Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
X-Request-Id
Alt-Svc
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
X-FRAME-OPTIONS
Upgrade
Status
X-CDN
X-Ua-Compatible
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-AH-Environment
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
X-Server
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
Xkey
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
X-Swift-SaveTime
X-Swift-CacheTime
Feature-Policy
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
X-Varnish-Cache
X-UA-Device
Grace
Cf-Railgun
X-Request-ID
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
X-Server-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
X-Cache-Lookup
X-Dispatcher
X-Ac
NEL
X-WebKit-CSP
X-Readtime
Surrogate-Control
X-Origin-Upstream-Status
Content-Location
X-Ruxit-JS-Agent
Request-Id
X-Application-Context
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cloud-Trace-Context
X-Country
X-Mod-Pagespeed
X-DataDome
X-Akam-SW-Version
X-Rack-Cache
Rating
Edge-Control
X-Url
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-DynaTrace
X-TtlSet
X-Goog-Hash
X-PC
X-Vname
X-Instart-Request-ID
Allow
X-Country-Code
Content-MD5
Verso
Service-Worker-Allowed
X-Varnish-TTL
X-GitHub-Request-Id
Pinterest-Generated-By
X-ESI
X-Server-Name
X-Dns-Prefetch-Control
X-D2id
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Webkit-Csp
X-MS-InvokeApp
X-Powered-By-Plesk
SPRequestGuid
X-Server-ID
X-Navigation-Version
X-Cached
X-Vcache
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Debug
X-Forwarded-Proto
X-Amz-Rid
Accept-Ch
X-MSEdge-Ref
X-Trace
X-Fastly-Request-ID
Public-Key-Pins
Nginx-Cache
X-SharePointHealthScore
X-Vcap-Request-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-B3-TraceId
X-TEC-API-ORIGIN
X-VARITI-CCR
TCN
MS-Author-Via
Arr-Disable-Session-Affinity
Charset
X-Px
X-Cache-TTL
Edge-Cache-Tag
X-Accel-Expires
X-Fastcgi-Cache
X-NF-Request-ID
Accept-Ch-Lifetime
Response
X-Middleton-Response
Display
X-Middleton-Display
Pagespeed
Realpath
X-Sol
SPRequestDuration
SPIisLatency
X-Ser
X-Content-Type
X-Client-IP
X-Ttl
X-Version
Cache-Tag
AR-PoweredBy
AR-ATIME
X-SRCache-Store-Status
X-SRCache-Fetch-Status
AR-Request-ID
Fusion-Deployment-Id
X-DynaTrace-JS-Agent
Accept-CH
Front-End-Https
X-Powered-CMS
Pinterest-Version
X-Pinterest-Rid
X-Id
Access-Control-Request-Method
AR-CACHE
Ar-Sid
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Hp-Webp
X-Jurisdiction
NR-ENABLED
X-Upstream
X-Grace
X-Forwarded-For
X-Content-Digest
DynaTrace
X-Element-Page-Cache
X-T
X-Hits
X-Amz-Meta-S3cmd-Attrs
S
X-Dw-Request-Base-Id
Accept-CH-Lifetime
Fastcgi-Cache
X-TTL
X-Aspnet-Version
ServerID
X-Node-Name
X-Amzn-Trace-Id
X-Mobile-URL
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
PB-RID
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Realm
PB-PID
X-FTR-DC
X-Recruiting
Server-Node
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Mobile-Rewrite
X-Goog-Generation
X-Goog-Metageneration
Arc-Version
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-FTR-Expires
X-Ezoic-Cdn
X-Shard
Powered
X-Frontend
X-Cache-Hit
TP-Cache
TP-L2-Cache
X-ASPNET-VERSION
X-DIS-Request-ID
Fastly-Restarts
