Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
CF-RAY
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-Ua-Compatible
Timing-Allow-Origin
X-Iinfo
P3p
X-Template
X-Language
Status
Upgrade
X-Content-Security-Policy
X-AspNetMvc-Version
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
EagleId
Xkey
X-Page-Speed
Feature-Policy
X-Hacker
X-Server-Powered-By
Request-Context
X-Pingback
Server-Timing
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Grace
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Report-To
Cf-Railgun
X-OneAgent-JS-Injection
X-Rq
X-Device
X-LiteSpeed-Cache
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Vhost
X-Host
X-Backend-Server
EagleEye-TraceId
NEL
X-Node
X-Response-Time
X-Dispatcher
X-WebKit-CSP
X-Ac
X-Cache-Lookup
X-Origin-Upstream-Status
Surrogate-Control
Request-Id
X-Dns-Prefetch-Control
X-Readtime
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-DataDome
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Rack-Cache
X-Url
X-Cloud-Trace-Context
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Goog-Hash
X-PC
X-TtlSet
X-FTR-Request-ID
X-Vname
Fusion-Deployment-Id
X-Country-Code
X-DynaTrace
X-Varnish-TTL
X-ASPNET-VERSION
Allow
X-GitHub-Request-Id
Verso
Service-Worker-Allowed
X-Instart-Request-ID
X-MS-InvokeApp
Accept-CH
X-D2id
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Kinja
Content-MD5
X-Server-Name
SPRequestGuid
X-Cached
X-Powered-By-Plesk
Pinterest-Generated-By
X-Forwarded-Proto
X-Navigation-Version
X-Trace
Accept-CH-Lifetime
X-Amz-Server-Side-Encryption
TCN
X-Abt-Application-Version
X-Amz-Rid
X-SharePointHealthScore
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Public-Key-Pins
X-Fastly-Request-ID
Nginx-Cache
X-Vcap-Request-Id
X-MSEdge-Ref
X-Debug
X-Vcache
X-Ttl
SPIisLatency
SPRequestDuration
X-VARITI-CCR
Arr-Disable-Session-Affinity
Charset
X-ESI
X-Cache-TTL
X-DynaTrace-JS-Agent
MS-Author-Via
X-Accel-Expires
X-NF-Request-ID
X-Server-ID
Display
X-Middleton-Response
NR-ENABLED
Pagespeed
Response
X-Middleton-Display
X-B3-TraceId
X-Px
X-Sol
X-Content-Type
X-Client-IP
Cache-Tag
Realpath
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
Edge-Cache-Tag
Access-Control-Request-Method
X-Ser
X-Id
X-Powered-CMS
WPE-Backend
X-Grace
Front-End-Https
X-Pinterest-Rid
Pinterest-Version
X-Hp-Webp
X-Jurisdiction
X-Webkit-Csp
X-Shield-Request-Id
X-Upstream
X-Hits
X-Version
X-T
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
X-Fastcgi-Cache
X-Node-Name
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Cache-Hit
Fastcgi-Cache
X-Recruiting
ServerID
X-Correlation-Id
X-Mobile-URL
AMP-Access-Control-Allow-Source-Origin
AR-CACHE
Ar-Sid
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Request-Received
X-Request-Processing-Time
X-Frontend
Server-Node
TP-Cache
X-XRDS-Location
TP-L2-Cache
Powered
PB-RID
X-FTR-Expires
PB-PID
Accept-Ch
X-DIS-Request-ID
Upgrade-Insecure-Requests
X-Mobile-Rewrite
X-Ezoic-Cdn
Arc-Version
X-Shard
Refresh
X-Forwarded-For
X-HS-Combine-CSS
X-TTL
Alternate-Protocol
Host-Header
Server-Name
X-FastCGI-Cache
X-Amzn-Trace-Id
X-Geo-Country
