Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-UA-Device
X-Server
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Amz-Version-Id
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
X-Host
X-Response-Time
X-Node
EagleEye-TraceId
X-Backend-Server
Content-Location
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-ORACLE-DMS-RID
X-Origin-Upstream-Status
X-Rack-Cache
X-Ruxit-JS-Agent
Surrogate-Control
Allow
X-HW
X-DataDome
Rating
X-Country-Code
X-FTR-Request-ID
X-TTL
X-Country
X-Clacks-Overhead
X-Url
X-DynaTrace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
X-Goog-Hash
X-MS-InvokeApp
X-Varnish-TTL
X-TtlSet
X-Vname
X-PC
RTSS
X-CST
Verso
X-Powered-By-Plesk
Public-Key-Pins
X-Px
X-Recruiting
Edge-Control
X-VARITI-CCR
X-Mod-Pagespeed
Pinterest-Generated-By
X-Ah-Environment
X-B3-TraceId
Service-Worker-Allowed
X-Middleton-Response
Response
X-Middleton-Display
Display
X-Sol
X-D2id
X-Kinja-Build
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
Accept-Ch-Lifetime
X-Akam-SW-Version
Accept-CH
MS-Author-Via
TCN
X-Abt-Application-Version
X-Navigation-Version
X-RateLimit-Remaining
X-GitHub-Request-Id
X-Powered-CMS
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Shard
SPIisLatency
SPRequestDuration
X-Upstream
X-Server-Name
AR-ATIME
Ar-Sid
AR-CACHE
AR-PoweredBy
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
Charset
Fastly-Restarts
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-XRDS-Location
X-ESI
X-Amz-Rid
X-Trace
X-Aspnetmvc-Version
Nginx-Cache
Realpath
X-Debug
Front-End-Https
AR-Request-ID
X-Ezoic-Cdn
X-Cached
X-Shield-Request-Id
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-NF-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
Arr-Disable-Session-Affinity
Pagespeed
Paypal-Debug-Id
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
Content-MD5
ServerID
X-Id
X-Vcache
X-FTR-Backend
X-Goog-Storage-Class
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
MicrosoftSharePointTeamServices
DynaTrace
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
S
X-DynaTrace-JS-Agent
X-Via-JSL
X-Client-IP
X-Varnish-Age
X-Content-Type
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-VCache
X-SERVER
X-Correlation-Id
X-RateLimit-Limit
Fastcgi-Cache
X-Content-Digest
X-Frontend
X-Accel-Expires
X-FastCGI-Cache
Powered
X-N
X-Ser
X-FTR-Cache-Host
X-Mobile-Rewrite
PB-RID
Arc-Version
PB-PID
X-DIS-Request-ID
Server-Name
X-Grace
X-Logged-In
X-Forwarded-For
Accept-Ch
AMP-Access-Control-Allow-Source-Origin
X-HS-Hub-Id
X-B3-Sampled
X-HS-Content-Id
TP-Cache
TP-L2-Cache
X-GUploader-UploadID
Edge-Cache-Tag
X-Microsite
X-Request-Handler-Origin-Region
X-Zen-Fury
X-Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
X-Cache-Age
X-Type
X-Activity-Id
X-User-Agent
X-Rid
FilterID
Backend-Timing
X-Analytics
X-IPLB-Instance
X-Kinsta-Cache
X-Az
X-AppVersion
X-LB-Cache
X-Esi
X-Revision
Healthy
X-Whom
X-Node-Name
Retry-After
X-Time
X-F-Cache
X-Pinterest-Rid
Pinterest-Version
X-Srv
X-Cache-Hit
