Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
Upgrade
X-CDN
X-Ua-Compatible
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Server
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Xkey
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Request-ID
X-Pingback
X-Server-Powered-By
Server-Timing
X-Swift-SaveTime
X-Swift-CacheTime
Feature-Policy
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
X-Varnish-Cache
Grace
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Device
X-Server-Id
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
NEL
X-Cache-Lookup
X-Dispatcher
X-Ac
X-Readtime
Surrogate-Control
X-Origin-Upstream-Status
X-WebKit-CSP
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Country
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-DataDome
X-Akam-SW-Version
X-Rack-Cache
X-Url
Edge-Control
Rating
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-Goog-Hash
Allow
X-DynaTrace
X-Instart-Request-ID
X-Country-Code
X-Varnish-TTL
Content-MD5
X-ASPNET-VERSION
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
X-Webkit-Csp
X-ESI
X-Server-Name
Pinterest-Generated-By
X-D2id
X-Kinja-Build
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-MS-InvokeApp
SPRequestGuid
X-Powered-By-Plesk
X-Cached
X-Navigation-Version
X-Amz-Server-Side-Encryption
X-Vcache
X-Debug
X-Forwarded-Proto
X-B3-TraceId
X-Abt-Application-Version
X-Amz-Rid
Accept-Ch
X-MSEdge-Ref
X-Fastly-Request-ID
X-Trace
Public-Key-Pins
X-SharePointHealthScore
Nginx-Cache
X-Vcap-Request-Id
X-VARITI-CCR
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
MS-Author-Via
X-Server-ID
Arr-Disable-Session-Affinity
Charset
TCN
X-Px
X-NF-Request-ID
X-Cache-TTL
X-Accel-Expires
X-Fastcgi-Cache
Edge-Cache-Tag
Accept-Ch-Lifetime
Pagespeed
Display
Realpath
Response
X-Middleton-Display
X-Middleton-Response
SPRequestDuration
SPIisLatency
Fusion-Deployment-Id
X-Sol
X-Content-Type
X-Version
X-Ttl
X-Ser
X-Client-IP
Cache-Tag
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Accept-CH
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-DynaTrace-JS-Agent
X-Powered-CMS
X-Pinterest-Rid
Front-End-Https
Pinterest-Version
Access-Control-Request-Method
X-Id
NR-ENABLED
X-Jurisdiction
X-Hp-Webp
MRF-Tech
X-B3-TraceId-Primal
X-Grace
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Upstream
X-Forwarded-For
Ar-Sid
AR-CACHE
X-Dns-Prefetch-Control
X-Content-Digest
X-T
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
S
X-Hits
DynaTrace
X-Dw-Request-Base-Id
Accept-CH-Lifetime
X-TTL
Fastcgi-Cache
ServerID
X-Mobile-URL
X-Node-Name
PB-PID
X-Amzn-Trace-Id
PB-RID
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-Recruiting
X-XRDS-LOCATION
X-Cache-Hit
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
Server-Node
Arc-Version
X-Mobile-Rewrite
X-HS-Hub-Id
X-HS-Content-Id
Powered
X-FTR-Expires
X-HS-Cache-Config
X-Frontend
X-Shard
TP-Cache
X-Ezoic-Cdn
TP-L2-Cache
X-Shield-Request-Id
AMP-Access-Control-Allow-Source-Origin
X-DIS-Request-ID
Upgrade-Insecure-Requests
X-NWS-LOG-UUID
Fastly-Restarts
X-Request-Processing-Time
X-HS-Combine-CSS
X-Request-Received
Alternate-Protocol
Refresh
