Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Timing-Allow-Origin
X-Template
X-Language
X-DNS-Prefetch-Control
X-Request-ID
X-Iinfo
Status
X-Content-Security-Policy
X-AspNetMvc-Version
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-CDN
X-Ua-Compatible
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-UA-Device
X-Hacker
X-Server
X-AH-Environment
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Amz-Version-Id
Server-Timing
Feature-Policy
X-WebKit-CSP
X-Device
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
EagleEye-TraceId
X-Response-Time
X-Host
X-Backend-Server
X-Dns-Prefetch-Control
Request-Id
X-Node
Content-Location
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
X-ORACLE-DMS-RID
NEL
X-DataDome
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Rack-Cache
Surrogate-Control
X-HW
Allow
Rating
X-Country-Code
X-FTR-Request-ID
X-Clacks-Overhead
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Url
X-DynaTrace
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-TTL
X-MS-InvokeApp
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
X-Varnish-TTL
X-Ah-Environment
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
RTSS
Public-Key-Pins
X-Px
Edge-Control
X-CST
X-Mod-Pagespeed
X-VARITI-CCR
X-Recruiting
Display
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-D2id
Service-Worker-Allowed
X-B3-TraceId
SPRequestGuid
X-SharePointHealthScore
X-Vcap-Request-Id
X-Version
X-Akam-SW-Version
Accept-CH
MS-Author-Via
SPIisLatency
SPRequestDuration
TCN
X-GitHub-Request-Id
X-Abt-Application-Version
X-Navigation-Version
X-Powered-CMS
Accept-Ch-Lifetime
X-ESI
X-Server-Name
X-Shard
Charset
Fastly-Restarts
X-Upstream
X-RateLimit-Remaining
X-Amz-Server-Side-Encryption
X-Trace
Ar-Sid
AR-ATIME
Nginx-Cache
AR-CACHE
AR-PoweredBy
X-Amz-Rid
Realpath
X-Debug
X-Forwarded-Proto
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Aspnetmvc-Version
X-XRDS-Location
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ezoic-Cdn
Front-End-Https
X-Cached
X-NF-Request-ID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
AR-Request-ID
Pagespeed
X-MSEdge-Ref
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Shield-Request-Id
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-FTR-Expires
X-Country-Code-Real
X-FTR-Cache-Status
Content-MD5
X-VCache
Paypal-Debug-Id
MicrosoftSharePointTeamServices
X-Id
X-Goog-Storage-Class
X-Amz-Meta-S3cmd-Attrs
X-T
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
S
X-Fastly-Request-ID
ServerID
DynaTrace
X-Via-JSL
X-Varnish-Age
X-Client-IP
X-Server-ID
X-Content-Type
X-Ser
X-Dw-Request-Base-Id
X-DynaTrace-JS-Agent
X-Hits
X-Correlation-Id
X-Grace
X-Amzn-Trace-Id
X-Accel-Expires
X-FastCGI-Cache
Fastcgi-Cache
X-Frontend
Powered
X-Content-Digest
X-SERVER
X-Vcache
X-N
X-DIS-Request-ID
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
PB-PID
Arc-Version
PB-RID
X-Mobile-Rewrite
Edge-Cache-Tag
X-Forwarded-For
Server-Name
X-Logged-In
X-HS-Content-Id
X-HS-Hub-Id
X-RateLimit-Limit
X-GUploader-UploadID
TP-Cache
TP-L2-Cache
Accept-Ch
X-Request-Handler-Origin-Region
X-Microsite
