Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
CF-RAY
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
P3P
X-Amz-Cf-Id
X-UA-Compatible
CF-Ray
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-Ua-Compatible
Timing-Allow-Origin
P3p
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-AspNetMvc-Version
X-Content-Security-Policy
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-AH-Environment
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
EagleId
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Server-Powered-By
Feature-Policy
X-Pingback
Server-Timing
Request-Context
X-Swift-SaveTime
X-Swift-CacheTime
X-Nginx-Cache-Status
Ali-Swift-Global-Savetime
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-Server-Id
X-LiteSpeed-Cache
X-Rq
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
X-Vhost
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Response-Time
X-Dispatcher
X-Ac
NEL
X-Cache-Lookup
X-WebKit-CSP
X-Origin-Upstream-Status
X-Readtime
Surrogate-Control
Request-Id
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-HW
X-DataDome
X-Country
X-Cnection
X-Mod-Pagespeed
X-Dns-Prefetch-Control
X-Url
X-Akam-SW-Version
Edge-Control
Rating
X-Cloud-Trace-Context
X-Rack-Cache
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TtlSet
X-Goog-Hash
X-FTR-Request-ID
X-Vname
X-PC
X-Country-Code
X-ASPNET-VERSION
X-DynaTrace
X-Instart-Request-ID
X-Varnish-TTL
Service-Worker-Allowed
X-GitHub-Request-Id
Verso
Allow
Fusion-Deployment-Id
Content-MD5
X-MS-InvokeApp
X-D2id
Accept-CH
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Exp-Variant
X-Use-Magma
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Revision
X-Server-Name
X-Ttl
Pinterest-Generated-By
SPRequestGuid
X-Cached
X-Forwarded-Proto
X-Powered-By-Plesk
X-Trace
X-Navigation-Version
X-ESI
X-Vcache
TCN
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
Accept-CH-Lifetime
X-Amz-Rid
X-SharePointHealthScore
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Public-Key-Pins
X-Fastly-Request-ID
Nginx-Cache
X-Debug
X-Vcap-Request-Id
X-MSEdge-Ref
X-VARITI-CCR
Arr-Disable-Session-Affinity
SPRequestDuration
SPIisLatency
Charset
MS-Author-Via
X-B3-TraceId
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
X-Px
X-Middleton-Display
X-Middleton-Response
Response
Pagespeed
Display
X-Content-Type
X-Fastcgi-Cache
NR-ENABLED
Realpath
X-Client-IP
X-Sol
X-Ser
X-DynaTrace-JS-Agent
Edge-Cache-Tag
Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
Access-Control-Request-Method
X-Powered-CMS
X-Id
X-Grace
Front-End-Https
X-Webkit-Csp
X-Version
X-Pinterest-Rid
Pinterest-Version
X-Hp-Webp
X-Jurisdiction
X-Upstream
