Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
CF-RAY
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
CF-Ray
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
P3p
Timing-Allow-Origin
X-Ua-Compatible
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-AspNetMvc-Version
X-Content-Security-Policy
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-AH-Environment
X-Turbo-Charged-By
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Server-Powered-By
Feature-Policy
X-Pingback
Server-Timing
Request-Context
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Server-Id
X-Rq
X-Device
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Response-Time
X-Dispatcher
X-Ac
NEL
X-WebKit-CSP
X-Cache-Lookup
X-Origin-Upstream-Status
X-Readtime
Surrogate-Control
Request-Id
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-DataDome
X-Cnection
X-Country
X-Mod-Pagespeed
X-Akam-SW-Version
X-Dns-Prefetch-Control
X-Url
Edge-Control
X-Cloud-Trace-Context
Rating
X-Rack-Cache
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-TtlSet
X-Vname
X-PC
X-Goog-Hash
X-Country-Code
X-DynaTrace
X-ASPNET-VERSION
X-Varnish-TTL
X-Instart-Request-ID
Service-Worker-Allowed
X-GitHub-Request-Id
Verso
Allow
Fusion-Deployment-Id
Content-MD5
X-D2id
X-MS-InvokeApp
X-Kinja-Server
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Use-Magma
Accept-CH
X-Server-Name
SPRequestGuid
Pinterest-Generated-By
X-Cached
X-ESI
X-Ttl
X-Powered-By-Plesk
X-Navigation-Version
X-Forwarded-Proto
X-Vcache
X-Trace
TCN
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Amz-Rid
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-SharePointHealthScore
X-TEC-API-VERSION
Public-Key-Pins
X-Fastly-Request-ID
Accept-CH-Lifetime
Nginx-Cache
X-Debug
X-MSEdge-Ref
X-Vcap-Request-Id
X-VARITI-CCR
SPIisLatency
Arr-Disable-Session-Affinity
SPRequestDuration
MS-Author-Via
Charset
X-B3-TraceId
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
X-Px
Display
X-Middleton-Response
X-Middleton-Display
Pagespeed
Response
X-Content-Type
Realpath
NR-ENABLED
X-Sol
Edge-Cache-Tag
X-Client-IP
X-DynaTrace-JS-Agent
X-Ser
X-Fastcgi-Cache
Cache-Tag
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
S
X-Powered-CMS
X-Id
Front-End-Https
X-Version
X-Grace
Pinterest-Version
X-Pinterest-Rid
X-Jurisdiction
X-Hp-Webp
X-Upstream
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Webkit-Csp
X-T
X-Hits
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Shield-Request-Id
X-Dw-Request-Base-Id
WPE-Backend
DynaTrace
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Forwarded-For
Accept-Ch
AR-CACHE
Ar-Sid
X-Node-Name
Fastcgi-Cache
X-Server-ID
X-Cache-Hit
ServerID
X-Mobile-URL
X-Recruiting
X-Aspnet-Version
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Correlation-Id
Server-Node
PB-RID
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
PB-PID
X-HS-Cache-Config
TP-Cache
TP-L2-Cache
Powered
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
X-Mobile-Rewrite
X-DIS-Request-ID
Arc-Version
X-Request-Received
X-Request-Processing-Time
Upgrade-Insecure-Requests
Accept-Ch-Lifetime
