Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Ua-Compatible
X-Iinfo
P3p
X-Template
X-Language
Status
Upgrade
X-AspNetMvc-Version
X-Content-Security-Policy
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-AH-Environment
X-Turbo-Charged-By
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
Feature-Policy
X-Server-Powered-By
X-Pingback
Server-Timing
Request-Context
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Grace
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Server-Id
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
X-Vhost
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
NEL
X-Response-Time
X-Dispatcher
X-WebKit-CSP
X-Ac
X-Cache-Lookup
X-Origin-Upstream-Status
Surrogate-Control
X-Readtime
Request-Id
X-Ruxit-JS-Agent
X-Dns-Prefetch-Control
Content-Location
X-Application-Context
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
X-DataDome
X-Cnection
X-Country
X-Mod-Pagespeed
X-Akam-SW-Version
X-Url
Edge-Control
Rating
X-Cloud-Trace-Context
X-Rack-Cache
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
X-Country-Code
X-DynaTrace
X-Varnish-TTL
X-ASPNET-VERSION
X-GitHub-Request-Id
Service-Worker-Allowed
Allow
X-Instart-Request-ID
Verso
Fusion-Deployment-Id
X-MS-InvokeApp
Content-MD5
X-D2id
X-Cdn-Fetch
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Server-Name
SPRequestGuid
Pinterest-Generated-By
X-Cached
X-Powered-By-Plesk
X-Forwarded-Proto
X-Trace
X-Navigation-Version
Accept-CH
X-Vcache
TCN
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-Amz-Rid
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-ESI
Public-Key-Pins
X-Fastly-Request-ID
X-Ttl
Nginx-Cache
X-Debug
X-Vcap-Request-Id
X-MSEdge-Ref
X-VARITI-CCR
Arr-Disable-Session-Affinity
SPIisLatency
SPRequestDuration
Accept-CH-Lifetime
Charset
X-B3-TraceId
MS-Author-Via
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
X-Px
Display
X-Middleton-Display
Pagespeed
X-Middleton-Response
Response
NR-ENABLED
X-Content-Type
Realpath
X-Sol
X-Client-IP
X-Ser
X-DynaTrace-JS-Agent
Edge-Cache-Tag
Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
Access-Control-Request-Method
X-Powered-CMS
X-Id
X-Server-ID
X-Grace
X-Fastcgi-Cache
Front-End-Https
Pinterest-Version
X-Version
X-Pinterest-Rid
X-Jurisdiction
X-Hp-Webp
X-Upstream
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Webkit-Csp
X-T
X-Hits
Accept-Ch
X-Element-Page-Cache
WPE-Backend
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Shield-Request-Id
X-Dw-Request-Base-Id
DynaTrace
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Node-Name
Fastcgi-Cache
AR-CACHE
ServerID
Ar-Sid
X-Cache-Hit
X-Recruiting
X-Forwarded-For
X-Mobile-URL
Accept-Ch-Lifetime
AMP-Access-Control-Allow-Source-Origin
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-Country-Code-Real
X-Goog-Generation
X-Goog-Metageneration
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Realm
Powered
Server-Node
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
X-Correlation-Id
PB-RID
TP-L2-Cache
TP-Cache
X-XRDS-Location
PB-PID
X-Request-Processing-Time
X-Request-Received
X-FTR-Expires
X-Mobile-Rewrite
Arc-Version
