Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
X-FRAME-OPTIONS
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
Status
Upgrade
X-Ua-Compatible
X-CDN
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Pass-Why
X-Cache-Group
X-Server
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Request-ID
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
X-Varnish-Cache
Grace
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Server-Id
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
X-Cache-Lookup
NEL
X-Dispatcher
X-Ac
X-WebKit-CSP
X-Readtime
Surrogate-Control
X-Origin-Upstream-Status
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Country
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-DataDome
X-Akam-SW-Version
X-Url
Edge-Control
X-Rack-Cache
Rating
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-PC
X-Goog-Hash
X-TtlSet
X-Vname
X-Varnish-TTL
X-DynaTrace
X-Country-Code
Allow
X-Instart-Request-ID
X-ASPNET-VERSION
Content-MD5
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
X-ESI
X-Server-Name
Pinterest-Generated-By
X-D2id
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Use-Magma
X-MS-InvokeApp
X-Webkit-Csp
SPRequestGuid
Accept-Ch
X-Cached
X-Vcache
X-Powered-By-Plesk
X-Navigation-Version
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Debug
X-Abt-Application-Version
X-Amz-Rid
X-B3-TraceId
X-Fastly-Request-ID
Public-Key-Pins
X-Trace
X-MSEdge-Ref
X-SharePointHealthScore
Nginx-Cache
X-Vcap-Request-Id
X-VARITI-CCR
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Accept-Ch-Lifetime
MS-Author-Via
X-Server-ID
Charset
TCN
Arr-Disable-Session-Affinity
X-Px
Fusion-Deployment-Id
X-NF-Request-ID
X-Accel-Expires
X-Cache-TTL
Edge-Cache-Tag
SPRequestDuration
SPIisLatency
X-Middleton-Response
X-Middleton-Display
Pagespeed
Response
Display
Realpath
X-Content-Type
X-Fastcgi-Cache
X-Sol
X-Ser
X-Ttl
X-Client-IP
X-Version
Cache-Tag
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-DynaTrace-JS-Agent
X-Powered-CMS
Front-End-Https
X-Pinterest-Rid
Pinterest-Version
NR-ENABLED
AR-Request-ID
AR-ATIME
AR-PoweredBy
Access-Control-Request-Method
X-Id
X-Grace
X-Hp-Webp
X-Jurisdiction
X-Upstream
X-Mrf-Item-Lastmod
X-Forwarded-For
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Dns-Prefetch-Control
S
Accept-CH
X-T
X-Hits
X-Content-Digest
X-Amz-Meta-S3cmd-Attrs
X-Element-Page-Cache
DynaTrace
Ar-Sid
AR-CACHE
X-Dw-Request-Base-Id
X-TTL
Fastcgi-Cache
ServerID
X-Mobile-URL
X-Node-Name
Accept-CH-Lifetime
X-Cache-Hit
PB-PID
PB-RID
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-Goog-Stored-Content-Encoding
