Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
CF-RAY
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
P3p
X-DNS-Prefetch-Control
X-Ua-Compatible
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-Content-Security-Policy
X-CDN
X-AspNetMvc-Version
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-Envoy-Upstream-Service-Time
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
EagleId
X-Page-Speed
Feature-Policy
X-Hacker
X-Server-Powered-By
Request-Context
X-Pingback
Server-Timing
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Grace
Ali-Swift-Global-Savetime
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Report-To
Cf-Railgun
X-OneAgent-JS-Injection
X-Rq
CONTENT-SECURITY-POLICY
X-Server-Id
X-Device
X-LiteSpeed-Cache
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
X-Node
X-Response-Time
X-Dispatcher
NEL
X-Ac
X-WebKit-CSP
X-Cache-Lookup
X-Origin-Upstream-Status
X-Dns-Prefetch-Control
Request-Id
X-Readtime
Surrogate-Control
X-DataDome
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-Application-Context
Content-Location
X-Ruxit-JS-Agent
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Rack-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Clacks-Overhead
X-Url
RTSS
X-Cloud-Trace-Context
Fusion-Deployment-Id
X-Goog-Hash
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-Country-Code
X-DynaTrace
X-ASPNET-VERSION
Allow
X-Varnish-TTL
Verso
X-GitHub-Request-Id
Service-Worker-Allowed
Accept-CH
X-MS-InvokeApp
X-Instart-Request-ID
X-D2id
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Server-Name
Pinterest-Generated-By
SPRequestGuid
Content-MD5
X-Powered-By-Plesk
Accept-CH-Lifetime
X-Forwarded-Proto
X-Cached
X-Trace
X-Navigation-Version
X-Amz-Server-Side-Encryption
TCN
X-SharePointHealthScore
X-Amz-Rid
X-Abt-Application-Version
Public-Key-Pins
X-Fastly-Request-ID
X-Vcap-Request-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Nginx-Cache
X-MSEdge-Ref
X-Debug
X-ESI
X-Vcache
SPIisLatency
SPRequestDuration
Arr-Disable-Session-Affinity
X-DynaTrace-JS-Agent
X-VARITI-CCR
X-Ttl
Charset
X-Accel-Expires
NR-ENABLED
X-B3-TraceId
X-Cache-TTL
Response
Pagespeed
X-Middleton-Display
Display
X-Middleton-Response
MS-Author-Via
X-NF-Request-ID
X-Sol
X-Px
Realpath
X-Content-Type
X-Client-IP
Cache-Tag
WPE-Backend
S
Access-Control-Request-Method
Pinterest-Version
X-Pinterest-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
X-Id
X-Server-ID
X-Grace
X-Powered-CMS
Edge-Cache-Tag
X-Webkit-Csp
X-Shield-Request-Id
X-Hp-Webp
X-Jurisdiction
Front-End-Https
X-T
X-Hits
X-Upstream
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Content-Digest
X-Fastcgi-Cache
