Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
CF-Ray
Referrer-Policy
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
X-Request-Id
Alt-Svc
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
X-Ua-Compatible
Upgrade
Status
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-AH-Environment
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Server
X-Proxy-Cache
Xkey
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
X-Swift-CacheTime
X-Swift-SaveTime
Feature-Policy
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
X-Varnish-Cache
X-UA-Device
Grace
X-Request-ID
Cf-Railgun
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
X-Cache-Lookup
X-Dispatcher
X-Ac
NEL
X-Readtime
Surrogate-Control
X-WebKit-CSP
X-Origin-Upstream-Status
Content-Location
X-Ruxit-JS-Agent
Request-Id
X-Application-Context
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cloud-Trace-Context
X-Country
X-Mod-Pagespeed
X-Akam-SW-Version
X-DataDome
X-Rack-Cache
Rating
Edge-Control
X-Url
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Instart-Request-ID
X-Vname
X-PC
X-Goog-Hash
X-TtlSet
X-DynaTrace
Allow
X-Country-Code
Content-MD5
Verso
Service-Worker-Allowed
X-GitHub-Request-Id
X-Varnish-TTL
X-Server-Name
Pinterest-Generated-By
X-D2id
X-ESI
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Use-Magma
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Vcache
X-MS-InvokeApp
X-Powered-By-Plesk
SPRequestGuid
X-Navigation-Version
X-Cached
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Debug
X-Forwarded-Proto
X-Webkit-Csp
X-TEC-API-ORIGIN
X-B3-TraceId
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Amz-Rid
X-MSEdge-Ref
X-Trace
X-Fastly-Request-ID
Nginx-Cache
Public-Key-Pins
X-SharePointHealthScore
X-Vcap-Request-Id
Accept-Ch
X-Server-ID
X-VARITI-CCR
MS-Author-Via
TCN
X-Fastcgi-Cache
Charset
Arr-Disable-Session-Affinity
X-Px
Edge-Cache-Tag
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
Pagespeed
X-Middleton-Display
Response
Display
X-Middleton-Response
Realpath
X-Sol
Accept-Ch-Lifetime
SPRequestDuration
SPIisLatency
X-Ser
X-Content-Type
X-Version
X-Client-IP
AR-Request-ID
AR-ATIME
Accept-CH
Cache-Tag
AR-PoweredBy
X-Ttl
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-DynaTrace-JS-Agent
Front-End-Https
Fusion-Deployment-Id
X-Powered-CMS
X-Pinterest-Rid
Pinterest-Version
Ar-Sid
AR-CACHE
X-Dns-Prefetch-Control
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Id
Access-Control-Request-Method
X-Hp-Webp
X-Jurisdiction
X-Upstream
X-Grace
NR-ENABLED
X-Content-Digest
X-Forwarded-For
X-Element-Page-Cache
X-T
X-Hits
Accept-CH-Lifetime
DynaTrace
X-Amz-Meta-S3cmd-Attrs
X-TTL
S
