Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
CF-Ray
Referrer-Policy
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
X-Request-Id
Alt-Svc
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
X-Ua-Compatible
Upgrade
Status
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-AH-Environment
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
X-Server
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
X-Swift-SaveTime
X-Swift-CacheTime
Feature-Policy
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
X-Varnish-Cache
X-UA-Device
Grace
X-Request-ID
Cf-Railgun
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
X-Cache-Lookup
X-Dispatcher
X-Ac
NEL
X-Readtime
Surrogate-Control
X-WebKit-CSP
X-Origin-Upstream-Status
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cloud-Trace-Context
X-Country
X-Mod-Pagespeed
X-Akam-SW-Version
X-DataDome
X-Rack-Cache
Rating
Edge-Control
X-Url
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-DynaTrace
X-Goog-Hash
X-Vname
X-PC
Allow
X-TtlSet
X-FTR-Request-ID
X-Country-Code
Content-MD5
Verso
Service-Worker-Allowed
X-GitHub-Request-Id
X-Varnish-TTL
Pinterest-Generated-By
X-ESI
X-Server-Name
X-D2id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-Webkit-Csp
X-Powered-By-Plesk
X-MS-InvokeApp
SPRequestGuid
X-Navigation-Version
X-Cached
X-Vcache
X-Abt-Application-Version
Accept-Ch
X-Amz-Server-Side-Encryption
X-Debug
X-Forwarded-Proto
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-B3-TraceId
X-Amz-Rid
X-MSEdge-Ref
Public-Key-Pins
X-Fastly-Request-ID
X-SharePointHealthScore
X-Trace
X-Server-ID
X-Vcap-Request-Id
Nginx-Cache
X-VARITI-CCR
MS-Author-Via
TCN
Charset
Arr-Disable-Session-Affinity
X-Fastcgi-Cache
Accept-Ch-Lifetime
X-Px
Edge-Cache-Tag
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
Realpath
X-Middleton-Response
X-Middleton-Display
Pagespeed
Response
Display
X-Sol
SPRequestDuration
SPIisLatency
X-Ser
X-Version
X-Content-Type
X-Client-IP
AR-PoweredBy
AR-Request-ID
AR-ATIME
Cache-Tag
X-Ttl
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Front-End-Https
X-DynaTrace-JS-Agent
Ar-Sid
AR-CACHE
X-Pinterest-Rid
Fusion-Deployment-Id
Pinterest-Version
X-Powered-CMS
X-Dns-Prefetch-Control
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Access-Control-Request-Method
X-Mrf-Section-Lastmod
X-Id
Accept-CH
X-Hp-Webp
X-Jurisdiction
X-Grace
X-Upstream
NR-ENABLED
X-T
X-Forwarded-For
DynaTrace
X-Content-Digest
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Hits
X-TTL
S
X-Dw-Request-Base-Id
X-Aspnet-Version
Fastcgi-Cache
Accept-CH-Lifetime
ServerID
X-Mobile-URL
X-Amzn-Trace-Id
X-Node-Name
PB-RID
PB-PID
X-FTR-Cache-Status
X-Country-Code-Real
