Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
P3P
X-Amz-Cf-Pop
Referrer-Policy
CF-Ray
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Ua-Compatible
X-Iinfo
P3p
X-Template
X-Language
X-AspNetMvc-Version
Status
Upgrade
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-Request-ID
X-Turbo-Charged-By
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
EagleId
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
EagleEye-TraceId
X-Backend-Server
X-Host
X-Node
X-Vhost
X-Response-Time
NEL
X-Dispatcher
X-Ac
X-Cache-Lookup
X-WebKit-CSP
X-Readtime
X-Origin-Upstream-Status
Surrogate-Control
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Country
X-DataDome
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Url
Edge-Control
X-Rack-Cache
Rating
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
RTSS
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-FTR-Request-ID
X-Varnish-TTL
X-DynaTrace
X-ASPNET-VERSION
X-Country-Code
X-Instart-Request-ID
Allow
Service-Worker-Allowed
Content-MD5
X-GitHub-Request-Id
Verso
X-Server-Name
X-D2id
X-ESI
Pinterest-Generated-By
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-MS-InvokeApp
SPRequestGuid
X-Cached
X-Navigation-Version
X-Powered-By-Plesk
X-Vcache
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-B3-TraceId
Fusion-Deployment-Id
X-Abt-Application-Version
X-Amz-Rid
X-Trace
X-Debug
TCN
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Public-Key-Pins
X-Fastly-Request-ID
X-SharePointHealthScore
X-Ttl
Nginx-Cache
X-MSEdge-Ref
X-VARITI-CCR
X-Vcap-Request-Id
X-Server-ID
MS-Author-Via
Charset
Arr-Disable-Session-Affinity
X-Px
Accept-Ch
X-NF-Request-ID
X-Accel-Expires
Accept-CH
X-Cache-TTL
X-Fastcgi-Cache
SPRequestDuration
SPIisLatency
X-Webkit-Csp
Edge-Cache-Tag
Realpath
Response
Display
X-Middleton-Display
X-Middleton-Response
Pagespeed
X-Content-Type
X-Ser
X-Sol
X-Client-IP
Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Version
X-DynaTrace-JS-Agent
Accept-Ch-Lifetime
Accept-CH-Lifetime
NR-ENABLED
Front-End-Https
X-Powered-CMS
X-Id
Pinterest-Version
X-Pinterest-Rid
Access-Control-Request-Method
X-Dns-Prefetch-Control
X-Grace
X-Jurisdiction
X-Hp-Webp
AR-ATIME
AR-Request-ID
AR-PoweredBy
S
X-Upstream
X-Forwarded-For
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-T
MRF-Tech
X-Mrf-Item-Lastmod
X-Hits
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Element-Page-Cache
DynaTrace
X-Dw-Request-Base-Id
Ar-Sid
AR-CACHE
Fastcgi-Cache
ServerID
X-Shield-Request-Id
X-Node-Name
X-Mobile-URL
X-Cache-Hit
PB-PID
PB-RID
X-Recruiting
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Powered
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
Server-Node
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-Frontend
WPE-Backend
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Mobile-Rewrite
Arc-Version
TP-Cache
TP-L2-Cache
X-FTR-Expires
X-Amzn-Trace-Id
AMP-Access-Control-Allow-Source-Origin
Upgrade-Insecure-Requests
X-DIS-Request-ID
X-Shard
X-Ezoic-Cdn
X-Request-Processing-Time
X-Request-Received
Refresh
Alternate-Protocol
X-HS-Combine-CSS