X-NWS-LOG-UUID
X-B3-Traceid
X-Cache-2
Accept-Charset
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Alternate-Protocol
Server-Node
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Rule
X-TA-CDN-Provider
X-Server-ID
Cache-Status
X-AOL-HN
X-Content-Options
X-Acc-Meta-Resource-Type
Surrogate-Key
DC
Refresh
X-Akamai-Edgescape
VIX-Pulpo-Upstream-Status
X-Hp-Webp
X-Content-Powered-By
X-Forwarded-Host
X-Debug-Info
X-Instance
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-FW-Static
X-FW-Type
X-Jobs
X-FW-Server
X-Tumblr-Pixel
X-FW-Hash
X-Tumblr-User
Access-Control-Allow-Method
X-Tumblr-Pixel-0
X-FW-Serve
X-Cluster
X-Varnish-Grace
X-PHP-Backend
X-Framework
X-Page-Id
MS-CV
Source
X-FB-Debug
X-B
X-App-Environment
X-Request-Guid
Frame-Options
Cache-Tag
Fastcgi-Useragent
X-App-Server
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Tracecode
X-Hostname
Host
X-Cache-Operation
Actual-Object-TTL
Cleartype
X-Signature
X-Mobile-URL
X-B-Cache
X-Geo-Country
X-BCube-Filmed-By
X-Cached-By
X-Cache-Control
X-Seen-By
X-Cache-Key
X-Amz-Replication-Status
X-Varnish-Backend
X-TT
X-Host-Name
X-Cache-TTL
X-Mobile
X-Git-Hash
NGB
X-Response-Served-From
X-Pad
Liferay-Portal
X-Adobe-Content
Upgrade-Insecure-Requests
X-Adobe-Loc
X-TT-TIMESTAMP
Payment
WPE-Backend
Cache-Tv-Group
X-ProcessESI
X-RemovedCookies
X-Status
Filters
Xserver
Eomportal-Instance
X-ATG-Version
X-Ratelimit-Reset
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RTag
X-Handled-By
Ms-Operation-Id
X-Cacheable-TTL
X-FW-Dynamic
Webserver
From-Origin
X-TX-ID
X-PressLabs-Stats
X-GeoIP
X-RequestSource
GEO-INFO
X-WA-Info
X-UA-Device-Type
X-Drupal-Cache-Tags
X-Cache-Remote
X-Cache-TTL-Remaining
Datacenter
X-Origin-Server
X-Webkit-CSP
X-Content-Age
Accept-CH-Lifetime
X-Daa-Tunnel
X-Edge-Location
X-Cache-Action
X-Storage
NR-ENABLED
Viewport
X-Varnish-Hostname
X-EdgeConnect-Cache-Status
X-Accel-Buffering
X-DataStream-Cache-Status
Version
X-Hyper-Cache
X-Contextid
X-CF-Powered-By
X-Wix-Request-Id
X-Upstream-Proxy
X-Region
X-Ua
PageSpeed
Host-Header
X-Akamai-Transformed
Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
Ohc-File-Size
X-ES-SERVER
X-Cache-Var-Map
X-Varnish-Server
Load-Balancing
X-RN-RSRV
X-Path-Route
Meta-Geo
X-Cache-Var
X-From
S-Cnection
X-IP
Cache-Name
X-Presslabs-Stats
Cache-Tags
X-Cache-NE
Rt-Fastcgi-Cache
DB-Nickname
Decoy-Debug-Key
Decoy-Debug-Status
Ec-Rule-Version
Decoy-Debug-TTL
Cache-Hits
Vix-Hermes-Req-Id
X-Viewer-Country
X-Proto
X-Origin-Response-Time
X-Proxy
X-Via-Fastly
X-TNCMS
X-Tumblr-Pixel-3
X-Upgrade-Enabled
X-Origin
X-ApacheServer
X-CS
X-Cache-Enabled
X-Cache-Time
X-Cache-Config
X-Labrador-Cache-Channel
X-NCache
X-Loop
X-Akamai-Request-ID2
X-PERF
X-Akamai-Request-ID
X-Section
X-Time-Microsecs
X-Access
X-FC-Vary-Parameters
X-EIG-Tracking-Id
TWC-Connection-Speed
X-Format
TWC-Locale-Group
TWC-Privacy
X-JoinUs
X-Hit
X-Cluster-Node
Country
TWC-Device-Class
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-RegionName
