Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-CDN
X-Envoy-Upstream-Service-Time
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-UA-Device
X-Server
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Cdn
X-Server-Id
X-Amz-Version-Id
Feature-Policy
X-WebKit-CSP
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
X-Cloud-Trace-Context
Report-To
X-Host
X-Response-Time
X-Node
X-Backend-Server
Content-Location
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
X-Origin-Upstream-Status
X-Rack-Cache
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
Allow
X-HW
Rating
X-DataDome
X-Country
X-Country-Code
X-FTR-Request-ID
X-Url
X-TTL
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-CST
Verso
RTSS
X-Px
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Pinterest-Generated-By
X-Ah-Environment
Service-Worker-Allowed
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-D2id
X-Cdn-Fetch
X-Exp-Variant
X-Use-Magma
X-Exp-Id
Display
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Accept-Ch-Lifetime
X-Vcap-Request-Id
X-Version
X-B3-TraceId
SPRequestGuid
X-SharePointHealthScore
X-Akam-SW-Version
MS-Author-Via
X-RateLimit-Remaining
TCN
X-GitHub-Request-Id
X-Navigation-Version
X-Abt-Application-Version
X-Powered-CMS
Accept-CH
X-Upstream
X-Forwarded-Proto
X-Shard
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
SPIisLatency
SPRequestDuration
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-ATIME
Fastly-Restarts
Charset
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Server-Side-Encryption
X-ESI
X-Aspnetmvc-Version
X-Trace
X-Amz-Rid
X-Server-Name
Nginx-Cache
Realpath
X-Debug
X-XRDS-Location
Front-End-Https
AR-Request-ID
X-Cached
X-Ezoic-Cdn
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Shield-Request-Id
X-Goog-Metageneration
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-NF-Request-ID
Access-Control-Request-Method
X-MSEdge-Ref
Paypal-Debug-Id
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
Arr-Disable-Session-Affinity
Pagespeed
Content-MD5
ServerID
X-Id
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-Goog-Storage-Class
DynaTrace
MicrosoftSharePointTeamServices
S
X-T
X-Fastly-Request-ID
X-DynaTrace-JS-Agent
X-Via-JSL
X-Client-IP
X-Amz-Meta-S3cmd-Attrs
X-VCache
X-Vcache
X-Content-Type
X-Varnish-Age
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-SERVER
X-Correlation-Id
X-Grace
Accept-Ch
X-N
Fastcgi-Cache
X-Frontend
X-FTR-Cache-Host
Powered
X-RateLimit-Limit
X-Content-Digest
PB-RID
X-Mobile-Rewrite
X-Accel-Expires
Arc-Version
PB-PID
X-FastCGI-Cache
X-Forwarded-For
X-Ser
X-DIS-Request-ID
X-Logged-In
Server-Name
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-HS-Content-Id
X-HS-Hub-Id
X-GUploader-UploadID
TP-L2-Cache
TP-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Zen-Fury
X-Fastcgi-Cache
X-B3-Traceid
X-Request-Processing-Time
X-Request-Received
X-Cache-Age
Edge-Cache-Tag
X-Kinsta-Cache
X-Esi
X-Type
X-LB-Cache
FilterID
X-Rid
X-Revision
X-Az
X-IPLB-Instance
X-Analytics
X-User-Agent