X-Shield-Request-Id
X-NWS-LOG-UUID
Upgrade-Insecure-Requests
X-XRDS-LOCATION
X-HS-Combine-CSS
AMP-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-Request-Processing-Time
X-Request-Received
X-Logged-In
X-Varnish-Age
Refresh
X-Correlation-Id
WPE-Backend
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-FTR-Cache-Host
MicrosoftSharePointTeamServices
Server-Name
X-B
X-Akamai-Edgescape
X-LB-Cache
X-Page-Id
X-Rid
X-Content-Security-Policy-Report-Only
X-F-Cache
X-User-Agent
X-Via-JSL
X-Geo-Country
X-N
X-Zen-Fury
Cache-Status
Host
X-Kong-Upstream-Latency
X-Content-Options
X-Kong-Proxy-Latency
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-XRDS-Location
X-Origin-Server
X-Varnish-Grace
Host-Header
X-Amz-Apigw-Id
X-Revision
X-Kinsta-Cache
X-Type
X-B3-Sampled
X-FB-Debug
X-TT
X-AOL-HN
X-Amz-Replication-Status
X-Instance
X-Cache-Action
X-ATG-Version
X-Content-Powered-By
X-Debug-Info
X-Tumblr-Pixel-0
X-App-Environment
Actual-Object-TTL
Paypal-Debug-Id
X-Tumblr-Pixel
X-Signature
Access-Control-Allow-Method
X-B-Cache
X-Tumblr-User
X-WebKit-CSP-Report-Only
X-Git-Hash
X-Varnish-Backend
X-Jobs
X-Request-Guid
Liferay-Portal
Fastcgi-Useragent
Frame-Options
X-Whom
Healthy
X-Srv
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cached-By
Section-Io-Cache
X-Cache-Key
X-Cluster
X-Hostname
X-CST
X-PHP-Backend
X-Seen-By
X-Daa-Tunnel
X-Cache-Rule
X-Framework
X-AppVersion
X-Activity-Id
X-Cache-Operation
X-Az
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-FireWall-Port
X-Presslabs-Stats
X-WA-Info
Retry-After
X-Mobile
X-Contextid
Tracecode
X-Cache-Age
X-Endurance-Cache-Level
X-IPLB-Instance
X-Host-Name
Source
X-Accel-Buffering
X-Upgrade-Enabled
NGB
Accept-Charset
X-Amzn-Requestid
X-Response-Served-From
X-ProcessESI
Trailer
Xserver
X-RemovedCookies
Srv
DC
Surrogate-Key
X-Cache-NE
X-Region
X-Origin-Response-Time
Payment
Eomportal-Instance
X-Cacheable-TTL
X-FW-Hash
X-Varnish-Hostname
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Static
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Adobe-Loc
X-Adobe-Content
X-GeoIP
X-Handled-By
X-Rendered-As
X-Is-Bot
Filters
X-Varnish-Server
X-L-Path
X-Environment-Context
X-UUID
X-FastCGI-Cache
X-Edge-O15-RID
X-RequestSource
X-EdgeConnect-Cache-Status
Server-Info
X-Cache-2
X-UA-Device-Type
X-Backend-Name
From-Origin
Cache-Tv-Group
X-Cache-TTL-Remaining
X-APP-VERSION
X-RateLimit-Remaining
X-Time-Microsecs
X-Proxy
X-B3-Traceid
Nel
X-Wix-Request-Id
X-Cache-Server
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
MS-CV
X-Cache-Enabled
VIX-Pulpo-Node
X-Akamai-Transformed
VIX-Pulpo-Upstream-Status
X-Dc
X-NGENIX-Cache
Version
Filterid
Datacenter
X-Status
GEO-INFO
X-IPS-LoggedIn
X-Unique-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
S-Cnection
X-Cache-Var
Meta-Geo
X-RN-RSRV
X-TIME
X-Path-Route
X-NewRelic-App-Data
X-Mode
X-Cache-Var-Map
X-CCM
X-ES-SERVER
X-SS-Set-Cookie
X-Access
X-Forwarded-Host
X-Format
X-Section
X-Pad
X-TX-ID
Decoy-Debug-TTL
Cache-Tags
Cleartype
X-Hl-Ver
X-Origin
X-Via-Fastly
X-NYM-Debug-Backend
Decoy-Debug-Key
Country
Decoy-Debug-Status
X-Tb
X-ApacheServer
X-PERF
X-Akamai-Request-ID
X-R9-Blue-Green-Version
X-Redis-Cache
X-Cache-Status-Check
