Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
CF-RAY
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
P3p
X-DNS-Prefetch-Control
X-Ua-Compatible
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-Content-Security-Policy
X-AspNetMvc-Version
X-Buckets
X-CDN
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-Envoy-Upstream-Service-Time
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
EagleId
X-Page-Speed
Feature-Policy
X-Hacker
X-Server-Powered-By
Request-Context
X-Pingback
Server-Timing
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Report-To
Cf-Railgun
X-OneAgent-JS-Injection
X-Rq
CONTENT-SECURITY-POLICY
X-LiteSpeed-Cache
X-Server-Id
X-Device
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
NEL
X-Node
X-Response-Time
X-Dispatcher
X-Ac
X-Cache-Lookup
X-Origin-Upstream-Status
X-Dns-Prefetch-Control
X-WebKit-CSP
Request-Id
X-Readtime
Surrogate-Control
X-DataDome
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-Application-Context
Content-Location
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Rack-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
RTSS
X-Url
X-Clacks-Overhead
Fusion-Deployment-Id
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
X-FTR-Request-ID
X-Country-Code
X-DynaTrace
X-ASPNET-VERSION
Allow
X-Varnish-TTL
X-GitHub-Request-Id
Verso
Service-Worker-Allowed
Accept-CH
X-MS-InvokeApp
X-Instart-Request-ID
X-D2id
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-Server-Name
Pinterest-Generated-By
Content-MD5
SPRequestGuid
X-Powered-By-Plesk
Accept-CH-Lifetime
X-Forwarded-Proto
X-Cached
X-Navigation-Version
X-Trace
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-Amz-Rid
X-Abt-Application-Version
Public-Key-Pins
X-Fastly-Request-ID
TCN
X-Vcap-Request-Id
Nginx-Cache
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Debug
X-MSEdge-Ref
X-ESI
SPIisLatency
SPRequestDuration
X-Vcache
X-VARITI-CCR
Arr-Disable-Session-Affinity
X-DynaTrace-JS-Agent
Charset
NR-ENABLED
X-Cache-TTL
X-B3-TraceId
X-Accel-Expires
MS-Author-Via
X-NF-Request-ID
Pagespeed
Display
X-Middleton-Display
Response
X-Middleton-Response
X-Ttl
X-Sol
X-Px
Realpath
X-Content-Type
X-Client-IP
Cache-Tag
Access-Control-Request-Method
WPE-Backend
Pinterest-Version
S
X-Pinterest-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
X-Id
X-Server-ID
X-Powered-CMS
X-Grace
Edge-Cache-Tag
X-Webkit-Csp
X-Shield-Request-Id
X-Jurisdiction
X-Hp-Webp
Front-End-Https
X-T
X-Hits
X-Amz-Meta-S3cmd-Attrs
X-Upstream
X-Element-Page-Cache
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Dw-Request-Base-Id
X-Content-Digest
DynaTrace
X-Version
X-Fastcgi-Cache
X-Node-Name
X-Cache-Hit
X-Recruiting
ServerID
AMP-Access-Control-Allow-Source-Origin
Fastcgi-Cache
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-TTL
X-Mobile-URL
X-Correlation-Id
X-Request-Processing-Time
AR-CACHE
Ar-Sid
X-Request-Received
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Storage-Class
Server-Node
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-HS-Content-Id
X-HS-Cache-Config
X-FTR-DC
X-HS-Hub-Id
X-FTR-Cache-Status
X-Frontend
Powered
PB-PID
PB-RID
X-FTR-Expires
X-Ezoic-Cdn
