Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
CF-RAY
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Ua-Compatible
X-Generator
X-Cache-Status
P3p
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-AspNetMvc-Version
X-Content-Security-Policy
X-CDN
X-Buckets
X-Request-ID
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Turbo-Charged-By
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
Feature-Policy
X-Server-Powered-By
X-Pingback
Request-Context
Server-Timing
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Grace
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-Rq
X-LiteSpeed-Cache
X-Server-Id
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Origin-Cache
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
X-Node
NEL
X-Response-Time
X-Dispatcher
X-WebKit-CSP
X-Ac
X-Cache-Lookup
X-Origin-Upstream-Status
Surrogate-Control
Request-Id
X-Readtime
X-Ruxit-JS-Agent
X-Dns-Prefetch-Control
Content-Location
X-Application-Context
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-HW
X-DataDome
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Url
X-Rack-Cache
X-Cloud-Trace-Context
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
X-Country-Code
X-Varnish-TTL
X-DynaTrace
Fusion-Deployment-Id
X-ASPNET-VERSION
Allow
Service-Worker-Allowed
X-GitHub-Request-Id
Verso
X-Instart-Request-ID
X-MS-InvokeApp
Accept-CH
Content-MD5
X-D2id
X-Cdn-Fetch
X-Kinja-Revision
X-Use-Magma
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Kinja-Server
X-Kinja
X-Server-Name
SPRequestGuid
X-Cached
X-Forwarded-Proto
Pinterest-Generated-By
X-Powered-By-Plesk
X-Trace
TCN
X-Amz-Server-Side-Encryption
X-Amz-Rid
X-Abt-Application-Version
X-SharePointHealthScore
X-Navigation-Version
Accept-CH-Lifetime
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Public-Key-Pins
X-Fastly-Request-ID
X-Vcache
X-Ttl
Nginx-Cache
X-Vcap-Request-Id
X-MSEdge-Ref
X-Debug
X-ESI
SPIisLatency
SPRequestDuration
X-VARITI-CCR
Arr-Disable-Session-Affinity
Charset
X-B3-TraceId
MS-Author-Via
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
NR-ENABLED
X-Px
X-DynaTrace-JS-Agent
Pagespeed
X-Middleton-Response
Response
X-Middleton-Display
Display
X-Content-Type
X-Client-IP
X-Sol
Cache-Tag
Realpath
Edge-Cache-Tag
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
Access-Control-Request-Method
X-Id
X-Powered-CMS
X-Grace
X-Server-ID
X-Fastcgi-Cache
Front-End-Https
WPE-Backend
X-Hp-Webp
X-Jurisdiction
X-Pinterest-Rid
X-Version
Pinterest-Version
X-Webkit-Csp
X-Upstream
X-Hits
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Shield-Request-Id
X-T
