Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
X-Content-Security-Policy
Content-Encoding
X-AspNetMvc-Version
X-Request-ID
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Ua-Compatible
Access-Control-Expose-Headers
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
EagleId
X-Age
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Server
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
X-Amz-Version-Id
Feature-Policy
X-Server-Id
X-Device
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
EagleEye-TraceId
X-Response-Time
X-Host
X-Backend-Server
Request-Id
X-Node
Content-Location
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
X-ORACLE-DMS-RID
NEL
X-DataDome
X-Origin-Upstream-Status
X-Rack-Cache
X-Ruxit-JS-Agent
Surrogate-Control
X-HW
X-Dns-Prefetch-Control
Allow
Rating
X-Country-Code
X-Clacks-Overhead
X-FTR-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
X-Url
X-DynaTrace
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-MS-InvokeApp
Fusion-Content-Id
Fusion-Component-Id
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-TTL
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
RTSS
Public-Key-Pins
X-Px
Edge-Control
X-Mod-Pagespeed
X-Middleton-Response
X-Sol
X-VARITI-CCR
Response
X-Middleton-Display
Display
X-CST
X-Recruiting
X-Ah-Environment
X-B3-TraceId
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Cdn-Fetch
X-D2id
SPRequestGuid
Service-Worker-Allowed
X-SharePointHealthScore
X-ESI
X-Vcap-Request-Id
X-Akam-SW-Version
X-Version
X-Server-Name
SPIisLatency
SPRequestDuration
MS-Author-Via
Accept-CH
X-Abt-Application-Version
X-GitHub-Request-Id
X-Powered-CMS
X-Navigation-Version
Accept-Ch-Lifetime
TCN
X-Shard
Charset
X-Trace
X-RateLimit-Remaining
Fastly-Restarts
X-Upstream
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-ATIME
X-Amz-Server-Side-Encryption
X-Amz-Rid
Nginx-Cache
Realpath
X-Aspnetmvc-Version
X-Debug
X-Forwarded-Proto
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-XRDS-Location
X-TEC-API-VERSION
X-Ezoic-Cdn
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Front-End-Https
X-Cached
X-NF-Request-ID
AR-Request-ID
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-MSEdge-Ref
Pagespeed
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Shield-Request-Id
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-VCache
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
Content-MD5
MicrosoftSharePointTeamServices
Paypal-Debug-Id
X-Id
X-Amz-Meta-S3cmd-Attrs
X-T
X-Goog-Storage-Class
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
S
X-FTR-DC
X-FTR-Backend
ServerID
X-Fastly-Request-ID
X-Via-JSL
DynaTrace
X-Varnish-Age
X-Client-IP
X-Ser
X-Content-Type
X-Dw-Request-Base-Id
X-Hits
X-DynaTrace-JS-Agent
X-SERVER
X-Correlation-Id
X-Accel-Expires
X-Grace
X-Amzn-Trace-Id
Fastcgi-Cache
X-Frontend
Powered
X-Content-Digest
X-Forwarded-For
X-DIS-Request-ID
X-Mobile-Rewrite
PB-RID
Arc-Version
PB-PID
X-N
X-FTR-Cache-Host
Edge-Cache-Tag
X-Vcache
X-HS-Hub-Id
Server-Name
X-Logged-In
X-HS-Content-Id
X-Fastcgi-Cache
X-RateLimit-Limit
AMP-Access-Control-Allow-Source-Origin
Accept-Ch
