Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
P3P
X-Amz-Cf-Pop
CF-Ray
Referrer-Policy
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
X-Request-Id
Alt-Svc
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-FRAME-OPTIONS
P3p
X-Language
X-AspNetMvc-Version
X-Ua-Compatible
Upgrade
Status
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
X-AH-Environment
X-Server
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Xkey
X-Robots-Tag
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
X-Varnish-Cache
Grace
X-UA-Device
X-Request-ID
X-Amz-Version-Id
Cf-Railgun
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Origin-Cache
X-Server-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
NEL
X-Ac
X-Dispatcher
X-Cache-Lookup
X-Readtime
X-WebKit-CSP
Surrogate-Control
X-Origin-Upstream-Status
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Cloud-Trace-Context
X-Country
X-Mod-Pagespeed
X-DataDome
X-Akam-SW-Version
X-Rack-Cache
Edge-Control
Rating
X-Url
X-Clacks-Overhead
RTSS
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
Allow
X-Instart-Request-ID
X-DynaTrace
X-Country-Code
Content-MD5
X-Varnish-TTL
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
X-Server-Name
Pinterest-Generated-By
X-D2id
X-ESI
X-Webkit-Csp
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-MS-InvokeApp
X-Server-ID
X-Vcache
X-Powered-By-Plesk
SPRequestGuid
X-Navigation-Version
X-Cached
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
Accept-Ch
X-Debug
X-Forwarded-Proto
X-B3-TraceId
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Amz-Rid
X-TEC-API-ORIGIN
X-MSEdge-Ref
X-Trace
Public-Key-Pins
Nginx-Cache
X-Fastly-Request-ID
X-Vcap-Request-Id
X-SharePointHealthScore
X-VARITI-CCR
MS-Author-Via
TCN
Charset
Arr-Disable-Session-Affinity
Accept-Ch-Lifetime
X-Px
X-Accel-Expires
Edge-Cache-Tag
X-Cache-TTL
X-NF-Request-ID
X-Fastcgi-Cache
Response
Display
X-Middleton-Display
X-Middleton-Response
Pagespeed
X-Sol
SPRequestDuration
SPIisLatency
Realpath
X-Content-Type
X-Version
X-Ser
X-Client-IP
Fusion-Deployment-Id
Cache-Tag
X-Ttl
X-SRCache-Fetch-Status
X-SRCache-Store-Status
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-DynaTrace-JS-Agent
Front-End-Https
X-Powered-CMS
X-Dns-Prefetch-Control
Access-Control-Request-Method
X-Id
Accept-CH
X-Jurisdiction
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Hp-Webp
MRF-Tech
X-Upstream
NR-ENABLED
X-Grace
AR-CACHE
X-Pinterest-Rid
Ar-Sid
Pinterest-Version
X-Content-Digest
X-Forwarded-For
X-Hits
X-Amz-Meta-S3cmd-Attrs
X-Element-Page-Cache
X-T
S
DynaTrace
X-TTL
X-Dw-Request-Base-Id
Fastcgi-Cache