X-DIS-Request-ID
TP-Cache
TP-L2-Cache
Upgrade-Insecure-Requests
Arc-Version
X-Mobile-Rewrite
X-Shard
Refresh
X-HS-Combine-CSS
Host-Header
X-Forwarded-For
Alternate-Protocol
Server-Name
Accept-Ch
X-XRDS-Location
X-Geo-Country
X-N
Fastly-Restarts
X-Amzn-Trace-Id
X-Request-Handler-Origin-Region
X-Microsite
X-Akamai-Edgescape
X-Rid
X-Page-Id
X-LB-Cache
X-NWS-LOG-UUID
Backend-Timing
X-ATS-Timestamp
X-FastCGI-Cache
X-B
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Content-Security-Policy-Report-Only
X-F-Cache
X-Cache-Key
X-FTR-Cache-Host
X-User-Agent
X-Aspnetmvc-Version
X-Logged-In
X-Varnish-Age
Accept-Ch-Lifetime
MicrosoftSharePointTeamServices
X-XRDS-LOCATION
X-Cdn
X-Kinsta-Cache
X-Zen-Fury
Healthy
X-Amzn-Requestid
X-Revision
X-Esi
X-ORACLE-APMCS-TAG
X-Cache-Age
X-ORACLE-APMCS-REQUEST-ID
Paypal-Debug-Id
X-Origin-Server
X-Varnish-Backend
X-Via-JSL
X-Varnish-Grace
X-Jobs
X-App-Environment
X-Instance
X-ATG-Version
X-B3-Sampled
X-Git-Hash
X-Type
X-Amz-Replication-Status
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Request-Guid
X-TT
Actual-Object-TTL
X-Signature
X-B-Cache
Section-Io-Cache
X-Presslabs-Stats
X-Seen-By
X-AOL-HN
X-Cache-Action
X-WebKit-CSP-Report-Only
X-Debug-Info
X-Whom
Host
Fastcgi-Useragent
X-Cluster
X-Hostname
X-FB-Debug
Frame-Options
Cache-Status
X-Webkit-CSP
X-Endurance-Cache-Level
X-Contextid
X-Content-Options
Access-Control-Allow-Method
X-Cache-Rule
X-Cache-Operation
Source
Trailer
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Host-Name
X-SERVER
X-Content-Powered-By
DC
Accept-Charset
X-AppVersion
X-Az
X-Activity-Id
Tracecode
X-FireWall-Port
X-Upgrade-Enabled
X-Daa-Tunnel
X-IPLB-Instance
From-Origin
X-APP-VERSION
X-Tt-Trace-Host
Liferay-Portal
X-Tt-Trace-Tag
X-Amz-Apigw-Id
X-Framework
X-Response-Served-From
X-Accel-Buffering
X-PHP-Backend
X-RateLimit-Remaining
NGB
X-ProcessESI
Retry-After
X-RemovedCookies
Srv
X-WA-Info
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
VIX-Pulpo-Node
X-UUID
X-FW-Hash
X-FW-Static
X-FW-Server
Surrogate-Key
X-FW-Type
X-FW-Serve
X-Is-Bot
X-Rendered-As
X-Cacheable-TTL
X-L-Path
X-TIME
X-RequestSource
Payment
X-Region
X-Adobe-Loc
X-Time-Microsecs
X-Environment-Context
Filters
X-GeoIP
Eomportal-Instance
X-Adobe-Content
X-Mobile
X-Wix-Request-Id
X-Varnish-Server
X-Cache-NE
X-Proxy
X-UA-Device-Type
X-CST
X-Handled-By
X-NGENIX-Cache
X-Unique-Id
X-Cache-Control
X-Origin-Response-Time
X-URL
GEO-INFO
X-Varnish-Hostname
X-Cache-Server
X-Cached-By
Datacenter
Filterid
X-Cache-TTL-Remaining
X-EdgeConnect-Cache-Status
X-Akamai-Transformed
X-B3-Traceid
X-Cache-Time
Xserver
X-Oneagent-Js-Injection
X-Backend-Name
Odigeo-Trace-Id
X-Rule
X-Ruxit-Js-Agent
X-Litespeed-Cache
MS-CV
X-Mode
X-Srv
Cache-Tags
X-Pinterest-Direct
S-Cnection
Version
X-Status
X-Path-Route
X-CCM
X-Cache-Var
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Var-Map
X-Ua-Device
X-FW-Dynamic
X-Site-Version
X-ES-SERVER
Meta-Geo
X-IP
DB-Nickname
X-Pubstack
Country
Azure-InstanceId
X-RN-RSRV
X-ApacheServer
X-Dc
X-PERF
X-Via-Fastly
Azure-SiteName
X-Cache-2
X-Www-Served-By
Azure-Version
Azure-SlotName
X-Locale
X-Redis-Cache
X-MP-GENERATED-AT
Azure-RegionName
