Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
CF-RAY
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
P3P
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-Ua-Compatible
Timing-Allow-Origin
P3p
X-Iinfo
X-Template
X-Language
Status
X-Request-ID
Upgrade
X-Content-Security-Policy
X-AspNetMvc-Version
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Robots-Tag
Xkey
X-Page-Speed
Feature-Policy
X-Hacker
X-Server-Powered-By
X-Pingback
Request-Context
Server-Timing
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Grace
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-Rq
X-LiteSpeed-Cache
X-Server-Id
X-Device
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
X-Node
X-Response-Time
X-Dispatcher
X-Ac
NEL
X-WebKit-CSP
X-Cache-Lookup
X-Origin-Upstream-Status
X-Dns-Prefetch-Control
X-Readtime
Surrogate-Control
Request-Id
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-ORACLE-DMS-ECID
X-DataDome
X-HW
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Rack-Cache
X-Cloud-Trace-Context
X-Url
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Goog-Hash
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-Country-Code
X-ASPNET-VERSION
Fusion-Deployment-Id
X-DynaTrace
X-Varnish-TTL
Allow
X-GitHub-Request-Id
Service-Worker-Allowed
Verso
X-Instart-Request-ID
X-MS-InvokeApp
X-D2id
Accept-CH
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Exp-Id
Content-MD5
Pinterest-Generated-By
X-Server-Name
SPRequestGuid
X-Cached
X-Forwarded-Proto
X-Powered-By-Plesk
X-Navigation-Version
X-Trace
TCN
X-Amz-Server-Side-Encryption
X-Amz-Rid
X-Abt-Application-Version
Accept-CH-Lifetime
X-SharePointHealthScore
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Public-Key-Pins
X-Fastly-Request-ID
X-Vcache
X-Vcap-Request-Id
Nginx-Cache
X-Ttl
X-MSEdge-Ref
X-Debug
X-ESI
X-VARITI-CCR
SPRequestDuration
SPIisLatency
Arr-Disable-Session-Affinity
Charset
X-Accel-Expires
X-B3-TraceId
X-Cache-TTL
MS-Author-Via
X-DynaTrace-JS-Agent
X-NF-Request-ID
NR-ENABLED
Response
Pagespeed
Display
X-Middleton-Response
X-Middleton-Display
X-Px
X-Content-Type
X-Sol
Realpath
X-Client-IP
Cache-Tag
X-Ser
X-SRCache-Store-Status
S
X-SRCache-Fetch-Status
X-Server-ID
Edge-Cache-Tag
Access-Control-Request-Method
X-Powered-CMS
X-Id
X-Pinterest-Rid
Pinterest-Version
X-Grace
WPE-Backend
X-Webkit-Csp
Front-End-Https
X-Fastcgi-Cache
X-Jurisdiction
X-Hp-Webp
X-Shield-Request-Id
X-T
X-Upstream
X-Hits
X-Version
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
X-Node-Name
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Cache-Hit
Fastcgi-Cache
ServerID
X-Correlation-Id
X-Recruiting
Ar-Sid
X-Mobile-URL
AMP-Access-Control-Allow-Source-Origin
AR-CACHE
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-GUploader-UploadID
X-FTR-DC
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-Goog-Generation
X-FTR-Backend-Server
Accept-Ch
Server-Node
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Request-Received
X-Request-Processing-Time
Powered
X-Frontend
TP-L2-Cache
TP-Cache
X-FTR-Expires
PB-RID
PB-PID
X-Forwarded-For
X-DIS-Request-ID
Arc-Version
