Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
P3P
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
P3p
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Ua-Compatible
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-AspNetMvc-Version
X-CDN
X-Content-Security-Policy
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Xkey
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Server-Powered-By
X-Pingback
Feature-Policy
Server-Timing
X-Swift-CacheTime
X-Swift-SaveTime
Request-Context
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Origin-Cache
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Vhost
X-Node
X-Response-Time
X-Dispatcher
X-Ac
NEL
X-Cache-Lookup
X-Origin-Upstream-Status
Surrogate-Control
X-Readtime
X-WebKit-CSP
Request-Id
Content-Location
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Country
X-DataDome
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Url
Edge-Control
Rating
X-Rack-Cache
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
RTSS
X-FTR-Request-ID
X-TtlSet
X-Vname
X-PC
X-Goog-Hash
X-Country-Code
X-DynaTrace
X-Varnish-TTL
X-ASPNET-VERSION
X-Instart-Request-ID
Allow
X-GitHub-Request-Id
Service-Worker-Allowed
Verso
Content-MD5
X-Server-Name
X-D2id
X-ESI
X-Dns-Prefetch-Control
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
Pinterest-Generated-By
X-MS-InvokeApp
Fusion-Deployment-Id
SPRequestGuid
X-Cached
X-Navigation-Version
X-Ttl
X-Powered-By-Plesk
X-Vcache
X-Forwarded-Proto
TCN
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Trace
X-B3-TraceId
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Amz-Rid
Public-Key-Pins
X-Fastly-Request-ID
X-SharePointHealthScore
X-Debug
Nginx-Cache
X-MSEdge-Ref
Accept-CH
X-Vcap-Request-Id
X-VARITI-CCR
X-Server-ID
Charset
Arr-Disable-Session-Affinity
MS-Author-Via
X-Fastcgi-Cache
SPRequestDuration
SPIisLatency
X-Px
X-Accel-Expires
X-NF-Request-ID
X-Cache-TTL
Accept-CH-Lifetime
X-Middleton-Display
Response
X-Middleton-Response
Pagespeed
Display
X-Webkit-Csp
Realpath
X-Content-Type
Edge-Cache-Tag
X-Sol
X-Ser
X-SRCache-Fetch-Status
Cache-Tag
X-SRCache-Store-Status
X-Client-IP
X-DynaTrace-JS-Agent
Accept-Ch
NR-ENABLED
X-Version
Front-End-Https
X-Powered-CMS
Access-Control-Request-Method
S
X-Pinterest-Rid
Pinterest-Version
X-Id
X-Grace
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Hp-Webp
X-Jurisdiction
X-Upstream
X-Forwarded-For
X-T
X-Hits
X-Content-Digest
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
Accept-Ch-Lifetime
DynaTrace
X-Dw-Request-Base-Id
Ar-Sid
AR-CACHE
Fastcgi-Cache
X-Shield-Request-Id
X-Node-Name
ServerID
