Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
CF-Ray
P3P
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Ua-Compatible
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
P3p
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-Content-Security-Policy
X-CDN
X-Request-ID
X-Buckets
X-AspNetMvc-Version
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-AH-Environment
X-Turbo-Charged-By
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
Feature-Policy
X-Server-Powered-By
X-Pingback
Server-Timing
Request-Context
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Grace
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Server-Id
X-Rq
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Origin-Cache
X-Vhost
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
NEL
X-Response-Time
X-Dispatcher
X-WebKit-CSP
X-Ac
X-Cache-Lookup
X-Origin-Upstream-Status
Surrogate-Control
X-Readtime
X-Ruxit-JS-Agent
Request-Id
X-Dns-Prefetch-Control
Content-Location
X-Application-Context
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
X-DataDome
X-Cnection
X-Country
X-Mod-Pagespeed
X-Akam-SW-Version
X-Url
Edge-Control
Rating
X-Cloud-Trace-Context
X-Rack-Cache
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
X-Country-Code
X-DynaTrace
X-Varnish-TTL
X-ASPNET-VERSION
X-GitHub-Request-Id
Service-Worker-Allowed
Verso
Allow
X-Instart-Request-ID
Fusion-Deployment-Id
X-MS-InvokeApp
Content-MD5
X-D2id
X-Exp-Id
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
Accept-CH
X-Server-Name
SPRequestGuid
Pinterest-Generated-By
X-Cached
X-Powered-By-Plesk
X-Forwarded-Proto
X-Ttl
X-Trace
X-Navigation-Version
X-Vcache
TCN
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-Amz-Rid
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-ESI
Public-Key-Pins
X-Fastly-Request-ID
Nginx-Cache
Accept-CH-Lifetime
X-Vcap-Request-Id
X-Debug
X-MSEdge-Ref
X-VARITI-CCR
SPRequestDuration
Arr-Disable-Session-Affinity
SPIisLatency
Charset
MS-Author-Via
X-B3-TraceId
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
X-Px
Pagespeed
Display
Response
X-Middleton-Display
X-Middleton-Response
NR-ENABLED
X-Content-Type
Realpath
X-Sol
X-Client-IP
X-Ser
X-DynaTrace-JS-Agent
Edge-Cache-Tag
X-Fastcgi-Cache
Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Aspnetmvc-Version
S
Access-Control-Request-Method
X-Powered-CMS
X-Id
X-Grace
Front-End-Https
X-Pinterest-Rid
Pinterest-Version
X-Version
X-Hp-Webp
X-Jurisdiction
X-Upstream
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-Webkit-Csp
X-T
X-Hits
WPE-Backend
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Shield-Request-Id
X-Dw-Request-Base-Id
DynaTrace
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Node-Name
Fastcgi-Cache
Accept-Ch
ServerID
AR-CACHE
Ar-Sid
X-Server-ID
X-Cache-Hit
X-Forwarded-For
X-Recruiting
X-Correlation-Id
X-Mobile-URL
AMP-Access-Control-Allow-Source-Origin
X-FTR-Balancer
X-Goog-Metageneration
X-Goog-Generation
X-FTR-Realm
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-HS-Content-Id
Powered
X-HS-Hub-Id
Server-Node
X-HS-Cache-Config
X-Frontend
TP-Cache
PB-PID
PB-RID
X-XRDS-Location
