Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
CF-RAY
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
P3p
X-DNS-Prefetch-Control
X-Ua-Compatible
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-Content-Security-Policy
X-AspNetMvc-Version
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Backend
X-Ws-Request-Id
X-Age
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
EagleId
X-Page-Speed
Feature-Policy
X-Hacker
X-Server-Powered-By
Request-Context
X-Pingback
Server-Timing
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Report-To
Cf-Railgun
X-OneAgent-JS-Injection
X-Rq
CONTENT-SECURITY-POLICY
X-Device
X-Server-Id
X-LiteSpeed-Cache
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
NEL
X-Node
X-Response-Time
X-Dispatcher
X-Ac
X-WebKit-CSP
X-Cache-Lookup
X-Origin-Upstream-Status
X-Dns-Prefetch-Control
Request-Id
X-Readtime
Surrogate-Control
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Application-Context
X-DataDome
Content-Location
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
RTSS
X-Clacks-Overhead
Fusion-Deployment-Id
X-Url
X-FTR-Request-ID
X-Goog-Hash
X-Country-Code
X-TtlSet
X-Vname
X-PC
X-DynaTrace
X-ASPNET-VERSION
Allow
X-Varnish-TTL
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
Accept-CH
X-MS-InvokeApp
X-Instart-Request-ID
X-D2id
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-Server-Name
Pinterest-Generated-By
SPRequestGuid
Content-MD5
X-Powered-By-Plesk
Accept-CH-Lifetime
X-Forwarded-Proto
X-Cached
X-Navigation-Version
X-Trace
TCN
X-SharePointHealthScore
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-Amz-Rid
Public-Key-Pins
X-Fastly-Request-ID
X-Vcap-Request-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Nginx-Cache
X-Debug
X-MSEdge-Ref
X-ESI
SPRequestDuration
SPIisLatency
Arr-Disable-Session-Affinity
X-DynaTrace-JS-Agent
X-VARITI-CCR
Charset
X-Accel-Expires
X-Cache-TTL
NR-ENABLED
X-Vcache
X-B3-TraceId
MS-Author-Via
X-NF-Request-ID
X-Middleton-Response
X-Middleton-Display
Pagespeed
Response
Display
X-Ttl
X-Px
X-Sol
Realpath
X-Content-Type
X-Client-IP
Cache-Tag
S
WPE-Backend
Access-Control-Request-Method
X-Pinterest-Rid
Pinterest-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Id
X-Server-ID
X-Grace
X-Powered-CMS
Edge-Cache-Tag
X-Shield-Request-Id
X-Webkit-Csp
X-Hp-Webp
X-Jurisdiction
Front-End-Https
X-T
X-Upstream
X-Amz-Meta-S3cmd-Attrs
X-Hits
X-Element-Page-Cache
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-Content-Digest
X-Fastcgi-Cache
X-Dw-Request-Base-Id
DynaTrace
X-Version
X-Node-Name
X-Cache-Hit
X-Recruiting
Mrf-Cache-Status
X-TTL
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
