Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
P3P
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
X-Request-Id
Alt-Svc
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
P3p
Status
Upgrade
X-CDN
X-Ua-Compatible
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-AH-Environment
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Server
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Xkey
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
X-Varnish-Cache
Grace
X-UA-Device
X-Request-ID
X-Amz-Version-Id
Cf-Railgun
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Device
X-Server-Id
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
NEL
X-Dispatcher
X-Ac
X-Cache-Lookup
X-Readtime
Surrogate-Control
X-Origin-Upstream-Status
Content-Location
X-WebKit-CSP
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Country
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-DataDome
X-Akam-SW-Version
X-Rack-Cache
Edge-Control
X-Url
Rating
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
X-Goog-Hash
Allow
X-DynaTrace
X-Instart-Request-ID
X-Country-Code
X-Varnish-TTL
Content-MD5
X-ASPNET-VERSION
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
X-Webkit-Csp
X-ESI
Pinterest-Generated-By
X-Server-Name
X-D2id
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-MS-InvokeApp
SPRequestGuid
X-Vcache
X-Navigation-Version
X-Cached
X-Powered-By-Plesk
X-B3-TraceId
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
X-Debug
X-Abt-Application-Version
X-Amz-Rid
Accept-Ch
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Trace
X-Fastly-Request-ID
X-MSEdge-Ref
X-SharePointHealthScore
Nginx-Cache
X-Vcap-Request-Id
Public-Key-Pins
X-VARITI-CCR
X-Server-ID
MS-Author-Via
Arr-Disable-Session-Affinity
TCN
Charset
X-Px
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
X-Fastcgi-Cache
Edge-Cache-Tag
Accept-Ch-Lifetime
X-Middleton-Display
X-Middleton-Response
Response
Display
Pagespeed
Realpath
SPIisLatency
SPRequestDuration
X-Sol
Fusion-Deployment-Id
X-Version
X-Content-Type
X-Ttl
X-Ser
X-Client-IP
Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Accept-CH
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-DynaTrace-JS-Agent
X-Pinterest-Rid
Pinterest-Version
Front-End-Https
X-Powered-CMS
Access-Control-Request-Method
X-Id
X-Hp-Webp
X-Jurisdiction
NR-ENABLED
X-Upstream
X-Grace
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Forwarded-For
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Ar-Sid
X-Dns-Prefetch-Control
AR-CACHE
X-Content-Digest
X-T
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Hits
S
DynaTrace
X-Dw-Request-Base-Id
Accept-CH-Lifetime
Fastcgi-Cache
X-TTL
ServerID
X-Mobile-URL
X-Node-Name
X-Amzn-Trace-Id
X-FTR-Backend-Server
PB-RID
X-FTR-Realm
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-DC
X-FTR-Balancer
PB-PID
X-XRDS-LOCATION
X-Recruiting
X-Cache-Hit
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
Arc-Version
X-Frontend
X-HS-Hub-Id
X-Mobile-Rewrite
X-HS-Content-Id
X-HS-Cache-Config
Server-Node
X-FTR-Expires
Powered
X-Ezoic-Cdn
X-Shard
TP-Cache
TP-L2-Cache
AMP-Access-Control-Allow-Source-Origin
X-DIS-Request-ID
X-Shield-Request-Id