X-Cache-Enabled
Origin-Cache-Control
NGX
Webserver
Decoy-Debug-TTL
Decoy-Debug-Key
Akamai-GRN
Cache-Hits
Property-Id
Decoy-Debug-Status
Origin-Edge-Control
TWC-Privacy
X-R9-Blue-Green-Version
X-Real-IP
X-Origin-Hint
X-Human
X-NCache
X-Cache-NGX
X-Detected-As
X-Forwarded-Host
Cache-Tv-Group
X-FC-Vary-Parameters
Cross-Origin-Window-Policy
X-Amzn-Remapped-Content-Length
X-Akamai-Request-ID2
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
S-Rt
ServedBy
TWC-Locale-Group
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Adobe-Source
X-Hl-Ver
X-RCS-CacheZone
X-Access
X-Cache-Status-Check
X-Origin
X-Format
X-AWS-Id
X-Proxied
Cleartype
Content-Disposition
Now
Cache-Key
X-Section
X-Zipkin-Id
X-Web-Node
X-VWS-Id
X-TX-ID
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-LJ-Flow-ID
X-No-Session
Section-Origin-Responded
X-Microcachable
Section-Io-Origin-Status
X-Say-Cacheable
Server-Info
X-Routing-Service
X-Device-Type
X-SayCDN-TTL
X-Say-TTL
X-ShopId
X-HTML-Minification-Powered-By
Node
X-BYPASS-REASON
X-Timing-Wait
X-Sorting-Hat-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Shopify-Stage
X-NYM-Debug-Backend
X-Proxy-Build
X-Sorting-Hat-PodId
X-EIG-Tracking-Id
Selected-Fe
X-Viewer-Country
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ServerID
Mn-Server-Ip
X-Cache-Config
X-Xfnlog-Site
X-ProxyCache-Status
X-ProxyCache-Key
X-Hosted-By
Ec-Rule-Version
X-Shopify-Generated-Cart-Token
Access-Control-Request-Headers
X-Loop
X-Content-Age
X-Vgn-Hpd-Reason
X-Proxy-Cache-Status
X-TNCMS
OT-Force-Account-Verify
X-FB-TRIP-ID
X-Tb
X-Generated
X-Debug-Cache
X-SaId
X-JoinUs
X-Request-Time
X-Backend-TTL
X-Soup
X-BCube-Filmed-By
X-EC-Lua
X-Proto
Nel
X-Cache-Remote
X-From
Cf-Ipcountry
Accept-Language
X-CF-Powered-By
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Generated-By
X-Drupal-Cache-Tags
X-COUNTRY
X-Akamai-Request-ID
X-Edge
X-MCACHE
X-Varnish-Hits
X-Pad
Time
X-NewRelic-App-Data
X-VCT
X-Old-Content-Length
X-IPS-LoggedIn
X-UA
X-Azure-Ref
X-ECACHE
X-Geo
X-RateLimit-Limit
Uber-Trace-Id
X-VCache
X-NC
X-FORWARDED-FOR
Cache-Name
X-Source
X-Cache-Grace
X-CS
FilterID
X-NWS-UUID-VERIFY
X-Mid
X-RTag
Ms-Operation-Id
X-Uri
User-Agent
X-Magnolia-Registration
X-PCL
Cache
X-GoCache-CacheStatus
X-APP
X-OCL
Proxy-Connection
X-Sucuri-ID
X-PressLabs-Stats
X-Info
X-Qloud-Router
X-Edge-Location
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
X-FW-Version
X-Nginx-Cache
ServerName
Request-EU
X-VG-WebCache
X-Vdms-Version
X-Vtex-Remote-Cache
X-Twitter-Response-Tags
X-VG-WebServer
T-Server
X-Vtex-Processado-Em
Arc-Country
Apple-News-Services-Request-Url
X-Trv-Group
AsisCache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
AKAMAI
Apple-News-Services-Handled
Xc-Version
Fastcgi-X-Cache-Version
Mobile-Detection-Method
Rendered-Blocks
Meta-Geo-Continent
MD5-Digest
GEO-REGION-INFO
Machine
Request-Country
X-Rocket-Nginx-Bypass
X-Connection-Hash
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cdn-Srv
X-D
X-Date
X-External-Request-Id
X-DPWN-IS-SECURE
X-Developer
X-Destination
X-Cache-Bucket
X-B-Cookie
VivaBuild
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A-Dgt
X-A-Wwc
X-ARC
X-Application
