Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
CF-RAY
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
P3p
X-DNS-Prefetch-Control
X-Ua-Compatible
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-Content-Security-Policy
X-AspNetMvc-Version
X-CDN
X-Request-ID
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-Envoy-Upstream-Service-Time
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Cache-Group
X-Ws-Request-Id
X-Pass-Why
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
EagleId
X-Page-Speed
Feature-Policy
X-Hacker
X-Server-Powered-By
Request-Context
X-Pingback
Server-Timing
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Grace
Ali-Swift-Global-Savetime
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Report-To
Cf-Railgun
X-OneAgent-JS-Injection
X-Rq
X-LiteSpeed-Cache
X-Device
X-Origin-Cache
X-Styx-Req-Id
CONTENT-SECURITY-POLICY
X-Pantheon-Styx-Hostname
X-Server-Id
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
X-Dns-Prefetch-Control
NEL
X-Node
X-Response-Time
X-Dispatcher
X-WebKit-CSP
X-Ac
X-Cache-Lookup
X-Origin-Upstream-Status
Request-Id
Surrogate-Control
X-Readtime
X-Application-Context
X-DataDome
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Content-Location
X-Ruxit-JS-Agent
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Rack-Cache
X-Cloud-Trace-Context
X-Clacks-Overhead
X-Url
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Fusion-Deployment-Id
X-FTR-Request-ID
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-Country-Code
X-DynaTrace
X-ASPNET-VERSION
Allow
X-Varnish-TTL
X-GitHub-Request-Id
Service-Worker-Allowed
Verso
X-MS-InvokeApp
X-Instart-Request-ID
Accept-CH
X-D2id
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Server-Name
Content-MD5
SPRequestGuid
X-Powered-By-Plesk
X-Cached
Pinterest-Generated-By
X-Forwarded-Proto
X-Trace
X-Navigation-Version
Accept-CH-Lifetime
X-Amz-Server-Side-Encryption
TCN
X-SharePointHealthScore
X-Amz-Rid
X-Abt-Application-Version
Public-Key-Pins
X-Fastly-Request-ID
X-Vcap-Request-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Nginx-Cache
X-MSEdge-Ref
X-Debug
X-Vcache
SPRequestDuration
SPIisLatency
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-DynaTrace-JS-Agent
Charset
X-ESI
X-Cache-TTL
MS-Author-Via
X-Accel-Expires
NR-ENABLED
X-NF-Request-ID
Pagespeed
Response
Display
X-Middleton-Response
X-Middleton-Display
X-B3-TraceId
X-Server-ID
X-Px
X-Sol
X-Content-Type
X-Ttl
Realpath
X-Client-IP
Cache-Tag
S
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-SRCache-Store-Status
X-Ser
WPE-Backend
X-Id
Edge-Cache-Tag
X-Pinterest-Rid
Pinterest-Version
X-Powered-CMS
X-Grace
X-Shield-Request-Id
