Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
CF-RAY
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Ua-Compatible
X-Iinfo
P3p
X-Template
X-Language
Status
Upgrade
X-AspNetMvc-Version
X-Content-Security-Policy
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Ws-Request-Id
X-Pass-Why
X-Backend
X-Age
X-Server
X-Proxy-Cache
EagleId
X-Amz-Id-2
X-Amz-Request-Id
Xkey
X-Robots-Tag
X-Page-Speed
X-Hacker
Feature-Policy
X-Server-Powered-By
X-Pingback
Server-Timing
Request-Context
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Grace
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-Rq
X-LiteSpeed-Cache
X-Device
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
X-Dns-Prefetch-Control
X-Node
NEL
X-Response-Time
X-Dispatcher
X-WebKit-CSP
X-Ac
X-Cache-Lookup
X-Origin-Upstream-Status
Surrogate-Control
X-Readtime
Request-Id
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
X-DataDome
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Url
X-Rack-Cache
X-Cloud-Trace-Context
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-TtlSet
X-Goog-Hash
X-PC
X-Vname
X-Country-Code
X-DynaTrace
X-Varnish-TTL
Fusion-Deployment-Id
X-ASPNET-VERSION
Allow
X-GitHub-Request-Id
Service-Worker-Allowed
Verso
X-Instart-Request-ID
X-MS-InvokeApp
X-D2id
X-Use-Magma
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
Content-MD5
Accept-CH
SPRequestGuid
X-Server-Name
Pinterest-Generated-By
X-Cached
X-Powered-By-Plesk
X-Trace
X-Forwarded-Proto
X-Navigation-Version
TCN
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-SharePointHealthScore
X-Amz-Rid
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Public-Key-Pins
X-Fastly-Request-ID
X-Vcache
Accept-CH-Lifetime
Nginx-Cache
X-Vcap-Request-Id
X-MSEdge-Ref
X-Debug
X-ESI
X-VARITI-CCR
X-Ttl
SPIisLatency
SPRequestDuration
Arr-Disable-Session-Affinity
Charset
X-B3-TraceId
MS-Author-Via
X-Cache-TTL
X-Accel-Expires
X-NF-Request-ID
X-Server-ID
X-Px
NR-ENABLED
Display
X-DynaTrace-JS-Agent
X-Middleton-Response
Pagespeed
X-Middleton-Display
Response
X-Content-Type
Realpath
X-Client-IP
X-Sol
Cache-Tag
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Edge-Cache-Tag
S
Access-Control-Request-Method
X-Id
X-Powered-CMS
X-Grace
Front-End-Https
X-Pinterest-Rid
Pinterest-Version
X-Jurisdiction
X-Hp-Webp
WPE-Backend
X-Version
X-Upstream
X-Webkit-Csp
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Shield-Request-Id
X-T
X-Element-Page-Cache
X-Hits
X-Fastcgi-Cache
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Node-Name
Fastcgi-Cache
X-Cache-Hit
