Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-CDN
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-Server
X-UA-Device
X-AH-Environment
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Server-Id
X-Cdn
X-Amz-Version-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
X-Cloud-Trace-Context
Report-To
X-Host
X-Response-Time
X-Node
X-Backend-Server
Content-Location
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
X-Origin-Upstream-Status
X-Rack-Cache
Allow
X-Ruxit-JS-Agent
X-HW
X-DataDome
X-Country
Rating
X-Country-Code
X-FTR-Request-ID
X-Url
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
X-Instart-Request-ID
X-Goog-Hash
X-Varnish-TTL
X-TtlSet
X-PC
X-Vname
X-MS-InvokeApp
X-Ah-Environment
X-CST
Verso
RTSS
X-Px
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-Recruiting
X-VARITI-CCR
X-Mod-Pagespeed
Service-Worker-Allowed
X-D2id
X-Use-Magma
X-Middleton-Response
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
X-Kinja-Revision
Display
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Sol
X-Middleton-Display
Response
X-Exp-Variant
Pinterest-Generated-By
X-Vcap-Request-Id
X-Version
Accept-Ch-Lifetime
SPRequestGuid
X-SharePointHealthScore
X-Akam-SW-Version
MS-Author-Via
TCN
X-Navigation-Version
X-GitHub-Request-Id
X-Abt-Application-Version
X-RateLimit-Remaining
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Powered-CMS
Accept-CH
X-B3-TraceId
X-Upstream
X-Shard
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-XRDS-Location
Charset
Fastly-Restarts
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-CACHE
SPIisLatency
SPRequestDuration
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Rid
X-Trace
Nginx-Cache
X-Debug
Realpath
X-Aspnetmvc-Version
X-Server-Name
Front-End-Https
AR-Request-ID
X-Shield-Request-Id
X-Cached
X-Ezoic-Cdn
X-ESI
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-MSEdge-Ref
Access-Control-Request-Method
X-NF-Request-ID
Paypal-Debug-Id
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
Arr-Disable-Session-Affinity
Pagespeed
ServerID
X-Vcache
Content-MD5
X-Id
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-Goog-Storage-Class
X-FTR-Backend-Server
S
X-DynaTrace-JS-Agent
DynaTrace
X-Amz-Meta-S3cmd-Attrs
MicrosoftSharePointTeamServices
X-Fastly-Request-ID
X-T
X-Via-JSL
X-Client-IP
X-Content-Type
X-Varnish-Age
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-FastCGI-Cache
X-N
X-RateLimit-Limit
X-Grace
X-Correlation-Id
X-B3-Traceid
Fastcgi-Cache
X-VCache
X-Frontend
X-FTR-Cache-Host
X-Content-Digest
X-SERVER
Powered
PB-PID
Arc-Version
X-Esi
X-Accel-Expires
X-Mobile-Rewrite
Accept-Ch
PB-RID
X-Forwarded-For
X-DIS-Request-ID
X-Ser
Server-Name
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Hub-Id
TP-Cache
TP-L2-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Zen-Fury
X-Cache-Age
X-Kinsta-Cache
X-Request-Received
X-Request-Processing-Time
X-Type
Edge-Cache-Tag
X-LB-Cache
FilterID
X-Rid
X-Analytics
X-User-Agent
Backend-Timing
X-Az
X-AppVersion
