Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
P3P
X-Amz-Cf-Pop
CF-Ray
Referrer-Policy
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
X-Request-Id
Alt-Svc
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Ua-Compatible
X-Iinfo
P3p
X-Template
X-Language
X-AspNetMvc-Version
Status
Upgrade
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
X-Swift-SaveTime
X-Swift-CacheTime
Feature-Policy
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
X-Varnish-Cache
Grace
X-UA-Device
X-Request-ID
X-Amz-Version-Id
Cf-Railgun
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Server-Id
X-Device
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
NEL
X-Dispatcher
X-Ac
X-Cache-Lookup
X-WebKit-CSP
X-Readtime
Surrogate-Control
X-Origin-Upstream-Status
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Country
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-DataDome
X-Akam-SW-Version
X-Rack-Cache
X-Url
Edge-Control
Rating
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-PC
X-Vname
X-Goog-Hash
X-TtlSet
X-DynaTrace
X-Varnish-TTL
Allow
X-Instart-Request-ID
X-Country-Code
X-ASPNET-VERSION
Content-MD5
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
X-ESI
X-Server-Name
Pinterest-Generated-By
X-D2id
X-Webkit-Csp
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-MS-InvokeApp
SPRequestGuid
X-Cached
X-Navigation-Version
X-Vcache
X-Powered-By-Plesk
X-B3-TraceId
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
X-Debug
X-Abt-Application-Version
X-Amz-Rid
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Trace
X-Fastly-Request-ID
X-MSEdge-Ref
Public-Key-Pins
X-SharePointHealthScore
Nginx-Cache
X-Vcap-Request-Id
Accept-Ch
X-VARITI-CCR
MS-Author-Via
X-Ttl
Charset
X-Fastcgi-Cache
Arr-Disable-Session-Affinity
TCN
X-Px
X-NF-Request-ID
X-Accel-Expires
X-Cache-TTL
Edge-Cache-Tag
Fusion-Deployment-Id
Realpath
X-Middleton-Response
Display
X-Middleton-Display
Response
Pagespeed
SPRequestDuration
SPIisLatency
Accept-Ch-Lifetime
X-Content-Type
X-Sol
X-Server-ID
X-Ser
X-Version
X-Client-IP
Accept-CH
Cache-Tag
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-DynaTrace-JS-Agent
X-Powered-CMS
AR-Request-ID
Front-End-Https
AR-ATIME
AR-PoweredBy
X-Pinterest-Rid
Pinterest-Version
Access-Control-Request-Method
X-Dns-Prefetch-Control
NR-ENABLED
X-Id
X-Grace
X-Hp-Webp
X-Jurisdiction
Mrf-Cache-Status
MRF-Tech
X-Upstream
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Forwarded-For
X-T
X-Content-Digest
Accept-CH-Lifetime
S
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Hits
AR-CACHE
Ar-Sid
DynaTrace
X-Dw-Request-Base-Id
Fastcgi-Cache
ServerID
X-Mobile-URL
X-Node-Name
PB-RID
PB-PID
X-Cache-Hit
X-FTR-Cache-Status
X-Amzn-Trace-Id
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Recruiting
X-Mobile-Rewrite
Server-Node
Arc-Version
X-Shield-Request-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
Powered
X-FTR-Expires
TP-Cache
TP-L2-Cache
X-Shard
X-Ezoic-Cdn
AMP-Access-Control-Allow-Source-Origin
X-DIS-Request-ID
X-TTL
Upgrade-Insecure-Requests
Fastly-Restarts
X-NWS-LOG-UUID
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
Refresh