X-DIS-Request-ID
Upgrade-Insecure-Requests
Refresh
X-HS-Combine-CSS
X-Ezoic-Cdn
X-Shard
Alternate-Protocol
X-Amzn-Trace-Id
Server-Name
X-NWS-LOG-UUID
Host-Header
X-Geo-Country
X-Microsite
X-Request-Handler-Origin-Region
X-N
X-FTR-Cache-Host
X-Page-Id
X-Rid
X-LB-Cache
X-Varnish-Age
X-F-Cache
X-Akamai-Edgescape
X-Logged-In
Fastly-Restarts
Backend-Timing
X-User-Agent
X-ATS-Timestamp
X-B
X-TTL
X-Content-Security-Policy-Report-Only
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-Zen-Fury
X-Kinsta-Cache
Healthy
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-FastCGI-Cache
X-Varnish-Grace
X-Origin-Server
X-Cache-Key
Host
X-XRDS-LOCATION
X-Request-Guid
X-Revision
X-Jobs
Fastcgi-Useragent
X-Instance
X-App-Environment
X-Tumblr-Pixel-0
X-Tumblr-User
X-Git-Hash
X-B-Cache
Actual-Object-TTL
X-ATG-Version
X-Hostname
Paypal-Debug-Id
X-Signature
X-Tumblr-Pixel
X-TT
Cache-Status
X-FB-Debug
X-B3-Sampled
Section-Io-Cache
X-Type
X-Amz-Replication-Status
X-AOL-HN
X-Varnish-Backend
X-Whom
X-Debug-Info
X-Content-Options
X-Cache-Action
X-Seen-By
Frame-Options
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-Cache-Age
X-Cluster
Trailer
X-Cache-Rule
X-Cache-Operation
X-Contextid
X-Endurance-Cache-Level
X-Content-Powered-By
Source
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Liferay-Portal
X-Host-Name
X-Az
Tracecode
X-Activity-Id
X-Esi
X-AppVersion
X-Daa-Tunnel
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Amz-Apigw-Id
X-PHP-Backend
X-FireWall-Port
X-SERVER
X-Amzn-Requestid
X-IPLB-Instance
X-Upgrade-Enabled
X-Framework
Accept-Charset
X-WA-Info
DC
From-Origin
Retry-After
NGB
X-Accel-Buffering
X-Response-Served-From
X-RateLimit-Remaining
X-Presslabs-Stats
X-RemovedCookies
Srv
X-ProcessESI
X-FW-Hash
X-Rendered-As
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-UUID
X-Is-Bot
X-FW-Type
X-Mobile
X-FW-Serve
X-FW-Static
Surrogate-Key
X-FW-Server
X-Adobe-Content
X-Cacheable-TTL
X-Environment-Context
X-L-Path
X-Adobe-Loc
X-Cached-By
Payment
X-Cache-NE
X-RequestSource
Eomportal-Instance
X-Region
X-Varnish-Server
X-GeoIP
Xserver
Filters
VIX-Pulpo-Upstream-Status
X-UA-Device-Type
X-Wix-Request-Id
X-Handled-By
VIX-Pulpo-Node
X-Time-Microsecs
X-Origin-Response-Time
X-Varnish-Hostname
X-APP-VERSION
X-Proxy
X-Unique-Id
X-Srv
X-Cache-TTL-Remaining
X-NGENIX-Cache
X-Cache-Server
X-EdgeConnect-Cache-Status
Datacenter
X-Webkit-CSP
X-Akamai-Transformed
X-B3-Traceid
X-Cache-Time
MS-CV
X-Cache-Control
X-Backend-Name
Filterid
Version
Server-Info
Cache-Tv-Group
X-Status
X-Mode
X-Cache-2
X-TIME
X-Cache-Enabled
S-Cnection
X-Yottaa-Optimizations
X-CST
X-Yottaa-Metrics
X-CCM
Meta-Geo
X-Cache-Var-Map
Webserver
Cache-Tags
X-Cache-Var
X-IP
X-ES-SERVER
X-Path-Route
X-Detected-As
Odigeo-Trace-Id
X-Redis-Cache
Ec-Rule-Version
X-TNCMS
Azure-InstanceId
X-FC-Vary-Parameters
X-RN-RSRV
Azure-SlotName
X-FW-Dynamic
Azure-Version
Azure-RegionName
Azure-SiteName
X-Loop
X-Rule
S-Rt
X-R9-Blue-Green-Version
Cache-Hits
X-Debug-Cache
X-Forwarded-Host
Akamai-GRN
X-Hl-Ver
X-Hosted-By
X-Real-IP
OT-Force-Account-Verify
X-Say-Cacheable
X-Proto
Property-Id
X-Say-TTL
X-PERF
X-Via-Fastly
Cleartype