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-T
X-Hits
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
WPE-Backend
X-Shield-Request-Id
X-Dw-Request-Base-Id
DynaTrace
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Forwarded-For
X-Node-Name
Fastcgi-Cache
ServerID
Ar-Sid
AR-CACHE
X-Aspnet-Version
X-Cache-Hit
X-Recruiting
X-Correlation-Id
X-Mobile-URL
AMP-Access-Control-Allow-Source-Origin
X-FTR-Backend-Server
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-FTR-Balancer
X-Goog-Stored-Content-Length
X-FTR-Backend
X-FTR-Realm
X-Goog-Storage-Class
Accept-Ch
X-FTR-DC
X-GUploader-UploadID
X-FTR-Cache-Status
X-Country-Code-Real
Powered
Server-Node
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
PB-RID
X-Frontend
PB-PID
TP-L2-Cache
TP-Cache
X-Request-Processing-Time
X-Request-Received
X-FTR-Expires
X-Mobile-Rewrite
Arc-Version
X-DIS-Request-ID
Upgrade-Insecure-Requests
Refresh
X-HS-Combine-CSS
X-Ezoic-Cdn
X-Shard
Alternate-Protocol
X-NWS-LOG-UUID
X-Server-ID
X-Amzn-Trace-Id
X-XRDS-Location
Accept-Ch-Lifetime
Server-Name
X-Geo-Country
Host-Header
X-Microsite
X-Request-Handler-Origin-Region
X-N
X-Varnish-Age
X-Logged-In
X-F-Cache
X-Akamai-Edgescape
X-LB-Cache
X-Rid
X-FTR-Cache-Host
X-Page-Id
Fastly-Restarts
X-ATS-Timestamp
X-User-Agent
X-B
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
MicrosoftSharePointTeamServices
X-XRDS-LOCATION
Healthy
X-Zen-Fury
X-Via-JSL
X-Kinsta-Cache
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Host
X-Varnish-Grace
X-Origin-Server
X-Cache-Key
X-Request-Guid
Fastcgi-Useragent
X-App-Environment
X-Instance
X-Hostname
X-Tumblr-User
X-Jobs
X-Signature
X-Revision
X-Git-Hash
Paypal-Debug-Id
X-ATG-Version
Cache-Status
X-B-Cache
X-TTL
X-Tumblr-Pixel
Actual-Object-TTL
X-Tumblr-Pixel-0
X-Content-Options
Section-Io-Cache
X-Type
X-FB-Debug
X-TT
X-Whom
X-B3-Sampled
X-Varnish-Backend
X-AOL-HN
X-Amz-Replication-Status
X-Debug-Info
X-Cache-Action
Access-Control-Allow-Method
X-Cluster
X-WebKit-CSP-Report-Only
X-Seen-By
Frame-Options
Trailer
X-Cache-Age
X-Cache-Rule
X-Cache-Operation
Liferay-Portal
X-Content-Powered-By
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Endurance-Cache-Level
X-Contextid
X-FastCGI-Cache
Source
X-SERVER
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Az
X-Amzn-Requestid
X-Activity-Id
X-Host-Name
X-Daa-Tunnel
X-AppVersion
X-FireWall-Port
Tracecode
X-PHP-Backend
X-Amz-Apigw-Id
X-IPLB-Instance
X-Framework
X-Upgrade-Enabled
X-WA-Info
X-Presslabs-Stats
Accept-Charset
DC
Retry-After
From-Origin
X-Response-Served-From
NGB
X-Accel-Buffering
X-Cached-By
X-ProcessESI
X-RemovedCookies
X-Mobile
X-UUID
Xserver
Surrogate-Key
X-Esi