Upgrade-Insecure-Requests
Fastly-Restarts
X-NWS-LOG-UUID
X-HS-Combine-CSS
X-Request-Processing-Time
X-Request-Received
Alternate-Protocol
X-Logged-In
Refresh
X-Varnish-Age
WPE-Backend
X-Request-Handler-Origin-Region
X-Microsite
Server-Name
X-FTR-Cache-Host
MicrosoftSharePointTeamServices
X-Correlation-Id
X-B
X-Page-Id
X-LB-Cache
X-Akamai-Edgescape
X-F-Cache
Backend-Timing
X-ATS-Timestamp
X-Rid
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Geo-Country
X-N
X-Via-JSL
Host
X-Zen-Fury
Cache-Status
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Content-Options
X-ORACLE-APMCS-REQUEST-ID
X-Origin-Server
X-ORACLE-APMCS-TAG
Host-Header
X-Varnish-Grace
X-B3-Sampled
X-Kinsta-Cache
X-Revision
X-Amz-Apigw-Id
X-AOL-HN
X-Amz-Replication-Status
X-TT
X-Signature
X-Jobs
X-Request-Guid
Actual-Object-TTL
X-Type
X-Tumblr-User
X-XRDS-Location
X-App-Environment
Paypal-Debug-Id
X-Tumblr-Pixel-0
X-ATG-Version
X-B-Cache
X-Tumblr-Pixel
X-FB-Debug
X-Instance
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-Varnish-Backend
X-Content-Powered-By
X-Git-Hash
X-Cache-Action
X-Debug-Info
Fastcgi-Useragent
Healthy
Frame-Options
Liferay-Portal
X-Whom
Section-Io-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Srv
X-Cluster
X-Cache-Key
X-Seen-By
X-Cached-By
X-Cache-Rule
X-Daa-Tunnel
X-Hostname
X-Az
X-Cache-Operation
X-AppVersion
X-PHP-Backend
X-Activity-Id
X-Framework
X-Erf-Bev-Bev-Is-Generated
X-CST
X-Erf-Bev-Bev
X-FireWall-Port
Tracecode
X-WA-Info
X-Cache-Age
X-Presslabs-Stats
X-Endurance-Cache-Level
X-Mobile
X-Amzn-Requestid
X-Contextid
Retry-After
X-IPLB-Instance
Xserver
X-Host-Name
X-Accel-Buffering
X-Response-Served-From
NGB
X-Upgrade-Enabled
Accept-Charset
Source
X-RemovedCookies
X-ProcessESI
Surrogate-Key
Eomportal-Instance
DC
X-Tumblr-Pixel-1
X-Rendered-As
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-FW-Hash
X-Cache-NE
X-Adobe-Loc
Payment
X-FW-Serve
X-FW-Static
Filters
X-FW-Type
X-Is-Bot
X-GeoIP
X-FW-Server
X-Adobe-Content
X-Cacheable-TTL
X-Origin-Response-Time
X-L-Path
X-Environment-Context
X-Handled-By
X-Region
X-Varnish-Server
X-UUID
Srv
X-RequestSource
Trailer
X-FastCGI-Cache
X-EdgeConnect-Cache-Status
X-UA-Device-Type
From-Origin
X-Cache-2
Server-Info
X-Cache-TTL-Remaining
X-Backend-Name
X-Proxy
X-APP-VERSION
X-Time-Microsecs
X-RateLimit-Remaining
X-Wix-Request-Id
Cache-Tv-Group
X-Edge-O15-RID
X-Cache-Server
MS-CV
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-Enabled
X-Dc
X-Akamai-Transformed
X-NGENIX-Cache
Version
Datacenter
X-Status
X-Unique-Id
X-TIME
GEO-INFO
X-Mode
S-Cnection
X-IPS-LoggedIn
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Var
X-CCM
FilterID
X-RN-RSRV
X-ES-SERVER
Meta-Geo
X-Path-Route
X-Cache-Var-Map
X-TX-ID
X-Hl-Ver
X-Cache-Status-Check
X-Forwarded-Host
X-NewRelic-App-Data
X-Pad
X-ApacheServer
X-Cache-Time
Cache-Tags
X-PERF
X-Via-Fastly
Country
Decoy-Debug-Key
Decoy-Debug-TTL
X-Redis-Cache
X-R9-Blue-Green-Version
Decoy-Debug-Status
ServedBy
Cleartype
X-FC-Vary-Parameters
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-AWS-Id
X-Pubstack
X-FW-Dynamic
X-LJ-Flow-ID
X-EIG-Tracking-Id
X-ServerID
X-Shopify-Stage
X-Debug-Cache