X-Recruiting
X-Mobile-Rewrite
Arc-Version
Server-Node
X-Ezoic-Cdn
X-Goog-Stored-Content-Length
X-HS-Cache-Config
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-HS-Content-Id
X-GUploader-UploadID
X-HS-Hub-Id
X-Shard
X-FTR-Expires
X-Frontend
TP-Cache
Powered
TP-L2-Cache
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
X-FTR-Backend-Server
X-Cache-Hit
X-DIS-Request-ID
Fastly-Restarts
X-NWS-LOG-UUID
Upgrade-Insecure-Requests
X-HS-Combine-CSS
X-Shield-Request-Id
X-Logged-In
X-Varnish-Age
Alternate-Protocol
X-Request-Received
X-Request-Processing-Time
AMP-Access-Control-Allow-Source-Origin
X-XRDS-LOCATION
Refresh
X-Request-Handler-Origin-Region
X-Microsite
X-Correlation-Id
MicrosoftSharePointTeamServices
Backend-Timing
X-ATS-Timestamp
Server-Name
X-B
X-Akamai-Edgescape
X-F-Cache
WPE-Backend
X-Rid
X-FTR-Cache-Host
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Via-JSL
X-LB-Cache
X-Page-Id
X-Geo-Country
Cache-Status
X-Zen-Fury
X-N
X-Content-Options
X-XRDS-Location
Host
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ORACLE-APMCS-TAG
X-Origin-Server
X-ORACLE-APMCS-REQUEST-ID
X-Varnish-Grace
X-Amz-Apigw-Id
X-Revision
X-Kinsta-Cache
X-Type
X-B3-Sampled
Host-Header
X-AOL-HN
X-TT
X-Cache-Action
X-FB-Debug
X-ATG-Version
X-Signature
Access-Control-Allow-Method
X-Amz-Replication-Status
X-B-Cache
X-Content-Powered-By
Paypal-Debug-Id
X-Instance
X-Debug-Info
X-Varnish-Backend
X-Tumblr-User
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel
X-Jobs
X-Tumblr-Pixel-0
Actual-Object-TTL
X-Git-Hash
X-App-Environment
Liferay-Portal
Fastcgi-Useragent
X-Request-Guid
X-Srv
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Whom
Frame-Options
X-Cached-By
Healthy
Section-Io-Cache
X-Hostname
X-CST
X-Daa-Tunnel
X-Framework
X-Cluster
X-PHP-Backend
X-Cache-Key
X-Cache-Rule
X-Activity-Id
X-AppVersion
X-Az
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Seen-By
X-Cache-Operation
X-FireWall-Port
X-Mobile
X-WA-Info
X-Endurance-Cache-Level
Retry-After
X-Cache-Age
X-Contextid
Tracecode
Xserver
X-Host-Name
Source
NGB
X-Response-Served-From
X-Upgrade-Enabled
X-Accel-Buffering
X-IPLB-Instance
X-Presslabs-Stats
Accept-Charset
X-ProcessESI
X-RemovedCookies
Surrogate-Key
DC
X-Cache-NE
X-Edge-O15-RID
X-Origin-Response-Time
Eomportal-Instance
X-Region
Srv
Filters
Payment
X-Adobe-Content
X-Adobe-Loc
X-GeoIP
X-Varnish-Server
X-Varnish-Hostname
X-FW-Type
X-FW-Static
X-L-Path
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cacheable-TTL
X-Environment-Context
X-FW-Hash
X-FW-Server
X-FW-Serve
X-Handled-By
Trailer
X-Rendered-As
X-Is-Bot
X-UUID
X-RequestSource
X-Cache-2
X-Amzn-Requestid
Server-Info
X-EdgeConnect-Cache-Status
