Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-Template
X-DNS-Prefetch-Control
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-FRAME-OPTIONS
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
P3p
X-Age
EagleId
X-CDN
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Envoy-Upstream-Service-Time
X-Pingback
X-AH-Environment
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-Cdn
Server-Timing
Feature-Policy
X-WebKit-CSP
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-OneAgent-JS-Injection
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Node
X-Response-Time
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
NEL
X-Dispatcher
Surrogate-Control
Allow
X-Rack-Cache
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-HW
X-Country
X-TTL
Rating
X-Country-Code
X-ORACLE-DMS-RID
X-FTR-Request-ID
X-Url
X-DataDome
X-Clacks-Overhead
X-DynaTrace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-Varnish-TTL
X-MS-InvokeApp
X-Goog-Hash
X-CST
X-Vname
X-TtlSet
X-PC
X-Px
RTSS
Verso
Edge-Control
X-Powered-By-Plesk
Public-Key-Pins
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja
Pinterest-Generated-By
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-D2id
X-Middleton-Response
X-Middleton-Display
X-Sol
Display
Response
Accept-CH
SPRequestGuid
X-Vcap-Request-Id
X-Version
X-SharePointHealthScore
X-RateLimit-Remaining
MS-Author-Via
X-Akam-SW-Version
TCN
X-Abt-Application-Version
X-Navigation-Version
X-GitHub-Request-Id
X-B3-TraceId
X-Powered-CMS
Accept-Ch-Lifetime
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Upstream
X-Forwarded-Proto
X-Shard
SPIisLatency
SPRequestDuration
X-Amz-Server-Side-Encryption
Ar-Sid
AR-ATIME
AR-CACHE
AR-PoweredBy
Charset
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Realpath
X-XRDS-Location
X-Ah-Environment
Fastly-Restarts
X-Amz-Rid
X-Aspnetmvc-Version
Nginx-Cache
X-Trace
X-Debug
X-ESI
Front-End-Https
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Shield-Request-Id
X-Cached
AR-Request-ID
X-Ezoic-Cdn
X-Server-Name
Paypal-Debug-Id
X-Goog-Generation
X-MSEdge-Ref
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-NF-Request-ID
Access-Control-Request-Method
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
Arr-Disable-Session-Affinity
DynaTrace
Pagespeed
ServerID
X-Id
Content-MD5
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
MicrosoftSharePointTeamServices
X-Vcache
X-T
X-Goog-Storage-Class
X-Client-IP
S
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Content-Type
X-Dw-Request-Base-Id
X-Via-JSL
X-DynaTrace-JS-Agent
X-Varnish-Age
X-Hits
X-Amzn-Trace-Id
X-RateLimit-Limit
X-N
X-VCache
X-SERVER
Fastcgi-Cache
X-Correlation-Id
X-FTR-Cache-Host
X-Frontend
X-Mobile-Rewrite
PB-PID
X-Content-Digest
Arc-Version
PB-RID
X-B3-Traceid
X-FastCGI-Cache
X-Grace
Powered
Server-Name
X-Logged-In
X-Forwarded-For
X-Ser
X-Accel-Expires
X-DIS-Request-ID
X-B3-Sampled
AMP-Access-Control-Allow-Source-Origin
X-Esi
X-HS-Content-Id
X-HS-Hub-Id
X-Zen-Fury
X-Microsite
X-Request-Handler-Origin-Region
TP-Cache
TP-L2-Cache
X-Request-Processing-Time