Accept-Ch
ServerID
AR-CACHE
X-Correlation-Id
Ar-Sid
X-Recruiting
X-Mobile-URL
AMP-Access-Control-Allow-Source-Origin
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-HS-Content-Id
X-HS-Cache-Config
Server-Node
X-HS-Hub-Id
X-Frontend
X-Forwarded-For
TP-L2-Cache
X-XRDS-Location
TP-Cache
Powered
X-FTR-Expires
PB-PID
PB-RID
X-Request-Processing-Time
X-Request-Received
X-DIS-Request-ID
Upgrade-Insecure-Requests
X-Mobile-Rewrite
Arc-Version
Refresh
Accept-Ch-Lifetime
X-HS-Combine-CSS
X-Ezoic-Cdn
X-Shard
Alternate-Protocol
X-TTL
Server-Name
Host-Header
X-Geo-Country
X-Amzn-Trace-Id
X-NWS-LOG-UUID
X-Microsite
X-Request-Handler-Origin-Region
X-Logged-In
X-N
X-LB-Cache
X-Page-Id
X-FTR-Cache-Host
Fastly-Restarts
X-F-Cache
X-ATS-Timestamp
X-User-Agent
Backend-Timing
X-Rid
X-B
X-Akamai-Edgescape
X-Varnish-Age
X-Content-Security-Policy-Report-Only
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-FastCGI-Cache
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-Kinsta-Cache
X-Cache-Key
X-Zen-Fury
Healthy
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Varnish-Grace
X-XRDS-LOCATION
Host
X-Origin-Server
X-Request-Guid
X-Revision
X-Jobs
Fastcgi-Useragent
X-Varnish-Backend
X-App-Environment
X-Hostname
X-B3-Sampled
Actual-Object-TTL
X-Whom
X-AOL-HN
X-B-Cache
X-Seen-By
X-Signature
X-Git-Hash
X-TT
X-FB-Debug
Section-Io-Cache
X-Instance
X-ATG-Version
X-Cache-Action
X-Debug-Info
X-Cache-Age
X-Tumblr-Pixel
X-Esi
X-Tumblr-Pixel-0
X-Tumblr-User
X-Amz-Replication-Status
Frame-Options
Paypal-Debug-Id
X-Type
X-Cluster
Cache-Status
X-Content-Options
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
Trailer
X-Cache-Rule
X-Cache-Operation
X-Endurance-Cache-Level
X-Contextid
X-Content-Powered-By
X-Amzn-Requestid
Source
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Liferay-Portal
Tracecode
X-Host-Name
X-Activity-Id
X-AppVersion
X-Daa-Tunnel
X-Tt-Trace-Tag
X-SERVER
X-Tt-Trace-Host
X-Az
Accept-Charset
X-Presslabs-Stats
X-Amz-Apigw-Id
X-FireWall-Port
X-PHP-Backend
X-Upgrade-Enabled
X-IPLB-Instance
X-Framework
DC
X-WA-Info
From-Origin
Retry-After
X-Accel-Buffering
X-RateLimit-Remaining
X-Response-Served-From
NGB
X-ProcessESI
X-RemovedCookies
Srv
X-Is-Bot
X-UUID
X-Rendered-As
X-Cacheable-TTL
X-FW-Hash
X-Adobe-Loc
X-Adobe-Content
X-FW-Serve
Payment
X-FW-Static
X-FW-Server
X-FW-Type
Surrogate-Key
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Varnish-Server
X-Wix-Request-Id
X-Mobile
X-L-Path
X-RequestSource
X-Cache-NE
X-Environment-Context
X-Region
Eomportal-Instance
X-GeoIP
X-APP-VERSION
