Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
CF-RAY
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Served-By
X-UA-Compatible
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Ua-Compatible
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
P3p
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-Content-Security-Policy
X-AspNetMvc-Version
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Robots-Tag
Xkey
X-Page-Speed
Feature-Policy
X-Hacker
X-Server-Powered-By
Request-Context
X-Pingback
Server-Timing
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Grace
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-Rq
X-LiteSpeed-Cache
X-Server-Id
X-Device
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
X-Node
X-Response-Time
X-Dispatcher
X-Ac
NEL
X-WebKit-CSP
X-Cache-Lookup
X-Origin-Upstream-Status
X-Dns-Prefetch-Control
Surrogate-Control
X-Readtime
Request-Id
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-ORACLE-DMS-ECID
X-DataDome
X-HW
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Url
X-Rack-Cache
X-Clacks-Overhead
RTSS
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
X-Country-Code
Fusion-Deployment-Id
X-ASPNET-VERSION
X-DynaTrace
X-Varnish-TTL
Allow
X-GitHub-Request-Id
Verso
Service-Worker-Allowed
X-Instart-Request-ID
X-MS-InvokeApp
X-D2id
Accept-CH
Content-MD5
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Kinja
X-Kinja-Build
Pinterest-Generated-By
X-Server-Name
SPRequestGuid
X-Cached
X-Powered-By-Plesk
X-Forwarded-Proto
X-Navigation-Version
X-Trace
X-Amz-Server-Side-Encryption
TCN
X-SharePointHealthScore
X-Abt-Application-Version
Accept-CH-Lifetime
X-Amz-Rid
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Fastly-Request-ID
Public-Key-Pins
X-Vcache
X-Vcap-Request-Id
Nginx-Cache
X-Ttl
X-Debug
X-MSEdge-Ref
X-ESI
X-VARITI-CCR
SPRequestDuration
SPIisLatency
Arr-Disable-Session-Affinity
Charset
X-B3-TraceId
X-Accel-Expires
X-DynaTrace-JS-Agent
X-Cache-TTL
MS-Author-Via
X-NF-Request-ID
NR-ENABLED
Pagespeed
X-Middleton-Display
Response
X-Middleton-Response
Display
X-Px
X-Sol
X-Content-Type
Realpath
X-Client-IP
Cache-Tag
S
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ser
X-Server-ID
Edge-Cache-Tag
Access-Control-Request-Method
X-Powered-CMS
X-Id
X-Pinterest-Rid
Pinterest-Version
X-Grace
X-Webkit-Csp
WPE-Backend
Front-End-Https
X-Fastcgi-Cache
X-Jurisdiction
X-Hp-Webp
X-Shield-Request-Id
X-T
X-Upstream
X-Version
X-Hits
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Element-Page-Cache
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
X-Node-Name