X-Mobile-Rewrite
Upgrade-Insecure-Requests
Refresh
X-Ezoic-Cdn
X-HS-Combine-CSS
X-Shard
Alternate-Protocol
Host-Header
Server-Name
X-XRDS-Location
Accept-Ch-Lifetime
X-Geo-Country
X-Amzn-Trace-Id
X-Request-Handler-Origin-Region
X-Microsite
X-NWS-LOG-UUID
X-TTL
X-N
X-Rid
Fastly-Restarts
X-LB-Cache
X-FTR-Cache-Host
X-Akamai-Edgescape
X-F-Cache
X-Page-Id
X-Logged-In
X-B
Backend-Timing
X-User-Agent
X-ATS-Timestamp
X-Varnish-Age
X-Aspnetmvc-Version
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-XRDS-LOCATION
MicrosoftSharePointTeamServices
X-Cache-Key
X-FastCGI-Cache
X-Kinsta-Cache
Healthy
X-Zen-Fury
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Varnish-Grace
X-Revision
X-Origin-Server
X-Esi
Host
X-Request-Guid
X-Jobs
Fastcgi-Useragent
X-App-Environment
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-B-Cache
X-Signature
Paypal-Debug-Id
X-Hostname
X-Git-Hash
X-ATG-Version
Actual-Object-TTL
X-Varnish-Backend
X-B3-Sampled
X-FB-Debug
X-TT
X-Type
X-Amz-Replication-Status
X-Whom
X-Seen-By
X-AOL-HN
X-Cache-Age
X-Debug-Info
X-Cluster
X-Amzn-Requestid
Section-Io-Cache
X-Cache-Action
Frame-Options
Cache-Status
X-WebKit-CSP-Report-Only
X-Content-Options
Trailer
Access-Control-Allow-Method
X-Endurance-Cache-Level
X-Cache-Rule
X-Presslabs-Stats
X-Cache-Operation
X-Contextid
Source
X-Content-Powered-By
X-Erf-Bev-Bev-Is-Generated
X-Host-Name
X-Erf-Bev-Bev
X-SERVER
Tracecode
X-Activity-Id
X-Az
X-AppVersion
Liferay-Portal
Accept-Charset
X-FireWall-Port
X-Daa-Tunnel
X-IPLB-Instance
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Upgrade-Enabled
DC
X-Amz-Apigw-Id
X-PHP-Backend
From-Origin
X-APP-VERSION
X-Framework
NGB
X-WA-Info
X-Accel-Buffering
X-Response-Served-From
X-RemovedCookies
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-ProcessESI
Retry-After
X-FW-Hash
X-FW-Server
X-FW-Serve
Surrogate-Key
VIX-Pulpo-Node
X-RateLimit-Remaining
X-FW-Type
X-Rendered-As
VIX-Pulpo-Upstream-Status
X-Is-Bot
X-FW-Static
X-L-Path
X-UUID
X-Environment-Context
X-Cacheable-TTL
X-Adobe-Content
X-Region
X-GeoIP
X-Adobe-Loc
X-Varnish-Server
X-Cache-NE
X-RequestSource
X-Wix-Request-Id
Eomportal-Instance
Payment
X-Time-Microsecs
X-Mobile
Filters
X-Cached-By
X-Handled-By
X-UA-Device-Type
X-Unique-Id
Srv
X-Proxy
X-Varnish-Hostname
X-Origin-Response-Time
Xserver
X-NGENIX-Cache
X-TIME
Filterid
X-Cache-TTL-Remaining
Nel
X-Webkit-CSP
Datacenter
X-B3-Traceid
X-EdgeConnect-Cache-Status
X-Cache-Server
X-Cache-Control
X-Akamai-Transformed
X-Cache-Time
GEO-INFO
X-Srv
X-Backend-Name
MS-CV
Version
X-CST
X-Status
Server-Info
X-Mode
Odigeo-Trace-Id
S-Cnection
X-Rule
Cache-Tv-Group
X-Cache-2
X-Yottaa-Metrics
Cache-Tags
X-Yottaa-Optimizations
X-Path-Route
Webserver
X-Cache-Var
X-Cache-Var-Map
X-CCM
X-ES-SERVER
X-IP
Meta-Geo
X-Cache-Enabled
X-Loop
X-Amzn-Remapped-Content-Length
X-FC-Vary-Parameters
X-FW-Dynamic
X-Redis-Cache
Azure-Version
Azure-SlotName
S-Rt
DB-Nickname
Ec-Rule-Version
X-RN-RSRV
Azure-SiteName
Azure-RegionName
X-Detected-As
X-TNCMS
X-URL
Azure-InstanceId
OT-Force-Account-Verify
X-Real-IP
Webcakes-Region
Origin-Cache-Control
X-PERF