X-AppVersion
X-Activity-Id
Backend-Timing
Healthy
X-Node-Name
X-Whom
Retry-After
X-F-Cache
X-Time
X-Srv
X-Cache-2
X-NWS-LOG-UUID
X-Cache-Hit
Pinterest-Version
Accept-Charset
X-Pinterest-Rid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Amzn-RequestId
Alternate-Protocol
X-Acc-Meta-Resource-Type
X-Amz-Apigw-Id
X-Cache-Rule
X-AOL-HN
Cache-Status
Server-Node
X-Content-Options
Surrogate-Key
X-Jobs
X-Cluster
X-Akamai-Edgescape
X-Content-Powered-By
DC
Refresh
Access-Control-Allow-Method
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FB-Debug
X-Forwarded-Host
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-FW-Type
X-Page-Id
X-FW-Static
X-Framework
X-Instance
X-Debug-Info
X-PHP-Backend
X-Varnish-Grace
X-Hp-Webp
X-TA-CDN-Provider
Source
MS-CV
X-Request-Guid
X-App-Environment
X-B
X-App-Server
Frame-Options
Fastcgi-Useragent
X-Hostname
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Host
Cleartype
Cache-Tag
Tracecode
X-Signature
X-B-Cache
X-Cache-Key
X-Cache-Operation
Actual-Object-TTL
X-Mobile-URL
X-BCube-Filmed-By
X-Geo-Country
X-Cached-By
X-Cache-Control
X-Varnish-Backend
X-Seen-By
X-TT
X-Amz-Replication-Status
Liferay-Portal
X-Host-Name
X-Mobile
Xserver
X-Ratelimit-Reset
NGB
X-Response-Served-From
X-Git-Hash
X-Pad
X-Adobe-Loc
Upgrade-Insecure-Requests
X-Adobe-Content
Payment
X-ATG-Version
X-Cache-TTL
Webserver
Eomportal-Instance
X-WA-Info
Filters
X-FW-Dynamic
X-TT-TIMESTAMP
Cache-Tv-Group
X-WebKit-CSP-Report-Only
X-ProcessESI
X-RemovedCookies
X-Status
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-PressLabs-Stats
From-Origin
Ms-Operation-Id
WPE-Backend
X-Cacheable-TTL
X-GeoIP
X-Handled-By
X-TX-ID
X-Drupal-Cache-Tags
X-RTag
X-RequestSource
X-UA-Device-Type
X-Cache-Remote
GEO-INFO
X-Cache-TTL-Remaining
X-DataStream-Cache-Status
X-Content-Age
Datacenter
X-Webkit-CSP
X-Edge-Location
X-Origin-Server
X-Cache-Action
X-Storage
X-Daa-Tunnel
Viewport
X-Varnish-Hostname
X-Accel-Buffering
X-Upstream-Proxy
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
X-Contextid
NR-ENABLED
X-Region
Cache
X-CF-Powered-By
X-Wix-Request-Id
Host-Header
PageSpeed
X-Ua
Accept-CH-Lifetime
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-Server
X-Akamai-Transformed
X-Cache-Var-Map
X-Path-Route
Meta-Geo
Load-Balancing
X-ES-SERVER
SRV
X-RN-RSRV
X-Cache-Var
X-IP
Selected-Fe
X-Timing-Wait
X-From
X-JoinUs
S-Cnection
X-Proxy-Build
X-Backend-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Loop
X-Generated
X-TNCMS
X-Proto
X-Akamai-Request-ID2
X-Proxy
X-CS
Cache-Name
Ohc-File-Size
X-Presslabs-Stats
X-Origin-Response-Time
X-FC-Vary-Parameters
Cache-Tags
X-Rule
X-Hit
X-Section
DB-Nickname
X-Time-Microsecs
X-Via-Fastly
Decoy-Debug-TTL
X-Labrador-Cache-Channel
X-Origin
X-NCache
X-Akamai-Request-ID
X-Access
Decoy-Debug-Status
X-Cache-Config
X-Cache-Enabled
Ec-Rule-Version
Cache-Hits
Decoy-Debug-Key
X-Tumblr-Pixel-3
X-Upgrade-Enabled
X-Cluster-Node
Now
Vix-Hermes-Req-Id
Rt-Fastcgi-Cache
X-Varnish-Cache-Hits
Property-Id
TWC-Privacy
X-Backend-TTL
X-Xfnlog-Site
X-Cache-NE
