Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
CF-Ray
Referrer-Policy
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
X-Request-Id
Alt-Svc
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
X-Ua-Compatible
Upgrade
Status
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-AH-Environment
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Server
X-Proxy-Cache
Xkey
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
X-Swift-SaveTime
X-Swift-CacheTime
Feature-Policy
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
X-Varnish-Cache
X-UA-Device
Grace
X-Request-ID
Cf-Railgun
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Node
X-Backend-Server
X-Vhost
X-Response-Time
X-Dispatcher
X-Ac
X-Cache-Lookup
NEL
X-Readtime
Surrogate-Control
X-WebKit-CSP
X-Origin-Upstream-Status
Content-Location
X-Ruxit-JS-Agent
Request-Id
X-Application-Context
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cloud-Trace-Context
X-Country
X-Mod-Pagespeed
X-Akam-SW-Version
X-DataDome
X-Rack-Cache
Rating
Edge-Control
X-Url
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Instart-Request-ID
X-Vname
X-TtlSet
X-PC
X-DynaTrace
X-Goog-Hash
Allow
X-Country-Code
Content-MD5
Verso
Service-Worker-Allowed
X-GitHub-Request-Id
X-Varnish-TTL
Pinterest-Generated-By
X-Server-Name
X-ESI
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-D2id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Vcache
X-MS-InvokeApp
SPRequestGuid
X-Powered-By-Plesk
X-Cached
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Navigation-Version
X-Debug
X-Forwarded-Proto
X-Webkit-Csp
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-B3-TraceId
X-Amz-Rid
X-MSEdge-Ref
X-Trace
Nginx-Cache
X-Fastly-Request-ID
Public-Key-Pins
X-SharePointHealthScore
X-Vcap-Request-Id
X-Server-ID
Accept-Ch
X-VARITI-CCR
MS-Author-Via
TCN
Charset
X-Fastcgi-Cache
Arr-Disable-Session-Affinity
Edge-Cache-Tag
X-Accel-Expires
X-Px
X-Cache-TTL
X-NF-Request-ID
Response
Pagespeed
X-Middleton-Response
Display
X-Middleton-Display
Realpath
X-Sol
Accept-Ch-Lifetime
SPRequestDuration
SPIisLatency
X-Version
X-Ser
X-Content-Type
X-Client-IP
AR-ATIME
Cache-Tag
AR-Request-ID
AR-PoweredBy
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ttl
Accept-CH
X-DynaTrace-JS-Agent
Front-End-Https
X-Powered-CMS
Pinterest-Version
X-Pinterest-Rid
AR-CACHE
Ar-Sid
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Dns-Prefetch-Control
X-Mrf-Item-Lastmod
Fusion-Deployment-Id
X-Mrf-Section-Lastmod
MRF-Tech
X-Id
Access-Control-Request-Method
X-Jurisdiction
X-Hp-Webp
X-Upstream
X-Grace
NR-ENABLED
X-Forwarded-For
X-Element-Page-Cache
X-T
X-Content-Digest
X-Hits