X-Aed
X-Accel-Expires-Debug
X-G
X-Generated-On
X-S
X-Rojux
X-A
X-Rewrite-Enabled
X-S-Cookie
True-Client-Country-4JS
X-SRCache-Key
X-Session-Fingerprint
X-Served-From
X-ScT
X-Request-UUID
X-Request-URI
X-Instart-Info
X-GeoIP-Country-Code
Viewtype
X-Geo-Header
X-Level-Front-Cache
X-Micro-Cache
X-Region-Sid
X-Processor
X-PAYTM-SRV-ID
X-Transaction
BehaviorPad-Version
X-Drupal-Cache-Contexts
User-Cache-Control
X-CDN-Forward
X-Labrador-Cache-Channel
Countrycode
SD-X-WS
X-Newrelic-Synthetics
X-PHP-Host
X-UnsetCookies
X-Cluster-Node
Memcached
X-Bc-Bl
X-Reboot
Vix-Hermes-Req-Id
On-Server
X-Request-Host
X-NodeID
X-Core-Value
Locale
X-ServiceProvider
Web-Mar-Node
X-Clara-WADP
X-Cms-Context
X-Server-W
X-Contensis-Viewer-Groups
X-Ms-Version
X-Webstats-RespID
X-Vdms-Path
X-JWT-State
X-Gen-Mode
Server-Host
Server-Cache-Control
Thinkindot-Control
Server-Surrogate-Control
Thinkindot-CacheControl
X-Fastly-Cache
X-Fmm-Version
X-Generation-Time
X-Has-Esi
Viewport
X-Logging-Id
X-Matched-Rule
X-Is-Gdpr
X-Developers
X-Hnp-Log
X-Dispatch
X-Ms-Request-Id
X-Sn-Servicetimems
X-Cache-ASPX
X-WADP-Cache
X-Block-Status
X-VG-TLSProxy
Cache-Cookie-Set-From
X-Agile-Id
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Bip
X-Backend-Host
X-BBXSRF
X-Backend-State
N-Cache
X-Auto-Login
Heartbleed
X-Urbn-Site-Id
X-Varnish-Authentication
X-TrackingId
X-Urbn-Context-Path
X-Cdn-Origin
X-Trace-Id
X-Thinkindot-L3
X-Cache-URL
X-Swa-Ws
X-Thanos
Thinkindot-CacheControl-Type
X-Scheme
Content-Style-Type
X-Agile-Age
X-Cache-Info
X-Agile
Gh-Request-Id
Content-Script-Type
X-Hyper-Cache
X-S-Maxage
X-Cluster-Name
X-C
X-Cache-FS-Status
X-Cache-PHP
X-DevSite-Last-Modified
X-Req
X-Varnish-Cacheable
X-VC-Cache
X-TT-TIMESTAMP
X-Trafficlayer-App-Version
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-VServer
X-We-Are-Hiring
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Group
X-WebServer
Cache-Host
X-CUA
X-SN
X-Nginx-Cache-Key
X-Owner
X-LAGOON
X-Irp-Debug
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Var-Ttl
X-Rocket-Build-Number
X-Skip-Cache
X-Slack-Backend
X-SIPLIST1
X-Sigma-Backend
X-Servername
X-Sigma
X-Gamma-Serve
X-Distil-CS
IsBot
W
Kp-EeAlive
Mail-Subject
FNAC-ModuleRouting
We-Hiring
Locid
RNT-Machine
RNT-Time
CDCHOST
X-Device-Os
X-App-Name
X-Amzn-RequestId
X-B3-Spanid
X-Eu-Site
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Epic-Correlation-Id
X-CSRF-Token
X-Dispatcher-Server
X-Response-By
X-Distributor
X-Origin-Date
X-LI-UUID
Proxy-Firewall
X-Hash
X-LI-Proto
X-Li-Fabric
X-Li-Pop
X-GeoIP-City
Platform
X-Origin-Expires
NM-Fastcgi-Cache
Server-ID
X-Generated-In
Rt-Fastcgi-Cache
X-Proxy-Upstream
L5d-Success-Class
CF-Cached-On
Country-Code
V-Age
X-CGP
Sever-Int
Server-Hostname
X-Variation
X-Fetched-On
X-RateLimit-Remaining-Second
Server-Ext
Fastly-Drupal-HTML
X-Clientip
Ha-Gx-Prefs
HA-Ipaddr
Is-Eu
Request-Time
Fastly-SWR
X-Storage
Fastly-SIE
X-RateLimit-Limit-Second
Adler-Geo
X-Core-Mission
Pagetype
A
X-Protected-By
X-RESPONSE-TIME
X-Platform-Server
X-Hit
X-Cache-Tags
X-Refresh
M-TraceId
X-NX-Host
X-Method
X-App-Server
X-Debug-Cookies
X-CLOUD-TRACE-CONTEXT
X-Instart-Isnd
X-Debug-Log