X-FastCGI-Cache
X-Server-ID
TP-Cache
TP-L2-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Request-Processing-Time
X-Request-Received
X-B3-Sampled
Pinterest-Version
X-Pinterest-Rid
X-Zen-Fury
X-Kinsta-Cache
X-Cache-Age
X-Type
X-IPLB-Instance
X-AppVersion
X-Az
X-Activity-Id
X-Time
X-Rid
X-User-Agent
X-Revision
Backend-Timing
X-LB-Cache
X-Analytics
Healthy
X-GUploader-UploadID
X-Whom
FilterID
Retry-After
X-Srv
X-Cache-Hit
X-Node-Name
X-NWS-LOG-UUID
Server-Node
X-F-Cache
Alternate-Protocol
Accept-Charset
X-B3-Traceid
X-Cache-2
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Hp-Webp
X-Cache-Rule
Cache-Status
Cache-Tag
X-Content-Options
X-Amzn-RequestId
X-Akamai-Edgescape
X-Amz-Apigw-Id
X-Webkit-CSP
Surrogate-Key
X-Content-Security-Policy-Report-Only
DC
Refresh
X-Forwarded-Host
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Instance
X-AOL-HN
Access-Control-Allow-Method
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Content-Powered-By
X-Varnish-Grace
X-Framework
MS-CV
X-App-Environment
Source
X-Debug-Info
X-Jobs
Tracecode
X-PHP-Backend
X-Cluster
Fastcgi-Useragent
X-Page-Id
X-Request-Guid
X-FB-Debug
X-FW-Serve
X-App-Server
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-B
X-Cache-TTL
Frame-Options
X-Cache-Operation
X-TA-CDN-Provider
Host
Actual-Object-TTL
X-Mobile-URL
X-Cache-Key
X-Seen-By
X-Geo-Country
X-Cache-Control
Cleartype
X-Hostname
X-B-Cache
X-Signature
NR-ENABLED
X-Acc-Meta-Resource-Type
X-BCube-Filmed-By
X-Host-Name
X-Cached-By
X-Esi
X-Git-Hash
X-Mobile
Upgrade-Insecure-Requests
Accept-CH-Lifetime
X-Amz-Replication-Status
X-Pad
X-TT
X-Varnish-Backend
X-Response-Served-From
NGB
X-Adobe-Loc
X-Adobe-Content
X-WebKit-CSP-Report-Only
GEO-INFO
WPE-Backend
X-TT-TIMESTAMP
Ms-Operation-Id
X-ATG-Version
X-Tumblr-Pixel-1
Cache-Tv-Group
From-Origin
Eomportal-Instance
Filters
X-UA-Device-Type
X-Tumblr-Pixel-2
Payment
X-GeoIP
X-Drupal-Cache-Tags
X-RemovedCookies
X-ProcessESI
X-Handled-By
X-RequestSource
Webserver
X-RTag
Liferay-Portal
X-Cache-Remote
X-TX-ID
X-Cacheable-TTL
X-Status
X-EdgeConnect-Cache-Status
X-Origin-Server
X-Daa-Tunnel
X-FW-Dynamic
X-Cache-TTL-Remaining
X-WA-Info
X-Presslabs-Stats
X-Content-Age
X-Cache-Action
Xserver
X-Edge-Location
X-Wix-Request-Id
X-Ttl
X-Hyper-Cache
Viewport
X-Storage
X-Contextid
X-Ratelimit-Reset
Datacenter
X-HS-Cache-Config
X-Region
Version
X-CF-Powered-By
X-Element-Page-Cache
X-Varnish-Hostname
X-Accel-Buffering
Cache
Ohc-File-Size
X-PressLabs-Stats
X-Oneagent-Js-Injection
PageSpeed
X-Akamai-Transformed
X-Cache-NE
Host-Header
X-Varnish-Server
Load-Balancing
X-ES-SERVER
X-RN-RSRV
Meta-Geo
X-Cache-Server
X-Path-Route
X-Cache-Var-Map
X-Cache-Var
S-Cnection
X-IP
X-Proto
X-Proxy
X-Yottaa-Metrics
Cache-Name
Ohc-Cache-HIT
X-Yottaa-Optimizations
X-Cache-Enabled
X-Akamai-Request-ID2
Cache-Tags
X-Loop
Mn-Server-Ip
Country
TWC-Locale-Group
X-CS
X-Origin-Hint
X-NCache
X-Tumblr-Pixel-3
Property-Id
X-R9-Blue-Green-Version
TWC-GeoIP-LatLong
X-Time-Microsecs
X-TNCMS
X-Section
X-PERF
X-Varnish-Cache-Hits
Decoy-Debug-Status
X-ApacheServer
X-Viewer-Country
X-Cache-Config
TWC-Device-Class
