Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Request-ID
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
X-Content-Security-Policy
Content-Encoding
X-AspNetMvc-Version
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
EagleId
X-Age
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Ua-Compatible
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Server
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Amz-Version-Id
Server-Timing
Feature-Policy
X-Server-Id
X-WebKit-CSP
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
EagleEye-TraceId
X-Response-Time
X-Host
X-Backend-Server
X-Node
Request-Id
Content-Location
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
X-ORACLE-DMS-RID
NEL
X-Origin-Upstream-Status
X-DataDome
X-Rack-Cache
Surrogate-Control
X-Ruxit-JS-Agent
X-HW
Allow
Rating
X-Country-Code
X-FTR-Request-ID
X-Clacks-Overhead
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Url
X-DynaTrace
X-TTL
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-MS-InvokeApp
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-Powered-By-Plesk
Verso
RTSS
Public-Key-Pins
X-CST
Pinterest-Generated-By
X-Px
Edge-Control
X-Mod-Pagespeed
X-Recruiting
X-VARITI-CCR
X-Sol
X-Middleton-Response
X-Middleton-Display
Response
Display
X-Ah-Environment
X-B3-TraceId
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-D2id
Service-Worker-Allowed
Accept-CH
X-SharePointHealthScore
SPRequestGuid
X-Vcap-Request-Id
X-Version
X-Akam-SW-Version
X-ESI
X-Server-Name
MS-Author-Via
X-GitHub-Request-Id
X-Abt-Application-Version
X-Navigation-Version
X-Powered-CMS
SPRequestDuration
SPIisLatency
Accept-Ch-Lifetime
TCN
X-Shard
X-RateLimit-Remaining
Charset
X-Upstream
AR-CACHE
AR-PoweredBy
Ar-Sid
Fastly-Restarts
AR-ATIME
X-Amz-Server-Side-Encryption
X-Trace
Realpath
X-Amz-Rid
X-Forwarded-Proto
X-Aspnetmvc-Version
Nginx-Cache
X-Debug
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-XRDS-Location
X-Ezoic-Cdn
Front-End-Https
X-Cached
AR-Request-ID
X-NF-Request-ID
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-MSEdge-Ref
X-Shield-Request-Id
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Pagespeed
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
Paypal-Debug-Id
Content-MD5
X-VCache
MicrosoftSharePointTeamServices
X-Id
X-Goog-Storage-Class
X-FTR-Realm
X-FTR-DC
X-T
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-Amz-Meta-S3cmd-Attrs
ServerID
S
X-Fastly-Request-ID
X-Via-JSL
DynaTrace
X-Client-IP
X-Varnish-Age
X-Content-Type
X-Hits
X-Dw-Request-Base-Id
X-Ser
X-DynaTrace-JS-Agent
X-SERVER
X-Vcache
X-Correlation-Id
X-Amzn-Trace-Id
X-Accel-Expires
X-Grace
Fastcgi-Cache
X-Content-Digest
Powered
X-Frontend
X-N
X-FTR-Cache-Host
PB-RID
PB-PID
Arc-Version
X-DIS-Request-ID
X-Mobile-Rewrite
X-Forwarded-For
Server-Name
X-RateLimit-Limit
X-Logged-In
X-Fastcgi-Cache
X-HS-Content-Id
AMP-Access-Control-Allow-Source-Origin
X-HS-Hub-Id
Edge-Cache-Tag
X-FastCGI-Cache
X-Server-ID
X-Microsite
X-Request-Handler-Origin-Region
X-B3-Sampled
TP-L2-Cache
TP-Cache
X-Request-Received
X-Request-Processing-Time
