Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Envoy-Upstream-Service-Time
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Ua-Compatible
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-Hacker
X-CDN
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
X-Host
X-Response-Time
X-Node
X-Backend-Server
EagleEye-TraceId
Content-Location
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-Rack-Cache
X-Origin-Upstream-Status
Surrogate-Control
X-Ruxit-JS-Agent
Allow
X-ORACLE-DMS-RID
X-HW
X-DataDome
Rating
X-Country-Code
X-FTR-Request-ID
X-TTL
X-Country
X-Clacks-Overhead
X-Url
X-DynaTrace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-Vname
X-PC
X-TtlSet
X-CST
RTSS
Verso
X-Powered-By-Plesk
X-Px
Public-Key-Pins
Edge-Control
X-Recruiting
X-VARITI-CCR
X-Mod-Pagespeed
Pinterest-Generated-By
Service-Worker-Allowed
X-Sol
X-Middleton-Display
X-Middleton-Response
Response
Display
X-D2id
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Ah-Environment
X-B3-TraceId
X-Vcap-Request-Id
X-Version
SPRequestGuid
Accept-CH
X-SharePointHealthScore
X-Akam-SW-Version
MS-Author-Via
TCN
X-Abt-Application-Version
X-Navigation-Version
X-RateLimit-Remaining
X-GitHub-Request-Id
Accept-Ch-Lifetime
X-Powered-CMS
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Shard
X-Upstream
SPIisLatency
SPRequestDuration
X-Forwarded-Proto
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
X-Amz-Server-Side-Encryption
Charset
Fastly-Restarts
X-XRDS-Location
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-Server-Name
X-Amz-Rid
Nginx-Cache
Realpath
X-Debug
X-ESI
X-Aspnetmvc-Version
Front-End-Https
AR-Request-ID
X-Ezoic-Cdn
X-Cached
X-Shield-Request-Id
Mrf-Cache-Status
X-Goog-Metageneration
MRF-Tech
X-Mrf-Item-Lastmod
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Mrf-Section-Lastmod
X-Goog-Stored-Content-Encoding
X-B3-TraceId-Primal
X-NF-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
Pagespeed
Paypal-Debug-Id
X-FTR-Expires
Arr-Disable-Session-Affinity
X-FTR-Cache-Status
X-Country-Code-Real
Content-MD5
X-Vcache
ServerID
X-Id
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
DynaTrace
X-Goog-Storage-Class
MicrosoftSharePointTeamServices
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-DynaTrace-JS-Agent
S
X-Via-JSL
X-Client-IP
X-Varnish-Age
X-Content-Type
X-Dw-Request-Base-Id
X-Hits
X-Amzn-Trace-Id
X-Correlation-Id
X-RateLimit-Limit
X-Grace
X-VCache
Fastcgi-Cache
X-N
X-Content-Digest
X-Frontend
X-SERVER
X-FTR-Cache-Host
X-Accel-Expires
Powered
X-Ser
PB-PID
Arc-Version
X-Mobile-Rewrite
PB-RID
Server-Name
X-DIS-Request-ID
AMP-Access-Control-Allow-Source-Origin
X-FastCGI-Cache
X-Logged-In
X-Forwarded-For
X-B3-Sampled
X-HS-Content-Id
X-Fastcgi-Cache
X-HS-Hub-Id
Accept-Ch
X-GUploader-UploadID
TP-L2-Cache
X-Esi
TP-Cache
Edge-Cache-Tag
X-Request-Handler-Origin-Region
X-Microsite
X-Zen-Fury
X-Request-Processing-Time
X-Request-Received
X-Type
X-Cache-Age
X-Activity-Id
Backend-Timing
FilterID
X-User-Agent
X-AppVersion
X-Az
X-Kinsta-Cache
X-IPLB-Instance
X-Rid
