Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
P3P
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Ua-Compatible
X-Iinfo
P3p
X-Template
X-Language
X-AspNetMvc-Version
Status
Upgrade
X-CDN
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Request-ID
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Ws-Request-Id
X-Pass-Why
X-Backend
X-Age
X-Server
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Feature-Policy
Server-Timing
X-Swift-CacheTime
X-Swift-SaveTime
Request-Context
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Server-Id
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
EagleEye-TraceId
X-Backend-Server
X-Host
X-Vhost
X-Node
X-Response-Time
NEL
X-Dispatcher
X-Ac
X-Cache-Lookup
X-Origin-Upstream-Status
X-Readtime
Surrogate-Control
X-WebKit-CSP
Request-Id
Content-Location
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Country
X-DataDome
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Url
Edge-Control
X-Rack-Cache
Rating
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
RTSS
X-PC
X-TtlSet
X-Goog-Hash
X-Vname
X-FTR-Request-ID
X-Varnish-TTL
X-DynaTrace
X-Country-Code
X-Instart-Request-ID
X-ASPNET-VERSION
Allow
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
Content-MD5
X-Server-Name
X-D2id
X-ESI
Pinterest-Generated-By
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-MS-InvokeApp
SPRequestGuid
X-Cached
X-Powered-By-Plesk
X-Navigation-Version
X-Vcache
X-Forwarded-Proto
Fusion-Deployment-Id
X-Amz-Server-Side-Encryption
X-B3-TraceId
X-Abt-Application-Version
X-Amz-Rid
X-Trace
X-Ttl
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Debug
Public-Key-Pins
TCN
X-Fastly-Request-ID
X-SharePointHealthScore
Nginx-Cache
X-MSEdge-Ref
X-VARITI-CCR
X-Vcap-Request-Id
Accept-Ch
MS-Author-Via
X-Server-ID
Arr-Disable-Session-Affinity
Charset
X-Px
X-Fastcgi-Cache
X-NF-Request-ID
X-Accel-Expires
X-Cache-TTL
SPIisLatency
SPRequestDuration
Edge-Cache-Tag
X-Middleton-Display
Display
Response
Accept-CH
X-Middleton-Response
Pagespeed
Realpath
X-Webkit-Csp
X-Content-Type
X-Ser
X-Sol
X-Client-IP
Accept-Ch-Lifetime
X-SRCache-Store-Status
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
Cache-Tag
X-Version
NR-ENABLED
Front-End-Https
X-Powered-CMS
X-Pinterest-Rid
X-Id
Pinterest-Version
Access-Control-Request-Method
X-Grace
Accept-CH-Lifetime
X-Hp-Webp
S
X-Jurisdiction
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Upstream
X-Forwarded-For
X-Dns-Prefetch-Control
X-T
X-Hits
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Amz-Meta-S3cmd-Attrs
X-Element-Page-Cache
MRF-Tech
Mrf-Cache-Status
X-Content-Digest
DynaTrace
X-Dw-Request-Base-Id