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Cache-Hit
Fastcgi-Cache
ServerID
X-Recruiting
AMP-Access-Control-Allow-Source-Origin
AR-CACHE
Ar-Sid
X-Mobile-URL
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-FTR-Balancer
Accept-Ch
Server-Node
X-HS-Cache-Config
X-HS-Hub-Id
X-Correlation-Id
X-HS-Content-Id
X-Request-Received
X-Request-Processing-Time
Powered
X-Frontend
TP-L2-Cache
TP-Cache
X-FTR-Expires
PB-RID
PB-PID
X-Forwarded-For
X-DIS-Request-ID
X-Mobile-Rewrite
Upgrade-Insecure-Requests
Arc-Version
Refresh
X-Ezoic-Cdn
X-HS-Combine-CSS
X-Shard
Alternate-Protocol
Host-Header
Server-Name
X-XRDS-Location
Accept-Ch-Lifetime
X-Amzn-Trace-Id
X-Geo-Country
X-Microsite
X-Request-Handler-Origin-Region
X-NWS-LOG-UUID
X-TTL
X-N
X-Rid
Fastly-Restarts
X-Akamai-Edgescape
X-Page-Id
X-F-Cache
X-FTR-Cache-Host
X-Logged-In
X-LB-Cache
X-B
Backend-Timing
X-User-Agent
X-ATS-Timestamp
X-Varnish-Age
X-Aspnetmvc-Version
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-XRDS-LOCATION
MicrosoftSharePointTeamServices
X-FastCGI-Cache
X-Kinsta-Cache
X-Cache-Key
X-Zen-Fury
Healthy
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-Origin-Server
X-Varnish-Grace
X-Esi
X-Revision
Host
X-Jobs
X-Request-Guid
X-Instance
X-App-Environment
X-Tumblr-Pixel
Fastcgi-Useragent
X-Tumblr-Pixel-0
X-Tumblr-User
X-Varnish-Backend
Actual-Object-TTL
Paypal-Debug-Id
X-ATG-Version
X-Signature
X-Hostname
X-Git-Hash
X-B-Cache
X-Seen-By
X-AOL-HN
Section-Io-Cache
X-B3-Sampled
X-Cache-Age
X-Whom
X-Amz-Replication-Status
X-Amzn-Requestid
X-Type
X-FB-Debug
X-TT
X-Cluster
X-Cache-Action
X-Debug-Info
Frame-Options
X-WebKit-CSP-Report-Only
Cache-Status
X-Content-Options
Trailer
Access-Control-Allow-Method
X-Endurance-Cache-Level
X-Presslabs-Stats
X-Cache-Rule
X-Cache-Operation
X-Contextid
Source
X-Content-Powered-By
X-Host-Name
X-SERVER
Tracecode
X-AppVersion
X-Activity-Id
X-Az
X-Erf-Bev-Bev
Liferay-Portal
X-Erf-Bev-Bev-Is-Generated
Accept-Charset
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-FireWall-Port
X-Daa-Tunnel
X-IPLB-Instance
X-Amz-Apigw-Id
X-Upgrade-Enabled
X-PHP-Backend
DC
X-APP-VERSION
From-Origin
X-WA-Info
X-Response-Served-From
NGB
X-Framework
X-Accel-Buffering
X-Tumblr-Pixel-1
X-RateLimit-Remaining
X-Tumblr-Pixel-2
Retry-After
X-UUID
X-FW-Serve
X-FW-Static
VIX-Pulpo-Node
Surrogate-Key
VIX-Pulpo-Upstream-Status
X-FW-Hash
X-RemovedCookies
X-ProcessESI
X-FW-Type
X-Rendered-As
X-FW-Server
X-Is-Bot
X-Environment-Context
X-Adobe-Loc
Payment
X-L-Path
X-Adobe-Content
X-Cacheable-TTL
X-Varnish-Server
X-Cache-NE
X-Region
X-GeoIP
X-Wix-Request-Id
X-RequestSource
