Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
CF-RAY
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
P3P
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-AspNetMvc-Version
P3p
X-Language
Status
X-Ua-Compatible
Upgrade
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-Request-ID
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Server
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Server-Id
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Vhost
X-Node
X-Response-Time
X-Cache-Lookup
X-Dispatcher
X-Ac
NEL
Surrogate-Control
X-Readtime
X-Origin-Upstream-Status
X-WebKit-CSP
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Country
X-DataDome
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Url
Edge-Control
X-Rack-Cache
Rating
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
X-DynaTrace
X-Country-Code
X-Instart-Request-ID
Allow
X-Varnish-TTL
X-ASPNET-VERSION
Content-MD5
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
X-Server-Name
X-D2id
Pinterest-Generated-By
X-ESI
X-Use-Magma
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-MS-InvokeApp
X-Webkit-Csp
SPRequestGuid
X-Powered-By-Plesk
X-Navigation-Version
X-Vcache
X-Cached
X-B3-TraceId
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-Debug
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Amz-Rid
Public-Key-Pins
X-Trace
X-Fastly-Request-ID
X-SharePointHealthScore
X-MSEdge-Ref
Nginx-Cache
Fusion-Deployment-Id
X-Vcap-Request-Id
TCN
X-VARITI-CCR
X-Ttl
Accept-Ch
X-Server-ID
MS-Author-Via
Arr-Disable-Session-Affinity
Charset
X-Px
X-Fastcgi-Cache
X-Accel-Expires
X-NF-Request-ID
X-Cache-TTL
SPRequestDuration
SPIisLatency
Edge-Cache-Tag
Realpath
X-Middleton-Display
Display
Response
X-Middleton-Response
Pagespeed
Accept-CH
X-Content-Type
X-Ser
X-Sol
Accept-Ch-Lifetime
X-Client-IP
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Cache-Tag
X-Version
X-DynaTrace-JS-Agent
NR-ENABLED
Front-End-Https
X-Powered-CMS
Access-Control-Request-Method
Pinterest-Version
X-Pinterest-Rid
X-Id
X-Grace
X-Hp-Webp
Accept-CH-Lifetime
X-Jurisdiction
AR-ATIME
AR-PoweredBy
AR-Request-ID
S
X-Upstream
X-Forwarded-For
X-Dns-Prefetch-Control
X-T
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Hits
X-Content-Digest
X-Amz-Meta-S3cmd-Attrs
X-Element-Page-Cache
DynaTrace
X-Dw-Request-Base-Id
Ar-Sid
AR-CACHE
Fastcgi-Cache
ServerID
X-Mobile-URL
X-Node-Name
X-Shield-Request-Id
X-Cache-Hit
PB-RID
PB-PID
X-Country-Code-Real
X-Recruiting
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-GUploader-UploadID
X-FTR-Backend-Server
Server-Node
Powered
X-Amzn-Trace-Id
Arc-Version
X-Frontend
X-Mobile-Rewrite
TP-Cache
X-HS-Content-Id
X-HS-Hub-Id
TP-L2-Cache
X-HS-Cache-Config
X-FTR-Expires
WPE-Backend
AMP-Access-Control-Allow-Source-Origin
X-DIS-Request-ID
X-Ezoic-Cdn
Upgrade-Insecure-Requests
X-Shard
X-Request-Received
X-Request-Processing-Time
X-NWS-LOG-UUID
Refresh
Alternate-Protocol
X-TTL
Fastly-Restarts
X-HS-Combine-CSS
X-Logged-In
X-Correlation-Id
X-Varnish-Age
X-XRDS-LOCATION
X-Microsite
X-Request-Handler-Origin-Region
Server-Name