X-Shield-Request-Id
X-Recruiting
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-Amzn-Trace-Id
X-Goog-Generation
Server-Node
X-Mobile-Rewrite
Powered
Arc-Version
X-Frontend
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
TP-Cache
TP-L2-Cache
X-FTR-Expires
X-Ezoic-Cdn
X-Shard
AMP-Access-Control-Allow-Source-Origin
X-DIS-Request-ID
Upgrade-Insecure-Requests
X-NWS-LOG-UUID
X-XRDS-LOCATION
X-Request-Received
X-Request-Processing-Time
Fastly-Restarts
WPE-Backend
Alternate-Protocol
X-HS-Combine-CSS
Refresh
X-Logged-In
X-Varnish-Age
X-Microsite
X-Request-Handler-Origin-Region
Server-Name
X-Correlation-Id
X-FTR-Cache-Host
MicrosoftSharePointTeamServices
X-LB-Cache
X-F-Cache
X-B
X-Page-Id
X-Akamai-Edgescape
Backend-Timing
X-ATS-Timestamp
X-Rid
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Geo-Country
X-N
X-Via-JSL
Host
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Host-Header
X-Zen-Fury
Cache-Status
X-XRDS-Location
X-Origin-Server
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Content-Options
X-Varnish-Grace
X-Kinsta-Cache
X-Revision
X-B3-Sampled
X-TT
X-Amz-Apigw-Id
X-ATG-Version
X-AOL-HN
X-Type
X-Signature
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Request-Guid
X-FB-Debug
X-App-Environment
X-Amz-Replication-Status
X-B-Cache
X-Cache-Action
Paypal-Debug-Id
Actual-Object-TTL
X-Jobs
X-Instance
Access-Control-Allow-Method
Healthy
X-Varnish-Backend
X-Git-Hash
X-WebKit-CSP-Report-Only
X-Debug-Info
Fastcgi-Useragent
X-Whom
Frame-Options
Section-Io-Cache
X-Content-Powered-By
Liferay-Portal
X-Tt-Trace-Tag
X-Srv
X-Tt-Trace-Host
X-Cluster
X-Seen-By
X-Daa-Tunnel
X-Cache-Rule
X-Hostname
X-Cache-Operation
X-Activity-Id
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-AppVersion
X-Az
X-Cache-Age
X-Cached-By
X-PHP-Backend
X-Framework
X-Cache-Key
X-FireWall-Port
Tracecode
X-Endurance-Cache-Level
X-Contextid
X-FastCGI-Cache
X-Amzn-Requestid
X-WA-Info
X-Mobile
Retry-After
X-Host-Name
Source
Xserver
X-IPLB-Instance
X-Response-Served-From
NGB
X-Accel-Buffering
X-CST
X-Presslabs-Stats
X-Upgrade-Enabled
X-RemovedCookies
X-ProcessESI
Accept-Charset
Eomportal-Instance
Surrogate-Key
X-Rendered-As
X-RequestSource
DC
X-Region
X-Varnish-Hostname
X-Adobe-Content
X-Cache-NE
X-Tumblr-Pixel-2
X-GeoIP
X-Adobe-Loc
X-FW-Type
X-Tumblr-Pixel-1
X-FW-Server
Payment
X-FW-Serve
X-L-Path
X-FW-Static
X-FW-Hash
X-Is-Bot
X-Environment-Context
Filters
X-Varnish-Server
X-UUID
X-Cacheable-TTL
X-Handled-By
X-Origin-Response-Time
Srv
Trailer
X-UA-Device-Type
From-Origin
X-RateLimit-Remaining
X-EdgeConnect-Cache-Status
X-Cache-TTL-Remaining
