Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
CF-Ray
Referrer-Policy
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
X-Request-Id
Alt-Svc
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
X-Ua-Compatible
Upgrade
Status
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-AH-Environment
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
X-Server
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
Xkey
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
X-Swift-SaveTime
X-Swift-CacheTime
Feature-Policy
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
X-Varnish-Cache
X-UA-Device
Grace
X-Request-ID
Cf-Railgun
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
X-Cache-Lookup
X-Dispatcher
X-Ac
NEL
X-Readtime
Surrogate-Control
X-WebKit-CSP
X-Origin-Upstream-Status
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cloud-Trace-Context
X-Country
X-Mod-Pagespeed
X-Akam-SW-Version
X-DataDome
X-Rack-Cache
Rating
Edge-Control
X-Url
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-PC
X-Goog-Hash
X-Vname
X-TtlSet
X-DynaTrace
Allow
X-FTR-Request-ID
X-Country-Code
Content-MD5
Verso
Service-Worker-Allowed
X-GitHub-Request-Id
X-Varnish-TTL
X-ESI
Pinterest-Generated-By
X-Server-Name
X-D2id
X-Webkit-Csp
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
X-Exp-Variant
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-MS-InvokeApp
X-Powered-By-Plesk
SPRequestGuid
X-Navigation-Version
X-Cached
X-Vcache
X-Abt-Application-Version
Accept-Ch
X-Amz-Server-Side-Encryption
X-Debug
X-Forwarded-Proto
X-B3-TraceId
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Amz-Rid
X-MSEdge-Ref
X-Trace
X-Fastly-Request-ID
Nginx-Cache
Public-Key-Pins
X-SharePointHealthScore
X-Vcap-Request-Id
X-Server-ID
X-VARITI-CCR
MS-Author-Via
TCN
X-Fastcgi-Cache
Arr-Disable-Session-Affinity
Charset
Accept-Ch-Lifetime
X-Px
Edge-Cache-Tag
X-Cache-TTL
X-Accel-Expires
X-NF-Request-ID
Response
X-Middleton-Response
Pagespeed
Display
X-Middleton-Display
Realpath
X-Sol
X-Ser
SPRequestDuration
SPIisLatency
X-Version
X-Content-Type
X-Client-IP
AR-Request-ID
AR-PoweredBy
AR-ATIME
Cache-Tag
X-Ttl
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-DynaTrace-JS-Agent
Front-End-Https
Fusion-Deployment-Id
AR-CACHE
Ar-Sid
Pinterest-Version
X-Pinterest-Rid
X-Powered-CMS
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Dns-Prefetch-Control
Access-Control-Request-Method
X-Id
X-Hp-Webp
Accept-CH
X-Jurisdiction
X-Upstream
X-Grace
NR-ENABLED
X-Content-Digest
X-Forwarded-For
X-T
X-Element-Page-Cache
DynaTrace
X-Hits
X-Amz-Meta-S3cmd-Attrs
X-Dw-Request-Base-Id
X-TTL
S
X-Aspnet-Version
Fastcgi-Cache
Accept-CH-Lifetime