X-Analytics
X-B3-Traceid
X-LB-Cache
X-Revision
Healthy
X-Node-Name
X-Whom
Retry-After
X-Time
X-Srv
X-F-Cache
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-NWS-LOG-UUID
X-Cache-2
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Accept-Charset
Alternate-Protocol
X-Amzn-RequestId
X-Amz-Apigw-Id
Server-Node
X-Cache-Rule
Cache-Status
X-AOL-HN
X-Acc-Meta-Resource-Type
X-Content-Options
X-TA-CDN-Provider
Surrogate-Key
X-Akamai-Edgescape
Refresh
DC
X-Debug-Info
X-Content-Security-Policy-Report-Only
X-Content-Powered-By
VIX-Pulpo-Node
X-FW-Hash
VIX-Pulpo-Upstream-Status
X-Forwarded-Host
X-FW-Type
X-Instance
X-FW-Server
X-FW-Static
X-FW-Serve
X-Hp-Webp
Access-Control-Allow-Method
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Jobs
X-Cluster
X-Varnish-Grace
X-Page-Id
X-Framework
X-PHP-Backend
X-FB-Debug
Source
X-B
X-App-Environment
X-Request-Guid
MS-CV
Fastcgi-Useragent
Frame-Options
X-App-Server
Cache-Tag
X-Hostname
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Host
Tracecode
X-Cache-Operation
Cleartype
X-B-Cache
X-Signature
Actual-Object-TTL
X-Mobile-URL
X-BCube-Filmed-By
X-Cache-Key
X-Cached-By
X-Geo-Country
X-Cache-Control
X-Seen-By
X-Varnish-Backend
X-Amz-Replication-Status
X-TT
X-Host-Name
X-Pad
X-Mobile
X-Git-Hash
Liferay-Portal
X-Response-Served-From
NGB
X-Adobe-Content
X-Adobe-Loc
Accept-CH-Lifetime
Upgrade-Insecure-Requests
X-PressLabs-Stats
X-Cache-TTL
X-Ratelimit-Reset
X-TT-TIMESTAMP
X-ATG-Version
Payment
X-FW-Dynamic
X-ProcessESI
X-Status
X-RemovedCookies
X-WebKit-CSP-Report-Only
Cache-Tv-Group
Filters
Eomportal-Instance
WPE-Backend
Webserver
From-Origin
X-Tumblr-Pixel-1
X-RTag
X-Tumblr-Pixel-2
X-Handled-By
X-TX-ID
Ms-Operation-Id
X-Cacheable-TTL
X-GeoIP
X-UA-Device-Type
X-Drupal-Cache-Tags
X-WA-Info
X-RequestSource
GEO-INFO
X-Cache-TTL-Remaining
Xserver
X-Cache-Remote
Datacenter
X-Origin-Server
X-Content-Age
X-Server-ID
X-DataStream-Cache-Status
X-Edge-Location
X-Cache-Action
X-Daa-Tunnel
X-Storage
X-Webkit-CSP
Viewport
X-Varnish-Hostname
X-Accel-Buffering
NR-ENABLED
Version
X-Hyper-Cache
X-EdgeConnect-Cache-Status
X-Upstream-Proxy
X-Contextid
Cache
X-Region
X-Wix-Request-Id
X-CF-Powered-By
X-Ua
Host-Header
X-Akamai-Transformed
X-Yottaa-Optimizations
PageSpeed
X-Yottaa-Metrics
Meta-Geo
X-ES-SERVER
Load-Balancing
X-Varnish-Server
X-Cache-Var
X-Path-Route
X-RN-RSRV
X-Cache-Var-Map
X-IP
S-Cnection
X-From
Cache-Tags
X-Akamai-Request-ID2
Cache-Name
X-Cache-Config
Decoy-Debug-TTL
X-Access
X-ApacheServer
Decoy-Debug-Status
Ec-Rule-Version
X-Cache-NE
X-Akamai-Request-ID
Cache-Hits
Vix-Hermes-Req-Id
Rt-Fastcgi-Cache
DB-Nickname
Decoy-Debug-Key
X-CS
X-TNCMS
X-PERF
X-Upgrade-Enabled
X-Loop
X-NCache
X-Origin
X-Viewer-Country
X-Proxy
X-Section
X-Cache-Enabled
X-Proto
X-Time-Microsecs
X-Tumblr-Pixel-3
Ohc-File-Size
X-Labrador-Cache-Channel
X-Via-Fastly
X-Origin-Response-Time
X-Cache-Server
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
X-Timing-Wait
X-FW-Version
TWC-Device-Class
Selected-Fe
Azure-InstanceId
X-Upstream-HT
Country
