Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
ETag
Link
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Xss-Protection
X-Cache-Hits
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
X-Request-Id
Alt-Svc
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
Upgrade
X-CDN
X-Ua-Compatible
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Server
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Xkey
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
X-Swift-SaveTime
X-Swift-CacheTime
Feature-Policy
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
X-Varnish-Cache
Grace
X-UA-Device
X-Request-ID
X-Amz-Version-Id
Cf-Railgun
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Device
X-Pantheon-Styx-Hostname
X-Origin-Cache
X-Styx-Req-Id
X-Server-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
NEL
X-Ac
X-Cache-Lookup
X-Dispatcher
X-Readtime
Surrogate-Control
X-Origin-Upstream-Status
X-WebKit-CSP
Content-Location
Request-Id
X-Application-Context
X-Ruxit-JS-Agent
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Country
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-DataDome
X-Akam-SW-Version
X-Rack-Cache
X-Url
Edge-Control
Rating
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
Allow
X-DynaTrace
X-Instart-Request-ID
X-Country-Code
X-Varnish-TTL
X-ASPNET-VERSION
Content-MD5
Verso
Service-Worker-Allowed
X-GitHub-Request-Id
X-Webkit-Csp
X-ESI
Pinterest-Generated-By
X-Server-Name
X-D2id
X-Dns-Prefetch-Control
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-MS-InvokeApp
SPRequestGuid
X-Powered-By-Plesk
X-Cached
X-Navigation-Version
X-Server-ID
X-Amz-Server-Side-Encryption
X-Vcache
X-Forwarded-Proto
X-Debug
X-B3-TraceId
X-Abt-Application-Version
X-Amz-Rid
Accept-Ch
X-MSEdge-Ref
X-Fastly-Request-ID
X-Trace
X-SharePointHealthScore
Public-Key-Pins
Nginx-Cache
X-Vcap-Request-Id
X-TEC-API-ROOT
X-VARITI-CCR
X-TEC-API-ORIGIN
X-TEC-API-VERSION
MS-Author-Via
TCN
Arr-Disable-Session-Affinity
Charset
X-Px
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
X-Ttl
X-Fastcgi-Cache
Edge-Cache-Tag
Accept-Ch-Lifetime
Display
Response
X-Middleton-Response
X-Middleton-Display
Realpath
Pagespeed
SPRequestDuration
SPIisLatency
Fusion-Deployment-Id
X-Sol
X-Content-Type
X-Version
X-Ser
X-Client-IP
Cache-Tag
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Accept-CH
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-DynaTrace-JS-Agent
X-Powered-CMS
X-Pinterest-Rid
Pinterest-Version
Front-End-Https
X-Id
Access-Control-Request-Method
NR-ENABLED
X-Jurisdiction
X-Hp-Webp
Mrf-Cache-Status
MRF-Tech
X-Grace
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Upstream
X-Forwarded-For