TP-L2-Cache
X-Request-Processing-Time
X-FTR-Expires
X-Request-Received
X-Mobile-Rewrite
Arc-Version
X-DIS-Request-ID
Upgrade-Insecure-Requests
Refresh
Accept-Ch-Lifetime
X-HS-Combine-CSS
X-Ezoic-Cdn
X-Shard
X-SERVER
Alternate-Protocol
X-Amzn-Trace-Id
Server-Name
X-NWS-LOG-UUID
Host-Header
X-Geo-Country
X-Request-Handler-Origin-Region
X-Microsite
X-N
X-LB-Cache
X-Varnish-Age
X-Logged-In
Fastly-Restarts
X-Page-Id
X-FTR-Cache-Host
X-Rid
X-Akamai-Edgescape
X-F-Cache
X-User-Agent
X-B
Backend-Timing
X-ATS-Timestamp
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
X-Zen-Fury
X-Kinsta-Cache
X-TTL
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Healthy
X-Via-JSL
X-Varnish-Grace
X-Cache-Key
X-Origin-Server
Host
X-XRDS-LOCATION
X-Revision
X-Request-Guid
X-Instance
X-App-Environment
Fastcgi-Useragent
X-Jobs
X-Tumblr-User
X-Tumblr-Pixel
X-Signature
X-Tumblr-Pixel-0
X-Git-Hash
Paypal-Debug-Id
X-ATG-Version
X-B-Cache
X-Hostname
Actual-Object-TTL
X-FB-Debug
X-TT
X-Varnish-Backend
Section-Io-Cache
X-B3-Sampled
X-AOL-HN
X-Amz-Replication-Status
X-Whom
X-Type
Cache-Status
X-Debug-Info
X-Content-Options
X-Cache-Action
Frame-Options
X-Seen-By
X-WebKit-CSP-Report-Only
X-Cache-Age
Access-Control-Allow-Method
X-Cluster
X-FastCGI-Cache
Trailer
X-Cache-Rule
X-Cache-Operation
X-Contextid
X-Endurance-Cache-Level
X-Content-Powered-By
Source
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Liferay-Portal
X-Host-Name
X-Az
X-Activity-Id
X-AppVersion
Tracecode
X-Esi
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Daa-Tunnel
X-Amz-Apigw-Id
X-PHP-Backend
X-FireWall-Port
X-Amzn-Requestid
X-IPLB-Instance
X-Upgrade-Enabled
X-Framework
Accept-Charset
DC
X-WA-Info
From-Origin
Retry-After
X-Accel-Buffering
X-Response-Served-From
NGB
X-RateLimit-Remaining
X-ProcessESI
X-Presslabs-Stats
Srv
X-RemovedCookies
X-FW-Server
X-Rendered-As
X-FW-Hash
X-Mobile
X-FW-Type
X-FW-Static
X-UUID
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Surrogate-Key
X-FW-Serve
X-Is-Bot
X-Adobe-Loc
X-Cacheable-TTL
X-Environment-Context
X-Cached-By
X-Adobe-Content
X-L-Path
Payment
X-Region
X-Cache-NE
X-GeoIP
X-Varnish-Server
X-RequestSource
Eomportal-Instance
X-Handled-By
Filters
VIX-Pulpo-Upstream-Status
X-UA-Device-Type
VIX-Pulpo-Node
X-Wix-Request-Id
X-Time-Microsecs
X-Unique-Id
X-Origin-Response-Time
X-Varnish-Hostname
Xserver
X-APP-VERSION
X-Cache-TTL-Remaining
X-Proxy
X-NGENIX-Cache
X-Srv
X-Cache-Server
X-EdgeConnect-Cache-Status
Datacenter
X-Akamai-Transformed
X-Webkit-CSP
X-B3-Traceid
MS-CV
X-Cache-Control
X-Cache-Time
X-Backend-Name
Version
Filterid
Server-Info
Cache-Tv-Group
X-Status
X-TIME
X-Cache-2
X-Cache-Enabled
X-Mode
S-Cnection
X-Yottaa-Optimizations
X-CST
X-Yottaa-Metrics
X-Cache-Var
Webserver
X-Cache-Var-Map
Cache-Tags
X-ES-SERVER
Meta-Geo
X-Path-Route
X-IP
X-CCM
Azure-SlotName
Azure-Version
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-FW-Dynamic
S-Rt
X-TNCMS
Odigeo-Trace-Id
X-RN-RSRV
X-Rule
X-FC-Vary-Parameters
X-Loop
Ec-Rule-Version
X-Redis-Cache
X-Detected-As
X-Forwarded-Host
Akamai-GRN
TWC-Connection-Speed
TWC-Device-Class
ServedBy
X-Adobe-Source