X-Cache-Host
Mn-Server-Ip
X-Upstream-HT
X-ApacheServer
X-Viewer-Country
Azure-SlotName
Azure-Version
Webcakes-App-Name
Cache-Key
Azure-SiteName
Azure-RegionName
Webcakes-Region
Webcakes-App-Version
Azure-InstanceId
Country
X-Upstream-CT
X-R9-Blue-Green-Version
TWC-Connection-Speed
X-Hosted-By
TWC-Device-Class
X-OCL
X-Origin-Hint
S-Rt
X-PERF
X-PCL
X-Web-Node
X-FW-Version
X-Trace-Id
X-UnsetCookies
X-CCM
X-Cache-Time
TWC-Locale-Group
TWC-GeoIP-Country
X-EIG-Tracking-Id
TWC-GeoIP-LatLong
X-Format
X-Www-Served-By
X-Cache-Server
X-Site-Version
X-Human
X-Locale
X-S
X-Varnish-Hits
X-FireWall-Port
X-Debug-Cache
X-Device-Type
X-Drupal-Cache-Contexts
DSUID
Server-Info
Release
OT-Force-Account-Verify
X-Rendered-As
X-Cache-Grace
X-NewRelic-App-Data
Time
X-Vgn-Hpd-Reason
Ohc-Cache-HIT
X-VCT
X-HS-Cache-Config
X-VG-TLSProxy
X-Sorting-Hat-PodId
X-ShardId
X-APP-VERSION
X-ShopId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
X-OVcl
Fastcgi-X-Cache-Version
X-VG-WebCache
X-OVcl-Cache
ServedBy
Hostname
X-Real-IP
X-Server-ID
X-FB-TRIP-ID
X-Redis-Cache
X-Oracle-Dms-Rid
Cteonnt-Length
X-XRDS-LOCATION
Accept-Language
Origin-Edge-Control
Access-Control-Request-Headers
Origin-Cache-Control
Origin
X-Tb
Machine
X-Nginx-Cache
X-Pubstack
L5d-Success-Class
X-DataStream-MidMile-RTT
X-B3-Spanid
X-DataStream-Origin-MEX-Latency
NtCoent-Length
X-L-Path
X-GEO
X-Cluster-Name
X-Environment-Context
X-No-Session
X-CSRF-TOKEN
X-Mode
Fastly-SSL
X-Element-Page-Cache
X-NGENIX-Cache
X-Magnolia-Registration
X-App-Version
X-NC
X-Tt-Trace-Tag
X-LJ-Flow-ID
Odigeo-Trace-Id
Mime-Version
X-Request-Time
X-VWS-Id
X-UUID
X-Generated-By
X-SS-Set-Cookie
IBM-Web2-Location
X-AWS-Id
X-Endurance-Cache-Level
X-Amzn-Remapped-Content-Length
Nel
X-ECACHE
X-B3-Parentspanid
X-Rocket-Nginx-Bypass
X-GoCache-CacheStatus
X-Load-Cache
X-ServerID
X-CACHE-KEY
Akamai-GRN
X-Parent-Response-Time
We-Hiring
Mail-Subject
Request-Time
X-HS-Combine-CSS
X-Origin-CC
X-Oneagent-Js-Injection
X-Origin-TTL
X-Soup
Cdn-Host
Cdn-Request-Time
Cache-Prefix
Meta-Geo-Continent
AsisCache
BehaviorPad-Version
Content-Script-Type
Content-Style-Type
Memcached
GEO-REGION-INFO
Fly-Request-Id
Arc-Country
Cross-Origin-Window-Policy
MD5-Digest
Apple-News-Services-Host
X-PAYTM-SRV-ID
X-Origin-Expires
X-Node-Id
X-MServer
X-Worker
Xc-Version
X-Origin-Date
X-Org
Mobile-Detection-Method
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
A
NGX
Apple-News-Services-Request-Url
X-Is-Bot
X-CF-Lambda-Version
X-Connection-Hash
X-G
X-CF-Lambda-Fn
X-B-Cookie
X-Application
X-ARC
X-D
X-Date
X-Edge-Server
X-External-Request-Id
X-DPWN-IS-SECURE
X-Developer
X-Destination
X-Detected-As
X-AIR-PT
X-Aed
X-Instart-Info
T-Server
Viewtype
Server-ID
Rt-Proxy-Cache
Proxy-Connection
Rendered-Blocks
VivaBuild
X-A
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dgt
X-A-Dcw
X-A-Ccd
X-A-Dam
Node
Fly-Cache
X-Twitter-Response-Tags
X-Request-UUID
CF-IPCountry
X-ScT
X-Transaction
X-VG-WebServer
X-Rewrite-Enabled
X-S-Maxage
X-S-Cookie
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Rojux
