Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-CDN
X-Envoy-Upstream-Service-Time
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-UA-Device
X-Server
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Cdn
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
Feature-Policy
X-WebKit-CSP
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
X-Backend-Server
Content-Location
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
X-Origin-Upstream-Status
X-Rack-Cache
X-Ruxit-JS-Agent
Allow
X-ORACLE-DMS-RID
X-HW
X-DataDome
Rating
X-Country-Code
X-Country
X-FTR-Request-ID
X-Url
X-Clacks-Overhead
X-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-CST
Verso
RTSS
X-Px
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-Recruiting
X-VARITI-CCR
X-Mod-Pagespeed
Pinterest-Generated-By
X-Ah-Environment
Service-Worker-Allowed
X-Sol
X-Middleton-Response
Response
X-Middleton-Display
Display
X-Cdn-Fetch
X-D2id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
Accept-Ch-Lifetime
X-Akam-SW-Version
MS-Author-Via
Accept-CH
X-B3-TraceId
X-GitHub-Request-Id
TCN
X-Abt-Application-Version
X-Navigation-Version
X-RateLimit-Remaining
X-Powered-CMS
X-Upstream
X-Shard
X-Forwarded-Proto
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
SPIisLatency
SPRequestDuration
Ar-Sid
AR-PoweredBy
X-Amz-Server-Side-Encryption
AR-CACHE
AR-ATIME
Charset
Fastly-Restarts
X-XRDS-Location
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-ESI
X-Amz-Rid
X-Aspnetmvc-Version
Realpath
X-Trace
Nginx-Cache
X-Server-Name
X-Debug
Front-End-Https
AR-Request-ID
X-Cached
X-Ezoic-Cdn
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Shield-Request-Id
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
X-NF-Request-ID
Access-Control-Request-Method
X-MSEdge-Ref
Paypal-Debug-Id
X-FTR-Expires
X-Country-Code-Real
X-FTR-Cache-Status
Arr-Disable-Session-Affinity
Pagespeed
Content-MD5
ServerID
X-Id
X-Goog-Storage-Class
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
MicrosoftSharePointTeamServices
DynaTrace
S
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-Via-JSL
X-Client-IP
X-VCache
X-Vcache
X-Content-Type
X-DynaTrace-JS-Agent
X-Varnish-Age
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-SERVER
X-RateLimit-Limit
X-Frontend
X-Correlation-Id
X-N
Fastcgi-Cache
X-Grace
Powered
X-Content-Digest
X-FTR-Cache-Host
X-FastCGI-Cache
Arc-Version
X-Mobile-Rewrite
X-Accel-Expires
PB-PID
PB-RID
X-Ser
X-Forwarded-For
X-DIS-Request-ID
Server-Name
X-Logged-In
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
Accept-Ch
X-B3-Sampled
X-HS-Content-Id
X-HS-Hub-Id
X-GUploader-UploadID
X-Request-Handler-Origin-Region
X-Microsite
X-Zen-Fury
TP-Cache
X-Fastcgi-Cache
TP-L2-Cache
X-Request-Processing-Time
X-Request-Received
X-Cache-Age
Edge-Cache-Tag
X-Esi
FilterID
X-LB-Cache
X-Kinsta-Cache
X-Type
X-User-Agent
X-Rid
X-Analytics
Backend-Timing
X-AppVersion
X-Az
X-Revision
X-IPLB-Instance
X-Activity-Id
Healthy
X-Node-Name
Retry-After
X-Whom
