Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Request-ID
X-Language
X-Iinfo
Status
X-Content-Security-Policy
Content-Encoding
X-AspNetMvc-Version
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Ua-Compatible
Access-Control-Expose-Headers
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
EagleId
X-Age
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Server
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Amz-Version-Id
Server-Timing
Feature-Policy
X-Server-Id
X-WebKit-CSP
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
EagleEye-TraceId
X-Response-Time
X-Host
X-Backend-Server
X-Node
Request-Id
Content-Location
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
X-ORACLE-DMS-RID
NEL
X-Origin-Upstream-Status
X-DataDome
X-Rack-Cache
Surrogate-Control
X-Ruxit-JS-Agent
X-HW
Allow
Rating
X-Country-Code
X-FTR-Request-ID
X-Clacks-Overhead
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Url
X-DynaTrace
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
X-TTL
X-MS-InvokeApp
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
X-Varnish-TTL
X-Powered-By-Plesk
Verso
RTSS
Public-Key-Pins
Pinterest-Generated-By
X-CST
X-Px
Edge-Control
X-Mod-Pagespeed
X-Recruiting
X-VARITI-CCR
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
Display
X-Ah-Environment
X-B3-TraceId
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-D2id
Service-Worker-Allowed
Accept-CH
SPRequestGuid
X-SharePointHealthScore
X-Vcap-Request-Id
X-Version
X-Akam-SW-Version
X-ESI
X-Server-Name
MS-Author-Via
X-GitHub-Request-Id
X-Abt-Application-Version
X-Navigation-Version
X-Powered-CMS
SPRequestDuration
SPIisLatency
Accept-Ch-Lifetime
TCN
X-Shard
X-RateLimit-Remaining
Charset
X-Upstream
Fastly-Restarts
Ar-Sid
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Amz-Server-Side-Encryption
X-Trace
Realpath
X-Aspnetmvc-Version
X-Amz-Rid
Nginx-Cache
X-Forwarded-Proto
X-XRDS-Location
X-Debug
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-SRCache-Fetch-Status
X-TEC-API-VERSION
X-SRCache-Store-Status
X-Ezoic-Cdn
Front-End-Https
X-Cached
AR-Request-ID
X-NF-Request-ID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
MRF-Tech
X-MSEdge-Ref
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Shield-Request-Id
Pagespeed
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
Paypal-Debug-Id
Content-MD5
X-VCache
MicrosoftSharePointTeamServices
X-Id
X-Goog-Storage-Class
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-T
X-FTR-Realm
X-Amz-Meta-S3cmd-Attrs
ServerID
S
X-Fastly-Request-ID
X-Via-JSL
DynaTrace