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
OT-Force-Account-Verify
Origin-Edge-Control
DB-Nickname
Decoy-Debug-Key
Country
Cleartype
Cache-Hits
Decoy-Debug-Status
Decoy-Debug-TTL
Origin-Cache-Control
Now
X-Amzn-Remapped-Content-Length
X-ApacheServer
X-Debug-Cache
X-PERF
GEO-INFO
X-Pubstack
X-Proto
X-Origin-Hint
X-Origin
X-R9-Blue-Green-Version
X-Web-Node
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-TX-ID
X-Via-Fastly
X-NCache
X-Real-IP
X-Human
X-Hl-Ver
X-Hosted-By
X-Oss-Storage-Class
X-VWS-Id
X-Shopify-Stage
X-AWS-Id
X-Locale
X-Shopify-Generated-Cart-Token
X-ShardId
Content-Disposition
X-ShopId
Section-Origin-Responded
X-Vgn-Hpd-Reason
X-Alternate-Cache-Key
Section-Io-Origin-Status
X-Tb
Section-Io-Id
X-Sorting-Hat-PodId
NGX
Section-Io-Origin-Time-Seconds
Cache-Key
X-Akamai-Request-ID2
X-Sorting-Hat-ShopId
X-RCS-CacheZone
X-Oss-Object-Type
X-Cache-Status-Check
X-Oss-Request-Id
X-Generated
X-Oss-Hash-Crc64ecma
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Backend-TTL
X-LJ-Flow-ID
X-NYM-Debug-Backend
X-Cache-Config
X-BYPASS-REASON
X-EIG-Tracking-Id
X-ServerID
X-Site-Version
X-Oss-Server-Time
X-ProxyCache-Status
Access-Control-Request-Headers
X-Proxy-Cache-Status
X-ProxyCache-Key
X-Device-Type
X-Section
X-SaId
X-Access
X-Www-Served-By
X-Proxy-Build
X-FB-TRIP-ID
X-Proxied
X-Content-Age
X-MP-GENERATED-AT
X-JoinUs
X-Request-Time
X-Xfnlog-Site
X-Zipkin-Id
X-Timing-Wait
X-Format
X-Viewer-Country
X-BCube-Filmed-By
X-Routing-Service
X-Soup
Mn-Server-Ip
X-PressLabs-Stats
Cross-Origin-Window-Policy
Selected-Fe
X-HTML-Minification-Powered-By
X-Ua-Device
X-Cache-Remote
X-Cache-NGX
Node
X-Microcachable
X-No-Session
X-Cdn
X-Varnish-Hits
X-NewRelic-App-Data
X-Geo
X-Generated-By
X-Akamai-Request-ID
X-EC-Lua
FilterID
X-Amzn-RequestId
X-IPS-LoggedIn
X-Pad
X-Drupal-Cache-Tags
Cf-Ipcountry
Accept-Language
Nel
X-CF-Powered-By
X-NC
Time
X-From
X-NWS-UUID-VERIFY
X-Azure-Ref
X-RateLimit-Limit
Ms-Operation-Id
X-RTag
X-Dc
X-Old-Content-Length
X-Uri
X-Source
Uber-Trace-Id
X-VCT
User-Agent
X-OCL
X-PHP-Host
X-Cache-Grace
X-CS
Cache-Name
X-PCL
X-Labrador-Cache-Channel
X-Pinterest-Direct
X-Qloud-Router
X-Varnish-Cache-Hits
X-GoCache-CacheStatus
X-Nginx-Cache
Cache
Proxy-Connection
X-Hyper-Cache
X-Newrelic-Synthetics
X-MCACHE
X-Edge
X-CDN-Forward
X-Edge-Location
X-ECACHE
X-Drupal-Cache-Contexts
X-SS-Set-Cookie
X-Time
X-App-Server
X-CACHE-KEY
X-Info
X-Aed
X-Application
X-G
X-FW-Version
Fastcgi-X-Cache-Version
Meta-Geo-Continent
X-Accel-Expires-Debug
Machine
X-B-Cookie
X-ARC
X-External-Request-Id
X-A-Dcw
Xc-Version
X-GeoIP-Country-Code
X-A-Wwc
X-A-Dgt
MD5-Digest
X-Cdn-Srv
X-CF-Lambda-Fn
X-Magnolia-Registration
AsisCache
Arc-Country
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-CF-Lambda-Version
BehaviorPad-Version
X-Date
X-Destination
X-Developer
X-D
X-Cache-Bucket
X-Connection-Hash
Memcached
X-DPWN-IS-SECURE
X-Vtex-Remote-Cache
X-S-Cookie
X-ScT
GEO-REGION-INFO
True-Client-Country-4JS
X-S
X-Rojux
X-Request-URI
X-Request-UUID
X-Rewrite-Enabled
Mobile-Detection-Method
X-VG-WebServer
X-VG-WebCache
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
Request-EU
ServerName
