Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
Via
CF-RAY
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Cache-Hits
Referrer-Policy
X-Amz-Cf-Pop
P3P
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
CF-Ray
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-Ua-Compatible
Timing-Allow-Origin
P3p
X-Iinfo
X-Template
X-Language
Status
Upgrade
X-Content-Security-Policy
X-AspNetMvc-Version
X-CDN
X-Buckets
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
X-Kinja-Server-Push
Access-Control-Max-Age
Keep-Alive
X-Via
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Robots-Tag
Xkey
X-Page-Speed
X-Hacker
Feature-Policy
X-Server-Powered-By
X-Pingback
Request-Context
Server-Timing
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Grace
X-UA-Device
X-Varnish-Cache
X-Amz-Version-Id
Cf-Railgun
Report-To
X-OneAgent-JS-Injection
X-Rq
X-LiteSpeed-Cache
X-Server-Id
X-Device
X-Origin-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Vhost
X-Host
EagleEye-TraceId
X-Backend-Server
X-Node
X-Response-Time
X-Dispatcher
X-Ac
NEL
X-WebKit-CSP
X-Cache-Lookup
X-Origin-Upstream-Status
X-Dns-Prefetch-Control
Surrogate-Control
Request-Id
X-Readtime
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
X-ORACLE-DMS-ECID
X-DataDome
X-HW
X-ORACLE-DMS-RID
X-Cnection
X-Mod-Pagespeed
X-Country
X-Akam-SW-Version
Edge-Control
Rating
X-Url
X-Rack-Cache
X-Cloud-Trace-Context
X-Clacks-Overhead
RTSS
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-Country-Code
Fusion-Deployment-Id
X-ASPNET-VERSION
X-DynaTrace
Allow
X-GitHub-Request-Id
Verso
Service-Worker-Allowed
X-Varnish-TTL
Accept-CH
X-Instart-Request-ID
X-MS-InvokeApp
X-D2id
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
Content-MD5
Pinterest-Generated-By
X-Server-Name
SPRequestGuid
Accept-CH-Lifetime
X-Cached
X-Powered-By-Plesk
X-Forwarded-Proto
X-Navigation-Version
X-Trace
TCN
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-Amz-Rid
X-Abt-Application-Version
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Public-Key-Pins
X-Fastly-Request-ID
X-Vcache
Nginx-Cache
X-Vcap-Request-Id
X-Ttl
X-MSEdge-Ref
X-Debug
X-ESI
X-VARITI-CCR
SPRequestDuration
SPIisLatency
Arr-Disable-Session-Affinity
Charset
X-B3-TraceId
X-Accel-Expires
X-DynaTrace-JS-Agent
X-Cache-TTL
MS-Author-Via
X-NF-Request-ID
NR-ENABLED
Pagespeed
X-Middleton-Response
Response
X-Middleton-Display
Display
X-Px
X-Sol
X-Content-Type
Realpath
X-Client-IP
Cache-Tag
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
X-Server-ID
Edge-Cache-Tag
Access-Control-Request-Method
X-Id
X-Powered-CMS
X-Grace
X-Pinterest-Rid
Pinterest-Version
WPE-Backend
X-Webkit-Csp