X-Cache-Hit
WPE-Backend
X-Mobile-URL
X-Recruiting
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
PB-PID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-GUploader-UploadID
PB-RID
Powered
X-Frontend
X-FTR-Expires
Server-Node
AMP-Access-Control-Allow-Source-Origin
TP-Cache
X-HS-Content-Id
Arc-Version
TP-L2-Cache
X-Mobile-Rewrite
X-HS-Cache-Config
X-HS-Hub-Id
X-DIS-Request-ID
Upgrade-Insecure-Requests
X-Request-Received
X-Request-Processing-Time
X-Amzn-Trace-Id
X-Shard
X-Ezoic-Cdn
Refresh
X-XRDS-Location
X-HS-Combine-CSS
Alternate-Protocol
X-NWS-LOG-UUID
X-Correlation-Id
Fastly-Restarts
X-Logged-In
Server-Name
X-Varnish-Age
X-Microsite
X-Request-Handler-Origin-Region
X-FTR-Cache-Host
X-Page-Id
X-F-Cache
X-LB-Cache
X-Geo-Country
X-Akamai-Edgescape
X-B
X-Rid
X-N
X-User-Agent
Host-Header
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
X-ATS-Timestamp
Backend-Timing
X-Aspnetmvc-Version
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-XRDS-LOCATION
X-Via-JSL
X-TTL
Host
X-Zen-Fury
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Varnish-Grace
X-Kinsta-Cache
X-Origin-Server
Healthy
Cache-Status
X-Content-Options
X-Request-Guid
Fastcgi-Useragent
X-FB-Debug
X-Hostname
X-TT
X-B-Cache
X-Signature
X-App-Environment
X-ATG-Version
X-Revision
X-AOL-HN
Section-Io-Cache
Access-Control-Allow-Method
Paypal-Debug-Id
Actual-Object-TTL
X-Tumblr-User
Frame-Options
X-Tumblr-Pixel
X-Amz-Replication-Status
X-Git-Hash
X-Instance
X-Tumblr-Pixel-0
X-Jobs
X-Cache-Action
X-B3-Sampled
X-Whom
X-Debug-Info
X-Varnish-Backend
Trailer
X-Type
X-WebKit-CSP-Report-Only
X-Cluster
X-Seen-By
X-Content-Powered-By
Liferay-Portal
X-Amz-Apigw-Id
X-Cache-Age
X-Cache-Key
X-Cache-Rule
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Cache-Operation
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Endurance-Cache-Level
X-Activity-Id
X-PHP-Backend
X-Az
X-AppVersion
Tracecode
X-Contextid
X-FireWall-Port
X-SERVER
X-Framework
Source
X-Amzn-Requestid
X-WA-Info
X-Host-Name
X-Daa-Tunnel
X-IPLB-Instance
X-Cached-By
X-Srv
X-Mobile
Xserver
X-Upgrade-Enabled
Accept-Charset
Retry-After
NGB
X-Response-Served-From
X-Accel-Buffering
X-RemovedCookies
DC
X-ProcessESI
Srv
X-Is-Bot
X-Rendered-As
X-UUID
X-Adobe-Content
X-Cacheable-TTL
X-Adobe-Loc
Surrogate-Key
X-Presslabs-Stats
X-FW-Server
X-Handled-By
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-GeoIP
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Static
Payment
Eomportal-Instance
X-L-Path
X-Varnish-Server
From-Origin
X-Region
X-Environment-Context
Filters
X-Cache-NE
X-RequestSource
X-RateLimit-Remaining
