Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
CF-Ray
Referrer-Policy
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
X-Request-Id
Alt-Svc
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-Generator
Timing-Allow-Origin
X-Iinfo
X-FRAME-OPTIONS
X-Template
X-Language
X-AspNetMvc-Version
X-Ua-Compatible
Upgrade
Status
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-AH-Environment
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
X-Server
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Xkey
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
X-Varnish-Cache
Grace
X-UA-Device
X-Request-ID
X-Amz-Version-Id
Cf-Railgun
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
X-Server-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
NEL
X-Dispatcher
X-Cache-Lookup
X-Ac
X-Readtime
X-WebKit-CSP
Surrogate-Control
X-Origin-Upstream-Status
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-Country
X-DataDome
X-Akam-SW-Version
X-Rack-Cache
Edge-Control
Rating
X-Clacks-Overhead
X-Url
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Instart-Request-ID
X-PC
X-TtlSet
X-DynaTrace
X-Vname
X-Goog-Hash
Allow
X-Country-Code
Content-MD5
X-Varnish-TTL
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
Pinterest-Generated-By
X-Server-Name
X-Dns-Prefetch-Control
X-D2id
X-ESI
X-Webkit-Csp
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Cdn-Fetch
X-Server-ID
X-MS-InvokeApp
X-Powered-By-Plesk
SPRequestGuid
X-Vcache
X-Cached
X-Navigation-Version
X-B3-TraceId
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
Accept-Ch
X-Debug
X-Forwarded-Proto
X-Amz-Rid
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-MSEdge-Ref
X-Trace
Nginx-Cache
X-Fastly-Request-ID
Public-Key-Pins
X-Vcap-Request-Id
X-SharePointHealthScore
X-VARITI-CCR
MS-Author-Via
TCN
Charset
Arr-Disable-Session-Affinity
Accept-Ch-Lifetime
X-Accel-Expires
X-Px
X-Cache-TTL
X-NF-Request-ID
Edge-Cache-Tag
X-Fastcgi-Cache
Response
Pagespeed
X-Middleton-Display
X-Middleton-Response
Realpath
Display
X-Sol
SPIisLatency
SPRequestDuration
X-Version
X-Content-Type
X-Client-IP
X-Ser
Fusion-Deployment-Id
Cache-Tag
X-Ttl
X-SRCache-Store-Status
X-SRCache-Fetch-Status
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-DynaTrace-JS-Agent
X-Powered-CMS
Front-End-Https
X-Pinterest-Rid
Pinterest-Version
X-Id
Mrf-Cache-Status
MRF-Tech
Accept-CH
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Access-Control-Request-Method
NR-ENABLED
X-Upstream
X-Jurisdiction
AR-CACHE
X-Grace
Ar-Sid
X-Content-Digest
X-Hits
X-T
DynaTrace
X-Element-Page-Cache
X-Hp-Webp
X-Amz-Meta-S3cmd-Attrs
X-TTL
S
X-Forwarded-For
X-Dw-Request-Base-Id
