Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
CF-RAY
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Ua-Compatible
X-Iinfo
P3p
X-Template
X-Language
Status
Upgrade
X-AspNetMvc-Version
X-Content-Security-Policy
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
Feature-Policy
X-Server-Powered-By
X-Pingback
Request-Context
Server-Timing
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-Rq
X-LiteSpeed-Cache
X-Server-Id
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Origin-Cache
X-Vhost
X-Host
EagleEye-TraceId
X-Dns-Prefetch-Control
X-Backend-Server
X-Node
NEL
X-Response-Time
X-Dispatcher
X-WebKit-CSP
X-Ac
X-Cache-Lookup
X-Origin-Upstream-Status
Surrogate-Control
X-Readtime
Request-Id
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-DataDome
X-ORACLE-DMS-ECID
X-HW
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Url
X-Rack-Cache
X-Cloud-Trace-Context
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Goog-Hash
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
X-Country-Code
X-DynaTrace
X-Varnish-TTL
Fusion-Deployment-Id
X-ASPNET-VERSION
Allow
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
X-Instart-Request-ID
X-MS-InvokeApp
Accept-CH
X-D2id
X-Cdn-Fetch
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
Content-MD5
X-Exp-Id
SPRequestGuid
Pinterest-Generated-By
X-Forwarded-Proto
X-Powered-By-Plesk
X-Cached
X-Trace
X-Server-Name
X-Navigation-Version
Accept-CH-Lifetime
TCN
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-SharePointHealthScore
X-Amz-Rid
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Public-Key-Pins
X-Fastly-Request-ID
X-Vcache
Nginx-Cache
X-Vcap-Request-Id
X-MSEdge-Ref
X-Debug
X-Ttl
X-VARITI-CCR
Arr-Disable-Session-Affinity
SPIisLatency
SPRequestDuration
Charset
X-ESI
MS-Author-Via
X-Accel-Expires
X-Cache-TTL
X-NF-Request-ID
X-B3-TraceId
X-Px
X-DynaTrace-JS-Agent
NR-ENABLED
Pagespeed
X-Middleton-Response
X-Middleton-Display
Response
Display
X-Content-Type
X-Sol
Realpath
X-Client-IP
Cache-Tag
X-Ser
Edge-Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
Access-Control-Request-Method
X-Powered-CMS
X-Grace
X-Id
X-Server-ID
Pinterest-Version
X-Pinterest-Rid
Front-End-Https
X-Jurisdiction
X-Hp-Webp
WPE-Backend
X-Version
X-Webkit-Csp
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Hits
X-Upstream
X-T
X-Element-Page-Cache
X-Shield-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Fastcgi-Cache
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
X-Node-Name
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
ServerID
X-Cache-Hit
Fastcgi-Cache
AR-CACHE
X-Recruiting
Ar-Sid
X-Correlation-Id
X-Mobile-URL
AMP-Access-Control-Allow-Source-Origin
X-Country-Code-Real
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
Server-Node
Powered
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
TP-L2-Cache
TP-Cache
X-FTR-Expires
X-Request-Processing-Time
X-Request-Received
PB-PID
PB-RID
X-XRDS-Location
Accept-Ch
X-DIS-Request-ID
Upgrade-Insecure-Requests
X-Mobile-Rewrite
Arc-Version
X-Forwarded-For
Refresh
X-HS-Combine-CSS
X-Ezoic-Cdn
X-Shard
X-TTL
Alternate-Protocol