X-Varnish-Age
X-Client-IP
X-Content-Type
X-Hits
X-Dw-Request-Base-Id
X-Ser
X-SERVER
X-Vcache
X-DynaTrace-JS-Agent
X-Amzn-Trace-Id
X-Correlation-Id
X-Accel-Expires
X-Grace
Fastcgi-Cache
X-Frontend
X-Content-Digest
Powered
X-FTR-Cache-Host
X-N
X-DIS-Request-ID
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-RateLimit-Limit
X-Forwarded-For
Server-Name
X-Logged-In
X-Fastcgi-Cache
X-HS-Hub-Id
X-HS-Content-Id
Edge-Cache-Tag
AMP-Access-Control-Allow-Source-Origin
X-FastCGI-Cache
X-Server-ID
TP-L2-Cache
TP-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-B3-Sampled
X-Request-Processing-Time
X-Request-Received
X-Cache-Age
X-Zen-Fury
X-Type
X-Az
X-Activity-Id
X-AppVersion
X-Kinsta-Cache
X-Rid
X-User-Agent
X-IPLB-Instance
Backend-Timing
X-Analytics
X-Revision
Pinterest-Version
X-Pinterest-Rid
X-GUploader-UploadID
X-LB-Cache
Accept-Ch
FilterID
Healthy
X-Whom
Retry-After
X-Time
X-Node-Name
X-Cache-Hit
X-Srv
X-NWS-LOG-UUID
X-F-Cache
Server-Node
X-Cache-2
Accept-Charset
Alternate-Protocol
X-B3-Traceid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-Rule
Cache-Status
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Hp-Webp
X-Erf-Bev-Bev-Is-Generated
X-Content-Options
X-Erf-Bev-Bev
X-Akamai-Edgescape
Surrogate-Key
X-Content-Security-Policy-Report-Only
Cache-Tag
DC
Refresh
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-AOL-HN
X-Instance
X-Content-Powered-By
X-Forwarded-Host
X-Tumblr-User
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Debug-Info
X-Tumblr-Pixel-0
X-Cluster
X-PHP-Backend
X-TA-CDN-Provider
X-Jobs
X-Framework
X-Varnish-Grace
MS-CV
X-FW-Hash
X-FB-Debug
X-FW-Serve
Fastcgi-Useragent
X-Request-Guid
Source
X-App-Environment
Tracecode
X-Page-Id
X-FW-Type
X-FW-Static
X-FW-Server
X-App-Server
Frame-Options
X-B
X-Esi
X-Cache-Operation
X-Mobile-URL
Host
Actual-Object-TTL
X-Cache-TTL
X-Acc-Meta-Resource-Type
X-Cache-Key
X-Hostname
X-Seen-By
X-Geo-Country
Cleartype
X-B-Cache
X-Cache-Control
X-Signature
X-Cached-By
X-BCube-Filmed-By
X-Host-Name
Accept-CH-Lifetime
X-Git-Hash
X-TT
X-Amz-Replication-Status
X-Mobile
Upgrade-Insecure-Requests
X-Varnish-Backend
X-Pad
NGB
NR-ENABLED
X-Response-Served-From
X-Adobe-Content
X-Adobe-Loc
WPE-Backend
Liferay-Portal
X-WebKit-CSP-Report-Only
X-TT-TIMESTAMP
Filters
From-Origin
Eomportal-Instance
Cache-Tv-Group
GEO-INFO
Ms-Operation-Id
Payment
X-RTag
X-Status
X-ProcessESI
X-RemovedCookies
X-Handled-By
X-Drupal-Cache-Tags
X-Cache-Remote
Webserver
X-Tumblr-Pixel-1
X-ATG-Version
X-TX-ID
X-Tumblr-Pixel-2
X-RequestSource
X-UA-Device-Type
X-GeoIP
