Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
CF-RAY
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
P3P
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Ua-Compatible
X-Iinfo
P3p
X-Template
X-Language
X-AspNetMvc-Version
Status
Upgrade
X-CDN
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Request-ID
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Ws-Request-Id
X-Pass-Why
X-Backend
X-Age
X-Server
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Feature-Policy
Server-Timing
X-Swift-SaveTime
X-Swift-CacheTime
Request-Context
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Server-Id
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
EagleEye-TraceId
X-Backend-Server
X-Host
X-Vhost
X-Node
X-Response-Time
X-Dispatcher
X-Ac
X-Cache-Lookup
NEL
X-WebKit-CSP
X-Origin-Upstream-Status
X-Readtime
Surrogate-Control
Request-Id
Content-Location
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Country
X-DataDome
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Url
Edge-Control
Rating
X-Rack-Cache
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
RTSS
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
X-FTR-Request-ID
X-DynaTrace
X-Country-Code
X-Instart-Request-ID
X-ASPNET-VERSION
X-Varnish-TTL
Allow
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
Content-MD5
X-Server-Name
X-D2id
X-ESI
Pinterest-Generated-By
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-MS-InvokeApp
SPRequestGuid
X-Cached
X-Navigation-Version
X-Powered-By-Plesk
X-Vcache
X-Forwarded-Proto
Fusion-Deployment-Id
X-B3-TraceId
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-Amz-Rid
X-Trace
X-Ttl
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Public-Key-Pins
X-Debug
TCN
X-Fastly-Request-ID
X-SharePointHealthScore
Nginx-Cache
X-MSEdge-Ref
X-VARITI-CCR
X-Vcap-Request-Id
X-Server-ID
MS-Author-Via
Arr-Disable-Session-Affinity
Charset
Accept-CH
X-Px
X-Fastcgi-Cache
X-Accel-Expires
X-NF-Request-ID
X-Cache-TTL
SPRequestDuration
SPIisLatency
Accept-Ch
Edge-Cache-Tag
Display
Response
Realpath
X-Middleton-Display
Pagespeed
X-Middleton-Response
X-Webkit-Csp
X-Content-Type
X-Ser
X-Sol
X-Client-IP
Accept-CH-Lifetime
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-DynaTrace-JS-Agent
Cache-Tag
X-Version
NR-ENABLED
X-Powered-CMS
Front-End-Https
Pinterest-Version
X-Pinterest-Rid
X-Id
Accept-Ch-Lifetime
Access-Control-Request-Method
X-Grace
X-Hp-Webp
S
X-Jurisdiction
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Upstream
X-Forwarded-For
X-Dns-Prefetch-Control
X-T
X-Hits
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Element-Page-Cache
MRF-Tech
X-Amz-Meta-S3cmd-Attrs
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Content-Digest
DynaTrace
X-Dw-Request-Base-Id
AR-CACHE
Ar-Sid
Fastcgi-Cache
X-Shield-Request-Id
ServerID
X-Node-Name
X-Mobile-URL
X-Cache-Hit
X-Recruiting
WPE-Backend
X-Goog-Generation
X-Goog-Metageneration
PB-PID
X-GUploader-UploadID
X-Goog-Stored-Content-Length
PB-RID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-FTR-Cache-Status
X-Country-Code-Real
Powered
Server-Node
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-Aspnet-Version