Alternate-Protocol
WPE-Backend
X-Logged-In
X-XRDS-LOCATION
X-Varnish-Age
X-Correlation-Id
X-Request-Handler-Origin-Region
X-Microsite
Server-Name
X-FTR-Cache-Host
MicrosoftSharePointTeamServices
X-Akamai-Edgescape
X-F-Cache
X-B
X-LB-Cache
X-Page-Id
Backend-Timing
X-User-Agent
X-Rid
X-ATS-Timestamp
X-Content-Security-Policy-Report-Only
X-Geo-Country
X-N
X-Via-JSL
Host
X-XRDS-Location
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cache-Status
X-Zen-Fury
Host-Header
X-ORACLE-APMCS-REQUEST-ID
X-Content-Options
X-Origin-Server
X-ORACLE-APMCS-TAG
X-Varnish-Grace
X-Kinsta-Cache
X-B3-Sampled
X-Revision
X-Amz-Apigw-Id
X-Amz-Replication-Status
X-TT
X-AOL-HN
X-ATG-Version
X-Instance
X-Jobs
X-Tumblr-Pixel-0
Actual-Object-TTL
X-App-Environment
X-Request-Guid
X-B-Cache
X-Cache-Action
X-FB-Debug
X-Signature
X-Type
X-Tumblr-Pixel
X-Tumblr-User
Paypal-Debug-Id
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Git-Hash
X-Varnish-Backend
X-Content-Powered-By
Healthy
Fastcgi-Useragent
X-Debug-Info
Frame-Options
Section-Io-Cache
Liferay-Portal
X-Whom
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cluster
X-Seen-By
X-Cache-Key
X-Cache-Rule
X-Srv
X-Daa-Tunnel
X-Cached-By
X-Hostname
X-Cache-Operation
X-Az
X-Erf-Bev-Bev-Is-Generated
X-Activity-Id
X-AppVersion
X-PHP-Backend
X-Erf-Bev-Bev
X-Framework
X-Cache-Age
X-FireWall-Port
Tracecode
X-Endurance-Cache-Level
X-Contextid
X-WA-Info
X-Mobile
Retry-After
X-Amzn-Requestid
X-IPLB-Instance
Source
X-CST
X-Host-Name
NGB
X-Accel-Buffering
X-Response-Served-From
X-Upgrade-Enabled
X-RemovedCookies
X-ProcessESI
Srv
Accept-Charset
Eomportal-Instance
Surrogate-Key
Xserver
Trailer
X-Cache-NE
X-Adobe-Loc
X-Presslabs-Stats
DC
X-Environment-Context
Payment
X-Adobe-Content
X-FW-Static
X-RequestSource
X-Rendered-As
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-Region
X-L-Path
X-FW-Server
X-FW-Serve
X-FW-Type
X-GeoIP
X-Is-Bot
X-FW-Hash
Filters
X-Cacheable-TTL
X-Varnish-Server
X-Origin-Response-Time
X-UUID
X-Handled-By
X-UA-Device-Type
X-EdgeConnect-Cache-Status
From-Origin
X-RateLimit-Remaining
X-Cache-2
X-Cache-TTL-Remaining
Server-Info
X-Proxy
X-Backend-Name
X-Time-Microsecs
X-Wix-Request-Id
X-Cache-Server
Cache-Tv-Group
X-FastCGI-Cache
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
MS-CV
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Akamai-Transformed
X-APP-VERSION
Version
X-NGENIX-Cache
X-Cache-Enabled
Datacenter
X-Status
X-Mode
X-Dc
X-Edge-O15-RID
X-Unique-Id
S-Cnection
X-TIME
X-IPS-LoggedIn
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Var
X-Path-Route
Meta-Geo
X-RN-RSRV
X-Cache-Var-Map
X-ES-SERVER
X-CCM
X-Pad
X-Cache-Time
X-Forwarded-Host
ServedBy
X-Hl-Ver
Cache-Tags
Country
Cleartype
X-Cache-Control
X-Cache-Status-Check
X-Redis-Cache
X-PERF
X-TX-ID
X-R9-Blue-Green-Version
Decoy-Debug-Status
Filterid
X-ApacheServer
X-Via-Fastly
Decoy-Debug-Key
X-Ua-Device
Decoy-Debug-TTL
X-AWS-Id
DB-Nickname
X-FC-Vary-Parameters
Akamai-GRN
X-FW-Dynamic
X-Vgn-Hpd-Reason
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Device-Class
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
Property-Id
TWC-Connection-Speed
