Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-UA-Device
X-Server
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Amz-Version-Id
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
X-Host
X-Response-Time
X-Node
EagleEye-TraceId
X-Backend-Server
Content-Location
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-Origin-Upstream-Status
X-ORACLE-DMS-RID
X-Rack-Cache
Surrogate-Control
Allow
X-HW
X-DataDome
X-Ruxit-JS-Agent
Rating
X-Country-Code
X-FTR-Request-ID
X-TTL
X-Country
X-Clacks-Overhead
X-DynaTrace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Url
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-Goog-Hash
X-MS-InvokeApp
X-Varnish-TTL
X-TtlSet
X-PC
X-Vname
RTSS
X-CST
Verso
X-Powered-By-Plesk
Public-Key-Pins
X-Px
Edge-Control
X-Recruiting
X-VARITI-CCR
X-Mod-Pagespeed
Pinterest-Generated-By
X-Ah-Environment
X-B3-TraceId
Service-Worker-Allowed
X-Middleton-Response
Response
X-Middleton-Display
Display
X-Sol
X-D2id
X-Kinja-Build
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
Accept-Ch-Lifetime
X-Akam-SW-Version
Accept-CH
MS-Author-Via
TCN
X-Abt-Application-Version
X-Navigation-Version
X-RateLimit-Remaining
X-GitHub-Request-Id
X-Powered-CMS
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Shard
SPIisLatency
SPRequestDuration
X-Upstream
X-Server-Name
AR-ATIME
Ar-Sid
AR-CACHE
AR-PoweredBy
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
Charset
Fastly-Restarts
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-XRDS-Location
X-ESI
X-Amz-Rid
X-Trace
X-Aspnetmvc-Version
Nginx-Cache
Realpath
X-Debug
Front-End-Https
AR-Request-ID
X-Ezoic-Cdn
X-Cached
X-Shield-Request-Id
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-NF-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
Paypal-Debug-Id
Arr-Disable-Session-Affinity
Pagespeed
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
Content-MD5
ServerID
X-Vcache
X-Id
X-Goog-Storage-Class
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
MicrosoftSharePointTeamServices
DynaTrace
X-T
X-Amz-Meta-S3cmd-Attrs
X-DynaTrace-JS-Agent
S
X-Fastly-Request-ID
X-Via-JSL
X-Client-IP
X-Varnish-Age
X-Content-Type
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-VCache
X-SERVER
X-RateLimit-Limit
Fastcgi-Cache
X-Accel-Expires
X-Content-Digest
X-Frontend
X-Ser
Powered
X-N
X-FastCGI-Cache
X-FTR-Cache-Host
X-Correlation-Id
PB-RID
X-Mobile-Rewrite
Arc-Version
PB-PID
X-DIS-Request-ID
Server-Name
X-Grace
X-Logged-In
X-Forwarded-For
Accept-Ch
AMP-Access-Control-Allow-Source-Origin
X-HS-Content-Id
X-HS-Hub-Id
X-B3-Sampled
TP-Cache
TP-L2-Cache
X-Microsite
X-Request-Handler-Origin-Region
Edge-Cache-Tag
X-Zen-Fury
X-Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
X-Type
X-Cache-Age
X-Activity-Id
X-User-Agent
X-Analytics
X-AppVersion
X-IPLB-Instance
X-Rid
X-Az
X-Kinsta-Cache
FilterID
Backend-Timing
X-Esi
X-GUploader-UploadID
X-LB-Cache
X-Revision
Healthy
X-Whom
X-Node-Name
Retry-After
X-Time
X-F-Cache
X-Pinterest-Rid
