Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
CF-RAY
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
P3P
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-Ua-Compatible
Timing-Allow-Origin
P3p
X-Iinfo
X-Template
X-Language
Status
X-Request-ID
Upgrade
X-Content-Security-Policy
X-CDN
X-AspNetMvc-Version
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
EagleId
Xkey
X-Page-Speed
Feature-Policy
X-Hacker
X-Server-Powered-By
Request-Context
X-Pingback
Server-Timing
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Report-To
Cf-Railgun
X-OneAgent-JS-Injection
X-Rq
X-Server-Id
X-Device
X-LiteSpeed-Cache
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
X-Node
X-Response-Time
X-Dispatcher
NEL
X-Ac
X-WebKit-CSP
X-Cache-Lookup
X-Origin-Upstream-Status
X-Dns-Prefetch-Control
Surrogate-Control
Request-Id
X-Readtime
X-Ruxit-JS-Agent
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
X-Application-Context
Content-Location
X-DataDome
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Rack-Cache
X-Url
X-Cloud-Trace-Context
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Fusion-Deployment-Id
X-Goog-Hash
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-Country-Code
X-ASPNET-VERSION
X-DynaTrace
Allow
Verso
X-GitHub-Request-Id
Service-Worker-Allowed
Accept-CH
X-Varnish-TTL
X-Instart-Request-ID
X-MS-InvokeApp
X-D2id
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
Content-MD5
X-Server-Name
SPRequestGuid
Accept-CH-Lifetime
Pinterest-Generated-By
X-Powered-By-Plesk
X-Forwarded-Proto
X-Cached
X-Trace
X-Navigation-Version
X-Amz-Server-Side-Encryption
TCN
X-Amz-Rid
X-SharePointHealthScore
X-Abt-Application-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Public-Key-Pins
X-Fastly-Request-ID
X-Vcap-Request-Id
Nginx-Cache
X-Debug
X-MSEdge-Ref
X-Vcache
X-DynaTrace-JS-Agent
SPRequestDuration
SPIisLatency
X-VARITI-CCR
Arr-Disable-Session-Affinity
Charset
X-Ttl
X-Accel-Expires
X-ESI
X-Cache-TTL
MS-Author-Via
NR-ENABLED
X-NF-Request-ID
Pagespeed
Display
X-Middleton-Response
Response
X-Middleton-Display
X-B3-TraceId
X-Sol
X-Px
X-Content-Type
Realpath
X-Client-IP
Cache-Tag
S
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-Ser
X-Id
WPE-Backend
Edge-Cache-Tag
X-Server-ID
X-Powered-CMS
X-Pinterest-Rid
Pinterest-Version
X-Grace
X-Webkit-Csp
Front-End-Https
X-Shield-Request-Id
X-Jurisdiction
X-Hp-Webp
X-T
X-Upstream
X-Hits
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-ATIME
X-Version
AR-Request-ID
X-Content-Digest
X-Fastcgi-Cache
X-Dw-Request-Base-Id
DynaTrace
X-Node-Name
X-Cache-Hit
