Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
CF-RAY
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Ua-Compatible
X-Iinfo
P3p
X-Template
X-Language
Status
Upgrade
X-AspNetMvc-Version
X-Content-Security-Policy
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
Feature-Policy
X-Server-Powered-By
X-Pingback
Request-Context
Server-Timing
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Grace
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-Rq
X-LiteSpeed-Cache
X-Device
X-Styx-Req-Id
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Server-Id
X-Vhost
X-Host
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Backend-Server
X-Node
NEL
X-Response-Time
X-Dispatcher
X-WebKit-CSP
X-Ac
X-Cache-Lookup
X-Origin-Upstream-Status
Surrogate-Control
X-Readtime
Request-Id
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
X-HW
X-ORACLE-DMS-ECID
X-DataDome
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Url
X-Rack-Cache
X-Cloud-Trace-Context
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
X-Country-Code
X-DynaTrace
X-Varnish-TTL
Fusion-Deployment-Id
X-ASPNET-VERSION
Allow
Service-Worker-Allowed
X-GitHub-Request-Id
Verso
X-Instart-Request-ID
X-MS-InvokeApp
X-D2id
Content-MD5
X-Use-Magma
X-Kinja-Revision
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
Accept-CH
X-Server-Name
SPRequestGuid
Pinterest-Generated-By
X-Cached
X-Forwarded-Proto
X-Powered-By-Plesk
X-Trace
X-Navigation-Version
TCN
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-SharePointHealthScore
X-Amz-Rid
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Public-Key-Pins
X-Fastly-Request-ID
X-Vcache
Nginx-Cache
X-Vcap-Request-Id
Accept-CH-Lifetime
X-MSEdge-Ref
X-Debug
X-ESI
X-Ttl
X-VARITI-CCR
SPRequestDuration
SPIisLatency
Arr-Disable-Session-Affinity
Charset
X-B3-TraceId
MS-Author-Via
X-Accel-Expires
X-Cache-TTL
X-Server-ID
X-NF-Request-ID
NR-ENABLED
X-Px
X-DynaTrace-JS-Agent
X-Middleton-Response
X-Middleton-Display
Pagespeed
Response
Display
X-Content-Type
Realpath
X-Sol
X-Client-IP
Cache-Tag
X-Ser
Edge-Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
Access-Control-Request-Method
X-Powered-CMS
X-Id
X-Grace
X-Pinterest-Rid
Pinterest-Version
Front-End-Https
WPE-Backend
X-Hp-Webp
X-Jurisdiction
X-Version
X-Webkit-Csp
X-Upstream
AR-PoweredBy
X-T
AR-ATIME
AR-Request-ID
X-Hits
X-Shield-Request-Id
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Fastcgi-Cache
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Node-Name
Accept-Ch
ServerID
X-Cache-Hit
Fastcgi-Cache
AR-CACHE
X-Recruiting
Ar-Sid
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Mobile-URL
