Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
CF-RAY
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
P3P
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
X-FRAME-OPTIONS
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Ua-Compatible
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
P3p
X-Template
X-Language
X-AspNetMvc-Version
Status
Upgrade
X-CDN
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Request-ID
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Ws-Request-Id
X-Backend
X-Pass-Why
X-Age
X-Server
EagleId
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-CacheTime
X-Swift-SaveTime
Request-Context
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
EagleEye-TraceId
X-Backend-Server
X-Host
X-Vhost
X-Node
X-Response-Time
NEL
X-Dispatcher
X-Ac
X-Cache-Lookup
X-WebKit-CSP
X-Origin-Upstream-Status
X-Readtime
Surrogate-Control
Request-Id
Content-Location
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Country
X-DataDome
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Url
Edge-Control
Rating
X-Rack-Cache
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
RTSS
X-Vname
X-PC
X-Goog-Hash
X-TtlSet
X-FTR-Request-ID
X-Varnish-TTL
X-DynaTrace
X-Country-Code
X-Instart-Request-ID
X-ASPNET-VERSION
Allow
Service-Worker-Allowed
X-GitHub-Request-Id
Verso
Content-MD5
X-Dns-Prefetch-Control
X-Server-Name
X-D2id
X-ESI
Pinterest-Generated-By
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Use-Magma
X-Kinja
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-MS-InvokeApp
SPRequestGuid
X-Cached
X-Navigation-Version
X-Powered-By-Plesk
X-Server-ID
X-Vcache
X-Forwarded-Proto
Fusion-Deployment-Id
X-Amz-Server-Side-Encryption
X-B3-TraceId
X-Trace
X-Abt-Application-Version
X-Amz-Rid
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
TCN
Public-Key-Pins
X-Debug
X-Fastly-Request-ID
X-SharePointHealthScore
Nginx-Cache
X-MSEdge-Ref
X-VARITI-CCR
X-Vcap-Request-Id
X-Ttl
Accept-Ch
MS-Author-Via
Arr-Disable-Session-Affinity
Charset
X-Px
X-Accel-Expires
X-NF-Request-ID
X-Cache-TTL
SPIisLatency
SPRequestDuration
Edge-Cache-Tag
Realpath
Accept-CH
X-Middleton-Response
X-Fastcgi-Cache
X-Middleton-Display
Pagespeed
Display
Response
X-Webkit-Csp
X-Content-Type
X-Ser
X-Sol
X-Client-IP
Accept-Ch-Lifetime
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-DynaTrace-JS-Agent
Cache-Tag
X-Version
NR-ENABLED
Front-End-Https
X-Powered-CMS
X-Pinterest-Rid
Pinterest-Version
X-Id
Access-Control-Request-Method
X-Grace
Accept-CH-Lifetime
X-Hp-Webp
X-Jurisdiction
S
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Upstream
X-Forwarded-For
X-T
X-Hits