X-Dw-Request-Base-Id
X-Version
DynaTrace
X-Node-Name
X-Cache-Hit
X-Recruiting
Fastcgi-Cache
X-B3-TraceId-Primal
AMP-Access-Control-Allow-Source-Origin
MRF-Tech
ServerID
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mobile-URL
X-Request-Processing-Time
X-Request-Received
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-FTR-Backend
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-FTR-Balancer
AR-CACHE
X-FTR-Backend-Server
Server-Node
X-Country-Code-Real
X-Goog-Storage-Class
Ar-Sid
X-Goog-Metageneration
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-Correlation-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
Powered
PB-PID
PB-RID
X-FTR-Expires
TP-Cache
TP-L2-Cache
X-DIS-Request-ID
X-Ezoic-Cdn
X-Mobile-Rewrite
Upgrade-Insecure-Requests
X-TTL
Arc-Version
X-Shard
Refresh
Host-Header
X-Forwarded-For
X-HS-Combine-CSS
Alternate-Protocol
Accept-Ch
Server-Name
X-Geo-Country
X-XRDS-Location
Fastly-Restarts
X-N
X-Amzn-Trace-Id
X-Microsite
X-Request-Handler-Origin-Region
X-NWS-LOG-UUID
X-LB-Cache
X-Akamai-Edgescape
X-Rid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Page-Id
X-F-Cache
X-User-Agent
X-ATS-Timestamp
Backend-Timing
X-FastCGI-Cache
X-B
X-FTR-Cache-Host
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Logged-In
X-Varnish-Age
Accept-Ch-Lifetime
X-XRDS-LOCATION
X-Cache-Key
MicrosoftSharePointTeamServices
X-Amzn-Requestid
X-Kinsta-Cache
X-Zen-Fury
Healthy
X-Revision
X-Esi
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Presslabs-Stats
X-Cache-Age
X-Origin-Server
Paypal-Debug-Id
X-Varnish-Grace
X-Request-Guid
X-Via-JSL
X-Varnish-Backend
X-App-Environment
Fastcgi-Useragent
X-Git-Hash
X-Jobs
X-Instance
X-Hostname
X-Tumblr-Pixel-0
X-Tumblr-User
X-B3-Sampled
X-Tumblr-Pixel
X-ATG-Version
X-Amz-Replication-Status
X-Type
X-B-Cache
X-TT
Actual-Object-TTL
Section-Io-Cache
X-Seen-By
X-Signature
X-Debug-Info
X-AOL-HN
X-WebKit-CSP-Report-Only
X-Cache-Action
X-Cluster
X-FB-Debug
X-Whom
Host
Frame-Options
Cache-Status
X-Contextid
Access-Control-Allow-Method
X-Endurance-Cache-Level
X-Cache-Rule
X-Content-Options
X-Cache-Operation
Source
Trailer
X-Erf-Bev-Bev-Is-Generated
X-Host-Name
X-Erf-Bev-Bev
X-Content-Powered-By
X-SERVER
DC
Accept-Charset
Tracecode
X-APP-VERSION
X-Az
X-Activity-Id
X-AppVersion
X-Daa-Tunnel
X-FireWall-Port
X-Upgrade-Enabled
X-IPLB-Instance
From-Origin
X-Tt-Trace-Tag
X-Amz-Apigw-Id
Liferay-Portal
X-Tt-Trace-Host
X-PHP-Backend
X-Response-Served-From
NGB
X-Framework
Retry-After
X-Accel-Buffering
X-RateLimit-Remaining
X-WA-Info
X-RemovedCookies
X-ProcessESI
X-FW-Serve
X-FW-Server
X-FW-Static
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel-1
X-UUID
