Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
X-Amz-Cf-Pop
Referrer-Policy
X-Amz-Cf-Id
P3P
CF-Ray
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
P3p
Timing-Allow-Origin
X-Ua-Compatible
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-AspNetMvc-Version
X-Content-Security-Policy
X-Buckets
Content-Encoding
X-CDN
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-Turbo-Charged-By
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
EagleId
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Server-Powered-By
X-Pingback
Feature-Policy
Server-Timing
X-Swift-CacheTime
X-Swift-SaveTime
Request-Context
Ali-Swift-Global-Savetime
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Origin-Cache
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Vhost
X-Node
X-Response-Time
NEL
X-Dispatcher
X-Ac
X-Cache-Lookup
X-Origin-Upstream-Status
X-Readtime
Surrogate-Control
X-WebKit-CSP
Request-Id
Content-Location
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-HW
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cnection
X-Country
X-DataDome
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Url
Edge-Control
X-Rack-Cache
Rating
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
RTSS
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
X-Goog-Hash
X-Varnish-TTL
X-Country-Code
X-DynaTrace
X-ASPNET-VERSION
X-Instart-Request-ID
Service-Worker-Allowed
Allow
X-GitHub-Request-Id
Verso
Content-MD5
X-Server-Name
X-D2id
X-ESI
X-Exp-Variant
Pinterest-Generated-By
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Use-Magma
X-Cdn-Fetch
X-MS-InvokeApp
Fusion-Deployment-Id
SPRequestGuid
X-Cached
X-Ttl
X-Powered-By-Plesk
X-Navigation-Version
X-Vcache
X-Forwarded-Proto
TCN
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-Trace
X-B3-TraceId
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Amz-Rid
Public-Key-Pins
X-Fastly-Request-ID
X-SharePointHealthScore
X-Debug
Nginx-Cache
X-MSEdge-Ref
X-Vcap-Request-Id
X-VARITI-CCR
X-Server-ID
MS-Author-Via
Arr-Disable-Session-Affinity
Charset
Accept-CH
X-Fastcgi-Cache
SPRequestDuration
SPIisLatency
X-Px
X-NF-Request-ID
X-Accel-Expires
X-Cache-TTL
Accept-Ch
X-Middleton-Response
Response
Display
X-Middleton-Display
Pagespeed
Realpath
X-Content-Type
Edge-Cache-Tag
X-Sol
X-Ser
X-Client-IP
X-DynaTrace-JS-Agent
Accept-CH-Lifetime
Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
NR-ENABLED
X-Version
Front-End-Https
X-Powered-CMS
X-Id
X-Pinterest-Rid
Access-Control-Request-Method
Pinterest-Version
Accept-Ch-Lifetime
S
X-Grace
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Jurisdiction
X-Upstream
X-Hp-Webp
