Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
Content-Encoding
X-Content-Security-Policy
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Buckets
X-Kinja-Server-Push
X-Request-ID
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Ua-Compatible
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-AH-Environment
X-Server
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Cdn
P3p
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
Feature-Policy
X-Amz-Version-Id
X-WebKit-CSP
X-Device
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
Report-To
EagleEye-TraceId
X-Cloud-Trace-Context
X-Response-Time
X-Backend-Server
Request-Id
X-Host
X-Node
Content-Location
X-Readtime
X-Origin-Cache
X-Vhost
X-Cache-Lookup
X-Application-Context
X-ORACLE-DMS-ECID
X-Dispatcher
X-DataDome
NEL
X-ORACLE-DMS-RID
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Rack-Cache
Surrogate-Control
X-HW
X-Dns-Prefetch-Control
Allow
Rating
X-Country-Code
X-Clacks-Overhead
X-Country
X-FTR-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Url
X-DynaTrace
X-Instart-Request-ID
X-MS-InvokeApp
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-Goog-Hash
X-TTL
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
Public-Key-Pins
RTSS
X-B3-TraceId
X-Px
Edge-Control
X-Mod-Pagespeed
X-ESI
Display
X-Middleton-Display
X-Sol
Response
X-Middleton-Response
X-VARITI-CCR
X-Ah-Environment
X-Recruiting
X-CST
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
SPRequestGuid
X-D2id
X-SharePointHealthScore
Service-Worker-Allowed
X-Akam-SW-Version
X-Vcap-Request-Id
X-Version
Accept-Ch-Lifetime
SPRequestDuration
SPIisLatency
X-Server-Name
X-GitHub-Request-Id
MS-Author-Via
X-Abt-Application-Version
TCN
X-Powered-CMS
X-Navigation-Version
X-Shard
Accept-CH
X-Trace
Charset
Fastly-Restarts
X-Upstream
X-Amz-Server-Side-Encryption
Nginx-Cache
X-RateLimit-Remaining
Realpath
X-Amz-Rid
X-Debug
AR-PoweredBy
AR-CACHE
Ar-Sid
X-Aspnetmvc-Version
AR-ATIME
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Ezoic-Cdn
Front-End-Https
X-Cached
X-VCache
X-NF-Request-ID
X-XRDS-Location
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-TEC-API-ROOT
X-Goog-Generation
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Goog-Metageneration
X-MSEdge-Ref
AR-Request-ID
Pagespeed
Access-Control-Request-Method
X-Shield-Request-Id
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Arr-Disable-Session-Affinity
Content-MD5
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
MicrosoftSharePointTeamServices
Paypal-Debug-Id
DynaTrace
X-Id
X-Goog-Storage-Class
X-Amz-Meta-S3cmd-Attrs
X-T
S