X-RateLimit-Remaining
X-UA-Device-Type
X-Backend-Name
X-Cache-TTL-Remaining
Nel
From-Origin
Cache-Tv-Group
X-Time-Microsecs
X-FastCGI-Cache
X-Proxy
X-Cache-Server
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
MS-CV
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Wix-Request-Id
X-APP-VERSION
X-Akamai-Transformed
VIX-Pulpo-Node
X-Cache-Enabled
VIX-Pulpo-Upstream-Status
Version
X-NGENIX-Cache
X-Status
X-Dc
X-Amzn-RequestId
X-B3-Traceid
Datacenter
X-IPS-LoggedIn
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-SS-Set-Cookie
S-Cnection
X-NewRelic-App-Data
X-RN-RSRV
X-Path-Route
X-Mode
X-CCM
X-ES-SERVER
X-Pad
Meta-Geo
X-Cache-Var-Map
X-Cache-Var
X-Access
X-Forwarded-Host
X-Format
X-TX-ID
X-Section
X-ApacheServer
X-Via-Fastly
GEO-INFO
X-Hl-Ver
X-R9-Blue-Green-Version
X-NYM-Debug-Backend
X-Unique-Id
ServedBy
Filterid
X-Akamai-Request-ID
X-Ua-Device
X-Cache-Status-Check
X-PERF
Country
Cache-Tags
Cleartype
X-Origin
X-Tb
Akamai-GRN
DB-Nickname
Decoy-Debug-Key
Cache-Key
Content-Disposition
X-Akamai-Request-ID2
Decoy-Debug-TTL
X-Cache-Remote
Now
X-Alternate-Cache-Key
X-ProxyCache-Key
X-ProxyCache-Status
X-Proxy-Cache-Status
NGX
X-Pubstack
Decoy-Debug-Status
X-Request-Time
X-Vgn-Hpd-Reason
X-Device-Type
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Varnish-Hits
X-EIG-Tracking-Id
X-Sorting-Hat-ShopId
X-BYPASS-REASON
X-Amzn-Remapped-Content-Length
X-Soup
X-Cache-Config
X-ServerID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ShardId
X-ShopId
FilterID
X-Shopify-Generated-Cart-Token
X-Proto
Azure-Version
Azure-SlotName
X-Debug-Cache
Cross-Origin-Window-Policy
X-SayCDN-TTL
X-Proxy-Build
Origin-Edge-Control
X-VWS-Id
Selected-Fe
X-LJ-Flow-ID
X-Generated-By
X-JoinUs
X-Say-TTL
X-Human
X-BCube-Filmed-By
X-AWS-Id
Mn-Server-Ip
X-Timing-Wait
X-SaId
X-Say-Cacheable
OT-Force-Account-Verify
X-Web-Node
X-Www-Served-By
X-MP-GENERATED-AT
X-FB-TRIP-ID
Origin-Cache-Control
Azure-SiteName
X-PressLabs-Stats
X-Cache-Time
Azure-InstanceId
Azure-RegionName
TWC-Device-Class
Property-Id
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
S-Rt
X-FW-Dynamic
X-Generated
X-Site-Version
X-NCache
X-Loop
X-Locale
X-Redis-Cache
TWC-Privacy
X-Viewer-Country
X-TNCMS
X-Content-Age
TWC-GeoIP-Country
X-Origin-Hint
Node
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
Webserver
X-FC-Vary-Parameters
X-Xfnlog-Site
X-Cache-Control
X-Hosted-By
X-Zipkin-Id
X-App-Server
X-TIME
Ec-Rule-Version
X-RCS-CacheZone
X-Routing-Service
X-Proxied
X-Detected-As
X-IP
Access-Control-Request-Headers
X-HTML-Minification-Powered-By
Cache-Hits
X-Drupal-Cache-Tags
X-Real-IP
X-EC-Lua
X-Uri
X-Geo
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
