Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
CF-RAY
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
X-Cache-Hits
X-Amz-Cf-Pop
CF-Ray
Referrer-Policy
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
Timing-Allow-Origin
X-Iinfo
X-Template
X-AspNetMvc-Version
X-Language
X-Ua-Compatible
Status
Upgrade
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Buckets
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
X-Via
Keep-Alive
X-Request-ID
X-Turbo-Charged-By
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Envoy-Upstream-Service-Time
X-Pass-Why
X-Cache-Group
X-Server
X-Ws-Request-Id
X-Backend
X-Age
EagleId
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
X-Pingback
X-Server-Powered-By
Server-Timing
Feature-Policy
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-UA-Device
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Device
X-Origin-Cache
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
EagleEye-TraceId
X-Host
X-Backend-Server
X-Node
X-Vhost
X-Response-Time
NEL
X-Dispatcher
X-Ac
X-Cache-Lookup
X-WebKit-CSP
X-Readtime
Surrogate-Control
X-Origin-Upstream-Status
Content-Location
Request-Id
X-Ruxit-JS-Agent
X-Application-Context
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-HW
X-Cnection
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Country
X-Mod-Pagespeed
X-DataDome
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Url
Edge-Control
X-Rack-Cache
Rating
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Goog-Hash
X-FTR-Request-ID
X-TtlSet
X-Vname
X-PC
X-Varnish-TTL
X-DynaTrace
X-ASPNET-VERSION
X-Country-Code
X-Instart-Request-ID
Allow
Content-MD5
Service-Worker-Allowed
Verso
X-GitHub-Request-Id
X-Server-Name
Pinterest-Generated-By
X-D2id
X-ESI
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-MS-InvokeApp
SPRequestGuid
X-Cached
X-Navigation-Version
X-Powered-By-Plesk
X-Vcache
X-Forwarded-Proto
X-B3-TraceId
X-Amz-Server-Side-Encryption
X-Debug
X-Abt-Application-Version
X-Webkit-Csp
X-Amz-Rid
X-TEC-API-VERSION
Public-Key-Pins
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Trace
X-Fastly-Request-ID
X-MSEdge-Ref
X-SharePointHealthScore
Nginx-Cache
X-Vcap-Request-Id
Accept-Ch
X-Server-ID
X-VARITI-CCR
TCN
Fusion-Deployment-Id
MS-Author-Via
Arr-Disable-Session-Affinity
Charset
X-Ttl
X-Px
X-NF-Request-ID
X-Accel-Expires
X-Cache-TTL
X-Fastcgi-Cache
Edge-Cache-Tag
SPRequestDuration
SPIisLatency
Realpath
Pagespeed
Display
Response
X-Middleton-Display
X-Middleton-Response
Accept-Ch-Lifetime
X-Content-Type
X-Ser
X-Sol
X-Client-IP
Accept-CH
X-Version
Cache-Tag
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-DynaTrace-JS-Agent
Front-End-Https
X-Powered-CMS
NR-ENABLED
Pinterest-Version