X-Fastly-Request-ID
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
ServerID
X-Varnish-Age
X-Via-JSL
X-Server-ID
X-Ser
X-Client-IP
X-DynaTrace-JS-Agent
X-Content-Type
X-Dw-Request-Base-Id
X-Accel-Expires
X-Hits
X-Forwarded-For
Accept-Ch
X-Amzn-Trace-Id
Fastcgi-Cache
X-Content-Digest
Powered
X-Frontend
X-Correlation-Id
X-FastCGI-Cache
Edge-Cache-Tag
X-DIS-Request-ID
X-Grace
X-N
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-FTR-Cache-Host
X-HS-Hub-Id
X-HS-Content-Id
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
Server-Name
TP-L2-Cache
TP-Cache
Pinterest-Version
X-Pinterest-Rid
X-RateLimit-Limit
X-Microsite
X-Request-Handler-Origin-Region
X-Vcache
X-Request-Received
X-Request-Processing-Time
X-Fastcgi-Cache
X-Kinsta-Cache
X-Zen-Fury
X-Time
X-B3-Sampled
X-Cache-Age
X-AppVersion
X-Activity-Id
X-Revision
X-Rid
X-Type
X-Az
X-IPLB-Instance
X-User-Agent
X-Analytics
Backend-Timing
Healthy
X-LB-Cache
X-Whom
X-Cache-Hit
X-GUploader-UploadID
Retry-After
X-Srv
FilterID
X-Node-Name
X-NWS-LOG-UUID
Server-Node
X-F-Cache
X-SERVER
Alternate-Protocol
Accept-Charset
X-Hp-Webp
X-Cache-2
Cache-Tag
X-Cache-Rule
Cache-Status
X-Akamai-Edgescape
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Erf-Bev-Bev
X-Webkit-CSP
X-Erf-Bev-Bev-Is-Generated
X-Content-Options
X-Content-Security-Policy-Report-Only
Surrogate-Key
X-Amzn-RequestId
X-Amz-Apigw-Id
Refresh
DC
Tracecode
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Tumblr-User
MS-CV
X-Tumblr-Pixel-0
X-AOL-HN
X-Content-Powered-By
X-Tumblr-Pixel
X-Forwarded-Host
X-Instance
X-Framework
Access-Control-Allow-Method
X-Debug-Info
Source
X-App-Environment
X-Jobs
X-Varnish-Grace
X-Cluster
X-PHP-Backend
X-Request-Guid
X-Page-Id
X-FB-Debug
Fastcgi-Useragent
X-App-Server
X-Cache-TTL
X-TA-CDN-Provider
X-FW-Type
X-FW-Static
X-FW-Server
X-B
X-FW-Hash
X-FW-Serve
X-Cache-Operation
Actual-Object-TTL
Frame-Options
Host
X-Mobile-URL
X-Seen-By
X-B3-Traceid
NR-ENABLED
X-Geo-Country
X-Hostname
X-Cache-Control
Cleartype
X-Signature
X-B-Cache
X-Cache-Key
X-Host-Name
X-Cached-By
X-BCube-Filmed-By
X-Pad
Upgrade-Insecure-Requests
X-Mobile
X-Git-Hash
X-TT
NGB
X-Response-Served-From
X-Acc-Meta-Resource-Type
X-Varnish-Backend
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
X-Adobe-Loc
GEO-INFO
X-Adobe-Content
WPE-Backend
X-ATG-Version
X-Tumblr-Pixel-1
Webserver
X-Tumblr-Pixel-2
Cache-Tv-Group
Filters
Eomportal-Instance
X-RTag
Ms-Operation-Id
X-Drupal-Cache-Tags
X-UA-Device-Type
X-GeoIP
X-ProcessESI
X-RemovedCookies
X-RequestSource
Payment
X-Handled-By
X-TT-TIMESTAMP
X-Daa-Tunnel
From-Origin
X-Cache-Remote
X-Cacheable-TTL
