Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-CDN
X-Envoy-Upstream-Service-Time
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-UA-Device
X-Server
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Cdn
X-Server-Id
X-Amz-Version-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
X-Host
X-Response-Time
X-Node
X-Backend-Server
Content-Location
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
X-Origin-Upstream-Status
X-Rack-Cache
X-Ruxit-JS-Agent
Allow
X-ORACLE-DMS-RID
X-HW
X-DataDome
Rating
X-Country
X-Country-Code
X-FTR-Request-ID
X-TTL
X-Url
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-CST
Verso
RTSS
X-Px
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Pinterest-Generated-By
X-Ah-Environment
Service-Worker-Allowed
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-GoogleNews-Bot
X-D2id
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
Display
Response
X-Middleton-Display
X-Sol
X-Middleton-Response
Accept-Ch-Lifetime
X-Vcap-Request-Id
X-B3-TraceId
X-Version
SPRequestGuid
X-SharePointHealthScore
X-Akam-SW-Version
MS-Author-Via
TCN
X-RateLimit-Remaining
X-GitHub-Request-Id
X-Abt-Application-Version
X-Navigation-Version
X-Powered-CMS
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Upstream
Accept-CH
X-Shard
X-Forwarded-Proto
SPIisLatency
AR-ATIME
AR-PoweredBy
SPRequestDuration
AR-CACHE
Ar-Sid
Charset
X-Amz-Server-Side-Encryption
Fastly-Restarts
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-ESI
X-Aspnetmvc-Version
X-Trace
X-Amz-Rid
Nginx-Cache
Realpath
X-Server-Name
X-Debug
X-XRDS-Location
Front-End-Https
AR-Request-ID
X-Cached
X-Ezoic-Cdn
X-Shield-Request-Id
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Mrf-Section-Lastmod
X-Goog-Generation
MRF-Tech
X-NF-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
Paypal-Debug-Id
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
Arr-Disable-Session-Affinity
Pagespeed
Content-MD5
ServerID
X-Id
X-Vcache
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-Goog-Storage-Class
DynaTrace
S
MicrosoftSharePointTeamServices
X-T
X-DynaTrace-JS-Agent
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-Via-JSL
X-Client-IP
X-Content-Type
X-Varnish-Age
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-VCache
X-SERVER
X-Grace
Accept-Ch
X-Correlation-Id
X-N
Fastcgi-Cache
X-Frontend
X-FTR-Cache-Host
X-Content-Digest
Powered
X-RateLimit-Limit
X-Accel-Expires
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Ser
X-Forwarded-For
Server-Name
X-DIS-Request-ID
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-Fastcgi-Cache
X-FastCGI-Cache
X-B3-Sampled
X-HS-Hub-Id
X-HS-Content-Id
X-GUploader-UploadID
TP-Cache
TP-L2-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Zen-Fury
X-B3-Traceid
X-Request-Received
X-Cache-Age
X-Request-Processing-Time
Edge-Cache-Tag
X-Kinsta-Cache
FilterID
X-Type
X-LB-Cache
X-Esi
X-Rid
X-User-Agent
X-AppVersion
X-Revision
X-Az
X-IPLB-Instance
Backend-Timing
X-Activity-Id
X-Analytics
Healthy
X-Node-Name
X-Whom