X-Goog-Stored-Content-Encoding
X-FTR-Backend-Server
X-FTR-Cache-Status
X-GUploader-UploadID
X-FTR-Balancer
X-Goog-Stored-Content-Length
X-FTR-Realm
X-FTR-Backend
X-Goog-Storage-Class
X-FTR-DC
X-Goog-Generation
X-Goog-Metageneration
X-Country-Code-Real
X-HS-Content-Id
Server-Node
X-HS-Hub-Id
X-HS-Cache-Config
X-Frontend
Powered
X-Forwarded-For
X-Request-Processing-Time
X-Request-Received
X-XRDS-Location
TP-Cache
TP-L2-Cache
PB-PID
X-FTR-Expires
PB-RID
X-DIS-Request-ID
Arc-Version
X-Mobile-Rewrite
Upgrade-Insecure-Requests
Refresh
Accept-Ch-Lifetime
X-HS-Combine-CSS
X-Ezoic-Cdn
X-Shard
X-TTL
Alternate-Protocol
Server-Name
X-Amzn-Trace-Id
Host-Header
X-Geo-Country
X-NWS-LOG-UUID
X-Request-Handler-Origin-Region
X-Microsite
X-N
X-Rid
Fastly-Restarts
X-Akamai-Edgescape
X-FTR-Cache-Host
X-F-Cache
X-Logged-In
X-Page-Id
X-LB-Cache
Backend-Timing
X-Varnish-Age
X-B
X-User-Agent
X-ATS-Timestamp
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-FastCGI-Cache
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-Cache-Key
X-Zen-Fury
X-Kinsta-Cache
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Healthy
X-Via-JSL
X-Varnish-Grace
X-Origin-Server
X-XRDS-LOCATION
Host
X-Revision
X-Jobs
X-Request-Guid
X-Varnish-Backend
Fastcgi-Useragent
X-Instance
X-App-Environment
X-Signature
X-Hostname
X-Git-Hash
X-ATG-Version
X-B-Cache
Paypal-Debug-Id
X-Tumblr-User
Actual-Object-TTL
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Seen-By
X-AOL-HN
X-Amz-Replication-Status
Section-Io-Cache
X-Cache-Age
X-TT
X-B3-Sampled
X-FB-Debug
X-Whom
X-Type
X-Esi
X-Cache-Action
X-Debug-Info
Frame-Options
X-Cluster
Cache-Status
X-Content-Options
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
Trailer
X-Cache-Rule
X-Endurance-Cache-Level
X-Cache-Operation
X-Contextid
X-Content-Powered-By
X-Amzn-Requestid
Source
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Host-Name
Liferay-Portal
Tracecode
X-Activity-Id
X-Az
X-AppVersion
X-Daa-Tunnel
X-SERVER
Accept-Charset
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Amz-Apigw-Id
X-Presslabs-Stats
X-FireWall-Port
X-IPLB-Instance
X-PHP-Backend
X-Upgrade-Enabled
DC
X-Framework
X-WA-Info
From-Origin
NGB
X-Response-Served-From
X-Accel-Buffering
Retry-After
X-RateLimit-Remaining
X-ProcessESI
Srv
X-RemovedCookies
Surrogate-Key
X-UUID
X-Is-Bot
X-Rendered-As
X-FW-Hash
X-FW-Type
X-FW-Static
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-FW-Serve
X-FW-Server
X-L-Path
X-Adobe-Loc
Payment
X-Adobe-Content
X-Cacheable-TTL
X-Environment-Context
X-Wix-Request-Id
VIX-Pulpo-Upstream-Status
X-Region
