Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
CF-RAY
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
CF-Ray
P3P
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
P3p
X-Cacheable
X-Ua-Compatible
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-Request-ID
X-Content-Security-Policy
X-CDN
X-Buckets
X-AspNetMvc-Version
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-AH-Environment
X-Turbo-Charged-By
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Server
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Server-Powered-By
Feature-Policy
X-Pingback
Server-Timing
Request-Context
X-Swift-SaveTime
X-Swift-CacheTime
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Server-Id
X-Rq
X-Device
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
NEL
X-Response-Time
X-Dispatcher
X-Ac
X-WebKit-CSP
X-Cache-Lookup
X-Origin-Upstream-Status
X-Readtime
Surrogate-Control
Request-Id
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-DataDome
X-Cnection
X-Country
X-Mod-Pagespeed
X-Url
X-Dns-Prefetch-Control
X-Akam-SW-Version
Edge-Control
X-Cloud-Trace-Context
Rating
X-Rack-Cache
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-TtlSet
X-Vname
X-PC
X-Goog-Hash
X-Country-Code
X-Varnish-TTL
X-DynaTrace
X-ASPNET-VERSION
X-Instart-Request-ID
Service-Worker-Allowed
X-GitHub-Request-Id
Verso
Allow
Fusion-Deployment-Id
Content-MD5
X-D2id
X-MS-InvokeApp
X-Cdn-Fetch
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Exp-Variant
Accept-CH
X-Server-Name
Pinterest-Generated-By
SPRequestGuid
X-Cached
X-ESI
X-Ttl
X-Powered-By-Plesk
X-Navigation-Version
X-Forwarded-Proto
X-Vcache
X-Trace
TCN
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Amz-Rid
X-TEC-API-ROOT
X-SharePointHealthScore
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Public-Key-Pins
X-Fastly-Request-ID
Accept-CH-Lifetime
Nginx-Cache
X-Debug
X-Vcap-Request-Id
X-MSEdge-Ref
X-VARITI-CCR
SPRequestDuration
SPIisLatency
Arr-Disable-Session-Affinity
Charset
MS-Author-Via
X-B3-TraceId
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
X-Px
Pagespeed
X-Middleton-Response
X-Middleton-Display
Display
Response
X-Content-Type
Realpath
X-Sol
NR-ENABLED
X-DynaTrace-JS-Agent
Edge-Cache-Tag
X-Ser
X-Client-IP
X-Fastcgi-Cache
Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Aspnetmvc-Version
S
Access-Control-Request-Method
X-Powered-CMS
X-Id
Front-End-Https
X-Version
X-Grace
X-Pinterest-Rid
Pinterest-Version
X-Jurisdiction
X-Hp-Webp
X-Upstream
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Webkit-Csp
X-T
X-Hits
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Shield-Request-Id
X-Dw-Request-Base-Id
WPE-Backend
DynaTrace
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Forwarded-For
Ar-Sid
Accept-Ch
AR-CACHE
X-Node-Name
Fastcgi-Cache
X-Server-ID
X-Cache-Hit
ServerID
X-Mobile-URL
X-Recruiting
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Powered
X-Correlation-Id
X-XRDS-Location
Server-Node
TP-L2-Cache
AMP-Access-Control-Allow-Source-Origin
PB-PID
TP-Cache
X-HS-Hub-Id
X-HS-Cache-Config
PB-RID
X-Frontend
X-HS-Content-Id
X-FTR-Expires