X-B3-Sampled
X-Request-Received
X-Request-Processing-Time
X-Pinterest-Rid
Pinterest-Version
X-Cache-Age
X-Zen-Fury
X-Kinsta-Cache
X-Activity-Id
X-AppVersion
X-Type
X-Az
X-Revision
X-IPLB-Instance
X-Analytics
Backend-Timing
X-User-Agent
X-Rid
X-Fastcgi-Cache
X-LB-Cache
Healthy
X-Whom
FilterID
Retry-After
X-Node-Name
X-Time
X-Cache-Hit
X-B3-Traceid
X-Srv
X-NWS-LOG-UUID
Server-Node
X-F-Cache
Accept-Charset
Alternate-Protocol
X-Cache-2
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Esi
X-Cache-Rule
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Cache-Status
X-Hp-Webp
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Akamai-Edgescape
Cache-Tag
X-Content-Options
Surrogate-Key
X-TA-CDN-Provider
DC
X-Content-Security-Policy-Report-Only
Refresh
VIX-Pulpo-Node
X-Content-Powered-By
X-Forwarded-Host
X-Instance
X-AOL-HN
VIX-Pulpo-Upstream-Status
X-Debug-Info
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Webkit-CSP
Access-Control-Allow-Method
X-PHP-Backend
X-Cluster
Tracecode
X-Jobs
X-Framework
X-Varnish-Grace
MS-CV
Fastcgi-Useragent
X-FB-Debug
X-App-Environment
X-Request-Guid
X-Page-Id
Source
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Type
X-FW-Static
X-B
X-App-Server
Frame-Options
X-Cache-Operation
X-Cache-Key
X-Mobile-URL
Actual-Object-TTL
Host
X-Hostname
X-Seen-By
X-Geo-Country
X-Cache-Control
Cleartype
X-Signature
X-B-Cache
X-Acc-Meta-Resource-Type
X-Cache-TTL
X-BCube-Filmed-By
X-Host-Name
X-Cached-By
X-Pad
NR-ENABLED
X-Git-Hash
Upgrade-Insecure-Requests
X-Amz-Replication-Status
X-TT
X-Varnish-Backend
X-Mobile
X-Response-Served-From
NGB
X-Adobe-Content
X-Adobe-Loc
Accept-CH-Lifetime
X-WebKit-CSP-Report-Only
WPE-Backend
X-TT-TIMESTAMP
Payment
GEO-INFO
X-Handled-By
X-RTag
Ms-Operation-Id
Eomportal-Instance
From-Origin
Cache-Tv-Group
Filters
X-RemovedCookies
X-ProcessESI
Liferay-Portal
X-TX-ID
X-Drupal-Cache-Tags
Webserver
X-Tumblr-Pixel-1
X-ATG-Version
X-Tumblr-Pixel-2
X-UA-Device-Type
X-Cacheable-TTL
X-Cache-Remote
X-Status
X-GeoIP
X-RequestSource
X-FW-Dynamic
X-Origin-Server
X-Cache-TTL-Remaining
X-WA-Info
X-EdgeConnect-Cache-Status
X-Daa-Tunnel
X-Content-Age
X-Cache-Action
X-Presslabs-Stats
X-Wix-Request-Id
X-Edge-Location
X-Hyper-Cache
X-Storage
X-Contextid
Datacenter
Viewport
Xserver
X-Region
Version
X-Ratelimit-Reset
X-CF-Powered-By
X-HS-Cache-Config
X-PressLabs-Stats
X-Varnish-Hostname
X-Accel-Buffering
X-Element-Page-Cache
Ohc-File-Size
Cache
X-Akamai-Transformed
Host-Header
PageSpeed
X-Cache-NE
X-Varnish-Server
Meta-Geo
X-RN-RSRV
Load-Balancing
X-Path-Route
X-Cache-Var
X-ES-SERVER
X-Cache-Var-Map
X-IP
X-Cache-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
S-Cnection
Cache-Tags
Cache-Name
X-CS
Decoy-Debug-Key
X-Proto
X-Cache-Config
Vix-Hermes-Req-Id
X-Time-Microsecs
X-Via-Fastly
X-PERF
X-Origin-Response-Time
Decoy-Debug-Status
X-Tumblr-Pixel-3
X-Loop
X-TNCMS
X-Cluster-Node
Ec-Rule-Version
Decoy-Debug-TTL
X-Proxy
X-ApacheServer
X-NCache
X-Akamai-Request-ID
X-R9-Blue-Green-Version
Rt-Fastcgi-Cache
X-Viewer-Country
X-Section
X-Access
Cache-Hits
X-Cache-Enabled
X-Akamai-Request-ID2
Azure-SlotName
