Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
Upgrade
X-Ua-Compatible
X-CDN
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Pass-Why
X-Cache-Group
X-Server
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Request-ID
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
X-Varnish-Cache
Grace
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Server-Id
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
EagleEye-TraceId
X-Backend-Server
X-Host
X-Node
X-Vhost
NEL
X-Cache-Lookup
X-Dispatcher
X-Ac
X-Response-Time
X-Readtime
Surrogate-Control
X-Origin-Upstream-Status
X-WebKit-CSP
Content-Location
X-Ruxit-JS-Agent
Request-Id
X-Application-Context
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Country
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-DataDome
X-Akam-SW-Version
X-Url
X-Rack-Cache
Edge-Control
Rating
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-DynaTrace
X-Country-Code
Allow
X-Instart-Request-ID
X-Varnish-TTL
X-ASPNET-VERSION
Content-MD5
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
X-Webkit-Csp
X-ESI
X-Server-Name
Pinterest-Generated-By
X-D2id
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-MS-InvokeApp
SPRequestGuid
X-Cached
X-Vcache
X-Powered-By-Plesk
X-Navigation-Version
X-B3-TraceId
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Debug
X-Abt-Application-Version
X-Amz-Rid
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Accept-Ch
X-Fastly-Request-ID
Public-Key-Pins
X-MSEdge-Ref
X-Trace
X-SharePointHealthScore
Nginx-Cache
X-Vcap-Request-Id
X-VARITI-CCR
MS-Author-Via
X-Server-ID
Charset
TCN
Arr-Disable-Session-Affinity
Fusion-Deployment-Id
X-Px
X-NF-Request-ID
X-Ttl
X-Fastcgi-Cache
X-Accel-Expires
X-Cache-TTL
Accept-Ch-Lifetime
Edge-Cache-Tag
SPRequestDuration
SPIisLatency
Realpath
X-Middleton-Response
Pagespeed
X-Middleton-Display
Response
Display
X-Content-Type
X-Sol
X-Ser
X-Version
X-Client-IP
Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-DynaTrace-JS-Agent
Accept-CH
X-Powered-CMS
Front-End-Https
X-Pinterest-Rid
Pinterest-Version
NR-ENABLED
AR-Request-ID
AR-PoweredBy
AR-ATIME
Access-Control-Request-Method
X-Id
X-Grace
X-Hp-Webp
X-Jurisdiction
X-Upstream
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Forwarded-For
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Dns-Prefetch-Control
S
X-T
X-Content-Digest
X-Hits
X-Amz-Meta-S3cmd-Attrs
X-Element-Page-Cache
DynaTrace
AR-CACHE
Ar-Sid
Accept-CH-Lifetime
X-Dw-Request-Base-Id
Fastcgi-Cache
ServerID
X-Node-Name
X-Mobile-URL
X-Cache-Hit
PB-RID
PB-PID
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-TTL
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Recruiting
X-Goog-Generation
X-Shield-Request-Id
X-Amzn-Trace-Id
Server-Node
Arc-Version
X-Mobile-Rewrite
Powered
X-HS-Cache-Config
X-Frontend
X-HS-Content-Id
X-HS-Hub-Id
TP-L2-Cache
X-FTR-Expires
TP-Cache
X-Ezoic-Cdn
X-Shard
AMP-Access-Control-Allow-Source-Origin
X-DIS-Request-ID
Upgrade-Insecure-Requests
X-NWS-LOG-UUID
X-XRDS-LOCATION
WPE-Backend
Fastly-Restarts
X-Request-Received
X-Request-Processing-Time
X-HS-Combine-CSS
Alternate-Protocol
Refresh
X-Logged-In