Arc-Version
X-Mobile-Rewrite
X-DIS-Request-ID
Upgrade-Insecure-Requests
X-Request-Received
X-Request-Processing-Time
Accept-Ch-Lifetime
Refresh
X-Shard
X-Ezoic-Cdn
X-HS-Combine-CSS
X-SERVER
X-Amzn-Trace-Id
Alternate-Protocol
X-NWS-LOG-UUID
Server-Name
X-Microsite
X-Request-Handler-Origin-Region
Host-Header
X-Logged-In
X-Geo-Country
X-Varnish-Age
Fastly-Restarts
X-FTR-Cache-Host
X-Page-Id
X-N
X-LB-Cache
X-F-Cache
X-Akamai-Edgescape
X-User-Agent
X-Rid
X-B
X-ATS-Timestamp
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
X-TTL
X-Via-JSL
X-Zen-Fury
Healthy
X-Kinsta-Cache
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Host
X-Varnish-Grace
X-Origin-Server
X-XRDS-LOCATION
X-Request-Guid
Cache-Status
X-Jobs
X-Hostname
X-Cache-Key
Fastcgi-Useragent
X-Content-Options
X-B-Cache
X-App-Environment
X-ATG-Version
X-Varnish-Backend
X-Whom
X-TT
X-FB-Debug
X-Git-Hash
X-AOL-HN
Section-Io-Cache
X-Instance
X-Signature
X-B3-Sampled
X-Cache-Action
X-Debug-Info
Paypal-Debug-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Revision
X-Amz-Replication-Status
X-Tumblr-User
Actual-Object-TTL
X-Type
Access-Control-Allow-Method
Frame-Options
X-WebKit-CSP-Report-Only
X-Seen-By
X-Cluster
X-FastCGI-Cache
X-Cache-Age
Trailer
X-Cache-Rule
X-Cache-Operation
X-Content-Powered-By
Liferay-Portal
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Endurance-Cache-Level
X-Contextid
Source
X-Activity-Id
X-AppVersion
X-Amz-Apigw-Id
X-Az
Tracecode
X-Host-Name
X-Tt-Trace-Host
X-PHP-Backend
X-Tt-Trace-Tag
X-Daa-Tunnel
X-FireWall-Port
X-Framework
X-WA-Info
X-Upgrade-Enabled
X-IPLB-Instance
Accept-Charset
Retry-After
DC
X-Mobile
NGB
X-Accel-Buffering
X-Response-Served-From
From-Origin
X-RemovedCookies
X-ProcessESI
Srv
X-Amzn-Requestid
X-Cached-By
X-Rendered-As
X-Is-Bot
X-UUID
X-FW-Server
X-FW-Type
X-Cacheable-TTL
Payment
X-Adobe-Loc
X-Adobe-Content
X-RateLimit-Remaining
Surrogate-Key
X-FW-Static
X-FW-Serve
X-FW-Hash
Eomportal-Instance
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-L-Path
X-Environment-Context
X-Varnish-Server
X-Region
X-GeoIP
X-Cache-NE
X-RequestSource
X-UA-Device-Type
X-Handled-By
Filters
X-Esi
Xserver
VIX-Pulpo-Upstream-Status
X-Wix-Request-Id
X-Presslabs-Stats
VIX-Pulpo-Node
X-Time-Microsecs
X-Origin-Response-Time
X-Cache-TTL-Remaining
X-Varnish-Hostname
X-Unique-Id
X-Srv
X-Proxy
X-NGENIX-Cache
X-APP-VERSION
X-Cache-Server
X-EdgeConnect-Cache-Status
Filterid
X-Webkit-CSP
X-B3-Traceid
Datacenter
MS-CV
X-Akamai-Transformed
X-Backend-Name
X-Cache-Time
X-Cache-Control
Server-Info
Version
Cache-Tv-Group
X-Cache-2
X-Status
X-Cache-Enabled
X-Mode
S-Cnection
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-PressLabs-Stats
Meta-Geo
X-Path-Route
X-CCM
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
X-Oss-Request-Id
X-Oss-Storage-Class
X-TNCMS
X-TIME
X-Oss-Object-Type
Ec-Rule-Version
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Detected-As
X-Loop
X-RN-RSRV
X-IP
Webserver
ServedBy
OT-Force-Account-Verify
X-Redis-Cache
X-ApacheServer
X-SayCDN-TTL
X-Adobe-Source
X-Say-Cacheable
Cache-Tags
X-Debug-Cache
Cleartype
Country