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
MRF-Tech
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Node-Name
Fastcgi-Cache
ServerID
X-Cache-Hit
AR-CACHE
Ar-Sid
X-Correlation-Id
X-Recruiting
X-Mobile-URL
AMP-Access-Control-Allow-Source-Origin
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend-Server
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-FTR-Cache-Status
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-FTR-Realm
X-Goog-Stored-Content-Encoding
X-FTR-DC
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
Server-Node
TP-Cache
Powered
TP-L2-Cache
X-Forwarded-For
X-FTR-Expires
X-Request-Received
X-Request-Processing-Time
PB-PID
PB-RID
X-XRDS-Location
Accept-Ch
Upgrade-Insecure-Requests
X-Mobile-Rewrite
Arc-Version
X-DIS-Request-ID
Refresh
X-HS-Combine-CSS
X-Ezoic-Cdn
X-Shard
Alternate-Protocol
Server-Name
X-Amzn-Trace-Id
Host-Header
X-Geo-Country
X-NWS-LOG-UUID
X-Request-Handler-Origin-Region
X-Microsite
X-SERVER
X-N
Accept-Ch-Lifetime
X-Page-Id
X-LB-Cache
X-F-Cache
Fastly-Restarts
X-Akamai-Edgescape
X-Rid
X-FTR-Cache-Host
X-Logged-In
X-User-Agent
X-Varnish-Age
Backend-Timing
X-ATS-Timestamp
X-TTL
X-B
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-Zen-Fury
X-Kinsta-Cache
X-Cache-Key
X-ORACLE-APMCS-REQUEST-ID
X-FastCGI-Cache
X-ORACLE-APMCS-TAG
Healthy
X-Via-JSL
X-Varnish-Grace
X-Origin-Server
X-XRDS-LOCATION
Host
X-Revision
X-Request-Guid
X-Jobs
Fastcgi-Useragent
X-Instance
X-App-Environment
X-B-Cache
X-Tumblr-Pixel
X-Tumblr-User
X-Signature
X-Tumblr-Pixel-0
X-Varnish-Backend
X-Hostname
X-Whom
X-TT
X-Type
X-Git-Hash
X-Cache-Age
Section-Io-Cache
Actual-Object-TTL
Paypal-Debug-Id
X-Esi
X-Seen-By
X-AOL-HN
X-ATG-Version
X-Debug-Info
X-Cache-Action
X-Amz-Replication-Status
X-FB-Debug
X-B3-Sampled
Frame-Options
X-Cluster
X-WebKit-CSP-Report-Only
X-Content-Options
Cache-Status
Access-Control-Allow-Method
Trailer
X-Cache-Rule
X-Cache-Operation
X-Contextid
X-Amzn-Requestid
X-Endurance-Cache-Level
X-Content-Powered-By
X-Erf-Bev-Bev-Is-Generated
X-Host-Name
Source
X-Erf-Bev-Bev
Liferay-Portal
Tracecode
X-Az
X-Daa-Tunnel
X-Activity-Id
X-AppVersion
Accept-Charset
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amz-Apigw-Id
X-Presslabs-Stats
X-IPLB-Instance
X-FireWall-Port
X-PHP-Backend
X-Upgrade-Enabled
X-Framework
X-WA-Info
From-Origin
DC
X-Response-Served-From
X-Accel-Buffering
X-RateLimit-Remaining
Retry-After
Srv
NGB
Surrogate-Key
X-FW-Serve
X-FW-Static
X-FW-Type
X-Rendered-As
X-Is-Bot
X-FW-Server
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-FW-Hash
X-L-Path
X-UUID
Payment
X-Adobe-Content
X-Adobe-Loc
X-Environment-Context