Front-End-Https
X-Fastcgi-Cache
X-Jurisdiction
X-Hp-Webp
X-Shield-Request-Id
X-Upstream
X-T
X-Hits
X-Version
AR-PoweredBy
X-Element-Page-Cache
AR-ATIME
AR-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Content-Digest
X-Dw-Request-Base-Id
DynaTrace
X-Node-Name
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
X-Cache-Hit
ServerID
Fastcgi-Cache
X-Recruiting
X-Correlation-Id
X-Mobile-URL
Ar-Sid
AR-CACHE
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-HS-Hub-Id
AMP-Access-Control-Allow-Source-Origin
X-HS-Cache-Config
X-HS-Content-Id
Server-Node
Powered
X-Frontend
X-Request-Processing-Time
X-Request-Received
TP-Cache
TP-L2-Cache
PB-RID
X-Forwarded-For
PB-PID
X-FTR-Expires
X-DIS-Request-ID
X-Mobile-Rewrite
Arc-Version
Upgrade-Insecure-Requests
Refresh
X-Ezoic-Cdn
X-HS-Combine-CSS
X-Shard
Alternate-Protocol
Accept-Ch
Host-Header
Server-Name
X-XRDS-Location
X-Amzn-Trace-Id
X-Geo-Country
X-Microsite
X-NWS-LOG-UUID
X-Request-Handler-Origin-Region
X-TTL
X-N
X-Rid
X-FTR-Cache-Host
X-F-Cache
X-Akamai-Edgescape
X-Page-Id
X-LB-Cache
Fastly-Restarts
X-Logged-In
Backend-Timing
X-User-Agent
X-B
X-ATS-Timestamp
X-Varnish-Age
X-Aspnetmvc-Version
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-XRDS-LOCATION
Accept-Ch-Lifetime
MicrosoftSharePointTeamServices
X-Cache-Key
X-FastCGI-Cache
X-Kinsta-Cache
X-Zen-Fury
Healthy
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Origin-Server
X-Varnish-Grace
X-Revision
X-Esi
Host
X-Jobs
X-Request-Guid
X-Tumblr-User
X-Varnish-Backend
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-App-Environment
X-Instance
Fastcgi-Useragent
X-B-Cache
X-Hostname
X-ATG-Version
X-Git-Hash
Actual-Object-TTL
X-Cache-Age
Paypal-Debug-Id
X-Signature
X-FB-Debug
X-AOL-HN
Section-Io-Cache
X-Type
X-Amz-Replication-Status
X-B3-Sampled
X-TT
X-Whom
X-Seen-By
X-Cluster
X-Cache-Action
X-Debug-Info
Frame-Options
X-WebKit-CSP-Report-Only
Cache-Status
Access-Control-Allow-Method
Trailer
X-Content-Options
X-Amzn-Requestid
X-Endurance-Cache-Level
X-Presslabs-Stats
X-Cache-Rule
X-Cache-Operation
X-Contextid
X-Content-Powered-By
Source
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Host-Name
X-SERVER
Tracecode
Liferay-Portal
X-Az
X-AppVersion
X-Activity-Id
Accept-Charset
X-Daa-Tunnel
X-FireWall-Port
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-IPLB-Instance
X-Amz-Apigw-Id
X-Upgrade-Enabled
DC
X-PHP-Backend
X-APP-VERSION
From-Origin
X-Framework
X-WA-Info
X-Response-Served-From
NGB
X-Accel-Buffering
X-RemovedCookies
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-ProcessESI
Retry-After
X-FW-Hash
X-UUID
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Rendered-As
