Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
CF-Ray
Referrer-Policy
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Ua-Compatible
X-Iinfo
X-FRAME-OPTIONS
X-Template
X-Language
X-AspNetMvc-Version
Upgrade
Status
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-AH-Environment
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
X-Server
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Xkey
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Request-ID
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
X-Varnish-Cache
Grace
X-UA-Device
Cf-Railgun
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
NEL
X-Dispatcher
X-Cache-Lookup
X-Ac
X-Readtime
X-WebKit-CSP
Surrogate-Control
X-Origin-Upstream-Status
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-Country
X-DataDome
X-Akam-SW-Version
X-Rack-Cache
Edge-Control
Rating
X-Url
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-TtlSet
X-PC
X-Instart-Request-ID
X-DynaTrace
X-Vname
X-Goog-Hash
Allow
X-Country-Code
Content-MD5
X-Varnish-TTL
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
Pinterest-Generated-By
X-Server-Name
X-D2id
X-ESI
X-Webkit-Csp
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-MS-InvokeApp
SPRequestGuid
X-Powered-By-Plesk
X-Vcache
X-Cached
X-Navigation-Version
X-B3-TraceId
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Debug
X-Forwarded-Proto
X-Amz-Rid
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-MSEdge-Ref
X-Trace
Nginx-Cache
Public-Key-Pins
X-Fastly-Request-ID
X-Vcap-Request-Id
X-SharePointHealthScore
Accept-Ch
X-Server-ID
X-VARITI-CCR
MS-Author-Via
TCN
Charset
Arr-Disable-Session-Affinity
X-Accel-Expires
X-Px
X-Cache-TTL
Edge-Cache-Tag
X-NF-Request-ID
X-Fastcgi-Cache
X-Middleton-Response
Realpath
Response
Pagespeed
Display
X-Middleton-Display
Accept-Ch-Lifetime
X-Sol
SPRequestDuration
SPIisLatency
X-Version
X-Content-Type
X-Client-IP
X-Ser
Fusion-Deployment-Id
Cache-Tag
X-Ttl
Accept-CH
X-SRCache-Fetch-Status
X-SRCache-Store-Status
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-DynaTrace-JS-Agent
X-Powered-CMS
Front-End-Https
X-Dns-Prefetch-Control
Pinterest-Version
X-Pinterest-Rid
X-Id
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
NR-ENABLED
Access-Control-Request-Method
X-Upstream
X-Jurisdiction
X-Grace
Ar-Sid
AR-CACHE
X-Content-Digest
DynaTrace
X-T
X-Hits
X-Element-Page-Cache
X-Hp-Webp
X-Amz-Meta-S3cmd-Attrs
Accept-CH-Lifetime
X-TTL
S
X-Forwarded-For
X-Dw-Request-Base-Id
Fastcgi-Cache
X-Node-Name
ServerID
X-ASPNET-VERSION
X-Amzn-Trace-Id
PB-PID
X-Mobile-URL
PB-RID
X-FTR-DC
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
X-Recruiting
X-Mobile-Rewrite
X-Cache-Hit
Server-Node
Arc-Version
X-HS-Hub-Id
X-HS-Content-Id
X-Goog-Metageneration
X-HS-Cache-Config
X-Goog-Generation
X-Frontend
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Length
Powered
TP-L2-Cache
TP-Cache
X-FTR-Expires
X-Ezoic-Cdn
X-Shard
AMP-Access-Control-Allow-Source-Origin
X-DIS-Request-ID
Upgrade-Insecure-Requests
Fastly-Restarts
X-Shield-Request-Id
X-NWS-LOG-UUID
X-HS-Combine-CSS
Alternate-Protocol
X-Request-Processing-Time