X-Upstream-CT
X-Varnish-Cache-Hits
X-Rule
X-R9-Blue-Green-Version
Mn-Server-Ip
Cache-Key
X-UnsetCookies
TWC-Privacy
Property-Id
X-Trace-Id
Azure-RegionName
Azure-SiteName
Azure-Version
Azure-SlotName
S-Rt
Webcakes-App-Name
X-JoinUs
X-Backend-TTL
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-Web-Node
Webcakes-Region
X-OCL
X-Origin-Hint
X-PCL
X-Proxy-Build
X-Cluster-Node
X-Xfnlog-Site
X-Format
Webcakes-App-Version
X-Cache-Grace
X-Cache-Time
X-Cache-Host
X-CCM
X-Hit
X-Varnish-Hits
X-Debug-Cache
X-Drupal-Cache-Contexts
X-Backend-Name
X-Locale
X-Site-Version
X-Presslabs-Stats
X-Www-Served-By
X-S
X-Generated
X-Human
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
SRV
Now
Server-Info
X-FireWall-Port
X-Device-Type
X-Rendered-As
Release
X-HS-Cache-Config
DSUID
Time
OT-Force-Account-Verify
X-VCT
Hostname
Ohc-Cache-HIT
ServedBy
X-NewRelic-App-Data
X-VG-TLSProxy
X-Vgn-Hpd-Reason
X-OVcl-Cache
X-OVcl
X-Redis-Cache
Cteonnt-Length
X-VG-WebCache
Fastcgi-X-Cache-Version
X-Real-IP
X-ShardId
X-Litespeed-Cache
X-Alternate-Cache-Key
X-APP-VERSION
X-FB-TRIP-ID
Origin
X-ShopId
X-Sorting-Hat-ShopId
Accept-Language
X-Sorting-Hat-PodId
X-Shopify-Stage
Origin-Cache-Control
Origin-Edge-Control
X-Pubstack
X-CSRF-TOKEN
X-Oracle-Dms-Rid
X-Tb
Access-Control-Request-Headers
Machine
X-GEO
L5d-Success-Class
X-Nginx-Cache
X-NC
X-Element-Page-Cache
NtCoent-Length
Fastly-SSL
X-B3-Spanid
X-L-Path
X-No-Session
X-Environment-Context
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-App-Version
X-Tt-Trace-Tag
X-SS-Set-Cookie
X-NGENIX-Cache
X-CACHE-KEY
X-Cluster-Name
X-Mode
X-UUID
X-LJ-Flow-ID
X-Generated-By
X-Load-Cache
Odigeo-Trace-Id
IBM-Web2-Location
X-VWS-Id
X-HS-Combine-CSS
X-AWS-Id
X-Amzn-Remapped-Content-Length
X-Magnolia-Registration
X-GoCache-CacheStatus
X-Endurance-Cache-Level
X-Rocket-Nginx-Bypass
Mime-Version
X-B3-Parentspanid
X-ECACHE
X-ServerID
X-Request-Time
X-Origin-CC
We-Hiring
Akamai-GRN
Mail-Subject
Nel
X-Origin-TTL
X-Soup
X-Parent-Response-Time
X-XRDS-LOCATION
NGX
X-Worker
Cache-Prefix
X-MServer
X-Request-UUID
X-Vtex-Remote-Cache
Cdn-Host
X-Trv-Group
Content-Script-Type
Xc-Version
Cdn-Request-Time
X-Transaction
Content-Style-Type
X-Node-Id
Apple-News-Services-Handled
Apple-News-Services-Host
X-Uri
X-VG-WebServer
A
Cross-Origin-Window-Policy
X-Vtex-Processado-Em
AsisCache
BehaviorPad-Version
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Twitter-Response-Tags
Rendered-Blocks
X-Date
X-Destination
X-Detected-As
X-Developer
X-D
X-Connection-Hash
X-ARC
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-DPWN-IS-SECURE
X-Edge-Server
X-Org
X-PAYTM-SRV-ID
X-Rojux
X-Rewrite-Enabled
X-Is-Bot
X-Instart-Info
X-External-Request-Id
X-S-Maxage
X-G
X-S-Cookie
X-Application
X-Aed
Node
X-SRCache-Key
X-Server-Time
X-ScT
Mobile-Detection-Method
Meta-Geo-Continent
Fly-Request-Id
GEO-REGION-INFO
MD5-Digest
Memcached
Rt-Proxy-Cache
T-Server
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dam
X-A-Ccd
Viewtype
VivaBuild
X-A
X-Region-Sid
Fly-Cache
X-AIR-PT
Request-Time
CF-IPCountry
