Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
CF-RAY
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
P3P
X-Amz-Cf-Id
X-Served-By
X-UA-Compatible
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Ua-Compatible
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
P3p
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-Content-Security-Policy
X-AspNetMvc-Version
X-Buckets
Content-Encoding
X-CDN
Access-Control-Expose-Headers
X-Request-ID
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
Feature-Policy
X-Server-Powered-By
X-Pingback
Request-Context
Server-Timing
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Grace
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-Rq
X-LiteSpeed-Cache
X-Server-Id
X-Device
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
X-Node
X-Response-Time
X-Dispatcher
X-Ac
NEL
X-WebKit-CSP
X-Cache-Lookup
X-Origin-Upstream-Status
X-Dns-Prefetch-Control
Surrogate-Control
Request-Id
X-Readtime
Content-Location
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
X-ORACLE-DMS-ECID
X-DataDome
X-HW
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Url
X-Rack-Cache
X-Cloud-Trace-Context
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
X-Country-Code
Fusion-Deployment-Id
X-ASPNET-VERSION
X-DynaTrace
X-Varnish-TTL
Allow
Service-Worker-Allowed
X-GitHub-Request-Id
Verso
X-Instart-Request-ID
X-MS-InvokeApp
X-D2id
Accept-CH
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
Content-MD5
Pinterest-Generated-By
SPRequestGuid
X-Server-Name
X-Cached
X-Forwarded-Proto
X-Powered-By-Plesk
X-Trace
X-Navigation-Version
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-Amz-Rid
X-Abt-Application-Version
Accept-CH-Lifetime
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Public-Key-Pins
X-Fastly-Request-ID
TCN
X-Vcache
Nginx-Cache
X-Vcap-Request-Id
X-Ttl
X-Debug
X-MSEdge-Ref
X-ESI
SPRequestDuration
SPIisLatency
X-VARITI-CCR
Arr-Disable-Session-Affinity
Charset
X-Accel-Expires
X-B3-TraceId
X-DynaTrace-JS-Agent
X-Cache-TTL
MS-Author-Via
X-NF-Request-ID
NR-ENABLED
Pagespeed
Display
Response
X-Middleton-Response
X-Middleton-Display
X-Px
X-Content-Type
X-Sol
Realpath
X-Client-IP
Cache-Tag
X-Ser
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
X-Server-ID
Edge-Cache-Tag
Access-Control-Request-Method
X-Id
X-Powered-CMS
X-Grace
X-Pinterest-Rid
Pinterest-Version
WPE-Backend
X-Webkit-Csp
Front-End-Https
X-Fastcgi-Cache
X-Hp-Webp
X-Jurisdiction
X-Shield-Request-Id
X-T
X-Upstream
X-Version
X-Hits
X-Element-Page-Cache
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
X-Node-Name
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
ServerID
X-Cache-Hit
Fastcgi-Cache
X-Recruiting
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Mobile-URL
AR-CACHE
Ar-Sid
X-Goog-Stored-Content-Encoding
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Realm
X-Goog-Metageneration
X-Goog-Generation
Accept-Ch
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-FTR-DC
X-GUploader-UploadID
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Server-Node
X-Request-Received
X-Request-Processing-Time
Powered
X-Frontend
