Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
X-Request-ID
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-CDN
X-Ua-Compatible
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Server
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Amz-Version-Id
Server-Timing
Feature-Policy
X-WebKit-CSP
X-Server-Id
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
EagleEye-TraceId
X-Response-Time
X-Host
X-Backend-Server
X-Node
Request-Id
Content-Location
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-Origin-Upstream-Status
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-DataDome
X-Rack-Cache
Surrogate-Control
X-HW
Allow
Rating
X-Country-Code
X-FTR-Request-ID
X-Clacks-Overhead
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Url
X-DynaTrace
X-TTL
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
X-Goog-Hash
X-MS-InvokeApp
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
Verso
X-Powered-By-Plesk
RTSS
Public-Key-Pins
X-CST
Pinterest-Generated-By
X-Px
Edge-Control
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
X-Middleton-Response
X-Middleton-Display
Response
Display
X-Sol
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
Service-Worker-Allowed
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-D2id
X-Ah-Environment
X-B3-TraceId
SPRequestGuid
X-SharePointHealthScore
X-Vcap-Request-Id
X-Version
X-Akam-SW-Version
Accept-CH
MS-Author-Via
TCN
X-Abt-Application-Version
X-Navigation-Version
X-GitHub-Request-Id
X-Powered-CMS
Accept-Ch-Lifetime
X-ESI
X-Server-Name
SPIisLatency
SPRequestDuration
X-RateLimit-Remaining
X-Shard
X-Upstream
Charset
Ar-Sid
AR-ATIME
X-Amz-Server-Side-Encryption
AR-CACHE
AR-PoweredBy
Fastly-Restarts
X-Forwarded-Proto
X-XRDS-Location
Nginx-Cache
X-Trace
X-Amz-Rid
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Realpath
X-TEC-API-ROOT
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Debug
X-Aspnetmvc-Version
X-Ezoic-Cdn
Front-End-Https
X-Cached
AR-Request-ID
X-NF-Request-ID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Shield-Request-Id
X-MSEdge-Ref
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
Pagespeed
X-B3-TraceId-Primal
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
Paypal-Debug-Id
Content-MD5
MicrosoftSharePointTeamServices
X-Id
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-Goog-Storage-Class
ServerID
X-VCache
X-Amz-Meta-S3cmd-Attrs
DynaTrace
X-T
S
X-Fastly-Request-ID
X-Via-JSL
X-Varnish-Age
X-Client-IP
X-Content-Type
X-Vcache
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-Ser
X-Correlation-Id
X-Grace
X-Accel-Expires
Fastcgi-Cache
X-DynaTrace-JS-Agent
X-Content-Digest
Powered
X-Frontend
X-SERVER
X-FTR-Cache-Host
X-N
PB-RID
X-DIS-Request-ID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-RateLimit-Limit
AMP-Access-Control-Allow-Source-Origin
X-FastCGI-Cache
Server-Name
X-Logged-In
X-Forwarded-For
X-HS-Content-Id
X-HS-Hub-Id
Edge-Cache-Tag
X-Fastcgi-Cache
Accept-Ch
X-GUploader-UploadID
X-B3-Sampled
TP-L2-Cache
TP-Cache
X-Microsite
