Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
CF-RAY
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
P3P
X-Amz-Cf-Id
X-UA-Compatible
CF-Ray
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-Ua-Compatible
Timing-Allow-Origin
P3p
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-AspNetMvc-Version
X-Content-Security-Policy
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-AH-Environment
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Server-Powered-By
Feature-Policy
X-Pingback
Server-Timing
Request-Context
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-Server-Id
X-LiteSpeed-Cache
X-Rq
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
X-Vhost
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Response-Time
X-Dispatcher
X-Ac
NEL
X-Cache-Lookup
X-WebKit-CSP
X-Origin-Upstream-Status
X-Readtime
Surrogate-Control
Request-Id
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-HW
X-DataDome
X-Country
X-Cnection
X-Mod-Pagespeed
X-Dns-Prefetch-Control
X-Url
X-Akam-SW-Version
Edge-Control
Rating
X-Cloud-Trace-Context
X-Rack-Cache
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Vname
X-TtlSet
X-Goog-Hash
X-PC
X-FTR-Request-ID
X-Country-Code
X-ASPNET-VERSION
X-DynaTrace
X-Varnish-TTL
X-Instart-Request-ID
X-GitHub-Request-Id
Service-Worker-Allowed
Verso
Allow
Fusion-Deployment-Id
X-MS-InvokeApp
Content-MD5
X-D2id
Accept-CH
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Kinja
X-Server-Name
X-Ttl
SPRequestGuid
Pinterest-Generated-By
X-Cached
X-Powered-By-Plesk
X-Forwarded-Proto
X-Navigation-Version
X-Trace
X-ESI
X-Vcache
TCN
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
Accept-CH-Lifetime
X-Amz-Rid
X-SharePointHealthScore
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Fastly-Request-ID
Public-Key-Pins
Nginx-Cache
X-Debug
X-MSEdge-Ref
X-Vcap-Request-Id
X-VARITI-CCR
Arr-Disable-Session-Affinity
SPRequestDuration
SPIisLatency
Charset
MS-Author-Via
X-B3-TraceId
X-Accel-Expires
X-NF-Request-ID
X-Cache-TTL
X-Px
Response
X-Middleton-Display
Pagespeed
X-Middleton-Response
Display
X-Fastcgi-Cache
NR-ENABLED
X-Content-Type
Realpath
X-Ser
X-Sol
X-Client-IP
X-DynaTrace-JS-Agent
Edge-Cache-Tag
Cache-Tag
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
X-Powered-CMS
Access-Control-Request-Method
X-Id
X-Grace
Front-End-Https
X-Webkit-Csp
X-Version
Pinterest-Version
X-Pinterest-Rid
X-Hp-Webp
X-Jurisdiction
X-Upstream
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-T
X-Hits
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
WPE-Backend
X-Shield-Request-Id
X-Dw-Request-Base-Id
DynaTrace