VIX-Pulpo-Node
X-FW-Type
X-Tumblr-Pixel-2
X-FW-Hash
X-TIME
Surrogate-Key
X-Rendered-As
X-Time-Microsecs
X-Cacheable-TTL
X-Is-Bot
Payment
X-L-Path
Eomportal-Instance
X-Adobe-Content
X-Mobile
X-Environment-Context
X-Wix-Request-Id
X-Region
X-Adobe-Loc
Filters
X-GeoIP
X-RequestSource
X-Varnish-Server
X-Cache-NE
X-Unique-Id
Srv
X-Handled-By
X-Proxy
X-UA-Device-Type
X-CST
Filterid
GEO-INFO
X-NGENIX-Cache
X-Cache-Control
Nel
X-URL
X-Origin-Response-Time
X-Cache-Server
X-Varnish-Hostname
X-Webkit-CSP
X-EdgeConnect-Cache-Status
Datacenter
X-Cached-By
X-Cache-TTL-Remaining
X-Akamai-Transformed
X-Cache-Time
X-B3-Traceid
Xserver
X-Backend-Name
Odigeo-Trace-Id
X-Rule
X-Litespeed-Cache
MS-CV
X-Mode
Cache-Tags
X-Pinterest-Direct
Version
S-Cnection
X-Status
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-FW-Dynamic
X-Locale
X-Path-Route
X-IP
X-CCM
X-Cache-Var
X-Cache-Var-Map
X-Site-Version
X-ES-SERVER
Meta-Geo
X-Ua-Device
Cache-Tv-Group
X-Via-Fastly
X-PERF
Ec-Rule-Version
Azure-SlotName
X-Dc
X-Srv
X-MP-GENERATED-AT
Webserver
X-RN-RSRV
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-Version
X-Pubstack
X-Amzn-Remapped-Content-Length
X-Redis-Cache
Country
DB-Nickname
S-Rt
X-FC-Vary-Parameters
Server-Info
X-Cache-Enabled
X-Www-Served-By
X-ApacheServer
X-Cache-2
Cache-Hits
X-Akamai-Request-ID2
Decoy-Debug-TTL
X-Loop
X-TNCMS
Akamai-GRN
X-Origin-Hint
X-TX-ID
Decoy-Debug-Status
X-SayCDN-TTL
X-Human
Cross-Origin-Window-Policy
Node
X-Detected-As
X-Cache-NGX
X-Say-TTL
X-Say-Cacheable
Decoy-Debug-Key
Webcakes-App-Version
NGX
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
Webcakes-Region
X-Adobe-Source
Webcakes-App-Name
X-Web-Node
ServedBy
Property-Id
Content-Disposition
X-Forwarded-Host
X-NCache
Origin-Cache-Control
X-Real-IP
Origin-Edge-Control
X-R9-Blue-Green-Version
Cache-Key
Cleartype
X-LJ-Flow-ID
X-NYM-Debug-Backend
Now
X-No-Session
X-Access
X-Origin
X-AWS-Id
X-Hosted-By
X-Cache-Status-Check
X-Cache-Config
X-Hl-Ver
X-Routing-Service
Section-Io-Id
X-Zipkin-Id
X-VWS-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Proxied
Section-Origin-Responded
X-Section
X-Microcachable
X-Device-Type
X-Format
X-RCS-CacheZone
Access-Control-Request-Headers
X-Goog-Meta-Goog-Reserved-File-Mtime
Mn-Server-Ip
X-FB-TRIP-ID
X-Backend-TTL
X-Timing-Wait
X-Proxy-Build
X-Shopify-Stage
X-Sorting-Hat-PodId
X-EIG-Tracking-Id
X-BYPASS-REASON
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
Selected-Fe
OT-Force-Account-Verify
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Cache-Status
X-Alternate-Cache-Key
X-ServerID
X-HTML-Minification-Powered-By
X-Xfnlog-Site
X-Viewer-Country
X-Shopify-Generated-Cart-Token
X-Vgn-Hpd-Reason