Fastcgi-Cache
Accept-CH-Lifetime
ServerID
X-Node-Name
X-ASPNET-VERSION
X-Amzn-Trace-Id
PB-RID
PB-PID
X-Mobile-URL
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Realm
X-Country-Code-Real
X-Recruiting
Arc-Version
X-Cache-Hit
X-Mobile-Rewrite
Server-Node
X-GUploader-UploadID
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Goog-Storage-Class
X-Goog-Generation
Powered
X-Goog-Metageneration
X-Frontend
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
TP-Cache
TP-L2-Cache
X-FTR-Expires
X-Ezoic-Cdn
X-Shard
AMP-Access-Control-Allow-Source-Origin
X-DIS-Request-ID
Fastly-Restarts
Upgrade-Insecure-Requests
X-Shield-Request-Id
X-NWS-LOG-UUID
X-HS-Combine-CSS
Alternate-Protocol
X-Request-Processing-Time
X-Request-Received
Refresh
X-Logged-In
X-Varnish-Age
X-XRDS-LOCATION
X-Correlation-Id
WPE-Backend
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
Server-Name
MicrosoftSharePointTeamServices
X-FTR-Cache-Host
X-B
X-F-Cache
X-Akamai-Edgescape
X-User-Agent
X-Rid
X-Content-Security-Policy-Report-Only
X-Page-Id
X-LB-Cache
X-Via-JSL
X-Geo-Country
X-N
Cache-Status
Host
X-XRDS-Location
X-Zen-Fury
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Content-Options
X-Origin-Server
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Host-Header
X-Varnish-Grace
X-Amz-Apigw-Id
X-B3-Sampled
X-Revision
X-Kinsta-Cache
X-Type
X-Amz-Replication-Status
X-AOL-HN
X-Cache-Action
X-ATG-Version
X-FB-Debug
X-Instance
X-B-Cache
X-Debug-Info
X-App-Environment
X-Git-Hash
X-Jobs
X-Request-Guid
X-Signature
X-TT
Paypal-Debug-Id
Actual-Object-TTL
X-Tumblr-User
Access-Control-Allow-Method
X-Tumblr-Pixel
X-Varnish-Backend
X-Tumblr-Pixel-0
X-WebKit-CSP-Report-Only
X-Content-Powered-By
Fastcgi-Useragent
Liferay-Portal
Frame-Options
X-Whom
Healthy
X-Tt-Trace-Tag
X-Tt-Trace-Host
Section-Io-Cache
X-Cluster
X-Cached-By
X-Srv
X-Hostname
X-Seen-By
X-PHP-Backend
X-Cache-Key
X-Daa-Tunnel
X-Cache-Rule
X-Cache-Operation
X-Framework
X-Erf-Bev-Bev-Is-Generated
X-Az
X-AppVersion
X-Activity-Id
X-Erf-Bev-Bev
X-CST
X-FireWall-Port
Tracecode
X-Cache-Age
Retry-After
X-Contextid
X-WA-Info
X-Presslabs-Stats
X-Endurance-Cache-Level
X-Mobile
X-Amzn-Requestid
Trailer
X-Host-Name
X-IPLB-Instance
X-Upgrade-Enabled
NGB
X-Response-Served-From
X-Accel-Buffering
X-RemovedCookies
X-ProcessESI
Accept-Charset
Source
Surrogate-Key
Srv
Xserver
X-Cache-NE
DC
X-FW-Static
X-FastCGI-Cache
X-Origin-Response-Time
X-FW-Type
X-FW-Server
X-FW-Serve
X-Region
Eomportal-Instance
X-FW-Hash
X-Is-Bot
X-Varnish-Hostname
X-Cacheable-TTL
X-L-Path
X-Handled-By
X-Varnish-Server
X-Adobe-Loc
X-Rendered-As
Filters
Payment
X-Environment-Context
X-GeoIP