Pinterest-Version
X-Srv
X-Cache-Hit
X-NWS-LOG-UUID
X-B3-Traceid
X-Cache-2
Accept-Charset
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Alternate-Protocol
Server-Node
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Rule
X-TA-CDN-Provider
X-Server-ID
Cache-Status
X-AOL-HN
X-Content-Options
X-Acc-Meta-Resource-Type
Surrogate-Key
DC
Refresh
X-Akamai-Edgescape
X-Hp-Webp
VIX-Pulpo-Node
X-Content-Powered-By
X-Instance
VIX-Pulpo-Upstream-Status
X-Debug-Info
X-Forwarded-Host
X-Content-Security-Policy-Report-Only
X-Jobs
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-FW-Server
Access-Control-Allow-Method
X-FW-Hash
X-FW-Static
X-FW-Type
X-FW-Serve
X-Page-Id
X-Cluster
X-PHP-Backend
X-Framework
X-Varnish-Grace
X-App-Environment
Source
X-B
X-Request-Guid
X-FB-Debug
MS-CV
Frame-Options
X-Erf-Bev-Bev
X-App-Server
X-Erf-Bev-Bev-Is-Generated
Cache-Tag
Fastcgi-Useragent
Tracecode
X-Hostname
Host
X-Cache-Operation
Cleartype
Actual-Object-TTL
X-B-Cache
X-Signature
X-Mobile-URL
X-BCube-Filmed-By
X-Geo-Country
X-Cached-By
X-Cache-Control
X-Seen-By
X-Cache-Key
X-Amz-Replication-Status
X-Varnish-Backend
X-Host-Name
X-TT
X-Cache-TTL
X-Git-Hash
X-Mobile
Liferay-Portal
NGB
X-Pad
X-Response-Served-From
X-Adobe-Content
Upgrade-Insecure-Requests
X-Adobe-Loc
Payment
X-TT-TIMESTAMP
X-ATG-Version
X-Status
X-ProcessESI
X-WebKit-CSP-Report-Only
X-RemovedCookies
Xserver
Filters
Cache-Tv-Group
Eomportal-Instance
WPE-Backend
X-Ratelimit-Reset
From-Origin
Ms-Operation-Id
Webserver
X-Cacheable-TTL
X-FW-Dynamic
X-RTag
X-Handled-By
X-Tumblr-Pixel-1
X-PressLabs-Stats
X-Tumblr-Pixel-2
X-TX-ID
X-UA-Device-Type
X-RequestSource
X-WA-Info
GEO-INFO
X-Drupal-Cache-Tags
X-GeoIP
X-Cache-TTL-Remaining
X-Cache-Remote
X-Origin-Server
Datacenter
X-Webkit-CSP
X-Content-Age
Accept-CH-Lifetime
X-Edge-Location
X-Daa-Tunnel
X-Cache-Action
NR-ENABLED
X-Storage
Viewport
X-Varnish-Hostname
X-Accel-Buffering
X-EdgeConnect-Cache-Status
Version
X-DataStream-Cache-Status
X-Hyper-Cache
X-Contextid
X-Wix-Request-Id
X-CF-Powered-By
X-Upstream-Proxy
X-Region
PageSpeed
X-Ua
Host-Header
X-Akamai-Transformed
Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Var
Ohc-File-Size
Load-Balancing
X-RN-RSRV
X-Path-Route
Meta-Geo
X-ES-SERVER
X-Cache-Var-Map
X-Varnish-Server
X-From
X-IP
S-Cnection
Cache-Tags
Cache-Name
X-Presslabs-Stats
X-Cache-NE
DB-Nickname
Decoy-Debug-TTL
Ec-Rule-Version
Decoy-Debug-Status
Decoy-Debug-Key
Rt-Fastcgi-Cache
Cache-Hits
X-Access
X-Proxy
X-Loop
X-Viewer-Country
X-Labrador-Cache-Channel
X-Time-Microsecs
X-CS
X-Via-Fastly
X-ApacheServer
X-Origin-Response-Time
X-Cache-Enabled
X-Cache-Config
X-Origin
X-Cache-Time
X-NCache
X-Proto
X-Section
X-Akamai-Request-ID
X-Tumblr-Pixel-3
Vix-Hermes-Req-Id
X-Upgrade-Enabled
X-PERF
X-Akamai-Request-ID2
X-TNCMS
Azure-SlotName
Azure-Version
Azure-RegionName
X-CCM
X-Rule
X-Cache-Host
Azure-InstanceId
X-Proxy-Build
Azure-SiteName
X-UnsetCookies
X-Cluster-Node
X-Trace-Id
X-Web-Node