X-IPLB-Instance
X-Activity-Id
X-Fastcgi-Cache
X-Revision
Healthy
X-Node-Name
X-F-Cache
Retry-After
X-Whom
X-Srv
X-Time
X-NWS-LOG-UUID
X-Cache-2
Accept-Charset
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Acc-Meta-Resource-Type
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-Hit
Alternate-Protocol
Pinterest-Version
X-Pinterest-Rid
X-Cache-Rule
X-AOL-HN
Server-Node
Cache-Status
X-Content-Options
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
Surrogate-Key
X-Forwarded-Host
X-Cluster
Access-Control-Allow-Method
Refresh
X-Content-Powered-By
X-FB-Debug
X-Akamai-Edgescape
X-FW-Hash
X-Jobs
X-Page-Id
X-Instance
X-FW-Type
X-FW-Server
X-FW-Static
X-FW-Serve
X-Debug-Info
DC
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Varnish-Grace
X-Request-Guid
Source
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Hp-Webp
X-Framework
X-PHP-Backend
X-B
X-App-Environment
MS-CV
Fastcgi-Useragent
X-Hostname
X-App-Server
Frame-Options
Host
Cleartype
X-Cache-Key
Cache-Tag
X-Signature
Tracecode
X-B-Cache
X-Cache-Operation
Actual-Object-TTL
X-Mobile-URL
X-BCube-Filmed-By
X-Geo-Country
X-Cached-By
X-TA-CDN-Provider
X-Cache-Control
X-Varnish-Backend
X-Amz-Replication-Status
X-Seen-By
X-TT
Liferay-Portal
X-PressLabs-Stats
X-Ratelimit-Reset
X-Host-Name
X-Pad
X-DataStream-Cache-Status
Xserver
X-Response-Served-From
NGB
X-Mobile
X-Adobe-Content
X-Adobe-Loc
X-ATG-Version
Upgrade-Insecure-Requests
Payment
X-Git-Hash
X-WebKit-CSP-Report-Only
X-Status
X-WA-Info
Webserver
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-FW-Dynamic
X-RemovedCookies
Eomportal-Instance
Cache-Tv-Group
X-ProcessESI
X-TX-ID
WPE-Backend
X-Handled-By
Ms-Operation-Id
X-RTag
X-Drupal-Cache-Tags
Filters
From-Origin
X-Cacheable-TTL
X-UA-Device-Type
X-GeoIP
X-RequestSource
X-Cache-TTL-Remaining
X-Content-Age
GEO-INFO
Datacenter
X-Cache-Remote
X-Daa-Tunnel
X-Edge-Location
X-Oracle-Dms-Rid
X-Cache-Action
X-Cache-TTL
X-Storage
Viewport
X-Webkit-CSP
X-Origin-Server
X-Varnish-Hostname
X-Upstream-Proxy
Accept-CH-Lifetime
X-Accel-Buffering
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
Cache
X-Contextid
X-Ua
X-Region
X-CF-Powered-By
Host-Header
X-Wix-Request-Id
NR-ENABLED
SRV
X-Yottaa-Optimizations
X-Yottaa-Metrics
PageSpeed
X-ES-SERVER
X-RN-RSRV
X-Path-Route
X-Varnish-Server
X-Cache-Var
Load-Balancing
Meta-Geo
X-Cache-Var-Map
S-Cnection
X-From
X-IP
X-Akamai-Transformed
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Backend-Name
X-CS
Vix-Hermes-Req-Id
X-Akamai-Request-ID2
X-Proto
Cache-Tags
Selected-Fe
Now
X-Proxy
X-Loop
X-Cache-Config
X-Timing-Wait
X-Proxy-Build
X-TNCMS
X-Upgrade-Enabled
Cache-Name
X-Hit
X-Labrador-Cache-Channel
X-Via-Fastly
X-Time-Microsecs
X-Section
X-Rule
X-NCache
X-Origin
X-Akamai-Request-ID
X-Tumblr-Pixel-3
X-Access
Ec-Rule-Version
Decoy-Debug-TTL
X-FC-Vary-Parameters
X-ApacheServer
X-PERF
Decoy-Debug-Key
Decoy-Debug-Status
X-Origin-Response-Time
X-Viewer-Country
DB-Nickname
Azure-SlotName
Azure-RegionName
Azure-SiteName
Azure-InstanceId