X-Amzn-Trace-Id
Host-Header
Server-Name
X-Geo-Country
X-NWS-LOG-UUID
X-Microsite
X-Request-Handler-Origin-Region
X-N
Accept-Ch-Lifetime
Fastly-Restarts
X-F-Cache
X-FTR-Cache-Host
X-Page-Id
X-Akamai-Edgescape
X-LB-Cache
X-Logged-In
X-Rid
X-B
X-ATS-Timestamp
X-Varnish-Age
Backend-Timing
X-User-Agent
X-Content-Security-Policy-Report-Only
X-FastCGI-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Aspnetmvc-Version
MicrosoftSharePointTeamServices
X-Esi
X-Zen-Fury
X-Cache-Key
X-Kinsta-Cache
X-ORACLE-APMCS-TAG
Healthy
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-Varnish-Grace
X-Origin-Server
X-XRDS-LOCATION
X-Request-Guid
Host
X-Revision
Fastcgi-Useragent
X-Instance
X-Jobs
X-B-Cache
X-Varnish-Backend
Paypal-Debug-Id
X-ATG-Version
Actual-Object-TTL
X-Git-Hash
X-Hostname
X-Signature
X-B3-Sampled
X-Tumblr-Pixel
X-AOL-HN
X-App-Environment
X-FB-Debug
X-Tumblr-Pixel-0
X-Whom
X-Tumblr-User
X-Seen-By
X-Cache-Age
Section-Io-Cache
X-Type
X-Cache-Action
X-Amz-Replication-Status
X-TT
X-Debug-Info
Frame-Options
X-Cluster
X-WebKit-CSP-Report-Only
Cache-Status
Access-Control-Allow-Method
X-Content-Options
Trailer
X-Cache-Rule
X-Cache-Operation
X-Endurance-Cache-Level
X-Contextid
X-Amzn-Requestid
X-Content-Powered-By
Source
X-Erf-Bev-Bev
X-Host-Name
X-Erf-Bev-Bev-Is-Generated
Tracecode
Liferay-Portal
X-Az
X-AppVersion
X-Activity-Id
X-Daa-Tunnel
X-Tt-Trace-Tag
X-SERVER
Accept-Charset
X-Tt-Trace-Host
X-Amz-Apigw-Id
X-FireWall-Port
X-Presslabs-Stats
X-PHP-Backend
X-IPLB-Instance
X-Upgrade-Enabled
DC
X-Framework
X-WA-Info
From-Origin
X-Response-Served-From
X-Accel-Buffering
Retry-After
X-RateLimit-Remaining
X-APP-VERSION
X-ProcessESI
X-RemovedCookies
Srv
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-UUID
X-Rendered-As
X-Tumblr-Pixel-1
Surrogate-Key
NGB
X-Tumblr-Pixel-2
X-Is-Bot
X-Environment-Context
Payment
X-Adobe-Content
X-Cacheable-TTL
X-Adobe-Loc
X-L-Path
VIX-Pulpo-Upstream-Status
X-Wix-Request-Id
X-Cache-NE
X-Mobile
VIX-Pulpo-Node
X-Region
X-Varnish-Server
Eomportal-Instance
X-Cached-By
X-Time-Microsecs
X-GeoIP
X-RequestSource
X-Handled-By
X-Unique-Id
X-UA-Device-Type
X-B3-Traceid
Filters
X-Proxy
X-Origin-Response-Time
Filterid
X-Varnish-Hostname
X-Cache-TTL-Remaining
X-NGENIX-Cache
Datacenter
X-EdgeConnect-Cache-Status
Xserver
X-Cache-Server
X-Webkit-CSP
X-Cache-Control
X-Akamai-Transformed
X-Cache-Time
MS-CV
X-Srv
X-Backend-Name
X-TIME
Version
X-CST
X-Mode
X-Status
Server-Info
Cache-Tv-Group
GEO-INFO
S-Cnection
X-Cache-2
X-Rule
X-Cache-Enabled
Cache-Tags
Odigeo-Trace-Id
X-Yottaa-Metrics
X-Cache-Var
Meta-Geo
X-IP
X-ES-SERVER
X-Cache-Var-Map
X-CCM
X-Yottaa-Optimizations
X-Path-Route
Webserver
Ec-Rule-Version
X-FC-Vary-Parameters
X-TNCMS
Azure-SlotName
Azure-InstanceId
X-Redis-Cache
X-RN-RSRV
Azure-RegionName
S-Rt
X-Detected-As
X-Loop
Azure-Version
X-FW-Dynamic
Azure-SiteName
X-Forwarded-Host
X-Web-Node
X-Amzn-Remapped-Content-Length
Country
Cleartype
Decoy-Debug-Key
Decoy-Debug-Status
DB-Nickname
Decoy-Debug-TTL
X-ApacheServer
X-Origin
X-PERF
X-Say-TTL
X-SayCDN-TTL
X-Adobe-Source
X-Proto
X-Say-Cacheable
Akamai-GRN