Eomportal-Instance
X-Mobile
X-Time-Microsecs
X-Cached-By
X-Handled-By
Filters
X-Unique-Id
Srv
X-UA-Device-Type
X-Proxy
X-Origin-Response-Time
X-Varnish-Hostname
Nel
X-NGENIX-Cache
Xserver
X-Cache-TTL-Remaining
X-TIME
Filterid
X-Webkit-CSP
Datacenter
X-EdgeConnect-Cache-Status
X-B3-Traceid
X-Cache-Server
X-Cache-Control
X-Akamai-Transformed
X-Cache-Time
GEO-INFO
MS-CV
X-Backend-Name
X-Srv
Version
X-CST
X-Status
Server-Info
X-Mode
Cache-Tv-Group
S-Cnection
Odigeo-Trace-Id
X-Rule
X-Cache-Enabled
Cache-Tags
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-2
X-CCM
Webserver
X-Path-Route
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Var
X-IP
Meta-Geo
X-FW-Dynamic
Azure-RegionName
Azure-InstanceId
OT-Force-Account-Verify
X-Detected-As
X-Redis-Cache
X-TNCMS
X-RN-RSRV
X-FC-Vary-Parameters
DB-Nickname
Azure-SiteName
S-Rt
X-Loop
Ec-Rule-Version
X-Amzn-Remapped-Content-Length
Azure-Version
Azure-SlotName
TWC-Connection-Speed
TWC-Device-Class
ServedBy
Akamai-GRN
Origin-Edge-Control
Property-Id
TWC-GeoIP-Country
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Say-Cacheable
Origin-Cache-Control
Decoy-Debug-Status
Decoy-Debug-TTL
X-Real-IP
Decoy-Debug-Key
Cleartype
X-Say-TTL
Cache-Hits
X-ApacheServer
NGX
Now
X-Pubstack
X-PERF
X-R9-Blue-Green-Version
Cross-Origin-Window-Policy
X-ServerID
Country
X-Web-Node
X-Via-Fastly
X-Hl-Ver
X-TX-ID
X-Human
X-NCache
X-Forwarded-Host
X-Origin-Hint
X-SayCDN-TTL
X-Adobe-Source
X-Origin
X-Hosted-By
X-Cache-NGX
X-ProxyCache-Key
Content-Disposition
X-AWS-Id
X-Akamai-Request-ID2
X-VWS-Id
Section-Io-Origin-Status
X-Locale
X-LJ-Flow-ID
X-NYM-Debug-Backend
X-ProxyCache-Status
X-Proto
X-Alternate-Cache-Key
X-Proxy-Cache-Status
X-Device-Type
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Cache-Status-Check
Cache-Key
X-Sorting-Hat-PodId
X-Site-Version
X-Vgn-Hpd-Reason
X-Sorting-Hat-ShopId
X-Cache-Config
X-BYPASS-REASON
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Tb
X-EIG-Tracking-Id
X-RCS-CacheZone
Access-Control-Request-Headers
X-Generated
X-ShardId
X-Shopify-Generated-Cart-Token
X-ShopId
X-Shopify-Stage
X-Format
X-Debug-Cache
X-Content-Age
Selected-Fe
X-Proxied
X-SaId
X-Proxy-Build
X-MP-GENERATED-AT
X-Zipkin-Id
Node
X-Xfnlog-Site
X-Www-Served-By
X-Viewer-Country
X-HTML-Minification-Powered-By
X-Access
X-FB-TRIP-ID
X-JoinUs
X-Section
X-BCube-Filmed-By
X-Timing-Wait
Mn-Server-Ip
X-Backend-TTL
X-Routing-Service
X-Microcachable
X-Soup
X-Cache-Remote
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-No-Session
X-Oss-Request-Id
X-Oss-Object-Type
X-Request-Time
X-Cdn
X-Dc
X-EC-Lua
X-Varnish-Hits
