Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
CF-RAY
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Ua-Compatible
X-Iinfo
P3p
X-Template
X-Language
Status
Upgrade
X-AspNetMvc-Version
X-Content-Security-Policy
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Cache-Group
X-Ws-Request-Id
X-Pass-Why
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Robots-Tag
Xkey
X-Page-Speed
Feature-Policy
X-Hacker
X-Server-Powered-By
Request-Context
X-Pingback
Server-Timing
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Report-To
Cf-Railgun
X-Rq
X-OneAgent-JS-Injection
X-Device
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-LiteSpeed-Cache
X-Vhost
X-Server-Id
X-Host
EagleEye-TraceId
X-Backend-Server
NEL
X-Node
X-Response-Time
X-Dispatcher
X-WebKit-CSP
X-Ac
X-Cache-Lookup
X-Origin-Upstream-Status
Surrogate-Control
Request-Id
X-Readtime
X-Dns-Prefetch-Control
Content-Location
X-Application-Context
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
X-Ruxit-JS-Agent
X-ORACLE-DMS-ECID
X-DataDome
X-HW
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Akam-SW-Version
X-Country
Edge-Control
Rating
X-Rack-Cache
X-Cloud-Trace-Context
X-Clacks-Overhead
RTSS
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
X-FTR-Request-ID
Fusion-Deployment-Id
X-Country-Code
X-DynaTrace
X-Varnish-TTL
X-ASPNET-VERSION
Allow
X-GitHub-Request-Id
Verso
Accept-CH
Service-Worker-Allowed
X-Instart-Request-ID
X-MS-InvokeApp
X-D2id
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
Content-MD5
Accept-CH-Lifetime
X-Server-Name
Pinterest-Generated-By
SPRequestGuid
X-Powered-By-Plesk
X-Cached
X-Forwarded-Proto
X-Navigation-Version
X-Trace
TCN
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-Amz-Rid
X-SharePointHealthScore
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Public-Key-Pins
X-Fastly-Request-ID
X-Server-ID
Nginx-Cache
X-Vcap-Request-Id
X-MSEdge-Ref
X-Debug
X-VARITI-CCR
SPIisLatency
SPRequestDuration
Arr-Disable-Session-Affinity
X-B3-TraceId
Charset
X-Vcache
X-DynaTrace-JS-Agent
X-Cache-TTL
MS-Author-Via
X-Accel-Expires
X-NF-Request-ID
X-Ttl
Pagespeed
X-Middleton-Display
X-Middleton-Response
Response
Display
NR-ENABLED
X-Px
X-ESI
X-Sol
X-Content-Type
Realpath
X-Client-IP
Cache-Tag
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
X-Ser
Edge-Cache-Tag
Access-Control-Request-Method
X-Id
X-Powered-CMS
Pinterest-Version
X-Pinterest-Rid
X-Grace
WPE-Backend
Front-End-Https
X-Jurisdiction
X-Hp-Webp
X-Webkit-Csp
X-Shield-Request-Id
X-Upstream
X-T
X-Hits
X-Version
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
X-Node-Name