X-Time
X-F-Cache
X-Srv
X-Cache-2
X-NWS-LOG-UUID
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Accept-Charset
Alternate-Protocol
X-Amzn-RequestId
X-Acc-Meta-Resource-Type
X-Amz-Apigw-Id
X-Cache-Rule
Server-Node
X-AOL-HN
Cache-Status
X-Content-Options
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Surrogate-Key
DC
Refresh
X-Cluster
X-Forwarded-Host
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
Access-Control-Allow-Method
X-FW-Hash
X-FW-Serve
X-FB-Debug
X-Tumblr-User
X-FW-Server
X-Tumblr-Pixel-0
X-Jobs
X-Instance
X-FW-Type
X-Tumblr-Pixel
X-FW-Static
X-Content-Powered-By
X-Page-Id
X-Debug-Info
X-Framework
Source
X-TA-CDN-Provider
X-Hp-Webp
X-Varnish-Grace
X-PHP-Backend
X-Request-Guid
X-App-Environment
MS-CV
X-App-Server
Fastcgi-Useragent
Frame-Options
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-B
X-Hostname
Cache-Tag
Cleartype
Tracecode
Host
X-Cache-Key
X-Signature
X-B-Cache
X-Cache-Operation
Actual-Object-TTL
X-Mobile-URL
X-BCube-Filmed-By
X-Geo-Country
X-Cached-By
X-Cache-Control
X-Varnish-Backend
X-Seen-By
X-Amz-Replication-Status
X-TT
Liferay-Portal
X-Host-Name
X-Mobile
X-Git-Hash
X-Ratelimit-Reset
X-Pad
X-Response-Served-From
NGB
Upgrade-Insecure-Requests
Payment
X-Adobe-Loc
X-Adobe-Content
X-ATG-Version
X-TT-TIMESTAMP
X-Status
X-Cache-TTL
X-WebKit-CSP-Report-Only
Eomportal-Instance
X-WA-Info
Webserver
X-FW-Dynamic
WPE-Backend
X-Tumblr-Pixel-1
Filters
Xserver
X-Tumblr-Pixel-2
Cache-Tv-Group
X-GeoIP
From-Origin
Ms-Operation-Id
X-Drupal-Cache-Tags
X-TX-ID
X-RTag
X-PressLabs-Stats
X-ProcessESI
X-Handled-By
X-RemovedCookies
X-RequestSource
X-Cacheable-TTL
X-UA-Device-Type
GEO-INFO
X-DataStream-Cache-Status
X-Cache-TTL-Remaining
X-Cache-Remote
X-Server-ID
X-Content-Age
X-Webkit-CSP
X-Edge-Location
X-Origin-Server
X-Daa-Tunnel
X-Storage
Datacenter
Viewport
Accept-CH-Lifetime
X-Cache-Action
X-Accel-Buffering
X-Upstream-Proxy
X-Varnish-Hostname
X-EdgeConnect-Cache-Status
X-Hyper-Cache
Version
X-Contextid
NR-ENABLED
X-Region
Cache
X-CF-Powered-By
X-Wix-Request-Id
PageSpeed
Host-Header
X-Ua
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Akamai-Transformed
X-Varnish-Server
X-Cache-Var
Load-Balancing
X-Cache-Var-Map
X-ES-SERVER
X-Path-Route
Meta-Geo
X-RN-RSRV
Selected-Fe
X-Proxy-Build
X-Timing-Wait
X-From
X-IP
S-Cnection
X-Akamai-Request-ID2
X-Cache-Config
Cache-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proto
X-Backend-Name
X-Proxy
Cache-Tags
X-JoinUs
X-CS
Vix-Hermes-Req-Id
X-Loop
X-Presslabs-Stats
X-TNCMS
X-Generated
Ohc-File-Size
Rt-Fastcgi-Cache
X-FC-Vary-Parameters
X-ApacheServer
SRV
X-Akamai-Request-ID
X-NCache
X-PERF
X-Access
X-Origin-Response-Time
X-Via-Fastly
Ec-Rule-Version
X-Cache-Enabled
X-Tumblr-Pixel-3
X-Rule
X-Time-Microsecs
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Section
Cache-Hits
X-Cluster-Node
X-Hit
X-Viewer-Country
TWC-GeoIP-LatLong
Mn-Server-Ip
TWC-GeoIP-Country
X-FW-Version
TWC-Device-Class
Property-Id
X-Hosted-By
Azure-SiteName
