Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
CF-RAY
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
P3P
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-Ua-Compatible
Timing-Allow-Origin
P3p
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-Content-Security-Policy
X-AspNetMvc-Version
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Ws-Request-Id
X-Pass-Why
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
Feature-Policy
X-Server-Powered-By
X-Pingback
Request-Context
Server-Timing
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Grace
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-Rq
X-LiteSpeed-Cache
X-Server-Id
X-Device
X-Origin-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
X-Node
X-Response-Time
X-Dispatcher
X-Ac
NEL
X-WebKit-CSP
X-Cache-Lookup
X-Origin-Upstream-Status
X-Dns-Prefetch-Control
Surrogate-Control
Request-Id
X-Readtime
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-ORACLE-DMS-ECID
X-DataDome
X-HW
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Url
X-Rack-Cache
X-Cloud-Trace-Context
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Goog-Hash
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-Country-Code
Fusion-Deployment-Id
X-ASPNET-VERSION
X-DynaTrace
Allow
X-GitHub-Request-Id
Verso
Service-Worker-Allowed
X-Varnish-TTL
X-Instart-Request-ID
Accept-CH
X-MS-InvokeApp
X-D2id
X-Kinja-Revision
X-Exp-Variant
X-Use-Magma
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
Content-MD5
Pinterest-Generated-By
X-Server-Name
SPRequestGuid
Accept-CH-Lifetime
X-Cached
X-Forwarded-Proto
X-Powered-By-Plesk
X-Navigation-Version
X-Trace
TCN
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-Amz-Rid
X-Abt-Application-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Public-Key-Pins
X-Fastly-Request-ID
X-Vcache
X-Vcap-Request-Id
Nginx-Cache
X-Ttl
X-Debug
X-MSEdge-Ref
X-ESI
SPIisLatency
X-VARITI-CCR
SPRequestDuration
Arr-Disable-Session-Affinity
Charset
X-Accel-Expires
X-B3-TraceId
X-DynaTrace-JS-Agent
X-Cache-TTL
MS-Author-Via
X-NF-Request-ID
NR-ENABLED
X-Middleton-Response
X-Middleton-Display
Response
Pagespeed
Display
X-Px
X-Content-Type
X-Sol
Realpath
X-Client-IP
Cache-Tag
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
X-Server-ID
Edge-Cache-Tag
Access-Control-Request-Method
X-Id
X-Powered-CMS
X-Grace
Pinterest-Version
X-Pinterest-Rid
X-Webkit-Csp
WPE-Backend
Front-End-Https
X-Fastcgi-Cache
X-Jurisdiction
X-Hp-Webp
X-Shield-Request-Id
X-T
X-Upstream
X-Hits
X-Version
X-Element-Page-Cache
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
X-Node-Name
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Aspnet-Version
X-Cache-Hit
ServerID
Fastcgi-Cache
X-Recruiting
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
Ar-Sid
AR-CACHE
X-Mobile-URL
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend-Server
X-Goog-Generation
X-FTR-Realm
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-HS-Content-Id
X-HS-Hub-Id
Server-Node
X-HS-Cache-Config
X-Request-Received
X-Frontend
X-Request-Processing-Time
Powered
TP-L2-Cache
TP-Cache
PB-PID
X-FTR-Expires
X-Forwarded-For
