Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
Content-Encoding
X-Content-Security-Policy
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Request-ID
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Ua-Compatible
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-Server
X-CDN
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Cdn
P3p
Cf-Railgun
X-LiteSpeed-Cache
Server-Timing
Feature-Policy
X-Amz-Version-Id
X-WebKit-CSP
X-Device
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
EagleEye-TraceId
Report-To
X-Cloud-Trace-Context
X-Response-Time
X-Backend-Server
Request-Id
X-Host
X-Node
Content-Location
X-Readtime
X-Origin-Cache
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
X-DataDome
NEL
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-Origin-Upstream-Status
X-Rack-Cache
Surrogate-Control
X-HW
Allow
Rating
X-Country-Code
X-Clacks-Overhead
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
X-Url
X-DynaTrace
X-Instart-Request-ID
X-MS-InvokeApp
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-TTL
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
X-Varnish-TTL
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
Public-Key-Pins
X-B3-TraceId
RTSS
X-Px
X-Mod-Pagespeed
Edge-Control
X-Sol
Display
Response
X-VARITI-CCR
X-Middleton-Response
X-Middleton-Display
SPRequestGuid
X-CST
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
X-Recruiting
X-Kinja-Revision
X-Exp-Variant
X-Use-Magma
X-D2id
X-SharePointHealthScore
X-ESI
Service-Worker-Allowed
X-Ah-Environment
X-Akam-SW-Version
X-Vcap-Request-Id
SPRequestDuration
X-Version
SPIisLatency
X-Server-Name
X-GitHub-Request-Id
X-Abt-Application-Version
TCN
X-Powered-CMS
X-Navigation-Version
MS-Author-Via
Accept-Ch-Lifetime
Accept-CH
X-Trace
X-Shard
Charset
Fastly-Restarts
Nginx-Cache
X-Upstream
X-Debug
X-Amz-Server-Side-Encryption
Realpath
X-Amz-Rid
X-RateLimit-Remaining
AR-ATIME
AR-CACHE
AR-PoweredBy
Ar-Sid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-Aspnetmvc-Version
X-Ezoic-Cdn
X-VCache
X-Cached
X-NF-Request-ID
Front-End-Https
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
Pagespeed
X-MSEdge-Ref
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Shield-Request-Id
X-XRDS-Location
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
AR-Request-ID
X-TEC-API-ORIGIN
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-TEC-API-ROOT
X-TEC-API-VERSION
X-FTR-Cache-Status
Content-MD5
X-FTR-Expires
X-Country-Code-Real
MicrosoftSharePointTeamServices
DynaTrace
Paypal-Debug-Id
X-Id
S
X-Goog-Storage-Class
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