X-Varnish-Server
X-Cache-NE
X-Cacheable-TTL
VIX-Pulpo-Upstream-Status
X-GeoIP
Eomportal-Instance
X-RequestSource
VIX-Pulpo-Node
X-Region
X-Mobile
X-ProcessESI
X-RemovedCookies
X-Wix-Request-Id
Filters
X-Time-Microsecs
X-APP-VERSION
X-Cached-By
X-UA-Device-Type
X-Unique-Id
X-Handled-By
X-Proxy
X-Origin-Response-Time
X-Varnish-Hostname
Filterid
X-Cache-TTL-Remaining
X-NGENIX-Cache
Xserver
Datacenter
X-EdgeConnect-Cache-Status
X-Cache-Server
X-Webkit-CSP
X-Cache-Control
X-B3-Traceid
X-Cache-Time
X-Akamai-Transformed
X-Srv
X-Backend-Name
MS-CV
X-TIME
Version
X-CST
X-Status
Server-Info
X-Mode
GEO-INFO
Cache-Tv-Group
S-Cnection
X-Cache-Enabled
X-Yottaa-Metrics
X-Rule
X-Yottaa-Optimizations
Odigeo-Trace-Id
Cache-Tags
X-Cache-Var-Map
Meta-Geo
X-IP
X-CCM
X-Cache-2
X-Cache-Var
X-ES-SERVER
X-Path-Route
Webserver
Ec-Rule-Version
S-Rt
Azure-Version
Azure-InstanceId
OT-Force-Account-Verify
X-FC-Vary-Parameters
X-Detected-As
X-FW-Dynamic
Azure-SiteName
Azure-RegionName
Azure-SlotName
X-Loop
X-TNCMS
X-RN-RSRV
X-NCache
Property-Id
Now
X-Amzn-Remapped-Content-Length
X-TX-ID
X-Origin
X-Redis-Cache
DB-Nickname
X-Web-Node
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
Decoy-Debug-Key
X-Hosted-By
Decoy-Debug-TTL
Decoy-Debug-Status
TWC-Connection-Speed
Akamai-GRN
Webcakes-Region
X-Adobe-Source
X-Proto
X-Real-IP
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Privacy
X-Origin-Hint
TWC-Device-Class
TWC-GeoIP-Country
Cross-Origin-Window-Policy
TWC-Locale-Group
X-AWS-Id
X-Device-Type
Cleartype
X-Vgn-Hpd-Reason
Country
X-VWS-Id
Cache-Hits
Content-Disposition
Cache-Key
Access-Control-Request-Headers
NGX
X-Cache-Config
ServedBy
X-BYPASS-REASON
X-Akamai-Request-ID2
X-Alternate-Cache-Key
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-ApacheServer
Origin-Edge-Control
X-Tb
Section-Io-Id
Section-Io-Origin-Status
Origin-Cache-Control
X-Sorting-Hat-ShopId
X-Backend-TTL
X-ShardId
X-Hl-Ver
X-ShopId
X-Human
X-NYM-Debug-Backend
X-LJ-Flow-ID
X-ProxyCache-Key
X-Pubstack
X-ServerID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-RCS-CacheZone
X-Shopify-Generated-Cart-Token
X-Forwarded-Host
X-PERF
X-Sorting-Hat-PodId
X-EIG-Tracking-Id
X-Shopify-Stage
X-ProxyCache-Status
X-Proxy-Cache-Status
X-Generated
X-Access
X-Cache-Status-Check
X-Format
X-MP-GENERATED-AT
X-Cache-Remote
Selected-Fe
X-Proxy-Build
X-Cache-NGX
X-BCube-Filmed-By
X-Content-Age
X-Xfnlog-Site
X-Debug-Cache
X-JoinUs
X-SaId
X-Viewer-Country
Mn-Server-Ip
X-Timing-Wait
X-HTML-Minification-Powered-By
X-FB-TRIP-ID
X-Section
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
Node
X-Proxied
X-Zipkin-Id
X-Via-Fastly