X-Request-Received
X-Fastcgi-Cache
X-GUploader-UploadID
X-Cache-Age
Accept-Ch
X-Type
X-Kinsta-Cache
FilterID
X-IPLB-Instance
X-Activity-Id
X-Revision
X-Rid
X-AppVersion
X-User-Agent
X-Az
Healthy
X-Analytics
Backend-Timing
X-LB-Cache
Edge-Cache-Tag
X-Node-Name
X-Acc-Meta-Resource-Type
X-F-Cache
X-Whom
X-Srv
X-Time
X-Cache-2
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Retry-After
X-Amz-Apigw-Id
X-Amzn-RequestId
X-NWS-LOG-UUID
Alternate-Protocol
Accept-Charset
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-AOL-HN
X-Cache-Rule
Cache-Status
Server-Node
X-Content-Options
DC
Surrogate-Key
X-Akamai-Edgescape
X-Content-Powered-By
Refresh
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Debug-Info
X-Jobs
X-FW-Hash
X-Instance
X-Content-Security-Policy-Report-Only
X-FW-Type
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Framework
X-FW-Serve
X-FW-Server
X-Tumblr-User
X-Forwarded-Host
X-FW-Static
X-PHP-Backend
Access-Control-Allow-Method
X-Varnish-Grace
X-App-Environment
Source
X-Page-Id
X-Cluster
X-FB-Debug
X-B
X-Request-Guid
X-Hostname
MS-CV
X-Hp-Webp
Fastcgi-Useragent
Host
X-DataStream-Cache-Status
X-App-Server
Frame-Options
Cleartype
X-B-Cache
X-Cache-Key
X-Signature
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-BCube-Filmed-By
Actual-Object-TTL
X-Cache-Operation
Tracecode
X-Cached-By
X-Ratelimit-Reset
X-TA-CDN-Provider
Cache-Tag
X-Mobile-URL
X-Varnish-Backend
X-Geo-Country
X-TT
X-Amz-Replication-Status
X-Cache-Control
Liferay-Portal
X-Pad
X-Mobile
X-Seen-By
X-PressLabs-Stats
Accept-CH-Lifetime
Xserver
X-Git-Hash
X-Host-Name
NGB
X-Response-Served-From
X-ATG-Version
X-Adobe-Content
X-Adobe-Loc
Filters
Upgrade-Insecure-Requests
Payment
WPE-Backend
Eomportal-Instance
X-TT-TIMESTAMP
X-Status
X-FW-Dynamic
X-Cacheable-TTL
X-RTag
X-GeoIP
X-ProcessESI
X-Handled-By
X-UA-Device-Type
Ms-Operation-Id
X-WA-Info
X-RemovedCookies
Cache-Tv-Group
X-RequestSource
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
From-Origin
X-TX-ID
X-Drupal-Cache-Tags
X-Tumblr-Pixel-1
X-Upstream-Proxy
GEO-INFO
X-Content-Age
X-Cache-TTL-Remaining
Webserver
X-Cache-Remote
X-Edge-Location
X-Cache-TTL
X-Webkit-CSP
Datacenter
Cache
X-Storage
X-Daa-Tunnel
Viewport
X-Accel-Buffering
X-Cache-Action
X-Varnish-Hostname
X-Origin-Server
X-EdgeConnect-Cache-Status
Version
X-CF-Powered-By
X-Oracle-Dms-Rid
X-Hyper-Cache
X-Ua
X-Contextid
Host-Header
X-Yottaa-Metrics
X-Region
X-Yottaa-Optimizations
PageSpeed
X-Wix-Request-Id
SRV
X-Akamai-Transformed
X-Varnish-Server
X-Akamai-Request-ID2
Meta-Geo
X-RN-RSRV
X-Cache-Var
X-Path-Route
Load-Balancing
X-Cache-Var-Map
X-ES-SERVER
S-Cnection
X-IP
Cache-Name
X-From
X-Oneagent-Js-Injection
X-Trace-Id
Cache-Hits
X-Site-Version
Cache-Tags
X-Proto
X-Locale
X-Cache-Enabled
Rt-Fastcgi-Cache
X-Origin-Response-Time
Decoy-Debug-Status
X-Origin-Hint
X-Origin
Decoy-Debug-Key
X-PERF
X-Proxy
X-ApacheServer
X-Akamai-Request-ID
Decoy-Debug-TTL
X-Proxy-Build
NR-ENABLED
X-NCache
X-Loop
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-EIG-Tracking-Id
X-Cluster-Node
X-CS
Vix-Hermes-Req-Id
X-Cache-Host
