Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
CF-RAY
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Ua-Compatible
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
P3p
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-AspNetMvc-Version
X-Content-Security-Policy
X-CDN
X-Request-ID
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
Feature-Policy
X-Server-Powered-By
X-Pingback
Server-Timing
Request-Context
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Grace
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-Rq
X-LiteSpeed-Cache
X-Server-Id
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
X-Node
NEL
X-Response-Time
X-Dispatcher
X-WebKit-CSP
X-Ac
X-Cache-Lookup
X-Origin-Upstream-Status
Surrogate-Control
X-Readtime
Request-Id
X-Ruxit-JS-Agent
X-Dns-Prefetch-Control
Content-Location
X-Application-Context
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
X-ORACLE-DMS-ECID
X-HW
X-DataDome
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Url
X-Rack-Cache
X-Cloud-Trace-Context
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Goog-Hash
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
X-Country-Code
X-DynaTrace
X-Varnish-TTL
Fusion-Deployment-Id
X-ASPNET-VERSION
Allow
X-GitHub-Request-Id
Service-Worker-Allowed
Verso
X-Instart-Request-ID
X-MS-InvokeApp
Accept-CH
X-D2id
Content-MD5
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Server-Name
SPRequestGuid
Pinterest-Generated-By
X-Cached
X-Forwarded-Proto
X-Powered-By-Plesk
X-Trace
X-Navigation-Version
Accept-CH-Lifetime
TCN
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Rid
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Fastly-Request-ID
Public-Key-Pins
X-Ttl
X-Vcache
Nginx-Cache
X-Vcap-Request-Id
X-MSEdge-Ref
X-Debug
X-ESI
X-VARITI-CCR
SPIisLatency
SPRequestDuration
Arr-Disable-Session-Affinity
Charset
X-B3-TraceId
MS-Author-Via
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
NR-ENABLED
X-Px
X-DynaTrace-JS-Agent
X-Middleton-Display
X-Middleton-Response
Response
Display
Pagespeed
X-Content-Type
Realpath
X-Sol
X-Client-IP
Cache-Tag
X-Ser
Edge-Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
Access-Control-Request-Method
X-Id
X-Powered-CMS
X-Grace
X-Server-ID
X-Fastcgi-Cache
X-Pinterest-Rid
Pinterest-Version
Front-End-Https
WPE-Backend
X-Hp-Webp
X-Jurisdiction
X-Version
X-Upstream
X-Webkit-Csp
AR-Request-ID
AR-ATIME
X-T
AR-PoweredBy
X-Shield-Request-Id
X-Hits
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Node-Name
Fastcgi-Cache
X-Cache-Hit
ServerID
AR-CACHE
X-Recruiting
Ar-Sid
X-Correlation-Id
X-Mobile-URL
AMP-Access-Control-Allow-Source-Origin
X-Goog-Storage-Class
X-FTR-Balancer
X-FTR-Backend
X-Goog-Generation
X-GUploader-UploadID
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-FTR-DC
X-FTR-Realm
X-Goog-Metageneration
X-Country-Code-Real
X-HS-Cache-Config
X-HS-Content-Id
Server-Node
X-HS-Hub-Id
Powered
X-Forwarded-For
X-Frontend
TP-L2-Cache
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
TP-Cache
PB-RID
PB-PID
X-FTR-Expires
Accept-Ch
X-DIS-Request-ID
Upgrade-Insecure-Requests
Arc-Version
X-Mobile-Rewrite