AR-CACHE
Ar-Sid
Fastcgi-Cache
X-Shield-Request-Id
ServerID
X-Node-Name
X-Mobile-URL
X-Cache-Hit
WPE-Backend
X-Recruiting
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Length
PB-RID
PB-PID
X-Goog-Storage-Class
X-Goog-Generation
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
Server-Node
X-FTR-Cache-Status
Powered
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-HS-Cache-Config
X-HS-Content-Id
X-Frontend
X-HS-Hub-Id
Arc-Version
X-Mobile-Rewrite
TP-Cache
TP-L2-Cache
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
Upgrade-Insecure-Requests
X-Amzn-Trace-Id
X-DIS-Request-ID
X-Ezoic-Cdn
X-Request-Processing-Time
X-Shard
X-Request-Received
Refresh
X-HS-Combine-CSS
Alternate-Protocol
X-NWS-LOG-UUID
Fastly-Restarts
X-Correlation-Id
X-Logged-In
X-Varnish-Age
X-Microsite
X-Request-Handler-Origin-Region
Server-Name
X-XRDS-Location
X-FTR-Cache-Host
X-LB-Cache
X-Page-Id
X-Akamai-Edgescape
X-F-Cache
X-B
X-Rid
X-ATS-Timestamp
Backend-Timing
X-User-Agent
X-Geo-Country
X-TTL
X-Content-Security-Policy-Report-Only
X-XRDS-LOCATION
X-N
MicrosoftSharePointTeamServices
Host-Header
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Via-JSL
Host
X-Zen-Fury
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Origin-Server
Cache-Status
X-Kinsta-Cache
X-Varnish-Grace
X-Content-Options
Healthy
X-B3-Sampled
X-Revision
X-AOL-HN
X-ATG-Version
X-TT
X-B-Cache
X-Jobs
X-FB-Debug
Section-Io-Cache
X-Instance
X-Signature
X-Request-Guid
X-Type
X-App-Environment
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Action
Paypal-Debug-Id
X-Amz-Replication-Status
Actual-Object-TTL
X-Tumblr-User
X-Git-Hash
Access-Control-Allow-Method
X-Debug-Info
X-Whom
X-Varnish-Backend
Frame-Options
X-WebKit-CSP-Report-Only
Fastcgi-Useragent
X-Amz-Apigw-Id
Liferay-Portal
X-Cluster
X-Content-Powered-By
X-Hostname
X-Seen-By
Trailer
X-Cache-Rule
X-Cache-Operation
X-Tt-Trace-Tag
X-Cache-Age
X-Tt-Trace-Host
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Cache-Key
X-Endurance-Cache-Level
X-Az
X-AppVersion
X-Activity-Id
X-PHP-Backend
X-FireWall-Port
X-Contextid
X-Framework
Tracecode
X-Srv
X-Daa-Tunnel
X-Amzn-Requestid
X-WA-Info
X-Cached-By
X-Host-Name
Source
Xserver
X-Mobile
Retry-After
X-IPLB-Instance
X-Upgrade-Enabled
NGB
X-Accel-Buffering
Accept-Charset
X-Response-Served-From
X-ProcessESI
Srv
X-RemovedCookies
DC
X-UUID
Surrogate-Key
X-Adobe-Loc
X-Adobe-Content
X-RequestSource
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Eomportal-Instance
X-Region
Payment
X-Environment-Context
X-GeoIP
X-L-Path
X-Cache-NE
X-Varnish-Server
X-FW-Server
X-FW-Serve
X-FW-Static
X-FW-Type
X-Is-Bot
X-FW-Hash
X-Rendered-As