X-FTR-Cache-Host
X-Akamai-Edgescape
X-B
X-F-Cache
X-Page-Id
X-LB-Cache
X-Rid
X-User-Agent
MicrosoftSharePointTeamServices
X-Geo-Country
X-Content-Security-Policy-Report-Only
X-XRDS-Location
X-N
Backend-Timing
X-ATS-Timestamp
X-Via-JSL
Host-Header
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Host
X-Zen-Fury
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Cache-Status
X-Origin-Server
X-Content-Options
X-Varnish-Grace
X-Kinsta-Cache
X-Revision
X-B3-Sampled
X-TT
X-AOL-HN
X-ATG-Version
Healthy
X-Tumblr-Pixel-0
Actual-Object-TTL
Paypal-Debug-Id
X-Tumblr-Pixel
X-Amz-Replication-Status
X-App-Environment
X-Request-Guid
X-Signature
X-Instance
X-Jobs
X-Cache-Action
X-FB-Debug
X-B-Cache
X-Tumblr-User
Access-Control-Allow-Method
Section-Io-Cache
X-Type
X-Varnish-Backend
X-Amz-Apigw-Id
X-Git-Hash
X-Debug-Info
X-Whom
Fastcgi-Useragent
Frame-Options
X-WebKit-CSP-Report-Only
X-Content-Powered-By
Liferay-Portal
X-Hostname
X-Cluster
X-Seen-By
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cache-Rule
X-Daa-Tunnel
X-Cache-Age
X-Erf-Bev-Bev-Is-Generated
X-Srv
X-Erf-Bev-Bev
X-Cache-Operation
X-Cache-Key
X-Az
X-AppVersion
X-PHP-Backend
X-Activity-Id
X-FireWall-Port
X-Endurance-Cache-Level
X-Framework
X-Cached-By
Tracecode
X-Contextid
Trailer
X-Amzn-Requestid
X-WA-Info
X-Mobile
Retry-After
Source
X-Host-Name
X-IPLB-Instance
Xserver
NGB
X-Response-Served-From
X-Accel-Buffering
X-Upgrade-Enabled
X-RemovedCookies
X-ProcessESI
Accept-Charset
Srv
X-Presslabs-Stats
Surrogate-Key
X-Tumblr-Pixel-1
X-Is-Bot
X-Rendered-As
X-Tumblr-Pixel-2
Payment
X-Adobe-Loc
DC
X-UUID
Eomportal-Instance
X-Adobe-Content
X-GeoIP
X-Region
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Type
X-Varnish-Server
X-L-Path
X-Environment-Context
X-Handled-By
X-Cacheable-TTL
X-Varnish-Hostname
Filters
X-RequestSource
X-Cache-NE
X-Origin-Response-Time
X-FastCGI-Cache
From-Origin
X-UA-Device-Type
X-CST
X-RateLimit-Remaining
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Backend-Name
X-Cache-2
Server-Info
X-Cache-Server
Cache-Tv-Group
Nel
MS-CV
X-NGENIX-Cache
X-APP-VERSION
Filterid
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Akamai-Transformed
Datacenter
Version
X-Cache-Enabled
X-TIME
X-Status
X-Unique-Id
X-Cache-Time
X-Yottaa-Metrics
X-Yottaa-Optimizations
S-Cnection
X-Dc
X-ES-SERVER
X-CCM
X-Cache-Var-Map
Meta-Geo
X-Cache-Control
X-Cache-Var
X-Path-Route
X-RN-RSRV
X-Mode
ServedBy
Country
Cleartype
X-Via-Fastly
GEO-INFO
X-IPS-LoggedIn
X-R9-Blue-Green-Version
X-Hl-Ver
Decoy-Debug-Status
DB-Nickname
Decoy-Debug-Key
Decoy-Debug-TTL
X-ServerID
X-ShopId
X-Shopify-Generated-Cart-Token
Origin-Edge-Control
Origin-Cache-Control
X-ShardId
X-Shopify-Stage
OT-Force-Account-Verify
X-Vgn-Hpd-Reason
NGX
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Pubstack
X-Proto
X-FC-Vary-Parameters
X-EIG-Tracking-Id
X-Akamai-Request-ID2
X-Forwarded-Host
X-FW-Dynamic
X-Redis-Cache
Cache-Tags
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Debug-Cache
X-Device-Type
X-ApacheServer
X-Alternate-Cache-Key
X-PERF
Now
X-Cache-Status-Check
X-Pad