X-Fastcgi-Cache
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Cache-Hit
Fastcgi-Cache
X-Recruiting
ServerID
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Mobile-URL
AR-CACHE
Ar-Sid
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-TTL
X-Frontend
X-Request-Received
X-Request-Processing-Time
Server-Node
TP-Cache
TP-L2-Cache
Powered
X-XRDS-Location
PB-PID
X-FTR-Expires
PB-RID
X-DIS-Request-ID
Upgrade-Insecure-Requests
X-Mobile-Rewrite
Arc-Version
X-Ezoic-Cdn
X-Shard
Refresh
X-HS-Combine-CSS
Alternate-Protocol
Host-Header
Server-Name
X-Forwarded-For
X-FastCGI-Cache
X-Geo-Country
X-Amzn-Trace-Id
Accept-Ch
X-Microsite
X-Request-Handler-Origin-Region
X-NWS-LOG-UUID
Fastly-Restarts
X-Page-Id
X-Akamai-Edgescape
X-N
X-Rid
X-LB-Cache
X-Esi
X-F-Cache
X-FTR-Cache-Host
X-Logged-In
X-B
X-ATS-Timestamp
X-User-Agent
Backend-Timing
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Varnish-Age
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Cache-Key
MicrosoftSharePointTeamServices
Accept-Ch-Lifetime
X-Kinsta-Cache
X-Zen-Fury
Healthy
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Varnish-Grace
X-Revision
X-Origin-Server
X-XRDS-LOCATION
X-Jobs
X-Cache-Age
X-Request-Guid
X-Amzn-Requestid
X-App-Environment
Fastcgi-Useragent
X-Instance
X-Tumblr-User
X-Seen-By
X-Varnish-Backend
Host
Paypal-Debug-Id
X-ATG-Version
X-B-Cache
X-Signature
X-Tumblr-Pixel
X-Git-Hash
X-Tumblr-Pixel-0
X-Hostname
X-B3-Sampled
X-AOL-HN
Section-Io-Cache
X-FB-Debug
X-Type
X-TT
Actual-Object-TTL
X-Amz-Replication-Status
X-Cluster
X-Cache-Action
X-Whom
X-Debug-Info
Frame-Options
X-WebKit-CSP-Report-Only
Cache-Status
X-Content-Options
Access-Control-Allow-Method
X-Presslabs-Stats
Trailer
X-Endurance-Cache-Level
X-Cache-Rule
X-Cache-Operation
X-Contextid
X-Content-Powered-By
Source
X-Host-Name
X-Erf-Bev-Bev
X-Ua-Device
X-Erf-Bev-Bev-Is-Generated
Tracecode
Accept-Charset
X-Activity-Id
X-AppVersion
X-Az
X-SERVER
Liferay-Portal
X-Upgrade-Enabled
X-Litespeed-Cache
X-Amz-Apigw-Id
X-Daa-Tunnel
X-Tt-Trace-Tag
X-FireWall-Port
X-Tt-Trace-Host
X-IPLB-Instance
DC
X-APP-VERSION
X-PHP-Backend
From-Origin
X-Framework
X-RateLimit-Remaining
X-WA-Info
X-Response-Served-From
NGB
X-Accel-Buffering
X-RemovedCookies
X-ProcessESI
Srv
Retry-After
X-FW-Type
Surrogate-Key
X-FW-Static
X-Is-Bot
X-FW-Server
X-FW-Hash
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
VIX-Pulpo-Upstream-Status
X-FW-Serve
X-Rendered-As
VIX-Pulpo-Node
X-UUID
X-Environment-Context
X-L-Path
X-Cacheable-TTL
X-Adobe-Loc
Payment
X-Adobe-Content
X-Wix-Request-Id
X-Cache-NE
X-RequestSource
X-GeoIP
X-Region