X-Routing-Service
X-R9-Blue-Green-Version
X-Ua-Device
X-Site-Version
X-Locale
X-Request-Time
X-No-Session
X-Www-Served-By
X-Soup
X-Microcachable
X-EC-Lua
X-Cdn
X-Varnish-Hits
Cf-Ipcountry
X-Generated-By
X-Akamai-Request-ID
X-PressLabs-Stats
X-CF-Powered-By
X-Drupal-Cache-Tags
Accept-Language
X-From
Time
Nel
X-Geo
X-NewRelic-App-Data
X-Pad
X-NC
X-IPS-LoggedIn
X-Dc
X-Azure-Ref
X-Amzn-RequestId
X-RateLimit-Limit
X-NWS-UUID-VERIFY
X-Source
X-VCT
Uber-Trace-Id
X-Old-Content-Length
X-Uri
X-Pinterest-Direct
X-RTag
Ms-Operation-Id
X-URL
User-Agent
X-Newrelic-Synthetics
FilterID
X-CS
X-Cache-Grace
Cache-Name
X-Labrador-Cache-Channel
X-OCL
X-ECACHE
X-Edge
X-MCACHE
X-PHP-Host
X-PCL
X-Nginx-Cache
X-GoCache-CacheStatus
X-CDN-Forward
Cache
X-Varnish-Cache-Hits
Proxy-Connection
X-Qloud-Router
X-Hyper-Cache
X-Drupal-Cache-Contexts
X-Edge-Location
X-Magnolia-Registration
X-Litespeed-Cache
X-UA
MD5-Digest
X-APP
X-Instart-Info
User-Cache-Control
X-Rewrite-Enabled
X-Rojux
Meta-Geo-Continent
Apple-News-Services-Handled
Memcached
Machine
Fastcgi-X-Cache-Version
X-Request-URI
AsisCache
BehaviorPad-Version
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Host
GEO-REGION-INFO
Apple-News-Services-Parsed-Url
X-Request-UUID
VivaBuild
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-VG-WebCache
X-VG-WebServer
X-Vtex-Processado-Em
X-B-Cookie
X-Vtex-Remote-Cache
X-Cache-Bucket
X-Connection-Hash
X-D
X-External-Request-Id
X-FW-Version
X-G
X-Vdms-Version
X-DPWN-IS-SECURE
X-Date
X-Destination
X-Developer
X-ARC
X-Application
Request-EU
ServerName
T-Server
Request-Country
Rendered-Blocks
X-Region-Sid
Xc-Version
X-GeoIP-Country-Code
True-Client-Country-4JS
Viewtype
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Dgt
X-A-Dcw
X-A
X-A-Ccd
X-A-Dam
Mobile-Detection-Method
X-Info
X-Processor
X-Twitter-Response-Tags
X-Session-Fingerprint
X-ScT
X-S
X-SRCache-Key
X-FORWARDED-FOR
X-Trv-Group
X-S-Cookie
X-PAYTM-SRV-ID
X-Transaction
X-Cluster-Name
Server-Surrogate-Control
X-Hnp-Log
X-We-Are-Hiring
Proxy-Firewall
Web-Mar-Node
X-Reboot
SD-X-WS
Gh-Request-Id
Rt-Fastcgi-Cache
X-Storage
X-Wikidot-Static-Cache
X-Has-Esi
On-Server
N-Cache
X-Wikidot-Backend
X-TrackingId
X-Webstats-RespID
X-Slack-Backend
X-DevSite-Last-Modified
X-Varnish-Authentication
X-Generated-On
X-Contensis-Viewer-Groups
X-Servername
X-VG-TLSProxy
X-Gen-Mode
X-Server-W
X-Fmm-Version
X-Fastly-Cache
X-Clara-WADP
X-Cache-URL
X-Backend-State
X-Backend-Host
X-Auto-Login
X-Request-Host
X-BBXSRF
X-Block-Status
X-Cache-Info
X-VServer
X-SS-Set-Cookie
X-Cache-ASPX
X-WADP-Cache
Server-Cache-Control
X-LI-UUID
X-Level-Front-Cache
