Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
Content-Encoding
X-Content-Security-Policy
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Buckets
X-Request-ID
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Ua-Compatible
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-AH-Environment
X-Server
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Cdn
P3p
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
Feature-Policy
X-Amz-Version-Id
X-Device
X-WebKit-CSP
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
Report-To
EagleEye-TraceId
X-Cloud-Trace-Context
X-Response-Time
X-Backend-Server
Request-Id
X-Host
X-Node
Content-Location
X-Readtime
X-Origin-Cache
X-Vhost
X-Cache-Lookup
X-Application-Context
X-ORACLE-DMS-ECID
X-Dispatcher
X-DataDome
NEL
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Rack-Cache
Surrogate-Control
X-HW
X-Dns-Prefetch-Control
Allow
Rating
X-Country-Code
X-Clacks-Overhead
X-Country
X-Url
X-FTR-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Instart-Request-ID
X-MS-InvokeApp
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-TTL
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
Public-Key-Pins
RTSS
X-Px
X-B3-TraceId
X-Mod-Pagespeed
Edge-Control
X-ESI
X-Middleton-Display
X-Sol
X-VARITI-CCR
Display
X-Middleton-Response
Response
X-Recruiting
X-Ah-Environment
X-CST
X-Cdn-Fetch
X-Exp-Id
X-Use-Magma
X-Exp-Variant
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-D2id
SPRequestGuid
X-SharePointHealthScore
Service-Worker-Allowed
X-Akam-SW-Version
X-Vcap-Request-Id
X-Version
Accept-Ch-Lifetime
SPRequestDuration
SPIisLatency
X-Server-Name
X-GitHub-Request-Id
X-Abt-Application-Version
MS-Author-Via
X-Powered-CMS
TCN
X-Navigation-Version
X-Shard
Accept-CH
X-Trace
Charset
Fastly-Restarts
X-Upstream
Nginx-Cache
X-RateLimit-Remaining
Realpath
X-Amz-Rid
X-Debug
X-Amz-Server-Side-Encryption
X-Aspnetmvc-Version
AR-ATIME
Ar-Sid
AR-PoweredBy
AR-CACHE
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-VCache
X-Ezoic-Cdn
X-Cached
Front-End-Https
X-NF-Request-ID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-MSEdge-Ref
AR-Request-ID
Pagespeed
X-Shield-Request-Id
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-XRDS-Location
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-FTR-Cache-Status
Content-MD5
X-Country-Code-Real
X-FTR-Expires
MicrosoftSharePointTeamServices
Paypal-Debug-Id
DynaTrace
X-Id
X-Goog-Storage-Class
X-Amz-Meta-S3cmd-Attrs
X-T
S
X-Fastly-Request-ID
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
ServerID
X-Varnish-Age
X-Via-JSL