X-Cacheable-TTL
X-Handled-By
From-Origin
X-RateLimit-Remaining
Filters
X-Origin-Response-Time
X-FastCGI-Cache
X-Varnish-Hostname
X-UA-Device-Type
X-Presslabs-Stats
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
X-Cache-Server
X-Backend-Name
Filterid
X-Webkit-CSP
X-Cache-2
Server-Info
X-CST
Cache-Tv-Group
MS-CV
X-NGENIX-Cache
Datacenter
X-Unique-Id
Version
X-Akamai-Transformed
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Status
X-Cache-Enabled
X-Oss-Hash-Crc64ecma
X-APP-VERSION
X-Cache-Time
X-TIME
X-Cache-Control
X-Mode
S-Cnection
X-PressLabs-Stats
X-Yottaa-Optimizations
X-Yottaa-Metrics
Meta-Geo
X-CCM
X-Path-Route
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
X-RN-RSRV
X-Via-Fastly
X-ApacheServer
X-Forwarded-Host
X-Hl-Ver
GEO-INFO
ServedBy
Cleartype
Cache-Tags
X-R9-Blue-Green-Version
Country
X-PERF
X-FC-Vary-Parameters
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Tb
Akamai-GRN
Cache-Key
X-FW-Dynamic
Decoy-Debug-Status
OT-Force-Account-Verify
X-Vgn-Hpd-Reason
DB-Nickname
X-Cache-Status-Check
Decoy-Debug-Key
Decoy-Debug-TTL
X-Sorting-Hat-PodId
X-VWS-Id
X-Sorting-Hat-ShopId
Now
Webcakes-App-Version
TWC-Connection-Speed
X-ShopId
Section-Origin-Responded
Webcakes-Region
X-Akamai-Request-ID2
X-Device-Type
X-BYPASS-REASON
TWC-Device-Class
X-RCS-CacheZone
TWC-Locale-Group
Webcakes-App-Name
TWC-Privacy
X-ShardId
TWC-GeoIP-LatLong
X-ServerID
X-Redis-Cache
TWC-GeoIP-Country
X-Goog-Meta-Goog-Reserved-File-Mtime
Section-Io-Origin-Time-Seconds
X-Origin
X-LJ-Flow-ID
Origin-Cache-Control
X-ProxyCache-Key
X-Pubstack
X-TX-ID
X-AWS-Id
X-Origin-Hint
Origin-Edge-Control
X-Human
Section-Io-Origin-Status
X-ProxyCache-Status
X-Alternate-Cache-Key
Section-Io-Id
X-EIG-Tracking-Id
Property-Id
X-Debug-Cache
X-Proto
NGX
X-SaId
X-Routing-Service
X-Proxy-Build
X-Section
X-Site-Version
X-Www-Served-By
X-Timing-Wait
X-Proxied
X-NCache
X-Access
Selected-Fe
X-Dc
X-Content-Age
X-Format
X-JoinUs
X-Generated
X-Xfnlog-Site
X-Zipkin-Id
X-Say-TTL
X-Say-Cacheable
X-Proxy-Cache-Status
X-SayCDN-TTL
X-Soup
X-Web-Node
X-TNCMS
X-Loop
X-Locale
Ec-Rule-Version
Content-Disposition
Access-Control-Request-Headers
X-Amzn-Remapped-Content-Length
X-Cache-Config
X-IP
X-Hosted-By
X-IPS-LoggedIn
X-Detected-As
Azure-InstanceId
Mn-Server-Ip
Azure-RegionName
Azure-SiteName
Azure-Version
Cross-Origin-Window-Policy
Azure-SlotName
X-Ua-Device
X-Request-Time
X-FB-TRIP-ID
X-Real-IP
Webserver
X-NYM-Debug-Backend
X-MP-GENERATED-AT
X-Pad
X-Viewer-Country
X-Geo
S-Rt
X-Adobe-Source
X-Varnish-Hits
X-Cache-Remote
Cache-Hits
X-HTML-Minification-Powered-By
X-Aspnetmvc-Version
X-Esi
X-Akamai-Request-ID
X-BCube-Filmed-By
