Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Cache-Hits
X-Xss-Protection
P3P
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
CF-Ray
X-UA-Compatible
X-Served-By
X-Request-Id
Alt-Svc
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
X-AspNetMvc-Version
P3p
X-FRAME-OPTIONS
Upgrade
Status
X-CDN
X-Ua-Compatible
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-AH-Environment
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
X-Server
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
X-Swift-SaveTime
X-Swift-CacheTime
Feature-Policy
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
X-Varnish-Cache
X-UA-Device
Grace
Cf-Railgun
X-Amz-Version-Id
X-Request-ID
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Device
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
X-Cache-Lookup
X-Dispatcher
X-Ac
NEL
X-WebKit-CSP
X-Readtime
Surrogate-Control
X-Origin-Upstream-Status
Content-Location
X-Ruxit-JS-Agent
Request-Id
X-Application-Context
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Country
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-DataDome
X-Akam-SW-Version
X-Rack-Cache
Rating
Edge-Control
X-Url
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-DynaTrace
X-TtlSet
X-Goog-Hash
X-Vname
X-PC
X-Instart-Request-ID
Allow
X-Country-Code
Content-MD5
Verso
Service-Worker-Allowed
X-Varnish-TTL
X-GitHub-Request-Id
Pinterest-Generated-By
X-ESI
X-Server-Name
X-D2id
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Variant
X-Use-Magma
X-Exp-Id
X-Kinja-Server
X-Webkit-Csp
X-Vcache
X-MS-InvokeApp
X-Powered-By-Plesk
SPRequestGuid
X-Navigation-Version
X-Cached
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Debug
X-Forwarded-Proto
X-B3-TraceId
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Amz-Rid
Accept-Ch
X-MSEdge-Ref
X-Trace
X-Fastly-Request-ID
Public-Key-Pins
Nginx-Cache
X-SharePointHealthScore
X-Vcap-Request-Id
X-VARITI-CCR
TCN
MS-Author-Via
X-Server-ID
Arr-Disable-Session-Affinity
Charset
X-Px
X-Cache-TTL
Edge-Cache-Tag
X-Accel-Expires
X-Fastcgi-Cache
X-NF-Request-ID
Accept-Ch-Lifetime
X-Middleton-Response
Display
X-Middleton-Display
Pagespeed
Response
Realpath
X-Sol
SPRequestDuration
SPIisLatency
X-Ser
X-Content-Type
X-Client-IP
X-Version
Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
AR-Request-ID
AR-ATIME
AR-PoweredBy
Fusion-Deployment-Id
X-DynaTrace-JS-Agent
Accept-CH
X-Ttl
Front-End-Https
X-Powered-CMS
Pinterest-Version
X-Pinterest-Rid
Access-Control-Request-Method
X-Id
AR-CACHE
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Ar-Sid
X-Mrf-Section-Lastmod
X-Jurisdiction
X-Hp-Webp
X-Grace
X-Upstream
NR-ENABLED
X-Forwarded-For
X-TTL
X-Dns-Prefetch-Control
X-Content-Digest
DynaTrace
X-T
X-Element-Page-Cache
X-Hits
X-Amz-Meta-S3cmd-Attrs
S
X-Dw-Request-Base-Id
Accept-CH-Lifetime
Fastcgi-Cache
X-Aspnet-Version
ServerID
X-Node-Name
X-Mobile-URL
X-Amzn-Trace-Id
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
PB-RID
PB-PID
X-Recruiting
X-XRDS-LOCATION
Server-Node
X-Goog-Stored-Content-Length
Arc-Version
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-FTR-Expires
X-Shard
X-HS-Cache-Config
X-HS-Hub-Id
X-Ezoic-Cdn
X-Mobile-Rewrite
X-HS-Content-Id
X-GUploader-UploadID