Country
Cache-Key
X-Timing-Wait
X-PCL
X-R9-Blue-Green-Version
X-OCL
Webcakes-Region
Webcakes-App-Version
X-Upstream-CT
Selected-Fe
X-Format
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
S-Rt
X-FC-Vary-Parameters
X-Upstream-HT
X-Origin-Hint
X-Xfnlog-Site
Mn-Server-Ip
TWC-GeoIP-Country
X-Varnish-Cache-Hits
X-Hit
X-EIG-Tracking-Id
X-JoinUs
X-Backend-TTL
X-Cache-Grace
Property-Id
X-Cache-Server
X-Drupal-Cache-Contexts
X-Varnish-Hits
X-S
X-FireWall-Port
X-Www-Served-By
X-Backend-Name
X-Site-Version
X-Debug-Cache
X-Locale
X-Human
X-FW-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
X-Generated
Now
X-Device-Type
Server-Info
X-HS-Cache-Config
X-Rendered-As
Release
X-VCT
DSUID
Time
Ohc-Cache-HIT
OT-Force-Account-Verify
SRV
X-NewRelic-App-Data
Hostname
X-Vgn-Hpd-Reason
X-OVcl
X-OVcl-Cache
ServedBy
X-Litespeed-Cache
X-VG-TLSProxy
Fastcgi-X-Cache-Version
X-Real-IP
Cteonnt-Length
X-VG-WebCache
Access-Control-Request-Headers
X-Redis-Cache
X-FB-TRIP-ID
X-Sorting-Hat-PodId
Origin-Edge-Control
X-Pubstack
Origin-Cache-Control
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Alternate-Cache-Key
Origin
X-Element-Page-Cache
Accept-Language
X-CSRF-TOKEN
L5d-Success-Class
X-Tb
X-APP-VERSION
Machine
X-Nginx-Cache
X-App-Version
X-NGENIX-Cache
X-GEO
Fastly-SSL
NtCoent-Length
X-CACHE-KEY
X-No-Session
X-Tt-Trace-Tag
X-Environment-Context
X-SS-Set-Cookie
X-L-Path
X-Cluster-Name
X-URL
X-Mode
X-B3-Spanid
X-UUID
X-NC
X-ECACHE
IBM-Web2-Location
X-HS-Combine-CSS
X-LJ-Flow-ID
Nel
X-DataStream-MidMile-RTT
X-Guploader-Uploadid
X-GoCache-CacheStatus
X-VWS-Id
X-DataStream-Origin-MEX-Latency
X-Origin-TTL
X-Origin-CC
X-AWS-Id
X-Amzn-Remapped-Content-Length
Mime-Version
X-Rocket-Nginx-Bypass
X-ServerID
X-Generated-By
X-B3-Parentspanid
Odigeo-Trace-Id
X-Magnolia-Registration
X-Load-Cache
X-Endurance-Cache-Level
X-XRDS-LOCATION
X-Request-Time
X-Parent-Response-Time
Akamai-GRN
X-Soup
Mail-Subject
We-Hiring
X-Uri
NGX
X-Oneagent-Js-Injection
Proxy-Connection
MD5-Digest
Request-Time
Memcached
X-Connection-Hash
Cdn-Request-Time
X-Worker
Content-Script-Type
X-Instart-Info
X-B-Cookie
Cross-Origin-Window-Policy
T-Server
X-CF-Lambda-Fn
Xc-Version
Content-Style-Type
X-Is-Bot
X-Node-Id
A
GEO-REGION-INFO
AsisCache
X-DPWN-IS-SECURE
X-Developer
X-Detected-As
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Arc-Country
X-Edge-Server
X-External-Request-Id
Cache-Prefix
Fly-Request-Id
Fly-Cache
Cdn-Host
X-D
Apple-News-Services-Request-Url
BehaviorPad-Version
X-G
X-Destination
X-Date
X-MServer
Node
X-Vtex-Processado-Em
VivaBuild
X-CF-Lambda-Version
X-Aed
X-Server-Time
X-AIR-PT
X-A-Wwc
Rt-Proxy-Cache
X-PAYTM-SRV-ID
X-A-Dam
X-ScT
X-S-Maxage
Rendered-Blocks
X-A-Dcw
X-A-Dgt
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-S-Cookie
X-Accel-Expires-Debug
X-VG-WebServer
X-Rojux
X-SRCache-Key
X-A-Ccd
X-Org
X-Application
Viewtype
X-Transaction
Mobile-Detection-Method
Meta-Geo-Continent
X-Twitter-Response-Tags
X-Trv-Group