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Frontend
Arc-Version
X-Mobile-Rewrite
TP-L2-Cache
TP-Cache
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
X-Amzn-Trace-Id
Upgrade-Insecure-Requests
X-DIS-Request-ID
X-Request-Received
X-Shard
X-Ezoic-Cdn
X-Request-Processing-Time
Refresh
X-HS-Combine-CSS
Alternate-Protocol
X-NWS-LOG-UUID
Fastly-Restarts
X-Correlation-Id
X-Logged-In
X-Varnish-Age
X-Request-Handler-Origin-Region
X-XRDS-Location
X-Microsite
Server-Name
X-Page-Id
X-Akamai-Edgescape
X-B
X-LB-Cache
X-FTR-Cache-Host
X-F-Cache
Backend-Timing
X-Rid
X-ATS-Timestamp
X-User-Agent
X-Geo-Country
X-TTL
X-Content-Security-Policy-Report-Only
X-N
X-XRDS-LOCATION
MicrosoftSharePointTeamServices
Host-Header
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Via-JSL
Host
X-Zen-Fury
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Origin-Server
Cache-Status
X-Kinsta-Cache
X-Varnish-Grace
X-Content-Options
Healthy
X-Revision
X-B3-Sampled
X-AOL-HN
X-TT
X-ATG-Version
Paypal-Debug-Id
X-App-Environment
Section-Io-Cache
X-B-Cache
X-FB-Debug
X-Signature
X-Request-Guid
X-Type
X-Tumblr-User
X-Cache-Action
X-Amz-Replication-Status
X-Jobs
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Actual-Object-TTL
X-Instance
Access-Control-Allow-Method
X-Git-Hash
X-Debug-Info
X-Varnish-Backend
X-Whom
Frame-Options
X-WebKit-CSP-Report-Only
X-Hostname
Fastcgi-Useragent
X-Amz-Apigw-Id
Liferay-Portal
X-Cluster
X-Content-Powered-By
Trailer
X-Seen-By
X-Cache-Rule
X-Cache-Operation
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cache-Age
X-Cache-Key
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Endurance-Cache-Level
X-Az
X-Activity-Id
X-AppVersion
X-PHP-Backend
X-FireWall-Port
X-Contextid
Tracecode
X-Framework
X-Srv
X-Daa-Tunnel
X-Amzn-Requestid
X-WA-Info
X-Cached-By
Source
X-Host-Name
X-Mobile
Xserver
Retry-After
X-Upgrade-Enabled
X-IPLB-Instance
X-Accel-Buffering
X-Response-Served-From
Accept-Charset
NGB
X-ProcessESI
X-Presslabs-Stats
X-RemovedCookies
Srv
DC
Surrogate-Key
X-Adobe-Loc
X-UUID
X-Adobe-Content
X-RequestSource
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Region
X-L-Path
X-Environment-Context
X-GeoIP
X-Varnish-Server
Payment
X-FW-Type
X-Is-Bot
X-Rendered-As
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
Eomportal-Instance
X-Cache-NE
X-Cacheable-TTL
X-Handled-By
Filters
From-Origin
X-RateLimit-Remaining
X-Origin-Response-Time
X-FastCGI-Cache
X-Varnish-Hostname
X-UA-Device-Type
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
X-Cache-Server
Nel
X-Backend-Name
Filterid
X-Cache-2
Server-Info
Cache-Tv-Group
X-CST
MS-CV
X-APP-VERSION
X-NGENIX-Cache
Datacenter
X-Unique-Id
X-Akamai-Transformed
Version
X-Cache-Enabled
X-Status
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-TIME
X-Cache-Time
X-Cache-Control
S-Cnection
X-Mode
X-Yottaa-Metrics
X-Yottaa-Optimizations
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
X-Path-Route
X-CCM
X-RN-RSRV
X-ApacheServer
X-R9-Blue-Green-Version
X-Forwarded-Host
X-PERF
X-Hl-Ver
X-Via-Fastly
GEO-INFO
ServedBy
Country
Cache-Tags
Cleartype
Decoy-Debug-TTL
NGX
X-VWS-Id
X-Origin-Hint
X-Pubstack
X-EIG-Tracking-Id
X-ServerID
DB-Nickname
X-Debug-Cache
X-Vgn-Hpd-Reason
Cache-Key