X-Cacheable-TTL
X-FW-Dynamic
X-Daa-Tunnel
X-WA-Info
X-Origin-Server
X-Cache-TTL-Remaining
X-EdgeConnect-Cache-Status
X-Webkit-CSP
X-Content-Age
X-Cache-Action
Xserver
X-Edge-Location
X-Storage
X-Hyper-Cache
Viewport
X-Wix-Request-Id
Datacenter
X-Ratelimit-Reset
X-Contextid
X-Presslabs-Stats
X-PressLabs-Stats
Version
X-Region
X-CF-Powered-By
X-Varnish-Hostname
X-Accel-Buffering
X-Oneagent-Js-Injection
PageSpeed
X-HS-Cache-Config
Ohc-File-Size
Cache
Host-Header
X-Akamai-Transformed
X-ES-SERVER
X-Varnish-Server
X-Element-Page-Cache
X-Path-Route
X-Cache-Var-Map
X-Cache-NE
Load-Balancing
X-Cache-Var
Meta-Geo
X-RN-RSRV
X-Cache-Server
S-Cnection
X-IP
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Upstream-Proxy
X-From
Cache-Tags
Cache-Name
X-Viewer-Country
X-Proto
X-Cache-Enabled
X-Akamai-Request-ID2
X-R9-Blue-Green-Version
X-ApacheServer
X-Access
X-Cache-Config
Rt-Fastcgi-Cache
Decoy-Debug-Status
X-Proxy
Cache-Hits
X-Via-Fastly
X-CS
X-Akamai-Request-ID
X-Section
X-TNCMS
X-Time-Microsecs
X-Tumblr-Pixel-3
Decoy-Debug-Key
Decoy-Debug-TTL
X-PERF
X-Origin-Response-Time
Ec-Rule-Version
X-Cluster-Node
X-NCache
X-Loop
Vix-Hermes-Req-Id
X-NewRelic-App-Data
X-Proxy-Build
X-PCL
X-Origin
X-OCL
X-Ttl
X-Rule
X-Upgrade-Enabled
X-Trace-Id
X-Timing-Wait
S-Rt
X-Labrador-Cache-Channel
X-CCM
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Format
X-FC-Vary-Parameters
X-Human
X-Drupal-Cache-Contexts
X-Hit
Cache-Key
X-Upstream-CT
X-Upstream-HT
Webcakes-Region
X-Cache-Time
Ohc-Cache-HIT
Webcakes-App-Version
Webcakes-App-Name
DB-Nickname
X-Cache-Grace
X-Varnish-Cache-Hits
Selected-Fe
X-Origin-Hint
X-Backend-TTL
TWC-Privacy
TWC-Locale-Group
Country
X-Xfnlog-Site
X-Www-Served-By
X-Web-Node
Mn-Server-Ip
Property-Id
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Azure-Version
X-Site-Version
X-Debug-Cache
X-EIG-Tracking-Id
X-UnsetCookies
X-Cache-Host
X-Backend-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
X-JoinUs
X-Generated
X-Locale
Server-Info
X-FireWall-Port
X-Device-Type
Release
Time
X-Vgn-Hpd-Reason
X-FW-Version
X-VCT
DSUID
X-Ua
X-Varnish-Hits
X-Rendered-As
X-S
Now
X-OVcl-Cache
X-OVcl
X-Real-IP
Hostname
X-Litespeed-Cache
OT-Force-Account-Verify
Access-Control-Request-Headers
Fastcgi-X-Cache-Version
X-NGENIX-Cache
ServedBy
X-Pubstack
X-VG-TLSProxy
Origin-Edge-Control
X-Redis-Cache
X-DataStream-Cache-Status
Origin-Cache-Control
L5d-Success-Class
X-SS-Set-Cookie
Cteonnt-Length
Accept-Language
X-VG-WebCache
X-HS-Combine-CSS
NtCoent-Length
X-Webkit-Csp
Origin
X-FB-TRIP-ID
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