X-Varnish-Age
X-Correlation-Id
X-Microsite
X-Request-Handler-Origin-Region
Server-Name
X-FTR-Cache-Host
MicrosoftSharePointTeamServices
X-B
X-Page-Id
X-F-Cache
X-Akamai-Edgescape
X-LB-Cache
X-Rid
X-User-Agent
Backend-Timing
X-ATS-Timestamp
X-Content-Security-Policy-Report-Only
X-Geo-Country
X-N
X-Via-JSL
Host
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Host-Header
X-Zen-Fury
Cache-Status
X-XRDS-Location
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Origin-Server
X-Content-Options
X-Varnish-Grace
X-Kinsta-Cache
X-B3-Sampled
X-Revision
X-Amz-Apigw-Id
X-AOL-HN
X-ATG-Version
X-TT
X-Type
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-FB-Debug
X-Signature
X-Request-Guid
X-Jobs
X-Instance
X-Cache-Action
X-B-Cache
X-App-Environment
Paypal-Debug-Id
X-Amz-Replication-Status
Actual-Object-TTL
X-Tumblr-User
Access-Control-Allow-Method
X-Git-Hash
X-Varnish-Backend
Healthy
X-WebKit-CSP-Report-Only
X-Debug-Info
Fastcgi-Useragent
X-Whom
X-Content-Powered-By
Section-Io-Cache
Frame-Options
Liferay-Portal
X-Srv
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cluster
X-Seen-By
X-Daa-Tunnel
X-Cache-Rule
X-Hostname
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-AppVersion
X-Az
X-Cache-Operation
X-Activity-Id
X-Cache-Age
X-PHP-Backend
X-Cached-By
X-Framework
X-Cache-Key
X-FireWall-Port
Tracecode
X-Endurance-Cache-Level
X-Contextid
X-Amzn-Requestid
X-WA-Info
X-Mobile
Retry-After
Source
X-Host-Name
Xserver
X-IPLB-Instance
X-Response-Served-From
X-Accel-Buffering
NGB
X-CST
X-RemovedCookies
Srv
X-Presslabs-Stats
X-ProcessESI
X-Upgrade-Enabled
Accept-Charset
Eomportal-Instance
Surrogate-Key
X-FW-Type
X-Cache-NE
X-Tumblr-Pixel-2
Payment
X-Adobe-Loc
X-Adobe-Content
X-FW-Static
X-Tumblr-Pixel-1
X-FW-Serve
X-Rendered-As
X-Region
X-FW-Hash
X-Environment-Context
X-RequestSource
Filters
X-Varnish-Hostname
DC
X-FW-Server
X-GeoIP
X-L-Path
X-Is-Bot
X-Cacheable-TTL
X-Origin-Response-Time
X-Handled-By
X-UUID
X-Varnish-Server
X-FastCGI-Cache
Trailer
From-Origin
X-UA-Device-Type
X-EdgeConnect-Cache-Status
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
X-Cache-2
Server-Info
X-Backend-Name
X-Wix-Request-Id
X-RateLimit-Remaining
X-Cache-Server
Cache-Tv-Group
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
MS-CV
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Server-Time
X-APP-VERSION
X-Oss-Request-Id
X-NGENIX-Cache
X-Akamai-Transformed
Version
Datacenter
X-Cache-Enabled
X-Status
X-Mode
X-Dc
X-TIME
S-Cnection
X-Yottaa-Metrics
X-Yottaa-Optimizations
Filterid
X-Edge-O15-RID
X-Cache-Time
X-Path-Route
X-ES-SERVER
X-CCM
X-Cache-Var
Meta-Geo
X-Cache-Var-Map
X-IPS-LoggedIn
X-Unique-Id
X-Pad
X-Cache-Control
X-RN-RSRV
Decoy-Debug-TTL
X-R9-Blue-Green-Version
X-Via-Fastly
Cache-Tags
X-Forwarded-Host
X-ApacheServer
X-PERF
X-Cache-Status-Check
Cleartype
X-Hl-Ver
X-TX-ID
Decoy-Debug-Key
Decoy-Debug-Status
ServedBy
Country
GEO-INFO
DB-Nickname
Akamai-GRN
Property-Id
X-Varnish-Hits
X-Vgn-Hpd-Reason
Webcakes-Region
X-Tb
Webcakes-App-Version
Webcakes-App-Name
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Akamai-Request-ID2
X-Goog-Meta-Goog-Reserved-File-Mtime