X-Dw-Request-Base-Id
X-Aspnet-Version
Fastcgi-Cache
ServerID
X-Amzn-Trace-Id
X-Node-Name
X-Mobile-URL
PB-PID
PB-RID
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-DC
X-Country-Code-Real
X-Recruiting
X-Ezoic-Cdn
X-Shard
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Storage-Class
Arc-Version
X-HS-Cache-Config
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
Server-Node
X-Mobile-Rewrite
X-HS-Hub-Id
X-HS-Content-Id
X-FTR-Expires
X-Frontend
Powered
TP-Cache
TP-L2-Cache
X-Cache-Hit
X-DIS-Request-ID
Fastly-Restarts
Upgrade-Insecure-Requests
X-NWS-LOG-UUID
X-HS-Combine-CSS
X-Logged-In
X-Shield-Request-Id
Alternate-Protocol
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-Request-Received
X-Request-Processing-Time
Refresh
X-XRDS-LOCATION
X-Correlation-Id
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
MicrosoftSharePointTeamServices
X-ATS-Timestamp
X-FTR-Cache-Host
Server-Name
WPE-Backend
X-Content-Security-Policy-Report-Only
X-Rid
X-LB-Cache
X-F-Cache
X-Akamai-Edgescape
X-Page-Id
X-B
X-User-Agent
X-Geo-Country
X-Via-JSL
Cache-Status
X-N
X-Zen-Fury
X-XRDS-Location
X-Content-Options
Host
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ORACLE-APMCS-TAG
X-Origin-Server
X-ORACLE-APMCS-REQUEST-ID
X-Varnish-Grace
X-Amz-Apigw-Id
Host-Header
X-Revision
X-Kinsta-Cache
X-B3-Sampled
X-Type
X-TT
X-Amz-Replication-Status
X-ATG-Version
X-AOL-HN
X-Cache-Action
X-FB-Debug
X-Content-Powered-By
X-Instance
Actual-Object-TTL
Paypal-Debug-Id
Access-Control-Allow-Method
X-App-Environment
X-Debug-Info
X-Signature
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Git-Hash
X-WebKit-CSP-Report-Only
X-B-Cache
X-Jobs
X-Request-Guid
X-Varnish-Backend
Liferay-Portal
Fastcgi-Useragent
X-Whom
X-Tt-Trace-Tag
Frame-Options
X-Tt-Trace-Host
X-Cached-By
Healthy
Section-Io-Cache
X-Srv
X-PHP-Backend
X-Cluster
X-Hostname
X-CST
X-Seen-By
X-Daa-Tunnel
X-Cache-Key
X-Framework
X-Az
X-Activity-Id
X-Cache-Rule
X-AppVersion
X-Cache-Operation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-FireWall-Port
X-WA-Info
X-Mobile
Retry-After
X-Endurance-Cache-Level
Tracecode
X-Contextid
X-Cache-Age
Xserver
X-IPLB-Instance
X-Host-Name
Source
X-Response-Served-From
X-Accel-Buffering
X-Upgrade-Enabled
NGB
Accept-Charset
X-RemovedCookies
X-Presslabs-Stats
X-ProcessESI
Surrogate-Key
X-Cache-NE
DC
Payment
X-Origin-Response-Time
Srv
X-Edge-O15-RID
X-Region
Eomportal-Instance
X-Cacheable-TTL
Filters
X-FW-Type
X-GeoIP
X-Adobe-Loc
X-Is-Bot
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-Varnish-Server
X-FW-Hash
X-FW-Server
X-Tumblr-Pixel-1
X-FW-Serve
X-FW-Static
X-Rendered-As
X-Handled-By
X-Adobe-Content
X-L-Path