X-Goog-Generation
Powered
X-Cache-Hit
X-Frontend
TP-Cache
TP-L2-Cache
X-ASPNET-VERSION
X-DIS-Request-ID
Fastly-Restarts
X-NWS-LOG-UUID
X-Shield-Request-Id
Upgrade-Insecure-Requests
X-HS-Combine-CSS
Alternate-Protocol
AMP-Access-Control-Allow-Source-Origin
X-Request-Received
X-Logged-In
X-Request-Processing-Time
X-Varnish-Age
Refresh
WPE-Backend
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
X-FTR-Cache-Host
Backend-Timing
MicrosoftSharePointTeamServices
Server-Name
X-Correlation-Id
X-Rid
X-LB-Cache
X-B
X-Page-Id
X-F-Cache
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Via-JSL
X-Geo-Country
X-N
Cache-Status
X-Zen-Fury
X-Kong-Upstream-Latency
Host
X-Kong-Proxy-Latency
X-Content-Options
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Origin-Server
X-Varnish-Grace
Host-Header
X-Amz-Apigw-Id
X-Revision
X-Kinsta-Cache
X-Type
X-B3-Sampled
X-TT
X-Instance
X-FB-Debug
X-Amz-Replication-Status
X-AOL-HN
X-ATG-Version
X-Cache-Action
X-Git-Hash
X-Tumblr-Pixel-0
X-App-Environment
X-Content-Powered-By
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
Paypal-Debug-Id
X-Tumblr-User
X-Debug-Info
Actual-Object-TTL
X-Tumblr-Pixel
X-XRDS-Location
X-B-Cache
X-Signature
X-Request-Guid
X-Varnish-Backend
X-Jobs
Liferay-Portal
Fastcgi-Useragent
X-Whom
Frame-Options
Healthy
X-Srv
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cached-By
Section-Io-Cache
X-Cache-Key
X-Hostname
X-Cluster
X-CST
X-PHP-Backend
X-Seen-By
X-Daa-Tunnel
X-Cache-Rule
X-Framework
X-Cache-Operation
X-Az
X-AppVersion
X-Activity-Id
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Presslabs-Stats
X-FireWall-Port
X-WA-Info
X-Mobile
Retry-After
Tracecode
X-Endurance-Cache-Level
X-Contextid
X-Cache-Age
Xserver
X-IPLB-Instance
X-Host-Name
Source
X-Upgrade-Enabled
Accept-Charset
X-Amzn-Requestid
X-Response-Served-From
X-Accel-Buffering
NGB
X-ProcessESI
Trailer
X-RemovedCookies
Surrogate-Key
X-Cache-NE
DC
X-Origin-Response-Time
X-Region
Eomportal-Instance
Payment
X-Is-Bot
X-FW-Server
X-GeoIP
X-Adobe-Loc
X-Handled-By
X-FW-Serve
X-FW-Type
X-FW-Static
X-Varnish-Server
X-Tumblr-Pixel-1
Filters
X-Rendered-As
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-Cacheable-TTL
X-Adobe-Content
X-FW-Hash
X-Environment-Context
X-L-Path
X-UUID
Srv
X-Edge-O15-RID
X-RequestSource
X-FastCGI-Cache
X-EdgeConnect-Cache-Status
Server-Info
X-UA-Device-Type
X-Cache-2
X-Backend-Name
From-Origin
X-APP-VERSION
Cache-Tv-Group
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
X-RateLimit-Remaining
X-Wix-Request-Id
Nel
X-Cache-Server
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
MS-CV
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Cache-Enabled
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Dc
X-NGENIX-Cache
X-Akamai-Transformed
Version
Filterid
Datacenter
X-Status
GEO-INFO
X-IPS-LoggedIn
X-Unique-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-B3-Traceid
S-Cnection
X-RN-RSRV
X-NewRelic-App-Data
Meta-Geo
X-CCM
X-TIME
X-Path-Route
X-Mode
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Var
X-SS-Set-Cookie
X-TX-ID
X-Section
X-Pad
X-Format
X-Access
X-Forwarded-Host
X-Hl-Ver
X-PERF
Cache-Tags
Akamai-GRN
Country
X-NYM-Debug-Backend
Decoy-Debug-Status
Cleartype