ServerID
X-Varnish-Age
X-Via-JSL
X-Ser
X-DynaTrace-JS-Agent
X-Client-IP
X-Server-ID
X-Content-Type
X-Grace
X-Accel-Expires
X-Dw-Request-Base-Id
X-Correlation-Id
X-Hits
X-FastCGI-Cache
Fastcgi-Cache
X-Amzn-Trace-Id
X-Content-Digest
Powered
Edge-Cache-Tag
X-N
X-Frontend
X-DIS-Request-ID
Accept-Ch
AMP-Access-Control-Allow-Source-Origin
X-Forwarded-For
X-FTR-Cache-Host
PB-PID
Arc-Version
PB-RID
X-Mobile-Rewrite
X-HS-Content-Id
X-HS-Hub-Id
X-Logged-In
Server-Name
Pinterest-Version
X-Pinterest-Rid
TP-Cache
TP-L2-Cache
X-GUploader-UploadID
X-Request-Received
X-Request-Processing-Time
X-Microsite
X-Request-Handler-Origin-Region
X-Kinsta-Cache
X-Zen-Fury
X-RateLimit-Limit
X-Time
X-Cache-Age
X-IPLB-Instance
X-Revision
X-Activity-Id
X-User-Agent
X-Rid
X-AppVersion
X-B3-Sampled
X-Az
X-Type
X-Vcache
Backend-Timing
Healthy
X-Analytics
X-Cache-Hit
X-LB-Cache
X-Fastcgi-Cache
X-Whom
Retry-After
X-Node-Name
X-Srv
FilterID
Server-Node
X-NWS-LOG-UUID
Alternate-Protocol
X-F-Cache
X-Hp-Webp
Accept-Charset
Cache-Tag
X-Akamai-Edgescape
X-Cache-Rule
X-Cache-2
Cache-Status
X-SERVER
X-Kong-Upstream-Latency
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kong-Proxy-Latency
X-Content-Options
X-Content-Security-Policy-Report-Only
Tracecode
Surrogate-Key
DC
X-Amzn-RequestId
X-Amz-Apigw-Id
Refresh
X-Content-Powered-By
X-Instance
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Framework
X-Forwarded-Host
MS-CV
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-AOL-HN
X-Varnish-Grace
Source
X-Jobs
Access-Control-Allow-Method
X-App-Environment
X-Debug-Info
X-Webkit-CSP
X-Cluster
X-PHP-Backend
X-FB-Debug
X-Page-Id
Fastcgi-Useragent
X-Cache-TTL
X-Request-Guid
X-TA-CDN-Provider
X-App-Server
X-B
X-FW-Type
X-FW-Hash
X-Cache-Operation
X-FW-Serve
X-FW-Static
X-FW-Server
Host
Actual-Object-TTL
X-Cache-Key
X-Seen-By
Frame-Options
X-Mobile-URL
NR-ENABLED
X-Geo-Country
X-Cache-Control
X-Hostname
X-B3-Traceid
Cleartype
X-Host-Name
X-Signature
X-Pad
X-Cached-By
X-B-Cache
X-BCube-Filmed-By
Upgrade-Insecure-Requests
X-Mobile
X-Git-Hash
X-Response-Served-From
X-TT
NGB
X-Varnish-Backend
X-Esi
X-WebKit-CSP-Report-Only
X-Presslabs-Stats
Accept-CH-Lifetime
X-Adobe-Content
X-ATG-Version
X-Amz-Replication-Status
GEO-INFO
X-Adobe-Loc
WPE-Backend
X-Drupal-Cache-Tags
Cache-Tv-Group
Eomportal-Instance
X-GeoIP
Filters
X-Acc-Meta-Resource-Type
Ms-Operation-Id
X-Handled-By
X-RequestSource
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RTag
X-ProcessESI
X-RemovedCookies
Webserver
Payment
X-UA-Device-Type
X-TT-TIMESTAMP
From-Origin
X-Cacheable-TTL
X-Origin-Server
X-Daa-Tunnel
X-Litespeed-Cache
X-TX-ID