X-Ser
X-DynaTrace-JS-Agent
X-Client-IP
X-Content-Type
X-Accel-Expires
X-Dw-Request-Base-Id
X-Correlation-Id
X-Grace
X-Hits
Accept-Ch
X-Forwarded-For
Fastcgi-Cache
X-Amzn-Trace-Id
Powered
X-Content-Digest
X-Frontend
X-FastCGI-Cache
Edge-Cache-Tag
X-N
X-DIS-Request-ID
AMP-Access-Control-Allow-Source-Origin
PB-RID
X-Mobile-Rewrite
PB-PID
Arc-Version
X-FTR-Cache-Host
X-HS-Hub-Id
X-HS-Content-Id
Server-Name
X-Logged-In
X-Server-ID
TP-Cache
TP-L2-Cache
X-Pinterest-Rid
Pinterest-Version
X-Request-Handler-Origin-Region
X-GUploader-UploadID
X-Microsite
X-Request-Processing-Time
X-Request-Received
X-RateLimit-Limit
X-Fastcgi-Cache
X-Kinsta-Cache
X-Zen-Fury
X-B3-Sampled
X-Time
X-Cache-Age
X-Revision
X-IPLB-Instance
X-AppVersion
X-User-Agent
X-Activity-Id
X-Rid
X-Az
X-Type
Healthy
Backend-Timing
X-LB-Cache
X-Analytics
X-Whom
X-Cache-Hit
Retry-After
X-Node-Name
X-Srv
FilterID
X-Vcache
X-NWS-LOG-UUID
Server-Node
X-F-Cache
Alternate-Protocol
X-SERVER
Accept-Charset
X-Hp-Webp
X-Cache-Rule
X-Cache-2
Cache-Tag
Cache-Status
X-Akamai-Edgescape
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Webkit-CSP
X-Content-Options
X-Content-Security-Policy-Report-Only
Surrogate-Key
Refresh
X-Amzn-RequestId
Tracecode
DC
X-Amz-Apigw-Id
X-Forwarded-Host
X-Instance
X-Tumblr-Pixel-0
X-Framework
VIX-Pulpo-Upstream-Status
MS-CV
X-Content-Powered-By
X-AOL-HN
X-Tumblr-User
VIX-Pulpo-Node
X-Tumblr-Pixel
X-Varnish-Grace
X-App-Environment
Access-Control-Allow-Method
Source
X-Jobs
X-Debug-Info
X-PHP-Backend
X-Cluster
X-Page-Id
X-TA-CDN-Provider
X-FB-Debug
X-Request-Guid
Fastcgi-Useragent
X-Cache-TTL
X-App-Server
X-FW-Hash
X-B
X-FW-Serve
X-FW-Type
X-FW-Server
X-FW-Static
X-Cache-Operation
Frame-Options
Actual-Object-TTL
Host
X-Mobile-URL
X-Seen-By
X-B3-Traceid
X-Cache-Key
X-Hostname
NR-ENABLED
X-Geo-Country
X-Cache-Control
Cleartype
X-Signature
X-Host-Name
X-B-Cache
X-Cached-By
X-BCube-Filmed-By
X-Pad
Upgrade-Insecure-Requests
X-Mobile
X-Git-Hash
NGB
X-TT
X-Response-Served-From
X-Acc-Meta-Resource-Type
X-Varnish-Backend
X-WebKit-CSP-Report-Only
X-Adobe-Loc
X-Amz-Replication-Status
X-Adobe-Content
GEO-INFO
X-ATG-Version
WPE-Backend
Cache-Tv-Group
X-ProcessESI
X-RTag
Eomportal-Instance
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-UA-Device-Type
Filters
X-Presslabs-Stats
X-Daa-Tunnel
Payment
Webserver
Ms-Operation-Id
X-Drupal-Cache-Tags
X-RequestSource
X-Handled-By
X-GeoIP
X-RemovedCookies
X-TT-TIMESTAMP
From-Origin
X-Origin-Server
X-Cacheable-TTL
X-TX-ID
Liferay-Portal
X-Status
X-Cache-Remote
X-EdgeConnect-Cache-Status
X-FW-Dynamic