Accept-CH-Lifetime
ServerID
X-Mobile-URL
X-Node-Name
X-ASPNET-VERSION
X-Amzn-Trace-Id
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
PB-PID
PB-RID
X-FTR-DC
X-FTR-Cache-Status
X-Recruiting
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-GUploader-UploadID
X-Goog-Stored-Content-Length
Server-Node
X-Goog-Generation
X-FTR-Expires
Arc-Version
X-Mobile-Rewrite
Powered
X-Ezoic-Cdn
X-Cache-Hit
X-Frontend
X-Shard
TP-Cache
TP-L2-Cache
X-Shield-Request-Id
AMP-Access-Control-Allow-Source-Origin
X-DIS-Request-ID
Upgrade-Insecure-Requests
Fastly-Restarts
X-NWS-LOG-UUID
X-HS-Combine-CSS
Alternate-Protocol
X-Varnish-Age
X-Request-Received
X-Logged-In
X-Request-Processing-Time
X-XRDS-LOCATION
Refresh
X-Correlation-Id
WPE-Backend
X-Request-Handler-Origin-Region
X-Microsite
Backend-Timing
X-ATS-Timestamp
X-FTR-Cache-Host
Server-Name
MicrosoftSharePointTeamServices
X-F-Cache
X-Page-Id
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-User-Agent
X-LB-Cache
X-Rid
X-B
X-Via-JSL
X-Geo-Country
X-N
Host
X-Zen-Fury
Cache-Status
X-Content-Options
X-XRDS-Location
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ORACLE-APMCS-REQUEST-ID
X-Origin-Server
X-ORACLE-APMCS-TAG
X-Varnish-Grace
Host-Header
X-Amz-Apigw-Id
X-Kinsta-Cache
X-Revision
X-B3-Sampled
X-AOL-HN
X-Cache-Action
X-Instance
X-FB-Debug
X-Type
X-Request-Guid
X-ATG-Version
X-Debug-Info
X-B-Cache
X-TT
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Signature
X-App-Environment
X-Tumblr-Pixel-0
X-Varnish-Backend
X-Content-Powered-By
X-Tumblr-User
Actual-Object-TTL
X-Jobs
X-Tumblr-Pixel
X-Git-Hash
Paypal-Debug-Id
Fastcgi-Useragent
Liferay-Portal
Frame-Options
X-Whom
Healthy
X-Tt-Trace-Tag
X-Tt-Trace-Host
Section-Io-Cache
X-Cluster
X-Cached-By
X-Srv
X-Hostname
X-Daa-Tunnel
X-Cache-Key
X-Seen-By
X-Cache-Rule
X-PHP-Backend
X-Az
X-Activity-Id
X-AppVersion
X-Cache-Operation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Framework
X-CST
X-FireWall-Port
Tracecode
X-WA-Info
X-Endurance-Cache-Level
X-Contextid
X-Cache-Age
Retry-After
X-Mobile
X-Host-Name
X-IPLB-Instance
Source
NGB
X-Response-Served-From
X-Accel-Buffering
X-Presslabs-Stats
Accept-Charset
X-Upgrade-Enabled
X-Cache-NE
X-RemovedCookies
X-ProcessESI
Xserver
Surrogate-Key
Srv
X-FastCGI-Cache
X-Amzn-Requestid
X-Origin-Response-Time
X-Region
X-FW-Static
Trailer
X-FW-Type
X-FW-Serve
X-FW-Server
Payment
X-FW-Hash
X-Rendered-As
X-Adobe-Content
X-Tumblr-Pixel-1
Eomportal-Instance
X-Tumblr-Pixel-2
X-Adobe-Loc
X-L-Path
X-Environment-Context
X-Is-Bot
DC
X-UUID
X-GeoIP
X-Varnish-Server
X-Handled-By
X-Varnish-Hostname
X-Cacheable-TTL