TWC-Privacy
Webcakes-App-Name
X-ServerID
X-Debug-Cache
Webcakes-Region
X-ShopId
Webcakes-App-Version
X-Origin-Hint
X-Origin
X-Proto
X-Pubstack
X-ShardId
X-Alternate-Cache-Key
Now
X-EIG-Tracking-Id
X-Hosted-By
NGX
X-VWS-Id
X-Varnish-Hits
Origin-Cache-Control
X-Sorting-Hat-PodId
X-LJ-Flow-ID
Origin-Edge-Control
X-Sorting-Hat-ShopId
X-Tb
X-Device-Type
X-Akamai-Request-ID2
X-Goog-Meta-Goog-Reserved-File-Mtime
OT-Force-Account-Verify
FilterID
X-Human
X-Generated
X-PressLabs-Stats
X-IP
X-JoinUs
X-Proxied
X-NCache
X-Locale
X-Format
X-Proxy-Build
X-Amzn-Remapped-Content-Length
X-Access
Webserver
X-BYPASS-REASON
X-Cache-Config
X-Detected-As
X-Content-Age
GEO-INFO
X-Proxy-Cache-Status
X-TNCMS
X-Timing-Wait
X-Soup
X-Viewer-Country
X-Web-Node
X-Zipkin-Id
X-Xfnlog-Site
X-Www-Served-By
X-Site-Version
X-Section
X-RCS-CacheZone
X-ProxyCache-Status
X-ProxyCache-Key
X-Routing-Service
X-SaId
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
Selected-Fe
X-Loop
Content-Disposition
Cross-Origin-Window-Policy
Ec-Rule-Version
Cache-Key
Azure-Version
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Mn-Server-Ip
Azure-SiteName
X-FB-TRIP-ID
X-Generated-By
X-MP-GENERATED-AT
X-NYM-Debug-Backend
S-Rt
X-Akamai-Request-ID
X-Aspnetmvc-Version
X-Cache-Remote
X-Request-Time
Access-Control-Request-Headers
X-SS-Set-Cookie
Section-Origin-Responded
X-Amzn-RequestId
X-BCube-Filmed-By
X-Real-IP
Section-Io-Id
Section-Io-Origin-Status
X-HTML-Minification-Powered-By
Section-Io-Origin-Time-Seconds
Node
X-NewRelic-App-Data
Cache-Hits
X-Geo
X-B3-Traceid
Nel
X-Adobe-Source
X-EC-Lua
X-Drupal-Cache-Tags
X-No-Session
Accept-Language
X-Microcachable
X-App-Server
X-CACHE-KEY
Odigeo-Trace-Id
X-Rule
X-Uri
Cf-Ipcountry
X-OCL
X-Qloud-Router
X-PCL
X-Esi
X-RTag
Ms-Operation-Id
X-NWS-UUID-VERIFY
X-Source
X-From
Time
X-Azure-Ref
X-Varnish-Cache-Hits
User-Agent
X-Hyper-Cache
X-UA
X-Cache-NGX
X-Labrador-Cache-Channel
X-PHP-Host
X-Time
X-Backend-TTL
X-Info
X-RateLimit-Limit
Proxy-Connection
X-Storage
X-CF-Powered-By
X-Cluster-Node
X-Nginx-Cache
X-SERVER
X-Old-Content-Length
X-Load-Cache
X-GoCache-CacheStatus
X-Nc
Viewtype
X-Aed
Cache-Name
AsisCache
Xc-Version
X-Region-Sid
X-D
X-Transaction
X-Date
BehaviorPad-Version
X-Trv-Group
X-G
Fastcgi-X-Cache-Version
X-External-Request-Id
X-DPWN-IS-SECURE
Content-Style-Type
Content-Script-Type
Apple-News-Services-Host
Apple-News-Services-Handled
A
X-GeoIP-Country-Code
Uber-Trace-Id
X-OVcl
X-PAYTM-SRV-ID
X-Processor
X-Developer
X-Newrelic-Synthetics
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-OVcl-Cache
True-Client-Country-4JS
GEO-REGION-INFO
X-Destination
X-Request-UUID
X-CF-Lambda-Version
X-Session-Fingerprint
X-CF-Lambda-Fn
X-Cdn-Srv
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Mobile-Detection-Method
Arc-Country
X-ARC
X-B-Cookie
X-Cache-Grace
X-VG-WebCache
Rendered-Blocks
X-A
VivaBuild
Request-Country
X-A-Dcw
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Request-EU
X-VG-WebServer
X-Application
Meta-Geo-Continent
MD5-Digest
X-Connection-Hash
X-Accel-Expires-Debug
X-Rojux
X-Rewrite-Enabled
X-SRCache-Key
Machine
X-Vdms-Version
X-Request-URI
