Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
CF-RAY
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
P3P
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-FRAME-OPTIONS
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Ua-Compatible
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
P3p
X-Template
X-Language
X-AspNetMvc-Version
Status
Upgrade
X-CDN
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-Turbo-Charged-By
X-Request-ID
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Ws-Request-Id
X-Backend
X-Pass-Why
X-Age
X-Server
EagleId
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-SaveTime
X-Swift-CacheTime
Request-Context
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
NEL
X-Dispatcher
X-Ac
X-Cache-Lookup
X-WebKit-CSP
X-Readtime
X-Origin-Upstream-Status
Surrogate-Control
Request-Id
Content-Location
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-HW
X-ORACLE-DMS-ECID
X-Cnection
X-ORACLE-DMS-RID
X-Country
X-DataDome
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Url
Edge-Control
Rating
X-Rack-Cache
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
RTSS
X-Vname
X-TtlSet
X-PC
X-Goog-Hash
X-FTR-Request-ID
X-Varnish-TTL
X-Country-Code
X-DynaTrace
X-Instart-Request-ID
X-ASPNET-VERSION
Allow
Service-Worker-Allowed
X-GitHub-Request-Id
Verso
Content-MD5
X-Server-Name
X-D2id
X-ESI
Pinterest-Generated-By
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Dns-Prefetch-Control
X-MS-InvokeApp
SPRequestGuid
X-Navigation-Version
X-Cached
X-Powered-By-Plesk
X-Server-ID
X-Vcache
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-B3-TraceId
Fusion-Deployment-Id
X-Abt-Application-Version
X-Amz-Rid
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Trace
X-TEC-API-VERSION
TCN
Public-Key-Pins
X-Fastly-Request-ID
X-Debug
X-SharePointHealthScore
Nginx-Cache
X-MSEdge-Ref
X-VARITI-CCR
X-Vcap-Request-Id
X-Ttl
MS-Author-Via
Accept-Ch
Charset
Arr-Disable-Session-Affinity
X-Px
X-NF-Request-ID
X-Cache-TTL
X-Accel-Expires
SPIisLatency
SPRequestDuration
Edge-Cache-Tag
Accept-CH
Realpath
X-Fastcgi-Cache
X-Middleton-Response
X-Middleton-Display
Pagespeed
Response
Display
X-Webkit-Csp
X-Content-Type
X-Ser
X-Client-IP
X-Sol
Accept-Ch-Lifetime
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Cache-Tag
X-DynaTrace-JS-Agent
X-Version
NR-ENABLED
Front-End-Https
X-Powered-CMS
X-Pinterest-Rid
Pinterest-Version
X-Id
Access-Control-Request-Method
Accept-CH-Lifetime
X-Grace
X-Jurisdiction
S
X-Hp-Webp
AR-PoweredBy
AR-Request-ID
X-Upstream
AR-ATIME
X-Forwarded-For
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Amz-Meta-S3cmd-Attrs
X-Element-Page-Cache
