Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
CF-RAY
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
P3P
X-Amz-Cf-Id
X-Served-By
X-UA-Compatible
CF-Ray
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Ua-Compatible
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
P3p
X-Iinfo
X-Template
X-Language
Status
X-Request-ID
Upgrade
X-Content-Security-Policy
X-CDN
X-AspNetMvc-Version
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
EagleId
Xkey
X-Page-Speed
Feature-Policy
X-Hacker
X-Server-Powered-By
Request-Context
X-Pingback
Server-Timing
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Report-To
Cf-Railgun
X-OneAgent-JS-Injection
X-Rq
X-Server-Id
X-Device
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-LiteSpeed-Cache
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
X-Node
X-Response-Time
X-Dispatcher
NEL
X-Ac
X-WebKit-CSP
X-Cache-Lookup
X-Origin-Upstream-Status
X-Dns-Prefetch-Control
Surrogate-Control
X-Readtime
Request-Id
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-DataDome
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Rack-Cache
X-Cloud-Trace-Context
X-Clacks-Overhead
RTSS
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Goog-Hash
X-Vname
Fusion-Deployment-Id
X-FTR-Request-ID
X-TtlSet
X-PC
X-Country-Code
X-ASPNET-VERSION
X-DynaTrace
Allow
X-Varnish-TTL
Verso
X-GitHub-Request-Id
Service-Worker-Allowed
X-Instart-Request-ID
X-MS-InvokeApp
Accept-CH
X-D2id
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Kinja-Build
Content-MD5
X-Server-Name
Pinterest-Generated-By
SPRequestGuid
X-Forwarded-Proto
X-Cached
X-Powered-By-Plesk
X-Trace
X-Navigation-Version
TCN
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
Accept-CH-Lifetime
X-Amz-Rid
X-SharePointHealthScore
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Public-Key-Pins
X-Fastly-Request-ID
X-Vcap-Request-Id
Nginx-Cache
X-MSEdge-Ref
X-Debug
X-Vcache
X-VARITI-CCR
Arr-Disable-Session-Affinity
SPRequestDuration
X-DynaTrace-JS-Agent
SPIisLatency
Charset
X-Ttl
X-B3-TraceId
X-Cache-TTL
X-Accel-Expires
X-ESI
MS-Author-Via
NR-ENABLED
X-NF-Request-ID
X-Middleton-Response
Display
Response
X-Middleton-Display
Pagespeed
X-Sol
X-Px
X-Content-Type
Realpath
X-Client-IP
Cache-Tag
S
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-Ser
WPE-Backend
Edge-Cache-Tag
X-Server-ID
Pinterest-Version
X-Powered-CMS
X-Pinterest-Rid
X-Grace
X-Webkit-Csp
X-Id
Front-End-Https
X-Jurisdiction
X-Shield-Request-Id
X-Hp-Webp
X-Upstream
X-T
X-Hits
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Version
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Content-Digest