Azure-RegionName
TWC-Locale-Group
Azure-InstanceId
S-Rt
Azure-SlotName
DB-Nickname
Cache-Key
Azure-Version
TWC-Connection-Speed
X-Origin
X-Varnish-Cache-Hits
X-Upstream-HT
TWC-Privacy
X-Web-Node
X-Xfnlog-Site
X-Upstream-CT
X-Upgrade-Enabled
X-EIG-Tracking-Id
X-CCM
X-Trace-Id
X-R9-Blue-Green-Version
X-Cache-Grace
X-PCL
X-Backend-TTL
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Labrador-Cache-Channel
X-OCL
X-Format
X-Cache-Host
Country
X-Site-Version
X-Cache-Time
X-Drupal-Cache-Contexts
X-Device-Type
X-Www-Served-By
X-Cache-Server
X-Human
X-Locale
X-UnsetCookies
Now
X-Debug-Cache
Server-Info
X-Varnish-Hits
X-Cache-NE
DSUID
X-FireWall-Port
Release
OT-Force-Account-Verify
X-NewRelic-App-Data
Time
X-Rendered-As
X-S
X-Vgn-Hpd-Reason
X-VCT
Ohc-Cache-HIT
X-HS-Cache-Config
X-VG-TLSProxy
ServedBy
Hostname
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-VG-WebCache
X-Real-IP
X-OVcl
Fastcgi-X-Cache-Version
X-APP-VERSION
X-OVcl-Cache
X-FB-TRIP-ID
X-Redis-Cache
X-Oracle-Dms-Rid
Cteonnt-Length
Accept-Language
Machine
X-Pubstack
X-Tb
Origin
Access-Control-Request-Headers
L5d-Success-Class
Origin-Edge-Control
Origin-Cache-Control
X-Nginx-Cache
X-DataStream-Origin-MEX-Latency
X-B3-Spanid
X-DataStream-MidMile-RTT
X-CSRF-TOKEN
X-GEO
NtCoent-Length
X-L-Path
X-No-Session
X-NC
X-Environment-Context
X-Mode
Fastly-SSL
X-Cluster-Name
X-Element-Page-Cache
X-Tt-Trace-Tag
X-NGENIX-Cache
X-Magnolia-Registration
X-App-Version
X-LJ-Flow-ID
X-Generated-By
X-SS-Set-Cookie
X-Request-Time
X-UUID
Odigeo-Trace-Id
X-VWS-Id
X-AWS-Id
IBM-Web2-Location
Nel
X-Amzn-Remapped-Content-Length
X-B3-Parentspanid
X-Rocket-Nginx-Bypass
X-GoCache-CacheStatus
X-Load-Cache
X-ECACHE
Mime-Version
X-ServerID
X-Endurance-Cache-Level
X-XRDS-LOCATION
Akamai-GRN
X-Parent-Response-Time
X-CACHE-KEY
X-HS-Combine-CSS
Request-Time
We-Hiring
X-Origin-CC
X-Origin-TTL
X-Soup
Mail-Subject
X-Oneagent-Js-Injection
X-MServer
Fly-Cache
Arc-Country
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Apple-News-Services-Host
Memcached
MD5-Digest
GEO-REGION-INFO
Fly-Request-Id
AsisCache
Cache-Prefix
Content-Style-Type
Meta-Geo-Continent
Apple-News-Services-Parsed-Url
Cdn-Request-Time
NGX
Cross-Origin-Window-Policy
Content-Script-Type
Cdn-Host
A
BehaviorPad-Version
X-Application
X-PAYTM-SRV-ID
X-Origin-Expires
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-Origin-Date
X-Org
X-External-Request-Id
X-G
X-Instart-Info
X-Is-Bot
X-Rojux
X-S-Cookie
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-ScT
X-Server-Time
X-SRCache-Key
X-Transaction
X-Edge-Server
X-DPWN-IS-SECURE
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
VivaBuild
Viewtype
Node
Rendered-Blocks
Rt-Proxy-Cache
T-Server
X-A-Wwc
X-Aed
X-Date
X-D
X-Destination
X-Detected-As
X-Developer
X-Connection-Hash
X-CF-Lambda-Version
X-AIR-PT
X-ARC
X-B-Cookie
X-CF-Lambda-Fn
Mobile-Detection-Method
X-Accel-Expires-Debug
CF-IPCountry
Proxy-Connection
X-Urbn-Context-Path
ServerName
X-Urbn-Site-Id
Backend-Name