X-Environment-Context
Trailer
X-UUID
X-RequestSource
Server-Info
X-EdgeConnect-Cache-Status
X-Amzn-Requestid
X-Cache-2
X-UA-Device-Type
X-RateLimit-Remaining
X-Backend-Name
Cache-Tv-Group
From-Origin
Nel
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
X-FastCGI-Cache
X-Wix-Request-Id
X-Cache-Server
X-Oss-Request-Id
MS-CV
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Akamai-Transformed
X-APP-VERSION
X-Cache-Enabled
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-NGENIX-Cache
Version
X-Amzn-RequestId
X-Status
Datacenter
X-IPS-LoggedIn
X-B3-Traceid
Filterid
X-Dc
X-Yottaa-Optimizations
X-SS-Set-Cookie
X-Unique-Id
X-Yottaa-Metrics
S-Cnection
X-Mode
X-NewRelic-App-Data
X-RN-RSRV
X-Pad
X-ES-SERVER
X-Path-Route
X-CCM
X-Cache-Var
Meta-Geo
X-Cache-Var-Map
X-Access
X-Forwarded-Host
X-Section
X-TX-ID
X-Format
X-Tb
X-Origin
X-PERF
Decoy-Debug-Key
Cache-Tags
X-Hl-Ver
X-Via-Fastly
X-Cache-Status-Check
X-NYM-Debug-Backend
GEO-INFO
ServedBy
X-ApacheServer
Decoy-Debug-Status
Akamai-GRN
X-Akamai-Request-ID
Country
X-Ua-Device
Cleartype
X-R9-Blue-Green-Version
Decoy-Debug-TTL
X-Redis-Cache
Cache-Key
DB-Nickname
NGX
Now
Origin-Cache-Control
Content-Disposition
Origin-Edge-Control
X-Pubstack
X-Debug-Cache
X-ServerID
X-ShardId
X-Say-TTL
X-Sorting-Hat-ShopId
X-Cache-Config
X-SayCDN-TTL
X-ShopId
X-Shopify-Generated-Cart-Token
X-FC-Vary-Parameters
X-Request-Time
X-EIG-Tracking-Id
X-Say-Cacheable
X-Device-Type
X-Shopify-Stage
X-BYPASS-REASON
X-Generated-By
X-ProxyCache-Status
X-Sorting-Hat-PodId
X-Hosted-By
X-ProxyCache-Key
X-Proto
X-Proxy-Cache-Status
X-Web-Node
X-Akamai-Request-ID2
X-Varnish-Hits
X-Soup
X-Amzn-Remapped-Content-Length
X-Human
X-Vgn-Hpd-Reason
X-Alternate-Cache-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
OT-Force-Account-Verify
X-Cache-Remote
X-FW-Dynamic
X-Detected-As
X-AWS-Id
Ec-Rule-Version
X-LJ-Flow-ID
X-SaId
X-VWS-Id
Selected-Fe
Mn-Server-Ip
X-TNCMS
X-Timing-Wait
X-Site-Version
X-Viewer-Country
X-Aspnetmvc-Version
S-Rt
X-Www-Served-By
Cross-Origin-Window-Policy
X-PressLabs-Stats
X-IP
X-JoinUs
X-Locale
X-BCube-Filmed-By
X-Generated
X-Cache-Time
X-FB-TRIP-ID
Azure-InstanceId
Azure-RegionName
X-MP-GENERATED-AT
X-NCache
X-Proxy-Build
X-Loop
Azure-Version
Azure-SiteName
Azure-SlotName
X-Esi
X-Content-Age
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
X-Origin-Hint
Webcakes-Region
TWC-GeoIP-LatLong
X-Cache-Control
Property-Id
TWC-Connection-Speed
TWC-Device-Class
Node
TWC-GeoIP-Country
Webserver
X-Xfnlog-Site
X-Proxied
X-Routing-Service
X-App-Server
Access-Control-Request-Headers
X-TIME
X-HTML-Minification-Powered-By
X-Zipkin-Id
X-RCS-CacheZone
FilterID
X-Real-IP