X-Is-Bot
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
Surrogate-Key
Srv
X-Adobe-Content
Payment
X-Environment-Context
X-Adobe-Loc
X-Cacheable-TTL
X-L-Path
X-GeoIP
X-Region
X-Wix-Request-Id
X-RequestSource
X-Cache-NE
Eomportal-Instance
X-Varnish-Server
X-Mobile
X-Time-Microsecs
Filters
X-Handled-By
X-Cached-By
X-Unique-Id
X-RateLimit-Remaining
X-UA-Device-Type
X-Proxy
X-Origin-Response-Time
X-Varnish-Hostname
X-NGENIX-Cache
Xserver
Nel
X-Cache-TTL-Remaining
X-TIME
X-Webkit-CSP
Filterid
Datacenter
X-EdgeConnect-Cache-Status
X-B3-Traceid
X-Cache-Control
X-Cache-Server
X-Akamai-Transformed
X-Cache-Time
GEO-INFO
X-Srv
MS-CV
X-Backend-Name
Version
X-CST
X-Status
Server-Info
Cache-Tv-Group
Odigeo-Trace-Id
X-Mode
X-Rule
S-Cnection
X-Cache-2
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Enabled
Cache-Tags
X-Path-Route
X-IP
X-CCM
Webserver
X-ES-SERVER
X-Cache-Var-Map
Meta-Geo
X-Cache-Var
Ec-Rule-Version
X-FW-Dynamic
DB-Nickname
S-Rt
Azure-InstanceId
X-FC-Vary-Parameters
X-TNCMS
OT-Force-Account-Verify
X-RN-RSRV
X-Redis-Cache
Azure-RegionName
X-Loop
Azure-Version
X-Detected-As
Azure-SiteName
Azure-SlotName
X-Amzn-Remapped-Content-Length
Cache-Hits
X-Forwarded-Host
Cross-Origin-Window-Policy
Akamai-GRN
Now
Webcakes-App-Version
X-PERF
X-Proto
Webcakes-App-Name
X-TX-ID
TWC-Locale-Group
TWC-Privacy
X-Adobe-Source
X-Pubstack
X-R9-Blue-Green-Version
X-Say-TTL
X-Say-Cacheable
X-NCache
Webcakes-Region
X-Real-IP
X-ServerID
X-Origin-Hint
X-SayCDN-TTL
TWC-GeoIP-LatLong
X-Via-Fastly
X-Human
X-Origin
Origin-Cache-Control
X-Hosted-By
X-Hl-Ver
Decoy-Debug-Key
Decoy-Debug-Status
NGX
Origin-Edge-Control
Country
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
ServedBy
X-ApacheServer
X-Web-Node
Property-Id
Cleartype
Decoy-Debug-TTL
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Format
X-LJ-Flow-ID
X-Locale
X-ProxyCache-Key
X-Proxy-Cache-Status
X-EIG-Tracking-Id
X-Cache-Config
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Origin-Responded
X-Alternate-Cache-Key
X-BYPASS-REASON
X-AWS-Id
X-ProxyCache-Status
X-RCS-CacheZone
Content-Disposition
X-VWS-Id
X-Vgn-Hpd-Reason
X-Akamai-Request-ID2
X-Cache-NGX
X-Device-Type
X-Cache-Status-Check
X-Tb
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Site-Version
Section-Io-Id
X-NYM-Debug-Backend
Access-Control-Request-Headers
Cache-Key
X-Content-Age
X-Proxy-Build
X-HTML-Minification-Powered-By
X-Proxied
X-Www-Served-By
X-FB-TRIP-ID
X-Section
X-Debug-Cache
X-SaId
X-Zipkin-Id
X-Xfnlog-Site
X-Viewer-Country
X-Timing-Wait
X-Access
X-BCube-Filmed-By
X-MP-GENERATED-AT
Node
X-Routing-Service
X-JoinUs
Mn-Server-Ip
Selected-Fe
