Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-CDN
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-Cdn
Feature-Policy
X-WebKit-CSP
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
X-Rack-Cache
Allow
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Country
X-HW
X-Url
Rating
X-ORACLE-DMS-RID
X-Country-Code
X-DataDome
X-FTR-Request-ID
X-Clacks-Overhead
X-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-Goog-Hash
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
X-MS-InvokeApp
X-CST
Verso
X-Px
RTSS
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
X-Ah-Environment
Service-Worker-Allowed
Pinterest-Generated-By
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-D2id
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Variant
X-Kinja-Server
Display
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
Accept-Ch-Lifetime
X-Akam-SW-Version
MS-Author-Via
Accept-CH
X-GitHub-Request-Id
TCN
X-RateLimit-Remaining
X-Abt-Application-Version
X-Navigation-Version
X-Powered-CMS
X-Upstream
X-B3-TraceId
X-Shard
X-Forwarded-Proto
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Amz-Server-Side-Encryption
SPRequestDuration
SPIisLatency
Charset
AR-ATIME
AR-PoweredBy
AR-CACHE
Ar-Sid
X-XRDS-Location
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Fastly-Restarts
X-ESI
X-Amz-Rid
X-Aspnetmvc-Version
Nginx-Cache
Realpath
X-Trace
X-Debug
X-Server-Name
Front-End-Https
AR-Request-ID
X-Cached
X-Ezoic-Cdn
X-Shield-Request-Id
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Access-Control-Request-Method
X-MSEdge-Ref
Paypal-Debug-Id
X-NF-Request-ID
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
Arr-Disable-Session-Affinity
Pagespeed
ServerID
Content-MD5
DynaTrace
X-Id
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-Goog-Storage-Class
MicrosoftSharePointTeamServices
S
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-Client-IP
X-VCache
X-Content-Type
X-Via-JSL
X-DynaTrace-JS-Agent
X-Vcache
X-Varnish-Age
X-Dw-Request-Base-Id
X-Hits
X-Amzn-Trace-Id
X-B3-Traceid
X-RateLimit-Limit
X-SERVER
X-N
X-Forwarded-For
Fastcgi-Cache
X-Frontend
X-Grace
X-Correlation-Id
X-FTR-Cache-Host
X-Content-Digest
Powered
X-FastCGI-Cache
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-Accel-Expires
X-DIS-Request-ID
X-Ser
Server-Name
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
Accept-Ch
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Hub-Id
X-Microsite
X-Request-Handler-Origin-Region
X-Zen-Fury
X-Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
TP-Cache
TP-L2-Cache
X-Cache-Age
X-Kinsta-Cache
FilterID
X-Esi
X-LB-Cache
X-Rid
X-Type
X-User-Agent
X-Az
X-IPLB-Instance
X-Revision
X-AppVersion
X-Activity-Id
X-Analytics
Backend-Timing
Healthy
Edge-Cache-Tag
X-Node-Name
X-F-Cache
X-Whom
Retry-After
X-Srv
X-Time
X-Acc-Meta-Resource-Type
X-Cache-2
X-NWS-LOG-UUID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Amz-Apigw-Id
X-Amzn-RequestId