Decoy-Debug-TTL
X-Akamai-Request-ID
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Access
Ec-Rule-Version
Decoy-Debug-Key
TWC-Privacy
X-Cluster-Node
TWC-Connection-Speed
Cache-Hits
X-Origin-Response-Time
Vix-Hermes-Req-Id
TWC-GeoIP-Country
X-Via-Fastly
Release
X-Device-Type
Rt-Fastcgi-Cache
X-NewRelic-App-Data
X-PCL
X-Proxy-Build
DSUID
X-Origin
X-OCL
DB-Nickname
X-Backend-Name
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Cache-Key
X-Labrador-Cache-Channel
X-Human
X-CCM
X-Debug-Cache
X-Cache-Time
X-Cache-Host
X-Backend-TTL
X-Cache-Grace
X-Drupal-Cache-Contexts
X-EIG-Tracking-Id
Selected-Fe
S-Rt
X-From
X-Format
X-FC-Vary-Parameters
Azure-InstanceId
X-Rule
X-Www-Served-By
X-Upstream-HT
X-VCT
X-Timing-Wait
X-Web-Node
X-Upstream-CT
X-Xfnlog-Site
X-Upgrade-Enabled
X-UnsetCookies
X-Trace-Id
X-Generated
X-Hosted-By
X-Hit
X-Locale
X-Goog-Meta-Goog-Reserved-File-Mtime
X-JoinUs
X-Site-Version
X-Vgn-Hpd-Reason
X-Upstream-Proxy
X-FireWall-Port
Server-Info
Time
X-S
X-FW-Version
X-Rendered-As
X-Varnish-Hits
Now
X-OVcl-Cache
X-OVcl
X-HS-Combine-CSS
X-Real-IP
X-NGENIX-Cache
X-Ua
Hostname
X-SS-Set-Cookie
L5d-Success-Class
X-Litespeed-Cache
X-Pubstack
OT-Force-Account-Verify
Origin-Cache-Control
Origin-Edge-Control
Fastcgi-X-Cache-Version
X-Redis-Cache
ServedBy
Access-Control-Request-Headers
X-XRDS-LOCATION
X-FB-TRIP-ID
X-Webkit-Csp
X-VG-TLSProxy
Cteonnt-Length
Origin
Accept-Language
X-VG-WebCache
Fastly-SSL
X-ShardId
X-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-APP-VERSION
X-Shopify-Stage
X-App-Version
X-Tec-Api-Version
NtCoent-Length
X-Tec-Api-Root
X-Parent-Response-Time
X-Tec-Api-Origin
X-Tb
Machine
X-Origin-CC
X-UUID
X-Origin-TTL
X-Cluster-Name
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-Load-Cache
X-ServerID
X-CSRF-TOKEN
X-Rocket-Nginx-Bypass
X-Soup
SRV
X-NC
X-Environment-Context
X-No-Session
IBM-Web2-Location
X-ECACHE
X-L-Path
Nel
NGX
X-B3-Spanid
Mime-Version
X-Guploader-Uploadid
X-GEO
X-CACHE-KEY
X-DataStream-Cache-Status
X-B3-Parentspanid
X-Uri
X-Is-Bot
X-Nginx-Cache
Proxy-Connection
X-MServer
X-Endurance-Cache-Level
X-Amzn-Remapped-Content-Length
X-Magnolia-Registration
X-UA
GEO-REGION-INFO
Fly-Cache
Mobile-Detection-Method
Fly-Request-Id
Meta-Geo-Continent
Request-Time
Memcached
X-CF-Lambda-Fn
MD5-Digest
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-D
X-Connection-Hash
X-Date
Cross-Origin-Window-Policy
Apple-News-Services-Request-Url
Arc-Country
AsisCache
BehaviorPad-Version
Apple-News-Services-Parsed-Url
X-Hl-Ver
X-G
Apple-News-Services-Handled
Apple-News-Services-Host
X-Instart-Info
X-External-Request-Id
Node
X-Developer
X-Node-Id
X-Detected-As
Content-Style-Type
Content-Script-Type
X-SRCache-Key
Cache-Prefix
X-DPWN-IS-SECURE
X-Destination
Odigeo-Trace-Id
X-A-Wwc
T-Server
X-Request-UUID
X-A-Dgt
X-Rewrite-Enabled
X-Accel-Expires-Debug
X-Region-Sid
X-B3-SpanId
A
We-Hiring
X-AIR-PT
X-Aed
X-A-Dcw
X-Rojux
VivaBuild
X-VG-WebServer
X-Server-Time
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Mail-Subject
Viewtype
X-A-Dam
X-S-Cookie
X-A-Ccd
X-ScT
X-A
Akamai-GRN
ServerName
X-Trv-Group