X-Fastcgi-Cache
X-Dw-Request-Base-Id
DynaTrace
X-Node-Name
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Cache-Hit
Fastcgi-Cache
ServerID
X-Recruiting
AMP-Access-Control-Allow-Source-Origin
X-Mobile-URL
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
Accept-Ch
X-FTR-Cache-Status
Ar-Sid
X-FTR-DC
AR-CACHE
X-FTR-Realm
X-Correlation-Id
X-HS-Hub-Id
X-Request-Received
X-HS-Content-Id
X-HS-Cache-Config
X-Request-Processing-Time
X-Frontend
Server-Node
Powered
TP-Cache
TP-L2-Cache
PB-RID
X-FTR-Expires
PB-PID
X-DIS-Request-ID
X-Mobile-Rewrite
Arc-Version
X-TTL
Upgrade-Insecure-Requests
X-Ezoic-Cdn
Refresh
X-Forwarded-For
X-Shard
X-HS-Combine-CSS
Alternate-Protocol
Host-Header
Server-Name
X-Geo-Country
X-XRDS-Location
Accept-Ch-Lifetime
X-Amzn-Trace-Id
X-N
X-Microsite
X-Request-Handler-Origin-Region
Fastly-Restarts
X-NWS-LOG-UUID
X-FastCGI-Cache
X-LB-Cache
X-Page-Id
X-F-Cache
X-Akamai-Edgescape
X-Rid
X-FTR-Cache-Host
X-B
X-Kong-Proxy-Latency
X-Logged-In
X-User-Agent
X-Kong-Upstream-Latency
X-ATS-Timestamp
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Varnish-Age
X-Aspnetmvc-Version
X-Cache-Key
X-XRDS-LOCATION
X-Esi
MicrosoftSharePointTeamServices
X-Kinsta-Cache
X-Zen-Fury
Healthy
X-Amzn-Requestid
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Revision
X-Via-JSL
X-Jobs
X-Varnish-Grace
X-Origin-Server
X-Request-Guid
X-Varnish-Backend
Fastcgi-Useragent
X-App-Environment
Paypal-Debug-Id
X-Instance
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Git-Hash
X-Signature
X-ATG-Version
X-B-Cache
X-Tumblr-User
X-Hostname
X-Type
X-Cluster
Actual-Object-TTL
X-FB-Debug
Host
X-Amz-Replication-Status
X-Seen-By
X-B3-Sampled
X-Debug-Info
X-Whom
Section-Io-Cache
Frame-Options
X-AOL-HN
X-Cache-Action
X-TT
X-Presslabs-Stats
X-WebKit-CSP-Report-Only
X-Cache-Age
Cache-Status
Access-Control-Allow-Method
X-Content-Options
X-Endurance-Cache-Level
X-Cache-Rule
X-Cache-Operation
X-Contextid
Trailer
Source
X-Host-Name
X-Content-Powered-By
X-SERVER
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Tracecode
X-Litespeed-Cache
Accept-Charset
X-APP-VERSION
X-Activity-Id
X-AppVersion
X-Az
DC
X-Upgrade-Enabled
X-FireWall-Port
X-IPLB-Instance
X-Daa-Tunnel
Liferay-Portal
X-Amz-Apigw-Id
X-PHP-Backend
From-Origin
X-Tt-Trace-Host
X-Tt-Trace-Tag
VIX-Pulpo-Upstream-Status
NGB
X-Response-Served-From
X-Accel-Buffering
X-Framework
VIX-Pulpo-Node
X-WA-Info
Retry-After
X-ProcessESI
X-RemovedCookies
X-RateLimit-Remaining
X-Rendered-As
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Is-Bot
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Type
X-Cacheable-TTL
