Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
Upgrade
X-Ua-Compatible
X-CDN
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Pass-Why
X-Cache-Group
X-Server
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Request-ID
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
X-Varnish-Cache
Grace
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Server-Id
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
EagleEye-TraceId
X-Backend-Server
X-Host
X-Node
X-Vhost
X-Response-Time
X-Cache-Lookup
X-Dispatcher
X-Ac
NEL
X-WebKit-CSP
X-Readtime
Surrogate-Control
X-Origin-Upstream-Status
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Country
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-DataDome
X-Akam-SW-Version
X-Url
X-Rack-Cache
Edge-Control
Rating
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-Vname
X-PC
X-Goog-Hash
X-TtlSet
X-DynaTrace
X-Country-Code
Allow
X-Instart-Request-ID
X-Varnish-TTL
X-ASPNET-VERSION
Content-MD5
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
X-ESI
X-Server-Name
Pinterest-Generated-By
X-D2id
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-Use-Magma
X-Exp-Id
X-GoogleNews-Bot
X-MS-InvokeApp
X-Webkit-Csp
SPRequestGuid
X-Cached
X-Vcache
X-Powered-By-Plesk
X-Navigation-Version
X-B3-TraceId
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Debug
X-Abt-Application-Version
X-Amz-Rid
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Accept-Ch
Public-Key-Pins
X-Fastly-Request-ID
X-MSEdge-Ref
X-Trace
X-SharePointHealthScore
Nginx-Cache
X-Vcap-Request-Id
X-VARITI-CCR
MS-Author-Via
Charset
X-Server-ID
TCN
Arr-Disable-Session-Affinity
X-Px
Fusion-Deployment-Id
X-Ttl
X-NF-Request-ID
X-Fastcgi-Cache
X-Accel-Expires
X-Cache-TTL
Accept-Ch-Lifetime
Edge-Cache-Tag
SPIisLatency
SPRequestDuration
X-Middleton-Response
Realpath
Display
Response
Pagespeed
X-Middleton-Display
X-Content-Type
X-Sol
X-Ser
X-Version
X-Client-IP
Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-DynaTrace-JS-Agent
Accept-CH
X-Powered-CMS
Front-End-Https
X-Pinterest-Rid
Pinterest-Version
AR-ATIME
NR-ENABLED
AR-PoweredBy
AR-Request-ID
Access-Control-Request-Method
X-Id
X-Grace
X-Hp-Webp
X-Jurisdiction
X-Upstream
X-Forwarded-For
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Dns-Prefetch-Control
S
X-T
X-Content-Digest
X-Hits
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
DynaTrace
Ar-Sid
AR-CACHE
Accept-CH-Lifetime
X-Dw-Request-Base-Id
Fastcgi-Cache
ServerID
X-Node-Name
X-Mobile-URL
X-Cache-Hit
PB-RID
PB-PID
X-Country-Code-Real
X-FTR-Realm
X-TTL
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Recruiting
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Shield-Request-Id
X-Amzn-Trace-Id
X-Mobile-Rewrite
Arc-Version
Server-Node
Powered
X-HS-Cache-Config
X-Frontend
X-HS-Hub-Id
X-HS-Content-Id
TP-L2-Cache
TP-Cache
X-FTR-Expires
X-Shard
X-Ezoic-Cdn
X-Aspnet-Version
AMP-Access-Control-Allow-Source-Origin
X-DIS-Request-ID
Upgrade-Insecure-Requests
X-NWS-LOG-UUID
X-XRDS-LOCATION
X-Request-Received
WPE-Backend
Fastly-Restarts
X-Request-Processing-Time
Refresh
Alternate-Protocol
X-HS-Combine-CSS
X-Logged-In
