Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
Referrer-Policy
CF-Ray
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Template
X-Language
X-Ua-Compatible
Status
Upgrade
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Server
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
X-Page-Speed
X-Request-ID
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
EagleEye-TraceId
X-Backend-Server
X-Host
X-Node
X-Vhost
X-Response-Time
NEL
X-Dispatcher
X-WebKit-CSP
X-Ac
X-Cache-Lookup
X-Readtime
X-Origin-Upstream-Status
Surrogate-Control
Content-Location
Request-Id
X-Application-Context
X-Ruxit-JS-Agent
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Country
X-DataDome
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Akam-SW-Version
Edge-Control
X-Rack-Cache
Rating
X-Url
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
RTSS
X-TtlSet
X-Vname
X-PC
X-Goog-Hash
X-FTR-Request-ID
X-DynaTrace
X-Varnish-TTL
X-ASPNET-VERSION
X-Country-Code
X-Instart-Request-ID
Allow
Service-Worker-Allowed
Content-MD5
X-GitHub-Request-Id
Verso
X-Server-Name
X-D2id
Pinterest-Generated-By
X-ESI
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Use-Magma
X-Kinja
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-MS-InvokeApp
SPRequestGuid
X-Cached
X-Navigation-Version
X-Powered-By-Plesk
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-Amz-Rid
Fusion-Deployment-Id
X-Debug
X-Trace
TCN
X-Vcache
Public-Key-Pins
X-Fastly-Request-ID
X-SharePointHealthScore
X-MSEdge-Ref
Nginx-Cache
X-B3-TraceId
X-Server-ID
X-VARITI-CCR
X-TEC-API-ORIGIN
X-Vcap-Request-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
MS-Author-Via
Charset
Arr-Disable-Session-Affinity
X-Ttl
X-Px
Accept-Ch
X-NF-Request-ID
X-Accel-Expires
X-Cache-TTL
Accept-CH
SPRequestDuration
SPIisLatency
X-Webkit-Csp
Edge-Cache-Tag
Realpath
X-Middleton-Response
X-Middleton-Display
Pagespeed
Display
Response
X-Content-Type
X-Ser
X-Fastcgi-Cache
X-Sol
X-Client-IP
Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Version
X-DynaTrace-JS-Agent
Accept-Ch-Lifetime
Accept-CH-Lifetime
NR-ENABLED
X-Powered-CMS
Front-End-Https
X-Pinterest-Rid
X-Id
Pinterest-Version
Access-Control-Request-Method
X-Dns-Prefetch-Control
X-Grace
X-Jurisdiction
AR-ATIME
X-Hp-Webp
AR-Request-ID
AR-PoweredBy
X-Upstream
S
X-Forwarded-For
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-T
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Hits
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
DynaTrace
X-Dw-Request-Base-Id
AR-CACHE
Ar-Sid
Fastcgi-Cache
ServerID
X-Shield-Request-Id
X-Mobile-URL
X-Node-Name
X-Cache-Hit
PB-PID
PB-RID
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Recruiting
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-Country-Code-Real
Powered
Server-Node
X-FTR-Realm
X-Frontend
X-HS-Content-Id
WPE-Backend
X-HS-Hub-Id
X-HS-Cache-Config
Arc-Version
X-Mobile-Rewrite
TP-Cache
TP-L2-Cache
X-Amzn-Trace-Id
X-FTR-Expires
AMP-Access-Control-Allow-Source-Origin
Upgrade-Insecure-Requests
X-DIS-Request-ID
X-TTL
X-Request-Received
X-Request-Processing-Time
X-Shard
X-Ezoic-Cdn
Refresh
