Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
CF-RAY
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
P3P
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-Ua-Compatible
Timing-Allow-Origin
P3p
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-Content-Security-Policy
X-AspNetMvc-Version
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Ws-Request-Id
X-Pass-Why
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
Feature-Policy
X-Server-Powered-By
Request-Context
X-Pingback
Server-Timing
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Grace
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-Rq
X-LiteSpeed-Cache
X-Server-Id
X-Device
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
X-Node
X-Response-Time
X-Dispatcher
X-Ac
NEL
X-WebKit-CSP
X-Cache-Lookup
X-Origin-Upstream-Status
X-Dns-Prefetch-Control
Surrogate-Control
Request-Id
X-Readtime
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-ORACLE-DMS-ECID
X-DataDome
X-HW
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Url
X-Rack-Cache
X-Cloud-Trace-Context
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
X-Country-Code
X-ASPNET-VERSION
Fusion-Deployment-Id
X-DynaTrace
Allow
X-GitHub-Request-Id
Verso
Service-Worker-Allowed
X-Varnish-TTL
Accept-CH
X-Instart-Request-ID
X-MS-InvokeApp
X-D2id
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Kinja
Content-MD5
Pinterest-Generated-By
X-Server-Name
SPRequestGuid
Accept-CH-Lifetime
X-Cached
X-Forwarded-Proto
X-Powered-By-Plesk
X-Navigation-Version
X-Trace
TCN
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-Amz-Rid
X-SharePointHealthScore
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Public-Key-Pins
X-Fastly-Request-ID
X-Vcache
X-Vcap-Request-Id
Nginx-Cache
X-Ttl
X-MSEdge-Ref
X-Debug
X-ESI
X-VARITI-CCR
SPRequestDuration
SPIisLatency
Arr-Disable-Session-Affinity
Charset
X-B3-TraceId
X-Accel-Expires
MS-Author-Via
X-DynaTrace-JS-Agent
X-Cache-TTL
X-NF-Request-ID
NR-ENABLED
Display
X-Middleton-Response
X-Middleton-Display
Response
Pagespeed
X-Px
X-Sol
X-Content-Type
Realpath
X-Client-IP
Cache-Tag
X-Ser
X-SRCache-Store-Status
S
X-SRCache-Fetch-Status
X-Server-ID
Edge-Cache-Tag
Access-Control-Request-Method
X-Id
X-Powered-CMS
X-Grace
X-Pinterest-Rid
Pinterest-Version
X-Webkit-Csp
WPE-Backend
Front-End-Https
X-Fastcgi-Cache
X-Hp-Webp
X-Jurisdiction
X-Shield-Request-Id
X-Upstream
X-T
X-Version
X-Hits
X-Element-Page-Cache
AR-ATIME
AR-PoweredBy
X-Amz-Meta-S3cmd-Attrs
AR-Request-ID
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
X-Node-Name
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Cache-Hit
ServerID
X-Aspnet-Version
Fastcgi-Cache
X-Recruiting
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Mobile-URL
AR-CACHE
Ar-Sid
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-Goog-Stored-Content-Length
X-Country-Code-Real
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
Server-Node
X-Frontend
Powered
X-Request-Processing-Time
X-Request-Received
TP-L2-Cache
TP-Cache
PB-RID
X-FTR-Expires
PB-PID
X-Forwarded-For
X-DIS-Request-ID
Arc-Version
X-Mobile-Rewrite