Retry-After
X-F-Cache
X-Time
X-Srv
X-NWS-LOG-UUID
Pinterest-Version
X-Pinterest-Rid
X-Cache-2
Accept-Charset
X-Cache-Hit
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Amzn-RequestId
X-Amz-Apigw-Id
Alternate-Protocol
X-Acc-Meta-Resource-Type
X-Cache-Rule
Server-Node
Cache-Status
X-AOL-HN
X-Content-Options
Surrogate-Key
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Jobs
X-Content-Security-Policy-Report-Only
X-Forwarded-Host
Access-Control-Allow-Method
X-Akamai-Edgescape
X-Cluster
X-Content-Powered-By
DC
X-Page-Id
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Instance
X-FW-Static
X-FB-Debug
X-Debug-Info
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Type
Refresh
X-PHP-Backend
X-TA-CDN-Provider
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Grace
X-Hp-Webp
Source
X-Request-Guid
MS-CV
X-Framework
X-App-Environment
X-B
X-App-Server
Fastcgi-Useragent
Frame-Options
X-Hostname
Host
Cleartype
Cache-Tag
Tracecode
X-B-Cache
X-Cache-Key
X-Signature
X-Cache-Operation
Actual-Object-TTL
X-Mobile-URL
X-BCube-Filmed-By
X-Geo-Country
X-Cached-By
X-Cache-Control
X-Varnish-Backend
X-Seen-By
X-TT
X-Amz-Replication-Status
Liferay-Portal
X-Host-Name
X-Mobile
Xserver
X-Git-Hash
NGB
X-Ratelimit-Reset
X-Response-Served-From
X-Pad
X-Adobe-Content
X-Adobe-Loc
Upgrade-Insecure-Requests
Payment
X-ATG-Version
X-WA-Info
X-TT-TIMESTAMP
X-Status
Webserver
X-Cache-TTL
Eomportal-Instance
X-WebKit-CSP-Report-Only
Filters
X-RemovedCookies
X-ProcessESI
Cache-Tv-Group
X-FW-Dynamic
X-Tumblr-Pixel-1
WPE-Backend
X-Tumblr-Pixel-2
X-Cacheable-TTL
X-GeoIP
Ms-Operation-Id
X-RTag
X-Handled-By
X-TX-ID
X-PressLabs-Stats
From-Origin
X-Drupal-Cache-Tags
X-UA-Device-Type
X-RequestSource
X-Cache-TTL-Remaining
GEO-INFO
X-Cache-Remote
X-DataStream-Cache-Status
Datacenter
X-Content-Age
X-Webkit-CSP
X-Edge-Location
X-Origin-Server
X-Cache-Action
Viewport
X-Storage
X-Daa-Tunnel
X-Varnish-Hostname
X-Accel-Buffering
X-Upstream-Proxy
Cache
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
X-Contextid
NR-ENABLED
X-Region
X-CF-Powered-By
X-Wix-Request-Id
Host-Header
PageSpeed
X-Ua
Accept-CH-Lifetime
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-Server
X-Akamai-Transformed
X-Cache-Var
SRV
X-Path-Route
Meta-Geo
X-RN-RSRV
X-Cache-Var-Map
X-ES-SERVER
Load-Balancing
X-From
X-Proxy-Build
X-IP
Selected-Fe
S-Cnection
X-JoinUs
X-Timing-Wait
X-Akamai-Request-ID2
X-Generated
X-Presslabs-Stats
X-Goog-Meta-Goog-Reserved-File-Mtime
X-TNCMS
X-Cache-Config
Cache-Tags
Ohc-File-Size
Cache-Name
X-Proto
X-CS
X-Backend-Name
X-Loop
X-Proxy
Vix-Hermes-Req-Id
X-Access
Ec-Rule-Version
X-PERF
X-Labrador-Cache-Channel
X-Origin-Response-Time
X-Origin
X-NCache
Decoy-Debug-Status
X-Via-Fastly
X-Upgrade-Enabled
X-Tumblr-Pixel-3
X-Viewer-Country
X-FC-Vary-Parameters
Cache-Hits
Now
X-Cluster-Node
DB-Nickname
Decoy-Debug-Key
Decoy-Debug-TTL
X-Time-Microsecs
X-Section
X-Hit
X-Akamai-Request-ID
X-ApacheServer
X-Cache-Enabled
X-Rule
Rt-Fastcgi-Cache
Azure-InstanceId
TWC-Privacy
