Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Ua-Compatible
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
P3p
X-Template
X-Language
Status
Upgrade
X-AspNetMvc-Version
X-Content-Security-Policy
X-Buckets
Content-Encoding
X-CDN
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-AH-Environment
X-Turbo-Charged-By
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
Feature-Policy
X-Server-Powered-By
X-Pingback
Server-Timing
Request-Context
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Grace
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Cf-Railgun
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Server-Id
X-Rq
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Origin-Cache
X-Vhost
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Response-Time
X-Dispatcher
X-WebKit-CSP
X-Ac
NEL
X-Cache-Lookup
X-Origin-Upstream-Status
X-Readtime
Surrogate-Control
Request-Id
X-Dns-Prefetch-Control
Content-Location
X-Application-Context
X-Ruxit-JS-Agent
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
X-DataDome
X-Cnection
X-Country
X-Mod-Pagespeed
X-Akam-SW-Version
X-Url
Edge-Control
Rating
X-Cloud-Trace-Context
X-Rack-Cache
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
X-Country-Code
X-DynaTrace
X-Varnish-TTL
X-ASPNET-VERSION
Service-Worker-Allowed
X-GitHub-Request-Id
Allow
X-Instart-Request-ID
Verso
Fusion-Deployment-Id
X-MS-InvokeApp
Content-MD5
X-D2id
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Server-Name
SPRequestGuid
Pinterest-Generated-By
X-Cached
X-Powered-By-Plesk
X-Forwarded-Proto
X-Trace
X-Ttl
X-Navigation-Version
Accept-CH
X-Vcache
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-SharePointHealthScore
X-Amz-Rid
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-ESI
X-Fastly-Request-ID
Public-Key-Pins
TCN
Nginx-Cache
X-Vcap-Request-Id
X-Debug
X-MSEdge-Ref
X-VARITI-CCR
SPRequestDuration
SPIisLatency
Arr-Disable-Session-Affinity
Accept-CH-Lifetime
Charset
X-B3-TraceId
MS-Author-Via
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
X-Px
Display
Pagespeed
Response
X-Middleton-Display
X-Middleton-Response
NR-ENABLED
X-Content-Type
Realpath
X-Client-IP
X-Sol
X-Ser
X-DynaTrace-JS-Agent
Edge-Cache-Tag
Cache-Tag
X-Fastcgi-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
Access-Control-Request-Method
X-Powered-CMS
X-Id
X-Grace
Front-End-Https
X-Pinterest-Rid
Pinterest-Version
X-Version
X-Hp-Webp
X-Jurisdiction
X-Upstream
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Webkit-Csp
X-T
Accept-Ch
X-Hits
X-Element-Page-Cache
WPE-Backend
X-Amz-Meta-S3cmd-Attrs
X-Shield-Request-Id
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Node-Name
Fastcgi-Cache
AR-CACHE
Ar-Sid
ServerID
X-Server-ID
X-Cache-Hit
X-Recruiting
X-Forwarded-For
X-Correlation-Id
Accept-Ch-Lifetime
X-Mobile-URL
AMP-Access-Control-Allow-Source-Origin
X-Goog-Metageneration
X-Goog-Storage-Class
X-FTR-Cache-Status
X-FTR-Backend
X-GUploader-UploadID
X-Country-Code-Real
X-FTR-DC
X-Goog-Stored-Content-Length
X-FTR-Balancer
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-FTR-Backend-Server
X-FTR-Realm
Powered
Server-Node