Upgrade-Insecure-Requests
Refresh
X-Ezoic-Cdn
X-HS-Combine-CSS
X-Shard
Alternate-Protocol
Host-Header
Accept-Ch
Server-Name
X-XRDS-Location
X-Geo-Country
X-Amzn-Trace-Id
X-NWS-LOG-UUID
X-Request-Handler-Origin-Region
X-Microsite
X-TTL
X-N
X-Rid
X-F-Cache
X-FTR-Cache-Host
X-LB-Cache
X-Page-Id
X-Akamai-Edgescape
Fastly-Restarts
X-Logged-In
Backend-Timing
X-ATS-Timestamp
X-B
X-User-Agent
X-Varnish-Age
X-Aspnetmvc-Version
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-XRDS-LOCATION
Accept-Ch-Lifetime
MicrosoftSharePointTeamServices
X-Cache-Key
X-FastCGI-Cache
X-Kinsta-Cache
X-Zen-Fury
Healthy
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-Origin-Server
X-Varnish-Grace
X-Revision
X-Esi
Host
X-Jobs
X-Request-Guid
X-Tumblr-User
Fastcgi-Useragent
X-Varnish-Backend
X-Instance
X-Tumblr-Pixel-0
X-App-Environment
X-Tumblr-Pixel
X-Cache-Age
X-ATG-Version
Actual-Object-TTL
X-B-Cache
X-Hostname
Paypal-Debug-Id
X-Git-Hash
X-Signature
X-Amz-Replication-Status
X-TT
X-Type
X-Seen-By
X-B3-Sampled
Section-Io-Cache
X-Whom
X-FB-Debug
X-AOL-HN
X-Debug-Info
X-Cache-Action
X-Cluster
Frame-Options
X-WebKit-CSP-Report-Only
Cache-Status
Trailer
Access-Control-Allow-Method
X-Content-Options
X-Amzn-Requestid
X-Cache-Rule
X-Endurance-Cache-Level
X-Presslabs-Stats
X-Cache-Operation
X-Contextid
Source
X-Content-Powered-By
X-Host-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-SERVER
Liferay-Portal
Tracecode
X-AppVersion
X-Az
X-Activity-Id
Accept-Charset
X-Tt-Trace-Host
X-Daa-Tunnel
X-FireWall-Port
X-Tt-Trace-Tag
X-IPLB-Instance
X-Amz-Apigw-Id
X-PHP-Backend
X-Upgrade-Enabled
DC
From-Origin
X-APP-VERSION
X-Framework
X-WA-Info
NGB
X-Response-Served-From
X-Accel-Buffering
Retry-After
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RemovedCookies
X-ProcessESI
X-Is-Bot
VIX-Pulpo-Upstream-Status
X-UUID
Srv
Surrogate-Key
X-Rendered-As
VIX-Pulpo-Node
X-Adobe-Loc
Payment
X-FW-Server
X-FW-Static
X-L-Path
X-Adobe-Content
X-FW-Serve
X-FW-Type
X-FW-Hash
X-Cacheable-TTL
X-Environment-Context
X-Wix-Request-Id
X-Varnish-Server
X-GeoIP
X-Region
X-Cache-NE
Eomportal-Instance
X-RequestSource
X-Mobile
X-Time-Microsecs
X-Handled-By
Filters
X-Cached-By
X-UA-Device-Type
X-Unique-Id
X-RateLimit-Remaining
X-Proxy
X-Varnish-Hostname
X-Origin-Response-Time
X-NGENIX-Cache
Xserver
Nel
X-TIME
X-Cache-TTL-Remaining
X-Webkit-CSP
Filterid
X-B3-Traceid
Datacenter
X-EdgeConnect-Cache-Status
X-Cache-Control
X-Cache-Server
X-Akamai-Transformed
X-Cache-Time
GEO-INFO
X-Srv
MS-CV
X-Backend-Name
Version
X-CST
X-Status
Server-Info
Odigeo-Trace-Id
Cache-Tv-Group
S-Cnection
X-Rule
X-Mode
X-Cache-Enabled
Cache-Tags
X-Cache-2
X-Yottaa-Metrics
X-Yottaa-Optimizations
Webserver
Meta-Geo
X-Path-Route
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
X-CCM
X-IP
Azure-RegionName
Azure-SiteName
Azure-InstanceId
OT-Force-Account-Verify
X-Amzn-Remapped-Content-Length
S-Rt
Azure-SlotName
Azure-Version
X-Detected-As
X-Redis-Cache
X-RN-RSRV
X-TNCMS
X-Loop
DB-Nickname
X-FC-Vary-Parameters
Ec-Rule-Version
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
ServedBy
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