X-DC
Proxy-Connection
X-Oneagent-Js-Injection
X-Urbn-Context-Path
X-Urbn-Site-Id
ServerName
Locale
Backend-Name
Section-Io-Cache
X-Cdn-Srv
X-Cms-Context
X-Distributor
X-Hl-Ver
X-Up
X-Cache-Bucket
X-Azure-Ref
N-Cache
X-VC-Cache
X-SVT-ORM-RULES
Fastly-Soc-X-Request-Id
X-Origin-Expires
Uber-Trace-Id
X-Fastly-Cache
X-Developers
X-B3-SpanId
X-SIPLIST1
IsBot
X-Release
X-SVT-ORM-VERSION
Server-ID
X-Azure-Ref-OriginShield
Request-EU
Request-Country
X-Origin-Date
User-Cache-Control
X-Via-CDN
X-Clientip
X-Sn-Servicetimems
X-PHP-Host
X-ServiceProvider
X-CUA
Platform
X-Skip-Cache
X-Core-Mission
X-Platform-Server
RNT-Time
RNT-Machine
X-Compress-Hint
V-Age
X-Backend-Url
X-Amz-Meta-Cache-Control
X-BBXSRF
X-RateLimit-Limit-Second
X-BYPASS-REASON
X-ABtesting
X-Request-URI
X-Request-Start
X-RateLimit-Remaining-Second
X-Auto-Login
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-App-Name
X-Reboot
X-Bip
X-ProxyCache-Key
True-Client-Country-4JS
X-Cdn-Origin
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Clara-WADP
Thinkindot-CacheControl
X-Cache-Info
X-Nginx-Cache-Key
X-Block-Status
X-ProxyCache-Status
X-C
X-Cache-FS-Status
W
X-Cache-Id
Server-Int
Is-Eu
X-Generated-On
X-Li-Fabric
X-Level-Front-Cache
X-Generation-Time
X-Geo-Header
X-Gen-Mode
X-Li-Pop
X-VServer
X-LI-Proto
CDCHOST
X-Flog
X-Old-Content-Length
X-WADP-Cache
X-Hello
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Wikidot-Static-Cache
X-Wikidot-Backend
AKAMAI
Adler-Geo
X-We-Are-Hiring
X-WebServer
Content-Disposition
X-Fetched-On
X-Backend-Host
X-Owner
X-Thinkindot-L3
X-Device-Os
X-Matched-Rule
X-Method
L
X-MSEdge-Flight
X-MSEdge-Features
Magicmarker
X-Thanos
X-LI-UUID
X-TrackingId
Gh-Request-Id
Esi-Enabled
Countrycode
X-Epic-Correlation-Id
Fastly-SWR
Fastly-SIE
X-Location
X-Distil-CS
X-ElasticPress-Search
X-Variation
X-Microcachable
X-Internal-Host
X-Backend-State
X-Irp-Debug
X-NX-Host
X-Generated-In
X-Dispatch
X-Dispatcher-Server
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cookies
X-Debug-Log
X-Eu-Site
X-CGP
X-GeoIP-City
X-Qloud-Router
X-Proxy-Upstream
X-Debug-Cache-Store
X-Proxy-Cache-Status
X-GDPR
X-Hash
X-Routing-Service
X-Webstats-RespID
Pramga
PFcat
X-Servername
SD-X-WS
X-Server-IP
Server-Host
Pagetype
X-Swa-Ws
Ha-Gx-Prefs
X-User
X-Guploader-Uploadid
HA-Ipaddr
Heartbleed
X-Policy
Kp-EeAlive
SS
Served-By
Wxu-Next-Region
X-Zipkin-Id
Wxu-Next-Commit
X-Say-Cacheable
X-Proxied
X-Reqid
X-Response-By
X-Say-TTL
Wxu-Next-Hostname
X-SD-PageType
Web-Mar-Node
X-SayCDN-TTL
X-Key
X-Unique-ID
Memory
Resin-Trace
X-IPS-LoggedIn
X-Cdn-Forward
X-Wa
Country-Code
Cache-Cookie-Set-Idcheck
X-COUNTRY
Cache-Cookie-Set-From
X-Var-Ttl
X-FPC
X-Service
Cache-Cookie-Set-Lfrom
X-URL
X-MP-GENERATED-AT
Cache-Provider
X-Has-Esi
X-Is-Gdpr
REQUESTUUID
X-Servedbyhost
X-JWT-State
X-Page-Type
X-Dc
Powered-By-ChinaCache
UCS
Srv
X-NWS-UUID-VERIFY
X-Lb-Id
X-Nc
X-RateLimit-Reset
X-Geo
ProcessTime
X-Info
X-Logtrace-Id
X-Ratelimit-Limit
X-Cache-Backend
X-VCL-Version
Ajk
X-HTML-Minification-Powered-By
X-Datadome
X-Be
X-Cache-URL