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Fastcgi-Cache
X-Recruiting
ServerID
X-Correlation-Id
X-Mobile-URL
X-Goog-Metageneration
Ar-Sid
AR-CACHE
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend-Server
AMP-Access-Control-Allow-Source-Origin
X-FTR-Backend
X-Request-Received
X-Request-Processing-Time
X-HS-Content-Id
X-HS-Cache-Config
X-Frontend
X-HS-Hub-Id
Server-Node
TP-Cache
TP-L2-Cache
Powered
PB-RID
PB-PID
X-FTR-Expires
X-DIS-Request-ID
Upgrade-Insecure-Requests
X-Mobile-Rewrite
Arc-Version
X-Ezoic-Cdn
X-TTL
Refresh
X-Shard
X-Forwarded-For
X-HS-Combine-CSS
Host-Header
Alternate-Protocol
Accept-Ch
Server-Name
X-Geo-Country
X-XRDS-Location
X-Amzn-Trace-Id
X-N
X-Request-Handler-Origin-Region
X-Microsite
Fastly-Restarts
X-NWS-LOG-UUID
X-Akamai-Edgescape
X-LB-Cache
X-Rid
X-F-Cache
X-Page-Id
X-FastCGI-Cache
X-FTR-Cache-Host
X-B
X-User-Agent
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ATS-Timestamp
X-Logged-In
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Varnish-Age
X-Cache-Key
X-XRDS-LOCATION
Accept-Ch-Lifetime
X-Esi
MicrosoftSharePointTeamServices
X-Kinsta-Cache
X-Zen-Fury
Healthy
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Revision
X-Via-JSL
X-Jobs
X-Varnish-Grace
X-Origin-Server
X-Cache-Age
X-Request-Guid
Paypal-Debug-Id
X-Instance
Fastcgi-Useragent
X-Varnish-Backend
X-App-Environment
X-Tumblr-Pixel
X-Signature
X-Hostname
X-B-Cache
X-Tumblr-Pixel-0
X-Tumblr-User
X-Git-Hash
X-ATG-Version
X-Type
X-Seen-By
X-Amz-Replication-Status
X-TT
Actual-Object-TTL
X-FB-Debug
Host
Section-Io-Cache
X-AOL-HN
X-Amzn-Requestid
X-Cluster
X-B3-Sampled
X-Whom
X-Debug-Info
X-Cache-Action
X-WebKit-CSP-Report-Only
X-Presslabs-Stats
Frame-Options
Cache-Status
Access-Control-Allow-Method
X-Content-Options
X-Endurance-Cache-Level
X-Contextid
X-Cache-Operation
X-Cache-Rule
Trailer
Source
X-Content-Powered-By
X-Host-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-SERVER
Tracecode
Accept-Charset
X-APP-VERSION
X-AppVersion
X-Activity-Id
X-Az
DC
X-Upgrade-Enabled
Liferay-Portal
X-IPLB-Instance
X-FireWall-Port
X-Daa-Tunnel
X-Tt-Trace-Host
X-Tt-Trace-Tag
From-Origin
X-Amz-Apigw-Id
X-PHP-Backend
VIX-Pulpo-Node
X-Framework
X-WA-Info
X-Accel-Buffering
VIX-Pulpo-Upstream-Status
X-Response-Served-From
NGB
X-B3-Traceid
Retry-After
X-ProcessESI
X-RemovedCookies
X-FW-Server
Srv
X-FW-Serve
X-Is-Bot
Surrogate-Key
X-FW-Hash
X-Rendered-As
X-FW-Static
X-FW-Type
X-UUID
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Adobe-Loc
X-L-Path
X-GeoIP
X-Region
X-Environment-Context
X-Cacheable-TTL
X-Wix-Request-Id
X-Adobe-Content
Eomportal-Instance