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Forwarded-For
Fastcgi-Cache
X-Node-Name
X-Aspnet-Version
ServerID
AR-CACHE
Ar-Sid
X-Cache-Hit
X-Recruiting
X-Mobile-URL
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
Accept-Ch
X-FTR-Realm
X-Goog-Generation
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-Goog-Metageneration
X-FTR-Balancer
X-FTR-DC
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Powered
X-HS-Hub-Id
X-HS-Content-Id
Server-Node
X-HS-Cache-Config
PB-PID
PB-RID
X-Frontend
TP-L2-Cache
TP-Cache
X-Request-Processing-Time
X-Request-Received
X-FTR-Expires
Arc-Version
X-Mobile-Rewrite
X-DIS-Request-ID
Upgrade-Insecure-Requests
Refresh
X-Ezoic-Cdn
X-HS-Combine-CSS
X-Shard
Alternate-Protocol
X-NWS-LOG-UUID
X-Server-ID
X-XRDS-Location
X-Amzn-Trace-Id
Server-Name
Accept-Ch-Lifetime
X-Geo-Country
Host-Header
X-Request-Handler-Origin-Region
X-Microsite
X-N
X-Varnish-Age
X-Logged-In
X-F-Cache
X-Akamai-Edgescape
X-LB-Cache
X-FTR-Cache-Host
X-Rid
X-Page-Id
Fastly-Restarts
X-User-Agent
X-ATS-Timestamp
X-B
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
MicrosoftSharePointTeamServices
X-XRDS-LOCATION
Healthy
X-Zen-Fury
X-Kinsta-Cache
X-Via-JSL
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Origin-Server
X-Varnish-Grace
Host
X-Cache-Key
X-Request-Guid
Fastcgi-Useragent
X-App-Environment
X-Instance
Actual-Object-TTL
X-TTL
X-Jobs
Cache-Status
X-Git-Hash
Paypal-Debug-Id
X-Revision
X-Tumblr-Pixel-0
X-Signature
X-ATG-Version
X-Hostname
X-B-Cache
X-Tumblr-User
X-Tumblr-Pixel
X-Content-Options
X-FB-Debug
X-Amz-Replication-Status
X-AOL-HN
X-TT
X-B3-Sampled
X-Varnish-Backend
X-Whom
Section-Io-Cache
X-Type
X-Debug-Info
X-Cache-Action
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
Frame-Options
X-Cluster
X-Seen-By
Trailer
X-Cache-Age
X-Cache-Rule
X-Cache-Operation
Liferay-Portal
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Content-Powered-By
X-Endurance-Cache-Level
X-Contextid
X-FastCGI-Cache
Source
X-SERVER
X-AppVersion
X-Tt-Trace-Host
X-Az
X-Activity-Id
X-Host-Name
X-Tt-Trace-Tag
X-Daa-Tunnel
X-Amzn-Requestid
Tracecode
X-Amz-Apigw-Id
X-FireWall-Port
X-PHP-Backend
X-IPLB-Instance
X-Framework
X-Upgrade-Enabled
X-Presslabs-Stats
Accept-Charset
X-WA-Info
DC
Retry-After
From-Origin
X-Cached-By
X-Response-Served-From
NGB
X-Accel-Buffering
X-ProcessESI
X-RemovedCookies
X-Mobile
Xserver
X-Esi
X-FW-Hash
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-UUID
X-Rendered-As
X-FW-Type
X-FW-Serve
X-FW-Server
X-FW-Static
Surrogate-Key
X-Is-Bot
Srv
X-L-Path
X-Environment-Context
X-Cacheable-TTL
X-Adobe-Loc
X-Adobe-Content
Payment
X-Cache-NE