Property-Id
Origin-Edge-Control
Decoy-Debug-Key
Cleartype
Cache-Hits
Akamai-GRN
Decoy-Debug-Status
Decoy-Debug-TTL
Origin-Cache-Control
Now
NGX
X-Adobe-Source
X-ApacheServer
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Real-IP
X-ServerID
X-TX-ID
Country
X-Web-Node
X-Via-Fastly
X-R9-Blue-Green-Version
X-Proto
X-Hosted-By
X-Hl-Ver
X-FW-Dynamic
X-Forwarded-Host
X-Human
X-NCache
X-PERF
X-Origin-Hint
X-Origin
Cross-Origin-Window-Policy
X-Pubstack
X-Format
X-Alternate-Cache-Key
X-RCS-CacheZone
X-Generated
X-ShardId
X-ShopId
X-Site-Version
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-ProxyCache-Status
X-ProxyCache-Key
X-LJ-Flow-ID
Section-Io-Origin-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Locale
X-NYM-Debug-Backend
X-Proxy-Cache-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Cache-Key
X-Sorting-Hat-PodId
X-Akamai-Request-ID2
X-BYPASS-REASON
Content-Disposition
X-Cache-NGX
X-Cache-Status-Check
X-AWS-Id
X-Device-Type
Section-Io-Id
X-Cache-Config
Access-Control-Request-Headers
X-EIG-Tracking-Id
X-Tb
X-Sorting-Hat-ShopId
X-VWS-Id
X-Vgn-Hpd-Reason
X-BCube-Filmed-By
X-FB-TRIP-ID
X-Debug-Cache
X-HTML-Minification-Powered-By
Selected-Fe
X-Content-Age
X-Routing-Service
X-Xfnlog-Site
X-Www-Served-By
X-Zipkin-Id
X-Access
X-Section
X-MP-GENERATED-AT
X-Viewer-Country
X-Timing-Wait
Mn-Server-Ip
X-JoinUs
X-SaId
X-Proxied
X-Proxy-Build
X-Cache-Remote
X-Microcachable
X-Soup
Node
X-Oss-Object-Type
X-Cdn
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-Request-Time
X-No-Session
X-Oss-Server-Time
X-Backend-TTL
X-Dc
X-EC-Lua
X-Varnish-Hits
X-Generated-By
Cf-Ipcountry
X-Pinterest-Direct
X-Akamai-Request-ID
X-From
Accept-Language
X-Drupal-Cache-Tags
X-Pad
Time
X-Geo
X-NewRelic-App-Data
X-IPS-LoggedIn
X-CF-Powered-By
X-Azure-Ref
X-Old-Content-Length
Uber-Trace-Id
X-VCT
X-URL
X-NC
X-Amzn-RequestId
X-Source
X-RTag
FilterID
Ms-Operation-Id
X-NWS-UUID-VERIFY
X-Uri
X-RateLimit-Limit
X-CS
X-PressLabs-Stats
User-Agent
Cache-Name
X-MCACHE
X-Cache-Grace
X-Edge
X-UA
X-Labrador-Cache-Channel
X-GoCache-CacheStatus
X-PHP-Host
X-OCL
X-Newrelic-Synthetics
X-PCL
X-Nginx-Cache
X-Qloud-Router
Cache
X-Varnish-Cache-Hits
X-Litespeed-Cache
X-APP
X-FORWARDED-FOR
X-Drupal-Cache-Contexts
X-Edge-Location
X-ECACHE
Proxy-Connection
X-Hyper-Cache
X-Magnolia-Registration
Apple-News-Services-Request-Url
X-Info
Apple-News-Services-Parsed-Url
Arc-Country
BehaviorPad-Version
X-Instart-Info
X-Transaction
X-A-Wwc
X-Application
Fastcgi-X-Cache-Version
AsisCache
X-Accel-Expires-Debug
X-A-Dgt
X-Aed
X-External-Request-Id
X-D
User-Cache-Control
X-Cache-Bucket
X-DPWN-IS-SECURE
X-Mid
X-Date
X-Destination
X-Developer
X-Connection-Hash
X-FW-Version
X-B-Cookie
X-GeoIP-Country-Code
X-ARC
Apple-News-Services-Handled
X-Cdn-Srv
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-G
Apple-News-Services-Host
Viewtype
X-VG-WebCache
X-Reboot
X-VG-WebServer
Memcached
X-Region-Sid
X-Processor
MD5-Digest
X-ScT
X-A-Dcw
X-S-Cookie
X-Vdms-Version
X-PAYTM-SRV-ID
Xc-Version
X-S
Request-EU
X-Rocket-Nginx-Bypass
Request-Country
X-Rojux
Rendered-Blocks