X-Hits
X-T
X-Content-Digest
DynaTrace
X-Dw-Request-Base-Id
Ar-Sid
AR-CACHE
Fastcgi-Cache
X-Shield-Request-Id
X-Mobile-URL
ServerID
X-Node-Name
X-Cache-Hit
X-Recruiting
WPE-Backend
X-FTR-Backend-Server
PB-PID
PB-RID
X-FTR-Balancer
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-FTR-Realm
X-GUploader-UploadID
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-Goog-Generation
X-FTR-Backend
X-Goog-Storage-Class
X-Frontend
Server-Node
Powered
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
TP-L2-Cache
TP-Cache
Arc-Version
X-Mobile-Rewrite
X-FTR-Expires
Upgrade-Insecure-Requests
AMP-Access-Control-Allow-Source-Origin
X-DIS-Request-ID
X-Amzn-Trace-Id
X-Shard
Refresh
X-Ezoic-Cdn
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
Alternate-Protocol
X-TTL
Fastly-Restarts
X-NWS-LOG-UUID
X-Correlation-Id
X-Logged-In
Server-Name
X-Microsite
X-Varnish-Age
X-Request-Handler-Origin-Region
X-FTR-Cache-Host
X-LB-Cache
X-Page-Id
Backend-Timing
X-F-Cache
X-User-Agent
X-B
X-ATS-Timestamp
X-Rid
X-Geo-Country
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-N
MicrosoftSharePointTeamServices
Host-Header
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Via-JSL
Host
X-XRDS-LOCATION
Cache-Status
X-Zen-Fury
X-Kinsta-Cache
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Origin-Server
X-Varnish-Grace
X-Content-Options
Healthy
X-B3-Sampled
X-AOL-HN
X-Revision
X-TT
X-ATG-Version
X-FB-Debug
X-Request-Guid
X-Cache-Action
Section-Io-Cache
X-Jobs
X-B-Cache
X-Signature
X-App-Environment
X-Debug-Info
Access-Control-Allow-Method
X-Amz-Replication-Status
Actual-Object-TTL
Frame-Options
X-Whom
X-Tumblr-Pixel
X-Git-Hash
X-Type
X-Tumblr-User
X-Instance
X-Tumblr-Pixel-0
Paypal-Debug-Id
Fastcgi-Useragent
X-Varnish-Backend
X-Hostname
X-WebKit-CSP-Report-Only
Liferay-Portal
X-Content-Powered-By
X-Cluster
X-Amz-Apigw-Id
X-Seen-By
Trailer
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-Rule
X-Cache-Operation
X-Cache-Age
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Endurance-Cache-Level
X-PHP-Backend
X-Framework
Tracecode
X-Contextid
X-FireWall-Port
X-Az
X-AppVersion
X-Activity-Id
X-Srv
X-Daa-Tunnel
X-FastCGI-Cache
X-Cached-By
X-WA-Info
X-Cache-Key
Source
X-Mobile
X-Upgrade-Enabled
Retry-After
Xserver
X-Host-Name
X-IPLB-Instance
X-Response-Served-From
X-Accel-Buffering
NGB
X-Amzn-Requestid
Accept-Charset
X-RemovedCookies
X-RateLimit-Remaining
X-ProcessESI
Srv
X-Adobe-Content
X-UUID
X-Adobe-Loc
X-Rendered-As
Payment
X-Is-Bot
Surrogate-Key
DC
X-Cache-NE
X-Varnish-Server
X-RequestSource
X-FW-Hash
X-Environment-Context
X-Cacheable-TTL
X-L-Path
Eomportal-Instance
X-FW-Type
X-FW-Static