X-Logged-In
X-Varnish-Age
WPE-Backend
X-Microsite
X-Request-Handler-Origin-Region
Server-Name
X-FTR-Cache-Host
MicrosoftSharePointTeamServices
X-Correlation-Id
X-B
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-LB-Cache
X-Page-Id
X-ATS-Timestamp
X-Rid
Backend-Timing
X-F-Cache
X-User-Agent
X-Geo-Country
X-N
X-Via-JSL
Host
X-Zen-Fury
X-Kong-Proxy-Latency
Cache-Status
X-Kong-Upstream-Latency
Host-Header
X-Origin-Server
X-ORACLE-APMCS-REQUEST-ID
X-Content-Options
X-ORACLE-APMCS-TAG
X-Varnish-Grace
X-Kinsta-Cache
X-B3-Sampled
X-Revision
X-Amz-Apigw-Id
X-Amz-Replication-Status
X-AOL-HN
X-ATG-Version
X-TT
X-Cache-Action
X-Tumblr-User
X-XRDS-Location
X-Jobs
X-Request-Guid
X-Tumblr-Pixel-0
X-Type
X-Instance
X-FB-Debug
Paypal-Debug-Id
X-App-Environment
Actual-Object-TTL
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel
X-B-Cache
X-Signature
X-Content-Powered-By
X-Git-Hash
X-Varnish-Backend
Access-Control-Allow-Method
X-Debug-Info
Fastcgi-Useragent
Liferay-Portal
X-Whom
Healthy
Frame-Options
Section-Io-Cache
X-Srv
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-Key
X-Cluster
X-Seen-By
X-Cached-By
X-Daa-Tunnel
X-Hostname
X-Cache-Rule
X-AppVersion
X-Activity-Id
X-Az
X-PHP-Backend
X-Cache-Operation
X-Erf-Bev-Bev-Is-Generated
X-Framework
X-Erf-Bev-Bev
X-FireWall-Port
X-Cache-Age
X-CST
Tracecode
X-WA-Info
X-Presslabs-Stats
X-Mobile
X-Contextid
X-Endurance-Cache-Level
X-Amzn-Requestid
Retry-After
X-IPLB-Instance
X-Host-Name
Source
Xserver
X-Response-Served-From
X-Accel-Buffering
NGB
X-Upgrade-Enabled
X-RemovedCookies
X-ProcessESI
Accept-Charset
DC
Surrogate-Key
Eomportal-Instance
X-L-Path
X-Is-Bot
X-GeoIP
X-Varnish-Hostname
X-Rendered-As
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-FW-Type
X-FW-Static
X-Adobe-Loc
X-Adobe-Content
Payment
Filters
X-Cache-NE
X-Environment-Context
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Region
X-Handled-By
X-Cacheable-TTL
X-Origin-Response-Time
X-Varnish-Server
X-RequestSource
X-UUID
Srv
X-FastCGI-Cache
Trailer
X-EdgeConnect-Cache-Status
X-UA-Device-Type
From-Origin
Server-Info
X-Cache-2
X-Backend-Name
X-Cache-TTL-Remaining
X-Proxy
X-APP-VERSION
X-RateLimit-Remaining
X-Time-Microsecs
X-Wix-Request-Id
Cache-Tv-Group
X-Cache-Server
X-Edge-O15-RID
MS-CV
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Cache-Enabled
X-Akamai-Transformed
X-Dc
Version
X-NGENIX-Cache
Datacenter
X-Status
X-TIME
X-Unique-Id
X-Mode
GEO-INFO
S-Cnection
X-IPS-LoggedIn
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Var-Map
Meta-Geo
X-ES-SERVER
X-Cache-Var
X-B3-Traceid
X-RN-RSRV
FilterID
X-Path-Route
X-CCM
X-TX-ID
Country
X-Redis-Cache
X-Pad
ServedBy
X-ApacheServer
Cache-Tags
Cleartype
X-R9-Blue-Green-Version
X-Cache-Time
X-PERF
X-Hl-Ver
X-NewRelic-App-Data
X-Via-Fastly
X-Forwarded-Host
X-Cache-Status-Check
X-FC-Vary-Parameters
Akamai-GRN
X-LJ-Flow-ID
NGX
DB-Nickname
X-Shopify-Stage
Now
X-Shopify-Generated-Cart-Token
X-ServerID
X-ShardId
Decoy-Debug-TTL
Decoy-Debug-Status
X-ShopId
X-FW-Dynamic
Decoy-Debug-Key
Origin-Cache-Control
X-Pubstack
OT-Force-Account-Verify
X-Alternate-Cache-Key
X-Proto
Origin-Edge-Control
X-Hosted-By
