Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
Referrer-Policy
CF-Ray
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
X-Request-Id
Alt-Svc
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-FRAME-OPTIONS
X-Language
X-AspNetMvc-Version
X-Ua-Compatible
Upgrade
Status
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-AH-Environment
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Xkey
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
X-Varnish-Cache
Grace
X-UA-Device
X-Request-ID
Cf-Railgun
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
NEL
X-Dispatcher
X-Ac
X-Cache-Lookup
X-Readtime
X-WebKit-CSP
Surrogate-Control
X-Origin-Upstream-Status
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cloud-Trace-Context
X-Country
X-Mod-Pagespeed
X-DataDome
X-Akam-SW-Version
X-Rack-Cache
Edge-Control
Rating
X-Url
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Vname
X-TtlSet
X-Goog-Hash
X-PC
X-Instart-Request-ID
X-DynaTrace
Allow
X-Country-Code
Content-MD5
X-Varnish-TTL
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
Pinterest-Generated-By
X-Server-Name
X-D2id
X-ESI
X-Webkit-Csp
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-MS-InvokeApp
SPRequestGuid
X-Powered-By-Plesk
X-Vcache
X-Cached
X-Navigation-Version
X-B3-TraceId
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Debug
X-Forwarded-Proto
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Amz-Rid
X-MSEdge-Ref
X-Trace
Public-Key-Pins
X-Fastly-Request-ID
Nginx-Cache
X-SharePointHealthScore
X-Vcap-Request-Id
Accept-Ch
X-Server-ID
X-VARITI-CCR
MS-Author-Via
TCN
X-Fastcgi-Cache
Charset
Arr-Disable-Session-Affinity
X-Px
X-Accel-Expires
Edge-Cache-Tag
X-NF-Request-ID
X-Cache-TTL
Display
X-Ttl
Realpath
Pagespeed
X-Middleton-Display
Response
X-Middleton-Response
SPRequestDuration
X-Sol
SPIisLatency
Accept-Ch-Lifetime
X-Ser
X-Content-Type
X-Version
X-Client-IP
Fusion-Deployment-Id
Accept-CH
Cache-Tag
X-SRCache-Fetch-Status
X-SRCache-Store-Status
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-DynaTrace-JS-Agent
Front-End-Https
X-Powered-CMS
Pinterest-Version
X-Pinterest-Rid
Access-Control-Request-Method
X-Dns-Prefetch-Control
X-Id
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
X-Jurisdiction
NR-ENABLED
X-Hp-Webp
X-Upstream
X-Grace
Ar-Sid
AR-CACHE
X-Forwarded-For
X-Content-Digest
X-Element-Page-Cache
Accept-CH-Lifetime
X-Hits
X-T
X-Amz-Meta-S3cmd-Attrs
DynaTrace
S
X-Dw-Request-Base-Id
Fastcgi-Cache
ServerID
X-TTL
X-Node-Name
X-Mobile-URL
X-ASPNET-VERSION
X-Amzn-Trace-Id
PB-RID
PB-PID
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
Server-Node
X-Recruiting
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Cache-Hit
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Mobile-Rewrite
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-GUploader-UploadID
Arc-Version
Powered
X-Frontend
X-FTR-Expires
X-Shard
TP-L2-Cache
TP-Cache
X-Ezoic-Cdn
X-DIS-Request-ID
AMP-Access-Control-Allow-Source-Origin
X-Shield-Request-Id
Fastly-Restarts
Upgrade-Insecure-Requests
X-NWS-LOG-UUID
X-HS-Combine-CSS
Alternate-Protocol
X-Request-Received
X-Request-Processing-Time
X-Logged-In