X-Shopify-Generated-Cart-Token
X-ShopId
X-ShardId
X-Device-Type
Now
DB-Nickname
OT-Force-Account-Verify
Origin-Edge-Control
X-Alternate-Cache-Key
X-Vgn-Hpd-Reason
X-Origin
X-Varnish-Hits
X-Cache-Control
X-Hosted-By
Origin-Cache-Control
X-VWS-Id
X-Proto
X-Akamai-Request-ID2
Selected-Fe
Mn-Server-Ip
X-Content-Age
X-Amzn-Remapped-Content-Length
X-BYPASS-REASON
X-Cache-Config
X-Access
NGX
Webserver
Webcakes-App-Version
X-TNCMS
X-Timing-Wait
X-Tb
X-NCache
X-Loop
X-Www-Served-By
X-Locale
X-Proxied
X-Soup
X-Routing-Service
X-SaId
X-Section
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Build
X-Proxy-Cache-Status
X-Zipkin-Id
Property-Id
Webcakes-Region
X-Site-Version
Webcakes-App-Name
X-Origin-Hint
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Format
X-Generated
X-Human
TWC-Privacy
X-IP
TWC-Connection-Speed
X-JoinUs
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Detected-As
Akamai-GRN
Content-Disposition
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
Cross-Origin-Window-Policy
Ec-Rule-Version
Azure-InstanceId
X-Viewer-Country
X-FB-TRIP-ID
Filterid
X-MP-GENERATED-AT
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-NYM-Debug-Backend
X-Xfnlog-Site
X-SS-Set-Cookie
X-Web-Node
X-Generated-By
X-RCS-CacheZone
S-Rt
Cache-Key
X-Akamai-Request-ID
X-Ua-Device
X-Cache-Remote
X-Request-Time
Access-Control-Request-Headers
X-BCube-Filmed-By
X-HTML-Minification-Powered-By
X-Real-IP
Node
X-Geo
Cache-Hits
X-Amzn-RequestId
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-EC-Lua
X-App-Server
Section-Origin-Responded
Section-Io-Origin-Status
X-B3-Traceid
Nel
X-Drupal-Cache-Tags
Accept-Language
X-PressLabs-Stats
X-No-Session
X-Microcachable
X-Adobe-Source
X-Uri
Odigeo-Trace-Id
X-Rule
X-CACHE-KEY
X-PCL
X-UA
X-OCL
X-Qloud-Router
X-NWS-UUID-VERIFY
X-RTag
Ms-Operation-Id
Cf-Ipcountry
X-Source
X-Varnish-Cache-Hits
Time
X-From
X-Azure-Ref
X-Hyper-Cache
User-Agent
X-Esi
X-Info
X-PHP-Host
X-Labrador-Cache-Channel
Proxy-Connection
X-Time
X-Cache-NGX
X-Storage
X-CLOUD-TRACE-CONTEXT
X-RateLimit-Limit
X-Cluster-Node
X-Load-Cache
X-Backend-TTL
X-Nc
X-CF-Powered-By
X-Old-Content-Length
X-Nginx-Cache
X-GoCache-CacheStatus
X-Region-Sid
X-Cache-Grace
A
Apple-News-Services-Handled
Apple-News-Services-Host
X-Processor
Uber-Trace-Id
X-Drupal-Cache-Contexts
X-Request-URI
Cache-Name
Powered-By-ChinaCache
Apple-News-Services-Parsed-Url
X-PAYTM-SRV-ID
Rendered-Blocks
Machine
MD5-Digest
BehaviorPad-Version
GEO-REGION-INFO
Content-Style-Type
Content-Script-Type
Meta-Geo-Continent
X-Varnish-Beresp-Grace
Arc-Country
Apple-News-Services-Request-Url
Mobile-Detection-Method
AsisCache
X-Varnish-Beresp-Status
Fastcgi-X-Cache-Version
X-OVcl
X-Cdn-Srv
X-CF-Lambda-Fn
X-B-Cookie
X-ARC
X-Magnolia-Registration
X-CF-Lambda-Version
X-Connection-Hash
X-Developer
X-Destination
X-Date
X-D
X-Application
X-Aed
True-Client-Country-4JS
X-A-Dam
X-A-Ccd
X-A
VivaBuild
T-Server
X-A-Dcw
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
ServerName
X-DPWN-IS-SECURE
X-External-Request-Id
X-ScT
Request-EU
X-Session-Fingerprint
X-SRCache-Key
X-Transaction
X-S-Cookie
X-S
Request-Country
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-Trv-Group
