Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
X-Request-Id
Alt-Svc
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
X-FRAME-OPTIONS
Upgrade
Status
X-CDN
X-Ua-Compatible
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-AH-Environment
X-Pass-Why
X-Envoy-Upstream-Service-Time
X-Server
X-Ws-Request-Id
X-Cache-Group
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Xkey
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
X-Swift-SaveTime
X-Swift-CacheTime
Feature-Policy
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Request-Context
X-Varnish-Cache
X-UA-Device
Grace
Cf-Railgun
X-Request-ID
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Device
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
X-Dispatcher
X-Ac
X-Cache-Lookup
NEL
X-WebKit-CSP
X-Readtime
Surrogate-Control
X-Origin-Upstream-Status
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cloud-Trace-Context
X-Country
X-Mod-Pagespeed
X-DataDome
X-Akam-SW-Version
X-Rack-Cache
Rating
X-Url
Edge-Control
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-PC
X-Goog-Hash
X-Instart-Request-ID
X-Vname
X-DynaTrace
X-TtlSet
Allow
X-Country-Code
Content-MD5
Verso
Service-Worker-Allowed
X-Varnish-TTL
X-GitHub-Request-Id
Pinterest-Generated-By
X-ESI
X-Server-Name
X-D2id
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Webkit-Csp
X-MS-InvokeApp
X-Powered-By-Plesk
SPRequestGuid
X-Navigation-Version
X-Cached
X-Vcache
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Debug
X-Forwarded-Proto
Accept-Ch
X-Amz-Rid
X-Trace
X-MSEdge-Ref
X-Fastly-Request-ID
Nginx-Cache
Public-Key-Pins
X-SharePointHealthScore
X-Vcap-Request-Id
X-B3-TraceId
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-VARITI-CCR
MS-Author-Via
TCN
X-Server-ID
Arr-Disable-Session-Affinity
Charset
X-Accel-Expires
X-Px
X-Cache-TTL
Edge-Cache-Tag
X-Fastcgi-Cache
X-NF-Request-ID
Accept-Ch-Lifetime
Response
Display
Pagespeed
Realpath
X-Middleton-Response
X-Middleton-Display
X-Sol
SPRequestDuration
SPIisLatency
X-Content-Type
X-Ser
X-Client-IP
X-Version
X-Ttl
Cache-Tag
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-DynaTrace-JS-Agent
Fusion-Deployment-Id
Accept-CH
X-Powered-CMS
Pinterest-Version
Front-End-Https
X-Pinterest-Rid
AR-CACHE
Ar-Sid
X-Id
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Jurisdiction
X-Hp-Webp
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Upstream
Access-Control-Request-Method
X-Grace
NR-ENABLED
X-Content-Digest
X-Dns-Prefetch-Control
X-Forwarded-For
X-Element-Page-Cache
X-T
DynaTrace
X-Hits
X-Amz-Meta-S3cmd-Attrs
S
X-Dw-Request-Base-Id
Accept-CH-Lifetime
Fastcgi-Cache
X-TTL
X-Aspnet-Version
ServerID
X-Node-Name
X-Mobile-URL
X-Amzn-Trace-Id
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Realm
PB-RID
PB-PID
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-XRDS-LOCATION
X-Recruiting
X-Goog-Generation
Server-Node
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Ezoic-Cdn
X-Shard
Powered
Arc-Version
X-FTR-Expires
X-Mobile-Rewrite
X-Cache-Hit
TP-Cache
TP-L2-Cache
X-ASPNET-VERSION
X-Frontend
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-DIS-Request-ID
Fastly-Restarts
Upgrade-Insecure-Requests
X-Shield-Request-Id