X-SRCache-Key
X-Session-Fingerprint
Request-Country
T-Server
Apple-News-Services-Parsed-Url
X-Rocket-Nginx-Bypass
X-A
X-A-Ccd
X-Processor
Rendered-Blocks
VivaBuild
X-PAYTM-SRV-ID
X-Vdms-Version
X-A-Dam
X-Vtex-Processado-Em
Viewtype
X-Reboot
X-Region-Sid
X-Storage
X-APP
User-Cache-Control
X-Cluster-Name
Server-Surrogate-Control
SD-X-WS
N-Cache
Rt-Fastcgi-Cache
Server-Cache-Control
Server-Host
Thinkindot-CacheControl-Type
X-Backend-State
X-BBXSRF
X-Block-Status
X-Cache-ASPX
X-Backend-Host
Viewport
Thinkindot-CacheControl
X-Cache-Expired-At
On-Server
X-Auto-Login
Web-Mar-Node
X-JWT-State
X-Sn-Servicetimems
X-Slack-Backend
X-Thinkindot-L3
X-TrackingId
X-Trafficlayer-App-Name
X-ServiceProvider
X-Servername
X-Micro-Cache
X-Request-Host
X-Served-From
X-Server-W
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
X-We-Are-Hiring
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-WADP-Cache
X-VServer
X-Tumblr-Pixel-3
X-Varnish-Authentication
X-VG-TLSProxy
X-Instart-Info
X-Matched-Rule
X-LI-UUID
X-Fastly-Cache
X-Fmm-Version
X-Gen-Mode
X-Generated-On
X-DevSite-Last-Modified
X-Core-Value
X-Cache-URL
X-Cdn-Origin
X-Clara-WADP
X-Contensis-Viewer-Groups
X-Geo-Header
X-GeoIP-City
X-Level-Front-Cache
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Is-Gdpr
X-Irp-Debug
X-Has-Esi
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Cache-Info
Thinkindot-Control
Content-Style-Type
Content-Script-Type
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
A
Cache-Cookie-Set-Lfrom
Gh-Request-Id
X-S-Maxage
X-UA
Geo-Info
X-Clientip
X-Cluster-Node
X-Rebelmouse-Surrogate-Control
X-CGP
X-Cms-Context
X-Sigma
X-Core-Mission
X-Sigma-Backend
X-RateLimit-Remaining-Second
X-UnsetCookies
X-Rebelmouse-Cache-Control
X-Req
X-Cache-FS-Status
X-Scheme
X-Rocket-Build-Number
X-Bc-Bl
X-RateLimit-Limit-Second
AKAMAI
CDCHOST
X-Cache-Tags
Adler-Geo
X-Bip
X-Proxy-Upstream
X-Ms-Version
X-Gamma-Serve
X-Nginx-Cache-Key
X-Fetched-On
X-Eu-Site
X-NodeID
X-Ms-Request-Id
X-Generated-In
X-LAGOON
X-Hash
Mail-Subject
X-Logging-Id
X-Generation-Time
X-NX-Host
X-Epic-Correlation-Id
X-Developers
X-Device-Os
X-Debug-Log
X-Debug-Cookies
X-SIPLIST1
X-Platform-Server
X-Owner
X-Dispatch
X-Origin-Expires
X-Origin-Date
X-Distributor
X-Distil-CS
X-Dispatcher-Server
X-CUA
Cache-Host
X-Urbn-Site-Id
X-WebServer
X-Var-Ttl
Kp-EeAlive
X-Urbn-Context-Path
V-Age
We-Hiring
W
Fastly-SWR
FNAC-ModuleRouting
X-Variation
IsBot
RNT-Time
Server-ID
HA-Ipaddr
Heartbleed
Ha-Gx-Prefs
RNT-Machine
X-VC-Cache
X-Skip-Cache
X-Varnish-Cacheable
Group
Is-Eu
X-TT-TIMESTAMP
L5d-Success-Class
X-Agile-Age
X-Agile
X-Thanos
Locale
X-Agile-Id
X-SN
Locid
X-App-Name
X-Swa-Ws
Wxu-Next-Commit
Country-Code
Fastly-SIE
Countrycode
Wxu-Next-Region
Fastly-Drupal-HTML
Proxy-Firewall
Platform
X-Trace-Id
Wxu-Next-Hostname
X-Mid
X-Varnish-Beresp-Status
X-Hit
X-OVcl
X-Varnish-Beresp-Grace
X-Sucuri-ID
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Response-By
CF-Cached-On
Vix-Hermes-Req-Id
X-Debug-Cache-Fetch
X-C
X-Instart-Isnd
X-OVcl-Cache
PFcat
X-Cache-PHP
X-CSRF-Token
X-Refresh
X-FORWARDED-FOR
X-RESPONSE-TIME
Request-Time
X-Varnish-Beresp-Ttl
X-Node-Id