Refresh
X-XRDS-Location
X-Ezoic-Cdn
X-Shard
X-HS-Combine-CSS
Alternate-Protocol
X-Amzn-Trace-Id
X-NWS-LOG-UUID
Server-Name
X-Microsite
X-Request-Handler-Origin-Region
X-Geo-Country
X-Logged-In
Host-Header
X-Varnish-Age
Fastly-Restarts
X-FTR-Cache-Host
X-Page-Id
X-N
X-F-Cache
X-LB-Cache
X-Rid
X-Akamai-Edgescape
X-User-Agent
X-B
X-ATS-Timestamp
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
X-Aspnetmvc-Version
X-XRDS-LOCATION
X-Via-JSL
X-TTL
X-Zen-Fury
Healthy
X-Kinsta-Cache
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Host
X-Origin-Server
X-Varnish-Grace
Cache-Status
X-Request-Guid
X-Jobs
X-Hostname
X-Cache-Key
Fastcgi-Useragent
X-Content-Options
X-FB-Debug
X-App-Environment
X-Whom
X-B-Cache
X-Git-Hash
X-Signature
X-Instance
X-TT
X-ATG-Version
X-AOL-HN
X-B3-Sampled
Section-Io-Cache
X-Tumblr-User
X-Tumblr-Pixel-0
X-Varnish-Backend
X-Revision
X-Type
X-Cache-Action
X-Debug-Info
X-Tumblr-Pixel
Actual-Object-TTL
Paypal-Debug-Id
X-Amz-Replication-Status
Access-Control-Allow-Method
Frame-Options
X-Seen-By
X-WebKit-CSP-Report-Only
X-Cluster
X-FastCGI-Cache
Trailer
X-Cache-Age
X-Cache-Rule
X-Cache-Operation
X-Content-Powered-By
Liferay-Portal
X-Contextid
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Endurance-Cache-Level
Source
X-Activity-Id
X-Az
X-Amz-Apigw-Id
X-AppVersion
X-Tt-Trace-Tag
X-Host-Name
X-PHP-Backend
X-Tt-Trace-Host
X-Daa-Tunnel
Tracecode
X-FireWall-Port
X-SERVER
X-Amzn-Requestid
X-Framework
X-WA-Info
X-Upgrade-Enabled
X-IPLB-Instance
Accept-Charset
Retry-After
DC
X-Mobile
X-Response-Served-From
X-Accel-Buffering
NGB
From-Origin
X-Presslabs-Stats
X-RemovedCookies
X-ProcessESI
X-Cached-By
Srv
X-Rendered-As
X-Is-Bot
Xserver
X-UUID
X-Cacheable-TTL
Surrogate-Key
X-Adobe-Content
X-Adobe-Loc
Payment
Eomportal-Instance
X-RequestSource
X-GeoIP
X-Varnish-Server
X-Region
X-Environment-Context
X-L-Path
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Server
X-FW-Hash
X-Cache-NE
X-Handled-By
X-UA-Device-Type
X-Esi
Filters
X-Srv
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Wix-Request-Id
X-RateLimit-Remaining
X-Time-Microsecs
X-Origin-Response-Time
X-Cache-TTL-Remaining
X-Varnish-Hostname
X-Unique-Id
X-APP-VERSION
X-Proxy
X-NGENIX-Cache
Nel
X-Cache-Server
X-EdgeConnect-Cache-Status
Filterid
X-Webkit-CSP
X-B3-Traceid
X-Akamai-Transformed
Datacenter
MS-CV
X-Backend-Name
X-Cache-Control
X-Cache-Time
Server-Info
Version
X-Cache-2
Cache-Tv-Group
X-Status
X-TIME
X-Cache-Enabled
X-Mode
S-Cnection
X-Yottaa-Metrics
X-Yottaa-Optimizations
Meta-Geo
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
X-CCM
X-Path-Route
X-Loop
X-Oss-Storage-Class
Webserver
X-RN-RSRV
X-Oss-Request-Id
Ec-Rule-Version
X-TNCMS
X-Oss-Server-Time
X-CST
X-IP
X-Detected-As
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-PERF
Country
X-Web-Node
X-Debug-Cache
X-Say-Cacheable
Cleartype
ServedBy
Cache-Tags
X-ApacheServer
X-Adobe-Source
X-Say-TTL
S-Rt
X-Redis-Cache
GEO-INFO
X-Proto
X-Real-IP
X-FC-Vary-Parameters
X-Forwarded-Host
X-Via-Fastly
X-R9-Blue-Green-Version
X-Human
X-TX-ID
X-SayCDN-TTL
X-Hl-Ver
OT-Force-Account-Verify