X-HS-Combine-CSS
Alternate-Protocol
X-NWS-LOG-UUID
Fastly-Restarts
X-XRDS-Location
X-Correlation-Id
X-Logged-In
X-Varnish-Age
X-Microsite
X-Request-Handler-Origin-Region
Server-Name
X-FTR-Cache-Host
X-B
X-F-Cache
X-LB-Cache
X-Page-Id
X-Akamai-Edgescape
X-ATS-Timestamp
Backend-Timing
X-User-Agent
X-Rid
X-Geo-Country
MicrosoftSharePointTeamServices
X-N
X-Content-Security-Policy-Report-Only
X-XRDS-LOCATION
Host-Header
X-Kong-Upstream-Latency
X-Via-JSL
X-Kong-Proxy-Latency
Host
X-Zen-Fury
Cache-Status
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Origin-Server
X-Kinsta-Cache
X-Varnish-Grace
X-Content-Options
Healthy
X-Revision
X-B3-Sampled
X-AOL-HN
X-ATG-Version
X-TT
X-Cache-Action
X-FB-Debug
X-Type
X-Tumblr-User
X-Instance
X-Request-Guid
X-App-Environment
X-Signature
Paypal-Debug-Id
Section-Io-Cache
Actual-Object-TTL
X-Jobs
X-Tumblr-Pixel-0
X-Amz-Replication-Status
X-B-Cache
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Git-Hash
X-Debug-Info
X-Whom
Frame-Options
X-Varnish-Backend
X-Hostname
Fastcgi-Useragent
X-WebKit-CSP-Report-Only
X-Amz-Apigw-Id
Liferay-Portal
X-Content-Powered-By
X-Cluster
X-Seen-By
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cache-Rule
X-Cache-Operation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Cache-Age
Trailer
X-Srv
X-FastCGI-Cache
X-Amzn-Requestid
X-Az
X-Endurance-Cache-Level
X-PHP-Backend
X-Activity-Id
X-AppVersion
X-FireWall-Port
X-Cache-Key
Tracecode
X-Contextid
X-Framework
X-Daa-Tunnel
X-Cached-By
X-WA-Info
X-Host-Name
X-Mobile
X-Presslabs-Stats
Source
X-IPLB-Instance
Retry-After
X-Upgrade-Enabled
X-Response-Served-From
NGB
X-Accel-Buffering
Accept-Charset
X-ProcessESI
X-RemovedCookies
Srv
X-RateLimit-Remaining
X-UUID
Surrogate-Key
Xserver
X-Adobe-Loc
X-Adobe-Content
X-L-Path
X-GeoIP
X-Cache-NE
DC
X-Environment-Context
X-Tumblr-Pixel-1
Eomportal-Instance
X-FW-Type
X-Tumblr-Pixel-2
X-FW-Serve
X-FW-Server
X-Varnish-Server
X-RequestSource
X-Region
X-Is-Bot
X-FW-Static
X-FW-Hash
X-Rendered-As
Payment
X-Cacheable-TTL
X-Handled-By
Filters
X-Origin-Response-Time
X-Varnish-Hostname
From-Origin
X-UA-Device-Type
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
X-Wix-Request-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-EdgeConnect-Cache-Status
X-Backend-Name
X-APP-VERSION
X-Cache-2
Server-Info
X-Cache-Server
Cache-Tv-Group
X-CST
Filterid
MS-CV
X-NGENIX-Cache
Datacenter
X-TIME
X-Unique-Id
Version
X-Akamai-Transformed
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Object-Type
X-Status
X-Cache-Enabled
X-B3-Traceid
X-Cache-Time
X-Cache-Control
X-Mode
S-Cnection
GEO-INFO
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-CCM
Meta-Geo
X-Path-Route
X-Cache-Var
X-ES-SERVER
X-Cache-Var-Map
X-Dc
X-RN-RSRV
Cleartype
X-Forwarded-Host
X-ApacheServer
X-Via-Fastly
ServedBy
Cache-Tags
X-Hl-Ver
Country
X-Ua-Device
X-PERF
Webserver
X-R9-Blue-Green-Version
TWC-Device-Class
Decoy-Debug-Status
Decoy-Debug-TTL
Akamai-GRN
TWC-Connection-Speed
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Privacy
X-ShopId
Decoy-Debug-Key
TWC-GeoIP-LatLong
Webcakes-App-Name
X-VWS-Id
DB-Nickname
X-Tb
