Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
CF-RAY
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Ua-Compatible
X-Iinfo
P3p
X-Template
X-Language
Status
Upgrade
X-AspNetMvc-Version
X-Content-Security-Policy
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
Feature-Policy
X-Server-Powered-By
X-Pingback
Server-Timing
Request-Context
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Grace
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-Rq
X-LiteSpeed-Cache
X-Server-Id
X-Device
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Host
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Backend-Server
X-Node
NEL
X-Response-Time
X-Dispatcher
X-WebKit-CSP
X-Ac
X-Cache-Lookup
X-Origin-Upstream-Status
Surrogate-Control
Request-Id
X-Readtime
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
X-HW
X-DataDome
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Url
X-Rack-Cache
X-Cloud-Trace-Context
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Goog-Hash
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
X-Country-Code
X-DynaTrace
X-Varnish-TTL
Fusion-Deployment-Id
X-ASPNET-VERSION
Allow
X-GitHub-Request-Id
Service-Worker-Allowed
Verso
X-Instart-Request-ID
X-MS-InvokeApp
Accept-CH
X-D2id
Content-MD5
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Use-Magma
X-Kinja-Build
SPRequestGuid
Pinterest-Generated-By
X-Cached
X-Forwarded-Proto
X-Powered-By-Plesk
X-Trace
X-Server-Name
X-Navigation-Version
Accept-CH-Lifetime
TCN
X-Abt-Application-Version
X-SharePointHealthScore
X-Amz-Server-Side-Encryption
X-Amz-Rid
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Public-Key-Pins
X-Fastly-Request-ID
X-Vcache
X-Vcap-Request-Id
Nginx-Cache
X-MSEdge-Ref
X-Debug
X-Ttl
X-VARITI-CCR
SPIisLatency
SPRequestDuration
Arr-Disable-Session-Affinity
Charset
MS-Author-Via
X-ESI
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
X-B3-TraceId
NR-ENABLED
X-Px
X-DynaTrace-JS-Agent
X-Middleton-Response
Response
X-Middleton-Display
Display
Pagespeed
X-Content-Type
Realpath
X-Sol
X-Client-IP
Cache-Tag
X-Ser
Edge-Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
Access-Control-Request-Method
X-Id
X-Powered-CMS
X-Grace
X-Server-ID
X-Pinterest-Rid
Pinterest-Version
Front-End-Https
WPE-Backend
X-Hp-Webp
X-Jurisdiction
X-Version
X-Upstream
X-Webkit-Csp
AR-Request-ID
AR-PoweredBy
X-T
AR-ATIME
X-Hits
X-Shield-Request-Id
X-Element-Page-Cache
X-Fastcgi-Cache
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Node-Name
X-Cache-Hit
Fastcgi-Cache
ServerID
AR-CACHE
Ar-Sid
X-Recruiting
X-Correlation-Id
X-Mobile-URL
AMP-Access-Control-Allow-Source-Origin
X-GUploader-UploadID
X-FTR-DC
X-Goog-Stored-Content-Length
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Realm
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
Server-Node
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Frontend
Powered
TP-Cache
TP-L2-Cache
X-XRDS-Location
X-Request-Received
X-Request-Processing-Time
PB-RID
PB-PID
X-FTR-Expires
X-DIS-Request-ID
Accept-Ch
Upgrade-Insecure-Requests
Arc-Version
X-Mobile-Rewrite
Refresh