X-Varnish-Server
X-RequestSource
Eomportal-Instance
X-GeoIP
X-Mobile
VIX-Pulpo-Node
X-Cache-NE
X-Cached-By
X-APP-VERSION
X-Time-Microsecs
Filters
X-Handled-By
X-UA-Device-Type
X-Proxy
X-Origin-Response-Time
Xserver
X-Varnish-Hostname
X-Unique-Id
Filterid
X-Cache-TTL-Remaining
X-NGENIX-Cache
Datacenter
X-Cache-Server
X-EdgeConnect-Cache-Status
X-Srv
X-Akamai-Transformed
X-Webkit-CSP
X-Cache-Control
X-B3-Traceid
X-Cache-Time
MS-CV
X-Backend-Name
X-TIME
X-CST
Version
X-Status
Server-Info
Cache-Tv-Group
X-Mode
GEO-INFO
X-Cache-Enabled
X-Cache-2
S-Cnection
X-Yottaa-Metrics
X-Rule
Cache-Tags
X-Yottaa-Optimizations
Odigeo-Trace-Id
X-ES-SERVER
X-IP
X-Path-Route
X-Cache-Var
Webserver
X-Cache-Var-Map
X-CCM
Meta-Geo
X-FC-Vary-Parameters
Azure-InstanceId
X-Detected-As
X-FW-Dynamic
X-Loop
X-RN-RSRV
Azure-Version
OT-Force-Account-Verify
X-Redis-Cache
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-TNCMS
S-Rt
Ec-Rule-Version
Country
X-Pubstack
Cleartype
X-ApacheServer
X-Proto
X-R9-Blue-Green-Version
Decoy-Debug-Key
X-Say-TTL
Decoy-Debug-TTL
Decoy-Debug-Status
X-Real-IP
X-PERF
X-Origin-Hint
X-Hl-Ver
Akamai-GRN
X-Forwarded-Host
Cross-Origin-Window-Policy
X-Hosted-By
X-Human
X-Origin
Cache-Hits
X-NCache
TWC-Device-Class
X-SayCDN-TTL
X-Say-Cacheable
X-Web-Node
TWC-GeoIP-LatLong
X-Via-Fastly
Property-Id
DB-Nickname
X-Amzn-Remapped-Content-Length
TWC-Connection-Speed
ServedBy
TWC-GeoIP-Country
X-TX-ID
TWC-Locale-Group
Webcakes-App-Name
X-Adobe-Source
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
Origin-Edge-Control
Origin-Cache-Control
Now
Section-Origin-Responded
X-Cache-Status-Check
X-Device-Type
Access-Control-Request-Headers
X-Akamai-Request-ID2
X-AWS-Id
Section-Io-Id
X-Alternate-Cache-Key
Cache-Key
Section-Io-Origin-Status
Content-Disposition
Section-Io-Origin-Time-Seconds
X-BYPASS-REASON
X-Cache-Config
X-LJ-Flow-ID
X-Shopify-Stage
X-Site-Version
X-Shopify-Generated-Cart-Token
X-ShopId
X-RCS-CacheZone
X-EIG-Tracking-Id
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
NGX
X-ServerID
X-VWS-Id
X-Vgn-Hpd-Reason
X-Tb
X-ProxyCache-Status
X-ShardId
X-ProxyCache-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-NYM-Debug-Backend
X-Locale
X-Proxy-Cache-Status
X-Xfnlog-Site
X-Www-Served-By
X-Routing-Service
X-Zipkin-Id
X-Format
X-Cache-NGX
X-Content-Age
X-Viewer-Country
X-FB-TRIP-ID
X-SaId
X-MP-GENERATED-AT
X-Proxied
X-Access
X-BCube-Filmed-By
X-Section
X-Timing-Wait
X-JoinUs
X-Proxy-Build
X-Debug-Cache
X-HTML-Minification-Powered-By
Mn-Server-Ip
X-Cache-Remote
Selected-Fe
X-Soup
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Ua-Device