X-AWS-Id
X-Device-Type
X-Debug-Cache
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-FW-Dynamic
X-VWS-Id
X-Alternate-Cache-Key
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Pubstack
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
OT-Force-Account-Verify
Now
Origin-Cache-Control
X-Proto
X-Origin-Hint
TWC-GeoIP-LatLong
X-ShardId
X-LJ-Flow-ID
X-ShopId
X-ServerID
TWC-Privacy
X-Origin
TWC-Locale-Group
X-Redis-Cache
NGX
Origin-Edge-Control
X-Zipkin-Id
Ec-Rule-Version
X-Xfnlog-Site
X-Www-Served-By
Mn-Server-Ip
X-Format
X-Generated
Content-Disposition
X-Human
Cross-Origin-Window-Policy
X-Hosted-By
X-Detected-As
X-Web-Node
X-Access
Webserver
Selected-Fe
X-Timing-Wait
X-Amzn-Remapped-Content-Length
X-BYPASS-REASON
X-Site-Version
X-Content-Age
X-Soup
X-Cache-Config
X-IP
X-JoinUs
X-SaId
X-Proxied
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Proxy-Build
X-Proxy-Cache-Status
X-RCS-CacheZone
X-Routing-Service
X-ProxyCache-Status
X-ProxyCache-Key
X-TNCMS
X-NCache
Azure-SiteName
Azure-SlotName
Azure-Version
Cache-Key
Azure-RegionName
X-Section
X-Loop
Azure-InstanceId
X-Locale
X-FB-TRIP-ID
X-MP-GENERATED-AT
X-NYM-Debug-Backend
X-Akamai-Request-ID
S-Rt
X-Ua-Device
X-Viewer-Country
X-Cache-Remote
FilterID
X-Generated-By
Access-Control-Request-Headers
X-Request-Time
X-Geo
X-BCube-Filmed-By
X-PressLabs-Stats
Section-Origin-Responded
X-HTML-Minification-Powered-By
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Real-IP
Cache-Hits
Node
X-CACHE-KEY
X-SS-Set-Cookie
X-Cdn
X-Amzn-RequestId
X-Adobe-Source
X-EC-Lua
X-NewRelic-App-Data
X-B3-Traceid
X-Rule
X-Drupal-Cache-Tags
X-No-Session
X-Microcachable
Nel
Accept-Language
Odigeo-Trace-Id
X-App-Server
X-RESPONSE-TIME
X-Uri
Cf-Ipcountry
X-NWS-UUID-VERIFY
X-OCL
X-Qloud-Router
Ms-Operation-Id
X-PCL
X-RTag
Time
X-Source
X-From
X-Azure-Ref
X-Varnish-Cache-Hits
User-Agent
X-UA
X-Esi
X-Cache-NGX
X-Hyper-Cache
X-CF-Powered-By
X-Nc
X-PHP-Host
X-Labrador-Cache-Channel
X-Info
Proxy-Connection
X-Nginx-Cache
X-Time
X-Storage
X-RateLimit-Limit
X-Old-Content-Length
X-Newrelic-Synthetics
X-GoCache-CacheStatus
X-Cache-Grace
X-Cluster-Node
Cache-Name
X-OVcl
X-Varnish-Beresp-Status
X-OVcl-Cache
X-Drupal-Cache-Contexts
X-Varnish-Beresp-Grace
Content-Script-Type
ServerName
Request-EU
T-Server
True-Client-Country-4JS
Viewtype
Request-Country
Rendered-Blocks
Mobile-Detection-Method
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cdn-Srv
VivaBuild
X-B-Cookie
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Dcw
X-A-Dam
X-ARC
X-Application
X-A
X-A-Ccd
Meta-Geo-Continent
X-Connection-Hash
AsisCache
BehaviorPad-Version
X-GeoIP-Country-Code
X-PAYTM-SRV-ID
Arc-Country
Apple-News-Services-Request-Url
A
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Content-Style-Type
X-G
X-Date
X-D
Machine
MD5-Digest
X-Destination
X-Developer
Fastcgi-X-Cache-Version
X-External-Request-Id
X-DPWN-IS-SECURE
GEO-REGION-INFO
Uber-Trace-Id
X-Region-Sid
X-VG-WebServer
X-Backend-TTL
X-S
X-Vtex-Processado-Em
X-Twitter-Response-Tags
X-Rojux
X-SRCache-Key
X-VG-WebCache
X-Session-Fingerprint
X-Rewrite-Enabled
X-Request-UUID