ServedBy
Akamai-GRN
X-Say-TTL
Content-Disposition
X-Say-Cacheable
X-Cache-Time
Now
X-Pubstack
Cache-Key
NGX
X-Proto
X-Proxy-Cache-Status
X-ProxyCache-Key
DB-Nickname
X-ProxyCache-Status
X-Request-Time
Origin-Edge-Control
X-Sorting-Hat-PodId
X-Cache-Config
X-BYPASS-REASON
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-SayCDN-TTL
X-Sorting-Hat-ShopId
X-Debug-Cache
X-Varnish-Hits
X-Web-Node
X-Generated-By
X-Soup
X-Amzn-Remapped-Content-Length
X-Alternate-Cache-Key
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-ShopId
X-ShardId
X-ServerID
Origin-Cache-Control
OT-Force-Account-Verify
X-Human
X-Akamai-Request-ID2
X-Vgn-Hpd-Reason
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
X-Device-Type
X-IP
X-FB-TRIP-ID
Cross-Origin-Window-Policy
X-Generated
X-Loop
X-NCache
Selected-Fe
S-Rt
X-MP-GENERATED-AT
X-BCube-Filmed-By
X-Detected-As
X-JoinUs
X-Locale
Ec-Rule-Version
X-Cache-Remote
Azure-Version
Mn-Server-Ip
X-AWS-Id
X-LJ-Flow-ID
X-Amzn-RequestId
X-Site-Version
X-TNCMS
X-Timing-Wait
X-Www-Served-By
X-FW-Dynamic
X-VWS-Id
Azure-SiteName
Azure-RegionName
X-Proxy-Build
Azure-InstanceId
Azure-SlotName
X-Cache-Control
X-SaId
X-Viewer-Country
Node
X-Content-Age
TWC-Connection-Speed
Webcakes-Region
X-Origin-Hint
Webcakes-App-Version
Property-Id
Webcakes-App-Name
X-Ua-Device
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
Webserver
X-Xfnlog-Site
X-Proxied
X-HTML-Minification-Powered-By
Access-Control-Request-Headers
X-Zipkin-Id
X-RCS-CacheZone
X-Routing-Service
X-Real-IP
X-App-Server
Cache-Hits
X-Drupal-Cache-Tags
FilterID
X-Uri
Section-Io-Origin-Status
X-Geo
X-EC-Lua
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-PressLabs-Stats
Accept-Language
X-No-Session
X-Microcachable
X-UA
X-OCL
X-PCL
X-Varnish-Cache-Hits
X-Adobe-Source
X-CACHE-KEY
X-Rule
Odigeo-Trace-Id
X-Qloud-Router
X-Source
X-NWS-UUID-VERIFY
X-Varnish-Ttl
X-RTag
Ms-Operation-Id
X-Time
X-From
X-Azure-Ref
X-Hyper-Cache
Time
Cf-Ipcountry
X-Esi
User-Agent
X-Load-Cache
X-Info
X-Storage
X-PHP-Host
X-Labrador-Cache-Channel
Proxy-Connection
X-Cluster-Node
X-Nc
X-Backend-TTL
X-RateLimit-Limit
X-Cache-NGX
X-Nginx-Cache
Powered-By-ChinaCache
X-TA-CDN-Provider
X-Old-Content-Length
X-Newrelic-Synthetics
X-Magnolia-Registration
X-UnsetCookies
X-GoCache-CacheStatus
Fastcgi-X-Cache-Version
X-Rojux
Content-Style-Type
X-SRCache-Key
X-Trv-Group
Rendered-Blocks
X-Twitter-Response-Tags
X-Transaction
X-Rewrite-Enabled
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-S
X-Region-Sid
X-Request-URI
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
A
X-Edge-Location
X-Drupal-Cache-Contexts
Apple-News-Services-Request-Url
Mobile-Detection-Method
X-Request-UUID
BehaviorPad-Version
X-Processor
X-Vdms-Version
Arc-Country
AsisCache
Content-Script-Type
X-VG-WebServer
X-CF-Lambda-Fn
X-Cdn-Srv
X-B-Cookie
X-ARC
X-CF-Lambda-Version
X-Connection-Hash
X-Date
MD5-Digest
X-D
X-Application
X-Aed
X-A-Dcw
X-A
X-A-Ccd
VivaBuild
X-A-Dgt
X-Accel-Expires-Debug
X-A-Wwc
Viewtype
X-Destination
X-Developer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-PAYTM-SRV-ID
Machine
X-A-Dam
Request-EU
X-VG-TLSProxy
X-VG-WebCache
Request-Country
X-OVcl-Cache
X-OVcl
X-External-Request-Id
