Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
X-Content-Security-Policy
Content-Encoding
X-AspNetMvc-Version
X-Request-ID
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Ua-Compatible
Access-Control-Expose-Headers
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
EagleId
X-Age
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Server
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
X-Amz-Version-Id
Feature-Policy
X-Server-Id
X-Device
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
EagleEye-TraceId
X-Response-Time
X-Backend-Server
Request-Id
X-Host
X-Node
Content-Location
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
X-ORACLE-DMS-RID
NEL
X-DataDome
X-Origin-Upstream-Status
X-Rack-Cache
X-Ruxit-JS-Agent
Surrogate-Control
X-HW
X-Dns-Prefetch-Control
Allow
Rating
X-Country-Code
X-Clacks-Overhead
X-FTR-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
X-Url
X-DynaTrace
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Content-Id
X-MS-InvokeApp
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-TTL
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
RTSS
Public-Key-Pins
X-Px
Edge-Control
X-Mod-Pagespeed
X-Middleton-Response
X-Middleton-Display
Response
Display
X-VARITI-CCR
X-Sol
X-Recruiting
X-CST
X-Ah-Environment
X-B3-TraceId
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-Use-Magma
X-Cdn-Fetch
X-D2id
Service-Worker-Allowed
SPRequestGuid
X-SharePointHealthScore
X-ESI
X-Vcap-Request-Id
X-Akam-SW-Version
X-Version
X-Server-Name
SPIisLatency
SPRequestDuration
Accept-CH
MS-Author-Via
X-GitHub-Request-Id
X-Abt-Application-Version
X-Navigation-Version
X-Powered-CMS
Accept-Ch-Lifetime
TCN
X-Shard
Charset
X-Trace
Fastly-Restarts
X-RateLimit-Remaining
X-Upstream
AR-ATIME
AR-CACHE
Ar-Sid
AR-PoweredBy
X-Amz-Server-Side-Encryption
Nginx-Cache
Realpath
X-Amz-Rid
X-Debug
X-Aspnetmvc-Version
X-Forwarded-Proto
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-XRDS-Location
X-Ezoic-Cdn
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Front-End-Https
X-Cached
X-NF-Request-ID
AR-Request-ID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Pagespeed
X-Mrf-Section-Lastmod
X-Shield-Request-Id
X-B3-TraceId-Primal
X-MSEdge-Ref
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-VCache
Content-MD5
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
MicrosoftSharePointTeamServices
Paypal-Debug-Id
X-Id
X-T
X-Goog-Storage-Class
X-Amz-Meta-S3cmd-Attrs
X-FTR-Backend-Server
X-FTR-Balancer
S
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
ServerID
X-Fastly-Request-ID
X-Via-JSL
DynaTrace
X-Varnish-Age
X-Client-IP
X-Ser
X-Content-Type
X-Dw-Request-Base-Id
X-DynaTrace-JS-Agent
X-Hits
X-SERVER
X-Accel-Expires
X-Correlation-Id
X-Amzn-Trace-Id
X-Grace
Fastcgi-Cache
Powered
X-Frontend
X-Content-Digest
X-Forwarded-For
X-DIS-Request-ID
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-N
X-FTR-Cache-Host
Edge-Cache-Tag
X-Vcache
X-Logged-In
X-HS-Hub-Id
X-HS-Content-Id
Server-Name
X-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Limit
Accept-Ch
X-FastCGI-Cache
X-Server-ID
TP-Cache