X-Varnish-Server
Eomportal-Instance
X-Time-Microsecs
X-Mobile
Filters
X-Unique-Id
X-Handled-By
X-Cached-By
X-UA-Device-Type
X-Proxy
X-Varnish-Hostname
X-NGENIX-Cache
X-TIME
X-Origin-Response-Time
Filterid
X-Cache-TTL-Remaining
X-URL
Datacenter
X-Cache-Control
X-EdgeConnect-Cache-Status
X-Cache-Server
X-Akamai-Transformed
X-Webkit-CSP
X-Cache-Time
GEO-INFO
X-B3-Traceid
Xserver
X-CST
X-Backend-Name
MS-CV
Version
X-Srv
X-Status
X-COUNTRY
X-Rule
Odigeo-Trace-Id
Cache-Tags
X-Mode
X-Oneagent-Js-Injection
Server-Info
S-Cnection
X-Yottaa-Optimizations
X-Yottaa-Metrics
Cache-Tv-Group
X-Cache-Enabled
X-ES-SERVER
X-Cache-2
X-Path-Route
X-Cache-Var
X-Cache-Var-Map
X-CCM
Meta-Geo
OT-Force-Account-Verify
X-IP
X-Detected-As
Webserver
Azure-SlotName
Azure-InstanceId
X-Amzn-Remapped-Content-Length
Azure-RegionName
Azure-SiteName
X-FC-Vary-Parameters
Azure-Version
X-FW-Dynamic
Ec-Rule-Version
Cross-Origin-Window-Policy
X-Redis-Cache
X-Loop
S-Rt
X-TNCMS
X-RN-RSRV
DB-Nickname
X-SayCDN-TTL
TWC-GeoIP-LatLong
X-Say-TTL
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-Say-Cacheable
Webcakes-Region
Property-Id
X-PERF
TWC-Privacy
Webcakes-App-Version
X-Adobe-Source
Webcakes-App-Name
ServedBy
TWC-Locale-Group
Origin-Edge-Control
Origin-Cache-Control
X-TX-ID
X-Human
X-Hosted-By
X-ApacheServer
X-R9-Blue-Green-Version
X-Pubstack
X-Via-Fastly
X-Real-IP
NGX
X-NCache
Decoy-Debug-Status
Decoy-Debug-TTL
Cache-Hits
Decoy-Debug-Key
Country
X-Origin
X-Origin-Hint
Akamai-GRN
Cleartype
X-Forwarded-Host
X-Web-Node
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Node
Cache-Key
Now
X-AWS-Id
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Format
Content-Disposition
X-NYM-Debug-Backend
X-Hl-Ver
X-VWS-Id
X-Akamai-Request-ID2
X-Cache-NGX
X-Backend-TTL
X-Locale
X-LJ-Flow-ID
X-EIG-Tracking-Id
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Alternate-Cache-Key
X-RCS-CacheZone
X-ShopId
X-ServerID
X-ShardId
X-Site-Version
Section-Io-Id
X-Cache-Config
X-Sorting-Hat-PodId
X-ProxyCache-Key
X-Proxy-Build
X-Proxied
X-Proxy-Cache-Status
X-FB-TRIP-ID
X-BYPASS-REASON
X-BCube-Filmed-By
X-Content-Age
Selected-Fe
X-JoinUs
X-ProxyCache-Status
X-Routing-Service
X-Timing-Wait
X-Viewer-Country
X-HTML-Minification-Powered-By
X-Access
X-Cache-Status-Check
X-Device-Type
X-Section
X-Vgn-Hpd-Reason
X-MP-GENERATED-AT
X-Pinterest-Direct
X-Www-Served-By
X-Xfnlog-Site
Access-Control-Request-Headers
Mn-Server-Ip
X-SaId
X-Zipkin-Id
X-Debug-Cache
X-Microcachable
X-Tb
X-Shopify-Generated-Cart-Token
X-Proto
X-Soup
X-No-Session
X-Cache-Remote
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Dc