Azure-SiteName
Azure-RegionName
Azure-SlotName
Cross-Origin-Window-Policy
Ec-Rule-Version
Content-Disposition
Azure-Version
TWC-GeoIP-LatLong
X-Generated
X-Hosted-By
X-Detected-As
X-Content-Age
X-Cache-Config
X-IP
X-JoinUs
X-Loop
X-NCache
X-Locale
X-LJ-Flow-ID
X-Origin-Hint
X-AWS-Id
X-Amzn-Remapped-Content-Length
TWC-Connection-Speed
TWC-Device-Class
Selected-Fe
X-Proxy-Build
Property-Id
TWC-GeoIP-Country
Azure-InstanceId
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
X-Proxy-Cache-Status
Akamai-GRN
X-Www-Served-By
X-Web-Node
X-SayCDN-TTL
Cache-Key
Section-Io-Origin-Status
Section-Io-Id
X-VWS-Id
X-TX-ID
X-Site-Version
X-Soup
X-Tb
X-Timing-Wait
X-TNCMS
Section-Io-Origin-Time-Seconds
X-Say-TTL
X-Human
X-ProxyCache-Key
X-SaId
X-ProxyCache-Status
X-BYPASS-REASON
X-Origin
Section-Origin-Responded
X-Say-Cacheable
X-FB-TRIP-ID
X-MP-GENERATED-AT
X-NYM-Debug-Backend
Access-Control-Request-Headers
X-Format
S-Rt
X-Viewer-Country
X-Varnish-Hits
X-Xfnlog-Site
X-Access
X-Section
X-Ua-Device
X-Request-Time
X-Geo
X-EC-Lua
Webserver
X-Real-IP
X-Proxied
Cache-Hits
Mn-Server-Ip
X-Generated-By
X-NewRelic-App-Data
X-PressLabs-Stats
X-HTML-Minification-Powered-By
X-RCS-CacheZone
X-Zipkin-Id
X-BCube-Filmed-By
X-Routing-Service
X-Cache-Remote
X-Esi
X-Akamai-Request-ID
Node
X-Adobe-Source
X-Cdn
X-CACHE-KEY
X-Amzn-RequestId
Odigeo-Trace-Id
X-Edge-O15-RID
X-No-Session
FilterID
X-B3-Traceid
X-Microcachable
X-SS-Set-Cookie
X-Rule
Accept-Language
X-Drupal-Cache-Tags
X-Uri
X-App-Server
Cf-Ipcountry
X-RTag
X-Azure-Ref
X-NWS-UUID-VERIFY
Ms-Operation-Id
X-OCL
X-PCL
Time
X-From
X-Cache-NGX
X-CF-Powered-By
User-Agent
X-Qloud-Router
X-Varnish-Cache-Hits
X-Source
X-RateLimit-Limit
Proxy-Connection
X-Hyper-Cache
X-Labrador-Cache-Channel
X-PHP-Host
X-Info
X-Nginx-Cache
X-Old-Content-Length
X-UA
X-Backend-TTL
X-Storage
X-Time
X-GoCache-CacheStatus
X-Nc
Cache-Name
X-Cache-Grace
X-Newrelic-Synthetics
Uber-Trace-Id
X-DPWN-IS-SECURE
X-External-Request-Id
GEO-REGION-INFO
X-G
X-Varnish-Beresp-Grace
Machine
Mobile-Detection-Method
MD5-Digest
Fastcgi-X-Cache-Version
Meta-Geo-Continent
BehaviorPad-Version
X-OVcl-Cache
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-PAYTM-SRV-ID
X-Varnish-Beresp-Status
X-OVcl
Arc-Country
A
X-GeoIP-Country-Code
X-Developer
X-Aed
X-Connection-Hash
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dcw
X-A-Dgt
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-B-Cookie
Xc-Version
X-ARC
X-Application
X-Cdn-Srv
X-A-Dam
X-A-Ccd
X-Destination
ServerName
Request-EU
Request-Country
Rendered-Blocks
T-Server
True-Client-Country-4JS
X-D
X-A
X-Date
VivaBuild
Viewtype
X-Processor
AsisCache
X-Rewrite-Enabled
X-Request-UUID
X-Request-URI
X-Cluster-Node
X-Vdms-Version
X-S-Cookie
X-ScT
X-S
X-Twitter-Response-Tags
X-VG-WebCache
X-Transaction
X-Rojux
X-SRCache-Key
X-Trv-Group
X-Region-Sid
X-Session-Fingerprint
X-VG-WebServer
X-CS
X-Cluster-Name
X-Magnolia-Registration
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Cache-Expired-At
X-IN-APIGATEWAY
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Viewport