X-NWS-LOG-UUID
AMP-Access-Control-Allow-Source-Origin
X-HS-Combine-CSS
X-Request-Processing-Time
X-Logged-In
X-Request-Received
Alternate-Protocol
X-Varnish-Age
Refresh
X-Correlation-Id
X-Microsite
X-Request-Handler-Origin-Region
WPE-Backend
X-ATS-Timestamp
Backend-Timing
MicrosoftSharePointTeamServices
X-FTR-Cache-Host
Server-Name
X-LB-Cache
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-Rid
X-B
X-F-Cache
X-User-Agent
X-Page-Id
X-Via-JSL
X-Geo-Country
X-N
X-Zen-Fury
Cache-Status
Host
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Content-Options
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Origin-Server
X-Varnish-Grace
Host-Header
X-Amz-Apigw-Id
X-Revision
X-Kinsta-Cache
X-Type
X-B3-Sampled
X-AOL-HN
X-Amz-Replication-Status
X-Cache-Action
X-ATG-Version
X-Instance
X-FB-Debug
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-WebKit-CSP-Report-Only
X-XRDS-Location
Actual-Object-TTL
X-Content-Powered-By
X-App-Environment
X-Git-Hash
Paypal-Debug-Id
X-Debug-Info
X-TT
X-Signature
X-Request-Guid
X-B-Cache
Access-Control-Allow-Method
X-Jobs
X-Varnish-Backend
Liferay-Portal
Fastcgi-Useragent
X-Whom
X-Srv
X-Tt-Trace-Tag
Healthy
X-Tt-Trace-Host
Frame-Options
X-Cached-By
Section-Io-Cache
X-Hostname
X-Cluster
X-Cache-Key
X-PHP-Backend
X-CST
X-Seen-By
X-Framework
X-Daa-Tunnel
X-Cache-Rule
X-AppVersion
X-Cache-Operation
X-Az
X-Activity-Id
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-FireWall-Port
X-Presslabs-Stats
Retry-After
X-Mobile
X-WA-Info
X-Cache-Age
Tracecode
X-Contextid
X-Endurance-Cache-Level
X-Host-Name
X-IPLB-Instance
Source
X-Upgrade-Enabled
Accept-Charset
NGB
X-Accel-Buffering
X-Response-Served-From
X-RemovedCookies
X-Amzn-Requestid
Trailer
Xserver
X-ProcessESI
DC
Surrogate-Key
X-Cache-NE
X-Origin-Response-Time
Payment
Eomportal-Instance
X-Region
X-Tumblr-Pixel-1
X-FW-Static
X-FW-Server
X-Varnish-Hostname
Srv
X-Varnish-Server
X-FW-Serve
X-Tumblr-Pixel-2
X-FW-Type
X-Adobe-Content
Filters
X-Adobe-Loc
X-Cacheable-TTL
X-Handled-By
X-GeoIP
X-FW-Hash
X-L-Path
X-Rendered-As
X-Environment-Context
X-Is-Bot
X-UUID
X-Edge-O15-RID
X-FastCGI-Cache
X-RequestSource
X-EdgeConnect-Cache-Status
Server-Info
X-Cache-2
X-UA-Device-Type
From-Origin
X-Backend-Name
Cache-Tv-Group
X-Cache-TTL-Remaining
X-APP-VERSION
X-Proxy
X-Time-Microsecs
X-RateLimit-Remaining
X-Wix-Request-Id
X-B3-Traceid
Nel
X-Cache-Server
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
MS-CV
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Cache-Enabled
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Akamai-Transformed
X-NGENIX-Cache
X-Dc
Version
X-Status
Filterid
Datacenter
GEO-INFO
X-IPS-LoggedIn
X-Unique-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
S-Cnection
X-NewRelic-App-Data
X-Mode
X-TIME
Meta-Geo
X-ES-SERVER
X-Path-Route
X-Cache-Var
X-Cache-Var-Map
X-CCM
X-RN-RSRV
X-Format
X-SS-Set-Cookie
X-Section
X-Access
X-Pad
X-Forwarded-Host
Cleartype
X-TX-ID
X-Redis-Cache
X-Cache-Status-Check
X-Origin
X-Akamai-Request-ID
X-Tb
ServedBy
Cache-Tags
X-R9-Blue-Green-Version
X-Hl-Ver
Akamai-GRN
X-NYM-Debug-Backend
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Cache-Time
Country
X-Generated-By