X-Webkit-Csp
X-Forwarded-For
X-Dns-Prefetch-Control
X-Hits
X-T
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
DynaTrace
X-Dw-Request-Base-Id
Ar-Sid
AR-CACHE
X-Shield-Request-Id
Fastcgi-Cache
ServerID
X-Node-Name
X-Cache-Hit
WPE-Backend
X-Mobile-URL
X-Recruiting
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
PB-PID
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
PB-RID
X-Goog-Stored-Content-Encoding
Powered
X-HS-Cache-Config
X-FTR-Expires
X-HS-Hub-Id
Server-Node
X-Frontend
AMP-Access-Control-Allow-Source-Origin
X-HS-Content-Id
Arc-Version
X-Mobile-Rewrite
TP-Cache
TP-L2-Cache
X-DIS-Request-ID
Upgrade-Insecure-Requests
X-Request-Processing-Time
X-Request-Received
X-Amzn-Trace-Id
X-Ezoic-Cdn
X-Shard
Refresh
X-XRDS-Location
X-HS-Combine-CSS
Alternate-Protocol
X-NWS-LOG-UUID
X-Correlation-Id
Fastly-Restarts
X-Logged-In
X-Varnish-Age
Server-Name
X-Request-Handler-Origin-Region
X-Microsite
X-FTR-Cache-Host
X-Page-Id
X-LB-Cache
X-F-Cache
X-User-Agent
X-B
X-Geo-Country
X-Akamai-Edgescape
Backend-Timing
X-Rid
X-N
X-ATS-Timestamp
Host-Header
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
X-Aspnetmvc-Version
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cdn
X-XRDS-LOCATION
X-Via-JSL
X-TTL
X-Zen-Fury
Host
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Varnish-Grace
X-Kinsta-Cache
X-Origin-Server
Cache-Status
Healthy
X-Content-Options
X-Request-Guid
Fastcgi-Useragent
X-FB-Debug
X-B3-Sampled
X-Signature
Access-Control-Allow-Method
X-TT
X-B-Cache
X-AOL-HN
X-Revision
X-App-Environment
X-ATG-Version
Section-Io-Cache
X-Instance
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
Frame-Options
X-Jobs
X-Git-Hash
X-Amz-Replication-Status
Paypal-Debug-Id
Actual-Object-TTL
X-Type
X-Whom
Trailer
X-Cache-Action
X-Varnish-Backend
X-Debug-Info
X-Hostname
X-WebKit-CSP-Report-Only
X-Cluster
X-Seen-By
Liferay-Portal
X-Webkit-CSP
X-Amz-Apigw-Id
X-Content-Powered-By
X-Cache-Age
X-Cache-Key
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-Rule
X-Erf-Bev-Bev-Is-Generated
X-Cache-Operation
X-Erf-Bev-Bev
X-Endurance-Cache-Level
X-Contextid
X-Activity-Id
X-FireWall-Port
X-Az
X-PHP-Backend
Tracecode
X-AppVersion
X-Framework
Source
X-SERVER
X-Host-Name
X-Amzn-Requestid
X-WA-Info
X-Daa-Tunnel
X-Cached-By
X-IPLB-Instance
Xserver
Retry-After
Accept-Charset
X-Srv
X-Mobile
X-Upgrade-Enabled
X-Response-Served-From
X-Accel-Buffering
NGB
X-RemovedCookies
X-ProcessESI
DC
Srv
X-Is-Bot
X-Rendered-As
X-Cacheable-TTL
X-FW-Type
X-Adobe-Loc
X-Adobe-Content
X-FW-Serve
X-FW-Hash
X-UUID
X-FW-Static
X-FW-Server
Surrogate-Key
Payment
X-L-Path
X-Cache-NE
X-Environment-Context
X-Handled-By