X-Cached-By
X-Time-Microsecs
X-UA-Device-Type
X-Handled-By
Filters
X-Proxy
X-Unique-Id
X-Origin-Response-Time
X-Varnish-Hostname
Xserver
Filterid
X-Cache-TTL-Remaining
X-NGENIX-Cache
Datacenter
X-EdgeConnect-Cache-Status
X-Cache-Server
X-Akamai-Transformed
X-Webkit-CSP
X-B3-Traceid
X-Cache-Control
X-Srv
X-Cache-Time
MS-CV
X-Backend-Name
X-TIME
Version
X-CST
X-Status
Server-Info
X-Mode
GEO-INFO
X-Cache-Enabled
X-Yottaa-Metrics
Odigeo-Trace-Id
S-Cnection
Cache-Tv-Group
X-Yottaa-Optimizations
X-Cache-2
X-ES-SERVER
X-Cache-Var-Map
X-CCM
X-Cache-Var
Meta-Geo
X-Path-Route
Cache-Tags
X-FC-Vary-Parameters
Ec-Rule-Version
X-Loop
X-RN-RSRV
OT-Force-Account-Verify
X-IP
Webserver
X-Redis-Cache
X-Rule
X-TNCMS
X-Detected-As
X-Hosted-By
ServedBy
S-Rt
X-Hl-Ver
Cache-Hits
X-ApacheServer
X-FW-Dynamic
Cross-Origin-Window-Policy
Cleartype
X-Forwarded-Host
Origin-Cache-Control
X-Adobe-Source
Origin-Edge-Control
X-Human
X-Web-Node
X-Real-IP
X-Proto
X-Say-Cacheable
X-Say-TTL
X-TX-ID
X-Via-Fastly
X-SayCDN-TTL
X-PERF
X-R9-Blue-Green-Version
TWC-GeoIP-LatLong
X-AWS-Id
TWC-GeoIP-Country
Access-Control-Request-Headers
TWC-Device-Class
Akamai-GRN
X-VWS-Id
TWC-Locale-Group
TWC-Privacy
X-Tb
X-Cache-Config
X-BYPASS-REASON
Webcakes-App-Name
TWC-Connection-Speed
Cache-Key
Now
Webcakes-Region
Property-Id
Webcakes-App-Version
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Alternate-Cache-Key
Decoy-Debug-TTL
Decoy-Debug-Key
Country
Section-Origin-Responded
Decoy-Debug-Status
X-Sorting-Hat-ShopId
Section-Io-Origin-Status
X-Vgn-Hpd-Reason
X-Proxy-Cache-Status
X-Origin-Hint
X-ProxyCache-Key
X-ProxyCache-Status
X-Pubstack
X-Origin
X-Generated
X-LJ-Flow-ID
X-Locale
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NCache
X-EIG-Tracking-Id
X-RCS-CacheZone
X-Shopify-Generated-Cart-Token
X-ShardId
X-ShopId
X-Site-Version
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Proxy-Build
X-Cache-Remote
X-JoinUs
Mn-Server-Ip
X-BCube-Filmed-By
X-ServerID
X-Proxied
Selected-Fe
X-Debug-Cache
X-NYM-Debug-Backend
X-Device-Type
X-Timing-Wait
X-Cache-Status-Check
NGX
X-FB-TRIP-ID
X-HTML-Minification-Powered-By
X-Www-Served-By
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Xfnlog-Site
Content-Disposition
X-Akamai-Request-ID2
X-Zipkin-Id
X-Viewer-Country
X-Content-Age
X-SaId
X-Routing-Service
X-Section
X-Access
X-Cache-NGX
X-Format
DB-Nickname
X-Amzn-Remapped-Content-Length
X-Soup
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Ua-Device
X-Oss-Object-Type
Node
X-Oss-Request-Id
X-Request-Time
X-Microcachable