X-Origin
X-Via-Fastly
X-Cache-Status-Check
X-Akamai-Request-ID
Decoy-Debug-TTL
Decoy-Debug-Key
X-ApacheServer
X-Redis-Cache
X-Tb
X-R9-Blue-Green-Version
ServedBy
X-Akamai-Request-ID2
X-Alternate-Cache-Key
X-FC-Vary-Parameters
Origin-Edge-Control
X-EIG-Tracking-Id
X-Amzn-Remapped-Content-Length
X-Device-Type
Origin-Cache-Control
OT-Force-Account-Verify
X-Cache-Config
X-Web-Node
X-Debug-Cache
X-BYPASS-REASON
Now
X-Cache-Time
Content-Disposition
X-Varnish-Hits
X-ServerID
X-SayCDN-TTL
X-Say-TTL
DB-Nickname
X-Say-Cacheable
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-Soup
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Request-Time
X-Pubstack
Cache-Key
X-Vgn-Hpd-Reason
NGX
X-Human
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
X-Generated-By
X-Proto
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Cache-Status
X-LJ-Flow-ID
X-FW-Dynamic
S-Rt
Selected-Fe
X-IP
X-Site-Version
X-SaId
X-Proxy-Build
X-Timing-Wait
X-TNCMS
Mn-Server-Ip
X-Www-Served-By
X-Viewer-Country
X-NCache
X-MP-GENERATED-AT
X-FB-TRIP-ID
X-Detected-As
X-AWS-Id
X-Generated
X-JoinUs
X-Loop
X-Locale
X-BCube-Filmed-By
Ec-Rule-Version
X-Cache-Control
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-VWS-Id
X-Cache-Remote
Azure-SlotName
Azure-Version
X-Amzn-RequestId
Cross-Origin-Window-Policy
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
X-Origin-Hint
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
Webcakes-App-Version
Node
X-Content-Age
X-Ua-Device
Webserver
X-Xfnlog-Site
Access-Control-Request-Headers
X-RCS-CacheZone
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-HTML-Minification-Powered-By
X-Geo
X-Real-IP
Cache-Hits
X-Drupal-Cache-Tags
X-App-Server
FilterID
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Uri
X-EC-Lua
Section-Io-Id
X-PressLabs-Stats
Accept-Language
X-UA
X-No-Session
X-Microcachable
X-PCL
X-OCL
X-Varnish-Cache-Hits
X-CACHE-KEY
Odigeo-Trace-Id
X-Adobe-Source
X-Rule
X-Qloud-Router
X-Source
X-Varnish-Ttl
X-NWS-UUID-VERIFY
X-Time
X-RTag
Ms-Operation-Id
X-Azure-Ref
X-Hyper-Cache
X-From
Cf-Ipcountry
Time
User-Agent
X-Esi
X-Load-Cache
X-Storage
X-Labrador-Cache-Channel
X-PHP-Host
X-Info
Proxy-Connection
X-Cluster-Node
X-Nc
X-RateLimit-Limit
X-Backend-TTL
X-CLOUD-TRACE-CONTEXT
X-Cache-NGX
X-Nginx-Cache
X-TA-CDN-Provider
Powered-By-ChinaCache
X-Old-Content-Length
X-UnsetCookies
X-Newrelic-Synthetics
X-Magnolia-Registration
X-GoCache-CacheStatus
X-Drupal-Cache-Contexts
GEO-REGION-INFO
A
MD5-Digest
X-Edge-Location
Machine
Fastcgi-X-Cache-Version
Content-Style-Type
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
AsisCache
Content-Script-Type
BehaviorPad-Version
Apple-News-Services-Host
Request-Country
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
Xc-Version
X-Request-URI
X-VG-WebCache
X-VG-TLSProxy
X-Twitter-Response-Tags
X-CF-Lambda-Fn
X-Request-UUID
X-CF-Lambda-Version
X-Vdms-Version
X-Region-Sid
X-Processor
X-External-Request-Id
X-Date
X-DPWN-IS-SECURE
X-Developer
X-Destination
X-G
X-GeoIP-Country-Code
X-OVcl-Cache
X-PAYTM-SRV-ID
X-Connection-Hash
X-D
X-OVcl
X-Trv-Group
X-Cdn-Srv
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
VivaBuild
Viewtype
Rendered-Blocks
Mobile-Detection-Method
Request-EU