X-Rewrite-Enabled
X-Request-UUID
Mobile-Detection-Method
Meta-Geo-Continent
X-Vtex-Processado-Em
X-Request-URI
X-Vtex-Remote-Cache
ServerName
Machine
X-Trv-Group
X-SRCache-Key
VivaBuild
X-Twitter-Response-Tags
X-Tumblr-Pixel-3
True-Client-Country-4JS
GEO-REGION-INFO
X-A-Dam
T-Server
X-A-Ccd
X-A
X-Session-Fingerprint
X-CDN-Forward
X-Cluster-Name
CF-Cached-On
Web-Mar-Node
X-Bc-Bl
SD-X-WS
X-Block-Status
X-Cache-ASPX
Server-Cache-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Cdn-Origin
X-Backend-State
Rt-Fastcgi-Cache
Server-Host
X-Cache-Info
X-BBXSRF
X-Cache-URL
Viewport
X-Auto-Login
X-Backend-Host
X-Li-Pop
X-Is-Gdpr
X-Servername
X-Micro-Cache
X-Has-Esi
X-Varnish-Authentication
X-ServiceProvider
X-Sn-Servicetimems
X-JWT-State
X-Slack-Backend
X-Matched-Rule
X-Server-W
X-Served-From
X-Request-Host
X-WADP-Cache
X-Wikidot-Backend
X-We-Are-Hiring
X-Wikidot-Static-Cache
Vix-Hermes-Req-Id
Proxy-Firewall
X-Geo-Header
X-VG-TLSProxy
X-VServer
X-Thinkindot-L3
X-TrackingId
X-Gen-Mode
X-Generated-On
X-GeoIP-City
X-Hnp-Log
X-Gamma-Serve
X-Fmm-Version
X-Contensis-Viewer-Groups
X-Core-Value
X-DevSite-Last-Modified
X-Fastly-Cache
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-LI-UUID
X-Trafficlayer-App-Version
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-LI-Proto
X-Webstats-RespID
X-Irp-Debug
X-Level-Front-Cache
X-Li-Fabric
X-Clara-WADP
Server-Surrogate-Control
Gh-Request-Id
On-Server
N-Cache
X-Sucuri-ID
Content-Script-Type
Content-Style-Type
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-COUNTRY
X-VCache
X-S-Maxage
X-UnsetCookies
X-Storage
X-Varnish-Ttl
X-Fetched-On
X-Logging-Id
X-Ms-Version
X-Nginx-Cache-Key
X-Ms-Request-Id
X-Eu-Site
X-Hash
X-LAGOON
X-Generated-In
X-Dispatcher-Server
X-Cluster-Node
X-Core-Mission
X-Clientip
X-CGP
Adler-Geo
A
X-CUA
X-Debug-Cookies
X-Distil-CS
X-Distributor
X-NodeID
X-Dispatch
X-Debug-Log
X-Device-Os
X-Epic-Correlation-Id
X-Owner
X-Varnish-Cacheable
X-VC-Cache
X-WebServer
X-Variation
X-Var-Ttl
X-Trace-Id
X-TT-TIMESTAMP
Heartbleed
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
AKAMAI
X-SS-Set-Cookie
X-Generation-Time
X-Cms-Context
X-Developers
X-Thanos
X-Swa-Ws
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Platform-Server
X-Cache-Tags
X-Origin-Date
X-Origin-Expires
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Skip-Cache
X-SN
X-Sigma-Backend
X-Sigma
X-Req
X-Scheme
X-NX-Host
X-Rocket-Build-Number
X-Agile-Id
Kp-EeAlive
Is-Eu
X-Agile-Age
HA-Ipaddr
Fastly-SIE
L5d-Success-Class
Country-Code
Mail-Subject
X-Cache-PHP
Locid
X-App-Name
X-Agile
Ha-Gx-Prefs
Fastly-Drupal-HTML
Wxu-Next-Hostname
Wxu-Next-Region
FNAC-ModuleRouting
Fastly-SWR
Wxu-Next-Commit
We-Hiring
Group
V-Age
Countrycode
W
RNT-Time
Server-ID
X-Bip
Platform
Cache-Host
X-Cache-FS-Status
RNT-Machine
CDCHOST
X-App-Server
X-Response-By
X-Varnish-Beresp-Grace
X-Vdms-Path
X-Cache-Expired-At
X-C
X-Varnish-Beresp-Status
X-Hit
IsBot
X-SIPLIST1
NM-Fastcgi-Cache
X-CSRF-Token
Request-Time
X-RESPONSE-TIME
X-Refresh
X-Debug-Cache-Store
X-OVcl-Cache
X-Debug-Cache-Fetch
X-OVcl
X-Instart-Isnd
X-Debug-Cache-Expiry
X-B3-Spanid