X-Drupal-Cache-Tags
Cache-Hits
X-Geo
X-Uri
X-EC-Lua
X-Time
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
Accept-Language
X-CACHE-KEY
X-No-Session
X-Microcachable
X-OCL
X-PCL
X-Varnish-Cache-Hits
X-Varnish-Ttl
X-Source
X-Adobe-Source
X-Qloud-Router
X-Rule
Odigeo-Trace-Id
Cf-Ipcountry
X-UA
X-RTag
Ms-Operation-Id
X-NWS-UUID-VERIFY
X-Hyper-Cache
X-Load-Cache
X-From
Time
User-Agent
X-Azure-Ref
X-Storage
X-PHP-Host
X-Labrador-Cache-Channel
X-Info
Proxy-Connection
X-Backend-TTL
X-RateLimit-Limit
X-Cluster-Node
Powered-By-ChinaCache
X-Nginx-Cache
X-Cache-NGX
X-TA-CDN-Provider
X-Nc
X-Newrelic-Synthetics
X-UnsetCookies
X-Magnolia-Registration
X-ND-Cache
X-B-Cookie
X-CF-Lambda-Fn
X-Twitter-Response-Tags
X-Cdn-Srv
X-CF-Lambda-Version
X-OVcl-Cache
X-Accel-Expires-Debug
X-Aed
X-Connection-Hash
X-Application
X-A-Wwc
X-ARC
X-Varnish-Beresp-Status
X-Processor
X-PAYTM-SRV-ID
X-A-Dgt
X-Varnish-Beresp-Grace
X-A-Dcw
Request-Country
Request-EU
X-Developer
Rendered-Blocks
Mobile-Detection-Method
MD5-Digest
X-DPWN-IS-SECURE
Meta-Geo-Continent
X-Destination
X-A-Dam
X-A
X-D
Viewtype
X-A-Ccd
X-Date
T-Server
True-Client-Country-4JS
Machine
X-External-Request-Id
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
VivaBuild
Apple-News-Services-Handled
X-Old-Content-Length
X-Drupal-Cache-Contexts
A
Arc-Country
AsisCache
X-GeoIP-Country-Code
GEO-REGION-INFO
X-G
Fastcgi-X-Cache-Version
Content-Style-Type
BehaviorPad-Version
Content-Script-Type
X-Edge-Location
X-OVcl
X-Vtex-Remote-Cache
X-Rewrite-Enabled
X-Request-UUID
X-VG-TLSProxy
X-VG-WebServer
X-S
X-Session-Fingerprint
X-GoCache-CacheStatus
X-Vdms-Version
X-Rojux
X-Request-URI
X-Transaction
X-S-Cookie
X-ScT
Rt-Fastcgi-Cache
Xc-Version
X-Region-Sid
X-Trv-Group
X-Vtex-Processado-Em
X-VG-WebCache
X-SRCache-Key
Mime-Version
X-SERVER
Geo-Info
X-Cluster-Name
Ha-Gx-Prefs
HA-Ipaddr
X-Generated-On
X-Geo-Header
PFcat
X-GeoIP-City
X-ServiceProvider
X-Distil-CS
Locid
X-Developers
X-Eu-Site
X-Sigma
L5d-Success-Class
X-Sigma-Backend
Thinkindot-CacheControl-Type
X-Backend-State
X-Trafficlayer-App-Version
X-Agile-Id
X-Agile-Age
X-CGP
X-TT-TIMESTAMP
X-Cache-Expired-At
X-C
X-Cache-Grace
X-Cdn-Origin
X-Agile
X-Trafficlayer-App-Scope
Thinkindot-Control
X-Served-From
Thinkindot-CacheControl
Server-Host
X-Thinkindot-L3
Viewport
X-Trafficlayer-App-Name
X-Core-Value
W
X-Sn-Servicetimems
X-Service
X-Rocket-Build-Number
X-Rocket-Nginx-Bypass
CDCHOST
X-Wikidot-Static-Cache
X-Level-Front-Cache
X-Wikidot-Backend
X-Matched-Rule
HitType
Cache-Name
Uber-Trace-Id
ServerName
X-CF-Powered-By
X-Reboot
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Origin-Date
X-TrackingId