X-Status
Liferay-Portal
X-EdgeConnect-Cache-Status
X-Cache-TTL-Remaining
X-FW-Dynamic
X-Element-Page-Cache
X-HS-Cache-Config
X-WA-Info
X-Wix-Request-Id
X-Cache-Remote
X-Cache-Action
Xserver
X-Hyper-Cache
X-Content-Age
X-Contextid
X-Edge-Location
Datacenter
X-Region
Viewport
Cache
Version
X-Ratelimit-Reset
X-CF-Powered-By
X-XRDS-LOCATION
X-Varnish-Hostname
X-Storage
X-Cache-NE
X-Akamai-Transformed
Ohc-File-Size
X-Accel-Buffering
PageSpeed
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Cache-Server
X-Cache-Var
X-Cache-Var-Map
Load-Balancing
Meta-Geo
X-RN-RSRV
X-Path-Route
X-Varnish-Server
X-ES-SERVER
Host-Header
X-IP
Cache-Name
Cache-Tags
X-Cache-Enabled
X-Proto
X-Proxy
X-HS-Combine-CSS
Vix-Hermes-Req-Id
X-Viewer-Country
X-Device-Type
Property-Id
TWC-Device-Class
TWC-Connection-Speed
X-Varnish-Cache-Hits
X-Cluster-Node
X-Via-Fastly
S-Cnection
Rt-Fastcgi-Cache
Release
X-Section
Mn-Server-Ip
X-Yottaa-Optimizations
X-R9-Blue-Green-Version
X-CS
X-Yottaa-Metrics
TWC-GeoIP-Country
Ec-Rule-Version
Cache-Hits
X-Loop
X-NCache
X-Tumblr-Pixel-3
X-Cache-Config
TWC-Locale-Group
X-Akamai-Request-ID
X-Access
X-TNCMS
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Privacy
Country
X-Origin-Hint
Webcakes-Region
X-Origin-Response-Time
Azure-SiteName
X-EIG-Tracking-Id
Azure-SlotName
X-Drupal-Cache-Contexts
X-UnsetCookies
X-Debug-Cache
DB-Nickname
X-Upgrade-Enabled
X-Trace-Id
Azure-Version
DSUID
X-Timing-Wait
X-Proxy-Build
X-Origin
X-Cache-Host
X-PCL
X-Human
X-OCL
X-Cache-Grace
X-Akamai-Request-ID2
X-Backend-Name
X-Backend-TTL
X-Cache-Time
X-From
X-Rule
X-VCT
X-Labrador-Cache-Channel
S-Rt
X-Web-Node
X-Www-Served-By
X-Xfnlog-Site
Azure-RegionName
X-Format
X-FC-Vary-Parameters
Selected-Fe
X-NewRelic-App-Data
Azure-InstanceId
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PressLabs-Stats
X-Vgn-Hpd-Reason
X-ApacheServer
X-Hit
X-Hosted-By
X-Site-Version
X-PERF
X-Locale
Ohc-Cache-HIT
X-Time-Microsecs
X-JoinUs
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Server-Info
X-FireWall-Port
Cache-Key
X-CCM
X-NGENIX-Cache
X-Ttl
Time
X-OVcl
X-OVcl-Cache
X-S
X-Rendered-As
X-Real-IP
X-FW-Version
X-Upstream-HT
X-Upstream-CT
X-Varnish-Hits
X-APP-VERSION
Now
L5d-Success-Class
X-Redis-Cache
X-Pubstack
Origin-Edge-Control
Origin-Cache-Control
X-SS-Set-Cookie
X-Ua
OT-Force-Account-Verify
Fastcgi-X-Cache-Version
X-Upstream-Proxy
ServedBy
Fastly-SSL
Access-Control-Request-Headers
Origin
X-Trafficlayer-App-Name
X-VG-TLSProxy
X-Trafficlayer-App-Scope
Hostname
X-FB-TRIP-ID
Cteonnt-Length
X-Cluster-Name
X-VG-WebCache
NtCoent-Length
X-UUID
X-Sorting-Hat-ShopId
X-Load-Cache