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Amz-Meta-S3cmd-Attrs
MRF-Tech
X-Element-Page-Cache
X-Content-Digest
DynaTrace
X-Dw-Request-Base-Id
Ar-Sid
AR-CACHE
Fastcgi-Cache
X-Shield-Request-Id
ServerID
X-Node-Name
X-Mobile-URL
X-Cache-Hit
WPE-Backend
X-Recruiting
PB-PID
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
PB-RID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-FTR-Realm
Powered
Server-Node
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Frontend
X-Mobile-Rewrite
Arc-Version
TP-Cache
TP-L2-Cache
X-FTR-Expires
AMP-Access-Control-Allow-Source-Origin
Upgrade-Insecure-Requests
X-Amzn-Trace-Id
X-DIS-Request-ID
X-Request-Processing-Time
X-Request-Received
X-Shard
X-Ezoic-Cdn
Refresh
X-XRDS-Location
X-HS-Combine-CSS
Alternate-Protocol
X-TTL
X-NWS-LOG-UUID
Fastly-Restarts
X-Correlation-Id
X-Logged-In
X-Varnish-Age
X-Request-Handler-Origin-Region
X-Microsite
Server-Name
X-LB-Cache
X-Page-Id
X-FTR-Cache-Host
X-F-Cache
X-Akamai-Edgescape
X-B
X-User-Agent
X-Rid
Backend-Timing
X-ATS-Timestamp
X-N
X-Geo-Country
X-Content-Security-Policy-Report-Only
MicrosoftSharePointTeamServices
Host-Header
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Via-JSL
Host
X-XRDS-LOCATION
X-Zen-Fury
X-ORACLE-APMCS-REQUEST-ID
Cache-Status
X-ORACLE-APMCS-TAG
X-Origin-Server
X-Kinsta-Cache
X-Varnish-Grace
X-Content-Options
Healthy
X-B3-Sampled
X-Revision
X-AOL-HN
X-TT
X-ATG-Version
X-Cache-Action
X-Amz-Replication-Status
X-Tumblr-User
X-Tumblr-Pixel-0
Actual-Object-TTL
X-Tumblr-Pixel
X-Jobs
Paypal-Debug-Id
X-Type
X-B-Cache
X-FB-Debug
X-Signature
X-Request-Guid
X-Instance
X-App-Environment
Section-Io-Cache
X-Git-Hash
X-Debug-Info
Access-Control-Allow-Method
X-Whom
Frame-Options
X-Varnish-Backend
X-WebKit-CSP-Report-Only
Fastcgi-Useragent
X-Hostname
X-Amz-Apigw-Id
Liferay-Portal
X-Cluster
X-Content-Powered-By
X-Seen-By
Trailer
X-Cache-Rule
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cache-Operation
X-Cache-Age
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Az
X-Endurance-Cache-Level
X-Activity-Id
X-AppVersion
X-Contextid
X-PHP-Backend
X-FireWall-Port
Tracecode
X-Framework
X-FastCGI-Cache
X-Srv
X-Daa-Tunnel
X-Cached-By
X-WA-Info
X-Cache-Key
X-Host-Name
Source
X-Mobile
Xserver
Retry-After
X-Upgrade-Enabled
X-IPLB-Instance
Accept-Charset
NGB
X-Response-Served-From
X-Accel-Buffering
X-Amzn-Requestid
X-RateLimit-Remaining
Srv
X-RemovedCookies
X-ProcessESI
DC
X-Adobe-Loc
Surrogate-Key
X-Adobe-Content
X-UUID
X-FW-Type
X-Cache-NE
X-FW-Static
Eomportal-Instance
X-Is-Bot
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Rendered-As
X-GeoIP
X-Tumblr-Pixel-1