X-ServiceProvider
X-VG-TLSProxy
Thinkindot-CacheControl
Server-Host
X-Sn-Servicetimems
PFcat
X-UnsetCookies
Thinkindot-CacheControl-Type
Thinkindot-Control
Content-Script-Type
X-Core-Value
X-Geo-Header
Content-Style-Type
X-Generated-On
X-Thinkindot-L3
X-Served-From
X-GeoIP-City
X-IN-APIGATEWAYSSL
X-Level-Front-Cache
X-Cdn-Origin
X-Reboot
X-Rocket-Nginx-Bypass
X-Matched-Rule
X-Trafficlayer-App-Version
X-Drupal-Cache-Contexts
X-S-Maxage
Rt-Fastcgi-Cache
User-Cache-Control
Geo-Info
X-Debug-Log
Server-Cache-Control
X-Debug-Cookies
X-VC-Cache
X-Thanos
Server-Surrogate-Control
X-Debug-Cache-Store
Server-ID
X-Bip
X-Swa-Ws
N-Cache
X-Cache-Bucket
X-Cache-FS-Status
X-Dispatcher-Server
On-Server
X-Dispatch
X-Cache-ASPX
Cache-Cookie-Set-From
X-Cache-Info
X-Slack-Backend
Pramga
X-Device-Os
X-Block-Status
X-BBXSRF
X-Urbn-Site-Id
X-Contensis-Viewer-Groups
X-Cms-Context
X-Clara-WADP
X-CGP
X-Urbn-Context-Path
Web-Mar-Node
X-CUA
X-SIPLIST1
X-Tumblr-Pixel-3
X-Core-Mission
We-Hiring
X-Debug-Cache-Expiry
V-Age
X-Backend-State
X-Debug-Cache-Fetch
X-Bc-Bl
Cache-Cookie-Set-Lfrom
X-Backend-Host
X-Auto-Login
X-TrackingId
X-Trace-Id
X-Var-Ttl
X-Varnish-Authentication
Cache-Cookie-Set-Idcheck
X-Eu-Site
X-Li-Fabric
X-LAGOON
X-VCT
X-Li-Pop
X-Edge-Location
X-LI-UUID
X-LI-Proto
X-JWT-State
X-Is-Gdpr
X-Hnp-Log
AKAMAI
X-Instart-Isnd
X-WADP-Cache
X-Irp-Debug
X-Sigma-Backend
X-Logging-Id
X-Micro-Cache
X-Load-Cache
X-Varnish-Beresp-Ttl
X-Request-Host
Powered-By-ChinaCache
X-Proxy-Upstream
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Owner
X-Origin-Expires
X-Ms-Version
X-Ms-Request-Id
X-NodeID
X-NX-Host
X-Origin-Date
X-Rocket-Build-Number
Cache-Host
X-VServer
Heartbleed
IsBot
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Group
Kp-EeAlive
L5d-Success-Class
X-Sigma
Memcached
Mail-Subject
X-Distributor
Locale
X-Fastly-Cache
X-Webstats-RespID
X-Has-Esi
X-Fetched-On
Country-Code
X-Gamma-Serve
X-Hash
X-FW-Version
X-Generated-In
X-Varnish-Ttl
X-Gen-Mode
X-WebServer
X-Platform-Server
X-Generation-Time
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Distil-CS
X-Cache-Tags
X-Wikidot-Static-Cache
X-Req
X-Skip-Cache
X-TT-TIMESTAMP
X-Clientip
X-Lb-Id
X-Server-W
X-We-Are-Hiring
X-Variation
X-Developers
X-Wikidot-Backend
X-Varnish-Cacheable
X-Nginx-Cache-Key
X-Cache-URL
Wxu-Next-Commit
Cloudfront-Viewer-Country
Platform
X-Servername
RNT-Time
X-DevSite-Last-Modified
Wxu-Next-Hostname
W
Locid
Is-Eu
Fastly-SIE
Countrycode
Fastly-SWR
FNAC-ModuleRouting
Adler-Geo
CDCHOST
Wxu-Next-Region
RNT-Machine
X-Agile-Age
Mime-Version
X-Agile-Id
X-Epic-Correlation-Id
X-Fmm-Version
X-Agile
Fastly-Drupal-HTML
X-App-Name
X-NC
X-Node-Id
X-C
X-Hit
X-Refresh
X-ND-Cache
X-BACKEND-TTL
X-Scheme
X-Service
X-Response-By
X-VHOST
X-Sucuri-ID
HitType
X-TA-CDN-Provider
X-RESPONSE-TIME
Cache
X-MCACHE
SD-X-WS
X-Edge
X-SN
X-Instart-Info
X-CLOUD-TRACE-CONTEXT
Environment
X-APP
X-B3-Spanid
X-Ratelimit-Remaining
X-Pjax-Url
X-CSRF-Token
X-Cdn-Forward
X-App-Version
Proxy-Firewall
X-VCache
Hostname
X-Varnish-URL
Vix-Hermes-Req-Id
X-Parent-Response-Time
X-CDN-Forward