X-GeoIP
X-Region
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RequestSource
Eomportal-Instance
X-Varnish-Server
From-Origin
Filters
X-RateLimit-Remaining
X-UA-Device-Type
X-FastCGI-Cache
X-Origin-Response-Time
X-Varnish-Hostname
X-Presslabs-Stats
X-Cache-TTL-Remaining
X-Time-Microsecs
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Wix-Request-Id
X-Proxy
X-EdgeConnect-Cache-Status
X-Cache-Server
X-Backend-Name
Server-Info
Filterid
X-NGENIX-Cache
MS-CV
X-Unique-Id
Datacenter
X-Cache-2
X-Akamai-Transformed
Cache-Tv-Group
Version
X-Cache-Time
X-Status
X-APP-VERSION
X-Cache-Control
X-Cache-Enabled
X-TIME
X-Mode
X-CST
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
S-Cnection
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Var-Map
X-Cache-Var
X-Path-Route
Meta-Geo
X-CCM
X-PressLabs-Stats
X-ES-SERVER
X-TNCMS
X-IP
Ec-Rule-Version
X-Loop
X-RN-RSRV
X-Detected-As
X-PERF
ServedBy
X-Real-IP
X-Hl-Ver
X-FC-Vary-Parameters
X-TX-ID
X-FW-Dynamic
X-Via-Fastly
OT-Force-Account-Verify
Country
X-Adobe-Source
X-Proto
Webserver
X-ApacheServer
X-R9-Blue-Green-Version
Cleartype
Cache-Tags
X-Forwarded-Host
DB-Nickname
X-LJ-Flow-ID
X-Shopify-Stage
X-Goog-Meta-Goog-Reserved-File-Mtime
Decoy-Debug-Key
Decoy-Debug-Status
Content-Disposition
Decoy-Debug-TTL
Akamai-GRN
X-Hosted-By
Property-Id
X-Akamai-Request-ID2
X-Alternate-Cache-Key
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
Webcakes-App-Name
X-Amzn-Remapped-Content-Length
X-AWS-Id
X-Device-Type
X-EIG-Tracking-Id
X-Debug-Cache
X-Cache-Status-Check
X-Cache-Config
TWC-Locale-Group
TWC-GeoIP-LatLong
Origin-Edge-Control
S-Rt
Origin-Cache-Control
Now
NGX
Section-Io-Id
Section-Io-Origin-Status
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Sorting-Hat-PodId
X-Locale
X-Origin-Hint
X-ServerID
X-Tb
X-ShardId
X-Sorting-Hat-ShopId
X-Soup
X-VWS-Id
X-Web-Node
X-Pubstack
X-Redis-Cache
X-Say-Cacheable
X-Say-TTL
X-Proxy-Cache-Status
X-SayCDN-TTL
X-Origin
X-Vgn-Hpd-Reason
X-Shopify-Generated-Cart-Token
X-ShopId
X-Site-Version
Azure-RegionName
X-Xfnlog-Site
X-Www-Served-By
X-Geo
X-Generated
X-Proxy-Build
X-NCache
X-Zipkin-Id
X-BYPASS-REASON
X-Routing-Service
X-FB-TRIP-ID
X-RCS-CacheZone
X-Content-Age
X-SaId
X-Proxied
X-ProxyCache-Status
GEO-INFO
X-ProxyCache-Key
Selected-Fe
Cross-Origin-Window-Policy
Azure-InstanceId
X-Timing-Wait
X-HTML-Minification-Powered-By
Access-Control-Request-Headers
X-Human
Cache-Key
Azure-SlotName
Azure-SiteName
Azure-Version
Mn-Server-Ip
X-JoinUs
X-Format
X-Section
Cache-Hits
X-MP-GENERATED-AT
X-Ua-Device
X-Access
X-Viewer-Country
X-NYM-Debug-Backend
X-Cache-Remote
X-IPS-LoggedIn
X-Varnish-Hits