Fastly-SSL
X-APP-VERSION
X-App-Version
SRV
Machine
X-Tb
X-Parent-Response-Time
X-Origin-TTL
X-Origin-CC
X-CSRF-TOKEN
X-Cluster-Name
X-Tt-Trace-Tag
X-UUID
X-GEO
X-Load-Cache
X-NC
X-GoCache-CacheStatus
X-Environment-Context
X-L-Path
X-No-Session
X-Rocket-Nginx-Bypass
X-ECACHE
IBM-Web2-Location
X-Nginx-Cache
Nel
X-B3-Spanid
X-ServerID
X-Soup
Mime-Version
X-Guploader-Uploadid
X-B3-Parentspanid
X-Uri
X-XRDS-LOCATION
NGX
X-CACHE-KEY
X-Is-Bot
X-Magnolia-Registration
X-Amzn-Remapped-Content-Length
Proxy-Connection
X-Endurance-Cache-Level
X-Mode
ServerName
Akamai-GRN
A
X-Worker
Apple-News-Services-Handled
X-Vtex-Remote-Cache
X-VG-WebServer
Apple-News-Services-Host
X-Vtex-Processado-Em
X-CF-Lambda-Version
X-Application
X-CF-Lambda-Fn
X-Connection-Hash
X-Accel-Expires-Debug
X-Node-Id
X-MServer
Xc-Version
X-Aed
X-B-Cookie
X-A-Wwc
X-ARC
X-AIR-PT
X-A-Dam
Fly-Request-Id
GEO-REGION-INFO
X-DPWN-IS-SECURE
X-External-Request-Id
Fly-Cache
X-Rojux
X-Developer
T-Server
Cross-Origin-Window-Policy
Rt-Proxy-Cache
MD5-Digest
X-Rewrite-Enabled
Mobile-Detection-Method
Node
Odigeo-Trace-Id
X-PAYTM-SRV-ID
Rendered-Blocks
X-Region-Sid
Memcached
X-G
X-Request-UUID
Meta-Geo-Continent
Content-Style-Type
Viewtype
Apple-News-Services-Request-Url
X-Instart-Info
X-Date
X-Destination
X-SRCache-Key
Apple-News-Services-Parsed-Url
X-D
X-Trv-Group
X-A-Dcw
X-Transaction
Arc-Country
AsisCache
VivaBuild
X-S-Cookie
Cache-Prefix
Content-Script-Type
X-Detected-As
X-A
X-Server-Time
X-ScT
X-A-Ccd
BehaviorPad-Version
X-Twitter-Response-Tags
X-A-Dgt
Request-Time
X-B3-SpanId
X-Generated-By
X-Ruxit-Js-Agent
X-LJ-Flow-ID
X-Tec-Api-Origin
Backend-Name
X-VWS-Id
X-AWS-Id
X-Tec-Api-Version
X-Tec-Api-Root
Fastly-Soc-X-Request-Id
X-Fastly-Cache
Cdn-Host
X-Origin-Expires
X-Release
We-Hiring
Mail-Subject
X-Edge-Server
X-Origin-Date
X-Cms-Context
Request-EU
Request-Country
X-Azure-Ref-OriginShield
X-Azure-Ref
Section-Io-Cache
X-Cache-Bucket
X-Cdn-Srv
Locale
X-Developers
CF-IPCountry
X-S-Maxage
N-Cache
IsBot
Cdn-Request-Time
X-Urbn-Site-Id
X-VC-Cache
X-SVT-ORM-RULES
X-SIPLIST1
X-Dc
X-Up
X-Urbn-Context-Path
X-SVT-ORM-VERSION
X-Hl-Ver
User-Cache-Control
X-Request-Time
X-Cdn-Forward
X-WADP-Cache
X-Cdn-Origin
X-Cache-Info
X-VServer
X-Clara-WADP
X-Clientip
X-Compress-Hint
X-We-Are-Hiring
X-Core-Mission
X-BBXSRF
X-App-Name
X-Var-Ttl
X-Auto-Login
W
Uber-Trace-Id
Thinkindot-Control
True-Client-Country-4JS
X-CUA
X-Backend-Host
X-Bip
X-Block-Status
X-UA
X-Wikidot-Backend
X-Backend-Url
X-Wikidot-Static-Cache
X-C
X-Distil-CS
X-Nginx-Cache-Key
X-Sn-Servicetimems