X-Say-TTL
X-Real-IP
X-R9-Blue-Green-Version
X-PERF
X-Via-Fastly
X-Proto
X-TX-ID
X-FC-Vary-Parameters
X-FW-Dynamic
S-Rt
X-Web-Node
X-Human
X-Hl-Ver
X-Forwarded-Host
Decoy-Debug-TTL
Content-Disposition
X-Amzn-Remapped-Content-Length
X-ProxyCache-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
TWC-Connection-Speed
Cache-Key
X-LJ-Flow-ID
Now
Akamai-GRN
X-Device-Type
Access-Control-Request-Headers
X-RCS-CacheZone
Webcakes-App-Version
X-Cache-Status-Check
Webcakes-App-Name
X-Cache-Config
X-Akamai-Request-ID2
X-AWS-Id
Webcakes-Region
X-Alternate-Cache-Key
TWC-Privacy
Section-Origin-Responded
X-Locale
NGX
X-ProxyCache-Key
Decoy-Debug-Key
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Decoy-Debug-Status
X-EIG-Tracking-Id
X-BYPASS-REASON
Origin-Edge-Control
TWC-GeoIP-LatLong
X-Sorting-Hat-ShopId
DB-Nickname
TWC-Locale-Group
Property-Id
X-Pubstack
X-Origin-Hint
Cache-Hits
TWC-Device-Class
TWC-GeoIP-Country
X-Origin
X-Proxy-Cache-Status
X-Soup
X-Tb
X-CST
Origin-Cache-Control
X-Hosted-By
X-ShardId
X-Sorting-Hat-PodId
X-VWS-Id
X-Generated
Odigeo-Trace-Id
X-ServerID
X-Shopify-Generated-Cart-Token
X-ShopId
X-Site-Version
X-Shopify-Stage
X-Vgn-Hpd-Reason
X-Format
X-Proxy-Build
X-Content-Age
X-MP-GENERATED-AT
X-JoinUs
X-FB-TRIP-ID
X-Proxied
X-Timing-Wait
X-BCube-Filmed-By
X-Cache-Remote
X-HTML-Minification-Powered-By
Azure-Version
X-NCache
X-Www-Served-By
Azure-RegionName
Azure-InstanceId
X-Zipkin-Id
X-Xfnlog-Site
X-Section
X-NYM-Debug-Backend
Azure-SlotName
Selected-Fe
X-Access
Mn-Server-Ip
Cross-Origin-Window-Policy
X-SaId
Azure-SiteName
X-Routing-Service
X-Request-Time
X-Ua-Device
X-Rule
X-Viewer-Country
Node
X-Amzn-RequestId
X-Backend-TTL
GEO-INFO
X-No-Session
X-Cache-NGX
X-Microcachable
X-Varnish-Hits
X-Akamai-Request-ID
X-Pad
X-EC-Lua
X-NewRelic-App-Data
X-Cdn
X-Geo
X-IPS-LoggedIn
X-Generated-By
X-Drupal-Cache-Tags
Accept-Language
Nel
Time
Cf-Ipcountry
X-From
FilterID
X-NWS-UUID-VERIFY
X-Azure-Ref
X-CF-Powered-By
X-RateLimit-Limit
X-NC
X-RTag
Ms-Operation-Id
X-Source
X-Dc
X-Uri
X-Old-Content-Length
User-Agent
X-CACHE-KEY
X-VCT
X-PHP-Host
X-Labrador-Cache-Channel
Uber-Trace-Id
X-OCL
X-PCL
X-Qloud-Router
X-Cache-Grace
Cache-Name
X-Varnish-Cache-Hits
X-Nginx-Cache
X-Time
X-GoCache-CacheStatus
Proxy-Connection
X-Newrelic-Synthetics
X-CS
X-App-Server
X-Hyper-Cache
X-SS-Set-Cookie
X-Drupal-Cache-Contexts
Geo-Info
X-Info
Cache
True-Client-Country-4JS
Viewtype
Request-EU
ServerName
Rendered-Blocks
T-Server
VivaBuild
Request-Country
Machine
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-MCACHE
A
Arc-Country
AsisCache
MD5-Digest
Meta-Geo-Continent
GEO-REGION-INFO
Fastcgi-X-Cache-Version
BehaviorPad-Version
Mobile-Detection-Method
X-CF-Lambda-Fn
X-Rojux
X-S
X-S-Cookie
X-ScT
X-Rocket-Nginx-Bypass
X-Rewrite-Enabled
X-Reboot
X-Region-Sid
X-Request-URI
X-Request-UUID
X-Session-Fingerprint
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Processor
X-PAYTM-SRV-ID
X-Aed
X-Application
X-ARC
X-B-Cookie
X-Accel-Expires-Debug
X-A-Wwc
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Cdn-Srv
X-Edge