X-Pinterest-Rid
X-Id
Access-Control-Request-Method
X-Dns-Prefetch-Control
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Hp-Webp
X-Jurisdiction
X-Grace
X-Upstream
S
X-Mrf-Section-Lastmod
X-Forwarded-For
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-T
Accept-CH-Lifetime
X-Content-Digest
X-Hits
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
DynaTrace
AR-CACHE
Ar-Sid
X-Dw-Request-Base-Id
Fastcgi-Cache
ServerID
X-Mobile-URL
X-Node-Name
X-Shield-Request-Id
X-Cache-Hit
PB-PID
PB-RID
X-Recruiting
X-FTR-Backend
X-Goog-Generation
X-Country-Code-Real
X-FTR-Realm
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-FTR-Balancer
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-DC
Server-Node
Arc-Version
Powered
X-Mobile-Rewrite
X-Amzn-Trace-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
TP-L2-Cache
TP-Cache
X-FTR-Expires
AMP-Access-Control-Allow-Source-Origin
X-Shard
X-Ezoic-Cdn
Upgrade-Insecure-Requests
X-DIS-Request-ID
X-TTL
WPE-Backend
X-Request-Processing-Time
X-Request-Received
X-NWS-LOG-UUID
Refresh
Alternate-Protocol
Fastly-Restarts
X-HS-Combine-CSS
X-Logged-In
X-Varnish-Age
X-Correlation-Id
X-Request-Handler-Origin-Region
X-Microsite
Server-Name
X-XRDS-LOCATION
X-FTR-Cache-Host
X-XRDS-Location
X-Akamai-Edgescape
X-LB-Cache
X-Page-Id
X-B
X-F-Cache
X-ATS-Timestamp
Backend-Timing
X-Rid
X-User-Agent
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
X-Geo-Country
X-N
X-Via-JSL
Host
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Host-Header
X-Zen-Fury
Cache-Status
X-Origin-Server
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Content-Options
X-Varnish-Grace
X-Kinsta-Cache
X-B3-Sampled
X-Revision
X-ATG-Version
X-TT
X-AOL-HN
Actual-Object-TTL
X-Instance
X-Tumblr-Pixel-0
X-Jobs
X-Type
X-Signature
X-Request-Guid
X-FB-Debug
X-Cache-Action
Paypal-Debug-Id
X-Tumblr-Pixel
X-Amz-Replication-Status
X-App-Environment
X-Tumblr-User
X-B-Cache
Healthy
Access-Control-Allow-Method
X-Amz-Apigw-Id
Section-Io-Cache
X-Varnish-Backend
X-Git-Hash
X-Debug-Info
Fastcgi-Useragent
X-WebKit-CSP-Report-Only
Frame-Options
X-Whom
X-Content-Powered-By
Liferay-Portal
X-Hostname
X-Tt-Trace-Tag
X-Cluster
X-Tt-Trace-Host
X-Seen-By
X-Cache-Rule
X-Cache-Operation
X-Erf-Bev-Bev-Is-Generated
X-Srv
X-Erf-Bev-Bev
X-Daa-Tunnel
X-Cache-Age
X-PHP-Backend
X-Az
X-Framework
X-AppVersion
X-FireWall-Port
X-Activity-Id
X-Cached-By
X-Endurance-Cache-Level
Tracecode
X-Contextid
X-Cache-Key
X-WA-Info
X-Mobile
Trailer
X-Amzn-Requestid
Retry-After
Xserver
X-IPLB-Instance
X-Host-Name
Source
X-Response-Served-From
NGB
X-Accel-Buffering
X-RemovedCookies
X-Upgrade-Enabled
X-ProcessESI
Srv
Accept-Charset
Surrogate-Key
X-FastCGI-Cache
Eomportal-Instance
Payment
DC
X-Cache-NE