Ar-Sid
AR-CACHE
X-Content-Digest
X-T
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Hits
S
DynaTrace
X-Dw-Request-Base-Id
Accept-CH-Lifetime
Fastcgi-Cache
ServerID
X-Mobile-URL
X-Node-Name
X-Amzn-Trace-Id
PB-PID
PB-RID
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-TTL
X-Goog-Generation
X-Goog-Storage-Class
X-Cache-Hit
X-Goog-Metageneration
X-Recruiting
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Server-Node
X-Mobile-Rewrite
Powered
Arc-Version
X-Frontend
X-FTR-Expires
TP-Cache
X-HS-Content-Id
X-Shard
X-HS-Cache-Config
X-Ezoic-Cdn
TP-L2-Cache
X-HS-Hub-Id
X-Shield-Request-Id
AMP-Access-Control-Allow-Source-Origin
X-DIS-Request-ID
Upgrade-Insecure-Requests
Fastly-Restarts
X-XRDS-LOCATION
X-NWS-LOG-UUID
X-Request-Processing-Time
X-Request-Received
Alternate-Protocol
X-HS-Combine-CSS
Refresh
X-Logged-In
X-Varnish-Age
WPE-Backend
X-Correlation-Id
X-Microsite
X-Request-Handler-Origin-Region
Server-Name
X-FTR-Cache-Host
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
X-LB-Cache
Backend-Timing
X-Akamai-Edgescape
X-Page-Id
X-Rid
X-F-Cache
X-ATS-Timestamp
X-User-Agent
X-B
X-Geo-Country
X-Via-JSL
X-N
Host
X-Zen-Fury
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cache-Status
X-ORACLE-APMCS-TAG
X-Origin-Server
Host-Header
X-ORACLE-APMCS-REQUEST-ID
X-Content-Options
X-XRDS-Location
X-Varnish-Grace
X-Kinsta-Cache
X-Revision
X-B3-Sampled
X-Amz-Apigw-Id
X-ATG-Version
X-Amz-Replication-Status
X-AOL-HN
Actual-Object-TTL
X-FB-Debug
X-Cache-Action
Paypal-Debug-Id
X-App-Environment
X-Instance
X-Jobs
X-Tumblr-Pixel-0
X-Tumblr-User
X-Type
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel
X-TT
X-Request-Guid
X-Signature
X-B-Cache
X-Git-Hash
X-Varnish-Backend
Access-Control-Allow-Method
X-Content-Powered-By
Fastcgi-Useragent
X-Debug-Info
Liferay-Portal
Healthy
X-Whom
Section-Io-Cache
Frame-Options
X-Srv
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cache-Key
X-Cluster
X-Seen-By
X-Cached-By
X-Cache-Rule
X-Hostname
X-Daa-Tunnel
X-Cache-Operation
X-Az
X-PHP-Backend
X-AppVersion
X-Activity-Id
X-Framework
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-CST
X-Cache-Age
X-FireWall-Port
Tracecode
X-Amzn-Requestid
X-Presslabs-Stats
X-Mobile
X-Contextid
X-WA-Info
X-Endurance-Cache-Level
Retry-After
X-IPLB-Instance
X-Host-Name
Source
X-Response-Served-From
NGB
X-Accel-Buffering
X-ProcessESI
Accept-Charset
X-Upgrade-Enabled
X-RemovedCookies
Xserver
Srv
DC
Surrogate-Key
Eomportal-Instance
X-Tumblr-Pixel-1
X-Environment-Context
X-FW-Hash
X-Cache-NE
X-Adobe-Content
Payment
X-FW-Serve
X-FW-Server
X-L-Path
X-GeoIP
X-FW-Type
X-FW-Static
X-Region
X-Adobe-Loc
Filters