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
Cache-Key
X-Backend-TTL
X-Cache-Grace
X-CCM
X-OCL
X-Varnish-Cache-Hits
Selected-Fe
Webcakes-Region
TWC-GeoIP-Country
X-Upstream-HT
X-Upstream-CT
X-Trace-Id
S-Rt
X-UnsetCookies
X-PCL
X-Web-Node
Mn-Server-Ip
X-Proxy-Build
X-Timing-Wait
Webcakes-App-Name
Webcakes-App-Version
X-Origin-Hint
Azure-InstanceId
X-Xfnlog-Site
X-Rule
X-Cache-Host
Property-Id
X-Cache-Server
X-Drupal-Cache-Contexts
X-Varnish-Hits
X-S
X-FireWall-Port
X-Www-Served-By
X-Backend-Name
X-Site-Version
X-Debug-Cache
X-Locale
X-Human
X-FW-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
X-Generated
Now
X-Device-Type
Server-Info
X-HS-Cache-Config
X-Rendered-As
Release
X-VCT
DSUID
Time
Ohc-Cache-HIT
OT-Force-Account-Verify
SRV
X-NewRelic-App-Data
Hostname
X-Vgn-Hpd-Reason
X-OVcl
X-OVcl-Cache
ServedBy
X-Litespeed-Cache
X-VG-TLSProxy
Fastcgi-X-Cache-Version
X-Real-IP
Cteonnt-Length
X-VG-WebCache
Access-Control-Request-Headers
X-Redis-Cache
X-FB-TRIP-ID
X-Sorting-Hat-PodId
Origin-Edge-Control
X-Pubstack
Origin-Cache-Control
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Alternate-Cache-Key
Origin
Accept-Language
X-Element-Page-Cache
X-CSRF-TOKEN
L5d-Success-Class
Machine
X-Tb
X-APP-VERSION
X-App-Version
X-Nginx-Cache
X-NGENIX-Cache
NtCoent-Length
X-CACHE-KEY
Fastly-SSL
X-No-Session
X-L-Path
X-Environment-Context
X-Tt-Trace-Tag
X-SS-Set-Cookie
X-Cluster-Name
X-NC
X-Mode
X-GEO
X-B3-Spanid
X-UUID
IBM-Web2-Location
X-ECACHE
X-HS-Combine-CSS
X-LJ-Flow-ID
X-Origin-TTL
Nel
X-GoCache-CacheStatus
X-DataStream-Origin-MEX-Latency
X-AWS-Id
X-VWS-Id
X-Origin-CC
X-DataStream-MidMile-RTT
X-Magnolia-Registration
X-Generated-By
X-ServerID
Odigeo-Trace-Id
Mime-Version
X-Amzn-Remapped-Content-Length
X-B3-Parentspanid
X-Endurance-Cache-Level
X-Load-Cache
X-Rocket-Nginx-Bypass
X-XRDS-LOCATION
X-Request-Time
X-Parent-Response-Time
X-Soup
We-Hiring
Mail-Subject
Akamai-GRN
X-Uri
X-Oneagent-Js-Injection
NGX
X-D
Fly-Cache
Cache-Prefix
X-Connection-Hash
X-Date
T-Server
Proxy-Connection
Request-Time
BehaviorPad-Version
Cdn-Host
X-B-Cookie
X-CF-Lambda-Fn
MD5-Digest
Cross-Origin-Window-Policy
Content-Style-Type
X-Is-Bot
X-Instart-Info
Cdn-Request-Time
Content-Script-Type
AsisCache
X-Worker
Fly-Request-Id
X-Node-Id
A
GEO-REGION-INFO
Memcached
X-Edge-Server
X-DPWN-IS-SECURE
X-G
X-Developer
X-Detected-As
Apple-News-Services-Request-Url
Xc-Version
Arc-Country
X-MServer
Apple-News-Services-Parsed-Url
X-Destination
Apple-News-Services-Handled
Apple-News-Services-Host
X-External-Request-Id
Mobile-Detection-Method
Rendered-Blocks
X-A-Wwc
X-A
X-Region-Sid
X-A-Dgt
X-VG-WebServer
X-Accel-Expires-Debug
X-AIR-PT
X-PAYTM-SRV-ID
VivaBuild
X-Vtex-Processado-Em
X-CF-Lambda-Version
X-A-Dcw
X-Request-UUID
X-A-Ccd
X-A-Dam
Rt-Proxy-Cache
X-SRCache-Key
X-B3-SpanId
X-Server-Time
X-ScT
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-S-Maxage
X-Transaction
X-Aed
X-Vtex-Remote-Cache
Node
Viewtype
X-Application
X-Trv-Group