DynaTrace
X-Amz-Meta-S3cmd-Attrs
X-TTL
S
X-Dw-Request-Base-Id
X-Aspnet-Version
Accept-CH-Lifetime
Fastcgi-Cache
ServerID
X-Amzn-Trace-Id
X-Mobile-URL
X-Node-Name
X-FTR-Balancer
PB-PID
PB-RID
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-Ezoic-Cdn
X-Recruiting
X-Shard
X-HS-Cache-Config
X-HS-Hub-Id
Server-Node
X-HS-Content-Id
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Generation
Arc-Version
Powered
X-Frontend
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Mobile-Rewrite
TP-Cache
X-Cache-Hit
TP-L2-Cache
X-FTR-Expires
X-DIS-Request-ID
Fastly-Restarts
Upgrade-Insecure-Requests
X-HS-Combine-CSS
X-NWS-LOG-UUID
Alternate-Protocol
X-Shield-Request-Id
AMP-Access-Control-Allow-Source-Origin
X-Logged-In
X-Varnish-Age
X-Request-Received
X-Request-Processing-Time
Refresh
X-XRDS-LOCATION
X-Correlation-Id
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
MicrosoftSharePointTeamServices
X-FTR-Cache-Host
WPE-Backend
Server-Name
X-Content-Security-Policy-Report-Only
X-B
X-Page-Id
X-LB-Cache
X-F-Cache
X-Rid
X-Akamai-Edgescape
X-User-Agent
X-Geo-Country
X-Via-JSL
Cache-Status
X-Zen-Fury
X-N
X-XRDS-Location
X-Content-Options
Host
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Varnish-Grace
X-Amz-Apigw-Id
X-Revision
Host-Header
X-Kinsta-Cache
X-Type
X-B3-Sampled
X-Instance
X-Cache-Action
X-TT
X-Signature
X-Git-Hash
X-Tumblr-Pixel-0
X-Content-Powered-By
X-WebKit-CSP-Report-Only
X-Tumblr-User
X-FB-Debug
X-Tumblr-Pixel
X-Debug-Info
Access-Control-Allow-Method
X-Amz-Replication-Status
Paypal-Debug-Id
Actual-Object-TTL
X-AOL-HN
X-B-Cache
X-App-Environment
X-ATG-Version
X-Request-Guid
X-Jobs
X-Varnish-Backend
Liferay-Portal
Fastcgi-Useragent
X-Tt-Trace-Tag
Frame-Options
X-Whom
X-Tt-Trace-Host
X-Cached-By
Healthy
X-Srv
Section-Io-Cache
X-Cluster
X-PHP-Backend
X-Hostname
X-Framework
X-Seen-By
X-Cache-Key
X-CST
X-Cache-Rule
X-Daa-Tunnel
X-Az
X-Activity-Id
X-AppVersion
X-Cache-Operation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-FireWall-Port
X-WA-Info
Retry-After
X-Mobile
Tracecode
X-Contextid
X-Cache-Age
X-Endurance-Cache-Level
Xserver
X-Host-Name
X-IPLB-Instance
NGB
Source
X-Accel-Buffering
Accept-Charset
X-Response-Served-From
X-Upgrade-Enabled
X-Presslabs-Stats
Surrogate-Key
X-Cache-NE
DC
X-ProcessESI
Srv
Eomportal-Instance
X-Origin-Response-Time
X-RemovedCookies
X-Region
Payment
X-Edge-O15-RID
X-Is-Bot
X-Rendered-As
X-Tumblr-Pixel-1
X-Handled-By
X-Cacheable-TTL
Filters
X-Adobe-Content
X-Adobe-Loc
X-GeoIP
X-Tumblr-Pixel-2
X-FW-Serve
X-FW-Server
X-FW-Static
X-Varnish-Hostname
X-FW-Hash
X-FW-Type
X-Varnish-Server
X-L-Path
Trailer
X-Environment-Context
X-UUID
X-RequestSource