X-L-Path
X-Environment-Context
X-GeoIP
Surrogate-Key
X-UUID
X-Region
X-Wix-Request-Id
X-Varnish-Server
X-Time-Microsecs
X-RequestSource
X-Cache-NE
Filters
Eomportal-Instance
Payment
X-Mobile
Srv
X-Adobe-Loc
X-Unique-Id
X-Handled-By
X-Adobe-Content
X-TIME
X-UA-Device-Type
X-Proxy
X-Cached-By
X-NGENIX-Cache
X-URL
X-Varnish-Hostname
Nel
X-Webkit-CSP
X-Cache-Control
Datacenter
X-EdgeConnect-Cache-Status
X-B3-Traceid
X-Cache-TTL-Remaining
X-Cache-Server
X-Origin-Response-Time
GEO-INFO
X-Cache-Time
Xserver
X-Akamai-Transformed
X-CST
Filterid
X-Backend-Name
MS-CV
Version
Odigeo-Trace-Id
X-Rule
X-Srv
Cache-Tags
X-Status
X-Mode
Cache-Tv-Group
S-Cnection
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Path-Route
X-Cache-Var
X-Ua-Device
X-CCM
X-ES-SERVER
X-Cache-2
X-Cache-Var-Map
X-IP
X-FW-Dynamic
Meta-Geo
Country
Azure-SlotName
Webserver
X-Amzn-Remapped-Content-Length
Cross-Origin-Window-Policy
S-Rt
DB-Nickname
X-Redis-Cache
X-FC-Vary-Parameters
X-RN-RSRV
X-Detected-As
X-TNCMS
OT-Force-Account-Verify
X-Cache-Enabled
Azure-RegionName
Azure-Version
Azure-SiteName
Server-Info
Azure-InstanceId
X-MP-GENERATED-AT
X-Loop
TWC-GeoIP-LatLong
Cache-Hits
Origin-Edge-Control
Decoy-Debug-Key
Decoy-Debug-Status
Ec-Rule-Version
Decoy-Debug-TTL
TWC-Connection-Speed
TWC-Locale-Group
TWC-GeoIP-Country
X-Adobe-Source
Cleartype
Akamai-GRN
Property-Id
X-Akamai-Request-ID2
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
X-Cache-NGX
Webcakes-App-Name
Content-Disposition
X-ApacheServer
X-PERF
Origin-Cache-Control
X-TX-ID
X-NCache
X-Origin-Hint
X-Origin
X-Web-Node
X-Say-Cacheable
X-Via-Fastly
TWC-Device-Class
X-SayCDN-TTL
X-Human
X-Pinterest-Direct
X-Real-IP
X-Hosted-By
X-Say-TTL
X-Pubstack
X-RCS-CacheZone
ServedBy
X-Access
X-Format
X-VWS-Id
X-R9-Blue-Green-Version
X-NYM-Debug-Backend
X-Site-Version
X-ServerID
Now
X-Section
NGX
Cache-Key
X-No-Session
X-AWS-Id
X-Device-Type
X-Cache-Status-Check
X-Hl-Ver
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Locale
X-Cache-Config
X-LJ-Flow-ID
X-Forwarded-Host
X-Timing-Wait
X-Proxy-Build
X-ProxyCache-Key
X-EIG-Tracking-Id
X-FB-TRIP-ID
X-Xfnlog-Site
X-ProxyCache-Status
X-Proxied
X-Proxy-Cache-Status
X-Shopify-Stage
X-JoinUs
X-Www-Served-By
X-ShopId
X-Zipkin-Id
X-Alternate-Cache-Key
X-SaId
X-Viewer-Country
X-BCube-Filmed-By
X-Routing-Service
X-Sorting-Hat-PodId
X-Vgn-Hpd-Reason
X-BYPASS-REASON
X-ShardId
X-Sorting-Hat-ShopId
Mn-Server-Ip
X-HTML-Minification-Powered-By
Access-Control-Request-Headers
Node
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
Selected-Fe
Section-Io-Origin-Time-Seconds
X-Debug-Cache
X-Dc
X-Content-Age