X-DC
Locale
X-Release
X-Uri
X-Core-Mission
N-Cache
X-S-Maxage
IsBot
X-Fastly-Cache
Countrycode
X-Hl-Ver
X-IN-APIGATEWAY
Fastly-Soc-X-Request-Id
Gh-Request-Id
X-Distil-CS
X-Cms-Context
X-Developers
X-Cdn-Srv
X-Azure-Ref-OriginShield
X-Bip
Request-EU
X-VC-Cache
Section-Io-Cache
X-Node-Id
Server-ID
X-Auto-Login
X-Azure-Ref
X-Up
Request-Country
Uber-Trace-Id
X-IN-APIGATEWAYSSL
X-Clientip
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-TrackingId
X-Cache-Bucket
X-Thanos
X-SIPLIST1
X-Via-CDN
User-Cache-Control
X-Sn-Servicetimems
X-CGP
X-Cdn-Origin
X-Thinkindot-L3
X-C
X-Clara-WADP
X-Cache-Info
X-Skip-Cache
X-CUA
X-Guploader-Uploadid
X-Debug-Cache-Expiry
X-Request-Start
X-BYPASS-REASON
X-ServiceProvider
X-Compress-Hint
X-VServer
X-Block-Status
X-App-Name
X-Proxied
X-Policy
X-ProxyCache-Key
X-ProxyCache-Status
X-Routing-Service
X-ABtesting
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-BBXSRF
X-WADP-Cache
X-Backend-Url
X-Backend-Host
X-WebServer
X-We-Are-Hiring
X-Reboot
X-Debug-Cache-Fetch
X-Hash
W
X-NX-Host
X-Geo-Header
X-Generation-Time
X-Generated-On
X-B3-SpanId
X-Hello
X-Nginx-Cache-Key
X-Level-Front-Cache
X-Location
X-Matched-Rule
X-Irp-Debug
X-MSEdge-Features
X-Hnp-Log
X-MSEdge-Flight
X-Generated-In
X-Gen-Mode
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Distributor
X-Rebelmouse-Surrogate-Control
X-Debug-Log
X-Debug-Cache-Store
X-Debug-Cookies
X-ElasticPress-Search
X-Eu-Site
X-GDPR
X-Proxy-Cache-Status
X-Flog
X-Fetched-On
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Method
X-GeoIP-City
Content-Disposition
Esi-Enabled
X-Zipkin-Id
Server-Int
AKAMAI
Thinkindot-CacheControl
Fastly-SIE
Fastly-SWR
Magicmarker
PFcat
L
HA-Ipaddr
Ha-Gx-Prefs
Thinkindot-CacheControl-Type
CDCHOST
Thinkindot-Control
X-Microcachable
X-Unique-ID
X-Epic-Correlation-Id
Heartbleed
X-Swa-Ws
X-Servername
X-Dispatch
X-Device-Os
Pagetype
X-Webstats-RespID
Platform
X-Variation
X-User
Is-Eu
Kp-EeAlive
X-Server-IP
X-Internal-Host
X-Qloud-Router
X-Platform-Server
X-Owner
X-Say-Cacheable
X-Request-URI
True-Client-Country-4JS
Adler-Geo
X-Old-Content-Length
Pramga
X-Li-Fabric
X-SayCDN-TTL
X-Key
X-Li-Pop
X-Say-TTL
X-LI-UUID
X-LI-Proto
X-Reqid
X-PHP-Host
Server-Host
Served-By
X-Backend-State
RNT-Time
X-Amz-Meta-Cache-Control
SS
V-Age
Web-Mar-Node
Wxu-Next-Commit
Wxu-Next-Hostname
RNT-Machine
Wxu-Next-Region
X-Cache-Id
X-Cache-FS-Status
X-IPS-LoggedIn
X-Cdn-Forward
X-Dispatcher-Server
Cache-Cookie-Set-Idcheck
SD-X-WS
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Resin-Trace
X-Response-By
X-SD-PageType
Memory
Country-Code
X-Var-Ttl
X-Page-Type
X-Service
X-Wa
X-MP-GENERATED-AT
X-Dc
X-FPC
X-Ttl
X-Has-Esi
REQUESTUUID
X-JWT-State
X-Servedbyhost
Cache-Provider
X-Is-Gdpr
UCS
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Nc
X-Lb-Id
Powered-By-ChinaCache
ProcessTime
X-Geo
X-RateLimit-Reset
Srv
Ajk
X-Ratelimit-Limit
X-Logtrace-Id
X-HTML-Minification-Powered-By
X-NWS-UUID-VERIFY
X-Datadome
X-Cache-Backend
