Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
Alt-Svc
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
Content-Encoding
X-Content-Security-Policy
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Buckets
X-Request-ID
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-CDN
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-Server
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Cdn
P3p
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
Feature-Policy
X-Amz-Version-Id
X-Device
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-Ac
X-Cnection
EagleEye-TraceId
Report-To
X-Cloud-Trace-Context
Request-Id
X-Response-Time
X-Backend-Server
X-Host
Content-Location
X-Node
X-Readtime
X-Origin-Cache
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
X-DataDome
X-Ruxit-JS-Agent
NEL
X-ORACLE-DMS-RID
X-Origin-Upstream-Status
X-Rack-Cache
X-HW
Surrogate-Control
X-Dns-Prefetch-Control
Rating
Allow
X-Country-Code
X-Clacks-Overhead
X-Country
X-Url
X-FTR-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
X-MS-InvokeApp
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
X-TTL
X-Varnish-TTL
Pinterest-Generated-By
X-Powered-By-Plesk
Verso
Public-Key-Pins
RTSS
X-B3-TraceId
X-Px
X-Mod-Pagespeed
Edge-Control
X-ESI
Response
Display
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Ah-Environment
X-VARITI-CCR
SPRequestGuid
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Recruiting
X-Exp-Id
X-SharePointHealthScore
X-D2id
X-CST
X-Akam-SW-Version
Service-Worker-Allowed
X-Vcap-Request-Id
SPIisLatency
SPRequestDuration
Accept-Ch-Lifetime
X-Version
X-Server-Name
X-GitHub-Request-Id
X-Abt-Application-Version
TCN
X-Powered-CMS
MS-Author-Via
X-Navigation-Version
X-Trace
Accept-CH
X-Shard
Charset
X-Debug
Fastly-Restarts
Nginx-Cache
X-Amz-Rid
Realpath
X-Aspnetmvc-Version
X-Amz-Server-Side-Encryption
X-Upstream
AR-CACHE
AR-ATIME
AR-PoweredBy
Ar-Sid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-RateLimit-Remaining
X-Forwarded-Proto
X-Ezoic-Cdn
X-NF-Request-ID
Front-End-Https
X-Cached
X-VCache
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-MSEdge-Ref
Pagespeed
Arr-Disable-Session-Affinity
Access-Control-Request-Method
AR-Request-ID
X-Shield-Request-Id
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
DynaTrace
Content-MD5
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
MicrosoftSharePointTeamServices
X-XRDS-Location
Paypal-Debug-Id
S
X-Id
X-Goog-Storage-Class
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-DynaTrace-JS-Agent
X-Varnish-Age
ServerID
X-Ser
X-Via-JSL
X-Client-IP
X-Content-Type
X-Accel-Expires
X-Grace
X-Correlation-Id
X-Dw-Request-Base-Id
X-Forwarded-For
Accept-Ch
X-Hits
Fastcgi-Cache
X-Amzn-Trace-Id
Edge-Cache-Tag
X-Content-Digest
Powered
X-Frontend
X-DIS-Request-ID
X-Aspnet-Version
AMP-Access-Control-Allow-Source-Origin
X-N
PB-PID
Arc-Version
PB-RID
X-Mobile-Rewrite
X-FTR-Cache-Host
X-HS-Hub-Id
X-HS-Content-Id
X-Fastcgi-Cache
X-Logged-In
Server-Name
X-FastCGI-Cache
Pinterest-Version
X-Pinterest-Rid
X-Server-ID
X-Webkit-CSP
TP-L2-Cache
TP-Cache
X-Request-Received
X-Request-Processing-Time