X-FW-Serve
X-GeoIP
X-FW-Server
X-Region
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Handled-By
X-Origin-Response-Time
From-Origin
X-Varnish-Hostname
Filters
X-Presslabs-Stats
X-UA-Device-Type
X-Cache-TTL-Remaining
X-Proxy
X-Wix-Request-Id
X-Time-Microsecs
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-EdgeConnect-Cache-Status
X-Cache-Server
Filterid
X-Backend-Name
Server-Info
X-CST
X-NGENIX-Cache
X-Cache-2
MS-CV
Datacenter
Cache-Tv-Group
Version
X-Akamai-Transformed
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Cache-Enabled
X-Oss-Storage-Class
X-Status
X-Oss-Hash-Crc64ecma
X-APP-VERSION
X-Unique-Id
X-Cache-Time
X-Cache-Control
X-Mode
X-Yottaa-Metrics
S-Cnection
X-Yottaa-Optimizations
X-ES-SERVER
X-Cache-Var-Map
Meta-Geo
X-CCM
X-Cache-Var
X-RN-RSRV
X-PressLabs-Stats
X-TIME
X-Hl-Ver
X-R9-Blue-Green-Version
Cleartype
X-Forwarded-Host
Webserver
X-CACHE-KEY
X-PERF
ServedBy
X-Via-Fastly
X-ApacheServer
X-Alternate-Cache-Key
Country
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-AWS-Id
X-BYPASS-REASON
Section-Io-Origin-Status
Cache-Key
Origin-Cache-Control
Origin-Edge-Control
Section-Io-Id
Cache-Tags
X-Sorting-Hat-ShopId
X-FC-Vary-Parameters
X-ShardId
X-Redis-Cache
X-RCS-CacheZone
X-Vgn-Hpd-Reason
X-ShopId
X-Shopify-Generated-Cart-Token
X-VWS-Id
X-Tb
X-Sorting-Hat-PodId
X-Proto
X-Shopify-Stage
X-ProxyCache-Key
X-ProxyCache-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Human
X-TX-ID
X-LJ-Flow-ID
X-EIG-Tracking-Id
X-Debug-Cache
OT-Force-Account-Verify
X-Path-Route
TWC-Locale-Group
X-Hosted-By
TWC-Connection-Speed
X-Detected-As
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-FW-Dynamic
Selected-Fe
TWC-Device-Class
Property-Id
Mn-Server-Ip
X-Soup
X-TNCMS
X-Web-Node
Decoy-Debug-TTL
X-SayCDN-TTL
X-Say-TTL
X-Cache-Config
X-Loop
X-Proxy-Cache-Status
X-Say-Cacheable
Now
X-Locale
X-Akamai-Request-ID2
X-Pubstack
X-Proxy-Build
X-Routing-Service
X-Cache-Status-Check
X-SaId
X-Proxied
X-Origin-Hint
X-Device-Type
X-Generated
X-JoinUs
X-Origin
X-ServerID
X-Site-Version
TWC-Privacy
Webcakes-App-Name
X-Xfnlog-Site
X-Zipkin-Id
Access-Control-Request-Headers
Webcakes-App-Version
Webcakes-Region
Decoy-Debug-Status
X-Timing-Wait
X-Www-Served-By
X-Content-Age
Ec-Rule-Version
NGX
X-IPS-LoggedIn
Cross-Origin-Window-Policy
Akamai-GRN
Decoy-Debug-Key
X-Access
X-Pad
X-Ua-Device
X-Format
X-Request-Time
X-FB-TRIP-ID
X-Viewer-Country
X-Section
Content-Disposition
X-Adobe-Source
X-Geo
X-NCache
X-IP
X-Real-IP
X-Amzn-RequestId
Cache-Hits
S-Rt
X-Cache-Remote
X-NYM-Debug-Backend
DB-Nickname
X-Aspnetmvc-Version
Azure-SlotName
Azure-RegionName
X-BCube-Filmed-By
Azure-Version