X-Policy
X-Method
X-Matched-Rule
X-Location
Thinkindot-CacheControl-Type
X-Qloud-Router
X-Skip-Cache
X-Reboot
X-Service
X-ServiceProvider
X-Rebelmouse-Surrogate-Control
X-RateLimit-Limit-Second
X-Rebelmouse-Cache-Control
X-Level-Front-Cache
X-IN-APIGATEWAYSSL
X-ElasticPress-Search
X-Thanos
X-Thinkindot-L3
X-Distributor
X-TrackingId
X-Server-IP
X-GDPR
X-Gen-Mode
X-Hnp-Log
X-IN-APIGATEWAY
X-Geo-Header
X-Generation-Time
X-Swa-Ws
X-Generated-On
X-Device-Os
X-RateLimit-Remaining-Second
AKAMAI
Thinkindot-CacheControl
Esi-Enabled
Fastly-SIE
RNT-Time
RNT-Machine
Pramga
CDCHOST
Content-Disposition
Fastly-SWR
Countrycode
L
Gh-Request-Id
Magicmarker
Heartbleed
Server-Int
X-Microcachable
X-Debug-Cookies
X-Debug-Cache-Store
X-MSEdge-Flight
X-MSEdge-Features
X-LI-UUID
X-Epic-Correlation-Id
X-Li-Pop
Cache-Provider
X-Eu-Site
X-GeoIP-City
X-Generated-In
X-Internal-Host
X-Hash
X-Fetched-On
X-Li-Fabric
X-Debug-Log
X-LI-Proto
X-Org
Server-Host
Served-By
Adler-Geo
Wxu-Next-Commit
Wxu-Next-Hostname
Pagetype
Kp-EeAlive
X-WebServer
X-Via-CDN
X-Variation
Ha-Gx-Prefs
HA-Ipaddr
X-SayCDN-TTL
X-Say-TTL
X-Debug-Cache-Expiry
X-PHP-Host
X-Owner
X-Irp-Debug
X-Old-Content-Length
X-CGP
X-Platform-Server
X-Request-URI
X-Say-Cacheable
X-Request-Start
Wxu-Next-Region
X-BYPASS-REASON
X-Debug-Cache-Fetch
X-Dispatch
X-Is-Gdpr
X-JWT-State
X-Has-Esi
X-Webstats-RespID
Memory
V-Age
Web-Mar-Node
X-Cache-Id
X-Amz-Meta-Cache-Control
Server-ID
X-Backend-State
Platform
X-Cache-FS-Status
X-User
PFcat
X-Proxy-Cache-Status
X-NX-Host
X-Proxy-Upstream
X-ProxyCache-Status
X-ProxyCache-Key
X-Reqid
Is-Eu
Srv
X-SD-PageType
X-COUNTRY
X-Servername
X-Flog
X-Dispatcher-Server
X-ABtesting
X-Hello
SD-X-WS
Resin-Trace
X-Key
X-Unique-ID
X-Info
X-Nc
SS
X-Lb-Id
X-URL
X-FPC
X-NWS-UUID-VERIFY
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Response-By
REQUESTUUID
X-Geo
X-Wa
X-Be
X-RateLimit-Reset
X-Routing-Service
X-IPS-LoggedIn
X-Proxied
X-DC
X-Zipkin-Id
Country-Code
X-Svr
X-Servedbyhost
Cache-Cookie-Set-Idcheck
X-Cache-URL
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Page-Type
X-Ratelimit-Limit
X-Instart-Isnd
X-Datadome
X-Dynatrace-Js-Agent
X-Scheme
UCS
X-Cache-Backend
X-Processor
CACHE
X-MP-GENERATED-AT
X-VCL-Version
X-NodeID
X-Pjax-Url
X-SRV
XServer
X-Logtrace-Id
Ajk
Powered-By-ChinaCache
X-SN
Group
X-Oracle-Dms-Rid
X-HTML-Minification-Powered-By
X-Oss-Server-Time
X-Varnish-Beresp-Ttl
X-CDN-Forward
X-Oss-Object-Type
Dynatrace
X-Oss-Request-Id
Proxy-Firewall
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
ProcessTime
X-ZONE
X-Server-W
Cache-Host