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-GeoIP-Country-Code
X-Destination
X-Date
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-A
X-Developer
X-Storage
X-Edge-Location
User-Cache-Control
X-Cluster-Name
X-Magnolia-Registration
X-Backend-State
X-Block-Status
X-Pinterest-Direct
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
N-Cache
X-Cache-Expired-At
X-DevSite-Last-Modified
Content-Style-Type
Content-Script-Type
Memcached
X-VServer
X-ECACHE
X-Cdn-Origin
X-VG-TLSProxy
X-Trafficlayer-App-Name
X-Request-Host
X-CDN-Forward
X-Served-From
Viewport
X-Servername
Web-Mar-Node
X-ServiceProvider
Thinkindot-Control
Thinkindot-CacheControl-Type
Rt-Fastcgi-Cache
X-Cache-Bucket
Server-Host
X-Sn-Servicetimems
Thinkindot-CacheControl
X-Slack-Backend
X-Thinkindot-L3
X-Core-Value
X-Gen-Mode
X-Level-Front-Cache
X-LI-UUID
X-Generated-On
X-Geo-Header
Cache-Cookie-Set-Idcheck
X-Li-Fabric
X-FW-Version
X-LI-Proto
X-Matched-Rule
Cache-Cookie-Set-From
X-Li-Pop
X-GeoIP-City
Cache-Cookie-Set-Lfrom
X-Hnp-Log
X-Is-Gdpr
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Has-Esi
X-JWT-State
X-S-Maxage
X-Req
Wxu-Next-Region
X-Fetched-On
Wxu-Next-Hostname
X-Rocket-Build-Number
X-Bip
X-Bc-Bl
X-Eu-Site
X-Agile
X-Gamma-Serve
X-Agile-Id
X-Agile-Age
X-Hash
X-Scheme
X-LAGOON
X-App-Name
X-Generated-In
X-Cache-FS-Status
X-Debug-Cookies
X-Debug-Log
X-NX-Host
X-Origin-Date
X-Origin-Expires
X-CUA
X-OVcl
X-NodeID
X-Developers
X-Ms-Version
X-Distributor
X-Distil-CS
X-Dispatch
X-Nginx-Cache-Key
X-Device-Os
X-Ms-Request-Id
Wxu-Next-Commit
X-Core-Mission
X-Logging-Id
X-Cache-Tags
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Proxy-Upstream
X-Platform-Server
X-Owner
X-OVcl-Cache
X-Cms-Context
X-Cluster-Node
X-CGP
X-Clientip
X-Rebelmouse-Surrogate-Control
X-Skip-Cache
Country-Code
Countrycode
X-Cache-ASPX
X-BBXSRF
X-Cache-Info
X-Cache-URL
Cache-Host
CDCHOST
X-Clara-WADP
X-Backend-Host
Fastly-Drupal-HTML
Server-Cache-Control
SD-X-WS
We-Hiring
FNAC-ModuleRouting
Fastly-SWR
Fastly-SIE
X-Auto-Login
Server-Surrogate-Control
X-Contensis-Viewer-Groups
X-Debug-Cache-Expiry
X-WADP-Cache
X-Varnish-Authentication
X-Tumblr-Pixel-3
X-TrackingId
X-We-Are-Hiring
X-Webstats-RespID
X-Instart-Info
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Server-W
X-Micro-Cache
X-Fastly-Cache
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Fmm-Version
AKAMAI
X-Irp-Debug
X-APP
Adler-Geo
Gh-Request-Id
On-Server
X-WebServer
X-TT-TIMESTAMP
X-Trace-Id
Platform
X-Sigma
X-SIPLIST1
X-Urbn-Context-Path
X-Thanos
RNT-Machine
X-SN
V-Age
X-Instart-Isnd
X-Swa-Ws
X-Sigma-Backend
RNT-Time
Server-ID
X-Urbn-Site-Id
W
Is-Eu
IsBot
Kp-EeAlive
Heartbleed
HA-Ipaddr
Group
Ha-Gx-Prefs
Locale
L5d-Success-Class
X-Variation
X-Varnish-Cacheable
X-VC-Cache
Locid
X-Var-Ttl
Mail-Subject
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Hit
Proxy-Firewall
X-UnsetCookies
X-C
PFcat
X-Generation-Time
X-Response-By
X-UA
Vix-Hermes-Req-Id
X-Refresh
CF-Cached-On
X-Mid
X-CSRF-Token
X-Node-Id
X-Sucuri-ID
X-Varnish-Beresp-Ttl
X-RESPONSE-TIME
Mime-Version
X-Cache-PHP
Request-Time
X-TA-CDN-Provider
Powered-By-ChinaCache
NM-Fastcgi-Cache