X-Varnish-Server
X-RequestSource
X-Region
X-L-Path
X-Environment-Context
X-Tumblr-Pixel-2
Payment
X-Handled-By
X-Cacheable-TTL
Filters
From-Origin
X-Origin-Response-Time
X-Varnish-Hostname
X-Presslabs-Stats
X-UA-Device-Type
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
VIX-Pulpo-Upstream-Status
X-Wix-Request-Id
VIX-Pulpo-Node
X-EdgeConnect-Cache-Status
X-Cache-Server
X-Backend-Name
Filterid
Server-Info
X-Cache-2
X-CST
Cache-Tv-Group
MS-CV
X-NGENIX-Cache
Datacenter
Version
X-Akamai-Transformed
X-Status
X-Oss-Request-Id
X-Cache-Enabled
X-APP-VERSION
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Server-Time
X-Unique-Id
X-Cache-Time
X-Cache-Control
X-Mode
S-Cnection
X-PressLabs-Stats
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Var
X-Path-Route
X-ES-SERVER
Meta-Geo
X-CCM
X-Cache-Var-Map
X-RN-RSRV
X-CACHE-KEY
X-TIME
Webserver
X-PERF
ServedBy
X-R9-Blue-Green-Version
X-Hl-Ver
X-ApacheServer
Country
Cache-Tags
Cleartype
X-Forwarded-Host
X-Via-Fastly
Decoy-Debug-TTL
Now
Akamai-GRN
Decoy-Debug-Key
X-TX-ID
DB-Nickname
Cache-Key
Decoy-Debug-Status
X-Debug-Cache
OT-Force-Account-Verify
X-VWS-Id
X-Vgn-Hpd-Reason
X-Tb
X-FC-Vary-Parameters
X-Origin-Hint
X-LJ-Flow-ID
X-Origin
X-Proto
X-FW-Dynamic
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ProxyCache-Status
X-Redis-Cache
X-RCS-CacheZone
X-Pubstack
X-ProxyCache-Key
X-ServerID
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-ShopId
X-ShardId
X-Human
X-Goog-Meta-Goog-Reserved-File-Mtime
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Origin-Edge-Control
Property-Id
Section-Io-Id
Section-Io-Origin-Status
TWC-Locale-Group
TWC-Privacy
X-BYPASS-REASON
X-Cache-Status-Check
X-Device-Type
X-EIG-Tracking-Id
X-AWS-Id
X-Alternate-Cache-Key
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Akamai-Request-ID2
Origin-Cache-Control
NGX
X-Section
X-SaId
X-Routing-Service
X-Site-Version
X-Timing-Wait
X-Xfnlog-Site
X-Www-Served-By
X-Proxy-Build
X-Proxied
X-Content-Age
X-Access
Selected-Fe
X-Format
X-Generated
X-JoinUs
X-Amzn-RequestId
X-Zipkin-Id
Access-Control-Request-Headers
X-Say-TTL
X-Say-Cacheable
X-Proxy-Cache-Status
X-SayCDN-TTL
X-Soup
X-Web-Node
X-TNCMS
X-Loop
X-Locale
X-Amzn-Remapped-Content-Length
Ec-Rule-Version
Content-Disposition
X-Cache-Config
X-Detected-As
X-IP
X-Hosted-By
X-IPS-LoggedIn
X-NCache
Mn-Server-Ip
Cross-Origin-Window-Policy
Azure-Version
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-SiteName
X-Request-Time
S-Rt
X-Real-IP
X-Viewer-Country
X-MP-GENERATED-AT
X-NYM-Debug-Backend
X-Geo
X-Ua-Device
X-Adobe-Source
X-Pad
X-FB-TRIP-ID
X-Cache-Remote
Cache-Hits
X-Varnish-Hits
X-Akamai-Request-ID