X-Vtex-Remote-Cache
X-Trv-Group
X-Request-URI
X-Transaction
X-Load-Cache
X-Vdms-Version
X-S-Cookie
Xc-Version
X-ScT
X-Processor
X-CS
X-Cluster-Name
X-UnsetCookies
X-Magnolia-Registration
X-ServiceProvider
Server-Host
User-Cache-Control
X-Core-Value
X-Sn-Servicetimems
X-Served-From
X-Cdn-Origin
X-Trafficlayer-App-Name
PFcat
Powered-By-ChinaCache
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
Rt-Fastcgi-Cache
X-IN-APIGATEWAYSSL
X-Geo-Header
X-Generated-On
X-Cache-Expired-At
X-Thinkindot-L3
X-GeoIP-City
X-IN-APIGATEWAY
Thinkindot-Control
Thinkindot-CacheControl-Type
Viewport
X-VG-TLSProxy
X-Matched-Rule
X-Edge-Location
Thinkindot-CacheControl
X-Level-Front-Cache
X-S-Maxage
X-Reboot
X-Rocket-Nginx-Bypass
X-Varnish-Ttl
Geo-Info
X-WADP-Cache
X-Clara-WADP
X-CGP
X-VServer
X-App-Name
X-Contensis-Viewer-Groups
X-Tumblr-Pixel-3
X-TT-TIMESTAMP
X-WebServer
X-Auto-Login
X-Webstats-RespID
X-Cms-Context
X-Wikidot-Backend
X-Agile-Id
X-Core-Mission
X-Wikidot-Static-Cache
X-Urbn-Site-Id
X-Block-Status
X-C
X-Cache-ASPX
X-Bip
X-Bc-Bl
X-VC-Cache
X-Varnish-Cacheable
X-BBXSRF
X-Backend-State
X-Cache-Info
X-Cache-URL
X-Backend-Host
X-Var-Ttl
X-Varnish-Authentication
X-Cache-Bucket
X-Cache-FS-Status
X-Urbn-Context-Path
X-Eu-Site
X-Li-Pop
X-Li-Fabric
X-Rocket-Build-Number
X-LI-Proto
X-Logging-Id
X-LI-UUID
X-LAGOON
X-JWT-State
X-Hnp-Log
X-Hash
X-Instart-Isnd
X-Irp-Debug
X-Is-Gdpr
X-Micro-Cache
X-Ms-Request-Id
X-Agile
X-Req
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Request-Host
X-Origin-Expires
X-Nginx-Cache-Key
X-Ms-Version
X-NodeID
X-NX-Host
X-Origin-Date
X-Has-Esi
X-Server-W
X-Dispatcher-Server
X-Dispatch
X-Distil-CS
X-Distributor
X-Owner
X-TrackingId
X-Device-Os
X-Developers
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Trace-Id
X-Fastly-Cache
X-Slack-Backend
X-Generation-Time
X-SIPLIST1
X-Sigma-Backend
X-Sigma
X-Generated-In
X-Gen-Mode
X-FW-Version
X-Fetched-On
X-Thanos
X-Gamma-Serve
X-Swa-Ws
X-CUA
X-Agile-Age
Mail-Subject
Locid
L5d-Success-Class
Kp-EeAlive
Memcached
N-Cache
RNT-Time
RNT-Machine
Pramga
On-Server
IsBot
X-Varnish-Beresp-Ttl
Country-Code
CDCHOST
Cache-Host
AKAMAI
FNAC-ModuleRouting
Gh-Request-Id
Heartbleed
HA-Ipaddr
Ha-Gx-Prefs
Group
Server-Cache-Control
Locale
We-Hiring
W
V-Age
Web-Mar-Node
Wxu-Next-Commit
Server-ID
Wxu-Next-Hostname
Server-Surrogate-Control
Wxu-Next-Region
X-BACKEND-TTL
Mime-Version
Fastly-SWR
Cache-Cookie-Set-Lfrom
X-Skip-Cache
X-DevSite-Last-Modified
X-Variation
Cache-Cookie-Set-Idcheck
X-Epic-Correlation-Id
Fastly-Drupal-HTML
X-Servername
Adler-Geo
X-Hit
Cloudfront-Viewer-Country
Countrycode
X-Rebelmouse-Cache-Control
X-Lb-Id
Fastly-SIE
X-ND-Cache
X-Rebelmouse-Surrogate-Control
X-We-Are-Hiring
X-Clientip
Platform
X-Platform-Server
X-Cache-Tags
X-Service
Cache-Cookie-Set-From
Is-Eu
X-Node-Id
X-VCT
X-TA-CDN-Provider
HitType
X-Ratelimit-Remaining
X-Response-By
X-Fmm-Version
X-Sucuri-ID
X-VHOST
X-Refresh
Environment
X-Scheme
X-NC
X-Cdn-Forward
X-CLOUD-TRACE-CONTEXT
X-Parent-Response-Time
Hostname
SD-X-WS
X-Varnish-URL
X-B3-Spanid
X-Instart-Info
X-Pjax-Url
X-SN
Cache
X-MCACHE
X-App-Version
X-Edge
X-VCache
X-APP