X-Request-Handler-Origin-Region
X-Microsite
X-Vcache
X-Kinsta-Cache
X-Zen-Fury
X-Time
X-Cache-Hit
X-Cache-Age
X-Az
X-Revision
X-AppVersion
X-IPLB-Instance
X-Activity-Id
X-Type
X-Rid
X-LB-Cache
Healthy
X-User-Agent
X-Analytics
Backend-Timing
Retry-After
X-GUploader-UploadID
X-Whom
X-B3-Sampled
X-RateLimit-Limit
X-Node-Name
X-Srv
FilterID
Server-Node
X-NWS-LOG-UUID
X-Hp-Webp
Alternate-Protocol
X-SERVER
Accept-Charset
X-F-Cache
Cache-Tag
X-Akamai-Edgescape
X-Cache-Rule
Cache-Status
X-Content-Options
X-Erf-Bev-Bev
X-Cache-2
X-Erf-Bev-Bev-Is-Generated
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
DC
Refresh
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-AOL-HN
X-Tumblr-User
VIX-Pulpo-Node
MS-CV
X-Amz-Apigw-Id
X-Amzn-RequestId
Surrogate-Key
VIX-Pulpo-Upstream-Status
X-Framework
X-Forwarded-Host
X-Instance
X-Content-Powered-By
X-Varnish-Grace
X-Debug-Info
Source
X-App-Environment
Tracecode
Access-Control-Allow-Method
X-Jobs
X-PHP-Backend
X-Cluster
Fastcgi-Useragent
X-Request-Guid
X-FB-Debug
X-Page-Id
NR-ENABLED
X-Cache-TTL
X-B
X-App-Server
Host
Actual-Object-TTL
X-Cache-Operation
X-Seen-By
X-FW-Static
X-FW-Server
X-FW-Serve
X-Mobile-URL
X-FW-Hash
X-FW-Type
Frame-Options
X-Cache-Key
X-TA-CDN-Provider
X-Cache-Control
X-Geo-Country
X-Hostname
X-B3-Traceid
Cleartype
X-Cached-By
X-Host-Name
X-Pad
X-Signature
X-B-Cache
Upgrade-Insecure-Requests
X-BCube-Filmed-By
X-Mobile
X-Git-Hash
X-Varnish-Backend
X-WebKit-CSP-Report-Only
NGB
X-Response-Served-From
X-TT
X-ATG-Version
X-Adobe-Content
X-Adobe-Loc
GEO-INFO
WPE-Backend
X-Amz-Replication-Status
X-UA-Device-Type
Filters
Cache-Tv-Group
Ms-Operation-Id
Payment
Webserver
Eomportal-Instance
X-RequestSource
X-GeoIP
X-RTag
X-Presslabs-Stats
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Handled-By
X-RemovedCookies
X-ProcessESI
X-Drupal-Cache-Tags
X-TT-TIMESTAMP
From-Origin
X-Element-Page-Cache
Xserver
X-Cacheable-TTL
X-Daa-Tunnel
X-Origin-Server
X-Acc-Meta-Resource-Type
X-Status
X-EdgeConnect-Cache-Status
X-TX-ID
X-HS-Cache-Config
Liferay-Portal
X-XRDS-LOCATION
X-Cache-TTL-Remaining
X-WA-Info
X-Wix-Request-Id
X-FW-Dynamic
X-Cache-Remote
X-Esi
Accept-CH-Lifetime
X-Cache-Action
Datacenter
X-Hyper-Cache
X-Contextid
X-Content-Age
Cache
X-Edge-Location
X-Ttl
X-Region
X-Ratelimit-Reset
Viewport
Version
X-CF-Powered-By
X-Cache-NE
PageSpeed
X-Varnish-Hostname
X-Storage
X-Akamai-Transformed
Ohc-File-Size
X-Cache-Server
X-Accel-Buffering
X-RN-RSRV
X-Varnish-Server
Load-Balancing
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
X-Path-Route
Meta-Geo
Host-Header
X-IP
X-Cache-Enabled
Cache-Name
Cache-Tags
X-PressLabs-Stats
X-Proxy
Ohc-Cache-HIT
X-Proto
X-HS-Combine-CSS
Vix-Hermes-Req-Id
X-Device-Type
X-Origin-Response-Time
X-Cluster-Node
Ec-Rule-Version
TWC-Device-Class
TWC-GeoIP-Country
X-R9-Blue-Green-Version
X-CS
TWC-Connection-Speed
Property-Id
X-Origin-Hint
X-NCache
X-Loop
Rt-Fastcgi-Cache
Release
TWC-GeoIP-LatLong
X-Section
TWC-Privacy
X-Viewer-Country
X-Akamai-Request-ID
X-Access
Webcakes-App-Version
Webcakes-App-Name
X-Cache-Config
Cache-Hits
Webcakes-Region
X-TNCMS
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