X-Forwarded-For
X-HS-Combine-CSS
X-Ezoic-Cdn
X-Shard
X-TTL
Alternate-Protocol
Server-Name
X-Amzn-Trace-Id
Host-Header
X-Geo-Country
X-NWS-LOG-UUID
X-Microsite
X-Request-Handler-Origin-Region
X-N
Accept-Ch-Lifetime
X-FTR-Cache-Host
X-F-Cache
Fastly-Restarts
X-Page-Id
X-Akamai-Edgescape
X-Rid
X-LB-Cache
X-Logged-In
X-Varnish-Age
X-B
X-User-Agent
X-ATS-Timestamp
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Kong-Upstream-Latency
X-FastCGI-Cache
X-Kong-Proxy-Latency
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-Esi
X-Cache-Key
X-Kinsta-Cache
X-Zen-Fury
Healthy
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-Varnish-Grace
X-Origin-Server
X-XRDS-LOCATION
Host
X-Revision
X-Jobs
X-Request-Guid
X-Instance
X-App-Environment
Fastcgi-Useragent
X-Varnish-Backend
X-Signature
X-Git-Hash
X-Tumblr-User
X-B-Cache
X-ATG-Version
X-Tumblr-Pixel-0
Paypal-Debug-Id
X-Tumblr-Pixel
Actual-Object-TTL
X-Hostname
X-Seen-By
X-Type
X-B3-Sampled
X-FB-Debug
X-AOL-HN
X-Amz-Replication-Status
X-Whom
X-Cache-Age
Section-Io-Cache
X-TT
X-Cache-Action
X-Debug-Info
Frame-Options
X-Cluster
Cache-Status
X-Content-Options
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
Trailer
X-Cache-Rule
X-Endurance-Cache-Level
X-Cache-Operation
X-Contextid
X-Amzn-Requestid
X-Content-Powered-By
Source
X-Host-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Tracecode
Liferay-Portal
X-AppVersion
X-Az
X-Activity-Id
X-Daa-Tunnel
Accept-Charset
X-SERVER
X-Tt-Trace-Host
X-Amz-Apigw-Id
X-Tt-Trace-Tag
X-Presslabs-Stats
X-FireWall-Port
X-PHP-Backend
X-IPLB-Instance
DC
X-Upgrade-Enabled
X-Framework
From-Origin
X-WA-Info
Retry-After
X-Response-Served-From
X-Accel-Buffering
X-RateLimit-Remaining
NGB
X-APP-VERSION
X-ProcessESI
X-RemovedCookies
Srv
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Static
X-UUID
X-FW-Type
X-Is-Bot
Surrogate-Key
X-Tumblr-Pixel-1
X-Rendered-As
X-Tumblr-Pixel-2
X-L-Path
X-Adobe-Content
X-Adobe-Loc
Payment
X-Cacheable-TTL
X-Environment-Context
X-RequestSource
X-Wix-Request-Id
X-Varnish-Server
VIX-Pulpo-Node
X-GeoIP
Eomportal-Instance
X-Cache-NE
VIX-Pulpo-Upstream-Status
X-Region
X-Mobile
X-Time-Microsecs
X-Cached-By
X-B3-Traceid
Filters
X-Unique-Id
X-UA-Device-Type
X-Handled-By
X-Proxy
X-Varnish-Hostname
X-Origin-Response-Time
Filterid
X-NGENIX-Cache
X-Cache-TTL-Remaining
X-EdgeConnect-Cache-Status
X-Cache-Server
Xserver
Datacenter
X-Cache-Control
X-Akamai-Transformed
X-Webkit-CSP
X-Cache-Time
MS-CV
X-Srv
X-Backend-Name
X-TIME
Version
X-CST
X-Status
X-Mode
Server-Info
GEO-INFO
Cache-Tv-Group
X-Cache-2
S-Cnection
X-Cache-Enabled
X-Yottaa-Metrics
X-Rule
Cache-Tags
X-Yottaa-Optimizations
Odigeo-Trace-Id
X-CCM
X-Cache-Var-Map
Meta-Geo
Webserver
X-ES-SERVER
X-Cache-Var
X-Path-Route
X-IP
Azure-InstanceId
Azure-RegionName
OT-Force-Account-Verify
X-Redis-Cache
Azure-SiteName
X-RN-RSRV
Ec-Rule-Version
X-FW-Dynamic
X-Detected-As
X-TNCMS
S-Rt
X-FC-Vary-Parameters
X-Loop
Azure-SlotName
Azure-Version
Cache-Hits
X-Via-Fastly
Akamai-GRN
Cleartype
Country
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Forwarded-Host