Server-Info
X-Amzn-Requestid
X-EdgeConnect-Cache-Status
X-Cache-2
X-RateLimit-Remaining
X-UA-Device-Type
X-Backend-Name
Nel
Cache-Tv-Group
From-Origin
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
X-FastCGI-Cache
X-Wix-Request-Id
X-Cache-Server
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Cache-Enabled
MS-CV
X-APP-VERSION
X-Akamai-Transformed
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Version
X-NGENIX-Cache
X-Amzn-RequestId
X-Status
X-IPS-LoggedIn
Datacenter
X-B3-Traceid
Filterid
X-Dc
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-SS-Set-Cookie
X-Unique-Id
S-Cnection
X-RN-RSRV
X-ES-SERVER
X-Pad
X-NewRelic-App-Data
X-Cache-Var-Map
X-Mode
X-CCM
X-Cache-Var
X-Path-Route
Meta-Geo
X-Section
X-TX-ID
X-Access
X-Format
X-NYM-Debug-Backend
Cache-Tags
Akamai-GRN
X-Via-Fastly
Country
Decoy-Debug-TTL
ServedBy
X-ApacheServer
X-Tb
X-Cache-Status-Check
X-PERF
X-Forwarded-Host
Decoy-Debug-Key
Decoy-Debug-Status
X-Ua-Device
X-Redis-Cache
X-Akamai-Request-ID
GEO-INFO
Cleartype
X-Origin
Origin-Cache-Control
Now
DB-Nickname
Content-Disposition
Cache-Key
Origin-Edge-Control
NGX
X-Akamai-Request-ID2
X-FC-Vary-Parameters
X-Pubstack
X-Request-Time
X-EIG-Tracking-Id
X-ProxyCache-Status
X-ProxyCache-Key
X-Device-Type
X-Generated-By
X-ServerID
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-Web-Node
X-ShardId
X-Say-TTL
X-SayCDN-TTL
X-Proxy-Cache-Status
X-Hosted-By
X-Amzn-Remapped-Content-Length
X-Hl-Ver
X-Alternate-Cache-Key
X-R9-Blue-Green-Version
X-Varnish-Hits
X-Say-Cacheable
X-Soup
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proto
X-Debug-Cache
X-Sorting-Hat-ShopId
X-Human
X-BYPASS-REASON
X-Cache-Config
X-Vgn-Hpd-Reason
OT-Force-Account-Verify
X-Cache-Remote
X-VWS-Id
X-Site-Version
X-Timing-Wait
Ec-Rule-Version
X-Detected-As
X-Www-Served-By
X-Esi
X-TNCMS
X-LJ-Flow-ID
Mn-Server-Ip
S-Rt
Selected-Fe
X-Viewer-Country
X-AWS-Id
X-BCube-Filmed-By
X-FW-Dynamic
Cross-Origin-Window-Policy
X-FB-TRIP-ID
X-Locale
X-JoinUs
X-IP
X-Loop
X-MP-GENERATED-AT
X-Cache-Time
X-NCache
X-SaId
Azure-InstanceId
X-Proxy-Build
X-PressLabs-Stats
X-Generated
Azure-RegionName
Azure-Version
Azure-SlotName
Azure-SiteName
X-Aspnetmvc-Version
X-Origin-Hint
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
TWC-Device-Class
Node
Property-Id
TWC-Privacy
TWC-GeoIP-Country
TWC-Connection-Speed
X-Content-Age
Webcakes-App-Name
TWC-GeoIP-LatLong
Webserver
X-Xfnlog-Site
X-Cache-Control
X-HTML-Minification-Powered-By
X-Zipkin-Id
X-TIME
X-App-Server
Access-Control-Request-Headers
X-Proxied
X-Routing-Service
X-RCS-CacheZone
FilterID
X-Real-IP
Cache-Hits
X-Geo
X-Drupal-Cache-Tags
X-Uri
X-EC-Lua