X-BCube-Filmed-By
X-Content-Age
X-Tb
X-Generated
X-Cdn
X-Soup
X-Debug-Cache
X-SaId
X-Proto
X-JoinUs
X-EC-Lua
X-Request-Time
X-Cache-Remote
X-From
Accept-Language
X-Oss-Hash-Crc64ecma
X-CF-Powered-By
X-Oss-Object-Type
X-Oss-Storage-Class
X-Drupal-Cache-Tags
X-Oss-Server-Time
X-Oss-Request-Id
X-Generated-By
X-COUNTRY
X-Akamai-Request-ID
X-MCACHE
X-Pad
X-Varnish-Hits
Cf-Ipcountry
X-Edge
X-NC
X-UA
Time
X-NewRelic-App-Data
X-Old-Content-Length
X-IPS-LoggedIn
X-VCT
Uber-Trace-Id
X-VCache
X-RateLimit-Limit
X-ECACHE
X-Azure-Ref
X-Geo
X-FORWARDED-FOR
X-Source
Cache-Name
X-Cache-Grace
X-CS
X-Ruxit-Js-Agent
X-RTag
X-Mid
Ms-Operation-Id
X-CLOUD-TRACE-CONTEXT
X-APP
Cache
X-NWS-UUID-VERIFY
X-GoCache-CacheStatus
X-Uri
FilterID
User-Agent
X-CDN-Forward
X-OCL
Proxy-Connection
X-PCL
X-Magnolia-Registration
X-Info
X-Sucuri-ID
X-Edge-Location
X-Tumblr-Pixel-3
X-FW-Version
X-Drupal-Cache-Contexts
X-Qloud-Router
X-Varnish-Cache-Hits
X-Labrador-Cache-Channel
X-PHP-Host
X-A
Xc-Version
Apple-News-Services-Request-Url
VivaBuild
X-A-Ccd
Arc-Country
Apple-News-Services-Parsed-Url
AKAMAI
X-A-Dcw
Apple-News-Services-Handled
Apple-News-Services-Host
X-A-Dam
Viewtype
True-Client-Country-4JS
Memcached
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Request-Country
Rendered-Blocks
X-Vtex-Remote-Cache
Machine
T-Server
AsisCache
BehaviorPad-Version
Fastcgi-X-Cache-Version
GEO-REGION-INFO
Request-EU
X-S-Cookie
X-G
X-Generated-On
X-External-Request-Id
X-DPWN-IS-SECURE
X-Developer
X-Geo-Header
X-GeoIP-Country-Code
X-JWT-State
X-Is-Gdpr
X-Instart-Info
X-Has-Esi
X-Destination
X-Date
X-Application
X-Cdn-Srv
X-ARC
X-Cache-Bucket
X-Aed
X-CF-Lambda-Fn
X-D
X-Connection-Hash
X-CF-Lambda-Version
X-Accel-Expires-Debug
X-Level-Front-Cache
X-Micro-Cache
X-A-Dgt
X-SRCache-Key
X-Session-Fingerprint
X-Served-From
X-ScT
X-Transaction
X-Trv-Group
X-VG-WebServer
X-VG-WebCache
X-Vdms-Version
X-Twitter-Response-Tags
X-B-Cookie
X-S
X-Region-Sid
X-Reboot
X-Processor
X-PAYTM-SRV-ID
X-Request-URI
X-A-Wwc
X-Rojux
X-Rocket-Nginx-Bypass
X-Rewrite-Enabled
X-Request-UUID
X-Vtex-Processado-Em
ServerName
Countrycode
User-Cache-Control
X-Oneagent-Js-Injection
X-UnsetCookies
SD-X-WS
X-Newrelic-Synthetics
X-Cluster-Node
X-Cdn-Origin
X-Clara-WADP
X-Cache-URL
X-Cache-Info
X-Block-Status
X-Cache-ASPX
X-Gen-Mode
X-Contensis-Viewer-Groups
X-Fastly-Cache
X-Developers
X-Fmm-Version
X-Bip
X-DevSite-Last-Modified
X-Core-Value
X-Cms-Context
X-Agile-Id
Thinkindot-Control
Viewport
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Host
Server-Surrogate-Control
Vix-Hermes-Req-Id
Web-Mar-Node
X-Auto-Login
X-Backend-State
X-Generation-Time
X-Agile-Age
X-Nginx-Cache