X-Cache-Age
X-Zen-Fury
X-AppVersion
X-Kinsta-Cache
X-Activity-Id
X-Az
X-Type
X-Rid
X-Revision
Backend-Timing
X-IPLB-Instance
X-Analytics
X-User-Agent
X-LB-Cache
X-GUploader-UploadID
Pinterest-Version
FilterID
Accept-Ch
X-Pinterest-Rid
Healthy
X-Whom
Retry-After
X-Time
X-Node-Name
X-Cache-Hit
X-Srv
X-NWS-LOG-UUID
X-F-Cache
Server-Node
Accept-Charset
X-Cache-2
Alternate-Protocol
X-B3-Traceid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-Rule
Cache-Status
X-Amzn-RequestId
X-Hp-Webp
X-Amz-Apigw-Id
X-Erf-Bev-Bev-Is-Generated
X-Content-Options
X-Erf-Bev-Bev
Surrogate-Key
X-Akamai-Edgescape
Cache-Tag
Refresh
DC
X-Content-Security-Policy-Report-Only
X-AOL-HN
X-Instance
X-Forwarded-Host
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Tumblr-Pixel-0
X-Content-Powered-By
X-Tumblr-User
X-Tumblr-Pixel
X-Debug-Info
Access-Control-Allow-Method
X-Cluster
X-Varnish-Grace
X-Framework
X-TA-CDN-Provider
X-PHP-Backend
X-Jobs
MS-CV
X-FW-Server
X-FW-Static
X-FB-Debug
X-FW-Serve
X-FW-Hash
X-App-Environment
Fastcgi-Useragent
X-FW-Type
X-Page-Id
Tracecode
X-Request-Guid
Source
X-App-Server
X-Esi
X-B
Frame-Options
X-Cache-Operation
Host
Actual-Object-TTL
X-Mobile-URL
X-Cache-Key
X-Acc-Meta-Resource-Type
X-Cache-TTL
X-Hostname
X-Seen-By
Cleartype
X-Geo-Country
X-Cache-Control
X-Signature
X-B-Cache
X-Cached-By
X-Host-Name
X-BCube-Filmed-By
X-Git-Hash
Accept-CH-Lifetime
X-TT
X-Amz-Replication-Status
X-Varnish-Backend
X-Mobile
Upgrade-Insecure-Requests
X-Response-Served-From
X-Pad
NGB
NR-ENABLED
X-Adobe-Loc
X-Adobe-Content
Liferay-Portal
WPE-Backend
X-TT-TIMESTAMP
X-WebKit-CSP-Report-Only
Eomportal-Instance
Ms-Operation-Id
X-RemovedCookies
Payment
X-Status
X-RTag
From-Origin
Filters
X-ProcessESI
Cache-Tv-Group
GEO-INFO
X-ATG-Version
X-Drupal-Cache-Tags
X-TX-ID
X-Handled-By
Webserver
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Cache-Remote
X-GeoIP
X-UA-Device-Type
X-RequestSource
X-Cacheable-TTL
X-FW-Dynamic
X-WA-Info
X-Cache-TTL-Remaining
X-Origin-Server
X-Daa-Tunnel
X-Webkit-CSP
X-EdgeConnect-Cache-Status
X-Content-Age
Xserver
X-Cache-Action
X-Edge-Location
X-Storage
X-Hyper-Cache
Viewport
X-Wix-Request-Id
X-Ratelimit-Reset
X-Contextid
X-Presslabs-Stats
Datacenter
X-PressLabs-Stats
X-Region
Version
X-CF-Powered-By
X-Accel-Buffering
X-Varnish-Hostname
PageSpeed
X-Oneagent-Js-Injection
Ohc-File-Size
X-HS-Cache-Config
Host-Header
Cache
X-Akamai-Transformed
X-Element-Page-Cache
X-Path-Route
X-ES-SERVER
Meta-Geo
X-RN-RSRV
X-Cache-Var
X-Cache-NE
Load-Balancing
X-Cache-Var-Map
S-Cnection
X-Varnish-Server
X-Cache-Server
X-IP
X-From
X-Yottaa-Metrics
X-Upstream-Proxy
Cache-Tags
Cache-Name
X-Yottaa-Optimizations
X-TNCMS
X-Time-Microsecs
X-Tumblr-Pixel-3
X-Via-Fastly
X-Viewer-Country
X-Section
X-R9-Blue-Green-Version
X-PERF
X-Loop
X-NCache
X-Origin-Response-Time
X-Cache-Config
Ec-Rule-Version
Rt-Fastcgi-Cache
Decoy-Debug-TTL
Decoy-Debug-Status
Cache-Hits
Decoy-Debug-Key
X-Access
X-Akamai-Request-ID
X-Proto
X-Cache-Enabled
X-CS
X-Cluster-Node
X-ApacheServer
X-Proxy
X-Akamai-Request-ID2
Vix-Hermes-Req-Id
X-NewRelic-App-Data