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Soup
X-Varnish-Hits
X-Pubstack
X-Vgn-Hpd-Reason
X-Shopify-Generated-Cart-Token
X-ShopId
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-Request-Time
X-ShardId
X-ServerID
X-Via-Fastly
X-Web-Node
X-ApacheServer
X-Cache-Config
X-Amzn-Remapped-Content-Length
X-Alternate-Cache-Key
Origin-Cache-Control
Origin-Edge-Control
X-Device-Type
X-EIG-Tracking-Id
X-PERF
X-Proto
X-Human
X-Hosted-By
X-FC-Vary-Parameters
X-Goog-Meta-Goog-Reserved-File-Mtime
NGX
OT-Force-Account-Verify
DB-Nickname
X-SaId
X-Site-Version
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Cache-Status
X-Akamai-Request-ID2
Content-Disposition
Selected-Fe
Ec-Rule-Version
Now
Mn-Server-Ip
X-Www-Served-By
X-TNCMS
X-Timing-Wait
X-Debug-Cache
X-FW-Dynamic
S-Rt
Cache-Key
Azure-Version
X-JoinUs
X-Locale
X-Loop
X-Cache-Control
X-IP
X-Detected-As
X-FB-TRIP-ID
X-Generated
X-Cache-Remote
X-MP-GENERATED-AT
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-InstanceId
X-Proxy-Build
X-NCache
X-BYPASS-REASON
X-Amzn-RequestId
X-BCube-Filmed-By
X-Ua-Device
X-Viewer-Country
X-LJ-Flow-ID
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Node
TWC-Privacy
Webcakes-App-Name
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
TWC-Connection-Speed
TWC-Device-Class
Property-Id
X-AWS-Id
X-VWS-Id
X-Content-Age
Cross-Origin-Window-Policy
Webserver
Access-Control-Request-Headers
X-Proxied
X-RCS-CacheZone
X-Routing-Service
X-Zipkin-Id
X-HTML-Minification-Powered-By
X-Xfnlog-Site
X-Real-IP
Cache-Hits
X-App-Server
FilterID
X-Drupal-Cache-Tags
X-Geo
X-Uri
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-EC-Lua
Section-Origin-Responded
X-PressLabs-Stats
X-Microcachable
X-UA
X-No-Session
Accept-Language
X-CACHE-KEY
X-Rule
X-Varnish-Cache-Hits
Odigeo-Trace-Id
X-PCL
X-OCL
X-Adobe-Source
X-Source
X-Qloud-Router
X-Varnish-Ttl
Ms-Operation-Id
X-Time
X-RTag
X-NWS-UUID-VERIFY
Cf-Ipcountry
X-Azure-Ref
Time
X-From
X-Hyper-Cache
X-Load-Cache
X-Esi
User-Agent
X-Labrador-Cache-Channel
X-PHP-Host
X-Info
X-Storage
X-Backend-TTL
X-RateLimit-Limit
X-Nc
Proxy-Connection
X-Cluster-Node
X-Cache-NGX
X-TA-CDN-Provider
X-Nginx-Cache
Powered-By-ChinaCache
X-Magnolia-Registration
X-UnsetCookies
X-Old-Content-Length
X-GoCache-CacheStatus
X-Newrelic-Synthetics
Apple-News-Services-Request-Url
Arc-Country
X-Request-UUID
X-Developer
X-Varnish-Beresp-Grace
MD5-Digest
T-Server
X-Varnish-Beresp-Status
Meta-Geo-Continent
X-Vdms-Version
X-B-Cookie
X-Aed
X-VG-TLSProxy
X-Rojux
X-Rewrite-Enabled
X-Transaction
AsisCache
BehaviorPad-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Twitter-Response-Tags
X-Edge-Location
X-PAYTM-SRV-ID
X-ARC
X-OVcl-Cache
X-External-Request-Id
True-Client-Country-4JS
X-OVcl
X-Application
X-Drupal-Cache-Contexts
X-Trv-Group
X-Region-Sid
X-Session-Fingerprint
Apple-News-Services-Handled
A
X-Processor
X-DPWN-IS-SECURE
Machine
X-VG-WebCache
Mobile-Detection-Method
X-D
X-Date
X-ScT
X-A
X-Vtex-Processado-Em
X-S-Cookie
X-A-Dcw
X-A-Dam
X-SRCache-Key
GEO-REGION-INFO
Request-EU
Viewtype
X-Destination
VivaBuild
Rt-Fastcgi-Cache
X-GeoIP-Country-Code
Rendered-Blocks
Request-Country
Fastcgi-X-Cache-Version
X-A-Ccd
X-A-Dgt
X-G