X-Proxy
X-Backend-Name
Server-Info
X-Time-Microsecs
X-Cache-2
X-Wix-Request-Id
X-Cache-Server
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Cache-Tv-Group
MS-CV
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-APP-VERSION
X-Akamai-Transformed
X-NGENIX-Cache
Datacenter
X-Cache-Enabled
Version
X-Status
X-Dc
X-TIME
X-Mode
S-Cnection
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Var
X-IPS-LoggedIn
X-Path-Route
X-Unique-Id
X-ES-SERVER
X-Cache-Time
X-Cache-Var-Map
Meta-Geo
FilterID
X-CCM
X-B3-Traceid
X-Edge-O15-RID
X-RN-RSRV
X-Cache-Control
X-Pad
X-ApacheServer
X-R9-Blue-Green-Version
X-Cache-Status-Check
Decoy-Debug-TTL
X-Via-Fastly
Decoy-Debug-Key
X-TX-ID
GEO-INFO
Decoy-Debug-Status
X-Hl-Ver
Country
X-PERF
ServedBy
Cleartype
X-Forwarded-Host
Cache-Tags
DB-Nickname
Webserver
Akamai-GRN
TWC-GeoIP-LatLong
X-Redis-Cache
X-Debug-Cache
X-ServerID
X-AWS-Id
X-Pubstack
X-Akamai-Request-ID2
X-Alternate-Cache-Key
X-Proto
X-ShardId
X-ShopId
X-Varnish-Hits
X-Vgn-Hpd-Reason
X-EIG-Tracking-Id
X-Tb
X-Sorting-Hat-ShopId
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-Sorting-Hat-PodId
X-FC-Vary-Parameters
Webcakes-Region
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
Property-Id
OT-Force-Account-Verify
Now
X-VWS-Id
Origin-Edge-Control
X-Device-Type
TWC-Locale-Group
X-Origin
Webcakes-App-Version
X-Origin-Hint
X-LJ-Flow-ID
X-FW-Dynamic
TWC-Privacy
Webcakes-App-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
NGX
Origin-Cache-Control
X-IP
X-Human
X-Hosted-By
X-JoinUs
X-Locale
X-Proxied
X-NCache
X-Loop
X-Generated
X-Format
X-Amzn-Remapped-Content-Length
X-Access
Selected-Fe
X-BYPASS-REASON
X-Cache-Config
X-Detected-As
X-Content-Age
X-Proxy-Build
X-Proxy-Cache-Status
X-TNCMS
X-Timing-Wait
X-Soup
X-Web-Node
X-Www-Served-By
X-Zipkin-Id
X-Xfnlog-Site
X-Site-Version
X-Section
X-RCS-CacheZone
X-ProxyCache-Status
X-ProxyCache-Key
X-Routing-Service
X-SaId
X-SayCDN-TTL
X-Say-TTL
Mn-Server-Ip
X-Say-Cacheable
Azure-Version
Content-Disposition
Azure-InstanceId
Cross-Origin-Window-Policy
Azure-RegionName
Ec-Rule-Version
Azure-SlotName
Azure-SiteName
Cache-Key
Filterid
X-Akamai-Request-ID
X-FB-TRIP-ID
X-Ua-Device
X-MP-GENERATED-AT
X-NYM-Debug-Backend
X-Viewer-Country
S-Rt
Access-Control-Request-Headers
X-Generated-By
X-Cache-Remote
X-Request-Time
Section-Origin-Responded
X-PressLabs-Stats
X-BCube-Filmed-By
X-NewRelic-App-Data
X-Real-IP
Section-Io-Origin-Status
X-HTML-Minification-Powered-By
Section-Io-Origin-Time-Seconds
Section-Io-Id
Cache-Hits
Node
X-SS-Set-Cookie
X-Cdn
X-CACHE-KEY
X-Amzn-RequestId
X-Geo
X-Adobe-Source
X-EC-Lua