X-Cache-TTL-Remaining
X-WA-Info
Xserver
X-Esi
Accept-CH-Lifetime
X-Wix-Request-Id
X-HS-Cache-Config
X-Element-Page-Cache
X-Cache-Action
X-Content-Age
X-Hyper-Cache
X-Contextid
X-Edge-Location
X-Region
Viewport
X-Ratelimit-Reset
Datacenter
Version
Cache
X-CF-Powered-By
X-XRDS-LOCATION
X-Varnish-Hostname
Ohc-File-Size
X-Storage
X-Tec-Api-Root
PageSpeed
X-Tec-Api-Version
X-Tec-Api-Origin
X-Cache-NE
X-Akamai-Transformed
X-Accel-Buffering
X-Cache-Server
Host-Header
Meta-Geo
X-ES-SERVER
Load-Balancing
X-Cache-Var
X-Cache-Var-Map
X-Varnish-Server
X-RN-RSRV
X-Path-Route
X-IP
Cache-Tags
X-Proxy
X-Proto
Ohc-Cache-HIT
Cache-Name
X-PressLabs-Stats
X-Cache-Enabled
TWC-Connection-Speed
X-Device-Type
TWC-GeoIP-Country
X-Section
X-R9-Blue-Green-Version
TWC-Device-Class
Release
X-TNCMS
Mn-Server-Ip
Ec-Rule-Version
Country
Cache-Hits
S-Cnection
Property-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
Rt-Fastcgi-Cache
X-Cache-Config
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
X-CS
Vix-Hermes-Req-Id
X-Viewer-Country
X-NCache
X-Origin-Hint
TWC-Locale-Group
Webcakes-Region
Webcakes-App-Name
X-Origin-Response-Time
Webcakes-App-Version
X-Access
TWC-Privacy
TWC-GeoIP-LatLong
X-Via-Fastly
X-Akamai-Request-ID
X-Cluster-Node
X-Loop
X-Human
X-Xfnlog-Site
X-From
DSUID
Azure-Version
Azure-SlotName
Azure-SiteName
X-Origin
DB-Nickname
X-Cache-Grace
X-Cache-Host
X-Timing-Wait
S-Rt
X-EIG-Tracking-Id
X-Rule
X-Backend-TTL
X-Cache-Time
X-VCT
X-Proxy-Build
X-Backend-Name
X-OCL
X-Akamai-Request-ID2
X-Drupal-Cache-Contexts
X-PCL
X-Debug-Cache
X-Labrador-Cache-Channel
X-FC-Vary-Parameters
X-Format
Azure-RegionName
X-Web-Node
X-Upgrade-Enabled
X-Trace-Id
X-UnsetCookies
X-Www-Served-By
Selected-Fe
Azure-InstanceId
X-Ttl
X-NewRelic-App-Data
X-Hosted-By
X-Hit
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Locale
X-Vgn-Hpd-Reason
X-Time-Microsecs
X-Site-Version
X-PERF
X-ApacheServer
X-JoinUs
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Cache-Key
Server-Info
X-CCM
X-HS-Combine-CSS
X-FireWall-Port
X-Upstream-CT
Time
X-Upstream-HT
X-NGENIX-Cache
X-OVcl-Cache
X-OVcl
X-S
X-Rendered-As
X-Varnish-Hits
X-FW-Version
X-Real-IP
Now
X-Ua
L5d-Success-Class
X-Upstream-Proxy
X-Pubstack
X-Redis-Cache
X-Litespeed-Cache
X-SS-Set-Cookie
Origin-Edge-Control
Origin-Cache-Control
Fastcgi-X-Cache-Version
OT-Force-Account-Verify
X-APP-VERSION
Access-Control-Request-Headers
ServedBy
X-VG-TLSProxy
X-FB-TRIP-ID
Fastly-SSL
Origin
Cteonnt-Length
Hostname
X-VG-WebCache
X-ShopId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-UUID
X-Sorting-Hat-ShopId
X-Cluster-Name