X-Labrador-Cache-Channel
X-Format
X-Origin
Azure-Version
Azure-InstanceId
X-From
Azure-SiteName
Azure-RegionName
X-Human
S-Rt
X-Cache-Grace
Selected-Fe
X-Rule
X-FC-Vary-Parameters
X-Drupal-Cache-Contexts
Cache-Key
X-OCL
X-CCM
DB-Nickname
X-Cache-Time
X-PCL
X-Backend-TTL
X-Proxy-Build
Webcakes-App-Version
Mn-Server-Ip
Property-Id
TWC-Connection-Speed
X-NewRelic-App-Data
Country
X-Www-Served-By
X-Xfnlog-Site
TWC-Device-Class
TWC-GeoIP-Country
X-Origin-Hint
X-Varnish-Cache-Hits
Webcakes-Region
Webcakes-App-Name
TWC-Locale-Group
TWC-Privacy
X-Web-Node
TWC-GeoIP-LatLong
X-Upstream-HT
X-Upgrade-Enabled
X-Upstream-CT
X-Timing-Wait
X-Trace-Id
X-Upstream-Proxy
X-Cache-Host
X-Site-Version
X-Debug-Cache
X-EIG-Tracking-Id
X-JoinUs
X-Locale
X-Hosted-By
X-Hit
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-UnsetCookies
X-Backend-Name
Ohc-Cache-HIT
X-Ua
Server-Info
X-FireWall-Port
X-Device-Type
Release
Time
X-Vgn-Hpd-Reason
X-Ttl
DSUID
X-VCT
X-Rendered-As
X-FW-Version
X-Varnish-Hits
X-S
Now
X-OVcl-Cache
X-OVcl
Hostname
X-Real-IP
X-APP-VERSION
X-HS-Combine-CSS
X-NGENIX-Cache
X-SS-Set-Cookie
X-Pubstack
OT-Force-Account-Verify
Fastcgi-X-Cache-Version
Origin-Cache-Control
Origin-Edge-Control
X-Redis-Cache
ServedBy
Access-Control-Request-Headers
X-Litespeed-Cache
L5d-Success-Class
X-VG-TLSProxy
Cteonnt-Length
Origin
X-VG-WebCache
X-DataStream-Cache-Status
Accept-Language
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
Fastly-SSL
X-ShardId
X-FB-TRIP-ID
X-XRDS-LOCATION
X-NC
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Parent-Response-Time
X-Tb
NtCoent-Length
Machine
X-CSRF-TOKEN
X-B3-Spanid
X-Origin-TTL
X-UUID
X-Cluster-Name
X-Origin-CC
SRV
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tt-Trace-Tag
X-Tec-Api-Root
X-Load-Cache
X-GoCache-CacheStatus
X-Rocket-Nginx-Bypass
X-L-Path
X-No-Session
X-Environment-Context
IBM-Web2-Location
X-ECACHE
X-ServerID
X-Soup
X-GEO
X-App-Version
NGX
X-Uri
X-B3-Parentspanid
X-Nginx-Cache
Nel
X-Is-Bot
X-Endurance-Cache-Level
CF-IPCountry
X-Amzn-Remapped-Content-Length
X-Magnolia-Registration
Mime-Version
Proxy-Connection
ServerName
X-CACHE-KEY
Akamai-GRN
Fly-Cache
Fly-Request-Id
GEO-REGION-INFO
Mobile-Detection-Method
Odigeo-Trace-Id
Rendered-Blocks
Cross-Origin-Window-Policy
Node
Meta-Geo-Continent
Memcached
Rt-Proxy-Cache
MD5-Digest
Apple-News-Services-Host
T-Server
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
A
X-Node-Id
Apple-News-Services-Request-Url
Arc-Country
Content-Script-Type
Cache-Prefix
BehaviorPad-Version
AsisCache
Content-Style-Type
X-Application
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Region-Sid
X-PAYTM-SRV-ID
X-External-Request-Id
X-G
X-Instart-Info
X-ScT
X-Server-Time
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-Twitter-Response-Tags
X-SRCache-Key
X-Transaction
X-Trv-Group
X-DPWN-IS-SECURE
X-Developer
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Dcw
X-A-Dam
VivaBuild
X-A
X-A-Ccd
X-MServer
X-ARC
X-Date
X-Destination
X-Detected-As
X-D
X-Connection-Hash
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
Viewtype
X-AIR-PT