X-BCube-Filmed-By
X-Request-Time
X-Pad
Odigeo-Trace-Id
X-Esi
X-Akamai-Request-ID
Node
X-Dc
X-CACHE-KEY
X-Rule
X-Generated-By
X-EC-Lua
X-NewRelic-App-Data
X-No-Session
X-Amzn-RequestId
X-Microcachable
X-Drupal-Cache-Tags
X-B3-Traceid
Accept-Language
Nel
X-Cache-NGX
FilterID
Cf-Ipcountry
X-From
Time
X-Azure-Ref
X-Uri
X-RTag
Ms-Operation-Id
X-Backend-TTL
X-CF-Powered-By
X-Source
X-NWS-UUID-VERIFY
X-RateLimit-Limit
X-App-Server
X-SS-Set-Cookie
User-Agent
X-Qloud-Router
X-OCL
X-PCL
X-PHP-Host
X-Labrador-Cache-Channel
X-Old-Content-Length
Proxy-Connection
Uber-Trace-Id
X-Varnish-Cache-Hits
X-Hyper-Cache
X-GoCache-CacheStatus
Cache-Name
X-Cache-Grace
X-Nginx-Cache
X-Newrelic-Synthetics
X-Info
X-Drupal-Cache-Contexts
X-Storage
X-Time
X-CS
X-VCT
X-NC
X-B-Cookie
X-Developer
MD5-Digest
Meta-Geo-Continent
BehaviorPad-Version
Mobile-Detection-Method
X-Destination
X-Application
X-Date
True-Client-Country-4JS
X-D
Fastcgi-X-Cache-Version
T-Server
AsisCache
ServerName
X-ARC
Arc-Country
X-Twitter-Response-Tags
X-DPWN-IS-SECURE
X-G
X-External-Request-Id
X-A-Dcw
X-Session-Fingerprint
X-Vdms-Version
A
Rendered-Blocks
X-VG-WebCache
Request-EU
X-GeoIP-Country-Code
X-S-Cookie
Request-Country
X-Edge-Location
Xc-Version
Machine
X-A
X-A-Ccd
X-Request-URI
X-Region-Sid
X-Reboot
X-Cdn-Srv
X-Connection-Hash
X-A-Dgt
X-Request-UUID
X-SRCache-Key
X-Transaction
X-S
X-CF-Lambda-Version
X-Trv-Group
X-Rojux
X-Rewrite-Enabled
X-CF-Lambda-Fn
X-A-Dam
X-Accel-Expires-Debug
X-A-Wwc
GEO-REGION-INFO
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-ScT
X-PAYTM-SRV-ID
X-Processor
VivaBuild
Viewtype
X-OVcl-Cache
X-VG-WebServer
X-Aed
X-OVcl
X-Cluster-Name
X-Cdn-Origin
Content-Style-Type
PFcat
X-ServiceProvider
X-Cluster-Node
Apple-News-Services-Handled
X-Core-Value
Memcached
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Cache-Expired-At
N-Cache
X-VServer
Apple-News-Services-Host
Content-Script-Type
X-Has-Esi
Server-Host
X-LI-UUID
X-Matched-Rule
X-Li-Pop
X-Edge-O15-RID
X-Level-Front-Cache
X-Thinkindot-L3
X-Li-Fabric
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Trafficlayer-App-Scope
X-Rocket-Nginx-Bypass
X-Trafficlayer-App-Version
X-Sn-Servicetimems
X-Trafficlayer-App-Name
Thinkindot-Control
Viewport
X-Served-From
Rt-Fastcgi-Cache
X-LI-Proto
X-JWT-State
X-IN-APIGATEWAY
X-Geo-Header
X-GeoIP-City
X-IN-APIGATEWAYSSL
X-Is-Gdpr
X-FW-Version
X-Generated-On
User-Cache-Control
Geo-Info
X-S-Maxage
X-Cache-ASPX
X-Cache-Bucket
X-Bip
X-Block-Status
X-Agile
X-Agile-Age
X-Urbn-Site-Id
X-Agile-Id
X-Cache-Tags
X-Cache-FS-Status
X-BBXSRF
X-Backend-State
X-Backend-Host
X-Auto-Login
X-Var-Ttl
X-Variation