Rt-Proxy-Cache
X-Transaction
Rendered-Blocks
Xc-Version
X-Worker
X-Twitter-Response-Tags
X-B-Cookie
X-ARC
X-Ruxit-Js-Agent
X-Application
X-AWS-Id
X-VWS-Id
X-Generated-By
X-LJ-Flow-ID
Backend-Name
X-Azure-Ref-OriginShield
X-Cdn-Srv
X-Azure-Ref
X-Cache-Bucket
N-Cache
X-Developers
Section-Io-Cache
X-Cms-Context
Request-EU
X-Fastly-Cache
X-CUA
Request-Country
IsBot
Fastly-Soc-X-Request-Id
Locale
X-SVT-ORM-RULES
X-Up
X-Trafficlayer-App-Scope
X-Urbn-Site-Id
X-Origin-Expires
X-Origin-Date
X-Trafficlayer-App-Name
X-Mode
X-Release
X-Urbn-Context-Path
CF-IPCountry
X-SIPLIST1
X-S-Maxage
X-Var-Ttl
X-SVT-ORM-VERSION
X-VC-Cache
X-Cdn-Forward
X-Dc
User-Cache-Control
X-BYPASS-REASON
X-Block-Status
X-ProxyCache-Key
X-C
X-Bip
X-BBXSRF
X-Cdn-Origin
X-RateLimit-Limit-Second
X-Qloud-Router
X-RateLimit-Remaining-Second
X-ProxyCache-Status
X-Cache-Info
X-Has-Esi
X-Rebelmouse-Cache-Control
X-We-Are-Hiring
X-Reqid
X-Service
X-WADP-Cache
X-User
X-Server-IP
Wxu-Next-Hostname
Wxu-Next-Region
X-App-Name
X-Reboot
X-Wikidot-Static-Cache
X-Backend-Host
X-Backend-Url
X-Proxy-Upstream
X-Rebelmouse-Surrogate-Control
X-Webstats-RespID
X-Auto-Login
X-Wikidot-Backend
W
X-CGP
X-Level-Front-Cache
X-Edge-Server
X-ElasticPress-Search
X-Eu-Site
X-Distributor
X-Distil-CS
X-Device-Os
X-Thanos
X-Location
X-Dispatch
X-Irp-Debug
X-IN-APIGATEWAYSSL
X-Geo-Header
X-Generation-Time
X-Gen-Mode
X-Generated-In
X-Hash
X-Swa-Ws
X-IN-APIGATEWAY
X-VServer
X-Hnp-Log
X-Matched-Rule
X-Method
X-TrackingId
X-Core-Mission
X-Is-Gdpr
X-Skip-Cache
X-Clientip
X-Policy
X-Proxy-Cache-Status
X-Generated-On
X-Clara-WADP
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-NX-Host
X-Compress-Hint
X-Thinkindot-L3
X-Nginx-Cache-Key
X-Debug-Log
X-Sn-Servicetimems
X-Debug-Cache-Store
X-JWT-State
X-Debug-Cookies
X-ServiceProvider
Wxu-Next-Commit
RNT-Machine
Esi-Enabled
RNT-Time
L
Server-Host
Served-By
Magicmarker
Countrycode
Pagetype
Cdn-Host
Cdn-Request-Time
AKAMAI
Content-Disposition
Pramga
CDCHOST
Server-Int
Uber-Trace-Id
True-Client-Country-4JS
HA-Ipaddr
Fastly-SWR
Gh-Request-Id
Ha-Gx-Prefs
Kp-EeAlive
Thinkindot-Control
Srv
Thinkindot-CacheControl-Type
Fastly-SIE
Thinkindot-CacheControl
Heartbleed
X-Microcachable
X-Request-URI
X-Dispatcher-Server
X-Request-Start
X-GeoIP-City
X-Li-Fabric
X-Info
X-Key
X-Li-Pop
X-LI-Proto
X-MSEdge-Flight
X-Old-Content-Length
X-LI-UUID
X-Internal-Host
X-Owner
X-GDPR
X-Fetched-On
X-Epic-Correlation-Id
Adler-Geo
X-MSEdge-Features
X-PHP-Host
X-Platform-Server
Cache-Provider
X-Request-Time
Platform
Web-Mar-Node
PFcat
X-Cache-FS-Status
X-Backend-State
X-Amz-Meta-Cache-Control
X-Variation
X-Via-CDN
V-Age
X-Cache-Id
X-WebServer
X-Say-Cacheable
X-SayCDN-TTL
Memory
X-Say-TTL
Is-Eu
Server-ID
SD-X-WS
Resin-Trace
X-Lb-Id
X-NWS-UUID-VERIFY
X-COUNTRY
X-SD-PageType
X-Org
X-Servername
X-Geo
SS
X-URL
X-ABtesting
X-Hello
X-Nc
X-Flog
X-FPC
X-Unique-ID
X-Be
X-Svr
X-Wa
X-Cache-URL
REQUESTUUID
X-RateLimit-Reset
X-DC
X-Ratelimit-Limit
X-IPS-LoggedIn
Country-Code
X-Servedbyhost
X-Instart-Isnd
X-Response-By
X-Proxied
X-Routing-Service
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Scheme