X-Request-Received
X-Varnish-Age
X-Logged-In
Refresh
X-XRDS-LOCATION
X-Correlation-Id
WPE-Backend
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
X-FTR-Cache-Host
Server-Name
MicrosoftSharePointTeamServices
X-B
X-F-Cache
X-Rid
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-LB-Cache
X-Page-Id
X-User-Agent
X-Via-JSL
X-Geo-Country
X-N
Cache-Status
X-Zen-Fury
Host
X-XRDS-Location
X-Kong-Proxy-Latency
X-Content-Options
X-Kong-Upstream-Latency
X-Origin-Server
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
Host-Header
X-Varnish-Grace
X-Amz-Apigw-Id
X-B3-Sampled
X-Kinsta-Cache
X-Revision
X-Type
X-AOL-HN
X-Cache-Action
X-ATG-Version
X-Amz-Replication-Status
X-FB-Debug
X-Instance
X-Jobs
X-Request-Guid
X-Git-Hash
X-B-Cache
X-Signature
X-App-Environment
X-Debug-Info
X-TT
Paypal-Debug-Id
X-Tumblr-User
Actual-Object-TTL
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Content-Powered-By
X-Varnish-Backend
X-WebKit-CSP-Report-Only
Fastcgi-Useragent
Liferay-Portal
Frame-Options
X-Whom
Healthy
Section-Io-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cluster
X-Cached-By
X-Srv
X-Hostname
X-Seen-By
X-PHP-Backend
X-Daa-Tunnel
X-Cache-Rule
X-Cache-Key
X-Cache-Operation
X-Erf-Bev-Bev
X-Activity-Id
X-Erf-Bev-Bev-Is-Generated
X-Az
X-Framework
X-AppVersion
X-CST
X-FireWall-Port
Tracecode
Retry-After
X-Cache-Age
X-Endurance-Cache-Level
X-Contextid
X-WA-Info
X-Mobile
X-Amzn-Requestid
Trailer
X-IPLB-Instance
X-Host-Name
X-Upgrade-Enabled
NGB
X-Response-Served-From
X-Accel-Buffering
X-ProcessESI
X-Presslabs-Stats
Source
X-RemovedCookies
Accept-Charset
Xserver
Srv
X-Cache-NE
Surrogate-Key
DC
X-FW-Static
X-FW-Server
X-FW-Serve
X-Origin-Response-Time
X-Region
X-FW-Type
X-FastCGI-Cache
Eomportal-Instance
X-FW-Hash
X-Cacheable-TTL
X-Varnish-Hostname
X-Varnish-Server
X-Handled-By
X-Rendered-As
X-L-Path
Payment
X-Environment-Context
Filters
X-Adobe-Loc
X-Is-Bot
X-Adobe-Content
X-Tumblr-Pixel-1
X-UUID
X-GeoIP
X-Tumblr-Pixel-2
X-RequestSource
X-EdgeConnect-Cache-Status
X-Cache-2
Server-Info
X-RateLimit-Remaining
From-Origin
X-UA-Device-Type
X-Edge-O15-RID
X-Cache-TTL-Remaining
X-Time-Microsecs
Cache-Tv-Group
X-Backend-Name
X-Proxy
X-APP-VERSION
X-Wix-Request-Id
X-Cache-Server
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
MS-CV
X-Cache-Enabled
X-NGENIX-Cache
X-Akamai-Transformed
X-Dc
Version
Datacenter
X-Status
X-Unique-Id
X-IPS-LoggedIn
X-Mode
GEO-INFO
X-TIME
S-Cnection
X-Yottaa-Optimizations
X-Yottaa-Metrics
Meta-Geo
X-CCM
X-Path-Route
X-RN-RSRV
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
X-Forwarded-Host
X-Format
X-Access
X-Section
X-TX-ID
Akamai-GRN
X-Tb
Decoy-Debug-Status
Cache-Tags
Country
X-SS-Set-Cookie
Decoy-Debug-Key
Filterid
X-R9-Blue-Green-Version
X-Via-Fastly
X-NYM-Debug-Backend
X-Origin
X-PERF
Decoy-Debug-TTL
X-Redis-Cache
X-Ua-Device
ServedBy
X-Akamai-Request-ID
X-ApacheServer
X-ShopId
X-Cache-Remote
X-Cache-Time
X-ShardId
NGX
X-EIG-Tracking-Id
X-Request-Time
X-Cache-Status-Check
X-Amzn-Remapped-Content-Length
X-FW-Dynamic
X-Generated-By
X-Pubstack
X-Human
X-Hosted-By
X-Alternate-Cache-Key
OT-Force-Account-Verify