X-S
X-S-Cookie
ServerName
X-Twitter-Response-Tags
X-A-Dam
X-Drupal-Cache-Contexts
T-Server
X-A-Dgt
X-ScT
Powered-By-ChinaCache
X-A-Wwc
X-A-Ccd
X-UnsetCookies
Geo-Info
X-Cluster-Name
X-Magnolia-Registration
X-IN-APIGATEWAYSSL
X-CS
X-IN-APIGATEWAY
X-Cdn-Origin
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Viewport
Server-Host
X-Cache-Expired-At
X-Geo-Header
X-Generated-On
X-Core-Value
PFcat
X-GeoIP-City
X-Reboot
X-Trafficlayer-App-Scope
X-Rocket-Nginx-Bypass
Rt-Fastcgi-Cache
X-Matched-Rule
X-Trafficlayer-App-Name
X-Thinkindot-L3
X-Served-From
X-ServiceProvider
X-Sn-Servicetimems
X-Edge-Location
X-Trafficlayer-App-Version
X-VG-TLSProxy
X-Level-Front-Cache
User-Cache-Control
X-S-Maxage
X-Swa-Ws
X-Cache-URL
X-Slack-Backend
X-Cache-Info
X-Cache-FS-Status
X-Cache-ASPX
X-Thanos
X-SIPLIST1
X-Cache-Bucket
X-Sigma
X-Cms-Context
X-Server-W
X-Wikidot-Static-Cache
X-Clara-WADP
X-Service
X-Webstats-RespID
X-Wikidot-Backend
X-CGP
X-Sigma-Backend
X-Block-Status
X-Backend-Host
X-Backend-State
X-Urbn-Site-Id
X-Urbn-Context-Path
X-VServer
X-Auto-Login
X-Varnish-Cacheable
X-Varnish-Authentication
X-Var-Ttl
X-Tumblr-Pixel-3
X-BBXSRF
X-TrackingId
X-Trace-Id
X-Bip
X-VC-Cache
X-App-Name
X-WebServer
X-Bc-Bl
X-TT-TIMESTAMP
X-WADP-Cache
X-C
X-Request-Host
X-Ms-Version
X-Generated-In
X-Generation-Time
X-Ms-Request-Id
X-Micro-Cache
X-ND-Cache
X-Nginx-Cache-Key
X-FW-Version
X-NodeID
X-Gamma-Serve
X-Gen-Mode
X-Has-Esi
X-Logging-Id
X-JWT-State
X-LAGOON
X-Is-Gdpr
X-Instart-Isnd
X-Irp-Debug
X-Hnp-Log
X-Hash
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-NX-Host
X-Fetched-On
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-RateLimit-Remaining-Second
X-Agile-Age
X-Rocket-Build-Number
X-Core-Mission
X-Req
X-CUA
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Origin-Expires
X-Distributor
X-Eu-Site
X-Origin-Date
X-Fastly-Cache
X-Owner
X-Distil-CS
X-Developers
X-Device-Os
X-Dispatch
X-Dispatcher-Server
X-Contensis-Viewer-Groups
X-Agile-Id
Pramga
On-Server
N-Cache
FNAC-ModuleRouting
Country-Code
RNT-Machine
Server-ID
Server-Cache-Control
HA-Ipaddr
CDCHOST
Memcached
Mail-Subject
Gh-Request-Id
Group
Ha-Gx-Prefs
Heartbleed
IsBot
Kp-EeAlive
Locid
Locale
L5d-Success-Class
Cache-Host
RNT-Time
We-Hiring
W
V-Age
Web-Mar-Node
Wxu-Next-Commit
X-Agile
Wxu-Next-Region
Wxu-Next-Hostname
Server-Surrogate-Control
X-Varnish-Beresp-Ttl
AKAMAI
Mime-Version
X-NC
X-Platform-Server
X-Hit
Adler-Geo
X-DevSite-Last-Modified
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-TA-CDN-Provider
X-Servername
HitType
X-We-Are-Hiring
Fastly-SIE
Fastly-Drupal-HTML
X-Epic-Correlation-Id
Fastly-SWR
X-Skip-Cache
X-Lb-Id
Countrycode
X-Variation
Cloudfront-Viewer-Country
X-Clientip
Platform
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Cache-Tags
Is-Eu
Cache-Cookie-Set-From
X-Node-Id
X-VHOST
X-RESPONSE-TIME
X-Response-By
X-VCT
Environment
X-Fmm-Version
X-Sucuri-ID
X-CLOUD-TRACE-CONTEXT
X-Scheme
X-BACKEND-TTL
X-Ratelimit-Remaining
Hostname
X-Refresh
X-App-Version
X-Parent-Response-Time
X-SN
X-Instart-Info
X-Pjax-Url
X-B3-Spanid
X-VCache
SD-X-WS
X-Varnish-URL
X-Origin-CC
X-Cdn-Forward
Cache
X-CDN-Forward