Node
X-Microcachable
X-Request-Time
X-Backend-TTL
X-No-Session
X-Cdn
X-EC-Lua
X-Varnish-Hits
X-Generated-By
X-PressLabs-Stats
X-Akamai-Request-ID
Cf-Ipcountry
X-Geo
X-Drupal-Cache-Tags
X-Pad
X-CF-Powered-By
Accept-Language
X-From
Time
X-NewRelic-App-Data
X-IPS-LoggedIn
Nel
X-Pinterest-Direct
X-Dc
X-Amzn-RequestId
X-Azure-Ref
X-RateLimit-Limit
X-NC
X-NWS-UUID-VERIFY
X-Old-Content-Length
Ms-Operation-Id
Uber-Trace-Id
X-Source
X-RTag
X-VCT
X-Uri
User-Agent
X-Newrelic-Synthetics
X-URL
Cache-Name
X-Cache-Grace
X-CS
FilterID
X-PHP-Host
X-Edge
X-MCACHE
X-Labrador-Cache-Channel
X-OCL
X-PCL
X-ECACHE
X-Nginx-Cache
X-Qloud-Router
X-GoCache-CacheStatus
Cache
X-Varnish-Cache-Hits
Proxy-Connection
X-Hyper-Cache
X-Drupal-Cache-Contexts
X-Edge-Location
X-UA
X-Litespeed-Cache
X-Magnolia-Registration
Request-Country
X-A-Wwc
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
Request-EU
ServerName
X-A-Dcw
X-A-Dgt
X-Aed
X-Accel-Expires-Debug
X-Date
Apple-News-Services-Parsed-Url
X-APP
Apple-News-Services-Handled
X-D
User-Cache-Control
X-Connection-Hash
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
Apple-News-Services-Host
X-Destination
Fastcgi-X-Cache-Version
GEO-REGION-INFO
Machine
BehaviorPad-Version
AsisCache
Apple-News-Services-Request-Url
Arc-Country
Memcached
X-VG-WebCache
X-A
X-Info
X-Rocket-Nginx-Bypass
VivaBuild
X-B-Cookie
X-GeoIP-Country-Code
X-S
X-Rojux
X-G
X-Rewrite-Enabled
X-Instart-Info
X-Reboot
X-Processor
True-Client-Country-4JS
X-Region-Sid
X-PAYTM-SRV-ID
X-Request-UUID
X-Request-URI
Viewtype
X-Cache-Bucket
X-S-Cookie
X-DPWN-IS-SECURE
X-A-Ccd
X-Vdms-Version
X-External-Request-Id
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Developer
X-A-Dam
X-Twitter-Response-Tags
T-Server
X-ARC
X-Session-Fingerprint
X-ScT
X-SRCache-Key
X-Transaction
X-FW-Version
X-Application
X-Trv-Group
Xc-Version
MD5-Digest
X-FORWARDED-FOR
X-CDN-Forward
X-Cluster-Name
X-Has-Esi
X-Hnp-Log
X-Generated-On
Server-Surrogate-Control
X-GeoIP-City
X-Geo-Header
Server-Cache-Control
SD-X-WS
X-IN-APIGATEWAY
Rt-Fastcgi-Cache
Server-Host
X-IN-APIGATEWAYSSL
X-LI-UUID
X-Li-Pop
X-Matched-Rule
X-Micro-Cache
X-Wikidot-Static-Cache
N-Cache
On-Server
X-Is-Gdpr
X-Irp-Debug
X-JWT-State
X-Level-Front-Cache
X-Li-Fabric
X-Gen-Mode
X-Storage
X-Backend-Host
X-Backend-State
X-Cdn-Origin
X-Auto-Login
X-Clara-WADP
X-BBXSRF
X-Cache-URL
X-Tumblr-Pixel-3
X-Cache-Info
X-Cache-ASPX
X-Block-Status
X-SS-Set-Cookie
X-Contensis-Viewer-Groups
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Wikidot-Backend
X-Fastly-Cache
Viewport
X-Core-Value
X-DevSite-Last-Modified
Web-Mar-Node