Content-Disposition
Cleartype
Cache-Key
X-Say-TTL
DB-Nickname
X-Say-Cacheable
Origin-Edge-Control
Origin-Cache-Control
Mn-Server-Ip
X-SayCDN-TTL
X-Cache-Control
X-Pad
X-Web-Node
X-Varnish-Hits
FilterID
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-Cache-Config
Webserver
X-BYPASS-REASON
Now
X-NewRelic-App-Data
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
X-BCube-Filmed-By
X-Routing-Service
TWC-Privacy
X-Akamai-Request-ID2
X-TNCMS
X-Content-Age
X-VWS-Id
Webcakes-Region
X-AWS-Id
S-Rt
X-Device-Type
X-Viewer-Country
X-Zipkin-Id
Property-Id
X-IP
X-LJ-Flow-ID
X-MP-GENERATED-AT
X-Loop
X-Locale
TWC-Connection-Speed
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proxied
X-Detected-As
X-Debug-Cache
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-Generated
X-Vgn-Hpd-Reason
TWC-Device-Class
X-Proto
Azure-InstanceId
X-ProxyCache-Status
Azure-RegionName
Azure-SiteName
Webcakes-App-Name
Azure-Version
X-Www-Served-By
X-Soup
X-Site-Version
X-Origin-Hint
X-RCS-CacheZone
Webcakes-App-Version
X-ServerID
Cross-Origin-Window-Policy
Azure-SlotName
Ec-Rule-Version
X-Proxy-Cache-Status
X-ProxyCache-Key
X-Xfnlog-Site
Node
X-NCache
X-PressLabs-Stats
X-Hl-Ver
X-JoinUs
X-SaId
X-HTML-Minification-Powered-By
Selected-Fe
Access-Control-Request-Headers
X-Proxy-Build
X-Esi
X-Amzn-RequestId
X-Timing-Wait
X-B3-Traceid
X-Real-IP
X-Cdn
X-App-Server
Section-Io-Id
Section-Io-Origin-Status
Cache-Hits
Nel
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Drupal-Cache-Tags
X-EC-Lua
X-Geo
X-Uri
X-CACHE-KEY
X-Microcachable
Accept-Language
X-Adobe-Source
X-No-Session
X-OCL
X-PCL
Odigeo-Trace-Id
X-Qloud-Router
X-Rule
X-Varnish-Cache-Hits
X-UA
Cf-Ipcountry
Time
X-Source
X-NWS-UUID-VERIFY
X-Azure-Ref
Ms-Operation-Id
X-RTag
X-From
X-Hyper-Cache
User-Agent
X-Labrador-Cache-Channel
X-PHP-Host
X-Load-Cache
X-Storage
X-Time
X-Info
Proxy-Connection
X-RateLimit-Limit
X-Backend-TTL
X-Cache-NGX
X-Cluster-Node
X-Nginx-Cache
X-Newrelic-Synthetics
Powered-By-ChinaCache
X-TA-CDN-Provider
X-Nc
X-Old-Content-Length
BehaviorPad-Version
AsisCache
X-ScT
X-S-Cookie
X-S
X-Rojux
X-G
X-A-Wwc
X-A-Dam
Content-Script-Type
Content-Style-Type
X-SRCache-Key
X-A-Dcw
X-Session-Fingerprint
X-Varnish-Beresp-Grace
X-B-Cookie
X-A-Dgt
X-Varnish-Beresp-Status
X-DPWN-IS-SECURE
Apple-News-Services-Handled
X-PAYTM-SRV-ID
X-External-Request-Id
X-Edge-Location
X-OVcl-Cache
X-OVcl
X-GoCache-CacheStatus
X-Drupal-Cache-Contexts
A
X-Accel-Expires-Debug
X-Processor
Apple-News-Services-Host
X-Region-Sid
X-A-Ccd
X-Request-URI
X-Request-UUID
X-GeoIP-Country-Code
X-ARC
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Application
Arc-Country
X-Rewrite-Enabled
X-A
X-UnsetCookies
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-VG-WebServer
X-Vdms-Version
X-VG-TLSProxy
X-Developer
Machine
MD5-Digest
Mobile-Detection-Method
Rendered-Blocks
X-D
X-Date
Xc-Version
Meta-Geo-Continent
Request-EU
X-Connection-Hash
Request-Country
X-Cdn-Srv
X-VG-WebCache
X-Trv-Group
X-Transaction
GEO-REGION-INFO
VivaBuild
Viewtype
X-Twitter-Response-Tags
True-Client-Country-4JS
T-Server
X-Aed
Fastcgi-X-Cache-Version