X-Region-Sid
X-Trv-Group
X-SRCache-Key
X-Server-Time
X-Urbn-Context-Path
X-DC
X-Uri
ServerName
Locale
Backend-Name
X-Urbn-Site-Id
Gh-Request-Id
X-Bip
Uber-Trace-Id
IsBot
X-VC-Cache
N-Cache
X-SVT-ORM-RULES
X-Developers
X-Cache-Bucket
X-ProxyCache-Status
X-ProxyCache-Key
X-Fastly-Cache
Countrycode
X-Distributor
Fastly-Soc-X-Request-Id
X-Distil-CS
X-BYPASS-REASON
Request-EU
X-Core-Mission
X-SIPLIST1
X-IN-APIGATEWAY
X-Cms-Context
X-Clientip
X-Hl-Ver
X-TrackingId
X-IN-APIGATEWAYSSL
X-SVT-ORM-VERSION
Section-Io-Cache
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Cdn-Srv
X-Up
X-Auto-Login
X-Thanos
Request-Country
X-Release
X-Request-Start
X-WebServer
User-Cache-Control
X-Via-CDN
V-Age
X-Compress-Hint
X-Owner
X-Clara-WADP
W
X-MSEdge-Flight
X-CGP
X-Rebelmouse-Surrogate-Control
X-Hnp-Log
Thinkindot-Control
X-Skip-Cache
X-CUA
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Block-Status
Server-Int
X-Routing-Service
X-GDPR
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Policy
True-Client-Country-4JS
X-Cache-FS-Status
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Platform-Server
X-Generation-Time
X-Geo-Header
X-Generated-In
X-Backend-Host
X-Generated-On
X-BBXSRF
X-Backend-Url
X-C
X-GeoIP-City
X-Hash
X-Thinkindot-L3
X-ABtesting
X-Gen-Mode
RNT-Machine
X-PHP-Host
X-Amz-Meta-Cache-Control
X-Reboot
X-App-Name
X-Hello
X-We-Are-Hiring
X-Cache-Id
RNT-Time
Is-Eu
Esi-Enabled
X-Li-Pop
X-Method
X-Debug-Cache-Store
X-VServer
X-Li-Fabric
L
X-RateLimit-Limit-Second
X-Nginx-Cache-Key
HA-Ipaddr
Ha-Gx-Prefs
X-Fetched-On
X-WADP-Cache
Fastly-SIE
Fastly-SWR
X-Matched-Rule
X-Location
X-LI-Proto
AKAMAI
X-LI-UUID
Magicmarker
Adler-Geo
X-MSEdge-Features
X-B3-SpanId
X-Proxied
Platform
X-Irp-Debug
X-Old-Content-Length
CDCHOST
X-Flog
X-Rebelmouse-Cache-Control
Content-Disposition
X-Zipkin-Id
X-Guploader-Uploadid
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Eu-Site
X-RateLimit-Remaining-Second
X-Variation
PFcat
X-Device-Os
X-Level-Front-Cache
X-Epic-Correlation-Id
X-Microcachable
X-Webstats-RespID
X-Sn-Servicetimems
X-Server-IP
X-Debug-Log
X-Debug-Cookies
X-Dispatch
X-Dispatcher-Server
X-ServiceProvider
X-Cache-Info
X-Cdn-Origin
X-Qloud-Router
X-ElasticPress-Search
Wxu-Next-Commit
X-Internal-Host
X-Request-URI
X-User
SD-X-WS
SS
Server-Host
Pramga
X-Key
X-Response-By
X-Servername
Heartbleed
Kp-EeAlive
Pagetype
X-NX-Host
X-Reqid
Served-By
X-Backend-State
X-SD-PageType
Wxu-Next-Region
X-Swa-Ws
Web-Mar-Node
Wxu-Next-Hostname
X-Unique-ID
X-Cdn-Forward
X-IPS-LoggedIn
X-SayCDN-TTL
Cache-Cookie-Set-Lfrom
X-Say-TTL
Memory
Country-Code
Cache-Cookie-Set-Idcheck
X-Say-Cacheable
Resin-Trace
Cache-Cookie-Set-From
X-Var-Ttl
X-FPC
X-Ratelimit-Limit
X-Page-Type
X-Dc
X-MP-GENERATED-AT
X-Service
X-Nc
Cache-Provider
X-Is-Gdpr
X-JWT-State
X-Wa
X-Has-Esi
UCS
REQUESTUUID
X-Tec-Api-Root
X-Tec-Api-Origin
X-Servedbyhost
Powered-By-ChinaCache
X-Tec-Api-Version
X-Lb-Id
ProcessTime
X-RateLimit-Reset
X-Geo
X-Logtrace-Id
Ajk
X-NWS-UUID-VERIFY
X-Datadome
X-HTML-Minification-Powered-By