T-Server
True-Client-Country-4JS
X-Rewrite-Enabled
X-A-Wwc
X-ARC
X-Session-Fingerprint
X-SRCache-Key
X-B-Cookie
X-Transaction
X-Application
X-Aed
X-Rojux
X-Accel-Expires-Debug
X-S
X-S-Cookie
X-ScT
Meta-Geo-Continent
Rt-Fastcgi-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Mime-Version
X-Cluster-Name
Cache-Name
Uber-Trace-Id
X-Distil-CS
Ha-Gx-Prefs
HA-Ipaddr
X-ND-Cache
X-Developers
X-Sigma
X-GeoIP-City
X-Service
X-ServiceProvider
X-Served-From
X-Rocket-Nginx-Bypass
X-Eu-Site
X-Rocket-Build-Number
X-Reboot
W
X-IN-APIGATEWAYSSL
Thinkindot-CacheControl
X-IN-APIGATEWAY
X-Generated-On
Server-Host
X-Geo-Header
Thinkindot-CacheControl-Type
Thinkindot-Control
Locid
L5d-Success-Class
X-Matched-Rule
Viewport
PFcat
X-Level-Front-Cache
X-Sigma-Backend
X-Agile
X-Cdn-Origin
X-Trafficlayer-App-Name
X-Cache-Grace
X-CGP
X-Backend-State
X-Trafficlayer-App-Version
X-Trafficlayer-App-Scope
X-Agile-Age
X-Cache-Expired-At
X-Core-Value
X-C
X-Sn-Servicetimems
X-Agile-Id
CDCHOST
ServerName
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Thinkindot-L3
X-TT-TIMESTAMP
X-CS
X-Cache-FS-Status
X-Debug-Cookies
X-Debug-Log
X-Cache-Info
X-Gen-Mode
X-Generated-In
X-Debug-Cache-Store
X-Cache-Bucket
X-Debug-Cache-Fetch
X-Generation-Time
X-Debug-Cache-Expiry
X-CUA
X-Cache-Tags
X-Gamma-Serve
X-Cms-Context
X-Clientip
X-Dispatcher-Server
X-Contensis-Viewer-Groups
X-Epic-Correlation-Id
X-Dispatch
X-Clara-WADP
X-Fetched-On
X-FW-Version
X-Device-Os
X-Fastly-Cache
X-DevSite-Last-Modified
X-Distributor
X-Logging-Id
X-Trace-Id
X-Thanos
X-TrackingId
X-Tumblr-Pixel-3
X-Urbn-Context-Path
X-Swa-Ws
X-Slack-Backend
X-Rebelmouse-Surrogate-Control
X-Request-Host
X-Servername
X-Skip-Cache
X-Urbn-Site-Id
X-Var-Ttl
X-WebServer
X-Webstats-RespID
X-App-Name
X-Varnish-Cacheable
X-We-Are-Hiring
X-WADP-Cache
X-Variation
X-Varnish-Authentication
X-VC-Cache
X-VServer
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-LAGOON
X-JWT-State
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Is-Gdpr
X-Irp-Debug
X-Hash
X-Hit
X-Hnp-Log
X-Instart-Isnd
X-LI-UUID
X-Cache-ASPX
X-Origin-Expires
X-Platform-Server
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Origin-Date
X-NX-Host
X-Micro-Cache
X-Ms-Request-Id
X-Ms-Version
X-NodeID
X-Has-Esi
X-Owner
On-Server
Platform
N-Cache
Memcached
Locale
Mail-Subject
Pramga
Server-Cache-Control
V-Age
We-Hiring
User-Cache-Control
Server-Surrogate-Control
Server-ID
Kp-EeAlive
Is-Eu
X-Varnish-Beresp-Ttl
Cache-Host
AKAMAI
Adler-Geo
HitType
X-Block-Status
Country-Code
Countrycode
Group
Heartbleed
Gh-Request-Id
Fastly-SWR
Fastly-Drupal-HTML
Web-Mar-Node
Fastly-SIE
X-Auto-Login
X-BBXSRF
X-Bip
X-CF-Powered-By
RNT-Time
X-Lb-Id
IsBot
X-S-Maxage
RNT-Machine
X-Bc-Bl
X-Server-W
X-SIPLIST1
Cloudfront-Viewer-Country
Environment
X-Nginx-Cache-Key
X-Cache-URL
X-Core-Mission
X-Node-Id
X-NC
X-Sucuri-ID
X-Ratelimit-Remaining
Hostname
X-BACKEND-TTL
X-Response-By
X-Refresh
X-Backend-Host
Geo-Info
X-Req
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
FNAC-ModuleRouting
X-VHOST
Cache-Cookie-Set-From
X-RESPONSE-TIME
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Origin-TTL
X-Origin-CC
X-VCT
X-Fmm-Version
X-Cdn-Forward
X-Correlation-ID
X-Parent-Response-Time