X-Microsite
X-Request-Handler-Origin-Region
X-NWS-LOG-UUID
Accept-Ch-Lifetime
Fastly-Restarts
X-Rid
X-Akamai-Edgescape
X-N
X-Page-Id
X-LB-Cache
X-F-Cache
X-Logged-In
X-FTR-Cache-Host
Backend-Timing
X-User-Agent
X-ATS-Timestamp
X-Kong-Upstream-Latency
X-B
X-Varnish-Age
X-Kong-Proxy-Latency
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
MicrosoftSharePointTeamServices
X-Cache-Key
X-Esi
X-Kinsta-Cache
X-Zen-Fury
Healthy
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-XRDS-LOCATION
X-Varnish-Grace
X-Jobs
X-Revision
X-Origin-Server
X-Cache-Age
X-Request-Guid
X-App-Environment
X-Instance
Fastcgi-Useragent
X-ATG-Version
X-Varnish-Backend
Host
X-B-Cache
X-Hostname
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Signature
X-Tumblr-User
X-Amz-Replication-Status
X-B3-Sampled
X-AOL-HN
Section-Io-Cache
X-Git-Hash
X-Type
X-FB-Debug
X-Seen-By
X-TT
Actual-Object-TTL
X-Cluster
X-Whom
X-Cache-Action
Paypal-Debug-Id
X-Debug-Info
Frame-Options
X-WebKit-CSP-Report-Only
X-Content-Options
X-Amzn-Requestid
Cache-Status
Access-Control-Allow-Method
Trailer
X-Endurance-Cache-Level
X-Cache-Rule
X-Cache-Operation
X-Contextid
X-Content-Powered-By
X-Host-Name
Source
X-Presslabs-Stats
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Tracecode
Accept-Charset
X-Az
X-Activity-Id
X-AppVersion
X-SERVER
Liferay-Portal
X-Amz-Apigw-Id
X-Upgrade-Enabled
X-Daa-Tunnel
X-FireWall-Port
X-IPLB-Instance
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-APP-VERSION
DC
X-PHP-Backend
From-Origin
X-RateLimit-Remaining
X-WA-Info
X-Accel-Buffering
X-Response-Served-From
X-Framework
X-RemovedCookies
X-ProcessESI
Retry-After
Srv
X-UUID
X-FW-Serve
X-Tumblr-Pixel-2
X-Rendered-As
Surrogate-Key
X-FW-Hash
X-FW-Server
X-Tumblr-Pixel-1
VIX-Pulpo-Upstream-Status
X-FW-Type
NGB
X-FW-Static
VIX-Pulpo-Node
X-Is-Bot
X-Adobe-Loc
Payment
X-Adobe-Content
X-Environment-Context
X-L-Path
X-Varnish-Server
Eomportal-Instance
X-Cache-NE
X-Wix-Request-Id
X-Cacheable-TTL
X-GeoIP
X-Region
X-RequestSource
X-Time-Microsecs
X-B3-Traceid
Filters
X-Unique-Id
X-Cached-By
X-UA-Device-Type
X-Handled-By
X-Proxy
X-Mobile
X-NGENIX-Cache
X-Varnish-Hostname
X-Origin-Response-Time
X-Cache-TTL-Remaining
Datacenter
X-Cache-Server
X-EdgeConnect-Cache-Status
Xserver
X-Cache-Control
X-TIME
Filterid
X-Webkit-CSP
X-Cache-Time
X-Akamai-Transformed
X-CST
GEO-INFO
MS-CV
X-Backend-Name
Version
X-Status
X-Srv
Odigeo-Trace-Id
X-Rule
X-Litespeed-Cache
X-Mode
S-Cnection
Server-Info
Cache-Tags
X-Cache-Enabled
Cache-Tv-Group
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-CCM
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
Meta-Geo
X-IP
X-Path-Route
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-SiteName
S-Rt
Azure-Version
DB-Nickname
Ec-Rule-Version
X-Loop
X-RN-RSRV
Cross-Origin-Window-Policy
X-Detected-As
X-TNCMS
X-FC-Vary-Parameters
X-FW-Dynamic
X-Amzn-Remapped-Content-Length
X-Redis-Cache
OT-Force-Account-Verify
Webserver
X-Origin
X-PERF
Decoy-Debug-Key
Cache-Hits
Akamai-GRN
Cleartype
Property-Id
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
Webcakes-Region