X-Soup
X-Microcachable
X-Cache-Remote
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-No-Session
X-Request-Time
X-Cdn
X-Backend-TTL
X-EC-Lua
X-Dc
X-Varnish-Hits
X-Akamai-Request-ID
Cf-Ipcountry
X-Generated-By
X-Pinterest-Direct
X-Geo
X-From
X-Pad
Accept-Language
Time
X-Drupal-Cache-Tags
X-NewRelic-App-Data
X-IPS-LoggedIn
X-CF-Powered-By
X-Azure-Ref
X-Old-Content-Length
X-NC
X-URL
X-VCT
Uber-Trace-Id
X-RTag
X-Amzn-RequestId
Ms-Operation-Id
X-Source
FilterID
X-Uri
X-RateLimit-Limit
X-NWS-UUID-VERIFY
X-MCACHE
X-CS
User-Agent
Cache-Name
X-Cache-Grace
X-PressLabs-Stats
X-Edge
X-UA
X-PHP-Host
X-GoCache-CacheStatus
X-OCL
X-PCL
X-Labrador-Cache-Channel
X-Newrelic-Synthetics
X-Qloud-Router
X-Litespeed-Cache
X-Varnish-Cache-Hits
Cache
X-ECACHE
X-FORWARDED-FOR
X-Drupal-Cache-Contexts
X-Edge-Location
X-APP
Proxy-Connection
X-Nginx-Cache
X-Magnolia-Registration
X-Hyper-Cache
Arc-Country
Apple-News-Services-Request-Url
AsisCache
BehaviorPad-Version
Apple-News-Services-Handled
User-Cache-Control
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Vtex-Processado-Em
Fastcgi-X-Cache-Version
Mobile-Detection-Method
Meta-Geo-Continent
Rendered-Blocks
Request-Country
Request-EU
T-Server
Memcached
GEO-REGION-INFO
ServerName
Machine
MD5-Digest
Xc-Version
X-Vtex-Remote-Cache
X-Trv-Group
X-FW-Version
X-External-Request-Id
X-G
X-GeoIP-Country-Code
X-Info
X-Session-Fingerprint
X-DPWN-IS-SECURE
X-Date
X-Destination
X-SRCache-Key
X-Developer
X-Instart-Info
X-PAYTM-SRV-ID
X-ScT
X-S-Cookie
X-Rocket-Nginx-Bypass
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
X-Processor
X-Reboot
X-Region-Sid
X-Request-URI
X-D
X-Transaction
X-Tumblr-Pixel-3
X-Twitter-Response-Tags
X-A-Ccd
X-A-Dam
X-A-Dgt
X-Vdms-Version
X-A
X-VG-WebServer
Viewtype
VivaBuild
X-VG-WebCache
X-A-Wwc
X-Accel-Expires-Debug
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-Cache-Bucket
X-B-Cookie
X-Aed
X-S
X-Application
X-ARC
True-Client-Country-4JS
X-A-Dcw
X-Mid
X-Cluster-Name
X-CDN-Forward
CF-Cached-On
X-Clara-WADP
X-Contensis-Viewer-Groups
X-Cdn-Origin
X-Cache-URL
X-Cache-ASPX
X-Cache-Info
X-DevSite-Last-Modified
X-Generated-On
X-GeoIP-City
X-Hnp-Log
X-Gen-Mode
X-Gamma-Serve
X-Block-Status
X-Fastly-Cache
X-Fmm-Version
X-Core-Value
X-BBXSRF
Server-Surrogate-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Server-Host
Server-Cache-Control
Rt-Fastcgi-Cache
SD-X-WS
Thinkindot-Control
Viewport
X-Backend-Host
X-Backend-State
X-IN-APIGATEWAY
X-Auto-Login
X-VCache
Web-Mar-Node
X-COUNTRY
X-Bc-Bl
X-Level-Front-Cache
X-VServer
X-WADP-Cache
X-We-Are-Hiring
X-VG-TLSProxy
X-Varnish-Authentication
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