X-Agile
X-Bc-Bl
X-Logging-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Varnish-Authentication
X-TrackingId
X-Trace-Id
X-Thanos
X-Thinkindot-L3
X-VG-TLSProxy
X-VServer
Heartbleed
N-Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-WADP-Cache
X-We-Are-Hiring
X-Swa-Ws
X-Backend-Host
X-Ms-Request-Id
X-Ms-Version
X-NodeID
X-Matched-Rule
Server-Cache-Control
X-Webstats-RespID
X-Vdms-Path
X-Scheme
X-Request-Host
X-Sn-Servicetimems
X-BBXSRF
X-Skip-Cache
X-ServiceProvider
X-Server-W
X-Servername
X-Hnp-Log
X-Dispatch
Cache-Cookie-Set-Idcheck
Content-Script-Type
Cache-Cookie-Set-Lfrom
Gh-Request-Id
On-Server
Content-Style-Type
Locale
Cache-Cookie-Set-From
X-Hyper-Cache
X-S-Maxage
X-Cluster-Name
X-Cache-PHP
X-Li-Pop
X-Li-Fabric
X-LAGOON
X-Storage
Mail-Subject
Rt-Fastcgi-Cache
X-Irp-Debug
X-LI-UUID
FNAC-ModuleRouting
X-VC-Cache
X-TT-TIMESTAMP
X-C
X-LI-Proto
X-Cache-FS-Status
X-Clientip
Kp-EeAlive
X-Trafficlayer-App-Name
X-Trafficlayer-App-Version
IsBot
X-Variation
X-Distil-CS
X-Gamma-Serve
CDCHOST
X-Varnish-Cacheable
X-Trafficlayer-App-Scope
X-IN-APIGATEWAY
Locid
Wxu-Next-Region
Is-Eu
Wxu-Next-Hostname
X-IN-APIGATEWAYSSL
Fastly-SWR
X-Sigma
X-Req
X-WebServer
Group
Adler-Geo
Cache-Host
X-SN
W
We-Hiring
X-Rebelmouse-Surrogate-Control
X-Sigma-Backend
X-Rocket-Build-Number
Platform
RNT-Time
X-Slack-Backend
Fastly-SIE
X-Var-Ttl
Wxu-Next-Commit
X-Nginx-Cache-Key
X-App-Name
RNT-Machine
X-Device-Os
X-Rebelmouse-Cache-Control
X-SIPLIST1
X-Owner
X-PressLabs-Stats
X-B3-Spanid
X-CUA
X-Response-By
X-RateLimit-Remaining-Second
X-Origin-Expires
Country-Code
Fastly-Drupal-HTML
X-Origin-Date
X-RateLimit-Limit-Second
HA-Ipaddr
X-Proxy-Upstream
Ha-Gx-Prefs
X-Hash
X-Generated-In
X-Platform-Server
X-Fetched-On
X-GeoIP-City
X-Distributor
Sever-Int
Proxy-Firewall
Server-Hostname
X-Eu-Site
X-Core-Mission
X-Cache-Tags
NM-Fastcgi-Cache
X-CGP
X-CSRF-Token
Request-Time
Server-ID
CF-Cached-On
X-Epic-Correlation-Id
V-Age
X-Dispatcher-Server
L5d-Success-Class
Server-Ext
X-Refresh
A
X-RESPONSE-TIME
X-Protected-By
Pagetype
X-Hit
X-Debug-Cookies
X-Method
M-TraceId
X-CACHE-KEY
X-Instart-Isnd
X-Parent-Response-Time
X-NX-Host
X-Cache-Expired-At
X-Debug-Log
X-App-Server
X-FPC
X-SRV
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
HostName
X-TA-CDN-Provider
X-SS-Set-Cookie
X-OVcl
X-Worker
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cache-Expiry
Magicmarker
X-Amzn-RequestId
X-OVcl-Cache
XServer
X-GEO
Geoip-City
Geoip-Latitude
X-Via-PopH
X-Via-PopV
X-Request-Start
X-Node-Id
X-Branch-Name
Mime-Version
X-Envoy-Upstream-Healthchecked-Cluster
PFcat
X-Varnish-Beresp-Ttl
X-Be
X-Policy
X-Varnish-URL
X-Varnish-Ttl
X-MSEdge-Features