Eomportal-Instance
X-UA-Device-Type
X-RequestSource
X-Region
X-Varnish-Server
X-GeoIP
X-Handled-By
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Filters
X-Srv
X-Unique-Id
X-APP-VERSION
X-Time-Microsecs
X-Wix-Request-Id
X-Varnish-Hostname
X-RateLimit-Remaining
X-Origin-Response-Time
X-Cache-TTL-Remaining
X-Proxy
Nel
X-NGENIX-Cache
X-Webkit-CSP
X-Cache-Server
X-EdgeConnect-Cache-Status
X-B3-Traceid
Datacenter
X-Akamai-Transformed
X-Backend-Name
MS-CV
Filterid
X-Cache-Time
X-Cache-Control
Server-Info
X-TIME
Version
Cache-Tv-Group
X-Cache-2
X-Status
X-Mode
X-Cache-Enabled
S-Cnection
GEO-INFO
X-Yottaa-Metrics
X-Yottaa-Optimizations
Webserver
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
Meta-Geo
X-CCM
X-IP
X-Path-Route
X-Detected-As
X-NCache
X-TNCMS
X-FW-Dynamic
X-Loop
X-Redis-Cache
Ec-Rule-Version
X-FC-Vary-Parameters
Azure-Version
S-Rt
Azure-RegionName
X-RN-RSRV
Azure-SiteName
Azure-SlotName
Azure-InstanceId
OT-Force-Account-Verify
X-Forwarded-Host
DB-Nickname
Origin-Cache-Control
Property-Id
TWC-Connection-Speed
Decoy-Debug-Key
ServedBy
Decoy-Debug-Status
Origin-Edge-Control
Now
X-PERF
Cleartype
X-Proto
Cache-Tags
Akamai-GRN
Cache-Hits
X-Debug-Cache
Odigeo-Trace-Id
X-Origin-Hint
X-Origin
X-SayCDN-TTL
Country
X-Rule
X-Say-TTL
X-Hl-Ver
TWC-Device-Class
TWC-GeoIP-Country
X-Oss-Hash-Crc64ecma
TWC-GeoIP-LatLong
X-Oss-Server-Time
X-Oss-Request-Id
Webcakes-App-Name
X-Ua-Device
X-ApacheServer
TWC-Locale-Group
TWC-Privacy
X-Via-Fastly
X-Pubstack
X-TX-ID
X-Oss-Storage-Class
X-Oss-Object-Type
X-Human
X-Adobe-Source
Decoy-Debug-TTL
Webcakes-Region
X-Hosted-By
X-Real-IP
X-R9-Blue-Green-Version
Webcakes-App-Version
X-Say-Cacheable
X-Web-Node
X-Amzn-Remapped-Content-Length
Section-Io-Origin-Time-Seconds
Cache-Key
X-Site-Version
Section-Io-Id
Section-Origin-Responded
Content-Disposition
X-BYPASS-REASON
NGX
X-Alternate-Cache-Key
X-AWS-Id
Section-Io-Origin-Status
X-Akamai-Request-ID2
X-RCS-CacheZone
X-Sorting-Hat-ShopId
X-Soup
X-Tb
X-Sorting-Hat-PodId
X-NYM-Debug-Backend
X-ProxyCache-Status
Access-Control-Request-Headers
X-Proxy-Cache-Status
X-ServerID
X-ShardId
X-VWS-Id
X-Shopify-Stage
X-Vgn-Hpd-Reason
X-Shopify-Generated-Cart-Token
X-ShopId
X-Locale
X-ProxyCache-Key
X-Cache-Status-Check
X-Goog-Meta-Goog-Reserved-File-Mtime
X-EIG-Tracking-Id
X-LJ-Flow-ID
X-Generated
X-Cache-Config
X-Device-Type
X-Format
X-FB-TRIP-ID
X-Content-Age
X-Xfnlog-Site
X-Viewer-Country
X-Proxy-Build
X-Timing-Wait
X-JoinUs
X-Zipkin-Id
X-Routing-Service
X-MP-GENERATED-AT
X-BCube-Filmed-By
X-Section
X-SaId
X-Www-Served-By
X-Request-Time
X-Proxied
Mn-Server-Ip
Cross-Origin-Window-Policy