X-MP-GENERATED-AT
X-Backend-TTL
X-No-Session
X-EC-Lua
X-Cdn
X-Akamai-Request-ID
X-Geo
X-Pad
X-Drupal-Cache-Tags
X-Varnish-Hits
X-CF-Powered-By
Cf-Ipcountry
Time
X-From
X-NewRelic-App-Data
X-IPS-LoggedIn
X-PressLabs-Stats
Nel
X-Generated-By
Accept-Language
X-Dc
X-Pinterest-Direct
X-Azure-Ref
X-NC
X-RateLimit-Limit
X-Old-Content-Length
X-NWS-UUID-VERIFY
X-Amzn-RequestId
X-VCT
X-Source
X-RTag
Uber-Trace-Id
Ms-Operation-Id
User-Agent
X-URL
X-Newrelic-Synthetics
X-Cache-Grace
Cache-Name
FilterID
X-Uri
X-CS
X-MCACHE
X-Edge
X-PHP-Host
X-PCL
X-OCL
X-Labrador-Cache-Channel
X-ECACHE
X-Nginx-Cache
X-Qloud-Router
X-GoCache-CacheStatus
Cache
Proxy-Connection
X-Varnish-Cache-Hits
X-Drupal-Cache-Contexts
X-Magnolia-Registration
X-Litespeed-Cache
X-UA
X-Processor
X-A-Ccd
User-Cache-Control
X-Transaction
X-A
X-Edge-Location
X-DPWN-IS-SECURE
X-Date
X-Destination
X-Developer
X-PAYTM-SRV-ID
Meta-Geo-Continent
X-Aed
X-A-Dcw
X-Application
Machine
X-Vtex-Processado-Em
Fastcgi-X-Cache-Version
MD5-Digest
X-Vtex-Remote-Cache
X-ARC
X-A-Dgt
X-B-Cookie
X-A-Wwc
X-Accel-Expires-Debug
Xc-Version
X-Cache-Bucket
GEO-REGION-INFO
X-CF-Lambda-Fn
X-CF-Lambda-Version
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Connection-Hash
X-APP
X-A-Dam
Arc-Country
AsisCache
Memcached
Rendered-Blocks
X-VG-WebCache
Request-Country
Request-EU
BehaviorPad-Version
X-VG-WebServer
X-D
T-Server
X-G
X-Request-UUID
X-Twitter-Response-Tags
X-Rocket-Nginx-Bypass
X-Request-URI
X-Info
X-SRCache-Key
True-Client-Country-4JS
Viewtype
X-Instart-Info
X-Session-Fingerprint
X-GeoIP-Country-Code
X-Hyper-Cache
X-FORWARDED-FOR
X-S
X-Rewrite-Enabled
Mobile-Detection-Method
X-Rojux
X-Trv-Group
X-S-Cookie
ServerName
X-External-Request-Id
X-Vdms-Version
X-Reboot
VivaBuild
X-ScT
X-Region-Sid
X-CDN-Forward
X-Cluster-Name
X-Cache-URL
X-Thinkindot-L3
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Trafficlayer-App-Name
X-Cdn-Origin
X-Clara-WADP
X-Tumblr-Pixel-3
X-Cdn-Srv
X-Block-Status
X-WADP-Cache
X-LI-Proto
X-Request-Host
X-We-Are-Hiring
X-Level-Front-Cache
X-Li-Fabric
N-Cache
Proxy-Firewall
X-Matched-Rule
X-Irp-Debug
X-VServer
X-Cache-Info
X-SS-Set-Cookie
Viewport
X-Backend-State
X-BBXSRF
X-Micro-Cache
X-Hnp-Log
Thinkindot-CacheControl
Rt-Fastcgi-Cache
X-Slack-Backend
X-Generated-On
X-Trafficlayer-App-Version
Thinkindot-CacheControl-Type
X-Fastly-Cache
X-Gen-Mode
X-Mid
X-DevSite-Last-Modified
X-App-Server
Server-Host
SD-X-WS
X-Fmm-Version
X-Sn-Servicetimems
X-FW-Version
X-Storage
X-Li-Pop
X-VG-TLSProxy
Web-Mar-Node
X-Served-From
X-LI-UUID