X-IN-APIGATEWAYSSL
X-LI-Proto
X-Li-Fabric
X-Li-Pop
X-Tumblr-Pixel-3
X-IN-APIGATEWAY
X-Rocket-Nginx-Bypass
X-App-Server
X-Mid
X-Served-From
X-Is-Gdpr
X-JWT-State
X-Irp-Debug
X-S-Maxage
X-UnsetCookies
CF-Cached-On
X-CGP
X-Cache-Tags
X-Urbn-Site-Id
X-Cdn-Origin
X-Sigma
X-Sigma-Backend
X-Origin-Date
Wxu-Next-Hostname
X-SIPLIST1
X-SN
X-VCache
X-App-Name
X-GeoIP-City
Adler-Geo
A
Vix-Hermes-Req-Id
X-Origin-Expires
X-Matched-Rule
Fastly-Drupal-HTML
X-COUNTRY
Wxu-Next-Region
X-Urbn-Context-Path
X-Distil-CS
X-Distributor
X-Dispatcher-Server
X-Device-Os
X-Developers
X-LAGOON
X-Epic-Correlation-Id
X-Fetched-On
X-Varnish-Cacheable
X-Rebelmouse-Surrogate-Control
X-Nginx-Cache-Key
X-Eu-Site
X-Rocket-Build-Number
X-NX-Host
X-Core-Mission
X-Core-Value
Wxu-Next-Commit
X-Cms-Context
X-Cluster-Node
X-CUA
X-Variation
X-Debug-Cookies
X-Debug-Log
X-Generation-Time
X-Geo-Header
X-ServiceProvider
X-Clientip
X-Sn-Servicetimems
Is-Eu
RNT-Machine
X-Micro-Cache
CDCHOST
Kp-EeAlive
IsBot
RNT-Time
Countrycode
Server-Host
Server-ID
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Platform-Server
X-Generated-In
Mail-Subject
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
L5d-Success-Class
Locid
X-Trafficlayer-App-Name
Country-Code
X-Var-Ttl
Platform
X-Hash
Content-Script-Type
Content-Style-Type
Locale
HA-Ipaddr
X-Req
FNAC-ModuleRouting
V-Age
X-Rebelmouse-Cache-Control
Ha-Gx-Prefs
Viewport
Fastly-SWR
We-Hiring
Fastly-SIE
W
X-TT-TIMESTAMP
Thinkindot-Control
X-RateLimit-Limit-Second
X-Proxy-Upstream
Thinkindot-CacheControl-Type
X-WebServer
X-Thinkindot-L3
X-Gamma-Serve
X-RateLimit-Remaining-Second
Thinkindot-CacheControl
X-Time
X-Sucuri-ID
X-Cache-PHP
X-Dispatch
Heartbleed
X-Bc-Bl
Group
X-VC-Cache
X-NodeID
Cache-Host
X-Agile-Id
X-Ms-Request-Id
X-Skip-Cache
X-Owner
X-Agile-Age
X-Agile
X-Swa-Ws
AKAMAI
X-Thanos
X-Hit
X-Logging-Id
X-Scheme
X-Ms-Version
X-CACHE-KEY
X-Trace-Id
X-Bip
X-Cache-FS-Status
X-Cache-Expired-At
X-C
X-Response-By
X-OVcl-Cache
X-Instart-Isnd
X-OVcl
X-Varnish-Beresp-Grace
X-Refresh
X-Varnish-Beresp-Status
NM-Fastcgi-Cache
Request-Time
X-Vdms-Path
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-CSRF-Token
Geo-Info
X-RESPONSE-TIME
PFcat
X-Node-Id
X-B3-Spanid
Sever-Int
X-Varnish-Beresp-Ttl
Mime-Version
X-CLOUD-TRACE-CONTEXT
X-Parent-Response-Time
Server-Ext
Server-Hostname
M-TraceId
X-Varnish-URL
HostName
Powered-By-ChinaCache
X-MSEdge-Flight
X-Wa
X-Protected-By
Pagetype
X-MSEdge-Features
X-SRV
X-Via-PopV
X-Via-PopH
X-Varnish-Ttl
Magicmarker
X-Lb-Id
PICS-Label
Pramga
X-Method
X-FPC
X-Worker
XServer
X-DC
X-Nc
Origin
X-ND-Cache
Cloudfront-Viewer-Country
X-Request-Start