Request-Time
X-Generated-By
Backend-Name
X-Mode
X-Oneagent-Js-Injection
IsBot
Section-Io-Cache
X-Release
X-Developers
X-Azure-Ref-OriginShield
X-Cms-Context
X-S-Maxage
X-Hl-Ver
X-Origin-Date
X-Cdn-Srv
Mail-Subject
X-Origin-Expires
Locale
N-Cache
X-Cache-Bucket
X-Azure-Ref
X-SIPLIST1
We-Hiring
Fastly-Soc-X-Request-Id
X-Up
X-VC-Cache
X-Urbn-Site-Id
Request-EU
Request-Country
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Fastly-Cache
X-Urbn-Context-Path
X-LJ-Flow-ID
X-Trafficlayer-App-Scope
User-Cache-Control
X-AWS-Id
X-VWS-Id
X-Trafficlayer-App-Name
X-Core-Mission
X-Clara-WADP
X-Distil-CS
X-Clientip
X-Device-Os
X-Compress-Hint
X-Bip
W
X-App-Name
X-Auto-Login
Uber-Trace-Id
True-Client-Country-4JS
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Backend-Host
X-Backend-Url
X-Cache-Info
Thinkindot-CacheControl
X-C
X-Block-Status
X-Distributor
X-BBXSRF
X-Cdn-Origin
X-IN-APIGATEWAY
X-Sn-Servicetimems
X-Swa-Ws
X-Thanos
X-Skip-Cache
X-ServiceProvider
X-Reboot
X-Server-IP
X-Service
X-Thinkindot-L3
X-TrackingId
X-Wikidot-Static-Cache
X-CUA
X-Var-Ttl
X-Wikidot-Backend
X-We-Are-Hiring
X-VServer
X-WADP-Cache
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Geo-Header
X-Hnp-Log
X-IN-APIGATEWAYSSL
X-Generation-Time
X-Generated-On
X-ElasticPress-Search
X-Dc
X-Gen-Mode
X-Level-Front-Cache
X-Location
X-Qloud-Router
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Policy
X-Nginx-Cache-Key
X-Matched-Rule
X-Method
X-Edge-Server
X-GDPR
Gh-Request-Id
Fastly-SWR
Heartbleed
L
Magicmarker
Fastly-SIE
Esi-Enabled
Cdn-Host
CDCHOST
Cdn-Request-Time
Content-Disposition
Countrycode
Pramga
AKAMAI
RNT-Machine
Server-Int
RNT-Time
X-Microcachable
X-Request-Time
X-Servername
X-SayCDN-TTL
X-Say-Cacheable
X-Request-URI
X-Say-TTL
X-Via-CDN
HA-Ipaddr
Ha-Gx-Prefs
X-WebServer
Adler-Geo
X-Variation
X-PHP-Host
X-Li-Pop
X-LI-Proto
X-Li-Fabric
X-Internal-Host
X-GeoIP-City
X-LI-UUID
Cache-Provider
X-Owner
Kp-EeAlive
X-Old-Content-Length
X-MSEdge-Flight
X-MSEdge-Features
X-Platform-Server
Pagetype
X-Proxy-Upstream
X-ProxyCache-Key
X-Proxy-Cache-Status
X-NX-Host
X-Hash
X-Irp-Debug
X-ProxyCache-Status
X-Reqid
X-Is-Gdpr
X-JWT-State
X-Has-Esi
X-Webstats-RespID
X-User
X-Generated-In
X-Eu-Site
Wxu-Next-Region
X-BYPASS-REASON
Wxu-Next-Hostname
Wxu-Next-Commit
Server-Host
X-CGP
X-Debug-Cache-Expiry
X-Debug-Log
X-Dispatch
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Served-By
X-Request-Start
Memory
X-Cache-Id
X-B3-SpanId
Is-Eu
Srv
V-Age
X-Epic-Correlation-Id
X-UA
PFcat
X-Cache-FS-Status
X-Fetched-On
Web-Mar-Node
X-Amz-Meta-Cache-Control
X-Guploader-Uploadid
X-Backend-State
Platform
X-Key
X-Dispatcher-Server
X-Info
X-SD-PageType
X-Org
Resin-Trace
SD-X-WS
Server-ID
X-Cdn-Forward
X-Wa
X-Flog
X-Hello
X-ABtesting
X-COUNTRY
X-FPC
X-Lb-Id
X-NWS-UUID-VERIFY
X-Geo
X-Servedbyhost
X-DC
X-URL
SS
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Svr
X-Unique-ID
REQUESTUUID
X-Response-By
X-Cache-URL
X-Zipkin-Id
X-Ratelimit-Limit
X-IPS-LoggedIn
X-Proxied
X-Routing-Service
X-Be
X-RateLimit-Reset
X-Instart-Isnd
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Country-Code