X-CLOUD-TRACE-CONTEXT
X-Vdms-Path
X-Varnish-URL
M-TraceId
X-Parent-Response-Time
Pramga
X-Lb-Id
X-Ua
X-DC
Server-Hostname
Pagetype
X-Nc
X-VCache
X-Service
X-Wa
Cloudfront-Viewer-Country
Origin
X-ND-Cache
Server-Ext
Sever-Int
X-B3-Spanid
X-FORWARDED-FOR
X-MSEdge-Flight
X-Pjax-Url
X-MSEdge-Features
HitType
X-Varnish-Ttl
HostName
X-App-Version
X-Load-Cache
Environment
X-Method
PICS-Label
X-Via-PopV
X-Protected-By
X-FPC
Magicmarker
X-SRV
X-Worker
X-Via-PopH
X-Ratelimit-Remaining
X-Envoy-Upstream-Healthchecked-Cluster
X-C-Zone
X-C-Key
X-Request-Start
X-HS-Status
X-SERVER-NAME
X-Branch-Name
X-Be
X-Policy
Fastly-Backend-Name
X-Wix-Viewer-Type
Geoip-City
X-Up
Memory
Dt-Cache-Category
Geoip-Latitude
Hostname
GeoIp-Country-Code
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-BACKEND-TTL
X-Origin-CC
X-ECache
X-Origin-TTL
X-Servedbyhost
X-CSRF-TOKEN
X-GEO
XServer
X-URL
X-VCL-Version
Pragrma
NtCoent-Length
X-Newrelic-App-Data
X-Azure-Ref-OriginShield
X-Server-Time
X-Myra-Origin2
X-Zone
X-Bc
Esi-Enabled
Cteonnt-Length
Ttl
X-Edge-Server
Cdn-Host
Cdn-Request-Time
X-Referer
X-TT-LOGID
Who
X-Reqid
X-Litespeed-Cache
X-Edge-O15-RID
X-Cdn-Forward
X-Cache-Metadata
X-Cache-Host
Cdn
X-Correlation-ID
TTL
X-Via-Ucdn
X-Dynatrace-Js-Agent
SRV
Lb
X-BC
X-Country-IP
X-Fastly-Country-Code
X-Oneagent-Js-Injection
Resin-Trace
Cdnsip
Cdncip
UCS
X-Vcl-Version
GeoIP-Country-Code
Release
X-ZONE
X-AK-Request-ID
X-NU-AKA-ACS-Version
X-Ratelimit-Limit
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-ServedByHost
Product
Load-Balancing
GeoIP-Latitude
GeoIP-City
X-Pf-Uncompressing
CACHE
X-NGINX-Cache
X-Air-Hostname
Ohc-File-Size
X-Swift-Error
X-Cache-Id
X-Tec-Api-Version
X-Configured-By
X-AIR-PT
X-Tec-Api-Origin
X-Esi-Check
X-Tec-Api-Root
Sid
X-Ruxit-Js-Agent
LB
X-Server-IP
X-Node-ID
X-TH-Server
FSS-Cache
X-COUNTRY
Pics-Label
X-Datadome
X-WPE-Loopback-Upstream-Addr
X-Gzip
X-Fpc
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Debug
RequestId
Dnion-Transfer-Encoding
Ohc-Cache-HIT
IBM-Web2-Location
Warning
X-BE
X-B3-SpanId
MIME-Version
X-VarnishDD-TTL
X-WA
C-Via
X-PJAX-URL
X-RAMCache
X-Svr
Server-Int
X-Powered-Y
X-Fastly-Backend-Reqs
X-Fastly-Request-Id
X-Location
My-App
X-Varnish-Beresp-TTL
X-Varnish-Url
Powered-By
X-Ocache
Lfy
X-Apw-Access-Object
X-Mvc-Supplant-Cachable
X-SD-PageType
X-PF-Uncompressing
X-Sucuri-Cache
X-Apw-Access-Action
X-UPSTREAM-Address
X-Apw-Access-Token
X-Apw-Hits
X-MID
X-Unique-ID
X-Agile-Brick-Ok
Xet-Cookie
X-Zalando-Child-Request-Id
X-ElasticPress-Search
X-LiteSpeed-Cache-Control
Fastly-SSL
Fastly-Soc-X-Request-Id
Amp-Access-Control-Allow-Source-Origin
Cneonction
X-Sucuri-Id
X-Page-Impression-Id
X-Mvc-Supplant-OutputCached
Requestid
X-Cache-Backend
X-Flow-Id
X-ElasticPress-Query
CF-IPCountry
X-Compress-Hint
X-Aicache-OS
X-DW
X-DSS
X-DI
X-DB
X-Action
X-Debug-Controller
X-B3-Parentspanid
X-Check-Cacheable
X-Nananana
X-RSL
X-RPS
CDN
L
X-Debug-Revision
X-RPM
URI
X-Dw-Trace-Id
DataCenter
X-Request-Url
X-MiniProfiler-Ids
SN
X-ABtesting
CloudFront-Viewer-Country
X-LB-ID
X-Flog
FSS-Proxy
X-Hello
X-Request-URL
X-Fastly-Cache-Hits