ServerID
X-Amzn-Trace-Id
X-Mobile-URL
X-Node-Name
PB-PID
X-Country-Code-Real
X-FTR-Cache-Status
PB-RID
X-Recruiting
X-Shard
X-Ezoic-Cdn
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-HS-Content-Id
X-Goog-Stored-Content-Length
X-HS-Hub-Id
X-FTR-Expires
X-GUploader-UploadID
X-HS-Cache-Config
Arc-Version
X-Goog-Stored-Content-Encoding
Server-Node
X-Mobile-Rewrite
Powered
X-Frontend
TP-L2-Cache
X-Cache-Hit
TP-Cache
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Backend
X-DIS-Request-ID
Fastly-Restarts
X-NWS-LOG-UUID
Upgrade-Insecure-Requests
X-HS-Combine-CSS
X-Shield-Request-Id
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-Request-Processing-Time
X-Varnish-Age
X-Request-Received
X-XRDS-LOCATION
Refresh
X-Correlation-Id
X-Microsite
X-Request-Handler-Origin-Region
MicrosoftSharePointTeamServices
X-ATS-Timestamp
Backend-Timing
WPE-Backend
Server-Name
X-Akamai-Edgescape
X-F-Cache
X-Rid
X-LB-Cache
X-Page-Id
X-Content-Security-Policy-Report-Only
X-B
X-User-Agent
X-FTR-Cache-Host
X-Geo-Country
X-Via-JSL
Cache-Status
X-Zen-Fury
X-N
X-XRDS-Location
X-Content-Options
Host
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Origin-Server
X-Varnish-Grace
X-Amz-Apigw-Id
Host-Header
X-Revision
X-Kinsta-Cache
X-Type
X-B3-Sampled
X-AOL-HN
X-ATG-Version
X-Content-Powered-By
X-Amz-Replication-Status
X-FB-Debug
X-TT
X-Cache-Action
X-Instance
X-Tumblr-Pixel-0
X-App-Environment
X-WebKit-CSP-Report-Only
X-Git-Hash
Actual-Object-TTL
Paypal-Debug-Id
Access-Control-Allow-Method
X-Tumblr-Pixel
X-Signature
X-Tumblr-User
X-B-Cache
X-Debug-Info
X-Varnish-Backend
X-Jobs
X-Request-Guid
Liferay-Portal
Fastcgi-Useragent
X-Tt-Trace-Tag
Frame-Options
X-Whom
X-Srv
X-Tt-Trace-Host
X-Cached-By
Healthy
Section-Io-Cache
X-Hostname
X-PHP-Backend
X-Cluster
X-Framework
X-Seen-By
X-Daa-Tunnel
X-CST
X-Cache-Key
X-AppVersion
X-Cache-Rule
X-Az
X-Activity-Id
X-Erf-Bev-Bev-Is-Generated
X-Cache-Operation
X-Erf-Bev-Bev
X-FireWall-Port
X-WA-Info
Retry-After
X-Mobile
X-Endurance-Cache-Level
Tracecode
X-Cache-Age
X-Contextid
Xserver
X-IPLB-Instance
X-Host-Name
X-Upgrade-Enabled
NGB
Source
X-Accel-Buffering
Accept-Charset
X-Response-Served-From
X-Presslabs-Stats
X-ProcessESI
X-RemovedCookies
X-Cache-NE
DC
Surrogate-Key
Payment
X-Edge-O15-RID
X-Origin-Response-Time
Eomportal-Instance
X-Region
Srv
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Static
X-Varnish-Hostname
X-Cacheable-TTL
X-Rendered-As
X-Adobe-Content
X-Tumblr-Pixel-1
X-GeoIP
X-Is-Bot
X-Handled-By
X-Tumblr-Pixel-2
X-Adobe-Loc
Filters
X-Varnish-Server
X-L-Path
Trailer
X-Environment-Context
X-UUID
X-RequestSource
Server-Info
X-Amzn-Requestid
X-Cache-2
X-EdgeConnect-Cache-Status