Akamai-GRN
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Tb
X-ShopId
Decoy-Debug-Key
X-Akamai-Request-ID2
X-ProxyCache-Key
X-Alternate-Cache-Key
Decoy-Debug-Status
X-RCS-CacheZone
X-Human
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-ShardId
X-Sorting-Hat-PodId
Property-Id
TWC-GeoIP-LatLong
TWC-GeoIP-Country
OT-Force-Account-Verify
TWC-Device-Class
TWC-Connection-Speed
X-BYPASS-REASON
X-FW-Dynamic
Section-Origin-Responded
X-Cache-Status-Check
TWC-Locale-Group
X-Redis-Cache
X-TX-ID
X-Shopify-Generated-Cart-Token
X-ProxyCache-Status
Webcakes-App-Version
Webcakes-Region
X-Shopify-Stage
X-Device-Type
Webcakes-App-Name
X-Origin
TWC-Privacy
Origin-Edge-Control
X-Sorting-Hat-ShopId
X-AWS-Id
X-Proto
X-LJ-Flow-ID
Origin-Cache-Control
X-FC-Vary-Parameters
Now
X-SaId
X-Routing-Service
X-Proxy-Build
X-Section
X-Site-Version
X-Www-Served-By
X-Timing-Wait
X-Proxied
X-NCache
X-Access
Selected-Fe
X-Dc
X-Content-Age
X-Format
X-JoinUs
X-Generated
X-Xfnlog-Site
X-Zipkin-Id
X-Say-TTL
X-Say-Cacheable
X-Proxy-Cache-Status
X-SayCDN-TTL
X-Soup
X-Web-Node
X-TNCMS
X-Loop
X-Locale
Ec-Rule-Version
Content-Disposition
Access-Control-Request-Headers
X-Amzn-Remapped-Content-Length
X-Detected-As
X-IP
X-Hosted-By
X-IPS-LoggedIn
X-Cache-Config
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Cross-Origin-Window-Policy
Mn-Server-Ip
Azure-InstanceId
X-MP-GENERATED-AT
X-NYM-Debug-Backend
X-Viewer-Country
X-Real-IP
Webserver
X-Ua-Device
X-FB-TRIP-ID
X-Adobe-Source
S-Rt
X-Geo
X-Request-Time
X-Pad
Cache-Hits
X-PressLabs-Stats
X-Cache-Remote
X-Varnish-Hits
X-Aspnetmvc-Version
X-HTML-Minification-Powered-By
X-Akamai-Request-ID
X-Esi
X-BCube-Filmed-By
Node
X-Generated-By
X-Cdn
X-CACHE-KEY
Odigeo-Trace-Id
X-NewRelic-App-Data
X-EC-Lua
X-Rule
X-No-Session
X-Microcachable
X-Amzn-RequestId
X-B3-Traceid
X-Drupal-Cache-Tags
Accept-Language
X-Uri
X-SS-Set-Cookie
Cf-Ipcountry
X-Cache-NGX
X-Azure-Ref
X-From
FilterID
Ms-Operation-Id
X-CF-Powered-By
X-RTag
Time
X-App-Server
X-Source
X-RateLimit-Limit
X-Qloud-Router
X-PCL
X-OCL
X-NWS-UUID-VERIFY
User-Agent
X-Webkit-CSP
X-Varnish-Cache-Hits
X-Backend-TTL
X-Edge-O15-RID
Proxy-Connection
X-Labrador-Cache-Channel
X-PHP-Host
X-Hyper-Cache
X-Nginx-Cache
X-Old-Content-Length
X-GoCache-CacheStatus
X-SERVER
X-Info
Cache-Name
X-Cache-Grace
X-Time
Uber-Trace-Id
X-Storage
X-CS
X-Varnish-Beresp-Status
X-Cdn-Srv
X-Region-Sid
X-Processor
X-G
X-OVcl-Cache
X-OVcl
X-PAYTM-SRV-ID
X-B-Cookie
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Machine
X-A
X-A-Dam
X-A-Ccd
X-GeoIP-Country-Code
VivaBuild
True-Client-Country-4JS
ServerName
T-Server
Viewtype
Request-EU
Rendered-Blocks
Request-Country
X-A-Dcw
X-A-Dgt
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Arc-Country
Apple-News-Services-Host
Apple-News-Services-Handled
A
X-External-Request-Id
AsisCache
BehaviorPad-Version
X-Accel-Expires-Debug
GEO-REGION-INFO
X-A-Wwc
X-Aed
Fastcgi-X-Cache-Version
X-ARC
X-Application
X-Drupal-Cache-Contexts
X-Varnish-Beresp-Grace
X-S-Cookie
X-ScT
X-Twitter-Response-Tags
X-S
X-Rojux
X-Developer
X-DPWN-IS-SECURE
X-Destination
X-Session-Fingerprint
X-SRCache-Key
X-Transaction
X-Newrelic-Synthetics
X-Trv-Group
X-VG-WebServer