X-PCL
X-Origin
X-Hit
X-Format
X-OCL
X-Proxy-Build
X-Upgrade-Enabled
X-Trace-Id
S-Rt
X-Rule
X-FC-Vary-Parameters
Azure-InstanceId
X-Cache-Grace
X-Cache-Time
X-Backend-TTL
DB-Nickname
Selected-Fe
X-CCM
X-Drupal-Cache-Contexts
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
X-Upstream-CT
X-Timing-Wait
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Upstream-HT
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
Ohc-Cache-HIT
Webcakes-App-Version
TWC-GeoIP-Country
X-Origin-Hint
X-Xfnlog-Site
Property-Id
Mn-Server-Ip
TWC-Connection-Speed
TWC-Device-Class
X-Web-Node
X-Www-Served-By
X-Varnish-Cache-Hits
Country
X-Cache-Host
X-Backend-Name
X-EIG-Tracking-Id
X-Debug-Cache
X-UnsetCookies
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Locale
X-Site-Version
X-JoinUs
X-Human
X-Hosted-By
X-Generated
X-Labrador-Cache-Channel
Cache-Key
Server-Info
X-FireWall-Port
X-Device-Type
Release
DSUID
Time
X-FW-Version
X-Vgn-Hpd-Reason
X-VCT
X-Rendered-As
X-Varnish-Hits
X-Ua
X-S
Now
X-OVcl
X-OVcl-Cache
X-Real-IP
Hostname
OT-Force-Account-Verify
X-Litespeed-Cache
Access-Control-Request-Headers
ServedBy
X-NGENIX-Cache
Fastcgi-X-Cache-Version
X-Pubstack
X-VG-TLSProxy
X-Redis-Cache
Origin-Cache-Control
X-DataStream-Cache-Status
Origin-Edge-Control
X-SS-Set-Cookie
L5d-Success-Class
X-XRDS-LOCATION
Accept-Language
Cteonnt-Length
X-VG-WebCache
X-FB-TRIP-ID
X-Webkit-Csp
Origin
NtCoent-Length
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-HS-Combine-CSS
X-Alternate-Cache-Key
X-App-Version
X-APP-VERSION
SRV
Fastly-SSL
Machine
X-Tb
X-Origin-CC
X-Origin-TTL
X-CSRF-TOKEN
X-Parent-Response-Time
X-Tt-Trace-Tag
X-Cluster-Name
X-Ttl
X-UUID
X-Environment-Context
X-Load-Cache
X-No-Session
X-GoCache-CacheStatus
X-NC
X-GEO
X-L-Path
X-Rocket-Nginx-Bypass
X-ECACHE
IBM-Web2-Location
X-ServerID
Nel
X-B3-Spanid
X-Soup
X-Guploader-Uploadid
X-B3-Parentspanid
Mime-Version
X-Nginx-Cache
X-Uri
NGX
X-CACHE-KEY
X-Is-Bot
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
Proxy-Connection
X-Magnolia-Registration
ServerName
Akamai-GRN
X-Mode
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
A
Apple-News-Services-Handled
X-Twitter-Response-Tags
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-B-Cookie
X-VG-WebServer
X-Application
Xc-Version
X-A-Wwc
X-Accel-Expires-Debug
X-AIR-PT
X-Node-Id
X-D
X-ARC
X-Aed
X-A-Dcw
X-Connection-Hash
X-MServer
X-A-Dam
Fly-Request-Id
X-Developer
X-DPWN-IS-SECURE
GEO-REGION-INFO
Fly-Cache
Cross-Origin-Window-Policy
Rt-Proxy-Cache
Content-Style-Type
Rendered-Blocks
X-Rewrite-Enabled
X-Request-UUID
MD5-Digest
Mobile-Detection-Method
Node
Odigeo-Trace-Id
X-G
Meta-Geo-Continent
X-PAYTM-SRV-ID
X-External-Request-Id
Memcached
X-Region-Sid
Content-Script-Type
T-Server
X-Instart-Info
X-A-Ccd
X-Destination
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Server-Time
X-Transaction
X-Date
X-SRCache-Key
Apple-News-Services-Host
Arc-Country
X-ScT
Viewtype
X-Rojux
BehaviorPad-Version
Cache-Prefix
VivaBuild
X-A
X-S-Cookie
X-Detected-As
AsisCache
X-Trv-Group
X-A-Dgt
X-Generated-By
X-B3-SpanId