X-Webstats-RespID
X-Wikidot-Backend
X-Is-Gdpr
X-JWT-State
X-Has-Esi
X-Geo-Header
X-Wikidot-Static-Cache
Vix-Hermes-Req-Id
X-Trafficlayer-App-Name
X-TrackingId
X-LI-Proto
X-LI-UUID
X-Micro-Cache
X-Li-Pop
X-Li-Fabric
X-Irp-Debug
Proxy-Firewall
X-Request-Host
X-Served-From
X-Sn-Servicetimems
X-Thinkindot-L3
X-Slack-Backend
X-ServiceProvider
X-Server-W
X-Servername
X-IN-APIGATEWAYSSL
X-Matched-Rule
Cache-Cookie-Set-Lfrom
Content-Script-Type
X-Sucuri-ID
N-Cache
Content-Style-Type
Cache-Cookie-Set-Idcheck
On-Server
Gh-Request-Id
Cache-Cookie-Set-From
X-Storage
X-UnsetCookies
X-Varnish-Ttl
X-S-Maxage
A
X-Swa-Ws
X-Distributor
X-Distil-CS
X-TT-TIMESTAMP
X-SN
X-Epic-Correlation-Id
X-Fetched-On
X-Cache-PHP
Fastly-SWR
X-Eu-Site
X-Cache-Tags
X-CGP
X-Dispatcher-Server
X-Core-Mission
X-Cluster-Node
X-Trace-Id
X-Debug-Cookies
X-Thanos
Fastly-SIE
X-Debug-Log
X-Clientip
X-Proxy-Upstream
X-Dispatch
FNAC-ModuleRouting
X-Device-Os
X-CUA
X-Sigma-Backend
X-Req
X-NX-Host
X-NodeID
X-Nginx-Cache-Key
X-Ms-Request-Id
X-Ms-Version
X-Origin-Date
X-Origin-Expires
X-Platform-Server
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Owner
X-Rebelmouse-Surrogate-Control
CDCHOST
X-Rocket-Build-Number
X-Sigma
X-Hash
Group
X-Generated-In
Fastly-Drupal-HTML
X-SIPLIST1
X-SS-Set-Cookie
Countrycode
Platform
X-Logging-Id
X-Scheme
Cache-Host
Country-Code
X-LAGOON
X-Skip-Cache
Adler-Geo
X-Var-Ttl
Wxu-Next-Region
Wxu-Next-Commit
Mail-Subject
We-Hiring
Heartbleed
Locid
X-WebServer
X-Agile-Id
X-Agile-Age
X-Agile
W
Locale
RNT-Machine
X-Urbn-Context-Path
X-Urbn-Site-Id
AKAMAI
RNT-Time
Server-ID
V-Age
X-Cms-Context
X-Developers
X-Generation-Time
X-App-Name
Wxu-Next-Hostname
X-Bip
X-VC-Cache
Is-Eu
IsBot
HA-Ipaddr
L5d-Success-Class
X-Variation
X-Cache-FS-Status
X-Varnish-Cacheable
Ha-Gx-Prefs
Kp-EeAlive
X-App-Server
X-CSRF-Token
X-Hit
X-Varnish-Beresp-Grace
X-Cache-Expired-At
NM-Fastcgi-Cache
X-C
X-Response-By
X-Varnish-Beresp-Status
Request-Time
X-Vdms-Path
X-RESPONSE-TIME
X-Debug-Cache-Expiry
X-Instart-Isnd
X-OVcl
X-OVcl-Cache
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-B3-Spanid
X-Refresh
Server-Ext
Sever-Int
PFcat
Server-Hostname
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
X-CACHE-KEY
X-TA-CDN-Provider
X-Node-Id
Pagetype
M-TraceId
X-Nc
X-Protected-By
Mime-Version
HostName
X-Parent-Response-Time
X-FPC
X-Method
X-Time
X-Ratelimit-Remaining
X-Ua-Device
Powered-By-ChinaCache
X-Via-PopV
Magicmarker
X-Varnish-URL
X-Worker
X-Via-PopH
X-MSEdge-Flight
X-MSEdge-Features
Geo-Info
PICS-Label
Origin
X-Wa
Geoip-Latitude
Geoip-City
X-Lb-Id
X-Branch-Name
X-Envoy-Upstream-Healthchecked-Cluster