X-Server-ID
X-Request-Handler-Origin-Region
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
X-Cache-Age
X-Type
X-Kinsta-Cache
X-User-Agent
X-Az
X-AppVersion
X-Activity-Id
X-Rid
X-IPLB-Instance
X-Analytics
Backend-Timing
X-Revision
X-LB-Cache
X-Pinterest-Rid
Pinterest-Version
Healthy
FilterID
X-Whom
Retry-After
X-Node-Name
X-Time
X-B3-Traceid
X-Cache-Hit
X-F-Cache
Server-Node
X-NWS-LOG-UUID
X-Srv
X-Cache-2
X-Kong-Proxy-Latency
Accept-Charset
X-Kong-Upstream-Latency
Alternate-Protocol
X-Cache-Rule
X-Esi
X-Amzn-RequestId
X-Amz-Apigw-Id
Cache-Status
X-Hp-Webp
X-Content-Options
Surrogate-Key
X-Erf-Bev-Bev
X-Akamai-Edgescape
X-Erf-Bev-Bev-Is-Generated
Refresh
DC
X-Content-Security-Policy-Report-Only
X-AOL-HN
X-Content-Powered-By
X-Instance
X-Forwarded-Host
VIX-Pulpo-Node
Cache-Tag
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Tumblr-User
X-Debug-Info
X-Framework
X-Cluster
X-Jobs
X-Varnish-Grace
X-PHP-Backend
MS-CV
Source
X-FB-Debug
X-App-Environment
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-Page-Id
X-Request-Guid
X-FW-Hash
Tracecode
X-App-Server
Fastcgi-Useragent
X-B
Frame-Options
X-TA-CDN-Provider
X-Cache-Operation
X-Hostname
Host
X-Acc-Meta-Resource-Type
X-Mobile-URL
Actual-Object-TTL
Cleartype
X-Geo-Country
X-Signature
X-B-Cache
X-Seen-By
X-Cache-Control
X-Cache-Key
X-Cache-TTL
X-Cached-By
X-BCube-Filmed-By
X-Host-Name
X-Varnish-Backend
X-Amz-Replication-Status
X-Git-Hash
X-TT
X-Pad
Upgrade-Insecure-Requests
X-Mobile
NGB
X-Response-Served-From
X-Adobe-Content
X-Adobe-Loc
Accept-CH-Lifetime
X-TT-TIMESTAMP
X-WebKit-CSP-Report-Only
Liferay-Portal
Payment
Filters
X-Status
X-ProcessESI
NR-ENABLED
Cache-Tv-Group
WPE-Backend
X-RemovedCookies
Eomportal-Instance
Webserver
GEO-INFO
X-Tumblr-Pixel-1
Ms-Operation-Id
From-Origin
X-RTag
X-TX-ID
X-ATG-Version
X-Drupal-Cache-Tags
X-Handled-By
X-Tumblr-Pixel-2
X-Cacheable-TTL
X-GeoIP
X-RequestSource
X-UA-Device-Type
X-FW-Dynamic
X-Cache-Remote
X-WA-Info
X-Cache-TTL-Remaining
X-Origin-Server
X-EdgeConnect-Cache-Status
X-Daa-Tunnel
Xserver
X-Content-Age
X-Cache-Action
X-Webkit-CSP
X-Edge-Location
X-Presslabs-Stats
X-Storage
X-Ratelimit-Reset
Viewport
Datacenter
X-Wix-Request-Id
X-Hyper-Cache
X-Contextid
Version
X-Region
X-CF-Powered-By
X-Accel-Buffering
X-Varnish-Hostname
X-PressLabs-Stats
Cache
X-HS-Cache-Config
Host-Header
X-Akamai-Transformed
PageSpeed
Ohc-File-Size
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-RN-RSRV
X-Path-Route
X-Varnish-Server
X-Cache-Var-Map
X-ES-SERVER
X-Upstream-Proxy
X-Cache-Var
Meta-Geo
Load-Balancing
X-IP
X-Cache-NE
S-Cnection
X-From
Cache-Tags
X-Cache-Server
Cache-Name
X-Ua
Rt-Fastcgi-Cache
Cache-Hits
X-Cache-Config
X-Loop
Decoy-Debug-Key
Vix-Hermes-Req-Id
Decoy-Debug-TTL
X-NCache
X-Cache-Enabled
X-TNCMS
X-Tumblr-Pixel-3
X-Time-Microsecs
X-Section
X-Proxy
X-ApacheServer
X-PERF
Decoy-Debug-Status
X-Element-Page-Cache
X-Origin-Response-Time
X-Proto
X-Access
Ec-Rule-Version
X-Viewer-Country
X-Akamai-Request-ID2
X-CS
X-Akamai-Request-ID
X-Via-Fastly
Azure-Version