Filters
X-RequestSource
X-EdgeConnect-Cache-Status
Server-Info
X-UA-Device-Type
X-RateLimit-Remaining
X-Backend-Name
X-Cache-2
X-Edge-O15-RID
X-Cache-TTL-Remaining
From-Origin
Cache-Tv-Group
X-Time-Microsecs
X-Proxy
X-Wix-Request-Id
MS-CV
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Cache-Server
X-APP-VERSION
X-Akamai-Transformed
Version
X-NGENIX-Cache
X-Cache-Enabled
Datacenter
X-Status
X-Unique-Id
Filterid
X-Dc
X-B3-Traceid
X-Mode
S-Cnection
X-IPS-LoggedIn
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
X-CCM
X-Path-Route
Meta-Geo
X-RN-RSRV
X-Forwarded-Host
X-Access
X-Format
X-Section
X-TX-ID
X-Amzn-RequestId
X-Akamai-Request-ID
X-Hl-Ver
Decoy-Debug-Key
Akamai-GRN
Decoy-Debug-Status
X-SS-Set-Cookie
X-Cache-Time
GEO-INFO
Cache-Tags
Decoy-Debug-TTL
X-Origin
X-NYM-Debug-Backend
X-TIME
X-Ua-Device
X-Tb
Content-Disposition
Cleartype
OT-Force-Account-Verify
X-Hosted-By
Country
X-Cache-Remote
X-Device-Type
X-LJ-Flow-ID
DB-Nickname
X-R9-Blue-Green-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
Cache-Key
X-FW-Dynamic
X-Cache-Config
X-AWS-Id
X-Cache-Control
X-Varnish-Hits
X-Amzn-Remapped-Content-Length
X-Web-Node
X-ApacheServer
X-FC-Vary-Parameters
X-VWS-Id
Webserver
X-Say-Cacheable
X-Say-TTL
X-Cache-Status-Check
X-SayCDN-TTL
Now
X-Akamai-Request-ID2
X-ProxyCache-Status
X-Redis-Cache
X-ProxyCache-Key
X-Proxy-Cache-Status
X-Request-Time
X-Proto
ServedBy
X-BYPASS-REASON
X-Debug-Cache
Mn-Server-Ip
X-Pad
NGX
X-PERF
X-ServerID
Ec-Rule-Version
Azure-RegionName
X-Detected-As
Azure-SiteName
Azure-SlotName
Origin-Cache-Control
X-BCube-Filmed-By
X-Viewer-Country
Cross-Origin-Window-Policy
X-EIG-Tracking-Id
X-NewRelic-App-Data
Azure-Version
X-Content-Age
X-Alternate-Cache-Key
X-MP-GENERATED-AT
X-Shopify-Generated-Cart-Token
X-Loop
X-JoinUs
X-Shopify-Stage
X-NCache
X-ShopId
X-Pubstack
X-SaId
X-ShardId
Origin-Edge-Control
X-Www-Served-By
S-Rt
X-TNCMS
X-Generated-By
X-Generated
X-Vgn-Hpd-Reason
X-Human
X-RCS-CacheZone
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Soup
X-IP
Azure-InstanceId
Webcakes-App-Name
TWC-Connection-Speed
TWC-Device-Class
X-Routing-Service
X-Timing-Wait
X-Via-Fastly
X-Zipkin-Id
Property-Id
X-Proxy-Build
X-Proxied
Webcakes-App-Version
Webcakes-Region
X-Origin-Hint
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Xfnlog-Site
Selected-Fe
Node
X-Esi
X-PressLabs-Stats
Access-Control-Request-Headers
X-FB-TRIP-ID
X-Site-Version
X-Locale
FilterID
X-HTML-Minification-Powered-By
X-Real-IP
X-Geo
Cache-Hits
X-App-Server
X-Drupal-Cache-Tags
Nel
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
X-EC-Lua
X-Uri