X-Time
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Accept-Language
Section-Io-Id
X-CACHE-KEY
X-No-Session
X-Varnish-Cache-Hits
X-Microcachable
X-Varnish-Ttl
X-Adobe-Source
X-OCL
X-Source
X-Qloud-Router
X-PCL
Cf-Ipcountry
Odigeo-Trace-Id
X-UA
X-Rule
X-Hyper-Cache
X-NWS-UUID-VERIFY
X-From
X-Load-Cache
X-Azure-Ref
Ms-Operation-Id
X-RTag
Time
User-Agent
X-Info
X-Storage
X-Labrador-Cache-Channel
X-PHP-Host
X-RateLimit-Limit
Proxy-Connection
X-Backend-TTL
X-Cluster-Node
Powered-By-ChinaCache
X-Nginx-Cache
X-Cache-NGX
X-Nc
X-TA-CDN-Provider
X-UnsetCookies
X-Magnolia-Registration
X-Newrelic-Synthetics
Machine
X-G
MD5-Digest
AsisCache
Arc-Country
Apple-News-Services-Request-Url
X-External-Request-Id
X-DPWN-IS-SECURE
BehaviorPad-Version
Mobile-Detection-Method
Apple-News-Services-Parsed-Url
GEO-REGION-INFO
Fastcgi-X-Cache-Version
X-Developer
Rendered-Blocks
Meta-Geo-Continent
X-GeoIP-Country-Code
X-Date
True-Client-Country-4JS
Viewtype
X-D
X-ND-Cache
X-OVcl
X-OVcl-Cache
X-PAYTM-SRV-ID
X-Connection-Hash
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Edge-Location
VivaBuild
A
Request-EU
Request-Country
Apple-News-Services-Handled
X-Destination
X-Drupal-Cache-Contexts
X-Region-Sid
T-Server
X-Processor
Apple-News-Services-Host
X-Rewrite-Enabled
X-Transaction
X-Trv-Group
X-Application
X-Twitter-Response-Tags
X-CF-Lambda-Version
X-Aed
X-A-Wwc
X-SRCache-Key
X-Accel-Expires-Debug
X-ARC
Xc-Version
X-VG-WebServer
Rt-Fastcgi-Cache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-VG-WebCache
X-VG-TLSProxy
X-Cdn-Srv
X-B-Cookie
X-Vdms-Version
X-A-Dgt
X-CF-Lambda-Fn
X-Rojux
X-A-Dcw
X-A
X-S-Cookie
X-A-Dam
X-Request-UUID
X-A-Ccd
X-ScT
X-Request-URI
X-Session-Fingerprint
X-S
Mime-Version
X-Old-Content-Length
X-GoCache-CacheStatus
X-Cluster-Name
Geo-Info
Uber-Trace-Id
X-Cache-Expired-At
X-Backend-State
X-Rocket-Build-Number
X-C
X-SERVER
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Content-Script-Type
Content-Style-Type
X-GeoIP-City
X-Developers
X-Geo-Header
X-CF-Powered-By
CDCHOST
L5d-Success-Class
X-Wikidot-Static-Cache
X-Agile
X-Agile-Age
X-Agile-Id
ServerName
Locid
X-CGP
X-Eu-Site
X-Sigma
Viewport
X-Distil-CS
HA-Ipaddr
X-Sigma-Backend
X-Wikidot-Backend
W
Ha-Gx-Prefs
HitType
X-Served-From
X-TT-TIMESTAMP
Cache-Name
X-Cache-Grace
X-Distributor
X-Cache-ASPX
X-Cache-FS-Status
X-Epic-Correlation-Id
X-Debug-Cache-Store
X-CUA
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-CS
X-Core-Value
X-Cms-Context
X-Clara-WADP
X-Contensis-Viewer-Groups
X-Clientip
X-Debug-Cookies
X-Device-Os
X-DevSite-Last-Modified
X-Dispatch
X-Cache-Info
X-Cache-Tags
X-Debug-Log
X-Cdn-Origin
X-Dispatcher-Server