Meta-Geo-Continent
X-DPWN-IS-SECURE
X-G
X-GeoIP-Country-Code
T-Server
True-Client-Country-4JS
Xc-Version
GEO-REGION-INFO
Rt-Fastcgi-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Uber-Trace-Id
X-Cluster-Name
Mime-Version
Cache-Name
X-ServiceProvider
X-Service
X-GeoIP-City
X-Agile
X-Sn-Servicetimems
CDCHOST
X-Agile-Age
X-Served-From
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
HA-Ipaddr
Ha-Gx-Prefs
Locid
X-Eu-Site
W
X-ND-Cache
X-Matched-Rule
X-Distil-CS
X-Level-Front-Cache
X-Agile-Id
X-Reboot
X-Developers
Viewport
X-Rocket-Nginx-Bypass
Thinkindot-Control
Server-Host
ServerName
X-CGP
L5d-Success-Class
X-IN-APIGATEWAYSSL
X-Wikidot-Static-Cache
X-Cdn-Origin
X-Geo-Header
X-Cache-Grace
X-Wikidot-Backend
X-IN-APIGATEWAY
X-Backend-State
X-Generated-On
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Thinkindot-CacheControl-Type
PFcat
X-Thinkindot-L3
X-Trafficlayer-App-Version
X-Core-Value
X-C
Thinkindot-CacheControl
X-TT-TIMESTAMP
X-Cache-Expired-At
X-CS
X-Gen-Mode
X-Generated-In
X-Gamma-Serve
X-FW-Version
X-Fetched-On
X-Generation-Time
X-Debug-Cache-Store
X-Clientip
X-Cms-Context
X-Contensis-Viewer-Groups
X-CUA
X-Clara-WADP
X-Cache-Tags
X-Cache-Bucket
X-Cache-FS-Status
X-Cache-Info
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Dispatcher-Server
X-Distributor
X-Epic-Correlation-Id
X-Dispatch
X-DevSite-Last-Modified
X-Debug-Cookies
X-Debug-Log
X-Device-Os
X-Fastly-Cache
X-Logging-Id
X-Trace-Id
X-Thanos
X-TrackingId
X-VCache
X-Tumblr-Pixel-3
X-Swa-Ws
X-Slack-Backend
X-Rebelmouse-Surrogate-Control
X-Request-Host
X-Servername
X-Skip-Cache
X-Urbn-Context-Path
X-Urbn-Site-Id
X-WebServer
X-We-Are-Hiring
X-Webstats-RespID
X-App-Name
X-Varnish-Cacheable
X-WADP-Cache
X-VServer
X-Var-Ttl
X-Variation
X-Varnish-Authentication
X-VC-Cache
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-LAGOON
X-JWT-State
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Is-Gdpr
X-Irp-Debug
X-Hash
X-Hit
X-Hnp-Log
X-Instart-Isnd
X-LI-UUID
X-Cache-ASPX
X-Origin-Expires
X-Platform-Server
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Origin-Date
X-NX-Host
X-Micro-Cache
X-Ms-Request-Id
X-Ms-Version
X-NodeID
X-Has-Esi
X-Owner
Fastly-Drupal-HTML
Fastly-SIE
X-Block-Status
Pramga
Server-Cache-Control
Server-Surrogate-Control
We-Hiring
Gh-Request-Id
User-Cache-Control
HitType
Fastly-SWR
Platform
Kp-EeAlive
Is-Eu
Heartbleed
Group
Locale
Mail-Subject
On-Server
N-Cache
Memcached
Web-Mar-Node
V-Age
X-BBXSRF
AKAMAI
Adler-Geo
X-Varnish-Beresp-Ttl
Cache-Host
X-Bip
Country-Code
Countrycode
X-Auto-Login
X-CF-Powered-By
Hostname
Server-ID
X-Nginx-Cache-Key
X-S-Maxage
X-Core-Mission
X-Cache-URL
IsBot
Cloudfront-Viewer-Country
X-Lb-Id
RNT-Time
X-Bc-Bl
X-Server-W
RNT-Machine
X-SIPLIST1
Environment
X-NC
X-Node-Id
X-Sucuri-ID
X-Ratelimit-Remaining
FNAC-ModuleRouting
Wxu-Next-Region
Wxu-Next-Commit
X-BACKEND-TTL
X-Response-By
X-Backend-Host
X-Refresh
Wxu-Next-Hostname
Geo-Info
X-Req
X-VHOST
Cache-Cookie-Set-Lfrom
X-RESPONSE-TIME
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Origin-CC
X-Fmm-Version
X-CLOUD-TRACE-CONTEXT
X-Parent-Response-Time
X-VCT
X-Origin-TTL
X-Cdn-Forward
X-B3-Spanid
X-Scheme
X-Up
Cache
X-MSEdge-Features