TP-L2-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Request-Processing-Time
X-Request-Received
X-B3-Sampled
X-Pinterest-Rid
Pinterest-Version
X-Zen-Fury
X-Cache-Age
X-Kinsta-Cache
X-IPLB-Instance
X-Az
X-AppVersion
X-Activity-Id
X-Revision
X-Type
X-User-Agent
X-Time
X-Rid
Healthy
Backend-Timing
X-LB-Cache
X-Analytics
X-GUploader-UploadID
X-Whom
Retry-After
FilterID
X-Srv
X-Cache-Hit
X-Node-Name
X-NWS-LOG-UUID
Server-Node
X-F-Cache
Accept-Charset
Alternate-Protocol
X-B3-Traceid
X-Cache-2
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Hp-Webp
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-Rule
Cache-Status
X-Akamai-Edgescape
X-Amzn-RequestId
X-Amz-Apigw-Id
Cache-Tag
X-Webkit-CSP
X-Content-Options
Surrogate-Key
X-Content-Security-Policy-Report-Only
Refresh
DC
X-Content-Powered-By
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Forwarded-Host
X-Tumblr-Pixel
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-AOL-HN
X-App-Environment
X-Jobs
Source
MS-CV
Access-Control-Allow-Method
X-Framework
X-Debug-Info
X-Varnish-Grace
X-Cluster
X-PHP-Backend
X-Page-Id
Fastcgi-Useragent
X-FB-Debug
Tracecode
X-Request-Guid
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Server
X-FW-Type
X-Cache-TTL
X-App-Server
Frame-Options
X-B
X-TA-CDN-Provider
X-Cache-Operation
Host
Actual-Object-TTL
X-Mobile-URL
X-Cache-Key
X-Seen-By
Cleartype
X-Cache-Control
X-Geo-Country
X-Hostname
X-Signature
X-B-Cache
X-Acc-Meta-Resource-Type
NR-ENABLED
X-BCube-Filmed-By
X-Host-Name
X-Cached-By
X-Esi
X-Git-Hash
X-Mobile
Upgrade-Insecure-Requests
Accept-CH-Lifetime
X-Amz-Replication-Status
X-Pad
X-Varnish-Backend
X-TT
X-Response-Served-From
NGB
X-WebKit-CSP-Report-Only
X-Adobe-Loc
GEO-INFO
X-Adobe-Content
WPE-Backend
X-RTag
X-ATG-Version
X-RequestSource
X-TT-TIMESTAMP
X-Tumblr-Pixel-1
X-UA-Device-Type
X-Tumblr-Pixel-2
Eomportal-Instance
Filters
Payment
X-Handled-By
X-GeoIP
Ms-Operation-Id
X-ProcessESI
X-RemovedCookies
From-Origin
X-TX-ID
Webserver
Cache-Tv-Group
X-Drupal-Cache-Tags
X-Cache-Remote
X-Status
Liferay-Portal
X-EdgeConnect-Cache-Status
X-Cacheable-TTL
X-Origin-Server
X-Daa-Tunnel
X-FW-Dynamic
X-Cache-TTL-Remaining
X-WA-Info
X-Presslabs-Stats
Xserver
X-Content-Age
X-Cache-Action
X-Wix-Request-Id
X-Edge-Location
X-Hyper-Cache
X-Ttl
Viewport
X-Contextid
X-Ratelimit-Reset
X-Storage
Datacenter
X-Region
X-HS-Cache-Config
Version
X-CF-Powered-By
X-Element-Page-Cache
X-Varnish-Hostname
Ohc-File-Size
X-Accel-Buffering
Cache
PageSpeed
X-Oneagent-Js-Injection
X-PressLabs-Stats
X-Akamai-Transformed
X-Cache-NE
Host-Header
X-Cache-Var
Meta-Geo
X-ES-SERVER
X-RN-RSRV
X-Path-Route
X-Cache-Server
Load-Balancing
X-Cache-Var-Map
X-Varnish-Server
X-IP
S-Cnection
X-Yottaa-Optimizations
Ohc-Cache-HIT
X-Proxy
X-Cache-Enabled
X-Yottaa-Metrics
X-Akamai-Request-ID2
Cache-Tags
X-Proto
Cache-Name
X-ApacheServer
Decoy-Debug-Status
TWC-Device-Class
Webcakes-App-Version
TWC-Locale-Group
X-PERF
Vix-Hermes-Req-Id
Decoy-Debug-Key
TWC-Connection-Speed
X-Tumblr-Pixel-3
X-NewRelic-App-Data
Webcakes-App-Name
X-TNCMS
Cache-Hits
Country
X-Origin-Hint
TWC-Privacy