X-Hp-Webp
X-Jurisdiction
Front-End-Https
X-Webkit-Csp
X-Upstream
X-T
X-Amz-Meta-S3cmd-Attrs
X-Hits
X-Element-Page-Cache
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Version
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
X-Node-Name
X-TTL
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Cache-Hit
X-Mrf-Item-Lastmod
Fastcgi-Cache
X-Recruiting
X-Correlation-Id
X-Mobile-URL
AMP-Access-Control-Allow-Source-Origin
ServerID
X-Fastcgi-Cache
X-FTR-DC
Ar-Sid
AR-CACHE
X-FTR-Cache-Status
X-FTR-Realm
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
Server-Node
X-Request-Received
X-Frontend
X-HS-Hub-Id
X-Request-Processing-Time
X-HS-Content-Id
X-HS-Cache-Config
X-FTR-Expires
X-XRDS-Location
PB-RID
TP-Cache
Powered
PB-PID
TP-L2-Cache
Upgrade-Insecure-Requests
Accept-Ch
X-DIS-Request-ID
X-Ezoic-Cdn
X-FastCGI-Cache
X-Shard
X-Mobile-Rewrite
Arc-Version
X-Forwarded-For
Refresh
Host-Header
X-HS-Combine-CSS
Alternate-Protocol
Server-Name
X-Geo-Country
Fastly-Restarts
X-N
X-Request-Handler-Origin-Region
X-Amzn-Trace-Id
X-Microsite
X-NWS-LOG-UUID
X-LB-Cache
Accept-Ch-Lifetime
X-Page-Id
Backend-Timing
X-Rid
X-User-Agent
X-ATS-Timestamp
X-FTR-Cache-Host
X-Kong-Upstream-Latency
X-B
X-Logged-In
X-Kong-Proxy-Latency
X-Akamai-Edgescape
X-F-Cache
X-Cache-Key
X-Content-Security-Policy-Report-Only
X-Varnish-Age
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-Esi
X-Kinsta-Cache
X-Zen-Fury
Healthy
X-XRDS-LOCATION
X-Revision
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Varnish-Grace
X-Request-Guid
X-Cache-Age
Fastcgi-Useragent
X-Jobs
X-Origin-Server
X-Amzn-Requestid
X-Hostname
X-Varnish-Backend
X-App-Environment
X-TT
Section-Io-Cache
X-B3-Sampled
X-Git-Hash
X-Seen-By
X-Instance
X-Amz-Replication-Status
X-B-Cache
X-Signature
X-Type
Paypal-Debug-Id
X-ATG-Version
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
Actual-Object-TTL
X-Cache-Action
X-Debug-Info
Host
X-AOL-HN
X-FB-Debug
X-WebKit-CSP-Report-Only
X-Whom
X-Cluster
Frame-Options
Cache-Status
X-Presslabs-Stats
Access-Control-Allow-Method
X-Content-Options
X-Endurance-Cache-Level
X-Cache-Rule
X-Contextid
X-Cache-Operation
Source
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Content-Powered-By
X-Host-Name
Trailer
Tracecode
Accept-Charset
X-SERVER
X-Activity-Id
X-Az
X-AppVersion
DC
X-IPLB-Instance
X-Upgrade-Enabled
Liferay-Portal
X-Tt-Trace-Tag
X-FireWall-Port
X-Tt-Trace-Host
X-Daa-Tunnel
X-APP-VERSION
From-Origin
X-Amz-Apigw-Id
X-PHP-Backend
X-RateLimit-Remaining
X-Accel-Buffering
X-Response-Served-From
X-Framework
NGB
X-WA-Info
X-RemovedCookies
Srv
X-ProcessESI
Retry-After
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-UUID
X-FW-Type