Cleartype
Cache-Hits
Decoy-Debug-Key
Decoy-Debug-Status
X-NCache
Decoy-Debug-TTL
Akamai-GRN
Cross-Origin-Window-Policy
X-Proto
Now
Origin-Edge-Control
X-Origin-Hint
X-Origin
X-Pubstack
Property-Id
X-Human
X-Via-Fastly
TWC-Device-Class
X-TX-ID
X-Hosted-By
TWC-Connection-Speed
X-Say-Cacheable
X-Web-Node
TWC-GeoIP-Country
Country
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
X-ApacheServer
X-Forwarded-Host
X-Hl-Ver
X-SayCDN-TTL
X-ServerID
ServedBy
X-Say-TTL
X-RCS-CacheZone
X-Locale
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Device-Type
X-LJ-Flow-ID
X-BYPASS-REASON
X-Cache-Status-Check
X-NYM-Debug-Backend
X-Cache-NGX
X-Akamai-Request-ID2
Access-Control-Request-Headers
Content-Disposition
Cache-Key
X-R9-Blue-Green-Version
X-Tb
X-Cache-Config
NGX
X-Proxy-Cache-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-ProxyCache-Key
X-Format
X-Adobe-Source
Section-Origin-Responded
X-VWS-Id
X-ProxyCache-Status
X-Vgn-Hpd-Reason
X-AWS-Id
X-Site-Version
Mn-Server-Ip
Selected-Fe
X-Debug-Cache
X-Viewer-Country
X-Www-Served-By
X-Timing-Wait
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Section
X-Alternate-Cache-Key
X-Access
X-MP-GENERATED-AT
X-Zipkin-Id
X-Xfnlog-Site
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-JoinUs
X-HTML-Minification-Powered-By
X-Proxy-Build
X-Proxied
Node
X-EIG-Tracking-Id
X-Routing-Service
X-ShopId
X-FB-TRIP-ID
X-ShardId
X-SaId
X-BCube-Filmed-By
X-Content-Age
X-Backend-TTL
X-Cache-Remote
X-Soup
X-Microcachable
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-No-Session
X-Oss-Storage-Class
X-Request-Time
X-Cdn
X-EC-Lua
X-Dc
X-Varnish-Hits
X-Generated-By
X-Akamai-Request-ID
X-Pinterest-Direct
Cf-Ipcountry
Accept-Language
X-Geo
Time
X-Pad
X-Drupal-Cache-Tags
X-From
X-NewRelic-App-Data
X-IPS-LoggedIn
X-CF-Powered-By
X-Azure-Ref
X-Old-Content-Length
X-VCT
Uber-Trace-Id
X-NC
X-RateLimit-Limit
X-RTag
FilterID
X-Source
Ms-Operation-Id
X-Uri
X-NWS-UUID-VERIFY
X-MCACHE
X-CS
X-PressLabs-Stats
User-Agent
Cache-Name
X-Cache-Grace
X-Edge
X-UA
X-OCL
X-PCL
X-Newrelic-Synthetics
X-Labrador-Cache-Channel
X-PHP-Host
X-Qloud-Router
X-GoCache-CacheStatus
Cache
X-Litespeed-Cache
X-Varnish-Cache-Hits
X-Edge-Location
X-Drupal-Cache-Contexts
X-FORWARDED-FOR
X-APP
Proxy-Connection
X-ECACHE
X-Amzn-RequestId
X-Magnolia-Registration
X-Nginx-Cache
X-Hyper-Cache
X-CDN-Forward
Apple-News-Services-Parsed-Url
Arc-Country
Apple-News-Services-Request-Url
AsisCache
X-Aed
X-B-Cookie
X-ARC
BehaviorPad-Version
X-Application
X-Info
X-Instart-Info
X-Accel-Expires-Debug
User-Cache-Control
X-Mid
X-Date
X-Destination
X-D
X-Connection-Hash
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Developer
X-A-Wwc
X-Cache-Bucket
Apple-News-Services-Handled
Apple-News-Services-Host
Meta-Geo-Continent
X-G
X-DPWN-IS-SECURE
X-External-Request-Id
X-FW-Version
X-GeoIP-Country-Code
X-Rewrite-Enabled
Request-Country
Rendered-Blocks
X-Transaction
X-Trv-Group
Request-EU
ServerName
X-SRCache-Key
T-Server
GEO-REGION-INFO
X-Tumblr-Pixel-3
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Memcached
Mobile-Detection-Method
MD5-Digest