X-HTML-Minification-Powered-By
X-Esi
GEO-INFO
X-BCube-Filmed-By
X-Aspnetmvc-Version
X-Generated-By
Node
X-Dc
X-Cdn
Odigeo-Trace-Id
X-EC-Lua
X-NewRelic-App-Data
X-Microcachable
X-No-Session
X-Rule
X-B3-Traceid
X-Drupal-Cache-Tags
Nel
Accept-Language
X-SS-Set-Cookie
X-Cache-NGX
Cf-Ipcountry
X-Uri
X-From
FilterID
X-CF-Powered-By
X-RateLimit-Limit
X-Azure-Ref
X-RTag
Ms-Operation-Id
X-App-Server
X-Source
Time
X-PCL
X-OCL
X-Qloud-Router
X-NWS-UUID-VERIFY
User-Agent
X-Webkit-CSP
X-Backend-TTL
X-Varnish-Cache-Hits
X-Time
X-Edge-O15-RID
X-Hyper-Cache
X-PHP-Host
X-Labrador-Cache-Channel
Proxy-Connection
X-Nginx-Cache
X-Old-Content-Length
X-SERVER
X-Info
X-GoCache-CacheStatus
X-Cache-Grace
Cache-Name
Geo-Info
X-Storage
Uber-Trace-Id
X-CS
X-External-Request-Id
X-D
X-Destination
X-Date
X-Developer
X-DPWN-IS-SECURE
X-G
X-CF-Lambda-Fn
Request-Country
Request-EU
X-Aed
ServerName
Rendered-Blocks
X-GeoIP-Country-Code
X-Application
Meta-Geo-Continent
Mobile-Detection-Method
T-Server
True-Client-Country-4JS
X-Accel-Expires-Debug
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
X-A-Ccd
Viewtype
VivaBuild
X-A
MD5-Digest
Machine
X-CF-Lambda-Version
A
X-Cdn-Srv
Apple-News-Services-Handled
X-Drupal-Cache-Contexts
X-OVcl
X-Processor
X-Connection-Hash
X-OVcl-Cache
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
BehaviorPad-Version
X-ARC
Fastcgi-X-Cache-Version
GEO-REGION-INFO
AsisCache
X-B-Cookie
Apple-News-Services-Request-Url
X-Varnish-Beresp-Status
Arc-Country
X-Region-Sid
X-PAYTM-SRV-ID
X-S-Cookie
X-S
X-VG-WebCache
X-VG-WebServer
X-ScT
X-Twitter-Response-Tags
X-Transaction
X-Session-Fingerprint
X-Trv-Group
X-Vtex-Processado-Em
X-Vdms-Version
X-Request-UUID
X-SRCache-Key
X-Request-URI
Xc-Version
X-Rewrite-Enabled
X-Rojux
X-Vtex-Remote-Cache
X-Varnish-Beresp-Grace
X-VCT
X-Cluster-Node
X-Nc
X-Cluster-Name
X-Reboot
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
Content-Script-Type
X-Trafficlayer-App-Version
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Level-Front-Cache
Content-Style-Type
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Cache-Cookie-Set-From
Thinkindot-CacheControl-Type
X-VG-TLSProxy
Viewport
X-Cache-Expired-At
X-Cdn-Origin
X-Core-Value
X-Generated-On
Thinkindot-Control
X-Newrelic-Synthetics
X-GeoIP-City
Server-Host
Thinkindot-CacheControl
X-Thinkindot-L3
PFcat
X-Geo-Header
X-Edge-Location
X-Served-From
X-Matched-Rule
X-Sn-Servicetimems
X-Rocket-Nginx-Bypass
X-ServiceProvider
User-Cache-Control
X-S-Maxage
X-UnsetCookies
X-NC
X-WADP-Cache
X-Backend-Host
X-Auto-Login
X-BBXSRF
X-Bc-Bl
X-Cache-ASPX
X-Has-Esi
X-Cache-Bucket
X-Gamma-Serve