X-Vtex-Remote-Cache
X-ARC
X-B3-SpanId
X-A
ServerName
Backend-Name
X-SIPLIST1
X-SVT-ORM-VERSION
X-Release
X-Distributor
X-SVT-ORM-RULES
X-Cms-Context
X-Cdn-Srv
Section-Io-Cache
Server-ID
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Developers
Fastly-Soc-X-Request-Id
X-VC-Cache
X-Cache-Bucket
X-Up
X-Hl-Ver
IsBot
X-Origin-Date
X-Origin-Expires
X-Azure-Ref-OriginShield
Request-Country
Request-EU
N-Cache
X-Azure-Ref
Locale
X-Fastly-Cache
CF-IPCountry
X-Oracle-Dms-Rid
Uber-Trace-Id
X-Cdn-Forward
User-Cache-Control
X-Auto-Login
W
V-Age
X-Cache-FS-Status
True-Client-Country-4JS
X-Cache-Id
X-Backend-Host
X-Cdn-Origin
Thinkindot-Control
X-Backend-Url
X-BBXSRF
X-Cache-Info
X-Bip
X-App-Name
X-C
X-Block-Status
X-Amz-Meta-Cache-Control
X-Matched-Rule
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Request-Start
X-Reboot
X-Policy
X-Platform-Server
X-Nginx-Cache-Key
X-MSEdge-Flight
X-Old-Content-Length
X-Owner
X-PHP-Host
X-Request-URI
X-ServiceProvider
X-We-Are-Hiring
X-WADP-Cache
X-WebServer
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-Variation
X-Sn-Servicetimems
X-Skip-Cache
X-Thanos
X-Thinkindot-L3
X-TrackingId
X-MSEdge-Features
X-Method
X-Fetched-On
X-Epic-Correlation-Id
X-Flog
X-GDPR
X-Gen-Mode
X-ElasticPress-Search
X-Distil-CS
X-Compress-Hint
X-Clientip
X-Core-Mission
X-CUA
X-Device-Os
X-Generated-On
X-Generation-Time
X-LI-Proto
X-Li-Pop
X-LI-UUID
X-Location
Thinkindot-CacheControl-Type
X-Li-Fabric
X-Level-Front-Cache
X-Hello
X-Geo-Header
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Clara-WADP
X-ABtesting
L
Is-Eu
Magicmarker
Esi-Enabled
Platform
X-Ruxit-Js-Agent
Adler-Geo
AKAMAI
Fastly-SIE
Countrycode
Fastly-SWR
Content-Disposition
Gh-Request-Id
CDCHOST
RNT-Machine
X-Via-CDN
Server-Int
Thinkindot-CacheControl
RNT-Time
X-Unique-ID
X-BYPASS-REASON
X-DC
X-Microcachable
X-ProxyCache-Status
X-ProxyCache-Key
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Servername
X-Server-IP
X-Qloud-Router
X-Debug-Cache-Expiry
X-Webstats-RespID
X-User
X-Swa-Ws
X-Proxy-Upstream
X-Debug-Cache-Fetch
X-Dispatch
X-Hash
X-GeoIP-City
X-Internal-Host
X-Irp-Debug
X-NX-Host
X-Say-Cacheable
X-Reqid
X-Generated-In
X-SD-PageType
X-Dispatcher-Server
X-Eu-Site
X-Proxy-Cache-Status
X-SayCDN-TTL
X-Response-By
X-Say-TTL
SS
Wxu-Next-Region
PFcat
Kp-EeAlive
X-Backend-State
HA-Ipaddr
Heartbleed
X-CGP
Server-Host
Wxu-Next-Hostname
Served-By
SD-X-WS
Wxu-Next-Commit
Pramga
Web-Mar-Node
Ha-Gx-Prefs
Pagetype
X-Proxied
X-Routing-Service
X-Zipkin-Id
Resin-Trace
X-Var-Ttl
X-Service
Memory
X-Dc
X-COUNTRY
X-Key
X-IPS-LoggedIn
Cache-Cookie-Set-Lfrom
Cache-Provider
X-Wa
Cache-Cookie-Set-Idcheck
X-Nc
Cache-Cookie-Set-From
X-Is-Gdpr
X-Has-Esi
X-JWT-State
Country-Code
REQUESTUUID
X-FPC
X-Page-Type
X-Servedbyhost
X-MP-GENERATED-AT
Srv
CACHE
X-Lb-Id
UCS
X-NWS-UUID-VERIFY
X-Info
X-Geo
X-RateLimit-Reset
Powered-By-ChinaCache
X-Ratelimit-Limit
X-Be
X-Datadome
Ajk
X-Svr
X-Logtrace-Id
X-Cache-URL
ProcessTime
X-Cache-Backend
X-UA