X-TX-ID
X-Origin-Server
Liferay-Portal
X-Status
X-EdgeConnect-Cache-Status
X-Cache-TTL-Remaining
X-FW-Dynamic
Xserver
X-WA-Info
X-Presslabs-Stats
X-Esi
Accept-CH-Lifetime
X-Wix-Request-Id
X-Cache-Action
X-Element-Page-Cache
X-HS-Cache-Config
X-Content-Age
X-Hyper-Cache
X-Contextid
X-Edge-Location
X-Ratelimit-Reset
X-Region
Viewport
Datacenter
X-CF-Powered-By
Cache
Version
X-Storage
Ohc-File-Size
X-Varnish-Hostname
PageSpeed
X-PressLabs-Stats
X-Accel-Buffering
X-Akamai-Transformed
X-Cache-NE
X-Cache-Server
Host-Header
X-RN-RSRV
X-Cache-Var-Map
X-Path-Route
Meta-Geo
X-ES-SERVER
X-Cache-Var
Load-Balancing
X-Varnish-Server
X-IP
Cache-Name
X-Cache-Enabled
Cache-Tags
Ohc-Cache-HIT
X-Proto
X-Proxy
S-Cnection
X-Yottaa-Metrics
TWC-GeoIP-Country
Cache-Hits
Rt-Fastcgi-Cache
X-Yottaa-Optimizations
Release
TWC-Device-Class
TWC-Connection-Speed
Property-Id
Country
Ec-Rule-Version
Mn-Server-Ip
X-Access
TWC-GeoIP-LatLong
X-Viewer-Country
X-Via-Fastly
X-Cache-Config
X-Origin-Response-Time
X-NCache
X-Origin-Hint
X-CS
X-Varnish-Cache-Hits
X-Cluster-Node
X-TNCMS
X-Section
X-XRDS-LOCATION
X-Tumblr-Pixel-3
X-R9-Blue-Green-Version
X-Loop
X-Device-Type
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
Vix-Hermes-Req-Id
X-Akamai-Request-ID2
TWC-Privacy
X-Akamai-Request-ID
TWC-Locale-Group
X-Cache-Time
X-Rule
X-Upgrade-Enabled
X-UnsetCookies
X-Proxy-Build
DSUID
X-Trace-Id
Azure-Version
Azure-SlotName
X-Time-Microsecs
DB-Nickname
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Cache-Host
X-VCT
X-FC-Vary-Parameters
X-Human
X-Xfnlog-Site
Azure-SiteName
X-Format
X-Origin
X-EIG-Tracking-Id
X-Drupal-Cache-Contexts
X-OCL
X-Www-Served-By
X-Backend-TTL
S-Rt
X-ApacheServer
X-Cache-Grace
X-Labrador-Cache-Channel
X-PERF
X-PCL
X-Web-Node
X-Backend-Name
X-Debug-Cache
X-Timing-Wait
Selected-Fe
X-NewRelic-App-Data
Azure-RegionName
X-Ttl
Azure-InstanceId
X-Site-Version
X-CCM
X-Locale
X-Hosted-By
X-JoinUs
X-Generated
X-Vgn-Hpd-Reason
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-From
Cache-Key
X-FireWall-Port
X-HS-Combine-CSS
Server-Info
X-Ua
X-Upstream-HT
X-Tec-Api-Origin
X-NGENIX-Cache
X-Tec-Api-Version
X-Upstream-CT
Time
X-Tec-Api-Root
X-OVcl
X-OVcl-Cache
X-Rendered-As
X-S
X-Real-IP
X-FW-Version
X-Varnish-Hits
Now
X-Upstream-Proxy
L5d-Success-Class
X-Pubstack
Origin-Edge-Control
Origin-Cache-Control
X-SS-Set-Cookie
X-Litespeed-Cache
OT-Force-Account-Verify
X-Redis-Cache
Fastcgi-X-Cache-Version
Hostname
ServedBy
Access-Control-Request-Headers
Origin
Fastly-SSL
X-FB-TRIP-ID
X-VG-TLSProxy
Cteonnt-Length
X-Parent-Response-Time
X-VG-WebCache
X-App-Version
X-APP-VERSION