X-Accel-Expires-Debug
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-VG-WebServer
X-Cdn-Srv
X-S
X-Connection-Hash
X-Vtex-Remote-Cache
Xc-Version
Content-Script-Type
X-A-Wwc
Content-Style-Type
Cache-Name
Uber-Trace-Id
X-Cluster-Name
X-Agile-Age
X-Matched-Rule
X-Agile
X-ND-Cache
X-Generated-On
Viewport
X-Level-Front-Cache
HA-Ipaddr
W
X-Agile-Id
X-C
ServerName
PFcat
X-GeoIP-City
X-IN-APIGATEWAY
X-CGP
X-Trafficlayer-App-Name
X-Geo-Header
X-Cdn-Origin
X-Wikidot-Static-Cache
X-Thinkindot-L3
X-Sn-Servicetimems
X-Service
X-Sigma-Backend
X-Served-From
X-Developers
X-Wikidot-Backend
X-Core-Value
Server-Host
X-Backend-State
X-Rocket-Nginx-Bypass
Thinkindot-CacheControl
X-Reboot
X-Cache-Grace
X-Distil-CS
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Eu-Site
L5d-Success-Class
X-TT-TIMESTAMP
X-Sigma
X-Cache-Expired-At
X-Trafficlayer-App-Version
X-Trafficlayer-App-Scope
X-Rocket-Build-Number
X-Request-URI
X-IN-APIGATEWAYSSL
Ha-Gx-Prefs
Mime-Version
X-CS
X-Generation-Time
Server-Cache-Control
Server-Surrogate-Control
X-Epic-Correlation-Id
X-Clientip
X-Device-Os
X-DevSite-Last-Modified
X-Cache-Tags
X-Cache-Info
X-Contensis-Viewer-Groups
X-CUA
X-Debug-Cookies
X-Debug-Log
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Cache-FS-Status
X-Dispatch
X-Auto-Login
X-BBXSRF
X-Fastly-Cache
X-Fetched-On
X-FW-Version
X-Has-Esi
X-Distributor
X-Cache-Bucket
X-Cache-ASPX
X-Dispatcher-Server
X-Bip
X-Gamma-Serve
Countrycode
X-Rebelmouse-Cache-Control
X-Tumblr-Pixel-3
X-Rebelmouse-Surrogate-Control
X-Request-Host
X-Variation
X-Var-Ttl
X-Platform-Server
X-Owner
Adler-Geo
AKAMAI
X-NX-Host
HitType
X-Origin-Expires
X-Hash
X-Varnish-Beresp-Ttl
X-Varnish-Authentication
X-We-Are-Hiring
X-Swa-Ws
X-Servername
X-Slack-Backend
X-ServiceProvider
X-Skip-Cache
X-Webstats-RespID
X-Thanos
X-Varnish-Cacheable
X-VC-Cache
X-App-Name
X-VServer
X-Trace-Id
X-TrackingId
CDCHOST
X-Origin-Date
X-Irp-Debug
Is-Eu
X-Is-Gdpr
X-JWT-State
Fastly-SWR
Gh-Request-Id
Kp-EeAlive
X-Instart-Isnd
X-Hit
Pramga
Platform
N-Cache
Locid
Memcached
X-Li-Fabric
Heartbleed
Country-Code
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Micro-Cache
X-Logging-Id
Fastly-Drupal-HTML
Fastly-SIE
X-CF-Powered-By
X-VCache
X-WebServer
X-Lb-Id
X-Gen-Mode
X-NodeID
X-Urbn-Site-Id
X-Ms-Request-Id
X-RateLimit-Remaining-Second
X-WADP-Cache
X-LAGOON
X-Hnp-Log
X-RateLimit-Limit-Second
X-Core-Mission
X-Nginx-Cache-Key
X-Server-W
X-SIPLIST1
X-Cache-URL
X-Bc-Bl
X-Generated-In
X-Proxy-Upstream
X-Ms-Version
X-Urbn-Context-Path
IsBot
We-Hiring
On-Server
Server-ID
User-Cache-Control
V-Age
Mail-Subject
Locale
Cloudfront-Viewer-Country
Cache-Host
X-S-Maxage
Group
Environment
Web-Mar-Node
X-Block-Status
X-Clara-WADP
X-Cms-Context
X-Node-Id
X-Sucuri-ID
Hostname
X-Ratelimit-Remaining
X-NC
X-Response-By
X-Refresh
Wxu-Next-Region
X-Backend-Host
Wxu-Next-Hostname
RNT-Machine
RNT-Time
Wxu-Next-Commit
X-BACKEND-TTL
Geo-Info
X-VHOST
Cache-Cookie-Set-Idcheck
X-RESPONSE-TIME
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
FNAC-ModuleRouting
X-CACHE-GROUP
X-Req
X-Origin-CC
X-CLOUD-TRACE-CONTEXT
X-VCT
X-Cdn-Forward
X-Parent-Response-Time
X-Origin-TTL
X-B3-Spanid
Cache
X-Fmm-Version
X-CSRF-Token
X-Up
X-Scheme