X-FW-Serve
X-FW-Server
X-Is-Bot
X-FW-Static
X-Rendered-As
Payment
X-FW-Hash
X-Tumblr-Pixel-2
X-RequestSource
X-Tumblr-Pixel-1
Surrogate-Key
X-Wix-Request-Id
X-Cacheable-TTL
X-Adobe-Content
X-Adobe-Loc
X-Region
Eomportal-Instance
X-L-Path
X-GeoIP
X-Time-Microsecs
X-Environment-Context
Filters
X-Cache-NE
X-Varnish-Server
X-Mobile
X-B3-Traceid
X-UA-Device-Type
X-Handled-By
X-Proxy
X-Unique-Id
X-NGENIX-Cache
X-TIME
X-Cached-By
X-Origin-Response-Time
Filterid
X-CST
X-Cache-Control
X-Varnish-Hostname
Datacenter
X-Cache-TTL-Remaining
X-Cache-Server
X-URL
X-EdgeConnect-Cache-Status
X-Webkit-CSP
GEO-INFO
X-Cache-Time
X-Akamai-Transformed
Xserver
MS-CV
X-Backend-Name
X-Srv
Odigeo-Trace-Id
X-Mode
Version
X-Litespeed-Cache
X-Rule
X-Status
Cache-Tags
X-Yottaa-Optimizations
S-Cnection
X-Yottaa-Metrics
X-Path-Route
X-Cache-Var-Map
X-CCM
X-FW-Dynamic
X-Cache-Var
X-ES-SERVER
Meta-Geo
Server-Info
X-Cache-Enabled
X-Pinterest-Direct
X-FC-Vary-Parameters
X-Redis-Cache
X-IP
Ec-Rule-Version
Cache-Tv-Group
X-RN-RSRV
X-Say-Cacheable
X-Say-TTL
X-R9-Blue-Green-Version
X-Real-IP
X-Human
X-Loop
Webserver
X-Adobe-Source
S-Rt
ServedBy
Country
Cache-Hits
X-SayCDN-TTL
Cross-Origin-Window-Policy
Node
X-Detected-As
X-Forwarded-Host
X-TX-ID
X-Web-Node
X-ApacheServer
X-Via-Fastly
X-TNCMS
X-PERF
Content-Disposition
Cleartype
Decoy-Debug-Key
Decoy-Debug-Status
X-Site-Version
Decoy-Debug-TTL
Cache-Key
X-Pubstack
X-Locale
X-Ua-Device
X-Cache-NGX
X-AWS-Id
Akamai-GRN
X-Akamai-Request-ID2
NGX
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
TWC-Privacy
TWC-Connection-Speed
Webcakes-Region
Section-Io-Id
Property-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Origin-Edge-Control
X-Cache-Config
X-VWS-Id
X-Hosted-By
X-Hl-Ver
X-Origin-Hint
Webcakes-App-Name
Origin-Cache-Control
X-Cache-2
X-LJ-Flow-ID
X-RCS-CacheZone
X-NCache
X-MP-GENERATED-AT
X-Origin
Mn-Server-Ip
Now
X-Alternate-Cache-Key
X-NYM-Debug-Backend
X-No-Session
X-Access
X-HTML-Minification-Powered-By
X-Viewer-Country
X-Section
X-Sorting-Hat-PodId
X-Timing-Wait
X-ProxyCache-Status
X-Www-Served-By
X-Proxy-Build
X-Proxy-Cache-Status
X-ProxyCache-Key
Selected-Fe
X-Zipkin-Id
X-ShardId
X-Shopify-Stage
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proxied
OT-Force-Account-Verify
X-Sorting-Hat-ShopId
X-Cache-Status-Check
X-ShopId
X-Microcachable
X-Format
X-EIG-Tracking-Id
X-Device-Type
DB-Nickname
X-BYPASS-REASON
X-Routing-Service
X-FB-TRIP-ID
Azure-SlotName
X-Xfnlog-Site
Azure-SiteName
Azure-RegionName
X-Amzn-Remapped-Content-Length
Access-Control-Request-Headers
Azure-InstanceId
Azure-Version
X-Shopify-Generated-Cart-Token
X-BCube-Filmed-By
X-Content-Age
X-Vgn-Hpd-Reason