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Trace-Id
X-UnsetCookies
Mn-Server-Ip
X-Varnish-Cache-Hits
X-Upstream-HT
X-Upstream-CT
Azure-Version
TWC-Locale-Group
S-Rt
X-CCM
X-PCL
Property-Id
X-R9-Blue-Green-Version
TWC-Connection-Speed
TWC-Device-Class
Cache-Key
TWC-GeoIP-LatLong
Country
TWC-GeoIP-Country
X-OCL
X-Origin-Hint
X-Format
X-FW-Version
X-Cache-Time
X-Backend-TTL
X-EIG-Tracking-Id
X-Cache-Host
X-Cache-Grace
X-Xfnlog-Site
X-Hosted-By
Webcakes-Region
X-Cache-NE
Webcakes-App-Name
Webcakes-App-Version
X-Web-Node
X-Drupal-Cache-Contexts
X-Varnish-Hits
X-S
X-Debug-Cache
X-Device-Type
X-FireWall-Port
X-Human
X-Www-Served-By
X-Cache-Server
X-Site-Version
X-Locale
DSUID
Server-Info
Release
X-NewRelic-App-Data
X-Rendered-As
OT-Force-Account-Verify
Time
X-Vgn-Hpd-Reason
X-VCT
Ohc-Cache-HIT
X-HS-Cache-Config
ServedBy
X-VG-TLSProxy
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-APP-VERSION
X-ShopId
X-VG-WebCache
Fastcgi-X-Cache-Version
X-Real-IP
Hostname
X-OVcl-Cache
Cteonnt-Length
X-FB-TRIP-ID
X-OVcl
X-Server-ID
X-Redis-Cache
X-Oracle-Dms-Rid
X-XRDS-LOCATION
Accept-Language
X-Tb
Origin-Cache-Control
Origin
Origin-Edge-Control
Access-Control-Request-Headers
X-Pubstack
Machine
X-Nginx-Cache
L5d-Success-Class
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-B3-Spanid
X-Cluster-Name
X-Environment-Context
X-CSRF-TOKEN
X-L-Path
X-No-Session
X-Mode
X-Element-Page-Cache
NtCoent-Length
Fastly-SSL
X-Tt-Trace-Tag
X-NGENIX-Cache
X-App-Version
X-NC
X-GEO
X-Magnolia-Registration
X-Generated-By
X-Request-Time
X-LJ-Flow-ID
IBM-Web2-Location
X-VWS-Id
Mime-Version
X-AWS-Id
X-SS-Set-Cookie
Odigeo-Trace-Id
X-UUID
Nel
X-Endurance-Cache-Level
X-Amzn-Remapped-Content-Length
X-B3-Parentspanid
X-ServerID
X-Rocket-Nginx-Bypass
X-ECACHE
X-GoCache-CacheStatus
X-Load-Cache
Akamai-GRN
Mail-Subject
X-Parent-Response-Time
We-Hiring
X-CACHE-KEY
Request-Time
X-HS-Combine-CSS
X-Origin-TTL
X-Oneagent-Js-Injection
X-Soup
X-Origin-CC
X-Transaction
Cdn-Host
Arc-Country
Apple-News-Services-Request-Url
X-DPWN-IS-SECURE
X-SRCache-Key
AsisCache
Cache-Prefix
X-Edge-Server
X-Server-Time
Cdn-Request-Time
X-ScT
BehaviorPad-Version
A
X-Vtex-Remote-Cache
X-Detected-As
X-Trv-Group
X-Destination
X-Node-Id
X-VG-WebServer
X-Twitter-Response-Tags
X-Date
X-D
X-CF-Lambda-Fn
X-Vtex-Processado-Em
Apple-News-Services-Handled
Apple-News-Services-Host
NGX
X-CF-Lambda-Version
X-Developer
X-B-Cookie
X-MServer
Apple-News-Services-Parsed-Url
Fly-Cache
X-Worker
Server-ID
T-Server
X-G
Rt-Proxy-Cache
X-Aed
Node
Rendered-Blocks
X-AIR-PT
Viewtype
VivaBuild
X-Instart-Info
X-A-Dcw
X-Accel-Expires-Debug
X-A-Dgt
X-Is-Bot
X-A-Dam
X-A
X-A-Ccd
Xc-Version
Mobile-Detection-Method
X-Org
Fly-Request-Id
GEO-REGION-INFO
X-S-Cookie
MD5-Digest
X-Application
X-A-Wwc
X-ARC
Content-Style-Type
X-S-Maxage
X-External-Request-Id
X-Rojux
X-Region-Sid
X-PAYTM-SRV-ID
X-Origin-Expires
X-Origin-Date
X-Request-UUID
X-Rewrite-Enabled
Memcached
Meta-Geo-Continent
X-Connection-Hash
Content-Script-Type