Origin-Edge-Control
OT-Force-Account-Verify
Property-Id
Cache-Key
Origin-Cache-Control
Now
Section-Origin-Responded
X-Vgn-Hpd-Reason
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
NGX
Section-Io-Id
X-Sorting-Hat-ShopId
X-AWS-Id
X-LJ-Flow-ID
X-Redis-Cache
Webcakes-Region
X-Human
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Origin
X-ProxyCache-Status
X-IPS-LoggedIn
X-Pubstack
X-RCS-CacheZone
X-Origin-Hint
X-TX-ID
X-ProxyCache-Key
X-Proto
X-FW-Dynamic
X-Alternate-Cache-Key
X-FC-Vary-Parameters
X-Cache-Status-Check
X-BYPASS-REASON
X-ServerID
X-Akamai-Request-ID2
X-ShardId
X-EIG-Tracking-Id
X-Device-Type
X-Debug-Cache
X-Sorting-Hat-PodId
Cross-Origin-Window-Policy
X-Routing-Service
X-Section
X-SaId
X-JoinUs
X-Content-Age
X-Site-Version
Selected-Fe
X-Access
X-Format
X-Generated
X-Proxied
Mn-Server-Ip
X-NCache
X-Proxy-Build
Azure-SiteName
X-Amzn-Remapped-Content-Length
X-Esi
X-Cache-Config
X-Detected-As
Ec-Rule-Version
Content-Disposition
X-Xfnlog-Site
X-Zipkin-Id
Access-Control-Request-Headers
X-IP
X-Locale
X-Pad
X-Soup
X-TNCMS
X-Web-Node
X-SayCDN-TTL
X-Say-TTL
X-Loop
X-Proxy-Cache-Status
X-Say-Cacheable
X-Www-Served-By
X-Hosted-By
X-Timing-Wait
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-InstanceId
X-Request-Time
X-Real-IP
X-Adobe-Source
S-Rt
X-FB-TRIP-ID
X-NYM-Debug-Backend
X-Viewer-Country
X-MP-GENERATED-AT
X-Varnish-Hits
X-CACHE-KEY
X-Cdn
X-Akamai-Request-ID
X-EC-Lua
X-Cache-Remote
Cache-Hits
X-HTML-Minification-Powered-By
X-Generated-By
X-BCube-Filmed-By
Node
X-NewRelic-App-Data
Nel
X-PressLabs-Stats
X-Geo
Odigeo-Trace-Id
X-Microcachable
X-No-Session
X-Rule
X-Drupal-Cache-Tags
Accept-Language
X-SS-Set-Cookie
FilterID
X-Amzn-RequestId
X-Uri
X-Cache-NGX
Cf-Ipcountry
X-RateLimit-Limit
X-Azure-Ref
X-From
X-RTag
X-App-Server
Ms-Operation-Id
X-CF-Powered-By
Time
X-Qloud-Router
X-OCL
X-Source
X-Backend-TTL
X-PCL
User-Agent
X-NWS-UUID-VERIFY
X-Edge-O15-RID
X-Varnish-Cache-Hits
Proxy-Connection
X-Labrador-Cache-Channel
X-PHP-Host
X-Hyper-Cache
X-Info
X-Old-Content-Length
X-GoCache-CacheStatus
Cache-Name
X-Cache-Grace
X-Storage
X-Nginx-Cache
X-Newrelic-Synthetics
X-UA
Uber-Trace-Id
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Viewtype
X-Rewrite-Enabled
X-Request-UUID
BehaviorPad-Version
X-Request-URI
X-ARC
X-Application
X-Rojux
VivaBuild
X-Drupal-Cache-Contexts
X-Session-Fingerprint
Rendered-Blocks
X-ScT
X-S
X-S-Cookie
AsisCache
X-Region-Sid
Apple-News-Services-Handled
ServerName
T-Server
X-CF-Lambda-Version
X-Cdn-Srv
X-CF-Lambda-Fn
A
Apple-News-Services-Host
X-OVcl
Apple-News-Services-Request-Url
True-Client-Country-4JS
Arc-Country
X-Processor
X-PAYTM-SRV-ID
X-OVcl-Cache
Apple-News-Services-Parsed-Url
X-Developer
X-CS
X-Accel-Expires-Debug
MD5-Digest
X-Vdms-Version
Meta-Geo-Continent
X-A-Wwc
X-Twitter-Response-Tags
X-A-Dcw
X-A-Dgt
X-Date
X-Destination
X-Aed
GEO-REGION-INFO
Machine
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-VG-WebCache
X-VG-WebServer
X-A-Dam
X-A-Ccd
X-B-Cookie
X-G
X-A
Request-Country
X-GeoIP-Country-Code
Request-EU
X-SRCache-Key
X-External-Request-Id
X-D
X-Trv-Group
X-Connection-Hash