X-Backend-TTL
X-Cdn
X-Soup
X-Proto
X-Microcachable
X-Tb
X-Request-Time
X-Shopify-Generated-Cart-Token
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-EC-Lua
X-Cache-Remote
X-Varnish-Hits
Accept-Language
X-Generated-By
X-Drupal-Cache-Tags
Time
X-COUNTRY
X-Pad
FilterID
Cf-Ipcountry
X-From
X-Akamai-Request-ID
X-CF-Powered-By
X-Geo
X-NewRelic-App-Data
X-IPS-LoggedIn
X-Old-Content-Length
X-VCache
X-Azure-Ref
Uber-Trace-Id
X-NC
X-Edge
X-FORWARDED-FOR
X-MCACHE
X-VCT
X-UA
X-RateLimit-Limit
X-Source
Ms-Operation-Id
X-CS
X-RTag
X-Cache-Grace
X-Uri
Cache-Name
User-Agent
X-ECACHE
X-NWS-UUID-VERIFY
X-APP
X-OCL
X-PCL
X-Labrador-Cache-Channel
X-PHP-Host
X-Mid
X-Qloud-Router
Cache
X-GoCache-CacheStatus
Proxy-Connection
X-Drupal-Cache-Contexts
X-Edge-Location
X-Varnish-Cache-Hits
X-CDN-Forward
X-PressLabs-Stats
X-FW-Version
X-Tumblr-Pixel-3
X-Magnolia-Registration
X-Nginx-Cache
Mobile-Detection-Method
X-Region-Sid
X-Reboot
X-ScT
X-Processor
X-Instart-Info
X-Is-Gdpr
X-JWT-State
GEO-REGION-INFO
ServerName
True-Client-Country-4JS
Viewtype
Fastcgi-X-Cache-Version
T-Server
MD5-Digest
Meta-Geo-Continent
X-Session-Fingerprint
Memcached
BehaviorPad-Version
AsisCache
User-Cache-Control
Rendered-Blocks
Apple-News-Services-Handled
Machine
X-Request-URI
X-Rocket-Nginx-Bypass
X-Request-UUID
Request-Country
Apple-News-Services-Host
VivaBuild
X-S
X-Rewrite-Enabled
X-S-Cookie
X-Rojux
Arc-Country
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-PAYTM-SRV-ID
Request-EU
X-Aed
X-B-Cookie
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-External-Request-Id
X-DPWN-IS-SECURE
X-VG-WebServer
X-Application
X-Vdms-Version
X-Hyper-Cache
X-VG-WebCache
X-Date
X-SRCache-Key
X-G
X-CF-Lambda-Version
X-Cdn-Srv
X-CF-Lambda-Fn
X-Newrelic-Synthetics
X-Cache-Bucket
X-D
X-Geo-Header
X-Connection-Hash
Xc-Version
X-Destination
X-ARC
X-GeoIP-Country-Code
X-A-Ccd
X-A-Dam
X-Oneagent-Js-Injection
X-Developer
Vix-Hermes-Req-Id
X-Has-Esi
X-Transaction
X-A
X-Twitter-Response-Tags
X-A-Dgt
X-Trv-Group
X-A-Wwc
X-A-Dcw
X-Accel-Expires-Debug
X-S-Maxage
X-Sucuri-ID
Heartbleed
X-Developers
X-Fmm-Version
Locale
X-LI-Proto
X-DevSite-Last-Modified
On-Server
N-Cache
X-Li-Pop
X-Matched-Rule
X-Cms-Context
X-LI-UUID
X-Clara-WADP
X-Li-Fabric
X-BBXSRF
SD-X-WS
Gh-Request-Id
X-GeoIP-City
X-Auto-Login
Server-Host
Web-Mar-Node
Viewport
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Rt-Fastcgi-Cache
X-Backend-Host
X-Gen-Mode
X-Info
X-Gamma-Serve
X-Cache-Info
X-Block-Status
X-Generation-Time
X-Backend-State
X-Hnp-Log
X-Bc-Bl
X-Cache-URL
X-UnsetCookies
X-Wikidot-Static-Cache
X-Servername
X-Wikidot-Backend
X-Webstats-RespID