TP-L2-Cache
TP-Cache
PB-PID
X-Forwarded-For
PB-RID
X-FTR-Expires
X-DIS-Request-ID
X-Mobile-Rewrite
Upgrade-Insecure-Requests
Arc-Version
Refresh
X-Ezoic-Cdn
X-HS-Combine-CSS
X-Shard
Alternate-Protocol
Host-Header
Server-Name
X-XRDS-Location
Accept-Ch-Lifetime
X-Geo-Country
X-Amzn-Trace-Id
X-Request-Handler-Origin-Region
X-NWS-LOG-UUID
X-Microsite
X-TTL
X-N
X-Rid
X-Akamai-Edgescape
X-F-Cache
X-FTR-Cache-Host
Fastly-Restarts
X-LB-Cache
X-Page-Id
X-Logged-In
Backend-Timing
X-User-Agent
X-B
X-ATS-Timestamp
X-Varnish-Age
X-Aspnetmvc-Version
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cdn
X-XRDS-LOCATION
MicrosoftSharePointTeamServices
X-Cache-Key
X-FastCGI-Cache
X-Kinsta-Cache
X-Zen-Fury
Healthy
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Varnish-Grace
X-Origin-Server
X-Esi
X-Revision
X-Request-Guid
Host
X-Jobs
X-Tumblr-Pixel-0
X-App-Environment
Fastcgi-Useragent
X-Instance
X-Tumblr-Pixel
X-Tumblr-User
X-Varnish-Backend
X-Cache-Age
X-B-Cache
X-Signature
X-ATG-Version
Actual-Object-TTL
X-Git-Hash
Paypal-Debug-Id
X-B3-Sampled
X-Amz-Replication-Status
X-Seen-By
X-Type
X-AOL-HN
X-FB-Debug
X-TT
X-Whom
Section-Io-Cache
X-Cache-Action
X-Debug-Info
X-Cluster
Frame-Options
Cache-Status
X-WebKit-CSP-Report-Only
X-Hostname
Access-Control-Allow-Method
X-Content-Options
Trailer
X-Amzn-Requestid
X-Cache-Rule
X-Endurance-Cache-Level
X-Cache-Operation
X-Contextid
Source
X-Content-Powered-By
X-Host-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-SERVER
Tracecode
X-Presslabs-Stats
X-Activity-Id
Liferay-Portal
X-Az
X-AppVersion
Accept-Charset
X-FireWall-Port
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Daa-Tunnel
X-Amz-Apigw-Id
X-IPLB-Instance
X-PHP-Backend
X-Upgrade-Enabled
DC
From-Origin
X-Framework
X-WA-Info
X-Response-Served-From
NGB
X-Accel-Buffering
X-RateLimit-Remaining
X-ProcessESI
X-RemovedCookies
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Retry-After
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Surrogate-Key
X-APP-VERSION
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Type
X-FW-Server
X-Is-Bot
X-Rendered-As
X-UUID
Srv
X-Environment-Context
X-L-Path
X-Cacheable-TTL
X-Adobe-Loc
X-Adobe-Content
Payment
X-RequestSource
Eomportal-Instance
X-GeoIP
X-Cache-NE
X-Wix-Request-Id
X-Region
X-Varnish-Server
X-Mobile
X-Time-Microsecs
X-Handled-By
Filters
X-Cached-By
X-UA-Device-Type
X-Proxy
X-Unique-Id
X-Origin-Response-Time
X-Varnish-Hostname
Nel
X-NGENIX-Cache
Xserver
X-Cache-TTL-Remaining
X-TIME
X-Webkit-CSP
X-EdgeConnect-Cache-Status
Datacenter
X-B3-Traceid
X-Cache-Control
X-Cache-Server
X-Akamai-Transformed
X-Cache-Time
Filterid
X-Srv
MS-CV
X-Backend-Name
Version
GEO-INFO
X-CST
X-Status
Server-Info
Odigeo-Trace-Id
S-Cnection
X-Mode
X-Rule
Cache-Tv-Group
Cache-Tags
X-Cache-2
X-Cache-Enabled
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Var-Map
Webserver
X-IP
Meta-Geo
X-Cache-Var
X-ES-SERVER
X-Path-Route
X-CCM
DB-Nickname
X-Detected-As
X-Loop
Azure-RegionName
Azure-InstanceId
OT-Force-Account-Verify
X-FW-Dynamic
X-Amzn-Remapped-Content-Length
Azure-SiteName
X-RN-RSRV
X-TNCMS
Azure-SlotName
X-Redis-Cache
X-FC-Vary-Parameters