X-Reboot
X-Swa-Ws
X-Sn-Servicetimems
X-Slack-Backend
X-Thanos
X-Thinkindot-L3
X-TrackingId
X-Trace-Id
X-Skip-Cache
X-ServiceProvider
X-Block-Status
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Request-Host
X-Rocket-Nginx-Bypass
X-Service
X-Servername
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-We-Are-Hiring
X-WADP-Cache
X-VServer
X-WebServer
X-Webstats-RespID
X-Varnish-Cacheable
X-App-Name
X-VC-Cache
X-Varnish-Authentication
X-Tumblr-Pixel-3
X-Trafficlayer-App-Version
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Variation
X-Var-Ttl
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Instart-Isnd
X-Hnp-Log
X-Hit
X-Irp-Debug
X-Is-Gdpr
X-LAGOON
X-JWT-State
X-Hash
X-Has-Esi
X-Gamma-Serve
X-FW-Version
X-Fetched-On
X-Gen-Mode
X-Generated-In
X-Generation-Time
X-Generated-On
X-Level-Front-Cache
X-Li-Fabric
X-Origin-Date
X-NX-Host
X-NodeID
X-Origin-Expires
X-Owner
X-Proxy-Upstream
X-Platform-Server
X-Ms-Version
X-Ms-Request-Id
X-LI-Proto
X-Li-Pop
X-LI-UUID
X-Logging-Id
X-Micro-Cache
X-Matched-Rule
X-Fastly-Cache
X-Cache-Bucket
Server-Surrogate-Control
Server-ID
Server-Host
Is-Eu
X-Bip
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Cache-Control
Kp-EeAlive
Memcached
N-Cache
PFcat
Platform
Pramga
Locale
Mail-Subject
Heartbleed
User-Cache-Control
Countrycode
Environment
X-BBXSRF
Country-Code
Cache-Host
X-Varnish-Beresp-Ttl
Adler-Geo
AKAMAI
On-Server
Fastly-Drupal-HTML
Group
Web-Mar-Node
We-Hiring
X-Auto-Login
Gh-Request-Id
Fastly-SIE
Fastly-SWR
V-Age
X-NC
Hostname
X-Server-W
X-Cache-URL
X-Core-Mission
X-Nginx-Cache-Key
RNT-Time
X-SIPLIST1
IsBot
RNT-Machine
Cloudfront-Viewer-Country
X-Lb-Id
X-Sucuri-ID
X-S-Maxage
X-Node-Id
X-VHOST
X-Req
X-Backend-Host
X-Response-By
Wxu-Next-Hostname
X-RESPONSE-TIME
Wxu-Next-Region
FNAC-ModuleRouting
X-Bc-Bl
Wxu-Next-Commit
Cache-Cookie-Set-Idcheck
X-BACKEND-TTL
Cache-Cookie-Set-Lfrom
X-Parent-Response-Time
X-Ratelimit-Remaining
X-Refresh
X-CLOUD-TRACE-CONTEXT
X-Origin-TTL
Cache-Cookie-Set-From
X-Origin-CC
X-Up
X-Fmm-Version
X-App-Version
X-VCT
X-Cdn-Forward
X-Pjax-Url
X-Scheme
Fastly-Backend-Name
X-CSRF-Token
X-Server-Time
X-VCache
X-CDN-Forward
Cache
X-B3-Spanid
Pragrma
X-Edge-Server
X-TT-LOGID
Cdn-Request-Time
Cdn-Host
X-Varnish-URL
X-MSEdge-Features
X-MSEdge-Flight
X-Correlation-ID
X-SN
SD-X-WS
X-Instart-Info
X-FPC
X-APP
Origin
Cdnsip
Cdncip
Proxy-Firewall
Geoip-Latitude
X-AK-Request-ID
PICS-Label
Geoip-City
X-Cache-Host
X-CSRF-TOKEN
X-MCACHE
Ohc-File-Size
X-Edge
Request-Time
X-Wa
X-SVT-ORM-VERSION
Vix-Hermes-Req-Id
M-TraceId
CACHE
GeoIp-Country-Code
X-Cache-PHP
X-SVT-ORM-RULES
X-ECACHE
X-Air-Hostname
X-NU-AKA-ACS-Version
TTL