X-NWS-LOG-UUID
Fastly-Restarts
X-XRDS-Location
X-Logged-In
X-Correlation-Id
X-Varnish-Age
X-Request-Handler-Origin-Region
X-Microsite
Server-Name
X-TTL
X-Page-Id
X-F-Cache
X-FTR-Cache-Host
X-LB-Cache
X-B
X-Akamai-Edgescape
X-User-Agent
Backend-Timing
X-Rid
X-ATS-Timestamp
X-Geo-Country
X-Content-Security-Policy-Report-Only
X-N
MicrosoftSharePointTeamServices
Host-Header
X-XRDS-LOCATION
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Via-JSL
Host
X-Zen-Fury
Cache-Status
X-ORACLE-APMCS-TAG
X-Origin-Server
X-ORACLE-APMCS-REQUEST-ID
X-Kinsta-Cache
X-Varnish-Grace
X-Content-Options
Healthy
X-Revision
X-B3-Sampled
X-TT
X-AOL-HN
X-ATG-Version
X-Tumblr-Pixel-0
X-Tumblr-User
X-Type
X-Tumblr-Pixel
X-Jobs
Paypal-Debug-Id
X-Amz-Replication-Status
X-Cache-Action
Section-Io-Cache
X-App-Environment
X-Request-Guid
X-Signature
X-Instance
X-FB-Debug
X-B-Cache
Actual-Object-TTL
X-Git-Hash
X-Debug-Info
Access-Control-Allow-Method
X-Varnish-Backend
X-Whom
Frame-Options
X-Hostname
X-WebKit-CSP-Report-Only
Fastcgi-Useragent
X-Amz-Apigw-Id
Liferay-Portal
X-Content-Powered-By
X-Cluster
X-Seen-By
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cache-Rule
X-Cache-Operation
X-Erf-Bev-Bev
X-Cache-Age
X-Erf-Bev-Bev-Is-Generated
Trailer
X-Endurance-Cache-Level
X-Activity-Id
X-PHP-Backend
X-Az
X-AppVersion
X-FireWall-Port
X-Framework
Tracecode
X-Contextid
X-Cache-Key
X-Srv
X-Daa-Tunnel
X-Cached-By
X-WA-Info
Source
X-Mobile
X-Host-Name
X-Amzn-Requestid
Retry-After
Xserver
X-IPLB-Instance
X-Upgrade-Enabled
NGB
X-Accel-Buffering
X-Response-Served-From
X-RemovedCookies
X-ProcessESI
Accept-Charset
X-RateLimit-Remaining
Srv
X-Adobe-Loc
X-FastCGI-Cache
X-Adobe-Content
Surrogate-Key
DC
X-UUID
X-FW-Hash
X-GeoIP
X-FW-Serve
X-Cache-NE
X-Varnish-Server
X-Presslabs-Stats
X-FW-Server
X-FW-Type
Eomportal-Instance
X-Environment-Context
X-FW-Static
Payment
X-Is-Bot
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Region
X-RequestSource
X-L-Path
X-Rendered-As
X-Handled-By
X-Cacheable-TTL
Filters
X-Origin-Response-Time
X-Varnish-Hostname
From-Origin
X-UA-Device-Type
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
VIX-Pulpo-Node
X-Wix-Request-Id
VIX-Pulpo-Upstream-Status
X-EdgeConnect-Cache-Status
X-Backend-Name
X-Cache-Server
X-Cache-2
Server-Info
X-CST
Cache-Tv-Group
Filterid
MS-CV
X-NGENIX-Cache
X-APP-VERSION
Datacenter
Version
X-Unique-Id
X-Akamai-Transformed
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Status
X-Cache-Enabled
X-Cache-Time
X-Cache-Control
X-TIME
X-Mode
S-Cnection
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Var-Map
X-ES-SERVER
Meta-Geo
X-Cache-Var
X-CCM
X-Path-Route
X-RN-RSRV
Webserver
Country
ServedBy
X-R9-Blue-Green-Version
X-Forwarded-Host
X-Ua-Device
X-Hl-Ver
X-Via-Fastly
X-PERF
X-ApacheServer
Cache-Tags
Cleartype
Decoy-Debug-TTL
Akamai-GRN
DB-Nickname
Now
Decoy-Debug-Status
Decoy-Debug-Key
Cache-Key
X-Debug-Cache
OT-Force-Account-Verify
X-FC-Vary-Parameters
X-VWS-Id
X-Vgn-Hpd-Reason
X-Tb
X-FW-Dynamic
X-Proto
X-LJ-Flow-ID
X-Origin
X-Origin-Hint
X-TX-ID
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Pubstack