Ec-Rule-Version
X-Via-Fastly
X-NCache
X-Viewer-Country
X-Cluster-Node
X-Access
X-Loop
TWC-GeoIP-Country
X-Varnish-Cache-Hits
Webcakes-Region
Property-Id
X-CS
TWC-GeoIP-LatLong
Decoy-Debug-TTL
X-Cache-Config
X-Section
Mn-Server-Ip
X-Device-Type
Release
X-R9-Blue-Green-Version
Rt-Fastcgi-Cache
Azure-SiteName
Azure-Version
DB-Nickname
Cache-Key
DSUID
Azure-SlotName
X-Xfnlog-Site
Azure-InstanceId
Azure-RegionName
Selected-Fe
X-EIG-Tracking-Id
X-Upstream-CT
X-Upgrade-Enabled
X-UnsetCookies
X-Upstream-HT
X-VCT
X-Web-Node
X-Labrador-Cache-Channel
X-Trace-Id
X-OCL
X-Time-Microsecs
X-Rule
X-Proxy-Build
X-Timing-Wait
X-PCL
X-Origin
X-Origin-Response-Time
X-Akamai-Request-ID
X-Www-Served-By
X-Cache-Time
X-CCM
X-Debug-Cache
X-Cache-Host
X-Cache-Grace
X-Backend-Name
X-Backend-TTL
X-Format
X-FC-Vary-Parameters
X-Human
X-From
X-Site-Version
X-Hosted-By
X-Locale
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Drupal-Cache-Contexts
X-Generated
X-JoinUs
X-Hit
S-Rt
X-Upstream-Proxy
X-Vgn-Hpd-Reason
X-FireWall-Port
Server-Info
Time
X-Rendered-As
X-FW-Version
X-S
X-Varnish-Hits
X-OVcl-Cache
X-OVcl
Now
X-Real-IP
X-NGENIX-Cache
X-HS-Combine-CSS
Hostname
X-Ua
X-Pubstack
X-Litespeed-Cache
L5d-Success-Class
OT-Force-Account-Verify
Origin-Cache-Control
X-SS-Set-Cookie
Fastcgi-X-Cache-Version
Origin-Edge-Control
X-Redis-Cache
Access-Control-Request-Headers
ServedBy
X-FB-TRIP-ID
X-XRDS-LOCATION
X-VG-TLSProxy
X-Webkit-Csp
Accept-Language
Cteonnt-Length
Origin
X-VG-WebCache
Fastly-SSL
X-Sorting-Hat-ShopId
X-APP-VERSION
X-App-Version
X-Sorting-Hat-PodId
X-ShardId
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShopId
X-Tec-Api-Version
X-Tec-Api-Origin
NtCoent-Length
X-Parent-Response-Time
X-Tec-Api-Root
Machine
X-Cluster-Name
X-Origin-CC
X-UUID
X-Tb
X-Origin-TTL
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-CSRF-TOKEN
X-Load-Cache
X-ServerID
X-Rocket-Nginx-Bypass
X-NC
SRV
X-No-Session
X-ECACHE
X-Soup
IBM-Web2-Location
X-Environment-Context
X-L-Path
Nel
Mime-Version
X-Guploader-Uploadid
NGX
X-B3-Spanid
X-GEO
X-Is-Bot
X-B3-Parentspanid
X-CACHE-KEY
X-Nginx-Cache
X-DataStream-Cache-Status
X-Uri
Proxy-Connection
X-Magnolia-Registration
X-Endurance-Cache-Level
X-Amzn-Remapped-Content-Length
Fly-Request-Id
X-Instart-Info
X-Hl-Ver
X-DPWN-IS-SECURE
X-Node-Id
Cache-Prefix
X-Date
BehaviorPad-Version
Arc-Country
Apple-News-Services-Request-Url
X-Ruxit-Js-Agent
X-D
AsisCache
GEO-REGION-INFO
X-MServer
Cross-Origin-Window-Policy
Request-Time
Content-Script-Type
Content-Style-Type
X-Destination
X-PAYTM-SRV-ID
X-External-Request-Id
X-Detected-As
Apple-News-Services-Parsed-Url
X-Developer
Apple-News-Services-Host
Apple-News-Services-Handled
A
Fly-Cache
Viewtype
X-Rewrite-Enabled
Rt-Proxy-Cache
X-UA
X-B3-SpanId
X-Vtex-Processado-Em
X-AIR-PT
X-Vtex-Remote-Cache
X-VG-WebServer
X-Application
X-Connection-Hash
Rendered-Blocks
X-Trv-Group
X-Twitter-Response-Tags
X-ARC
X-Aed
X-Accel-Expires-Debug
X-A-Ccd
T-Server
Akamai-GRN
X-A
VivaBuild
X-A-Dam
Xc-Version
ServerName
X-A-Wwc
X-A-Dgt
We-Hiring
X-A-Dcw
X-B-Cookie
X-Transaction
X-ScT
X-Server-Time
X-Request-UUID