X-Adobe-Content
X-UUID
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RequestSource
X-EdgeConnect-Cache-Status
Server-Info
X-Cache-2
X-RateLimit-Remaining
X-UA-Device-Type
From-Origin
X-Cache-TTL-Remaining
X-Edge-O15-RID
X-Time-Microsecs
Cache-Tv-Group
X-APP-VERSION
X-Backend-Name
X-Proxy
X-Wix-Request-Id
X-Cache-Server
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
VIX-Pulpo-Upstream-Status
X-Oss-Hash-Crc64ecma
VIX-Pulpo-Node
MS-CV
X-Cache-Enabled
X-NGENIX-Cache
X-Akamai-Transformed
X-Dc
Version
Datacenter
X-Status
X-Unique-Id
X-IPS-LoggedIn
GEO-INFO
X-Mode
X-TIME
S-Cnection
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-ES-SERVER
X-RN-RSRV
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
X-Path-Route
X-CCM
X-Access
X-TX-ID
X-Section
X-Forwarded-Host
X-Format
X-R9-Blue-Green-Version
X-Via-Fastly
ServedBy
X-Ua-Device
X-NYM-Debug-Backend
X-SS-Set-Cookie
X-Akamai-Request-ID
X-Redis-Cache
X-PERF
X-ApacheServer
X-Cache-Time
Filterid
Akamai-GRN
X-Tb
Decoy-Debug-Status
Decoy-Debug-TTL
X-Origin
Country
Decoy-Debug-Key
Cache-Tags
X-Hosted-By
X-Cache-Status-Check
X-Human
X-Cache-Remote
X-Shopify-Stage
X-Generated-By
Cache-Key
NGX
X-LJ-Flow-ID
Origin-Edge-Control
X-Alternate-Cache-Key
X-Akamai-Request-ID2
DB-Nickname
Origin-Cache-Control
Cleartype
X-Amzn-Remapped-Content-Length
X-Cache-Control
X-AWS-Id
OT-Force-Account-Verify
Content-Disposition
X-Pubstack
Mn-Server-Ip
X-Varnish-Hits
FilterID
X-SayCDN-TTL
X-Say-Cacheable
X-VWS-Id
X-Web-Node
X-EIG-Tracking-Id
X-Sorting-Hat-PodId
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Debug-Cache
X-Say-TTL
X-Pad
X-Request-Time
X-FW-Dynamic
X-Content-Age
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Www-Served-By
X-Device-Type
X-Vgn-Hpd-Reason
X-FB-TRIP-ID
X-TNCMS
X-ProxyCache-Status
X-Site-Version
X-Soup
X-ProxyCache-Key
S-Rt
Now
X-Proto
X-Detected-As
X-Routing-Service
X-BYPASS-REASON
X-MP-GENERATED-AT
X-Loop
X-BCube-Filmed-By
X-Locale
X-FC-Vary-Parameters
X-Cache-Config
X-Proxied
Webserver
X-ServerID
X-Viewer-Country
X-Zipkin-Id
X-Proxy-Cache-Status
X-IP
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Device-Class
X-NewRelic-App-Data
Azure-InstanceId
X-RCS-CacheZone
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
X-Origin-Hint
TWC-Privacy
Azure-RegionName
Property-Id
Cross-Origin-Window-Policy
Ec-Rule-Version
Azure-Version
TWC-Connection-Speed
Azure-SiteName
Azure-SlotName
X-Hl-Ver
X-NCache
Node
X-JoinUs
X-Xfnlog-Site
X-SaId
Access-Control-Request-Headers
X-Timing-Wait
X-Esi
X-HTML-Minification-Powered-By
Selected-Fe
X-Amzn-RequestId
X-Proxy-Build
X-B3-Traceid
X-Real-IP
X-App-Server