DB-Nickname
X-Human
X-Say-TTL
X-Pubstack
X-Say-Cacheable
X-Hosted-By
X-TX-ID
X-Amzn-Remapped-Content-Length
X-Hl-Ver
X-Real-IP
Now
X-Web-Node
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
X-ApacheServer
X-Adobe-Source
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
Origin-Edge-Control
Origin-Cache-Control
X-R9-Blue-Green-Version
ServedBy
TWC-Device-Class
TWC-Connection-Speed
X-SayCDN-TTL
Cross-Origin-Window-Policy
X-Origin-Hint
X-Origin
X-PERF
X-Proto
X-NCache
X-Shopify-Generated-Cart-Token
Content-Disposition
X-Sorting-Hat-ShopId
X-Device-Type
Cache-Key
X-Vgn-Hpd-Reason
X-EIG-Tracking-Id
X-NYM-Debug-Backend
X-ServerID
X-Site-Version
X-Shopify-Stage
X-VWS-Id
X-RCS-CacheZone
Section-Origin-Responded
X-ProxyCache-Status
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
NGX
X-Cache-Status-Check
X-Sorting-Hat-PodId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Akamai-Request-ID2
X-Alternate-Cache-Key
X-Locale
X-LJ-Flow-ID
X-AWS-Id
X-ProxyCache-Key
X-Backend-TTL
Access-Control-Request-Headers
X-BYPASS-REASON
X-ShopId
X-Tb
X-Proxy-Cache-Status
X-ShardId
X-Cache-Config
X-Generated
X-Www-Served-By
X-Access
X-Xfnlog-Site
X-Timing-Wait
Selected-Fe
X-BCube-Filmed-By
X-Viewer-Country
X-Routing-Service
X-Format
X-Proxy-Build
X-SaId
X-Section
X-JoinUs
X-Zipkin-Id
X-MP-GENERATED-AT
X-FB-TRIP-ID
X-HTML-Minification-Powered-By
X-Cache-NGX
X-Debug-Cache
Mn-Server-Ip
X-Content-Age
X-Proxied
X-Cache-Remote
Node
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Soup
X-Oss-Storage-Class
X-Oss-Server-Time
X-Ua-Device
X-Microcachable
X-Request-Time
X-No-Session
X-Cdn
X-EC-Lua
X-Varnish-Hits
X-PressLabs-Stats
X-Akamai-Request-ID
Cf-Ipcountry
X-Generated-By
Accept-Language
X-Drupal-Cache-Tags
X-CF-Powered-By
X-NewRelic-App-Data
X-From
Nel
X-IPS-LoggedIn
X-Pad
Time
X-NC
X-Pinterest-Direct
X-Dc
X-Geo
X-Amzn-RequestId
X-Azure-Ref
X-RateLimit-Limit
X-Old-Content-Length
X-NWS-UUID-VERIFY
Ms-Operation-Id
Uber-Trace-Id
X-RTag
X-Source
X-VCT
X-Uri
User-Agent
X-URL
X-FORWARDED-FOR
X-CS
X-Newrelic-Synthetics
X-Cache-Grace
Cache-Name
FilterID
X-Edge
X-PHP-Host
X-MCACHE
X-PCL
X-Labrador-Cache-Channel
X-ECACHE
X-OCL
X-Qloud-Router
X-GoCache-CacheStatus
X-Nginx-Cache
Cache
X-CDN-Forward
X-Varnish-Cache-Hits
Proxy-Connection
X-Drupal-Cache-Contexts
X-Hyper-Cache
X-Edge-Location
X-Litespeed-Cache
X-Magnolia-Registration
X-UA
Fastcgi-X-Cache-Version
X-External-Request-Id
X-G
X-FW-Version
X-Vdms-Version
X-DPWN-IS-SECURE
X-D
X-Connection-Hash
X-Date
X-Destination
GEO-REGION-INFO
X-Developer
BehaviorPad-Version
Apple-News-Services-Parsed-Url
X-Info
X-B-Cookie
X-Instart-Info
X-SRCache-Key
X-Vtex-Remote-Cache
User-Cache-Control
X-GeoIP-Country-Code
Machine
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-APP
AsisCache
Meta-Geo-Continent
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
VivaBuild
X-VG-WebServer
X-A-Dgt
X-A-Wwc
X-Cache-Bucket
X-ARC
X-Vtex-Processado-Em
X-Aed
X-Accel-Expires-Debug
Viewtype
True-Client-Country-4JS
Xc-Version
Rendered-Blocks
Mobile-Detection-Method
X-Application
MD5-Digest
Memcached