X-Adobe-Source
X-Hosted-By
X-Forwarded-Host
X-ApacheServer
TWC-Locale-Group
TWC-GeoIP-LatLong
NGX
X-NCache
Decoy-Debug-TTL
X-Real-IP
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
Decoy-Debug-Status
X-Origin-Hint
X-SayCDN-TTL
X-Cache-2
X-Say-TTL
X-Web-Node
X-Via-Fastly
Country
X-TX-ID
X-Say-Cacheable
X-ShopId
X-ServerID
X-ShardId
X-NYM-Debug-Backend
X-URL
X-Sorting-Hat-PodId
X-Shopify-Stage
Cache-Key
Origin-Cache-Control
ServedBy
Section-Origin-Responded
X-AWS-Id
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Origin-Edge-Control
Content-Disposition
X-VWS-Id
X-Cache-Config
Section-Io-Id
Now
X-EIG-Tracking-Id
X-Cache-NGX
X-Generated
X-LJ-Flow-ID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hl-Ver
X-Pubstack
X-Human
X-Ua-Device
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-Backend-TTL
X-Format
X-Akamai-Request-ID2
Node
X-Section
X-Access
X-MP-GENERATED-AT
X-Www-Served-By
X-Cache-Status-Check
X-BYPASS-REASON
X-BCube-Filmed-By
X-ProxyCache-Status
Selected-Fe
X-JoinUs
X-Device-Type
X-ProxyCache-Key
X-Viewer-Country
X-Content-Age
X-Zipkin-Id
X-SaId
X-Timing-Wait
Access-Control-Request-Headers
X-Routing-Service
X-Vgn-Hpd-Reason
X-Proxied
X-HTML-Minification-Powered-By
X-FB-TRIP-ID
X-Proxy-Build
X-Proxy-Cache-Status
X-Xfnlog-Site
Mn-Server-Ip
X-Tb
X-Debug-Cache
X-Shopify-Generated-Cart-Token
X-Microcachable
X-Site-Version
X-No-Session
X-Cache-Remote
X-Locale
X-Proto
X-Oss-Storage-Class
X-Request-Time
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-EC-Lua
X-Soup
X-Cdn
X-Dc
X-Varnish-Hits
X-Pinterest-Direct
Cf-Ipcountry
Time
X-Akamai-Request-ID
X-Generated-By
Accept-Language
X-From
X-Drupal-Cache-Tags
Nel
X-NewRelic-App-Data
X-Pad
X-CF-Powered-By
X-NC
X-COUNTRY
X-Geo
X-IPS-LoggedIn
X-Azure-Ref
X-Old-Content-Length
X-RateLimit-Limit
FilterID
X-PressLabs-Stats
Uber-Trace-Id
X-Source
X-VCT
X-RTag
Ms-Operation-Id
X-VCache
X-FORWARDED-FOR
X-Uri
X-Edge
X-Cache-Grace
X-CS
X-MCACHE
Cache-Name
X-Amzn-RequestId
User-Agent
X-ECACHE
X-NWS-UUID-VERIFY
X-UA
X-Nginx-Cache
X-PHP-Host
X-Labrador-Cache-Channel
X-PCL
X-CDN-Forward
X-OCL
X-GoCache-CacheStatus
Cache
X-APP
X-Varnish-Cache-Hits
X-Newrelic-Synthetics
X-Edge-Location
Proxy-Connection
X-Drupal-Cache-Contexts
X-Magnolia-Registration
X-Qloud-Router
X-Mid
X-Hyper-Cache
ServerName
Rendered-Blocks
Request-Country
Request-EU
X-A-Dcw
VivaBuild
X-A-Ccd
Viewtype
X-A-Dam
X-A
True-Client-Country-4JS
X-A-Dgt
Fastcgi-X-Cache-Version
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-VG-WebCache
X-VG-WebServer
X-Vtex-Processado-Em
User-Cache-Control
Apple-News-Services-Request-Url
Arc-Country
MD5-Digest
Memcached
Meta-Geo-Continent
Machine
GEO-REGION-INFO
AsisCache
BehaviorPad-Version
Mobile-Detection-Method
X-B-Cookie
X-Region-Sid
X-Request-URI
X-Request-UUID
X-Tumblr-Pixel-3
X-Reboot
X-Processor
X-Info
X-Instart-Info
X-PAYTM-SRV-ID
X-Rewrite-Enabled
X-Rocket-Nginx-Bypass
X-Session-Fingerprint
X-SRCache-Key
X-Transaction
X-ScT
X-Trv-Group
X-Rojux
X-S
X-S-Cookie
X-GeoIP-Country-Code
X-G
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Vdms-Version
X-Cache-Bucket