X-Processor
X-Tb-Optimization-Total-Bytes-Saved
Proxy-Firewall
X-Svr
CACHE
X-UA
X-CDN-Forward
X-Instart-Isnd
X-Pjax-Url
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Varnish-Beresp-Ttl
X-SRV
X-Scheme
X-HS-Status
X-Grey
SN
X-Cache-Category-Id
Powered-By
X-Ruxit-Js-Agent
X-Zone
Dynatrace
X-NodeID
PICS-Label
X-SN
X-Tec-Api-Root
X-ZONE
X-Tec-Api-Origin
X-Webkit-Csp
X-Tec-Api-Version
X-Ftr-Request-Id
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Fastly-Backend-Name
GeoIP-Country-Code
GeoIP-Latitude
X-TH-Server
GeoIP-City
XServer
Group
X-Ttl
X-Dynatrace
X-GRACE
X-Source
X-Trafficlayer-App-Scope
X-RCS-CacheZone
Ttl
X-Trafficlayer-App-Name
Cache-Host
X-SERVER-NAME
X-Newrelic-Synthetics
X-Pf-Uncompressing
X-Server-W
X-Cache-Ttl
X-LiteSpeed-Cache-Control
X-EC-Lua
X-FORWARDED-FOR
GW-Server
X-LAGOON
X-APP
X-PF-Uncompressing
CF-Cached-On
X-Varnish-Beresp-TTL
X-Sucuri-Id
LB
X-Ms-Request-Id
X-Via-Ucdn
X-Bc
X-Gannett-Site-Version
X-Varnish-Url
X-Ms-Version
Cdn
X-Secret
X-Dynatrace-Js-Agent
X-NODE
X-Check-Cacheable
X-Ftr-Cache-Host
WZWS-RAY
MIME-Version
Lfy
X-CDN-Cache
Geoip-City
X-Fastly-Country-Code
GeoIp-Country-Code
Geoip-Latitude
X-Aicache-OS
X-Varnish-Cacheable
X-Session-Fingerprint
X-Tt-Trace-Host
Pics-Label
X-Ratelimit-Remaining
On-Server
X-Agile
X-GeoIP-Country-Code
X-BC
X-Cache-Debug
X-Edge
X-Agile-Id
User-Agent
Environment
X-Agile-Age
WWW
Inserted-Into-Cache-At
X-Akamai-SSL-Client-Sid
X-PJAX-URL
X-Ftr-Balancer
X-Ftr-Dc
X-Ftr-Realm
X-Ftr-Backend-Server
X-Ftr-Backend
X-7Graus-Varnish-XKeys
M-TraceId
Ohc-Response-Time
X-Fastly-Backend-Reqs
X-BE
X-Logging-Id
Requestid
X-7Graus-Varnish-Cache-Control
X-NU-AKA-ACS-Version
X-Mid
Cf-Ipcountry
Who
X-UPSTREAM-Address
X-MCACHE
X-CSRF-Token
X-Cache-Miss-From
SID
X-Sedo-Request-Id
X-Render-Time
X-Varnish-Ttl
X-Crawler
X-Vcl-Version
Lb
Amp-Access-Control-Allow-Source-Origin
URI
X-Litespeed-Cache-Control
X-LB-ID
X-Newrelic-App-Data
X-Core-Value
X-DB
X-Action
X-RSL
X-DW
X-FE
X-DSS
X-Proxy-Cacherz
Xkeyrz
X-Cache-Tag
X-DI
X-Micro-Cache
X-RPS
X-RPM
HostName
X-Via-Edge
X-Via-SSL
Host-ID
X-Served-From
Cdncip
X-Unique-Id
X-WR-MODIFICATION
Cdnsip
X-AK-Request-ID
RequestUuid
CDN
X-Correlation-ID
DataCenter
X-Cf-Powered-By
Is-Session-Tracking
X-Zalando-Child-Request-Id
X-Page-Impression-Id
Get-Access-Time
X-Nananana
X-Fastly-Cache-Hits
X-TT-LOGID
X-ServedByHost
Xkeypdq
X-Sucuri-Cache
X-Flow-Id
X-Sucuri-ID
X-Fpc
X-WA
X-Swift-Error
X-NGINX-Cache
Cneonction
X-Sigma
X-VC
X-Cdn-Request-ID
Correlation-Id
X-TIME
X-Vdms-Version
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Rocket-Build-Number
X-SB
FNAC-ModuleRouting
X-Gen-Id
X-Gdpr
Warning
X-MID
X-Sigma-Backend
X-Fstrz
X-Vct
X-Planisys-CDN-Cache
X-LiteSpeed-Tag
X-Planisys-CDN-Rules
Pragrma
RequestId
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-TTL
X-Apw-Hits
X-Protected-By
X-Fe
X-Request-URL
X-Ecache
X-Apw-Access-Token
X-Apw-Access-Action
X-Apw-Access-Object
Processtime
X-ECache
X-Dw-Trace-Id
V-Cache
X-MiniProfiler-Ids
X-ServerName
HitType
X-Bug-Bounty
Xet-Cookie