X-Alternate-Cache-Key
X-Origin-TTL
X-Sorting-Hat-PodId
X-Origin-CC
X-Shopify-Stage
X-ShardId
X-ShopId
X-ServerID
X-GoCache-CacheStatus
X-Parent-Response-Time
X-Soup
Accept-Language
X-Tb
X-B3-Spanid
Machine
X-Rocket-Nginx-Bypass
IBM-Web2-Location
X-ECACHE
X-CSRF-TOKEN
NGX
X-Tt-Trace-Tag
X-App-Version
X-UA
X-No-Session
X-NC
X-L-Path
X-Is-Bot
Mime-Version
X-Environment-Context
Odigeo-Trace-Id
Nel
CF-IPCountry
SRV
X-Uri
X-B3-Parentspanid
X-MServer
X-CACHE-KEY
A
Apple-News-Services-Handled
Content-Style-Type
AsisCache
X-Node-Id
Arc-Country
Apple-News-Services-Request-Url
BehaviorPad-Version
Apple-News-Services-Parsed-Url
Xc-Version
Content-Script-Type
Cache-Prefix
Apple-News-Services-Host
X-A-Ccd
X-DPWN-IS-SECURE
X-Developer
X-External-Request-Id
X-G
X-Hl-Ver
X-Detected-As
X-Destination
X-Connection-Hash
X-CF-Lambda-Version
X-D
X-Vtex-Processado-Em
X-Date
X-Instart-Info
X-PAYTM-SRV-ID
X-Transaction
X-SRCache-Key
X-Trv-Group
X-Twitter-Response-Tags
X-VG-WebServer
X-Server-Time
X-ScT
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-CF-Lambda-Fn
X-B-Cookie
Rendered-Blocks
Node
Rt-Proxy-Cache
ServerName
T-Server
Mobile-Detection-Method
Meta-Geo-Continent
Fly-Request-Id
Fly-Cache
GEO-REGION-INFO
MD5-Digest
Memcached
Viewtype
VivaBuild
X-Vtex-Remote-Cache
X-Worker
X-AIR-PT
X-Application
X-ARC
X-Accel-Expires-Debug
X-A-Wwc
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
Cross-Origin-Window-Policy
X-Aed
Request-Time
X-Endurance-Cache-Level
Proxy-Connection
X-Amzn-Remapped-Content-Length
X-Magnolia-Registration
We-Hiring
Backend-Name
X-ProxyCache-Status
Uber-Trace-Id
X-ProxyCache-Key
X-BYPASS-REASON
X-Oneagent-Js-Injection
Mail-Subject
Akamai-GRN
X-CUA
X-SIPLIST1
X-SVT-ORM-RULES
X-Is-Gdpr
X-SVT-ORM-VERSION
N-Cache
X-JWT-State
X-S-Maxage
Request-Country
Fastly-Soc-X-Request-Id
Section-Io-Cache
X-Origin-Expires
X-Fastly-Cache
X-Has-Esi
X-Release
Request-EU
IsBot
X-Origin-Date
X-Developers
X-Cdn-Srv
X-Info
X-Var-Ttl
X-Nginx-Cache
X-Cache-Bucket
X-Up
X-Compress-Hint
X-Cms-Context
X-Azure-Ref-OriginShield
X-Azure-Ref
X-VC-Cache
X-GEO
User-Cache-Control
X-Dc
X-Generated-By
X-Cache-Info
Server-Host
Served-By
Server-Int
X-Geo-Header
Pagetype
Thinkindot-CacheControl
X-Generated-On
X-Generation-Time
X-Bip
X-Block-Status
Thinkindot-CacheControl-Type
X-IN-APIGATEWAYSSL
X-Hnp-Log
X-IN-APIGATEWAY
X-C
RNT-Machine
X-Irp-Debug
X-Hash
Pramga
RNT-Time
X-CGP
X-Eu-Site
Srv
X-Debug-Log
X-Level-Front-Cache
X-Backend-Host
X-Device-Os
X-Debug-Cookies
X-Debug-Cache-Store
X-App-Name
X-Auto-Login
X-Clientip
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Clara-WADP
X-Dispatch