X-Varnish-Age
Refresh
X-XRDS-LOCATION
WPE-Backend
X-Correlation-Id
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
X-FTR-Cache-Host
Server-Name
MicrosoftSharePointTeamServices
X-B
X-F-Cache
X-Page-Id
X-Rid
X-Akamai-Edgescape
X-User-Agent
X-Content-Security-Policy-Report-Only
X-LB-Cache
X-Via-JSL
X-Geo-Country
X-N
X-XRDS-Location
Host
Cache-Status
X-Zen-Fury
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Content-Options
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Origin-Server
Host-Header
X-Varnish-Grace
X-Amz-Apigw-Id
X-B3-Sampled
X-Kinsta-Cache
X-Revision
X-Type
X-Instance
X-FB-Debug
X-Amz-Replication-Status
X-ATG-Version
X-Cache-Action
X-AOL-HN
X-TT
X-B-Cache
X-Debug-Info
X-Signature
X-Tumblr-Pixel-0
X-Git-Hash
X-Tumblr-User
X-App-Environment
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Request-Guid
X-Jobs
Paypal-Debug-Id
Actual-Object-TTL
X-Content-Powered-By
X-Varnish-Backend
Liferay-Portal
Fastcgi-Useragent
Frame-Options
X-Whom
Healthy
X-Tt-Trace-Host
X-Tt-Trace-Tag
Section-Io-Cache
X-Cluster
X-Cached-By
X-Hostname
X-Srv
X-Cache-Key
X-PHP-Backend
X-Seen-By
X-Daa-Tunnel
X-Cache-Rule
X-AppVersion
X-Activity-Id
X-Framework
X-Cache-Operation
X-Az
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-CST
X-FireWall-Port
Tracecode
X-WA-Info
X-Endurance-Cache-Level
X-Cache-Age
Retry-After
X-Contextid
X-Mobile
X-Host-Name
X-IPLB-Instance
Source
X-Upgrade-Enabled
X-Response-Served-From
X-Accel-Buffering
NGB
Accept-Charset
X-ProcessESI
X-RemovedCookies
X-Presslabs-Stats
Xserver
X-Cache-NE
Srv
Surrogate-Key
X-FW-Serve
X-FW-Hash
Payment
X-FW-Server
X-Amzn-Requestid
Eomportal-Instance
DC
X-FW-Type
X-Region
Trailer
X-FW-Static
X-Origin-Response-Time
X-Tumblr-Pixel-1
X-GeoIP
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-Varnish-Server
X-Rendered-As
Filters
X-Adobe-Content
X-Is-Bot
X-L-Path
X-Cacheable-TTL
X-Environment-Context
X-Handled-By
X-Adobe-Loc
X-UUID
X-RequestSource
X-EdgeConnect-Cache-Status
X-Cache-2
Server-Info
X-UA-Device-Type
X-RateLimit-Remaining
From-Origin
X-Backend-Name
X-Edge-O15-RID
X-Cache-TTL-Remaining
Cache-Tv-Group
X-Time-Microsecs
X-Proxy
X-FastCGI-Cache
X-Wix-Request-Id
X-Cache-Server
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
MS-CV
X-Oss-Storage-Class
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Oss-Request-Id
X-Oss-Server-Time
X-APP-VERSION
X-Cache-Enabled
X-Akamai-Transformed
X-NGENIX-Cache
Version
Datacenter
X-Status
Filterid
X-Unique-Id
X-IPS-LoggedIn
X-Dc
X-Mode
X-Yottaa-Metrics
X-Yottaa-Optimizations
S-Cnection
X-Cache-Var-Map
X-Cache-Var
X-RN-RSRV
Meta-Geo
X-Path-Route
X-ES-SERVER
X-Amzn-RequestId
X-CCM
X-Pad
X-Section
X-Format
X-Forwarded-Host
X-TX-ID
X-Access
Akamai-GRN
ServedBy
X-Origin
X-SS-Set-Cookie
X-Akamai-Request-ID
GEO-INFO
X-Ua-Device
X-Redis-Cache
X-ApacheServer
X-TIME
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Via-Fastly
X-Tb
X-Cache-Time
X-Cache-Status-Check
Cleartype
Cache-Tags
X-NYM-Debug-Backend
X-PERF
X-Hl-Ver
X-R9-Blue-Green-Version
Country
X-EIG-Tracking-Id
X-Hosted-By
NGX
Now
X-ProxyCache-Status
X-FC-Vary-Parameters
X-Shopify-Generated-Cart-Token
X-Human
DB-Nickname
