Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Request-ID
X-Language
X-Iinfo
Status
X-Content-Security-Policy
Content-Encoding
X-AspNetMvc-Version
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Ua-Compatible
Access-Control-Expose-Headers
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
EagleId
X-Age
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Server
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
X-Amz-Version-Id
Feature-Policy
X-Server-Id
X-Device
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
Report-To
X-Cloud-Trace-Context
EagleEye-TraceId
X-Response-Time
X-Backend-Server
X-Host
Request-Id
X-Node
Content-Location
X-Origin-Cache
X-Readtime
X-Vhost
X-Dns-Prefetch-Control
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
X-ORACLE-DMS-RID
NEL
X-DataDome
X-Origin-Upstream-Status
X-Rack-Cache
X-Ruxit-JS-Agent
Surrogate-Control
X-HW
Allow
Rating
X-Country-Code
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
X-FTR-Request-ID
X-Url
X-DynaTrace
X-Instart-Request-ID
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
X-MS-InvokeApp
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-TTL
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
RTSS
Public-Key-Pins
X-Px
Edge-Control
X-Mod-Pagespeed
X-Middleton-Display
Response
X-VARITI-CCR
X-Sol
Display
X-Middleton-Response
X-CST
X-Recruiting
X-Ah-Environment
X-B3-TraceId
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Use-Magma
X-Cdn-Fetch
X-D2id
X-SharePointHealthScore
Service-Worker-Allowed
SPRequestGuid
X-ESI
X-Vcap-Request-Id
X-Akam-SW-Version
X-Version
X-Server-Name
SPIisLatency
SPRequestDuration
MS-Author-Via
Accept-CH
X-Abt-Application-Version
TCN
X-GitHub-Request-Id
X-Powered-CMS
X-Navigation-Version
Accept-Ch-Lifetime
X-Shard
Charset
X-Trace
X-Upstream
Fastly-Restarts
X-RateLimit-Remaining
AR-PoweredBy
AR-ATIME
X-Amz-Server-Side-Encryption
AR-CACHE
Ar-Sid
X-Amz-Rid
Nginx-Cache
Realpath
X-Aspnetmvc-Version
X-Debug
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-XRDS-Location
X-Ezoic-Cdn
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Front-End-Https
X-Cached
X-NF-Request-ID
AR-Request-ID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
Pagespeed
X-MSEdge-Ref
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Shield-Request-Id
X-Mrf-Section-Lastmod
MRF-Tech
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-VCache
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
Content-MD5
MicrosoftSharePointTeamServices
Paypal-Debug-Id
X-Id
X-T
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
S
ServerID
X-Fastly-Request-ID
X-Via-JSL
DynaTrace
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Backend
X-FTR-DC
X-Varnish-Age
X-Client-IP
X-Ser
X-Content-Type
X-Dw-Request-Base-Id
X-Hits
X-DynaTrace-JS-Agent
X-SERVER
X-Correlation-Id
X-Accel-Expires
X-Grace
X-Amzn-Trace-Id
Fastcgi-Cache
X-Content-Digest
Powered
X-Frontend
X-Forwarded-For
X-DIS-Request-ID
PB-RID
X-Mobile-Rewrite
Arc-Version
PB-PID
X-N
Edge-Cache-Tag
X-Vcache
Server-Name
X-Logged-In
X-HS-Content-Id
X-HS-Hub-Id
X-Fastcgi-Cache