X-URL
NM-Fastcgi-Cache
X-Vdms-Path
Mime-Version
X-CLOUD-TRACE-CONTEXT
X-Parent-Response-Time
X-Varnish-URL
Server-Ext
Powered-By-ChinaCache
Server-Hostname
M-TraceId
Sever-Int
X-B3-Spanid
X-DC
X-MSEdge-Features
Pagetype
X-MSEdge-Flight
X-Lb-Id
X-VCache
Pramga
Origin
X-Wa
HostName
X-ND-Cache
X-Method
X-Varnish-Ttl
X-Protected-By
Cloudfront-Viewer-Country
PICS-Label
X-Service
X-Nc
X-Ua
Magicmarker
X-Worker
X-SRV
HitType
X-FPC
X-Via-PopH
X-Via-PopV
X-Pjax-Url
X-TA-CDN-Provider
X-C-Key
X-C-Zone
X-Branch-Name
Environment
X-Request-Start
X-Envoy-Upstream-Healthchecked-Cluster
X-Ratelimit-Remaining
X-Load-Cache
X-App-Version
XServer
X-SERVER-NAME
Geoip-City
Geoip-Latitude
X-Policy
Memory
X-HS-Status
X-COUNTRY
X-Be
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Wix-Viewer-Type
X-Planisys-CDN-TTL
GeoIp-Country-Code
X-GEO
Fastly-Backend-Name
Esi-Enabled
X-Up
X-ECache
X-VCL-Version
NtCoent-Length
Dt-Cache-Category
X-Servedbyhost
Cteonnt-Length
X-CSRF-TOKEN
Ttl
X-BACKEND-TTL
X-Zone
Who
X-Myra-Origin2
X-Newrelic-App-Data
X-Origin-CC
X-Bc
X-Origin-TTL
X-Azure-Ref-OriginShield
Hostname
X-Server-Time
Pragrma
X-TT-LOGID
X-Referer
X-Litespeed-Cache
X-Via-Ucdn
X-Reqid
X-Cache-Metadata
Cdn
X-Edge-Server
TTL
UCS
X-Cache-Host
Resin-Trace
Cdn-Request-Time
X-Country-IP
Cdn-Host
X-Dynatrace-Js-Agent
X-Cdn-Forward
SRV
X-AK-Request-ID
X-Vcl-Version
Cdnsip
X-ZONE
Release
Cdncip
X-Oneagent-Js-Injection
X-BC
X-Fastly-Country-Code
X-Ratelimit-Limit
Lb
Load-Balancing
X-ServedByHost
X-Pf-Uncompressing
GeoIP-Country-Code
X-NU-AKA-ACS-Version
Product
X-NGINX-Cache
X-Correlation-ID
GeoIP-City
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
GeoIP-Latitude
CACHE
X-Swift-Error
X-Configured-By
Sid
X-Tec-Api-Version
X-Server-IP
X-Air-Hostname
X-Tec-Api-Root
X-AIR-PT
X-Tec-Api-Origin
LB
X-Edge-O15-RID
Ohc-File-Size
X-Ruxit-Js-Agent
FSS-Cache
X-Cache-Id
X-Gzip
X-Datadome
X-Node-ID
Dnion-Transfer-Encoding
X-Esi-Check
RequestId
C-Via
X-B3-SpanId
X-Fpc
X-Cache-Debug
Ohc-Cache-HIT
X-WPE-Loopback-Upstream-Addr
X-PJAX-URL
X-Tb-Optimization-Total-Bytes-Saved
X-TH-Server
X-BE
Warning
MIME-Version
Pics-Label
IBM-Web2-Location
X-WA
X-Powered-Y
X-UPSTREAM-Address
X-VarnishDD-TTL
X-Svr
X-Location
My-App
X-RAMCache
X-Fastly-Request-Id
X-Fastly-Backend-Reqs
X-Varnish-Beresp-TTL
X-Mvc-Supplant-Cachable
X-Sucuri-Cache
Lfy
X-Cache-Backend
X-Ocache
Server-Int
X-Varnish-Url
Fastly-SSL
Powered-By
X-Mvc-Supplant-OutputCached
X-Apw-Access-Object
X-Apw-Access-Action
X-SD-PageType
X-Apw-Hits
X-Apw-Access-Token
X-MID
X-ElasticPress-Query
Xet-Cookie
X-ElasticPress-Search
X-PF-Uncompressing
X-Zalando-Child-Request-Id
X-Agile-Brick-Ok
X-Flow-Id
X-Page-Impression-Id
X-Sucuri-Id
X-LiteSpeed-Cache-Control
Requestid
CF-IPCountry
X-Aicache-OS
X-B3-Parentspanid
X-Debug-Controller
X-User
CDN
Fastly-Soc-X-Request-Id
X-Debug-Revision
X-Nananana
Cneonction
X-Unique-ID
X-Check-Cacheable
ProcessTime
Processtime
URI
X-Cache-Tag
X-Compress-Hint
X-RPS
X-RPM
X-Dw-Trace-Id
X-MiniProfiler-Ids
X-LB-ID
CloudFront-Viewer-Country
X-RSL
X-DW
DataCenter
X-DB
X-Action
L
X-Fastly-Cache-Hits
X-Request-Url
X-DSS
X-DI
X-Request-URL