X-Bc-Bl
X-Cache-Info
X-Urbn-Context-Path
X-Cache-URL
X-Distil-CS
X-Ms-Request-Id
X-Micro-Cache
X-Ms-Version
X-Nginx-Cache-Key
X-Tumblr-Pixel-3
X-NodeID
X-Server-W
X-Magnolia-Registration
X-LAGOON
X-Irp-Debug
X-Thanos
X-TrackingId
X-Logging-Id
X-NX-Host
X-TT-TIMESTAMP
X-Rebelmouse-Cache-Control
X-Swa-Ws
X-Rebelmouse-Surrogate-Control
X-Req
X-Scheme
X-Request-Host
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Origin-Expires
X-Origin-Date
X-Owner
X-Platform-Server
X-Proxy-Upstream
X-Instart-Isnd
X-Hnp-Log
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Log
X-Developers
X-DevSite-Last-Modified
X-Device-Os
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Cms-Context
X-Clientip
X-Contensis-Viewer-Groups
X-Core-Mission
X-CUA
X-Dispatch
X-Dispatcher-Server
X-Gamma-Serve
X-Fmm-Version
X-Gen-Mode
X-Generated-In
X-Hash
X-Fetched-On
X-Servername
X-Fastly-Cache
X-Distributor
X-Skip-Cache
X-SIPLIST1
X-Slack-Backend
X-Clara-WADP
X-Varnish-Cacheable
Group
Heartbleed
Gh-Request-Id
FNAC-ModuleRouting
X-WADP-Cache
Fastly-SWR
X-VG-TLSProxy
Is-Eu
Locid
Mail-Subject
Locale
X-WebServer
IsBot
Fastly-SIE
X-Varnish-Beresp-Grace
AKAMAI
Cache-Host
Adler-Geo
X-We-Are-Hiring
X-Webstats-RespID
CDCHOST
X-Wikidot-Backend
Countrycode
X-Varnish-Beresp-Status
Country-Code
X-Wikidot-Static-Cache
Wxu-Next-Region
On-Server
Kp-EeAlive
RNT-Time
RNT-Machine
V-Age
W
Server-Cache-Control
Server-ID
X-UA
Server-Surrogate-Control
X-Trace-Id
X-Varnish-Authentication
We-Hiring
Web-Mar-Node
Wxu-Next-Hostname
Wxu-Next-Commit
Platform
X-VC-Cache
Cache
X-Nc
X-Epic-Correlation-Id
X-Eu-Site
X-Hit
X-Generation-Time
X-Sigma
X-Sigma-Backend
Fastly-Drupal-HTML
X-App-Name
X-Rocket-Build-Number
X-Response-By
L5d-Success-Class
X-C
HA-Ipaddr
X-CGP
Ha-Gx-Prefs
X-MCACHE
X-Edge
X-Node-Id
X-UnsetCookies
Powered-By-ChinaCache
SD-X-WS
X-Instart-Info
X-Sucuri-ID
X-SN
X-Refresh
X-Varnish-Beresp-Ttl
X-App-Version
X-VHOST
X-Lb-Id
X-APP
Pramga
X-RESPONSE-TIME
Mime-Version
X-CDN-Forward
X-TA-CDN-Provider
X-ND-Cache
X-CLOUD-TRACE-CONTEXT
Cloudfront-Viewer-Country
Proxy-Firewall
Vix-Hermes-Req-Id
X-Service
X-Load-Cache
HitType
X-ECACHE
X-Varnish-URL
X-B3-Spanid
X-Pjax-Url
X-CSRF-Token
X-Mid
X-Parent-Response-Time
X-BACKEND-TTL
X-Vdms-Path
Environment
CF-Cached-On
X-Cache-PHP
X-VCache
Request-Time
Origin
NM-Fastcgi-Cache
M-TraceId
X-Pinterest-Direct
X-Varnish-Ttl
X-MSEdge-Features
X-Wa
X-MSEdge-Flight
X-Ua
X-Ratelimit-Remaining
Sever-Int
Server-Ext
Pagetype
X-Correlation-ID
Server-Hostname
Fastly-Backend-Name
X-Up
Hostname
X-Origin-CC
X-CSRF-TOKEN
X-Cdn-Forward
X-Origin-TTL
X-Be
HostName
PICS-Label
Geoip-City
X-Method
Geoip-Latitude