X-Core-Mission
X-ElasticPress-Search
X-Backend-Url
X-BBXSRF
X-Gen-Mode
W
X-Distributor
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Distil-CS
Thinkindot-Control
Kp-EeAlive
X-Proxy-Cache-Status
Fastly-SWR
Fastly-SIE
X-Proxy-Upstream
X-Reqid
X-Service
X-Reboot
X-User
X-Server-IP
X-TrackingId
Esi-Enabled
X-Sn-Servicetimems
X-Rebelmouse-Cache-Control
Content-Disposition
X-Swa-Ws
X-Thanos
X-Qloud-Router
Countrycode
X-Thinkindot-L3
X-Skip-Cache
Gh-Request-Id
X-Matched-Rule
X-Method
Magicmarker
X-We-Are-Hiring
X-Location
CDCHOST
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Webstats-RespID
X-WADP-Cache
L
HA-Ipaddr
Ha-Gx-Prefs
AKAMAI
Heartbleed
X-NX-Host
X-Cdn-Origin
X-VServer
X-Nginx-Cache-Key
X-Rebelmouse-Surrogate-Control
X-Microcachable
X-Geo
X-Servername
X-Urbn-Site-Id
X-WebServer
X-Via-CDN
X-Variation
X-Urbn-Context-Path
X-NWS-UUID-VERIFY
X-RateLimit-Remaining-Second
X-Old-Content-Length
X-B3-SpanId
X-GeoIP-City
X-Owner
X-PHP-Host
X-MSEdge-Flight
X-MSEdge-Features
X-Li-Pop
X-LI-Proto
X-Key
X-LI-UUID
X-Platform-Server
X-Policy
X-Request-Start
X-Dispatcher-Server
X-Request-URI
X-Say-Cacheable
X-Say-TTL
X-AWS-Id
X-Li-Fabric
X-Generated-In
X-Fetched-On
X-Epic-Correlation-Id
X-RateLimit-Limit-Second
X-SayCDN-TTL
X-Internal-Host
Locale
Adler-Geo
Is-Eu
X-Amz-Meta-Cache-Control
Memory
X-LJ-Flow-ID
Cache-Provider
Web-Mar-Node
Platform
PFcat
X-VWS-Id
X-Guploader-Uploadid
X-Cache-FS-Status
X-Backend-State
X-Cache-Id
Cdn-Request-Time
X-SD-PageType
Server-ID
X-Edge-Server
SD-X-WS
Resin-Trace
X-Lb-Id
Cdn-Host
True-Client-Country-4JS
X-Nc
X-ServiceProvider
X-Mode
X-Cdn-Forward
X-Ratelimit-Limit
V-Age
X-Svr
X-FPC
X-GDPR
X-Cache-URL
X-Request-Time
X-Be
X-DataStream-Cache-Status
X-Instart-Isnd
X-Org
REQUESTUUID
X-COUNTRY
X-URL
X-Wa
SS
X-Hello
X-ABtesting
X-Scheme
X-Flog
X-DC
X-Cache-Backend
X-Servedbyhost
X-Processor
X-CDN-Forward
X-IPS-LoggedIn
X-Response-By
Country-Code
X-Unique-ID
X-Datadome
Group
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-NodeID
X-RateLimit-Reset
X-Routing-Service
X-Proxied
X-Zipkin-Id
X-Page-Type
Cache-Host
X-Pjax-Url
X-VCL-Version
X-Server-W
XServer
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Storage-Class
UCS
X-Oss-Server-Time
X-Oss-Object-Type
X-SN
PICS-Label
X-Ruxit-Js-Agent
X-Varnish-Beresp-Ttl
X-Oracle-Dms-Rid
X-Ms-Request-Id
X-Ms-Version
X-Via-Ucdn
X-EC-Lua
X-Webkit-Csp
X-MP-GENERATED-AT
X-Varnish-Beresp-Grace
X-Ftr-Request-Id
X-SRV
Ajk
X-Tb-Optimization-Total-Bytes-Saved
X-Dynatrace-Js-Agent
X-Varnish-Beresp-Status
X-Logtrace-Id
X-HS-Status
X-DataStream-Origin-MEX-Latency
X-Dynatrace
X-DataStream-MidMile-RTT