X-UA-Device-Type
X-FastCGI-Cache
X-Origin-Response-Time
X-Varnish-Hostname
X-Cache-TTL-Remaining
X-Time-Microsecs
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Wix-Request-Id
X-Proxy
X-EdgeConnect-Cache-Status
X-Cache-Server
X-Webkit-CSP
X-Backend-Name
Server-Info
Filterid
X-NGENIX-Cache
MS-CV
X-Cache-2
Nel
X-Akamai-Transformed
X-APP-VERSION
Datacenter
X-Unique-Id
Cache-Tv-Group
Version
X-Cache-Time
X-Cache-Enabled
X-CST
X-TIME
X-Status
X-Cache-Control
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-Mode
X-Yottaa-Metrics
S-Cnection
X-Yottaa-Optimizations
X-Path-Route
X-Cache-Var-Map
X-Cache-Var
X-CCM
Meta-Geo
X-ES-SERVER
X-Detected-As
X-RN-RSRV
X-Loop
Ec-Rule-Version
X-TNCMS
X-IP
X-FC-Vary-Parameters
Cleartype
X-FW-Dynamic
X-Real-IP
X-Adobe-Source
Country
X-Hl-Ver
X-Via-Fastly
ServedBy
X-R9-Blue-Green-Version
OT-Force-Account-Verify
Webserver
X-Proto
X-ShardId
Now
X-Shopify-Generated-Cart-Token
DB-Nickname
X-Sorting-Hat-ShopId
Decoy-Debug-TTL
Decoy-Debug-Status
Cache-Tags
Decoy-Debug-Key
Content-Disposition
S-Rt
X-Forwarded-Host
X-Amzn-Remapped-Content-Length
X-ApacheServer
X-Alternate-Cache-Key
X-Proxy-Cache-Status
X-Pubstack
X-Akamai-Request-ID2
X-Web-Node
X-Cache-Config
X-Hosted-By
X-Locale
X-Vgn-Hpd-Reason
X-PERF
X-Shopify-Stage
X-Cache-Status-Check
X-TX-ID
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Origin-Edge-Control
X-EIG-Tracking-Id
X-Say-Cacheable
Origin-Cache-Control
X-Say-TTL
X-SayCDN-TTL
X-Device-Type
X-Debug-Cache
X-Sorting-Hat-PodId
X-Soup
X-ShopId
X-Goog-Meta-Goog-Reserved-File-Mtime
Section-Io-Origin-Status
Section-Io-Id
X-Redis-Cache
X-ServerID
NGX
X-JoinUs
X-Human
Webcakes-Region
X-Generated
X-BYPASS-REASON
X-VWS-Id
Cross-Origin-Window-Policy
X-Content-Age
TWC-Locale-Group
X-LJ-Flow-ID
Property-Id
Webcakes-App-Version
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-FB-TRIP-ID
Selected-Fe
Webcakes-App-Name
X-Timing-Wait
X-Tb
TWC-Privacy
X-Www-Served-By
X-NCache
Access-Control-Request-Headers
X-SaId
Akamai-GRN
Azure-InstanceId
Azure-RegionName
X-Geo
X-Origin-Hint
X-ProxyCache-Key
X-Proxy-Build
X-AWS-Id
X-Site-Version
X-ProxyCache-Status
Azure-SiteName
Azure-Version
X-RCS-CacheZone
Cache-Key
X-Origin
Azure-SlotName
GEO-INFO
X-HTML-Minification-Powered-By
X-MP-GENERATED-AT
X-NYM-Debug-Backend
X-Ua-Device
X-Viewer-Country
Cache-Hits
X-Xfnlog-Site
X-IPS-LoggedIn
X-PressLabs-Stats
X-BCube-Filmed-By
X-Access
X-Esi
X-Request-Time
Mn-Server-Ip
X-Format
X-Pad
X-Cache-Remote
X-Proxied
X-Varnish-Hits
X-Section
X-Routing-Service
Odigeo-Trace-Id
X-Zipkin-Id
Node
X-Dc
X-CACHE-KEY
X-Generated-By