X-Varnish-Age
X-Correlation-Id
X-Request-Handler-Origin-Region
X-Microsite
Server-Name
X-FTR-Cache-Host
X-Akamai-Edgescape
X-B
X-Page-Id
MicrosoftSharePointTeamServices
X-F-Cache
X-LB-Cache
X-ATS-Timestamp
X-User-Agent
Backend-Timing
X-Rid
X-Geo-Country
X-Content-Security-Policy-Report-Only
X-N
X-Via-JSL
Host
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Host-Header
X-Zen-Fury
Cache-Status
X-XRDS-Location
X-Origin-Server
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Content-Options
X-Varnish-Grace
X-Kinsta-Cache
X-B3-Sampled
X-Revision
X-Amz-Apigw-Id
X-AOL-HN
X-ATG-Version
X-TT
X-Type
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-FB-Debug
X-Signature
X-Request-Guid
X-Jobs
X-Instance
X-Cache-Action
X-B-Cache
X-App-Environment
Paypal-Debug-Id
X-Amz-Replication-Status
Actual-Object-TTL
X-Tumblr-User
Access-Control-Allow-Method
X-Git-Hash
X-Varnish-Backend
Healthy
X-WebKit-CSP-Report-Only
X-Debug-Info
Fastcgi-Useragent
X-Whom
X-Content-Powered-By
Section-Io-Cache
Frame-Options
Liferay-Portal
X-Srv
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cluster
X-Seen-By
X-Daa-Tunnel
X-Cache-Rule
X-Hostname
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Cache-Operation
X-AppVersion
X-Activity-Id
X-Az
X-Cache-Age
X-PHP-Backend
X-Cached-By
X-Framework
X-Cache-Key
X-FireWall-Port
X-Endurance-Cache-Level
Tracecode
X-Contextid
X-Amzn-Requestid
X-WA-Info
X-Mobile
Retry-After
Source
Xserver
X-Host-Name
X-IPLB-Instance
X-CST
X-Response-Served-From
NGB
X-Accel-Buffering
X-RemovedCookies
X-ProcessESI
X-Upgrade-Enabled
X-Presslabs-Stats
Srv
Accept-Charset
Surrogate-Key
Eomportal-Instance
X-Adobe-Content
X-Region
X-FW-Type
X-GeoIP
Filters
Payment
X-Adobe-Loc
X-Cache-NE
X-Varnish-Hostname
X-Tumblr-Pixel-1
DC
X-FW-Hash
X-FW-Server
X-Tumblr-Pixel-2
X-Rendered-As
X-RequestSource
X-L-Path
X-Environment-Context
X-Is-Bot
X-FW-Static
X-FW-Serve
X-Origin-Response-Time
X-Cacheable-TTL
X-Handled-By
X-Varnish-Server
X-UUID
X-FastCGI-Cache
Trailer
X-UA-Device-Type
From-Origin
X-EdgeConnect-Cache-Status
X-Cache-TTL-Remaining
X-Proxy
Server-Info
X-Cache-2
X-Backend-Name
X-Time-Microsecs
X-RateLimit-Remaining
X-Wix-Request-Id
X-Cache-Server
Cache-Tv-Group
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Nel
MS-CV
X-APP-VERSION
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Akamai-Transformed
X-NGENIX-Cache
X-Cache-Enabled
Version
Datacenter
X-Status
X-TIME
X-Dc
X-Mode
S-Cnection
X-Yottaa-Metrics
X-Yottaa-Optimizations
Filterid
X-IPS-LoggedIn
X-Path-Route
X-Cache-Time
X-Unique-Id
Meta-Geo
X-Edge-O15-RID
X-ES-SERVER
X-CCM
X-Cache-Var-Map
X-Cache-Var
X-Pad
X-RN-RSRV
X-Cache-Control
Cache-Tags
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-TX-ID
Country
Cleartype
ServedBy
X-R9-Blue-Green-Version
X-ApacheServer
X-PERF
X-Hl-Ver
X-Via-Fastly
X-Forwarded-Host
GEO-INFO
X-Cache-Status-Check
X-Vgn-Hpd-Reason
Akamai-GRN
X-Varnish-Hits
X-Device-Type
X-Tb
Webcakes-App-Version
X-Sorting-Hat-ShopId
X-Akamai-Request-ID2
Webcakes-Region
X-Alternate-Cache-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FW-Dynamic
X-AWS-Id
X-LJ-Flow-ID
X-Proto