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Frontend
PB-RID
TP-Cache
PB-PID
TP-L2-Cache
X-Request-Processing-Time
X-FTR-Expires
X-Request-Received
X-DIS-Request-ID
Arc-Version
X-Mobile-Rewrite
Upgrade-Insecure-Requests
Refresh
X-HS-Combine-CSS
X-Ezoic-Cdn
X-XRDS-Location
X-Shard
Alternate-Protocol
X-Amzn-Trace-Id
Server-Name
X-NWS-LOG-UUID
Host-Header
X-Geo-Country
X-Microsite
X-Request-Handler-Origin-Region
X-N
X-Akamai-Edgescape
Fastly-Restarts
X-Rid
X-F-Cache
X-Page-Id
X-LB-Cache
X-Logged-In
X-FTR-Cache-Host
X-Varnish-Age
X-User-Agent
Backend-Timing
X-ATS-Timestamp
X-B
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-Cdn
X-XRDS-LOCATION
X-Zen-Fury
X-TTL
X-Kinsta-Cache
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
Healthy
X-Via-JSL
X-Origin-Server
X-Varnish-Grace
X-Cache-Key
Host
X-Request-Guid
X-Revision
X-Jobs
Fastcgi-Useragent
X-App-Environment
X-Instance
X-B-Cache
X-Signature
X-Tumblr-User
X-Tumblr-Pixel
X-Git-Hash
X-Tumblr-Pixel-0
X-ATG-Version
Paypal-Debug-Id
Actual-Object-TTL
Cache-Status
X-Whom
X-FB-Debug
X-TT
X-Type
X-Amz-Replication-Status
Section-Io-Cache
X-B3-Sampled
X-AOL-HN
X-Varnish-Backend
X-Content-Options
X-Debug-Info
X-Cache-Action
X-Seen-By
Frame-Options
X-WebKit-CSP-Report-Only
X-Cluster
X-Cache-Age
Access-Control-Allow-Method
X-Hostname
X-FastCGI-Cache
Trailer
X-Cache-Rule
X-Cache-Operation
X-Endurance-Cache-Level
X-Contextid
Source
X-Content-Powered-By
X-Amzn-Requestid
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Liferay-Portal
X-Host-Name
X-Activity-Id
X-AppVersion
X-Esi
X-Az
Tracecode
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Daa-Tunnel
X-Amz-Apigw-Id
X-PHP-Backend
X-SERVER
X-FireWall-Port
X-IPLB-Instance
X-Upgrade-Enabled
X-Framework
Accept-Charset
DC
X-WA-Info
From-Origin
Retry-After
NGB
X-Accel-Buffering
X-Response-Served-From
X-ProcessESI
X-RemovedCookies
X-RateLimit-Remaining
X-Presslabs-Stats
Srv
X-Rendered-As
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-UUID
X-Mobile
X-FW-Serve
X-FW-Type
Surrogate-Key
X-FW-Server
X-Is-Bot
X-FW-Static
X-FW-Hash
X-Cacheable-TTL
X-Adobe-Loc
X-Environment-Context
X-L-Path
X-Cached-By
X-Adobe-Content
Payment
X-RequestSource
Eomportal-Instance
X-Cache-NE
X-GeoIP
X-Varnish-Server
X-Region
X-Wix-Request-Id
Filters
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-UA-Device-Type
X-Handled-By
Xserver
X-Time-Microsecs
X-Origin-Response-Time
X-Varnish-Hostname
X-APP-VERSION
X-Proxy
X-Unique-Id
X-Cache-TTL-Remaining
X-Srv
X-NGENIX-Cache
Nel
X-Cache-Server
X-EdgeConnect-Cache-Status
Datacenter
X-Webkit-CSP
X-B3-Traceid
X-Akamai-Transformed
MS-CV
X-Backend-Name
X-Cache-Control
X-Cache-Time
X-TIME
Version
Filterid
Server-Info
X-Status
Cache-Tv-Group
X-Cache-2
X-Mode
X-Cache-Enabled
S-Cnection
X-CST
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
X-IP
Meta-Geo
X-Path-Route
X-CCM
Cache-Tags
Webserver
X-Rule
X-TNCMS
X-Detected-As
Odigeo-Trace-Id
X-Loop
X-FW-Dynamic
S-Rt
X-RN-RSRV
X-Redis-Cache
X-FC-Vary-Parameters
Azure-Version
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-SlotName
Ec-Rule-Version
Webcakes-App-Name
X-Forwarded-Host
TWC-Device-Class
X-Adobe-Source