Accept-Charset
Alternate-Protocol
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-Cache-Rule
Server-Node
X-AOL-HN
Cache-Status
X-Content-Options
Surrogate-Key
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Forwarded-Host
Access-Control-Allow-Method
Refresh
X-Cluster
X-Akamai-Edgescape
DC
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FB-Debug
X-FW-Type
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-User
X-Content-Powered-By
X-Tumblr-Pixel
X-Jobs
X-Debug-Info
X-Page-Id
X-Framework
Source
X-Varnish-Grace
X-PHP-Backend
X-Request-Guid
X-App-Environment
MS-CV
X-Hp-Webp
X-Hostname
X-App-Server
Fastcgi-Useragent
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-B
Frame-Options
Cleartype
Host
X-B-Cache
X-Signature
X-Cache-Key
Tracecode
Cache-Tag
X-TA-CDN-Provider
X-Cache-Operation
Actual-Object-TTL
X-BCube-Filmed-By
X-Mobile-URL
X-Geo-Country
X-Cached-By
X-Varnish-Backend
X-Cache-Control
X-Amz-Replication-Status
X-DataStream-Cache-Status
X-TT
X-Ratelimit-Reset
Liferay-Portal
X-Pad
X-Seen-By
X-PressLabs-Stats
Xserver
X-Mobile
X-Host-Name
NGB
X-Response-Served-From
X-ATG-Version
X-Git-Hash
X-Adobe-Content
X-Adobe-Loc
Payment
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
X-Status
X-WA-Info
X-WebKit-CSP-Report-Only
Eomportal-Instance
Webserver
WPE-Backend
Cache-Tv-Group
X-Tumblr-Pixel-1
Filters
X-FW-Dynamic
X-Tumblr-Pixel-2
X-Drupal-Cache-Tags
X-RemovedCookies
X-ProcessESI
X-Handled-By
X-GeoIP
X-TX-ID
X-RTag
Ms-Operation-Id
From-Origin
X-Cacheable-TTL
X-RequestSource
X-UA-Device-Type
GEO-INFO
X-Content-Age
X-Cache-TTL-Remaining
X-Cache-TTL
X-Daa-Tunnel
X-Webkit-CSP
X-Cache-Remote
X-Edge-Location
Viewport
X-Storage
X-Upstream-Proxy
Accept-CH-Lifetime
Datacenter
X-Origin-Server
X-Accel-Buffering
X-Cache-Action
X-Varnish-Hostname
X-EdgeConnect-Cache-Status
Cache
X-Hyper-Cache
Version
X-Contextid
X-Ua
X-CF-Powered-By
X-Region
Host-Header
X-Oracle-Dms-Rid
PageSpeed
X-Wix-Request-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
NR-ENABLED
SRV
X-Varnish-Server
X-Akamai-Transformed
Meta-Geo
X-Path-Route
Load-Balancing
X-Cache-Var
X-ES-SERVER
X-RN-RSRV
X-Cache-Var-Map
Selected-Fe
X-From
S-Cnection
X-Timing-Wait
X-IP
X-Proxy-Build
X-Akamai-Request-ID2
X-Generated
X-TNCMS
X-Loop
X-Backend-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proto
Cache-Tags
X-JoinUs
X-Proxy
X-Cache-Config
Cache-Name
Vix-Hermes-Req-Id
X-CS
X-Rule
X-NCache
X-Section
X-Time-Microsecs
X-Tumblr-Pixel-3
X-Akamai-Request-ID
X-Origin-Response-Time
X-FC-Vary-Parameters
X-Cache-Enabled
Cache-Hits
X-PERF
X-Access
Now
X-Hit
X-Cluster-Node
Decoy-Debug-Key
Ec-Rule-Version
X-ApacheServer
Decoy-Debug-TTL
Decoy-Debug-Status
X-Viewer-Country
X-Via-Fastly
Rt-Fastcgi-Cache
X-CCM
Azure-SiteName
X-Cache-Grace
Azure-SlotName
DB-Nickname
X-Format
TWC-Connection-Speed
Azure-Version
X-Backend-TTL
Webcakes-Region
TWC-GeoIP-Country
TWC-Device-Class
Azure-InstanceId
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-FW-Version