NtCoent-Length
X-UUID
X-Cluster-Name
Accept-Language
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShardId
X-Origin-CC
X-CACHE-KEY
X-Origin-TTL
X-Load-Cache
X-GoCache-CacheStatus
X-Tb
X-ServerID
Machine
X-Soup
X-Rocket-Nginx-Bypass
X-CSRF-TOKEN
X-Trafficlayer-App-Name
Mime-Version
X-Trafficlayer-App-Scope
X-Tt-Trace-Tag
IBM-Web2-Location
X-ECACHE
NGX
Nel
X-No-Session
X-L-Path
X-Environment-Context
X-Guploader-Uploadid
X-Is-Bot
X-B3-Spanid
X-Uri
X-B3-Parentspanid
X-NC
Odigeo-Trace-Id
X-GEO
X-MServer
SRV
X-Oneagent-Js-Injection
X-B-Cookie
T-Server
X-Region-Sid
X-Node-Id
Fly-Cache
Xc-Version
Request-Time
X-Request-UUID
X-Rewrite-Enabled
Content-Style-Type
X-S-Cookie
Proxy-Connection
ServerName
X-Instart-Info
GEO-REGION-INFO
X-ARC
X-Worker
Fly-Request-Id
X-G
Arc-Country
AsisCache
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
BehaviorPad-Version
Cross-Origin-Window-Policy
Viewtype
Content-Script-Type
VivaBuild
X-Hl-Ver
Cache-Prefix
Apple-News-Services-Handled
X-A
X-Accel-Expires-Debug
X-A-Wwc
X-Aed
X-Nginx-Cache
X-AIR-PT
X-A-Dgt
X-A-Dcw
X-A-Ccd
A
X-A-Dam
X-PAYTM-SRV-ID
X-Application
X-Rojux
X-Vtex-Processado-Em
Memcached
X-D
X-Connection-Hash
Meta-Geo-Continent
Mobile-Detection-Method
X-B3-SpanId
X-SRCache-Key
X-Date
X-Destination
X-Vtex-Remote-Cache
MD5-Digest
X-Detected-As
X-Developer
X-VG-WebServer
Rendered-Blocks
X-Server-Time
X-Amzn-Remapped-Content-Length
Node
X-External-Request-Id
X-DPWN-IS-SECURE
X-CF-Lambda-Fn
X-Magnolia-Registration
X-CF-Lambda-Version
X-Endurance-Cache-Level
X-Trv-Group
X-Twitter-Response-Tags
Rt-Proxy-Cache
X-ScT
X-Transaction
We-Hiring
Akamai-GRN
CF-IPCountry
Backend-Name
Mail-Subject
X-ProxyCache-Key
N-Cache
Uber-Trace-Id
X-BYPASS-REASON
X-VC-Cache
X-Fastly-Cache
X-SVT-ORM-VERSION
X-Origin-Date
X-Origin-Expires
X-SVT-ORM-RULES
X-Developers
X-Up
X-ProxyCache-Status
X-Has-Esi
IsBot
Request-Country
X-CUA
X-SIPLIST1
X-Cms-Context
Request-EU
Section-Io-Cache
X-Cdn-Srv
X-S-Maxage
X-Cache-Bucket
X-Release
X-Compress-Hint
Fastly-Soc-X-Request-Id
X-JWT-State
X-Azure-Ref-OriginShield
X-Var-Ttl
Srv
X-Is-Gdpr
X-Azure-Ref
X-UA
X-Info
X-Cdn-Forward
User-Cache-Control
X-Generated-By
Server-Host
X-IN-APIGATEWAYSSL
Served-By
Pramga
X-IN-APIGATEWAY
RNT-Machine
Pagetype
Thinkindot-CacheControl
Server-Int
X-Irp-Debug
Thinkindot-CacheControl-Type
RNT-Time
Thinkindot-Control
X-Backend-Url
X-Generated-On
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Core-Mission
X-Clientip
X-Generation-Time
X-Clara-WADP
X-Debug-Cache-Store
X-Debug-Cookies
X-Distributor
X-ElasticPress-Search
X-Eu-Site
X-Distil-CS
X-Dispatch
X-Debug-Log