Request-Country
Request-EU
ServerName
T-Server
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-VG-WebCache
Arc-Country
X-Rocket-Nginx-Bypass
X-Reboot
X-Processor
X-ScT
X-Twitter-Response-Tags
X-S
X-Session-Fingerprint
X-S-Cookie
X-Trv-Group
X-Transaction
X-Region-Sid
X-Request-URI
X-Rojux
X-PAYTM-SRV-ID
X-Request-UUID
X-Rewrite-Enabled
X-Cluster-Name
Proxy-Firewall
Gh-Request-Id
X-Webstats-RespID
X-TrackingId
X-Cache-Info
X-DevSite-Last-Modified
Rt-Fastcgi-Cache
X-Trafficlayer-App-Scope
X-Slack-Backend
X-VServer
X-Cdn-Origin
X-Served-From
X-VG-TLSProxy
Web-Mar-Node
X-Cache-URL
X-Storage
On-Server
N-Cache
X-We-Are-Hiring
X-Request-Host
X-Wikidot-Static-Cache
Server-Surrogate-Control
X-Clara-WADP
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Trafficlayer-App-Version
Viewport
X-Level-Front-Cache
X-Core-Value
X-Contensis-Viewer-Groups
Thinkindot-Control
X-Thinkindot-L3
X-Trafficlayer-App-Name
X-SS-Set-Cookie
X-Fastly-Cache
Server-Host
X-Hnp-Log
X-Backend-Host
X-IN-APIGATEWAY
X-App-Server
X-Sn-Servicetimems
X-Micro-Cache
X-GeoIP-City
X-Matched-Rule
X-Has-Esi
X-IN-APIGATEWAYSSL
X-Sucuri-ID
X-JWT-State
X-Li-Pop
X-Li-Fabric
X-Backend-State
X-Is-Gdpr
X-Irp-Debug
X-LI-UUID
X-LI-Proto
X-Mid
Server-Cache-Control
X-Geo-Header
X-ServiceProvider
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Servername
X-Fmm-Version
Content-Script-Type
X-Wikidot-Backend
X-Tumblr-Pixel-3
X-Server-W
Content-Style-Type
X-Cache-ASPX
X-Gen-Mode
X-Generated-On
X-Auto-Login
SD-X-WS
X-Block-Status
X-Varnish-Authentication
X-BBXSRF
X-WADP-Cache
X-UnsetCookies
X-S-Maxage
CF-Cached-On
X-Urbn-Context-Path
X-Sigma
X-Sigma-Backend
X-Bip
X-Urbn-Site-Id
X-Scheme
X-Cache-FS-Status
X-Cache-Tags
X-Proxy-Upstream
X-VC-Cache
X-Origin-Date
X-Variation
X-NX-Host
X-Fetched-On
X-Origin-Expires
X-Epic-Correlation-Id
X-Owner
X-Eu-Site
X-NodeID
X-Nginx-Cache-Key
X-Hash
X-Logging-Id
X-LAGOON
X-Ms-Request-Id
X-Generation-Time
X-Varnish-Cacheable
X-Ms-Version
X-Generated-In
X-Var-Ttl
X-Distributor
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Core-Mission
X-Req
X-Cms-Context
X-CGP
X-Clientip
X-Cluster-Node
X-CUA
X-RateLimit-Limit-Second
X-Dispatch
X-Dispatcher-Server
X-Distil-CS
X-Device-Os
X-Developers
X-Debug-Cookies
X-Debug-Log
X-Platform-Server
X-Rocket-Build-Number
X-WebServer
HA-Ipaddr
Heartbleed
Ha-Gx-Prefs
Group
A
Vix-Hermes-Req-Id
X-COUNTRY
Kp-EeAlive
IsBot
Is-Eu
X-App-Name
X-Skip-Cache
FNAC-ModuleRouting
Countrycode
X-Gamma-Serve
Country-Code
Cache-Host
X-SN
AKAMAI
Fastly-Drupal-HTML
Fastly-SWR
X-Bc-Bl
Adler-Geo
Fastly-SIE
CDCHOST
L5d-Success-Class
We-Hiring
Wxu-Next-Commit
W
V-Age
Locale
Wxu-Next-Hostname
Wxu-Next-Region
X-Thanos
X-Agile-Id
X-Agile-Age
X-Agile
Server-ID
X-SIPLIST1
RNT-Time
Mail-Subject
X-VCache
Locid
X-Trace-Id
X-TT-TIMESTAMP
RNT-Machine
Platform
X-Swa-Ws
X-Time
X-Varnish-Beresp-Status
X-Hit
X-CACHE-KEY
X-Response-By
X-Varnish-Beresp-Grace
X-C
X-Cache-Expired-At
X-Cache-PHP
X-Debug-Cache-Fetch
Geo-Info
X-Vdms-Path
X-Debug-Cache-Expiry
X-Instart-Isnd
X-CSRF-Token
X-OVcl-Cache
X-Refresh
X-Debug-Cache-Store
Request-Time