Accept-Language
X-Time
Section-Origin-Responded
X-CACHE-KEY
X-No-Session
X-Microcachable
X-Varnish-Cache-Hits
X-OCL
X-PCL
X-Varnish-Ttl
X-UA
X-Adobe-Source
X-Source
X-Qloud-Router
Cf-Ipcountry
Odigeo-Trace-Id
X-NWS-UUID-VERIFY
Ms-Operation-Id
X-RTag
X-Esi
X-Rule
X-Hyper-Cache
User-Agent
X-Azure-Ref
X-From
X-Load-Cache
X-Storage
X-Labrador-Cache-Channel
X-PHP-Host
X-RateLimit-Limit
X-Info
Time
Proxy-Connection
X-Nc
X-Nginx-Cache
Powered-By-ChinaCache
X-Cluster-Node
X-TA-CDN-Provider
X-Backend-TTL
X-Cache-NGX
X-UnsetCookies
X-Magnolia-Registration
X-Rewrite-Enabled
X-Request-URI
X-Request-UUID
X-Edge-Location
X-Processor
X-G
X-External-Request-Id
X-Varnish-Beresp-Grace
X-Region-Sid
X-Varnish-Beresp-Status
Request-Country
X-PAYTM-SRV-ID
X-B-Cookie
Apple-News-Services-Handled
VivaBuild
GEO-REGION-INFO
Viewtype
Fastcgi-X-Cache-Version
X-A
X-A-Dam
X-A-Ccd
X-GeoIP-Country-Code
True-Client-Country-4JS
Mobile-Detection-Method
Request-EU
Rendered-Blocks
Meta-Geo-Continent
MD5-Digest
T-Server
Machine
Content-Style-Type
Content-Script-Type
X-Aed
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
A
X-Drupal-Cache-Contexts
X-Application
X-ND-Cache
Apple-News-Services-Request-Url
Arc-Country
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Accel-Expires-Debug
AsisCache
BehaviorPad-Version
X-ARC
X-DPWN-IS-SECURE
X-Connection-Hash
X-Trv-Group
X-ScT
X-Vtex-Remote-Cache
X-S
X-Newrelic-Synthetics
X-Vdms-Version
X-Transaction
X-VG-TLSProxy
X-SRCache-Key
X-Date
X-D
X-Vtex-Processado-Em
X-Session-Fingerprint
X-VG-WebCache
X-VG-WebServer
X-Rojux
X-S-Cookie
X-CF-Lambda-Version
Xc-Version
X-Destination
X-Twitter-Response-Tags
X-Developer
X-CF-Lambda-Fn
X-Cluster-Name
X-GoCache-CacheStatus
X-Old-Content-Length
Geo-Info
Mime-Version
X-Geo-Header
Server-Host
X-Matched-Rule
X-Thinkindot-L3
X-Sn-Servicetimems
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Distil-CS
PFcat
X-Trafficlayer-App-Name
CDCHOST
X-Trafficlayer-App-Version
L5d-Success-Class
Viewport
Ha-Gx-Prefs
HA-Ipaddr
Thinkindot-CacheControl
Thinkindot-Control
X-Level-Front-Cache
Locid
Thinkindot-CacheControl-Type
X-Trafficlayer-App-Scope
X-GeoIP-City
W
X-TT-TIMESTAMP
X-Developers
X-Agile
X-Served-From
X-C
X-Service
X-ServiceProvider
X-Core-Value
X-OVcl-Cache
X-CGP
X-Cache-Expired-At
ServerName
X-Cache-Grace
X-Rocket-Build-Number
Rt-Fastcgi-Cache
X-Cdn-Srv
X-Cdn-Origin
X-OVcl
X-Eu-Site
HitType
X-Sigma-Backend
Cache-Name
X-Sigma
X-Generated-On
X-Agile-Age
X-Agile-Id
X-CF-Powered-By
X-Hash
X-Distributor
X-Cache-FS-Status
X-Cache-Bucket
X-Debug-Cache-Expiry
X-Device-Os
X-Cache-Tags
X-Dispatcher-Server
X-Hit
Server-Cache-Control
X-Cache-ASPX
Server-ID