Ec-Rule-Version
Azure-Version
S-Rt
X-Say-TTL
X-Origin-Hint
X-Origin
X-Say-Cacheable
X-Proto
Cross-Origin-Window-Policy
X-Real-IP
Akamai-GRN
Decoy-Debug-TTL
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Privacy
Webcakes-App-Name
X-ApacheServer
X-Adobe-Source
Webcakes-Region
Webcakes-App-Version
ServedBy
Property-Id
X-R9-Blue-Green-Version
Decoy-Debug-Status
Decoy-Debug-Key
Cleartype
X-Pubstack
X-Human
Origin-Edge-Control
Origin-Cache-Control
Now
NGX
Cache-Hits
X-PERF
X-Via-Fastly
X-ServerID
X-NCache
X-Hosted-By
Country
X-Web-Node
X-SayCDN-TTL
X-TX-ID
X-Hl-Ver
X-Forwarded-Host
X-ProxyCache-Status
X-Alternate-Cache-Key
X-Cache-Config
X-Sorting-Hat-ShopId
X-Site-Version
Cache-Key
X-Akamai-Request-ID2
X-Sorting-Hat-PodId
X-VWS-Id
X-LJ-Flow-ID
Section-Origin-Responded
X-Tb
X-Locale
X-ProxyCache-Key
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Shopify-Stage
Content-Disposition
Section-Io-Id
X-EIG-Tracking-Id
X-Cache-NGX
X-Cache-Status-Check
X-ShardId
X-ShopId
X-Format
X-Generated
X-Proxy-Cache-Status
X-NYM-Debug-Backend
X-Vgn-Hpd-Reason
X-Goog-Meta-Goog-Reserved-File-Mtime
X-BYPASS-REASON
X-AWS-Id
X-Shopify-Generated-Cart-Token
Access-Control-Request-Headers
X-RCS-CacheZone
X-Device-Type
X-Debug-Cache
X-Cache-Remote
Selected-Fe
X-Timing-Wait
X-FB-TRIP-ID
X-Xfnlog-Site
X-Www-Served-By
X-Proxied
X-Content-Age
X-SaId
X-JoinUs
X-Proxy-Build
Mn-Server-Ip
X-Section
X-Access
X-Routing-Service
X-Viewer-Country
X-BCube-Filmed-By
X-Zipkin-Id
X-MP-GENERATED-AT
X-HTML-Minification-Powered-By
X-Soup
Node
X-Microcachable
X-No-Session
X-Request-Time
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Dc
X-EC-Lua
X-Backend-TTL
X-Varnish-Hits
X-Generated-By
X-Pinterest-Direct
Cf-Ipcountry
X-Akamai-Request-ID
X-From
Accept-Language
X-Drupal-Cache-Tags
Time
X-Geo
X-Pad
X-NewRelic-App-Data
FilterID
X-IPS-LoggedIn
X-CF-Powered-By
X-PressLabs-Stats
X-Azure-Ref
X-RateLimit-Limit
X-Old-Content-Length
X-NC
X-URL
X-VCT
Uber-Trace-Id
Ms-Operation-Id
X-Amzn-RequestId
X-Source
X-RTag
X-NWS-UUID-VERIFY
X-Uri
X-Cache-Grace
X-CS
Cache-Name
X-MCACHE
X-Edge
User-Agent
X-Newrelic-Synthetics
X-UA
X-ECACHE
X-OCL
X-PHP-Host
X-Labrador-Cache-Channel
X-GoCache-CacheStatus
X-PCL
X-Qloud-Router
X-Nginx-Cache
X-Varnish-Cache-Hits
X-Litespeed-Cache
Cache
X-Edge-Location
X-FORWARDED-FOR
X-Drupal-Cache-Contexts
Proxy-Connection
X-Hyper-Cache
X-Magnolia-Registration
X-Oneagent-Js-Injection
X-A
T-Server
X-A-Ccd
True-Client-Country-4JS
VivaBuild
X-Accel-Expires-Debug
X-Aed
X-Application
X-ARC
ServerName
X-A-Wwc
X-A-Dcw
X-A-Dgt
X-A-Dam
MD5-Digest
Arc-Country
AsisCache
BehaviorPad-Version
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
User-Cache-Control
Apple-News-Services-Handled
Apple-News-Services-Host
Fastcgi-X-Cache-Version
GEO-REGION-INFO
Proxy-Firewall
Rendered-Blocks
Request-Country
Mobile-Detection-Method
Meta-Geo-Continent
Machine
X-B-Cookie
Memcached
Request-EU
X-D
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-S
X-Rojux
X-Request-UUID
X-Rewrite-Enabled
X-Rocket-Nginx-Bypass
X-SRCache-Key
X-Transaction
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-VG-WebCache