Content-Disposition
Cache-Key
X-FW-Dynamic
X-Request-Time
X-Shopify-Stage
Mn-Server-Ip
X-LJ-Flow-ID
X-AWS-Id
X-Sorting-Hat-PodId
Webserver
X-Alternate-Cache-Key
X-Vgn-Hpd-Reason
X-VWS-Id
X-SayCDN-TTL
X-ShardId
X-Varnish-Hits
X-Pubstack
X-Cache-Config
X-ShopId
X-Soup
X-Web-Node
X-Amzn-Remapped-Content-Length
X-BYPASS-REASON
X-ServerID
X-Device-Type
X-Sorting-Hat-ShopId
X-Say-TTL
Origin-Edge-Control
Origin-Cache-Control
X-Debug-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Say-Cacheable
X-Proto
X-Proxy-Cache-Status
X-Akamai-Request-ID2
X-ProxyCache-Key
OT-Force-Account-Verify
X-Cache-Control
X-Cache-Remote
X-SaId
X-Esi
X-Routing-Service
X-PressLabs-Stats
X-Proxy-Build
X-Site-Version
Selected-Fe
X-Viewer-Country
X-TNCMS
X-Timing-Wait
S-Rt
X-Proxied
X-NewRelic-App-Data
X-Generated-By
X-IP
X-Generated
X-FB-TRIP-ID
X-Detected-As
X-JoinUs
X-Locale
X-NCache
X-MP-GENERATED-AT
X-BCube-Filmed-By
X-Loop
Azure-InstanceId
X-Www-Served-By
Webcakes-App-Name
Cross-Origin-Window-Policy
TWC-Privacy
Azure-SiteName
Webcakes-App-Version
Webcakes-Region
Azure-Version
X-RCS-CacheZone
X-Origin-Hint
Azure-SlotName
TWC-Locale-Group
Azure-RegionName
Property-Id
X-Zipkin-Id
X-Content-Age
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-Device-Class
Ec-Rule-Version
TWC-GeoIP-Country
X-Aspnetmvc-Version
Node
X-Xfnlog-Site
Access-Control-Request-Headers
X-HTML-Minification-Powered-By
FilterID
X-Real-IP
Cache-Hits
X-Geo
X-B3-Traceid
Section-Io-Origin-Status
X-App-Server
Nel
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Drupal-Cache-Tags
X-EC-Lua
Accept-Language
X-Uri
X-Microcachable
X-CACHE-KEY
X-Adobe-Source
X-No-Session
Odigeo-Trace-Id
X-OCL
X-Rule
X-PCL
X-Qloud-Router
Cf-Ipcountry
X-Varnish-Cache-Hits
X-Source
Time
X-Time
X-NWS-UUID-VERIFY
X-RTag
Ms-Operation-Id
X-Azure-Ref
X-UA
X-From
User-Agent
X-Hyper-Cache
X-PHP-Host
X-Load-Cache
X-Labrador-Cache-Channel
X-Info
X-Storage
X-Backend-TTL
Proxy-Connection
X-RateLimit-Limit
X-Cache-NGX
X-Nginx-Cache
X-Cluster-Node
X-SERVER
X-Nc
X-TA-CDN-Provider
Powered-By-ChinaCache
X-Old-Content-Length
X-OVcl-Cache
X-OVcl
X-Region-Sid
X-A-Wwc
X-Varnish-Beresp-Status
X-Aed
X-A-Dam
X-Accel-Expires-Debug
X-Varnish-Beresp-Grace
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-A-Dgt
X-Processor
X-A-Dcw
A
X-G
Request-EU
Request-Country
X-Date
X-D
Fastcgi-X-Cache-Version
X-GeoIP-Country-Code
GEO-REGION-INFO
X-External-Request-Id
Rendered-Blocks
Mobile-Detection-Method
X-Destination
X-Developer
Meta-Geo-Continent
MD5-Digest
Machine
X-DPWN-IS-SECURE
ServerName
Content-Style-Type
X-GoCache-CacheStatus
X-Connection-Hash
Apple-News-Services-Handled
X-Drupal-Cache-Contexts
Viewtype
X-Edge-Location
X-A
VivaBuild
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
True-Client-Country-4JS
T-Server
Content-Script-Type
BehaviorPad-Version
AsisCache
Apple-News-Services-Request-Url
Arc-Country
X-A-Ccd
X-Request-URI
X-Vtex-Processado-Em
X-ScT
X-Vtex-Remote-Cache
X-S-Cookie
X-Cdn-Srv
X-B-Cookie
X-VG-TLSProxy
X-UnsetCookies
X-Session-Fingerprint
X-Vdms-Version
X-Application
X-ARC
X-Magnolia-Registration
X-CF-Lambda-Fn
X-SRCache-Key
X-Newrelic-Synthetics