X-ServerID
X-Redis-Cache
X-RCS-CacheZone
X-ProxyCache-Status
X-ProxyCache-Key
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-ShopId
X-ShardId
X-Human
X-Goog-Meta-Goog-Reserved-File-Mtime
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Origin-Edge-Control
Property-Id
Section-Io-Id
Section-Io-Origin-Status
TWC-Locale-Group
TWC-Privacy
X-BYPASS-REASON
X-Cache-Status-Check
X-Device-Type
X-EIG-Tracking-Id
X-AWS-Id
X-Alternate-Cache-Key
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Akamai-Request-ID2
Origin-Cache-Control
NGX
X-PressLabs-Stats
X-IPS-LoggedIn
X-SaId
X-Proxy-Build
X-Routing-Service
X-Esi
X-Timing-Wait
X-Site-Version
X-Proxied
X-Section
X-NCache
X-Access
GEO-INFO
Selected-Fe
X-Content-Age
X-Format
X-JoinUs
X-Generated
X-Www-Served-By
X-Zipkin-Id
X-Say-Cacheable
X-Proxy-Cache-Status
X-Loop
X-SayCDN-TTL
X-Soup
X-Web-Node
X-Aspnetmvc-Version
X-TNCMS
X-Locale
X-IP
Ec-Rule-Version
Content-Disposition
Access-Control-Request-Headers
X-Amzn-Remapped-Content-Length
X-Cache-Config
X-Hosted-By
X-Detected-As
X-Xfnlog-Site
X-Say-TTL
Azure-SlotName
X-Pad
Cross-Origin-Window-Policy
Azure-Version
Mn-Server-Ip
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-NYM-Debug-Backend
X-Real-IP
X-Request-Time
X-FB-TRIP-ID
S-Rt
X-Adobe-Source
X-Viewer-Country
X-MP-GENERATED-AT
X-Varnish-Hits
X-Dc
X-Cdn
X-Geo
X-CACHE-KEY
Cache-Hits
X-Cache-Remote
X-Akamai-Request-ID
X-BCube-Filmed-By
X-Generated-By
X-HTML-Minification-Powered-By
Node
X-Amzn-RequestId
X-B3-Traceid
X-EC-Lua
Nel
Odigeo-Trace-Id
X-NewRelic-App-Data
X-No-Session
X-Microcachable
X-Rule
X-Drupal-Cache-Tags
Accept-Language
X-SS-Set-Cookie
FilterID
X-Uri
X-Cache-NGX
Cf-Ipcountry
X-RateLimit-Limit
X-From
X-CF-Powered-By
X-Azure-Ref
X-App-Server
X-RTag
X-Webkit-CSP
Ms-Operation-Id
X-PCL
X-Source
X-Backend-TTL
Time
X-OCL
X-Qloud-Router
X-NWS-UUID-VERIFY
User-Agent
X-Edge-O15-RID
X-Varnish-Cache-Hits
X-Labrador-Cache-Channel
X-Hyper-Cache
Proxy-Connection
X-SERVER
X-PHP-Host
X-Time
X-Info
X-Old-Content-Length
X-Nginx-Cache
X-GoCache-CacheStatus
Cache-Name
X-Cache-Grace
X-Storage
Uber-Trace-Id
X-Rojux
X-Region-Sid
X-OVcl
X-PAYTM-SRV-ID
X-Processor
X-OVcl-Cache
X-Request-URI
X-Request-UUID
Arc-Country
VivaBuild
X-Connection-Hash
X-CF-Lambda-Version
X-A
Viewtype
True-Client-Country-4JS
X-Date
X-D
ServerName
T-Server
X-A-Ccd
X-A-Dam
X-Aed
X-Application
X-ARC
X-B-Cookie
X-Cdn-Srv
X-Accel-Expires-Debug
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-CF-Lambda-Fn
X-Destination
Request-EU
AsisCache
BehaviorPad-Version
Fastcgi-X-Cache-Version
X-GeoIP-Country-Code
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-CS
A
Apple-News-Services-Handled
Apple-News-Services-Host
GEO-REGION-INFO
X-G
Mobile-Detection-Method
X-Developer
Rendered-Blocks
Request-Country
Meta-Geo-Continent
MD5-Digest
X-External-Request-Id
X-DPWN-IS-SECURE
Machine
X-Drupal-Cache-Contexts
X-Rewrite-Enabled
X-Session-Fingerprint
X-SRCache-Key
X-Transaction
X-S
X-VG-WebCache
X-Newrelic-Synthetics
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-ScT
X-Trv-Group
X-S-Cookie
X-Vdms-Version