X-VG-WebServer
X-Vdms-Version
Machine
X-VG-WebCache
True-Client-Country-4JS
Fastcgi-X-Cache-Version
X-A-Dcw
X-Request-URI
X-Request-UUID
X-Rocket-Nginx-Bypass
X-Region-Sid
X-Reboot
Xc-Version
X-PAYTM-SRV-ID
X-Processor
X-Rojux
X-S
VivaBuild
Viewtype
X-Session-Fingerprint
X-A
X-A-Ccd
X-S-Cookie
X-ScT
X-A-Dam
X-A-Dgt
X-Cluster-Name
CF-Cached-On
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Webstats-RespID
X-Thinkindot-L3
X-Geo-Header
X-TrackingId
X-Wikidot-Backend
X-Sn-Servicetimems
X-Servername
Web-Mar-Node
X-ServiceProvider
Viewport
X-Slack-Backend
Server-Host
SD-X-WS
X-VG-TLSProxy
On-Server
N-Cache
X-VServer
X-We-Are-Hiring
X-WADP-Cache
X-JWT-State
Proxy-Firewall
X-Has-Esi
Rt-Fastcgi-Cache
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Is-Gdpr
X-Trafficlayer-App-Version
X-Server-W
X-Wikidot-Static-Cache
X-Bc-Bl
X-Block-Status
X-BBXSRF
X-Backend-State
X-GeoIP-City
X-Generated-On
X-Gen-Mode
X-Gamma-Serve
X-Cache-URL
X-Clara-WADP
X-DevSite-Last-Modified
X-Cache-Info
X-Fmm-Version
Vix-Hermes-Req-Id
X-Hnp-Log
X-IN-APIGATEWAY
X-LI-UUID
X-LI-Proto
X-Matched-Rule
X-Micro-Cache
X-Cdn-Origin
X-Request-Host
X-Li-Pop
X-Auto-Login
X-Irp-Debug
X-IN-APIGATEWAYSSL
X-Level-Front-Cache
X-Backend-Host
X-Li-Fabric
X-Served-From
Thinkindot-Control
Gh-Request-Id
Content-Script-Type
Content-Style-Type
X-Sucuri-ID
X-COUNTRY
X-VCache
X-Storage
X-S-Maxage
X-UnsetCookies
X-Epic-Correlation-Id
X-Cache-ASPX
X-Cache-FS-Status
X-Distil-CS
X-Eu-Site
X-Fetched-On
X-Hash
X-LAGOON
Heartbleed
X-Generated-In
X-Dispatcher-Server
X-Fastly-Cache
X-Dispatch
X-Contensis-Viewer-Groups
X-Core-Mission
X-Cluster-Node
X-Clientip
X-CGP
X-Core-Value
X-CUA
X-Device-Os
X-Cache-Tags
X-Logging-Id
X-Debug-Log
X-Debug-Cookies
X-Cache-PHP
X-Nginx-Cache-Key
X-SN
X-Swa-Ws
X-SS-Set-Cookie
X-Skip-Cache
X-Sigma-Backend
X-SIPLIST1
X-Thanos
X-WebServer
X-Varnish-Cacheable
X-VC-Cache
X-Varnish-Authentication
X-Variation
X-Trace-Id
X-TT-TIMESTAMP
X-Sigma
X-Scheme
X-Origin-Date
X-Origin-Expires
X-NX-Host
X-NodeID
X-Ms-Version
X-Bip
X-Owner
X-Platform-Server
X-Req
X-Rocket-Build-Number
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Ms-Request-Id
Locale
X-Urbn-Site-Id
Is-Eu
IsBot
FNAC-ModuleRouting
Server-Surrogate-Control
AKAMAI
X-Developers
X-Agile-Id
X-Agile-Age
X-Agile
X-Generation-Time
Kp-EeAlive
X-Urbn-Context-Path
Wxu-Next-Region
Country-Code
Wxu-Next-Hostname
We-Hiring
Server-Cache-Control
Countrycode
Group
L5d-Success-Class
Platform
Wxu-Next-Commit
Locid
Server-ID
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
V-Age
RNT-Machine
Ha-Gx-Prefs
RNT-Time
Adler-Geo
Fastly-Drupal-HTML
X-App-Name
X-Cms-Context
A
CDCHOST
Mail-Subject
HA-Ipaddr
Cache-Host
X-App-Server
Fastly-SIE
Request-Time
Fastly-SWR
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Hit
W
X-Distributor
X-Rebelmouse-Cache-Control
X-Var-Ttl
X-Response-By
X-C
X-CSRF-Token
X-Vdms-Path
X-Rebelmouse-Surrogate-Control
X-Cache-Expired-At
NM-Fastcgi-Cache
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-OVcl
X-Instart-Isnd
X-B3-Spanid
X-RESPONSE-TIME
X-Refresh
X-Debug-Cache-Store
X-OVcl-Cache