X-Access
X-HTML-Minification-Powered-By
Selected-Fe
X-Cache-Remote
X-Cache-NGX
X-CST
Node
X-Cdn
X-Geo
X-Microcachable
X-No-Session
X-Backend-TTL
X-PressLabs-Stats
X-Varnish-Hits
X-Akamai-Request-ID
X-NewRelic-App-Data
X-Generated-By
X-IPS-LoggedIn
X-Pad
X-EC-Lua
X-Drupal-Cache-Tags
Accept-Language
Cf-Ipcountry
FilterID
X-NWS-UUID-VERIFY
X-From
X-CF-Powered-By
Time
X-Amzn-RequestId
X-Azure-Ref
X-Dc
Ms-Operation-Id
X-RTag
X-Uri
X-NC
X-Old-Content-Length
X-Source
X-VCT
X-RateLimit-Limit
User-Agent
Uber-Trace-Id
X-PHP-Host
X-PCL
X-OCL
X-Labrador-Cache-Channel
Cache-Name
X-CS
X-Cache-Grace
X-Qloud-Router
X-Varnish-Cache-Hits
X-GoCache-CacheStatus
X-Newrelic-Synthetics
X-Nginx-Cache
Proxy-Connection
X-SS-Set-Cookie
X-CACHE-KEY
Cache
X-Hyper-Cache
X-Drupal-Cache-Contexts
X-MCACHE
X-Edge-Location
X-Edge
X-Info
X-App-Server
Xc-Version
X-A-Dcw
X-A-Dam
X-Cdn-Srv
Fastcgi-X-Cache-Version
X-CF-Lambda-Fn
VivaBuild
X-A
Viewtype
X-A-Dgt
Meta-Geo-Continent
X-A-Ccd
X-FW-Version
X-External-Request-Id
X-Cache-Bucket
GEO-REGION-INFO
X-DPWN-IS-SECURE
X-Developer
X-D
X-Date
X-Destination
X-G
X-CF-Lambda-Version
X-Application
X-Aed
X-Accel-Expires-Debug
X-GeoIP-Country-Code
X-ARC
X-B-Cookie
X-Connection-Hash
X-A-Wwc
X-Request-UUID
Request-Country
Rendered-Blocks
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-SRCache-Key
Request-EU
X-Vtex-Processado-Em
X-Session-Fingerprint
Apple-News-Services-Host
Machine
Mobile-Detection-Method
X-Twitter-Response-Tags
Memcached
X-Vdms-Version
X-VG-WebCache
MD5-Digest
X-Transaction
X-VG-WebServer
X-Trv-Group
Apple-News-Services-Handled
X-Vtex-Remote-Cache
BehaviorPad-Version
X-Request-URI
X-Rewrite-Enabled
X-Region-Sid
X-Reboot
Arc-Country
X-PAYTM-SRV-ID
X-Processor
X-Rocket-Nginx-Bypass
X-Rojux
ServerName
A
AsisCache
T-Server
X-ScT
X-S
X-S-Cookie
X-Pinterest-Direct
True-Client-Country-4JS
X-Storage
X-UA
X-Cluster-Name
X-Magnolia-Registration
User-Cache-Control
X-Cache-Expired-At
Thinkindot-Control
Server-Cache-Control
Server-Host
Server-Surrogate-Control
SD-X-WS
Rt-Fastcgi-Cache
N-Cache
On-Server
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Backend-State
X-BBXSRF
X-Block-Status
X-Backend-Host
X-Auto-Login
Viewport
Web-Mar-Node
X-Cache-ASPX
X-Gen-Mode
X-Served-From
X-We-Are-Hiring
X-Server-W
X-Servername
X-Request-Host
X-Webstats-RespID
X-LI-Proto
X-LI-UUID
X-Matched-Rule
X-Micro-Cache
X-WADP-Cache
X-ServiceProvider
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
X-Tumblr-Pixel-3
X-Varnish-Authentication
X-Trafficlayer-App-Name
X-TrackingId
X-Slack-Backend
X-Sn-Servicetimems
X-VServer
X-Thinkindot-L3
X-Li-Pop
X-Li-Fabric