X-FTR-Cache-Host
X-RateLimit-Limit
AMP-Access-Control-Allow-Source-Origin
Accept-Ch
X-FastCGI-Cache
X-Server-ID
TP-Cache
TP-L2-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Request-Processing-Time
X-Request-Received
X-B3-Sampled
X-Zen-Fury
Pinterest-Version
X-Pinterest-Rid
X-Cache-Age
X-Kinsta-Cache
X-IPLB-Instance
X-AppVersion
X-Time
X-Type
X-User-Agent
X-Revision
X-Rid
X-Activity-Id
X-Az
X-Analytics
Backend-Timing
Healthy
X-LB-Cache
X-GUploader-UploadID
X-Whom
Retry-After
FilterID
X-Cache-Hit
X-Srv
X-Node-Name
X-NWS-LOG-UUID
Server-Node
X-F-Cache
Alternate-Protocol
Accept-Charset
X-B3-Traceid
X-Cache-2
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Hp-Webp
X-Cache-Rule
Cache-Status
X-Amz-Apigw-Id
X-Content-Options
X-Webkit-CSP
Cache-Tag
X-Amzn-RequestId
X-Akamai-Edgescape
Surrogate-Key
X-Content-Security-Policy-Report-Only
Refresh
X-TA-CDN-Provider
DC
X-Instance
X-AOL-HN
X-Content-Powered-By
X-Tumblr-User
X-Tumblr-Pixel
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Access-Control-Allow-Method
X-Forwarded-Host
X-Tumblr-Pixel-0
Tracecode
X-Jobs
X-App-Environment
MS-CV
X-Debug-Info
X-Varnish-Grace
X-Framework
Source
X-Cluster
X-PHP-Backend
X-FB-Debug
Fastcgi-Useragent
X-Page-Id
X-Request-Guid
X-FW-Type
X-FW-Hash
X-FW-Server
X-FW-Static
X-App-Server
X-FW-Serve
X-B
Frame-Options
X-Cache-TTL
X-Cache-Operation
Host
Actual-Object-TTL
X-Mobile-URL
X-Cache-Key
X-Hostname
X-Seen-By
X-Geo-Country
Cleartype
X-Cache-Control
X-B-Cache
X-Signature
NR-ENABLED
X-Acc-Meta-Resource-Type
X-BCube-Filmed-By
X-Host-Name
X-Cached-By
X-Esi
X-Mobile
X-Git-Hash
Accept-CH-Lifetime
Upgrade-Insecure-Requests
X-TT
X-Amz-Replication-Status
X-Varnish-Backend
X-Pad
NGB
X-Response-Served-From
X-WebKit-CSP-Report-Only
GEO-INFO
X-Adobe-Loc
X-Adobe-Content
X-TT-TIMESTAMP
WPE-Backend
Webserver
Payment
Ms-Operation-Id
Filters
From-Origin
Eomportal-Instance
Cache-Tv-Group
X-GeoIP
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-UA-Device-Type
X-RTag
X-RequestSource
X-Handled-By
X-ProcessESI
X-RemovedCookies
X-Drupal-Cache-Tags
X-ATG-Version
Liferay-Portal
X-TX-ID
X-Cache-Remote
X-Cacheable-TTL
X-Status
X-Daa-Tunnel
X-Origin-Server
X-EdgeConnect-Cache-Status
X-Cache-TTL-Remaining
X-FW-Dynamic
X-WA-Info
X-Presslabs-Stats
Xserver
X-Cache-Action
X-Content-Age
X-Edge-Location
X-Wix-Request-Id
X-Ttl
X-Hyper-Cache
X-Contextid
X-Storage
Viewport
X-Ratelimit-Reset
Datacenter
X-HS-Cache-Config
X-Region
Version
X-CF-Powered-By
X-Element-Page-Cache
X-Varnish-Hostname
Ohc-File-Size
X-Accel-Buffering
Cache
PageSpeed
X-PressLabs-Stats
X-Oneagent-Js-Injection
X-Akamai-Transformed
X-Cache-NE
Host-Header
X-Cache-Server
X-ES-SERVER
X-Varnish-Server
X-Cache-Var-Map
Meta-Geo
X-Cache-Var
Load-Balancing
X-RN-RSRV
X-Path-Route
X-IP
S-Cnection
X-Akamai-Request-ID2
X-Proxy
Ohc-Cache-HIT
X-Proto
Cache-Name
Cache-Tags
X-Cache-Enabled
X-Yottaa-Optimizations
X-Yottaa-Metrics
Webcakes-App-Name
X-Device-Type
TWC-Connection-Speed
Webcakes-App-Version
Vix-Hermes-Req-Id
TWC-Device-Class
TWC-Privacy
Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Origin-Hint