Accept-Language
X-Adobe-Source
X-CACHE-KEY
X-No-Session
X-Microcachable
X-PCL
Odigeo-Trace-Id
X-OCL
X-Rule
Cf-Ipcountry
X-Varnish-Cache-Hits
Time
X-RTag
X-Qloud-Router
Ms-Operation-Id
X-NWS-UUID-VERIFY
X-Time
X-Source
X-From
X-UA
X-Azure-Ref
X-Hyper-Cache
X-Labrador-Cache-Channel
X-Load-Cache
X-PHP-Host
X-Storage
X-Info
User-Agent
X-RateLimit-Limit
X-Backend-TTL
X-Cache-NGX
X-Nginx-Cache
Proxy-Connection
X-Cluster-Node
X-Nc
X-TA-CDN-Provider
Powered-By-ChinaCache
X-Old-Content-Length
Rendered-Blocks
X-Developer
X-External-Request-Id
X-GeoIP-Country-Code
X-G
X-OVcl
X-Newrelic-Synthetics
X-DPWN-IS-SECURE
Request-Country
BehaviorPad-Version
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Handled
A
X-Edge-Location
X-Drupal-Cache-Contexts
X-GoCache-CacheStatus
Arc-Country
AsisCache
Machine
MD5-Digest
Meta-Geo-Continent
GEO-REGION-INFO
Fastcgi-X-Cache-Version
X-Destination
Content-Script-Type
Content-Style-Type
Mobile-Detection-Method
X-VG-TLSProxy
X-Magnolia-Registration
X-Application
X-Aed
X-Accel-Expires-Debug
X-ARC
X-B-Cookie
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
X-Request-URI
X-A-Wwc
X-Region-Sid
Viewtype
ServerName
Xc-Version
T-Server
VivaBuild
X-A
X-A-Dgt
X-A-Dcw
X-A-Dam
X-A-Ccd
X-Cdn-Srv
X-S
X-UnsetCookies
X-Vtex-Processado-Em
X-VG-WebServer
X-VG-WebCache
X-Vtex-Remote-Cache
X-Connection-Hash
Request-EU
X-Date
X-PAYTM-SRV-ID
X-D
X-CF-Lambda-Version
True-Client-Country-4JS
X-SRCache-Key
X-Session-Fingerprint
X-ScT
X-S-Cookie
X-Processor
X-Transaction
X-Vdms-Version
X-CF-Lambda-Fn
X-Twitter-Response-Tags
X-Trv-Group
X-OVcl-Cache
Uber-Trace-Id
Rt-Fastcgi-Cache
X-CF-Powered-By
X-Varnish-Ttl
Geo-Info
X-Cluster-Name
Thinkindot-Control
X-ND-Cache
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-CGP
X-Rocket-Nginx-Bypass
X-ServiceProvider
CDCHOST
Mime-Version
X-Served-From
X-Reboot
X-Cdn-Origin
X-Core-Value
X-Developers
Locid
X-Distil-CS
X-Eu-Site
PFcat
L5d-Success-Class
X-IN-APIGATEWAY
Server-Host
X-Sigma
Ha-Gx-Prefs
HA-Ipaddr
X-IN-APIGATEWAYSSL
X-Matched-Rule
X-Rocket-Build-Number
X-TT-TIMESTAMP
Cache-Name
X-Trafficlayer-App-Version
X-Trafficlayer-App-Name
X-Varnish-Beresp-Grace
X-App-Name
X-Backend-State
X-Varnish-Cacheable
X-C
X-Cache-Expired-At
X-Trafficlayer-App-Scope
W
X-Thinkindot-L3
X-Sigma-Backend
X-Wikidot-Static-Cache
X-Varnish-Beresp-Status
X-Wikidot-Backend
X-Cache-Grace
X-Sn-Servicetimems
X-CS
X-Auto-Login
X-Debug-Cookies
X-Bc-Bl
X-Distributor
X-Fastly-Cache
X-Agile-Id
X-Epic-Correlation-Id
X-DevSite-Last-Modified
X-Dispatcher-Server
X-Debug-Log
X-Core-Mission
X-Clara-WADP
X-Clientip
X-Cache-URL
X-FW-Version