X-VCL-Version
X-Info
Proxy-Firewall
CACHE
X-UA
X-Litespeed-Cache
X-Be
X-Svr
X-Cache-URL
X-Processor
X-Tb-Optimization-Total-Bytes-Saved
X-SRV
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Instart-Isnd
X-Cache-Category-Id
X-Pjax-Url
X-Grey
Powered-By
X-Oss-Storage-Class
SN
X-CDN-Forward
X-COUNTRY
X-Varnish-Beresp-Ttl
X-Ruxit-Js-Agent
X-HS-Status
X-SN
X-Scheme
PICS-Label
Dynatrace
X-ZONE
X-URL
X-Webkit-Csp
X-Zone
X-TH-Server
Fastly-Backend-Name
X-NodeID
X-Ftr-Request-Id
X-Dynatrace-Js-Agent
Group
X-Dynatrace
X-Varnish-Beresp-Grace
GeoIP-Country-Code
GeoIP-Latitude
X-Varnish-Beresp-Status
GeoIP-City
X-GRACE
X-Source
X-SERVER-NAME
X-Pf-Uncompressing
X-RCS-CacheZone
X-EC-Lua
X-Cache-Ttl
X-Newrelic-Synthetics
XServer
GW-Server
X-LAGOON
X-Server-W
X-LiteSpeed-Cache-Control
X-Varnish-Beresp-TTL
X-PF-Uncompressing
X-Bc
Cache-Host
X-APP
CF-Cached-On
X-Varnish-Url
X-Gannett-Site-Version
Ttl
Cdn
LB
X-Secret
X-NODE
X-Sucuri-Id
X-Ms-Request-Id
X-Ms-Version
X-Ftr-Cache-Host
X-Via-Ucdn
WZWS-RAY
X-Check-Cacheable
MIME-Version
On-Server
GeoIp-Country-Code
Geoip-City
X-Varnish-Cacheable
Geoip-Latitude
X-Tt-Trace-Host
X-Ratelimit-Remaining
X-CDN-Cache
X-FORWARDED-FOR
X-Edge
X-Session-Fingerprint
X-Aicache-OS
Lfy
Environment
User-Agent
X-Trafficlayer-App-Scope
Pics-Label
X-Trafficlayer-App-Name
X-BC
X-GeoIP-Country-Code
WWW
X-Agile-Age
X-Agile-Id
X-Cache-Debug
X-PJAX-URL
Inserted-Into-Cache-At
X-Akamai-SSL-Client-Sid
X-Fastly-Country-Code
X-Agile
M-TraceId
X-Ftr-Balancer
X-Ftr-Realm
X-Ftr-Dc
X-Ftr-Backend-Server
X-Ftr-Backend
Ohc-Response-Time
X-BE
X-Mid
Requestid
X-NU-AKA-ACS-Version
Cf-Ipcountry
X-Vcl-Version
X-CSRF-Token
X-Logging-Id
X-Render-Time
X-UPSTREAM-Address
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
Who
X-Crawler
X-Varnish-Ttl
X-Fastly-Backend-Reqs
X-MCACHE
SID
Amp-Access-Control-Allow-Source-Origin
X-Sedo-Request-Id
X-LB-ID
URI
X-Cache-Miss-From
X-Litespeed-Cache-Control
Lb
X-DSS
DataCenter
X-RSL
X-Micro-Cache
X-DI
X-RPM
X-DW
X-DB
X-Proxy-Cacherz
X-FE
Xkeyrz
X-RPS
X-Cache-Tag
HostName
X-Served-From
RequestUuid
X-Core-Value
CDN
X-Via-Edge
X-Action
Host-ID
X-Via-SSL
X-WR-MODIFICATION
X-Cf-Powered-By
X-NGINX-Cache
X-Correlation-ID
X-Flow-Id
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-Sucuri-ID
X-Nananana
X-WA
X-Fpc
Xkeypdq
X-ServedByHost
X-AK-Request-ID
Cdncip
Cdnsip
X-Fastly-Cache-Hits
X-Newrelic-App-Data
X-Unique-Id
X-Swift-Error
X-SB
X-MID
Correlation-Id
X-Sucuri-Cache
X-VC
X-Vdms-Version
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-TT-LOGID
X-TIME
X-Sigma
Cneonction
X-Rocket-Build-Number
Warning
X-Sigma-Backend
X-Cdn-Request-ID
Get-Access-Time
FNAC-ModuleRouting
Is-Session-Tracking
X-Vct
Xet-Cookie
X-Fstrz
RequestId
X-Shopify-Generated-Cart-Token
X-Gen-Id
X-Apw-Access-Object
X-Protected-By
X-Fe
X-Request-URL
X-Ecache
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Token
Processtime
X-ECache
X-Dw-Trace-Id
X-Gdpr
X-MiniProfiler-Ids
X-ServerName
HitType
X-Bug-Bounty
V-Cache