Cache-Cookie-Set-Idcheck
X-Nc
X-VCL-Version
X-CDN-Forward
X-Cache-Backend
XServer
X-Processor
X-Scheme
X-Page-Type
X-Datadome
X-Dynatrace-Js-Agent
X-NodeID
UCS
CACHE
X-MP-GENERATED-AT
X-Varnish-Beresp-Ttl
X-Pjax-Url
X-SRV
Group
X-Oss-Request-Id
PICS-Label
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
Powered-By-ChinaCache
X-Logtrace-Id
Ajk
X-SN
X-ZONE
X-Oss-Server-Time
X-Ruxit-Js-Agent
Proxy-Firewall
Cache-Host
Dynatrace
X-Oracle-Dms-Rid
ProcessTime
X-Server-W
X-HTML-Minification-Powered-By
X-Webkit-Csp
X-Newrelic-Synthetics
X-Varnish-Beresp-Grace
Powered-By
X-Varnish-Beresp-Status
X-Tb-Optimization-Total-Bytes-Saved
X-HS-Status
X-Ftr-Request-Id
X-Dynatrace
X-Grey
X-Via-Ucdn
Ttl
X-Cache-Category-Id
X-Ms-Request-Id
SN
X-Ms-Version
X-Pf-Uncompressing
X-EC-Lua
X-GRACE
X-Zone
X-Source
X-Ratelimit-Remaining
Geoip-Latitude
X-APP
GeoIP-City
X-TH-Server
GeoIP-Latitude
GeoIp-Country-Code
X-FORWARDED-FOR
Geoip-City
X-Session-Fingerprint
Fastly-Backend-Name
Lfy
GeoIP-Country-Code
X-Sucuri-Id
X-Varnish-Beresp-TTL
X-LiteSpeed-Cache-Control
X-Agile-Age
X-PF-Uncompressing
X-Cache-Debug
X-Agile
MIME-Version
X-Agile-Id
X-NODE
X-Check-Cacheable
GW-Server
X-Fastly-Country-Code
X-Ftr-Cache-Host
X-BC
X-7Graus-Varnish-Cache-Control
X-LAGOON
Environment
LB
X-Tt-Trace-Host
Cdn
X-7Graus-Varnish-XKeys
X-Logging-Id
X-Bc
X-RCS-CacheZone
X-Aicache-OS
Pics-Label
X-Cache-Miss-From
X-Varnish-Url
X-Secret
CF-Cached-On
X-Gannett-Site-Version
X-Edge
X-Sedo-Request-Id
X-Cache-Ttl
WWW
WZWS-RAY
X-PJAX-URL
M-TraceId
X-CSRF-Token
X-Ftr-Balancer
X-Ftr-Realm
X-Unique-Id
X-Ftr-Dc
X-Ftr-Backend
X-Ftr-Backend-Server
X-Mid
On-Server
X-Varnish-Cacheable
X-Cache-Tag
Ohc-Response-Time
Requestid
X-CDN-Cache
X-Core-Value
X-Akamai-SSL-Client-Sid
X-Sucuri-ID
Cf-Ipcountry
X-UPSTREAM-Address
X-Varnish-Ttl
Cdnsip
User-Agent
DataCenter
X-MCACHE
X-GeoIP-Country-Code
X-Fastly-Backend-Reqs
Cdncip
X-Vcl-Version
X-AK-Request-ID
X-Litespeed-Cache-Control
Amp-Access-Control-Allow-Source-Origin
Inserted-Into-Cache-At
CDN
X-Vdms-Version
X-Sucuri-Cache
X-BE
X-TT-LOGID
X-SERVER-NAME
X-Swift-Error
Lb
X-NGINX-Cache
X-DI
SID
X-Action
X-DSS
X-Sigma-Backend
X-DB
X-RPM
X-Proxy-Cacherz
URI
Xkeyrz
X-Rocket-Build-Number
X-Sigma
X-NU-AKA-ACS-Version
X-RSL
RequestUuid
X-Fstrz
X-DW
X-RPS
HostName
Pragrma
X-Planisys-CDN-TTL
X-Crawler
Host-ID
X-Shopify-Generated-Cart-Token
Who
X-Render-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Correlation-ID
Is-Session-Tracking
Get-Access-Time
X-Page-Impression-Id
Warning
X-Flow-Id
X-Via-NSCOPI
X-Fpc
X-LB-ID
X-Refresh
X-Fastly-Cache-Hits
X-WR-MODIFICATION
Server-Id
X-ServedByHost
X-WA
Xkeypdq
X-Zalando-Child-Request-Id
X-Nananana
X-FE
X-Micro-Cache
X-SB
FNAC-ModuleRouting
X-TIME
X-MID
X-VC
X-Cdn-Request-ID
Correlation-Id
X-Cf-Powered-By
X-Akamai-ERRuleID
TTL
X-Gen-Id
X-LiteSpeed-Tag
X-Trafficlayer-App-Version
X-Akamai-ERPolicy
X-MiniProfiler-Ids
X-Bug-Bounty
X-Fe
X-ServerName
HitType
X-ECache
X-Request-URL
Processtime
X-Via-SSL
X-Via-Edge
X-Gdpr
V-Cache
Xet-Cookie
X-Dw-Trace-Id
Cneonction
X-Served-From
X-Newrelic-App-Data
RequestId