X-Twitter-Response-Tags
Meta-Geo-Continent
X-Org
X-ARC
Backend-Name
ServerName
X-Release
X-SVT-ORM-RULES
X-Distributor
IsBot
X-Cdn-Srv
N-Cache
X-Up
X-SIPLIST1
Locale
X-Azure-Ref
X-Developers
X-Urbn-Context-Path
X-Azure-Ref-OriginShield
X-Hl-Ver
X-Urbn-Site-Id
X-Origin-Expires
Request-EU
X-SVT-ORM-VERSION
Server-ID
Fastly-Soc-X-Request-Id
X-Cms-Context
X-Origin-Date
X-DC
Request-Country
X-VC-Cache
X-Fastly-Cache
Section-Io-Cache
X-Cache-Bucket
Uber-Trace-Id
CF-IPCountry
X-Cdn-Forward
X-Oracle-Dms-Rid
User-Cache-Control
X-Cdn-Origin
W
X-Cache-FS-Status
X-Backend-Url
X-App-Name
X-Backend-Host
Thinkindot-Control
X-Auto-Login
V-Age
X-BBXSRF
X-Amz-Meta-Cache-Control
True-Client-Country-4JS
X-Cache-Id
X-C
X-Block-Status
X-Bip
X-Cache-Info
X-Matched-Rule
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Request-Start
X-Reboot
X-Policy
X-Platform-Server
X-Nginx-Cache-Key
X-MSEdge-Flight
X-Old-Content-Length
X-Owner
X-PHP-Host
X-Request-URI
X-ServiceProvider
X-We-Are-Hiring
X-WADP-Cache
X-WebServer
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-Variation
X-Sn-Servicetimems
X-Skip-Cache
X-Thanos
X-Thinkindot-L3
X-TrackingId
X-MSEdge-Features
X-Method
X-Fetched-On
X-Epic-Correlation-Id
X-Flog
X-GDPR
X-Gen-Mode
X-ElasticPress-Search
X-Distil-CS
X-Compress-Hint
X-Clientip
X-Core-Mission
X-CUA
X-Device-Os
X-Generated-On
X-Generation-Time
X-LI-Proto
X-Li-Pop
X-LI-UUID
X-Location
Thinkindot-CacheControl-Type
X-Li-Fabric
X-Level-Front-Cache
X-Hello
X-Geo-Header
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Clara-WADP
X-ABtesting
Platform
AKAMAI
RNT-Time
Gh-Request-Id
Adler-Geo
X-Via-CDN
L
Magicmarker
Is-Eu
Esi-Enabled
Thinkindot-CacheControl
RNT-Machine
Server-Int
X-Guploader-Uploadid
Fastly-SWR
Fastly-SIE
Content-Disposition
Countrycode
CDCHOST
X-BYPASS-REASON
X-ProxyCache-Status
X-Microcachable
X-Unique-ID
X-ProxyCache-Key
X-Debug-Cache-Expiry
X-CGP
X-Dispatcher-Server
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Debug-Cache-Fetch
X-Eu-Site
X-Dispatch
X-Irp-Debug
X-SD-PageType
X-SayCDN-TTL
X-Say-Cacheable
X-Server-IP
X-Servername
X-Webstats-RespID
X-User
X-Swa-Ws
X-Response-By
X-Reqid
X-Internal-Host
X-Hash
X-GeoIP-City
X-NX-Host
X-Proxy-Cache-Status
X-Qloud-Router
X-Proxy-Upstream
X-Generated-In
X-Say-TTL
SS
HA-Ipaddr
PFcat
Heartbleed
X-Backend-State
Kp-EeAlive
Pagetype
Pramga
Ha-Gx-Prefs
Web-Mar-Node
Wxu-Next-Hostname
Wxu-Next-Region
Served-By
Server-Host
SD-X-WS
Wxu-Next-Commit
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-Service
X-Var-Ttl
X-Key
Memory
Resin-Trace
X-COUNTRY
X-IPS-LoggedIn
X-JWT-State
X-URL
X-Is-Gdpr
X-Nc
X-Has-Esi
Cache-Provider
X-Wa
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Country-Code
X-Dc
X-Geo
X-Page-Type
REQUESTUUID
X-Servedbyhost
X-FPC
X-MP-GENERATED-AT
Srv
X-Lb-Id
CACHE
X-NWS-UUID-VERIFY
UCS
X-RateLimit-Reset
X-Info
Powered-By-ChinaCache
X-Ratelimit-Limit
X-Datadome
X-Be
Ajk
X-Logtrace-Id
X-Cache-URL
X-Svr
X-Cache-Backend
ProcessTime