Proxy-Firewall
X-Fmm-Version
X-LI-Proto
X-Slack-Backend
X-Sn-Servicetimems
X-We-Are-Hiring
Cache-Cookie-Set-Lfrom
Content-Script-Type
Content-Style-Type
X-Served-From
X-Server-W
X-Servername
X-ServiceProvider
Cache-Cookie-Set-From
X-WADP-Cache
X-Varnish-Authentication
X-VG-TLSProxy
X-Mid
X-VServer
X-Trafficlayer-App-Version
X-Trafficlayer-App-Scope
X-Thinkindot-L3
X-TrackingId
X-Trafficlayer-App-Name
X-App-Server
Cache-Cookie-Set-Idcheck
Gh-Request-Id
X-Request-Host
X-Webstats-RespID
X-S-Maxage
X-UnsetCookies
CF-Cached-On
X-CUA
X-TT-TIMESTAMP
X-Core-Mission
X-NX-Host
X-Urbn-Context-Path
X-Debug-Log
X-Device-Os
X-NodeID
X-Developers
X-Cluster-Node
X-Dispatch
X-Debug-Cookies
X-CGP
X-VC-Cache
X-Varnish-Cacheable
X-Origin-Expires
X-Owner
X-Platform-Server
X-Cache-Tags
X-Origin-Date
X-Variation
X-Dispatcher-Server
X-Urbn-Site-Id
X-Bc-Bl
X-Var-Ttl
X-Gamma-Serve
X-Clientip
X-Distil-CS
X-Skip-Cache
X-SIPLIST1
X-Rebelmouse-Surrogate-Control
X-SN
X-Generated-In
X-Logging-Id
X-Generation-Time
X-Cache-FS-Status
X-Rocket-Build-Number
X-Scheme
X-Req
X-Sigma
X-Sigma-Backend
X-Hash
X-WebServer
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-Eu-Site
X-Epic-Correlation-Id
X-Trace-Id
X-LAGOON
X-Distributor
X-Thanos
X-Fetched-On
X-Proxy-Upstream
X-RateLimit-Remaining-Second
X-Ms-Request-Id
X-Swa-Ws
X-Ms-Version
X-Nginx-Cache-Key
X-Cms-Context
Mail-Subject
Platform
Locid
L5d-Success-Class
IsBot
Kp-EeAlive
RNT-Machine
RNT-Time
Wxu-Next-Commit
Wxu-Next-Hostname
We-Hiring
W
Server-ID
V-Age
Is-Eu
Heartbleed
CDCHOST
Country-Code
Cache-Host
AKAMAI
A
Adler-Geo
Countrycode
Fastly-Drupal-HTML
Ha-Gx-Prefs
HA-Ipaddr
Group
FNAC-ModuleRouting
Fastly-SIE
Fastly-SWR
Wxu-Next-Region
Locale
X-Agile-Id
X-App-Name
X-Bip
Vix-Hermes-Req-Id
X-Agile
X-Agile-Age
X-COUNTRY
X-VCache
X-Sucuri-ID
X-Time
X-Varnish-Beresp-Grace
X-Hit
X-Cache-Expired-At
X-Varnish-Beresp-Status
X-CACHE-KEY
X-C
X-Response-By
X-Cache-PHP
NM-Fastcgi-Cache
X-CSRF-Token
Geo-Info
X-Refresh
X-Vdms-Path
X-Instart-Isnd
Request-Time
X-OVcl
X-OVcl-Cache
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-RESPONSE-TIME
PFcat
X-Varnish-Beresp-Ttl
X-Node-Id
Server-Hostname
Sever-Int
Mime-Version
X-B3-Spanid
M-TraceId
Server-Ext
X-Parent-Response-Time
X-CLOUD-TRACE-CONTEXT
X-Varnish-URL
Pagetype
HostName
X-Protected-By
X-Nc
X-MSEdge-Features
X-MSEdge-Flight
Powered-By-ChinaCache
X-Wa
X-Method
X-Via-PopV
X-Lb-Id
X-Worker
PICS-Label
X-Via-PopH
X-FPC
X-Varnish-Ttl
Pramga
Magicmarker
X-DC
X-SRV
X-Envoy-Upstream-Healthchecked-Cluster
X-Service
Origin
X-Branch-Name
X-Request-Start
Cloudfront-Viewer-Country
X-ND-Cache