X-EC-Lua
X-Request-Time
X-VCache
X-Oss-Hash-Crc64ecma
X-Cdn
Cf-Ipcountry
X-Varnish-Hits
Accept-Language
X-Generated-By
X-Drupal-Cache-Tags
Time
X-Akamai-Request-ID
X-From
Nel
X-Pad
X-FORWARDED-FOR
X-NewRelic-App-Data
X-NC
X-CF-Powered-By
X-IPS-LoggedIn
X-Azure-Ref
X-RateLimit-Limit
X-Old-Content-Length
X-Geo
Uber-Trace-Id
X-Source
X-VCT
Ms-Operation-Id
X-RTag
X-CS
X-MCACHE
X-Cache-Grace
Cache-Name
X-Uri
X-Edge
X-UA
User-Agent
FilterID
X-ECACHE
X-NWS-UUID-VERIFY
X-PressLabs-Stats
X-PCL
X-CDN-Forward
X-PHP-Host
X-OCL
X-Nginx-Cache
X-Labrador-Cache-Channel
X-GoCache-CacheStatus
Cache
X-Qloud-Router
X-Ruxit-Js-Agent
X-APP
X-Varnish-Cache-Hits
X-Newrelic-Synthetics
X-Edge-Location
Proxy-Connection
X-Magnolia-Registration
X-Drupal-Cache-Contexts
X-Hyper-Cache
User-Cache-Control
X-Mid
X-A
Viewtype
Apple-News-Services-Host
True-Client-Country-4JS
X-A-Ccd
Apple-News-Services-Handled
X-A-Dcw
X-Aed
X-Application
X-Accel-Expires-Debug
X-A-Wwc
T-Server
X-A-Dgt
X-A-Dam
Request-EU
Machine
X-ARC
Apple-News-Services-Request-Url
GEO-REGION-INFO
Fastcgi-X-Cache-Version
AsisCache
Arc-Country
Apple-News-Services-Parsed-Url
MD5-Digest
Request-Country
BehaviorPad-Version
Rendered-Blocks
Mobile-Detection-Method
Memcached
Meta-Geo-Continent
ServerName
X-Date
X-S
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-Rojux
X-Rocket-Nginx-Bypass
X-Request-URI
X-Request-UUID
X-Rewrite-Enabled
X-SRCache-Key
X-Transaction
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-VG-WebCache
X-Vdms-Version
X-Trv-Group
X-Tumblr-Pixel-3
X-Twitter-Response-Tags
X-Region-Sid
X-Reboot
X-D
X-Destination
X-Developer
X-Connection-Hash
X-CF-Lambda-Version
X-Cache-Bucket
X-Cdn-Srv
X-CF-Lambda-Fn
X-DPWN-IS-SECURE
Xc-Version
X-Instart-Info
X-PAYTM-SRV-ID
X-Processor
X-Info
X-GeoIP-Country-Code
X-External-Request-Id
X-FW-Version
X-G
X-B-Cookie
VivaBuild
X-Amzn-RequestId
X-Sucuri-ID
X-Cache-Info
X-Cache-URL
X-Cache-ASPX
X-Block-Status
X-BBXSRF
X-Bc-Bl
X-Cdn-Origin
X-Contensis-Viewer-Groups
X-Fmm-Version
X-Gamma-Serve
X-Fastly-Cache
X-DevSite-Last-Modified
X-Core-Value
X-Backend-State
X-Auto-Login
Server-Cache-Control
Server-Host
SD-X-WS
Rt-Fastcgi-Cache
X-Has-Esi
X-Geo-Header
Server-Surrogate-Control
Thinkindot-CacheControl
Vix-Hermes-Req-Id
X-Gen-Mode
Web-Mar-Node
Viewport
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Backend-Host
X-Generated-On
X-WADP-Cache
X-Thinkindot-L3
X-We-Are-Hiring
X-Sn-Servicetimems
X-ServiceProvider
X-Slack-Backend
X-TrackingId
X-Trafficlayer-App-Name
Countrycode
X-VServer
X-VG-TLSProxy
X-Varnish-Authentication