X-Twitter-Response-Tags
X-Rewrite-Enabled
X-VG-WebCache
X-Request-UUID
X-Trv-Group
X-VG-WebServer
X-S
Xc-Version
X-Rojux
X-Transaction
Cache-Name
Uber-Trace-Id
Rt-Fastcgi-Cache
X-Cluster-Name
X-Varnish-Ttl
X-CF-Powered-By
Geo-Info
X-Core-Value
Thinkindot-CacheControl-Type
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Thinkindot-CacheControl
X-Cache-Grace
X-Trafficlayer-App-Scope
X-Eu-Site
L5d-Success-Class
X-C
Locid
X-Trafficlayer-App-Version
PFcat
X-TT-TIMESTAMP
X-Distil-CS
Thinkindot-Control
HA-Ipaddr
X-Geo-Header
X-Varnish-Cacheable
X-GeoIP-City
X-Cache-Expired-At
X-Generated-On
Ha-Gx-Prefs
X-Trafficlayer-App-Name
Server-Host
X-Sn-Servicetimems
X-Cdn-Origin
Mime-Version
X-CGP
X-Served-From
X-Service
X-ND-Cache
X-Level-Front-Cache
X-Agile-Id
X-Wikidot-Backend
X-Reboot
X-Agile-Age
X-Agile
X-Rocket-Build-Number
X-Wikidot-Static-Cache
X-Rocket-Nginx-Bypass
W
X-ServiceProvider
X-Developers
X-App-Name
X-Sigma-Backend
Viewport
X-Sigma
X-Backend-State
CDCHOST
X-Thinkindot-L3
X-Matched-Rule
X-CS
X-Cms-Context
X-Debug-Cookies
X-Core-Mission
X-Contensis-Viewer-Groups
X-Cache-Info
X-Debug-Log
X-CUA
X-Cache-FS-Status
X-Debug-Cache-Expiry
X-Clara-WADP
X-Clientip
X-Debug-Cache-Fetch
X-Cache-Bucket
X-Cache-URL
X-Cache-Tags
X-Cache-ASPX
X-Debug-Cache-Store
X-Block-Status
X-Nginx-Cache-Key
X-Request-Host
X-Bip
X-Rebelmouse-Surrogate-Control
X-Webstats-RespID
X-WebServer
X-WADP-Cache
X-We-Are-Hiring
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Origin-Expires
X-Origin-Date
X-Owner
X-Platform-Server
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Server-W
X-Servername
X-Varnish-Authentication
X-VC-Cache
X-Variation
X-Var-Ttl
X-Urbn-Context-Path
X-Urbn-Site-Id
X-TrackingId
X-Trace-Id
X-SIPLIST1
X-VServer
X-Skip-Cache
X-Slack-Backend
X-Thanos
X-Swa-Ws
X-NX-Host
X-NodeID
X-Gen-Mode
X-Gamma-Serve
X-Generated-In
X-Generation-Time
X-Hash
X-Has-Esi
X-FW-Version
X-Fetched-On
X-Dispatch
X-DevSite-Last-Modified
X-Dispatcher-Server
X-Distributor
X-Fastly-Cache
X-Epic-Correlation-Id
X-Hit
X-Hnp-Log
X-Logging-Id
X-LI-UUID
X-Micro-Cache
X-Ms-Request-Id
X-Tumblr-Pixel-3
X-Ms-Version
X-LI-Proto
X-Li-Pop
X-Irp-Debug
X-Instart-Isnd
X-Is-Gdpr
X-JWT-State
X-Li-Fabric
X-LAGOON
X-Device-Os
X-BBXSRF
HitType
Memcached
Locale
Kp-EeAlive
IsBot
N-Cache
On-Server
RNT-Time
RNT-Machine
Pramga
Platform
Is-Eu
Heartbleed
Country-Code
Countrycode
Cache-Host
AKAMAI
Adler-Geo
X-Varnish-Beresp-Ttl
Fastly-Drupal-HTML
Group
Gh-Request-Id
Fastly-SWR
Fastly-SIE
Server-Cache-Control
Mail-Subject
X-Auto-Login
V-Age
We-Hiring
Web-Mar-Node
Server-ID
X-Bc-Bl
User-Cache-Control
Server-Surrogate-Control
X-NC
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-Backend-Host
X-S-Maxage
X-Req
Cloudfront-Viewer-Country
FNAC-ModuleRouting
X-Lb-Id
Environment
X-Sucuri-ID
X-VHOST
X-Node-Id
X-Refresh
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Response-By
X-RESPONSE-TIME
Cache-Cookie-Set-From
Hostname
X-CLOUD-TRACE-CONTEXT
X-Parent-Response-Time
X-VCT
X-BACKEND-TTL
X-Fmm-Version
X-Ratelimit-Remaining
X-Scheme
X-App-Version
X-Origin-CC
X-Origin-TTL
X-Cdn-Forward
Fastly-Backend-Name
X-Pjax-Url
X-VCache
X-Up
X-Varnish-URL