Node
X-Generated-By
Odigeo-Trace-Id
X-Cdn
X-CACHE-KEY
X-EC-Lua
X-Rule
X-Amzn-RequestId
X-Microcachable
X-No-Session
X-NewRelic-App-Data
X-B3-Traceid
Nel
X-Drupal-Cache-Tags
Accept-Language
Cf-Ipcountry
X-SS-Set-Cookie
X-Uri
X-Cache-NGX
X-From
X-Azure-Ref
FilterID
X-CF-Powered-By
Ms-Operation-Id
X-RTag
Time
X-App-Server
X-Source
X-Qloud-Router
X-OCL
X-RateLimit-Limit
X-PCL
X-NWS-UUID-VERIFY
User-Agent
X-Varnish-Cache-Hits
X-Backend-TTL
X-PHP-Host
X-Edge-O15-RID
X-Labrador-Cache-Channel
Proxy-Connection
X-Hyper-Cache
X-Old-Content-Length
X-Nginx-Cache
X-GoCache-CacheStatus
X-Info
X-SERVER
Cache-Name
X-Cache-Grace
X-Storage
Uber-Trace-Id
X-Time
X-CS
X-Cdn-Srv
X-OVcl-Cache
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-A-Wwc
X-PAYTM-SRV-ID
Xc-Version
X-A-Dcw
X-A-Dam
X-OVcl
X-A-Ccd
X-Varnish-Beresp-Status
X-Processor
X-Varnish-Beresp-Grace
MD5-Digest
Meta-Geo-Continent
X-Drupal-Cache-Contexts
X-Region-Sid
X-Date
X-Connection-Hash
Machine
X-A
Mobile-Detection-Method
X-D
X-GeoIP-Country-Code
Apple-News-Services-Host
X-B-Cookie
GEO-REGION-INFO
X-DPWN-IS-SECURE
X-Transaction
X-G
Viewtype
X-Vtex-Processado-Em
Request-EU
X-Vtex-Remote-Cache
VivaBuild
X-Request-URI
X-Trv-Group
X-ARC
T-Server
X-Vdms-Version
X-VG-WebServer
X-VG-WebCache
ServerName
Fastcgi-X-Cache-Version
X-Application
X-Twitter-Response-Tags
True-Client-Country-4JS
X-External-Request-Id
Request-Country
X-Aed
X-S-Cookie
X-S
X-ScT
Apple-News-Services-Parsed-Url
X-SRCache-Key
X-Rojux
X-A-Dgt
X-Rewrite-Enabled
X-Request-UUID
X-Accel-Expires-Debug
A
Apple-News-Services-Handled
Arc-Country
Apple-News-Services-Request-Url
BehaviorPad-Version
Rendered-Blocks
X-Session-Fingerprint
AsisCache
X-Developer
X-Destination
X-Nc
X-UA
X-Cluster-Node
X-VCT
X-Cluster-Name
X-Cache-Expired-At
X-IN-APIGATEWAY
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Matched-Rule
X-Level-Front-Cache
Content-Style-Type
Content-Script-Type
X-Reboot
Cache-Cookie-Set-From
X-Generated-On
X-Trafficlayer-App-Version
X-ServiceProvider
X-Served-From
X-Rocket-Nginx-Bypass
Server-Host
X-Cdn-Origin
X-Sn-Servicetimems
X-Trafficlayer-App-Name
Viewport
X-Trafficlayer-App-Scope
X-Thinkindot-L3
PFcat
X-Newrelic-Synthetics
Thinkindot-CacheControl
X-VG-TLSProxy
X-Core-Value
X-Edge-Location
X-Geo-Header
X-GeoIP-City
Thinkindot-CacheControl-Type
X-IN-APIGATEWAYSSL
Thinkindot-Control
X-UnsetCookies
Geo-Info
X-S-Maxage
User-Cache-Control
X-NC
V-Age
X-Agile-Id
Web-Mar-Node
X-Is-Gdpr
X-FW-Version
Wxu-Next-Region
X-JWT-State
Wxu-Next-Hostname
X-Has-Esi
X-Agile
W
We-Hiring
Wxu-Next-Commit
X-Agile-Age
X-Hash
X-Developers
X-Device-Os
X-Dispatch
X-Dispatcher-Server