AMP-Access-Control-Allow-Source-Origin
ServerID
X-Mrf-Section-Lastmod
Fastcgi-Cache
X-Mobile-URL
X-Request-Processing-Time
X-Request-Received
Ar-Sid
AR-CACHE
Server-Node
X-GUploader-UploadID
X-FTR-Backend-Server
X-Correlation-Id
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-Goog-Generation
X-FTR-DC
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-FTR-Backend
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Frontend
PB-RID
Powered
PB-PID
X-FTR-Expires
TP-L2-Cache
X-DIS-Request-ID
TP-Cache
Upgrade-Insecure-Requests
X-Mobile-Rewrite
Arc-Version
X-XRDS-Location
X-Ezoic-Cdn
Refresh
X-Shard
X-HS-Combine-CSS
X-Forwarded-For
Host-Header
Accept-Ch
Alternate-Protocol
Server-Name
X-Geo-Country
X-N
Fastly-Restarts
X-Amzn-Trace-Id
X-Microsite
X-Request-Handler-Origin-Region
X-Akamai-Edgescape
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Rid
X-NWS-LOG-UUID
X-LB-Cache
X-User-Agent
X-B
X-F-Cache
X-FastCGI-Cache
Backend-Timing
X-Page-Id
X-ATS-Timestamp
X-Cache-Key
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Logged-In
X-Varnish-Age
X-FTR-Cache-Host
Accept-Ch-Lifetime
MicrosoftSharePointTeamServices
X-Kinsta-Cache
X-Zen-Fury
Healthy
X-XRDS-LOCATION
X-Amzn-Requestid
X-Revision
X-Esi
X-Cache-Age
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Origin-Server
Paypal-Debug-Id
X-Varnish-Backend
X-Via-JSL
X-Request-Guid
X-Jobs
X-Varnish-Grace
X-Instance
X-B3-Sampled
X-ATG-Version
Fastcgi-Useragent
X-Hostname
X-Git-Hash
X-Type
Section-Io-Cache
X-Tumblr-User
X-Amz-Replication-Status
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-B-Cache
X-Signature
X-TT
X-Seen-By
X-App-Environment
Actual-Object-TTL
X-Cache-Action
X-AOL-HN
X-Debug-Info
X-Presslabs-Stats
X-FB-Debug
Host
X-WebKit-CSP-Report-Only
X-Whom
X-Cluster
Frame-Options
Cache-Status
X-Contextid
Access-Control-Allow-Method
X-Endurance-Cache-Level
X-Cache-Rule
X-Cache-Operation
Source
X-Content-Options
Trailer
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Host-Name
X-Content-Powered-By
X-SERVER
Accept-Charset
DC
Tracecode
X-Az
X-Activity-Id
X-AppVersion
X-IPLB-Instance
X-Upgrade-Enabled
From-Origin
X-FireWall-Port
X-Daa-Tunnel
Liferay-Portal
X-URL
X-APP-VERSION
X-Amz-Apigw-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-PHP-Backend
X-RateLimit-Remaining
X-Response-Served-From
X-Accel-Buffering
X-Framework
NGB
X-RemovedCookies
X-WA-Info
X-ProcessESI
X-FW-Static
X-FW-Hash
X-FW-Serve
Srv
X-FW-Server
X-FW-Type
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel-2
Payment
X-UUID
Surrogate-Key
X-Tumblr-Pixel-1
Retry-After
X-Time-Microsecs
X-L-Path
Filters
X-Environment-Context