X-Vdms-Version
X-Trv-Group
X-Tumblr-Pixel-3
X-Twitter-Response-Tags
X-Request-URI
X-Region-Sid
X-Destination
X-Developer
X-DPWN-IS-SECURE
X-Date
X-Connection-Hash
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-External-Request-Id
Xc-Version
X-PAYTM-SRV-ID
X-Processor
X-Reboot
X-Instart-Info
X-Info
X-FW-Version
X-G
X-GeoIP-Country-Code
X-Cache-Bucket
Viewtype
X-Mid
X-Cluster-Name
CF-Cached-On
X-APP
X-CDN-Forward
X-Geo-Header
X-Core-Value
X-VG-TLSProxy
X-Contensis-Viewer-Groups
Server-Cache-Control
SD-X-WS
Rt-Fastcgi-Cache
X-Webstats-RespID
X-Trafficlayer-App-Version
X-Sucuri-ID
X-ServiceProvider
X-JWT-State
Gh-Request-Id
N-Cache
On-Server
Server-Host
X-Has-Esi
X-Is-Gdpr
X-Server-W
X-Served-From
X-Clara-WADP
X-Bc-Bl
X-Block-Status
X-Cache-ASPX
X-Varnish-Authentication
X-BBXSRF
X-Backend-State
X-Request-Host
X-Auto-Login
Vix-Hermes-Req-Id
X-Backend-Host
X-Trafficlayer-App-Scope
X-COUNTRY
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-VServer
X-Cdn-Origin
X-Cache-URL
Web-Mar-Node
X-Cache-Info
X-WADP-Cache
Viewport
Server-Surrogate-Control
X-DevSite-Last-Modified
X-Irp-Debug
X-Fastly-Cache
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-IN-APIGATEWAY
X-Hnp-Log
Content-Style-Type
Content-Script-Type
X-VCache
X-Slack-Backend
X-Sn-Servicetimems
X-Level-Front-Cache
X-Thinkindot-L3
X-We-Are-Hiring
X-Wikidot-Static-Cache
X-TrackingId
X-Trafficlayer-App-Name
X-Micro-Cache
X-Matched-Rule
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-GeoIP-City
X-IN-APIGATEWAYSSL
X-Gamma-Serve
X-Fmm-Version
X-Wikidot-Backend
X-Generated-On
X-Gen-Mode
X-Storage
X-UnsetCookies
X-S-Maxage
X-Cache-FS-Status
X-Distributor
X-Cache-Tags
X-Logging-Id
Locale
X-Platform-Server
X-Cache-PHP
X-Ms-Version
X-NX-Host
X-NodeID
X-Var-Ttl
X-Eu-Site
X-Fetched-On
Heartbleed
X-Distil-CS
X-Bip
X-Epic-Correlation-Id
X-Req
X-Ms-Request-Id
X-App-Name
X-Core-Mission
X-Owner
X-Debug-Log
X-Origin-Expires
X-Hash
X-CUA
X-RateLimit-Limit-Second
X-Generated-In
X-Debug-Cookies
X-RateLimit-Remaining-Second
X-TT-TIMESTAMP
X-Proxy-Upstream
X-LAGOON
X-Origin-Date
X-Rebelmouse-Surrogate-Control
X-Dispatch
X-Rebelmouse-Cache-Control
X-CGP
X-Cluster-Node
X-Clientip
X-Device-Os
X-Dispatcher-Server
Wxu-Next-Hostname
Platform
AKAMAI
X-SIPLIST1
X-Sigma-Backend
Fastly-SIE
Fastly-Drupal-HTML
Countrycode
Country-Code
X-Skip-Cache
Server-ID
RNT-Time
RNT-Machine
X-Generation-Time
X-Servername
Fastly-SWR
HA-Ipaddr
Is-Eu
Ha-Gx-Prefs
Group
X-Urbn-Context-Path
IsBot
Kp-EeAlive
Mail-Subject
X-Sigma
FNAC-ModuleRouting
Locid
L5d-Success-Class
X-Developers
X-Scheme
Adler-Geo
A
X-Rocket-Build-Number
X-WebServer
Wxu-Next-Region
X-Thanos
X-SS-Set-Cookie
X-Agile-Id
X-Variation
X-Agile-Age
X-Agile
X-Trace-Id
X-Urbn-Site-Id
X-Swa-Ws
CDCHOST
V-Age
X-SN
X-VC-Cache
X-Cms-Context
X-Nginx-Cache-Key
X-Varnish-Cacheable
Cache-Host
Wxu-Next-Commit
We-Hiring
W
X-App-Server
X-Hit
X-Vdms-Path
X-CSRF-Token
X-C
X-Cache-Expired-At
Request-Time
NM-Fastcgi-Cache
X-Varnish-Beresp-Grace
X-Response-By
X-Varnish-Beresp-Status
X-Instart-Isnd
X-Refresh
X-OVcl
X-OVcl-Cache
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-RESPONSE-TIME