Memcached
MD5-Digest
X-CF-Lambda-Fn
X-G
X-Region-Sid
X-Rojux
X-S-Cookie
Meta-Geo-Continent
X-CF-Lambda-Version
Mobile-Detection-Method
Odigeo-Trace-Id
Mail-Subject
X-SRCache-Key
Node
X-VWS-Id
X-LJ-Flow-ID
X-Generated-By
X-AWS-Id
Backend-Name
X-Cdn-Srv
IsBot
X-CUA
X-Fastly-Cache
X-Cms-Context
Section-Io-Cache
X-Azure-Ref
Request-EU
Request-Country
N-Cache
X-Developers
Locale
X-Cache-Bucket
X-Azure-Ref-OriginShield
Fastly-Soc-X-Request-Id
X-Origin-Expires
X-SIPLIST1
X-SVT-ORM-RULES
X-S-Maxage
X-Trafficlayer-App-Scope
CF-IPCountry
X-Trafficlayer-App-Name
X-SVT-ORM-VERSION
X-Up
X-Mode
X-Worker
X-VC-Cache
X-Var-Ttl
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Origin-Date
X-Release
X-Cdn-Forward
User-Cache-Control
X-Dc
X-TrackingId
X-Thanos
X-Thinkindot-L3
X-Geo-Header
X-Auto-Login
X-Generation-Time
X-Backend-Host
X-Hash
X-Swa-Ws
X-Hnp-Log
X-IN-APIGATEWAY
X-Sn-Servicetimems
X-BYPASS-REASON
X-Block-Status
X-ElasticPress-Search
X-Bip
X-Backend-Url
X-VServer
X-JWT-State
X-Is-Gdpr
X-Has-Esi
Wxu-Next-Region
Wxu-Next-Hostname
X-Compress-Hint
W
Wxu-Next-Commit
X-Generated-In
X-Wikidot-Static-Cache
X-WADP-Cache
X-App-Name
X-ServiceProvider
X-Generated-On
X-We-Are-Hiring
X-Wikidot-Backend
X-Webstats-RespID
X-Eu-Site
X-C
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cookies
X-Distributor
X-Debug-Cache-Expiry
X-ProxyCache-Key
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Policy
X-Debug-Log
X-Location
X-Device-Os
X-Dispatch
X-Matched-Rule
X-Method
X-Level-Front-Cache
X-NX-Host
X-Nginx-Cache-Key
X-ProxyCache-Status
X-Qloud-Router
X-Cdn-Origin
X-Reqid
X-Gen-Mode
X-Cache-Info
X-Irp-Debug
X-Service
X-IN-APIGATEWAYSSL
X-Edge-Server
X-Reboot
X-Rebelmouse-Surrogate-Control
X-RateLimit-Remaining-Second
X-Core-Mission
X-RateLimit-Limit-Second
X-Rebelmouse-Cache-Control
X-Clientip
X-CGP
X-Clara-WADP
X-Distil-CS
X-BBXSRF
Kp-EeAlive
Heartbleed
HA-Ipaddr
Ha-Gx-Prefs
L
Magicmarker
RNT-Machine
Pramga
Pagetype
Gh-Request-Id
Srv
Cdn-Host
CDCHOST
AKAMAI
Cdn-Request-Time
Content-Disposition
Fastly-SWR
Fastly-SIE
Countrycode
RNT-Time
Esi-Enabled
Served-By
Server-Host
Server-Int
Uber-Trace-Id
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
True-Client-Country-4JS
X-Microcachable
X-MSEdge-Features
X-PHP-Host
Adler-Geo
X-Epic-Correlation-Id
Cache-Provider
X-Dispatcher-Server
Web-Mar-Node
V-Age
X-Platform-Server
X-MSEdge-Flight
X-Li-Fabric
X-Server-IP
X-Request-URI
X-Info
X-LI-Proto
X-Internal-Host
X-Request-Start
X-Li-Pop
X-Key
X-Request-Time
X-LI-UUID
X-GDPR
X-Old-Content-Length
X-SayCDN-TTL
X-Say-TTL
X-GeoIP-City
X-Say-Cacheable
X-Fetched-On
X-Owner
Platform
X-Cache-FS-Status
Memory
Is-Eu
X-WebServer
PFcat
X-Via-CDN
X-Skip-Cache
X-Cache-Id
X-User
X-Amz-Meta-Cache-Control
X-Backend-State
X-Variation
Server-ID
X-NWS-UUID-VERIFY
X-SD-PageType
SD-X-WS
X-Org
X-Lb-Id
X-COUNTRY
X-Servername
Resin-Trace
X-Geo
X-Hello
X-URL
X-Flog
SS
X-FPC
X-ABtesting
X-Nc
X-Be
X-Unique-ID
X-Cache-URL
X-Svr
X-Wa
REQUESTUUID
X-RateLimit-Reset
X-DC
X-Ratelimit-Limit
X-IPS-LoggedIn
X-Servedbyhost
Country-Code
X-Response-By
X-Instart-Isnd
X-Zipkin-Id