Request-Time
X-LJ-Flow-ID
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Ruxit-Js-Agent
Backend-Name
X-VWS-Id
X-AWS-Id
X-Fastly-Cache
Fastly-Soc-X-Request-Id
X-Origin-Expires
We-Hiring
X-Release
Mail-Subject
X-Edge-Server
X-Origin-Date
Cdn-Host
CF-IPCountry
Request-EU
Request-Country
X-Azure-Ref-OriginShield
X-Azure-Ref
Section-Io-Cache
X-Cache-Bucket
X-Cdn-Srv
Locale
X-Developers
X-S-Maxage
X-Cms-Context
N-Cache
IsBot
Cdn-Request-Time
X-Dc
X-SVT-ORM-VERSION
X-VC-Cache
X-Hl-Ver
X-Worker
X-Up
X-Urbn-Context-Path
X-Urbn-Site-Id
X-SIPLIST1
X-SVT-ORM-RULES
X-Request-Time
X-Cdn-Forward
User-Cache-Control
X-Core-Mission
X-Clara-WADP
X-We-Are-Hiring
X-Cdn-Origin
X-Compress-Hint
X-Cache-Info
X-VServer
X-WADP-Cache
X-Clientip
X-Wikidot-Static-Cache
X-App-Name
X-Var-Ttl
W
Uber-Trace-Id
Thinkindot-Control
True-Client-Country-4JS
X-Auto-Login
X-CUA
X-Block-Status
X-C
X-Bip
X-BBXSRF
X-Backend-Host
X-Backend-Url
X-Wikidot-Backend
X-Distributor
X-Nginx-Cache-Key
X-Policy
X-Qloud-Router
X-Method
X-Matched-Rule
Thinkindot-CacheControl-Type
X-Swa-Ws
X-RateLimit-Limit-Second
X-Sn-Servicetimems
X-ServiceProvider
X-Service
X-Reboot
X-Skip-Cache
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Location
X-Level-Front-Cache
X-ElasticPress-Search
X-Thinkindot-L3
X-GDPR
X-TrackingId
X-Server-IP
X-UA
X-Distil-CS
X-Gen-Mode
X-Thanos
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Hnp-Log
X-Geo-Header
X-Generated-On
X-Generation-Time
X-Device-Os
X-RateLimit-Remaining-Second
L
Pramga
AKAMAI
Content-Disposition
CDCHOST
Magicmarker
RNT-Machine
Thinkindot-CacheControl
Heartbleed
Fastly-SWR
Esi-Enabled
Countrycode
Fastly-SIE
Gh-Request-Id
Server-Int
RNT-Time
X-Microcachable
X-Request-Start
X-Request-URI
X-SayCDN-TTL
X-JWT-State
Adler-Geo
X-Say-TTL
X-Say-Cacheable
Cache-Provider
X-LI-Proto
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-GeoIP-City
X-Internal-Host
X-MSEdge-Features
X-MSEdge-Flight
X-Proxy-Upstream
X-PHP-Host
X-Org
X-Old-Content-Length
X-Is-Gdpr
X-Platform-Server
X-Via-CDN
X-Debug-Cookies
X-Debug-Log
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-ProxyCache-Status
X-Debug-Cache-Expiry
X-Dispatch
X-Eu-Site
X-NX-Host
X-Proxy-Cache-Status
X-Irp-Debug
X-Hash
X-ProxyCache-Key
X-Generated-In
X-CGP
X-BYPASS-REASON
Ha-Gx-Prefs
HA-Ipaddr
X-User
X-WebServer
X-Variation
X-Webstats-RespID
Kp-EeAlive
Pagetype
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
X-Reqid
Served-By
Server-Host
X-Has-Esi
X-Owner
X-Cache-FS-Status
Platform
Is-Eu
X-Cache-Id
PFcat
Memory
X-Epic-Correlation-Id
Server-ID
X-Backend-State
V-Age
X-Fetched-On
Web-Mar-Node
X-Amz-Meta-Cache-Control
Srv
X-COUNTRY
X-Key
X-Dispatcher-Server
X-SD-PageType
X-ABtesting
SD-X-WS
Resin-Trace
X-Servername
X-Flog
X-Hello
X-Unique-ID
X-Info
X-Nc
X-Lb-Id
X-URL
SS
X-FPC
X-NWS-UUID-VERIFY
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Geo
X-Wa
X-Response-By
REQUESTUUID
X-Be
X-Zipkin-Id
X-RateLimit-Reset
X-Routing-Service
X-IPS-LoggedIn
X-Proxied
X-DC
X-Svr
X-Servedbyhost
X-Cache-URL
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Country-Code