X-VWS-Id
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-Shopify-Stage
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Debug-Cache
Property-Id
Now
Origin-Cache-Control
X-Pubstack
OT-Force-Account-Verify
TWC-Locale-Group
X-Origin-Hint
X-Origin
X-Shopify-Generated-Cart-Token
NGX
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Redis-Cache
TWC-Privacy
Webcakes-App-Name
X-ServerID
DB-Nickname
Origin-Edge-Control
X-Loop
Ec-Rule-Version
X-Locale
Mn-Server-Ip
X-JoinUs
X-NCache
X-Proxied
X-ProxyCache-Key
Cross-Origin-Window-Policy
X-Proxy-Cache-Status
X-Proxy-Build
X-IP
X-Human
Selected-Fe
X-BYPASS-REASON
X-Amzn-Remapped-Content-Length
X-Access
X-Cache-Config
X-Content-Age
X-Hosted-By
X-Generated
X-Format
X-Detected-As
Webserver
Content-Disposition
X-Soup
X-Site-Version
X-Section
X-ProxyCache-Status
X-Timing-Wait
X-TNCMS
X-Zipkin-Id
X-Xfnlog-Site
X-Www-Served-By
X-Web-Node
X-Say-TTL
X-SayCDN-TTL
X-SaId
Cache-Key
X-Routing-Service
X-RCS-CacheZone
X-Say-Cacheable
Azure-Version
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Akamai-Request-ID
X-Ua-Device
X-MP-GENERATED-AT
X-FB-TRIP-ID
X-Viewer-Country
X-NYM-Debug-Backend
S-Rt
X-Cache-Remote
Access-Control-Request-Headers
FilterID
X-Request-Time
X-Generated-By
Section-Io-Id
X-BCube-Filmed-By
Section-Io-Origin-Status
X-HTML-Minification-Powered-By
X-PressLabs-Stats
Section-Io-Origin-Time-Seconds
X-Geo
X-NewRelic-App-Data
X-Real-IP
Section-Origin-Responded
Node
Cache-Hits
X-CACHE-KEY
X-Cdn
X-SS-Set-Cookie
X-Amzn-RequestId
X-Adobe-Source
X-EC-Lua
X-B3-Traceid
X-Microcachable
Accept-Language
X-No-Session
X-Drupal-Cache-Tags
Odigeo-Trace-Id
X-Rule
X-App-Server
X-Uri
Cf-Ipcountry
X-NWS-UUID-VERIFY
Ms-Operation-Id
X-RTag
X-PCL
X-Qloud-Router
X-OCL
Time
X-Azure-Ref
X-Source
X-From
X-Varnish-Cache-Hits
User-Agent
X-Esi
X-UA
X-CF-Powered-By
X-Hyper-Cache
X-Cache-NGX
X-Nc
X-Info
X-PHP-Host
X-Labrador-Cache-Channel
Proxy-Connection
X-Time
X-Storage
X-RateLimit-Limit
X-Nginx-Cache
X-Old-Content-Length
X-GoCache-CacheStatus
X-Newrelic-Synthetics
X-Cache-Grace
Cache-Name
X-Cluster-Node
X-OVcl-Cache
T-Server
X-External-Request-Id
X-PAYTM-SRV-ID
True-Client-Country-4JS
X-Processor
X-DPWN-IS-SECURE
X-Aed
Xc-Version
X-Accel-Expires-Debug
X-Developer
GEO-REGION-INFO
X-Twitter-Response-Tags
X-Varnish-Beresp-Grace
ServerName
Fastcgi-X-Cache-Version
Apple-News-Services-Parsed-Url
X-Load-Cache
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Uber-Trace-Id
A
X-GeoIP-Country-Code
Arc-Country
AsisCache
X-Drupal-Cache-Contexts
X-Trv-Group
X-OVcl
X-G
Request-Country
BehaviorPad-Version
Content-Script-Type
Content-Style-Type
X-Varnish-Beresp-Status
Request-EU
Machine
X-Cdn-Srv
X-CF-Lambda-Fn
X-ScT
X-ARC
X-B-Cookie
X-A-Ccd
VivaBuild
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-A-Wwc
X-Connection-Hash
X-Backend-TTL
X-CF-Lambda-Version
X-Application
X-A
X-Vdms-Version
Mobile-Detection-Method
X-Session-Fingerprint
X-VG-WebServer
X-VG-WebCache
MD5-Digest
Meta-Geo-Continent
X-A-Dam
X-SRCache-Key
X-Rewrite-Enabled
Rendered-Blocks
X-Destination
X-A-Dcw
Viewtype
X-Request-URI
X-Request-UUID
X-A-Dgt
X-D