NtCoent-Length
X-Parent-Response-Time
X-Alternate-Cache-Key
X-Load-Cache
X-Origin-TTL
X-Origin-CC
X-Tb
Accept-Language
Machine
X-ServerID
X-GoCache-CacheStatus
X-Soup
X-Rocket-Nginx-Bypass
X-Trafficlayer-App-Scope
X-App-Version
Mime-Version
X-B3-Spanid
X-Trafficlayer-App-Name
IBM-Web2-Location
X-ECACHE
Nel
X-No-Session
SRV
X-Environment-Context
X-L-Path
X-CSRF-TOKEN
NGX
X-Tt-Trace-Tag
X-Is-Bot
X-Uri
X-B3-Parentspanid
X-NC
X-CACHE-KEY
X-UA
CF-IPCountry
X-MServer
Odigeo-Trace-Id
X-Oneagent-Js-Injection
Xc-Version
Apple-News-Services-Host
Apple-News-Services-Handled
A
X-Node-Id
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cache-Prefix
BehaviorPad-Version
AsisCache
Arc-Country
Content-Script-Type
X-A
X-DPWN-IS-SECURE
X-Developer
X-External-Request-Id
X-G
X-Hl-Ver
X-Detected-As
X-Destination
X-Connection-Hash
X-CF-Lambda-Version
X-D
X-Vtex-Processado-Em
X-Date
X-Instart-Info
X-PAYTM-SRV-ID
X-Transaction
X-SRCache-Key
X-Trv-Group
X-Twitter-Response-Tags
X-VG-WebServer
X-Server-Time
X-ScT
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-CF-Lambda-Fn
X-B-Cookie
Node
Mobile-Detection-Method
Rendered-Blocks
Rt-Proxy-Cache
ServerName
Meta-Geo-Continent
Memcached
Fly-Cache
Cross-Origin-Window-Policy
Fly-Request-Id
GEO-REGION-INFO
MD5-Digest
T-Server
Viewtype
X-Aed
X-Vtex-Remote-Cache
X-AIR-PT
X-Application
X-ARC
X-Worker
X-A-Wwc
X-A-Ccd
VivaBuild
X-A-Dam
X-A-Dcw
X-A-Dgt
Content-Style-Type
X-Accel-Expires-Debug
Request-Time
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
X-Magnolia-Registration
Proxy-Connection
We-Hiring
X-GEO
Backend-Name
Mail-Subject
Akamai-GRN
X-ProxyCache-Key
X-BYPASS-REASON
Fastly-Soc-X-Request-Id
X-Fastly-Cache
Uber-Trace-Id
X-SVT-ORM-RULES
X-Azure-Ref-OriginShield
X-Azure-Ref
X-S-Maxage
X-SIPLIST1
X-Up
X-Release
X-SVT-ORM-VERSION
X-ProxyCache-Status
X-Origin-Expires
Request-Country
Request-EU
X-Is-Gdpr
X-Cdn-Srv
X-Cms-Context
X-Compress-Hint
N-Cache
X-JWT-State
Section-Io-Cache
IsBot
X-Developers
X-Nginx-Cache
X-Cache-Bucket
X-Var-Ttl
X-Origin-Date
X-CUA
X-VC-Cache
X-Has-Esi
X-Generated-By
X-Info
User-Cache-Control
X-Hnp-Log
Server-Int
Server-Host
Served-By
X-Debug-Cache-Fetch
X-B3-SpanId
X-Hash
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-C
X-Debug-Cache-Expiry
X-Cache-Info
X-Core-Mission
X-Level-Front-Cache
X-Cdn-Origin
X-CGP
X-Clientip
X-Irp-Debug
RNT-Machine
X-Geo-Header
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
RNT-Time
Pramga
X-Generation-Time
X-AWS-Id
X-Debug-Cookies
X-Guploader-Uploadid
X-LJ-Flow-ID
X-Backend-Host
X-Distributor
X-Auto-Login
X-Device-Os