X-Drupal-Cache-Tags
X-No-Session
X-Rule
Odigeo-Trace-Id
Nel
X-Microcachable
Accept-Language
X-App-Server
X-Uri
X-NWS-UUID-VERIFY
X-Qloud-Router
X-PCL
Ms-Operation-Id
X-RTag
X-OCL
Cf-Ipcountry
X-Azure-Ref
X-From
Time
X-Source
X-Varnish-Cache-Hits
User-Agent
X-Esi
X-UA
X-Cache-NGX
X-CF-Powered-By
X-Hyper-Cache
X-RateLimit-Limit
X-PHP-Host
X-Info
X-Labrador-Cache-Channel
Proxy-Connection
X-Storage
X-Backend-TTL
X-Time
X-Nc
X-Old-Content-Length
X-Newrelic-Synthetics
X-GoCache-CacheStatus
X-Cluster-Node
Cache-Name
X-Cache-Grace
X-Nginx-Cache
X-Connection-Hash
X-Destination
X-G
Machine
X-Aed
AsisCache
BehaviorPad-Version
MD5-Digest
Content-Script-Type
Content-Style-Type
X-DPWN-IS-SECURE
GEO-REGION-INFO
X-Date
X-PAYTM-SRV-ID
Fastcgi-X-Cache-Version
X-D
X-External-Request-Id
X-Developer
X-Processor
X-OVcl
Request-EU
X-Drupal-Cache-Contexts
Uber-Trace-Id
Meta-Geo-Continent
Mobile-Detection-Method
X-CF-Lambda-Version
Rendered-Blocks
Request-Country
X-CF-Lambda-Fn
A
X-GeoIP-Country-Code
X-Cdn-Srv
X-OVcl-Cache
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Varnish-Beresp-Grace
Apple-News-Services-Handled
Apple-News-Services-Host
X-Varnish-Beresp-Status
Arc-Country
X-Accel-Expires-Debug
X-Vdms-Version
VivaBuild
Viewtype
X-ScT
X-S-Cookie
X-A-Dcw
X-Transaction
X-Load-Cache
X-Session-Fingerprint
X-VG-WebCache
Xc-Version
X-SRCache-Key
X-VG-WebServer
True-Client-Country-4JS
X-A-Dam
X-B-Cookie
X-Vtex-Processado-Em
X-A-Dgt
X-Vtex-Remote-Cache
X-ARC
X-Twitter-Response-Tags
X-Region-Sid
X-A-Ccd
X-Request-URI
X-Rewrite-Enabled
X-Request-UUID
ServerName
T-Server
X-Rojux
X-S
X-Trv-Group
X-A
X-Application
X-A-Wwc
X-CS
X-UnsetCookies
X-Cluster-Name
X-Magnolia-Registration
X-S-Maxage
Rt-Fastcgi-Cache
Powered-By-ChinaCache
X-Generated-On
X-Sn-Servicetimems
X-Core-Value
X-Trafficlayer-App-Version
X-Trafficlayer-App-Scope
X-Geo-Header
X-Thinkindot-L3
X-GeoIP-City
X-VG-TLSProxy
X-Trafficlayer-App-Name
Viewport
X-IN-APIGATEWAYSSL
X-ServiceProvider
X-Matched-Rule
X-Cdn-Origin
Thinkindot-CacheControl
X-Served-From
X-Rocket-Nginx-Bypass
Server-Host
X-Reboot
X-Edge-Location
X-Cache-Expired-At
Thinkindot-Control
PFcat
X-IN-APIGATEWAY
Thinkindot-CacheControl-Type
X-Level-Front-Cache
User-Cache-Control
Geo-Info
X-Backend-State
X-CUA
X-Debug-Cache-Store
X-Debug-Cookies
X-App-Name
X-Agile
X-Debug-Cache-Expiry
X-BBXSRF
X-Core-Mission
X-Agile-Age
X-Debug-Cache-Fetch
X-Bc-Bl
X-Cache-ASPX
X-Cache-FS-Status
X-Cache-Bucket
X-Cache-Info
X-Cache-URL
X-CGP
X-Clara-WADP
X-Backend-Host
X-Cms-Context
X-Bip
X-Auto-Login
X-Debug-Log
X-Block-Status
X-C
X-Contensis-Viewer-Groups