X-Is-Bot
Srv
X-Tumblr-Pixel-1
X-Rendered-As
X-Tumblr-Pixel-2
X-FW-Server
Payment
X-Cacheable-TTL
X-FW-Static
X-Adobe-Content
X-Adobe-Loc
X-FW-Hash
X-Environment-Context
X-L-Path
X-FW-Serve
X-FW-Type
X-Region
X-Cache-NE
X-UA-Device-Type
X-RequestSource
Eomportal-Instance
X-GeoIP
X-Varnish-Server
X-Handled-By
VIX-Pulpo-Node
Filters
VIX-Pulpo-Upstream-Status
X-Time-Microsecs
X-Unique-Id
X-APP-VERSION
X-Wix-Request-Id
X-Srv
X-Origin-Response-Time
X-RateLimit-Remaining
X-Varnish-Hostname
X-Cache-TTL-Remaining
Nel
X-Proxy
X-NGENIX-Cache
X-Webkit-CSP
X-B3-Traceid
X-Cache-Server
X-EdgeConnect-Cache-Status
Datacenter
MS-CV
X-Akamai-Transformed
X-Backend-Name
X-Cache-Time
X-Cache-Control
Filterid
X-TIME
Server-Info
Version
Cache-Tv-Group
X-Status
X-Cache-2
X-Cache-Enabled
X-Mode
S-Cnection
GEO-INFO
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-CCM
X-Cache-Var
X-Path-Route
Meta-Geo
X-IP
X-Cache-Var-Map
X-ES-SERVER
Webserver
X-NCache
X-TNCMS
Ec-Rule-Version
Azure-InstanceId
Azure-Version
X-Redis-Cache
Azure-SlotName
X-Detected-As
X-RN-RSRV
X-FC-Vary-Parameters
S-Rt
X-Loop
Azure-RegionName
Azure-SiteName
Odigeo-Trace-Id
X-Rule
Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
ServedBy
TWC-Connection-Speed
Webcakes-App-Name
Webcakes-App-Version
X-Debug-Cache
X-Forwarded-Host
X-ApacheServer
X-Amzn-Remapped-Content-Length
Webcakes-Region
X-Adobe-Source
Property-Id
OT-Force-Account-Verify
Cleartype
X-Origin
Cache-Tags
Cache-Hits
X-Hosted-By
Akamai-GRN
DB-Nickname
Decoy-Debug-Key
Origin-Cache-Control
Origin-Edge-Control
Now
X-Hl-Ver
Decoy-Debug-Status
Decoy-Debug-TTL
X-Human
X-Pubstack
X-Real-IP
X-Say-Cacheable
X-R9-Blue-Green-Version
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-FW-Dynamic
X-SayCDN-TTL
X-Via-Fastly
X-Web-Node
X-Ua-Device
X-TX-ID
X-Oss-Request-Id
X-Say-TTL
X-Oss-Server-Time
X-Origin-Hint
X-Proto
X-PERF
X-Oss-Storage-Class
X-Sorting-Hat-PodId
X-Cache-Status-Check
X-Site-Version
NGX
X-ShardId
X-Goog-Meta-Goog-Reserved-File-Mtime
Section-Io-Id
X-Shopify-Generated-Cart-Token
X-Generated
Section-Io-Origin-Status
X-AWS-Id
X-NYM-Debug-Backend
X-Akamai-Request-ID2
X-Alternate-Cache-Key
X-Vgn-Hpd-Reason
X-Shopify-Stage
X-VWS-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Cache-Config
X-BYPASS-REASON
X-Soup
X-ServerID
X-ShopId
X-Sorting-Hat-ShopId
X-ProxyCache-Status
X-Device-Type
X-RCS-CacheZone
Access-Control-Request-Headers
X-EIG-Tracking-Id
X-Locale
X-Tb
X-LJ-Flow-ID
X-Proxy-Cache-Status
Cache-Key
X-ProxyCache-Key
Content-Disposition
X-Access
X-Proxy-Build
X-FB-TRIP-ID
Mn-Server-Ip
X-Viewer-Country
X-JoinUs
X-Section
X-MP-GENERATED-AT
X-Cache-Remote
Cross-Origin-Window-Policy