Refresh
X-HS-Combine-CSS
X-Ezoic-Cdn
X-Shard
Alternate-Protocol
X-SERVER
Server-Name
X-Amzn-Trace-Id
Host-Header
X-Geo-Country
X-NWS-LOG-UUID
X-Request-Handler-Origin-Region
X-Microsite
X-N
Accept-Ch-Lifetime
X-LB-Cache
X-Page-Id
X-Rid
Fastly-Restarts
X-Akamai-Edgescape
X-Logged-In
X-F-Cache
X-FTR-Cache-Host
Backend-Timing
X-B
X-User-Agent
X-ATS-Timestamp
X-Varnish-Age
X-TTL
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-Cache-Key
X-Zen-Fury
X-Kinsta-Cache
X-ORACLE-APMCS-TAG
Healthy
X-ORACLE-APMCS-REQUEST-ID
X-FastCGI-Cache
X-Via-JSL
X-Varnish-Grace
X-Origin-Server
X-XRDS-LOCATION
X-Revision
Host
X-Request-Guid
X-Jobs
X-Varnish-Backend
X-App-Environment
Fastcgi-Useragent
X-Instance
X-Tumblr-User
X-B-Cache
X-Signature
Paypal-Debug-Id
X-ATG-Version
Actual-Object-TTL
X-Hostname
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Git-Hash
X-TT
Section-Io-Cache
X-Seen-By
X-Whom
X-Amz-Replication-Status
X-Type
X-AOL-HN
X-Cache-Age
X-FB-Debug
X-B3-Sampled
X-Cache-Action
X-Debug-Info
X-Esi
X-Cluster
Frame-Options
Cache-Status
X-Content-Options
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
Trailer
X-Cache-Rule
X-Cache-Operation
X-Endurance-Cache-Level
X-Contextid
X-Amzn-Requestid
X-Content-Powered-By
Source
X-Erf-Bev-Bev-Is-Generated
X-Host-Name
X-Erf-Bev-Bev
Tracecode
Liferay-Portal
X-AppVersion
X-Az
X-Activity-Id
X-Daa-Tunnel
X-Amz-Apigw-Id
Accept-Charset
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Presslabs-Stats
X-FireWall-Port
X-PHP-Backend
X-IPLB-Instance
X-Upgrade-Enabled
DC
X-Framework
X-WA-Info
From-Origin
X-Response-Served-From
NGB
X-Accel-Buffering
Retry-After
X-RateLimit-Remaining
X-RemovedCookies
X-ProcessESI
Srv
Surrogate-Key
X-FW-Static
X-FW-Hash
X-FW-Serve
X-FW-Server
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Rendered-As
X-FW-Type
X-Is-Bot
X-UUID
X-Adobe-Content
X-Cacheable-TTL
X-Environment-Context
X-L-Path
Payment
X-Adobe-Loc
Eomportal-Instance
VIX-Pulpo-Upstream-Status
X-RequestSource
X-GeoIP
X-Varnish-Server
VIX-Pulpo-Node
X-Wix-Request-Id
X-Cache-NE
X-Region
X-Mobile
X-APP-VERSION
X-Cached-By
Filters
X-Time-Microsecs
X-UA-Device-Type
X-Unique-Id
X-Handled-By
X-Proxy
X-Varnish-Hostname
X-Origin-Response-Time
Filterid
X-NGENIX-Cache
X-Cache-TTL-Remaining
X-EdgeConnect-Cache-Status
Datacenter
X-Cache-Server
Xserver
X-Cache-Control
X-Webkit-CSP
X-Akamai-Transformed
X-Cache-Time
X-B3-Traceid
X-Backend-Name
MS-CV
X-Srv
X-TIME
Version
X-CST
X-Status
Server-Info
X-Mode
Cache-Tv-Group
GEO-INFO
S-Cnection
X-Cache-2
X-Cache-Enabled
X-Yottaa-Optimizations
Cache-Tags
X-Yottaa-Metrics
X-Rule
Odigeo-Trace-Id
Webserver
Meta-Geo
X-Path-Route
X-CCM
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
X-IP
Azure-SiteName
Azure-Version
Azure-RegionName
OT-Force-Account-Verify
X-TNCMS
Ec-Rule-Version
Azure-InstanceId
X-Redis-Cache
X-Detected-As
X-Loop
X-RN-RSRV
Azure-SlotName
X-FW-Dynamic
S-Rt
X-FC-Vary-Parameters
X-Say-TTL
Akamai-GRN
Cross-Origin-Window-Policy
X-Origin
X-Origin-Hint
X-Real-IP
X-PERF
Now
Webcakes-App-Name
Webcakes-App-Version
X-NCache
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