X-Adobe-Loc
Eomportal-Instance
X-Adobe-Content
X-GeoIP
X-Cacheable-TTL
X-RequestSource
X-Region
X-Wix-Request-Id
X-Is-Bot
X-Mobile
X-Rendered-As
X-Varnish-Server
X-Cache-NE
X-Handled-By
X-Proxy
X-TIME
X-CST
X-UA-Device-Type
Filterid
X-NGENIX-Cache
X-Unique-Id
X-Origin-Response-Time
X-Cache-Control
GEO-INFO
X-Webkit-CSP
X-Cache-Server
X-Varnish-Hostname
X-Cache-TTL-Remaining
Datacenter
X-Cache-Time
X-B3-Traceid
X-Cached-By
X-EdgeConnect-Cache-Status
X-Akamai-Transformed
Xserver
X-Litespeed-Cache
MS-CV
Odigeo-Trace-Id
X-Backend-Name
X-Rule
X-Mode
X-Pinterest-Direct
Cache-Tags
X-Srv
S-Cnection
Version
X-Ruxit-Js-Agent
X-Yottaa-Metrics
X-Status
X-FW-Dynamic
X-Yottaa-Optimizations
X-CCM
X-Cache-Var-Map
X-Path-Route
Meta-Geo
X-Cache-Var
X-Ua-Device
Cache-Tv-Group
X-ES-SERVER
X-Locale
Ec-Rule-Version
X-Amzn-Remapped-Content-Length
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Webserver
Azure-SiteName
Azure-Version
X-Www-Served-By
Country
DB-Nickname
X-ApacheServer
X-RN-RSRV
X-PERF
X-Site-Version
X-Via-Fastly
X-Pubstack
X-MP-GENERATED-AT
Server-Info
X-Cache-2
Akamai-GRN
ServedBy
Webcakes-Region
Node
X-Origin-Hint
X-R9-Blue-Green-Version
Property-Id
Cross-Origin-Window-Policy
X-TX-ID
X-TNCMS
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-Akamai-Request-ID2
X-Adobe-Source
X-Forwarded-Host
TWC-Locale-Group
X-Cache-NGX
X-Cache-Enabled
S-Rt
TWC-Privacy
TWC-Device-Class
X-Loop
X-FC-Vary-Parameters
Webcakes-App-Version
TWC-GeoIP-Country
NGX
Webcakes-App-Name
Cache-Hits
Content-Disposition
X-Dc
X-AWS-Id
X-Access
X-Cache-Config
X-Format
X-LJ-Flow-ID
X-IP
X-Hl-Ver
Origin-Edge-Control
Origin-Cache-Control
Decoy-Debug-Key
Section-Io-Origin-Time-Seconds
Decoy-Debug-Status
Decoy-Debug-TTL
Now
X-Device-Type
X-NCache
X-No-Session
X-Web-Node
X-VWS-Id
X-Section
X-Zipkin-Id
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
X-SayCDN-TTL
X-Say-TTL
X-Origin
X-NYM-Debug-Backend
X-Proxied
X-RCS-CacheZone
X-Say-Cacheable
X-Routing-Service
Cleartype
X-Cache-Status-Check
X-Human
X-Microcachable
X-Real-IP
Cache-Key
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-FB-TRIP-ID
X-EIG-Tracking-Id
X-Alternate-Cache-Key
X-ShopId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proxy-Cache-Status
X-Hosted-By
X-Redis-Cache
Selected-Fe
X-Xfnlog-Site
X-ShardId
X-ServerID
X-Proxy-Build
X-ProxyCache-Status
X-BYPASS-REASON
X-Shopify-Stage
X-ProxyCache-Key
OT-Force-Account-Verify
Mn-Server-Ip
X-Timing-Wait
Access-Control-Request-Headers
X-Content-Age
X-Detected-As
X-HTML-Minification-Powered-By
X-Viewer-Country
X-Vgn-Hpd-Reason
X-Shopify-Generated-Cart-Token
X-BCube-Filmed-By
X-VCache