X-Cache-Info
X-Cache-Tags
X-Cms-Context
X-Contensis-Viewer-Groups
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-CUA
X-Block-Status
X-Cache-Bucket
X-Cache-ASPX
X-Debug-Cache-Store
X-Is-Gdpr
X-Servername
X-Service
X-SIPLIST1
X-Slack-Backend
X-Server-W
X-Request-Host
X-Platform-Server
X-Proxy-Upstream
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-TrackingId
X-Tumblr-Pixel-3
X-VServer
X-WADP-Cache
X-We-Are-Hiring
X-WebServer
X-Varnish-Authentication
X-Variation
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Var-Ttl
X-Origin-Expires
X-Origin-Date
X-GeoIP-City
X-Has-Esi
X-Hash
X-Hit
X-Geo-Header
X-Generation-Time
X-Gen-Mode
X-Generated-In
X-Generated-On
X-Hnp-Log
X-Irp-Debug
X-Li-Pop
X-LI-UUID
X-Nginx-Cache-Key
X-NX-Host
X-Li-Fabric
X-Level-Front-Cache
X-Agile-Age
X-JWT-State
X-LAGOON
X-Gamma-Serve
X-LI-Proto
Kp-EeAlive
IsBot
Fastly-Drupal-HTML
Locale
Server-Surrogate-Control
Gh-Request-Id
Countrycode
Fastly-SIE
Fastly-SWR
V-Age
User-Cache-Control
Viewport
We-Hiring
Is-Eu
Web-Mar-Node
Mail-Subject
Country-Code
Adler-Geo
Server-ID
RNT-Machine
HitType
Platform
Pramga
RNT-Time
On-Server
Server-Cache-Control
X-Agile
Memcached
X-NC
X-Dispatch
Group
X-Instart-Isnd
N-Cache
Heartbleed
X-Fetched-On
X-Ms-Version
AKAMAI
X-Trace-Id
X-Thanos
X-Swa-Ws
X-S-Maxage
X-VC-Cache
FNAC-ModuleRouting
X-Webstats-RespID
X-Req
X-Skip-Cache
X-Varnish-Beresp-Ttl
X-NodeID
X-Device-Os
X-Micro-Cache
X-Owner
Environment
Cache-Host
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Logging-Id
X-Ms-Request-Id
X-Cache-FS-Status
X-BBXSRF
X-Bip
X-Node-Id
X-VHOST
X-Ah-Environment
Cloudfront-Viewer-Country
X-Refresh
X-RESPONSE-TIME
X-Lb-Id
Hostname
X-Backend-Host
Wxu-Next-Hostname
Wxu-Next-Commit
X-Response-By
Wxu-Next-Region
X-Sucuri-ID
X-Fmm-Version
Cache-Cookie-Set-Idcheck
X-BACKEND-TTL
Cache-Cookie-Set-Lfrom
X-CLOUD-TRACE-CONTEXT
X-Ratelimit-Remaining
Cache-Cookie-Set-From
X-Parent-Response-Time
X-VCT
X-Scheme
X-Origin-TTL
X-Origin-CC
X-App-Version
X-Cdn-Forward
Fastly-Backend-Name
X-VCache
X-Varnish-URL
X-Up
X-B3-Spanid
X-CDN-Forward
Cache
SD-X-WS
X-MSEdge-Features
X-MSEdge-Flight
Origin
X-SN
X-Server-Time
X-APP
X-Pjax-Url
X-Instart-Info
X-CSRF-Token
X-Correlation-ID
X-Edge-Server
Pragrma
Proxy-Firewall
PICS-Label
X-FPC
Cdn-Request-Time
Cdn-Host
X-TT-LOGID
X-Edge
X-MCACHE
Geoip-Latitude
Vix-Hermes-Req-Id
Geoip-City
Request-Time
M-TraceId
X-Cache-PHP
X-CSRF-TOKEN
Cdncip
CACHE
X-AK-Request-ID
GeoIp-Country-Code
Cdnsip
X-Wa
X-Cache-Host
NtCoent-Length
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Vcl-Version
NM-Fastcgi-Cache
X-HS-Status
X-Vdms-Path