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
X-Servername
X-Server-W
X-Li-Pop
X-LI-Proto
X-Li-Fabric
X-Level-Front-Cache
X-GeoIP-City
X-Hnp-Log
X-LI-UUID
X-Matched-Rule
X-Request-Host
X-Served-From
X-Webstats-RespID
X-Wikidot-Backend
X-Micro-Cache
X-Wikidot-Static-Cache
X-Is-Gdpr
X-Clara-WADP
X-UnsetCookies
Content-Style-Type
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Cluster-Node
X-JWT-State
Content-Script-Type
Gh-Request-Id
On-Server
Cache-Cookie-Set-Idcheck
N-Cache
X-S-Maxage
X-Cluster-Name
X-Storage
X-Clientip
X-CUA
X-Thanos
Fastly-Drupal-HTML
X-Core-Mission
Locale
X-Trace-Id
X-Ms-Version
X-Urbn-Site-Id
X-Bip
X-Scheme
Group
X-Cache-FS-Status
X-Ms-Request-Id
Fastly-SWR
FNAC-ModuleRouting
X-Cache-PHP
Fastly-SIE
CDCHOST
X-Sigma-Backend
X-Sigma
AKAMAI
X-Fetched-On
X-SIPLIST1
Country-Code
X-LAGOON
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-WebServer
X-Hash
X-Irp-Debug
X-Epic-Correlation-Id
Heartbleed
Adler-Geo
X-SN
X-Nginx-Cache-Key
X-Logging-Id
Cache-Host
X-Device-Os
X-Dispatch
X-Skip-Cache
X-Distributor
X-Distil-CS
X-Dispatcher-Server
X-Swa-Ws
X-Urbn-Context-Path
Locid
Kp-EeAlive
X-Owner
X-Rocket-Build-Number
X-Cms-Context
X-VC-Cache
IsBot
Is-Eu
We-Hiring
W
Platform
Server-ID
Mail-Subject
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
Proxy-Firewall
X-Rebelmouse-Surrogate-Control
X-RateLimit-Limit-Second
X-Generation-Time
X-Platform-Server
RNT-Time
RNT-Machine
X-Developers
Wxu-Next-Commit
V-Age
Wxu-Next-Hostname
X-Agile
X-App-Name
X-Agile-Id
X-Var-Ttl
X-TT-TIMESTAMP
X-Agile-Age
X-Origin-Expires
X-Req
X-Varnish-Cacheable
Wxu-Next-Region
X-Origin-Date
X-NodeID
X-Variation
X-App-Server
X-TA-CDN-Provider
X-Eu-Site
X-Response-By
X-Proxy-Upstream
HA-Ipaddr
Ha-Gx-Prefs
X-Generated-In
CF-Cached-On
Request-Time
X-Varnish-Beresp-Grace
X-Vdms-Path
A
NM-Fastcgi-Cache
X-Hit
X-Varnish-Beresp-Status
L5d-Success-Class
X-C
X-SS-Set-Cookie
X-CGP
X-B3-Spanid
X-Cache-Tags
X-NX-Host
X-Refresh
X-Debug-Cookies
X-Debug-Log
X-Cache-Expired-At
X-Instart-Isnd
X-OVcl-Cache
X-RESPONSE-TIME
X-OVcl
Server-Hostname
Server-Ext
Sever-Int
X-Debug-Cache-Fetch
X-Varnish-Beresp-Ttl
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-CSRF-Token
M-TraceId
Pagetype
PFcat
X-Protected-By
X-CLOUD-TRACE-CONTEXT
X-Node-Id
Mime-Version
HostName
X-CACHE-KEY
X-Varnish-URL
XServer
X-FPC
X-SRV
X-Method
X-GEO
X-Time
X-Via-PopH
X-Worker
X-MSEdge-Features
Magicmarker
X-Wa
X-Via-PopV
X-MSEdge-Flight
X-Parent-Response-Time
Origin
X-Branch-Name
X-Varnish-Ttl
Geo-Info
Geoip-Latitude
Geoip-City
Powered-By-ChinaCache
PICS-Label
X-Envoy-Upstream-Healthchecked-Cluster