X-Debug-Cache
X-Soup
X-Tb
X-Cdn
X-Generated
X-Proto
X-JoinUs
X-SaId
X-Request-Time
X-EC-Lua
X-Backend-TTL
X-Cache-Remote
Nel
X-From
Accept-Language
Cf-Ipcountry
X-Oss-Object-Type
X-CF-Powered-By
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-Drupal-Cache-Tags
X-Oss-Server-Time
X-Akamai-Request-ID
X-COUNTRY
Time
X-Varnish-Hits
X-Edge
X-Pad
X-MCACHE
X-Generated-By
X-NewRelic-App-Data
X-VCT
X-Azure-Ref
X-RateLimit-Limit
X-ECACHE
X-Old-Content-Length
X-UA
X-NC
X-FORWARDED-FOR
X-IPS-LoggedIn
X-Geo
X-Source
Cache-Name
Uber-Trace-Id
X-Cache-Grace
X-CS
X-NWS-UUID-VERIFY
X-Mid
X-RTag
Ms-Operation-Id
Cache
X-GoCache-CacheStatus
X-Uri
FilterID
User-Agent
X-OCL
X-PCL
Proxy-Connection
X-APP
X-Magnolia-Registration
X-Drupal-Cache-Contexts
X-Qloud-Router
X-PressLabs-Stats
X-Edge-Location
X-FW-Version
X-Sucuri-ID
X-Info
X-Tumblr-Pixel-3
X-PHP-Host
X-Labrador-Cache-Channel
X-Nginx-Cache
X-Varnish-Cache-Hits
Xc-Version
X-ARC
X-B-Cookie
X-Application
X-Vtex-Remote-Cache
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Vtex-Processado-Em
Apple-News-Services-Handled
AKAMAI
X-VG-WebCache
X-Trv-Group
X-Transaction
X-D
X-Date
X-Connection-Hash
X-Twitter-Response-Tags
X-VG-WebServer
Arc-Country
X-Vdms-Version
X-Is-Gdpr
X-CF-Lambda-Fn
X-Aed
ServerName
T-Server
GEO-REGION-INFO
True-Client-Country-4JS
Request-EU
Request-Country
Machine
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
Fastcgi-X-Cache-Version
Viewtype
X-A-Wwc
X-Accel-Expires-Debug
X-Destination
BehaviorPad-Version
X-A-Dgt
X-A-Dcw
VivaBuild
X-A
X-A-Ccd
X-A-Dam
AsisCache
X-CF-Lambda-Version
X-SRCache-Key
Countrycode
X-Session-Fingerprint
X-Generated-On
X-G
X-Oneagent-Js-Injection
X-Instart-Info
X-Geo-Header
X-Processor
X-Has-Esi
X-PAYTM-SRV-ID
X-CDN-Forward
X-GeoIP-Country-Code
X-Reboot
X-Region-Sid
X-Request-UUID
X-Rojux
X-S
X-Level-Front-Cache
X-JWT-State
MD5-Digest
X-Rewrite-Enabled
X-External-Request-Id
X-S-Cookie
X-Request-URI
X-Developer
X-Served-From
X-ScT
X-DPWN-IS-SECURE
X-Newrelic-Synthetics
X-UnsetCookies
X-Backend-Host
Viewport
X-Micro-Cache
Server-Cache-Control
Server-Host
X-Matched-Rule
X-Logging-Id
Memcached
On-Server
Server-Surrogate-Control
X-Ms-Request-Id
Thinkindot-Control
X-Rocket-Nginx-Bypass
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Ms-Version
X-NodeID
Vix-Hermes-Req-Id
X-Servername
X-Swa-Ws
X-Cms-Context
X-Urbn-Context-Path
X-Urbn-Site-Id
X-VG-TLSProxy
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Thanos
X-DevSite-Last-Modified
X-Developers
X-Thinkindot-L3
X-Trace-Id
X-Core-Value
X-Dispatch
X-Generation-Time
X-VServer
X-Skip-Cache
Heartbleed
X-Agile-Id
X-ServiceProvider
X-Agile-Age