X-Pjax-Url
X-MSEdge-Flight
X-MSEdge-Features
Fastly-Backend-Name
X-Server-Time
X-FPC
X-CDN-Forward
SD-X-WS
X-TT-LOGID
X-SN
Origin
X-Edge-Server
Pragrma
X-APP
PICS-Label
X-Varnish-URL
Cdn-Host
Cdn-Request-Time
Geoip-City
X-Instart-Info
Geoip-Latitude
X-App-Version
X-Edge
X-Correlation-ID
Proxy-Firewall
GeoIp-Country-Code
X-MCACHE
Cdnsip
Vix-Hermes-Req-Id
Cdncip
X-Cache-Host
M-TraceId
Request-Time
X-AK-Request-ID
X-Cache-PHP
Ohc-File-Size
X-CSRF-TOKEN
X-SVT-ORM-VERSION
CACHE
X-SVT-ORM-RULES
X-Wa
X-Vcl-Version
TTL
X-Air-Hostname
X-Wix-Viewer-Type
X-ECACHE
X-NU-AKA-ACS-Version
X-Vdms-Path
NM-Fastcgi-Cache
NtCoent-Length
X-Be
X-Ratelimit-Limit
X-HS-Status
CF-Cached-On
X-Mid
Cdn
X-URL
Memory
Pagetype
X-Cache-Debug
Sever-Int
X-Myra-Origin2
RequestId
Server-Hostname
X-Bc
X-Zone
X-Tec-Api-Root
X-Tec-Api-Origin
Server-Ext
X-Pf-Uncompressing
X-Tec-Api-Version
Resin-Trace
X-ServedByHost
X-Ua
X-ECache
Ohc-Cache-HIT
X-Method
Magicmarker
X-TH-Server
X-GEO
X-Cache-Metadata
X-Worker
IBM-Web2-Location
Tcn
X-Dynatrace-Js-Agent
HostName
SRV
X-NGINX-Cache
X-Oneagent-Js-Injection
X-FORWARDED-FOR
Release
XServer
Cteonnt-Length
X-Branch-Name
X-Request-Start
X-Via-PopV
Dt-Cache-Category
X-Envoy-Upstream-Healthchecked-Cluster
X-Ocache
X-Referer
Server-Int
Dnion-Transfer-Encoding
X-Azure-Ref-OriginShield
X-Protected-By
X-BC
X-ZONE
Load-Balancing
X-Via-PopH
X-Servedbyhost
X-Newrelic-App-Data
X-Unique-ID
X-Swift-Error
Lb
X-Tb-Optimization-Total-Bytes-Saved
Powered-By
X-Policy
X-WA
X-Configured-By
X-AIR-PT
X-Fastly-Country-Code
X-Esi-Check
X-Cache-Id
X-Planisys-CDN-TTL
Esi-Enabled
X-Planisys-CDN-Cache
Fastly-Soc-X-Request-Id
X-Planisys-CDN-Rules
X-Ruxit-Js-Agent
X-DC
Pics-Label
Ttl
X-B3-SpanId
X-Reqid
X-C-Key
X-C-Zone
X-Action
X-VCL-Version
X-COUNTRY
X-Datadome
X-Gzip
X-Node-ID
Fastly-SSL
X-RSL
X-RPS
GeoIP-Country-Code
X-Hello
X-DB
X-SRV
X-RPM
X-ABtesting
Who
X-DW
X-Via-Ucdn
X-DI
X-Flog
X-DSS
MIME-Version
Host-ID
X-VarnishDD-TTL
GeoIP-Latitude
GeoIP-City
X-HostName
X-Cache-Backend
X-PF-Uncompressing
UCS
X-Render-Time
X-Country-IP
X-SERVER-NAME
X-Powered-Y
X-Fpc
X-Via-CDN
X-Svr
ProcessTime
LB
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Request-Id
Lfy
X-PJAX-URL
X-UPSTREAM-Address
FSS-Cache
X-RAMCache
X-Fastly-Backend-Reqs
X-User
X-Varnish-Url
Product
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-MID
X-Beluga-Trace
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Node
X-Key
X-SD-PageType
FSS-Proxy
Sid
X-Beluga-Cache-Status
X-Beluga-Record
CF-IPCountry
X-Varnish-Beresp-TTL
X-Internal-Host
X-Page-Impression-Id
X-Server-IP
X-Agile-Brick-Ok
X-WPE-Loopback-Upstream-Addr
X-Zalando-Child-Request-Id
X-LiteSpeed-Cache-Control
SN
Xet-Cookie
X-B3-Parentspanid
X-Sucuri-Cache
X-Flow-Id
Requestid
X-Aicache-OS
X-Apw-Access-Token
X-Debug-Controller
X-Apw-Access-Object
X-Debug-Revision
X-Pinterest-Direct
WebServer
CDN
X-BE
X-Apw-Access-Action
X-Location
X-Apw-Hits
X-Tid
WZWS-RAY
L
X-Check-Cacheable
X-Compress-Hint
X-Request-Url
X-Litespeed-Cache-Control
X-Sucuri-Id
Servername
X-ElasticPress-Search
X-LB-ID
CloudFront-Viewer-Country
X-MiniProfiler-Ids
X-Request-URL
X-Fastly-Cache-Hits
DataCenter
X-Dw-Trace-Id
X-App
X-Nananana
Cneonction