X-Origin-Response-Time
X-NewRelic-App-Data
X-PERF
Webcakes-Region
Cache-Hits
X-Section
X-R9-Blue-Green-Version
X-Loop
Mn-Server-Ip
Release
Rt-Fastcgi-Cache
X-Time-Microsecs
X-NCache
X-CS
X-Cache-Config
Property-Id
X-ApacheServer
X-Tumblr-Pixel-3
TWC-GeoIP-Country
X-Akamai-Request-ID
Ec-Rule-Version
X-TNCMS
Decoy-Debug-Key
X-Access
X-Via-Fastly
X-Viewer-Country
Decoy-Debug-Status
X-Cluster-Node
Decoy-Debug-TTL
X-Varnish-Cache-Hits
DSUID
Selected-Fe
DB-Nickname
X-Format
X-Upgrade-Enabled
X-Upstream-CT
X-UnsetCookies
X-Cache-Time
X-Cache-Grace
X-Cache-Host
X-Upstream-HT
X-VCT
X-Xfnlog-Site
X-PCL
X-Www-Served-By
X-Web-Node
X-Proxy-Build
X-Trace-Id
X-Timing-Wait
X-Origin
X-From
X-FC-Vary-Parameters
X-EIG-Tracking-Id
X-Drupal-Cache-Contexts
X-Human
X-CCM
X-Backend-TTL
X-Rule
X-Backend-Name
X-OCL
X-Labrador-Cache-Channel
X-Debug-Cache
S-Rt
Azure-InstanceId
Cache-Key
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Hosted-By
X-Site-Version
X-JoinUs
X-Locale
X-Ua
X-Upstream-Proxy
Server-Info
X-Vgn-Hpd-Reason
X-FireWall-Port
Time
X-Varnish-Hits
X-Rendered-As
X-S
X-FW-Version
X-OVcl-Cache
X-OVcl
Now
X-Real-IP
X-HS-Combine-CSS
X-NGENIX-Cache
Hostname
X-SS-Set-Cookie
L5d-Success-Class
X-Litespeed-Cache
OT-Force-Account-Verify
X-Pubstack
Origin-Edge-Control
Fastcgi-X-Cache-Version
Origin-Cache-Control
Access-Control-Request-Headers
X-Redis-Cache
ServedBy
X-FB-TRIP-ID
X-VG-TLSProxy
X-XRDS-LOCATION
X-Webkit-Csp
Cteonnt-Length
Accept-Language
Origin
Fastly-SSL
X-VG-WebCache
X-APP-VERSION
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-Alternate-Cache-Key
X-ShardId
X-App-Version
X-Tec-Api-Version
NtCoent-Length
X-Tec-Api-Root
X-Parent-Response-Time
X-Tec-Api-Origin
Machine
X-Origin-TTL
X-UUID
X-Origin-CC
X-Cluster-Name
X-Tb
X-Tt-Trace-Tag
X-ServerID
X-CSRF-TOKEN
X-Load-Cache
X-GoCache-CacheStatus
X-NC
X-Rocket-Nginx-Bypass
X-Soup
SRV
X-L-Path
X-ECACHE
X-No-Session
IBM-Web2-Location
X-Environment-Context
Nel
NGX
Mime-Version
X-B3-Spanid
X-Guploader-Uploadid
X-Uri
X-DataStream-Cache-Status
X-CACHE-KEY
X-B3-Parentspanid
X-Is-Bot
X-Nginx-Cache
X-GEO
X-MServer
Proxy-Connection
X-Magnolia-Registration
X-Endurance-Cache-Level
X-Amzn-Remapped-Content-Length
X-A-Wwc
Apple-News-Services-Handled
Fly-Cache
Content-Script-Type
A
Cross-Origin-Window-Policy
Content-Style-Type
X-A-Dam
BehaviorPad-Version
X-A-Ccd
X-A-Dcw
Apple-News-Services-Host
X-A
X-A-Dgt
MD5-Digest
AsisCache
Rendered-Blocks
Rt-Proxy-Cache
Odigeo-Trace-Id
X-Accel-Expires-Debug
X-Node-Id
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Arc-Country
Node
Mobile-Detection-Method
Memcached
VivaBuild
GEO-REGION-INFO
Viewtype
Meta-Geo-Continent
Request-Time
ServerName
T-Server
Fly-Request-Id
X-CF-Lambda-Version
X-Hl-Ver
X-Instart-Info
X-PAYTM-SRV-ID
X-Region-Sid
X-G
X-Transaction
X-B3-SpanId
X-DPWN-IS-SECURE
X-External-Request-Id
X-Trv-Group
X-Aed
We-Hiring
X-ScT
X-Server-Time
X-Twitter-Response-Tags
X-SRCache-Key
X-S-Cookie
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-Vtex-Processado-Em
X-VG-WebServer
X-B-Cookie
Xc-Version
Mail-Subject
X-CF-Lambda-Fn