X-Debug-Log
X-Dispatch
Pagetype
X-Distil-CS
X-ElasticPress-Search
X-Debug-Cache-Store
X-Bip
W
X-Gen-Mode
X-Block-Status
X-Generated-On
X-BBXSRF
X-Eu-Site
Wxu-Next-Region
X-Backend-Url
Wxu-Next-Hostname
Wxu-Next-Commit
X-App-Name
Magicmarker
CDCHOST
X-Reqid
X-Dc
X-Server-IP
AKAMAI
X-VWS-Id
Content-Disposition
X-Rebelmouse-Surrogate-Control
Fastly-SIE
Fastly-SWR
Esi-Enabled
X-Rebelmouse-Cache-Control
Countrycode
X-Service
X-Skip-Cache
X-We-Are-Hiring
X-WADP-Cache
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-User
X-Swa-Ws
X-Sn-Servicetimems
X-Thanos
X-Thinkindot-L3
X-TrackingId
X-Qloud-Router
X-Reboot
L
Kp-EeAlive
HA-Ipaddr
Ha-Gx-Prefs
X-NX-Host
X-Clara-WADP
X-Location
X-Matched-Rule
X-Method
X-Nginx-Cache-Key
Gh-Request-Id
Heartbleed
X-Proxy-Upstream
X-Proxy-Cache-Status
Srv
X-Microcachable
X-Li-Fabric
X-NWS-UUID-VERIFY
X-Urbn-Context-Path
X-Li-Pop
X-MSEdge-Features
X-Fetched-On
X-MSEdge-Flight
X-Urbn-Site-Id
X-Generated-In
X-LI-UUID
X-Lb-Id
X-Key
X-Via-CDN
X-Variation
X-RateLimit-Remaining-Second
X-WebServer
X-Old-Content-Length
X-Epic-Correlation-Id
X-Mode
X-Say-Cacheable
X-Request-URI
X-PHP-Host
X-Owner
X-Request-Start
X-Edge-Server
X-Say-TTL
X-Dispatcher-Server
X-GeoIP-City
X-Servername
X-LI-Proto
X-Platform-Server
X-Geo
X-SayCDN-TTL
X-Nc
X-RateLimit-Limit-Second
X-Policy
X-Internal-Host
X-Amz-Meta-Cache-Control
Locale
Adler-Geo
Cache-Provider
Cdn-Host
Is-Eu
Web-Mar-Node
Cdn-Request-Time
X-Backend-State
PFcat
Memory
Platform
X-Cache-Id
X-Cache-FS-Status
X-Ratelimit-Limit
X-Cdn-Forward
Server-ID
True-Client-Country-4JS
X-ServiceProvider
Resin-Trace
X-SD-PageType
X-GDPR
SD-X-WS
X-Request-Time
X-DataStream-Cache-Status
X-Org
V-Age
X-FPC
X-Svr
X-Cache-URL
X-Be
X-Instart-Isnd
X-ABtesting
REQUESTUUID
X-Flog
X-Hello
SS
X-DC
X-Scheme
X-Wa
X-IPS-LoggedIn
X-Cache-Backend
X-Processor
Country-Code
X-Response-By
X-Unique-ID
X-Servedbyhost
X-Datadome
X-CDN-Forward
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Routing-Service
X-Zipkin-Id
Group
X-Proxied
X-RateLimit-Reset
X-Pjax-Url
X-Page-Type
X-NodeID
Cache-Host
X-Server-W
UCS
X-VCL-Version
X-SN
X-Ruxit-Js-Agent
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
PICS-Label
X-Oracle-Dms-Rid
X-MP-GENERATED-AT
X-Webkit-Csp
XServer
Ajk
X-HS-Status
X-SRV
X-Tb-Optimization-Total-Bytes-Saved
X-Ms-Version
X-Ms-Request-Id
X-Via-Ucdn
X-Ftr-Request-Id
X-Varnish-Beresp-Ttl
X-Dynatrace-Js-Agent
X-Logtrace-Id
ProcessTime
X-Dynatrace
X-EC-Lua
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-COUNTRY
Proxy-Firewall
Powered-By-ChinaCache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-URL