X-OCL
X-Hosted-By
X-FW-Version
X-Format
X-PCL
X-Upstream-CT
X-Xfnlog-Site
X-Web-Node
X-Upstream-HT
X-FireWall-Port
X-Cluster-Node
Rt-Fastcgi-Cache
Cache-Key
Cache-Hits
X-Backend-TTL
X-Cache-Enabled
X-CCM
X-Cache-Grace
Azure-Version
S-Rt
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Device-Class
Mn-Server-Ip
Property-Id
TWC-Connection-Speed
Webcakes-Region
X-S
X-EIG-Tracking-Id
X-Cache-Time
X-Origin-Hint
X-Drupal-Cache-Contexts
X-Varnish-Hits
X-Cache-Host
X-R9-Blue-Green-Version
X-Varnish-Cache-Hits
Country
TWC-Privacy
X-UnsetCookies
X-Cache-NE
Server-Info
X-Human
X-Device-Type
X-Cache-Server
Ohc-File-Size
X-Debug-Cache
X-Www-Served-By
OT-Force-Account-Verify
X-Trace-Id
X-Rendered-As
X-Site-Version
X-NewRelic-App-Data
X-Locale
DSUID
Time
Hostname
X-APP-VERSION
Release
X-Vgn-Hpd-Reason
X-VG-TLSProxy
X-VG-WebCache
X-HS-Cache-Config
X-Presslabs-Stats
X-DataStream-MidMile-RTT
ServedBy
Fastcgi-X-Cache-Version
X-DataStream-Origin-MEX-Latency
X-Redis-Cache
X-Alternate-Cache-Key
X-FB-TRIP-ID
X-Sorting-Hat-ShopId
X-OVcl-Cache
X-ShardId
X-Real-IP
Ohc-Cache-HIT
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-OVcl
X-Nginx-Cache
Cteonnt-Length
Accept-Language
X-Tb
Machine
X-B3-Spanid
X-VCT
Origin
X-Server-ID
X-GEO
X-Pubstack
L5d-Success-Class
Origin-Cache-Control
Origin-Edge-Control
X-NC
X-CSRF-TOKEN
X-Mode
Access-Control-Request-Headers
X-L-Path
X-Environment-Context
X-Cluster-Name
NtCoent-Length
X-Tt-Trace-Tag
X-No-Session
Fastly-SSL
X-Load-Cache
Odigeo-Trace-Id
X-Magnolia-Registration
X-Request-Time
X-Element-Page-Cache
X-SS-Set-Cookie
IBM-Web2-Location
X-UUID
X-Amzn-Remapped-Content-Length
X-NGENIX-Cache
X-Generated-By
X-Endurance-Cache-Level
X-LJ-Flow-ID
Mime-Version
X-AWS-Id
X-VWS-Id
X-App-Version
X-GoCache-CacheStatus
X-ServerID
Mail-Subject
Akamai-GRN
We-Hiring
X-Rocket-Nginx-Bypass
X-B3-Parentspanid
X-DC
Nel
X-HS-Combine-CSS
X-ECACHE
Request-Time
X-XRDS-LOCATION
X-Parent-Response-Time
X-CACHE-KEY
MD5-Digest
Fly-Cache
GEO-REGION-INFO
X-Node-Id
Fly-Request-Id
Cross-Origin-Window-Policy
Apple-News-Services-Host
Cache-Prefix
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
AsisCache
Arc-Country
Cdn-Host
Cdn-Request-Time
NGX
BehaviorPad-Version
Content-Style-Type
A
Apple-News-Services-Handled
Content-Script-Type
X-Soup
X-CF-Lambda-Fn
X-PAYTM-SRV-ID
X-Origin-Expires
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-Origin-Date
X-Org
X-External-Request-Id
X-Edge-Server
X-G
X-Instart-Info
X-Is-Bot
X-Rojux
X-S-Cookie
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-ScT
X-S-Maxage
X-Server-Time
X-SRCache-Key
X-Transaction
X-DPWN-IS-SECURE
X-Developer
VivaBuild
Viewtype
X-A-Ccd
X-A-Dam
X-A-Dcw
T-Server
Server-ID
Mobile-Detection-Method
Meta-Geo-Continent
Node
Rendered-Blocks
Rt-Proxy-Cache
X-A-Dgt
X-A-Wwc
X-D
X-Connection-Hash
X-Date
X-Destination
X-Detected-As
X-CF-Lambda-Version
X-B-Cookie
X-Aed
X-Accel-Expires-Debug
X-AIR-PT
X-Application
X-ARC
Memcached
X-A
X-Origin-TTL
Locale
CF-IPCountry
X-Origin-CC