X-MSEdge-Flight
X-Pjax-Url
X-Server-Time
X-Varnish-URL
Fastly-Backend-Name
X-CSRF-Token
X-FPC
X-CDN-Forward
Cdn-Host
Geoip-City
X-TT-LOGID
Geoip-Latitude
Pragrma
X-Edge-Server
PICS-Label
X-APP
Cdn-Request-Time
Origin
X-SN
SD-X-WS
X-Instart-Info
X-App-Version
Proxy-Firewall
X-Edge
X-Correlation-ID
X-MCACHE
GeoIp-Country-Code
X-CSRF-TOKEN
X-Cache-Host
Request-Time
X-Cache-PHP
Cdncip
Cdnsip
Vix-Hermes-Req-Id
X-AK-Request-ID
M-TraceId
Ohc-File-Size
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
TTL
CACHE
X-Vcl-Version
X-Wa
X-Vdms-Path
CF-Cached-On
X-Wix-Viewer-Type
NM-Fastcgi-Cache
X-ECACHE
X-Air-Hostname
X-NU-AKA-ACS-Version
X-Be
NtCoent-Length
X-HS-Status
Cdn
X-Mid
X-Ratelimit-Limit
X-URL
Server-Hostname
Server-Ext
Sever-Int
X-Tec-Api-Origin
Resin-Trace
X-Pf-Uncompressing
X-Zone
RequestId
X-Bc
X-Myra-Origin2
X-Tec-Api-Root
Memory
Pagetype
X-Cache-Debug
X-ServedByHost
X-Tec-Api-Version
Ohc-Cache-HIT
X-ECache
X-Ua
Magicmarker
X-TH-Server
X-Method
X-Cache-Metadata
X-GEO
IBM-Web2-Location
XServer
Tcn
X-Worker
SRV
X-Dynatrace-Js-Agent
HostName
X-Servedbyhost
X-Via-PopV
Cteonnt-Length
X-Oneagent-Js-Injection
X-FORWARDED-FOR
X-Via-PopH
Release
X-NGINX-Cache
Dt-Cache-Category
Server-Int
Dnion-Transfer-Encoding
X-Request-Start
X-Referer
X-Protected-By
X-Envoy-Upstream-Healthchecked-Cluster
X-Azure-Ref-OriginShield
Load-Balancing
X-Branch-Name
X-BC
X-Ocache
X-ZONE
X-Newrelic-App-Data
X-Swift-Error
X-Unique-ID
X-Policy
X-Tb-Optimization-Total-Bytes-Saved
Powered-By
Lb
X-Fastly-Country-Code
X-Configured-By
Esi-Enabled
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-AIR-PT
Fastly-Soc-X-Request-Id
X-Esi-Check
Ttl
X-VCL-Version
X-WA
X-Cache-Id
X-DC
X-Ruxit-Js-Agent
X-Node-ID
X-Gzip
X-B3-SpanId
X-C-Key
X-C-Zone
X-Action
X-Reqid
Pics-Label
X-Datadome
X-COUNTRY
Fastly-SSL
GeoIP-Country-Code
Who
X-SRV
X-Via-Ucdn
X-DB
X-Hello
X-DI
X-ABtesting
X-RPM
X-RSL
X-RPS
X-DW
X-DSS
X-Flog
MIME-Version
Host-ID
X-VarnishDD-TTL
GeoIP-Latitude
GeoIP-City
X-HostName
X-Cache-Backend
X-SERVER-NAME
X-Via-CDN
X-Powered-Y
X-Svr
LB
X-Fpc
ProcessTime
X-PF-Uncompressing
X-Country-IP
X-Render-Time
X-PJAX-URL
UCS
Amp-Access-Control-Allow-Source-Origin
Lfy
Product
X-Amzn-Remapped-Date
X-Fastly-Backend-Reqs
X-Fastly-Request-Id
FSS-Cache
X-Varnish-Url
X-User
X-RAMCache
X-Amzn-Remapped-Connection
X-UPSTREAM-Address
X-MID
X-Beluga-Trace
X-SD-PageType
X-Varnish-Beresp-TTL
CF-IPCountry
FSS-Proxy
X-Key
X-Beluga-Cache-Status
Sid
X-Beluga-Node
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Record
X-Page-Impression-Id
X-Flow-Id
X-WPE-Loopback-Upstream-Addr
X-Sucuri-Cache
X-Internal-Host
SN
X-LiteSpeed-Cache-Control
X-Zalando-Child-Request-Id
Xet-Cookie
X-B3-Parentspanid
X-Server-IP
Requestid
X-Agile-Brick-Ok
X-Apw-Access-Object
WZWS-RAY
Cneonction
X-Apw-Access-Token
X-Apw-Access-Action
X-BE
X-Tid
X-Pinterest-Direct
X-Aicache-OS
X-Apw-Hits
X-Debug-Revision
L
CDN
X-Location
X-Check-Cacheable
X-Debug-Controller
WebServer
X-Request-Url
X-Compress-Hint
Servername
X-Litespeed-Cache-Control
X-Sucuri-Id
Server-Id
X-ElasticPress-Search
CloudFront-Viewer-Country
X-Nananana
X-App
X-LB-ID
X-MiniProfiler-Ids
X-Fastly-Cache-Hits
DataCenter
X-Dw-Trace-Id
X-Request-URL