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-Rendered-As
X-Cacheable-TTL
X-Handled-By
X-Varnish-Server
X-Origin-Response-Time
X-Is-Bot
X-UUID
X-RequestSource
X-FastCGI-Cache
Trailer
X-EdgeConnect-Cache-Status
From-Origin
X-UA-Device-Type
X-Cache-2
Server-Info
X-Cache-TTL-Remaining
X-Backend-Name
X-Proxy
X-APP-VERSION
X-Wix-Request-Id
Cache-Tv-Group
X-RateLimit-Remaining
X-Cache-Server
X-Time-Microsecs
X-Edge-O15-RID
MS-CV
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Oss-Server-Time
X-Oss-Request-Id
X-Dc
X-Cache-Enabled
Version
X-Akamai-Transformed
X-NGENIX-Cache
Datacenter
X-Status
X-Mode
X-Unique-Id
X-TIME
GEO-INFO
X-IPS-LoggedIn
S-Cnection
X-ES-SERVER
FilterID
X-Path-Route
X-Yottaa-Metrics
X-Cache-Var
Meta-Geo
X-B3-Traceid
X-Yottaa-Optimizations
X-Cache-Var-Map
X-RN-RSRV
X-CCM
X-Pad
X-Hl-Ver
X-Forwarded-Host
X-Redis-Cache
X-R9-Blue-Green-Version
X-TX-ID
X-Cache-Status-Check
X-PERF
X-ApacheServer
Cache-Tags
Cleartype
ServedBy
X-NewRelic-App-Data
X-Cache-Control
Decoy-Debug-Status
Akamai-GRN
Decoy-Debug-TTL
X-Cache-Time
X-Alternate-Cache-Key
Origin-Edge-Control
X-Vgn-Hpd-Reason
X-FW-Dynamic
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
Origin-Cache-Control
Country
X-Via-Fastly
X-Tb
NGX
X-Pubstack
X-FC-Vary-Parameters
X-ShopId
X-ShardId
X-EIG-Tracking-Id
X-ServerID
Decoy-Debug-Key
X-Device-Type
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Proto
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
Mn-Server-Ip
X-Detected-As
X-Content-Age
X-Cache-Config
X-AWS-Id
X-Amzn-Remapped-Content-Length
Selected-Fe
Webserver
Now
X-Access
OT-Force-Account-Verify
X-Debug-Cache
X-NCache
X-Soup
X-Timing-Wait
X-TNCMS
X-Site-Version
TWC-Locale-Group
X-Say-TTL
X-SayCDN-TTL
X-Section
X-Varnish-Hits
TWC-GeoIP-LatLong
Property-Id
TWC-Connection-Speed
TWC-Device-Class
X-Zipkin-Id
X-Www-Served-By
X-VWS-Id
X-Web-Node
X-Say-Cacheable
X-SaId
X-LJ-Flow-ID
X-Locale
X-Loop
X-JoinUs
X-IP
X-Origin-Hint
X-Generated
X-Human
TWC-GeoIP-Country
X-Origin
X-Proxied
X-Proxy-Build
X-Routing-Service
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
X-Format
X-Akamai-Request-ID2
Azure-Version
Azure-RegionName
DB-Nickname
Azure-SlotName
Azure-SiteName
Ec-Rule-Version
Azure-InstanceId
X-MP-GENERATED-AT
X-BYPASS-REASON
X-Viewer-Country
X-SS-Set-Cookie
Filterid
X-NYM-Debug-Backend
X-Proxy-Cache-Status
X-ProxyCache-Key
X-Generated-By
X-ProxyCache-Status
X-FB-TRIP-ID
X-RCS-CacheZone
Cross-Origin-Window-Policy
S-Rt
X-Ua-Device
Cache-Key
Content-Disposition
X-Akamai-Request-ID
X-Request-Time
Access-Control-Request-Headers
X-BCube-Filmed-By
X-HTML-Minification-Powered-By
Node
X-Xfnlog-Site
X-Cache-Remote
X-Real-IP
Cache-Hits