X-Tb
X-Vgn-Hpd-Reason
X-AWS-Id
X-Varnish-Hits
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Debug-Cache
X-Device-Type
X-EIG-Tracking-Id
X-Sorting-Hat-PodId
X-Origin
X-Cache-Control
X-Sorting-Hat-ShopId
X-VWS-Id
Content-Disposition
Azure-Version
Azure-SlotName
Azure-SiteName
Webserver
X-BYPASS-REASON
X-Human
X-Amzn-Remapped-Content-Length
X-Cache-Config
X-Content-Age
X-Generated
X-Format
X-Detected-As
X-Akamai-Request-ID2
X-Access
X-Locale
X-Loop
Ec-Rule-Version
Mn-Server-Ip
X-JoinUs
Azure-RegionName
X-IP
Selected-Fe
Cross-Origin-Window-Policy
X-Proxy-Cache-Status
TWC-Connection-Speed
Property-Id
X-Zipkin-Id
X-Say-Cacheable
Azure-InstanceId
TWC-GeoIP-Country
TWC-Locale-Group
X-SaId
TWC-GeoIP-LatLong
X-Www-Served-By
X-Web-Node
X-SayCDN-TTL
X-Section
X-Site-Version
X-Soup
X-Timing-Wait
X-Say-TTL
X-Viewer-Country
X-TNCMS
X-Routing-Service
TWC-Device-Class
X-Proxy-Build
X-Origin-Hint
X-Proxied
Webcakes-App-Version
Webcakes-App-Name
X-NCache
X-ProxyCache-Key
TWC-Privacy
X-ProxyCache-Status
Webcakes-Region
Cache-Key
Filterid
X-FB-TRIP-ID
X-NYM-Debug-Backend
X-SS-Set-Cookie
X-MP-GENERATED-AT
X-Generated-By
X-Akamai-Request-ID
X-Ua-Device
X-Xfnlog-Site
X-RCS-CacheZone
S-Rt
X-Cache-Remote
X-Request-Time
X-BCube-Filmed-By
Access-Control-Request-Headers
X-HTML-Minification-Powered-By
Node
X-Real-IP
Cache-Hits
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Amzn-RequestId
X-App-Server
X-EC-Lua
X-Geo
X-Drupal-Cache-Tags
Nel
X-No-Session
X-Uri
X-Adobe-Source
Accept-Language
X-PressLabs-Stats
X-Microcachable
Odigeo-Trace-Id
X-Rule
X-UA
X-CACHE-KEY
X-PCL
X-OCL
X-Qloud-Router
X-NWS-UUID-VERIFY
Ms-Operation-Id
X-RTag
Time
X-Source
X-Varnish-Cache-Hits
Cf-Ipcountry
X-From
X-Azure-Ref
X-Esi
User-Agent
X-Hyper-Cache
X-Info
X-Labrador-Cache-Channel
X-PHP-Host
X-Time
X-Cache-NGX
X-Cluster-Node
X-Load-Cache
X-Backend-TTL
Proxy-Connection
X-RateLimit-Limit
X-Storage
X-Nc
X-Old-Content-Length
X-CF-Powered-By
X-Nginx-Cache
X-GoCache-CacheStatus
X-TA-CDN-Provider
Fastcgi-X-Cache-Version
Request-EU
GEO-REGION-INFO
X-Region-Sid
Meta-Geo-Continent
X-Rewrite-Enabled
X-Rojux
X-S
X-Request-UUID
Mobile-Detection-Method
MD5-Digest
X-Request-URI
Powered-By-ChinaCache
Machine
BehaviorPad-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-PAYTM-SRV-ID
Cache-Name
Apple-News-Services-Host
X-Cache-Grace
A
Apple-News-Services-Handled
X-S-Cookie
X-Drupal-Cache-Contexts
Uber-Trace-Id
Content-Script-Type
X-OVcl-Cache
AsisCache
X-Processor
Arc-Country
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Content-Style-Type
X-VG-WebCache
X-Cdn-Srv
X-B-Cookie
X-ARC
X-Application
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Date
X-D
X-Connection-Hash
X-Magnolia-Registration
X-Aed
X-A-Ccd
X-A
T-Server
VivaBuild
X-A-Dam
X-A-Dcw
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
X-Destination
X-Developer
Rendered-Blocks
X-Vdms-Version
Viewtype
ServerName
X-Twitter-Response-Tags
X-Trv-Group
X-Session-Fingerprint
X-SRCache-Key
X-Transaction
X-OVcl
X-GeoIP-Country-Code
X-External-Request-Id
X-Vtex-Remote-Cache
Xc-Version
X-DPWN-IS-SECURE
X-Vtex-Processado-Em
X-UnsetCookies
X-G