Payment
X-Varnish-Server
X-Cache-NE
Filters
X-RequestSource
X-Time-Microsecs
X-RateLimit-Remaining
X-Mobile
X-Handled-By
X-Unique-Id
X-Proxy
X-UA-Device-Type
X-TIME
X-Cached-By
X-NGENIX-Cache
Nel
X-Origin-Response-Time
X-Varnish-Hostname
GEO-INFO
X-Cache-Control
Datacenter
X-Cache-TTL-Remaining
X-EdgeConnect-Cache-Status
X-Webkit-CSP
X-Cache-Server
X-Cache-Time
Xserver
X-Akamai-Transformed
X-CST
Filterid
MS-CV
X-Backend-Name
X-Litespeed-Cache
Version
X-Srv
X-Rule
Odigeo-Trace-Id
Cache-Tags
X-Status
X-Mode
S-Cnection
Cache-Tv-Group
X-Yottaa-Metrics
Server-Info
X-Yottaa-Optimizations
X-Cache-Var
X-Cache-Var-Map
X-Cache-2
X-FW-Dynamic
X-IP
X-CCM
X-ES-SERVER
X-Path-Route
Meta-Geo
X-Ua-Device
X-URL
X-Cache-Enabled
Azure-SiteName
Azure-Version
Azure-RegionName
Azure-SlotName
Azure-InstanceId
Webserver
Cross-Origin-Window-Policy
OT-Force-Account-Verify
DB-Nickname
S-Rt
X-Loop
X-MP-GENERATED-AT
X-Redis-Cache
X-RN-RSRV
X-FC-Vary-Parameters
X-TNCMS
X-Amzn-Remapped-Content-Length
X-Detected-As
Ec-Rule-Version
Country
TWC-Device-Class
TWC-Connection-Speed
ServedBy
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
Property-Id
Decoy-Debug-TTL
Cache-Hits
Akamai-GRN
Cleartype
Content-Disposition
Decoy-Debug-Status
Decoy-Debug-Key
Webcakes-App-Name
Webcakes-App-Version
X-NCache
X-Human
X-Hosted-By
X-Real-IP
X-Origin
X-R9-Blue-Green-Version
X-Origin-Hint
X-Forwarded-Host
X-Say-Cacheable
X-Adobe-Source
Webcakes-Region
X-Akamai-Request-ID2
X-Cache-NGX
X-Say-TTL
X-SayCDN-TTL
X-TX-ID
NGX
Origin-Edge-Control
X-Pinterest-Direct
X-ApacheServer
X-PERF
X-Via-Fastly
X-Pubstack
X-Web-Node
Origin-Cache-Control
X-Section
X-EIG-Tracking-Id
X-Locale
X-ServerID
X-LJ-Flow-ID
X-Sorting-Hat-ShopId
X-Site-Version
X-Device-Type
Now
X-Hl-Ver
Section-Origin-Responded
X-Format
X-Generated
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
Section-Io-Id
X-Access
X-VWS-Id
X-Alternate-Cache-Key
X-NYM-Debug-Backend
X-Cache-Status-Check
Cache-Key
X-AWS-Id
X-ShopId
Node
X-Sorting-Hat-PodId
X-Cache-Config
X-Shopify-Stage
X-RCS-CacheZone
X-No-Session
X-ShardId
X-BYPASS-REASON
X-BCube-Filmed-By
X-Proxied
X-Dc
X-Microcachable
X-Content-Age
X-HTML-Minification-Powered-By
X-ProxyCache-Key
X-Timing-Wait
X-FB-TRIP-ID
X-SaId
Selected-Fe
X-ProxyCache-Status
X-Viewer-Country
X-Vgn-Hpd-Reason
X-Proxy-Cache-Status
Access-Control-Request-Headers
X-Proxy-Build
X-Xfnlog-Site
Mn-Server-Ip
X-Routing-Service
X-JoinUs
X-Www-Served-By
X-Zipkin-Id
X-Shopify-Generated-Cart-Token
X-Debug-Cache
X-Tb
X-Proto
X-Cdn
X-Soup
X-Request-Time
X-Cache-Remote
X-Oss-Storage-Class
X-Backend-TTL