X-RateLimit-Remaining-Second
X-Sigma-Backend
X-Sigma
X-Server-W
X-SIPLIST1
X-Slack-Backend
X-Thanos
X-Swa-Ws
X-Rocket-Build-Number
X-Request-Host
X-Origin-Expires
X-Origin-Date
X-Owner
X-Proxy-Upstream
X-Req
X-RateLimit-Limit-Second
X-Trace-Id
X-TrackingId
X-WADP-Cache
X-VServer
X-WebServer
X-Webstats-RespID
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VC-Cache
X-Varnish-Cacheable
X-Tumblr-Pixel-3
X-TT-TIMESTAMP
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Varnish-Authentication
X-Var-Ttl
X-NX-Host
X-NodeID
X-Gamma-Serve
X-FW-Version
X-Gen-Mode
X-Generated-In
X-Has-Esi
X-Generation-Time
X-Fetched-On
X-Fastly-Cache
X-Dispatch
X-Device-Os
X-Dispatcher-Server
X-Distil-CS
X-Eu-Site
X-Distributor
X-Hash
X-Hnp-Log
X-Logging-Id
X-LI-UUID
X-Micro-Cache
X-Ms-Request-Id
X-Nginx-Cache-Key
X-Ms-Version
X-LI-Proto
X-Li-Pop
X-Irp-Debug
X-Instart-Isnd
X-Is-Gdpr
X-JWT-State
X-Li-Fabric
X-LAGOON
X-Developers
X-Agile-Id
Server-Cache-Control
RNT-Time
RNT-Machine
Locid
Locale
Kp-EeAlive
L5d-Success-Class
X-Varnish-Beresp-Ttl
Group
Mail-Subject
Country-Code
Memcached
On-Server
CDCHOST
Pramga
AKAMAI
Cache-Host
N-Cache
IsBot
Heartbleed
Gh-Request-Id
Server-ID
HA-Ipaddr
Wxu-Next-Hostname
Ha-Gx-Prefs
Wxu-Next-Region
Web-Mar-Node
Wxu-Next-Commit
Server-Surrogate-Control
FNAC-ModuleRouting
We-Hiring
V-Age
W
Mime-Version
Fastly-SWR
Fastly-Drupal-HTML
X-DevSite-Last-Modified
Fastly-SIE
X-Hit
X-Variation
X-Service
X-Servername
X-We-Are-Hiring
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Cloudfront-Viewer-Country
Countrycode
Adler-Geo
X-Lb-Id
X-Platform-Server
X-ND-Cache
X-Epic-Correlation-Id
X-Skip-Cache
Is-Eu
X-Cache-Tags
X-Clientip
Platform
X-NC
X-VCT
X-Node-Id
X-Response-By
X-Fmm-Version
X-TA-CDN-Provider
X-BACKEND-TTL
HitType
X-Sucuri-ID
X-VHOST
X-Refresh
X-RESPONSE-TIME
Environment
X-Scheme
X-Correlation-ID
X-CLOUD-TRACE-CONTEXT
X-Parent-Response-Time
X-Ratelimit-Remaining
Hostname
X-Cdn-Forward
X-Instart-Info
X-SN
SD-X-WS
Cache
X-B3-Spanid
X-Pjax-Url
X-App-Version
X-MCACHE
X-Edge
X-VCache
X-CSRF-Token
Proxy-Firewall
X-APP
X-Varnish-URL
X-CDN-Forward
X-Origin-CC
X-Origin-TTL
X-MSEdge-Features
X-MSEdge-Flight
Vix-Hermes-Req-Id
X-Up
Fastly-Backend-Name
Origin
X-Varnish-Ttl
Geoip-City
X-FPC
Geoip-Latitude
Request-Time
X-Server-Time
X-Cache-PHP
M-TraceId
GeoIp-Country-Code
X-Wa
X-TT-LOGID
TTL
X-Vdms-Path
X-Edge-Server
PICS-Label
Pragrma
Cdn-Request-Time
X-ECACHE
NM-Fastcgi-Cache
Cdn-Host
X-Be
X-CSRF-TOKEN
X-Mid
CF-Cached-On
CACHE
X-Vcl-Version
NtCoent-Length
Server-Hostname
Server-Ext
X-Wix-Viewer-Type
Pagetype
X-AK-Request-ID
Sever-Int