X-ServerID
X-Generated
X-Debug-Cache
X-Tb
X-Backend-TTL
X-Soup
X-SaId
X-Proto
X-JoinUs
X-Request-Time
X-Dc
X-EC-Lua
X-Cdn
X-Cache-Remote
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-From
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
Time
X-Drupal-Cache-Tags
X-Akamai-Request-ID
Cf-Ipcountry
X-CF-Powered-By
Nel
Accept-Language
X-Pad
X-Generated-By
X-COUNTRY
X-Varnish-Hits
X-NewRelic-App-Data
X-Edge
X-IPS-LoggedIn
X-MCACHE
X-Geo
X-VCT
X-RateLimit-Limit
X-Old-Content-Length
Uber-Trace-Id
X-NC
X-Azure-Ref
X-ECACHE
X-Source
X-VCache
X-Cache-Grace
Cache-Name
X-UA
X-RTag
Ms-Operation-Id
X-FORWARDED-FOR
FilterID
X-CS
X-NWS-UUID-VERIFY
X-Ruxit-Js-Agent
X-Mid
X-APP
X-GoCache-CacheStatus
User-Agent
Cache
X-OCL
X-PCL
X-Uri
X-PressLabs-Stats
X-Magnolia-Registration
Proxy-Connection
X-Qloud-Router
X-Info
X-Nginx-Cache
X-Labrador-Cache-Channel
X-PHP-Host
X-Drupal-Cache-Contexts
X-CDN-Forward
X-FW-Version
X-Reboot
X-ARC
X-Region-Sid
X-A-Dam
X-Application
Apple-News-Services-Handled
X-A
X-A-Ccd
User-Cache-Control
X-Aed
X-Accel-Expires-Debug
X-Rojux
X-S
X-S-Cookie
X-A-Wwc
X-A-Dgt
X-Request-UUID
X-A-Dcw
X-Rewrite-Enabled
X-Rocket-Nginx-Bypass
X-B-Cookie
X-Request-URI
Apple-News-Services-Request-Url
MD5-Digest
Memcached
Request-EU
Machine
X-DPWN-IS-SECURE
X-G
X-External-Request-Id
Request-Country
X-Developer
X-CF-Lambda-Version
X-Connection-Hash
X-Date
Mobile-Detection-Method
X-Destination
Rendered-Blocks
Meta-Geo-Continent
X-GeoIP-Country-Code
GEO-REGION-INFO
X-D
T-Server
Arc-Country
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Viewtype
True-Client-Country-4JS
AsisCache
BehaviorPad-Version
X-CF-Lambda-Fn
Fastcgi-X-Cache-Version
X-Instart-Info
X-Cache-Bucket
ServerName
X-Processor
X-PAYTM-SRV-ID
VivaBuild
X-ScT
X-Newrelic-Synthetics
X-SRCache-Key
X-Vtex-Processado-Em
Xc-Version
X-Twitter-Response-Tags
X-Varnish-Cache-Hits
X-Transaction
X-Trv-Group
X-Edge-Location
X-Vtex-Remote-Cache
X-Vdms-Version
Countrycode
X-Session-Fingerprint
X-VG-WebCache
X-VG-WebServer
X-Cluster-Node
X-UnsetCookies
X-Amzn-RequestId
X-Tumblr-Pixel-3
X-Clara-WADP
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Has-Esi
X-Fastly-Cache
X-Level-Front-Cache
X-Micro-Cache
X-Webstats-RespID
X-DevSite-Last-Modified
X-Generated-On
N-Cache
X-Geo-Header
X-Gen-Mode
X-Core-Value
Server-Host
Viewport
X-Backend-State
X-BBXSRF
Thinkindot-Control
X-VServer
Vix-Hermes-Req-Id
X-Oneagent-Js-Injection
X-VG-TLSProxy
Web-Mar-Node
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Cache-Info
X-Cache-URL
X-Cdn-Origin
SD-X-WS
X-Hnp-Log
X-WADP-Cache
X-We-Are-Hiring
X-Block-Status
X-Cdn-Srv
X-Fmm-Version
X-Request-Host