X-Device-Type
X-AWS-Id
X-Cache-Config
X-BYPASS-REASON
Access-Control-Request-Headers
X-Cache-Status-Check
Cache-Key
X-EIG-Tracking-Id
Content-Disposition
NGX
X-Goog-Meta-Goog-Reserved-File-Mtime
Section-Io-Id
X-ProxyCache-Status
Odigeo-Trace-Id
X-LJ-Flow-ID
X-RCS-CacheZone
X-ProxyCache-Key
X-Locale
X-Generated
TWC-GeoIP-LatLong
X-Akamai-Request-ID2
Section-Origin-Responded
X-Proxy-Cache-Status
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Alternate-Cache-Key
X-Soup
X-VWS-Id
Origin-Edge-Control
Property-Id
X-FW-Dynamic
Decoy-Debug-Status
TWC-Device-Class
Now
TWC-Connection-Speed
Origin-Cache-Control
TWC-GeoIP-Country
X-Amzn-Remapped-Content-Length
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Locale-Group
DB-Nickname
Akamai-GRN
Decoy-Debug-Key
X-Vgn-Hpd-Reason
Decoy-Debug-TTL
X-Site-Version
X-ShardId
X-Shopify-Stage
X-ShopId
X-Shopify-Generated-Cart-Token
X-Origin-Hint
X-Origin
X-Sorting-Hat-PodId
X-Hosted-By
X-ServerID
Cache-Hits
X-Tb
X-Sorting-Hat-ShopId
X-Pubstack
X-Proxied
X-Content-Age
Azure-SlotName
X-Format
X-NYM-Debug-Backend
X-NCache
Azure-SiteName
X-JoinUs
X-FB-TRIP-ID
X-Proxy-Build
X-MP-GENERATED-AT
Azure-Version
X-Zipkin-Id
X-Request-Time
X-Www-Served-By
Azure-RegionName
Mn-Server-Ip
X-Timing-Wait
Cross-Origin-Window-Policy
Selected-Fe
X-Routing-Service
X-Section
Azure-InstanceId
X-BCube-Filmed-By
X-HTML-Minification-Powered-By
X-Access
X-SaId
X-Xfnlog-Site
X-Cache-Remote
X-Viewer-Country
Node
X-Rule
X-Ua-Device
X-PressLabs-Stats
X-Microcachable
X-No-Session
X-NewRelic-App-Data
X-Cache-NGX
X-Varnish-Hits
X-Akamai-Request-ID
X-EC-Lua
X-Pad
X-Cdn
X-Geo
X-Generated-By
X-IPS-LoggedIn
X-Backend-TTL
Accept-Language
X-Amzn-RequestId
X-Drupal-Cache-Tags
Time
X-From
Cf-Ipcountry
X-CF-Powered-By
X-Dc
FilterID
X-NWS-UUID-VERIFY
X-Azure-Ref
Ms-Operation-Id
X-RTag
X-Source
X-Uri
X-RateLimit-Limit
X-Old-Content-Length
User-Agent
X-NC
X-Labrador-Cache-Channel
X-CACHE-KEY
X-PHP-Host
X-VCT
Uber-Trace-Id
X-PCL
X-OCL
X-Qloud-Router
X-Cache-Grace
Cache-Name
X-GoCache-CacheStatus
X-Nginx-Cache
X-Newrelic-Synthetics
X-Varnish-Cache-Hits
X-App-Server
X-CS
Proxy-Connection
X-Hyper-Cache
X-Drupal-Cache-Contexts
X-SS-Set-Cookie
Cache
X-Info
X-Aed
X-S
X-DPWN-IS-SECURE
X-Rojux
X-Edge-Location
X-Cdn-Srv
X-S-Cookie
X-SRCache-Key
X-G
X-Rocket-Nginx-Bypass
X-External-Request-Id
Rendered-Blocks
X-ScT
Request-Country
X-Session-Fingerprint
X-Request-URI
AsisCache
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
BehaviorPad-Version
Machine
X-PAYTM-SRV-ID
X-GeoIP-Country-Code
Fastcgi-X-Cache-Version
X-Processor
Apple-News-Services-Host
Apple-News-Services-Handled
GEO-REGION-INFO
X-Request-UUID
X-Rewrite-Enabled
X-MCACHE
Mobile-Detection-Method
X-Region-Sid
MD5-Digest
Meta-Geo-Continent
A
X-Reboot
X-Edge
Request-EU
VivaBuild
X-Time
X-B-Cookie
X-Developer
X-Destination
Xc-Version
X-CF-Lambda-Version
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
True-Client-Country-4JS
X-A
X-A-Ccd
X-Date
X-A-Wwc
X-Accel-Expires-Debug
X-Storage
X-D
X-A-Dgt
X-A-Dcw
X-A-Dam
X-ARC
X-Application
X-Connection-Hash
X-VG-WebCache
Viewtype