X-Hosted-By
X-Upstream-CT
X-Upgrade-Enabled
X-Trace-Id
X-Upstream-HT
X-Varnish-Cache-Hits
X-Xfnlog-Site
Mn-Server-Ip
X-Web-Node
Property-Id
X-R9-Blue-Green-Version
S-Rt
X-Labrador-Cache-Channel
Cache-Key
X-OCL
X-Origin
X-PCL
X-Origin-Hint
Azure-RegionName
X-Drupal-Cache-Contexts
X-Locale
X-Site-Version
X-Www-Served-By
X-Human
X-FireWall-Port
X-Device-Type
X-EIG-Tracking-Id
X-Cache-Host
X-UnsetCookies
Country
Ohc-File-Size
X-Cache-Server
OT-Force-Account-Verify
X-Cache-Time
X-Varnish-Hits
DSUID
Server-Info
X-Debug-Cache
Release
Time
X-S
X-Rendered-As
X-Cache-NE
X-NewRelic-App-Data
X-Presslabs-Stats
X-Vgn-Hpd-Reason
X-VG-TLSProxy
X-DataStream-MidMile-RTT
ServedBy
X-DataStream-Origin-MEX-Latency
X-Alternate-Cache-Key
X-Shopify-Stage
X-VG-WebCache
Hostname
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-FB-TRIP-ID
X-VCT
X-APP-VERSION
Fastcgi-X-Cache-Version
Ohc-Cache-HIT
Accept-Language
X-OVcl
X-Real-IP
X-OVcl-Cache
X-Redis-Cache
X-Tb
Machine
Cteonnt-Length
X-HS-Cache-Config
Origin
X-Nginx-Cache
X-Mode
X-B3-Spanid
X-Server-ID
X-Pubstack
NtCoent-Length
Origin-Edge-Control
Access-Control-Request-Headers
L5d-Success-Class
Origin-Cache-Control
X-Environment-Context
X-No-Session
X-L-Path
X-GEO
X-CSRF-TOKEN
X-NC
X-Request-Time
X-Tt-Trace-Tag
X-Cluster-Name
X-Load-Cache
X-Magnolia-Registration
Odigeo-Trace-Id
X-Generated-By
Fastly-SSL
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
X-App-Version
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
X-UUID
X-NGENIX-Cache
Nel
Mime-Version
X-B3-Parentspanid
Akamai-GRN
X-Endurance-Cache-Level
X-XRDS-LOCATION
X-Parent-Response-Time
X-DC
X-Rocket-Nginx-Bypass
X-GoCache-CacheStatus
X-CACHE-KEY
X-SS-Set-Cookie
X-ECACHE
Request-Time
X-ServerID
Mail-Subject
We-Hiring
X-Element-Page-Cache
X-Oneagent-Js-Injection
X-CF-Lambda-Fn
Cache-Prefix
X-G
X-Instart-Info
X-Trv-Group
X-SRCache-Key
Cdn-Request-Time
X-D
X-Soup
X-Application
X-Date
X-ARC
Cdn-Host
X-Is-Bot
Arc-Country
Apple-News-Services-Handled
Memcached
Proxy-Connection
Apple-News-Services-Host
X-Destination
MD5-Digest
X-Transaction
X-MServer
A
X-Detected-As
Meta-Geo-Continent
Mobile-Detection-Method
X-AIR-PT
X-VG-WebServer
AsisCache
BehaviorPad-Version
X-B-Cookie
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Locale
Node
X-Developer
Content-Style-Type
X-PAYTM-SRV-ID
X-Worker
X-Edge-Server
Fly-Cache
X-DPWN-IS-SECURE
X-External-Request-Id
X-Request-UUID
X-Origin-Date
X-Origin-Expires
X-A-Dgt
X-A-Dcw
X-A-Dam
VivaBuild
X-Origin-TTL
X-Region-Sid
Viewtype
T-Server
GEO-REGION-INFO
Fly-Request-Id
X-A-Ccd
X-A
X-Org
X-Rewrite-Enabled
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Server-Time
Xc-Version
X-Accel-Expires-Debug
X-Aed
X-CF-Lambda-Version
Content-Script-Type
X-Vtex-Processado-Em
X-ScT
X-Twitter-Response-Tags
X-Rojux
X-Vtex-Remote-Cache
Rt-Proxy-Cache
X-Origin-CC
X-Connection-Hash
X-S-Cookie
X-A-Wwc
Rendered-Blocks
Cross-Origin-Window-Policy