Akamai-GRN
X-ARC
X-AIR-PT
X-Ruxit-Js-Agent
X-Application
X-Developer
Cache-Prefix
X-D
X-Vtex-Remote-Cache
X-Date
X-Destination
X-Detected-As
X-Worker
X-Connection-Hash
Backend-Name
X-VWS-Id
X-AWS-Id
X-Generated-By
X-LJ-Flow-ID
IsBot
X-VC-Cache
X-Var-Ttl
X-Urbn-Site-Id
X-Urbn-Context-Path
Fastly-Soc-X-Request-Id
X-Up
Request-EU
Section-Io-Cache
X-Developers
X-Fastly-Cache
X-CUA
X-Cms-Context
X-Azure-Ref-OriginShield
X-Cache-Bucket
X-Cdn-Srv
X-Origin-Date
X-Origin-Expires
X-SIPLIST1
X-SVT-ORM-RULES
Locale
X-S-Maxage
N-Cache
X-Release
Request-Country
X-SVT-ORM-VERSION
X-Azure-Ref
X-Trafficlayer-App-Name
X-Mode
CF-IPCountry
X-Trafficlayer-App-Scope
X-Cdn-Forward
User-Cache-Control
X-Dc
X-Hash
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Hnp-Log
X-App-Name
X-Location
X-Level-Front-Cache
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Irp-Debug
X-Method
X-Debug-Log
Thinkindot-CacheControl
X-Proxy-Cache-Status
Server-Int
Server-Host
X-Proxy-Upstream
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Auto-Login
W
X-Nginx-Cache-Key
X-NX-Host
True-Client-Country-4JS
Uber-Trace-Id
X-Matched-Rule
X-Generated-On
X-Clientip
X-Distil-CS
X-Clara-WADP
X-CGP
X-Edge-Server
X-Distributor
X-Core-Mission
X-Dispatch
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Device-Os
X-ElasticPress-Search
X-Cdn-Origin
X-BBXSRF
X-Bip
X-Backend-Url
Served-By
X-Generation-Time
X-Backend-Host
X-Block-Status
X-BYPASS-REASON
X-Cache-Info
X-Eu-Site
X-Gen-Mode
X-Generated-In
X-C
X-Geo-Header
X-Policy
Ha-Gx-Prefs
HA-Ipaddr
Heartbleed
Gh-Request-Id
X-User
X-WADP-Cache
X-VServer
X-TrackingId
X-Thinkindot-L3
X-ProxyCache-Key
Magicmarker
X-Skip-Cache
X-Swa-Ws
L
X-Thanos
Kp-EeAlive
X-We-Are-Hiring
Fastly-SWR
X-Has-Esi
Cdn-Host
Cdn-Request-Time
CDCHOST
X-Is-Gdpr
X-Compress-Hint
X-JWT-State
Content-Disposition
AKAMAI
X-Webstats-RespID
Fastly-SIE
Esi-Enabled
X-Wikidot-Backend
X-Wikidot-Static-Cache
Countrycode
X-UA
X-Sn-Servicetimems
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
Pagetype
X-Rebelmouse-Surrogate-Control
X-Reboot
Pramga
X-Reqid
Srv
X-Server-IP
X-ProxyCache-Status
RNT-Machine
RNT-Time
X-Qloud-Router
X-Service
X-ServiceProvider
X-RateLimit-Limit-Second
X-Microcachable
X-Request-Start
X-Old-Content-Length
X-WebServer
X-PHP-Host
X-Dispatcher-Server
X-Platform-Server
X-Request-URI
X-LI-Proto
X-LI-UUID
X-SayCDN-TTL
X-Li-Pop
X-GeoIP-City
X-Key
X-Li-Fabric
X-Say-TTL
X-Variation
X-Internal-Host
X-MSEdge-Features
X-MSEdge-Flight
X-Fetched-On
X-GDPR
X-Via-CDN
X-Say-Cacheable
X-Epic-Correlation-Id
X-Owner
Is-Eu
Adler-Geo
Cache-Provider
PFcat
X-Cache-Id
Memory
X-Request-Time
X-Cache-FS-Status
Web-Mar-Node
Platform
X-Backend-State
X-Amz-Meta-Cache-Control
V-Age
X-Info
X-SD-PageType
Server-ID
X-Servername
SD-X-WS
X-Org
X-NWS-UUID-VERIFY
Resin-Trace
X-Lb-Id
X-COUNTRY
X-Geo
X-URL
X-Hello
X-Flog
X-Nc
SS
X-FPC
X-ABtesting
X-Ftr-Request-Id
X-Unique-ID
X-Be
X-Cache-URL
X-Wa
REQUESTUUID
X-Svr
X-IPS-LoggedIn
X-DC
X-Ratelimit-Limit
X-RateLimit-Reset
X-Servedbyhost
X-Instart-Isnd
X-Response-By
Country-Code
X-Proxied
X-Scheme