X-B3-Spanid
X-CSRF-Token
X-Up
X-Pjax-Url
Cache
X-Scheme
Fastly-Backend-Name
X-FPC
X-MSEdge-Flight
X-VCache
X-MSEdge-Features
X-Server-Time
X-CDN-Forward
Geoip-Latitude
X-APP
Geoip-City
X-Varnish-URL
Cdn-Request-Time
X-TT-LOGID
SD-X-WS
X-SN
Cdn-Host
Origin
X-Instart-Info
X-Edge-Server
Pragrma
PICS-Label
X-App-Version
X-MCACHE
X-Edge
GeoIp-Country-Code
Proxy-Firewall
X-Vcl-Version
X-AK-Request-ID
X-Cache-Host
M-TraceId
TTL
X-Cache-PHP
Cdncip
Vix-Hermes-Req-Id
Request-Time
Cdnsip
Ohc-File-Size
X-CSRF-TOKEN
X-SVT-ORM-RULES
X-Wa
CACHE
X-SVT-ORM-VERSION
X-Vdms-Path
NM-Fastcgi-Cache
X-ECACHE
X-NU-AKA-ACS-Version
X-Air-Hostname
X-Wix-Viewer-Type
NtCoent-Length
CF-Cached-On
X-Be
X-HS-Status
Cdn
X-Mid
X-ServedByHost
X-Ratelimit-Limit
X-URL
X-Pf-Uncompressing
RequestId
SRV
X-Myra-Origin2
X-Bc
Memory
X-Cache-Debug
Resin-Trace
X-Zone
Pagetype
Server-Hostname
Sever-Int
Server-Ext
X-Ua
Ohc-Cache-HIT
X-ECache
Magicmarker
X-Method
X-TH-Server
HostName
X-Cache-Metadata
X-Worker
Tcn
IBM-Web2-Location
X-Dynatrace-Js-Agent
Cteonnt-Length
Release
X-Via-PopH
X-Via-PopV
X-NGINX-Cache
X-Oneagent-Js-Injection
X-FORWARDED-FOR
X-GEO
X-Protected-By
Server-Int
X-Azure-Ref-OriginShield
X-Request-Start
X-BC
X-Branch-Name
Load-Balancing
Dt-Cache-Category
X-Referer
X-Ocache
X-Envoy-Upstream-Healthchecked-Cluster
Dnion-Transfer-Encoding
X-ZONE
X-Servedbyhost
X-Unique-ID
XServer
X-Newrelic-App-Data
X-Swift-Error
Lb
X-Policy
Powered-By
X-Tb-Optimization-Total-Bytes-Saved
X-Fastly-Country-Code
Fastly-Soc-X-Request-Id
Esi-Enabled
X-Esi-Check
X-Tec-Api-Origin
X-Planisys-CDN-TTL
X-WA
X-Configured-By
X-Cache-Id
X-Planisys-CDN-Cache
X-Tec-Api-Root
X-Planisys-CDN-Rules
X-AIR-PT
X-Tec-Api-Version
X-DC
X-Ruxit-Js-Agent
X-VCL-Version
X-Gzip
Ttl
X-Reqid
X-C-Key
X-C-Zone
X-Datadome
X-COUNTRY
X-Node-ID
X-Action
Pics-Label
X-B3-SpanId
Fastly-SSL
X-RPM
X-Flog
X-RSL
X-SRV
X-Hello
X-DB
X-DW
X-DSS
Who
X-Via-Ucdn
X-DI
X-ABtesting
X-RPS
GeoIP-Country-Code
MIME-Version
GeoIP-City
Host-ID
GeoIP-Latitude
X-VarnishDD-TTL
X-Cache-Backend
X-HostName
X-Fpc
X-Render-Time
X-Country-IP
X-Svr
LB
ProcessTime
X-Varnish-Url
X-Powered-Y
X-Via-CDN
UCS
X-PF-Uncompressing
X-SERVER-NAME
Amp-Access-Control-Allow-Source-Origin
X-Amzn-Remapped-Connection
X-PJAX-URL
X-User
X-Fastly-Backend-Reqs
X-RAMCache
Lfy
X-Amzn-Remapped-Date
Product
X-UPSTREAM-Address
FSS-Cache
X-Fastly-Request-Id
FSS-Proxy
X-Beluga-Node
X-Beluga-Cache-Status
CF-IPCountry
X-Key
X-SD-PageType
X-Beluga-Trace
X-Beluga-Status
X-Varnish-Beresp-TTL
X-Beluga-Response-Time
Sid
X-Beluga-Record
X-MID
X-Page-Impression-Id
SN
X-Flow-Id
X-LiteSpeed-Cache-Control
X-B3-Parentspanid
X-WPE-Loopback-Upstream-Addr
X-Sucuri-Cache
X-Agile-Brick-Ok
Requestid
X-Zalando-Child-Request-Id
X-Internal-Host
Xet-Cookie
X-Server-IP
WebServer
X-Pinterest-Direct
X-Aicache-OS
X-BE
X-Request-Url
CDN
X-Compress-Hint
L
X-Tid
WZWS-RAY
X-Apw-Access-Action
X-Location
X-Debug-Revision
X-Apw-Hits
X-Apw-Access-Token
X-Check-Cacheable
X-Apw-Access-Object
X-Debug-Controller
X-Litespeed-Cache-Control
X-Sucuri-Id
Servername
X-MiniProfiler-Ids
CloudFront-Viewer-Country
X-Nananana
X-App
Cneonction
X-ElasticPress-Search
X-LB-ID
X-Fastly-Cache-Hits
DataCenter
X-Dw-Trace-Id
X-Request-URL