X-Via-Fastly
Country
S-Cnection
TWC-Locale-Group
X-Akamai-Request-ID2
DB-Nickname
X-Labrador-Cache-Channel
X-Xfnlog-Site
X-Backend-Name
X-Cache-Grace
X-Upgrade-Enabled
X-Backend-TTL
X-OCL
Selected-Fe
X-NewRelic-App-Data
Azure-Version
Azure-SlotName
DSUID
Mn-Server-Ip
S-Rt
X-PCL
X-UnsetCookies
X-Drupal-Cache-Contexts
X-Timing-Wait
X-Cache-Time
X-Rule
X-Trace-Id
X-VCT
X-Www-Served-By
X-Web-Node
X-Vgn-Hpd-Reason
X-Debug-Cache
X-EIG-Tracking-Id
X-From
X-Format
X-FC-Vary-Parameters
X-Human
X-NGENIX-Cache
X-Proxy-Build
X-Origin
Azure-SiteName
X-Cache-Host
X-Yottaa-Metrics
X-Yottaa-Optimizations
Azure-RegionName
Azure-InstanceId
X-PERF
X-Hosted-By
X-Site-Version
X-Locale
X-ApacheServer
X-Generated
X-Hit
X-Time-Microsecs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-JoinUs
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
Cache-Key
Server-Info
X-FireWall-Port
X-CCM
X-Tec-Api-Origin
X-OVcl-Cache
X-Tec-Api-Version
X-OVcl
X-Tec-Api-Root
Time
X-Varnish-Hits
X-Rendered-As
X-Real-IP
X-S
L5d-Success-Class
X-Pubstack
X-FW-Version
X-Redis-Cache
X-Upstream-HT
X-Upstream-CT
Origin-Cache-Control
Now
X-Ua
Origin-Edge-Control
X-Trafficlayer-App-Scope
X-SS-Set-Cookie
X-Trafficlayer-App-Name
X-Litespeed-Cache
Fastcgi-X-Cache-Version
X-APP-VERSION
OT-Force-Account-Verify
Origin
ServedBy
X-Upstream-Proxy
Access-Control-Request-Headers
Fastly-SSL
X-VG-TLSProxy
X-FB-TRIP-ID
Cteonnt-Length
Hostname
X-Origin-TTL
X-Origin-CC
X-Cluster-Name
X-UUID
X-VG-WebCache
X-Sorting-Hat-PodId
X-ShopId
X-ServerID
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-ShopId
X-GoCache-CacheStatus
X-Alternate-Cache-Key
X-Load-Cache
Mime-Version
X-Rocket-Nginx-Bypass
NtCoent-Length
X-Parent-Response-Time
X-Soup
X-Tb
Accept-Language
Machine
X-App-Version
IBM-Web2-Location
NGX
X-Tt-Trace-Tag
Nel
X-Is-Bot
X-B3-Spanid
Odigeo-Trace-Id
X-L-Path
X-Environment-Context
X-No-Session
X-Guploader-Uploadid
X-ECACHE
X-B3-Parentspanid
X-UA
X-CACHE-KEY
X-Uri
X-MServer
X-CSRF-TOKEN
X-Oneagent-Js-Injection
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Node-Id
X-Info
A
Apple-News-Services-Handled
Rt-Proxy-Cache
X-External-Request-Id
X-DPWN-IS-SECURE
X-G
X-Hl-Ver
X-PAYTM-SRV-ID
X-Instart-Info
X-Developer
X-Detected-As
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Connection-Hash
X-D
X-Destination
X-Date
X-Region-Sid
X-Request-UUID
X-VG-WebServer
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Trv-Group
X-Transaction
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-ScT
X-SRCache-Key
X-Server-Time
X-B-Cookie
X-ARC
GEO-REGION-INFO
Fly-Request-Id
MD5-Digest
Memcached
Mobile-Detection-Method
Meta-Geo-Continent
Fly-Cache
Cross-Origin-Window-Policy
AsisCache
Arc-Country
BehaviorPad-Version
Cache-Prefix
Content-Style-Type
Content-Script-Type
Node
Rendered-Blocks
X-A-Dgt
X-A-Dcw
X-Accel-Expires-Debug
X-Aed
X-Application
X-AIR-PT
X-A-Dam
X-A-Ccd
T-Server
ServerName
Viewtype
VivaBuild
X-A
Apple-News-Services-Request-Url
X-A-Wwc
Request-Time
CF-IPCountry
SRV
Proxy-Connection
X-BYPASS-REASON
Uber-Trace-Id
X-Endurance-Cache-Level
X-ProxyCache-Key
X-Magnolia-Registration