PB-RID
X-DIS-Request-ID
Arc-Version
X-Mobile-Rewrite
Upgrade-Insecure-Requests
Refresh
X-Ezoic-Cdn
X-HS-Combine-CSS
X-Shard
Alternate-Protocol
Accept-Ch
Host-Header
Server-Name
X-XRDS-Location
X-Geo-Country
X-Amzn-Trace-Id
X-Request-Handler-Origin-Region
X-NWS-LOG-UUID
X-Microsite
X-TTL
X-N
X-Rid
X-Page-Id
X-Akamai-Edgescape
Fastly-Restarts
X-LB-Cache
X-F-Cache
X-FTR-Cache-Host
X-Logged-In
X-B
Backend-Timing
X-ATS-Timestamp
X-User-Agent
X-Varnish-Age
X-Aspnetmvc-Version
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-XRDS-LOCATION
Accept-Ch-Lifetime
MicrosoftSharePointTeamServices
X-Cache-Key
X-FastCGI-Cache
X-Kinsta-Cache
X-Zen-Fury
Healthy
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Varnish-Grace
X-Origin-Server
X-Esi
X-Revision
Host
X-Request-Guid
X-Jobs
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
Fastcgi-Useragent
X-App-Environment
X-Instance
X-Varnish-Backend
Actual-Object-TTL
X-ATG-Version
X-Cache-Age
X-Git-Hash
X-Hostname
X-B-Cache
X-Signature
Paypal-Debug-Id
X-Type
X-AOL-HN
X-FB-Debug
X-Amz-Replication-Status
X-TT
X-B3-Sampled
X-Whom
X-Seen-By
Section-Io-Cache
X-Debug-Info
X-Cluster
X-Cache-Action
Frame-Options
Cache-Status
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
Trailer
X-Content-Options
X-Amzn-Requestid
X-Cache-Rule
X-Endurance-Cache-Level
X-Presslabs-Stats
X-Cache-Operation
X-Contextid
Source
X-Content-Powered-By
X-Erf-Bev-Bev-Is-Generated
X-Host-Name
X-Erf-Bev-Bev
X-SERVER
Tracecode
X-Activity-Id
X-Az
Liferay-Portal
X-AppVersion
Accept-Charset
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Daa-Tunnel
X-FireWall-Port
X-IPLB-Instance
X-Amz-Apigw-Id
DC
X-PHP-Backend
X-Upgrade-Enabled
From-Origin
X-APP-VERSION
X-Framework
X-WA-Info
NGB
X-Response-Served-From
X-Accel-Buffering
Retry-After
X-ProcessESI
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RemovedCookies
Surrogate-Key
VIX-Pulpo-Upstream-Status
X-FW-Hash
X-FW-Type
X-FW-Server
X-Is-Bot
Srv
X-UUID
X-Rendered-As
X-FW-Serve
X-FW-Static
VIX-Pulpo-Node
X-L-Path
X-Adobe-Loc
X-Adobe-Content
X-Cacheable-TTL
Payment
X-Environment-Context
X-Region
X-GeoIP
X-Cache-NE
X-Varnish-Server
Eomportal-Instance
X-RequestSource
X-Wix-Request-Id
X-Mobile
X-Time-Microsecs
X-Cached-By
X-Handled-By
Filters
X-Unique-Id
X-RateLimit-Remaining
X-UA-Device-Type
X-Proxy
X-Origin-Response-Time
X-Varnish-Hostname
Nel
Xserver
X-NGENIX-Cache
X-Cache-TTL-Remaining
X-TIME
X-Webkit-CSP
Filterid
X-B3-Traceid
Datacenter
X-EdgeConnect-Cache-Status
X-Cache-Server
X-Cache-Control
X-Cache-Time
X-Akamai-Transformed
GEO-INFO
X-Srv
X-Backend-Name
MS-CV
Version
X-CST
X-Status
Server-Info
Odigeo-Trace-Id
X-Rule
S-Cnection
X-Mode
Cache-Tv-Group
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Enabled
X-Cache-2
Cache-Tags
X-Cache-Var
Webserver
X-IP
Meta-Geo
X-ES-SERVER
X-Cache-Var-Map
X-Path-Route
X-CCM
DB-Nickname
X-Detected-As
Ec-Rule-Version
X-Amzn-Remapped-Content-Length
Azure-Version
Azure-InstanceId
X-RN-RSRV
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-Loop
X-Redis-Cache
X-FC-Vary-Parameters
S-Rt
OT-Force-Account-Verify
X-FW-Dynamic
X-TNCMS
Akamai-GRN