PFcat
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-Ttl
X-TA-CDN-Provider
X-CACHE-KEY
X-Node-Id
Sever-Int
Server-Ext
Pagetype
Server-Hostname
M-TraceId
X-Protected-By
X-Nc
HostName
Mime-Version
X-Method
X-Parent-Response-Time
X-FPC
X-Time
X-Ratelimit-Remaining
X-Ua-Device
X-Via-PopV
PICS-Label
Origin
X-Worker
Geo-Info
Magicmarker
X-MSEdge-Flight
X-Via-PopH
X-MSEdge-Features
X-Varnish-URL
Powered-By-ChinaCache
X-Request-Start
X-Wa
X-SRV
Pramga
Geoip-City
Geoip-Latitude
X-Envoy-Upstream-Healthchecked-Cluster
X-Branch-Name
X-Lb-Id
X-Be
X-Service
X-ND-Cache
X-Policy
Memory
GeoIp-Country-Code
Cloudfront-Viewer-Country
X-GEO
X-C-Key
X-Planisys-CDN-Rules
X-ECache
HitType
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-C-Zone
X-Pjax-Url
XServer
X-SERVER-NAME
X-Load-Cache
X-HS-Status
X-BACKEND-TTL
Environment
Esi-Enabled
X-DC
Who
Dt-Cache-Category
X-Wix-Viewer-Type
Cteonnt-Length
X-Myra-Origin2
X-Reqid
X-Zone
X-Newrelic-App-Data
X-Azure-Ref-OriginShield
X-Via-Ucdn
X-Bc
X-Cdn-Forward
X-Ua
NtCoent-Length
X-Referer
X-VCL-Version
X-Servedbyhost
Fastly-Backend-Name
TTL
X-Up
X-CSRF-TOKEN
X-Country-IP
X-Cache-Metadata
X-Origin-TTL
X-Vcl-Version
X-Origin-CC
X-Ratelimit-Limit
Ttl
SRV
X-ServedByHost
X-Cache-Host
Pragrma
Resin-Trace
X-ZONE
Cdn
X-BC
X-Server-Time
X-Oneagent-Js-Injection
X-TT-LOGID
UCS
Product
X-Swift-Error
Hostname
X-App-Version
X-Edge-Server
X-Fastly-Country-Code
Cdn-Host
Cdn-Request-Time
X-Pf-Uncompressing
X-NGINX-Cache
Cdncip
X-Server-IP
Cdnsip
X-Correlation-ID
Release
X-AK-Request-ID
Load-Balancing
CACHE
Lb
FSS-Cache
X-Tec-Api-Root
X-AIR-PT
X-Tec-Api-Origin
X-NU-AKA-ACS-Version
X-Tec-Api-Version
X-Ruxit-Js-Agent
X-Datadome
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Configured-By
C-Via
GeoIP-Country-Code
LB
Sid
X-PJAX-URL
X-Node-ID
X-Air-Hostname
GeoIP-Latitude
GeoIP-City
X-WA
Dnion-Transfer-Encoding
X-WPE-Loopback-Upstream-Addr
Warning
Ohc-File-Size
MIME-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Id
X-Esi-Check
X-Gzip
X-Location
X-BE
My-App
X-UPSTREAM-Address
X-Cache-Backend
X-Varnish-Url
X-TH-Server
X-RAMCache
RequestId
X-Svr
X-Powered-Y
X-Mvc-Supplant-Cachable
X-Sucuri-Cache
Ohc-Cache-HIT
X-Cache-Debug
X-VarnishDD-TTL
IBM-Web2-Location
Pics-Label
Lfy
X-Mvc-Supplant-OutputCached
X-B3-SpanId
X-Fpc
X-Fastly-Backend-Reqs
X-Varnish-Beresp-TTL
X-Fastly-Request-Id
X-Dynatrace-Js-Agent
X-MID
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
X-Edge-O15-RID
X-User
Server-Int
Fastly-SSL
Xet-Cookie
X-Ocache
X-ElasticPress-Query
X-Flow-Id
CDN
X-Agile-Brick-Ok
X-LiteSpeed-Cache-Control
X-Page-Impression-Id
X-ElasticPress-Search
X-Zalando-Child-Request-Id
Requestid
CF-IPCountry
Processtime
X-Akamai-ERPolicy
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Akamai-ERRuleID
X-Debug-Controller
Host-ID
Powered-By
X-Debug-Revision
X-SD-PageType
X-Check-Cacheable
X-Aicache-OS
X-Unique-ID
Cneonction
X-B3-Parentspanid
X-Sucuri-Id
X-Cache-Tag
X-Request-URL
X-Fastly-Cache-Hits
X-Request-Url
X-Nananana
X-LB-ID
X-MiniProfiler-Ids
URI
X-Dw-Trace-Id
X-PF-Uncompressing
CloudFront-Viewer-Country
DataCenter