X-Fmm-Version
X-VG-TLSProxy
X-Generated-On
X-Geo-Header
X-Fastly-Cache
X-DevSite-Last-Modified
X-Cdn-Origin
X-Clara-WADP
X-Contensis-Viewer-Groups
X-Core-Value
X-GeoIP-City
X-Has-Esi
X-Instart-Info
X-Level-Front-Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-JWT-State
X-Is-Gdpr
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Irp-Debug
X-Cache-URL
X-Cache-Info
X-Varnish-Ttl
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Content-Script-Type
Gh-Request-Id
X-APP
Cache-Cookie-Set-Lfrom
Content-Style-Type
X-Time
X-CDN-Forward
X-S-Maxage
X-Clientip
X-CGP
X-Proxy-Upstream
X-Cluster-Node
X-Cms-Context
X-OVcl-Cache
X-Owner
X-Platform-Server
X-RateLimit-Limit-Second
CDCHOST
Mail-Subject
X-Bc-Bl
X-Rebelmouse-Surrogate-Control
X-Cache-FS-Status
X-Bip
X-Rebelmouse-Cache-Control
X-Core-Mission
Cache-Host
Adler-Geo
X-Cache-Tags
AKAMAI
X-RateLimit-Remaining-Second
X-CUA
X-Logging-Id
X-Epic-Correlation-Id
X-Ms-Request-Id
X-Distributor
X-Dispatcher-Server
X-Distil-CS
X-LAGOON
X-Eu-Site
X-Gamma-Serve
X-Generation-Time
X-Hash
X-Instart-Isnd
X-Sucuri-ID
X-Fetched-On
X-Dispatch
X-Ms-Version
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Origin-Date
X-Generated-In
X-Origin-Expires
X-Debug-Cookies
X-Debug-Log
X-Device-Os
X-Nginx-Cache-Key
X-Developers
X-NodeID
X-NX-Host
X-OVcl
X-Req
HA-Ipaddr
Ha-Gx-Prefs
X-Var-Ttl
Server-ID
Heartbleed
X-Urbn-Site-Id
Group
Fastly-SWR
V-Age
X-TT-TIMESTAMP
X-Urbn-Context-Path
X-Variation
Is-Eu
X-WebServer
L5d-Success-Class
Platform
X-ECACHE
Proxy-Firewall
Kp-EeAlive
X-VC-Cache
IsBot
RNT-Time
RNT-Machine
X-Varnish-Cacheable
X-Trace-Id
FNAC-ModuleRouting
X-Agile-Id
X-Skip-Cache
X-Agile-Age
X-Agile
Country-Code
X-SN
X-SIPLIST1
X-App-Name
X-Scheme
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
Locid
W
Countrycode
Locale
X-Thanos
We-Hiring
Wxu-Next-Hostname
Wxu-Next-Commit
X-Swa-Ws
Fastly-Drupal-HTML
Fastly-SIE
Wxu-Next-Region
X-Varnish-Beresp-Grace
Vix-Hermes-Req-Id
X-Hit
PFcat
X-Varnish-Beresp-Status
X-UnsetCookies
CF-Cached-On
Geo-Info
X-C
X-Mid
X-Response-By
X-CSRF-Token
X-RESPONSE-TIME
X-Cache-PHP
Request-Time
X-Refresh
X-CLOUD-TRACE-CONTEXT
X-Vdms-Path
NM-Fastcgi-Cache
X-Node-Id
X-Varnish-Beresp-Ttl
Mime-Version
X-B3-Spanid
Powered-By-ChinaCache
X-Nc
X-Lb-Id
M-TraceId
Sever-Int
Server-Ext
Server-Hostname
Pagetype
Pramga
X-VCache
X-Parent-Response-Time
X-Varnish-URL
PICS-Label
Cloudfront-Viewer-Country
X-FORWARDED-FOR
X-Service
X-MSEdge-Flight
X-Ratelimit-Remaining
X-ND-Cache
Origin
X-MSEdge-Features
HostName
X-DC
X-Wa
X-Pjax-Url
HitType
X-Method
X-FPC
X-TA-CDN-Provider
Environment
X-Protected-By
X-Via-PopH
Magicmarker