NM-Fastcgi-Cache
X-OVcl
PFcat
X-B3-Spanid
X-Varnish-Beresp-Ttl
X-RESPONSE-TIME
X-SERVER-NAME
X-Node-Id
Server-Ext
Sever-Int
Server-Hostname
Mime-Version
X-CLOUD-TRACE-CONTEXT
M-TraceId
X-Parent-Response-Time
X-Varnish-URL
Pagetype
HostName
X-Protected-By
X-MSEdge-Features
X-MSEdge-Flight
X-FPC
Powered-By-ChinaCache
X-Method
X-Wa
X-SRV
X-Via-PopH
X-Worker
Pramga
PICS-Label
X-Varnish-Ttl
X-Lb-Id
X-Via-PopV
Magicmarker
X-GEO
X-Nc
X-DC
XServer
Origin
Cloudfront-Viewer-Country
X-Branch-Name
X-Request-Start
X-Service
X-Envoy-Upstream-Healthchecked-Cluster
X-ND-Cache
X-TA-CDN-Provider
Geoip-Latitude
HitType
X-Load-Cache
X-Policy
Geoip-City
Memory
X-Ua
X-Be
X-Ratelimit-Remaining
Environment
X-HS-Status
X-C-Key
GeoIp-Country-Code
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Pjax-Url
X-C-Zone
X-Wix-Viewer-Type
Esi-Enabled
Cteonnt-Length
X-Servedbyhost
Dt-Cache-Category
X-VCL-Version
Who
X-ECache
X-CSRF-TOKEN
X-Up
Ttl
X-BACKEND-TTL
X-Bc
X-Via-Ucdn
X-Reqid
X-Myra-Origin2
Fastly-Backend-Name
X-Zone
X-Azure-Ref-OriginShield
X-Newrelic-App-Data
NtCoent-Length
X-Country-IP
X-Origin-CC
X-Origin-TTL
X-Referer
X-Cache-Metadata
X-App-Version
TTL
X-TT-LOGID
Hostname
Resin-Trace
Pragrma
X-Cache-Host
X-Server-Time
X-Cdn-Forward
SRV
Cdn-Request-Time
Product
X-Vcl-Version
X-Edge-Server
X-ZONE
Cdn-Host
X-BC
X-Fastly-Country-Code
UCS
X-Oneagent-Js-Injection
X-Ratelimit-Limit
Cdn
Load-Balancing
Cdncip
Cdnsip
X-Pf-Uncompressing
Release
X-ServedByHost
X-AK-Request-ID
X-Swift-Error
Lb
X-NGINX-Cache
GeoIP-Country-Code
X-Server-IP
X-Correlation-ID
X-NU-AKA-ACS-Version
CACHE
X-SVT-ORM-RULES
X-Tec-Api-Root
X-PJAX-URL
X-Tec-Api-Origin
X-SVT-ORM-VERSION
X-AIR-PT
GeoIP-Latitude
X-Configured-By
GeoIP-City
X-Tec-Api-Version
Sid
X-Ruxit-Js-Agent
X-Datadome
X-Air-Hostname
C-Via
Dnion-Transfer-Encoding
LB
X-Node-ID
FSS-Cache
X-Dynatrace-Js-Agent
Ohc-File-Size
X-BE
X-WPE-Loopback-Upstream-Addr
X-Esi-Check
X-Gzip
X-Cache-Id
Warning
MIME-Version
X-Edge-O15-RID
X-Location
X-TH-Server
X-Cache-Debug
RequestId
X-WA
My-App
X-Tb-Optimization-Total-Bytes-Saved
Ohc-Cache-HIT
X-UPSTREAM-Address
X-Cache-Backend
X-Mvc-Supplant-Cachable
X-B3-SpanId
X-Svr
X-RAMCache
IBM-Web2-Location
X-Fpc
Pics-Label
X-Sucuri-Cache
X-Powered-Y
X-VarnishDD-TTL
Lfy
X-Fastly-Request-Id
X-Varnish-Beresp-TTL
X-Varnish-Url
X-Fastly-Backend-Reqs
X-Mvc-Supplant-OutputCached
CDN
Fastly-SSL
Server-Int
X-Ocache
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Token
X-MID
Xet-Cookie
X-User
X-ElasticPress-Search
X-LiteSpeed-Cache-Control
Powered-By
X-SD-PageType
X-Zalando-Child-Request-Id
X-ElasticPress-Query
X-Page-Impression-Id
X-Flow-Id
Requestid
X-Agile-Brick-Ok
CF-IPCountry
Processtime
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Host-ID
Cneonction
X-Debug-Revision
X-Check-Cacheable
X-Debug-Controller
X-B3-Parentspanid
X-Aicache-OS
X-Nananana
X-PF-Uncompressing
X-Unique-ID
X-Sucuri-Id
X-LB-ID
Fastly-Soc-X-Request-Id
ProcessTime
X-MiniProfiler-Ids
CloudFront-Viewer-Country
X-Dw-Trace-Id
X-Fastly-Cache-Hits
X-Request-URL
X-Request-Url
URI
DataCenter
X-Cache-Tag