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Routing-Service
X-Zipkin-Id
X-Datadome
X-Dynatrace-Js-Agent
X-Cache-Backend
X-NodeID
X-Page-Type
X-Processor
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
UCS
X-VCL-Version
X-Pjax-Url
XServer
Group
X-SN
X-Varnish-Beresp-Ttl
X-MP-GENERATED-AT
X-CDN-Forward
Cache-Host
CACHE
X-Server-W
X-Logtrace-Id
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Ajk
X-Oracle-Dms-Rid
X-Oss-Storage-Class
Powered-By-ChinaCache
Dynatrace
ProcessTime
PICS-Label
X-HS-Status
X-SRV
Proxy-Firewall
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Newrelic-Synthetics
X-ZONE
X-HTML-Minification-Powered-By
X-Zone
X-Dynatrace
SN
X-Via-Ucdn
X-Ms-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
Powered-By
X-Ms-Version
X-Source
X-GRACE
X-Ftr-Cache-Host
X-EC-Lua
X-Pf-Uncompressing
Geoip-Latitude
Ttl
GeoIp-Country-Code
X-Cache-Category-Id
Geoip-City
X-Grey
X-Ratelimit-Remaining
X-TH-Server
Lfy
X-APP
X-Session-Fingerprint
X-Sucuri-Id
X-Varnish-Beresp-TTL
GeoIP-City
X-PF-Uncompressing
GeoIP-Country-Code
GeoIP-Latitude
X-Agile
X-Agile-Id
X-Agile-Age
Fastly-Backend-Name
X-Cache-Debug
X-Ftr-Realm
X-NODE
X-LiteSpeed-Cache-Control
X-Ftr-Backend
X-Ftr-Dc
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Fastly-Country-Code
MIME-Version
X-Bc
X-Check-Cacheable
Pics-Label
Environment
X-Logging-Id
GW-Server
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
Cdn
X-Tt-Trace-Host
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
X-LAGOON
X-Cache-Miss-From
X-Sedo-Request-Id
X-CSRF-Token
CF-Cached-On
X-Edge
LB
X-Aicache-OS
Cf-Ipcountry
X-Secret
WWW
X-Gannett-Site-Version
X-RCS-CacheZone
X-BC
M-TraceId
X-Varnish-Url
Requestid
X-Vcl-Version
Ohc-Response-Time
X-Mid
X-Core-Value
X-PJAX-URL
WZWS-RAY
X-Sucuri-ID
X-MCACHE
X-Fastly-Backend-Reqs
X-AK-Request-ID
DataCenter
X-Varnish-Cacheable
X-Unique-Id
Cdnsip
Cdncip
X-Varnish-Ttl
On-Server
X-UPSTREAM-Address
X-Cache-Tag
X-CDN-Cache
X-Litespeed-Cache-Control
X-Sucuri-Cache
X-TT-LOGID
X-Akamai-SSL-Client-Sid
X-Vdms-Version
User-Agent
X-GeoIP-Country-Code
X-NGINX-Cache
Lb
X-Swift-Error
X-Action
X-DB
X-Sigma
X-Rocket-Build-Number
CDN
X-Sigma-Backend
X-Cache-Ttl
X-RSL
Inserted-Into-Cache-At
X-Fstrz
X-Proxy-Cacherz
X-DSS
URI
X-DW
Xkeyrz
X-BE
X-DI
X-RPS
X-RPM
HostName
X-Crawler
Pragrma
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Shopify-Generated-Cart-Token
SID
Who
X-Planisys-CDN-Cache
Host-ID
X-NU-AKA-ACS-Version
X-ServedByHost
RequestUuid
X-WA
X-Correlation-ID
Warning
X-WR-MODIFICATION
X-Flow-Id
Server-Id
X-Fastly-Cache-Hits
X-Via-NSCOPI
X-Fpc
Get-Access-Time
Xkeypdq
X-Render-Time
X-Page-Impression-Id
X-Zalando-Child-Request-Id
Is-Session-Tracking
TTL
X-Refresh
X-FE
X-SB
X-VC
Correlation-Id
FNAC-ModuleRouting
X-MID
X-LB-ID
X-Nananana
X-ServerName
X-Cf-Powered-By
X-ECache
HitType
X-Trafficlayer-App-Version
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Micro-Cache
Processtime
X-Bug-Bounty
X-Gen-Id
X-Gdpr
RequestId
V-Cache
X-Request-URL
Xet-Cookie
X-Dw-Trace-Id
Cneonction
X-Newrelic-App-Data
X-Fe
X-Cdn-Request-ID
X-MiniProfiler-Ids
X-LiteSpeed-Tag