X-Be
X-TA-CDN-Provider
Geoip-Latitude
HitType
X-Pjax-Url
X-Load-Cache
Geoip-City
X-Policy
Memory
X-Ratelimit-Remaining
X-GEO
X-Ua
GeoIp-Country-Code
XServer
X-Planisys-CDN-Cache
Environment
X-C-Key
X-C-Zone
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-HS-Status
X-SERVER-NAME
Esi-Enabled
X-BACKEND-TTL
X-Wix-Viewer-Type
Cteonnt-Length
X-VCL-Version
X-App-Version
X-ECache
X-Servedbyhost
Dt-Cache-Category
Who
X-CSRF-TOKEN
X-Zone
X-Bc
X-Azure-Ref-OriginShield
X-Up
X-Myra-Origin2
X-Newrelic-App-Data
X-Reqid
X-Via-Ucdn
Fastly-Backend-Name
X-Cdn-Forward
NtCoent-Length
X-Country-IP
X-Origin-TTL
X-Referer
X-Origin-CC
TTL
Ttl
X-Cache-Metadata
Resin-Trace
Pragrma
X-Cache-Host
Hostname
X-Server-Time
X-TT-LOGID
SRV
X-Edge-Server
Cdn-Host
UCS
X-Oneagent-Js-Injection
Cdn-Request-Time
X-Fastly-Country-Code
Product
Cdn
X-ZONE
X-Vcl-Version
X-BC
X-Swift-Error
X-Ratelimit-Limit
Load-Balancing
Cdncip
X-AK-Request-ID
X-Pf-Uncompressing
Release
X-ServedByHost
Cdnsip
X-NGINX-Cache
Lb
X-Correlation-ID
X-NU-AKA-ACS-Version
GeoIP-Country-Code
X-Server-IP
CACHE
X-SVT-ORM-VERSION
FSS-Cache
X-AIR-PT
Sid
X-Tec-Api-Origin
GeoIP-City
GeoIP-Latitude
X-SVT-ORM-RULES
X-Configured-By
X-Tec-Api-Root
X-Tec-Api-Version
X-Ruxit-Js-Agent
LB
Dnion-Transfer-Encoding
X-PJAX-URL
C-Via
X-Node-ID
X-Air-Hostname
X-Datadome
X-Dynatrace-Js-Agent
Ohc-File-Size
X-Esi-Check
X-Gzip
X-WPE-Loopback-Upstream-Addr
Warning
X-Cache-Id
MIME-Version
X-Location
My-App
RequestId
X-B3-SpanId
X-BE
X-Cache-Debug
X-Fpc
X-TH-Server
X-Edge-O15-RID
X-WA
X-Tb-Optimization-Total-Bytes-Saved
Ohc-Cache-HIT
X-UPSTREAM-Address
X-Cache-Backend
IBM-Web2-Location
X-Powered-Y
X-Sucuri-Cache
X-RAMCache
Pics-Label
X-Mvc-Supplant-Cachable
X-Svr
X-Mvc-Supplant-OutputCached
X-Varnish-Beresp-TTL
X-VarnishDD-TTL
X-Varnish-Url
X-Fastly-Request-Id
X-Fastly-Backend-Reqs
Lfy
Server-Int
X-MID
X-Apw-Access-Action
X-Ocache
X-Apw-Hits
Fastly-SSL
X-Apw-Access-Token
X-Apw-Access-Object
X-Unique-ID
Xet-Cookie
X-ElasticPress-Search
X-Flow-Id
Powered-By
X-ElasticPress-Query
X-User
X-Agile-Brick-Ok
X-Sucuri-Id
X-SD-PageType
X-LiteSpeed-Cache-Control
CDN
X-Page-Impression-Id
X-Zalando-Child-Request-Id
Requestid
CF-IPCountry
X-B3-Parentspanid
X-Aicache-OS
X-Akamai-ERPolicy
Host-ID
X-Check-Cacheable
X-Amzn-Remapped-Date
Cneonction
X-Debug-Controller
X-Amzn-Remapped-Connection
X-Nananana
X-Debug-Revision
Processtime
X-Akamai-ERRuleID
X-PF-Uncompressing
X-Cache-Tag
ProcessTime
Fastly-Soc-X-Request-Id
CloudFront-Viewer-Country
X-Request-URL
X-LB-ID
X-Dw-Trace-Id
X-MiniProfiler-Ids
X-Request-Url
URI
DataCenter
X-Fastly-Cache-Hits