X-RateLimit-Remaining
X-UA-Device-Type
X-Backend-Name
Cache-Tv-Group
Nel
From-Origin
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
X-FastCGI-Cache
X-Wix-Request-Id
X-Cache-Server
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
MS-CV
X-Oss-Request-Id
X-Oss-Storage-Class
X-Cache-Enabled
X-APP-VERSION
X-Akamai-Transformed
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Dc
Version
X-NGENIX-Cache
X-Status
X-Amzn-RequestId
X-IPS-LoggedIn
X-B3-Traceid
Datacenter
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-SS-Set-Cookie
S-Cnection
X-ES-SERVER
X-Pad
Meta-Geo
X-CCM
X-Mode
X-Cache-Var-Map
X-Cache-Var
X-Path-Route
X-NewRelic-App-Data
X-RN-RSRV
X-Forwarded-Host
X-Section
X-TX-ID
X-Format
X-Access
Decoy-Debug-Status
X-Unique-Id
Decoy-Debug-TTL
Decoy-Debug-Key
Cache-Tags
Country
Cleartype
Akamai-GRN
X-Hl-Ver
GEO-INFO
X-Tb
X-Via-Fastly
X-Redis-Cache
X-PERF
X-Origin
FilterID
X-NYM-Debug-Backend
X-Cache-Status-Check
X-ApacheServer
Filterid
X-R9-Blue-Green-Version
X-Akamai-Request-ID
ServedBy
X-Ua-Device
DB-Nickname
X-Web-Node
X-Vgn-Hpd-Reason
X-Varnish-Hits
X-Soup
Content-Disposition
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-ShardId
X-ServerID
Cache-Key
X-ShopId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Request-Time
X-Proxy-Cache-Status
X-Debug-Cache
X-Device-Type
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-Cache-Config
X-BYPASS-REASON
X-Akamai-Request-ID2
X-Alternate-Cache-Key
X-Amzn-Remapped-Content-Length
X-Generated-By
X-Goog-Meta-Goog-Reserved-File-Mtime
NGX
OT-Force-Account-Verify
X-ProxyCache-Key
X-ProxyCache-Status
Now
X-Proto
X-Hosted-By
X-Human
Origin-Cache-Control
X-Pubstack
Origin-Edge-Control
X-Cache-Remote
X-Viewer-Country
X-TNCMS
X-Timing-Wait
X-Site-Version
X-Www-Served-By
X-AWS-Id
X-Detected-As
X-LJ-Flow-ID
X-FW-Dynamic
S-Rt
Mn-Server-Ip
Selected-Fe
X-Locale
X-JoinUs
X-IP
X-BCube-Filmed-By
X-Loop
X-MP-GENERATED-AT
X-SaId
X-PressLabs-Stats
X-Proxy-Build
X-NCache
Ec-Rule-Version
X-Generated
Azure-RegionName
Azure-SiteName
Azure-InstanceId
X-Cache-Time
X-FB-TRIP-ID
Azure-Version
Azure-SlotName
Cross-Origin-Window-Policy
X-VWS-Id
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-Cache-Control
X-Origin-Hint
TWC-Locale-Group
Property-Id
TWC-GeoIP-Country
TWC-Device-Class
Node
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Content-Age
X-Xfnlog-Site
Webserver
X-App-Server
X-TIME
X-Proxied
Access-Control-Request-Headers
X-Zipkin-Id
X-Routing-Service
X-RCS-CacheZone
X-HTML-Minification-Powered-By
X-Real-IP
X-Geo
X-Drupal-Cache-Tags
Cache-Hits
X-Time
X-EC-Lua
X-Uri
Section-Io-Id
Section-Io-Origin-Status
Accept-Language