TTL
Ohc-File-Size
CF-Cached-On
X-ECACHE
X-Wix-Viewer-Type
X-Air-Hostname
X-NU-AKA-ACS-Version
X-Be
X-Mid
X-Ua
X-URL
Cdn
Server-Hostname
Pagetype
Server-Ext
Memory
Sever-Int
X-Myra-Origin2
X-Bc
X-Zone
X-ECache
X-Ratelimit-Limit
X-Cache-Debug
X-Pf-Uncompressing
Magicmarker
Resin-Trace
RequestId
X-ServedByHost
X-Cache-Metadata
HostName
Ohc-Cache-HIT
X-TH-Server
X-Method
X-Worker
Tcn
XServer
SRV
X-Dynatrace-Js-Agent
X-FORWARDED-FOR
IBM-Web2-Location
Cteonnt-Length
Release
X-Newrelic-App-Data
X-Via-PopH
X-Servedbyhost
X-Oneagent-Js-Injection
X-Via-PopV
X-GEO
X-Azure-Ref-OriginShield
X-BC
Dnion-Transfer-Encoding
X-Envoy-Upstream-Healthchecked-Cluster
X-ZONE
Dt-Cache-Category
X-Request-Start
Server-Int
X-Branch-Name
X-Referer
Load-Balancing
X-NGINX-Cache
X-Unique-ID
X-Swift-Error
X-Tb-Optimization-Total-Bytes-Saved
Lb
X-Ocache
X-Policy
X-DC
Powered-By
X-Protected-By
X-Tec-Api-Origin
X-Tec-Api-Root
X-SRV
X-Planisys-CDN-Cache
X-AIR-PT
X-Tec-Api-Version
X-Configured-By
X-Esi-Check
Ttl
X-Planisys-CDN-Rules
Esi-Enabled
X-Cache-Id
X-Planisys-CDN-TTL
X-VCL-Version
X-Ruxit-Js-Agent
GeoIP-Country-Code
X-Fastly-Country-Code
Fastly-Soc-X-Request-Id
X-Node-ID
X-B3-SpanId
X-Reqid
Pics-Label
X-Gzip
X-COUNTRY
X-Datadome
X-WA
X-C-Key
Fastly-SSL
X-C-Zone
GeoIP-City
Who
X-Action
X-VarnishDD-TTL
GeoIP-Latitude
MIME-Version
X-Flog
X-RPM
X-RPS
X-RSL
X-DB
X-DI
X-DW
X-DSS
X-Hello
X-Via-Ucdn
X-ABtesting
X-HostName
X-Svr
X-Fpc
X-Country-IP
X-PF-Uncompressing
X-Powered-Y
Host-ID
LB
X-SERVER-NAME
UCS
X-Cache-Backend
Lfy
X-RAMCache
X-Fastly-Backend-Reqs
X-Varnish-Url
FSS-Cache
ProcessTime
X-PJAX-URL
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Product
X-Fastly-Request-Id
X-Via-CDN
X-Render-Time
Sid
X-UPSTREAM-Address
X-MID
X-Varnish-Beresp-TTL
X-SD-PageType
X-User
FSS-Proxy
X-WPE-Loopback-Upstream-Addr
X-LiteSpeed-Cache-Control
X-Key
X-Beluga-Record
X-Agile-Brick-Ok
X-Page-Impression-Id
X-Beluga-Cache-Status
X-Beluga-Node
X-Flow-Id
Requestid
X-Beluga-Trace
X-Beluga-Status
X-Beluga-Response-Time
X-Internal-Host
Amp-Access-Control-Allow-Source-Origin
X-Zalando-Child-Request-Id
Xet-Cookie
X-BE
CF-IPCountry
X-Server-IP
X-Aicache-OS
X-Pinterest-Direct
X-Apw-Hits
SN
CDN
X-Apw-Access-Token
X-Apw-Access-Object
X-Compress-Hint
X-Apw-Access-Action
X-Debug-Controller
X-Debug-Revision
X-Check-Cacheable
Cneonction
X-Sucuri-Cache
X-Tid
L
X-B3-Parentspanid
WZWS-RAY
X-Sucuri-Id
X-Litespeed-Cache-Control
X-Nananana
X-App
X-Request-URL
X-Dw-Trace-Id
DataCenter
X-Request-Url
X-Fastly-Cache-Hits
X-Location
X-ElasticPress-Search
X-LB-ID
X-MiniProfiler-Ids
CloudFront-Viewer-Country