X-Server-W
X-Auto-Login
X-Sn-Servicetimems
X-Cdn-Origin
X-Cdn-Srv
X-Cache-Bucket
X-Cache-ASPX
X-Bc-Bl
X-Bip
X-Agile
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Content-Script-Type
Content-Style-Type
Cache-Cookie-Set-Idcheck
X-Cluster-Node
X-Scheme
User-Cache-Control
Gh-Request-Id
X-Vdms-Path
Locale
X-Hyper-Cache
X-Cluster-Name
X-S-Maxage
X-Rebelmouse-Cache-Control
X-C
X-Block-Status
X-Var-Ttl
X-Cache-FS-Status
X-Cache-PHP
X-Cache-Info
X-Owner
X-Rebelmouse-Surrogate-Control
X-Req
X-Sigma-Backend
X-App-Name
X-SN
X-Sigma
X-Rocket-Build-Number
X-Fastly-Cache
X-Request-Host
X-Backend-State
X-Cache-URL
X-CUA
Mail-Subject
Locid
X-LAGOON
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Gamma-Serve
X-Gen-Mode
X-Hnp-Log
X-Distil-CS
X-Li-Fabric
X-LI-UUID
Adler-Geo
X-Nginx-Cache-Key
X-Clara-WADP
X-Clientip
X-Li-Pop
X-LI-Proto
X-Fmm-Version
X-SIPLIST1
FNAC-ModuleRouting
X-VC-Cache
Is-Eu
X-WADP-Cache
Fastly-SWR
IsBot
X-Varnish-Cacheable
Kp-EeAlive
Fastly-SIE
X-We-Are-Hiring
X-WebServer
X-Wikidot-Static-Cache
Cache-Host
Group
RNT-Machine
RNT-Time
X-Wikidot-Backend
SD-X-WS
Rt-Fastcgi-Cache
X-Variation
X-TT-TIMESTAMP
X-Device-Os
X-Webstats-RespID
X-TrackingId
X-Storage
Platform
X-BBXSRF
Wxu-Next-Region
CDCHOST
X-Trafficlayer-App-Name
Wxu-Next-Hostname
Wxu-Next-Commit
X-Trafficlayer-App-Version
N-Cache
W
X-Trafficlayer-App-Scope
We-Hiring
Web-Mar-Node
X-Amzn-RequestId
X-Hash
X-Eu-Site
X-GeoIP-City
X-Generated-In
Server-Ext
X-Origin-Date
X-Proxy-Upstream
Server-Hostname
X-Slack-Backend
X-Platform-Server
X-Origin-Expires
CF-Cached-On
Sever-Int
X-Epic-Correlation-Id
X-RateLimit-Remaining-Second
X-Irp-Debug
Server-ID
X-CGP
X-Core-Mission
Request-Time
L5d-Success-Class
Proxy-Firewall
Ha-Gx-Prefs
X-Fetched-On
Country-Code
X-RateLimit-Limit-Second
X-Cache-Tags
V-Age
Fastly-Drupal-HTML
NM-Fastcgi-Cache
HA-Ipaddr
X-CSRF-Token
X-Dispatcher-Server
X-Distributor
X-B3-Spanid
Pagetype
X-Protected-By
A
X-Refresh
X-RESPONSE-TIME
X-Response-By
X-Hit
X-NX-Host
X-App-Server
X-Method
X-Debug-Log
X-CLOUD-TRACE-CONTEXT
X-Debug-Cookies
X-Cache-Expired-At
X-Instart-Isnd
M-TraceId
X-TA-CDN-Provider
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
HostName
X-SS-Set-Cookie
X-OVcl-Cache
X-OVcl
XServer
X-FPC
X-Debug-Cache-Store
X-Parent-Response-Time
X-Debug-Cache-Fetch
X-Worker
X-Debug-Cache-Expiry
X-Nc
X-GEO
X-Branch-Name
Magicmarker
PFcat
X-Varnish-URL
X-Via-PopV
X-Via-PopH
X-Node-Id
Mime-Version
X-Request-Start
X-Be
X-SRV
X-Varnish-Beresp-Ttl
Origin
X-Policy
Geoip-Latitude
Geoip-City
X-Envoy-Upstream-Healthchecked-Cluster
X-Wa
X-Varnish-Ttl
X-MSEdge-Flight
X-MSEdge-Features
X-CACHE-KEY