X-B3-Spanid
X-CLOUD-TRACE-CONTEXT
PFcat
X-Varnish-Beresp-Ttl
Server-Ext
Server-Hostname
Sever-Int
X-CACHE-KEY
Geo-Info
X-TA-CDN-Provider
X-Node-Id
M-TraceId
X-Parent-Response-Time
Pagetype
X-Protected-By
HostName
Mime-Version
X-Nc
X-Method
X-FPC
X-Time
X-Varnish-URL
X-Ua-Device
PICS-Label
Powered-By-ChinaCache
Magicmarker
X-Worker
X-Via-PopV
X-Varnish-Ttl
X-MSEdge-Flight
X-Via-PopH
X-MSEdge-Features
Pramga
X-Ruxit-Js-Agent
X-Branch-Name
Geoip-City
X-Wa
X-SRV
Geoip-Latitude
Origin
X-Request-Start
X-Envoy-Upstream-Healthchecked-Cluster
X-Lb-Id
X-Be
Cloudfront-Viewer-Country
GeoIp-Country-Code
X-Policy
X-ND-Cache
X-Service
Memory
X-GEO
X-Ratelimit-Remaining
X-C-Zone
X-SERVER-NAME
HitType
X-C-Key
XServer
X-Pjax-Url
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Load-Cache
Esi-Enabled
X-HS-Status
X-BACKEND-TTL
Environment
X-DC
Who
Dt-Cache-Category
X-ECache
X-Wix-Viewer-Type
Cteonnt-Length
X-Bc
X-Via-Ucdn
X-Myra-Origin2
X-Reqid
X-Zone
X-Azure-Ref-OriginShield
X-Newrelic-App-Data
X-Ua
X-Cdn-Forward
NtCoent-Length
X-VCL-Version
X-Up
X-Referer
TTL
Fastly-Backend-Name
X-Country-IP
X-CSRF-TOKEN
X-Servedbyhost
X-Cache-Metadata
X-App-Version
X-Vcl-Version
X-Origin-TTL
X-Origin-CC
Ttl
SRV
X-ZONE
Cdn
Pragrma
X-ServedByHost
Product
X-TT-LOGID
UCS
X-Cache-Host
X-Server-Time
X-BC
Resin-Trace
Hostname
X-Ratelimit-Limit
X-Swift-Error
Cdn-Host
Cdn-Request-Time
X-Pf-Uncompressing
X-Edge-Server
X-Fastly-Country-Code
X-NGINX-Cache
X-Correlation-ID
X-AK-Request-ID
Cdnsip
Cdncip
X-Server-IP
Release
Load-Balancing
Lb
CACHE
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
FSS-Cache
X-AIR-PT
X-NU-AKA-ACS-Version
LB
X-Node-ID
X-SVT-ORM-VERSION
X-PJAX-URL
X-SVT-ORM-RULES
GeoIP-Country-Code
Sid
X-Configured-By
X-Datadome
C-Via
X-Air-Hostname
Dnion-Transfer-Encoding
X-WPE-Loopback-Upstream-Addr
Warning
GeoIP-City
X-WA
GeoIP-Latitude
Ohc-File-Size
MIME-Version
X-Location
My-App
X-Tb-Optimization-Total-Bytes-Saved
X-Esi-Check
X-Cache-Id
X-Gzip
X-BE
X-UPSTREAM-Address
X-Cache-Backend
Ohc-Cache-HIT
X-TH-Server
X-Sucuri-Cache
X-Mvc-Supplant-Cachable
X-RAMCache
X-Cache-Debug
RequestId
X-Svr
X-Powered-Y
Tcn
X-Fastly-Request-Id
X-VarnishDD-TTL
X-Varnish-Url
X-Fpc
IBM-Web2-Location
X-Fastly-Backend-Reqs
X-Mvc-Supplant-OutputCached
Lfy
X-Varnish-Beresp-TTL
Pics-Label
X-B3-SpanId
X-Apw-Access-Action
X-Unique-ID
X-Apw-Access-Object
X-Dynatrace-Js-Agent
X-Apw-Hits
X-MID
X-Apw-Access-Token
X-Edge-O15-RID
Server-Int
X-LiteSpeed-Cache-Control
X-ElasticPress-Search
CDN
Xet-Cookie
X-Ocache
X-ElasticPress-Query
X-Agile-Brick-Ok
Fastly-SSL
X-User
X-Page-Impression-Id
X-Flow-Id
X-Zalando-Child-Request-Id
Requestid
CF-IPCountry
X-HostName
X-Akamai-ERRuleID
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Processtime
X-SD-PageType
Cneonction
Host-ID
X-Akamai-ERPolicy
X-Aicache-OS
X-Debug-Revision
X-Check-Cacheable
X-B3-Parentspanid
Powered-By
X-Debug-Controller
X-Sucuri-Id
X-App
DataCenter
X-ServerName
X-Dw-Trace-Id
CloudFront-Viewer-Country
X-Request-URL
ProcessTime
X-Cache-Tag
X-MiniProfiler-Ids
X-LB-ID
X-Nananana
URI
X-PF-Uncompressing
X-Fastly-Cache-Hits
X-Request-Url