Proxy-Firewall
X-CSRF-Token
X-Origin-TTL
X-Origin-CC
X-MSEdge-Features
X-Up
Fastly-Backend-Name
Vix-Hermes-Req-Id
X-MSEdge-Flight
Geoip-Latitude
Origin
M-TraceId
Geoip-City
X-CDN-Forward
Request-Time
X-FPC
X-Correlation-ID
X-Server-Time
X-Cache-PHP
X-TT-LOGID
X-Vdms-Path
TTL
Cdn-Host
Cdn-Request-Time
GeoIp-Country-Code
Pragrma
PICS-Label
NM-Fastcgi-Cache
X-Edge-Server
CF-Cached-On
X-CSRF-TOKEN
X-Be
X-Mid
X-Vcl-Version
CACHE
X-ECache
X-Wa
X-Newrelic-App-Data
NtCoent-Length
Server-Ext
X-Wix-Viewer-Type
X-ECACHE
X-HS-Status
Sever-Int
Pagetype
Server-Hostname
X-AK-Request-ID
Cdnsip
Cdncip
X-Cache-Host
X-Ua
Ohc-File-Size
X-SVT-ORM-VERSION
Cdn
X-SVT-ORM-RULES
HostName
X-URL
X-Ratelimit-Limit
X-Air-Hostname
X-Method
Resin-Trace
X-Myra-Origin2
X-NU-AKA-ACS-Version
Cteonnt-Length
Memory
X-Protected-By
X-ServedByHost
X-Worker
X-Via-PopV
X-Via-PopH
X-ZONE
Magicmarker
X-BC
X-Litespeed-Cache
X-Cache-Metadata
X-Request-Start
X-Branch-Name
X-Bc
X-Zone
Tcn
X-Cache-Debug
X-Pf-Uncompressing
X-Envoy-Upstream-Healthchecked-Cluster
RequestId
X-Referer
SRV
X-Unique-ID
X-Dynatrace-Js-Agent
X-Policy
X-Azure-Ref-OriginShield
X-Servedbyhost
Release
Dt-Cache-Category
X-FORWARDED-FOR
Ohc-Cache-HIT
X-TH-Server
X-Oneagent-Js-Injection
X-Swift-Error
X-GEO
Load-Balancing
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
IBM-Web2-Location
X-C-Key
X-C-Zone
XServer
X-NGINX-Cache
X-DC
Lb
Dnion-Transfer-Encoding
Esi-Enabled
Server-Int
X-Reqid
X-AIR-PT
X-Ocache
Who
Powered-By
X-Fastly-Country-Code
X-Esi-Check
Pics-Label
X-Cache-Id
X-VCL-Version
X-Configured-By
X-Tec-Api-Root
X-Tec-Api-Origin
X-WA
X-Tec-Api-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Ruxit-Js-Agent
X-Gzip
X-Node-ID
Ttl
GeoIP-Country-Code
X-COUNTRY
X-Via-Ucdn
X-Datadome
X-B3-SpanId
UCS
X-VarnishDD-TTL
X-Country-IP
X-SRV
Fastly-Soc-X-Request-Id
GeoIP-City
GeoIP-Latitude
MIME-Version
Fastly-SSL
X-Pinterest-Direct
X-Action
FSS-Cache
Product
X-Fpc
X-HostName
X-Hello
X-DSS
X-DW
X-Flog
X-DB
LB
X-ABtesting
X-RAMCache
X-SERVER-NAME
X-DI
X-Powered-Y
X-Svr
X-RPS
X-RPM
X-RSL
X-PF-Uncompressing
Lfy
X-PJAX-URL
X-Varnish-Url
X-Fastly-Backend-Reqs
X-Fastly-Request-Id
Host-ID
X-Cache-Backend
X-WPE-Loopback-Upstream-Addr
X-Apw-Access-Token
X-Render-Time
X-Apw-Access-Object
X-Apw-Access-Action
X-SD-PageType
X-Varnish-Beresp-TTL
FSS-Proxy
ProcessTime
X-Server-IP
X-MID
X-Apw-Hits
X-Via-CDN
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Sid
X-ElasticPress-Search
X-User
Xet-Cookie
X-Page-Impression-Id
X-Flow-Id
X-UPSTREAM-Address
X-LiteSpeed-Cache-Control
X-Zalando-Child-Request-Id
X-Agile-Brick-Ok
Amp-Access-Control-Allow-Source-Origin
Requestid
CF-IPCountry
X-Beluga-Cache-Status
X-Aicache-OS
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Node
X-Beluga-Status
L
CDN
X-Compress-Hint
SN
X-BE
X-Key
Cneonction
X-Internal-Host
X-Beluga-Trace
X-Debug-Controller
WZWS-RAY
X-Check-Cacheable
X-Debug-Revision
X-B3-Parentspanid
C-Via
X-Sucuri-Id
X-Litespeed-Cache-Control
X-Tid
X-LB-ID
X-MiniProfiler-Ids
CloudFront-Viewer-Country
X-Nananana
X-App
X-Dw-Trace-Id
DataCenter
X-Fastly-Cache-Hits
X-Request-Url
X-Sucuri-Cache
X-Request-URL