X-Www-Served-By
X-Zipkin-Id
X-Content-Age
X-SaId
X-Routing-Service
X-Format
X-HTML-Minification-Powered-By
Selected-Fe
X-Request-Time
X-BCube-Filmed-By
X-Timing-Wait
X-Proxied
X-Xfnlog-Site
Node
X-Cache-NGX
X-CST
X-Geo
X-Cdn
X-No-Session
X-Microcachable
X-PressLabs-Stats
X-Varnish-Hits
X-Backend-TTL
X-NewRelic-App-Data
X-Generated-By
X-Akamai-Request-ID
X-Pad
X-EC-Lua
X-IPS-LoggedIn
Cf-Ipcountry
Accept-Language
X-Drupal-Cache-Tags
Time
X-From
X-CF-Powered-By
X-NWS-UUID-VERIFY
FilterID
X-Amzn-RequestId
X-Azure-Ref
X-Dc
X-RTag
Ms-Operation-Id
X-NC
X-Uri
X-Source
X-Old-Content-Length
X-VCT
Uber-Trace-Id
User-Agent
X-RateLimit-Limit
X-Labrador-Cache-Channel
X-PCL
X-PHP-Host
X-OCL
Cache-Name
X-Cache-Grace
X-Qloud-Router
X-CS
X-GoCache-CacheStatus
X-Varnish-Cache-Hits
X-SS-Set-Cookie
X-Nginx-Cache
Proxy-Connection
X-Newrelic-Synthetics
X-CACHE-KEY
Cache
X-Hyper-Cache
X-Edge-Location
X-Edge
X-MCACHE
X-Drupal-Cache-Contexts
X-App-Server
X-Info
Arc-Country
AsisCache
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-FW-Version
BehaviorPad-Version
Fastcgi-X-Cache-Version
X-CF-Lambda-Version
X-Reboot
X-Connection-Hash
X-Request-URI
X-Region-Sid
Apple-News-Services-Handled
A
X-S
X-Rojux
X-Transaction
X-S-Cookie
X-ScT
X-Rocket-Nginx-Bypass
X-A-Dcw
X-Request-UUID
X-CF-Lambda-Fn
X-Date
X-Rewrite-Enabled
X-GeoIP-Country-Code
X-D
GEO-REGION-INFO
Viewtype
VivaBuild
True-Client-Country-4JS
T-Server
X-Application
ServerName
X-Aed
X-Accel-Expires-Debug
X-A-Ccd
X-A-Dam
X-A
X-A-Dgt
X-A-Wwc
Request-EU
Request-Country
X-Cache-Bucket
Machine
X-PAYTM-SRV-ID
X-Processor
X-Trv-Group
MD5-Digest
Memcached
X-ARC
Rendered-Blocks
X-B-Cookie
Mobile-Detection-Method
Meta-Geo-Continent
X-Cdn-Srv
Apple-News-Services-Parsed-Url
X-Vtex-Processado-Em
X-Twitter-Response-Tags
X-VG-WebServer
X-SRCache-Key
X-DPWN-IS-SECURE
X-Pinterest-Direct
Xc-Version
X-External-Request-Id
X-Vtex-Remote-Cache
X-Developer
X-VG-WebCache
X-Session-Fingerprint
X-Vdms-Version
X-Destination
X-G
X-UA
X-Storage
X-Magnolia-Registration
User-Cache-Control
X-Cluster-Name
X-BBXSRF
X-WADP-Cache
X-Tumblr-Pixel-3
On-Server
N-Cache
X-Fmm-Version
X-Li-Fabric
X-Cache-ASPX
Gh-Request-Id
X-Cache-Info
X-Cache-URL
X-Cdn-Origin
X-Server-W
X-JWT-State
X-Varnish-Authentication
X-Backend-State
X-We-Are-Hiring
X-Level-Front-Cache
X-Cache-Expired-At
X-Block-Status
X-Has-Esi
X-Micro-Cache
X-Gen-Mode
Server-Surrogate-Control
Server-Host
X-Time
Thinkindot-CacheControl
X-Matched-Rule
X-VG-TLSProxy
Thinkindot-Control
Thinkindot-CacheControl-Type
Server-Cache-Control
SD-X-WS
X-Auto-Login
Web-Mar-Node
Viewport
X-Li-Pop
X-Fastly-Cache
X-VServer
Rt-Fastcgi-Cache
X-LI-UUID