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-ServiceProvider
X-GeoIP-City
Thinkindot-Control
X-Trafficlayer-App-Scope
X-Servername
X-Core-Value
X-TrackingId
X-Webstats-RespID
X-S-Maxage
CF-Cached-On
X-UnsetCookies
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-Agile
X-Distil-CS
X-Eu-Site
X-Fetched-On
X-Logging-Id
X-Epic-Correlation-Id
X-Distributor
X-Dispatcher-Server
We-Hiring
X-Generated-In
X-Generation-Time
X-Is-Gdpr
X-JWT-State
X-LAGOON
X-Hash
X-Has-Esi
X-Geo-Header
X-VC-Cache
X-Dispatch
X-Device-Os
X-Bip
X-Cache-ASPX
X-Cache-FS-Status
X-Backend-Host
X-Auto-Login
X-Agile-Id
X-App-Name
X-Cache-Tags
X-CGP
X-CUA
X-Debug-Cookies
X-Debug-Log
X-Core-Mission
X-Contensis-Viewer-Groups
X-Clientip
X-Cluster-Node
X-Agile-Age
Content-Style-Type
W
X-Varnish-Authentication
A
X-Origin-Expires
X-Owner
X-Trace-Id
X-Platform-Server
X-Variation
Adler-Geo
Cache-Host
Country-Code
Countrycode
X-NodeID
Content-Script-Type
X-Varnish-Cacheable
CDCHOST
Vix-Hermes-Req-Id
X-NX-Host
X-Proxy-Upstream
X-Swa-Ws
X-Scheme
X-Var-Ttl
X-Server-W
X-COUNTRY
X-Rebelmouse-Surrogate-Control
X-Req
X-Rocket-Build-Number
X-TT-TIMESTAMP
X-VCache
X-Sigma
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-SN
X-Skip-Cache
X-Sigma-Backend
X-SIPLIST1
X-Nginx-Cache-Key
X-Origin-Date
Mail-Subject
On-Server
Platform
Locid
L5d-Success-Class
Is-Eu
IsBot
Fastly-Drupal-HTML
X-Ms-Version
X-Ms-Request-Id
Server-Surrogate-Control
X-WebServer
V-Age
Server-ID
Server-Cache-Control
RNT-Machine
RNT-Time
HA-Ipaddr
Kp-EeAlive
X-Thanos
FNAC-ModuleRouting
Ha-Gx-Prefs
Group
Fastly-SIE
Gh-Request-Id
Fastly-SWR
X-Sucuri-ID
X-CACHE-KEY
X-Cms-Context
Locale
AKAMAI
X-Varnish-Beresp-Status
X-Urbn-Context-Path
X-Varnish-Beresp-Grace
X-Response-By
X-Gamma-Serve
X-Hit
X-Developers
X-Cache-PHP
X-Urbn-Site-Id
Heartbleed
X-Bc-Bl
X-Cache-Expired-At
X-Time
X-Debug-Cache-Fetch
X-CSRF-Token
X-Debug-Cache-Expiry
X-OVcl-Cache
NM-Fastcgi-Cache
X-Instart-Isnd
X-OVcl
X-Debug-Cache-Store
X-Vdms-Path
Request-Time
X-Refresh
X-C
Geo-Info
X-Varnish-Beresp-Ttl
X-RESPONSE-TIME
PFcat
X-Node-Id
X-Parent-Response-Time
Mime-Version
Sever-Int
M-TraceId
X-B3-Spanid
X-CLOUD-TRACE-CONTEXT
Server-Ext
Server-Hostname
X-Varnish-URL
Pagetype
HostName
X-Nc
X-Protected-By
X-Method
X-Wa
Powered-By-ChinaCache
PICS-Label
X-Via-PopH
X-Lb-Id
X-Via-PopV
X-FPC
X-MSEdge-Flight
Pramga
Magicmarker
X-Worker
X-MSEdge-Features
X-Varnish-Ttl
X-DC
X-Branch-Name
X-SRV
X-Envoy-Upstream-Healthchecked-Cluster
X-Service
X-Request-Start
X-ND-Cache
Origin
Cloudfront-Viewer-Country
X-TA-CDN-Provider
Geoip-Latitude