X-Server-W
AKAMAI
X-Level-Front-Cache
X-Generated-On
X-Trafficlayer-App-Name
X-Cluster-Node
X-ServiceProvider
X-We-Are-Hiring
X-Urbn-Context-Path
X-TrackingId
X-Trafficlayer-App-Version
X-Trafficlayer-App-Scope
X-Thinkindot-L3
X-Urbn-Site-Id
X-WADP-Cache
X-VServer
X-Slack-Backend
X-Micro-Cache
X-Request-Host
Content-Script-Type
Content-Style-Type
Countrycode
X-Served-From
X-Cluster-Name
X-Epic-Correlation-Id
X-Thanos
X-WebServer
X-VG-TLSProxy
X-Skip-Cache
X-Swa-Ws
X-App-Name
X-Device-Os
X-Vdms-Path
X-Dispatcher-Server
X-Scheme
X-Trace-Id
X-Varnish-Cacheable
X-Varnish-Authentication
X-Variation
X-Fastly-Cache
X-Core-Mission
X-Cache-PHP
X-Cache-FS-Status
X-Fetched-On
X-Dispatch
X-NodeID
X-Ms-Version
X-Clientip
X-Cdn-Origin
X-Owner
X-Bip
X-C
X-Contensis-Viewer-Groups
X-Ms-Request-Id
X-Cache-ASPX
X-Agile
X-Agile-Id
X-Agile-Age
X-Core-Value
Wxu-Next-Commit
Cache-Cookie-Set-Idcheck
Platform
Cache-Cookie-Set-Lfrom
Cache-Host
NM-Fastcgi-Cache
X-Irp-Debug
Cache-Cookie-Set-From
X-IN-APIGATEWAYSSL
X-Distil-CS
Wxu-Next-Region
Proxy-Firewall
CDCHOST
X-Req
FNAC-ModuleRouting
Kp-EeAlive
Is-Eu
X-Nginx-Cache-Key
X-Platform-Server
X-RateLimit-Limit-Second
Locid
Country-Code
Mail-Subject
X-RateLimit-Remaining-Second
Fastly-Drupal-HTML
X-IN-APIGATEWAY
Adler-Geo
X-Hash
X-Sigma-Backend
X-Sigma
We-Hiring
X-Storage
X-Sn-Servicetimems
X-SN
V-Age
Wxu-Next-Hostname
Group
Server-Surrogate-Control
X-Rocket-Build-Number
RNT-Time
RNT-Machine
Server-ID
Server-Cache-Control
X-B3-Spanid
X-Amzn-RequestId
X-Origin-Expires
X-Proxy-Upstream
X-Eu-Site
X-Origin-Date
X-Distributor
X-TT-TIMESTAMP
X-Rebelmouse-Surrogate-Control
X-Logging-Id
X-Hit
X-Response-By
X-LAGOON
X-SIPLIST1
X-Rebelmouse-Cache-Control
X-VC-Cache
X-Generated-In
X-Var-Ttl
X-Cache-Tags
Ha-Gx-Prefs
CF-Cached-On
HA-Ipaddr
IsBot
Request-Time
Fastly-SWR
Fastly-SIE
X-CSRF-Token
A
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
W
L5d-Success-Class
X-CUA
X-CGP
X-Cache-Expired-At
X-Debug-Log
X-SS-Set-Cookie
X-App-Server
Server-Ext
X-NX-Host
X-Refresh
Server-Hostname
Sever-Int
X-RESPONSE-TIME
X-Debug-Cookies
X-OVcl
Pagetype
M-TraceId
X-Protected-By
X-OVcl-Cache
X-Instart-Isnd
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-TA-CDN-Provider
HostName
X-FPC
PFcat
X-Method
X-Node-Id
X-Nc
X-Via-PopV
X-Via-PopH
Magicmarker
Mime-Version
X-Worker
X-SRV
X-Varnish-URL
Origin
Geoip-Latitude
X-Varnish-Ttl
X-Request-Start
Geoip-City
X-MSEdge-Flight
X-Branch-Name
PICS-Label
X-MSEdge-Features
X-Parent-Response-Time
X-GEO
XServer
X-Be
X-CACHE-KEY
X-Ruxit-Js-Agent
X-Wa
Powered-By-ChinaCache
X-Envoy-Upstream-Healthchecked-Cluster
X-Policy