X-Adobe-Source
X-Hosted-By
X-Human
X-Hl-Ver
X-Forwarded-Host
X-ApacheServer
TWC-GeoIP-Country
TWC-Device-Class
X-Proto
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Cleartype
Country
X-R9-Blue-Green-Version
Origin-Cache-Control
ServedBy
TWC-Connection-Speed
X-Pubstack
Property-Id
Origin-Edge-Control
Cache-Hits
X-Say-Cacheable
DB-Nickname
X-Amzn-Remapped-Content-Length
X-Via-Fastly
X-Web-Node
X-SayCDN-TTL
X-TX-ID
NGX
X-Akamai-Request-ID2
Section-Origin-Responded
X-RCS-CacheZone
Section-Io-Origin-Status
X-VWS-Id
X-Alternate-Cache-Key
Section-Io-Id
X-Vgn-Hpd-Reason
Section-Io-Origin-Time-Seconds
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-LJ-Flow-ID
X-Proxy-Cache-Status
X-NYM-Debug-Backend
X-Locale
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Cache-Config
Content-Disposition
X-Cache-Status-Check
X-ServerID
X-EIG-Tracking-Id
X-Device-Type
X-AWS-Id
X-Backend-TTL
Cache-Key
X-Shopify-Generated-Cart-Token
X-Tb
X-ShopId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
Access-Control-Request-Headers
X-Site-Version
X-Sorting-Hat-ShopId
X-Format
X-Access
X-BCube-Filmed-By
X-Content-Age
X-Routing-Service
X-HTML-Minification-Powered-By
X-MP-GENERATED-AT
X-Proxy-Build
X-Proxied
X-Section
X-JoinUs
X-Zipkin-Id
X-Cache-NGX
X-FB-TRIP-ID
X-SaId
X-Debug-Cache
X-Cache-Remote
Selected-Fe
X-Viewer-Country
Mn-Server-Ip
X-Www-Served-By
X-Timing-Wait
X-Xfnlog-Site
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Ua-Device
X-Oss-Hash-Crc64ecma
Node
X-Soup
X-Request-Time
X-Microcachable
X-No-Session
X-Cdn
X-EC-Lua
X-Varnish-Hits
Cf-Ipcountry
X-PressLabs-Stats
X-Akamai-Request-ID
X-Generated-By
X-CF-Powered-By
X-Pad
Accept-Language
X-Geo
X-Drupal-Cache-Tags
Time
X-NewRelic-App-Data
Nel
X-From
X-IPS-LoggedIn
X-NC
X-Dc
X-Pinterest-Direct
X-Amzn-RequestId
X-Azure-Ref
X-RateLimit-Limit
X-Old-Content-Length
X-NWS-UUID-VERIFY
Uber-Trace-Id
X-VCT
Ms-Operation-Id
X-RTag
X-Source
X-Uri
User-Agent
X-URL
X-CS
X-Cache-Grace
FilterID
X-Newrelic-Synthetics
Cache-Name
X-PHP-Host
X-MCACHE
X-Edge
X-PCL
X-Labrador-Cache-Channel
X-ECACHE
X-OCL
X-GoCache-CacheStatus
X-Nginx-Cache
X-Qloud-Router
X-CDN-Forward
X-Varnish-Cache-Hits
Cache
Proxy-Connection
X-Hyper-Cache
X-Edge-Location
X-Drupal-Cache-Contexts
X-Litespeed-Cache
X-Magnolia-Registration
X-UA
GEO-REGION-INFO
X-Developer
X-DPWN-IS-SECURE
Fastcgi-X-Cache-Version
X-Vdms-Version
X-Instart-Info
X-SRCache-Key
X-Connection-Hash
Machine
X-D
X-Date
X-Destination
X-External-Request-Id
X-FW-Version
X-VG-WebCache
Apple-News-Services-Host
Apple-News-Services-Handled
X-G
X-APP
X-GeoIP-Country-Code
Apple-News-Services-Parsed-Url
X-Info
BehaviorPad-Version
AsisCache
Arc-Country
User-Cache-Control
Request-Country
X-A-Dgt
X-A-Wwc
X-A-Dcw
X-A-Dam
X-A
X-A-Ccd
X-Accel-Expires-Debug
X-Aed
X-B-Cookie
X-Vtex-Remote-Cache
X-ARC
X-Application
X-Vtex-Processado-Em
X-Cache-Bucket
X-VG-WebServer
VivaBuild
Rendered-Blocks
Request-EU
Xc-Version
Mobile-Detection-Method
Memcached
Meta-Geo-Continent
X-CF-Lambda-Version
X-CF-Lambda-Fn
True-Client-Country-4JS
Viewtype
T-Server
ServerName
X-Cdn-Srv
MD5-Digest