Origin-Edge-Control
X-SayCDN-TTL
GEO-INFO
Webcakes-Region
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Device-Class
X-TX-ID
ServedBy
TWC-Connection-Speed
X-Origin
X-Origin-Hint
DB-Nickname
Origin-Cache-Control
X-ApacheServer
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Pubstack
Country
X-Amzn-Remapped-Content-Length
X-NCache
X-Human
Webcakes-App-Version
X-Adobe-Source
Now
X-Web-Node
Content-Disposition
Access-Control-Request-Headers
X-AWS-Id
Cache-Key
Section-Io-Origin-Time-Seconds
X-Akamai-Request-ID2
NGX
X-Alternate-Cache-Key
X-BYPASS-REASON
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
X-RCS-CacheZone
X-Proxy-Cache-Status
X-ServerID
X-ShardId
X-ProxyCache-Key
X-NYM-Debug-Backend
X-Locale
X-VWS-Id
X-Vgn-Hpd-Reason
X-ShopId
X-Tb
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Site-Version
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-LJ-Flow-ID
X-ProxyCache-Status
X-Generated
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-EIG-Tracking-Id
X-Device-Type
X-Cache-Config
X-Cache-Status-Check
X-Oss-Hash-Crc64ecma
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Oss-Object-Type
X-Format
X-SaId
X-Timing-Wait
X-Content-Age
X-Soup
X-FB-TRIP-ID
X-Proxied
X-BCube-Filmed-By
X-Www-Served-By
X-Routing-Service
X-Xfnlog-Site
X-Zipkin-Id
X-MP-GENERATED-AT
X-Viewer-Country
X-Request-Time
X-Access
X-JoinUs
X-Section
X-Proxy-Build
Mn-Server-Ip
X-HTML-Minification-Powered-By
Cross-Origin-Window-Policy
X-PressLabs-Stats
Selected-Fe
X-Ua-Device
X-Cache-NGX
X-Cache-Remote
Node
X-Microcachable
X-Backend-TTL
X-No-Session
X-NewRelic-App-Data
X-Cdn
X-Varnish-Hits
X-Generated-By
X-EC-Lua
X-Akamai-Request-ID
X-IPS-LoggedIn
X-Pad
X-Amzn-RequestId
FilterID
Cf-Ipcountry
Accept-Language
X-Drupal-Cache-Tags
Nel
X-Geo
X-CF-Powered-By
Time
X-From
X-NWS-UUID-VERIFY
X-Dc
X-Azure-Ref
X-NC
X-RateLimit-Limit
Ms-Operation-Id
X-RTag
X-Old-Content-Length
X-Uri
X-Source
Uber-Trace-Id
User-Agent
X-VCT
X-PHP-Host
X-OCL
X-Labrador-Cache-Channel
X-Cache-Grace
Cache-Name
X-CS
X-PCL
X-Pinterest-Direct
X-Qloud-Router
X-Nginx-Cache
X-GoCache-CacheStatus
X-Varnish-Cache-Hits
Cache
Proxy-Connection
X-Hyper-Cache
X-Newrelic-Synthetics
X-MCACHE
X-Edge
X-SS-Set-Cookie
X-ECACHE
X-Drupal-Cache-Contexts
X-Edge-Location
X-CACHE-KEY
X-Info
X-App-Server
X-Time
Memcached
T-Server
Fastcgi-X-Cache-Version
Meta-Geo-Continent
MD5-Digest
True-Client-Country-4JS
Machine
GEO-REGION-INFO
X-A
VivaBuild
Viewtype
X-Magnolia-Registration
Apple-News-Services-Parsed-Url
AsisCache
Apple-News-Services-Request-Url
Arc-Country
Request-EU
Request-Country
BehaviorPad-Version
Apple-News-Services-Handled
Mobile-Detection-Method
Apple-News-Services-Host
Rendered-Blocks
ServerName
X-CF-Lambda-Version
X-Reboot
X-Region-Sid
X-Request-URI
X-Request-UUID
X-Processor
X-PAYTM-SRV-ID
X-External-Request-Id
X-FW-Version
X-G
X-GeoIP-Country-Code
X-Rewrite-Enabled
X-Rocket-Nginx-Bypass
X-Session-Fingerprint
X-SRCache-Key
X-Trv-Group
X-Transaction
X-ScT
X-S-Cookie
X-Rojux
X-Twitter-Response-Tags
X-S
X-Vdms-Version
X-DPWN-IS-SECURE
X-Application
X-ARC
X-B-Cookie
X-Vtex-Remote-Cache
X-Aed
X-Accel-Expires-Debug