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Nel
Section-Origin-Responded
Cache-Hits
X-Drupal-Cache-Tags
X-PressLabs-Stats
X-EC-Lua
X-Uri
X-Geo
X-Adobe-Source
X-CACHE-KEY
X-Microcachable
Accept-Language
X-No-Session
X-PCL
Odigeo-Trace-Id
X-OCL
X-Qloud-Router
Cf-Ipcountry
X-Varnish-Cache-Hits
X-UA
X-Rule
X-Source
Time
X-NWS-UUID-VERIFY
X-RTag
Ms-Operation-Id
X-From
X-Azure-Ref
X-Hyper-Cache
User-Agent
X-Labrador-Cache-Channel
X-Load-Cache
X-PHP-Host
X-Storage
X-Time
X-Info
X-Backend-TTL
Proxy-Connection
X-RateLimit-Limit
X-Cluster-Node
X-Cache-NGX
X-Nginx-Cache
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-Nc
Powered-By-ChinaCache
X-Old-Content-Length
X-GoCache-CacheStatus
A
X-Drupal-Cache-Contexts
Fastcgi-X-Cache-Version
Machine
GEO-REGION-INFO
Content-Style-Type
MD5-Digest
Meta-Geo-Continent
Request-Country
Rendered-Blocks
Mobile-Detection-Method
Content-Script-Type
BehaviorPad-Version
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Arc-Country
AsisCache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Apple-News-Services-Handled
VivaBuild
X-VG-TLSProxy
X-VG-WebCache
X-Vdms-Version
X-Twitter-Response-Tags
X-Trv-Group
X-VG-WebServer
X-OVcl
X-Vtex-Remote-Cache
Xc-Version
X-Vtex-Processado-Em
X-G
X-GeoIP-Country-Code
X-Transaction
X-SRCache-Key
X-OVcl-Cache
X-Request-URI
X-PAYTM-SRV-ID
X-Processor
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-ScT
X-Session-Fingerprint
X-S-Cookie
X-S
X-Rojux
X-UnsetCookies
X-External-Request-Id
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A
X-Edge-Location
ServerName
Request-EU
T-Server
True-Client-Country-4JS
Viewtype
X-DPWN-IS-SECURE
X-Accel-Expires-Debug
X-D
X-Connection-Hash
X-Date
X-Destination
X-Developer
X-Aed
X-CF-Lambda-Version
X-ARC
X-Application
X-B-Cookie
X-Cdn-Srv
X-CF-Lambda-Fn
Cache-Name
Uber-Trace-Id
Rt-Fastcgi-Cache
X-Varnish-Ttl
X-Geo-Header
X-GeoIP-City
X-Generated-On
Locid
PFcat
X-Developers
X-Agile-Id
X-Served-From
X-Service
X-Rocket-Nginx-Bypass
X-Reboot
X-Matched-Rule
X-ND-Cache
Server-Host
X-Core-Value
X-Backend-State
X-C
X-Magnolia-Registration
X-App-Name
X-Agile-Age
X-Agile
W
X-Cache-Grace
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
Mime-Version
X-Cdn-Origin
X-ServiceProvider
X-Level-Front-Cache
X-Trafficlayer-App-Version
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Thinkindot-L3
X-TT-TIMESTAMP
X-Varnish-Cacheable
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Sn-Servicetimems
CDCHOST
X-CF-Powered-By
X-Cluster-Name
X-CS
X-Cms-Context
X-Contensis-Viewer-Groups
X-Core-Mission
X-Urbn-Site-Id
X-Skip-Cache
X-Clara-WADP
X-Variation
X-Var-Ttl
X-Urbn-Context-Path
X-CUA