Apple-News-Services-Request-Url
X-Trv-Group
X-Session-Fingerprint
X-FORWARDED-FOR
X-Reboot
X-Region-Sid
X-Processor
X-Transaction
X-PAYTM-SRV-ID
X-Rojux
X-Rocket-Nginx-Bypass
X-ScT
X-Twitter-Response-Tags
X-S-Cookie
X-Request-URI
X-Request-UUID
X-S
X-Rewrite-Enabled
X-Cluster-Name
X-Clara-WADP
X-DevSite-Last-Modified
X-Storage
X-Slack-Backend
X-Cache-Info
Web-Mar-Node
Proxy-Firewall
X-Wikidot-Static-Cache
X-Served-From
X-TrackingId
X-Trafficlayer-App-Scope
X-VG-TLSProxy
X-VServer
Gh-Request-Id
Server-Surrogate-Control
X-Wikidot-Backend
X-Thinkindot-L3
X-Contensis-Viewer-Groups
Thinkindot-Control
Thinkindot-CacheControl-Type
On-Server
X-Request-Host
N-Cache
X-Core-Value
X-Trafficlayer-App-Name
Viewport
X-SS-Set-Cookie
Thinkindot-CacheControl
X-Cache-URL
X-We-Are-Hiring
Content-Style-Type
X-Li-Fabric
X-Webstats-RespID
X-Tumblr-Pixel-3
Server-Host
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-App-Server
X-Has-Esi
X-Geo-Header
X-GeoIP-City
Server-Cache-Control
X-Micro-Cache
X-Matched-Rule
X-Backend-Host
X-LI-Proto
X-Li-Pop
X-Backend-State
X-Level-Front-Cache
X-JWT-State
X-Is-Gdpr
X-LI-UUID
X-Mid
X-Irp-Debug
X-Auto-Login
SD-X-WS
X-Servername
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Trafficlayer-App-Version
X-Fmm-Version
X-Fastly-Cache
X-Cdn-Origin
X-Sn-Servicetimems
X-Server-W
Content-Script-Type
X-ServiceProvider
X-Block-Status
X-Gen-Mode
Rt-Fastcgi-Cache
X-BBXSRF
X-WADP-Cache
X-Cache-ASPX
X-Varnish-Authentication
X-Generated-On
X-UnsetCookies
CF-Cached-On
X-S-Maxage
X-Urbn-Context-Path
X-Sigma
X-Sigma-Backend
X-SIPLIST1
X-Bip
X-Urbn-Site-Id
X-Cache-Tags
X-Cache-FS-Status
X-Scheme
X-RateLimit-Remaining-Second
X-Origin-Expires
X-Origin-Date
X-Variation
X-NX-Host
X-Owner
X-VC-Cache
X-Var-Ttl
X-Eu-Site
X-Fetched-On
X-NodeID
X-Nginx-Cache-Key
X-Hash
X-Logging-Id
X-LAGOON
X-Ms-Request-Id
X-Ms-Version
X-Generated-In
X-Generation-Time
X-Varnish-Cacheable
X-Epic-Correlation-Id
X-Platform-Server
X-Rebelmouse-Surrogate-Control
X-Core-Mission
X-CUA
X-Rebelmouse-Cache-Control
X-Req
X-Cms-Context
X-CGP
X-Clientip
X-Cluster-Node
X-Debug-Cookies
X-Debug-Log
X-Dispatcher-Server
X-Distil-CS
X-Distributor
X-Dispatch
X-Device-Os
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Developers
X-Rocket-Build-Number
X-WebServer
Fastly-SIE
X-Bc-Bl
Fastly-Drupal-HTML
X-SN
X-Gamma-Serve
Fastly-SWR
FNAC-ModuleRouting
Heartbleed
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
Group
Countrycode
CDCHOST
X-Trace-Id
X-App-Name
X-Swa-Ws
X-TT-TIMESTAMP
X-Thanos
X-VCache
X-COUNTRY
AKAMAI
Cache-Host
Adler-Geo
A
Vix-Hermes-Req-Id
IsBot
Country-Code
Server-ID
X-Skip-Cache
RNT-Time
RNT-Machine
X-Agile
V-Age
W
Kp-EeAlive
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
Platform
X-Agile-Id
Mail-Subject
Locid
Locale
X-Agile-Age
L5d-Success-Class
X-Sucuri-ID
X-Time
X-Varnish-Beresp-Grace
X-C
X-Varnish-Beresp-Status
X-CACHE-KEY
X-Response-By
X-Hit
X-Cache-Expired-At
X-Cache-PHP
X-Refresh
X-Instart-Isnd
X-CSRF-Token
Geo-Info
X-OVcl
NM-Fastcgi-Cache
Request-Time
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-OVcl-Cache
X-Vdms-Path
PFcat
X-Varnish-Beresp-Ttl