X-Labrador-Cache-Channel
DB-Nickname
Country
X-Cache-Config
X-Access
X-R9-Blue-Green-Version
X-Section
Webcakes-App-Name
X-Varnish-Cache-Hits
TWC-Device-Class
Selected-Fe
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-GeoIP-Country
X-Viewer-Country
X-Via-Fastly
X-Upgrade-Enabled
Property-Id
TWC-Locale-Group
X-UnsetCookies
Mn-Server-Ip
TWC-Privacy
Webcakes-Region
Webcakes-App-Version
Now
X-Time-Microsecs
X-Tumblr-Pixel-3
X-Timing-Wait
X-TNCMS
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-CCM
S-Rt
Release
X-Debug-Cache
DSUID
X-Backend-TTL
X-Cache-Grace
Azure-Version
Cache-Key
Azure-SlotName
X-FireWall-Port
X-Device-Type
X-PCL
X-OCL
X-JoinUs
X-Upstream-CT
X-Upstream-HT
Ec-Rule-Version
X-Xfnlog-Site
X-Www-Served-By
X-Web-Node
X-Human
X-Rule
X-FW-Version
X-Format
X-FC-Vary-Parameters
X-Hit
X-Drupal-Cache-Contexts
OT-Force-Account-Verify
X-Hosted-By
X-Varnish-Hits
X-S
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Backend-Name
Server-Info
Ohc-File-Size
X-Cache-Time
Time
ServedBy
X-Cache-Server
X-Rendered-As
X-Cache-NE
X-Presslabs-Stats
X-VG-TLSProxy
X-VG-WebCache
X-Shopify-Stage
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-VCT
X-Sorting-Hat-PodId
X-NewRelic-App-Data
Hostname
X-APP-VERSION
X-FB-TRIP-ID
X-Mode
X-Vgn-Hpd-Reason
Accept-Language
Cteonnt-Length
X-Tb
Ohc-Cache-HIT
X-Redis-Cache
Fastcgi-X-Cache-Version
Machine
X-OVcl
X-OVcl-Cache
X-Nginx-Cache
X-B3-Spanid
X-Server-ID
X-No-Session
Origin
X-Real-IP
NtCoent-Length
X-Pubstack
Origin-Edge-Control
Origin-Cache-Control
X-Environment-Context
X-Generated-By
X-CSRF-TOKEN
X-L-Path
X-Request-Time
L5d-Success-Class
X-GEO
X-NC
X-LJ-Flow-ID
Access-Control-Request-Headers
X-VWS-Id
Odigeo-Trace-Id
X-HS-Cache-Config
X-AWS-Id
X-Load-Cache
X-Tt-Trace-Tag
Fastly-SSL
X-Amzn-Remapped-Content-Length
X-App-Version
We-Hiring
X-Endurance-Cache-Level
X-Magnolia-Registration
Mail-Subject
IBM-Web2-Location
X-DC
X-Parent-Response-Time
Akamai-GRN
Mime-Version
X-Cluster-Name
Nel
X-B3-Parentspanid
X-UUID
X-CACHE-KEY
X-XRDS-LOCATION
X-Routing-Service
X-GoCache-CacheStatus
X-ECACHE
X-MServer
Request-Time
X-NGENIX-Cache
X-Zipkin-Id
X-Soup
Proxy-Connection
X-Proxied
X-Urbn-Site-Id
Locale
X-Via-CDN
X-ServerID
X-Urbn-Context-Path
X-Rocket-Nginx-Bypass
X-Developer
X-Is-Bot
Fly-Cache
Fly-Request-Id
X-Region-Sid
X-Server-Time
X-External-Request-Id
A
X-Instart-Info
X-SRCache-Key
X-Detected-As
X-D
X-Connection-Hash
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-SS-Set-Cookie
X-Date
Cross-Origin-Window-Policy
Uber-Trace-Id
X-Destination
GEO-REGION-INFO
X-Release
BehaviorPad-Version
X-Edge-Server
Cache-Prefix
X-DPWN-IS-SECURE
AsisCache
Arc-Country
Apple-News-Services-Parsed-Url
X-S-Cookie
Apple-News-Services-Request-Url
X-S-Maxage
Apple-News-Services-Handled
Memcached
X-G
Content-Style-Type
X-Node-Id
X-ScT
Cdn-Host
Cdn-Request-Time
Content-Script-Type
Apple-News-Services-Host
MD5-Digest
X-Rojux
T-Server
X-AIR-PT
X-Aed
X-Application
X-Rewrite-Enabled
X-Twitter-Response-Tags
X-Worker
Rt-Proxy-Cache
X-ARC
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A