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-CACHE-KEY
X-UA
X-No-Session
X-Microcachable
X-PCL
X-Varnish-Cache-Hits
X-Varnish-Ttl
X-OCL
X-Qloud-Router
X-Source
X-Adobe-Source
Cf-Ipcountry
Odigeo-Trace-Id
X-Rule
Ms-Operation-Id
X-Esi
X-NWS-UUID-VERIFY
X-RTag
X-Hyper-Cache
User-Agent
X-Load-Cache
Time
X-Azure-Ref
X-From
X-PHP-Host
X-Labrador-Cache-Channel
X-Info
X-Storage
Proxy-Connection
X-Nc
X-RateLimit-Limit
X-Cluster-Node
X-Nginx-Cache
Powered-By-ChinaCache
X-TA-CDN-Provider
X-Cache-NGX
X-Backend-TTL
X-Magnolia-Registration
X-UnsetCookies
X-Aed
X-A-Dgt
X-CF-Lambda-Version
Xc-Version
X-A-Wwc
Meta-Geo-Continent
X-A-Dcw
X-Accel-Expires-Debug
X-Varnish-Beresp-Status
Apple-News-Services-Parsed-Url
X-Connection-Hash
Apple-News-Services-Request-Url
Arc-Country
Viewtype
X-Edge-Location
Apple-News-Services-Host
T-Server
X-Old-Content-Length
A
Apple-News-Services-Handled
True-Client-Country-4JS
X-ND-Cache
X-Newrelic-Synthetics
X-PAYTM-SRV-ID
X-Varnish-Beresp-Grace
X-A
X-A-Ccd
X-Processor
X-D
X-OVcl-Cache
VivaBuild
AsisCache
BehaviorPad-Version
X-OVcl
X-A-Dam
Content-Style-Type
X-Application
GEO-REGION-INFO
X-G
X-ARC
X-External-Request-Id
X-Vdms-Version
X-Session-Fingerprint
X-ScT
X-VG-TLSProxy
Request-Country
X-Date
X-SRCache-Key
X-B-Cookie
X-Trv-Group
MD5-Digest
X-Transaction
Mobile-Detection-Method
Machine
X-GoCache-CacheStatus
X-Destination
X-DPWN-IS-SECURE
X-Developer
X-Twitter-Response-Tags
X-S-Cookie
Rendered-Blocks
X-S
X-CF-Lambda-Fn
X-Region-Sid
X-VG-WebCache
X-Drupal-Cache-Contexts
Content-Script-Type
X-GeoIP-Country-Code
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Cdn-Srv
X-VG-WebServer
X-Request-URI
Request-EU
Fastcgi-X-Cache-Version
X-Rojux
Rt-Fastcgi-Cache
X-Rewrite-Enabled
X-Request-UUID
X-Cluster-Name
Geo-Info
Mime-Version
Server-Host
X-Generated-On
Uber-Trace-Id
X-Core-Value
Cache-Name
Locid
X-Developers
L5d-Success-Class
X-Eu-Site
HA-Ipaddr
X-GeoIP-City
Ha-Gx-Prefs
X-Geo-Header
PFcat
X-IN-APIGATEWAYSSL
CDCHOST
X-Distil-CS
X-IN-APIGATEWAY
ServerName
X-Service
X-ServiceProvider
X-Sigma
X-Sigma-Backend
X-Served-From
X-Rocket-Nginx-Bypass
X-Reboot
X-Rocket-Build-Number
Thinkindot-CacheControl
X-Cdn-Origin
X-Sn-Servicetimems
X-TT-TIMESTAMP
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
X-C
X-Thinkindot-L3
X-Backend-State
X-Cache-Grace
X-Cache-Expired-At
X-Oneagent-Js-Injection
X-VCache
X-Matched-Rule
Viewport
Thinkindot-Control
Thinkindot-CacheControl-Type
HitType
X-Level-Front-Cache
X-Agile-Id
W
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-CGP
X-Agile-Age
X-Agile
X-CF-Powered-By
X-Cache-Bucket
X-Contensis-Viewer-Groups
X-CUA
X-Debug-Cache-Expiry
X-CS
X-Cache-FS-Status