X-Environment-Context
X-FW-Type
X-RequestSource
X-Rendered-As
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Adobe-Content
X-UUID
X-Region
X-L-Path
X-FW-Server
X-FW-Serve
X-FW-Static
X-GeoIP
X-Is-Bot
X-FW-Hash
X-Adobe-Loc
X-Presslabs-Stats
X-Varnish-Server
X-Varnish-Hostname
X-Cacheable-TTL
X-Origin-Response-Time
X-Handled-By
Filters
X-RateLimit-Remaining
X-CST
X-UA-Device-Type
From-Origin
X-Cache-TTL-Remaining
X-Proxy
X-Time-Microsecs
X-EdgeConnect-Cache-Status
X-Cache-2
X-Backend-Name
Server-Info
X-Wix-Request-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-Server
Cache-Tv-Group
MS-CV
X-NGENIX-Cache
X-Oss-Hash-Crc64ecma
X-APP-VERSION
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Object-Type
Datacenter
X-Akamai-Transformed
Version
X-Cache-Enabled
X-Status
Filterid
X-Unique-Id
X-TIME
S-Cnection
X-Mode
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Time
X-Path-Route
Meta-Geo
X-Cache-Var
X-ES-SERVER
X-Cache-Control
X-Cache-Var-Map
X-CCM
X-RN-RSRV
X-Dc
X-IPS-LoggedIn
Cleartype
X-PERF
X-ApacheServer
X-Via-Fastly
X-Pad
ServedBy
Country
Cache-Tags
X-Hl-Ver
X-R9-Blue-Green-Version
X-Forwarded-Host
X-Ua-Device
X-FC-Vary-Parameters
Now
X-Debug-Cache
X-FW-Dynamic
X-EIG-Tracking-Id
X-Alternate-Cache-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Device-Type
X-Cache-Status-Check
X-AWS-Id
X-LJ-Flow-ID
Webcakes-Region
X-TX-ID
TWC-Connection-Speed
X-Vgn-Hpd-Reason
TWC-Device-Class
X-Tb
TWC-GeoIP-Country
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-VWS-Id
DB-Nickname
Origin-Edge-Control
Origin-Cache-Control
NGX
OT-Force-Account-Verify
Property-Id
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Pubstack
X-Redis-Cache
Akamai-GRN
Webserver
X-Proto
X-Origin
X-Origin-Hint
X-Akamai-Request-ID2
Webcakes-App-Version
X-ShopId
X-ServerID
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
TWC-Privacy
X-ShardId
X-Amzn-Remapped-Content-Length
Selected-Fe
X-Cache-Config
X-Access
X-Loop
X-Www-Served-By
X-Xfnlog-Site
X-Zipkin-Id
X-Web-Node
X-Varnish-Hits
X-Soup
X-Timing-Wait
X-TNCMS
Cache-Key
Section-Io-Id
X-Human
X-ProxyCache-Status
X-RCS-CacheZone
X-BYPASS-REASON
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Site-Version
X-Section
X-IP
X-JoinUs
X-Locale
X-Hosted-By
X-Generated
X-Detected-As
X-Format
X-NCache
X-Proxied
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-SaId
X-Routing-Service
X-Proxy-Build
X-Proxy-Cache-Status
X-Content-Age
X-ProxyCache-Key
Azure-SlotName
Azure-Version
Content-Disposition
Azure-SiteName
Azure-RegionName
X-PressLabs-Stats
X-Esi
GEO-INFO
Cross-Origin-Window-Policy
Azure-InstanceId
Ec-Rule-Version
Mn-Server-Ip
Access-Control-Request-Headers
X-NYM-Debug-Backend
X-Viewer-Country
X-MP-GENERATED-AT