Server-Surrogate-Control
X-Debug-Log
X-Contensis-Viewer-Groups
X-Backend-State
We-Hiring
X-Generated-In
X-Debug-Cache-Fetch
X-CUA
X-CS
X-Debug-Cache-Store
X-Auto-Login
X-Gamma-Serve
X-Fetched-On
X-Cms-Context
X-Clientip
X-Has-Esi
X-Generation-Time
V-Age
X-Varnish-Cacheable
X-Bip
X-Epic-Correlation-Id
X-Debug-Cookies
AKAMAI
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Pramga
X-Rebelmouse-Cache-Control
X-Dispatch
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Platform-Server
X-Owner
X-Ms-Version
X-Ms-Request-Id
X-NodeID
X-NX-Host
X-Origin-Expires
X-Origin-Date
X-Varnish-Beresp-Ttl
X-App-Name
X-Varnish-Authentication
X-VC-Cache
X-Variation
X-Tumblr-Pixel-3
X-Urbn-Context-Path
X-Var-Ttl
X-Trace-Id
X-Thanos
X-Wikidot-Static-Cache
X-Rocket-Nginx-Bypass
X-Wikidot-Backend
X-WebServer
X-Swa-Ws
X-Skip-Cache
Adler-Geo
X-Proxy-Upstream
Locale
X-LAGOON
X-Is-Gdpr
Mail-Subject
Fastly-SIE
Kp-EeAlive
Is-Eu
X-JWT-State
Heartbleed
Group
Gh-Request-Id
Fastly-Drupal-HTML
Fastly-SWR
Memcached
X-Instart-Isnd
X-Logging-Id
Cache-Host
X-Urbn-Site-Id
On-Server
Platform
Environment
Country-Code
Countrycode
X-Oneagent-Js-Injection
X-VCache
Uber-Trace-Id
Hostname
X-VServer
X-TrackingId
X-Hnp-Log
X-WADP-Cache
X-Irp-Debug
X-Slack-Backend
X-We-Are-Hiring
X-Servername
X-Bc-Bl
X-FW-Version
X-Fastly-Cache
X-Li-Fabric
X-Gen-Mode
X-Li-Pop
X-Micro-Cache
X-LI-UUID
X-LI-Proto
X-Lb-Id
X-SIPLIST1
RNT-Time
RNT-Machine
IsBot
X-Core-Mission
X-Nginx-Cache-Key
X-Server-W
X-Request-Host
X-Webstats-RespID
X-Cache-Info
Cloudfront-Viewer-Country
N-Cache
X-Block-Status
User-Cache-Control
X-BBXSRF
X-DevSite-Last-Modified
X-BACKEND-TTL
X-Clara-WADP
Web-Mar-Node
X-S-Maxage
X-VHOST
X-Sucuri-ID
X-Req
X-Refresh
X-Cache-URL
X-RESPONSE-TIME
FNAC-ModuleRouting
Wxu-Next-Commit
Wxu-Next-Hostname
X-Backend-Host
Wxu-Next-Region
X-Node-Id
X-NC
X-Origin-TTL
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Ratelimit-Remaining
X-Cdn-Forward
X-Response-By
X-CLOUD-TRACE-CONTEXT
X-Parent-Response-Time
X-Origin-CC
X-Up
X-VCT
X-Pjax-Url
X-Server-Time
X-CSRF-Token
X-Scheme
Fastly-Backend-Name
X-App-Version
X-Fmm-Version
Cache
X-B3-Spanid
X-MSEdge-Features
X-MSEdge-Flight
X-Varnish-URL
Cdn-Request-Time
X-Edge-Server
X-TT-LOGID
Cdn-Host
Pragrma
Origin
X-Instart-Info
X-CDN-Forward
X-SN
X-APP
X-Correlation-ID
X-FPC
SD-X-WS
PICS-Label
X-AK-Request-ID
Cdnsip
Geoip-Latitude
Geoip-City
Proxy-Firewall
X-Cache-Host
Cdncip
Ohc-File-Size
X-CSRF-TOKEN
X-MCACHE
X-Edge
Vix-Hermes-Req-Id
CACHE
GeoIp-Country-Code
Request-Time
X-SVT-ORM-RULES
X-Cache-PHP
TTL
M-TraceId
X-SVT-ORM-VERSION
X-Ruxit-Js-Agent
X-Wa
X-ECACHE
X-Air-Hostname
X-NU-AKA-ACS-Version
X-Vcl-Version
NtCoent-Length
Cdn