Cache-Hits
Cross-Origin-Window-Policy
X-Hl-Ver
Cleartype
Now
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Device-Class
TWC-Connection-Speed
X-Say-TTL
X-Say-Cacheable
ServedBy
X-Origin-Hint
TWC-Privacy
X-PERF
X-Proto
X-Pubstack
X-Real-IP
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
X-Origin
X-NCache
NGX
X-Via-Fastly
X-R9-Blue-Green-Version
Decoy-Debug-Status
Decoy-Debug-Key
X-Human
Country
X-Web-Node
X-ApacheServer
X-TX-ID
X-Forwarded-Host
X-Adobe-Source
X-SayCDN-TTL
Property-Id
Origin-Edge-Control
Origin-Cache-Control
X-ServerID
X-Hosted-By
Decoy-Debug-TTL
X-Cache-Config
X-Device-Type
X-Cache-Status-Check
X-BYPASS-REASON
X-Tb
X-Sorting-Hat-ShopId
X-Format
Cache-Key
Content-Disposition
X-Cache-NGX
X-AWS-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-VWS-Id
X-Alternate-Cache-Key
X-Akamai-Request-ID2
X-Vgn-Hpd-Reason
X-Sorting-Hat-PodId
X-EIG-Tracking-Id
X-Generated
X-LJ-Flow-ID
X-ShardId
X-Locale
X-Proxy-Cache-Status
X-ProxyCache-Status
X-NYM-Debug-Backend
X-ProxyCache-Key
X-RCS-CacheZone
X-ShopId
X-Shopify-Stage
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Generated-Cart-Token
X-Site-Version
Access-Control-Request-Headers
X-Zipkin-Id
X-Proxied
X-Www-Served-By
X-Proxy-Build
X-BCube-Filmed-By
X-Content-Age
X-Debug-Cache
X-FB-TRIP-ID
X-JoinUs
X-Timing-Wait
X-Routing-Service
X-SaId
X-Viewer-Country
X-Xfnlog-Site
Node
X-MP-GENERATED-AT
X-Section
X-HTML-Minification-Powered-By
X-Access
Mn-Server-Ip
Selected-Fe
X-Microcachable
X-Soup
X-Cache-Remote
X-Request-Time
X-Oss-Server-Time
X-Oss-Storage-Class
X-No-Session
X-Cdn
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Dc
X-Backend-TTL
X-EC-Lua
X-Varnish-Hits
Cf-Ipcountry
X-Generated-By
X-Pinterest-Direct
X-Akamai-Request-ID
Time
X-Drupal-Cache-Tags
Accept-Language
X-Geo
X-From
X-Pad
X-NewRelic-App-Data
X-IPS-LoggedIn
X-CF-Powered-By
X-Azure-Ref
X-Old-Content-Length
X-VCT
X-NC
Uber-Trace-Id
X-URL
Ms-Operation-Id
X-Amzn-RequestId
X-Source
FilterID
X-RTag
X-RateLimit-Limit
X-NWS-UUID-VERIFY
X-Uri
Cache-Name
X-PressLabs-Stats
X-Cache-Grace
X-CS
X-Edge
X-MCACHE
User-Agent
X-UA
X-OCL
X-GoCache-CacheStatus
X-Labrador-Cache-Channel
X-PCL
X-Newrelic-Synthetics
X-PHP-Host
X-Qloud-Router
X-Nginx-Cache
X-Litespeed-Cache
X-Varnish-Cache-Hits
Cache
X-Edge-Location
X-Drupal-Cache-Contexts
X-FORWARDED-FOR
X-APP
X-ECACHE
Proxy-Connection
X-Magnolia-Registration
X-Hyper-Cache
Memcached
Machine
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
X-Transaction
T-Server
X-SRCache-Key
X-Session-Fingerprint
ServerName
Request-EU
Request-Country
GEO-REGION-INFO
Rendered-Blocks
Apple-News-Services-Host
X-Vdms-Version
X-Twitter-Response-Tags
User-Cache-Control
X-VG-WebCache
X-VG-WebServer
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Tumblr-Pixel-3
Apple-News-Services-Handled
Arc-Country
AsisCache
BehaviorPad-Version
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-ScT
X-Trv-Group
Fastcgi-X-Cache-Version
X-Rewrite-Enabled
X-D
X-A-Dam
X-A-Dcw
X-Date
X-Destination
X-External-Request-Id
X-DPWN-IS-SECURE
X-Developer
X-Connection-Hash
X-CF-Lambda-Version
X-Application
X-ARC