PICS-Label
GeoIp-Country-Code
Pramga
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Lb-Id
Esi-Enabled
X-Planisys-CDN-TTL
Powered-By-ChinaCache
X-Ratelimit-Remaining
Geo-Info
X-Time
X-C-Zone
Memory
Cloudfront-Viewer-Country
X-SERVER-NAME
X-C-Key
Who
X-Service
X-ND-Cache
X-Via-Ucdn
X-Load-Cache
X-HS-Status
X-BACKEND-TTL
X-Pjax-Url
X-Reqid
Cteonnt-Length
HitType
X-Country-IP
X-ECache
Dt-Cache-Category
X-Newrelic-App-Data
X-Myra-Origin2
Environment
X-Servedbyhost
X-Azure-Ref-OriginShield
X-Tec-Api-Root
X-Tec-Api-Origin
X-Cdn-Forward
X-Tec-Api-Version
X-Referer
X-Bc
X-VCL-Version
UCS
Product
TTL
X-Wix-Viewer-Type
X-Zone
NtCoent-Length
X-Correlation-ID
X-Cache-Metadata
X-BC
Ttl
X-ZONE
X-Ua
X-CSRF-TOKEN
X-DC
SRV
Fastly-Backend-Name
X-Vcl-Version
X-Up
X-NGINX-Cache
X-Ratelimit-Limit
X-Origin-TTL
X-Origin-CC
X-Cache-Host
Resin-Trace
FSS-Cache
Cdn
X-ServedByHost
X-Server-IP
X-Fastly-Country-Code
X-App-Version
C-Via
X-TT-LOGID
X-Server-Time
X-Swift-Error
X-PJAX-URL
X-Pf-Uncompressing
Release
Pragrma
X-Edge-Server
LB
Cdn-Request-Time
Cdn-Host
X-AIR-PT
CACHE
X-Cache-Backend
Hostname
Cdnsip
Cdncip
X-SVT-ORM-VERSION
X-Node-ID
Sid
X-AK-Request-ID
X-SVT-ORM-RULES
X-Location
Lb
X-UPSTREAM-Address
My-App
X-WPE-Loopback-Upstream-Addr
Warning
X-NU-AKA-ACS-Version
GeoIP-Country-Code
Load-Balancing
MIME-Version
X-Sucuri-Cache
GeoIP-Latitude
GeoIP-City
Dnion-Transfer-Encoding
X-Configured-By
X-WA
X-Fastly-Backend-Reqs
X-Air-Hostname
X-Powered-Y
X-Mvc-Supplant-Cachable
X-BE
X-Tb-Optimization-Total-Bytes-Saved
X-RAMCache
X-Svr
X-Varnish-Beresp-TTL
Ohc-File-Size
Fastly-SSL
X-Fpc
X-Esi-Check
X-Varnish-Url
X-Gzip
X-Cache-Id
X-Mvc-Supplant-OutputCached
Lfy
Ohc-Cache-HIT
X-Fastly-Request-Id
CDN
X-VarnishDD-TTL
X-User
X-Cache-Debug
RequestId
X-Unique-ID
Pics-Label
Processtime
X-MID
X-Apw-Hits
X-Apw-Access-Token
X-B3-SpanId
X-Apw-Access-Action
X-TH-Server
X-Apw-Access-Object
X-LiteSpeed-Cache-Control
X-Agile-Brick-Ok
X-Amzn-Remapped-Date
X-ElasticPress-Query
Cneonction
Host-ID
X-Amzn-Remapped-Connection
Xet-Cookie
X-Zalando-Child-Request-Id
X-ElasticPress-Search
X-Page-Impression-Id
X-Flow-Id
IBM-Web2-Location
X-B3-Parentspanid
DSUID
Requestid
CF-IPCountry
X-Ftr-Cache-Host
X-Aicache-OS
X-Debug-Controller
X-SD-PageType
X-Compress-Hint
L
X-Via-NSCOPI
X-Check-Cacheable
X-Debug-Revision
X-Sucuri-Id
X-DI
X-DSS
X-DB
Server-Int
X-Request-URL
X-DW
X-RPS
WZWS-RAY
X-Action
ProcessTime
X-RSL
CloudFront-Viewer-Country
X-RPM
X-LB-ID
X-Cache-Tag
URI
X-Nananana
DataCenter
X-Fastly-Cache-Hits
X-MiniProfiler-Ids
X-Akamai-ERPolicy
X-Envoy-Decorator-Operation
X-Ocache
X-Dw-Trace-Id
X-Akamai-ERRuleID
X-Request-Url