X-Urbn-Site-Id
X-Urbn-Context-Path
ServerName
X-ProxyCache-Key
X-BYPASS-REASON
X-ProxyCache-Status
Uber-Trace-Id
X-Oneagent-Js-Injection
Backend-Name
X-Cdn-Srv
X-Auto-Login
Gh-Request-Id
X-Azure-Ref-OriginShield
X-Via-CDN
X-Distributor
Countrycode
X-Fastly-Cache
Fastly-Soc-X-Request-Id
X-Distil-CS
IsBot
X-IN-APIGATEWAYSSL
X-Developers
X-Core-Mission
X-Request-Start
X-Azure-Ref
X-Cache-Bucket
X-VC-Cache
X-Clientip
X-SIPLIST1
X-TrackingId
X-WebServer
X-IN-APIGATEWAY
Proxy-Connection
Request-Country
X-MServer
Request-EU
X-Hl-Ver
X-Up
X-SVT-ORM-VERSION
X-Cms-Context
N-Cache
X-SVT-ORM-RULES
Section-Io-Cache
X-Uri
X-Proxied
X-ElasticPress-Search
User-Cache-Control
X-Routing-Service
X-Zipkin-Id
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Generated-In
V-Age
X-GeoIP-City
X-Hello
X-Gen-Mode
True-Client-Country-4JS
RNT-Time
X-Geo-Header
X-Generation-Time
RNT-Machine
Thinkindot-Control
X-Hnp-Log
Server-Int
X-Debug-Log
X-Block-Status
X-C
X-Bip
X-Compress-Hint
X-Backend-Url
X-Clara-WADP
X-Cache-FS-Status
X-Cdn-Origin
X-CGP
X-Cache-Info
X-Cache-Id
X-Backend-Host
X-Debug-Cache-Expiry
X-Eu-Site
X-Epic-Correlation-Id
X-Fetched-On
X-Flog
X-GDPR
X-ABtesting
X-Debug-Cookies
X-App-Name
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Amz-Meta-Cache-Control
W
X-MSEdge-Features
X-Release
Content-Disposition
CDCHOST
X-Request-URI
AKAMAI
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Proxy-Upstream
Fastly-SWR
Fastly-SIE
Esi-Enabled
Adler-Geo
X-ServiceProvider
X-WADP-Cache
X-VServer
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Variation
X-Unique-ID
X-Skip-Cache
X-Sn-Servicetimems
X-Thanos
X-Thinkindot-L3
X-Proxy-Cache-Status
X-Rebelmouse-Cache-Control
X-LI-Proto
X-Nginx-Cache-Key
X-Li-Pop
PFcat
X-LI-UUID
X-Platform-Server
X-MSEdge-Flight
X-Matched-Rule
Magicmarker
X-Location
X-Method
L
X-Li-Fabric
HA-Ipaddr
X-Irp-Debug
Platform
X-PHP-Host
X-NX-Host
Is-Eu
X-Old-Content-Length
Ha-Gx-Prefs
X-Microcachable
X-Hash
X-User
X-Policy
X-Key
X-SayCDN-TTL
X-Device-Os
X-Reqid
X-Internal-Host
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Owner
X-Generated-On
X-Response-By
X-SD-PageType
X-CUA
X-Guploader-Uploadid
X-Say-TTL
X-B3-SpanId
X-Say-Cacheable
X-Servername
X-Level-Front-Cache
SD-X-WS
Web-Mar-Node
X-BBXSRF
X-Backend-State
X-Cdn-Forward
X-IPS-LoggedIn
SS
X-Server-IP
X-Qloud-Router
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Country-Code
X-Dispatcher-Server
Server-Host
X-Dispatch
Wxu-Next-Region
X-Swa-Ws
Served-By
Heartbleed
Pagetype
Cache-Cookie-Set-From
Kp-EeAlive
Pramga
Wxu-Next-Commit
X-Webstats-RespID
Wxu-Next-Hostname
Resin-Trace
X-MP-GENERATED-AT
Memory
X-Page-Type
X-FPC
X-Wa
UCS
X-Servedbyhost
X-Ttl
X-Dynatrace
REQUESTUUID
ProcessTime
X-Var-Ttl
X-Service
Powered-By-ChinaCache
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-Dc
X-Logtrace-Id
X-Nc
Cache-Provider
Ajk
Dynatrace
X-HTML-Minification-Powered-By
X-NWS-UUID-VERIFY
X-Geo
Proxy-Firewall
X-VCL-Version
X-Ratelimit-Limit
X-Lb-Id
X-Datadome
X-Cache-Backend