Request-Country
X-VG-WebServer
X-ScT
Rt-Fastcgi-Cache
X-Cluster-Name
X-Service
X-Rocket-Nginx-Bypass
X-Cdn-Origin
X-ServiceProvider
Thinkindot-CacheControl
True-Client-Country-4JS
X-Sn-Servicetimems
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Reboot
Server-Host
X-Newrelic-Synthetics
X-GeoIP-City
X-Geo-Header
X-Generated-On
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Core-Value
X-Matched-Rule
X-Level-Front-Cache
PFcat
X-Thinkindot-L3
X-Served-From
X-CS
X-Edge-Location
X-Cache-Expired-At
X-VG-TLSProxy
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
Viewport
X-Trafficlayer-App-Name
User-Cache-Control
X-Varnish-Ttl
X-Distil-CS
X-Dispatcher-Server
X-BBXSRF
X-Dispatch
X-Distributor
X-Device-Os
X-Developers
X-Fastly-Cache
X-Agile-Age
X-Fetched-On
X-FW-Version
X-Agile-Id
X-Debug-Log
X-Auto-Login
X-Eu-Site
X-App-Name
X-Backend-State
X-Debug-Cache-Expiry
X-Cache-ASPX
X-CGP
X-C
X-Cache-Bucket
X-Gamma-Serve
X-Cache-FS-Status
X-Cache-Info
X-Cache-URL
X-Clara-WADP
X-Block-Status
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cookies
X-CUA
X-Bip
X-Cms-Context
X-Contensis-Viewer-Groups
X-Core-Mission
X-Bc-Bl
X-Irp-Debug
X-Swa-Ws
X-Thanos
X-Trace-Id
X-TrackingId
X-Slack-Backend
X-SIPLIST1
X-Rocket-Build-Number
X-Server-W
X-Sigma
X-Sigma-Backend
X-TT-TIMESTAMP
X-Tumblr-Pixel-3
X-WebServer
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-WADP-Cache
X-VServer
X-Var-Ttl
X-Varnish-Authentication
X-Varnish-Cacheable
X-VC-Cache
X-Request-Host
X-Proxy-Upstream
X-Is-Gdpr
X-JWT-State
X-Li-Fabric
X-Li-Pop
X-Agile
X-Instart-Isnd
X-Generation-Time
X-Has-Esi
X-Hash
X-Hnp-Log
X-LI-Proto
X-Logging-Id
X-NX-Host
X-Origin-Date
X-Origin-Expires
X-Owner
X-NodeID
X-Nginx-Cache-Key
X-Micro-Cache
X-Ms-Request-Id
X-Ms-Version
X-ND-Cache
X-Gen-Mode
X-LI-UUID
On-Server
Pramga
N-Cache
Memcached
Mail-Subject
RNT-Machine
RNT-Time
Mime-Version
W
Server-Surrogate-Control
Server-ID
Server-Cache-Control
Locid
L5d-Success-Class
Country-Code
Gh-Request-Id
CDCHOST
Cache-Host
AKAMAI
Group
Ha-Gx-Prefs
Kp-EeAlive
IsBot
Heartbleed
HA-Ipaddr
We-Hiring
X-Varnish-Beresp-Ttl
Web-Mar-Node
X-S-Maxage
X-VCache
Countrycode
Fastly-Drupal-HTML
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Fastly-SIE
X-Platform-Server
Fastly-SWR
Locale
X-Generated-In
X-Epic-Correlation-Id
X-Hit
Is-Eu
X-Lb-Id
X-LAGOON
X-Rebelmouse-Cache-Control
X-Servername
Wxu-Next-Commit
FNAC-ModuleRouting
Wxu-Next-Hostname
Wxu-Next-Region
X-Req
X-Backend-Host
X-We-Are-Hiring
HitType
Platform
Cloudfront-Viewer-Country
X-Skip-Cache
X-Urbn-Context-Path
X-Variation
X-Urbn-Site-Id
X-Rebelmouse-Surrogate-Control
Adler-Geo
V-Age
X-Clientip
X-Cache-Tags
X-DevSite-Last-Modified
X-Sucuri-ID
X-NC
X-Node-Id
X-Response-By
X-BACKEND-TTL
Cache-Cookie-Set-Lfrom
Environment
X-Ratelimit-Remaining
Geo-Info
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-VHOST
X-VCT
X-Fmm-Version
Hostname
X-RESPONSE-TIME
X-Parent-Response-Time
X-Correlation-ID
X-CLOUD-TRACE-CONTEXT
X-Refresh
X-Scheme
X-Cdn-Forward
X-B3-Spanid
X-Pjax-Url
Cache
X-CSRF-Token
X-Origin-CC
X-Origin-TTL
Fastly-Backend-Name
X-Up
X-Instart-Info
SD-X-WS
X-SN