Cross-Origin-Window-Policy
CF-IPCountry
Proxy-Connection
X-Urbn-Site-Id
Backend-Name
X-Uri
ServerName
X-Urbn-Context-Path
X-DC
Locale
X-TrackingId
Uber-Trace-Id
X-IN-APIGATEWAYSSL
X-Cms-Context
X-Distributor
Request-Country
Request-EU
X-IN-APIGATEWAY
X-Clientip
Countrycode
X-Fastly-Cache
X-Developers
X-VC-Cache
X-Distil-CS
IsBot
X-BYPASS-REASON
Gh-Request-Id
X-Hl-Ver
X-WebServer
Fastly-Soc-X-Request-Id
N-Cache
X-Core-Mission
X-Cdn-Srv
X-Release
X-Azure-Ref-OriginShield
X-Thanos
X-ProxyCache-Key
X-Auto-Login
X-Request-Start
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SIPLIST1
X-Up
X-Bip
X-Azure-Ref
Section-Io-Cache
X-ProxyCache-Status
X-Cache-Bucket
X-Via-CDN
User-Cache-Control
X-Guploader-Uploadid
X-Debug-Log
X-App-Name
X-Debug-Cookies
X-ABtesting
X-Cdn-Origin
X-Cache-Info
X-Variation
X-Device-Os
X-Cache-FS-Status
X-Amz-Meta-Cache-Control
X-Debug-Cache-Store
X-Clara-WADP
X-Policy
X-Backend-Host
X-Block-Status
X-BBXSRF
X-Cache-Id
X-C
X-Compress-Hint
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-CUA
X-CGP
X-Generated-On
X-Wikidot-Static-Cache
X-Platform-Server
X-Proxy-Cache-Status
X-Proxy-Upstream
X-PHP-Host
X-Owner
X-MSEdge-Flight
X-Nginx-Cache-Key
X-NX-Host
X-Old-Content-Length
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-B3-SpanId
X-ServiceProvider
X-Skip-Cache
X-Sn-Servicetimems
X-Request-URI
X-Wikidot-Backend
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reboot
X-MSEdge-Features
X-Method
X-Generated-In
W
X-Generation-Time
X-Geo-Header
X-Gen-Mode
X-GDPR
X-Epic-Correlation-Id
X-Eu-Site
X-Fetched-On
X-Flog
X-GeoIP-City
X-Hash
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Location
X-Li-Fabric
X-Level-Front-Cache
X-Hello
X-Hnp-Log
X-Irp-Debug
X-ElasticPress-Search
X-Backend-Url
Magicmarker
L
Is-Eu
HA-Ipaddr
X-Routing-Service
PFcat
RNT-Time
RNT-Machine
Platform
Ha-Gx-Prefs
Fastly-SIE
Adler-Geo
X-WADP-Cache
X-We-Are-Hiring
AKAMAI
CDCHOST
Esi-Enabled
Content-Disposition
X-Zipkin-Id
True-Client-Country-4JS
Fastly-SWR
V-Age
X-Proxied
X-Microcachable
X-Dispatcher-Server
X-SayCDN-TTL
X-Say-TTL
X-Webstats-RespID
X-Dispatch
X-Thinkindot-L3
X-Unique-ID
X-Servername
X-Server-IP
Pagetype
X-Say-Cacheable
X-SD-PageType
Kp-EeAlive
X-Matched-Rule
X-Key
Wxu-Next-Region
Wxu-Next-Hostname
X-VServer
X-Internal-Host
X-Reqid
Wxu-Next-Commit
X-Qloud-Router
X-Response-By
Web-Mar-Node
X-User
Pramga
Heartbleed
X-Backend-State
Thinkindot-Control
Thinkindot-CacheControl-Type
SS
Server-Int
SD-X-WS
Served-By
X-Swa-Ws
Server-Host
Thinkindot-CacheControl
X-Cdn-Forward
X-IPS-LoggedIn
Country-Code
Resin-Trace
Cache-Cookie-Set-Lfrom
Memory
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Service
X-MP-GENERATED-AT
X-Dc
X-Ratelimit-Limit
X-FPC
X-Var-Ttl
X-Nc
X-Page-Type
X-Geo
Cache-Provider
X-Is-Gdpr
X-JWT-State
REQUESTUUID
X-Has-Esi
UCS
X-Wa
X-Lb-Id
X-Servedbyhost
Powered-By-ChinaCache
ProcessTime
X-RateLimit-Reset
Ajk
X-Logtrace-Id
X-NWS-UUID-VERIFY
X-HTML-Minification-Powered-By
X-Datadome
X-Cache-Backend
Proxy-Firewall
X-Info
X-UA