X-MSEdge-Features
Request-Time
X-Cache-PHP
X-MSEdge-Flight
Origin
M-TraceId
X-Origin-CC
X-Origin-TTL
CF-Cached-On
Fastly-Backend-Name
NM-Fastcgi-Cache
X-Correlation-ID
X-Vdms-Path
X-Mid
X-Up
X-Server-Time
Geoip-Latitude
X-Wa
Geoip-City
X-FPC
X-ECACHE
X-Be
X-CSRF-TOKEN
Pragrma
Server-Hostname
Pagetype
X-Edge-Server
TTL
Server-Ext
Cdn-Request-Time
GeoIp-Country-Code
PICS-Label
X-ECache
Cdn-Host
Sever-Int
X-TT-LOGID
X-Ua
NtCoent-Length
X-Vcl-Version
Cdn
X-Webkit-CSP
X-Wix-Viewer-Type
CACHE
HostName
X-HS-Status
Cdnsip
Cdncip
X-AK-Request-ID
X-Protected-By
X-URL
Ohc-File-Size
X-SVT-ORM-VERSION
X-Method
X-SVT-ORM-RULES
X-Via-PopV
X-Via-PopH
X-Myra-Origin2
X-Newrelic-App-Data
X-Worker
X-Cache-Host
X-Envoy-Upstream-Healthchecked-Cluster
Memory
X-Zone
X-Litespeed-Cache
X-NU-AKA-ACS-Version
Magicmarker
X-Air-Hostname
X-Bc
X-Referer
X-Branch-Name
X-Ratelimit-Limit
X-Cache-Metadata
Cteonnt-Length
Resin-Trace
Dt-Cache-Category
X-Servedbyhost
X-ZONE
X-Azure-Ref-OriginShield
X-ServedByHost
X-Request-Start
X-BC
SRV
X-Dynatrace-Js-Agent
X-DC
X-Cache-Debug
X-C-Zone
X-Oneagent-Js-Injection
X-FORWARDED-FOR
X-Planisys-CDN-Cache
X-C-Key
RequestId
X-Policy
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Release
X-Pinterest-Direct
X-Pf-Uncompressing
X-GEO
X-Swift-Error
Ohc-Cache-HIT
Load-Balancing
X-TH-Server
X-Unique-ID
XServer
X-NGINX-Cache
X-VCL-Version
Esi-Enabled
X-Reqid
Who
IBM-Web2-Location
Lb
X-Tec-Api-Version
X-Esi-Check
Server-Int
GeoIP-Country-Code
X-Configured-By
Pics-Label
Ttl
X-SRV
X-Cache-Id
X-AIR-PT
X-Tec-Api-Origin
X-Tec-Api-Root
Dnion-Transfer-Encoding
X-Ruxit-Js-Agent
GeoIP-City
Powered-By
X-WA
X-Gzip
GeoIP-Latitude
X-COUNTRY
X-Country-IP
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Ucdn
UCS
X-Ocache
X-Datadome
X-Fastly-Country-Code
X-Node-ID
LB
Tcn
X-Fpc
Product
X-B3-SpanId
FSS-Cache
MIME-Version
Fastly-Soc-X-Request-Id
X-VarnishDD-TTL
Fastly-SSL
X-RAMCache
X-Svr
X-Powered-Y
Sid
X-Action
X-PF-Uncompressing
X-SERVER-NAME
X-RSL
X-Varnish-Url
X-DB
X-PJAX-URL
X-RPM
X-Server-IP
X-Fastly-Request-Id
X-RPS
X-Flog
X-DSS
X-DI
X-Hello
X-Fastly-Backend-Reqs
X-DW
X-ABtesting
Lfy
X-WPE-Loopback-Upstream-Addr
X-HostName
X-MID
FSS-Proxy
X-SD-PageType
X-Varnish-Beresp-TTL
Host-ID
X-Cache-Backend
X-Apw-Hits
Requestid
Amp-Access-Control-Allow-Source-Origin
X-Page-Impression-Id
Xet-Cookie
C-Via
X-Flow-Id
X-Zalando-Child-Request-Id
X-BE
X-LiteSpeed-Cache-Control
ProcessTime
X-Agile-Brick-Ok
X-Via-CDN
X-Render-Time
X-Apw-Access-Action
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Apw-Access-Token
X-Apw-Access-Object
X-ElasticPress-Search
CF-IPCountry
X-User
SN
X-Debug-Controller
X-Aicache-OS
X-Compress-Hint
X-B3-Parentspanid
WebServer
CDN
Cneonction
X-Debug-Revision
X-Check-Cacheable
WZWS-RAY
L
X-Litespeed-Cache-Control
X-UPSTREAM-Address
X-Beluga-Node
X-Beluga-Cache-Status
X-Fastly-Cache-Hits
X-Request-Url
X-Beluga-Record
X-Beluga-Trace
X-Beluga-Status
X-Beluga-Response-Time
X-Key
X-Dw-Trace-Id
X-Request-URL
X-Internal-Host
X-MiniProfiler-Ids
X-Nananana
DataCenter
X-LB-ID
CloudFront-Viewer-Country
X-App