Proxy-Firewall
X-Cache-Backend
X-Info
Srv
X-Be
CACHE
X-Litespeed-Cache
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Pjax-Url
X-VCL-Version
X-UA
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-URL
X-Svr
X-Processor
X-SRV
SN
Powered-By
X-Cache-Category-Id
X-Instart-Isnd
X-Grey
X-Ruxit-Js-Agent
X-COUNTRY
X-CDN-Forward
X-Varnish-Beresp-Ttl
X-HS-Status
X-SN
Dynatrace
X-Scheme
PICS-Label
X-Webkit-Csp
X-ZONE
X-URL
X-Ftr-Request-Id
Fastly-Backend-Name
X-TH-Server
X-Ttl
X-Dynatrace
X-Zone
Group
GeoIP-City
X-NodeID
X-Varnish-Beresp-Status
GeoIP-Latitude
GeoIP-Country-Code
X-Varnish-Beresp-Grace
X-GRACE
X-Source
X-SERVER-NAME
X-Pf-Uncompressing
X-RCS-CacheZone
X-Cache-Ttl
X-LiteSpeed-Cache-Control
X-EC-Lua
GW-Server
X-LAGOON
X-Server-W
X-Newrelic-Synthetics
Cache-Host
X-Varnish-Beresp-TTL
X-Secret
Cdn
Ttl
X-Dynatrace-Js-Agent
X-APP
X-Bc
LB
X-Gannett-Site-Version
X-Varnish-Url
X-PF-Uncompressing
X-NODE
X-Check-Cacheable
X-Sucuri-Id
X-Ftr-Cache-Host
X-Via-Ucdn
WZWS-RAY
CF-Cached-On
XServer
X-Ms-Version
X-Ms-Request-Id
GeoIp-Country-Code
Geoip-City
X-Tt-Trace-Host
Geoip-Latitude
On-Server
X-Ratelimit-Remaining
X-CDN-Cache
X-FORWARDED-FOR
X-Varnish-Cacheable
Environment
Pics-Label
X-Edge
X-Fastly-Country-Code
X-Aicache-OS
X-Cache-Debug
Lfy
X-Session-Fingerprint
X-GeoIP-Country-Code
User-Agent
X-BC
X-Trafficlayer-App-Scope
MIME-Version
X-Trafficlayer-App-Name
X-Agile
X-Agile-Age
Inserted-Into-Cache-At
WWW
X-Agile-Id
X-Akamai-SSL-Client-Sid
M-TraceId
X-CSRF-Token
X-Ftr-Backend
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Ftr-Realm
X-Ftr-Dc
Ohc-Response-Time
X-Mid
X-Vcl-Version
X-PJAX-URL
Requestid
X-NU-AKA-ACS-Version
X-BE
Cf-Ipcountry
X-MCACHE
SID
X-Varnish-Ttl
X-7Graus-Varnish-XKeys
X-Render-Time
X-7Graus-Varnish-Cache-Control
X-Logging-Id
X-Crawler
Who
X-UPSTREAM-Address
Amp-Access-Control-Allow-Source-Origin
X-Litespeed-Cache-Control
X-Sedo-Request-Id
URI
X-Cache-Miss-From
HostName
X-LB-ID
X-Fastly-Backend-Reqs
Lb
X-DSS
X-Action
X-DW
X-Cache-Tag
X-DB
X-DI
X-Proxy-Cacherz
X-RPM
X-RPS
X-FE
Xkeyrz
X-RSL
X-Micro-Cache
X-WR-MODIFICATION
X-Core-Value
RequestUuid
X-Served-From
X-Via-SSL
Host-ID
X-Via-Edge
X-WA
CDN
X-ServedByHost
X-Correlation-ID
X-Cf-Powered-By
DataCenter
X-NGINX-Cache
X-Flow-Id
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-Sucuri-ID
Xkeypdq
X-Nananana
Cdnsip
X-AK-Request-ID
X-Fastly-Cache-Hits
Cdncip
X-Fpc
X-Unique-Id
X-Newrelic-App-Data
X-Swift-Error
X-MID
X-Rocket-Build-Number
X-Sigma
Is-Session-Tracking
Get-Access-Time
X-VC
X-Sucuri-Cache
X-Vdms-Version
X-Sigma-Backend
X-TT-LOGID
X-SB
FNAC-ModuleRouting
X-TIME
Warning
X-Cdn-Request-ID
Cneonction
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Correlation-Id
X-Vct
X-Apw-Access-Object
X-Apw-Access-Token
X-Gen-Id
X-Shopify-Generated-Cart-Token
X-Fstrz
RequestId
X-Apw-Hits
TTL
X-Apw-Access-Action
X-Protected-By
X-Fe
X-ServerName
X-Bug-Bounty
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-Gdpr
HitType
X-Ecache
Xet-Cookie
X-Request-URL
Processtime
X-ECache
V-Cache