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-EC-Lua
Accept-Language
Cf-Ipcountry
X-Varnish-Hits
X-From
X-Akamai-Request-ID
X-Generated-By
Time
X-Drupal-Cache-Tags
X-COUNTRY
X-CF-Powered-By
FilterID
X-Pad
X-NewRelic-App-Data
X-Geo
X-Azure-Ref
X-IPS-LoggedIn
X-Old-Content-Length
X-VCache
Uber-Trace-Id
X-VCT
X-MCACHE
X-Edge
X-UA
X-NC
X-FORWARDED-FOR
X-Source
X-RTag
Ms-Operation-Id
X-Cache-Grace
X-CS
Cache-Name
X-RateLimit-Limit
X-Uri
User-Agent
X-NWS-UUID-VERIFY
X-GoCache-CacheStatus
X-APP
X-PHP-Host
X-Labrador-Cache-Channel
X-OCL
X-ECACHE
X-PCL
X-Amzn-RequestId
Cache
X-Mid
X-Qloud-Router
X-Magnolia-Registration
X-Varnish-Cache-Hits
X-Drupal-Cache-Contexts
Proxy-Connection
X-Edge-Location
X-FW-Version
X-Tumblr-Pixel-3
X-PressLabs-Stats
X-Nginx-Cache
AsisCache
BehaviorPad-Version
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Connection-Hash
X-Developer
User-Cache-Control
X-External-Request-Id
X-Newrelic-Synthetics
X-G
X-DPWN-IS-SECURE
X-CF-Lambda-Version
X-D
X-Date
X-Destination
Apple-News-Services-Handled
Fastcgi-X-Cache-Version
Machine
MD5-Digest
True-Client-Country-4JS
Viewtype
Vix-Hermes-Req-Id
VivaBuild
Memcached
Meta-Geo-Continent
Request-EU
Request-Country
ServerName
T-Server
Mobile-Detection-Method
X-A
X-A-Ccd
GEO-REGION-INFO
X-ARC
X-B-Cookie
X-Geo-Header
X-Cdn-Srv
X-Cache-Bucket
X-Application
X-Aed
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-CF-Lambda-Fn
Xc-Version
X-Processor
X-Transaction
X-Reboot
X-Region-Sid
X-SRCache-Key
X-Twitter-Response-Tags
X-PAYTM-SRV-ID
X-Vtex-Processado-Em
X-VG-WebServer
X-VG-WebCache
X-Vdms-Version
X-Session-Fingerprint
X-CDN-Forward
X-Oneagent-Js-Injection
X-Request-UUID
X-Hyper-Cache
X-Request-URI
Rendered-Blocks
X-Rewrite-Enabled
X-Rocket-Nginx-Bypass
X-ScT
X-S-Cookie
X-S
X-Rojux
X-Vtex-Remote-Cache
X-Trv-Group
X-Instart-Info
X-Has-Esi
X-Is-Gdpr
X-Info
X-GeoIP-Country-Code
X-JWT-State
X-S-Maxage
X-Sucuri-ID
X-Servername
X-Hnp-Log
X-Server-W
Web-Mar-Node
X-Fmm-Version
AKAMAI
X-Thinkindot-L3
X-Fastly-Cache
X-Sn-Servicetimems
X-Slack-Backend
X-ServiceProvider
X-Wikidot-Backend
Server-Host
Server-Surrogate-Control
X-Generation-Time
SD-X-WS
Rt-Fastcgi-Cache
X-We-Are-Hiring
X-Request-Host
X-Gen-Mode
Thinkindot-CacheControl
X-Auto-Login
X-Wikidot-Static-Cache
Thinkindot-Control
X-Gamma-Serve
Thinkindot-CacheControl-Type
X-Webstats-RespID
Viewport
X-Backend-Host
X-Varnish-Authentication
X-Micro-Cache
X-Contensis-Viewer-Groups
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Matched-Rule
X-LI-UUID
X-Core-Value
X-VG-TLSProxy
X-Developers
X-Served-From
X-LI-Proto