Country
Cache-Key
Azure-SlotName
Azure-RegionName
Azure-SiteName
DB-Nickname
X-Cache-Time
X-Xfnlog-Site
X-Origin-Hint
X-Web-Node
X-Cluster-Node
Azure-InstanceId
X-OCL
X-Origin
X-R9-Blue-Green-Version
X-PCL
X-Varnish-Cache-Hits
X-Timing-Wait
X-Rule
X-Proxy-Build
X-Trace-Id
X-Upgrade-Enabled
X-Upstream-HT
X-Upstream-CT
X-Labrador-Cache-Channel
X-Hit
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
Selected-Fe
TWC-Connection-Speed
Webcakes-App-Name
Webcakes-App-Version
X-Drupal-Cache-Contexts
X-FC-Vary-Parameters
X-Format
X-CCM
X-Cache-Grace
Webcakes-Region
X-Backend-TTL
Mn-Server-Ip
S-Rt
X-DataStream-Cache-Status
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-EIG-Tracking-Id
X-Cache-Host
X-Debug-Cache
X-Hosted-By
X-JoinUs
X-Www-Served-By
X-Human
X-UnsetCookies
X-Locale
X-Backend-Name
X-Site-Version
X-Device-Type
Server-Info
X-NewRelic-App-Data
X-FireWall-Port
Ohc-Cache-HIT
DSUID
Release
X-VCT
X-FW-Version
X-Rendered-As
X-S
X-Varnish-Hits
Time
Now
X-Vgn-Hpd-Reason
X-OVcl
Hostname
X-OVcl-Cache
OT-Force-Account-Verify
X-Real-IP
Access-Control-Request-Headers
X-VG-TLSProxy
X-Redis-Cache
Fastcgi-X-Cache-Version
X-Pubstack
ServedBy
Cteonnt-Length
Origin-Edge-Control
Origin-Cache-Control
X-Litespeed-Cache
SRV
X-NGENIX-Cache
X-VG-WebCache
L5d-Success-Class
X-SS-Set-Cookie
X-APP-VERSION
X-FB-TRIP-ID
X-Sorting-Hat-PodId
Accept-Language
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
Origin
X-HS-Combine-CSS
X-Alternate-Cache-Key
X-CSRF-TOKEN
Machine
X-Tb
Fastly-SSL
NtCoent-Length
X-App-Version
X-NC
X-Tt-Trace-Tag
X-Cluster-Name
X-GEO
X-UUID
X-B3-Spanid
X-L-Path
X-CACHE-KEY
X-Environment-Context
X-Parent-Response-Time
X-Origin-CC
X-No-Session
X-Origin-TTL
X-Nginx-Cache
X-GoCache-CacheStatus
X-Load-Cache
IBM-Web2-Location
X-Ttl
X-ECACHE
X-Rocket-Nginx-Bypass
X-ServerID
X-Soup
X-B3-Parentspanid
X-Endurance-Cache-Level
NGX
X-Magnolia-Registration
X-Uri
Nel
X-Amzn-Remapped-Content-Length
Mime-Version
Odigeo-Trace-Id
X-Is-Bot
X-Mode
X-Generated-By
X-XRDS-LOCATION
Akamai-GRN
CF-IPCountry
X-A-Wwc
Fly-Request-Id
X-A-Dgt
Xc-Version
X-Accel-Expires-Debug
GEO-REGION-INFO
X-External-Request-Id
Fly-Cache
X-DPWN-IS-SECURE
X-G
X-Edge-Server
X-MServer
Cross-Origin-Window-Policy
X-ARC
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Application
A
X-Vtex-Processado-Em
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Content-Style-Type
AsisCache
X-AIR-PT
X-VG-WebServer
Rendered-Blocks
X-Detected-As
Proxy-Connection
X-Developer
X-Destination
X-Node-Id
X-Connection-Hash
X-Aed
X-D
X-Date
Request-Time
X-A-Dam
Content-Script-Type
Rt-Proxy-Cache
X-Server-Time
X-PAYTM-SRV-ID
Cdn-Host
X-AWS-Id
Cache-Prefix
X-Trv-Group
X-S-Cookie
X-Transaction
MD5-Digest
Memcached
X-LJ-Flow-ID
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-ScT
X-Region-Sid
Meta-Geo-Continent
Mobile-Detection-Method
Node
Arc-Country
Cdn-Request-Time
X-A-Ccd
X-Instart-Info
X-VWS-Id
X-A
BehaviorPad-Version
X-B-Cookie
X-SRCache-Key
VivaBuild
X-A-Dcw
X-Worker
X-Vtex-Remote-Cache
Viewtype