ServerName
X-Destination
Uber-Trace-Id
Cache-Name
Rt-Fastcgi-Cache
X-Varnish-Ttl
Thinkindot-Control
X-Level-Front-Cache
X-GeoIP-City
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
CDCHOST
PFcat
Locid
X-Generated-On
X-Matched-Rule
W
X-Geo-Header
X-ND-Cache
X-Reboot
X-Service
X-ServiceProvider
X-Wikidot-Static-Cache
X-Agile
X-Backend-State
X-Wikidot-Backend
X-C
X-Thinkindot-L3
X-Developers
X-Sn-Servicetimems
X-TT-TIMESTAMP
X-Magnolia-Registration
X-Served-From
X-Rocket-Nginx-Bypass
X-Cdn-Origin
X-Agile-Id
X-Agile-Age
X-Cache-Grace
Mime-Version
X-Core-Value
X-Varnish-Cacheable
X-App-Name
X-CF-Powered-By
X-Cluster-Name
X-CS
Server-Cache-Control
Server-Surrogate-Control
RNT-Time
Server-ID
Server-Host
X-Cms-Context
X-Core-Mission
Pramga
X-CUA
X-Contensis-Viewer-Groups
X-Cache-URL
X-CGP
X-Generation-Time
X-Clara-WADP
RNT-Machine
Viewport
X-Distributor
X-Bc-Bl
X-Distil-CS
X-DevSite-Last-Modified
X-BBXSRF
X-Epic-Correlation-Id
X-FW-Version
X-Fetched-On
X-Fastly-Cache
X-Eu-Site
X-Device-Os
Web-Mar-Node
X-Cache-Expired-At
User-Cache-Control
X-Gen-Mode
X-Cache-FS-Status
V-Age
X-Cache-Bucket
X-Gamma-Serve
X-Block-Status
X-Cache-ASPX
X-Cache-Info
X-LI-UUID
X-Rocket-Build-Number
X-Request-Host
X-Rebelmouse-Surrogate-Control
X-Varnish-Beresp-Ttl
X-Server-W
X-Sigma-Backend
X-Sigma
X-Servername
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Origin-Date
X-NodeID
Adler-Geo
HitType
X-Origin-Expires
X-RateLimit-Limit-Second
X-Platform-Server
Platform
X-SIPLIST1
X-Skip-Cache
X-Varnish-Authentication
X-Variation
X-Var-Ttl
X-VC-Cache
X-VServer
X-Webstats-RespID
X-We-Are-Hiring
X-WADP-Cache
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Trace-Id
X-Swa-Ws
X-Slack-Backend
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Tumblr-Pixel-3
X-Trafficlayer-App-Version
AKAMAI
X-Owner
HA-Ipaddr
Heartbleed
Memcached
Ha-Gx-Prefs
X-Hit
X-Is-Gdpr
Group
X-Hnp-Log
Cache-Host
L5d-Success-Class
Locale
X-IN-APIGATEWAYSSL
IsBot
X-Has-Esi
Is-Eu
X-JWT-State
X-LAGOON
Country-Code
X-Logging-Id
X-Micro-Cache
X-Ms-Request-Id
X-Nginx-Cache-Key
X-Ms-Version
X-IN-APIGATEWAY
On-Server
Fastly-SIE
X-Li-Fabric
Fastly-SWR
N-Cache
Fastly-Drupal-HTML
X-LI-Proto
X-Li-Pop
X-NC
X-Debug-Cookies
Wxu-Next-Region
X-Req
X-Debug-Cache-Store
X-Backend-Host
X-WebServer
Wxu-Next-Commit
Wxu-Next-Hostname
FNAC-ModuleRouting
X-Instart-Isnd
X-Dispatcher-Server
X-Debug-Cache-Fetch
X-Proxy-Upstream
X-NX-Host
X-Irp-Debug
X-Thanos
X-Debug-Log
X-Generated-In
X-TrackingId
X-Hash
X-Dispatch
X-Auto-Login
X-Oneagent-Js-Injection
Geo-Info
Countrycode
Environment
We-Hiring
Kp-EeAlive
Gh-Request-Id
X-Debug-Cache-Expiry
X-Cache-Tags
X-Clientip
X-S-Maxage
X-Bip
Mail-Subject
X-Node-Id
X-Sucuri-ID
X-VHOST
X-Response-By
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-RESPONSE-TIME
X-Lb-Id
Hostname
Cloudfront-Viewer-Country
X-Refresh
Cache-Cookie-Set-From
X-Fmm-Version
X-Parent-Response-Time
X-BACKEND-TTL
X-Ratelimit-Remaining
X-CLOUD-TRACE-CONTEXT
X-VCT
X-Scheme
X-Origin-TTL
X-Origin-CC
X-Cdn-Forward
X-Varnish-URL
X-VCache
Fastly-Backend-Name
X-Up
X-B3-Spanid
X-CDN-Forward
Cache