X-ARC
X-Accel-Expires-Debug
X-Aed
X-Application
X-Connection-Hash
X-D
Xc-Version
X-External-Request-Id
X-FW-Version
X-DPWN-IS-SECURE
X-Developer
X-Date
X-Twitter-Response-Tags
X-Destination
X-A-Wwc
T-Server
X-Vtex-Remote-Cache
X-Trafficlayer-App-Name
Server-Surrogate-Control
X-Hnp-Log
Server-Host
X-TrackingId
Thinkindot-CacheControl
Viewport
X-ServiceProvider
X-Wikidot-Static-Cache
Thinkindot-Control
Thinkindot-CacheControl-Type
Server-Cache-Control
SD-X-WS
On-Server
N-Cache
X-Li-Fabric
X-Is-Gdpr
X-Servername
X-Has-Esi
Rt-Fastcgi-Cache
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
X-Geo-Header
X-Thinkindot-L3
Web-Mar-Node
X-Cache-Info
X-Cache-URL
X-Sn-Servicetimems
X-Cache-ASPX
X-Block-Status
X-Cdn-Origin
X-Clara-WADP
X-Request-Host
X-Core-Value
X-Contensis-Viewer-Groups
X-DevSite-Last-Modified
X-Slack-Backend
X-Bc-Bl
X-Fmm-Version
Vix-Hermes-Req-Id
X-Gamma-Serve
X-Gen-Mode
X-GeoIP-City
X-WADP-Cache
X-Auto-Login
X-BBXSRF
X-Backend-State
X-Backend-Host
X-Fastly-Cache
X-Li-Pop
X-We-Are-Hiring
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Wikidot-Backend
X-LI-Proto
Content-Script-Type
X-Matched-Rule
Content-Style-Type
X-Webstats-RespID
X-Oneagent-Js-Injection
X-VG-TLSProxy
X-VServer
X-UnsetCookies
X-Cluster-Node
Countrycode
X-Server-W
X-Varnish-Authentication
Cache-Cookie-Set-Lfrom
X-JWT-State
X-LI-UUID
Gh-Request-Id
X-S-Maxage
X-Cluster-Name
X-Storage
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-Scheme
X-Skip-Cache
Locid
Kp-EeAlive
X-Req
Adler-Geo
X-Origin-Date
X-App-Name
X-Sigma-Backend
X-Sigma
X-IN-APIGATEWAYSSL
X-Rebelmouse-Surrogate-Control
X-SIPLIST1
X-Fetched-On
Mail-Subject
X-VC-Cache
X-WebServer
IsBot
X-Dispatcher-Server
X-Distil-CS
Is-Eu
X-RateLimit-Remaining-Second
X-Dispatch
X-Device-Os
X-RateLimit-Limit-Second
X-Clientip
X-Distributor
X-Cache-PHP
X-Var-Ttl
X-CUA
X-Epic-Correlation-Id
X-Cache-FS-Status
X-Served-From
X-Platform-Server
Locale
X-Core-Mission
X-Variation
X-Urbn-Context-Path
X-Varnish-Cacheable
X-Sucuri-ID
Server-ID
Country-Code
AKAMAI
X-Micro-Cache
X-Irp-Debug
X-Urbn-Site-Id
RNT-Time
X-SN
Fastly-Drupal-HTML
X-IN-APIGATEWAY
X-Developers
X-Cms-Context
RNT-Machine
X-Generation-Time
Fastly-SIE
Proxy-Firewall
X-LAGOON
We-Hiring
W
Wxu-Next-Commit
Wxu-Next-Hostname
X-Generated-On
X-Level-Front-Cache
Wxu-Next-Region
Platform
CDCHOST
X-Hash
X-Rocket-Build-Number
X-TT-TIMESTAMP
Fastly-SWR
FNAC-ModuleRouting
X-Nginx-Cache-Key
V-Age
X-App-Server
X-TA-CDN-Provider
X-Logging-Id
X-Hit
X-Ms-Version
X-NodeID
X-Generated-In
X-Owner
X-Eu-Site
X-SS-Set-Cookie
X-Ms-Request-Id
X-Proxy-Upstream
X-Agile
HA-Ipaddr
X-Vdms-Path
X-Thanos
Ha-Gx-Prefs
X-Agile-Age
CF-Cached-On
Group
Cache-Host
X-Trace-Id
X-Response-By
X-B3-Spanid
L5d-Success-Class
Request-Time
A
X-C
NM-Fastcgi-Cache
X-Agile-Id
X-CGP
X-Cache-Tags
X-Swa-Ws
Heartbleed
X-Bip
X-Varnish-Beresp-Status
X-Debug-Log
X-Varnish-Beresp-Grace
X-NX-Host
X-CSRF-Token
X-Cache-Expired-At
X-Refresh
X-Debug-Cookies
X-Debug-Cache-Fetch
X-OVcl
X-Instart-Isnd
X-OVcl-Cache
X-Debug-Cache-Store
Sever-Int
Server-Hostname
X-RESPONSE-TIME
X-Debug-Cache-Expiry