Section-Io-Origin-Time-Seconds
X-Amzn-RequestId
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Id
X-App-Server
X-EC-Lua
X-Geo
Nel
X-Uri
X-Adobe-Source
X-Drupal-Cache-Tags
X-Microcachable
Accept-Language
X-PressLabs-Stats
X-No-Session
X-Rule
Odigeo-Trace-Id
X-CACHE-KEY
X-UA
X-OCL
X-PCL
X-Qloud-Router
X-NWS-UUID-VERIFY
X-RTag
Ms-Operation-Id
X-Source
Cf-Ipcountry
X-Varnish-Cache-Hits
Time
X-From
X-Azure-Ref
X-Hyper-Cache
X-Esi
User-Agent
X-Info
X-Cache-NGX
X-Time
X-Backend-TTL
X-Load-Cache
X-RateLimit-Limit
X-Labrador-Cache-Channel
X-PHP-Host
Proxy-Connection
X-Nc
X-Storage
X-Cluster-Node
X-CF-Powered-By
X-GoCache-CacheStatus
X-Old-Content-Length
X-Nginx-Cache
X-Destination
Viewtype
Request-EU
X-Rojux
X-Rewrite-Enabled
AsisCache
BehaviorPad-Version
VivaBuild
Content-Script-Type
Content-Style-Type
MD5-Digest
Meta-Geo-Continent
X-A
Request-Country
Machine
Fastcgi-X-Cache-Version
GEO-REGION-INFO
Arc-Country
X-Varnish-Beresp-Status
A
Apple-News-Services-Handled
T-Server
X-Cache-Grace
Uber-Trace-Id
X-Request-UUID
X-Drupal-Cache-Contexts
Cache-Name
X-Magnolia-Registration
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Date
X-Varnish-Beresp-Grace
X-PAYTM-SRV-ID
X-Application
Apple-News-Services-Parsed-Url
X-Region-Sid
X-Accel-Expires-Debug
X-D
X-ScT
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-S-Cookie
X-Cdn-Srv
X-UnsetCookies
X-OVcl
X-OVcl-Cache
X-B-Cookie
X-A-Dgt
X-Transaction
X-Session-Fingerprint
ServerName
X-Trv-Group
X-Twitter-Response-Tags
X-VG-WebServer
X-VG-WebCache
X-Vdms-Version
X-Processor
X-A-Wwc
X-CF-Lambda-Fn
X-A-Ccd
X-External-Request-Id
X-CF-Lambda-Version
X-S
X-Developer
X-DPWN-IS-SECURE
X-Connection-Hash
X-ARC
Mobile-Detection-Method
X-A-Dam
X-A-Dcw
Powered-By-ChinaCache
X-TA-CDN-Provider
Rendered-Blocks
X-G
X-Aed
X-GeoIP-Country-Code
X-SRCache-Key
Rt-Fastcgi-Cache
X-Cluster-Name
X-Thinkindot-L3
Viewport
X-Trafficlayer-App-Name
X-GeoIP-City
X-Trafficlayer-App-Scope
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Trafficlayer-App-Version
X-Geo-Header
X-Sn-Servicetimems
X-Service
X-Request-URI
X-Served-From
X-Rocket-Nginx-Bypass
X-ServiceProvider
X-Reboot
X-Matched-Rule
X-Generated-On
X-Newrelic-Synthetics
Thinkindot-CacheControl
True-Client-Country-4JS
X-VG-TLSProxy
Server-Host
X-Core-Value
X-Cache-Expired-At
X-Level-Front-Cache
X-IN-APIGATEWAYSSL
X-Cdn-Origin
PFcat
X-CS
X-Edge-Location
X-IN-APIGATEWAY
X-Varnish-Ttl
X-JWT-State
X-Is-Gdpr
X-Gamma-Serve
X-Logging-Id
Pramga
X-Instart-Isnd
User-Cache-Control
X-Hash
X-FW-Version
X-Has-Esi
Server-Cache-Control
W
X-Irp-Debug
Server-Surrogate-Control
X-Generation-Time
X-Agile
X-CUA
X-Core-Mission
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Bc-Bl