X-LI-Proto
X-Webstats-RespID
X-Backend-Host
X-Generated-On
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Geo-Header
X-Hnp-Log
Cache-Cookie-Set-From
X-Core-Value
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Trafficlayer-App-Scope
X-Irp-Debug
X-GeoIP-City
X-Slack-Backend
X-TrackingId
X-DevSite-Last-Modified
X-Thinkindot-L3
X-APP
X-Trafficlayer-App-Name
X-Sn-Servicetimems
X-Request-Host
X-Trafficlayer-App-Version
X-Clara-WADP
Content-Style-Type
X-ServiceProvider
X-Is-Gdpr
X-Servername
X-Served-From
X-Instart-Info
Content-Script-Type
X-Wikidot-Backend
X-Contensis-Viewer-Groups
X-Wikidot-Static-Cache
X-Varnish-Ttl
X-S-Maxage
X-CDN-Forward
X-Device-Os
X-Debug-Cookies
X-Debug-Log
X-Hash
X-Debug-Cache-Expiry
X-Fetched-On
X-Debug-Cache-Fetch
X-Logging-Id
X-Agile
X-Developers
X-Debug-Cache-Store
X-Gamma-Serve
X-Dispatcher-Server
X-Cache-FS-Status
X-Eu-Site
X-Bip
X-Bc-Bl
X-LAGOON
X-Cms-Context
X-CGP
X-Clientip
X-Cache-Tags
X-Cluster-Node
X-Epic-Correlation-Id
X-Core-Mission
X-Dispatch
X-App-Name
X-Instart-Isnd
X-Agile-Id
X-Generated-In
X-CUA
X-Generation-Time
X-Distributor
X-Distil-CS
X-Agile-Age
Fastly-SWR
Cache-Host
CDCHOST
X-Req
AKAMAI
Adler-Geo
X-Trace-Id
X-Rocket-Build-Number
Wxu-Next-Region
Country-Code
Fastly-SIE
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Urbn-Site-Id
X-Rebelmouse-Cache-Control
Countrycode
X-Rebelmouse-Surrogate-Control
X-Scheme
X-Sucuri-ID
X-WebServer
Proxy-Firewall
X-Urbn-Context-Path
X-VC-Cache
X-Varnish-Cacheable
X-Var-Ttl
X-Variation
X-Swa-Ws
X-TT-TIMESTAMP
X-Sigma-Backend
X-Sigma
X-Skip-Cache
X-SN
X-Thanos
X-ECACHE
FNAC-ModuleRouting
Fastly-Drupal-HTML
X-NodeID
X-Nginx-Cache-Key
X-Ms-Version
X-NX-Host
X-Origin-Date
Platform
X-Proxy-Upstream
RNT-Machine
RNT-Time
We-Hiring
Wxu-Next-Commit
Wxu-Next-Hostname
W
V-Age
Server-ID
X-Ms-Request-Id
X-OVcl
X-Origin-Expires
Heartbleed
Is-Eu
Kp-EeAlive
HA-Ipaddr
Ha-Gx-Prefs
X-Platform-Server
Group
X-Owner
L5d-Success-Class
Locale
X-OVcl-Cache
Mail-Subject
Locid
CF-Cached-On
Geo-Info
X-Response-By
X-Mid
X-CSRF-Token
X-Hit
IsBot
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Vix-Hermes-Req-Id
PFcat
X-C
X-UnsetCookies
X-SIPLIST1
X-Refresh
X-RESPONSE-TIME
X-Cache-PHP
Request-Time
X-Varnish-Beresp-Ttl
X-Vdms-Path
NM-Fastcgi-Cache
X-CLOUD-TRACE-CONTEXT
X-Node-Id
Mime-Version
X-B3-Spanid
Powered-By-ChinaCache
X-Nc
X-Parent-Response-Time
Pramga
Pagetype
X-Lb-Id
X-VCache
M-TraceId
X-Varnish-URL
X-Ratelimit-Remaining
X-ND-Cache
X-MSEdge-Features
PICS-Label
Server-Hostname
Server-Ext
Sever-Int
X-Service
X-FORWARDED-FOR
X-MSEdge-Flight
Origin
Cloudfront-Viewer-Country
HostName
X-DC
X-Method
X-Wa
HitType
X-FPC
X-Pjax-Url