X-Amzn-Remapped-Content-Length
Backend-Name
X-ProxyCache-Status
X-NC
X-Var-Ttl
X-Cache-Bucket
X-Has-Esi
X-Up
X-VC-Cache
X-Origin-Date
Request-Country
We-Hiring
Mail-Subject
X-Compress-Hint
Fastly-Soc-X-Request-Id
Section-Io-Cache
X-Cdn-Srv
Srv
N-Cache
X-SIPLIST1
IsBot
X-S-Maxage
X-Release
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Request-EU
X-Origin-Expires
X-Is-Gdpr
X-JWT-State
X-Nginx-Cache
X-Fastly-Cache
Akamai-GRN
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Developers
X-Nc
X-Cms-Context
X-CUA
X-Geo
User-Cache-Control
X-Cdn-Forward
X-WADP-Cache
X-Reqid
Wxu-Next-Hostname
Wxu-Next-Commit
X-Method
X-Reboot
Pramga
X-Irp-Debug
X-Cache-Info
X-Auto-Login
X-Ratelimit-Limit
X-Server-IP
Wxu-Next-Region
X-Cdn-Origin
Served-By
X-IN-APIGATEWAYSSL
Pagetype
X-Backend-Url
Server-Host
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Block-Status
X-ElasticPress-Search
W
X-NX-Host
X-Location
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Rebelmouse-Surrogate-Control
X-Backend-Host
X-Bip
X-Hnp-Log
X-Rebelmouse-Cache-Control
X-Level-Front-Cache
X-C
X-BBXSRF
X-Matched-Rule
HA-Ipaddr
AKAMAI
X-Generation-Time
X-Generated-On
X-Generated-By
X-Geo-Header
X-Clientip
X-We-Are-Hiring
X-Webstats-RespID
X-Hash
X-Wikidot-Static-Cache
X-Clara-WADP
X-Debug-Cache-Expiry
X-Gen-Mode
X-Dispatch
X-Distil-CS
X-Eu-Site
X-Debug-Log
X-Distributor
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Device-Os
X-Debug-Cookies
CDCHOST
X-Wikidot-Backend
X-Thanos
X-Swa-Ws
X-VServer
X-Thinkindot-L3
X-Skip-Cache
Gh-Request-Id
X-B3-SpanId
Kp-EeAlive
Heartbleed
X-IN-APIGATEWAY
Ha-Gx-Prefs
X-Sn-Servicetimems
X-TrackingId
Countrycode
X-CGP
X-User
Content-Disposition
L
Magicmarker
Fastly-SWR
X-Service
Fastly-SIE
Esi-Enabled
X-Microcachable
X-PHP-Host
X-Dc
X-GEO
X-Via-CDN
X-Generated-In
X-Cache-Id
X-Request-URI
X-Say-Cacheable
X-Variation
X-Request-Start
X-Platform-Server
X-Cache-FS-Status
X-Amz-Meta-Cache-Control
RNT-Machine
RNT-Time
X-Dispatcher-Server
X-Owner
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Li-Fabric
X-GeoIP-City
X-Epic-Correlation-Id
X-Fetched-On
Platform
PFcat
X-Nginx-Cache-Key
X-Policy
X-Qloud-Router
X-MSEdge-Flight
X-MSEdge-Features
X-Lb-Id
X-WebServer
X-RateLimit-Limit-Second
X-Old-Content-Length
X-Urbn-Site-Id
Adler-Geo
Is-Eu
X-Urbn-Context-Path
X-Servername
X-Say-TTL
X-SayCDN-TTL
X-Key
X-RateLimit-Remaining-Second
X-Backend-State
Cache-Provider
Locale
Web-Mar-Node
Server-Int
X-Core-Mission
X-App-Name
X-LJ-Flow-ID
X-AWS-Id
X-NWS-UUID-VERIFY
X-VWS-Id
X-SD-PageType
Server-ID
Cdn-Host
Cdn-Request-Time
X-Internal-Host
X-Edge-Server
X-Svr
X-ServiceProvider
True-Client-Country-4JS
SD-X-WS
Resin-Trace
Memory
X-Cache-URL
X-Instart-Isnd
X-Mode
X-GDPR
V-Age
X-FPC
X-Be
X-Request-Time
X-Org
REQUESTUUID
X-Scheme
X-DC
X-Cache-Backend
SS
X-Flog
X-Hello
X-ABtesting
X-Processor
X-Wa
X-Datadome
X-IPS-LoggedIn
Group
X-Pjax-Url
Country-Code
X-Response-By
X-Unique-ID
X-NodeID
X-Servedbyhost
X-DataStream-Cache-Status
Cache-Cookie-Set-From
Cache-Host
Cache-Cookie-Set-Idcheck
X-Server-W
Cache-Cookie-Set-Lfrom
X-CDN-Forward
X-Proxied
X-Page-Type
X-Routing-Service