X-Debug-Log
X-Debug-Cookies
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Gen-Mode
X-Gamma-Serve
X-Distil-CS
X-Fetched-On
X-Backend-State
X-Fmm-Version
X-Fastly-Cache
X-Eu-Site
X-Distributor
X-Hnp-Log
X-Epic-Correlation-Id
X-Generated-In
X-Debug-Cache-Expiry
X-Block-Status
X-Cache-ASPX
X-DevSite-Last-Modified
X-Cache-Bucket
X-Bip
X-Bc-Bl
X-Auto-Login
X-Backend-Host
X-BBXSRF
X-Cache-FS-Status
X-Cache-Info
X-Core-Mission
X-CUA
Rt-Fastcgi-Cache
X-Contensis-Viewer-Groups
X-Cms-Context
X-Cache-URL
X-CGP
X-Clara-WADP
X-App-Name
X-Owner
X-Request-Host
X-Req
X-Varnish-Beresp-Ttl
X-Rocket-Build-Number
X-Server-W
X-SIPLIST1
X-Sigma-Backend
X-Sigma
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-NodeID
X-Servername
X-Nginx-Cache-Key
Server-Surrogate-Control
X-Origin-Date
X-Proxy-Upstream
X-VServer
X-Origin-Expires
X-Slack-Backend
N-Cache
X-VC-Cache
X-Varnish-Cacheable
X-Varnish-Authentication
X-WADP-Cache
X-WebServer
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Webstats-RespID
X-Var-Ttl
X-Urbn-Site-Id
X-Thanos
X-Swa-Ws
Memcached
X-Trace-Id
X-TrackingId
X-Urbn-Context-Path
X-Tumblr-Pixel-3
X-TT-TIMESTAMP
X-Ms-Version
X-NX-Host
Locale
Locid
Mail-Subject
On-Server
L5d-Success-Class
Kp-EeAlive
Group
Ha-Gx-Prefs
Heartbleed
IsBot
X-LAGOON
X-LI-UUID
RNT-Time
Server-Cache-Control
Server-ID
X-Li-Fabric
RNT-Machine
X-Instart-Isnd
X-Irp-Debug
X-LI-Proto
X-Li-Pop
Gh-Request-Id
HA-Ipaddr
Country-Code
CDCHOST
X-Ms-Request-Id
X-Micro-Cache
X-Magnolia-Registration
X-Logging-Id
Fastly-Drupal-HTML
FNAC-ModuleRouting
AKAMAI
Cache-Host
X-Cache-Tags
Countrycode
Adler-Geo
X-Skip-Cache
X-Clientip
Fastly-SWR
X-Generation-Time
Is-Eu
X-Variation
X-Rebelmouse-Cache-Control
X-Lb-Id
X-C
Platform
Fastly-SIE
X-Platform-Server
X-We-Are-Hiring
X-Hit
X-Rebelmouse-Surrogate-Control
Powered-By-ChinaCache
X-Scheme
X-Sucuri-ID
Mime-Version
X-Node-Id
X-Refresh
X-Response-By
Pramga
Cache
X-VHOST
X-Edge
X-MCACHE
X-Load-Cache
X-SN
SD-X-WS
X-RESPONSE-TIME
X-App-Version
X-TA-CDN-Provider
X-ND-Cache
X-Instart-Info
X-Service
Cloudfront-Viewer-Country
X-BACKEND-TTL
Proxy-Firewall
X-CLOUD-TRACE-CONTEXT
HitType
X-APP
X-Pjax-Url
X-B3-Spanid
X-CDN-Forward
Environment
X-Varnish-URL
Vix-Hermes-Req-Id
X-CSRF-Token
X-Parent-Response-Time
X-VCache
Origin
Request-Time
X-Cache-PHP
X-Mid
NM-Fastcgi-Cache
X-MSEdge-Flight
X-Ratelimit-Remaining
X-ECACHE
X-Varnish-Ttl
CF-Cached-On
X-Vdms-Path
M-TraceId
X-MSEdge-Features
X-Cdn-Forward
Hostname
X-Correlation-ID
X-Wa
X-Origin-TTL
X-Origin-CC
X-Ua
Pagetype
Fastly-Backend-Name
Sever-Int
Server-Hostname
Server-Ext
X-Up
X-CSRF-TOKEN
X-Be
X-FPC
PICS-Label
X-ECache
Geoip-Latitude
Geoip-City
