-Via-Ucdn
X-Tec-Api-Root
X-Tec-Api-Version
IBM-Web2-Location
X-SRV
X-AIR-PT
X-Tec-Api-Origin
X-Unique-ID
X-Datadome
GeoIP-Latitude
X-COUNTRY
GeoIP-City
UCS
X-Node-ID
X-Fastly-Country-Code
X-Country-IP
X-Gzip
X-Tb-Optimization-Total-Bytes-Saved
Pics-Label
Server-Int
Product
FSS-Cache
X-Fpc
Powered-By
X-Ocache
MIME-Version
LB
X-WA
X-VarnishDD-TTL
X-B3-SpanId
X-SERVER-NAME
X-PJAX-URL
X-Svr
X-RAMCache
Sid
Fastly-Soc-X-Request-Id
X-PF-Uncompressing
X-Powered-Y
Fastly-SSL
X-Fastly-Request-Id
Lfy
X-Action
X-Server-IP
X-Varnish-Url
X-Fastly-Backend-Reqs
X-WPE-Loopback-Upstream-Addr
X-Flog
X-Apw-Hits
X-MID
X-DB
X-DSS
X-ABtesting
X-Apw-Access-Token
X-DW
X-DI
X-Hello
FSS-Proxy
X-Apw-Access-Action
X-RPM
X-Varnish-Beresp-TTL
X-Apw-Access-Object
X-RSL
X-RPS
X-SD-PageType
X-Flow-Id
X-LiteSpeed-Cache-Control
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-BE
X-ElasticPress-Search
CDN
X-Render-Time
Host-ID
Requestid
Tcn
X-Agile-Brick-Ok
Amp-Access-Control-Allow-Source-Origin
Xet-Cookie
CF-IPCountry
L
C-Via
X-Amzn-Remapped-Connection
X-Aicache-OS
X-Amzn-Remapped-Date
SN
X-Cache-Backend
ProcessTime
X-B3-Parentspanid
X-Via-CDN
X-Compress-Hint
X-Debug-Revision
X-Debug-Controller
X-Check-Cacheable
Cneonction
X-HostName
X-Request-URL
X-Dw-Trace-Id
X-LB-ID
My-App
CloudFront-Viewer-Country
X-App
DataCenter
X-Request-Url
X-Nananana
WZWS-RAY
X-Fastly-Cache-Hits
X-MiniProfiler-Ids
X-User