X-Service
X-Envoy-Upstream-Healthchecked-Cluster
X-TA-CDN-Provider
Geoip-Latitude
Memory
X-Branch-Name
HitType
Geoip-City
X-Load-Cache
X-Policy
X-Ua
X-Ratelimit-Remaining
X-GEO
X-Be
GeoIp-Country-Code
X-Planisys-CDN-TTL
X-SERVER-NAME
X-Pjax-Url
X-Planisys-CDN-Rules
X-HS-Status
X-C-Key
X-C-Zone
Environment
X-Planisys-CDN-Cache
X-Wix-Viewer-Type
Esi-Enabled
Cteonnt-Length
X-VCL-Version
X-ECache
Dt-Cache-Category
Who
X-Servedbyhost
X-App-Version
X-CSRF-TOKEN
X-Up
X-Reqid
X-Myra-Origin2
Ttl
Fastly-Backend-Name
X-Newrelic-App-Data
X-Azure-Ref-OriginShield
X-BACKEND-TTL
NtCoent-Length
X-Origin-CC
X-Origin-TTL
X-Bc
X-Country-IP
X-Via-Ucdn
X-Referer
X-Zone
X-Cache-Metadata
TTL
X-TT-LOGID
Hostname
Resin-Trace
X-Server-Time
X-Cache-Host
Pragrma
X-Cdn-Forward
SRV
X-ZONE
X-Vcl-Version
X-Edge-Server
X-Fastly-Country-Code
X-BC
Product
X-Oneagent-Js-Injection
Cdn-Host
UCS
Cdn-Request-Time
X-Ratelimit-Limit
Release
Cdncip
Cdn
Cdnsip
X-Pf-Uncompressing
Load-Balancing
X-ServedByHost
X-AK-Request-ID
X-Swift-Error
X-NGINX-Cache
Lb
X-NU-AKA-ACS-Version
X-Server-IP
GeoIP-Country-Code
X-Correlation-ID
CACHE
X-Tec-Api-Version
X-Tec-Api-Root
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-AIR-PT
X-Tec-Api-Origin
GeoIP-City
X-Configured-By
Sid
GeoIP-Latitude
X-Ruxit-Js-Agent
X-PJAX-URL
FSS-Cache
LB
C-Via
X-Node-ID
X-Datadome
Dnion-Transfer-Encoding
X-Air-Hostname
X-Dynatrace-Js-Agent
Ohc-File-Size
Warning
X-Cache-Id
X-BE
X-WPE-Loopback-Upstream-Addr
X-Esi-Check
X-Gzip
MIME-Version
X-WA
X-Cache-Debug
X-TH-Server
RequestId
My-App
X-Edge-O15-RID
X-Tb-Optimization-Total-Bytes-Saved
Ohc-Cache-HIT
X-UPSTREAM-Address
X-RAMCache
IBM-Web2-Location
X-Location
X-Mvc-Supplant-Cachable
Pics-Label
X-Powered-Y
X-Svr
X-Cache-Backend
X-Fpc
X-B3-SpanId
X-Varnish-Url
X-VarnishDD-TTL
X-Sucuri-Cache
X-Fastly-Request-Id
Lfy
X-Varnish-Beresp-TTL
X-Mvc-Supplant-OutputCached
X-Fastly-Backend-Reqs
Server-Int
X-Ocache
Fastly-SSL
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Hits
X-MID
X-LiteSpeed-Cache-Control
CDN
X-User
X-SD-PageType
X-ElasticPress-Search
Xet-Cookie
Powered-By
X-Zalando-Child-Request-Id
X-Agile-Brick-Ok
X-ElasticPress-Query
X-Page-Impression-Id
Requestid
X-Flow-Id
X-Sucuri-Id
CF-IPCountry
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Processtime
Cneonction
X-Debug-Revision
X-B3-Parentspanid
X-Aicache-OS
X-Debug-Controller
X-Nananana
X-Check-Cacheable
X-Unique-ID
X-PF-Uncompressing
Host-ID
ProcessTime
Fastly-Soc-X-Request-Id
X-LB-ID
CloudFront-Viewer-Country
X-Dw-Trace-Id
X-Fastly-Cache-Hits
X-Request-URL
X-Request-Url
URI
X-MiniProfiler-Ids
DataCenter
X-Cache-Tag