X-FPC
X-ECache
X-Protected-By
X-Via-PopH
Pragrma
GeoIp-Country-Code
X-Server-Time
X-Wix-Viewer-Type
X-Via-PopV
X-Worker
Magicmarker
X-DC
X-Edge-Server
X-Request-Start
X-Envoy-Upstream-Healthchecked-Cluster
Cdn-Request-Time
TTL
X-TT-LOGID
X-Branch-Name
Cdn-Host
X-URL
X-Servedbyhost
NtCoent-Length
X-Vcl-Version
Memory
X-HS-Status
X-Myra-Origin2
X-Newrelic-App-Data
Cdn
X-Policy
X-C-Zone
X-C-Key
X-Zone
X-Bc
Cdncip
Dt-Cache-Category
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Azure-Ref-OriginShield
X-Litespeed-Cache
X-AK-Request-ID
X-Planisys-CDN-Rules
X-Referer
Cdnsip
X-Cache-Metadata
CACHE
Resin-Trace
X-ZONE
X-BC
X-NU-AKA-ACS-Version
Esi-Enabled
X-SVT-ORM-RULES
X-SRV
X-SVT-ORM-VERSION
Cteonnt-Length
SRV
X-Dynatrace-Js-Agent
X-Ratelimit-Limit
Lb
X-Air-Hostname
Who
X-FORWARDED-FOR
X-Reqid
X-Oneagent-Js-Injection
X-Cache-Host
Release
X-ServedByHost
Ohc-File-Size
X-VCL-Version
X-GEO
X-Via-Ucdn
Load-Balancing
Ttl
GeoIP-Country-Code
X-Pf-Uncompressing
X-Swift-Error
XServer
X-NGINX-Cache
GeoIP-Latitude
X-Fastly-Country-Code
X-TH-Server
X-Country-IP
X-Cache-Debug
GeoIP-City
UCS
Pics-Label
RequestId
X-AIR-PT
X-Cache-Id
X-Esi-Check
IBM-Web2-Location
X-Fpc
X-Tec-Api-Origin
X-Tec-Api-Version
Dnion-Transfer-Encoding
X-Tec-Api-Root
X-Configured-By
Product
Ohc-Cache-HIT
X-Ruxit-Js-Agent
X-Gzip
X-Node-ID
FSS-Cache
X-Datadome
X-COUNTRY
Sid
X-Tb-Optimization-Total-Bytes-Saved
X-WA
Server-Int
X-VarnishDD-TTL
LB
MIME-Version
RATING
X-Unique-ID
X-Fastly-Backend-Reqs
X-WPE-Loopback-Upstream-Addr
X-B3-SpanId
Powered-By
X-Server-IP
X-Ocache
X-Powered-Y
X-PF-Uncompressing
X-Svr
X-RAMCache
X-Varnish-Beresp-TTL
X-SERVER-NAME
Fastly-SSL
X-PJAX-URL
X-Varnish-Url
X-BE
Fastly-Soc-X-Request-Id
X-Fastly-Request-Id
Lfy
C-Via
X-Apw-Hits
X-Apw-Access-Object
X-MID
X-Apw-Access-Token
X-DB
X-SD-PageType
X-DW
X-DI
X-Apw-Access-Action
X-RPM
X-RSL
X-RPS
X-Action
X-DSS
Amp-Access-Control-Allow-Source-Origin
X-LiteSpeed-Cache-Control
My-App
X-Location
X-Page-Impression-Id
X-Agile-Brick-Ok
X-Hello
X-Flow-Id
Xet-Cookie
FSS-Proxy
X-Flog
X-ABtesting
X-Zalando-Child-Request-Id
X-ElasticPress-Search
Requestid
X-HostName
CF-IPCountry
X-Amzn-Remapped-Connection
X-Aicache-OS
X-Amzn-Remapped-Date
SN
X-Debug-Revision
Host-ID
X-Debug-Controller
CDN
URI
L
X-Render-Time
X-Sucuri-Cache
X-UPSTREAM-Address
X-Mvc-Supplant-Cachable
X-Check-Cacheable
X-B3-Parentspanid
X-Mvc-Supplant-OutputCached
X-Compress-Hint
X-Sucuri-Id
X-MiniProfiler-Ids
Cneonction
X-LB-ID
CloudFront-Viewer-Country
X-Nananana
DataCenter
X-Request-Url
X-Fastly-Cache-Hits
X-Cache-Backend
X-Request-URL
ProcessTime
X-Via-CDN
X-App
X-User
X-Dw-Trace-Id