X-Vtex-Processado-Em
X-D
X-Date
X-Vtex-Remote-Cache
X-Rewrite-Enabled
X-Connection-Hash
X-VG-WebCache
X-CF-Lambda-Fn
Xc-Version
X-CF-Lambda-Version
X-Vdms-Version
X-Request-URI
X-Request-UUID
X-Cluster-Name
X-Nc
X-Cluster-Node
X-UA
X-VCT
X-GeoIP-City
X-Served-From
X-IN-APIGATEWAY
Content-Script-Type
X-Geo-Header
X-IN-APIGATEWAYSSL
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Thinkindot-L3
X-Level-Front-Cache
X-ServiceProvider
Content-Style-Type
PFcat
X-Rocket-Nginx-Bypass
X-Reboot
X-Core-Value
Viewport
Server-Host
X-Cache-Expired-At
X-VG-TLSProxy
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Cdn-Origin
X-Edge-Location
X-Matched-Rule
Cache-Cookie-Set-Lfrom
Thinkindot-CacheControl
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
X-Sn-Servicetimems
X-Generated-On
X-NC
User-Cache-Control
Geo-Info
X-Varnish-Ttl
X-UnsetCookies
X-S-Maxage
X-Fetched-On
X-Debug-Cache-Expiry
X-Debug-Cookies
X-Debug-Log
X-Generated-In
V-Age
X-Li-Fabric
W
Wxu-Next-Commit
We-Hiring
X-Debug-Cache-Fetch
Wxu-Next-Hostname
Wxu-Next-Region
X-Distil-CS
X-Debug-Cache-Store
Web-Mar-Node
X-Gen-Mode
X-Gamma-Serve
X-Cache-ASPX
X-Dispatch
X-Block-Status
X-Bip
X-Clara-WADP
X-Dispatcher-Server
X-Bc-Bl
X-FW-Version
X-Cache-Bucket
X-Fmm-Version
X-Developers
X-Cache-URL
X-Device-Os
X-Cache-FS-Status
X-DevSite-Last-Modified
X-CGP
X-BBXSRF
X-Backend-Host
X-Agile-Age
X-Agile-Id
X-Has-Esi
X-Agile
X-Eu-Site
X-CUA
X-Is-Gdpr
X-Cache-Info
X-App-Name
X-Cms-Context
X-Epic-Correlation-Id
X-Distributor
X-Fastly-Cache
X-Contensis-Viewer-Groups
X-Core-Mission
X-Auto-Login
X-JWT-State
X-Owner
X-Request-Host
X-Req
X-Varnish-Beresp-Ttl
X-Rocket-Build-Number
X-Server-W
X-SIPLIST1
X-Sigma-Backend
X-Sigma
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-NX-Host
Server-Surrogate-Control
X-Nginx-Cache-Key
X-VServer
Rt-Fastcgi-Cache
X-Proxy-Upstream
X-Origin-Expires
X-Origin-Date
X-Slack-Backend
N-Cache
X-VC-Cache
X-Varnish-Cacheable
X-Varnish-Authentication
X-WADP-Cache
X-WebServer
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Webstats-RespID
X-Var-Ttl
X-Urbn-Site-Id
X-Thanos
Memcached
X-Swa-Ws
X-Trace-Id
X-TrackingId
X-Urbn-Context-Path
X-Tumblr-Pixel-3
X-TT-TIMESTAMP
X-Ms-Version
X-NodeID
Kp-EeAlive
L5d-Success-Class
Locale
IsBot
X-Hash
X-Ms-Request-Id
HA-Ipaddr
Heartbleed
Locid
Mail-Subject
Server-Cache-Control
Server-ID
X-Li-Pop
RNT-Time
RNT-Machine
On-Server
X-LI-UUID
X-LI-Proto
Group
Ha-Gx-Prefs
CDCHOST
Gh-Request-Id
X-LAGOON
Cache-Host
AKAMAI
X-Magnolia-Registration
X-Servername
X-Logging-Id
X-Micro-Cache
X-Irp-Debug
Fastly-Drupal-HTML
FNAC-ModuleRouting
X-Backend-State
X-Instart-Isnd
X-Hnp-Log
Country-Code
Fastly-SIE
Adler-Geo
Is-Eu
Countrycode
X-Cache-Tags
Platform
X-Hit
X-Lb-Id
X-Generation-Time
X-Scheme
X-Sucuri-ID
Powered-By-ChinaCache
Fastly-SWR
X-Variation
X-We-Are-Hiring
X-Skip-Cache
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-C
X-Clientip
X-Platform-Server
X-Node-Id
Mime-Version
X-Refresh
X-Response-By
Cache
Pramga
X-Edge
X-VHOST
X-Load-Cache
X-MCACHE
X-ND-Cache
X-TA-CDN-Provider
X-Service
X-Instart-Info
SD-X-WS
X-SN
X-RESPONSE-TIME
Cloudfront-Viewer-Country
Proxy-Firewall
X-APP
HitType
X-BACKEND-TTL
X-CLOUD-TRACE-CONTEXT