X-Varnish-Beresp-Ttl
PFcat
Server-Hostname
X-CLOUD-TRACE-CONTEXT
Server-Ext
Sever-Int
X-CACHE-KEY
X-TA-CDN-Provider
Pagetype
X-Node-Id
M-TraceId
Mime-Version
HostName
X-Protected-By
X-Nc
X-Time
X-Parent-Response-Time
X-Method
X-FPC
X-Ua-Device
Origin
Magicmarker
X-MSEdge-Flight
PICS-Label
X-Varnish-URL
Powered-By-ChinaCache
X-Via-PopV
Geo-Info
X-Worker
X-Varnish-Ttl
X-Via-PopH
X-MSEdge-Features
X-Lb-Id
X-Branch-Name
X-SRV
X-Wa
X-Request-Start
Geoip-City
Pramga
Geoip-Latitude
X-Envoy-Upstream-Healthchecked-Cluster
X-Be
X-Service
X-ND-Cache
GeoIp-Country-Code
X-Policy
Cloudfront-Viewer-Country
Memory
X-GEO
X-Ratelimit-Remaining
XServer
X-C-Key
HitType
X-C-Zone
X-ECache
X-SERVER-NAME
X-Planisys-CDN-Cache
X-Pjax-Url
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Load-Cache
Environment
X-HS-Status
Esi-Enabled
X-DC
Who
X-Wix-Viewer-Type
Dt-Cache-Category
Cteonnt-Length
X-Zone
X-Myra-Origin2
X-Azure-Ref-OriginShield
X-BACKEND-TTL
X-Newrelic-App-Data
X-Bc
X-Via-Ucdn
X-Reqid
NtCoent-Length
SRV
X-Ua
X-VCL-Version
X-CSRF-TOKEN
X-Up
X-Country-IP
X-Servedbyhost
Fastly-Backend-Name
X-Referer
TTL
X-Cache-Metadata
Ttl
X-Origin-CC
X-Vcl-Version
X-Origin-TTL
X-Cdn-Forward
X-Oneagent-Js-Injection
Product
X-Cache-Host
X-TT-LOGID
X-BC
X-Server-Time
Resin-Trace
X-ZONE
Cdn
X-NGINX-Cache
X-ServedByHost
Pragrma
UCS
Hostname
X-Swift-Error
X-Ratelimit-Limit
X-App-Version
X-Pf-Uncompressing
Cdn-Request-Time
X-Edge-Server
Cdn-Host
X-Fastly-Country-Code
X-Correlation-ID
X-AK-Request-ID
X-Server-IP
Cdncip
Cdnsip
Release
CACHE
Lb
Load-Balancing
X-Tec-Api-Origin
X-AIR-PT
X-Tec-Api-Root
X-Tec-Api-Version
FSS-Cache
X-NU-AKA-ACS-Version
X-Ruxit-Js-Agent
X-Configured-By
X-PJAX-URL
X-Datadome
X-SVT-ORM-VERSION
X-Node-ID
C-Via
LB
X-SVT-ORM-RULES
GeoIP-Country-Code
Sid
GeoIP-Latitude
GeoIP-City
Dnion-Transfer-Encoding
X-Air-Hostname
Warning
X-WPE-Loopback-Upstream-Addr
MIME-Version
Ohc-File-Size
X-Tb-Optimization-Total-Bytes-Saved
X-BE
X-WA
X-Location
X-Esi-Check
My-App
X-Gzip
X-Cache-Id
X-UPSTREAM-Address
X-Cache-Backend
Ohc-Cache-HIT
X-TH-Server
X-Varnish-Url
X-Mvc-Supplant-Cachable
X-Sucuri-Cache
X-RAMCache
X-Cache-Debug
X-Powered-Y
X-Svr
RequestId
IBM-Web2-Location
Pics-Label
X-B3-SpanId
Lfy
X-Fastly-Backend-Reqs
X-Fpc
X-VarnishDD-TTL
X-Varnish-Beresp-TTL
X-Fastly-Request-Id
X-Mvc-Supplant-OutputCached
X-Apw-Hits
X-Apw-Access-Token
X-MID
X-Dynatrace-Js-Agent
X-Apw-Access-Object
X-Apw-Access-Action
X-Edge-O15-RID
CDN
Xet-Cookie
Server-Int
Processtime
X-User
Fastly-SSL
X-ElasticPress-Query
X-Ocache
X-LiteSpeed-Cache-Control
X-ElasticPress-Search
X-Page-Impression-Id
X-Flow-Id
X-Agile-Brick-Ok
X-Zalando-Child-Request-Id
Requestid
CF-IPCountry
X-Aicache-OS
X-Akamai-ERPolicy
Host-ID
X-B3-Parentspanid
X-SD-PageType
X-Check-Cacheable
Cneonction
X-Debug-Controller
X-Unique-ID
X-Akamai-ERRuleID
X-Debug-Revision
Powered-By
X-Sucuri-Id
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Cache-Tag
DataCenter
URI
CloudFront-Viewer-Country
X-Request-URL
X-LB-ID
X-Dw-Trace-Id
X-Fastly-Cache-Hits
X-Request-Url
X-PF-Uncompressing
X-MiniProfiler-Ids
X-Nananana