GeoIp-Country-Code
X-Time
X-Lb-Id
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Pramga
X-Planisys-CDN-TTL
Memory
Geo-Info
X-Ratelimit-Remaining
X-Service
X-SERVER-NAME
Esi-Enabled
X-C-Zone
X-C-Key
Cloudfront-Viewer-Country
X-ND-Cache
X-Load-Cache
X-Pjax-Url
HitType
Who
Cteonnt-Length
Dt-Cache-Category
Environment
X-HS-Status
X-ECache
X-Via-Ucdn
X-Reqid
X-BACKEND-TTL
X-Myra-Origin2
X-Wix-Viewer-Type
X-Newrelic-App-Data
X-Country-IP
X-Azure-Ref-OriginShield
X-DC
SRV
X-Bc
X-Servedbyhost
X-Referer
X-Zone
X-VCL-Version
TTL
X-CSRF-TOKEN
X-Cache-Metadata
NtCoent-Length
X-Correlation-ID
Ttl
X-Up
X-BC
X-Vcl-Version
Fastly-Backend-Name
UCS
X-ZONE
X-Cdn-Forward
X-Ua
X-Origin-TTL
X-Origin-CC
X-NGINX-Cache
X-Cache-Host
Product
X-ServedByHost
X-Ratelimit-Limit
Pragrma
X-Server-Time
X-Swift-Error
Cdn
X-Server-IP
X-TT-LOGID
X-Pf-Uncompressing
X-Fastly-Country-Code
Cdn-Host
Cdn-Request-Time
FSS-Cache
Resin-Trace
Hostname
X-Edge-Server
CACHE
X-AK-Request-ID
X-AIR-PT
C-Via
Release
X-PJAX-URL
Cdncip
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
Cdnsip
Lb
X-App-Version
Sid
X-SVT-ORM-RULES
LB
X-SVT-ORM-VERSION
X-NU-AKA-ACS-Version
Load-Balancing
X-Node-ID
Warning
GeoIP-Country-Code
My-App
X-Configured-By
X-WPE-Loopback-Upstream-Addr
X-Location
X-Cache-Backend
MIME-Version
X-UPSTREAM-Address
X-Air-Hostname
X-BE
GeoIP-City
X-Sucuri-Cache
X-WA
GeoIP-Latitude
Dnion-Transfer-Encoding
Ohc-File-Size
X-Svr
X-Powered-Y
X-Cache-Id
X-Mvc-Supplant-Cachable
X-Tb-Optimization-Total-Bytes-Saved
X-RAMCache
X-Gzip
X-Esi-Check
X-Varnish-Url
X-LiteSpeed-Cache-Control
X-Varnish-Beresp-TTL
X-Cache-Debug
X-Fastly-Request-Id
RequestId
X-TH-Server
Ohc-Cache-HIT
X-Fastly-Backend-Reqs
X-Mvc-Supplant-OutputCached
Lfy
X-VarnishDD-TTL
CDN
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Hits
Fastly-SSL
X-User
Processtime
IBM-Web2-Location
X-Fpc
X-Apw-Access-Token
X-B3-SpanId
Pics-Label
X-MID
X-ID
CF-IPCountry
X-SD-PageType
Xet-Cookie
X-Flow-Id
X-Agile-Brick-Ok
X-ElasticPress-Query
X-Page-Impression-Id
Host-ID
X-B3-Parentspanid
X-Zalando-Child-Request-Id
Requestid
X-ElasticPress-Search
X-CACHE-AGE
X-Debug-Revision
X-Debug-Controller
X-Unique-ID
X-Ocache
X-Aicache-OS
X-Check-Cacheable
Cneonction
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Server-Int
X-Via-NSCOPI
X-Sucuri-Id
X-Envoy-Decorator-Operation
X-Action
X-DI
X-RPM
X-RPS
X-RSL
X-DW
X-DSS
X-DB
X-Akamai-ERRuleID
X-Compress-Hint
Powered-By
DataCenter
X-Dw-Trace-Id
X-Request-Url
X-Fastly-Cache-Hits
X-Request-URL
URI
X-MiniProfiler-Ids
X-Cache-Tag
X-Edge-O15-RID
X-Nananana
CloudFront-Viewer-Country
X-LB-ID
X-Akamai-ERPolicy