Azure-InstanceId
X-Amzn-Remapped-Content-Length
X-Esi
GEO-INFO
X-HTML-Minification-Powered-By
X-Akamai-Request-ID
Azure-SiteName
X-Varnish-Hits
X-Dc
Node
X-MP-GENERATED-AT
X-Cdn
Odigeo-Trace-Id
X-NewRelic-App-Data
X-EC-Lua
X-Generated-By
X-Microcachable
X-B3-Traceid
X-No-Session
X-Rule
X-Drupal-Cache-Tags
Nel
Accept-Language
X-SS-Set-Cookie
X-Azure-Ref
Cf-Ipcountry
X-Cache-NGX
FilterID
X-RateLimit-Limit
X-From
X-CF-Powered-By
X-Uri
X-App-Server
Time
X-RTag
Ms-Operation-Id
X-Source
X-Qloud-Router
X-OCL
X-PCL
X-Webkit-CSP
User-Agent
X-Backend-TTL
X-NWS-UUID-VERIFY
X-Labrador-Cache-Channel
Proxy-Connection
X-PHP-Host
X-Varnish-Cache-Hits
X-Edge-O15-RID
X-Old-Content-Length
X-Time
X-Nginx-Cache
X-GoCache-CacheStatus
X-SERVER
X-Info
X-Hyper-Cache
X-Cache-Grace
Cache-Name
Uber-Trace-Id
Geo-Info
X-Storage
Meta-Geo-Continent
T-Server
X-CF-Lambda-Version
MD5-Digest
X-CF-Lambda-Fn
X-PAYTM-SRV-ID
X-Processor
X-Connection-Hash
Request-Country
AsisCache
X-Varnish-Beresp-Grace
Request-EU
Machine
X-Region-Sid
Xc-Version
X-Varnish-Beresp-Status
ServerName
X-Destination
BehaviorPad-Version
A
X-CS
Apple-News-Services-Handled
Apple-News-Services-Host
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Drupal-Cache-Contexts
X-GeoIP-Country-Code
X-Developer
X-Request-URI
X-Date
GEO-REGION-INFO
X-DPWN-IS-SECURE
X-G
X-External-Request-Id
Fastcgi-X-Cache-Version
X-D
X-A-Wwc
X-Vdms-Version
X-B-Cookie
X-SRCache-Key
X-VG-WebCache
X-A
X-Trv-Group
X-ARC
X-Request-UUID
X-Application
X-Aed
VivaBuild
Viewtype
X-Twitter-Response-Tags
X-Accel-Expires-Debug
X-S-Cookie
X-Transaction
True-Client-Country-4JS
X-A-Ccd
X-A-Dam
X-Rewrite-Enabled
X-A-Dcw
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-S
X-Rojux
X-A-Dgt
X-VG-WebServer
X-Cluster-Name
X-VCT
X-Cluster-Node
X-Thinkindot-L3
Cache-Cookie-Set-Lfrom
X-Trafficlayer-App-Scope
X-GeoIP-City
Cache-Cookie-Set-Idcheck
X-Level-Front-Cache
X-IN-APIGATEWAYSSL
Cache-Cookie-Set-From
X-Trafficlayer-App-Name
X-IN-APIGATEWAY
X-Reboot
X-Sn-Servicetimems
X-Trafficlayer-App-Version
Viewport
X-Rocket-Nginx-Bypass
Rendered-Blocks
X-Cdn-Origin
X-Cdn-Srv
X-Cache-Expired-At
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Nc
Thinkindot-Control
X-ScT
PFcat
X-ServiceProvider
X-Newrelic-Synthetics
X-Session-Fingerprint
X-Matched-Rule
X-Core-Value
X-Served-From
Mobile-Detection-Method
X-VG-TLSProxy
X-OVcl-Cache
X-OVcl
X-Generated-On
X-S-Maxage
X-UnsetCookies
User-Cache-Control
X-NC
X-Wikidot-Backend
X-Cache-Bucket
X-Wikidot-Static-Cache
X-Block-Status
X-Bip
X-Req
X-Webstats-RespID
X-BBXSRF
X-Cache-FS-Status
X-Cache-URL
Rt-Fastcgi-Cache
X-RateLimit-Limit-Second
X-Proxy-Upstream
N-Cache