PICS-Label
X-Tb-Optimization-Total-Bytes-Saved
SN
Powered-By
X-Ftr-Request-Id
X-HS-Status
X-Dynatrace
X-Zone
X-Cache-Category-Id
X-Newrelic-Synthetics
X-Grey
X-Varnish-Beresp-Grace
X-Source
X-Varnish-Beresp-Status
X-EC-Lua
X-GRACE
X-Ms-Version
X-Ms-Request-Id
X-Pf-Uncompressing
X-Via-Ucdn
Ttl
GeoIp-Country-Code
Geoip-Latitude
Geoip-City
Fastly-Backend-Name
X-APP
X-FORWARDED-FOR
X-TH-Server
X-Sucuri-Id
X-LiteSpeed-Cache-Control
X-Varnish-Beresp-TTL
X-Session-Fingerprint
GeoIP-City
X-PF-Uncompressing
GeoIP-Country-Code
GeoIP-Latitude
Lfy
X-NODE
X-Agile-Id
X-Agile-Age
X-Ftr-Cache-Host
X-Cache-Debug
Cdn
X-Agile
GW-Server
X-Check-Cacheable
MIME-Version
X-LAGOON
X-Ratelimit-Remaining
LB
X-Tt-Trace-Host
X-Fastly-Country-Code
Environment
Pics-Label
Amp-Access-Control-Allow-Source-Origin
X-Bc
X-RCS-CacheZone
X-Aicache-OS
X-Secret
X-7Graus-Varnish-Cache-Control
X-Logging-Id
X-Edge
X-Gannett-Site-Version
X-7Graus-Varnish-XKeys
X-Varnish-Url
CF-Cached-On
X-BC
WWW
X-Sedo-Request-Id
M-TraceId
WZWS-RAY
X-Cache-Miss-From
Cf-Ipcountry
X-Ftr-Backend
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Dc
X-CSRF-Token
X-Ftr-Realm
X-Vcl-Version
Requestid
X-Mid
X-CDN-Cache
X-Varnish-Cacheable
On-Server
X-PJAX-URL
Ohc-Response-Time
X-Akamai-SSL-Client-Sid
X-Varnish-Ttl
X-MCACHE
User-Agent
X-Core-Value
DataCenter
X-Cache-Ttl
X-Fastly-Backend-Reqs
X-GeoIP-Country-Code
X-UPSTREAM-Address
Inserted-Into-Cache-At
X-Cache-Tag
Cdnsip
X-Sucuri-ID
Cdncip
X-Litespeed-Cache-Control
X-AK-Request-ID
Lb
Tcn
X-Unique-Id
X-DI
X-NU-AKA-ACS-Version
X-Sucuri-Cache
X-TT-LOGID
X-DB
SID
CDN
X-Action
X-DSS
X-Proxy-Cacherz
X-Vdms-Version
X-BE
Xkeyrz
X-RSL
URI
X-RPM
X-DW
X-RPS
HostName
X-NGINX-Cache
Who
X-Sigma
RequestUuid
X-Swift-Error
X-Rocket-Build-Number
Host-ID
X-ServedByHost
X-Crawler
X-Fstrz
X-WA
X-Render-Time
X-Sigma-Backend
X-Correlation-ID
X-Shopify-Generated-Cart-Token
Is-Session-Tracking
X-Planisys-CDN-Cache
Pragrma
Get-Access-Time
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Fastly-Cache-Hits
Xkeypdq
X-Flow-Id
X-WR-MODIFICATION
X-LB-ID
Warning
X-Page-Impression-Id
X-Fpc
X-Zalando-Child-Request-Id
Server-Id
X-TIME
X-FE
X-Micro-Cache
X-Refresh
X-Cdn-Request-ID
X-Via-NSCOPI
X-SB
FNAC-ModuleRouting
X-MID
X-HostName
X-VC
Correlation-Id
X-ServerName
X-Nananana
X-Cf-Powered-By
TTL
X-Trafficlayer-App-Version
X-Served-From
X-Via-Edge
X-Fe
X-LiteSpeed-Tag
X-Gen-Id
Processtime
X-MiniProfiler-Ids
X-Newrelic-App-Data
Cneonction
X-Dw-Trace-Id
X-Gdpr
X-Bug-Bounty
HitType
V-Cache
X-Request-URL
X-ECache
Xet-Cookie
X-Via-SSL
RequestId