X-Twitter-Response-Tags
T-Server
X-Oneagent-Js-Injection
We-Hiring
Mail-Subject
ServerName
Backend-Name
X-SIPLIST1
X-Cdn-Srv
Section-Io-Cache
X-SVT-ORM-RULES
X-S-Maxage
X-Azure-Ref-OriginShield
X-SVT-ORM-VERSION
X-Azure-Ref
X-Cache-Bucket
Request-Country
Request-EU
X-Origin-Expires
IsBot
X-Urbn-Site-Id
Locale
X-Up
X-Fastly-Cache
X-B3-SpanId
X-Hl-Ver
X-Urbn-Context-Path
X-Developers
X-VC-Cache
Fastly-Soc-X-Request-Id
X-Release
N-Cache
X-Origin-Date
X-Cms-Context
X-Request-Time
User-Cache-Control
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Uber-Trace-Id
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Int
Thinkindot-Control
RNT-Time
W
True-Client-Country-4JS
X-App-Name
X-Generation-Time
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Policy
X-Nginx-Cache-Key
X-Level-Front-Cache
X-Location
X-Matched-Rule
X-Method
X-Reboot
X-ServiceProvider
X-WADP-Cache
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-TrackingId
X-Skip-Cache
X-Sn-Servicetimems
X-Thanos
X-Thinkindot-L3
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Cdn-Origin
X-Clara-WADP
X-Clientip
X-Compress-Hint
X-Cache-Info
X-C
X-Backend-Url
X-BBXSRF
X-Bip
X-Block-Status
X-Core-Mission
X-CUA
X-Generated-On
RNT-Machine
X-Geo-Header
X-Hnp-Log
X-Gen-Mode
X-GDPR
X-Device-Os
X-Distil-CS
X-Distributor
X-ElasticPress-Search
X-Backend-Host
X-Auto-Login
Fastly-SIE
Fastly-SWR
L
Esi-Enabled
Countrycode
AKAMAI
CDCHOST
Content-Disposition
Magicmarker
Gh-Request-Id
X-Via-CDN
X-Oracle-Dms-Rid
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Microcachable
X-Li-Fabric
X-Swa-Ws
X-Internal-Host
X-Li-Pop
X-Debug-Cache-Expiry
X-Service
X-LI-UUID
X-Qloud-Router
X-Server-IP
X-LI-Proto
X-Hash
X-GeoIP-City
X-Epic-Correlation-Id
X-Dispatch
X-Debug-Log
X-Debug-Cookies
X-Eu-Site
X-Fetched-On
X-Var-Ttl
X-MSEdge-Features
X-Debug-Cache-Fetch
X-Generated-In
X-Debug-Cache-Store
Heartbleed
X-Request-URI
X-Say-Cacheable
X-Request-Start
X-Webstats-RespID
X-Reqid
X-Say-TTL
X-WebServer
X-User
X-Guploader-Uploadid
X-Servername
X-SayCDN-TTL
X-ProxyCache-Status
X-ProxyCache-Key
X-Old-Content-Length
X-Org
X-NX-Host
X-MSEdge-Flight
X-Variation
X-CGP
X-Owner
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Platform-Server
X-PHP-Host
Pramga
X-Irp-Debug
Wxu-Next-Hostname
Wxu-Next-Commit
Web-Mar-Node
Wxu-Next-Region
Ha-Gx-Prefs
X-BYPASS-REASON
X-Backend-State
X-Amz-Meta-Cache-Control
Is-Eu
Kp-EeAlive
Server-ID
Server-Host
Served-By
Platform
PFcat
V-Age
Pagetype
Adler-Geo
HA-Ipaddr
X-Cache-FS-Status
X-Cache-Id
X-Dc
X-Has-Esi
X-JWT-State
X-Is-Gdpr
X-Hello
X-DC
Resin-Trace
X-SD-PageType
X-ABtesting
X-Flog
X-Key
Cache-Provider
Memory
X-Dispatcher-Server
SD-X-WS
X-Cdn-Forward
Srv
X-FPC
X-Dynatrace-Js-Agent
SS
X-Wa
X-COUNTRY
X-UA
X-Info
X-Response-By
X-URL
X-Routing-Service
X-Proxied
X-Servedbyhost
X-Unique-ID
REQUESTUUID
X-Nc
X-Lb-Id
X-Zipkin-Id
X-Trafficlayer-App-Name
X-NWS-UUID-VERIFY
X-Trafficlayer-App-Scope
X-IPS-LoggedIn
Cache-Cookie-Set-From
Country-Code
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Geo