Memcached
X-Request-Host
X-RateLimit-Remaining-Second
X-VServer
X-WADP-Cache
X-Slack-Backend
X-Agile
X-Agile-Age
X-TT-TIMESTAMP
X-Swa-Ws
X-TrackingId
X-Trace-Id
X-Thanos
X-Agile-Id
X-App-Name
X-VC-Cache
X-Rocket-Build-Number
X-Backend-State
X-Varnish-Cacheable
X-Var-Ttl
X-SIPLIST1
X-Sigma-Backend
X-Sigma
X-WebServer
X-Clara-WADP
X-LI-UUID
X-Fastly-Cache
X-Fetched-On
X-Fmm-Version
X-Eu-Site
X-Micro-Cache
X-Distributor
X-Ms-Request-Id
X-Epic-Correlation-Id
X-Magnolia-Registration
X-Gen-Mode
X-Hash
X-Instart-Isnd
X-Servername
X-Irp-Debug
X-LAGOON
X-Generated-In
X-Logging-Id
X-Geo-Header
X-Distil-CS
X-Dispatcher-Server
X-Origin-Expires
X-Core-Mission
X-Origin-Date
X-Owner
X-Li-Pop
X-Hnp-Log
X-DevSite-Last-Modified
X-Li-Fabric
X-CUA
X-NX-Host
X-Device-Os
X-Dispatch
X-Ms-Version
X-Nginx-Cache-Key
X-LI-Proto
X-NodeID
X-Debug-Cookies
X-Debug-Log
X-CGP
X-Cache-Info
CDCHOST
Locid
Cache-Host
Server-ID
Kp-EeAlive
L5d-Success-Class
Ha-Gx-Prefs
RNT-Time
Content-Script-Type
Content-Style-Type
X-UA
Fastly-Drupal-HTML
RNT-Machine
Mail-Subject
Country-Code
IsBot
Wxu-Next-Commit
Web-Mar-Node
Group
Wxu-Next-Hostname
Wxu-Next-Region
X-Varnish-Beresp-Ttl
HA-Ipaddr
FNAC-ModuleRouting
X-Edge-Location
We-Hiring
W
V-Age
X-Is-Gdpr
X-Has-Esi
X-Cache-Tags
Gh-Request-Id
X-FW-Version
X-Clientip
Fastly-SIE
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Lb-Id
X-Tumblr-Pixel-3
X-Server-W
Powered-By-ChinaCache
X-Varnish-Authentication
AKAMAI
Is-Eu
X-Gamma-Serve
Fastly-SWR
Countrycode
X-Hit
Adler-Geo
Platform
X-Developers
Server-Cache-Control
X-Skip-Cache
X-Scheme
X-Rebelmouse-Surrogate-Control
X-Variation
X-Cache-ASPX
X-Auto-Login
X-Backend-Host
Server-Surrogate-Control
X-Bc-Bl
X-Rebelmouse-Cache-Control
X-We-Are-Hiring
X-Debug-Cache-Expiry
Locale
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Heartbleed
X-Platform-Server
X-Contensis-Viewer-Groups
X-JWT-State
X-Cms-Context
On-Server
X-Node-Id
Mime-Version
X-Sucuri-ID
X-Response-By
Cache
X-C
X-Generation-Time
Pramga
X-VHOST
X-Edge
X-MCACHE
X-Load-Cache
X-ND-Cache
X-RESPONSE-TIME
X-Instart-Info
X-Refresh
X-Service
Cloudfront-Viewer-Country
X-SN
SD-X-WS
X-App-Version
X-APP
X-CLOUD-TRACE-CONTEXT
Proxy-Firewall
X-TA-CDN-Provider
HitType
Vix-Hermes-Req-Id
X-CDN-Forward
X-Pjax-Url
X-Varnish-URL
X-ECACHE
X-BACKEND-TTL
Environment
X-CSRF-Token
X-Parent-Response-Time
X-VCache
X-Cache-PHP
Origin
Request-Time
X-B3-Spanid
X-Mid
CF-Cached-On
X-Varnish-Ttl
NM-Fastcgi-Cache
X-Vdms-Path
M-TraceId
X-Wa
Hostname
X-Ua
X-Correlation-ID
X-MSEdge-Features
X-MSEdge-Flight
X-Cdn-Forward
X-Origin-CC
X-Origin-TTL
Sever-Int
Server-Hostname
Pagetype
Fastly-Backend-Name
Server-Ext