X-Block-Status
X-RateLimit-Remaining-Second
X-Bip
X-Gen-Mode
X-Agile-Id
X-Owner
X-Fmm-Version
X-Proxy-Upstream
X-VC-Cache
X-Varnish-Cacheable
Wxu-Next-Region
X-Li-Pop
X-Li-Fabric
Memcached
X-FW-Version
X-Is-Gdpr
X-Generated-In
X-Agile-Age
X-Agile
X-JWT-State
X-RateLimit-Limit-Second
X-App-Name
X-Cache-FS-Status
X-Debug-Log
X-Request-Host
X-Developers
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Device-Os
X-Dispatch
X-Eu-Site
X-Fastly-Cache
X-Fetched-On
X-Epic-Correlation-Id
X-Distributor
X-Dispatcher-Server
X-Distil-CS
X-Wikidot-Static-Cache
X-UA
Rt-Fastcgi-Cache
X-WebServer
X-Webstats-RespID
X-Cache-URL
X-Cache-Info
Wxu-Next-Hostname
X-DevSite-Last-Modified
X-CGP
X-Clara-WADP
X-Req
X-CUA
X-Core-Mission
X-Contensis-Viewer-Groups
X-Cms-Context
X-Wikidot-Backend
X-Rocket-Build-Number
We-Hiring
Group
Ha-Gx-Prefs
HA-Ipaddr
Gh-Request-Id
X-Sigma-Backend
FNAC-ModuleRouting
X-Hnp-Log
Heartbleed
X-Sigma
Locid
Mail-Subject
Wxu-Next-Commit
L5d-Success-Class
IsBot
Kp-EeAlive
X-SIPLIST1
Fastly-Drupal-HTML
Cache-Host
CDCHOST
X-Logging-Id
AKAMAI
X-Trace-Id
X-Thanos
X-Swa-Ws
X-Magnolia-Registration
X-LAGOON
X-Slack-Backend
X-TrackingId
Country-Code
X-Servername
X-Irp-Debug
X-Instart-Isnd
X-Server-W
Locale
X-Urbn-Context-Path
X-Backend-State
X-Urbn-Site-Id
X-VServer
Server-Surrogate-Control
Server-ID
X-Micro-Cache
X-Origin-Date
V-Age
N-Cache
Web-Mar-Node
W
X-Varnish-Authentication
X-Origin-Expires
X-Var-Ttl
X-NX-Host
X-LI-Proto
X-Nginx-Cache-Key
X-Varnish-Beresp-Ttl
X-Ms-Version
X-Hash
On-Server
X-Ms-Request-Id
Server-Cache-Control
X-TT-TIMESTAMP
RNT-Machine
X-LI-UUID
X-NodeID
RNT-Time
X-Tumblr-Pixel-3
Fastly-SWR
X-Cache-Tags
Platform
X-Hit
X-Lb-Id
X-Generation-Time
Adler-Geo
Countrycode
Fastly-SIE
X-Scheme
Is-Eu
X-Rebelmouse-Surrogate-Control
Powered-By-ChinaCache
X-Skip-Cache
X-Clientip
X-We-Are-Hiring
X-Rebelmouse-Cache-Control
X-Variation
X-C
X-Platform-Server
Mime-Version
X-Node-Id
X-Sucuri-ID
Cache
Pramga
X-Refresh
X-Response-By
X-Load-Cache
X-TA-CDN-Provider
X-VHOST
X-MCACHE
X-Edge
X-Service
SD-X-WS
X-Instart-Info
X-SN
X-RESPONSE-TIME
X-ND-Cache
X-App-Version
Cloudfront-Viewer-Country
X-BACKEND-TTL
X-APP
Proxy-Firewall
X-CLOUD-TRACE-CONTEXT
HitType
X-Pjax-Url
Environment
X-CDN-Forward
X-Varnish-URL
Vix-Hermes-Req-Id
X-ECACHE
X-Parent-Response-Time
X-CSRF-Token
X-VCache
X-Cache-PHP
Origin
Request-Time
X-B3-Spanid
X-Mid
CF-Cached-On
X-Varnish-Ttl
M-TraceId
X-Vdms-Path
NM-Fastcgi-Cache
X-MSEdge-Flight
X-Wa
X-MSEdge-Features
X-Cdn-Forward
Hostname
X-Ua
X-Correlation-ID
X-Origin-TTL
X-Origin-CC
Server-Ext
Server-Hostname
Pagetype
Sever-Int
Fastly-Backend-Name
X-Up
X-CSRF-TOKEN