X-Pjax-Url
Vix-Hermes-Req-Id
Environment
X-B3-Spanid
X-CDN-Forward
X-App-Version
X-CSRF-Token
X-Parent-Response-Time
X-Cache-PHP
X-VCache
Request-Time
Origin
X-Varnish-URL
X-Mid
CF-Cached-On
X-Ratelimit-Remaining
NM-Fastcgi-Cache
X-Vdms-Path
X-ECACHE
M-TraceId
X-MSEdge-Flight
X-MSEdge-Features
Hostname
X-Cdn-Forward
X-Correlation-ID
X-Wa
X-Origin-TTL
X-Origin-CC
Server-Hostname
Server-Ext
Pagetype
Fastly-Backend-Name
X-Ua
Sever-Int
X-Up
PICS-Label
X-CSRF-TOKEN
X-Be
Geoip-Latitude
X-ECache
X-Server-Time
Geoip-City
X-FPC
HostName
X-TT-LOGID
X-Wix-Viewer-Type
Cdn
TTL
Cdn-Request-Time
Pragrma
GeoIp-Country-Code
X-Pinterest-Direct
Cdn-Host
X-Edge-Server
X-Method
X-Protected-By
X-Worker
X-Vcl-Version
X-HS-Status
X-Via-PopV
Magicmarker
X-Via-PopH
X-URL
NtCoent-Length
CACHE
X-Envoy-Upstream-Healthchecked-Cluster
Cdnsip
X-AK-Request-ID
X-Request-Start
X-Newrelic-App-Data
X-Myra-Origin2
Resin-Trace
Cdncip
X-Branch-Name
X-DC
X-Servedbyhost
X-Azure-Ref-OriginShield
Memory
X-Referer
X-Policy
Dt-Cache-Category
X-Bc
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Zone
X-Litespeed-Cache
Ohc-File-Size
X-C-Zone
X-C-Key
X-Cache-Metadata
X-BC
X-Ratelimit-Limit
X-NU-AKA-ACS-Version
X-Cache-Host
X-Planisys-CDN-Cache
X-Air-Hostname
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-ZONE
SRV
X-Dynatrace-Js-Agent
Cteonnt-Length
X-Oneagent-Js-Injection
Release
X-ServedByHost
X-FORWARDED-FOR
Esi-Enabled
X-GEO
X-Pf-Uncompressing
Load-Balancing
Who
Lb
X-VCL-Version
X-Reqid
RequestId
X-SRV
X-Cache-Debug
X-NGINX-Cache
X-Swift-Error
XServer
GeoIP-Country-Code
Ttl
X-TH-Server
X-Via-Ucdn
Ohc-Cache-HIT
GeoIP-Latitude
X-Esi-Check
Dnion-Transfer-Encoding
X-Country-IP
UCS
X-Configured-By
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Pics-Label
X-Cache-Id
X-AIR-PT
IBM-Web2-Location
GeoIP-City
X-Unique-ID
X-Ruxit-Js-Agent
X-Datadome
FSS-Cache
X-Fastly-Country-Code
X-COUNTRY
X-Fpc
Product
X-Tb-Optimization-Total-Bytes-Saved
X-Gzip
Server-Int
X-VarnishDD-TTL
X-Node-ID
X-WPE-Loopback-Upstream-Addr
X-Ocache
X-WA
Powered-By
LB
X-B3-SpanId
MIME-Version
Sid
X-Varnish-Url
X-Svr
X-Powered-Y
X-PF-Uncompressing
Fastly-Soc-X-Request-Id
X-SERVER-NAME
X-RAMCache
X-Server-IP
Fastly-SSL
X-Fastly-Backend-Reqs
X-PJAX-URL
X-Action
X-Fastly-Request-Id
Lfy
X-DB
X-RPS
X-Flog
X-Hello
X-RPM
X-RSL
X-ABtesting
X-Varnish-Beresp-TTL
X-SD-PageType
X-DSS
X-DI
X-Apw-Hits
X-MID
C-Via
X-Apw-Access-Token
X-Apw-Access-Action
X-DW
FSS-Proxy
X-BE
X-Apw-Access-Object
X-LiteSpeed-Cache-Control
Xet-Cookie
X-Agile-Brick-Ok
X-Flow-Id
X-Page-Impression-Id
Tcn
X-Render-Time
Requestid
Host-ID
X-Zalando-Child-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-ElasticPress-Search
CF-IPCountry
X-Location
X-Aicache-OS
X-Amzn-Remapped-Connection
SN
X-Via-CDN
X-Amzn-Remapped-Date
WebServer
My-App
X-B3-Parentspanid
X-Debug-Controller
X-Compress-Hint
ProcessTime
CDN
Cneonction
L
X-Debug-Revision
X-Check-Cacheable
X-Cache-Backend
X-HostName
X-Nananana
X-App
X-Fastly-Cache-Hits
X-Mvc-Supplant-OutputCached
X-Sucuri-Cache
CloudFront-Viewer-Country
X-Mvc-Supplant-Cachable
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-User
WZWS-RAY
X-Request-URL
DataCenter
X-Request-Url
X-LB-ID