S-Rt
X-FB-TRIP-ID
X-Akamai-Request-ID
X-Cdn
X-Generated-By
X-Cache-Remote
X-Real-IP
X-Request-Time
X-CACHE-KEY
X-HTML-Minification-Powered-By
X-Amzn-RequestId
X-BCube-Filmed-By
X-Geo
X-NewRelic-App-Data
Cache-Hits
X-Edge-O15-RID
X-EC-Lua
X-Adobe-Source
Node
X-B3-Traceid
FilterID
X-SS-Set-Cookie
Nel
X-Microcachable
X-No-Session
Odigeo-Trace-Id
Accept-Language
X-Drupal-Cache-Tags
X-Rule
X-Uri
X-App-Server
Cf-Ipcountry
X-Azure-Ref
X-RTag
X-OCL
X-PCL
X-Qloud-Router
X-From
Ms-Operation-Id
Time
X-Cache-NGX
X-Source
X-NWS-UUID-VERIFY
X-CF-Powered-By
X-RateLimit-Limit
X-Varnish-Cache-Hits
User-Agent
X-Hyper-Cache
X-Labrador-Cache-Channel
Proxy-Connection
X-Backend-TTL
X-PHP-Host
X-Time
X-Info
X-Old-Content-Length
X-Storage
X-Nginx-Cache
X-UA
X-GoCache-CacheStatus
X-Nc
X-Cache-Grace
Cache-Name
X-Newrelic-Synthetics
BehaviorPad-Version
Arc-Country
AsisCache
X-External-Request-Id
X-DPWN-IS-SECURE
Fastcgi-X-Cache-Version
Apple-News-Services-Parsed-Url
X-Rojux
Uber-Trace-Id
X-S
X-S-Cookie
X-GeoIP-Country-Code
X-PAYTM-SRV-ID
X-G
X-Drupal-Cache-Contexts
Apple-News-Services-Handled
A
X-VG-WebServer
X-VG-WebCache
Apple-News-Services-Host
X-Rewrite-Enabled
X-Accel-Expires-Debug
X-Date
X-Aed
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A-Dam
X-A-Dcw
X-D
X-Application
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
Xc-Version
X-ARC
X-B-Cookie
X-A
X-Region-Sid
Meta-Geo-Continent
Mobile-Detection-Method
X-Request-UUID
X-Destination
MD5-Digest
X-Varnish-Beresp-Status
X-Developer
Machine
Rendered-Blocks
Request-Country
True-Client-Country-4JS
Viewtype
VivaBuild
T-Server
ServerName
Request-EU
X-Request-URI
GEO-REGION-INFO
Apple-News-Services-Request-Url
X-Vtex-Processado-Em
X-Vdms-Version
X-Varnish-Beresp-Grace
X-Twitter-Response-Tags
X-SRCache-Key
X-ScT
X-Session-Fingerprint
X-Vtex-Remote-Cache
X-Transaction
X-Trv-Group
X-Processor
X-OVcl-Cache
X-OVcl
X-Cluster-Node
X-Cluster-Name
X-CS
Geo-Info
X-Reboot
X-VG-TLSProxy
X-Rocket-Nginx-Bypass
X-Core-Value
X-Served-From
X-Sn-Servicetimems
Content-Script-Type
X-Thinkindot-L3
X-Matched-Rule
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Trafficlayer-App-Version
Server-Host
PFcat
Thinkindot-Control
X-Trafficlayer-App-Scope
X-Magnolia-Registration
X-ServiceProvider
X-Level-Front-Cache
X-Trafficlayer-App-Name
Viewport
Content-Style-Type
X-UnsetCookies
X-Geo-Header
X-Cache-Expired-At
X-Edge-Location
X-GeoIP-City
X-Cdn-Origin
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Generated-On
X-Load-Cache
Powered-By-ChinaCache
X-S-Maxage
User-Cache-Control
Rt-Fastcgi-Cache
X-Cache-FS-Status
X-Cache-Info
X-Cache-URL
X-Req
X-BBXSRF
We-Hiring
Web-Mar-Node
W
X-NX-Host
X-Nginx-Cache-Key
X-Backend-State
V-Age