X-MSEdge-Features
X-Pjax-Url
X-MSEdge-Flight
X-FPC
X-APP
X-Instart-Info
SD-X-WS
Origin
X-Server-Time
X-CSRF-Token
X-App-Version
Cdn-Request-Time
Proxy-Firewall
Cdn-Host
X-Correlation-ID
X-TT-LOGID
Geoip-City
PICS-Label
X-Edge-Server
X-SN
Pragrma
Geoip-Latitude
X-Edge
X-CSRF-TOKEN
X-MCACHE
Vix-Hermes-Req-Id
M-TraceId
Request-Time
X-Cache-PHP
Cdnsip
Cdncip
GeoIp-Country-Code
X-Wa
X-AK-Request-ID
CACHE
X-Cache-Host
X-Ruxit-Js-Agent
CF-Cached-On
X-COUNTRY
TTL
X-Vdms-Path
X-Vcl-Version
X-SVT-ORM-VERSION
Ohc-File-Size
X-SVT-ORM-RULES
X-Wix-Viewer-Type
NtCoent-Length
X-ECACHE
X-NU-AKA-ACS-Version
X-FORWARDED-FOR
NM-Fastcgi-Cache
X-Air-Hostname
X-HS-Status
X-URL
X-Be
X-Mid
Cdn
Sever-Int
X-Myra-Origin2
Server-Hostname
Memory
X-Zone
X-Bc
Server-Ext
X-Ratelimit-Limit
X-Ua
X-ECache
X-Method
RequestId
Resin-Trace
X-ServedByHost
X-Cache-Debug
X-Pf-Uncompressing
Pagetype
Magicmarker
X-Cache-Metadata
X-GEO
HostName
Ohc-Cache-HIT
X-TH-Server
X-Worker
XServer
Tcn
X-Dynatrace-Js-Agent
SRV
X-Servedbyhost
X-Via-PopV
IBM-Web2-Location
X-Via-PopH
Release
Cteonnt-Length
X-Newrelic-App-Data
Dnion-Transfer-Encoding
X-Branch-Name
X-Referer
X-BC
X-Protected-By
X-Azure-Ref-OriginShield
X-ZONE
Server-Int
X-Envoy-Upstream-Healthchecked-Cluster
Load-Balancing
X-Swift-Error
X-Unique-ID
X-NGINX-Cache
Lb
Powered-By
X-Ocache
Dt-Cache-Category
X-Tb-Optimization-Total-Bytes-Saved
X-Request-Start
X-Cache-Id
X-Fastly-Country-Code
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Ttl
Esi-Enabled
X-VCL-Version
X-Planisys-CDN-Cache
X-Esi-Check
X-Tec-Api-Origin
X-Tec-Api-Version
X-AIR-PT
X-Policy
X-Tec-Api-Root
X-Configured-By
X-DC
X-Gzip
X-Datadome
X-Node-ID
X-SRV
X-B3-SpanId
Fastly-Soc-X-Request-Id
X-WA
Pics-Label
X-C-Key
X-C-Zone
Fastly-SSL
GeoIP-Country-Code
X-Reqid
X-VarnishDD-TTL
X-Action
X-Via-Ucdn
Who
MIME-Version
X-DB
X-DW
X-DSS
X-DI
X-Flog
GeoIP-City
X-ABtesting
X-RSL
X-RPM
X-RPS
GeoIP-Latitude
X-Hello
X-HostName
X-Svr
X-Powered-Y
X-SERVER-NAME
LB
Host-ID
UCS
X-Fpc
X-Country-IP
X-PF-Uncompressing
X-PJAX-URL
X-Cache-Backend
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Fastly-Backend-Reqs
X-RAMCache
Lfy
X-Via-CDN
ProcessTime
X-Fastly-Request-Id
FSS-Cache
X-Varnish-Url
X-Render-Time
Product
X-MID
X-User
Sid
X-UPSTREAM-Address
FSS-Proxy
X-Varnish-Beresp-TTL
X-SD-PageType
X-LiteSpeed-Cache-Control
X-Zalando-Child-Request-Id
X-Beluga-Trace
X-Agile-Brick-Ok
Amp-Access-Control-Allow-Source-Origin
X-HP-Webp
X-Flow-Id
X-WPE-Loopback-Upstream-Addr
X-Server-IP
X-Beluga-Record
X-Beluga-Status
X-Internal-Host
X-Beluga-Cache-Status
Xet-Cookie
X-Beluga-Node
X-Key
X-Beluga-Response-Time
X-Page-Impression-Id
Requestid
CF-IPCountry
X-Sucuri-Cache
X-Tid
X-Pinterest-Direct
X-Aicache-OS
WZWS-RAY
Cneonction
X-Apw-Access-Object
L
X-B3-Parentspanid
X-Compress-Hint
X-BE
CDN
X-Debug-Controller
X-Apw-Access-Token
SN
X-Apw-Hits
X-Check-Cacheable
X-Apw-Access-Action
X-Debug-Revision
X-Litespeed-Cache-Control
X-Sucuri-Id
X-LB-ID
X-ElasticPress-Search
X-Nananana
CloudFront-Viewer-Country
X-Dw-Trace-Id
X-Request-Url
X-Fastly-Cache-Hits
X-App
DataCenter
X-MiniProfiler-Ids
X-Request-URL
X-Location