Suricata

It would be nice to understand which pcre are affected by sticky buffers and which aren't. Initial search reveals http.request_body and http.response_body do not affect following pcre, yet http.host and http.uri do.

Examples:
pcre modifier required:
http.request_body; pcre:"/^[\x20-\x7e\r\n]{0,20}[^\x20-\x7e\r\n]/P";
http.response_body; <...> pcre:"/function(\s_0x[0-9a-f]{4})?\(_0x[0-9a-f]{6},_0x[0-9a-f]{6}\){var _0x[0-9a-f]{6}=/Qi";

pcre modifier not required:
http.host; pcre:"/(github\x2eio|bitbucket\x2eorg)$/";
http.uri; content:".bmp"; endswith; pcre:"/^\x2f\d\x2f[a-z0-9]{1,4}\x2ebmp$/";