Xc-Version
X-Twitter-Response-Tags
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Cluster-Node
Geo-Info
X-Cluster-Name
X-NC
X-Generated-On
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-VG-TLSProxy
Cache-Cookie-Set-Lfrom
X-Sn-Servicetimems
X-GeoIP-City
X-Thinkindot-L3
X-Matched-Rule
Viewport
X-Core-Value
X-Trafficlayer-App-Version
X-Level-Front-Cache
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Served-From
X-Cache-Expired-At
X-IN-APIGATEWAY
Thinkindot-CacheControl
X-Reboot
X-Rocket-Nginx-Bypass
X-Trafficlayer-App-Name
PFcat
Content-Style-Type
X-Cdn-Origin
X-VCT
Server-Host
X-UA
X-Trafficlayer-App-Scope
X-IN-APIGATEWAYSSL
X-Edge-Location
X-ServiceProvider
Content-Script-Type
X-Geo-Header
X-S-Maxage
X-UnsetCookies
User-Cache-Control
X-Nc
X-Urbn-Site-Id
X-Urbn-Context-Path
X-DevSite-Last-Modified
X-Developers
X-Debug-Log
X-Debug-Cache-Store
X-Backend-State
X-Var-Ttl
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Varnish-Authentication
X-Debug-Cookies
X-Contensis-Viewer-Groups
X-Cache-Bucket
X-Cache-FS-Status
X-Cache-Info
X-Cache-URL
N-Cache
X-Wikidot-Static-Cache
X-Bip
Memcached
X-Block-Status
X-Cache-ASPX
X-Wikidot-Backend
X-Webstats-RespID
X-Device-Os
X-Core-Mission
X-VC-Cache
X-CUA
X-Cms-Context
X-Clara-WADP
X-WebServer
X-WADP-Cache
Rt-Fastcgi-Cache
X-CGP
X-Varnish-Cacheable
X-Generated-In
X-NX-Host
X-NodeID
X-Origin-Date
X-Origin-Expires
X-Li-Fabric
X-Sigma
X-Sigma-Backend
X-Nginx-Cache-Key
X-Ms-Version
X-Slack-Backend
X-SIPLIST1
X-JWT-State
X-Owner
X-Server-W
X-Rocket-Build-Number
X-LI-UUID
X-Bc-Bl
X-Servername
X-VServer
X-Request-Host
X-Req
X-Proxy-Upstream
X-Li-Pop
X-LI-Proto
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Ms-Request-Id
X-Swa-Ws
X-Has-Esi
X-Eu-Site
X-Fastly-Cache
X-Fetched-On
X-Fmm-Version
X-Epic-Correlation-Id
X-FW-Version
X-Distil-CS
X-Dispatcher-Server
X-Tumblr-Pixel-3
X-TT-TIMESTAMP
X-Distributor
X-Gamma-Serve
X-Gen-Mode
X-Micro-Cache
X-Magnolia-Registration
X-Trace-Id
X-Is-Gdpr
X-Thanos
X-Logging-Id
X-LAGOON
X-TrackingId
X-Hash
X-Hnp-Log
X-Instart-Isnd
X-Irp-Debug
X-Dispatch
X-BBXSRF
Cache-Host
AKAMAI
On-Server
Mail-Subject
Locid
X-Varnish-Beresp-Ttl
Powered-By-ChinaCache
FNAC-ModuleRouting
Server-Cache-Control
RNT-Time
RNT-Machine
CDCHOST
Locale
Ha-Gx-Prefs
Group
Gh-Request-Id
Fastly-Drupal-HTML
HA-Ipaddr
Heartbleed
L5d-Success-Class
Kp-EeAlive
IsBot
Country-Code
Server-Surrogate-Control
Server-ID
Wxu-Next-Region
Wxu-Next-Hostname
X-App-Name
X-Agile
X-Agile-Id
X-Agile-Age
Web-Mar-Node
Wxu-Next-Commit
W
V-Age
X-Backend-Host
X-Auto-Login
We-Hiring
X-Lb-Id
X-Scheme
X-We-Are-Hiring
X-Hit
X-Skip-Cache
X-Variation
X-Platform-Server
Fastly-SIE
Fastly-SWR
Platform
Adler-Geo
X-Cache-Tags
X-Rebelmouse-Cache-Control
Is-Eu
X-Clientip
X-Rebelmouse-Surrogate-Control
Countrycode
X-C
X-Generation-Time
Pramga
X-Load-Cache
Mime-Version
X-VHOST
X-Sucuri-ID
X-Node-Id
X-Response-By
Cloudfront-Viewer-Country
X-ND-Cache
X-Service
X-RESPONSE-TIME
X-Refresh
Cache
X-Instart-Info
SD-X-WS
X-SN
HitType
X-Edge
X-MCACHE
X-CLOUD-TRACE-CONTEXT
X-TA-CDN-Provider
X-APP
X-CDN-Forward