X-Tb-Optimization-Total-Bytes-Saved
X-RateLimit-Reset
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Processor
X-Info
X-Litespeed-Cache
Srv
X-SERVER-NAME
Powered-By
CACHE
X-Svr
X-Cache-Category-Id
X-Grey
X-Cache-URL
X-ZONE
SN
X-Cache-Ttl
X-SRV
X-Be
PICS-Label
X-Pjax-Url
X-Ruxit-Js-Agent
X-Varnish-Beresp-Ttl
X-COUNTRY
X-HS-Status
Fastly-Backend-Name
X-UA
X-Scheme
X-TH-Server
X-Instart-Isnd
X-SN
X-CDN-Forward
X-URL
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Webkit-Csp
GeoIP-Country-Code
X-Ftr-Request-Id
GeoIP-Latitude
GeoIP-City
X-Zone
X-RCS-CacheZone
X-Pf-Uncompressing
X-NodeID
X-Source
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Group
X-GRACE
X-LAGOON
GW-Server
X-LiteSpeed-Cache-Control
X-EC-Lua
X-Newrelic-Synthetics
X-Secret
X-Varnish-Url
X-Bc
X-Gannett-Site-Version
Ttl
X-Check-Cacheable
X-Server-W
Cdn
X-Varnish-Beresp-TTL
Cache-Host
WZWS-RAY
CF-Cached-On
X-Sucuri-Id
X-APP
X-Dynatrace-Js-Agent
X-PF-Uncompressing
LB
X-NODE
On-Server
X-CDN-Cache
X-Varnish-Cacheable
X-Ftr-Cache-Host
XServer
X-Ms-Request-Id
X-GeoIP-Country-Code
User-Agent
X-Ms-Version
X-Tt-Trace-Host
X-Via-Ucdn
X-FORWARDED-FOR
X-Ratelimit-Remaining
X-Session-Fingerprint
MIME-Version
X-Aicache-OS
X-Cache-Debug
X-Edge
X-BC
Pics-Label
Inserted-Into-Cache-At
Geoip-City
GeoIp-Country-Code
Geoip-Latitude
Environment
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
Lfy
X-Akamai-SSL-Client-Sid
X-NU-AKA-ACS-Version
X-Fastly-Country-Code
WWW
M-TraceId
X-BE
X-PJAX-URL
X-Ftr-Backend-Server
X-Ftr-Backend
X-Ftr-Realm
X-Ftr-Balancer
X-Ftr-Dc
Ohc-Response-Time
Who
X-Mid
X-Crawler
X-Agile-Age
X-Render-Time
X-Agile-Id
X-Agile
Requestid
Cf-Ipcountry
X-7Graus-Varnish-XKeys
X-LB-ID
X-Varnish-Ttl
X-Vcl-Version
X-7Graus-Varnish-Cache-Control
X-MCACHE
X-CSRF-Token
SID
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Backend-Reqs
X-Sedo-Request-Id
X-Litespeed-Cache-Control
X-UPSTREAM-Address
X-Logging-Id
X-Cache-Tag
X-Cache-Miss-From
URI
X-FE
X-Micro-Cache
Lb
X-DW
X-DB
X-DI
X-Proxy-Cacherz
X-RPM
X-RSL
X-WR-MODIFICATION
X-RPS
X-DSS
X-Via-SSL
Xkeyrz
X-Served-From
X-Action
X-Via-Edge
HostName
X-Core-Value
RequestUuid
CDN
Host-ID
X-Cf-Powered-By
X-Correlation-ID
DataCenter
X-Fpc
X-Flow-Id
X-AK-Request-ID
X-Vct
X-Page-Impression-Id
X-Nananana
X-ServedByHost
X-Amzn-Remapped-Connection
X-WA
X-Fastly-Cache-Hits
Cdnsip
Xkeypdq
X-Zalando-Child-Request-Id
X-Amzn-Remapped-Date
Cdncip
X-Newrelic-App-Data
X-NGINX-Cache
X-Swift-Error
X-TIME
X-VC
X-Protected-By
X-SB
X-MID
X-Vdms-Version
X-Ecache
Cneonction
X-TT-LOGID
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
Correlation-Id
Is-Session-Tracking
X-Cdn-Request-ID
FNAC-ModuleRouting
Get-Access-Time
Warning
X-Sucuri-ID
X-ND-Cache
RequestId
Xet-Cookie
X-Sucuri-Cache
V-Cache
Processtime
X-Request-URL
X-Fe
X-ECache
X-Unique-Id
X-Bug-Bounty
HitType
X-ServerName
X-Apw-Hits
X-Apw-Access-Token
X-Gdpr
X-Serial
X-Request-Url
X-Dw-Trace-Id
X-Via-NSCOPI
X-Apw-Access-Object
X-Apw-Access-Action
X-MiniProfiler-Ids
X-Refresh