X-Logging-Id
RNT-Time
Server-Cache-Control
RNT-Machine
X-VServer
X-Clara-WADP
X-Bc-Bl
X-CGP
Server-Surrogate-Control
X-NodeID
X-Core-Mission
X-Request-Host
Server-ID
Wxu-Next-Commit
Wxu-Next-Region
X-Bip
X-CUA
X-VC-Cache
X-Block-Status
X-Agile-Age
X-Agile-Id
X-RateLimit-Limit-Second
X-App-Name
Cache-Cookie-Set-Idcheck
X-Auto-Login
Cache-Cookie-Set-From
X-Thanos
X-LI-UUID
X-Contensis-Viewer-Groups
X-Agile
X-RateLimit-Remaining-Second
X-Slack-Backend
X-Ms-Request-Id
X-Micro-Cache
Cache-Cookie-Set-Lfrom
X-Proxy-Upstream
X-Ms-Version
X-TrackingId
X-Backend-Host
X-Cache-ASPX
X-Cache-Bucket
X-Trace-Id
X-Wikidot-Static-Cache
Wxu-Next-Hostname
Mail-Subject
X-LAGOON
X-Var-Ttl
X-Swa-Ws
AKAMAI
X-Fetched-On
X-Sigma-Backend
X-Origin-Expires
X-SIPLIST1
Cache-Host
X-Rocket-Build-Number
X-Eu-Site
X-Debug-Cache-Expiry
X-Urbn-Site-Id
X-Fastly-Cache
CDCHOST
X-Server-W
X-Varnish-Authentication
X-Varnish-Cacheable
X-Hash
X-Has-Esi
X-Owner
X-WADP-Cache
X-Hnp-Log
X-Varnish-Beresp-Ttl
X-Instart-Isnd
X-Irp-Debug
X-Is-Gdpr
X-JWT-State
X-FW-Version
X-Sigma
X-Gamma-Serve
X-Gen-Mode
X-Cms-Context
X-Generated-In
X-WebServer
Country-Code
X-Origin-Date
Memcached
X-LI-Proto
X-Li-Pop
Locid
Kp-EeAlive
Locale
X-Tumblr-Pixel-3
N-Cache
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Pramga
X-Debug-Cookies
X-TT-TIMESTAMP
On-Server
X-Debug-Log
IsBot
L5d-Success-Class
X-Li-Fabric
X-Dispatch
X-Developers
X-Dispatcher-Server
X-Distributor
X-Distil-CS
FNAC-ModuleRouting
Gh-Request-Id
Group
X-Urbn-Context-Path
X-Webstats-RespID
X-Device-Os
X-Wikidot-Backend
Heartbleed
Ha-Gx-Prefs
HA-Ipaddr
X-VCT
X-NC
X-Platform-Server
X-Generation-Time
X-Lb-Id
X-We-Are-Hiring
X-ND-Cache
X-Hit
Countrycode
X-Skip-Cache
X-Servername
Is-Eu
X-Service
Fastly-SIE
Cloudfront-Viewer-Country
X-Clientip
X-Variation
Adler-Geo
Platform
Fastly-SWR
X-Epic-Correlation-Id
X-Rebelmouse-Cache-Control
X-C
X-Fmm-Version
X-DevSite-Last-Modified
Mime-Version
X-Rebelmouse-Surrogate-Control
X-Cache-Tags
Fastly-Drupal-HTML
X-Sucuri-ID
X-VHOST
X-Node-Id
X-Refresh
X-Response-By
X-Scheme
X-TA-CDN-Provider
X-RESPONSE-TIME
HitType
Environment
X-CLOUD-TRACE-CONTEXT
X-BACKEND-TTL
X-Instart-Info
X-SN
Cache
SD-X-WS
X-Edge
X-MCACHE
X-App-Version
X-Varnish-URL
X-VCache
Hostname
X-Pjax-Url
Proxy-Firewall
X-APP
X-B3-Spanid
X-Parent-Response-Time
X-CDN-Forward
X-Ratelimit-Remaining
X-CSRF-Token
X-Varnish-Ttl
X-Cdn-Forward
Origin
Vix-Hermes-Req-Id
X-Origin-TTL
X-Origin-CC
M-TraceId
X-Cache-PHP
Fastly-Backend-Name
X-MSEdge-Features
X-MSEdge-Flight
X-Up
Request-Time
X-Correlation-ID
NM-Fastcgi-Cache
X-ECACHE
X-Vdms-Path
X-Server-Time
X-Wa
X-CSRF-TOKEN
X-Mid
CF-Cached-On
Pragrma
Cdn-Request-Time
X-FPC
PICS-Label
Cdn-Host
X-TT-LOGID
Geoip-Latitude