X-Cache-Bucket
X-Cdn-Srv
X-Aed
X-CF-Lambda-Fn
X-A-Wwc
X-Accel-Expires-Debug
X-FW-Version
X-A-Ccd
X-Request-UUID
X-Request-URI
X-Region-Sid
X-B-Cookie
X-Rocket-Nginx-Bypass
X-S-Cookie
X-S
X-Rojux
Viewtype
X-Reboot
X-A
X-GeoIP-Country-Code
X-G
VivaBuild
X-Info
X-Processor
X-PAYTM-SRV-ID
X-Instart-Info
True-Client-Country-4JS
X-A-Dgt
X-Mid
X-Cluster-Name
X-CDN-Forward
CF-Cached-On
X-Clara-WADP
X-Contensis-Viewer-Groups
X-Cdn-Origin
X-Cache-URL
X-Cache-ASPX
X-Cache-Info
X-DevSite-Last-Modified
X-Generated-On
X-GeoIP-City
X-Hnp-Log
X-Gen-Mode
X-Gamma-Serve
X-Block-Status
X-Fastly-Cache
X-Fmm-Version
X-Core-Value
X-BBXSRF
Server-Surrogate-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Server-Host
Server-Cache-Control
Rt-Fastcgi-Cache
SD-X-WS
Thinkindot-Control
Viewport
X-Backend-Host
X-Backend-State
X-IN-APIGATEWAY
X-Auto-Login
X-VCache
Web-Mar-Node
X-COUNTRY
X-Bc-Bl
X-Level-Front-Cache
X-VServer
X-WADP-Cache
X-We-Are-Hiring
X-VG-TLSProxy
X-Varnish-Authentication
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
X-Webstats-RespID
X-Wikidot-Backend
X-Is-Gdpr
X-JWT-State
X-Has-Esi
X-Geo-Header
X-Wikidot-Static-Cache
Vix-Hermes-Req-Id
X-Trafficlayer-App-Name
X-TrackingId
X-LI-Proto
X-LI-UUID
X-Matched-Rule
X-Li-Pop
X-Li-Fabric
X-Irp-Debug
Proxy-Firewall
X-Request-Host
X-Served-From
X-Sn-Servicetimems
X-Thinkindot-L3
X-Slack-Backend
X-ServiceProvider
X-Server-W
X-Servername
X-IN-APIGATEWAYSSL
X-Micro-Cache
N-Cache
On-Server
X-Sucuri-ID
Content-Style-Type
Cache-Cookie-Set-From
Content-Script-Type
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Gh-Request-Id
X-UnsetCookies
X-Varnish-Ttl
X-Storage
X-S-Maxage
X-WebServer
X-Generated-In
Fastly-SWR
Fastly-SIE
Fastly-Drupal-HTML
Country-Code
X-LAGOON
X-Fetched-On
X-VC-Cache
Countrycode
X-Hash
X-Distil-CS
X-CUA
Locale
X-Debug-Cookies
X-Core-Mission
X-Cluster-Node
X-Cms-Context
X-Clientip
X-Debug-Log
X-Sigma
X-Distributor
X-Epic-Correlation-Id
X-Eu-Site
X-Varnish-Cacheable
X-Dispatcher-Server
X-Device-Os
X-Dispatch
FNAC-ModuleRouting
X-Ms-Request-Id
X-Thanos
X-Rocket-Build-Number
X-Swa-Ws
X-Trace-Id
X-Req
X-Rebelmouse-Surrogate-Control
X-TT-TIMESTAMP
X-SN
X-Scheme
Cache-Host
X-Sigma-Backend
X-SIPLIST1
X-Skip-Cache
X-SS-Set-Cookie
CDCHOST
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-NodeID
X-Variation
X-NX-Host
X-Nginx-Cache-Key
X-Ms-Version
A
X-CGP
X-Var-Ttl
X-Origin-Date
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Platform-Server
Adler-Geo
X-Origin-Expires
X-Owner
X-Logging-Id
Heartbleed
X-Urbn-Site-Id
IsBot
Mail-Subject
Kp-EeAlive
Wxu-Next-Region
Is-Eu
Wxu-Next-Hostname
X-Urbn-Context-Path
X-Bip
L5d-Success-Class
AKAMAI
X-Agile-Id
X-App-Name
Server-ID
RNT-Time
RNT-Machine
X-Agile
X-Agile-Age
Locid
Wxu-Next-Commit
HA-Ipaddr
X-Generation-Time
V-Age
Ha-Gx-Prefs
X-Cache-PHP
X-Cache-Tags
Group
X-Developers
X-Cache-FS-Status
W
We-Hiring
Platform
X-App-Server
X-Varnish-Beresp-Status
X-C
X-Response-By
NM-Fastcgi-Cache
X-Cache-Expired-At
X-Varnish-Beresp-Grace
Request-Time
X-CSRF-Token
X-Hit
X-Vdms-Path
X-Refresh
X-RESPONSE-TIME
X-OVcl
X-OVcl-Cache
X-Instart-Isnd
X-B3-Spanid