X-R9-Blue-Green-Version
X-Pubstack
Cross-Origin-Window-Policy
Origin-Edge-Control
OT-Force-Account-Verify
X-Via-Fastly
X-Human
X-Hosted-By
X-Hl-Ver
ServedBy
X-TX-ID
Cache-Hits
Now
Origin-Cache-Control
X-BYPASS-REASON
Webcakes-App-Name
TWC-Privacy
X-Cache-Config
Cache-Key
Webcakes-Region
Webcakes-App-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NYM-Debug-Backend
X-NCache
Property-Id
X-Locale
X-Origin-Hint
X-Proxy-Cache-Status
X-Real-IP
X-RCS-CacheZone
X-ProxyCache-Status
X-ProxyCache-Key
X-Cache-Status-Check
X-Site-Version
TWC-Locale-Group
NGX
X-ServerID
Content-Disposition
X-Generated
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Tb
TWC-Device-Class
TWC-GeoIP-Country
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Zipkin-Id
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-LJ-Flow-ID
X-Vgn-Hpd-Reason
X-JoinUs
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Proxied
X-SaId
X-ShardId
X-MP-GENERATED-AT
X-ShopId
Section-Io-Origin-Status
X-Viewer-Country
X-BCube-Filmed-By
X-Content-Age
X-AWS-Id
X-Alternate-Cache-Key
X-Akamai-Request-ID2
X-Device-Type
X-Cache-NGX
X-Xfnlog-Site
X-VWS-Id
X-Routing-Service
X-Format
X-EIG-Tracking-Id
X-Access
X-Section
Section-Io-Id
Access-Control-Request-Headers
X-Backend-TTL
X-Cache-Remote
X-Www-Served-By
X-Ua-Device
X-HTML-Minification-Powered-By
X-Proxy-Build
Selected-Fe
Node
Mn-Server-Ip
X-Timing-Wait
X-Soup
X-Microcachable
X-Debug-Cache
X-Request-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-FB-TRIP-ID
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-No-Session
X-Cdn
X-Varnish-Hits
X-EC-Lua
X-Generated-By
Cf-Ipcountry
X-Akamai-Request-ID
X-Drupal-Cache-Tags
X-CF-Powered-By
X-PressLabs-Stats
X-From
X-NewRelic-App-Data
Nel
X-IPS-LoggedIn
Time
Accept-Language
X-NC
X-Pinterest-Direct
X-Dc
X-Pad
X-Geo
X-Azure-Ref
X-RateLimit-Limit
X-Amzn-RequestId
X-NWS-UUID-VERIFY
X-Old-Content-Length
Ms-Operation-Id
X-RTag
Uber-Trace-Id
X-Source
X-Uri
X-URL
X-FORWARDED-FOR
X-VCT
X-Cache-Grace
X-CS
X-Newrelic-Synthetics
FilterID
User-Agent
Cache-Name
X-Labrador-Cache-Channel
X-PHP-Host
X-PCL
X-OCL
X-Qloud-Router
X-ECACHE
X-MCACHE
X-Edge
X-GoCache-CacheStatus
X-Nginx-Cache
X-Varnish-Cache-Hits
Cache
X-CDN-Forward
X-Drupal-Cache-Contexts
X-Hyper-Cache
X-Edge-Location
X-UA
Proxy-Connection
X-Magnolia-Registration
X-Litespeed-Cache
Apple-News-Services-Request-Url
Memcached
Meta-Geo-Continent
Mobile-Detection-Method
Arc-Country
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
BehaviorPad-Version
X-APP
GEO-REGION-INFO
Fastcgi-X-Cache-Version
Apple-News-Services-Handled
Machine
MD5-Digest
X-Application
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-VG-WebCache
X-Connection-Hash
X-Cdn-Srv
X-VG-WebServer
X-Vtex-Remote-Cache
X-Cache-Bucket
X-Vtex-Processado-Em
X-D
X-Date
X-FW-Version
X-G
X-GeoIP-Country-Code
X-External-Request-Id
X-Vdms-Version
X-Destination
X-Developer
X-DPWN-IS-SECURE
X-B-Cookie
X-ARC
T-Server
True-Client-Country-4JS
X-Info
ServerName
Request-EU
X-Instart-Info
Rendered-Blocks
Request-Country
Viewtype
VivaBuild
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Dgt