X-Cache-Info
X-Debug-Cache-Store
X-Clientip
X-Clara-WADP
X-Debug-Cookies
X-Debug-Log
X-Cms-Context
X-Cache-Tags
X-Debug-Cache-Fetch
X-NodeID
X-WebServer
X-RateLimit-Remaining-Second
X-We-Are-Hiring
X-WADP-Cache
X-VServer
X-Rebelmouse-Cache-Control
X-Webstats-RespID
X-App-Name
X-Varnish-Cacheable
X-Owner
X-Platform-Server
X-Proxy-Upstream
X-Block-Status
X-RateLimit-Limit-Second
X-Rebelmouse-Surrogate-Control
X-Request-Host
X-Urbn-Site-Id
X-Var-Ttl
X-Urbn-Context-Path
X-Trace-Id
X-TrackingId
X-Tumblr-Pixel-3
X-Variation
X-Varnish-Authentication
X-Skip-Cache
X-VC-Cache
X-Slack-Backend
X-Swa-Ws
X-Thanos
X-Origin-Expires
X-Origin-Date
X-Generated-In
X-Gen-Mode
X-Generation-Time
X-Has-Esi
X-Hit
X-Hash
X-Gamma-Serve
X-FW-Version
X-Dispatcher-Server
X-Dispatch
X-Distributor
X-Epic-Correlation-Id
X-Fetched-On
X-Fastly-Cache
X-Hnp-Log
X-Instart-Isnd
X-Logging-Id
X-LI-UUID
X-Micro-Cache
X-Ms-Request-Id
X-NX-Host
X-Ms-Version
X-LI-Proto
X-Li-Pop
X-Is-Gdpr
X-Irp-Debug
X-JWT-State
X-LAGOON
X-Li-Fabric
X-Device-Os
X-Cache-ASPX
Locale
Kp-EeAlive
Is-Eu
Heartbleed
Mail-Subject
Memcached
Pramga
Platform
On-Server
N-Cache
Group
Gh-Request-Id
Cache-Host
Adler-Geo
X-Varnish-Beresp-Ttl
X-Bip
Country-Code
Countrycode
Fastly-SWR
Fastly-SIE
Fastly-Drupal-HTML
Environment
Server-Cache-Control
AKAMAI
V-Age
X-Auto-Login
We-Hiring
Web-Mar-Node
X-BBXSRF
Server-Surrogate-Control
User-Cache-Control
Server-ID
Hostname
X-SIPLIST1
X-Server-W
X-Lb-Id
Cloudfront-Viewer-Country
X-Servername
X-BACKEND-TTL
RNT-Time
IsBot
X-Cache-URL
X-Core-Mission
RNT-Machine
X-Bc-Bl
X-Nginx-Cache-Key
X-DevSite-Last-Modified
X-S-Maxage
X-Sucuri-ID
X-VHOST
X-Node-Id
Wxu-Next-Hostname
Wxu-Next-Commit
X-RESPONSE-TIME
X-Refresh
FNAC-ModuleRouting
X-Response-By
X-Req
Wxu-Next-Region
X-Backend-Host
X-NC
X-Origin-CC
Cache-Cookie-Set-Lfrom
X-Ratelimit-Remaining
X-CLOUD-TRACE-CONTEXT
Cache-Cookie-Set-Idcheck
X-Parent-Response-Time
Cache-Cookie-Set-From
X-Origin-TTL
X-Cdn-Forward
X-App-Version
X-Up
X-Fmm-Version
X-B3-Spanid
X-VCT
X-Server-Time
Fastly-Backend-Name
X-Scheme
X-CSRF-Token
X-Pjax-Url
Cache
X-MSEdge-Flight
X-MSEdge-Features
Pragrma
X-Varnish-URL
Cdn-Host
Cdn-Request-Time
X-TT-LOGID
X-Edge-Server
X-CDN-Forward
Origin
X-Correlation-ID
X-SN
X-APP
X-FPC
Geoip-City
Geoip-Latitude
X-Instart-Info
SD-X-WS
Cdncip
PICS-Label
X-AK-Request-ID
Cdnsip
GeoIp-Country-Code
Proxy-Firewall
X-Cache-Host
X-MCACHE
Ohc-File-Size
X-Edge
X-CSRF-TOKEN
X-Vcl-Version
Request-Time
X-Cache-PHP
X-Ruxit-Js-Agent
Vix-Hermes-Req-Id
TTL
CACHE
X-SVT-ORM-RULES
M-TraceId
X-SVT-ORM-VERSION
X-Air-Hostname
X-ECACHE
X-Wa
X-NU-AKA-ACS-Version
NtCoent-Length
X-HS-Status
NM-Fastcgi-Cache