X-VG-WebServer
VivaBuild
X-A-Dgt
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Viewtype
X-Trv-Group
Xc-Version
Rendered-Blocks
X-PAYTM-SRV-ID
Node
X-Org
X-Transaction
X-Request-UUID
Meta-Geo-Continent
X-B-Cookie
Mobile-Detection-Method
ServerName
Backend-Name
X-Cache-Bucket
NGX
X-Cms-Context
X-Fastly-Cache
N-Cache
IsBot
X-Bip
X-CUA
X-Distributor
X-Azure-Ref-OriginShield
Country-Code
X-Cdn-Srv
X-Device-Os
X-Developers
Request-EU
X-Azure-Ref
Fastly-Soc-X-Request-Id
Request-Country
Server-ID
Section-Io-Cache
X-BBXSRF
X-Generated-On
CF-IPCountry
X-Level-Front-Cache
X-Origin-Date
X-RateLimit-Remaining-Second
X-Up
X-IN-APIGATEWAYSSL
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Origin-Expires
X-Thanos
X-Owner
X-Origin-TTL
X-Origin-CC
X-IN-APIGATEWAY
X-SIPLIST1
X-BYPASS-REASON
X-RateLimit-Limit-Second
X-ProxyCache-Key
X-ProxyCache-Status
X-VC-Cache
X-Hl-Ver
User-Cache-Control
X-ElasticPress-Search
X-Backend-Url
X-PHP-Host
X-Qloud-Router
X-Variation
X-Cache-Info
X-Cdn-Origin
X-TrackingId
X-Cache-Id
X-Cache-FS-Status
X-C
X-VServer
X-Block-Status
X-Rebelmouse-Surrogate-Control
X-WebServer
X-Webstats-RespID
X-ABtesting
X-App-Name
X-We-Are-Hiring
Wxu-Next-Region
X-Amz-Meta-Cache-Control
X-Platform-Server
X-Auto-Login
X-Rebelmouse-Cache-Control
X-WADP-Cache
X-Unique-ID
X-Wikidot-Static-Cache
X-User
X-Wikidot-Backend
X-Backend-Host
X-MSEdge-Features
X-Request-Start
X-Distil-CS
X-HS-Combine-CSS
X-Reqid
X-Dispatcher-Server
X-ServiceProvider
X-Dispatch
X-Server-IP
X-Hnp-Log
X-Request-URI
X-Generation-Time
X-Gen-Mode
X-Flog
X-Geo-Header
X-Hash
X-Epic-Correlation-Id
X-Eu-Site
X-Hello
X-Skip-Cache
X-Sn-Servicetimems
X-Method
X-CGP
X-Clara-WADP
X-Fetched-On
X-MSEdge-Flight
X-Old-Content-Length
X-Nginx-Cache-Key
X-Swa-Ws
X-Matched-Rule
X-Clientip
X-Reboot
X-Li-Pop
X-Li-Fabric
X-LI-Proto
X-LI-UUID
X-Location
X-Compress-Hint
X-Core-Mission
X-Thinkindot-L3
RNT-Machine
Cache-Cookie-Set-Idcheck
L
Kp-EeAlive
Is-Eu
Magicmarker
Cache-Cookie-Set-From
Platform
Pagetype
Adler-Geo
AKAMAI
Cache-Cookie-Set-Lfrom
Heartbleed
Countrycode
Esi-Enabled
Fastly-SIE
Fastly-SWR
Gh-Request-Id
Content-Disposition
HA-Ipaddr
Ha-Gx-Prefs
CDCHOST
X-MP-GENERATED-AT
Pramga
Thinkindot-CacheControl-Type
Wxu-Next-Hostname
Thinkindot-CacheControl
SS
Server-Int
Thinkindot-Control
True-Client-Country-4JS
X-B3-SpanId
Wxu-Next-Commit
W
V-Age
X-Guploader-Uploadid
Served-By
Server-Host
RNT-Time
X-IPS-LoggedIn
X-Microcachable
X-Debug-Log
X-Irp-Debug
X-Page-Type
X-Proxy-Cache-Status
X-GDPR
X-Servername
X-NX-Host
X-Response-By
X-Generated-In
X-Proxy-Upstream
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-GeoIP-City
X-Internal-Host
X-SD-PageType
X-Backend-State
SD-X-WS
Web-Mar-Node
PFcat
X-Debug-Cookies
X-Debug-Cache-Expiry
Memory
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Uri
X-Key
UCS
Resin-Trace
X-SERVER-NAME
X-Cdn-Forward
ProcessTime
X-Wa
X-FPC
X-Policy
REQUESTUUID
X-Element-Page-Cache
X-Var-Ttl
X-Service
Ajk
X-Logtrace-Id
Powered-By-ChinaCache
X-Servedbyhost
X-HTML-Minification-Powered-By
X-Dc
Proxy-Firewall
Cache-Provider
X-Nc
X-Geo
