Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
P3P
X-Amz-Cf-Pop
Referrer-Policy
CF-Ray
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
P3p
X-Ua-Compatible
X-Template
X-Language
X-AspNetMvc-Version
Status
Upgrade
X-CDN
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
EagleId
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Xkey
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Feature-Policy
Server-Timing
X-Swift-SaveTime
X-Swift-CacheTime
Request-Context
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Vhost
X-Node
X-Response-Time
NEL
X-Dispatcher
X-WebKit-CSP
X-Ac
X-Cache-Lookup
X-Readtime
X-Origin-Upstream-Status
Surrogate-Control
Request-Id
Content-Location
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Country
X-DataDome
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Akam-SW-Version
Edge-Control
Rating
X-Rack-Cache
X-Url
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
RTSS
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-Goog-Hash
X-Varnish-TTL
X-Country-Code
X-ASPNET-VERSION
X-DynaTrace
X-Instart-Request-ID
Service-Worker-Allowed
Allow
Verso
X-GitHub-Request-Id
Content-MD5
X-Server-Name
X-D2id
X-ESI
Pinterest-Generated-By
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Build
X-MS-InvokeApp
X-Cached
SPRequestGuid
Fusion-Deployment-Id
X-Navigation-Version
X-Powered-By-Plesk
X-Forwarded-Proto
TCN
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Trace
X-Amz-Rid
Public-Key-Pins
X-Vcache
X-Fastly-Request-ID
X-Debug
X-SharePointHealthScore
Nginx-Cache
X-Ttl
X-MSEdge-Ref
X-Vcap-Request-Id
X-B3-TraceId
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Server-ID
X-VARITI-CCR
Accept-CH
Arr-Disable-Session-Affinity
MS-Author-Via
Charset
X-Px
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
SPIisLatency
SPRequestDuration
Pagespeed
Display
Response
X-Middleton-Display
X-Middleton-Response
Realpath
Edge-Cache-Tag
X-Content-Type
X-Fastcgi-Cache
Accept-CH-Lifetime
X-Sol
X-Ser
Accept-Ch
X-Client-IP
X-DynaTrace-JS-Agent
Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Version
NR-ENABLED
Front-End-Https
X-Powered-CMS
X-Id
X-Webkit-Csp
Access-Control-Request-Method
X-Pinterest-Rid
Pinterest-Version
X-Dns-Prefetch-Control
S
X-Grace
X-Jurisdiction
X-Hp-Webp
X-Upstream
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Forwarded-For
Accept-Ch-Lifetime
X-T
X-Hits
X-Element-Page-Cache
X-Content-Digest
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Amz-Meta-S3cmd-Attrs
X-B3-TraceId-Primal
DynaTrace
X-Dw-Request-Base-Id
AR-CACHE
Ar-Sid
Fastcgi-Cache
X-Shield-Request-Id
X-Node-Name
ServerID