X-RESPONSE-TIME
X-Node-Id
Server-Ext
X-B3-Spanid
Server-Hostname
Sever-Int
X-CLOUD-TRACE-CONTEXT
M-TraceId
Mime-Version
X-Parent-Response-Time
X-Varnish-URL
Pagetype
X-Protected-By
HostName
X-MSEdge-Flight
X-Wa
X-Method
Powered-By-ChinaCache
X-MSEdge-Features
X-SRV
X-FPC
X-Worker
Magicmarker
X-Varnish-Ttl
X-Via-PopH
X-Via-PopV
X-Lb-Id
Pramga
PICS-Label
X-Nc
X-DC
XServer
X-Envoy-Upstream-Healthchecked-Cluster
X-Request-Start
X-Branch-Name
Origin
X-ND-Cache
Cloudfront-Viewer-Country
X-Service
X-TA-CDN-Provider
HitType
Geoip-Latitude
X-Pjax-Url
X-Load-Cache
Geoip-City
Memory
X-Policy
X-GEO
X-Ratelimit-Remaining
X-Be
X-Ua
Environment
X-SERVER-NAME
X-C-Zone
X-Planisys-CDN-Cache
X-C-Key
X-Planisys-CDN-TTL
GeoIp-Country-Code
X-Planisys-CDN-Rules
X-HS-Status
X-Wix-Viewer-Type
Esi-Enabled
Cteonnt-Length
Dt-Cache-Category
X-Servedbyhost
X-VCL-Version
X-ECache
X-App-Version
Who
X-CSRF-TOKEN
X-Up
Ttl
X-Bc
X-Via-Ucdn
X-Reqid
X-Azure-Ref-OriginShield
X-BACKEND-TTL
X-Newrelic-App-Data
X-Myra-Origin2
Fastly-Backend-Name
X-Zone
NtCoent-Length
X-Country-IP
X-Origin-CC
X-Referer
X-Origin-TTL
X-Cache-Metadata
TTL
X-TT-LOGID
Hostname
Pragrma
Resin-Trace
X-Server-Time
X-Cache-Host
SRV
X-Cdn-Forward
Cdn
X-BC
X-Vcl-Version
X-Edge-Server
Cdn-Host
Cdn-Request-Time
X-ZONE
Product
UCS
X-Fastly-Country-Code
X-Oneagent-Js-Injection
X-Ratelimit-Limit
Cdnsip
Release
Load-Balancing
Cdncip
X-Pf-Uncompressing
X-AK-Request-ID
X-ServedByHost
Lb
X-NGINX-Cache
X-Swift-Error
X-Correlation-ID
X-Server-IP
GeoIP-Country-Code
X-NU-AKA-ACS-Version
CACHE
X-Tec-Api-Origin
X-Tec-Api-Root
X-AIR-PT
X-Tec-Api-Version
GeoIP-City
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Configured-By
Sid
GeoIP-Latitude
X-Ruxit-Js-Agent
X-Node-ID
C-Via
LB
X-Air-Hostname
X-Datadome
Dnion-Transfer-Encoding
X-PJAX-URL
FSS-Cache
Ohc-File-Size
X-Dynatrace-Js-Agent
Warning
X-WPE-Loopback-Upstream-Addr
X-Gzip
X-Cache-Id
X-BE
X-Esi-Check
MIME-Version
RequestId
X-Edge-O15-RID
X-Fpc
Ohc-Cache-HIT
X-Cache-Debug
X-Location
X-B3-SpanId
X-WA
My-App
X-TH-Server
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Backend
X-UPSTREAM-Address
IBM-Web2-Location
X-Mvc-Supplant-Cachable
X-Svr
X-RAMCache
X-Powered-Y
X-Sucuri-Cache
Pics-Label
X-VarnishDD-TTL
X-Varnish-Url
X-Fastly-Request-Id
X-Varnish-Beresp-TTL
X-Fastly-Backend-Reqs
Lfy
X-Mvc-Supplant-OutputCached
Fastly-SSL
Server-Int
X-Ocache
X-Apw-Access-Object
X-MID
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Action
Xet-Cookie
X-Sucuri-Id
CDN
X-ElasticPress-Search
X-LiteSpeed-Cache-Control
Powered-By
X-SD-PageType
X-Zalando-Child-Request-Id
X-User
Requestid
X-Flow-Id
X-Page-Impression-Id
X-ElasticPress-Query
X-Agile-Brick-Ok
CF-IPCountry
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Processtime
X-Akamai-ERRuleID
Cneonction
Host-ID
X-Akamai-ERPolicy
X-Debug-Revision
X-Debug-Controller
X-Check-Cacheable
X-Aicache-OS
X-Nananana
X-PF-Uncompressing
X-B3-Parentspanid
X-Unique-ID
X-LB-ID
Fastly-Soc-X-Request-Id
ProcessTime
X-MiniProfiler-Ids
CloudFront-Viewer-Country
X-Dw-Trace-Id
X-Fastly-Cache-Hits
X-Request-URL
X-Request-Url
URI
DataCenter
X-Cache-Tag