X-Transaction
X-DPWN-IS-SECURE
Fastcgi-X-Cache-Version
Mobile-Detection-Method
Xc-Version
X-Cluster-Node
X-NC
X-Cluster-Name
X-Time
X-IN-APIGATEWAY
Cache-Cookie-Set-Lfrom
PFcat
Content-Script-Type
Content-Style-Type
X-Reboot
X-Core-Value
X-Generated-On
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Geo-Header
X-GeoIP-City
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Trafficlayer-App-Version
Thinkindot-CacheControl
X-Cache-Expired-At
X-VCache
X-Sn-Servicetimems
X-Served-From
X-Rocket-Nginx-Bypass
Viewport
X-Cdn-Origin
Server-Host
X-Level-Front-Cache
X-VCT
X-Trafficlayer-App-Name
X-VG-TLSProxy
X-Thinkindot-L3
X-Trafficlayer-App-Scope
X-Edge-Location
X-IN-APIGATEWAYSSL
X-Matched-Rule
X-ServiceProvider
X-Nc
User-Cache-Control
X-UnsetCookies
X-S-Maxage
X-Block-Status
X-Debug-Cache-Expiry
X-Auto-Login
X-Debug-Cache-Store
X-Backend-Host
X-BBXSRF
X-Bc-Bl
X-Debug-Cache-Fetch
X-Bip
X-FW-Version
X-Debug-Cookies
X-Cache-Info
X-Cache-URL
X-CGP
X-Cms-Context
X-Clara-WADP
X-DevSite-Last-Modified
X-Cache-FS-Status
X-Has-Esi
X-CUA
X-Cache-Bucket
X-Core-Mission
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Hash
X-Slack-Backend
X-SIPLIST1
X-Swa-Ws
X-Thanos
X-TrackingId
X-Trace-Id
X-Sigma-Backend
X-Sigma
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Rt-Fastcgi-Cache
X-Req
X-Server-W
X-Rocket-Build-Number
X-TT-TIMESTAMP
X-Tumblr-Pixel-3
X-Webstats-RespID
X-WebServer
X-Wikidot-Backend
X-Wikidot-Static-Cache
Memcached
N-Cache
X-WADP-Cache
X-VC-Cache
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Var-Ttl
X-Varnish-Authentication
X-Varnish-Cacheable
X-Proxy-Upstream
X-Owner
X-Fetched-On
X-Fastly-Cache
X-Fmm-Version
X-Gamma-Serve
X-Generated-In
X-Gen-Mode
X-Eu-Site
X-Epic-Correlation-Id
X-Device-Os
X-Developers
X-Dispatch
X-Dispatcher-Server
X-Distributor
X-Distil-CS
X-Hnp-Log
X-Instart-Isnd
X-NodeID
X-Nginx-Cache-Key
X-NX-Host
X-Backend-State
X-Origin-Expires
X-Origin-Date
X-Ms-Version
X-Ms-Request-Id
X-LAGOON
X-Irp-Debug
X-Logging-Id
X-Magnolia-Registration
X-Micro-Cache
X-Debug-Log
X-Li-Pop
IsBot
Kp-EeAlive
HA-Ipaddr
Ha-Gx-Prefs
Group
L5d-Success-Class
Locale
Pramga
On-Server
Mail-Subject
Locid
Gh-Request-Id
FNAC-ModuleRouting
AKAMAI
X-Varnish-Beresp-Ttl
X-VServer
X-App-Name
Cache-Host
CDCHOST
Fastly-Drupal-HTML
Country-Code
X-Servername
Powered-By-ChinaCache
X-LI-UUID
Heartbleed
Wxu-Next-Commit
Web-Mar-Node
We-Hiring
X-Agile-Id
Wxu-Next-Hostname
Wxu-Next-Region
X-JWT-State
X-Agile
X-Li-Fabric
X-Agile-Age
V-Age
W
Server-Cache-Control
X-Is-Gdpr
RNT-Machine
Server-ID
RNT-Time
Server-Surrogate-Control
X-LI-Proto
Fastly-SIE
X-Lb-Id
X-Generation-Time
Fastly-SWR
Is-Eu
X-Variation
X-Hit
X-Cache-Tags
X-Request-Host
X-Skip-Cache
Geo-Info
X-C
X-Rebelmouse-Surrogate-Control
Platform
X-Scheme
Countrycode
X-Rebelmouse-Cache-Control
Adler-Geo
X-Platform-Server
X-We-Are-Hiring
X-Clientip
Cloudfront-Viewer-Country
Mime-Version
X-Sucuri-ID
X-VHOST
X-Load-Cache
X-Node-Id
X-ND-Cache
X-Response-By
X-Service
X-URL
X-RESPONSE-TIME
X-Refresh
Cache
HitType
X-SN
X-Instart-Info
X-CLOUD-TRACE-CONTEXT
X-MCACHE
SD-X-WS
X-Edge
X-TA-CDN-Provider
X-B3-Spanid