X-Varnish-URL
X-APP
X-CDN-Forward
Geoip-City
X-Server-Time
Origin
X-Edge
X-FPC
Proxy-Firewall
X-MCACHE
Geoip-Latitude
X-App-Version
X-TT-LOGID
PICS-Label
Vix-Hermes-Req-Id
Cdn-Host
X-MSEdge-Flight
Pragrma
X-MSEdge-Features
M-TraceId
X-Edge-Server
GeoIp-Country-Code
Cdn-Request-Time
X-Vcl-Version
Request-Time
X-Cache-PHP
TTL
X-CSRF-TOKEN
CF-Cached-On
Cdnsip
Cdncip
NM-Fastcgi-Cache
CACHE
X-AK-Request-ID
X-Vdms-Path
X-Wa
X-Be
X-Cache-Host
X-Mid
X-ECACHE
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Ohc-File-Size
X-HS-Status
X-Wix-Viewer-Type
NtCoent-Length
Server-Ext
X-NU-AKA-ACS-Version
Server-Hostname
X-ECache
Pagetype
X-Air-Hostname
Sever-Int
X-URL
X-Ratelimit-Limit
X-ServedByHost
Cdn
X-Myra-Origin2
Resin-Trace
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
SRV
X-Ua
HostName
X-Method
Magicmarker
Memory
X-Bc
X-Cache-Debug
X-Zone
RequestId
X-Pf-Uncompressing
X-GEO
X-Cache-Metadata
X-Worker
Tcn
Ohc-Cache-HIT
X-Via-PopH
Cteonnt-Length
X-TH-Server
X-ZONE
X-Via-PopV
X-BC
X-Swift-Error
X-Dynatrace-Js-Agent
X-Newrelic-App-Data
Release
X-FORWARDED-FOR
X-Oneagent-Js-Injection
IBM-Web2-Location
X-NGINX-Cache
X-Request-Start
X-Envoy-Upstream-Healthchecked-Cluster
X-Protected-By
X-Branch-Name
X-Referer
X-Azure-Ref-OriginShield
X-Servedbyhost
Load-Balancing
Server-Int
Dt-Cache-Category
X-Policy
Dnion-Transfer-Encoding
X-Unique-ID
XServer
X-Planisys-CDN-Rules
X-Tb-Optimization-Total-Bytes-Saved
Lb
Powered-By
X-Ocache
X-Fastly-Country-Code
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Reqid
Esi-Enabled
X-AIR-PT
X-Configured-By
X-Esi-Check
X-Cache-Id
X-WA
X-C-Key
X-C-Zone
X-Ruxit-Js-Agent
X-DC
X-Datadome
X-COUNTRY
X-VCL-Version
Who
Fastly-Soc-X-Request-Id
X-Gzip
Ttl
X-B3-SpanId
Pics-Label
X-Node-ID
Fastly-SSL
X-Via-Ucdn
X-SRV
GeoIP-Country-Code
X-Action
MIME-Version
X-RSL
X-RPM
X-DW
X-RPS
GeoIP-City
X-VarnishDD-TTL
X-DI
X-Flog
X-Hello
GeoIP-Latitude
X-DSS
X-ABtesting
UCS
X-DB
X-Country-IP
X-HostName
X-SERVER-NAME
X-WPE-Loopback-Upstream-Addr
Product
Host-ID
X-Svr
LB
X-Powered-Y
X-PF-Uncompressing
X-RAMCache
FSS-Cache
X-Fpc
X-Cache-Backend
X-PJAX-URL
X-Fastly-Backend-Reqs
X-Fastly-Request-Id
Lfy
X-Varnish-Url
X-Amzn-Remapped-Date
X-Via-CDN
ProcessTime
X-Render-Time
X-Amzn-Remapped-Connection
X-MID
X-User
X-Pinterest-Direct
X-UPSTREAM-Address
Sid
FSS-Proxy
CF-IPCountry
X-Varnish-Beresp-TTL
X-SD-PageType
X-Server-IP
Xet-Cookie
X-Flow-Id
X-Beluga-Record
X-Agile-Brick-Ok
X-Zalando-Child-Request-Id
X-Beluga-Status
X-Key
X-Page-Impression-Id
X-Internal-Host
X-Apw-Access-Action
X-Apw-Access-Object
Cneonction
X-LiteSpeed-Cache-Control
Amp-Access-Control-Allow-Source-Origin
X-Beluga-Response-Time
X-Apw-Access-Token
X-Beluga-Trace
Requestid
X-Apw-Hits
X-Beluga-Node
X-Beluga-Cache-Status
WZWS-RAY
L
SN
X-Tid
X-Debug-Controller
X-Check-Cacheable
X-Debug-Revision
X-Sucuri-Cache
CDN
X-Aicache-OS
X-B3-Parentspanid
X-BE
X-Compress-Hint
X-Litespeed-Cache-Control
X-Sucuri-Id
C-Via
X-LB-ID
X-ElasticPress-Search
CloudFront-Viewer-Country
X-Nananana
X-App
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-Fastly-Cache-Hits
X-Request-Url
DataCenter
X-Location
X-Request-URL