X-Up
X-CSRF-TOKEN
X-Ratelimit-Remaining
X-Server-Time
PICS-Label
HostName
X-Be
X-Method
Cdn
X-TT-LOGID
Pragrma
Geoip-Latitude
Cdn-Host
X-Edge-Server
Cdn-Request-Time
X-FPC
Geoip-City
X-Wix-Viewer-Type
X-DC
X-Pinterest-Direct
X-HS-Status
Magicmarker
X-ECache
X-Via-PopV
X-Worker
GeoIp-Country-Code
TTL
X-Via-PopH
X-URL
X-Request-Start
NtCoent-Length
X-Servedbyhost
X-AK-Request-ID
Resin-Trace
X-Branch-Name
Cdnsip
X-Envoy-Upstream-Healthchecked-Cluster
Cdncip
CACHE
X-Myra-Origin2
X-Newrelic-App-Data
X-Protected-By
X-Vcl-Version
X-Policy
X-Referer
X-Azure-Ref-OriginShield
X-Bc
X-SVT-ORM-VERSION
Memory
X-SVT-ORM-RULES
Dt-Cache-Category
X-Litespeed-Cache
X-Zone
Ohc-File-Size
X-C-Zone
X-Cache-Metadata
X-C-Key
X-Cache-Host
X-Air-Hostname
X-NU-AKA-ACS-Version
X-Dynatrace-Js-Agent
Cteonnt-Length
SRV
X-VCL-Version
Lb
X-ZONE
X-Planisys-CDN-TTL
X-FORWARDED-FOR
X-Planisys-CDN-Rules
Release
X-Planisys-CDN-Cache
X-BC
X-Oneagent-Js-Injection
X-Ratelimit-Limit
X-GEO
RequestId
X-SRV
Esi-Enabled
X-Cache-Debug
GeoIP-Country-Code
Load-Balancing
Who
X-ServedByHost
X-Pf-Uncompressing
X-Swift-Error
X-NGINX-Cache
XServer
X-Unique-ID
GeoIP-Latitude
X-TH-Server
Pics-Label
X-Reqid
Ttl
GeoIP-City
X-Via-Ucdn
Ohc-Cache-HIT
X-Fpc
Dnion-Transfer-Encoding
X-Configured-By
X-Cache-Id
X-AIR-PT
X-Country-IP
X-Esi-Check
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
UCS
IBM-Web2-Location
X-Ruxit-Js-Agent
Product
X-COUNTRY
X-Node-ID
X-Datadome
X-Gzip
X-Fastly-Country-Code
X-Tb-Optimization-Total-Bytes-Saved
Server-Int
X-VarnishDD-TTL
FSS-Cache
X-B3-SpanId
X-WPE-Loopback-Upstream-Addr
Powered-By
X-Ocache
MIME-Version
Sid
LB
X-WA
X-Server-IP
X-SERVER-NAME
X-Svr
X-Powered-Y
X-PF-Uncompressing
Fastly-Soc-X-Request-Id
X-RAMCache
Fastly-SSL
X-Action
X-PJAX-URL
X-Varnish-Url
X-Fastly-Request-Id
Lfy
X-Fastly-Backend-Reqs
X-Varnish-Beresp-TTL
X-DW
X-ABtesting
X-Hello
C-Via
X-Flog
X-DB
X-Apw-Hits
X-DSS
X-DI
FSS-Proxy
X-MID
X-Apw-Access-Action
X-SD-PageType
X-RPS
X-RSL
X-Apw-Access-Object
X-BE
X-RPM
X-Apw-Access-Token
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
Amp-Access-Control-Allow-Source-Origin
Host-ID
X-Agile-Brick-Ok
X-ElasticPress-Search
Xet-Cookie
Tcn
X-LiteSpeed-Cache-Control
Requestid
X-Render-Time
CF-IPCountry
My-App
X-Amzn-Remapped-Date
X-Aicache-OS
X-Compress-Hint
X-Amzn-Remapped-Connection
Cneonction
SN
X-Via-CDN
X-Cache-Backend
L
CDN
ProcessTime
X-Check-Cacheable
X-Debug-Revision
X-B3-Parentspanid
X-Debug-Controller
X-HostName
X-Location
X-Nananana
X-App
X-Dw-Trace-Id
DataCenter
X-Request-Url
CloudFront-Viewer-Country
X-Request-URL
X-LB-ID
X-User
X-Fastly-Cache-Hits
X-MiniProfiler-Ids
WZWS-RAY