X-Request-Start
X-Nc
X-Be
GeoIp-Country-Code
X-Policy
X-Lb-Id
Pramga
Memory
X-Service
X-Planisys-CDN-Cache
Cloudfront-Viewer-Country
X-Planisys-CDN-TTL
X-ND-Cache
X-Planisys-CDN-Rules
X-Load-Cache
X-Ratelimit-Remaining
X-C-Zone
HitType
X-SERVER-NAME
X-C-Key
Esi-Enabled
Environment
Who
X-CSRF-TOKEN
X-Pjax-Url
X-HS-Status
Cteonnt-Length
X-DC
X-Servedbyhost
Dt-Cache-Category
X-Wix-Viewer-Type
X-Bc
X-Via-Ucdn
X-VCL-Version
X-Zone
X-Reqid
X-ECache
X-Newrelic-App-Data
X-BACKEND-TTL
X-Azure-Ref-OriginShield
Ttl
X-Myra-Origin2
X-Country-IP
NtCoent-Length
X-Ua
X-Up
Fastly-Backend-Name
X-Referer
X-Cache-Metadata
TTL
Product
X-Origin-TTL
UCS
X-Cache-Host
X-Origin-CC
X-Cdn-Forward
X-Swift-Error
SRV
Pragrma
X-Server-Time
X-ZONE
X-TT-LOGID
X-Vcl-Version
X-BC
Hostname
X-Ratelimit-Limit
Cdn-Host
Cdn
Resin-Trace
X-Pf-Uncompressing
X-App-Version
X-Edge-Server
Cdn-Request-Time
X-Server-IP
X-ServedByHost
X-Fastly-Country-Code
X-NGINX-Cache
Cdncip
X-PJAX-URL
Release
Cdnsip
FSS-Cache
X-AK-Request-ID
X-Correlation-ID
Lb
Load-Balancing
CACHE
X-AIR-PT
X-Tec-Api-Version
X-Tec-Api-Origin
C-Via
X-NU-AKA-ACS-Version
X-Tec-Api-Root
Sid
X-Configured-By
X-Node-ID
X-Datadome
GeoIP-Country-Code
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
LB
X-Cache-Backend
GeoIP-City
My-App
X-Air-Hostname
GeoIP-Latitude
X-Location
Warning
Dnion-Transfer-Encoding
X-WPE-Loopback-Upstream-Addr
Ohc-File-Size
MIME-Version
X-UPSTREAM-Address
X-Tb-Optimization-Total-Bytes-Saved
X-Sucuri-Cache
X-Gzip
X-Esi-Check
X-BE
X-Cache-Id
X-WA
Ohc-Cache-HIT
X-TH-Server
X-Mvc-Supplant-Cachable
X-RAMCache
X-Svr
X-LiteSpeed-Cache-Control
X-Cache-Debug
X-Powered-Y
RequestId
X-Varnish-Url
Lfy
X-Fpc
X-Fastly-Request-Id
CDN
X-Mvc-Supplant-OutputCached
IBM-Web2-Location
Pics-Label
X-B3-SpanId
X-VarnishDD-TTL
X-Varnish-Beresp-TTL
X-Fastly-Backend-Reqs
Processtime
X-User
X-MID
X-B3-Parentspanid
X-Apw-Access-Action
Fastly-SSL
X-SD-PageType
X-Dynatrace-Js-Agent
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-Edge-O15-RID
Xet-Cookie
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Ocache
Host-ID
Server-Int
X-ElasticPress-Query
X-ElasticPress-Search
X-Flow-Id
X-Zalando-Child-Request-Id
X-Agile-Brick-Ok
Requestid
X-Page-Impression-Id
CF-IPCountry
X-Check-Cacheable
X-Debug-Revision
X-Debug-Controller
X-Aicache-OS
X-Via-NSCOPI
X-Envoy-Decorator-Operation
Powered-By
X-Unique-ID
Cneonction
X-Sucuri-Id
X-Akamai-ERRuleID
DataCenter
X-Cache-Tag
X-Akamai-ERPolicy
X-PF-Uncompressing
X-MiniProfiler-Ids
X-LB-ID
X-Request-URL
URI
CloudFront-Viewer-Country
X-Fastly-Cache-Hits
X-Nananana
X-Dw-Trace-Id
X-Request-Url