X-Cache-Expired-At
X-TA-CDN-Provider
HostName
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
XServer
X-Debug-Cache-Store
Magicmarker
X-FPC
X-OVcl-Cache
X-Debug-Cache-Fetch
X-Parent-Response-Time
X-SS-Set-Cookie
X-OVcl
X-Debug-Cache-Expiry
X-GEO
X-Via-PopV
Mime-Version
X-Envoy-Upstream-Healthchecked-Cluster
PFcat
X-Varnish-URL
X-Worker
X-Nc
X-Request-Start
X-Via-PopH
X-Branch-Name
X-SRV
X-Varnish-Beresp-Ttl
X-Be
X-MSEdge-Features
X-Node-Id
Origin
X-Policy
Geoip-City
X-Varnish-Ttl
Geoip-Latitude
X-MSEdge-Flight
X-CACHE-KEY
X-Wa
PICS-Label
GeoIp-Country-Code
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Esi-Enabled
X-Lb-Id
Pramga
Powered-By-ChinaCache
X-Ratelimit-Remaining
Geo-Info
X-C-Key
X-C-Zone
Cloudfront-Viewer-Country
X-Service
Memory
X-SERVER-NAME
Who
Cteonnt-Length
X-Load-Cache
X-HS-Status
X-Pjax-Url
X-BACKEND-TTL
X-ND-Cache
X-Via-Ucdn
X-Reqid
X-Time
Dt-Cache-Category
X-ECache
HitType
X-Country-IP
X-Myra-Origin2
X-Azure-Ref-OriginShield
Environment
X-Newrelic-App-Data
X-Cdn-Forward
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
Product
X-Zone
X-VCL-Version
X-Bc
X-Wix-Viewer-Type
UCS
TTL
X-Servedbyhost
X-Referer
NtCoent-Length
X-Cache-Metadata
X-ZONE
Ttl
X-BC
X-Vcl-Version
SRV
X-DC
X-CSRF-TOKEN
X-NGINX-Cache
X-Server-IP
Fastly-Backend-Name
X-Up
X-Ratelimit-Limit
X-Origin-TTL
X-Fastly-Country-Code
Cdn
Resin-Trace
X-ServedByHost
X-Origin-CC
FSS-Cache
X-Ua
X-App-Version
Release
X-PJAX-URL
X-Server-Time
X-Pf-Uncompressing
Pragrma
X-Swift-Error
X-Cache-Host
X-Correlation-ID
X-TT-LOGID
C-Via
X-AIR-PT
X-Edge-Server
LB
Cdn-Host
Cdn-Request-Time
CACHE
Hostname
Cdncip
X-Cache-Backend
X-SVT-ORM-VERSION
X-Location
Cdnsip
X-Node-ID
X-SVT-ORM-RULES
X-AK-Request-ID
Lb
X-UPSTREAM-Address
X-WPE-Loopback-Upstream-Addr
Warning
Sid
X-NU-AKA-ACS-Version
My-App
X-Sucuri-Cache
Load-Balancing
MIME-Version
X-WA
X-Configured-By
X-Mvc-Supplant-Cachable
GeoIP-Country-Code
Dnion-Transfer-Encoding
X-Fastly-Backend-Reqs
X-Powered-Y
X-Svr
GeoIP-Latitude
X-Varnish-Beresp-TTL
X-Air-Hostname
X-BE
GeoIP-City
X-RAMCache
X-Mvc-Supplant-OutputCached
X-Tb-Optimization-Total-Bytes-Saved
Ohc-File-Size
X-Varnish-Url
X-Gzip
X-Esi-Check
X-Cache-Id
X-VarnishDD-TTL
Ohc-Cache-HIT
Lfy
X-Fastly-Request-Id
CDN
Fastly-SSL
X-Apw-Access-Object
X-MID
X-Fpc
X-User
Processtime
RequestId
X-Unique-ID
X-Apw-Access-Token
X-Amzn-Remapped-Date
X-Apw-Hits
X-TH-Server
X-Cache-Debug
X-Apw-Access-Action
Pics-Label
Host-ID
X-Amzn-Remapped-Connection
X-B3-SpanId
X-LiteSpeed-Cache-Control
X-Agile-Brick-Ok
Cneonction
Tcn
X-Zalando-Child-Request-Id
DSUID
X-ElasticPress-Search
X-Flow-Id
X-SD-PageType
X-B3-Parentspanid
IBM-Web2-Location
X-Page-Impression-Id
Xet-Cookie
X-ElasticPress-Query
Requestid
CF-IPCountry
L
X-Compress-Hint
X-Debug-Revision
X-Via-NSCOPI
X-Check-Cacheable
X-Aicache-OS
X-Debug-Controller
X-App
X-Sucuri-Id
X-HostName
X-DI
X-DSS
X-DB
X-Dw-Trace-Id
X-DW
X-Ocache
X-RPS
WZWS-RAY
ProcessTime
X-RSL
DataCenter
X-RPM
X-Envoy-Decorator-Operation
X-Cache-Tag
Server-Int
X-Request-URL
CloudFront-Viewer-Country
X-Nananana
X-LB-ID
X-Akamai-ERPolicy
URI
X-Fastly-Cache-Hits
X-MiniProfiler-Ids
X-Akamai-ERRuleID
X-Request-Url