Proxy-Firewall
Environment
X-App-Version
X-B3-Spanid
X-BACKEND-TTL
X-Pjax-Url
X-VCache
X-Varnish-URL
Vix-Hermes-Req-Id
X-Parent-Response-Time
X-ECACHE
Request-Time
X-Cache-PHP
X-Varnish-Ttl
Origin
X-CSRF-Token
Hostname
NM-Fastcgi-Cache
CF-Cached-On
X-Mid
X-Vdms-Path
M-TraceId
X-MSEdge-Flight
X-Correlation-ID
X-Wa
X-MSEdge-Features
X-Origin-TTL
X-Origin-CC
X-Ua
Fastly-Backend-Name
X-Up
X-Cdn-Forward
X-CSRF-TOKEN
X-Ratelimit-Remaining
Server-Ext
Pagetype
X-Server-Time
Sever-Int
PICS-Label
Server-Hostname
X-Be
Cdn-Request-Time
Geoip-City
X-FPC
Cdn-Host
X-TT-LOGID
X-Edge-Server
Geoip-Latitude
Pragrma
X-Wix-Viewer-Type
HostName
X-Method
GeoIp-Country-Code
X-ECache
TTL
X-HS-Status
Cdn
X-URL
Cdnsip
X-Via-PopV
X-Newrelic-App-Data
Magicmarker
X-Myra-Origin2
X-Via-PopH
X-Vcl-Version
CACHE
Cdncip
X-Worker
NtCoent-Length
X-AK-Request-ID
X-Protected-By
X-DC
X-Envoy-Upstream-Healthchecked-Cluster
X-Branch-Name
X-Bc
Resin-Trace
X-Request-Start
X-SVT-ORM-VERSION
X-Litespeed-Cache
X-Zone
X-SVT-ORM-RULES
X-Servedbyhost
X-Referer
X-Cache-Metadata
Ohc-File-Size
Memory
Dt-Cache-Category
X-Azure-Ref-OriginShield
X-NU-AKA-ACS-Version
X-Air-Hostname
X-Policy
X-Cache-Host
SRV
Cteonnt-Length
X-Dynatrace-Js-Agent
X-Pinterest-Direct
X-C-Zone
X-Planisys-CDN-TTL
X-C-Key
X-ZONE
X-FORWARDED-FOR
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Oneagent-Js-Injection
X-BC
Release
X-GEO
X-Ratelimit-Limit
Lb
Load-Balancing
X-SRV
X-VCL-Version
Esi-Enabled
X-Cache-Debug
X-Pf-Uncompressing
X-ServedByHost
RequestId
XServer
X-NGINX-Cache
X-Swift-Error
X-TH-Server
Ttl
GeoIP-Country-Code
Who
X-Reqid
Ohc-Cache-HIT
Pics-Label
X-Via-Ucdn
X-Cache-Id
X-Tec-Api-Origin
X-Esi-Check
X-Configured-By
Dnion-Transfer-Encoding
GeoIP-City
X-Tec-Api-Root
IBM-Web2-Location
X-Tec-Api-Version
X-AIR-PT
GeoIP-Latitude
X-Unique-ID
X-Ruxit-Js-Agent
X-Node-ID
Server-Int
X-Country-IP
UCS
X-Fastly-Country-Code
X-Gzip
X-Datadome
X-Tb-Optimization-Total-Bytes-Saved
X-Fpc
X-COUNTRY
Product
FSS-Cache
Powered-By
X-Ocache
X-VarnishDD-TTL
X-B3-SpanId
MIME-Version
LB
X-WA
Fastly-Soc-X-Request-Id
Sid
X-Svr
X-PF-Uncompressing
X-SERVER-NAME
X-Powered-Y
X-RAMCache
X-WPE-Loopback-Upstream-Addr
Fastly-SSL
X-PJAX-URL
X-Varnish-Url
X-Server-IP
X-Fastly-Backend-Reqs
X-Fastly-Request-Id
Lfy
X-Action
X-RPM
X-DW
X-DSS
X-Apw-Hits
X-DI
X-DB
X-ABtesting
X-MID
X-Apw-Access-Token
X-RPS
X-Apw-Access-Action
X-Flog
FSS-Proxy
X-Hello
X-BE
X-SD-PageType
X-RSL
X-Varnish-Beresp-TTL
X-Apw-Access-Object
X-Page-Impression-Id
X-Flow-Id
X-Render-Time
Host-ID
C-Via
Xet-Cookie
X-Agile-Brick-Ok
Amp-Access-Control-Allow-Source-Origin
Tcn
X-Zalando-Child-Request-Id
X-LiteSpeed-Cache-Control
X-ElasticPress-Search
Requestid
CF-IPCountry
X-Cache-Backend
X-Via-CDN
X-Debug-Revision
L
CDN
Cneonction
X-Compress-Hint
ProcessTime
X-Debug-Controller
X-Aicache-OS
SN
X-Check-Cacheable
X-Amzn-Remapped-Date
X-B3-Parentspanid
X-Amzn-Remapped-Connection
X-HostName
CloudFront-Viewer-Country
X-Fastly-Cache-Hits
X-MiniProfiler-Ids
X-LB-ID
X-Location
My-App
X-Request-Url
X-Nananana
WZWS-RAY
X-Dw-Trace-Id
X-User
X-Request-URL
DataCenter
X-App