X-Li-Pop
X-WADP-Cache
X-Li-Fabric
X-VServer
X-Level-Front-Cache
X-Generated-On
X-Bc-Bl
X-Block-Status
X-Cache-ASPX
X-Trafficlayer-App-Name
X-BBXSRF
X-DevSite-Last-Modified
X-Backend-State
X-Trafficlayer-App-Scope
X-Cache-Info
X-Clara-WADP
X-Cms-Context
X-GeoIP-City
X-Trafficlayer-App-Version
X-Cache-URL
X-Cdn-Origin
X-TrackingId
Server-Cache-Control
Gh-Request-Id
Content-Style-Type
Heartbleed
Locale
N-Cache
Content-Script-Type
Cache-Cookie-Set-Lfrom
Countrycode
X-Cluster-Node
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
On-Server
X-UnsetCookies
X-Varnish-Ttl
X-Cluster-Name
X-Ms-Request-Id
X-Ms-Version
X-Epic-Correlation-Id
X-Owner
X-Fetched-On
X-NodeID
X-Dispatch
X-Hash
X-IN-APIGATEWAY
X-Bip
X-Cache-FS-Status
X-Distil-CS
X-Logging-Id
X-Dispatcher-Server
X-Trace-Id
Adler-Geo
Platform
X-Clientip
Cache-Host
X-Core-Mission
X-CUA
X-Skip-Cache
X-Device-Os
Proxy-Firewall
X-Swa-Ws
X-Thanos
X-IN-APIGATEWAYSSL
X-Agile-Id
X-Varnish-Cacheable
X-Variation
X-Rocket-Build-Number
X-VC-Cache
X-Req
X-Var-Ttl
X-TT-TIMESTAMP
X-SN
X-Storage
X-SIPLIST1
X-Sigma-Backend
X-Sigma
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Agile
X-LAGOON
X-Agile-Age
X-Irp-Debug
X-B3-Spanid
X-WebServer
X-Nginx-Cache-Key
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Platform-Server
X-Origin-Expires
X-Origin-Date
CDCHOST
X-Distributor
X-C
Country-Code
RNT-Time
Is-Eu
Wxu-Next-Region
X-Scheme
Group
RNT-Machine
Fastly-SIE
Fastly-SWR
Fastly-Drupal-HTML
FNAC-ModuleRouting
X-Vdms-Path
X-App-Name
Wxu-Next-Commit
Wxu-Next-Hostname
V-Age
IsBot
X-Cache-PHP
Locid
Kp-EeAlive
Mail-Subject
Server-ID
NM-Fastcgi-Cache
We-Hiring
W
X-Generated-In
X-CSRF-Token
X-Response-By
X-Varnish-Beresp-Grace
X-Proxy-Upstream
CF-Cached-On
Ha-Gx-Prefs
L5d-Success-Class
X-Varnish-Beresp-Status
X-Hit
HA-Ipaddr
A
X-Cache-Tags
X-Eu-Site
Request-Time
X-CGP
X-Refresh
Server-Ext
X-RESPONSE-TIME
Server-Hostname
X-SS-Set-Cookie
Sever-Int
X-Debug-Log
X-Debug-Cookies
X-App-Server
X-NX-Host
X-Cache-Expired-At
X-Varnish-Beresp-Ttl
X-Debug-Cache-Expiry
M-TraceId
X-OVcl-Cache
X-Debug-Cache-Store
Pagetype
X-Protected-By
X-Debug-Cache-Fetch
X-CLOUD-TRACE-CONTEXT
X-OVcl
X-Instart-Isnd
X-TA-CDN-Provider
HostName
X-Method
PFcat
X-FPC
X-Nc
X-Node-Id
X-Via-PopH
Magicmarker
X-Worker
Mime-Version
X-Via-PopV
X-Ratelimit-Remaining
X-SRV
X-Request-Start
Geoip-City
Origin
X-Envoy-Upstream-Healthchecked-Cluster
Geoip-Latitude
X-Varnish-URL
PICS-Label
X-Branch-Name
X-MSEdge-Features
X-Parent-Response-Time
X-MSEdge-Flight
X-GEO
X-Be
X-CACHE-KEY
XServer
GeoIp-Country-Code
X-Policy
Powered-By-ChinaCache
X-Wa