ProcessTime
X-Session-Fingerprint
Lfy
Powered-By-ChinaCache
Ttl
X-Newrelic-Synthetics
X-ZONE
Geoip-City
Geoip-Latitude
Proxy-Firewall
X-Pf-Uncompressing
GeoIp-Country-Code
X-APP
X-Zone
X-Source
X-GRACE
CACHE
X-Agile-Id
Powered-By
X-Cache-Debug
X-Agile
X-HTML-Minification-Powered-By
SN
X-Agile-Age
X-Ratelimit-Remaining
X-Varnish-Beresp-TTL
X-Fastly-Country-Code
X-Grey
X-Cache-Category-Id
Environment
X-TH-Server
X-7Graus-Varnish-Cache-Control
GeoIP-Latitude
GeoIP-Country-Code
Dynatrace
X-Logging-Id
X-PF-Uncompressing
X-7Graus-Varnish-XKeys
GeoIP-City
X-NODE
X-Sedo-Request-Id
Fastly-Backend-Name
X-Sucuri-Id
X-Sucuri-ID
X-Cache-Miss-From
X-Ftr-Cache-Host
X-Unique-Id
MIME-Version
X-CSRF-Token
X-LiteSpeed-Cache-Control
X-Aicache-OS
X-Check-Cacheable
X-Tt-Trace-Host
Cdn
X-FORWARDED-FOR
X-Bc
M-TraceId
GW-Server
X-Core-Value
X-Edge
Pics-Label
CF-Cached-On
X-UPSTREAM-Address
X-LAGOON
X-Vcl-Version
X-Webapp-Samesite-None-Activated-N
WWW
LB
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Dc
X-Ftr-Realm
X-BC
X-Ftr-Backend
Requestid
X-Varnish-Url
X-Secret
Ohc-Response-Time
X-Vdms-Version
X-Gannett-Site-Version
X-Sucuri-Cache
X-PJAX-URL
X-Fastly-Backend-Reqs
X-Mid
X-RCS-CacheZone
HostName
X-NGINX-Cache
Cf-Ipcountry
X-Sigma-Backend
X-Sigma
X-Fstrz
Cdncip
X-MCACHE
Cdnsip
X-AK-Request-ID
X-Rocket-Build-Number
X-Cache-Tag
WZWS-RAY
X-Varnish-Ttl
DataCenter
Amp-Access-Control-Allow-Source-Origin
X-TT-LOGID
X-Varnish-Cacheable
Pragrma
X-CDN-Cache
X-Litespeed-Cache-Control
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Shopify-Generated-Cart-Token
On-Server
X-Planisys-CDN-Rules
X-Swift-Error
Lb
X-RPS
X-RPM
X-Via-NSCOPI
X-RSL
X-DW
X-GeoIP-Country-Code
X-Action
Xkeyrz
X-Proxy-Cacherz
X-ServedByHost
X-BE
X-DB
User-Agent
X-DI
URI
X-Cache-Ttl
X-DSS
X-Akamai-SSL-Client-Sid
RequestUuid
Inserted-Into-Cache-At
X-WA
CDN
Host-ID
X-Correlation-ID
TTL
X-SaId
Server-Id
Is-Session-Tracking
X-Upstream-Ht
X-NU-AKA-ACS-Version
X-ORACLE-APMCS-TAG
Get-Access-Time
X-Upstream-Ct
X-ORACLE-APMCS-REQUEST-ID
Warning
SID
Who
X-Page-Impression-Id
X-WR-MODIFICATION
X-Crawler
X-Flow-Id
Xkeypdq
X-Zalando-Child-Request-Id
X-Fastly-Cache-Hits
X-Fpc
Correlation-Id
X-Render-Time
X-Refresh
X-LB-ID
X-MID
X-VC
X-SB
X-Nananana
X-ND-Cache
X-FE
X-Cf-Powered-By
HitType
X-Amzn-Remapped-Date
Locid
X-Amzn-Remapped-Connection
X-Akamai-ERRuleID
X-Trafficlayer-App-Version
X-Akamai-ERPolicy
X-ECache
X-Request-URL
Cneonction
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-Gdpr
X-Bug-Bounty
V-Cache
Xet-Cookie
X-Newrelic-App-Data
Processtime
X-ServerName
X-Gen-Id
FNAC-ModuleRouting
RequestId
X-LiteSpeed-Tag