X-Akamai-Request-ID
X-Rule
X-Cdn
X-Amzn-RequestId
X-EC-Lua
X-No-Session
X-Microcachable
X-B3-Traceid
X-NewRelic-App-Data
Accept-Language
X-Drupal-Cache-Tags
X-Cache-NGX
Time
Cf-Ipcountry
FilterID
X-From
X-Uri
X-Azure-Ref
X-Backend-TTL
X-RTag
Ms-Operation-Id
X-NWS-UUID-VERIFY
X-CF-Powered-By
X-App-Server
X-SS-Set-Cookie
X-RateLimit-Limit
User-Agent
X-Source
X-PCL
X-Qloud-Router
X-OCL
X-Labrador-Cache-Channel
X-Old-Content-Length
X-PHP-Host
X-GoCache-CacheStatus
Uber-Trace-Id
Proxy-Connection
X-Varnish-Cache-Hits
X-Hyper-Cache
X-Cache-Grace
Cache-Name
X-Nginx-Cache
X-Info
X-Newrelic-Synthetics
X-Storage
X-Time
X-VCT
X-NC
X-CS
X-Connection-Hash
X-Request-UUID
X-Request-URI
X-Processor
X-OVcl
X-PAYTM-SRV-ID
X-OVcl-Cache
X-Region-Sid
Machine
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Dcw
X-A-Dam
VivaBuild
X-A
X-A-Ccd
X-Developer
X-Destination
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-D
X-Date
X-Application
X-ARC
X-B-Cookie
Viewtype
X-DPWN-IS-SECURE
GEO-REGION-INFO
X-GeoIP-Country-Code
MD5-Digest
Fastcgi-X-Cache-Version
BehaviorPad-Version
A
Arc-Country
AsisCache
Meta-Geo-Continent
Mobile-Detection-Method
ServerName
T-Server
True-Client-Country-4JS
X-External-Request-Id
Request-EU
X-G
Rendered-Blocks
Request-Country
X-Drupal-Cache-Contexts
X-Reboot
X-Transaction
X-VG-WebCache
X-S
X-S-Cookie
X-Twitter-Response-Tags
X-Trv-Group
X-ScT
X-VG-WebServer
X-Vdms-Version
X-Rewrite-Enabled
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Rojux
X-Session-Fingerprint
X-SRCache-Key
X-Cluster-Name
X-Level-Front-Cache
X-JWT-State
X-IN-APIGATEWAYSSL
X-Geo-Header
X-Has-Esi
X-IN-APIGATEWAY
X-Is-Gdpr
Content-Script-Type
X-LI-UUID
X-Matched-Rule
Cache-Cookie-Set-Lfrom
X-LI-Proto
X-Li-Pop
X-Li-Fabric
Content-Style-Type
X-Generated-On
X-Thinkindot-L3
X-Cluster-Node
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Host
Thinkindot-Control
Viewport
X-Cache-Expired-At
X-VServer
X-Core-Value
Rt-Fastcgi-Cache
X-Cdn-Origin
X-Trafficlayer-App-Version
Memcached
X-Trafficlayer-App-Scope
N-Cache
PFcat
X-FW-Version
Cache-Cookie-Set-Idcheck
X-Trafficlayer-App-Name
X-GeoIP-City
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Rocket-Nginx-Bypass
X-ServiceProvider
X-Sn-Servicetimems
Apple-News-Services-Request-Url
X-Served-From
X-Edge-Location
X-Edge-O15-RID
Cache-Cookie-Set-From
Geo-Info
User-Cache-Control
X-S-Maxage
Web-Mar-Node
X-Distributor
We-Hiring
X-Varnish-Authentication
X-Variation
X-Dispatch
X-Dispatcher-Server
X-Varnish-Cacheable
X-Cache-Info
X-Urbn-Site-Id
X-Cache-Tags
X-Scheme
X-Tumblr-Pixel-3
Server-Surrogate-Control
X-Core-Mission