X-Mobile-URL
X-Cache-Hit
WPE-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
X-Recruiting
X-FTR-Realm
PB-PID
PB-RID
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Server-Node
Powered
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
TP-L2-Cache
TP-Cache
X-Frontend
X-FTR-Expires
Arc-Version
X-Mobile-Rewrite
AMP-Access-Control-Allow-Source-Origin
X-XRDS-Location
X-DIS-Request-ID
Upgrade-Insecure-Requests
X-Amzn-Trace-Id
X-Request-Received
X-Request-Processing-Time
X-Shard
X-Ezoic-Cdn
Refresh
Alternate-Protocol
X-HS-Combine-CSS
X-NWS-LOG-UUID
X-Correlation-Id
Fastly-Restarts
X-Logged-In
X-Varnish-Age
X-TTL
Server-Name
X-Microsite
X-Request-Handler-Origin-Region
X-Page-Id
X-FTR-Cache-Host
X-LB-Cache
X-Geo-Country
X-F-Cache
X-Akamai-Edgescape
X-User-Agent
X-Rid
X-B
Backend-Timing
X-ATS-Timestamp
X-N
Host-Header
X-Content-Security-Policy-Report-Only
MicrosoftSharePointTeamServices
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Via-JSL
Host
X-XRDS-LOCATION
X-Zen-Fury
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Varnish-Grace
X-Origin-Server
X-Kinsta-Cache
Cache-Status
Healthy
X-Content-Options
X-Request-Guid
Fastcgi-Useragent
X-Hostname
X-B3-Sampled
X-Signature
Access-Control-Allow-Method
X-Revision
X-App-Environment
X-AOL-HN
X-Git-Hash
X-FB-Debug
X-ATG-Version
X-Instance
Section-Io-Cache
X-B-Cache
X-TT
X-Tumblr-Pixel
X-Cache-Action
X-Amz-Replication-Status
X-Tumblr-Pixel-0
X-Debug-Info
X-Type
Frame-Options
Actual-Object-TTL
X-Jobs
Paypal-Debug-Id
X-Tumblr-User
X-Varnish-Backend
X-Whom
X-WebKit-CSP-Report-Only
Trailer
Liferay-Portal
X-Cluster
X-Amz-Apigw-Id
X-Content-Powered-By
X-Seen-By
X-Cache-Rule
X-Cache-Operation
X-Cache-Age
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-FastCGI-Cache
X-PHP-Backend
X-Contextid
X-Endurance-Cache-Level
Tracecode
X-FireWall-Port
X-Cache-Key
X-Amzn-Requestid
X-Az
X-AppVersion
X-Activity-Id
X-Framework
X-Srv
X-WA-Info
X-Host-Name
X-Daa-Tunnel
X-Cached-By
Source
X-Presslabs-Stats
Retry-After
X-IPLB-Instance
X-Upgrade-Enabled
X-Mobile
Accept-Charset
X-Response-Served-From
X-Accel-Buffering
NGB
X-ProcessESI
X-RemovedCookies
X-UUID
X-Is-Bot
DC
X-Rendered-As
Srv
X-Cacheable-TTL
X-FW-Hash
X-FW-Serve
X-Adobe-Loc
Surrogate-Key
X-Adobe-Content
Xserver
X-RateLimit-Remaining
Payment
X-FW-Static
X-FW-Server
X-FW-Type
X-Handled-By
X-RequestSource
X-Tumblr-Pixel-1
X-Varnish-Server
Eomportal-Instance
X-Tumblr-Pixel-2
X-Region
X-L-Path
X-Cache-NE
X-Environment-Context
X-GeoIP
From-Origin
Filters
X-Origin-Response-Time
X-UA-Device-Type
X-Varnish-Hostname
X-Cache-TTL-Remaining
X-Time-Microsecs