X-S-Cookie
X-S
X-Rojux
X-Date
X-Transaction
X-Region-Sid
X-Cluster-Name
X-CS
X-Magnolia-Registration
X-UnsetCookies
X-IN-APIGATEWAY
Server-Host
PFcat
X-S-Maxage
X-Cache-Expired-At
User-Cache-Control
X-Cdn-Origin
X-Core-Value
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Generated-On
X-Geo-Header
Thinkindot-CacheControl
X-GeoIP-City
Viewport
X-Reboot
X-Edge-Location
X-VG-TLSProxy
Powered-By-ChinaCache
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Rt-Fastcgi-Cache
X-Trafficlayer-App-Version
X-Level-Front-Cache
X-Thinkindot-L3
X-IN-APIGATEWAYSSL
X-Served-From
X-Matched-Rule
X-ServiceProvider
X-Rocket-Nginx-Bypass
X-Sn-Servicetimems
X-Varnish-Ttl
Geo-Info
X-Cache-URL
X-Swa-Ws
X-WebServer
X-Slack-Backend
X-Cache-Info
X-Cache-FS-Status
X-Trace-Id
X-WADP-Cache
X-Thanos
X-SIPLIST1
X-Sigma-Backend
X-Wikidot-Static-Cache
X-Agile
X-Clara-WADP
X-Agile-Age
X-Wikidot-Backend
X-CGP
X-Sigma
X-Webstats-RespID
X-VServer
X-Cache-Bucket
X-Backend-State
X-Tumblr-Pixel-3
X-TT-TIMESTAMP
X-Varnish-Cacheable
X-Backend-Host
X-Varnish-Authentication
X-Var-Ttl
X-Urbn-Site-Id
X-Urbn-Context-Path
X-App-Name
X-Cms-Context
X-Block-Status
X-C
X-Cache-ASPX
X-TrackingId
X-Bip
X-VC-Cache
X-BBXSRF
X-Bc-Bl
X-Auto-Login
X-Contensis-Viewer-Groups
X-Generation-Time
X-Nginx-Cache-Key
X-Ms-Version
X-Ms-Request-Id
X-Micro-Cache
X-Generated-In
X-Gen-Mode
X-Origin-Date
X-NX-Host
X-NodeID
X-Gamma-Serve
X-Logging-Id
X-LI-UUID
X-JWT-State
X-Hnp-Log
X-Is-Gdpr
X-Irp-Debug
X-Instart-Isnd
X-LAGOON
X-Hash
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-Has-Esi
X-FW-Version
X-Fetched-On
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Log
X-Req
X-RateLimit-Remaining-Second
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Core-Mission
X-CUA
X-Rocket-Build-Number
X-Request-Host
X-Developers
X-Device-Os
X-Eu-Site
X-Owner
X-Origin-Expires
X-Fastly-Cache
X-Proxy-Upstream
X-Distributor
X-Dispatch
X-RateLimit-Limit-Second
X-Dispatcher-Server
X-Distil-CS
X-Server-W
X-Agile-Id
RNT-Machine
Gh-Request-Id
Locale
RNT-Time
Server-Cache-Control
X-Varnish-Beresp-Ttl
L5d-Success-Class
Server-ID
Locid
AKAMAI
Memcached
On-Server
N-Cache
Country-Code
Mail-Subject
Pramga
Cache-Host
CDCHOST
Kp-EeAlive
IsBot
Heartbleed
Wxu-Next-Hostname
Wxu-Next-Commit
HA-Ipaddr
Ha-Gx-Prefs
Group
Wxu-Next-Region
Web-Mar-Node
We-Hiring
FNAC-ModuleRouting
X-BACKEND-TTL
V-Age
W
Server-Surrogate-Control
Mime-Version
Fastly-SIE
Fastly-SWR
X-Epic-Correlation-Id
X-DevSite-Last-Modified
X-Lb-Id
X-Variation
X-Service
X-Servername
X-We-Are-Hiring
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Cloudfront-Viewer-Country
Countrycode
Adler-Geo
X-Hit
X-Platform-Server
X-ND-Cache
Fastly-Drupal-HTML
X-Skip-Cache
Platform
X-Cache-Tags
Is-Eu
X-Clientip
X-VCT
X-Node-Id
X-TA-CDN-Provider
X-Fmm-Version
X-Ratelimit-Remaining
X-Response-By
HitType
X-Sucuri-ID
X-VHOST
X-Refresh
X-Scheme
X-RESPONSE-TIME
Environment
X-NC
X-Cdn-Forward
X-CLOUD-TRACE-CONTEXT
Hostname
X-Parent-Response-Time
SD-X-WS
X-Instart-Info
X-SN
X-B3-Spanid
X-Pjax-Url
Cache
X-Edge
X-App-Version
X-MCACHE
X-CSRF-Token
Proxy-Firewall
X-APP
X-VCache
X-Varnish-URL