X-TA-CDN-Provider
X-Via-PopH
Magicmarker
X-Via-PopV
X-Worker
Environment
X-Protected-By
X-Ua
X-Be
X-Load-Cache
X-C-Key
X-Branch-Name
X-ECache
X-C-Zone
X-Envoy-Upstream-Healthchecked-Cluster
Geoip-City
X-SERVER-NAME
X-Request-Start
Geoip-Latitude
X-Wix-Viewer-Type
Memory
GeoIp-Country-Code
X-HS-Status
X-BACKEND-TTL
X-SRV
Dt-Cache-Category
X-Policy
X-Planisys-CDN-TTL
X-Up
Fastly-Backend-Name
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-App-Version
X-URL
X-Newrelic-App-Data
X-Myra-Origin2
X-Origin-TTL
X-Origin-CC
X-Azure-Ref-OriginShield
Esi-Enabled
NtCoent-Length
Hostname
Cteonnt-Length
X-GEO
X-VCL-Version
X-TT-LOGID
X-CSRF-TOKEN
X-Zone
X-Servedbyhost
TTL
X-Litespeed-Cache
X-Referer
X-Bc
Who
X-Reqid
X-Server-Time
Pragrma
X-Cdn-Forward
X-Cache-Metadata
Cdn-Host
X-Ratelimit-Limit
Cdn-Request-Time
X-Vcl-Version
X-Edge-Server
Ttl
XServer
X-Via-Ucdn
SRV
X-Dynatrace-Js-Agent
X-Country-IP
X-Fastly-Country-Code
X-Oneagent-Js-Injection
X-ZONE
Release
Cdnsip
UCS
X-ServedByHost
X-AK-Request-ID
X-BC
Cdncip
Cdn
X-Cache-Host
Lb
Product
X-NU-AKA-ACS-Version
Load-Balancing
X-Pf-Uncompressing
Resin-Trace
X-NGINX-Cache
X-SVT-ORM-VERSION
X-Correlation-ID
GeoIP-Country-Code
X-SVT-ORM-RULES
CACHE
X-Swift-Error
GeoIP-City
X-Configured-By
X-Tec-Api-Root
X-AIR-PT
GeoIP-Latitude
X-Tec-Api-Version
X-Tec-Api-Origin
X-Air-Hostname
X-Ruxit-Js-Agent
X-Edge-O15-RID
Ohc-File-Size
X-Cache-Id
X-Esi-Check
X-Node-ID
Sid
LB
X-Server-IP
X-Gzip
X-Datadome
X-COUNTRY
Dnion-Transfer-Encoding
X-Tb-Optimization-Total-Bytes-Saved
Ohc-Cache-HIT
FSS-Cache
X-Cache-Debug
Warning
X-WA
X-TH-Server
X-WPE-Loopback-Upstream-Addr
RequestId
MIME-Version
X-BE
C-Via
Pics-Label
X-PJAX-URL
X-Fpc
IBM-Web2-Location
X-B3-SpanId
X-RAMCache
X-Varnish-Url
X-Powered-Y
X-Svr
X-VarnishDD-TTL
X-Fastly-Backend-Reqs
X-Varnish-Beresp-TTL
Lfy
My-App
X-Ocache
X-Fastly-Request-Id
X-Location
Server-Int
X-Mvc-Supplant-Cachable
Powered-By
X-MID
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Action
X-UPSTREAM-Address
X-Sucuri-Cache
X-SD-PageType
X-Mvc-Supplant-OutputCached
X-Cache-Backend
Xet-Cookie
X-LiteSpeed-Cache-Control
Cneonction
X-ElasticPress-Search
X-ElasticPress-Query
X-Agile-Brick-Ok
X-Zalando-Child-Request-Id
X-Flow-Id
X-Page-Impression-Id
X-PF-Uncompressing
Requestid
CF-IPCountry
X-Nananana
X-Check-Cacheable
X-B3-Parentspanid
CDN
X-Unique-ID
X-Aicache-OS
Fastly-Soc-X-Request-Id
X-Debug-Controller
X-Debug-Revision
Fastly-SSL
X-Sucuri-Id
X-Cache-Tag
URI
X-DW
X-Request-Url
DataCenter
X-RSL
X-RPS
X-Dw-Trace-Id
X-MiniProfiler-Ids
CloudFront-Viewer-Country
X-LB-ID
X-Fastly-Cache-Hits
X-RPM
X-DB
X-DI
X-Compress-Hint
X-Request-URL
L
X-Action
X-DSS