X-Wix-Request-Id
X-Proxy
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-EdgeConnect-Cache-Status
Filterid
X-Cache-Server
Server-Info
X-NGENIX-Cache
X-APP-VERSION
X-Backend-Name
Cache-Tv-Group
X-Cache-2
X-Unique-Id
MS-CV
Datacenter
X-TIME
X-Akamai-Transformed
Version
X-Cache-Time
X-Status
X-Cache-Enabled
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Cache-Control
X-Oss-Request-Id
X-Oss-Server-Time
X-CST
X-Oss-Object-Type
X-Mode
X-B3-Traceid
S-Cnection
GEO-INFO
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Var
X-Path-Route
X-ES-SERVER
X-CCM
Meta-Geo
X-Cache-Var-Map
X-IP
X-Detected-As
Ec-Rule-Version
Webserver
X-Loop
X-TNCMS
X-RN-RSRV
X-Ua-Device
X-FW-Dynamic
ServedBy
X-Via-Fastly
OT-Force-Account-Verify
X-Hl-Ver
Cache-Tags
S-Rt
Cleartype
X-PERF
Country
X-Proto
X-Forwarded-Host
X-R9-Blue-Green-Version
X-Real-IP
X-FC-Vary-Parameters
X-Adobe-Source
X-TX-ID
X-ApacheServer
X-BYPASS-REASON
Origin-Cache-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cache-Config
X-Cache-Status-Check
X-VWS-Id
Origin-Edge-Control
Property-Id
X-Pubstack
X-Tb
X-Locale
X-Soup
X-Shopify-Stage
X-AWS-Id
X-RCS-CacheZone
X-Debug-Cache
Content-Disposition
X-Redis-Cache
DB-Nickname
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
Cache-Key
X-Human
Now
Section-Io-Id
Access-Control-Request-Headers
Akamai-GRN
X-Hosted-By
NGX
X-LJ-Flow-ID
Section-Io-Origin-Status
X-EIG-Tracking-Id
X-ShardId
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Device-Type
X-ShopId
TWC-Privacy
TWC-Locale-Group
X-Proxy-Cache-Status
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-ServerID
TWC-Connection-Speed
X-Shopify-Generated-Cart-Token
TWC-Device-Class
X-SayCDN-TTL
X-Say-Cacheable
Section-Io-Origin-Time-Seconds
X-Amzn-Remapped-Content-Length
X-Vgn-Hpd-Reason
X-Origin-Hint
X-Origin
X-Web-Node
X-ProxyCache-Status
X-ProxyCache-Key
X-Sorting-Hat-ShopId
X-Akamai-Request-ID2
X-Alternate-Cache-Key
X-Say-TTL
Section-Origin-Responded
X-Sorting-Hat-PodId
Selected-Fe
X-Content-Age
X-BCube-Filmed-By
Mn-Server-Ip
X-Aspnetmvc-Version
X-Access
X-SaId
X-Format
X-Zipkin-Id
X-Xfnlog-Site
X-Generated
Cross-Origin-Window-Policy
X-HTML-Minification-Powered-By
X-Proxied
X-Www-Served-By
X-Esi
X-FB-TRIP-ID
X-Timing-Wait
X-Routing-Service
X-Request-Time
X-Site-Version
X-Section
X-NYM-Debug-Backend
X-Proxy-Build
Azure-RegionName
X-MP-GENERATED-AT
X-NCache
Azure-InstanceId
Azure-SiteName
X-JoinUs
Azure-Version
Azure-SlotName
Cache-Hits
X-Dc
Node
X-Viewer-Country
X-IPS-LoggedIn
X-Cdn
X-Varnish-Hits
X-Akamai-Request-ID
X-CACHE-KEY
X-Pad
X-Cache-Remote
Odigeo-Trace-Id
X-Generated-By
X-Geo
X-EC-Lua