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-G
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebServer
X-GeoIP-Country-Code
X-Vdms-Version
X-VG-WebCache
X-OVcl-Cache
Viewtype
X-TA-CDN-Provider
Rt-Fastcgi-Cache
X-Cluster-Name
X-GeoIP-City
X-Rocket-Nginx-Bypass
X-Reboot
Server-Host
X-Service
X-Sn-Servicetimems
X-Cdn-Origin
X-ServiceProvider
X-Core-Value
X-UnsetCookies
X-IN-APIGATEWAY
X-Generated-On
X-Geo-Header
X-IN-APIGATEWAYSSL
X-Newrelic-Synthetics
PFcat
X-Edge-Location
X-Level-Front-Cache
X-Cache-Expired-At
X-Served-From
X-VG-TLSProxy
X-CS
Viewport
X-Trafficlayer-App-Version
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Varnish-Ttl
X-Fastly-Cache
X-Fetched-On
X-Eu-Site
X-Distil-CS
X-Distributor
X-Bc-Bl
X-BBXSRF
X-Gamma-Serve
X-App-Name
X-Agile-Id
X-Generation-Time
X-Agile-Age
X-Auto-Login
X-Generated-In
X-Backend-State
X-Dispatcher-Server
X-Gen-Mode
X-FW-Version
X-Debug-Cache-Store
X-Cache-Bucket
X-Cache-ASPX
X-C
X-Cms-Context
X-Clara-WADP
X-Cache-FS-Status
X-Cache-URL
X-CGP
X-Contensis-Viewer-Groups
X-Core-Mission
X-Debug-Cache-Fetch
X-Developers
X-Device-Os
X-Debug-Cache-Expiry
X-CUA
X-Block-Status
X-Bip
X-Dispatch
X-JWT-State
X-Thanos
X-Thinkindot-L3
X-TrackingId
X-TT-TIMESTAMP
X-Slack-Backend
X-SIPLIST1
X-Rocket-Build-Number
X-Server-W
X-Sigma
X-Sigma-Backend
X-Tumblr-Pixel-3
X-Urbn-Context-Path
X-WebServer
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-WADP-Cache
X-VC-Cache
X-Urbn-Site-Id
X-Var-Ttl
X-Varnish-Authentication
X-Varnish-Cacheable
X-Request-Host
X-RateLimit-Remaining-Second
X-LAGOON
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Agile
X-Is-Gdpr
X-Hash
X-Hnp-Log
X-Instart-Isnd
X-Irp-Debug
X-Logging-Id
X-Matched-Rule
X-Origin-Expires
X-Owner
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Origin-Date
X-NodeID
X-Micro-Cache
X-Ms-Request-Id
X-Ms-Version
X-ND-Cache
X-Has-Esi
X-LI-UUID
RNT-Machine
RNT-Time
Pramga
On-Server
N-Cache
Server-Cache-Control
Server-ID
Thinkindot-Control
User-Cache-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Surrogate-Control
Memcached
Mail-Subject
Gh-Request-Id
Group
CDCHOST
Cache-Host
AKAMAI
Ha-Gx-Prefs
HA-Ipaddr
Locale
Locid
L5d-Success-Class
IsBot
Heartbleed
V-Age
X-Varnish-Beresp-Ttl
Mime-Version
W
Web-Mar-Node
We-Hiring
X-S-Maxage
X-Swa-Ws
X-Skip-Cache
X-Servername
X-Trace-Id
X-Epic-Correlation-Id
X-Debug-Log
Platform
X-Variation
Adler-Geo
X-Lb-Id
X-Debug-Cookies
Cloudfront-Viewer-Country
X-Nginx-Cache-Key
Kp-EeAlive
Is-Eu
Fastly-Drupal-HTML
Fastly-SWR
Fastly-SIE
X-Hit
X-NX-Host
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Country-Code
X-Platform-Server
Countrycode
HitType
X-DevSite-Last-Modified
X-Clientip
Wxu-Next-Commit
X-Req
Wxu-Next-Hostname
Wxu-Next-Region
X-We-Are-Hiring
FNAC-ModuleRouting
X-Backend-Host
X-VServer
X-Cache-Info
X-Cache-Tags
X-Sucuri-ID
X-Node-Id
X-NC
Environment
X-BACKEND-TTL
X-Ratelimit-Remaining
Geo-Info
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-VHOST
Hostname
X-RESPONSE-TIME
X-VCT
X-Fmm-Version
X-Response-By
X-Scheme
X-Refresh
X-Correlation-ID
X-Parent-Response-Time
X-Cdn-Forward
X-Pjax-Url
X-B3-Spanid
X-Origin-CC
X-Origin-TTL
Cache
X-CSRF-Token