T-Server
ServerName
X-Trv-Group
X-Transaction
X-CF-Lambda-Fn
X-Twitter-Response-Tags
X-Vdms-Version
X-Cluster-Name
User-Cache-Control
X-Magnolia-Registration
X-Trafficlayer-App-Name
Content-Script-Type
X-Trafficlayer-App-Version
X-FW-Version
Content-Style-Type
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Geo-Header
X-Core-Value
Cache-Cookie-Set-From
X-GeoIP-City
X-Has-Esi
X-Li-Pop
X-Li-Fabric
X-LI-Proto
X-Matched-Rule
X-LI-UUID
X-Level-Front-Cache
X-JWT-State
X-IN-APIGATEWAY
X-Hnp-Log
X-Trafficlayer-App-Scope
X-IN-APIGATEWAYSSL
X-Is-Gdpr
Rt-Fastcgi-Cache
X-Thinkindot-L3
Memcached
X-Backend-State
N-Cache
X-Cache-Expired-At
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Block-Status
X-Servername
X-Generated-On
X-ServiceProvider
Viewport
Thinkindot-CacheControl
X-Pinterest-Direct
X-Cache-Bucket
X-Gen-Mode
Server-Host
X-Served-From
X-VServer
X-DevSite-Last-Modified
X-Sn-Servicetimems
X-Request-Host
Web-Mar-Node
X-Slack-Backend
X-Cdn-Origin
X-VG-TLSProxy
X-S-Maxage
X-UA
Geo-Info
X-Backend-Host
X-Debug-Cookies
X-Debug-Log
X-BBXSRF
X-Cache-ASPX
X-Clara-WADP
X-Cache-URL
X-Cache-Info
X-Auto-Login
Server-Cache-Control
X-WebServer
X-VC-Cache
X-Varnish-Cacheable
X-Variation
X-Device-Os
Gh-Request-Id
X-Contensis-Viewer-Groups
SD-X-WS
On-Server
Server-Surrogate-Control
X-Fastly-Cache
X-WADP-Cache
X-CGP
X-Clientip
X-Cluster-Node
X-We-Are-Hiring
X-Webstats-RespID
X-Instart-Info
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Varnish-Authentication
X-Tumblr-Pixel-3
X-Irp-Debug
X-CUA
X-Fmm-Version
X-Core-Mission
X-Micro-Cache
X-TrackingId
X-Server-W
X-Cms-Context
X-Var-Ttl
X-Urbn-Site-Id
X-Proxy-Upstream
X-Platform-Server
X-Owner
X-Hash
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Req
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-OVcl-Cache
X-OVcl
X-NodeID
X-Nginx-Cache-Key
X-Ms-Version
X-Ms-Request-Id
X-LAGOON
X-NX-Host
X-Origin-Expires
X-Instart-Isnd
X-Origin-Date
X-Cache-Tags
X-Rocket-Build-Number
X-Trace-Id
X-Distributor
X-Thanos
X-Epic-Correlation-Id
X-TT-TIMESTAMP
X-Distil-CS
X-Dispatch
X-Urbn-Context-Path
X-Dispatcher-Server
X-Eu-Site
X-Swa-Ws
X-Gamma-Serve
X-Scheme
X-Generated-In
X-Sigma
X-Fetched-On
X-SN
X-Skip-Cache
X-Sigma-Backend
X-Logging-Id
X-Developers
Server-ID
RNT-Time
RNT-Machine
HA-Ipaddr
Ha-Gx-Prefs
Group
Locid
Countrycode
Country-Code
Cache-Host
CDCHOST
L5d-Success-Class
Locale
Mail-Subject
Platform
Kp-EeAlive
Heartbleed
Is-Eu
Fastly-SIE
W
V-Age
Fastly-SWR
X-App-Name
We-Hiring
Adler-Geo
X-Bc-Bl
X-Bip
X-Cache-FS-Status
X-Varnish-Ttl
Fastly-Drupal-HTML
X-Agile-Id
X-APP
Wxu-Next-Commit
Wxu-Next-Hostname
AKAMAI
FNAC-ModuleRouting
X-Agile-Age
X-Agile
Wxu-Next-Region
X-Varnish-Beresp-Grace
X-CDN-Forward
X-Varnish-Beresp-Status
X-UnsetCookies
IsBot
X-SIPLIST1
X-Hit
X-Sucuri-ID
X-C
X-ECACHE
X-Response-By
Proxy-Firewall
X-Debug-Cache-Store
X-Generation-Time
X-Debug-Cache-Expiry
PFcat
X-Debug-Cache-Fetch
X-Mid
Vix-Hermes-Req-Id
X-CSRF-Token
CF-Cached-On
X-Refresh
X-Varnish-Beresp-Ttl
X-Node-Id
X-RESPONSE-TIME
Mime-Version
Request-Time
X-Cache-PHP
X-Nc
X-Vdms-Path
X-CLOUD-TRACE-CONTEXT