X-Generated-By
X-Akamai-Request-ID
X-Pinterest-Direct
X-From
X-Pad
X-Geo
Time
X-Drupal-Cache-Tags
Accept-Language
X-CF-Powered-By
X-NewRelic-App-Data
Cf-Ipcountry
X-IPS-LoggedIn
X-Azure-Ref
X-NC
X-Old-Content-Length
X-RateLimit-Limit
Uber-Trace-Id
X-VCT
X-URL
FilterID
X-Source
X-RTag
Ms-Operation-Id
X-Uri
X-NWS-UUID-VERIFY
X-CS
X-MCACHE
Cache-Name
X-Edge
X-Cache-Grace
User-Agent
X-PressLabs-Stats
X-UA
X-ECACHE
X-PCL
X-Newrelic-Synthetics
X-GoCache-CacheStatus
X-Labrador-Cache-Channel
X-OCL
X-PHP-Host
X-CLOUD-TRACE-CONTEXT
X-Qloud-Router
Cache
X-CDN-Forward
X-Litespeed-Cache
X-Varnish-Cache-Hits
X-Edge-Location
X-APP
X-FORWARDED-FOR
X-Amzn-RequestId
Proxy-Connection
X-Drupal-Cache-Contexts
X-Magnolia-Registration
X-Hyper-Cache
X-Nginx-Cache
X-GeoIP-Country-Code
GEO-REGION-INFO
X-DPWN-IS-SECURE
Machine
Fastcgi-X-Cache-Version
X-External-Request-Id
X-FW-Version
X-G
Apple-News-Services-Handled
Xc-Version
User-Cache-Control
X-PAYTM-SRV-ID
X-Mid
X-Processor
MD5-Digest
Apple-News-Services-Host
BehaviorPad-Version
X-Instart-Info
AsisCache
Arc-Country
Apple-News-Services-Request-Url
X-Info
Rendered-Blocks
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
X-CF-Lambda-Fn
X-Cdn-Srv
X-A-Dgt
X-A-Wwc
X-B-Cookie
X-Cache-Bucket
X-ARC
X-Application
X-Accel-Expires-Debug
X-Aed
X-CF-Lambda-Version
VivaBuild
X-Date
X-Reboot
X-Destination
X-Developer
Meta-Geo-Continent
Mobile-Detection-Method
Request-Country
Request-EU
True-Client-Country-4JS
Viewtype
X-Connection-Hash
T-Server
X-D
ServerName
Memcached
Apple-News-Services-Parsed-Url
X-Rojux
X-S
X-Session-Fingerprint
X-Transaction
X-Rocket-Nginx-Bypass
X-Vtex-Processado-Em
X-Rewrite-Enabled
X-S-Cookie
X-ScT
X-VG-WebCache
X-Vdms-Version
X-VG-WebServer
X-Twitter-Response-Tags
X-SRCache-Key
X-Tumblr-Pixel-3
X-Request-UUID
X-Trv-Group
X-Region-Sid
X-Vtex-Remote-Cache
X-Request-URI
CF-Cached-On
X-Slack-Backend
X-Fastly-Cache
Server-Host
Server-Cache-Control
X-COUNTRY
X-Fmm-Version
Web-Mar-Node
X-Cdn-Origin
X-GeoIP-City
X-Trafficlayer-App-Version
X-Geo-Header
X-Generated-On
X-Gen-Mode
X-Sn-Servicetimems
X-Varnish-Authentication
X-Gamma-Serve
Gh-Request-Id
Rt-Fastcgi-Cache
X-Is-Gdpr
X-Has-Esi
X-Contensis-Viewer-Groups
Proxy-Firewall
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-TrackingId
X-JWT-State
X-Core-Value
X-DevSite-Last-Modified
X-Wikidot-Backend
X-VCache
Viewport
X-Webstats-RespID
N-Cache
X-Clara-WADP
On-Server
SD-X-WS
X-Hnp-Log
X-Block-Status
X-VG-TLSProxy
X-LI-Proto
X-Sucuri-ID
X-Wikidot-Static-Cache
X-Backend-Host
X-Served-From
X-LI-UUID
X-Cache-URL
X-Cache-Info
Vix-Hermes-Req-Id
X-Auto-Login