Cache-Cookie-Set-Idcheck
X-Zipkin-Id
X-Datadome
X-Dynatrace-Js-Agent
X-Page-Type
X-Cache-Backend
X-NodeID
X-Processor
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-VCL-Version
UCS
X-Pjax-Url
Group
XServer
X-Varnish-Beresp-Ttl
X-MP-GENERATED-AT
X-SN
X-CDN-Forward
Powered-By-ChinaCache
X-Oss-Object-Type
X-Logtrace-Id
X-Oracle-Dms-Rid
X-Server-W
Dynatrace
ProcessTime
Cache-Host
Ajk
CACHE
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Varnish-Beresp-Status
X-SRV
X-Varnish-Beresp-Grace
PICS-Label
X-Ftr-Request-Id
X-HS-Status
Proxy-Firewall
X-Dynatrace
X-Zone
X-ZONE
X-HTML-Minification-Powered-By
X-Newrelic-Synthetics
X-Ms-Request-Id
SN
X-Via-Ucdn
X-Ms-Version
X-Tb-Optimization-Total-Bytes-Saved
Powered-By
X-Source
X-GRACE
X-EC-Lua
X-Cache-Category-Id
Ttl
Geoip-City
X-Pf-Uncompressing
X-Grey
GeoIp-Country-Code
Geoip-Latitude
X-Ratelimit-Remaining
X-Session-Fingerprint
X-APP
Lfy
X-TH-Server
X-Sucuri-Id
X-Varnish-Beresp-TTL
GeoIP-City
X-PF-Uncompressing
X-Cache-Debug
X-Agile-Id
X-Agile-Age
GeoIP-Latitude
Fastly-Backend-Name
X-Agile
GeoIP-Country-Code
X-NODE
X-LiteSpeed-Cache-Control
X-Ftr-Cache-Host
X-Fastly-Country-Code
MIME-Version
X-Check-Cacheable
X-Bc
Cdn
X-Tt-Trace-Host
X-Logging-Id
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
GW-Server
Environment
Pics-Label
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
X-Edge
X-Aicache-OS
X-Cache-Miss-From
LB
CF-Cached-On
X-Sedo-Request-Id
X-LAGOON
X-CSRF-Token
M-TraceId
Cf-Ipcountry
X-Gannett-Site-Version
X-Varnish-Url
X-RCS-CacheZone
X-Secret
WWW
X-BC
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Dc
X-Ftr-Backend
X-Ftr-Realm
Requestid
Ohc-Response-Time
X-Mid
X-Core-Value
X-Vcl-Version
X-PJAX-URL
WZWS-RAY
X-Sucuri-ID
Cdnsip
X-AK-Request-ID
X-Cache-Tag
X-Unique-Id
On-Server
X-CDN-Cache
Cdncip
X-MCACHE
X-Varnish-Cacheable
X-Fastly-Backend-Reqs
X-UPSTREAM-Address
DataCenter
X-Varnish-Ttl
X-Akamai-SSL-Client-Sid
X-GeoIP-Country-Code
X-Litespeed-Cache-Control
X-Vdms-Version
User-Agent
X-Sucuri-Cache
X-TT-LOGID
Lb
Tcn
X-Swift-Error
X-NGINX-Cache
X-Proxy-Cacherz
X-DI
X-Cache-Ttl
X-BE
X-Action
X-DSS
Inserted-Into-Cache-At
X-DB
X-RPS
X-RPM
X-DW
Xkeyrz
X-Sigma
X-Rocket-Build-Number
X-RSL
X-Sigma-Backend
X-Fstrz
URI
CDN
HostName
X-Shopify-Generated-Cart-Token
Who
X-Planisys-CDN-Cache
RequestUuid
Host-ID
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Pragrma
SID
X-NU-AKA-ACS-Version
X-Crawler
X-WA
X-ServedByHost
X-Correlation-ID
Server-Id
Is-Session-Tracking
Get-Access-Time
X-Render-Time
Warning
X-WR-MODIFICATION
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-Flow-Id
X-Fpc
X-Fastly-Cache-Hits
Xkeypdq
X-Via-NSCOPI
X-HostName
X-ServerName
X-LB-ID
X-Nananana
TTL
X-SB
X-VC
X-FE
X-Refresh
X-MID
FNAC-ModuleRouting
Correlation-Id
X-Cf-Powered-By
X-LiteSpeed-Tag
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Gen-Id
X-Trafficlayer-App-Version
X-Akamai-ERPolicy
X-Akamai-ERRuleID
V-Cache
X-Request-URL
X-Fe
X-Bug-Bounty
HitType
X-ECache
Processtime
X-Newrelic-App-Data
X-Cdn-Request-ID
X-Micro-Cache
Xet-Cookie
X-Gdpr
X-Dw-Trace-Id
X-MiniProfiler-Ids
Cneonction
RequestId