X-Be
X-RateLimit-Reset
X-SRV
X-Svr
X-Page-Type
X-Cache-URL
X-Instart-Isnd
X-Cache-Backend
X-MP-GENERATED-AT
X-Ratelimit-Limit
UCS
X-VCL-Version
X-Datadome
X-CDN-Forward
X-Scheme
X-Processor
CACHE
X-Logtrace-Id
X-Pjax-Url
Powered-By-ChinaCache
X-NodeID
Ajk
X-HTML-Minification-Powered-By
XServer
ProcessTime
X-SN
X-Varnish-Beresp-Ttl
X-Oss-Storage-Class
Proxy-Firewall
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
Group
X-Ruxit-Js-Agent
PICS-Label
SN
X-Tb-Optimization-Total-Bytes-Saved
Dynatrace
X-Zone
X-HS-Status
X-Webkit-Csp
X-Ftr-Request-Id
X-Grey
X-Server-W
Cache-Host
X-ZONE
X-Cache-Category-Id
Powered-By
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Dynatrace
Ttl
X-Newrelic-Synthetics
X-EC-Lua
X-GRACE
X-Source
GeoIP-Country-Code
X-TH-Server
GeoIP-City
X-Ms-Request-Id
X-APP
Fastly-Backend-Name
X-Ms-Version
X-Pf-Uncompressing
X-Via-Ucdn
GeoIP-Latitude
X-PF-Uncompressing
X-FORWARDED-FOR
X-Varnish-Beresp-TTL
X-Sucuri-Id
X-LiteSpeed-Cache-Control
Geoip-Latitude
X-Session-Fingerprint
GeoIp-Country-Code
MIME-Version
Geoip-City
Lfy
X-Check-Cacheable
X-NODE
GW-Server
LB
X-Agile-Id
X-Cache-Debug
X-Ftr-Cache-Host
X-LAGOON
X-RCS-CacheZone
Cdn
X-Agile-Age
X-Agile
X-Bc
X-Ratelimit-Remaining
X-Fastly-Country-Code
X-Varnish-Url
Environment
X-Gannett-Site-Version
Pics-Label
CF-Cached-On
X-Secret
X-Tt-Trace-Host
X-Aicache-OS
X-Edge
X-7Graus-Varnish-Cache-Control
X-Logging-Id
X-7Graus-Varnish-XKeys
WZWS-RAY
X-BC
X-Cache-Ttl
X-Akamai-SSL-Client-Sid
X-Varnish-Cacheable
M-TraceId
On-Server
X-Sedo-Request-Id
X-Cache-Miss-From
X-CDN-Cache
WWW
X-PJAX-URL
X-Ftr-Balancer
X-Ftr-Realm
X-Ftr-Dc
X-Ftr-Backend
X-Ftr-Backend-Server
X-GeoIP-Country-Code
Requestid
X-Mid
User-Agent
Ohc-Response-Time
Cf-Ipcountry
X-Vcl-Version
X-Unique-Id
X-Core-Value
Inserted-Into-Cache-At
DataCenter
X-Varnish-Ttl
X-CSRF-Token
X-UPSTREAM-Address
X-Fastly-Backend-Reqs
X-MCACHE
Amp-Access-Control-Allow-Source-Origin
Cdnsip
SID
X-AK-Request-ID
X-NU-AKA-ACS-Version
X-Sucuri-ID
X-BE
X-Cache-Tag
Cdncip
X-Litespeed-Cache-Control
Lb
X-DI
X-DB
X-DSS
X-TT-LOGID
X-Proxy-Cacherz
X-Action
URI
Who
CDN
X-Crawler
X-DW
Xkeyrz
X-RPM
X-Render-Time
X-Vdms-Version
X-RSL
X-Sucuri-Cache
X-RPS
HostName
X-SERVER-NAME
X-NGINX-Cache
RequestUuid
Host-ID
X-Sigma
X-Swift-Error
X-Rocket-Build-Number
X-Fstrz
X-Sigma-Backend
X-LB-ID
X-Correlation-ID
Is-Session-Tracking
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Pragrma
X-Planisys-CDN-Rules
Get-Access-Time
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-Fpc
X-Nananana
X-Micro-Cache
X-Flow-Id
X-Fastly-Cache-Hits
Xkeypdq
Warning
X-WR-MODIFICATION
X-ServedByHost
X-WA
X-FE
X-Newrelic-App-Data
X-TIME
X-Served-From
Server-Id
X-MID
X-Via-SSL
Correlation-Id
X-Via-Edge
X-Cdn-Request-ID
X-SB
X-VC
X-Via-NSCOPI
Cneonction
X-Refresh
FNAC-ModuleRouting
X-Cf-Powered-By
X-Gen-Id
X-LiteSpeed-Tag
X-Trafficlayer-App-Version
X-MiniProfiler-Ids
Xet-Cookie
HitType
X-Bug-Bounty
X-ServerName
X-Fe
V-Cache
X-ECache
X-Gdpr
X-Dw-Trace-Id
RequestId
Processtime
X-Request-URL