X-Request-Start
X-SRV
Pramga
X-Be
X-ND-Cache
X-Policy
GeoIp-Country-Code
Memory
Cloudfront-Viewer-Country
X-Service
X-GEO
X-Planisys-CDN-Cache
XServer
X-Planisys-CDN-Rules
X-C-Zone
HitType
X-C-Key
X-Planisys-CDN-TTL
X-SERVER-NAME
X-ECache
X-Pjax-Url
X-Load-Cache
Environment
X-BACKEND-TTL
X-HS-Status
Esi-Enabled
X-DC
Who
X-Wix-Viewer-Type
Dt-Cache-Category
Cteonnt-Length
X-Via-Ucdn
X-Bc
X-Newrelic-App-Data
X-Reqid
X-Myra-Origin2
X-Azure-Ref-OriginShield
X-Zone
X-Ua
NtCoent-Length
X-Cdn-Forward
X-Up
X-CSRF-TOKEN
X-Referer
X-Servedbyhost
X-Country-IP
TTL
Fastly-Backend-Name
X-VCL-Version
X-Cache-Metadata
X-Ratelimit-Limit
X-Vcl-Version
X-Origin-CC
Ttl
X-Origin-TTL
SRV
Cdn
X-Oneagent-Js-Injection
X-TT-LOGID
Resin-Trace
Product
X-ZONE
Pragrma
X-Server-Time
X-NGINX-Cache
X-BC
UCS
X-ServedByHost
X-Cache-Host
X-Swift-Error
Hostname
Cdn-Request-Time
X-Pf-Uncompressing
X-Edge-Server
Cdn-Host
X-App-Version
X-Fastly-Country-Code
X-Correlation-ID
X-Server-IP
Release
Cdncip
Cdnsip
X-AK-Request-ID
Load-Balancing
CACHE
Lb
X-AIR-PT
FSS-Cache
X-NU-AKA-ACS-Version
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Ruxit-Js-Agent
X-PJAX-URL
C-Via
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
LB
X-Datadome
Sid
GeoIP-Country-Code
X-Node-ID
X-Configured-By
X-WA
X-WPE-Loopback-Upstream-Addr
Warning
GeoIP-Latitude
Dnion-Transfer-Encoding
GeoIP-City
X-Air-Hostname
Ohc-File-Size
MIME-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Esi-Check
X-Cache-Id
X-Location
My-App
X-BE
X-Gzip
X-Cache-Backend
X-UPSTREAM-Address
X-TH-Server
Ohc-Cache-HIT
X-Varnish-Url
RequestId
X-Cache-Debug
X-RAMCache
X-Sucuri-Cache
X-Powered-Y
X-Mvc-Supplant-Cachable
X-Svr
X-VarnishDD-TTL
Pics-Label
X-Varnish-Beresp-TTL
X-Fpc
X-Fastly-Request-Id
Lfy
X-Mvc-Supplant-OutputCached
X-B3-SpanId
X-Fastly-Backend-Reqs
IBM-Web2-Location
X-Apw-Access-Object
X-Apw-Access-Action
X-Dynatrace-Js-Agent
X-Apw-Access-Token
X-MID
X-Apw-Hits
X-Edge-O15-RID
Amp-Access-Control-Allow-Source-Origin
Xet-Cookie
X-Agile-Brick-Ok
Server-Int
Requestid
X-User
Processtime
Fastly-SSL
X-ElasticPress-Query
CDN
X-ElasticPress-Search
X-Zalando-Child-Request-Id
X-Flow-Id
X-Page-Impression-Id
X-Ocache
X-LiteSpeed-Cache-Control
CF-IPCountry
Powered-By
X-Check-Cacheable
X-Aicache-OS
X-Akamai-ERPolicy
X-Debug-Revision
Host-ID
Cneonction
X-Unique-ID
X-Debug-Controller
X-Amzn-Remapped-Date
X-Akamai-ERRuleID
X-B3-Parentspanid
X-SD-PageType
X-Amzn-Remapped-Connection
X-Sucuri-Id
X-Request-Url
CloudFront-Viewer-Country
X-Cache-Tag
X-PF-Uncompressing
X-LB-ID
X-Request-URL
X-Fastly-Cache-Hits
URI
DataCenter
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-Nananana