X-Ratelimit-Remaining
X-Be
PICS-Label
X-Server-Time
HostName
X-Method
TTL
X-Edge-Server
Cdn-Request-Time
X-TT-LOGID
Cdn-Host
Geoip-Latitude
Pragrma
Geoip-City
X-FPC
X-Pinterest-Direct
X-Wix-Viewer-Type
Cdn
X-DC
Magicmarker
X-Via-PopV
X-ECache
X-HS-Status
X-Protected-By
GeoIp-Country-Code
X-Worker
X-Via-PopH
X-URL
X-Myra-Origin2
CACHE
NtCoent-Length
X-Newrelic-App-Data
X-AK-Request-ID
X-Request-Start
X-Vcl-Version
X-Servedbyhost
Cdnsip
X-Envoy-Upstream-Healthchecked-Cluster
Cdncip
Resin-Trace
X-Branch-Name
Memory
X-Referer
Dt-Cache-Category
X-Policy
X-Azure-Ref-OriginShield
X-Bc
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Zone
X-Litespeed-Cache
Ohc-File-Size
X-Cache-Metadata
X-C-Zone
X-C-Key
X-BC
X-ZONE
X-Air-Hostname
X-NU-AKA-ACS-Version
X-Cache-Host
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Cteonnt-Length
SRV
X-Dynatrace-Js-Agent
Lb
Esi-Enabled
X-Oneagent-Js-Injection
X-FORWARDED-FOR
X-VCL-Version
Release
X-GEO
X-Ratelimit-Limit
GeoIP-Country-Code
Load-Balancing
RequestId
X-Cache-Debug
X-SRV
X-Reqid
Who
X-Pf-Uncompressing
X-ServedByHost
X-NGINX-Cache
XServer
X-Unique-ID
X-Swift-Error
GeoIP-Latitude
X-TH-Server
X-Via-Ucdn
GeoIP-City
Ttl
Pics-Label
Ohc-Cache-HIT
X-Configured-By
X-Fpc
X-Tec-Api-Version
X-Cache-Id
X-AIR-PT
X-Esi-Check
IBM-Web2-Location
Dnion-Transfer-Encoding
X-Tec-Api-Origin
X-Country-IP
UCS
X-Tec-Api-Root
X-Ruxit-Js-Agent
X-Fastly-Country-Code
X-Node-ID
X-Gzip
Server-Int
X-Tb-Optimization-Total-Bytes-Saved
X-COUNTRY
FSS-Cache
Product
X-VarnishDD-TTL
X-Datadome
X-B3-SpanId
X-WPE-Loopback-Upstream-Addr
Powered-By
X-Ocache
MIME-Version
LB
X-WA
Sid
X-Powered-Y
X-Server-IP
Fastly-Soc-X-Request-Id
X-Svr
X-RAMCache
X-SERVER-NAME
X-PF-Uncompressing
Fastly-SSL
X-Apw-Hits
X-Fastly-Request-Id
X-Varnish-Url
X-Fastly-Backend-Reqs
X-Apw-Access-Token
X-Apw-Access-Object
X-Action
X-Apw-Access-Action
X-PJAX-URL
Lfy
FSS-Proxy
X-RPM
X-DB
X-MID
X-DI
X-DSS
X-SD-PageType
X-DW
X-Flog
X-RSL
X-Varnish-Beresp-TTL
C-Via
X-Hello
X-RPS
X-BE
X-ABtesting
Host-ID
X-Flow-Id
X-Agile-Brick-Ok
X-Zalando-Child-Request-Id
X-Render-Time
Xet-Cookie
X-Page-Impression-Id
X-ElasticPress-Search
Tcn
X-LiteSpeed-Cache-Control
Requestid
Amp-Access-Control-Allow-Source-Origin
CF-IPCountry
CDN
X-Amzn-Remapped-Date
SN
X-Amzn-Remapped-Connection
X-Via-CDN
X-Location
My-App
X-Aicache-OS
Cneonction
L
X-Compress-Hint
X-Cache-Backend
X-B3-Parentspanid
X-Check-Cacheable
ProcessTime
X-Debug-Revision
X-Debug-Controller
X-HostName
X-Request-Url
X-LB-ID
X-MiniProfiler-Ids
X-Nananana
X-User
DataCenter
X-Dw-Trace-Id
X-Request-URL
WZWS-RAY
X-Fastly-Cache-Hits
X-App
CloudFront-Viewer-Country