X-Contensis-Viewer-Groups
X-Bip
X-CGP
X-Cache-URL
X-Cache-Info
X-Cache-Bucket
X-C
X-Cache-ASPX
X-BBXSRF
X-Backend-State
X-Agile-Id
X-Distil-CS
X-Agile-Age
X-Distributor
X-Fastly-Cache
X-Eu-Site
X-Dispatch
X-Device-Os
X-Auto-Login
X-Debug-Cookies
X-Debug-Log
X-Developers
X-App-Name
X-Fetched-On
X-Micro-Cache
X-Request-Host
X-Varnish-Authentication
X-Rocket-Build-Number
X-Server-W
On-Server
X-Varnish-Cacheable
X-VC-Cache
AKAMAI
Ha-Gx-Prefs
Gh-Request-Id
X-VServer
X-Sigma
X-Var-Ttl
X-Trace-Id
X-Thanos
X-TrackingId
X-Varnish-Beresp-Ttl
X-TT-TIMESTAMP
X-Tumblr-Pixel-3
X-Swa-Ws
Country-Code
X-Sigma-Backend
X-SIPLIST1
X-Slack-Backend
Heartbleed
HA-Ipaddr
X-NX-Host
X-Origin-Date
X-Origin-Expires
X-Nginx-Cache-Key
Memcached
N-Cache
X-Wikidot-Static-Cache
X-ND-Cache
X-Owner
X-NodeID
X-Wikidot-Backend
Kp-EeAlive
IsBot
X-Webstats-RespID
L5d-Success-Class
X-VCache
X-Clara-WADP
Wxu-Next-Hostname
X-WebServer
Wxu-Next-Commit
Wxu-Next-Region
X-Backend-Host
X-WADP-Cache
X-We-Are-Hiring
X-Cms-Context
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Clientip
X-Servername
X-LAGOON
X-Ms-Version
X-Hnp-Log
X-Hit
X-Lb-Id
X-Ms-Request-Id
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Platform-Server
X-Proxy-Upstream
X-Gen-Mode
X-Epic-Correlation-Id
X-Skip-Cache
X-Dispatcher-Server
X-Generated-In
X-Rebelmouse-Surrogate-Control
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-DevSite-Last-Modified
X-LI-Proto
Fastly-SIE
Fastly-SWR
Group
Fastly-Drupal-HTML
Countrycode
CDCHOST
We-Hiring
Locale
Locid
Mime-Version
V-Age
Web-Mar-Node
Server-ID
RNT-Time
Mail-Subject
RNT-Machine
Cache-Host
Cloudfront-Viewer-Country
X-Block-Status
HitType
X-Cache-FS-Status
X-Cache-Tags
X-Sucuri-ID
X-NC
X-Node-Id
Cache-Cookie-Set-From
X-Req
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Geo-Info
X-Ratelimit-Remaining
Platform
Is-Eu
X-S-Maxage
X-Variation
Adler-Geo
X-BACKEND-TTL
Environment
X-Response-By
FNAC-ModuleRouting
X-VHOST
Hostname
X-VCT
X-RESPONSE-TIME
X-Scheme
X-Refresh
X-Fmm-Version
X-CLOUD-TRACE-CONTEXT
X-Parent-Response-Time
X-Cdn-Forward
X-B3-Spanid
Cache
X-Origin-CC
X-Origin-TTL
X-SN
X-Instart-Info
Fastly-Backend-Name
X-Pjax-Url
X-Up
X-Varnish-URL
X-APP
SD-X-WS
X-CSRF-Token
X-CDN-Forward
Geoip-City
Proxy-Firewall
Geoip-Latitude
X-Server-Time
X-MCACHE
X-Edge
Origin
X-FPC
X-App-Version
Cdn-Request-Time
Pragrma
X-TT-LOGID
M-TraceId
X-Edge-Server
X-Correlation-ID
Cdn-Host
GeoIp-Country-Code
PICS-Label
X-MSEdge-Features
X-MSEdge-Flight
Request-Time
X-Cache-PHP
Vix-Hermes-Req-Id
X-CSRF-TOKEN
X-Wa
TTL
X-AK-Request-ID
X-Vcl-Version
Cdnsip
CACHE
X-Vdms-Path
Cdncip
X-Cache-Host
X-Ruxit-Js-Agent
X-Be
X-HS-Status