Cdnsip
X-HS-Status
Cdncip
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Ohc-File-Size
X-Ua
X-Cache-Host
X-ECache
Cdn
X-URL
HostName
X-Air-Hostname
X-Tec-Api-Origin
X-Method
X-Tec-Api-Root
X-Tec-Api-Version
X-Myra-Origin2
X-Newrelic-App-Data
X-NU-AKA-ACS-Version
SRV
Cteonnt-Length
X-Litespeed-Cache
X-Ratelimit-Limit
Resin-Trace
X-ServedByHost
X-Worker
Memory
X-ZONE
Magicmarker
X-BC
X-Via-PopH
X-Via-PopV
X-Protected-By
X-Cache-Metadata
X-GEO
X-Cache-Debug
X-Zone
X-Referer
RequestId
X-Envoy-Upstream-Healthchecked-Cluster
Tcn
X-Request-Start
X-Pf-Uncompressing
X-Branch-Name
X-Bc
X-Unique-ID
X-Dynatrace-Js-Agent
Release
X-Policy
Dt-Cache-Category
X-TH-Server
Ohc-Cache-HIT
X-Azure-Ref-OriginShield
X-FORWARDED-FOR
X-NGINX-Cache
X-Oneagent-Js-Injection
X-Servedbyhost
X-Swift-Error
X-Planisys-CDN-TTL
Load-Balancing
IBM-Web2-Location
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
XServer
X-DC
X-C-Key
X-C-Zone
Lb
Esi-Enabled
Server-Int
X-Reqid
Dnion-Transfer-Encoding
X-Esi-Check
X-Tb-Optimization-Total-Bytes-Saved
X-AIR-PT
X-Ocache
X-Cache-Id
Who
X-Configured-By
Pics-Label
X-Fastly-Country-Code
Powered-By
X-VCL-Version
X-Ruxit-Js-Agent
GeoIP-Country-Code
X-COUNTRY
X-Node-ID
X-Datadome
X-Via-Ucdn
X-Gzip
Ttl
X-WA
X-B3-SpanId
UCS
X-Country-IP
GeoIP-Latitude
X-VarnishDD-TTL
X-SRV
GeoIP-City
Fastly-Soc-X-Request-Id
X-Pinterest-Direct
MIME-Version
Fastly-SSL
FSS-Cache
X-Action
Product
X-Fpc
X-HostName
X-Flog
X-Powered-Y
X-Varnish-Url
X-PF-Uncompressing
X-RPS
X-RSL
X-SERVER-NAME
X-Svr
X-Hello
X-RPM
LB
X-DB
X-RAMCache
X-DSS
X-DI
X-ABtesting
X-DW
X-Fastly-Backend-Reqs
Lfy
X-PJAX-URL
Host-ID
X-Fastly-Request-Id
X-Cache-Backend
X-WPE-Loopback-Upstream-Addr
X-Render-Time
X-Amzn-Remapped-Connection
CF-IPCountry
Sid
FSS-Proxy
X-MID
X-Server-IP
X-Amzn-Remapped-Date
X-Via-CDN
X-Varnish-Beresp-TTL
X-SD-PageType
ProcessTime
Requestid
X-Zalando-Child-Request-Id
X-Agile-Brick-Ok
X-Flow-Id
Xet-Cookie
X-Page-Impression-Id
X-UPSTREAM-Address
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
Amp-Access-Control-Allow-Source-Origin
X-User
X-LiteSpeed-Cache-Control
X-ElasticPress-Search
X-Internal-Host
X-Beluga-Cache-Status
X-Aicache-OS
X-Key
X-Check-Cacheable
X-Beluga-Trace
X-Debug-Revision
WZWS-RAY
SN
C-Via
L
X-Compress-Hint
Cneonction
CDN
X-BE
X-Debug-Controller
X-Beluga-Record
X-Beluga-Node
X-Beluga-Response-Time
X-B3-Parentspanid
X-Beluga-Status
X-Litespeed-Cache-Control
X-Sucuri-Id
X-Fastly-Cache-Hits
DataCenter
X-Request-Url
X-Dw-Trace-Id
X-App
X-LB-ID
X-Sucuri-Cache
X-MiniProfiler-Ids
CloudFront-Viewer-Country
X-Nananana
X-Tid
X-Request-URL