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Served-From
X-TrackingId
X-Thinkindot-L3
X-Servername
X-ServiceProvider
X-Sn-Servicetimems
X-Matched-Rule
Cache-Cookie-Set-From
X-Is-Gdpr
X-JWT-State
X-S-Maxage
X-Sucuri-ID
X-Cluster-Name
X-Trafficlayer-App-Name
X-Irp-Debug
X-IN-APIGATEWAY
X-Storage
X-Rocket-Build-Number
X-Vdms-Path
X-Cache-ASPX
X-Trace-Id
X-Scheme
X-Bc-Bl
X-SN
X-Req
X-WebServer
X-SIPLIST1
X-Varnish-Cacheable
X-Ms-Request-Id
X-Server-W
X-Varnish-Authentication
X-Var-Ttl
X-Variation
X-VC-Cache
X-IN-APIGATEWAYSSL
X-Backend-Host
X-Trafficlayer-App-Scope
X-Sigma-Backend
X-Auto-Login
X-Sigma
X-Slack-Backend
X-Cache-PHP
X-Agile-Id
X-Bip
X-Dispatch
X-Nginx-Cache-Key
X-Agile-Age
X-NodeID
X-Agile
X-Developers
X-Logging-Id
X-LI-Proto
X-Li-Pop
X-App-Name
X-Distil-CS
X-Device-Os
X-LI-UUID
AKAMAI
X-TT-TIMESTAMP
X-Skip-Cache
X-Ms-Version
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Swa-Ws
X-Trafficlayer-App-Version
X-Thanos
X-LAGOON
X-Generation-Time
X-Rebelmouse-Cache-Control
X-CUA
X-Contensis-Viewer-Groups
X-Rebelmouse-Surrogate-Control
X-Clientip
X-Cms-Context
X-Li-Fabric
Rt-Fastcgi-Cache
Locale
Kp-EeAlive
IsBot
Is-Eu
Locid
Mail-Subject
RNT-Machine
Platform
On-Server
Heartbleed
Group
CDCHOST
Cache-Host
Adler-Geo
X-Hyper-Cache
Content-Script-Type
Fastly-SIE
Gh-Request-Id
FNAC-ModuleRouting
Fastly-SWR
RNT-Time
Content-Style-Type
Wxu-Next-Commit
We-Hiring
Wxu-Next-Region
Wxu-Next-Hostname
Server-Cache-Control
Server-Surrogate-Control
W
HA-Ipaddr
X-GeoIP-City
X-Generated-In
Ha-Gx-Prefs
X-C
X-Eu-Site
X-Epic-Correlation-Id
Server-ID
X-Hash
X-Fetched-On
X-Gamma-Serve
Fastly-Drupal-HTML
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Response-By
X-Owner
X-Cache-FS-Status
X-Proxy-Upstream
X-Platform-Server
L5d-Success-Class
Country-Code
X-Origin-Date
X-Cache-Tags
V-Age
X-Origin-Expires
X-Core-Mission
Proxy-Firewall
Request-Time
X-CGP
X-Dispatcher-Server
X-Distributor
NM-Fastcgi-Cache
X-B3-Spanid
Sever-Int
X-App-Server
A
X-CSRF-Token
CF-Cached-On
Server-Hostname
X-Hit
X-Refresh
Server-Ext
X-SS-Set-Cookie
X-NX-Host
Pagetype
X-RESPONSE-TIME
X-Cache-Expired-At
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
M-TraceId
X-Debug-Cookies
X-Debug-Log
X-Protected-By
X-OVcl-Cache
X-OVcl
X-CLOUD-TRACE-CONTEXT
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Method
X-Instart-Isnd
X-Debug-Cache-Store
X-Node-Id
HostName
X-TA-CDN-Provider
XServer
Mime-Version
X-Parent-Response-Time
X-Varnish-Beresp-Ttl
X-FPC
X-Worker
PFcat
Magicmarker
X-Varnish-URL
X-GEO
X-Request-Start
X-Wa
X-Envoy-Upstream-Healthchecked-Cluster
X-Nc
X-Branch-Name
X-Via-PopH
X-Via-PopV
Origin
X-SRV
Geo-Info
X-Varnish-Ttl
PICS-Label
X-Time
Geoip-Latitude
Geoip-City