Proxy-Firewall
X-CDN-Forward
X-APP
Environment
X-BACKEND-TTL
X-Varnish-URL
Vix-Hermes-Req-Id
X-Parent-Response-Time
X-Cache-PHP
Request-Time
X-Pjax-Url
Origin
X-ECACHE
X-Varnish-Ttl
Hostname
X-App-Version
X-Correlation-ID
X-Vdms-Path
M-TraceId
X-Mid
X-MSEdge-Flight
X-MSEdge-Features
X-CSRF-TOKEN
NM-Fastcgi-Cache
X-Wa
CF-Cached-On
X-Origin-TTL
X-Origin-CC
X-CSRF-Token
PICS-Label
Fastly-Backend-Name
X-Cdn-Forward
X-Up
X-Be
X-Ratelimit-Remaining
X-Ruxit-Js-Agent
Geoip-Latitude
X-FPC
Pagetype
Server-Ext
X-Server-Time
Geoip-City
Server-Hostname
Sever-Int
X-Ua
X-TT-LOGID
X-Webkit-CSP
X-Wix-Viewer-Type
GeoIp-Country-Code
Cdn-Request-Time
Pragrma
Cdn-Host
X-Edge-Server
HostName
X-Method
X-ECache
X-HS-Status
NtCoent-Length
TTL
X-Protected-By
X-AK-Request-ID
X-Vcl-Version
CACHE
Cdncip
X-Worker
X-Tec-Api-Version
Magicmarker
Cdn
X-Myra-Origin2
X-Newrelic-App-Data
X-Tec-Api-Root
X-Via-PopH
X-Tec-Api-Origin
Cdnsip
X-Via-PopV
X-Bc
X-Servedbyhost
X-Envoy-Upstream-Healthchecked-Cluster
X-Branch-Name
X-Litespeed-Cache
Resin-Trace
X-Referer
X-Request-Start
X-Zone
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Ohc-File-Size
X-GEO
X-Cache-Metadata
XServer
Memory
X-Air-Hostname
X-NU-AKA-ACS-Version
X-Azure-Ref-OriginShield
X-Cache-Host
X-Policy
Dt-Cache-Category
SRV
X-DC
X-Dynatrace-Js-Agent
Cteonnt-Length
X-Pinterest-Direct
X-NGINX-Cache
Release
X-Planisys-CDN-Rules
X-C-Zone
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-C-Key
X-ZONE
X-Oneagent-Js-Injection
X-FORWARDED-FOR
X-BC
X-Ratelimit-Limit
X-ServedByHost
X-Pf-Uncompressing
Lb
Esi-Enabled
X-VCL-Version
Load-Balancing
RequestId
X-Cache-Debug
X-Swift-Error
X-TH-Server
Ttl
X-Reqid
Who
Ohc-Cache-HIT
IBM-Web2-Location
Dnion-Transfer-Encoding
X-Esi-Check
X-Configured-By
X-SRV
X-Cache-Id
X-AIR-PT
X-Via-Ucdn
GeoIP-Country-Code
X-Unique-ID
X-Datadome
UCS
X-Country-IP
GeoIP-Latitude
Server-Int
X-Node-ID
X-Fastly-Country-Code
X-COUNTRY
X-Tb-Optimization-Total-Bytes-Saved
GeoIP-City
X-Gzip
Pics-Label
Product
X-Fpc
X-Ocache
FSS-Cache
Powered-By
MIME-Version
X-VarnishDD-TTL
X-WA
LB
X-B3-SpanId
X-Powered-Y
X-SERVER-NAME
X-RAMCache
X-PJAX-URL
X-Svr
Sid
Fastly-Soc-X-Request-Id
X-PF-Uncompressing
Fastly-SSL
X-Varnish-Url
X-Fastly-Backend-Reqs
X-Fastly-Request-Id
X-WPE-Loopback-Upstream-Addr
X-Action
X-Server-IP
Lfy
X-Hello
X-MID
X-DB
X-Apw-Hits
X-RPM
X-RPS
X-Varnish-Beresp-TTL
X-RSL
X-Apw-Access-Token
FSS-Proxy
X-Flog
X-ABtesting
X-DI
X-Apw-Access-Action
X-Apw-Access-Object
X-SD-PageType
X-DSS
X-DW
X-Agile-Brick-Ok
X-Render-Time
X-Page-Impression-Id
X-Flow-Id
Tcn
Xet-Cookie
X-Zalando-Child-Request-Id
Host-ID
X-BE
C-Via
Requestid
Amp-Access-Control-Allow-Source-Origin
X-LiteSpeed-Cache-Control
X-ElasticPress-Search
CDN
CF-IPCountry
Cneonction
X-Cache-Backend
ProcessTime
X-Via-CDN
X-Aicache-OS
X-Amzn-Remapped-Connection
X-B3-Parentspanid
X-Compress-Hint
X-Check-Cacheable
X-Debug-Revision
L
X-Debug-Controller
X-Amzn-Remapped-Date
SN
X-HostName
X-Dw-Trace-Id
WZWS-RAY
X-MiniProfiler-Ids
X-App
My-App
X-Request-URL
CloudFront-Viewer-Country
X-Request-Url
X-User
DataCenter
X-Nananana
X-Fastly-Cache-Hits
X-LB-ID