X-Origin-TTL
X-Origin-CC
X-MSEdge-Features
Origin
X-Up
X-MSEdge-Flight
Vix-Hermes-Req-Id
Fastly-Backend-Name
X-Server-Time
X-CDN-Forward
Geoip-City
X-Correlation-ID
Geoip-Latitude
Request-Time
X-Cache-PHP
M-TraceId
X-FPC
Cdn-Host
Cdn-Request-Time
TTL
X-Vdms-Path
Pragrma
PICS-Label
X-TT-LOGID
NM-Fastcgi-Cache
X-Edge-Server
GeoIp-Country-Code
X-Mid
X-Be
CF-Cached-On
X-CSRF-TOKEN
CACHE
X-ECache
X-Wa
X-Vcl-Version
NtCoent-Length
Pagetype
X-ECACHE
X-Wix-Viewer-Type
X-AK-Request-ID
Server-Hostname
Server-Ext
Cdncip
X-HS-Status
Cdnsip
Sever-Int
X-Ua
X-Cache-Host
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Ohc-File-Size
Cdn
X-Ratelimit-Limit
X-URL
HostName
X-Method
X-NU-AKA-ACS-Version
X-Newrelic-App-Data
X-Myra-Origin2
X-Air-Hostname
Resin-Trace
Cteonnt-Length
X-Protected-By
X-ServedByHost
X-Worker
X-Litespeed-Cache
Magicmarker
X-ZONE
X-Via-PopH
X-BC
X-Via-PopV
Memory
X-Cache-Metadata
X-Zone
X-Request-Start
X-Branch-Name
X-Envoy-Upstream-Healthchecked-Cluster
X-Referer
X-Bc
RequestId
X-Cache-Debug
Tcn
X-Pf-Uncompressing
SRV
X-Unique-ID
X-Dynatrace-Js-Agent
X-Oneagent-Js-Injection
X-Servedbyhost
X-Policy
Dt-Cache-Category
X-Azure-Ref-OriginShield
Ohc-Cache-HIT
Release
X-TH-Server
X-FORWARDED-FOR
X-GEO
X-Swift-Error
Load-Balancing
IBM-Web2-Location
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-NGINX-Cache
XServer
X-C-Zone
X-C-Key
X-DC
Lb
X-Reqid
Dnion-Transfer-Encoding
Server-Int
Esi-Enabled
X-Ocache
X-Cache-Id
X-Esi-Check
Powered-By
X-AIR-PT
Who
X-Fastly-Country-Code
Pics-Label
X-VCL-Version
X-Tec-Api-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Configured-By
X-Tec-Api-Origin
X-Tec-Api-Root
X-WA
X-Ruxit-Js-Agent
Ttl
X-Gzip
X-Node-ID
X-Via-Ucdn
X-COUNTRY
X-Datadome
GeoIP-Country-Code
X-B3-SpanId
GeoIP-Latitude
X-SRV
X-Country-IP
UCS
Fastly-Soc-X-Request-Id
X-VarnishDD-TTL
GeoIP-City
MIME-Version
Fastly-SSL
X-Pinterest-Direct
FSS-Cache
Product
X-Fpc
X-Action
X-HostName
X-Svr
X-ABtesting
X-PF-Uncompressing
X-Powered-Y
X-DI
X-Varnish-Url
X-SERVER-NAME
X-RSL
X-RPS
X-DB
X-RPM
X-Hello
X-RAMCache
X-DW
LB
X-Flog
X-DSS
Host-ID
X-Fastly-Request-Id
X-PJAX-URL
Lfy
X-Fastly-Backend-Reqs
X-Cache-Backend
X-WPE-Loopback-Upstream-Addr
X-SD-PageType
ProcessTime
X-MID
X-Amzn-Remapped-Connection
X-Varnish-Beresp-TTL
FSS-Proxy
X-Amzn-Remapped-Date
X-Via-CDN
X-Server-IP
Sid
X-Render-Time
Amp-Access-Control-Allow-Source-Origin
X-User
X-Agile-Brick-Ok
X-UPSTREAM-Address
Requestid
X-Apw-Access-Action
X-Flow-Id
X-ElasticPress-Search
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-LiteSpeed-Cache-Control
Xet-Cookie
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
CF-IPCountry
X-Aicache-OS
X-Beluga-Cache-Status
X-BE
X-Beluga-Node
SN
X-Beluga-Trace
C-Via
Cneonction
X-Beluga-Record
WZWS-RAY
X-Beluga-Response-Time
X-Beluga-Status
L
X-Compress-Hint
X-Debug-Controller
X-Debug-Revision
X-B3-Parentspanid
X-Check-Cacheable
CDN
X-Key
X-Internal-Host
X-Sucuri-Id
X-Litespeed-Cache-Control
X-MiniProfiler-Ids
X-LB-ID
CloudFront-Viewer-Country
X-Nananana
X-App
X-Tid
X-Dw-Trace-Id
X-Sucuri-Cache
X-Fastly-Cache-Hits
X-Request-Url
DataCenter
X-Request-URL