Geoip-City
X-Edge-Server
X-Be
X-Ua
X-Wix-Viewer-Type
Server-Ext
GeoIp-Country-Code
Server-Hostname
Sever-Int
X-Webkit-CSP
TTL
Pagetype
CACHE
Cdn
Cdncip
X-AK-Request-ID
X-Vcl-Version
X-ECache
Cdnsip
NtCoent-Length
X-HS-Status
X-URL
HostName
X-SVT-ORM-RULES
X-Newrelic-App-Data
Ohc-File-Size
X-Myra-Origin2
X-SVT-ORM-VERSION
X-Method
X-Cache-Host
X-Via-PopH
X-Via-PopV
Magicmarker
X-Air-Hostname
X-Litespeed-Cache
X-Worker
X-NU-AKA-ACS-Version
X-Protected-By
Cteonnt-Length
X-Cache-Metadata
X-Request-Start
Memory
X-Zone
X-Referer
X-Envoy-Upstream-Healthchecked-Cluster
X-Bc
X-Branch-Name
X-Servedbyhost
Resin-Trace
X-ZONE
X-BC
X-DC
SRV
X-Dynatrace-Js-Agent
X-Ratelimit-Limit
RequestId
X-FORWARDED-FOR
Release
X-ServedByHost
X-Cache-Debug
X-Oneagent-Js-Injection
X-Azure-Ref-OriginShield
X-Policy
X-Pf-Uncompressing
Dt-Cache-Category
X-Swift-Error
X-GEO
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Ohc-Cache-HIT
Load-Balancing
X-TH-Server
X-C-Key
XServer
X-C-Zone
X-Unique-ID
X-NGINX-Cache
Lb
X-VCL-Version
Esi-Enabled
IBM-Web2-Location
X-Tec-Api-Version
X-AIR-PT
X-Esi-Check
X-Tec-Api-Root
X-SRV
GeoIP-Country-Code
Dnion-Transfer-Encoding
X-Tec-Api-Origin
Server-Int
Who
Pics-Label
X-Reqid
Ttl
X-Configured-By
X-Cache-Id
X-Ruxit-Js-Agent
GeoIP-City
GeoIP-Latitude
X-Ocache
X-Gzip
X-Pinterest-Direct
X-Datadome
X-Via-Ucdn
X-COUNTRY
X-Tb-Optimization-Total-Bytes-Saved
X-Fastly-Country-Code
X-Node-ID
Powered-By
Tcn
X-B3-SpanId
X-Country-IP
X-WA
UCS
X-Fpc
MIME-Version
FSS-Cache
Product
Fastly-Soc-X-Request-Id
LB
X-VarnishDD-TTL
Fastly-SSL
X-Action
X-PF-Uncompressing
X-SERVER-NAME
X-RAMCache
X-Svr
X-Powered-Y
X-DI
X-DSS
X-RPM
Lfy
X-Fastly-Request-Id
X-RSL
X-RPS
X-Varnish-Url
X-PJAX-URL
X-DB
X-Flog
Sid
X-Hello
X-DW
X-ABtesting
X-Fastly-Backend-Reqs
X-WPE-Loopback-Upstream-Addr
FSS-Proxy
X-SD-PageType
X-HostName
Host-ID
X-Server-IP
X-Varnish-Beresp-TTL
X-MID
X-Cache-Backend
Requestid
Amp-Access-Control-Allow-Source-Origin
X-Flow-Id
X-Page-Impression-Id
X-LiteSpeed-Cache-Control
X-Amzn-Remapped-Date
X-Apw-Access-Action
X-ElasticPress-Search
X-Render-Time
X-BE
X-Amzn-Remapped-Connection
Xet-Cookie
X-Apw-Hits
X-Via-CDN
X-Apw-Access-Object
X-Apw-Access-Token
ProcessTime
X-Agile-Brick-Ok
X-Zalando-Child-Request-Id
CF-IPCountry
Cneonction
X-Aicache-OS
C-Via
X-Debug-Controller
X-User
CDN
SN
WZWS-RAY
X-Compress-Hint
X-Debug-Revision
L
X-Check-Cacheable
X-B3-Parentspanid
X-UPSTREAM-Address
X-Litespeed-Cache-Control
X-Key
CloudFront-Viewer-Country
X-Internal-Host
X-App
X-Beluga-Trace
X-Nananana
X-Request-URL
X-Beluga-Cache-Status
X-Dw-Trace-Id
DataCenter
X-Request-Url
X-Beluga-Node
X-Beluga-Record
X-LB-ID
X-Fastly-Cache-Hits
X-MiniProfiler-Ids
X-Beluga-Response-Time
X-Beluga-Status