X-Dispatcher-Server
X-Distil-CS
X-Distributor
X-Dispatch
X-DevSite-Last-Modified
X-Tumblr-Pixel-3
X-Rocket-Build-Number
X-Device-Os
X-CGP
X-Varnish-Authentication
X-WADP-Cache
X-BBXSRF
X-Bc-Bl
X-We-Are-Hiring
X-Webstats-RespID
X-Sigma-Backend
X-Servername
X-Server-W
X-Block-Status
X-VServer
X-SIPLIST1
X-Cache-Info
X-Cache-URL
X-VC-Cache
X-Cache-FS-Status
X-Cache-ASPX
X-Cache-Bucket
X-Cache-Expired-At
X-Epic-Correlation-Id
X-Eu-Site
X-LI-Proto
X-Logging-Id
X-Swa-Ws
X-Li-Pop
X-Li-Fabric
X-JWT-State
X-LAGOON
X-Rebelmouse-Cache-Control
X-Micro-Cache
X-Ms-Request-Id
X-Origin-Expires
X-Owner
X-Platform-Server
X-Origin-Date
X-NodeID
X-Ms-Version
X-RateLimit-Remaining-Second
X-Nginx-Cache-Key
X-Is-Gdpr
X-Trace-Id
X-Sigma
X-Request-Host
X-Generation-Time
X-Gen-Mode
X-Gamma-Serve
X-Fastly-Cache
X-Fetched-On
X-FW-Version
X-Slack-Backend
X-Rebelmouse-Surrogate-Control
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Hnp-Log
X-Hit
X-Has-Esi
X-Hash
X-RateLimit-Limit-Second
X-LI-UUID
On-Server
Platform
N-Cache
Memcached
Locale
Mail-Subject
Pramga
RNT-Machine
User-Cache-Control
V-Age
Server-Surrogate-Control
Server-ID
RNT-Time
Server-Cache-Control
L5d-Success-Class
Kp-EeAlive
Cache-Host
Country-Code
X-Varnish-Beresp-Ttl
AKAMAI
HitType
Adler-Geo
Fastly-Drupal-HTML
Fastly-SWR
Is-Eu
IsBot
Heartbleed
HA-Ipaddr
Group
Ha-Gx-Prefs
Viewport
Fastly-SIE
Web-Mar-Node
We-Hiring
X-NC
X-Generated-In
X-Bip
Wxu-Next-Hostname
Wxu-Next-Commit
X-NX-Host
X-Cache-Tags
Countrycode
X-Req
X-Backend-Host
FNAC-ModuleRouting
Environment
X-Auto-Login
Gh-Request-Id
X-S-Maxage
Geo-Info
X-Irp-Debug
X-Proxy-Upstream
X-TrackingId
X-WebServer
X-Thanos
Wxu-Next-Region
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Clientip
X-Debug-Log
X-Debug-Cache-Fetch
X-Node-Id
X-VHOST
X-Sucuri-ID
Cache-Cookie-Set-Lfrom
X-RESPONSE-TIME
X-Refresh
Cloudfront-Viewer-Country
X-Lb-Id
X-URL
X-Response-By
Hostname
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Ratelimit-Remaining
X-Fmm-Version
X-Parent-Response-Time
X-CLOUD-TRACE-CONTEXT
X-BACKEND-TTL
X-VCT
X-Scheme
X-Origin-CC
X-Origin-TTL
X-Cdn-Forward
X-VCache
Fastly-Backend-Name
X-B3-Spanid
X-Up
X-Varnish-URL
X-CDN-Forward
Cache
X-Pjax-Url
X-MSEdge-Features
X-MSEdge-Flight
X-Instart-Info
X-FPC
X-APP
SD-X-WS
Origin
X-Server-Time
X-CSRF-Token
X-App-Version
X-Edge-Server
Pragrma
X-Correlation-ID
Geoip-Latitude
Cdn-Request-Time
PICS-Label
X-TT-LOGID
X-SN
Proxy-Firewall
Cdn-Host
Geoip-City
X-Edge
X-CSRF-TOKEN
X-MCACHE
M-TraceId
Vix-Hermes-Req-Id
GeoIp-Country-Code
CACHE
Cdncip
Cdnsip
X-Cache-PHP
X-AK-Request-ID
Request-Time
X-Wa
X-Cache-Host
NM-Fastcgi-Cache
X-SVT-ORM-RULES
X-Wix-Viewer-Type