Powered-By-ChinaCache
NM-Fastcgi-Cache
X-TA-CDN-Provider
X-B3-Spanid
M-TraceId
X-Lb-Id
Pramga
X-VCache
X-Varnish-URL
X-Parent-Response-Time
X-Service
Origin
Cloudfront-Viewer-Country
Pagetype
X-ND-Cache
Server-Hostname
HitType
Sever-Int
Server-Ext
X-MSEdge-Features
X-Wa
X-Ratelimit-Remaining
X-MSEdge-Flight
PICS-Label
X-FORWARDED-FOR
X-Pjax-Url
HostName
X-DC
X-Ua
X-Method
X-FPC
X-Load-Cache
Environment
X-Via-PopV
X-Via-PopH
X-Worker
Magicmarker
X-Protected-By
X-Be
Geoip-Latitude
X-C-Zone
X-BACKEND-TTL
Geoip-City
X-Request-Start
X-SERVER-NAME
X-App-Version
X-Envoy-Upstream-Healthchecked-Cluster
X-ECache
X-HS-Status
X-C-Key
X-Branch-Name
X-Policy
X-SRV
X-Wix-Viewer-Type
X-Up
Fastly-Backend-Name
Memory
GeoIp-Country-Code
Dt-Cache-Category
X-Origin-CC
X-Origin-TTL
X-Planisys-CDN-Cache
Hostname
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-URL
X-CSRF-TOKEN
X-GEO
X-Cdn-Forward
Esi-Enabled
X-Myra-Origin2
Pragrma
X-Bc
X-Servedbyhost
X-Newrelic-App-Data
X-Azure-Ref-OriginShield
X-Server-Time
NtCoent-Length
X-Zone
Cteonnt-Length
X-Referer
X-TT-LOGID
X-Reqid
Who
TTL
X-Edge-Server
X-VCL-Version
X-Litespeed-Cache
Cdn-Request-Time
Cdn-Host
X-Cache-Metadata
X-Edge-O15-RID
X-Ratelimit-Limit
X-Vcl-Version
X-Via-Ucdn
Ttl
Cdn
X-Cache-Host
X-Correlation-ID
XServer
SRV
Lb
X-Dynatrace-Js-Agent
X-ServedByHost
Release
Cdnsip
Resin-Trace
X-Fastly-Country-Code
X-BC
X-Country-IP
X-NU-AKA-ACS-Version
X-AK-Request-ID
X-ZONE
Cdncip
UCS
X-Oneagent-Js-Injection
Load-Balancing
X-SVT-ORM-RULES
Product
X-SVT-ORM-VERSION
GeoIP-Country-Code
X-Pf-Uncompressing
X-NGINX-Cache
CACHE
X-Air-Hostname
GeoIP-Latitude
GeoIP-City
Ohc-File-Size
X-Swift-Error
X-Configured-By
Sid
X-Tec-Api-Root
X-Cache-Id
X-AIR-PT
X-Tec-Api-Origin
X-Tec-Api-Version
X-Esi-Check
X-Ruxit-Js-Agent
LB
X-Cache-Debug
X-Server-IP
X-TH-Server
RequestId
X-Gzip
X-Datadome
Dnion-Transfer-Encoding
FSS-Cache
X-COUNTRY
X-Node-ID
X-WPE-Loopback-Upstream-Addr
IBM-Web2-Location
X-Tb-Optimization-Total-Bytes-Saved
Warning
Ohc-Cache-HIT
X-Fpc
X-WA
Pics-Label
MIME-Version
C-Via
X-PJAX-URL
X-BE
X-VarnishDD-TTL
X-B3-SpanId
X-Varnish-Url
Server-Int
X-RAMCache
X-Svr
X-Powered-Y
X-Fastly-Backend-Reqs
Lfy
My-App
X-Varnish-Beresp-TTL
X-Ocache
X-Location
Powered-By
X-Fastly-Request-Id
X-UPSTREAM-Address
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-SD-PageType
X-Sucuri-Cache
X-PF-Uncompressing
X-MID
X-Mvc-Supplant-Cachable
X-Apw-Hits
X-Unique-ID
X-Zalando-Child-Request-Id
X-Flow-Id
X-Page-Impression-Id
Fastly-SSL
X-Agile-Brick-Ok
Xet-Cookie
Amp-Access-Control-Allow-Source-Origin
X-Mvc-Supplant-OutputCached
Requestid
X-ElasticPress-Query
Cneonction
Fastly-Soc-X-Request-Id
X-LiteSpeed-Cache-Control
X-Cache-Backend
X-ElasticPress-Search
CF-IPCountry
X-RPM
X-Aicache-OS
L
X-RPS
X-RSL
X-DSS
X-Action
X-B3-Parentspanid
X-Debug-Revision
X-Debug-Controller
X-Compress-Hint
CDN
X-DB
X-Check-Cacheable
X-DW
X-Nananana
X-DI
X-Sucuri-Id
X-Flog
X-MiniProfiler-Ids
FSS-Proxy
CloudFront-Viewer-Country
X-Cache-Tag
X-LB-ID
X-Request-Url
X-Dw-Trace-Id
X-Request-URL
X-Fastly-Cache-Hits
X-ABtesting
DataCenter
X-Hello
SN
URI