X-Ratelimit-Limit
Cache-Cookie-Set-Lfrom
X-Page-Type
X-Instart-Isnd
X-Dynatrace-Js-Agent
X-Datadome
X-Processor
UCS
X-Cache-Backend
X-Scheme
X-MP-GENERATED-AT
CACHE
X-NodeID
X-Pjax-Url
X-VCL-Version
XServer
X-SRV
X-SN
X-Logtrace-Id
Powered-By-ChinaCache
Ajk
Group
Dynatrace
X-CDN-Forward
Proxy-Firewall
X-Varnish-Beresp-Ttl
X-Oss-Object-Type
X-Oss-Storage-Class
X-HTML-Minification-Powered-By
X-Oracle-Dms-Rid
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
ProcessTime
X-Oss-Server-Time
Powered-By
X-Ftr-Request-Id
X-ZONE
PICS-Label
X-HS-Status
SN
X-Server-W
X-Tb-Optimization-Total-Bytes-Saved
Cache-Host
X-Zone
X-Dynatrace
X-Grey
X-Cache-Category-Id
X-Newrelic-Synthetics
X-GRACE
X-Varnish-Beresp-Grace
X-Source
X-Varnish-Beresp-Status
X-EC-Lua
Ttl
X-Pf-Uncompressing
X-Via-Ucdn
X-Ms-Request-Id
X-Ms-Version
X-TH-Server
Geoip-City
X-APP
GeoIp-Country-Code
X-Ratelimit-Remaining
X-FORWARDED-FOR
Fastly-Backend-Name
Geoip-Latitude
X-Varnish-Beresp-TTL
X-LiteSpeed-Cache-Control
X-Sucuri-Id
X-PF-Uncompressing
GeoIP-Country-Code
GeoIP-City
Lfy
X-Session-Fingerprint
GeoIP-Latitude
X-NODE
X-Agile-Age
X-Cache-Debug
X-Agile-Id
X-Ftr-Cache-Host
Cdn
GW-Server
X-Agile
MIME-Version
X-Check-Cacheable
Environment
LB
X-LAGOON
X-Tt-Trace-Host
Pics-Label
X-Fastly-Country-Code
X-Bc
X-RCS-CacheZone
Amp-Access-Control-Allow-Source-Origin
X-7Graus-Varnish-Cache-Control
X-Edge
CF-Cached-On
X-Aicache-OS
X-7Graus-Varnish-XKeys
X-Logging-Id
X-Secret
X-Gannett-Site-Version
X-Varnish-Url
X-BC
X-Cache-Miss-From
M-TraceId
WZWS-RAY
X-Sedo-Request-Id
Cf-Ipcountry
WWW
X-Ftr-Realm
X-Ftr-Dc
X-Ftr-Balancer
X-CSRF-Token
X-Ftr-Backend
X-Ftr-Backend-Server
Requestid
On-Server
X-Mid
X-CDN-Cache
X-Vcl-Version
X-PJAX-URL
X-Varnish-Cacheable
Ohc-Response-Time
X-Akamai-SSL-Client-Sid
X-Core-Value
X-UPSTREAM-Address
X-Varnish-Ttl
X-GeoIP-Country-Code
User-Agent
X-MCACHE
DataCenter
X-Cache-Ttl
X-Fastly-Backend-Reqs
X-Cache-Tag
X-Sucuri-ID
X-AK-Request-ID
Cdnsip
Inserted-Into-Cache-At
X-Litespeed-Cache-Control
Cdncip
Lb
X-Unique-Id
Tcn
X-BE
X-TT-LOGID
X-RSL
SID
X-Action
X-DI
X-DB
URI
CDN
X-RPM
X-Proxy-Cacherz
X-RPS
X-DW
X-NU-AKA-ACS-Version
X-Sucuri-Cache
X-DSS
Xkeyrz
X-Vdms-Version
HostName
X-NGINX-Cache
X-Sigma-Backend
X-Swift-Error
X-WA
X-Sigma
X-ServedByHost
X-Rocket-Build-Number
X-Render-Time
Who
X-Crawler
Host-ID
RequestUuid
X-Fstrz
X-Correlation-ID
Is-Session-Tracking
Warning
X-Shopify-Generated-Cart-Token
Get-Access-Time
X-Fpc
X-LB-ID
X-Flow-Id
X-Page-Impression-Id
X-Planisys-CDN-TTL
X-Zalando-Child-Request-Id
X-WR-MODIFICATION
Xkeypdq
Pragrma
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Fastly-Cache-Hits
X-Micro-Cache
X-Via-NSCOPI
X-Refresh
X-HostName
Server-Id
X-Cdn-Request-ID
X-TIME
FNAC-ModuleRouting
X-SB
X-MID
X-FE
X-VC
Correlation-Id
X-Nananana
X-ServerName
X-Cf-Powered-By
Processtime
X-ECache
X-LiteSpeed-Tag
HitType
X-Bug-Bounty
X-Trafficlayer-App-Version
TTL
X-MiniProfiler-Ids
X-Newrelic-App-Data
X-Gdpr
X-Via-SSL
Xet-Cookie
X-Via-Edge
X-Served-From
X-Fe
RequestId
Cneonction
X-Dw-Trace-Id
V-Cache
X-Request-URL
X-Gen-Id