NM-Fastcgi-Cache
X-HS-Status
X-Wix-Viewer-Type
X-Vdms-Path
X-URL
X-Be
X-Pf-Uncompressing
X-Myra-Origin2
X-Cache-Debug
RequestId
Resin-Trace
X-Ua
Ohc-Cache-HIT
X-Ratelimit-Limit
X-Mid
Pagetype
CF-Cached-On
X-TH-Server
Memory
X-Zone
Sever-Int
X-ServedByHost
Server-Ext
X-Bc
Server-Hostname
X-Cache-Metadata
IBM-Web2-Location
X-Method
Tcn
X-ECache
SRV
X-Unique-ID
HostName
X-Dynatrace-Js-Agent
Cteonnt-Length
Release
Magicmarker
X-FORWARDED-FOR
X-Servedbyhost
X-GEO
X-Via-PopH
X-ZONE
X-BC
X-Ocache
X-Via-PopV
Load-Balancing
X-Worker
Dnion-Transfer-Encoding
Server-Int
XServer
X-Newrelic-App-Data
X-Swift-Error
X-NGINX-Cache
Lb
Powered-By
X-Protected-By
X-Tb-Optimization-Total-Bytes-Saved
Dt-Cache-Category
X-Request-Start
X-Branch-Name
X-Azure-Ref-OriginShield
X-Esi-Check
X-Configured-By
X-Cache-Id
Fastly-Soc-X-Request-Id
X-Envoy-Upstream-Healthchecked-Cluster
X-AIR-PT
X-Policy
X-Referer
Pics-Label
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-DC
X-Planisys-CDN-Rules
X-B3-SpanId
X-Node-ID
X-Action
X-COUNTRY
X-Datadome
X-WA
X-Planisys-CDN-Cache
X-Gzip
X-Fastly-Country-Code
Esi-Enabled
Ttl
X-Planisys-CDN-TTL
X-VCL-Version
Fastly-SSL
X-Reqid
X-DSS
X-DW
X-DB
GeoIP-Country-Code
X-Hello
X-ABtesting
X-SRV
X-RSL
X-RPS
X-DI
X-RPM
X-Flog
MIME-Version
X-C-Zone
X-C-Key
X-Fpc
X-Via-Ucdn
Host-ID
Who
GeoIP-Latitude
GeoIP-City
X-VarnishDD-TTL
X-Cache-Backend
X-HostName
X-Render-Time
X-SERVER-NAME
ProcessTime
X-Svr
LB
X-Via-CDN
X-PF-Uncompressing
X-Powered-Y
Amp-Access-Control-Allow-Source-Origin
X-PJAX-URL
X-Varnish-Url
X-User
X-Fastly-Request-Id
Lfy
X-Amzn-Remapped-Connection
X-UPSTREAM-Address
X-Ftr-Request-Id
X-Amzn-Remapped-Date
X-Fastly-Backend-Reqs
UCS
X-Country-IP
X-MID
X-Beluga-Response-Time
X-Beluga-Status
Product
X-Beluga-Trace
Sid
X-SD-PageType
X-Beluga-Cache-Status
FSS-Proxy
FSS-Cache
X-Varnish-Beresp-TTL
X-Beluga-Node
X-Key
X-Beluga-Record
X-Flow-Id
X-LiteSpeed-Cache-Control
X-RAMCache
Requestid
X-WPE-Loopback-Upstream-Addr
X-Zalando-Child-Request-Id
X-Sucuri-Cache
Xet-Cookie
X-Internal-Host
X-Agile-Brick-Ok
SN
X-Page-Impression-Id
X-B3-Parentspanid
CF-IPCountry
X-Ftr-Cache-Host
X-Ftr-Dc
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Ftr-Backend
X-Ftr-Realm
X-Apw-Access-Object
WZWS-RAY
X-Apw-Access-Action
X-Request-Url
X-Aicache-OS
X-Location
WebServer
X-Tid
X-BE
L
X-Debug-Revision
X-Compress-Hint
X-Check-Cacheable
X-Debug-Controller
X-Pinterest-Direct
X-Apw-Hits
CDN
X-Apw-Access-Token
X-Litespeed-Cache-Control
Servername
X-Sucuri-Id
X-MiniProfiler-Ids
X-Server-IP
CloudFront-Viewer-Country
X-Fastly-Cache-Hits
X-App
DataCenter
X-ElasticPress-Search
Cneonction
X-Nananana
X-LB-ID
X-Dw-Trace-Id
X-Request-URL