X-Zipkin-Id
X-SN
X-Ratelimit-Remaining
X-Ruxit-Js-Agent
X-Ms-Request-Id
X-Oss-Hash-Crc64ecma
X-Oracle-Dms-Rid
X-Oss-Storage-Class
X-Ms-Version
X-Oss-Object-Type
UCS
X-VCL-Version
X-Oss-Request-Id
PICS-Label
X-Oss-Server-Time
X-EC-Lua
X-Webkit-Csp
X-RateLimit-Reset
X-HS-Status
X-Ftr-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Ucdn
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-SRV
X-Varnish-Beresp-Status
X-Zone
X-Dynatrace
Lfy
X-URL
X-MP-GENERATED-AT
X-COUNTRY
X-Logtrace-Id
Ajk
X-Session-Fingerprint
X-GRACE
X-Agile-Age
X-Cache-Debug
X-Agile-Id
GeoIp-Country-Code
Powered-By-ChinaCache
Proxy-Firewall
ProcessTime
X-Pf-Uncompressing
Ttl
Geoip-Latitude
X-Agile
Geoip-City
SN
X-Varnish-Beresp-TTL
XServer
X-Source
X-Fastly-Country-Code
X-APP
Powered-By
X-Varnish-Ttl
X-ZONE
X-HTML-Minification-Powered-By
X-7Graus-Varnish-Cache-Control
X-Newrelic-Synthetics
GeoIP-Latitude
X-PF-Uncompressing
X-Grey
X-Logging-Id
Environment
X-CSRF-Token
X-7Graus-Varnish-XKeys
GeoIP-City
X-Cache-Category-Id
GeoIP-Country-Code
X-NODE
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
CACHE
X-Dynatrace-Js-Agent
X-Ftr-Cache-Host
X-Sedo-Request-Id
X-TH-Server
X-Cache-Miss-From
X-Sucuri-Id
X-Bc
X-Sucuri-ID
X-Unique-Id
Cdn
Fastly-Backend-Name
X-Tt-Trace-Host
X-LiteSpeed-Cache-Control
M-TraceId
X-Vcl-Version
Pics-Label
X-Edge
X-Core-Value
X-Aicache-OS
X-Check-Cacheable
CF-Cached-On
WWW
X-Webapp-Samesite-None-Activated-N
GW-Server
Cf-Ipcountry
X-Ftr-Backend-Server
X-Ftr-Backend
X-Ftr-Realm
X-Ftr-Dc
MIME-Version
X-Ftr-Balancer
Dynatrace
X-Fastly-Backend-Reqs
X-Vdms-Version
X-Sucuri-Cache
LB
X-Mid
Requestid
X-LAGOON
HostName
X-Sigma
X-Secret
X-Fstrz
Cdncip
X-Sigma-Backend
X-RCS-CacheZone
Ohc-Response-Time
X-Gannett-Site-Version
X-Cache-Tag
X-AK-Request-ID
X-Rocket-Build-Number
X-MCACHE
X-NGINX-Cache
X-Varnish-Url
X-UPSTREAM-Address
X-FORWARDED-FOR
Cdnsip
Amp-Access-Control-Allow-Source-Origin
X-Planisys-CDN-Rules
X-BC
X-PJAX-URL
X-Shopify-Generated-Cart-Token
X-TT-LOGID
X-ServedByHost
Pragrma
X-Litespeed-Cache-Control
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Lb
WZWS-RAY
X-Swift-Error
X-DW
X-RPM
X-RPS
X-CDN-Cache
X-RSL
X-DSS
URI
X-Varnish-Cacheable
X-BE
X-Via-NSCOPI
On-Server
X-DI
X-Action
X-DB
X-WA
DataCenter
X-Cache-Ttl
RequestUuid
TTL
User-Agent
X-Proxy-Cacherz
Host-ID
Xkeyrz
X-GeoIP-Country-Code
X-Correlation-ID
X-ORACLE-APMCS-TAG
Server-Id
CDN
Xkeypdq
X-Page-Impression-Id
X-WR-MODIFICATION
Inserted-Into-Cache-At
X-SaId
X-Fastly-Cache-Hits
Get-Access-Time
X-Akamai-SSL-Client-Sid
X-Flow-Id
X-Fpc
X-ORACLE-APMCS-REQUEST-ID
X-Zalando-Child-Request-Id
Is-Session-Tracking
X-ND-Cache
X-Upstream-Ct
X-Upstream-Ht
X-Gen-Id
X-Refresh
Correlation-Id
X-VC
Who
SID
X-Nananana
X-ECache
Warning
X-Crawler
X-NU-AKA-ACS-Version
X-SB
X-MID
X-Dw-Trace-Id
X-Trafficlayer-App-Version
X-Cf-Powered-By
X-Via-SSL
X-Via-Edge
Locid
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Served-From
X-Newrelic-App-Data
X-ServerName
X-Render-Time
X-Bug-Bounty
HitType
X-Request-URL
Processtime
X-MiniProfiler-Ids
Cneonction
RequestId
X-LB-ID
Xet-Cookie
X-FE
X-Gdpr
V-Cache
X-LiteSpeed-Tag