Geoip-City
X-Pjax-Url
X-Load-Cache
Memory
X-Policy
HitType
X-Be
X-Ratelimit-Remaining
X-Ua
X-GEO
XServer
X-SERVER-NAME
X-HS-Status
Environment
X-C-Zone
X-C-Key
GeoIp-Country-Code
X-Wix-Viewer-Type
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Cteonnt-Length
Esi-Enabled
X-App-Version
X-VCL-Version
Dt-Cache-Category
Who
X-ECache
X-Servedbyhost
X-BACKEND-TTL
X-CSRF-TOKEN
X-Up
X-Via-Ucdn
X-Azure-Ref-OriginShield
X-Newrelic-App-Data
Fastly-Backend-Name
X-Myra-Origin2
NtCoent-Length
X-Cdn-Forward
X-Country-IP
X-Reqid
X-Referer
X-Origin-CC
X-Origin-TTL
X-Bc
X-Zone
Ttl
X-Cache-Metadata
TTL
Hostname
X-Cache-Host
Pragrma
X-TT-LOGID
X-Server-Time
Resin-Trace
SRV
X-Edge-Server
X-BC
Cdn-Host
UCS
Cdn-Request-Time
Cdn
X-Fastly-Country-Code
Product
X-Oneagent-Js-Injection
X-ZONE
X-Vcl-Version
X-Ratelimit-Limit
Cdnsip
Cdncip
X-Pf-Uncompressing
Release
X-AK-Request-ID
X-ServedByHost
Load-Balancing
Lb
X-Swift-Error
X-NGINX-Cache
X-Correlation-ID
GeoIP-Country-Code
X-Server-IP
X-NU-AKA-ACS-Version
CACHE
X-Tec-Api-Version
X-SVT-ORM-RULES
X-Configured-By
GeoIP-Latitude
X-AIR-PT
X-SVT-ORM-VERSION
Sid
X-Tec-Api-Root
GeoIP-City
X-Tec-Api-Origin
X-Ruxit-Js-Agent
FSS-Cache
X-Node-ID
C-Via
X-PJAX-URL
LB
X-Datadome
Dnion-Transfer-Encoding
X-Air-Hostname
X-Dynatrace-Js-Agent
Ohc-File-Size
X-Gzip
X-WPE-Loopback-Upstream-Addr
X-Cache-Id
Warning
X-Esi-Check
MIME-Version
My-App
X-B3-SpanId
Ohc-Cache-HIT
X-Cache-Debug
RequestId
X-Edge-O15-RID
X-Fpc
X-BE
X-TH-Server
X-WA
X-Tb-Optimization-Total-Bytes-Saved
X-UPSTREAM-Address
X-Cache-Backend
X-RAMCache
X-Mvc-Supplant-Cachable
X-Location
X-Sucuri-Cache
X-Svr
X-Powered-Y
Pics-Label
IBM-Web2-Location
X-VarnishDD-TTL
X-Varnish-Url
X-Fastly-Backend-Reqs
X-Varnish-Beresp-TTL
X-Mvc-Supplant-OutputCached
Lfy
X-Fastly-Request-Id
X-Apw-Access-Action
X-Ocache
X-Apw-Access-Object
X-Apw-Access-Token
X-MID
Server-Int
Fastly-SSL
X-Apw-Hits
X-Unique-ID
Xet-Cookie
X-Sucuri-Id
CDN
X-ElasticPress-Search
X-LiteSpeed-Cache-Control
Powered-By
X-SD-PageType
X-Zalando-Child-Request-Id
X-User
Requestid
X-Flow-Id
X-Page-Impression-Id
X-ElasticPress-Query
X-Agile-Brick-Ok
CF-IPCountry
X-Amzn-Remapped-Date
Cneonction
X-Amzn-Remapped-Connection
X-Akamai-ERRuleID
Host-ID
X-Akamai-ERPolicy
Processtime
X-Debug-Revision
X-Aicache-OS
X-Debug-Controller
X-B3-Parentspanid
X-Check-Cacheable
X-PF-Uncompressing
X-Nananana
X-LB-ID
ProcessTime
X-MiniProfiler-Ids
Fastly-Soc-X-Request-Id
CloudFront-Viewer-Country
X-Dw-Trace-Id
X-Fastly-Cache-Hits
X-Request-URL
X-Request-Url
URI
DataCenter
X-Cache-Tag