X-VCL-Version
X-HTML-Minification-Powered-By
X-UA
X-Processor
X-GRACE
X-Instart-Isnd
X-Tb-Optimization-Total-Bytes-Saved
X-Pjax-Url
Proxy-Firewall
X-SRV
X-Varnish-Beresp-Ttl
X-Scheme
X-Oss-Hash-Crc64ecma
X-HS-Status
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Storage-Class
X-Ruxit-Js-Agent
X-Zone
Dynatrace
Powered-By
SN
X-Cache-Category-Id
X-SN
X-Grey
X-NodeID
X-Tec-Api-Origin
X-Webkit-Csp
X-Tec-Api-Root
X-Tec-Api-Version
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-CDN-Forward
PICS-Label
X-Ftr-Request-Id
X-Dynatrace
X-Ttl
Group
GeoIP-City
Fastly-Backend-Name
X-TH-Server
GeoIP-Country-Code
X-ZONE
GeoIP-Latitude
X-Source
X-Server-W
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
Cache-Host
X-EC-Lua
XServer
X-PF-Uncompressing
Ttl
X-Pf-Uncompressing
X-FORWARDED-FOR
X-APP
X-LiteSpeed-Cache-Control
X-Newrelic-Synthetics
X-Sucuri-Id
X-RCS-CacheZone
X-Via-Ucdn
X-Ms-Request-Id
X-Ms-Version
X-Bc
CF-Cached-On
X-Dynatrace-Js-Agent
GW-Server
X-LAGOON
X-NODE
X-Varnish-Beresp-TTL
X-Varnish-Url
X-Cache-Ttl
X-Gannett-Site-Version
Cdn
X-Ftr-Cache-Host
X-Secret
LB
MIME-Version
X-Check-Cacheable
X-Tt-Trace-Host
Geoip-Latitude
WZWS-RAY
Pics-Label
Geoip-City
GeoIp-Country-Code
Lfy
X-Aicache-OS
X-Session-Fingerprint
X-Fastly-Country-Code
X-Ratelimit-Remaining
Amp-Access-Control-Allow-Source-Origin
On-Server
X-Edge
Environment
X-Agile
X-CDN-Cache
X-Agile-Age
X-Cache-Debug
X-Varnish-Cacheable
X-Agile-Id
X-SERVER-NAME
X-Akamai-SSL-Client-Sid
User-Agent
X-GeoIP-Country-Code
WWW
Cf-Ipcountry
X-Ftr-Dc
X-Ftr-Realm
X-Ftr-Balancer
X-BC
X-Ftr-Backend-Server
X-Ftr-Backend
Inserted-Into-Cache-At
M-TraceId
X-Fastly-Backend-Reqs
Ohc-Response-Time
Requestid
X-Logging-Id
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Mid
X-PJAX-URL
X-Sedo-Request-Id
X-Cache-Miss-From
SID
X-NU-AKA-ACS-Version
X-BE
X-MCACHE
X-Vcl-Version
X-CSRF-Token
X-Varnish-Ttl
Lb
Who
X-UPSTREAM-Address
X-Render-Time
X-Crawler
X-Litespeed-Cache-Control
X-RPS
X-DW
X-RPM
X-DSS
X-DB
X-LB-ID
X-Action
X-Proxy-Cacherz
URI
X-DI
X-Cache-Tag
X-RSL
X-Core-Value
Xkeyrz
HostName
RequestUuid
X-Micro-Cache
X-WR-MODIFICATION
X-FE
Cdncip
CDN
X-AK-Request-ID
Cdnsip
Host-ID
X-Fpc
DataCenter
X-Correlation-ID
X-Via-Edge
X-Sucuri-Cache
X-Served-From
Is-Session-Tracking
X-TT-LOGID
Get-Access-Time
X-Via-SSL
X-ServedByHost
X-Fastly-Cache-Hits
X-Flow-Id
X-Nananana
X-Sucuri-ID
X-Page-Impression-Id
X-WA
Xkeypdq
X-Zalando-Child-Request-Id
X-Swift-Error
X-Newrelic-App-Data
X-NGINX-Cache
X-Unique-Id
X-Fstrz
Warning
X-Sigma
X-Sigma-Backend
FNAC-ModuleRouting
X-Vdms-Version
X-SB
X-MID
X-VC
X-TIME
Correlation-Id
Cneonction
X-Cdn-Request-ID
X-Rocket-Build-Number
X-Cf-Powered-By
X-Planisys-CDN-TTL
Pragrma
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-LiteSpeed-Tag
X-Gen-Id
TTL
X-Bug-Bounty
X-Gdpr
V-Cache
X-Dw-Trace-Id
X-MiniProfiler-Ids
X-Amzn-Remapped-Date
X-Request-URL
X-Fe
X-ServerName
X-ECache
Processtime
Xet-Cookie
HitType
X-Amzn-Remapped-Connection
RequestId