X-Origin-TTL
X-APP
X-MCACHE
Fastly-Backend-Name
X-Varnish-Ttl
X-Up
Proxy-Firewall
X-Edge
X-CSRF-Token
Origin
Vix-Hermes-Req-Id
X-Server-Time
X-Correlation-ID
M-TraceId
X-MSEdge-Flight
X-FPC
Geoip-City
Cdn-Host
X-Edge-Server
X-MSEdge-Features
Pragrma
Request-Time
Cdn-Request-Time
Geoip-Latitude
X-TT-LOGID
X-Cache-PHP
X-CSRF-TOKEN
CACHE
NM-Fastcgi-Cache
X-Wa
PICS-Label
X-Vdms-Path
GeoIp-Country-Code
CF-Cached-On
X-Wix-Viewer-Type
X-AK-Request-ID
X-Vcl-Version
X-Mid
Cdnsip
TTL
X-ECACHE
Cdncip
NtCoent-Length
X-Be
X-Cache-Host
Pagetype
Server-Ext
X-Ua
Sever-Int
Ohc-File-Size
X-ECache
X-SVT-ORM-RULES
X-HS-Status
Server-Hostname
X-SVT-ORM-VERSION
X-URL
X-Air-Hostname
X-NU-AKA-ACS-Version
Cdn
X-Newrelic-App-Data
X-Myra-Origin2
HostName
Resin-Trace
Magicmarker
X-Ratelimit-Limit
X-Method
X-Zone
X-Bc
Cteonnt-Length
X-Cache-Metadata
XServer
X-Worker
X-Via-PopV
X-Cache-Debug
RequestId
X-Via-PopH
Memory
X-ServedByHost
X-Pf-Uncompressing
Tcn
SRV
X-Dynatrace-Js-Agent
X-Protected-By
X-Request-Start
X-Servedbyhost
X-Referer
Ohc-Cache-HIT
X-Branch-Name
X-Envoy-Upstream-Healthchecked-Cluster
Release
X-TH-Server
X-ZONE
X-FORWARDED-FOR
X-BC
X-Oneagent-Js-Injection
X-Swift-Error
X-GEO
Dt-Cache-Category
X-Policy
IBM-Web2-Location
X-Azure-Ref-OriginShield
Load-Balancing
X-Unique-ID
X-DC
X-NGINX-Cache
X-Planisys-CDN-Rules
Dnion-Transfer-Encoding
X-Planisys-CDN-Cache
Server-Int
Lb
X-Planisys-CDN-TTL
X-Reqid
X-VCL-Version
X-Configured-By
Esi-Enabled
Powered-By
Pics-Label
X-Fastly-Country-Code
X-C-Key
X-Tb-Optimization-Total-Bytes-Saved
X-SRV
X-Cache-Id
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Ocache
X-Esi-Check
Ttl
X-AIR-PT
X-C-Zone
X-Ruxit-Js-Agent
X-WA
X-Gzip
X-COUNTRY
GeoIP-Country-Code
X-Datadome
Who
X-Node-ID
X-B3-SpanId
GeoIP-Latitude
GeoIP-City
Fastly-Soc-X-Request-Id
X-Via-Ucdn
Fastly-SSL
MIME-Version
X-VarnishDD-TTL
X-Country-IP
UCS
X-Fpc
X-Action
X-HostName
X-DW
X-Flog
X-Hello
X-DSS
X-DI
X-ABtesting
X-DB
Product
X-RPM
X-Powered-Y
X-SERVER-NAME
X-RAMCache
X-Svr
X-RSL
LB
FSS-Cache
X-RPS
X-PF-Uncompressing
Lfy
X-Varnish-Url
X-PJAX-URL
X-Fastly-Request-Id
X-Fastly-Backend-Reqs
Host-ID
X-Cache-Backend
X-WPE-Loopback-Upstream-Addr
X-Pinterest-Direct
FSS-Proxy
X-Via-CDN
X-Varnish-Beresp-TTL
ProcessTime
X-Render-Time
X-MID
X-SD-PageType
X-Server-IP
X-Amzn-Remapped-Connection
Sid
X-Amzn-Remapped-Date
X-Zalando-Child-Request-Id
X-User
X-BE
Amp-Access-Control-Allow-Source-Origin
Xet-Cookie
X-Flow-Id
X-Page-Impression-Id
X-LiteSpeed-Cache-Control
X-Agile-Brick-Ok
Requestid
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Token
X-UPSTREAM-Address
X-Apw-Access-Action
CF-IPCountry
CDN
X-Compress-Hint
X-Key
X-Internal-Host
X-Aicache-OS
X-Check-Cacheable
X-Beluga-Node
WZWS-RAY
L
X-Debug-Revision
X-Debug-Controller
SN
Cneonction
X-B3-Parentspanid
X-Beluga-Record
X-Beluga-Trace
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Cache-Status
X-Litespeed-Cache-Control
X-Sucuri-Id
C-Via
X-Tid
X-MiniProfiler-Ids
X-App
X-LB-ID
X-ElasticPress-Search
CloudFront-Viewer-Country
X-Dw-Trace-Id
DataCenter
X-Sucuri-Cache
X-Fastly-Cache-Hits
X-Request-Url
X-Nananana
X-Request-URL