X-Vcl-Version
NtCoent-Length
NM-Fastcgi-Cache
Cdn
X-HS-Status
X-Ua
X-Vdms-Path
X-Wix-Viewer-Type
X-URL
X-Webkit-CSP
X-Cache-Debug
X-Pf-Uncompressing
X-Myra-Origin2
Resin-Trace
RequestId
X-Ratelimit-Limit
CF-Cached-On
Ohc-Cache-HIT
X-Be
X-Mid
X-TH-Server
Server-Ext
Memory
Server-Hostname
X-ServedByHost
Sever-Int
X-Cache-Metadata
X-Zone
Pagetype
Magicmarker
X-Bc
IBM-Web2-Location
X-Method
Tcn
X-ECache
SRV
X-Dynatrace-Js-Agent
HostName
X-Servedbyhost
X-Oneagent-Js-Injection
X-Worker
Cteonnt-Length
X-FORWARDED-FOR
Release
X-GEO
Server-Int
Load-Balancing
X-Via-PopH
X-Ocache
X-BC
Dnion-Transfer-Encoding
X-ZONE
X-Via-PopV
X-Swift-Error
X-NGINX-Cache
X-Unique-ID
X-DC
X-Newrelic-App-Data
XServer
X-Protected-By
X-Tb-Optimization-Total-Bytes-Saved
Lb
X-Referer
X-Envoy-Upstream-Healthchecked-Cluster
X-Request-Start
X-Azure-Ref-OriginShield
Powered-By
Dt-Cache-Category
X-Tec-Api-Root
X-Esi-Check
X-Cache-Id
X-Tec-Api-Origin
X-Branch-Name
X-Tec-Api-Version
Ttl
X-SRV
Fastly-Soc-X-Request-Id
X-VCL-Version
X-AIR-PT
X-Policy
X-Configured-By
X-Ruxit-Js-Agent
Pics-Label
X-Action
X-COUNTRY
GeoIP-Country-Code
X-Fastly-Country-Code
X-WA
Esi-Enabled
X-Gzip
X-B3-SpanId
X-Datadome
X-Planisys-CDN-Cache
X-Node-ID
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Fastly-SSL
GeoIP-City
X-Reqid
GeoIP-Latitude
X-ABtesting
X-Flog
X-Hello
X-DW
X-DSS
X-DB
X-DI
X-RSL
X-RPS
X-RPM
X-C-Zone
MIME-Version
X-C-Key
X-Via-Ucdn
Who
Host-ID
X-Fpc
X-VarnishDD-TTL
X-Cache-Backend
X-HostName
X-Via-CDN
ProcessTime
X-PF-Uncompressing
X-Render-Time
X-Powered-Y
X-Svr
X-SERVER-NAME
LB
Amp-Access-Control-Allow-Source-Origin
X-User
X-UPSTREAM-Address
Lfy
X-Country-IP
UCS
X-Amzn-Remapped-Connection
X-Fastly-Request-Id
X-Amzn-Remapped-Date
X-Fastly-Backend-Reqs
X-Varnish-Url
X-PJAX-URL
X-MID
X-Beluga-Response-Time
X-Beluga-Node
Sid
X-Beluga-Status
X-Beluga-Cache-Status
X-Key
X-Varnish-Beresp-TTL
FSS-Cache
X-SD-PageType
FSS-Proxy
X-Beluga-Trace
Product
X-Beluga-Record
X-RAMCache
Xet-Cookie
X-Flow-Id
X-WPE-Loopback-Upstream-Addr
X-Zalando-Child-Request-Id
X-Sucuri-Cache
X-Page-Impression-Id
X-Agile-Brick-Ok
Requestid
X-B3-Parentspanid
X-Internal-Host
SN
X-LiteSpeed-Cache-Control
X-BE
CF-IPCountry
X-Pinterest-Direct
X-Aicache-OS
X-Location
X-Debug-Revision
X-Check-Cacheable
X-Request-Url
X-Compress-Hint
X-Tid
L
X-Server-IP
WebServer
X-Apw-Access-Action
X-Apw-Access-Object
WZWS-RAY
CDN
X-Apw-Access-Token
X-Debug-Controller
X-Apw-Hits
X-Litespeed-Cache-Control
X-Sucuri-Id
Servername
DataCenter
X-Dw-Trace-Id
Cneonction
X-Nananana
X-ElasticPress-Search
CloudFront-Viewer-Country
X-Fastly-Cache-Hits
X-Request-URL
X-MiniProfiler-Ids
X-LB-ID
X-App