X-WADP-Cache
X-Micro-Cache
X-Request-Host
X-We-Are-Hiring
Cache-Cookie-Set-From
X-Server-W
Content-Script-Type
X-IN-APIGATEWAYSSL
Cache-Cookie-Set-Idcheck
X-Cache-ASPX
Content-Style-Type
Server-Surrogate-Control
X-IN-APIGATEWAY
X-Bc-Bl
X-Servername
X-ServiceProvider
X-BBXSRF
X-Level-Front-Cache
X-Li-Fabric
Cache-Cookie-Set-Lfrom
X-Backend-State
X-Li-Pop
X-Irp-Debug
X-S-Maxage
X-Storage
X-UnsetCookies
X-Cluster-Name
X-VServer
X-Var-Ttl
X-Variation
X-Varnish-Cacheable
X-VC-Cache
X-TT-TIMESTAMP
X-CGP
X-Cache-PHP
X-Cluster-Node
X-Clientip
X-Cache-Tags
X-Cache-FS-Status
X-SN
X-Matched-Rule
X-Ms-Request-Id
X-Ms-Version
X-NodeID
X-Logging-Id
X-Scheme
Heartbleed
X-Hash
X-LAGOON
X-Rocket-Build-Number
X-NX-Host
X-RateLimit-Limit-Second
X-Req
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Proxy-Upstream
X-Platform-Server
X-Origin-Date
X-Origin-Expires
X-Owner
X-Sigma
X-Generated-In
X-Thanos
X-Dispatch
X-Dispatcher-Server
X-Swa-Ws
X-Thinkindot-L3
X-Debug-Log
X-CUA
X-Trace-Id
X-Debug-Cookies
X-Distil-CS
X-Distributor
X-Skip-Cache
X-SIPLIST1
X-Sigma-Backend
Locale
X-Fetched-On
X-Rebelmouse-Surrogate-Control
X-Epic-Correlation-Id
X-Eu-Site
X-Core-Mission
W
X-Urbn-Site-Id
Platform
Country-Code
Countrycode
Mail-Subject
X-Urbn-Context-Path
CDCHOST
X-Bip
A
Adler-Geo
Cache-Host
Locid
L5d-Success-Class
HA-Ipaddr
Ha-Gx-Prefs
Group
AKAMAI
Fastly-SWR
Is-Eu
Fastly-Drupal-HTML
Kp-EeAlive
Fastly-SIE
IsBot
FNAC-ModuleRouting
RNT-Machine
RNT-Time
Wxu-Next-Commit
We-Hiring
Wxu-Next-Hostname
Wxu-Next-Region
X-Agile-Id
X-Agile-Age
X-Agile
X-App-Name
V-Age
X-Generation-Time
Server-ID
X-WebServer
Thinkindot-CacheControl
X-Cms-Context
X-SS-Set-Cookie
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Developers
X-CACHE-KEY
X-App-Server
X-Varnish-Beresp-Grace
X-Hit
X-CSRF-Token
X-Response-By
X-Vdms-Path
X-Varnish-Beresp-Status
X-Nginx-Cache-Key
X-Device-Os
Request-Time
NM-Fastcgi-Cache
X-Cache-Expired-At
X-C
X-B3-Spanid
X-OVcl
X-Debug-Cache-Expiry
X-Refresh
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Instart-Isnd
X-RESPONSE-TIME
X-OVcl-Cache
Server-Ext
X-Varnish-Beresp-Ttl
Server-Hostname
PFcat
Sever-Int
X-TA-CDN-Provider
M-TraceId
Pagetype
Mime-Version
HostName
X-Protected-By
X-FPC
X-Node-Id
X-Time
X-Method
X-Parent-Response-Time
X-Ua-Device
PICS-Label
Powered-By-ChinaCache
X-Varnish-Ttl
X-Varnish-URL
Geo-Info
X-Via-PopV
X-Via-PopH
X-Worker
Magicmarker
X-Wa
Origin
X-MSEdge-Flight
X-MSEdge-Features
X-Nc
Pramga
X-Request-Start
X-Envoy-Upstream-Healthchecked-Cluster
X-Branch-Name
Geoip-City
X-Lb-Id
Geoip-Latitude
X-SRV
X-Be
GeoIp-Country-Code