Now
Webcakes-App-Version
X-Amzn-Remapped-Content-Length
Decoy-Debug-TTL
Origin-Cache-Control
Origin-Edge-Control
ServedBy
Webcakes-Region
Property-Id
OT-Force-Account-Verify
Decoy-Debug-Status
Decoy-Debug-Key
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
Akamai-GRN
Cache-Hits
DB-Nickname
X-ApacheServer
Country
Cleartype
TWC-Privacy
X-Hosted-By
X-Origin-Hint
X-Via-Fastly
X-Origin
X-Web-Node
X-NCache
X-PERF
X-Proto
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
GEO-INFO
X-TX-ID
X-R9-Blue-Green-Version
X-Pubstack
X-Hl-Ver
X-Real-IP
X-Human
X-Oss-Object-Type
X-RCS-CacheZone
Section-Io-Origin-Time-Seconds
X-ServerID
X-Vgn-Hpd-Reason
X-Oss-Hash-Crc64ecma
Cache-Key
X-EIG-Tracking-Id
Content-Disposition
Section-Origin-Responded
X-ProxyCache-Status
Section-Io-Origin-Status
X-Device-Type
X-ShardId
X-Proxy-Cache-Status
X-Sorting-Hat-PodId
X-ProxyCache-Key
NGX
X-Alternate-Cache-Key
Section-Io-Id
X-Akamai-Request-ID2
X-Oss-Storage-Class
X-VWS-Id
X-Cache-Status-Check
X-Cache-Config
X-Shopify-Stage
X-Locale
X-LJ-Flow-ID
X-Sorting-Hat-ShopId
X-Tb
X-Site-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
X-BYPASS-REASON
X-Oss-Server-Time
X-NYM-Debug-Backend
X-Generated
X-Oss-Request-Id
X-ShopId
X-Shopify-Generated-Cart-Token
X-AWS-Id
Access-Control-Request-Headers
X-Debug-Cache
X-Timing-Wait
X-Access
X-Soup
X-FB-TRIP-ID
X-Request-Time
X-Xfnlog-Site
X-Content-Age
X-SaId
X-Zipkin-Id
X-Routing-Service
X-MP-GENERATED-AT
X-BCube-Filmed-By
X-Proxy-Build
X-Section
X-Proxied
X-Format
X-Www-Served-By
X-Viewer-Country
X-JoinUs
Mn-Server-Ip
Selected-Fe
Cross-Origin-Window-Policy
X-HTML-Minification-Powered-By
X-PressLabs-Stats
X-Cache-Remote
Node
X-Cache-NGX
X-Ua-Device
X-Backend-TTL
X-Microcachable
X-No-Session
X-Geo
X-Varnish-Hits
X-NewRelic-App-Data
X-EC-Lua
X-Akamai-Request-ID
X-Generated-By
X-Pad
FilterID
X-IPS-LoggedIn
Accept-Language
Cf-Ipcountry
X-Drupal-Cache-Tags
X-CF-Powered-By
Time
X-From
X-NWS-UUID-VERIFY
X-Dc
X-Azure-Ref
X-NC
X-RateLimit-Limit
X-Amzn-RequestId
Ms-Operation-Id
X-RTag
X-Source
X-Old-Content-Length
X-Uri
Uber-Trace-Id
X-VCT
User-Agent
X-PCL
X-OCL
X-PHP-Host
X-Labrador-Cache-Channel
X-Cache-Grace
Cache-Name
X-CS
X-Qloud-Router
X-Pinterest-Direct
X-Nginx-Cache
X-Oneagent-Js-Injection
X-Varnish-Cache-Hits
X-GoCache-CacheStatus
Cache
Proxy-Connection
X-Edge
X-Hyper-Cache
X-MCACHE
X-Edge-Location
X-ECACHE
X-Drupal-Cache-Contexts
X-SS-Set-Cookie
X-CACHE-KEY
X-App-Server
X-Newrelic-Synthetics
X-Info
X-UA
X-GeoIP-Country-Code
X-B-Cookie
X-ARC
X-A-Dcw
Machine
X-A-Wwc
X-Aed
X-Application
X-Accel-Expires-Debug
X-A-Dgt
AsisCache
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
Apple-News-Services-Request-Url
X-Magnolia-Registration
Apple-News-Services-Parsed-Url
X-Cache-Bucket
Apple-News-Services-Handled
Apple-News-Services-Host
X-Connection-Hash
Arc-Country
BehaviorPad-Version
X-DPWN-IS-SECURE
X-External-Request-Id
X-FW-Version
X-Developer
X-Destination
X-A-Dam
X-D
X-Date
X-G
X-Rocket-Nginx-Bypass
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
Request-EU
ServerName
X-SRCache-Key
True-Client-Country-4JS
X-Session-Fingerprint
X-A-Ccd