X-SN
X-Instart-Info
X-Varnish-URL
X-VCache
X-APP
Fastly-Backend-Name
X-Up
X-CDN-Forward
Proxy-Firewall
Origin
X-Server-Time
X-FPC
Geoip-Latitude
Geoip-City
X-Edge
X-MCACHE
SD-X-WS
X-App-Version
M-TraceId
Cdn-Request-Time
Cdn-Host
Pragrma
PICS-Label
X-TT-LOGID
X-Edge-Server
X-MSEdge-Flight
GeoIp-Country-Code
X-MSEdge-Features
TTL
X-Cache-PHP
Vix-Hermes-Req-Id
X-Vcl-Version
Request-Time
X-CSRF-TOKEN
Cdncip
X-AK-Request-ID
CF-Cached-On
NM-Fastcgi-Cache
CACHE
X-Wa
X-Vdms-Path
Cdnsip
X-Be
X-Cache-Host
X-SVT-ORM-RULES
X-HS-Status
X-Wix-Viewer-Type
X-Mid
X-SVT-ORM-VERSION
Ohc-File-Size
X-ECACHE
NtCoent-Length
Pagetype
X-ECache
X-NU-AKA-ACS-Version
X-Air-Hostname
X-Ratelimit-Limit
X-URL
Cdn
X-ServedByHost
Sever-Int
Resin-Trace
Server-Hostname
X-Myra-Origin2
Server-Ext
X-Ua
SRV
HostName
Memory
X-Cache-Debug
X-Method
X-Zone
RequestId
X-Bc
X-Pf-Uncompressing
Magicmarker
X-Cache-Metadata
X-TH-Server
Tcn
X-Via-PopV
X-ZONE
Cteonnt-Length
X-BC
X-Via-PopH
Ohc-Cache-HIT
X-Worker
X-Newrelic-App-Data
X-Swift-Error
X-Dynatrace-Js-Agent
X-Oneagent-Js-Injection
X-Request-Start
X-NGINX-Cache
Release
X-Envoy-Upstream-Healthchecked-Cluster
IBM-Web2-Location
X-Branch-Name
X-Protected-By
X-FORWARDED-FOR
X-Referer
X-GEO
Server-Int
X-Servedbyhost
X-Azure-Ref-OriginShield
X-Policy
Dnion-Transfer-Encoding
Load-Balancing
Dt-Cache-Category
XServer
X-Unique-ID
X-Fastly-Country-Code
X-Ocache
Powered-By
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Lb
X-Tb-Optimization-Total-Bytes-Saved
X-Planisys-CDN-Rules
X-Tec-Api-Version
X-Configured-By
X-AIR-PT
X-Tec-Api-Root
X-Esi-Check
X-Reqid
Esi-Enabled
X-Cache-Id
X-C-Key
X-Tec-Api-Origin
X-C-Zone
X-WA
X-Ruxit-Js-Agent
X-DC
X-B3-SpanId
Who
Ttl
X-Gzip
X-VCL-Version
X-Datadome
Fastly-Soc-X-Request-Id
Pics-Label
X-Node-ID
X-COUNTRY
Fastly-SSL
X-Via-Ucdn
X-SRV
GeoIP-Country-Code
X-Action
MIME-Version
UCS
X-DSS
X-Country-IP
X-DI
X-Hello
X-VarnishDD-TTL
X-RPM
X-RPS
X-RSL
X-ABtesting
X-Flog
X-DW
GeoIP-City
GeoIP-Latitude
X-DB
X-HostName
Product
X-Varnish-Url
X-Fpc
X-SERVER-NAME
LB
X-Svr
X-RAMCache
X-PF-Uncompressing
Host-ID
FSS-Cache
X-Powered-Y
X-WPE-Loopback-Upstream-Addr
X-Cache-Backend
ProcessTime
X-PJAX-URL
X-Render-Time
X-Amzn-Remapped-Connection
Lfy
X-Amzn-Remapped-Date
X-Fastly-Request-Id
X-Via-CDN
X-Fastly-Backend-Reqs
X-UPSTREAM-Address
CF-IPCountry
X-Varnish-Beresp-TTL
X-MID
X-Pinterest-Direct
X-Server-IP
X-SD-PageType
Sid
X-User
FSS-Proxy
X-Beluga-Response-Time
Cneonction
X-Beluga-Node
X-Beluga-Cache-Status
X-Page-Impression-Id
X-Flow-Id
X-Internal-Host
X-Zalando-Child-Request-Id
X-Apw-Hits
X-Beluga-Status
X-Agile-Brick-Ok
X-Key
X-Beluga-Trace
X-LiteSpeed-Cache-Control
Xet-Cookie
X-Apw-Access-Action
Amp-Access-Control-Allow-Source-Origin
Requestid
X-Beluga-Record
X-Apw-Access-Token
X-Apw-Access-Object
X-Aicache-OS
X-Tid
WZWS-RAY
X-Sucuri-Cache
SN
CDN
L
X-BE
X-Compress-Hint
X-Debug-Controller
X-Check-Cacheable
X-B3-Parentspanid
X-Debug-Revision
X-Sucuri-Id
X-Litespeed-Cache-Control
C-Via
X-App
X-Location
CloudFront-Viewer-Country
X-Dw-Trace-Id
DataCenter
X-Request-Url
X-MiniProfiler-Ids
X-LB-ID
X-Fastly-Cache-Hits
X-ElasticPress-Search
X-Request-URL
X-Nananana