X-Ruxit-Js-Agent
X-Time
X-Planisys-CDN-TTL
X-Lb-Id
Pramga
X-Planisys-CDN-Rules
Memory
X-Planisys-CDN-Cache
Geo-Info
Cloudfront-Viewer-Country
Esi-Enabled
X-Service
X-ECache
X-SERVER-NAME
X-ND-Cache
X-C-Zone
X-C-Key
X-Load-Cache
X-BACKEND-TTL
Who
X-Pjax-Url
HitType
Cteonnt-Length
X-HS-Status
Environment
Dt-Cache-Category
X-Reqid
X-Via-Ucdn
X-Myra-Origin2
X-Wix-Viewer-Type
X-Newrelic-App-Data
X-Azure-Ref-OriginShield
X-Country-IP
X-Cdn-Forward
X-DC
X-CSRF-TOKEN
X-Zone
X-Bc
TTL
X-Referer
X-VCL-Version
X-Servedbyhost
X-Cache-Metadata
NtCoent-Length
X-Vcl-Version
UCS
X-Ratelimit-Limit
Product
Fastly-Backend-Name
X-ZONE
Ttl
X-BC
X-Up
X-Ua
SRV
X-NGINX-Cache
X-Cache-Host
X-Origin-TTL
X-ServedByHost
X-Origin-CC
X-Server-IP
Pragrma
Cdn
X-Fastly-Country-Code
X-Swift-Error
X-Pf-Uncompressing
X-TT-LOGID
X-Server-Time
X-Correlation-ID
Cdn-Host
FSS-Cache
Cdn-Request-Time
Resin-Trace
Hostname
X-Edge-Server
CACHE
Release
C-Via
X-Tec-Api-Version
Cdncip
Cdnsip
X-AK-Request-ID
X-Tec-Api-Root
X-PJAX-URL
X-AIR-PT
X-Tec-Api-Origin
X-App-Version
Lb
LB
Sid
X-Node-ID
Load-Balancing
X-SVT-ORM-RULES
X-NU-AKA-ACS-Version
X-SVT-ORM-VERSION
My-App
Warning
X-WPE-Loopback-Upstream-Addr
X-WA
X-Location
X-Cache-Backend
X-Configured-By
GeoIP-Country-Code
X-UPSTREAM-Address
MIME-Version
GeoIP-City
X-Sucuri-Cache
GeoIP-Latitude
Dnion-Transfer-Encoding
X-Air-Hostname
X-BE
Ohc-File-Size
X-LiteSpeed-Cache-Control
X-Varnish-Url
X-Svr
X-Powered-Y
X-Gzip
X-Esi-Check
X-Mvc-Supplant-Cachable
X-Cache-Id
X-Tb-Optimization-Total-Bytes-Saved
X-RAMCache
X-TH-Server
Ohc-Cache-HIT
X-Cache-Debug
Lfy
RequestId
X-Varnish-Beresp-TTL
X-Fastly-Request-Id
X-VarnishDD-TTL
X-Mvc-Supplant-OutputCached
X-Fastly-Backend-Reqs
Fastly-SSL
X-User
CDN
X-B3-Parentspanid
Processtime
IBM-Web2-Location
X-Apw-Access-Token
X-B3-SpanId
Pics-Label
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
X-Fpc
X-MID
Amp-Access-Control-Allow-Source-Origin
X-Amzn-Remapped-Date
Host-ID
X-ElasticPress-Query
Xet-Cookie
X-Amzn-Remapped-Connection
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-ElasticPress-Search
X-Flow-Id
Requestid
X-SD-PageType
X-Agile-Brick-Ok
CF-IPCountry
X-Check-Cacheable
Server-Int
X-Debug-Revision
X-Unique-ID
X-Debug-Controller
X-Via-NSCOPI
X-Envoy-Decorator-Operation
X-Ocache
Cneonction
X-Aicache-OS
X-Sucuri-Id
X-Action
X-Compress-Hint
X-DI
X-RPS
X-RSL
X-RPM
X-DW
X-LB-ID
X-DSS
X-DB
X-Edge-O15-RID
DataCenter
Powered-By
X-Request-Url
X-Fastly-Cache-Hits
X-Request-URL
URI
X-Dw-Trace-Id
X-MiniProfiler-Ids
X-Akamai-ERPolicy
CloudFront-Viewer-Country
X-Cache-Tag
X-Nananana
X-Akamai-ERRuleID