X-HTML-Minification-Powered-By
X-Tb-Optimization-Total-Bytes-Saved
X-Processor
Proxy-Firewall
X-Pjax-Url
X-Instart-Isnd
X-VCL-Version
X-GRACE
X-Varnish-Beresp-Ttl
X-SRV
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-HS-Status
X-Scheme
X-Zone
Powered-By
Dynatrace
X-SN
X-NodeID
SN
X-Grey
X-Cache-Category-Id
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Webkit-Csp
PICS-Label
X-Ftr-Request-Id
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-CDN-Forward
X-Ttl
X-Dynatrace
Group
GeoIP-City
Fastly-Backend-Name
GeoIP-Latitude
X-TH-Server
X-ZONE
GeoIP-Country-Code
X-Source
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Server-W
Cache-Host
XServer
X-EC-Lua
X-FORWARDED-FOR
X-PF-Uncompressing
X-Pf-Uncompressing
Ttl
X-Newrelic-Synthetics
X-RCS-CacheZone
X-LiteSpeed-Cache-Control
X-Sucuri-Id
X-Bc
X-Ms-Version
X-LAGOON
X-Ms-Request-Id
GW-Server
CF-Cached-On
X-APP
X-Via-Ucdn
X-Dynatrace-Js-Agent
X-NODE
X-Varnish-Beresp-TTL
LB
X-Cache-Ttl
X-Gannett-Site-Version
X-Ftr-Cache-Host
X-Varnish-Url
Cdn
X-Secret
X-Check-Cacheable
MIME-Version
X-Ratelimit-Remaining
Geoip-Latitude
X-Fastly-Country-Code
X-Session-Fingerprint
X-Aicache-OS
Pics-Label
GeoIp-Country-Code
Geoip-City
X-Tt-Trace-Host
WZWS-RAY
Lfy
Amp-Access-Control-Allow-Source-Origin
On-Server
X-Agile-Age
Environment
X-Agile
X-CDN-Cache
X-Varnish-Cacheable
X-Edge
X-Cache-Debug
X-Agile-Id
X-SERVER-NAME
WWW
User-Agent
X-Akamai-SSL-Client-Sid
Cf-Ipcountry
X-GeoIP-Country-Code
X-Ftr-Dc
X-Ftr-Realm
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Ftr-Backend
X-BC
X-Fastly-Backend-Reqs
X-PJAX-URL
X-7Graus-Varnish-XKeys
M-TraceId
X-Vcl-Version
Ohc-Response-Time
X-7Graus-Varnish-Cache-Control
X-Mid
X-Logging-Id
Requestid
Inserted-Into-Cache-At
X-Correlation-ID
X-BE
X-Cache-Miss-From
X-CSRF-Token
SID
X-Varnish-Ttl
X-Sedo-Request-Id
X-MCACHE
X-NU-AKA-ACS-Version
Lb
Who
X-Litespeed-Cache-Control
X-Render-Time
X-Crawler
X-UPSTREAM-Address
X-Cache-Tag
URI
X-DW
X-DSS
X-RPM
X-RSL
X-LB-ID
X-Core-Value
X-DI
X-RPS
Xkeyrz
X-Action
X-Proxy-Cacherz
X-DB
HostName
Cdnsip
Cdncip
X-AK-Request-ID
RequestUuid
X-Micro-Cache
X-WR-MODIFICATION
CDN
X-Fpc
X-FE
Host-ID
DataCenter
X-Zalando-Child-Request-Id
X-Sucuri-Cache
X-TT-LOGID
Get-Access-Time
Is-Session-Tracking
X-ServedByHost
X-WA
Xkeypdq
X-Nananana
X-Sucuri-ID
X-Page-Impression-Id
X-Via-Edge
X-Via-SSL
X-Fastly-Cache-Hits
X-Served-From
X-Flow-Id
X-Unique-Id
X-Swift-Error
X-Newrelic-App-Data
X-NGINX-Cache
X-Fstrz
X-Cdn-Request-ID
Cneonction
X-Sigma-Backend
Warning
X-TIME
X-Sigma
X-Rocket-Build-Number
X-Vdms-Version
FNAC-ModuleRouting
X-MID
Correlation-Id
X-SB
X-VC
X-Cf-Powered-By
X-Gen-Id
Pragrma
X-Amzn-Remapped-Connection
TTL
X-ServerName
X-Planisys-CDN-Rules
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-TTL
X-Bug-Bounty
X-Planisys-CDN-Cache
X-LiteSpeed-Tag
RequestId
V-Cache
Processtime
Xet-Cookie
X-Request-URL
X-Gdpr
X-Dw-Trace-Id
X-MiniProfiler-Ids
X-Fe
X-Amzn-Remapped-Date
X-ECache
HitType