NGX
X-Zipkin-Id
X-Routing-Service
CF-IPCountry
Backend-Name
Uber-Trace-Id
X-Proxied
ServerName
X-Cms-Context
X-Clientip
Countrycode
Fastly-Soc-X-Request-Id
X-Distil-CS
X-Cdn-Srv
X-Developers
Gh-Request-Id
X-Cache-Bucket
X-Core-Mission
X-Up
X-SVT-ORM-VERSION
X-Auto-Login
X-SVT-ORM-RULES
X-Azure-Ref
X-IN-APIGATEWAYSSL
X-Hl-Ver
X-Azure-Ref-OriginShield
Request-Country
X-Via-CDN
X-Release
Server-ID
Section-Io-Cache
X-S-Maxage
Request-EU
X-SIPLIST1
X-VC-Cache
X-IN-APIGATEWAY
X-TrackingId
X-Bip
IsBot
X-Fastly-Cache
X-HS-Combine-CSS
X-Node-Id
X-Thanos
N-Cache
User-Cache-Control
X-ProxyCache-Status
X-ProxyCache-Key
X-ElasticPress-Search
X-BYPASS-REASON
X-CGP
X-Cdn-Origin
W
X-Block-Status
X-Backend-Url
X-App-Name
X-Backend-Host
X-Clara-WADP
X-BBXSRF
X-Cache-Info
X-C
X-ABtesting
X-GDPR
X-ServiceProvider
X-MSEdge-Features
X-MSEdge-Flight
X-Nginx-Cache-Key
X-NX-Host
X-Method
X-VServer
X-Location
X-Matched-Rule
X-Sn-Servicetimems
X-Skip-Cache
X-WADP-Cache
X-Request-Start
X-Rebelmouse-Cache-Control
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Rebelmouse-Surrogate-Control
X-WebServer
X-RateLimit-Remaining-Second
X-We-Are-Hiring
X-Proxy-Cache-Status
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Level-Front-Cache
X-Irp-Debug
X-Distributor
X-Eu-Site
X-Fetched-On
X-Flog
X-Debug-Log
X-Debug-Cookies
X-CUA
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Reboot
X-Gen-Mode
X-GeoIP-City
X-Hash
X-Hello
X-Hnp-Log
X-Geo-Header
X-Unique-ID
X-Generated-In
X-Thinkindot-L3
X-Generated-On
X-Generation-Time
X-Compress-Hint
Thinkindot-Control
Esi-Enabled
PFcat
Content-Disposition
HA-Ipaddr
Fastly-SIE
X-Guploader-Uploadid
Ha-Gx-Prefs
Fastly-SWR
Server-Int
CDCHOST
X-B3-SpanId
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
L
AKAMAI
Magicmarker
X-Microcachable
X-Uri
X-Cache-Id
X-Li-Fabric
X-Internal-Host
X-Servername
X-Cache-FS-Status
X-Key
Heartbleed
Country-Code
X-User
Cache-Cookie-Set-From
Adler-Geo
X-Variation
X-Device-Os
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
True-Client-Country-4JS
Is-Eu
X-Policy
X-Epic-Correlation-Id
X-Swa-Ws
X-LI-Proto
Server-Host
X-Say-Cacheable
Wxu-Next-Region
Served-By
X-Say-TTL
RNT-Machine
RNT-Time
Wxu-Next-Hostname
Wxu-Next-Commit
X-Webstats-RespID
X-Request-URI
V-Age
SS
X-Reqid
Web-Mar-Node
Kp-EeAlive
X-Qloud-Router
X-Server-IP
Pagetype
X-Old-Content-Length
X-LI-UUID
X-Backend-State
X-Li-Pop
X-Dispatch
Platform
X-Owner
X-Platform-Server
X-Amz-Meta-Cache-Control
X-SayCDN-TTL
Pramga
X-PHP-Host
X-Cdn-Forward
X-MP-GENERATED-AT
X-IPS-LoggedIn
X-Page-Type
SD-X-WS
Resin-Trace
Memory
X-Response-By
X-Dispatcher-Server
X-SD-PageType
X-Wa
UCS
X-FPC
X-Ttl
X-Servedbyhost
ProcessTime
REQUESTUUID
X-Service
X-Var-Ttl
X-Dc
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Lb-Id
Cache-Provider
X-Nc
X-Logtrace-Id
Ajk
X-Has-Esi
X-Is-Gdpr
X-JWT-State
Powered-By-ChinaCache
X-HTML-Minification-Powered-By
X-Geo
X-Ratelimit-Limit
Proxy-Firewall