X-Mid
X-SVT-ORM-VERSION
X-ECACHE
X-SVT-ORM-RULES
Ohc-File-Size
CF-Cached-On
NM-Fastcgi-Cache
X-Wix-Viewer-Type
NtCoent-Length
X-ECache
X-NU-AKA-ACS-Version
X-Air-Hostname
Server-Ext
Sever-Int
Server-Hostname
Pagetype
X-URL
X-Ratelimit-Limit
Cdn
X-Tec-Api-Root
X-Tec-Api-Origin
X-Myra-Origin2
X-Tec-Api-Version
Resin-Trace
X-Ua
Magicmarker
X-Pf-Uncompressing
X-ServedByHost
X-Cache-Debug
RequestId
X-Method
X-Bc
Memory
X-Zone
HostName
X-Cache-Metadata
X-GEO
X-ZONE
Tcn
X-BC
X-TH-Server
X-Worker
Cteonnt-Length
Ohc-Cache-HIT
X-Dynatrace-Js-Agent
SRV
X-Swift-Error
X-Newrelic-App-Data
X-Request-Start
X-Via-PopH
X-Via-PopV
X-Branch-Name
X-Protected-By
X-NGINX-Cache
X-Referer
Release
X-Envoy-Upstream-Healthchecked-Cluster
X-Oneagent-Js-Injection
IBM-Web2-Location
X-FORWARDED-FOR
XServer
X-Azure-Ref-OriginShield
Load-Balancing
Dnion-Transfer-Encoding
Dt-Cache-Category
X-Servedbyhost
Server-Int
X-Policy
X-Unique-ID
X-Planisys-CDN-Cache
X-Ocache
X-Tb-Optimization-Total-Bytes-Saved
X-Planisys-CDN-TTL
Lb
X-Planisys-CDN-Rules
X-Fastly-Country-Code
Powered-By
X-Configured-By
X-Cache-Id
X-Esi-Check
X-C-Zone
X-C-Key
X-WA
X-Reqid
X-AIR-PT
Esi-Enabled
X-DC
X-B3-SpanId
Fastly-Soc-X-Request-Id
X-VCL-Version
X-Gzip
X-Node-ID
Who
Ttl
Pics-Label
X-Datadome
X-COUNTRY
Fastly-SSL
X-SRV
X-Action
X-Via-Ucdn
GeoIP-Country-Code
MIME-Version
X-DW
X-DSS
X-Flog
X-VarnishDD-TTL
X-Hello
X-ABtesting
X-DI
UCS
X-RSL
X-DB
X-Country-IP
X-RPS
GeoIP-City
GeoIP-Latitude
X-RPM
X-HostName
FSS-Cache
X-PF-Uncompressing
X-Fpc
X-Svr
X-Powered-Y
Product
X-WPE-Loopback-Upstream-Addr
Host-ID
LB
X-SERVER-NAME
X-RAMCache
X-Cache-Backend
X-Fastly-Backend-Reqs
X-Via-CDN
X-PJAX-URL
X-Amzn-Remapped-Connection
Lfy
ProcessTime
X-Amzn-Remapped-Date
X-Render-Time
X-Fastly-Request-Id
X-Varnish-Url
CF-IPCountry
FSS-Proxy
X-MID
X-UPSTREAM-Address
X-Server-IP
X-Varnish-Beresp-TTL
X-Pinterest-Direct
Sid
X-SD-PageType
X-User
X-Agile-Brick-Ok
X-Beluga-Cache-Status
X-Zalando-Child-Request-Id
Xet-Cookie
X-Beluga-Node
X-Beluga-Trace
X-Internal-Host
X-Key
X-Page-Impression-Id
X-Flow-Id
X-Apw-Access-Token
Amp-Access-Control-Allow-Source-Origin
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
X-LiteSpeed-Cache-Control
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Status
Requestid
X-BE
X-Compress-Hint
X-Aicache-OS
WZWS-RAY
CDN
Cneonction
X-Sucuri-Cache
X-B3-Parentspanid
X-Check-Cacheable
SN
X-Debug-Revision
L
X-Tid
X-Debug-Controller
X-Sucuri-Id
X-Litespeed-Cache-Control
C-Via
X-Nananana
X-LB-ID
X-ElasticPress-Search
CloudFront-Viewer-Country
X-App
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-Fastly-Cache-Hits
X-Request-Url
X-Location
DataCenter
X-Request-URL