X-RateLimit-Limit-Second
X-We-Are-Hiring
X-Var-Ttl
X-Origin-Expires
X-Variation
X-Cache-FS-Status
X-Varnish-Authentication
X-NodeID
X-WADP-Cache
X-Trace-Id
X-Rebelmouse-Cache-Control
X-VC-Cache
X-CS
X-CUA
X-NX-Host
X-WebServer
X-Owner
X-Clientip
X-Tumblr-Pixel-3
X-Urbn-Context-Path
X-Platform-Server
X-Clara-WADP
X-App-Name
X-Proxy-Upstream
X-Cms-Context
X-Cache-Tags
X-Request-Host
X-Webstats-RespID
X-Varnish-Cacheable
X-Rebelmouse-Surrogate-Control
X-Ms-Version
X-Urbn-Site-Id
X-Cache-Info
X-Contensis-Viewer-Groups
X-Debug-Cache-Fetch
X-Fetched-On
X-FW-Version
X-RateLimit-Remaining-Second
X-Is-Gdpr
X-Fastly-Cache
X-JWT-State
X-Epic-Correlation-Id
X-VServer
X-LAGOON
X-Irp-Debug
X-Gamma-Serve
X-Hnp-Log
X-Has-Esi
X-Hit
X-Servername
X-Generation-Time
X-Gen-Mode
X-Generated-In
X-Instart-Isnd
X-Skip-Cache
X-Distributor
X-Debug-Cache-Store
X-Debug-Cookies
X-Logging-Id
X-Hash
X-Swa-Ws
X-Thanos
X-Ms-Request-Id
X-Micro-Cache
X-Debug-Log
X-LI-UUID
X-Dispatch
X-Dispatcher-Server
X-Li-Fabric
X-DevSite-Last-Modified
X-Device-Os
X-LI-Proto
X-Li-Pop
X-Slack-Backend
X-Debug-Cache-Expiry
X-Cache-Bucket
Server-ID
Server-Cache-Control
Gh-Request-Id
Server-Surrogate-Control
Fastly-SWR
User-Cache-Control
Fastly-Drupal-HTML
Fastly-SIE
Group
Heartbleed
Memcached
Kp-EeAlive
Locale
N-Cache
On-Server
Pramga
Platform
Is-Eu
Mail-Subject
V-Age
Adler-Geo
We-Hiring
X-Varnish-Beresp-Ttl
X-Bip
X-Cache-ASPX
X-Block-Status
X-BBXSRF
AKAMAI
Countrycode
Cache-Host
Country-Code
Environment
Web-Mar-Node
X-Auto-Login
Hostname
X-NC
IsBot
Cloudfront-Viewer-Country
RNT-Machine
RNT-Time
X-Lb-Id
X-Cache-URL
X-Core-Mission
X-Nginx-Cache-Key
X-SIPLIST1
X-Bc-Bl
X-Server-W
X-VHOST
X-S-Maxage
X-Sucuri-ID
X-Node-Id
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Response-By
X-Backend-Host
FNAC-ModuleRouting
X-RESPONSE-TIME
X-Req
Cache-Cookie-Set-Lfrom
X-Ratelimit-Remaining
X-CLOUD-TRACE-CONTEXT
X-Origin-TTL
X-Origin-CC
X-Refresh
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-BACKEND-TTL
X-Parent-Response-Time
X-Fmm-Version
X-Up
X-App-Version
X-VCT
X-Cdn-Forward
X-CSRF-Token
X-Scheme
X-Server-Time
X-VCache
Fastly-Backend-Name
X-Pjax-Url
X-CDN-Forward
Cache
X-B3-Spanid
Cdn-Host
Cdn-Request-Time
X-Varnish-URL
X-TT-LOGID
Pragrma
X-Edge-Server
X-MSEdge-Features
X-MSEdge-Flight
X-Instart-Info
X-SN
X-APP
X-FPC
X-Correlation-ID
Origin
SD-X-WS
PICS-Label
Cdnsip
X-AK-Request-ID
Cdncip
X-Cache-Host
Geoip-City
Proxy-Firewall
Geoip-Latitude
Ohc-File-Size
X-CSRF-TOKEN
X-MCACHE
X-Edge
M-TraceId
Vix-Hermes-Req-Id
X-Cache-PHP
GeoIp-Country-Code
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Wa
Request-Time
CACHE
X-Air-Hostname
X-Vcl-Version