X-CDN-Forward
X-CSRF-Token
Cache
X-MSEdge-Features
SD-X-WS
X-Instart-Info
X-Server-Time
X-APP
X-MSEdge-Flight
Origin
X-SN
X-B3-Spanid
X-MCACHE
X-TT-LOGID
Proxy-Firewall
X-Edge
X-Correlation-ID
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-FPC
Pragrma
X-Cache-PHP
PICS-Label
Geoip-City
Geoip-Latitude
M-TraceId
Vix-Hermes-Req-Id
Request-Time
X-CSRF-TOKEN
Cdnsip
X-AK-Request-ID
CACHE
GeoIp-Country-Code
X-Wa
Cdncip
X-Cache-Host
NtCoent-Length
X-SVT-ORM-VERSION
X-Vdms-Path
X-ECACHE
X-HS-Status
Ohc-File-Size
X-SVT-ORM-RULES
X-Vcl-Version
NM-Fastcgi-Cache
X-Wix-Viewer-Type
CF-Cached-On
TTL
X-Ua
X-Mid
X-Air-Hostname
X-NU-AKA-ACS-Version
X-Be
X-URL
Sever-Int
X-Myra-Origin2
Cdn
Memory
Server-Ext
Pagetype
Server-Hostname
X-ECache
X-Ratelimit-Limit
RequestId
Resin-Trace
X-Method
Magicmarker
X-ServedByHost
X-Cache-Debug
X-Bc
X-Zone
X-Pf-Uncompressing
X-Cache-Metadata
HostName
Ohc-Cache-HIT
XServer
X-TH-Server
X-Worker
Tcn
SRV
X-Newrelic-App-Data
X-Dynatrace-Js-Agent
IBM-Web2-Location
Cteonnt-Length
Release
X-BC
X-ZONE
X-Servedbyhost
X-Via-PopH
X-Via-PopV
X-FORWARDED-FOR
X-Oneagent-Js-Injection
X-GEO
Load-Balancing
X-Envoy-Upstream-Healthchecked-Cluster
Dt-Cache-Category
X-Request-Start
X-Azure-Ref-OriginShield
X-Branch-Name
X-Protected-By
X-Referer
Server-Int
Dnion-Transfer-Encoding
X-Unique-ID
X-DC
X-Swift-Error
X-NGINX-Cache
X-Tb-Optimization-Total-Bytes-Saved
Lb
Powered-By
X-Ocache
X-Policy
X-Fastly-Country-Code
Esi-Enabled
X-Planisys-CDN-Cache
Ttl
X-Cache-Id
X-Esi-Check
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-AIR-PT
Pics-Label
X-Configured-By
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-SRV
X-VCL-Version
X-B3-SpanId
X-Ruxit-Js-Agent
X-C-Zone
GeoIP-Country-Code
X-Reqid
X-Node-ID
X-WA
Fastly-Soc-X-Request-Id
X-Gzip
X-Datadome
X-C-Key
X-COUNTRY
Fastly-SSL
GeoIP-Latitude
Who
X-Via-Ucdn
X-Action
GeoIP-City
MIME-Version
X-DSS
X-DI
X-VarnishDD-TTL
X-DB
X-Flog
X-RPS
X-RPM
X-DW
X-ABtesting
X-Hello
X-RSL
X-Fpc
X-HostName
UCS
X-Svr
X-Powered-Y
X-PF-Uncompressing
X-Country-IP
Host-ID
LB
X-SERVER-NAME
X-Cache-Backend
X-Amzn-Remapped-Date
Lfy
Product
X-Render-Time
X-Fastly-Backend-Reqs
X-PJAX-URL
FSS-Cache
X-Varnish-Url
X-Fastly-Request-Id
X-Via-CDN
ProcessTime
X-RAMCache
X-Amzn-Remapped-Connection
X-SD-PageType
Sid
X-WPE-Loopback-Upstream-Addr
X-UPSTREAM-Address
FSS-Proxy
X-User
X-MID
X-Varnish-Beresp-TTL
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-Flow-Id
Requestid
X-Beluga-Trace
X-BE
X-Beluga-Node
X-Beluga-Record
X-Key
X-LiteSpeed-Cache-Control
X-Beluga-Cache-Status
X-Server-IP
Xet-Cookie
X-Beluga-Response-Time
X-Internal-Host
Amp-Access-Control-Allow-Source-Origin
X-Pinterest-Direct
X-Agile-Brick-Ok
X-Beluga-Status
CF-IPCountry
X-Aicache-OS
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
X-Debug-Controller
L
X-Apw-Access-Action
WZWS-RAY
X-Compress-Hint
CDN
X-Debug-Revision
Cneonction
X-Sucuri-Cache
X-B3-Parentspanid
SN
X-Tid
X-Check-Cacheable
X-Sucuri-Id
X-Litespeed-Cache-Control
X-Nananana
X-App
X-Location
X-Request-URL
X-Dw-Trace-Id
DataCenter
X-Request-Url
X-Fastly-Cache-Hits
X-MiniProfiler-Ids
X-ElasticPress-Search
X-LB-ID
CloudFront-Viewer-Country