X-Be
X-Litespeed-Cache
Srv
X-Cache-URL
X-Pjax-Url
X-Svr
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-VCL-Version
X-Oss-Storage-Class
X-Processor
X-Tb-Optimization-Total-Bytes-Saved
X-SRV
Powered-By
X-Cache-Category-Id
SN
X-Grey
X-Instart-Isnd
X-Varnish-Beresp-Ttl
X-CDN-Forward
X-COUNTRY
X-Ruxit-Js-Agent
X-SN
Dynatrace
X-HS-Status
PICS-Label
X-Scheme
X-Webkit-Csp
X-Tec-Api-Version
X-Tec-Api-Root
X-Zone
X-ZONE
X-URL
X-Tec-Api-Origin
CACHE
X-Ftr-Request-Id
X-TH-Server
X-NodeID
Fastly-Backend-Name
Group
X-Ttl
X-Dynatrace
GeoIP-Country-Code
GeoIP-City
GeoIP-Latitude
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Source
X-GRACE
X-RCS-CacheZone
X-SERVER-NAME
X-Pf-Uncompressing
X-Cache-Ttl
X-EC-Lua
X-LiteSpeed-Cache-Control
X-Server-W
Cache-Host
GW-Server
X-Newrelic-Synthetics
X-LAGOON
X-Varnish-Beresp-TTL
X-Secret
X-APP
X-Varnish-Url
Ttl
X-Dynatrace-Js-Agent
X-PF-Uncompressing
X-Gannett-Site-Version
X-Bc
LB
Cdn
X-NODE
X-Check-Cacheable
X-Ms-Request-Id
CF-Cached-On
WZWS-RAY
X-Ms-Version
X-Via-Ucdn
X-Ftr-Cache-Host
XServer
X-Sucuri-Id
X-Varnish-Cacheable
X-CDN-Cache
Geoip-Latitude
X-Tt-Trace-Host
GeoIp-Country-Code
Geoip-City
X-Ratelimit-Remaining
On-Server
X-FORWARDED-FOR
X-Session-Fingerprint
X-Edge
Lfy
X-Trafficlayer-App-Scope
X-Cache-Debug
X-Trafficlayer-App-Name
Environment
MIME-Version
X-BC
X-Aicache-OS
Pics-Label
X-GeoIP-Country-Code
X-Fastly-Country-Code
User-Agent
WWW
M-TraceId
Inserted-Into-Cache-At
X-Agile-Age
X-Akamai-SSL-Client-Sid
X-Agile
X-Agile-Id
X-Ftr-Realm
X-CSRF-Token
X-Ftr-Backend-Server
X-Ftr-Dc
X-Ftr-Balancer
X-Ftr-Backend
Ohc-Response-Time
X-PJAX-URL
X-NU-AKA-ACS-Version
X-Vcl-Version
X-Mid
X-BE
Requestid
Cf-Ipcountry
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
X-Logging-Id
X-Crawler
SID
X-Varnish-Ttl
Who
X-MCACHE
X-Render-Time
X-UPSTREAM-Address
Amp-Access-Control-Allow-Source-Origin
X-Litespeed-Cache-Control
X-Cache-Miss-From
X-Sedo-Request-Id
URI
HostName
X-LB-ID
X-Fastly-Backend-Reqs
Lb
X-DI
X-DW
X-Action
X-DSS
X-Micro-Cache
X-FE
X-RPM
X-Cache-Tag
X-DB
X-RPS
Xkeyrz
X-Proxy-Cacherz
X-RSL
X-Via-SSL
X-Via-Edge
X-Served-From
X-WR-MODIFICATION
X-ServedByHost
CDN
Host-ID
RequestUuid
X-WA
X-Core-Value
X-NGINX-Cache
X-Correlation-ID
DataCenter
X-Cf-Powered-By
X-Zalando-Child-Request-Id
X-AK-Request-ID
X-Page-Impression-Id
Cdnsip
Cdncip
X-Sucuri-ID
X-Nananana
X-Fpc
X-Flow-Id
X-Fastly-Cache-Hits
Xkeypdq
X-Swift-Error
X-Unique-Id
X-Newrelic-App-Data
X-VC
X-Vdms-Version
FNAC-ModuleRouting
X-Cdn-Request-ID
Get-Access-Time
X-Sigma-Backend
X-Sucuri-Cache
X-TT-LOGID
X-Sigma
X-Rocket-Build-Number
X-SB
Is-Session-Tracking
Warning
Cneonction
X-Amzn-Remapped-Connection
X-TIME
X-MID
Correlation-Id
X-Amzn-Remapped-Date
X-Vct
RequestId
X-Ecache
X-Gen-Id
X-Shopify-Generated-Cart-Token
X-Apw-Hits
X-Apw-Access-Token
X-Request-URL
X-Fstrz
X-Apw-Access-Object
TTL
X-Dw-Trace-Id
HitType
X-Protected-By
X-ServerName
X-Apw-Access-Action
X-Bug-Bounty
V-Cache
X-Fe
Processtime
Xet-Cookie
X-Gdpr
X-ECache
X-MiniProfiler-Ids