X-Proxy-Upstream
X-RateLimit-Limit-Second
V-Age
X-Rebelmouse-Cache-Control
X-VC-Cache
X-Urbn-Context-Path
X-RateLimit-Remaining-Second
X-Var-Ttl
X-Device-Os
X-Bc-Bl
X-Bip
X-Debug-Cache-Expiry
X-BBXSRF
X-Backend-Host
X-Backend-State
X-Block-Status
X-WebServer
X-CUA
X-Varnish-Beresp-Status
X-Cache-Bucket
X-Webstats-RespID
X-Cache-ASPX
X-We-Are-Hiring
X-Auto-Login
X-Request-Host
X-Cms-Context
X-Clientip
Server-ID
X-VG-TLSProxy
X-DevSite-Last-Modified
X-Varnish-Beresp-Grace
X-Debug-Log
X-UA
X-WADP-Cache
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cookies
X-Rebelmouse-Surrogate-Control
X-Fetched-On
X-Trace-Id
X-Slack-Backend
X-Instart-Isnd
X-Irp-Debug
Fastly-SWR
X-Hnp-Log
Gh-Request-Id
Heartbleed
X-TrackingId
X-Skip-Cache
X-Hash
Group
X-Ms-Version
Fastly-SIE
X-Swa-Ws
X-Magnolia-Registration
X-Micro-Cache
Cache-Host
X-Thanos
X-Logging-Id
AKAMAI
X-Ms-Request-Id
X-LAGOON
Adler-Geo
Countrycode
Country-Code
X-Platform-Server
X-Cache-FS-Status
Platform
X-Gamma-Serve
X-Gen-Mode
X-Servername
X-Generated-In
X-Origin-Expires
X-Clara-WADP
X-Fastly-Cache
Server-Cache-Control
X-Owner
X-Varnish-Ttl
X-Fmm-Version
Is-Eu
On-Server
Locale
X-SIPLIST1
Kp-EeAlive
X-Origin-Date
X-Contensis-Viewer-Groups
Mail-Subject
X-NX-Host
IsBot
X-NodeID
X-Nc
Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Generation-Time
X-Sigma
X-Sigma-Backend
X-Server-W
X-Req
X-Rocket-Build-Number
X-Nginx-Cache-Key
X-Response-By
X-Distil-CS
X-Epic-Correlation-Id
X-Eu-Site
X-TT-TIMESTAMP
X-Developers
X-Agile-Age
RNT-Time
RNT-Machine
W
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
L5d-Success-Class
HA-Ipaddr
CDCHOST
X-CGP
Fastly-Drupal-HTML
FNAC-ModuleRouting
Ha-Gx-Prefs
X-Agile
Locid
X-App-Name
X-Cache-URL
X-Agile-Id
X-Edge
X-MCACHE
X-Node-Id
SD-X-WS
X-Instart-Info
X-SN
X-UnsetCookies
Powered-By-ChinaCache
X-Varnish-Beresp-Ttl
X-C
X-Hit
X-Refresh
X-Sucuri-ID
X-VHOST
X-RESPONSE-TIME
Pramga
X-Lb-Id
X-APP
Mime-Version
X-CDN-Forward
X-TA-CDN-Provider
X-CLOUD-TRACE-CONTEXT
X-Service
X-ND-Cache
Vix-Hermes-Req-Id
Cloudfront-Viewer-Country
Proxy-Firewall
X-Load-Cache
X-App-Version
HitType
X-ECACHE
X-B3-Spanid
X-CSRF-Token
X-Pjax-Url
X-Mid
Request-Time
M-TraceId
X-BACKEND-TTL
X-Varnish-URL
Environment
X-Cache-PHP
X-VCache
X-Vdms-Path
CF-Cached-On
NM-Fastcgi-Cache
X-MSEdge-Features
X-MSEdge-Flight
X-Wa
Origin
X-Pinterest-Direct
X-Parent-Response-Time
X-Ua
X-Ratelimit-Remaining
Pagetype
Sever-Int
Server-Ext
Server-Hostname
X-Correlation-ID
Hostname
X-Up
Fastly-Backend-Name
HostName
X-Origin-CC
X-Origin-TTL
X-Be
X-CSRF-TOKEN
X-Cdn-Forward
X-FPC
Geoip-City
PICS-Label
Geoip-Latitude