X-MSEdge-Features
X-MSEdge-Flight
X-Policy
X-CACHE-KEY
X-Be
Powered-By-ChinaCache
GeoIp-Country-Code
Memory
Pramga
X-Lb-Id
X-Load-Cache
X-Ratelimit-Remaining
X-SERVER-NAME
X-C-Key
Esi-Enabled
X-C-Zone
Cloudfront-Viewer-Country
X-Planisys-CDN-TTL
X-ND-Cache
Who
X-Planisys-CDN-Cache
X-Service
X-Planisys-CDN-Rules
Cteonnt-Length
X-Pjax-Url
X-Via-Ucdn
HitType
X-HS-Status
X-DC
X-VCL-Version
X-Country-IP
Dt-Cache-Category
X-Reqid
X-ECache
Environment
X-Servedbyhost
X-BACKEND-TTL
X-Azure-Ref-OriginShield
X-Newrelic-App-Data
X-Myra-Origin2
X-Wix-Viewer-Type
X-Tec-Api-Origin
X-Tec-Api-Root
X-Ua
X-Tec-Api-Version
Product
X-Zone
X-Cdn-Forward
UCS
X-Referer
X-CSRF-TOKEN
X-Bc
Ttl
NtCoent-Length
X-Cache-Metadata
TTL
X-Up
Fastly-Backend-Name
X-BC
X-ZONE
SRV
X-Server-IP
X-NGINX-Cache
X-Vcl-Version
X-Cache-Host
X-Origin-CC
Resin-Trace
X-Origin-TTL
X-Ratelimit-Limit
Pragrma
X-App-Version
Cdn
X-Pf-Uncompressing
Release
X-Fastly-Country-Code
FSS-Cache
X-Server-Time
X-ServedByHost
X-Swift-Error
X-TT-LOGID
Hostname
X-Correlation-ID
Cdn-Request-Time
X-Edge-Server
C-Via
Cdn-Host
X-PJAX-URL
CACHE
Cdnsip
X-AIR-PT
X-AK-Request-ID
Cdncip
LB
Lb
X-Cache-Backend
Sid
X-SVT-ORM-RULES
X-Node-ID
X-NU-AKA-ACS-Version
GeoIP-Country-Code
X-SVT-ORM-VERSION
Load-Balancing
X-UPSTREAM-Address
X-Location
X-WPE-Loopback-Upstream-Addr
GeoIP-Latitude
X-Sucuri-Cache
X-Configured-By
My-App
Warning
GeoIP-City
MIME-Version
X-Fastly-Backend-Reqs
X-Mvc-Supplant-Cachable
Dnion-Transfer-Encoding
X-BE
X-WA
X-Air-Hostname
Ohc-File-Size
X-Esi-Check
X-Gzip
X-Varnish-Beresp-TTL
X-Powered-Y
X-Svr
X-Cache-Id
X-Mvc-Supplant-OutputCached
X-RAMCache
X-Tb-Optimization-Total-Bytes-Saved
Fastly-SSL
X-User
X-Fpc
X-Varnish-Url
RequestId
X-Cache-Debug
X-B3-SpanId
X-VarnishDD-TTL
Lfy
X-TH-Server
CDN
Ohc-Cache-HIT
X-Fastly-Request-Id
X-LiteSpeed-Cache-Control
X-Amzn-Remapped-Date
X-Apw-Access-Object
X-SD-PageType
X-Apw-Access-Token
Pics-Label
Processtime
X-Apw-Hits
X-Amzn-Remapped-Connection
Host-ID
X-Apw-Access-Action
X-MID
IBM-Web2-Location
X-Unique-ID
X-B3-Parentspanid
Cneonction
X-Sucuri-Id
X-Agile-Brick-Ok
X-ElasticPress-Search
X-Zalando-Child-Request-Id
X-Flow-Id
X-ElasticPress-Query
X-Page-Impression-Id
Xet-Cookie
DSUID
Requestid
CF-IPCountry
X-Debug-Controller
X-Aicache-OS
X-DB
X-Debug-Revision
X-DW
X-Via-NSCOPI
L
X-Compress-Hint
X-RPM
X-Ocache
X-RSL
X-RPS
X-DI
Server-Int
X-DSS
X-Check-Cacheable
X-Envoy-Decorator-Operation
X-Action
ProcessTime
WZWS-RAY
X-MiniProfiler-Ids
Powered-By
X-Request-URL
X-Edge-O15-RID
DataCenter
X-Fastly-Cache-Hits
X-Request-Url
X-Dw-Trace-Id
X-LB-ID
X-Cache-Tag
X-Akamai-ERPolicy
CloudFront-Viewer-Country
X-Nananana
URI
X-Akamai-ERRuleID