X-Device-Os
X-CGP
X-Gen-Mode
X-Hash
X-App-Name
X-Auto-Login
Wxu-Next-Region
Wxu-Next-Hostname
W
Wxu-Next-Commit
X-Backend-Host
X-Level-Front-Cache
X-Cache-Info
X-Geo-Header
X-Cdn-Origin
X-C
X-Block-Status
X-BBXSRF
X-Bip
X-Hnp-Log
Content-Disposition
X-Wikidot-Static-Cache
X-Dc
X-Reqid
X-Wikidot-Backend
X-VWS-Id
X-Webstats-RespID
X-Server-IP
X-Reboot
X-Rebelmouse-Cache-Control
X-NX-Host
CDCHOST
AKAMAI
X-Proxy-Cache-Status
X-Qloud-Router
X-Proxy-Upstream
X-Ruxit-Js-Agent
X-Service
X-TrackingId
X-Thinkindot-L3
X-Urbn-Context-Path
X-LJ-Flow-ID
X-User
X-Urbn-Site-Id
X-Thanos
X-Swa-Ws
X-We-Are-Hiring
X-AWS-Id
X-WADP-Cache
X-Skip-Cache
X-VServer
X-Sn-Servicetimems
X-Nginx-Cache-Key
X-Rebelmouse-Surrogate-Control
X-Location
Gh-Request-Id
X-Method
Fastly-SWR
Fastly-SIE
Ha-Gx-Prefs
HA-Ipaddr
Locale
Magicmarker
L
Kp-EeAlive
Heartbleed
Esi-Enabled
X-Matched-Rule
Countrycode
X-Microcachable
X-Li-Pop
Web-Mar-Node
Is-Eu
X-Via-CDN
Cache-Provider
X-ServiceProvider
X-MSEdge-Flight
X-Old-Content-Length
X-Platform-Server
X-LI-Proto
X-WebServer
X-Servername
X-SayCDN-TTL
X-Li-Fabric
Memory
PFcat
X-Generated-In
X-Fetched-On
X-Variation
X-Key
X-Epic-Correlation-Id
Cdn-Request-Time
X-Dispatcher-Server
Cdn-Host
X-Edge-Server
Platform
X-Say-TTL
X-LI-UUID
True-Client-Country-4JS
X-Lb-Id
X-Internal-Host
X-Request-Start
X-Say-Cacheable
X-Backend-State
Adler-Geo
X-Amz-Meta-Cache-Control
X-PHP-Host
X-Policy
X-MSEdge-Features
X-Owner
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-NWS-UUID-VERIFY
X-Request-URI
X-Cache-Id
X-Nc
X-GeoIP-City
X-Mode
X-Cache-FS-Status
Server-ID
X-GDPR
V-Age
SD-X-WS
Resin-Trace
X-SD-PageType
X-Geo
X-Request-Time
X-DataStream-Cache-Status
X-Org
X-Ratelimit-Limit
X-Svr
X-Cache-URL
X-Be
X-URL
X-Wa
X-Instart-Isnd
X-Hello
X-ABtesting
SS
REQUESTUUID
X-Flog
X-FPC
X-Unique-ID
X-DC
X-Scheme
X-Servedbyhost
X-IPS-LoggedIn
X-Processor
X-Response-By
X-Cache-Backend
Country-Code
X-Datadome
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-NodeID
Cache-Cookie-Set-From
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-RateLimit-Reset
Group
X-Page-Type
X-GRACE
X-Pjax-Url
X-VCL-Version
X-SN
Cache-Host
X-Server-W
UCS
X-CDN-Forward
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oracle-Dms-Rid
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Hash-Crc64ecma
X-Webkit-Csp
X-MP-GENERATED-AT
X-Varnish-Beresp-Ttl
PICS-Label
X-Via-Ucdn
X-Ms-Version
X-SRV
X-HS-Status
Ajk
XServer
X-Ftr-Request-Id
X-Dynatrace-Js-Agent
X-Ms-Request-Id
X-Logtrace-Id
X-Zone
X-EC-Lua
X-DataStream-MidMile-RTT
X-Dynatrace
X-DataStream-Origin-MEX-Latency
ProcessTime