X-ND-Cache
Memory
Cloudfront-Viewer-Country
X-Service
X-Policy
X-GEO
X-Ratelimit-Remaining
XServer
HitType
X-SERVER-NAME
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-C-Zone
X-Planisys-CDN-TTL
X-C-Key
X-Pjax-Url
Environment
X-HS-Status
Esi-Enabled
X-DC
X-Load-Cache
X-Wix-Viewer-Type
X-ECache
Dt-Cache-Category
Who
Cteonnt-Length
X-Reqid
X-Via-Ucdn
X-Myra-Origin2
SRV
X-Newrelic-App-Data
X-Bc
X-BACKEND-TTL
X-Azure-Ref-OriginShield
X-Zone
NtCoent-Length
X-Ua
X-Up
Fastly-Backend-Name
X-Country-IP
X-CSRF-TOKEN
X-Servedbyhost
TTL
X-Correlation-ID
X-VCL-Version
X-Referer
X-Cache-Metadata
Ttl
X-Origin-TTL
X-Origin-CC
X-Vcl-Version
X-Cdn-Forward
X-NGINX-Cache
Pragrma
Cdn
X-ZONE
Product
X-TT-LOGID
X-Cache-Host
X-BC
X-Server-Time
X-Oneagent-Js-Injection
X-ServedByHost
UCS
Hostname
X-Ratelimit-Limit
Resin-Trace
X-Edge-Server
X-Fastly-Country-Code
X-Pf-Uncompressing
X-Swift-Error
Cdn-Request-Time
X-App-Version
Cdn-Host
X-AK-Request-ID
Cdncip
Cdnsip
Release
X-Server-IP
CACHE
Load-Balancing
Lb
X-AIR-PT
FSS-Cache
X-Tec-Api-Origin
X-NU-AKA-ACS-Version
X-Tec-Api-Version
X-Tec-Api-Root
X-Ruxit-Js-Agent
LB
X-PJAX-URL
GeoIP-Country-Code
X-Configured-By
C-Via
X-SVT-ORM-RULES
X-Datadome
Sid
X-Node-ID
X-SVT-ORM-VERSION
Warning
X-WPE-Loopback-Upstream-Addr
GeoIP-City
Dnion-Transfer-Encoding
X-Air-Hostname
GeoIP-Latitude
Ohc-File-Size
MIME-Version
X-Location
X-WA
X-Cache-Id
X-BE
X-Esi-Check
X-Gzip
My-App
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Backend
X-UPSTREAM-Address
X-TH-Server
X-Svr
X-Cache-Debug
X-Varnish-Url
Ohc-Cache-HIT
X-Sucuri-Cache
X-RAMCache
X-Mvc-Supplant-Cachable
X-Powered-Y
RequestId
Pics-Label
X-B3-SpanId
X-Fastly-Backend-Reqs
X-Fpc
X-Mvc-Supplant-OutputCached
X-VarnishDD-TTL
X-Fastly-Request-Id
X-Varnish-Beresp-TTL
Lfy
IBM-Web2-Location
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Hits
X-MID
CF-IPCountry
X-Apw-Access-Token
X-Dynatrace-Js-Agent
X-Edge-O15-RID
X-ElasticPress-Query
Processtime
Xet-Cookie
Requestid
X-B3-Parentspanid
X-LiteSpeed-Cache-Control
Fastly-SSL
CDN
X-ElasticPress-Search
X-User
Server-Int
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-Agile-Brick-Ok
X-Ocache
X-Flow-Id
Cneonction
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Powered-By
X-SD-PageType
X-Akamai-ERPolicy
X-Check-Cacheable
Host-ID
X-Akamai-ERRuleID
X-Unique-ID
X-Debug-Controller
X-Debug-Revision
X-Aicache-OS
X-Sucuri-Id
X-Cache-Tag
X-Envoy-Decorator-Operation
DataCenter
X-MiniProfiler-Ids
X-LB-ID
CloudFront-Viewer-Country
X-PF-Uncompressing
X-Dw-Trace-Id
X-Request-Url
URI
X-Request-URL
X-Fastly-Cache-Hits
X-Nananana