Server-Ext
X-Time
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-Ttl
M-TraceId
Pagetype
X-Node-Id
PFcat
HostName
Mime-Version
X-Protected-By
Geo-Info
X-CACHE-KEY
X-Varnish-URL
X-Method
X-SRV
X-FPC
Magicmarker
Origin
X-MSEdge-Flight
X-Via-PopV
X-Wa
X-Parent-Response-Time
X-Via-PopH
X-Worker
X-MSEdge-Features
PICS-Label
X-Envoy-Upstream-Healthchecked-Cluster
X-Request-Start
Powered-By-ChinaCache
X-Branch-Name
X-Varnish-Ttl
X-Nc
X-GEO
XServer
X-Ruxit-Js-Agent
X-Policy
Geoip-City
Geoip-Latitude
Memory
Pramga
X-Lb-Id
X-Be
GeoIp-Country-Code
X-Service
Cloudfront-Viewer-Country
X-Planisys-CDN-Cache
X-ND-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Ratelimit-Remaining
X-DC
X-Load-Cache
X-SERVER-NAME
Esi-Enabled
X-C-Key
HitType
X-C-Zone
X-Pjax-Url
Who
Environment
X-HS-Status
Cteonnt-Length
X-Ua
X-Bc
X-VCL-Version
X-Reqid
X-ECache
X-Zone
X-Wix-Viewer-Type
X-Servedbyhost
Dt-Cache-Category
X-CSRF-TOKEN
X-Newrelic-App-Data
X-Azure-Ref-OriginShield
Ttl
X-Myra-Origin2
X-BACKEND-TTL
X-Via-Ucdn
X-Country-IP
NtCoent-Length
X-Referer
Fastly-Backend-Name
X-Up
X-Cache-Metadata
Product
X-Cache-Host
X-Origin-CC
UCS
TTL
X-Origin-TTL
X-Cdn-Forward
X-Swift-Error
SRV
X-Server-Time
X-BC
Pragrma
X-Vcl-Version
X-ZONE
X-TT-LOGID
Hostname
X-Ratelimit-Limit
Cdn-Host
Cdn
X-Server-IP
X-Pf-Uncompressing
X-App-Version
X-Edge-Server
Cdn-Request-Time
Resin-Trace
X-ServedByHost
X-Fastly-Country-Code
X-NGINX-Cache
Release
Cdnsip
Cdncip
X-Correlation-ID
FSS-Cache
X-AK-Request-ID
Load-Balancing
CACHE
Lb
GeoIP-Country-Code
X-PJAX-URL
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Sid
C-Via
X-NU-AKA-ACS-Version
X-AIR-PT
GeoIP-City
LB
X-Configured-By
X-Node-ID
X-SVT-ORM-RULES
X-Datadome
GeoIP-Latitude
X-SVT-ORM-VERSION
X-Oracle-Dms-Rid
Dnion-Transfer-Encoding
X-Air-Hostname
X-WPE-Loopback-Upstream-Addr
X-BE
My-App
Warning
X-Location
MIME-Version
Ohc-File-Size
X-UPSTREAM-Address
X-Cache-Backend
X-Gzip
X-Tb-Optimization-Total-Bytes-Saved
X-WA
X-Esi-Check
X-Cache-Id
X-Sucuri-Cache
Ohc-Cache-HIT
X-TH-Server
X-Mvc-Supplant-Cachable
X-RAMCache
X-Svr
X-LiteSpeed-Cache-Control
X-Cache-Debug
X-Powered-Y
RequestId
Lfy
X-Fpc
X-Fastly-Request-Id
X-Varnish-Url
Pics-Label
IBM-Web2-Location
X-Mvc-Supplant-OutputCached
X-B3-SpanId
X-Fastly-Backend-Reqs
X-VarnishDD-TTL
X-Varnish-Beresp-TTL
X-SD-PageType
X-B3-Parentspanid
X-MID
X-Dynatrace-Js-Agent
X-Apw-Access-Action
CDN
X-User
X-Apw-Hits
Fastly-SSL
X-Apw-Access-Object
X-Apw-Access-Token
X-Edge-O15-RID
Host-ID
X-ElasticPress-Query
X-Ocache
Xet-Cookie
X-Amzn-Remapped-Connection
Server-Int
Processtime
X-Amzn-Remapped-Date
X-ElasticPress-Search
X-Page-Impression-Id
X-Flow-Id
Requestid
X-Zalando-Child-Request-Id
X-Agile-Brick-Ok
CF-IPCountry
X-Sucuri-Id
X-Envoy-Decorator-Operation
X-Unique-ID
Powered-By
X-Check-Cacheable
X-Debug-Revision
X-Via-NSCOPI
X-Debug-Controller
Cneonction
X-Aicache-OS
X-Akamai-ERPolicy
X-Akamai-ERRuleID
ProcessTime
DataCenter
CloudFront-Viewer-Country
X-Nananana
X-PF-Uncompressing
URI
X-Request-URL
X-LB-ID
X-Dw-Trace-Id
X-Request-Url
X-Fastly-Cache-Hits
X-MiniProfiler-Ids
X-Cache-Tag