X-Wa
GeoIp-Country-Code
Origin
X-MSEdge-Flight
X-Nc
PICS-Label
X-Planisys-CDN-Rules
Pramga
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Esi-Enabled
Powered-By-ChinaCache
X-Lb-Id
X-Ratelimit-Remaining
Memory
X-C-Key
Who
X-SERVER-NAME
X-Service
Cloudfront-Viewer-Country
X-C-Zone
Cteonnt-Length
X-Reqid
X-Load-Cache
X-Via-Ucdn
X-ND-Cache
X-Pjax-Url
X-Time
Geo-Info
X-Country-IP
X-HS-Status
HitType
Dt-Cache-Category
X-ECache
X-Myra-Origin2
X-Azure-Ref-OriginShield
X-BACKEND-TTL
Environment
X-Newrelic-App-Data
SRV
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Referer
X-Bc
X-Wix-Viewer-Type
Product
X-VCL-Version
TTL
X-Servedbyhost
UCS
X-Zone
X-Correlation-ID
X-NGINX-Cache
X-Cache-Metadata
NtCoent-Length
Ttl
X-BC
X-ZONE
X-Vcl-Version
X-CSRF-TOKEN
X-Cdn-Forward
X-DC
X-Server-IP
X-Up
Fastly-Backend-Name
X-ServedByHost
X-Ratelimit-Limit
FSS-Cache
Resin-Trace
X-Fastly-Country-Code
X-Origin-TTL
Cdn
X-Cache-Host
X-Origin-CC
X-Ua
C-Via
X-Pf-Uncompressing
Release
X-PJAX-URL
X-Swift-Error
Pragrma
X-Server-Time
X-TT-LOGID
X-AIR-PT
X-Edge-Server
Cdn-Request-Time
LB
Cdn-Host
Hostname
X-App-Version
X-Cache-Backend
CACHE
X-AK-Request-ID
Sid
X-Location
X-Node-ID
X-SVT-ORM-VERSION
Cdncip
Cdnsip
X-SVT-ORM-RULES
Lb
X-UPSTREAM-Address
My-App
X-Sucuri-Cache
Warning
X-WPE-Loopback-Upstream-Addr
X-NU-AKA-ACS-Version
MIME-Version
Load-Balancing
GeoIP-Country-Code
X-WA
X-Tb-Optimization-Total-Bytes-Saved
X-Configured-By
X-Fastly-Backend-Reqs
Dnion-Transfer-Encoding
X-Mvc-Supplant-Cachable
GeoIP-City
X-Powered-Y
X-Varnish-Url
X-Air-Hostname
X-Svr
X-RAMCache
X-Mvc-Supplant-OutputCached
X-Varnish-Beresp-TTL
X-BE
GeoIP-Latitude
Fastly-SSL
Ohc-File-Size
Lfy
X-User
X-Cache-Id
Ohc-Cache-HIT
X-Fastly-Request-Id
X-Gzip
X-Esi-Check
X-VarnishDD-TTL
CDN
Processtime
CF-IPCountry
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Access-Object
X-TH-Server
X-Apw-Hits
Host-ID
X-MID
Pics-Label
X-B3-SpanId
X-Fpc
RequestId
X-Cache-Debug
X-LiteSpeed-Cache-Control
X-ElasticPress-Query
X-SD-PageType
X-Amzn-Remapped-Connection
Cneonction
X-Amzn-Remapped-Date
X-Page-Impression-Id
X-Check-Cacheable
X-Flow-Id
Xet-Cookie
X-ElasticPress-Search
DSUID
Requestid
X-Agile-Brick-Ok
X-B3-Parentspanid
IBM-Web2-Location
X-Zalando-Child-Request-Id
X-Nananana
X-RPS
X-RSL
X-Via-NSCOPI
X-Debug-Controller
X-Debug-Revision
X-Envoy-Decorator-Operation
L
X-DB
X-DSS
X-DI
X-Unique-ID
X-RPM
X-Compress-Hint
X-Aicache-OS
X-DW
X-Sucuri-Id
WZWS-RAY
X-Action
Server-Int
X-LB-ID
DataCenter
X-MiniProfiler-Ids
X-Ocache
X-Dw-Trace-Id
X-Request-Url
X-Fastly-Cache-Hits
X-Cache-Tag
X-Akamai-ERPolicy
URI
CloudFront-Viewer-Country
X-Request-URL
X-Akamai-ERRuleID