X-NewRelic-App-Data
X-Microcachable
X-Rule
X-No-Session
X-PressLabs-Stats
Nel
X-Drupal-Cache-Tags
Accept-Language
X-Cache-NGX
X-Amzn-RequestId
X-Backend-TTL
Cf-Ipcountry
X-From
X-Uri
X-Azure-Ref
Time
X-RateLimit-Limit
X-SS-Set-Cookie
X-RTag
Ms-Operation-Id
X-Webkit-CSP
X-App-Server
FilterID
X-Source
X-NWS-UUID-VERIFY
X-CF-Powered-By
User-Agent
X-PCL
X-OCL
X-Qloud-Router
X-Labrador-Cache-Channel
X-PHP-Host
X-Varnish-Cache-Hits
X-SERVER
X-GoCache-CacheStatus
Proxy-Connection
X-Hyper-Cache
X-Old-Content-Length
Uber-Trace-Id
X-Info
X-Cache-Grace
Cache-Name
X-NC
X-Storage
X-Drupal-Cache-Contexts
X-Newrelic-Synthetics
X-VCT
X-CS
X-Nginx-Cache
GEO-REGION-INFO
X-External-Request-Id
MD5-Digest
X-Edge-O15-RID
X-Rojux
X-Processor
True-Client-Country-4JS
X-CF-Lambda-Version
X-PAYTM-SRV-ID
VivaBuild
X-Date
X-Request-URI
X-Region-Sid
X-Reboot
X-Request-UUID
Viewtype
ServerName
AsisCache
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
BehaviorPad-Version
X-G
Request-Country
Request-EU
Fastcgi-X-Cache-Version
X-D
Apple-News-Services-Host
Apple-News-Services-Handled
T-Server
X-OVcl
X-OVcl-Cache
X-GeoIP-Country-Code
X-Edge-Location
X-Connection-Hash
A
X-B-Cookie
X-S
Rendered-Blocks
X-Rewrite-Enabled
X-Accel-Expires-Debug
X-Twitter-Response-Tags
X-S-Cookie
X-Destination
X-Trv-Group
X-Transaction
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-ARC
X-Aed
X-Developer
X-Vtex-Remote-Cache
Meta-Geo-Continent
Machine
X-Application
X-Vtex-Processado-Em
X-VG-WebServer
Mobile-Detection-Method
X-Vdms-Version
X-VG-WebCache
X-A-Dam
X-DPWN-IS-SECURE
X-Session-Fingerprint
X-A
X-Cdn-Srv
X-ScT
X-CF-Lambda-Fn
X-A-Ccd
Xc-Version
X-SRCache-Key
X-VCache
X-Cluster-Name
X-Time
X-LI-Proto
X-Li-Pop
X-Li-Fabric
Cache-Cookie-Set-Lfrom
X-Level-Front-Cache
Cache-Cookie-Set-Idcheck
X-VServer
X-Core-Value
Cache-Cookie-Set-From
X-Served-From
X-JWT-State
X-Rocket-Nginx-Bypass
X-IN-APIGATEWAY
X-Backend-State
X-Has-Esi
Thinkindot-CacheControl-Type
X-IN-APIGATEWAYSSL
X-Varnish-Beresp-Grace
X-Is-Gdpr
X-Varnish-Beresp-Status
Content-Script-Type
Content-Style-Type
X-VG-TLSProxy
Thinkindot-CacheControl
X-Cluster-Node
X-Thinkindot-L3
Server-Host
X-FW-Version
X-GeoIP-City
Viewport
X-Generated-On
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Sn-Servicetimems
X-Trafficlayer-App-Version
PFcat
Memcached
N-Cache
X-Geo-Header
Rt-Fastcgi-Cache
X-LI-UUID
X-DevSite-Last-Modified
X-Matched-Rule
X-Servername
X-Cdn-Origin
Thinkindot-Control
X-ServiceProvider
X-Cache-Expired-At
X-UA
X-S-Maxage
User-Cache-Control
X-Debug-Cache-Expiry
X-Debug-Log
X-Debug-Cookies
X-Debug-Cache-Store
X-CGP
X-Block-Status