GEO-REGION-INFO
X-Vdms-Version
Request-Country
Meta-Geo-Continent
Memcached
Xc-Version
MD5-Digest
Mobile-Detection-Method
X-Vtex-Remote-Cache
X-VG-WebCache
X-VG-WebServer
Rendered-Blocks
X-Vtex-Processado-Em
X-ScT
T-Server
X-Processor
X-Reboot
X-Region-Sid
X-Request-URI
X-PAYTM-SRV-ID
Viewtype
X-A
Fastcgi-X-Cache-Version
VivaBuild
X-Rewrite-Enabled
X-Request-UUID
X-S
X-Rojux
X-S-Cookie
User-Cache-Control
X-CDN-Forward
X-Storage
X-Cluster-Name
On-Server
Thinkindot-CacheControl-Type
X-Backend-State
X-Block-Status
Web-Mar-Node
Thinkindot-Control
N-Cache
X-Backend-Host
X-Cache-ASPX
X-Auto-Login
SD-X-WS
Rt-Fastcgi-Cache
Server-Host
Viewport
Server-Surrogate-Control
X-BBXSRF
Server-Cache-Control
X-JWT-State
X-Sn-Servicetimems
X-Slack-Backend
X-Thinkindot-L3
X-TrackingId
X-Trafficlayer-App-Name
X-ServiceProvider
X-Server-W
X-Matched-Rule
X-Micro-Cache
X-Request-Host
X-Served-From
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Instart-Info
X-We-Are-Hiring
X-WADP-Cache
X-Tumblr-Pixel-3
X-Varnish-Authentication
X-VG-TLSProxy
X-VServer
X-LI-UUID
X-LI-Proto
X-DevSite-Last-Modified
X-Fastly-Cache
X-Fmm-Version
X-Gen-Mode
X-Core-Value
X-Contensis-Viewer-Groups
X-Cache-Info
X-Cache-URL
X-Cdn-Origin
X-Clara-WADP
X-Generated-On
X-Geo-Header
X-Is-Gdpr
X-Level-Front-Cache
X-Li-Fabric
X-Li-Pop
X-Irp-Debug
X-IN-APIGATEWAYSSL
X-GeoIP-City
X-Has-Esi
X-Hnp-Log
X-IN-APIGATEWAY
X-Cache-Expired-At
Thinkindot-CacheControl
Cache-Cookie-Set-Lfrom
Content-Style-Type
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
A
Content-Script-Type
Gh-Request-Id
X-Sucuri-ID
Geo-Info
X-S-Maxage
X-Hash
X-Distributor
X-LAGOON
X-Logging-Id
X-Distil-CS
X-Epic-Correlation-Id
X-Eu-Site
X-Gamma-Serve
X-Fetched-On
X-Generated-In
Locid
X-Dispatcher-Server
X-Debug-Log
X-CGP
X-Clientip
X-APP
X-Cache-Tags
X-Cache-FS-Status
X-UnsetCookies
X-Cluster-Node
X-Cms-Context
X-Developers
X-Device-Os
X-Ms-Request-Id
X-Debug-Cookies
X-Core-Mission
X-CUA
X-Dispatch
X-Nginx-Cache-Key
X-Swa-Ws
X-Thanos
X-Trace-Id
X-SN
X-Skip-Cache
X-Sigma-Backend
X-SIPLIST1
X-TT-TIMESTAMP
X-Urbn-Context-Path
X-VC-Cache
X-WebServer
Proxy-Firewall
X-Varnish-Cacheable
X-Variation
X-Urbn-Site-Id
X-Var-Ttl
X-Sigma
X-Time
X-Origin-Expires
X-Owner
X-Platform-Server
X-Origin-Date
X-NX-Host
Adler-Geo
X-NodeID
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Rocket-Build-Number
X-Scheme
X-Servername
X-Req
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Ms-Version
X-Generation-Time
Fastly-SWR
V-Age
Fastly-SIE
FNAC-ModuleRouting
X-Agile-Id
Ha-Gx-Prefs
Countrycode
Server-ID
Fastly-Drupal-HTML
X-Agile-Age
Wxu-Next-Hostname
Wxu-Next-Region
Country-Code
Wxu-Next-Commit
We-Hiring
X-Agile
W
X-App-Name
Group
L5d-Success-Class
Kp-EeAlive
IsBot
Platform
X-Bc-Bl
Locale
AKAMAI
X-Bip
Mail-Subject
Cache-Host
Is-Eu
RNT-Machine
Heartbleed
HA-Ipaddr
RNT-Time
CDCHOST
X-Mid
X-C
X-OVcl
X-Instart-Isnd
X-Response-By
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Hit
Vix-Hermes-Req-Id
X-OVcl-Cache
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cache-Fetch
CF-Cached-On
PFcat
X-Cache-PHP
X-Refresh
X-CSRF-Token
X-FORWARDED-FOR
X-Vdms-Path
X-Varnish-Beresp-Ttl