X-Datadome
X-NWS-UUID-VERIFY
X-VCL-Version
X-Cache-Backend
X-RateLimit-Reset
X-SERVER-NAME
Srv
X-Grey
X-Processor
Powered-By
X-Cache-Category-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Be
X-Info
X-SRV
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Cache-URL
X-Pjax-Url
SN
X-ZONE
X-Svr
X-Ruxit-Js-Agent
X-Varnish-Beresp-Ttl
X-UA
Fastly-Backend-Name
X-TH-Server
X-CDN-Forward
X-Instart-Isnd
PICS-Label
Dynatrace
X-Webkit-Csp
CACHE
X-HS-Status
GeoIP-Latitude
GeoIP-City
X-SN
GeoIP-Country-Code
X-Cache-Ttl
X-Dynatrace-Js-Agent
X-Scheme
X-Ftr-Request-Id
X-RCS-CacheZone
X-Zone
X-Dynatrace
X-NodeID
X-Varnish-Beresp-Grace
Group
X-Source
X-Varnish-Beresp-Status
X-GRACE
X-Newrelic-Synthetics
X-LAGOON
X-Pf-Uncompressing
GW-Server
X-Varnish-Url
X-Secret
X-Bc
Cdn
X-Gannett-Site-Version
X-Varnish-Beresp-TTL
X-EC-Lua
WZWS-RAY
X-Server-W
LB
CF-Cached-On
X-PF-Uncompressing
X-NODE
X-Check-Cacheable
Cache-Host
X-Varnish-Cacheable
X-CDN-Cache
X-Sucuri-Id
Ttl
X-LiteSpeed-Cache-Control
On-Server
X-APP
X-Ftr-Cache-Host
XServer
X-Ms-Request-Id
X-Via-Ucdn
X-Tt-Trace-Host
X-Ratelimit-Remaining
User-Agent
X-GeoIP-Country-Code
X-Ms-Version
Environment
Inserted-Into-Cache-At
X-COUNTRY
X-Edge
GeoIp-Country-Code
Geoip-Latitude
Pics-Label
X-BC
Geoip-City
MIME-Version
X-Session-Fingerprint
Lfy
X-BE
X-PJAX-URL
X-NU-AKA-ACS-Version
X-URL
WWW
X-Aicache-OS
X-Akamai-SSL-Client-Sid
X-Fastly-Country-Code
X-Ftr-Backend-Server
X-Ftr-Realm
X-Ftr-Dc
X-Ftr-Balancer
X-Ftr-Backend
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Agile
Ohc-Response-Time
X-Crawler
X-Mid
X-Agile-Age
Requestid
Who
X-Agile-Id
X-Cache-Debug
X-Render-Time
Cf-Ipcountry
X-MCACHE
X-FORWARDED-FOR
X-Varnish-Ttl
X-CSRF-Token
SID
M-TraceId
X-Vcl-Version
Amp-Access-Control-Allow-Source-Origin
X-7Graus-Varnish-Cache-Control
X-UPSTREAM-Address
X-LB-ID
X-Micro-Cache
X-Litespeed-Cache-Control
X-Fastly-Backend-Reqs
X-FE
URI
X-Logging-Id
X-7Graus-Varnish-XKeys
Lb
X-Sedo-Request-Id
X-Cache-Miss-From
X-Cache-Tag
DataCenter
X-Proxy-Cacherz
X-Via-SSL
X-Via-Edge
X-Served-From
Xkeyrz
X-WR-MODIFICATION
HostName
X-RPM
RequestUuid
X-DSS
X-DW
X-RSL
X-RPS
X-DB
Host-ID
X-DI
X-NGINX-Cache
X-Cf-Powered-By
X-Correlation-ID
X-Flow-Id
CDN
X-Core-Value
X-Zalando-Child-Request-Id
X-Action
X-Nananana
X-Amzn-Remapped-Connection
X-Page-Impression-Id
X-Amzn-Remapped-Date
X-WA
X-ServedByHost
Xkeypdq
X-Fastly-Cache-Hits
X-Vct
X-Fpc
X-Newrelic-App-Data
X-Swift-Error
X-Protected-By
X-Ecache
X-Vdms-Version
X-Cdn-Request-ID
X-MID
FNAC-ModuleRouting
Cdncip
X-SB
Warning
X-VC
Correlation-Id
X-TIME
X-AK-Request-ID
Cneonction
Cdnsip
X-Sucuri-ID
X-ECache
Processtime
Xet-Cookie
Is-Session-Tracking
X-Sucuri-Cache
Get-Access-Time
X-ND-Cache
X-Refresh
X-TT-LOGID
X-Request-Url
X-Bug-Bounty
X-Via-NSCOPI
X-Apw-Hits
X-Request-URL
X-ServerName
X-Fe
X-Serial
X-MiniProfiler-Ids
X-Apw-Access-Token
X-Apw-Access-Action
HitType
X-Apw-Access-Object
V-Cache
X-Dw-Trace-Id
X-Gdpr
X-Unique-Id