X-Cache-ASPX
X-Cache-Bucket
X-Bip
X-Bc-Bl
X-Backend-Host
X-BBXSRF
X-Cache-FS-Status
X-Cache-Info
X-Cms-Context
X-Contensis-Viewer-Groups
X-Core-Mission
X-Clientip
X-Clara-WADP
X-Cache-Tags
X-Cache-URL
X-CUA
X-Magnolia-Registration
X-Skip-Cache
X-SIPLIST1
X-Sigma-Backend
X-Slack-Backend
X-Swa-Ws
X-Trace-Id
X-Thanos
X-Sigma
X-Server-W
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Req
X-Request-Host
X-Scheme
X-Rocket-Build-Number
X-TrackingId
X-TT-TIMESTAMP
X-We-Are-Hiring
X-WADP-Cache
X-WebServer
X-Webstats-RespID
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VC-Cache
X-Varnish-Cacheable
X-Urbn-Context-Path
X-Tumblr-Pixel-3
X-Urbn-Site-Id
X-Var-Ttl
X-Varnish-Authentication
X-Variation
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Fmm-Version
X-Fetched-On
X-Gamma-Serve
X-Gen-Mode
X-Hash
X-Generated-In
X-Fastly-Cache
X-Eu-Site
X-Dispatch
X-Device-Os
X-Dispatcher-Server
X-Distil-CS
X-Epic-Correlation-Id
X-Distributor
X-Hnp-Log
X-Instart-Isnd
X-Origin-Date
X-NX-Host
X-Origin-Expires
X-Owner
X-Proxy-Upstream
X-Platform-Server
X-NodeID
X-Nginx-Cache-Key
X-LAGOON
X-Irp-Debug
X-Logging-Id
X-Micro-Cache
X-Ms-Version
X-Ms-Request-Id
X-Developers
X-Debug-Cache-Fetch
Fastly-SIE
Fastly-Drupal-HTML
Fastly-SWR
FNAC-ModuleRouting
Platform
Countrycode
RNT-Machine
Country-Code
Server-ID
Server-Cache-Control
RNT-Time
Gh-Request-Id
On-Server
Kp-EeAlive
IsBot
Is-Eu
HA-Ipaddr
L5d-Success-Class
Locale
Mail-Subject
Group
Locid
Ha-Gx-Prefs
Heartbleed
Server-Surrogate-Control
X-Agile
CDCHOST
Adler-Geo
X-Agile-Age
X-Varnish-Beresp-Ttl
X-Auto-Login
X-Agile-Id
Wxu-Next-Region
AKAMAI
We-Hiring
W
V-Age
Cache-Host
Wxu-Next-Hostname
Web-Mar-Node
X-App-Name
Wxu-Next-Commit
Powered-By-ChinaCache
Geo-Info
Cache
X-UnsetCookies
X-Sucuri-ID
X-Hit
X-Generation-Time
X-Response-By
X-Nc
X-Lb-Id
X-C
X-Node-Id
X-VHOST
X-Edge
X-MCACHE
X-SN
X-RESPONSE-TIME
X-Refresh
Pramga
Mime-Version
SD-X-WS
X-Instart-Info
X-URL
X-CDN-Forward
Proxy-Firewall
X-ND-Cache
X-APP
Cloudfront-Viewer-Country
X-Service
X-CLOUD-TRACE-CONTEXT
X-TA-CDN-Provider
X-Load-Cache
HitType
X-ECACHE
Vix-Hermes-Req-Id
X-B3-Spanid
Request-Time
X-Varnish-URL
Environment
X-Cache-PHP
X-Mid
X-Parent-Response-Time
Origin
X-Vdms-Path
M-TraceId
X-Pjax-Url
NM-Fastcgi-Cache
X-Varnish-Ttl
X-Wa
X-App-Version
CF-Cached-On
X-MSEdge-Flight
X-MSEdge-Features
X-Correlation-ID
X-BACKEND-TTL
X-CSRF-Token
X-CSRF-TOKEN
Hostname
X-Ua
PICS-Label
Pagetype
Sever-Int
Server-Ext
Server-Hostname
X-Up
Fastly-Backend-Name
X-Origin-TTL
X-Origin-CC
X-Ratelimit-Remaining
X-Be
Geoip-City
Geoip-Latitude
X-FPC
HostName
X-Method
Pragrma
X-Cdn-Forward