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Cache-Bucket
X-Vtex-Processado-Em
X-Date
X-VG-WebCache
X-Destination
X-Developer
X-D
X-Connection-Hash
X-Cdn-Srv
X-CF-Lambda-Fn
X-VG-WebServer
X-A-Ccd
Xc-Version
User-Cache-Control
X-CDN-Forward
X-Cluster-Name
X-Storage
X-Geo-Header
Thinkindot-CacheControl-Type
X-Server-W
X-Is-Gdpr
X-Webstats-RespID
Server-Surrogate-Control
Thinkindot-Control
Viewport
X-Tumblr-Pixel-3
X-Served-From
X-Irp-Debug
Server-Host
Web-Mar-Node
SD-X-WS
X-Li-Fabric
X-Level-Front-Cache
On-Server
N-Cache
X-Li-Pop
X-ServiceProvider
X-Trafficlayer-App-Version
X-JWT-State
Rt-Fastcgi-Cache
X-IN-APIGATEWAYSSL
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Servername
Server-Cache-Control
X-IN-APIGATEWAY
X-Has-Esi
X-Varnish-Authentication
X-Core-Value
X-Contensis-Viewer-Groups
X-Cdn-Origin
X-Clara-WADP
X-DevSite-Last-Modified
X-VG-TLSProxy
X-Gen-Mode
X-Generated-On
X-Fmm-Version
X-Fastly-Cache
X-GeoIP-City
X-Cache-URL
X-Cache-Info
X-Auto-Login
X-Backend-Host
X-Hnp-Log
X-WADP-Cache
X-We-Are-Hiring
X-Backend-State
X-BBXSRF
X-Cache-Expired-At
X-VServer
X-Cache-ASPX
X-Block-Status
X-Request-Host
X-Instart-Info
Thinkindot-CacheControl
Content-Script-Type
X-LI-UUID
Content-Style-Type
X-Sn-Servicetimems
X-LI-Proto
X-Trafficlayer-App-Scope
X-Matched-Rule
Cache-Cookie-Set-Idcheck
X-TrackingId
X-Trafficlayer-App-Name
X-Thinkindot-L3
A
Cache-Cookie-Set-From
X-Micro-Cache
X-Slack-Backend
Cache-Cookie-Set-Lfrom
Gh-Request-Id
X-S-Maxage
X-UA
X-Sucuri-ID
Geo-Info
Kp-EeAlive
X-Cache-FS-Status
X-Req
X-Owner
X-Nginx-Cache-Key
X-NodeID
X-APP
X-Cache-Tags
X-UnsetCookies
X-SIPLIST1
X-Urbn-Site-Id
Adler-Geo
X-Epic-Correlation-Id
X-Thanos
Heartbleed
X-Rocket-Build-Number
X-Ms-Request-Id
X-Ms-Version
X-Hash
X-Bip
X-Bc-Bl
AKAMAI
X-VC-Cache
X-Rebelmouse-Cache-Control
X-Debug-Cookies
X-Debug-Log
X-Dispatcher-Server
X-Distil-CS
X-Distributor
X-Var-Ttl
X-Platform-Server
Is-Eu
IsBot
X-Device-Os
X-Developers
X-Proxy-Upstream
X-Trace-Id
X-Cluster-Node
X-Cms-Context
X-Clientip
X-CGP
X-App-Name
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-CUA
X-NX-Host
X-Core-Mission
X-Variation
X-Rebelmouse-Surrogate-Control
L5d-Success-Class
Server-ID
X-TT-TIMESTAMP
Ha-Gx-Prefs
X-SN
Fastly-Drupal-HTML
Countrycode
Country-Code
Mail-Subject
X-Sigma-Backend
X-Sigma
X-WebServer
Fastly-SIE
RNT-Time
X-LAGOON
FNAC-ModuleRouting
Platform
Proxy-Firewall
X-Generation-Time
Fastly-SWR
Group
RNT-Machine
X-Gamma-Serve
X-Origin-Date
X-Generated-In
X-Skip-Cache
X-Varnish-Cacheable
X-Dispatch
Locid
Cache-Host
X-Origin-Expires
X-Scheme
Locale
X-Urbn-Context-Path
X-Eu-Site
X-Agile-Id
X-Agile-Age
X-Agile
X-Logging-Id
Wxu-Next-Region
X-Swa-Ws
X-Fetched-On
HA-Ipaddr
V-Age
Wxu-Next-Hostname
W
We-Hiring
Wxu-Next-Commit
CDCHOST
X-Mid
X-OVcl
CF-Cached-On
X-OVcl-Cache
X-Hit
X-Debug-Cache-Store
X-Response-By
Vix-Hermes-Req-Id
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-C
X-Instart-Isnd
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Cache-PHP
X-CSRF-Token
PFcat
X-Refresh
X-FORWARDED-FOR
Request-Time
X-Varnish-Beresp-Ttl
NM-Fastcgi-Cache
X-Vdms-Path
X-Node-Id
X-URL