X-NU-AKA-ACS-Version
X-ECACHE
TTL
X-Webkit-CSP
NtCoent-Length
X-Vdms-Path
X-HS-Status
NM-Fastcgi-Cache
Cdn
X-Wix-Viewer-Type
X-Ua
X-URL
RequestId
Resin-Trace
X-Pf-Uncompressing
X-Cache-Debug
X-Myra-Origin2
CF-Cached-On
X-Ratelimit-Limit
X-Mid
X-Be
Ohc-Cache-HIT
Memory
Server-Hostname
Pagetype
X-ServedByHost
Server-Ext
X-TH-Server
Sever-Int
X-Cache-Metadata
Tcn
X-Bc
X-Method
IBM-Web2-Location
X-Zone
Magicmarker
X-ECache
SRV
HostName
X-Dynatrace-Js-Agent
X-Servedbyhost
X-ZONE
Cteonnt-Length
X-BC
Release
X-FORWARDED-FOR
X-Oneagent-Js-Injection
X-Worker
X-GEO
X-Ocache
Dnion-Transfer-Encoding
Server-Int
Load-Balancing
X-Via-PopV
X-Via-PopH
X-Swift-Error
X-Newrelic-App-Data
XServer
X-DC
X-Unique-ID
X-NGINX-Cache
X-Azure-Ref-OriginShield
Powered-By
X-Request-Start
X-Tb-Optimization-Total-Bytes-Saved
X-Envoy-Upstream-Healthchecked-Cluster
X-Referer
X-Protected-By
Lb
Dt-Cache-Category
X-Branch-Name
Pics-Label
X-Policy
X-B3-SpanId
X-Tec-Api-Root
X-Tec-Api-Origin
X-SRV
X-Configured-By
Ttl
Fastly-Soc-X-Request-Id
X-Esi-Check
X-VCL-Version
X-AIR-PT
X-Cache-Id
X-Tec-Api-Version
X-Ruxit-Js-Agent
X-Fastly-Country-Code
Esi-Enabled
X-Gzip
X-Node-ID
X-Planisys-CDN-TTL
GeoIP-Country-Code
X-Planisys-CDN-Rules
X-Datadome
X-WA
X-Action
X-COUNTRY
X-Planisys-CDN-Cache
Fastly-SSL
X-Reqid
GeoIP-City
GeoIP-Latitude
X-RSL
X-DSS
X-DW
X-DI
X-DB
X-ABtesting
X-Flog
X-Hello
X-RPM
X-RPS
MIME-Version
X-C-Zone
X-C-Key
Who
X-Via-Ucdn
X-VarnishDD-TTL
Host-ID
X-Fpc
X-HostName
X-Cache-Backend
X-Svr
X-Render-Time
X-Via-CDN
X-SERVER-NAME
X-Powered-Y
ProcessTime
X-PF-Uncompressing
LB
Amp-Access-Control-Allow-Source-Origin
UCS
X-Fastly-Request-Id
X-Varnish-Url
X-PJAX-URL
X-Country-IP
Lfy
X-UPSTREAM-Address
X-Fastly-Backend-Reqs
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-User
X-Beluga-Cache-Status
X-MID
FSS-Proxy
X-Key
X-Beluga-Trace
X-Beluga-Node
X-Beluga-Response-Time
X-Beluga-Record
Product
X-Beluga-Status
X-Varnish-Beresp-TTL
Sid
X-SD-PageType
FSS-Cache
X-RAMCache
X-Internal-Host
X-Flow-Id
X-LiteSpeed-Cache-Control
X-Agile-Brick-Ok
X-Page-Impression-Id
X-BE
Xet-Cookie
Requestid
X-Zalando-Child-Request-Id
X-Sucuri-Cache
X-WPE-Loopback-Upstream-Addr
SN
X-B3-Parentspanid
CF-IPCountry
X-Aicache-OS
X-Pinterest-Direct
X-Server-IP
WebServer
X-Tid
X-Request-Url
WZWS-RAY
CDN
L
X-Compress-Hint
X-Apw-Access-Object
X-Apw-Access-Action
X-Debug-Revision
X-Location
X-Check-Cacheable
X-Apw-Access-Token
X-Debug-Controller
X-Apw-Hits
X-Sucuri-Id
X-Litespeed-Cache-Control
Servername
X-App
Cneonction
X-Request-URL
X-MiniProfiler-Ids
X-Dw-Trace-Id
DataCenter
X-LB-ID
X-ElasticPress-Search
CloudFront-Viewer-Country
X-Fastly-Cache-Hits
X-Nananana