X-Worker
X-Via-PopV
X-Ua
X-Load-Cache
X-Be
X-ECache
Geoip-Latitude
X-Branch-Name
X-Envoy-Upstream-Healthchecked-Cluster
X-Request-Start
Geoip-City
X-SERVER-NAME
X-C-Zone
X-C-Key
X-HS-Status
X-Policy
GeoIp-Country-Code
X-Wix-Viewer-Type
X-SRV
Dt-Cache-Category
X-BACKEND-TTL
Memory
X-App-Version
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Fastly-Backend-Name
X-Up
X-Planisys-CDN-Rules
X-URL
X-Origin-CC
X-Origin-TTL
X-Azure-Ref-OriginShield
NtCoent-Length
Esi-Enabled
X-Newrelic-App-Data
X-Myra-Origin2
Hostname
X-GEO
Cteonnt-Length
X-Zone
X-TT-LOGID
X-Referer
Who
X-CSRF-TOKEN
X-Bc
Pragrma
X-Litespeed-Cache
X-VCL-Version
X-Reqid
X-Servedbyhost
X-Server-Time
X-Cdn-Forward
TTL
X-Cache-Metadata
X-Vcl-Version
XServer
Cdn-Host
X-Via-Ucdn
Ttl
Cdn-Request-Time
X-Edge-Server
X-Ratelimit-Limit
SRV
X-Dynatrace-Js-Agent
X-BC
X-ZONE
X-Cache-Host
Cdn
Cdnsip
X-Fastly-Country-Code
Release
X-AK-Request-ID
Cdncip
UCS
X-ServedByHost
X-Country-IP
X-Oneagent-Js-Injection
Lb
Resin-Trace
X-NU-AKA-ACS-Version
Product
Load-Balancing
X-Pf-Uncompressing
X-NGINX-Cache
X-SVT-ORM-RULES
GeoIP-Country-Code
X-SVT-ORM-VERSION
X-Correlation-ID
X-Swift-Error
CACHE
X-Configured-By
X-Tec-Api-Root
X-AIR-PT
X-Tec-Api-Origin
X-Air-Hostname
GeoIP-Latitude
GeoIP-City
X-Tec-Api-Version
Ohc-File-Size
X-Edge-O15-RID
X-Ruxit-Js-Agent
Sid
X-Node-ID
X-COUNTRY
X-Datadome
X-Server-IP
X-Gzip
X-Esi-Check
Dnion-Transfer-Encoding
LB
X-Cache-Id
X-WPE-Loopback-Upstream-Addr
X-TH-Server
Ohc-Cache-HIT
X-WA
Warning
FSS-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Debug
RequestId
MIME-Version
X-Fpc
Pics-Label
C-Via
X-BE
X-B3-SpanId
X-PJAX-URL
IBM-Web2-Location
X-RAMCache
X-Varnish-Url
X-Powered-Y
X-VarnishDD-TTL
X-Svr
X-Fastly-Request-Id
Lfy
X-Ocache
X-Varnish-Beresp-TTL
X-Location
Server-Int
My-App
X-Fastly-Backend-Reqs
X-Apw-Access-Token
X-Mvc-Supplant-Cachable
Powered-By
X-Apw-Access-Action
X-UPSTREAM-Address
X-SD-PageType
X-Apw-Hits
X-Sucuri-Cache
X-Apw-Access-Object
X-MID
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-PF-Uncompressing
Cneonction
X-Mvc-Supplant-OutputCached
X-Cache-Backend
X-ElasticPress-Query
X-LiteSpeed-Cache-Control
X-ElasticPress-Search
Requestid
X-Agile-Brick-Ok
Xet-Cookie
X-Flow-Id
CF-IPCountry
X-Debug-Controller
Fastly-SSL
CDN
X-Unique-ID
X-Nananana
Fastly-Soc-X-Request-Id
X-Debug-Revision
X-B3-Parentspanid
X-Check-Cacheable
X-Aicache-OS
X-Sucuri-Id
Processtime
X-Cache-Tag
L
X-RPS
X-Action
X-RSL
X-RPM
URI
CloudFront-Viewer-Country
X-DW
X-Dw-Trace-Id
DataCenter
X-Request-URL
X-Request-Url
X-DSS
X-DI
X-DB
X-Fastly-Cache-Hits
X-LB-ID
X-MiniProfiler-Ids
X-Compress-Hint