X-RESPONSE-TIME
Mime-Version
X-CLOUD-TRACE-CONTEXT
X-Parent-Response-Time
X-B3-Spanid
M-TraceId
X-Varnish-URL
Server-Ext
Server-Hostname
Powered-By-ChinaCache
Sever-Int
X-Nc
Pagetype
X-MSEdge-Features
X-Lb-Id
X-MSEdge-Flight
Origin
X-VCache
X-Wa
Pramga
HostName
X-Varnish-Ttl
X-ND-Cache
X-Service
X-Protected-By
X-Method
PICS-Label
Cloudfront-Viewer-Country
X-DC
X-Ua
HitType
X-Pjax-Url
Magicmarker
X-Via-PopH
X-Worker
X-FPC
X-Via-PopV
X-TA-CDN-Provider
X-Envoy-Upstream-Healthchecked-Cluster
X-Request-Start
Environment
X-C-Key
X-C-Zone
X-Branch-Name
X-Ratelimit-Remaining
X-SRV
X-GEO
X-Be
X-Load-Cache
X-App-Version
X-Policy
X-SERVER-NAME
X-COUNTRY
X-HS-Status
Memory
Geoip-City
Geoip-Latitude
X-BACKEND-TTL
X-Planisys-CDN-Cache
X-Wix-Viewer-Type
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
GeoIp-Country-Code
Dt-Cache-Category
X-Servedbyhost
Fastly-Backend-Name
NtCoent-Length
Esi-Enabled
X-ECache
X-Up
XServer
X-CSRF-TOKEN
Cteonnt-Length
X-Bc
X-Azure-Ref-OriginShield
X-Newrelic-App-Data
X-Myra-Origin2
X-Zone
X-VCL-Version
Who
X-Origin-CC
X-Origin-TTL
X-Cdn-Forward
Hostname
X-TT-LOGID
TTL
X-Server-Time
Ttl
X-Referer
X-Reqid
X-Litespeed-Cache
X-Via-Ucdn
Pragrma
X-Correlation-ID
X-Cache-Metadata
UCS
X-Country-IP
X-Vcl-Version
X-Cache-Host
Cdn
Cdn-Request-Time
Resin-Trace
X-Edge-Server
Cdn-Host
X-Dynatrace-Js-Agent
SRV
Cdncip
Cdnsip
X-BC
X-ZONE
Release
X-AK-Request-ID
X-Oneagent-Js-Injection
X-Fastly-Country-Code
X-Ratelimit-Limit
Lb
X-Pf-Uncompressing
X-ServedByHost
Load-Balancing
GeoIP-Country-Code
Product
X-NU-AKA-ACS-Version
X-NGINX-Cache
GeoIP-City
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
GeoIP-Latitude
CACHE
X-Swift-Error
X-AIR-PT
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Configured-By
LB
X-Air-Hostname
Sid
X-Server-IP
Ohc-File-Size
X-Edge-O15-RID
X-Ruxit-Js-Agent
X-Datadome
FSS-Cache
X-Cache-Id
X-Gzip
X-Node-ID
Dnion-Transfer-Encoding
X-Esi-Check
X-PJAX-URL
Ohc-Cache-HIT
X-TH-Server
X-Cache-Debug
Warning
X-Tb-Optimization-Total-Bytes-Saved
C-Via
X-Fpc
RequestId
X-WPE-Loopback-Upstream-Addr
MIME-Version
IBM-Web2-Location
Pics-Label
X-B3-SpanId
X-WA
X-BE
X-RAMCache
My-App
X-Location
X-Powered-Y
X-VarnishDD-TTL
X-Svr
X-UPSTREAM-Address
X-Fastly-Backend-Reqs
X-Fastly-Request-Id
X-Ocache
Server-Int
X-Varnish-Beresp-TTL
X-Sucuri-Cache
Lfy
X-Varnish-Url
X-Mvc-Supplant-Cachable
X-Cache-Backend
X-Unique-ID
X-Mvc-Supplant-OutputCached
X-Apw-Access-Action
X-MID
X-Apw-Access-Token
X-SD-PageType
X-Apw-Access-Object
Powered-By
X-Apw-Hits
Fastly-SSL
X-LiteSpeed-Cache-Control
X-Zalando-Child-Request-Id
Xet-Cookie
X-ElasticPress-Search
X-Page-Impression-Id
X-ElasticPress-Query
X-Agile-Brick-Ok
X-PF-Uncompressing
Requestid
X-Flow-Id
CF-IPCountry
Fastly-Soc-X-Request-Id
X-Check-Cacheable
Cneonction
X-User
X-Aicache-OS
X-Nananana
CDN
X-Debug-Controller
X-B3-Parentspanid
X-Debug-Revision
X-Sucuri-Id
X-App
X-RSL
X-RPM
URI
X-RPS
DataCenter
X-Cache-Tag
ProcessTime
Host-ID
X-Request-Url
Processtime
X-Fastly-Cache-Hits
X-Dw-Trace-Id
L
X-MiniProfiler-Ids
X-LB-ID
X-Request-URL
X-Action
X-Compress-Hint
X-DSS
CloudFront-Viewer-Country
X-DI
X-DB
X-DW