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-CLOUD-TRACE-CONTEXT
PFcat
X-Varnish-Beresp-Ttl
Server-Hostname
Sever-Int
Server-Ext
X-CACHE-KEY
X-TA-CDN-Provider
X-Node-Id
M-TraceId
Pagetype
Mime-Version
X-Protected-By
X-Nc
HostName
X-Time
X-Method
X-FPC
X-Parent-Response-Time
X-Ua-Device
X-Ratelimit-Remaining
Magicmarker
PICS-Label
X-Worker
X-Via-PopH
X-MSEdge-Features
Powered-By-ChinaCache
Geo-Info
Origin
X-Via-PopV
X-Varnish-URL
X-MSEdge-Flight
X-Branch-Name
X-Request-Start
Pramga
X-Envoy-Upstream-Healthchecked-Cluster
X-Lb-Id
X-Wa
Geoip-City
X-SRV
Geoip-Latitude
X-Be
Memory
X-ND-Cache
X-Service
Cloudfront-Viewer-Country
GeoIp-Country-Code
X-Policy
X-GEO
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
HitType
X-C-Key
X-Planisys-CDN-Cache
X-C-Zone
X-SERVER-NAME
X-Pjax-Url
X-ECache
XServer
X-Load-Cache
X-BACKEND-TTL
Esi-Enabled
X-HS-Status
Environment
X-DC
Who
Dt-Cache-Category
X-Wix-Viewer-Type
Cteonnt-Length
X-Zone
X-Azure-Ref-OriginShield
X-Reqid
X-Myra-Origin2
X-Newrelic-App-Data
X-Via-Ucdn
X-Bc
X-Cdn-Forward
X-Ua
NtCoent-Length
X-VCL-Version
X-CSRF-TOKEN
X-Servedbyhost
TTL
X-Country-IP
X-Up
Fastly-Backend-Name
X-Referer
X-Cache-Metadata
X-Ratelimit-Limit
X-Vcl-Version
X-Origin-CC
Ttl
X-Origin-TTL
SRV
X-Cache-Host
Product
X-ZONE
Resin-Trace
X-Server-Time
Cdn
X-Oneagent-Js-Injection
X-BC
UCS
X-TT-LOGID
Pragrma
X-ServedByHost
X-Swift-Error
Hostname
Cdn-Request-Time
X-Fastly-Country-Code
X-Pf-Uncompressing
X-App-Version
Cdn-Host
X-Edge-Server
X-NGINX-Cache
Cdncip
X-Correlation-ID
X-AK-Request-ID
Cdnsip
X-Server-IP
Release
Lb
CACHE
Load-Balancing
X-Tec-Api-Origin
FSS-Cache
X-AIR-PT
X-Tec-Api-Version
X-NU-AKA-ACS-Version
X-Tec-Api-Root
X-Ruxit-Js-Agent
X-SVT-ORM-RULES
X-PJAX-URL
C-Via
X-Node-ID
X-Datadome
Sid
LB
X-SVT-ORM-VERSION
X-Configured-By
GeoIP-Country-Code
GeoIP-City
Dnion-Transfer-Encoding
GeoIP-Latitude
X-WA
Warning
X-Air-Hostname
X-WPE-Loopback-Upstream-Addr
MIME-Version
Ohc-File-Size
X-Cache-Id
X-Location
X-Esi-Check
X-Gzip
X-BE
My-App
X-Tb-Optimization-Total-Bytes-Saved
X-UPSTREAM-Address
X-Cache-Backend
X-RAMCache
Ohc-Cache-HIT
X-Sucuri-Cache
X-Mvc-Supplant-Cachable
X-TH-Server
RequestId
X-Varnish-Url
X-Powered-Y
X-Svr
X-Cache-Debug
X-Mvc-Supplant-OutputCached
Pics-Label
X-Fastly-Backend-Reqs
IBM-Web2-Location
Lfy
X-B3-SpanId
X-Fastly-Request-Id
X-Fpc
X-Varnish-Beresp-TTL
X-VarnishDD-TTL
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
X-MID
X-Apw-Access-Token
X-Dynatrace-Js-Agent
X-Edge-O15-RID
X-LiteSpeed-Cache-Control
X-User
Xet-Cookie
X-Flow-Id
X-Ocache
CDN
Requestid
X-ElasticPress-Query
X-Page-Impression-Id
X-Zalando-Child-Request-Id
Server-Int
Processtime
Fastly-SSL
X-ElasticPress-Search
X-Agile-Brick-Ok
CF-IPCountry
X-SD-PageType
X-Akamai-ERPolicy
X-Amzn-Remapped-Date
X-Akamai-ERRuleID
Host-ID
Powered-By
X-Amzn-Remapped-Connection
X-Unique-ID
X-B3-Parentspanid
X-Aicache-OS
Cneonction
X-Debug-Controller
X-Debug-Revision
X-Check-Cacheable
X-Sucuri-Id
X-Cache-Tag
X-Fastly-Cache-Hits
X-Request-Url
X-Dw-Trace-Id
X-Nananana
CloudFront-Viewer-Country
DataCenter
X-PF-Uncompressing
URI
X-LB-ID
X-MiniProfiler-Ids
X-Request-URL