X-Server-Time
HostName
X-TT-LOGID
Pragrma
Cdn-Request-Time
X-Method
Cdn-Host
TTL
X-Wix-Viewer-Type
Cdn
X-Edge-Server
GeoIp-Country-Code
X-Pinterest-Direct
X-Vcl-Version
X-Worker
X-HS-Status
X-Protected-By
Magicmarker
X-Via-PopV
X-Via-PopH
X-URL
X-Envoy-Upstream-Healthchecked-Cluster
NtCoent-Length
X-Branch-Name
CACHE
X-Request-Start
Resin-Trace
X-Newrelic-App-Data
Cdnsip
X-AK-Request-ID
Cdncip
X-Myra-Origin2
X-DC
X-Servedbyhost
Memory
X-Policy
X-Azure-Ref-OriginShield
Dt-Cache-Category
X-Referer
X-Bc
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Litespeed-Cache
X-Zone
X-C-Key
Ohc-File-Size
X-C-Zone
X-Cache-Metadata
X-Planisys-CDN-Cache
X-BC
X-Cache-Host
X-Planisys-CDN-Rules
X-Air-Hostname
X-NU-AKA-ACS-Version
X-Planisys-CDN-TTL
X-ZONE
X-Ratelimit-Limit
X-Dynatrace-Js-Agent
Cteonnt-Length
SRV
Release
X-Oneagent-Js-Injection
X-ServedByHost
X-FORWARDED-FOR
Esi-Enabled
X-GEO
Lb
X-Pf-Uncompressing
Who
X-SRV
X-Reqid
X-Cache-Debug
Load-Balancing
X-VCL-Version
RequestId
XServer
X-NGINX-Cache
X-Swift-Error
X-TH-Server
X-Via-Ucdn
Ttl
Pics-Label
GeoIP-Country-Code
Ohc-Cache-HIT
X-Cache-Id
GeoIP-City
UCS
GeoIP-Latitude
IBM-Web2-Location
X-Configured-By
X-Tec-Api-Root
X-Esi-Check
X-Country-IP
X-Tec-Api-Version
X-AIR-PT
Dnion-Transfer-Encoding
X-Tec-Api-Origin
X-Unique-ID
X-Ruxit-Js-Agent
X-Datadome
X-Fastly-Country-Code
X-Gzip
X-Node-ID
X-COUNTRY
FSS-Cache
Server-Int
Product
X-Fpc
X-Tb-Optimization-Total-Bytes-Saved
X-VarnishDD-TTL
X-WPE-Loopback-Upstream-Addr
X-WA
Powered-By
LB
X-Ocache
RATING
X-B3-SpanId
MIME-Version
Sid
X-SERVER-NAME
X-Server-IP
X-PF-Uncompressing
Fastly-Soc-X-Request-Id
X-RAMCache
X-Svr
X-Powered-Y
Fastly-SSL
X-Apw-Access-Action
X-Fastly-Request-Id
X-Apw-Access-Object
X-Apw-Access-Token
X-Varnish-Url
X-Apw-Hits
X-Fastly-Backend-Reqs
X-Action
X-PJAX-URL
Lfy
C-Via
FSS-Proxy
X-RSL
X-Varnish-Beresp-TTL
X-Hello
X-RPM
X-DB
X-MID
X-DW
X-ABtesting
X-HostName
X-DSS
X-DI
X-Flog
X-RPS
X-BE
X-SD-PageType
X-Agile-Brick-Ok
Host-ID
X-Page-Impression-Id
X-Zalando-Child-Request-Id
Requestid
X-ElasticPress-Search
X-Render-Time
X-Flow-Id
Xet-Cookie
X-LiteSpeed-Cache-Control
Tcn
Amp-Access-Control-Allow-Source-Origin
CF-IPCountry
X-Aicache-OS
X-Via-CDN
X-Compress-Hint
WebServer
SN
X-Amzn-Remapped-Date
X-B3-Parentspanid
My-App
X-Cache-Backend
L
X-Check-Cacheable
X-Location
X-Amzn-Remapped-Connection
X-Debug-Revision
Cneonction
CDN
ProcessTime
X-Debug-Controller
X-Mvc-Supplant-OutputCached
CloudFront-Viewer-Country
X-Mvc-Supplant-Cachable
X-Sucuri-Cache
X-App
X-Fastly-Cache-Hits
X-Request-Url
DataCenter
X-User
X-Dw-Trace-Id
WZWS-RAY
X-MiniProfiler-Ids
X-Nananana
X-Request-URL
X-LB-ID