X-A-Dcw
X-A
X-A-Ccd
X-A-Dam
Xc-Version
AsisCache
X-Rocket-Nginx-Bypass
X-Session-Fingerprint
X-Reboot
X-PAYTM-SRV-ID
X-Processor
X-Trv-Group
X-Request-UUID
X-Rewrite-Enabled
X-S-Cookie
X-Request-URI
X-Region-Sid
X-Transaction
X-SRCache-Key
X-Twitter-Response-Tags
X-S
X-Rojux
X-ScT
X-Cluster-Name
User-Cache-Control
Gh-Request-Id
X-LI-Proto
Server-Cache-Control
X-SS-Set-Cookie
Proxy-Firewall
X-Level-Front-Cache
X-Li-Fabric
X-TrackingId
Web-Mar-Node
X-Cdn-Origin
X-Clara-WADP
X-Li-Pop
X-VServer
X-Auto-Login
X-Sn-Servicetimems
X-Thinkindot-L3
On-Server
X-Is-Gdpr
X-Storage
X-Served-From
X-Irp-Debug
X-Wikidot-Backend
X-Backend-State
Content-Style-Type
X-Cache-Info
SD-X-WS
Rt-Fastcgi-Cache
X-Cache-ASPX
X-JWT-State
X-WADP-Cache
X-Block-Status
X-Cache-URL
X-Matched-Rule
X-ServiceProvider
X-Fmm-Version
Viewport
X-Fastly-Cache
X-Request-Host
X-VG-TLSProxy
Content-Script-Type
X-Servername
X-Gen-Mode
X-Varnish-Authentication
X-GeoIP-City
X-Hnp-Log
X-Has-Esi
X-Geo-Header
X-Sucuri-ID
X-App-Server
X-Generated-On
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Contensis-Viewer-Groups
Thinkindot-CacheControl
Cache-Cookie-Set-Idcheck
X-Micro-Cache
X-Wikidot-Static-Cache
X-LI-UUID
X-Tumblr-Pixel-3
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-We-Are-Hiring
X-Server-W
X-Slack-Backend
Server-Surrogate-Control
X-DevSite-Last-Modified
X-Core-Value
CF-Cached-On
X-Mid
X-S-Maxage
X-Agile
X-COUNTRY
X-Urbn-Context-Path
X-Sigma
X-Agile-Age
X-Sigma-Backend
X-Agile-Id
X-CGP
X-Distil-CS
X-Distributor
X-Developers
X-Debug-Log
X-Debug-Cookies
X-Epic-Correlation-Id
X-Eu-Site
X-Generated-In
X-Generation-Time
X-Req
X-VC-Cache
X-IN-APIGATEWAY
X-Rocket-Build-Number
X-Core-Mission
X-BBXSRF
X-Bip
X-Backend-Host
X-Urbn-Site-Id
X-App-Name
X-Rebelmouse-Surrogate-Control
X-Cache-FS-Status
X-Cms-Context
X-Cluster-Node
X-Clientip
X-Cache-Tags
X-IN-APIGATEWAYSSL
Server-ID
CDCHOST
X-Logging-Id
Country-Code
Cache-Host
X-Trafficlayer-App-Name
X-Trafficlayer-App-Version
X-Rebelmouse-Cache-Control
Countrycode
X-Gamma-Serve
Group
Ha-Gx-Prefs
HA-Ipaddr
FNAC-ModuleRouting
Fastly-SWR
Fastly-SIE
X-Bc-Bl
AKAMAI
Adler-Geo
X-NX-Host
X-NodeID
X-Trafficlayer-App-Scope
X-Owner
X-Variation
X-Origin-Expires
X-Origin-Date
X-Platform-Server
X-Proxy-Upstream
X-UnsetCookies
Vix-Hermes-Req-Id
A
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache-Key
X-Varnish-Cacheable
Heartbleed
Fastly-Drupal-HTML
X-Swa-Ws
X-Webstats-RespID
X-LAGOON
Platform
X-TT-TIMESTAMP
W
RNT-Machine
RNT-Time
X-VCache
X-SIPLIST1
V-Age
X-Skip-Cache
Server-Host
X-WebServer
X-Thanos
N-Cache
Locid
Locale
IsBot
Is-Eu
X-Trace-Id
L5d-Success-Class
X-SN
X-Hit
X-Scheme
Wxu-Next-Commit
X-RateLimit-Limit-Second
X-Fetched-On
X-Time
Mail-Subject
Wxu-Next-Region
X-Cache-Expired-At
X-CUA
X-Var-Ttl
X-RateLimit-Remaining-Second
Kp-EeAlive
X-Response-By
X-Hash
X-Varnish-Beresp-Grace
Wxu-Next-Hostname
X-Varnish-Beresp-Status
We-Hiring
X-Device-Os
X-C
X-Cache-PHP
X-CACHE-KEY
X-Dispatch
X-Dispatcher-Server
X-Refresh
X-OVcl-Cache
X-OVcl
X-Instart-Isnd
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Vdms-Path
Geo-Info
X-CSRF-Token