X-Pinterest-Direct
X-Server-Time
GeoIp-Country-Code
X-Wix-Viewer-Type
X-Via-PopV
X-Worker
X-TT-LOGID
Cdn-Host
X-Edge-Server
Cdn-Request-Time
X-Protected-By
X-Via-PopH
X-ECache
Magicmarker
X-Tec-Api-Version
X-Newrelic-App-Data
X-Myra-Origin2
X-Tec-Api-Origin
X-Tec-Api-Root
X-Servedbyhost
X-Branch-Name
Cdn
TTL
X-Request-Start
X-Envoy-Upstream-Healthchecked-Cluster
NtCoent-Length
X-HS-Status
X-DC
Dt-Cache-Category
X-Referer
X-Vcl-Version
Cdnsip
Memory
X-Policy
X-Litespeed-Cache
X-Azure-Ref-OriginShield
X-AK-Request-ID
Cdncip
X-C-Key
X-GEO
CACHE
X-C-Zone
X-Cache-Metadata
X-Planisys-CDN-Cache
X-Zone
X-ZONE
X-Planisys-CDN-TTL
X-Bc
Resin-Trace
X-Planisys-CDN-Rules
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-BC
X-NU-AKA-ACS-Version
XServer
X-Dynatrace-Js-Agent
SRV
Cteonnt-Length
Lb
Esi-Enabled
X-Air-Hostname
Ohc-File-Size
X-NGINX-Cache
Release
X-VCL-Version
X-Oneagent-Js-Injection
X-FORWARDED-FOR
X-Cache-Host
X-Ratelimit-Limit
X-Pf-Uncompressing
Ttl
X-ServedByHost
Load-Balancing
X-SRV
Who
X-Reqid
X-Swift-Error
X-Via-Ucdn
X-Cache-Debug
GeoIP-Country-Code
RequestId
X-TH-Server
X-Cache-Id
X-Configured-By
UCS
X-Esi-Check
X-Country-IP
GeoIP-Latitude
GeoIP-City
X-AIR-PT
IBM-Web2-Location
Dnion-Transfer-Encoding
X-Ruxit-Js-Agent
Ohc-Cache-HIT
X-Fastly-Country-Code
Product
X-Gzip
Pics-Label
X-Fpc
X-VarnishDD-TTL
X-Datadome
X-COUNTRY
X-Node-ID
Server-Int
FSS-Cache
X-Tb-Optimization-Total-Bytes-Saved
MIME-Version
X-Unique-ID
Powered-By
X-Ocache
LB
X-WA
Sid
X-WPE-Loopback-Upstream-Addr
X-Powered-Y
X-PJAX-URL
X-Svr
X-Server-IP
X-SERVER-NAME
X-Fastly-Backend-Reqs
X-RAMCache
X-PF-Uncompressing
X-B3-SpanId
Fastly-SSL
X-Varnish-Url
Fastly-Soc-X-Request-Id
X-Fastly-Request-Id
Lfy
X-DSS
X-RPM
X-RPS
X-DI
X-DB
X-MID
X-Action
X-RSL
X-Apw-Hits
C-Via
X-BE
X-Varnish-Beresp-TTL
X-SD-PageType
X-DW
X-Apw-Access-Token
X-Apw-Access-Action
X-Apw-Access-Object
X-ElasticPress-Search
X-Flow-Id
X-Zalando-Child-Request-Id
Xet-Cookie
X-Hello
X-ABtesting
Amp-Access-Control-Allow-Source-Origin
X-LiteSpeed-Cache-Control
X-Page-Impression-Id
X-Flog
Requestid
X-Agile-Brick-Ok
FSS-Proxy
CDN
CF-IPCountry
X-Debug-Controller
X-Aicache-OS
X-Compress-Hint
X-Location
Host-ID
X-Debug-Revision
My-App
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-B3-Parentspanid
SN
X-Render-Time
L
X-Check-Cacheable
X-Fastly-Cache-Hits
X-Request-Url
X-LB-ID
Cneonction
URI
X-Mvc-Supplant-Cachable
X-UPSTREAM-Address
X-Sucuri-Cache
X-Mvc-Supplant-OutputCached
X-MiniProfiler-Ids
CloudFront-Viewer-Country
X-Via-CDN
X-App
ProcessTime
X-Dw-Trace-Id
X-Request-URL
X-User
X-Cache-Backend
DataCenter
X-Nananana