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Scheme
X-Proxied
X-Routing-Service
X-Dynatrace-Js-Agent
X-Datadome
X-Cache-Backend
X-NodeID
X-Processor
X-Page-Type
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
UCS
X-Pjax-Url
X-VCL-Version
XServer
Group
X-MP-GENERATED-AT
X-Varnish-Beresp-Ttl
X-SN
X-CDN-Forward
Powered-By-ChinaCache
X-Oracle-Dms-Rid
ProcessTime
CACHE
Ajk
X-Logtrace-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
Dynatrace
Cache-Host
X-Server-W
X-Ftr-Request-Id
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Proxy-Firewall
X-HS-Status
PICS-Label
X-SRV
X-HTML-Minification-Powered-By
X-ZONE
X-Zone
X-Newrelic-Synthetics
X-Dynatrace
X-Via-Ucdn
X-Ms-Version
SN
Powered-By
X-Ms-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
X-GRACE
X-EC-Lua
X-Source
Geoip-City
X-Grey
X-Pf-Uncompressing
X-Cache-Category-Id
Ttl
GeoIp-Country-Code
Geoip-Latitude
X-Ratelimit-Remaining
X-TH-Server
X-Session-Fingerprint
X-APP
X-Sucuri-Id
X-Varnish-Beresp-TTL
X-Agile
X-Cache-Debug
GeoIP-City
X-Agile-Id
Fastly-Backend-Name
X-Agile-Age
Lfy
GeoIP-Country-Code
GeoIP-Latitude
X-PF-Uncompressing
X-LiteSpeed-Cache-Control
X-NODE
X-Ftr-Cache-Host
X-Fastly-Country-Code
X-Bc
X-Check-Cacheable
MIME-Version
X-Logging-Id
X-Tt-Trace-Host
Cdn
Environment
GW-Server
Pics-Label
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
CF-Cached-On
X-CSRF-Token
X-Edge
X-Aicache-OS
LB
X-LAGOON
M-TraceId
X-Varnish-Url
X-Sedo-Request-Id
X-Secret
WWW
Cf-Ipcountry
X-Gannett-Site-Version
X-Cache-Miss-From
X-BC
X-RCS-CacheZone
X-Ftr-Dc
X-Ftr-Backend
X-Ftr-Realm
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Vcl-Version
WZWS-RAY
Requestid
X-PJAX-URL
X-Core-Value
Ohc-Response-Time
X-Mid
X-Sucuri-ID
X-MCACHE
DataCenter
Cdncip
X-Fastly-Backend-Reqs
On-Server
X-UPSTREAM-Address
X-Varnish-Ttl
X-Varnish-Cacheable
Cdnsip
X-CDN-Cache
X-AK-Request-ID
X-Cache-Tag
X-Unique-Id
X-GeoIP-Country-Code
User-Agent
X-Litespeed-Cache-Control
X-Sucuri-Cache
X-Vdms-Version
X-Akamai-SSL-Client-Sid
X-TT-LOGID
X-Swift-Error
X-NGINX-Cache
Lb
X-BE
X-Proxy-Cacherz
URI
X-Sigma
X-Action
X-Sigma-Backend
Inserted-Into-Cache-At
CDN
X-Fstrz
X-Cache-Ttl
Xkeyrz
X-Rocket-Build-Number
X-DI
X-DB
X-DW
X-DSS
X-RPM
X-RPS
X-RSL
HostName
X-Planisys-CDN-TTL
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-Cache
RequestUuid
X-Planisys-CDN-Rules
Who
X-Crawler
X-WA
Host-ID
SID
X-NU-AKA-ACS-Version
X-ServedByHost
X-Correlation-ID
Tcn
Xkeypdq
X-Render-Time
Pragrma
X-Fastly-Cache-Hits
Is-Session-Tracking
X-Page-Impression-Id
Get-Access-Time
X-Fpc
X-Via-NSCOPI
X-Flow-Id
Warning
X-WR-MODIFICATION
X-Zalando-Child-Request-Id
Server-Id
X-LB-ID
FNAC-ModuleRouting
X-SB
X-ServerName
Correlation-Id
TTL
X-Nananana
X-MID
X-VC
X-FE
X-Refresh
X-HostName
X-Cf-Powered-By
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Akamai-ERRuleID
X-Trafficlayer-App-Version
X-LiteSpeed-Tag
X-Fe
X-Akamai-ERPolicy
Xet-Cookie
X-Gdpr
V-Cache
X-Dw-Trace-Id
Cneonction
X-MiniProfiler-Ids
X-Newrelic-App-Data
X-Micro-Cache
X-Bug-Bounty
RequestId
X-Cdn-Request-ID
X-Request-URL
Processtime
HitType
X-ECache
X-Gen-Id