X-B3-Spanid
PFcat
Request-Time
X-RESPONSE-TIME
X-Varnish-Beresp-Ttl
NM-Fastcgi-Cache
X-Node-Id
Sever-Int
Server-Hostname
Server-Ext
X-Parent-Response-Time
Mime-Version
X-CLOUD-TRACE-CONTEXT
M-TraceId
X-SERVER-NAME
X-Varnish-URL
X-Protected-By
HostName
X-MSEdge-Flight
Powered-By-ChinaCache
Pagetype
X-MSEdge-Features
X-Method
X-FPC
X-Wa
X-SRV
X-Via-PopH
X-Varnish-Ttl
X-Via-PopV
Magicmarker
X-Worker
Pramga
PICS-Label
X-Lb-Id
X-Nc
X-GEO
X-DC
Origin
X-ND-Cache
X-Service
Cloudfront-Viewer-Country
X-Request-Start
X-Envoy-Upstream-Healthchecked-Cluster
XServer
X-TA-CDN-Provider
Memory
X-Branch-Name
Geoip-City
HitType
Geoip-Latitude
X-Load-Cache
X-Policy
X-Be
X-Ratelimit-Remaining
X-Planisys-CDN-TTL
X-HS-Status
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Ua
X-Pjax-Url
X-C-Zone
GeoIp-Country-Code
Environment
X-C-Key
Esi-Enabled
X-Wix-Viewer-Type
Cteonnt-Length
X-VCL-Version
X-ECache
Dt-Cache-Category
Who
X-Servedbyhost
X-CSRF-TOKEN
X-Up
X-Zone
Fastly-Backend-Name
X-Via-Ucdn
X-BACKEND-TTL
X-Myra-Origin2
X-Bc
X-Azure-Ref-OriginShield
Ttl
X-Newrelic-App-Data
NtCoent-Length
X-Country-IP
X-Origin-CC
X-Reqid
X-Referer
X-Origin-TTL
X-Cache-Metadata
X-App-Version
X-TT-LOGID
TTL
Hostname
Resin-Trace
Pragrma
X-Cache-Host
X-Server-Time
X-Cdn-Forward
SRV
Cdn-Request-Time
X-ZONE
X-Vcl-Version
X-Edge-Server
Cdn-Host
X-BC
X-Oneagent-Js-Injection
UCS
X-Fastly-Country-Code
X-Ratelimit-Limit
X-Pf-Uncompressing
Cdnsip
Load-Balancing
Cdncip
X-AK-Request-ID
Product
Cdn
Release
X-ServedByHost
X-NGINX-Cache
Lb
X-Correlation-ID
X-NU-AKA-ACS-Version
X-Swift-Error
CACHE
X-AIR-PT
X-Tec-Api-Origin
X-Tec-Api-Version
Sid
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Tec-Api-Root
X-Configured-By
X-PJAX-URL
X-Server-IP
GeoIP-Country-Code
X-Ruxit-Js-Agent
GeoIP-Latitude
GeoIP-City
FSS-Cache
X-Node-ID
LB
C-Via
X-Datadome
X-Air-Hostname
Dnion-Transfer-Encoding
Ohc-File-Size
X-Dynatrace-Js-Agent
X-WPE-Loopback-Upstream-Addr
X-Cache-Id
Warning
X-Gzip
X-Esi-Check
MIME-Version
X-Cache-Debug
X-Tb-Optimization-Total-Bytes-Saved
X-TH-Server
My-App
X-WA
X-Location
Ohc-Cache-HIT
RequestId
X-Edge-O15-RID
X-BE
X-Cache-Backend
X-UPSTREAM-Address
X-Mvc-Supplant-Cachable
X-RAMCache
X-Sucuri-Cache
Pics-Label
X-Svr
IBM-Web2-Location
X-Powered-Y
X-B3-SpanId
X-Fpc
Lfy
X-VarnishDD-TTL
X-Varnish-Beresp-TTL
X-Mvc-Supplant-OutputCached
X-Varnish-Url
X-Fastly-Backend-Reqs
X-Fastly-Request-Id
CDN
Fastly-SSL
Server-Int
X-Ocache
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Token
X-MID
Xet-Cookie
X-User
X-ElasticPress-Search
X-LiteSpeed-Cache-Control
Powered-By
X-SD-PageType
X-Zalando-Child-Request-Id
X-ElasticPress-Query
X-Page-Impression-Id
X-Flow-Id
Requestid
X-Agile-Brick-Ok
CF-IPCountry
Processtime
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Host-ID
Cneonction
X-Debug-Revision
X-Aicache-OS
X-Debug-Controller
X-B3-Parentspanid
X-Check-Cacheable
X-PF-Uncompressing
X-Nananana
X-Unique-ID
X-Sucuri-Id
X-LB-ID
X-MiniProfiler-Ids
CloudFront-Viewer-Country
Fastly-Soc-X-Request-Id
X-Dw-Trace-Id
X-Fastly-Cache-Hits
X-Request-URL
X-Request-Url
URI
DataCenter
X-Cache-Tag