X-Zone
X-Source
X-GRACE
X-Pf-Uncompressing
X-APP
X-HTML-Minification-Powered-By
CACHE
Lfy
Geoip-City
GeoIp-Country-Code
SN
Geoip-Latitude
X-Session-Fingerprint
Powered-By
X-ZONE
Ttl
X-Newrelic-Synthetics
X-Ratelimit-Remaining
X-Varnish-Beresp-TTL
X-Grey
X-Cache-Category-Id
X-Agile-Age
X-Agile-Id
X-Cache-Debug
X-Agile
X-TH-Server
X-PF-Uncompressing
X-Fastly-Country-Code
Dynatrace
GeoIP-Latitude
GeoIP-Country-Code
GeoIP-City
X-NODE
Environment
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
Fastly-Backend-Name
X-Ftr-Cache-Host
X-Sucuri-Id
X-Logging-Id
X-LiteSpeed-Cache-Control
X-CSRF-Token
Cdn
X-Tt-Trace-Host
X-Aicache-OS
X-Cache-Miss-From
X-Sedo-Request-Id
X-Check-Cacheable
X-Sucuri-ID
X-Bc
X-Edge
CF-Cached-On
GW-Server
Pics-Label
MIME-Version
X-Unique-Id
WWW
X-Core-Value
X-LAGOON
M-TraceId
X-Vcl-Version
LB
X-Ftr-Dc
X-Ftr-Realm
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Ftr-Backend
X-Mid
Requestid
X-UPSTREAM-Address
Ohc-Response-Time
X-Gannett-Site-Version
X-Secret
X-RCS-CacheZone
X-Varnish-Url
X-Fastly-Backend-Reqs
X-BC
Cf-Ipcountry
HostName
X-NGINX-Cache
X-Varnish-Ttl
X-Sucuri-Cache
X-Cache-Tag
DataCenter
X-MCACHE
X-Vdms-Version
WZWS-RAY
X-FORWARDED-FOR
X-PJAX-URL
Amp-Access-Control-Allow-Source-Origin
X-AK-Request-ID
X-Rocket-Build-Number
X-Sigma
Cdnsip
X-CDN-Cache
X-Varnish-Cacheable
X-Sigma-Backend
X-Litespeed-Cache-Control
Cdncip
On-Server
X-Fstrz
X-TT-LOGID
X-Swift-Error
Lb
X-Planisys-CDN-Rules
X-Action
Xkeyrz
X-Shopify-Generated-Cart-Token
X-Proxy-Cacherz
X-DB
X-Planisys-CDN-TTL
X-DSS
X-RSL
X-Planisys-CDN-Cache
Pragrma
X-RPS
X-RPM
X-Cache-Ttl
X-DW
X-DI
X-BE
User-Agent
X-ServedByHost
URI
X-GeoIP-Country-Code
X-Akamai-SSL-Client-Sid
RequestUuid
X-Via-NSCOPI
Host-ID
CDN
Inserted-Into-Cache-At
X-WA
X-Webapp-Samesite-None-Activated-N
X-Correlation-ID
Is-Session-Tracking
Get-Access-Time
SID
Warning
X-WR-MODIFICATION
Xkeypdq
X-Fpc
X-Page-Impression-Id
TTL
X-Fastly-Cache-Hits
X-NU-AKA-ACS-Version
X-Flow-Id
Server-Id
Who
X-Zalando-Child-Request-Id
X-Crawler
X-Nananana
Correlation-Id
X-SB
X-VC
X-Render-Time
X-ND-Cache
X-FE
X-MID
X-Refresh
X-Upstream-Ct
X-ORACLE-APMCS-TAG
X-Cf-Powered-By
X-ORACLE-APMCS-REQUEST-ID
X-Upstream-Ht
X-SaId
X-Trafficlayer-App-Version
X-Gdpr
X-Akamai-ERPolicy
HitType
X-Dw-Trace-Id
Cneonction
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
FNAC-ModuleRouting
X-Akamai-ERRuleID
X-Request-URL
X-ServerName
RequestId
X-MiniProfiler-Ids
Xet-Cookie
X-Newrelic-App-Data
X-LB-ID
Processtime
X-LiteSpeed-Tag
X-Bug-Bounty
X-Gen-Id
X-ECache
V-Cache