X-URL
X-RESPONSE-TIME
Request-Time
NM-Fastcgi-Cache
X-Node-Id
Mime-Version
X-Parent-Response-Time
X-CLOUD-TRACE-CONTEXT
X-B3-Spanid
M-TraceId
Powered-By-ChinaCache
Server-Ext
X-Varnish-URL
Sever-Int
Server-Hostname
X-Ruxit-Js-Agent
X-Nc
X-Lb-Id
X-MSEdge-Flight
X-VCache
Origin
Pramga
X-MSEdge-Features
Pagetype
HostName
PICS-Label
X-Protected-By
X-Service
X-FPC
X-Varnish-Ttl
X-ND-Cache
X-Wa
Cloudfront-Viewer-Country
X-Method
X-DC
X-Pjax-Url
X-Via-PopH
X-Worker
HitType
Magicmarker
X-Via-PopV
X-TA-CDN-Provider
X-Request-Start
Geoip-Latitude
X-Envoy-Upstream-Healthchecked-Cluster
X-C-Key
X-Branch-Name
Environment
Geoip-City
X-C-Zone
X-SRV
X-App-Version
X-Ratelimit-Remaining
X-Be
X-Load-Cache
X-Ua
X-HS-Status
X-COUNTRY
GeoIp-Country-Code
X-Policy
Memory
X-SERVER-NAME
X-BACKEND-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Wix-Viewer-Type
X-GEO
Esi-Enabled
NtCoent-Length
Fastly-Backend-Name
X-ECache
Dt-Cache-Category
X-Up
Cteonnt-Length
XServer
X-CSRF-TOKEN
Who
X-Azure-Ref-OriginShield
X-Origin-CC
X-VCL-Version
X-Zone
X-Myra-Origin2
X-Origin-TTL
X-Newrelic-App-Data
X-Bc
X-Servedbyhost
Hostname
X-Cdn-Forward
X-Via-Ucdn
TTL
X-Reqid
X-Server-Time
Ttl
Pragrma
X-Referer
X-Litespeed-Cache
X-TT-LOGID
X-Cache-Metadata
X-Cache-Host
X-Vcl-Version
UCS
Resin-Trace
X-Edge-Server
Cdn-Request-Time
X-Country-IP
Cdn
Cdn-Host
X-Dynatrace-Js-Agent
SRV
X-Fastly-Country-Code
Cdncip
X-AK-Request-ID
X-BC
X-ZONE
Release
Cdnsip
X-ServedByHost
Lb
X-Ratelimit-Limit
Product
X-NU-AKA-ACS-Version
X-Pf-Uncompressing
Load-Balancing
X-NGINX-Cache
GeoIP-Country-Code
X-SVT-ORM-RULES
X-Correlation-ID
X-SVT-ORM-VERSION
X-Swift-Error
CACHE
X-Configured-By
LB
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Server-IP
GeoIP-Latitude
GeoIP-City
X-AIR-PT
X-Air-Hostname
Sid
X-Edge-O15-RID
Ohc-File-Size
FSS-Cache
X-Cache-Id
X-Datadome
X-Gzip
X-Node-ID
Dnion-Transfer-Encoding
X-Esi-Check
X-PJAX-URL
X-Cache-Debug
RequestId
C-Via
X-WPE-Loopback-Upstream-Addr
Ohc-Cache-HIT
X-TH-Server
X-Tb-Optimization-Total-Bytes-Saved
Warning
X-WA
MIME-Version
X-B3-SpanId
X-BE
IBM-Web2-Location
Pics-Label
X-Fpc
My-App
X-Powered-Y
X-RAMCache
X-Location
X-Svr
X-UPSTREAM-Address
X-VarnishDD-TTL
Tcn
Server-Int
X-Cache-Backend
X-Varnish-Beresp-TTL
X-Varnish-Url
X-Mvc-Supplant-Cachable
X-Fastly-Backend-Reqs
X-Ocache
X-Sucuri-Cache
X-Fastly-Request-Id
Lfy
Fastly-SSL
X-Apw-Access-Action
X-Apw-Access-Object
X-Unique-ID
X-Apw-Access-Token
X-Mvc-Supplant-OutputCached
X-MID
X-SD-PageType
Powered-By
X-Apw-Hits
Xet-Cookie
X-Zalando-Child-Request-Id
X-ElasticPress-Search
X-PF-Uncompressing
X-ElasticPress-Query
Requestid
X-Agile-Brick-Ok
X-Page-Impression-Id
X-LiteSpeed-Cache-Control
X-Flow-Id
CF-IPCountry
X-HostName
X-Aicache-OS
X-B3-Parentspanid
X-Debug-Controller
X-User
CDN
X-Check-Cacheable
X-Debug-Revision
Fastly-Soc-X-Request-Id
X-Nananana
Cneonction
X-Sucuri-Id
X-App
ProcessTime
X-ServerName
Host-ID
X-Cache-Tag
URI
Processtime
X-Action
X-LB-ID
X-MiniProfiler-Ids
X-DW
CloudFront-Viewer-Country
X-RPM
X-RSL
X-RPS
X-Dw-Trace-Id
X-DSS
X-Request-Url
X-Fastly-Cache-Hits
L
X-Compress-Hint
DataCenter
X-DI
X-DB
X-Request-URL