X-Is-Gdpr
X-Lb-Id
X-Ratelimit-Limit
X-Cache-Backend
X-JWT-State
X-Has-Esi
X-Datadome
X-VCL-Version
X-RateLimit-Reset
X-Cache-Category-Id
Powered-By
X-Grey
Srv
X-Oss-Server-Time
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-NWS-UUID-VERIFY
X-Oss-Hash-Crc64ecma
X-Processor
X-Be
X-CDN-Forward
X-SRV
X-ZONE
X-TH-Server
Fastly-Backend-Name
X-Pjax-Url
X-Ruxit-Js-Agent
X-Varnish-Beresp-Ttl
X-Cache-URL
X-Svr
X-HS-Status
X-RCS-CacheZone
GeoIP-Latitude
X-UA
GeoIP-City
X-Instart-Isnd
X-Litespeed-Cache
PICS-Label
X-Info
SN
GeoIP-Country-Code
X-Webkit-Csp
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-COUNTRY
X-Dynatrace-Js-Agent
X-Ftr-Request-Id
X-Cache-Ttl
X-Zone
X-Dynatrace
X-URL
GW-Server
X-NodeID
X-Scheme
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Source
X-GRACE
CACHE
X-LAGOON
X-SN
X-Varnish-Url
Cdn
X-Pf-Uncompressing
Group
X-Newrelic-Synthetics
X-Gannett-Site-Version
WZWS-RAY
LB
X-Bc
X-Secret
X-EC-Lua
X-Varnish-Beresp-TTL
Dynatrace
X-PF-Uncompressing
Cache-Host
X-CDN-Cache
CF-Cached-On
On-Server
X-Varnish-Cacheable
X-NODE
Ttl
User-Agent
X-Sucuri-Id
X-Ftr-Cache-Host
X-Server-W
XServer
X-GeoIP-Country-Code
X-LiteSpeed-Cache-Control
X-Check-Cacheable
X-APP
X-Ms-Request-Id
X-Ratelimit-Remaining
X-Ms-Version
Inserted-Into-Cache-At
X-Tt-Trace-Host
X-BC
X-Via-Ucdn
Pics-Label
X-Edge
X-FORWARDED-FOR
X-BE
GeoIp-Country-Code
X-Fastly-Country-Code
Geoip-City
Geoip-Latitude
X-PJAX-URL
X-NU-AKA-ACS-Version
MIME-Version
X-Crawler
Who
Environment
X-Aicache-OS
WWW
X-Akamai-SSL-Client-Sid
Lfy
X-Ttl
X-Ftr-Backend
X-Ftr-Balancer
X-Ftr-Realm
X-Ftr-Backend-Server
X-Ftr-Dc
Ohc-Response-Time
X-Render-Time
X-Mid
X-Agile
X-Agile-Age
X-Session-Fingerprint
X-Agile-Id
X-Trafficlayer-App-Name
Cf-Ipcountry
X-Trafficlayer-App-Scope
Requestid
X-Cache-Debug
X-Varnish-Ttl
X-Vcl-Version
X-FE
X-Fastly-Backend-Reqs
M-TraceId
X-CSRF-Token
X-LB-ID
X-MCACHE
SID
Amp-Access-Control-Allow-Source-Origin
X-Logging-Id
URI
X-Via-Edge
X-Litespeed-Cache-Control
X-Via-SSL
X-Micro-Cache
X-UPSTREAM-Address
X-Served-From
Lb
X-WR-MODIFICATION
Xkeyrz
X-Proxy-Cacherz
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
HostName
X-Amzn-Remapped-Connection
X-Sedo-Request-Id
X-Cache-Tag
X-Amzn-Remapped-Date
Host-ID
RequestUuid
X-Cache-Miss-From
X-Cf-Powered-By
X-Correlation-ID
DataCenter
X-Nananana
X-Fpc
Xkeypdq
Correlation-Id
X-Flow-Id
X-Vct
X-Page-Impression-Id
X-Protected-By
X-ServedByHost
CDN
X-Fastly-Cache-Hits
X-WA
X-Zalando-Child-Request-Id
X-NGINX-Cache
X-Newrelic-App-Data
WebServer
X-VC
X-Core-Value
X-Action
X-DW
X-DSS
X-DB
X-DI
X-RPM
X-Request-Url
X-RPS
X-Refresh
X-RSL
X-SB
X-MID
X-Vdms-Version
X-ND-Cache
X-Ecache
X-Cdn-Request-ID
Cneonction
X-Dw-Trace-Id
X-Via-NSCOPI
FNAC-ModuleRouting
Warning
X-TIME
X-Swift-Error
X-ECache
Cdnsip
X-Apw-Hits
X-AK-Request-ID
Processtime
X-Request-URL
X-Fe
Xet-Cookie
X-Unique-Id
Cdncip
HitType
Pragrma
X-Gdpr
X-MiniProfiler-Ids
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
V-Cache
X-ServerName
X-Apw-Access-Object
X-Planisys-CDN-Cache
X-Apw-Access-Action
X-Bug-Bounty
X-Serial
X-Apw-Access-Token