X-ECache
X-Worker
X-Server-Time
X-Via-PopH
X-Method
X-Via-PopV
GeoIp-Country-Code
Pragrma
X-Wix-Viewer-Type
X-Protected-By
X-DC
X-Envoy-Upstream-Healthchecked-Cluster
Magicmarker
X-Branch-Name
X-TT-LOGID
TTL
Cdn-Host
X-Edge-Server
Cdn-Request-Time
X-URL
Memory
X-Myra-Origin2
X-Newrelic-App-Data
NtCoent-Length
X-HS-Status
X-Vcl-Version
Cdn
X-Servedbyhost
X-Request-Start
X-C-Zone
X-C-Key
X-Policy
X-Referer
Cdnsip
Cdncip
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Bc
X-Azure-Ref-OriginShield
Dt-Cache-Category
X-Zone
X-AK-Request-ID
X-Litespeed-Cache
X-Cache-Metadata
CACHE
X-BC
X-SVT-ORM-RULES
X-NU-AKA-ACS-Version
X-ZONE
X-SRV
Resin-Trace
X-SVT-ORM-VERSION
Lb
Cteonnt-Length
SRV
X-Dynatrace-Js-Agent
X-FORWARDED-FOR
X-Cache-Host
X-Air-Hostname
Release
Ohc-File-Size
X-Reqid
Esi-Enabled
X-Oneagent-Js-Injection
Who
X-ServedByHost
X-VCL-Version
X-GEO
X-Ratelimit-Limit
Ttl
X-Pf-Uncompressing
Load-Balancing
GeoIP-Country-Code
X-Swift-Error
X-NGINX-Cache
XServer
X-Country-IP
UCS
X-Fastly-Country-Code
RequestId
X-Cache-Debug
X-TH-Server
GeoIP-Latitude
GeoIP-City
X-Via-Ucdn
X-Tec-Api-Version
IBM-Web2-Location
X-Tec-Api-Root
X-Configured-By
X-Esi-Check
X-Cache-Id
Pics-Label
X-AIR-PT
Product
X-Tec-Api-Origin
X-Fpc
Dnion-Transfer-Encoding
Ohc-Cache-HIT
X-Ruxit-Js-Agent
X-Gzip
X-Datadome
X-Node-ID
FSS-Cache
X-COUNTRY
Server-Int
Sid
LB
X-VarnishDD-TTL
X-WA
X-Tb-Optimization-Total-Bytes-Saved
MIME-Version
X-Unique-ID
X-Fastly-Backend-Reqs
X-Server-IP
X-B3-SpanId
X-WPE-Loopback-Upstream-Addr
Powered-By
X-Ocache
X-Svr
X-Powered-Y
X-Varnish-Beresp-TTL
X-RAMCache
X-SERVER-NAME
X-PF-Uncompressing
Fastly-SSL
Fastly-Soc-X-Request-Id
X-PJAX-URL
X-BE
X-Varnish-Url
X-Fastly-Request-Id
Lfy
C-Via
X-Action
X-Apw-Hits
X-Apw-Access-Token
X-DB
X-MID
X-SD-PageType
X-DSS
X-Apw-Access-Object
X-DW
X-RSL
X-DI
X-RPM
X-RPS
X-Apw-Access-Action
X-Flow-Id
My-App
X-Flog
X-Zalando-Child-Request-Id
X-Hello
Xet-Cookie
Amp-Access-Control-Allow-Source-Origin
X-Agile-Brick-Ok
X-LiteSpeed-Cache-Control
FSS-Proxy
X-ElasticPress-Search
X-Page-Impression-Id
X-Location
Requestid
X-ABtesting
CF-IPCountry
X-Aicache-OS
X-Sucuri-Cache
X-B3-Parentspanid
X-Debug-Controller
X-UPSTREAM-Address
X-Amzn-Remapped-Connection
X-Render-Time
X-Debug-Revision
X-Compress-Hint
X-Mvc-Supplant-Cachable
SN
CDN
URI
L
X-Mvc-Supplant-OutputCached
X-Amzn-Remapped-Date
X-Check-Cacheable
Host-ID
X-Sucuri-Id
Cneonction
ProcessTime
X-Fastly-Cache-Hits
X-MiniProfiler-Ids
X-Request-Url
DataCenter
X-Dw-Trace-Id
X-LB-ID
CloudFront-Viewer-Country
X-Request-URL
X-Via-CDN
X-App
X-Nananana
X-Cache-Backend
X-User