X-SVT-ORM-VERSION
X-COUNTRY
X-Vdms-Path
CF-Cached-On
X-Vcl-Version
TTL
Ohc-File-Size
NtCoent-Length
X-ECACHE
X-HS-Status
X-NU-AKA-ACS-Version
X-Air-Hostname
X-FORWARDED-FOR
X-Be
X-Mid
Cdn
Memory
Sever-Int
X-Bc
Server-Hostname
X-Zone
Server-Ext
X-Myra-Origin2
X-Ua
X-Ratelimit-Limit
X-ECache
Magicmarker
X-Pf-Uncompressing
X-ServedByHost
X-Cache-Debug
RequestId
Resin-Trace
X-Method
Pagetype
HostName
X-Cache-Metadata
X-GEO
XServer
X-TH-Server
Tcn
X-Worker
Ohc-Cache-HIT
X-Dynatrace-Js-Agent
SRV
X-Via-PopH
Cteonnt-Length
X-Via-PopV
Release
X-Oneagent-Js-Injection
X-Servedbyhost
IBM-Web2-Location
X-Newrelic-App-Data
X-Protected-By
X-Referer
Server-Int
X-Branch-Name
X-Envoy-Upstream-Healthchecked-Cluster
X-ZONE
X-Azure-Ref-OriginShield
Load-Balancing
X-BC
Dnion-Transfer-Encoding
X-NGINX-Cache
X-Swift-Error
X-Unique-ID
Lb
X-Ocache
Powered-By
X-Request-Start
X-Tb-Optimization-Total-Bytes-Saved
Dt-Cache-Category
Esi-Enabled
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Policy
X-Tec-Api-Root
X-Tec-Api-Origin
X-Configured-By
X-Esi-Check
X-VCL-Version
X-AIR-PT
X-Cache-Id
X-Fastly-Country-Code
Ttl
X-Tec-Api-Version
X-DC
X-Ruxit-Js-Agent
Fastly-Soc-X-Request-Id
X-SRV
X-Node-ID
X-Gzip
X-Datadome
X-WA
X-B3-SpanId
Pics-Label
X-C-Zone
Fastly-SSL
X-C-Key
GeoIP-Country-Code
X-Reqid
X-VarnishDD-TTL
X-Action
X-Via-Ucdn
Who
MIME-Version
X-ABtesting
GeoIP-City
X-DSS
X-RPM
X-RSL
X-RPS
X-DB
X-DW
GeoIP-Latitude
X-DI
X-Hello
X-Flog
X-HostName
X-Country-IP
X-Svr
X-PJAX-URL
UCS
LB
X-Powered-Y
X-SERVER-NAME
X-Fpc
Host-ID
X-PF-Uncompressing
X-Cache-Backend
X-Fastly-Request-Id
X-Via-CDN
FSS-Cache
X-Render-Time
X-Varnish-Url
X-Amzn-Remapped-Date
Lfy
ProcessTime
X-Amzn-Remapped-Connection
X-RAMCache
X-Fastly-Backend-Reqs
X-MID
X-UPSTREAM-Address
X-User
Sid
FSS-Proxy
Product
X-SD-PageType
X-Varnish-Beresp-TTL
Requestid
X-Key
X-HP-Webp
X-LiteSpeed-Cache-Control
X-Zalando-Child-Request-Id
X-Agile-Brick-Ok
X-Page-Impression-Id
X-Internal-Host
X-Beluga-Trace
Xet-Cookie
X-WPE-Loopback-Upstream-Addr
X-Beluga-Node
X-Beluga-Cache-Status
X-Flow-Id
X-Beluga-Record
Amp-Access-Control-Allow-Source-Origin
X-Beluga-Status
X-Beluga-Response-Time
X-Server-IP
CF-IPCountry
X-Pinterest-Direct
X-Aicache-OS
L
X-Sucuri-Cache
X-Apw-Access-Action
X-B3-Parentspanid
WZWS-RAY
SN
X-Debug-Revision
X-Apw-Access-Token
X-Apw-Hits
X-Debug-Controller
X-Compress-Hint
Cneonction
X-Apw-Access-Object
X-Tid
X-Check-Cacheable
CDN
X-BE
X-Sucuri-Id
X-Litespeed-Cache-Control
X-MiniProfiler-Ids
X-ElasticPress-Search
X-LB-ID
X-Request-URL
X-Request-Url
X-Fastly-Cache-Hits
CloudFront-Viewer-Country
X-Location
X-Nananana
X-App
DataCenter
X-Dw-Trace-Id