Powered-By-ChinaCache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-COUNTRY
Proxy-Firewall
X-Source
X-HTML-Minification-Powered-By
Lfy
X-ZONE
X-Session-Fingerprint
SN
Powered-By
Ttl
CACHE
X-Newrelic-Synthetics
X-Varnish-Beresp-TTL
X-Ratelimit-Remaining
X-Grey
X-PF-Uncompressing
GeoIP-Latitude
X-Agile
Geoip-City
Geoip-Latitude
GeoIp-Country-Code
X-Pf-Uncompressing
X-Cache-Category-Id
GeoIP-Country-Code
GeoIP-City
X-Agile-Id
X-Cache-Debug
X-APP
X-Agile-Age
X-Sucuri-Id
X-Fastly-Country-Code
X-TH-Server
Dynatrace
X-NODE
X-Ftr-Cache-Host
X-Logging-Id
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
Fastly-Backend-Name
X-Bc
X-LiteSpeed-Cache-Control
Cdn
X-Sedo-Request-Id
Environment
X-Tt-Trace-Host
X-Check-Cacheable
Pics-Label
X-Aicache-OS
X-Cache-Miss-From
Amp-Access-Control-Allow-Source-Origin
MIME-Version
X-CSRF-Token
X-Edge
CF-Cached-On
GW-Server
X-LAGOON
X-Sucuri-ID
WWW
X-Vcl-Version
Cf-Ipcountry
X-Core-Value
LB
M-TraceId
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Backend
X-Unique-Id
X-Ftr-Realm
X-Ftr-Dc
Requestid
X-Secret
X-RCS-CacheZone
X-Mid
Ohc-Response-Time
X-Varnish-Url
X-Cache-Tag
X-Gannett-Site-Version
X-UPSTREAM-Address
X-Fastly-Backend-Reqs
X-BC
X-Correlation-ID
WZWS-RAY
DataCenter
X-AK-Request-ID
X-Varnish-Ttl
X-FORWARDED-FOR
Cdncip
Cdnsip
X-Vdms-Version
X-MCACHE
X-PJAX-URL
X-Sucuri-Cache
X-NGINX-Cache
X-CDN-Cache
X-Rocket-Build-Number
HostName
X-Sigma-Backend
X-Sigma
X-Fstrz
X-Litespeed-Cache-Control
On-Server
X-Varnish-Cacheable
X-TT-LOGID
Lb
X-Swift-Error
X-Shopify-Generated-Cart-Token
X-RPS
X-Planisys-CDN-TTL
X-DW
X-RPM
X-Action
X-DI
X-DSS
Pragrma
X-Planisys-CDN-Rules
X-DB
X-BE
X-Planisys-CDN-Cache
X-RSL
X-Cache-Ttl
X-GeoIP-Country-Code
X-Proxy-Cacherz
URI
User-Agent
Xkeyrz
X-Akamai-SSL-Client-Sid
CDN
Host-ID
X-ServedByHost
Inserted-Into-Cache-At
RequestUuid
X-Via-NSCOPI
X-Fpc
X-WR-MODIFICATION
Is-Session-Tracking
X-Page-Impression-Id
X-Flow-Id
X-Webapp-Samesite-None-Activated-N
X-Zalando-Child-Request-Id
TTL
SID
X-WA
Who
X-Fastly-Cache-Hits
X-Crawler
Server-Id
Warning
X-NU-AKA-ACS-Version
Xkeypdq
Get-Access-Time
Correlation-Id
X-ND-Cache
X-SB
X-MID
X-Refresh
X-FE
X-VC
X-Nananana
X-Render-Time
X-ORACLE-APMCS-REQUEST-ID
X-Upstream-Ht
X-ORACLE-APMCS-TAG
X-Cf-Powered-By
X-SaId
X-Upstream-Ct
X-ServerName
X-Bug-Bounty
X-MiniProfiler-Ids
X-Trafficlayer-App-Version
HitType
X-Akamai-ERRuleID
X-Amzn-Remapped-Date
X-Newrelic-App-Data
X-Amzn-Remapped-Connection
X-ECache
X-App
X-Akamai-ERPolicy
X-LiteSpeed-Tag
FNAC-ModuleRouting
Xet-Cookie
X-LB-ID
RequestId
X-Request-URL
Processtime
X-Dw-Trace-Id
X-Gdpr
V-Cache
X-Gen-Id
Cneonction