Cdn
X-Wix-Viewer-Type
X-Vdms-Path
X-URL
X-Be
Resin-Trace
X-Myra-Origin2
RequestId
X-Pf-Uncompressing
X-Cache-Debug
Ohc-Cache-HIT
X-Ratelimit-Limit
X-Ua
CF-Cached-On
X-Mid
X-Bc
Server-Ext
Server-Hostname
Sever-Int
Memory
Pagetype
X-Zone
X-ServedByHost
X-TH-Server
X-Cache-Metadata
Tcn
IBM-Web2-Location
X-Method
Magicmarker
X-ECache
X-Dynatrace-Js-Agent
SRV
HostName
X-Unique-ID
X-Servedbyhost
X-FORWARDED-FOR
Release
Cteonnt-Length
X-Worker
X-GEO
Dnion-Transfer-Encoding
X-ZONE
X-BC
Server-Int
X-Ocache
Load-Balancing
X-Via-PopV
X-Via-PopH
X-Swift-Error
X-NGINX-Cache
X-Newrelic-App-Data
XServer
Powered-By
Lb
X-Tb-Optimization-Total-Bytes-Saved
X-Request-Start
X-Envoy-Upstream-Healthchecked-Cluster
X-Protected-By
Dt-Cache-Category
X-Branch-Name
X-Referer
X-Azure-Ref-OriginShield
X-Tec-Api-Origin
X-Tec-Api-Root
X-Policy
X-Tec-Api-Version
X-WA
X-Configured-By
Pics-Label
Fastly-Soc-X-Request-Id
X-Esi-Check
X-AIR-PT
X-Cache-Id
X-DC
X-Gzip
Esi-Enabled
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Fastly-Country-Code
X-Planisys-CDN-Rules
Ttl
X-VCL-Version
X-B3-SpanId
X-Node-ID
X-Datadome
X-Action
X-COUNTRY
Fastly-SSL
X-Reqid
X-RPM
X-DSS
X-DI
X-DB
GeoIP-Country-Code
X-DW
X-SRV
X-ABtesting
X-Hello
X-RSL
X-RPS
X-Flog
X-C-Zone
X-C-Key
MIME-Version
GeoIP-Latitude
X-Via-Ucdn
Who
X-Fpc
GeoIP-City
Host-ID
X-Ftr-Request-Id
X-VarnishDD-TTL
X-HostName
X-Cache-Backend
X-Powered-Y
X-SERVER-NAME
X-Svr
X-Via-CDN
X-Render-Time
LB
X-PF-Uncompressing
ProcessTime
Amp-Access-Control-Allow-Source-Origin
X-Amzn-Remapped-Connection
X-PJAX-URL
Lfy
X-Amzn-Remapped-Date
X-Country-IP
X-User
X-Fastly-Request-Id
X-Varnish-Url
X-UPSTREAM-Address
UCS
X-Fastly-Backend-Reqs
X-MID
X-Key
X-Varnish-Beresp-TTL
Sid
X-SD-PageType
FSS-Cache
X-Beluga-Trace
X-Beluga-Node
X-Beluga-Cache-Status
FSS-Proxy
Product
X-Beluga-Record
X-Beluga-Status
X-Beluga-Response-Time
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Backend
X-Ftr-Dc
X-Ftr-Realm
Requestid
X-Flow-Id
X-LiteSpeed-Cache-Control
X-Zalando-Child-Request-Id
X-RAMCache
X-WPE-Loopback-Upstream-Addr
SN
X-Internal-Host
X-B3-Parentspanid
X-Ftr-Cache-Host
X-Agile-Brick-Ok
Xet-Cookie
X-Sucuri-Cache
X-Page-Impression-Id
CF-IPCountry
X-Request-Url
WebServer
X-Server-IP
X-Aicache-OS
X-Pinterest-Direct
X-Apw-Hits
L
X-Apw-Access-Action
X-Apw-Access-Object
X-Compress-Hint
WZWS-RAY
X-BE
CDN
X-Tid
X-Location
X-Apw-Access-Token
X-Debug-Revision
X-Debug-Controller
X-Check-Cacheable
X-Litespeed-Cache-Control
X-Sucuri-Id
Servername
X-ServerName
X-App
Cneonction
X-MiniProfiler-Ids
X-Dw-Trace-Id
DataCenter
X-Fastly-Cache-Hits
X-Request-URL
X-LB-ID
CloudFront-Viewer-Country
X-ElasticPress-Search
X-Nananana