Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-CDN
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-UA-Device
X-Server
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Amz-Version-Id
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
X-Host
X-Response-Time
X-Node
EagleEye-TraceId
X-Backend-Server
Content-Location
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-Origin-Upstream-Status
X-ORACLE-DMS-RID
X-Rack-Cache
Surrogate-Control
Allow
X-HW
X-DataDome
X-Ruxit-JS-Agent
Rating
X-Country-Code
X-FTR-Request-ID
X-TTL
X-Country
X-Clacks-Overhead
X-DynaTrace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Url
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-Instart-Request-ID
Fusion-Content-Id
X-Goog-Hash
X-MS-InvokeApp
X-Varnish-TTL
X-PC
X-Vname
X-TtlSet
RTSS
X-CST
Verso
X-Powered-By-Plesk
Public-Key-Pins
X-Px
X-Recruiting
X-VARITI-CCR
Edge-Control
X-Mod-Pagespeed
Pinterest-Generated-By
X-Ah-Environment
Service-Worker-Allowed
X-B3-TraceId
X-Sol
X-Middleton-Response
X-Middleton-Display
Response
Display
X-D2id
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
Accept-Ch-Lifetime
X-Akam-SW-Version
Accept-CH
MS-Author-Via
TCN
X-Abt-Application-Version
X-Navigation-Version
X-RateLimit-Remaining
X-GitHub-Request-Id
X-Powered-CMS
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Shard
SPRequestDuration
X-Upstream
SPIisLatency
Ar-Sid
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Server-Name
X-Forwarded-Proto
Charset
X-Amz-Server-Side-Encryption
Fastly-Restarts
X-XRDS-Location
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-ESI
X-Aspnetmvc-Version
X-Amz-Rid
Realpath
Nginx-Cache
X-Trace
X-Debug
Front-End-Https
X-Ezoic-Cdn
AR-Request-ID
X-Cached
X-Shield-Request-Id
Mrf-Cache-Status
MRF-Tech
X-Goog-Stored-Content-Length
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Mrf-Section-Lastmod
X-NF-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
Arr-Disable-Session-Affinity
Paypal-Debug-Id
Pagespeed
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
Content-MD5
X-Vcache
X-Id
ServerID
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-Goog-Storage-Class
DynaTrace
MicrosoftSharePointTeamServices
X-T
S
X-Amz-Meta-S3cmd-Attrs
X-DynaTrace-JS-Agent
X-Fastly-Request-ID
X-Via-JSL
X-Client-IP
X-Varnish-Age
X-Content-Type
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-VCache
X-SERVER
X-RateLimit-Limit
Fastcgi-Cache
X-FastCGI-Cache
X-Accel-Expires
X-Ser
X-Content-Digest
X-N
X-Frontend
Powered
X-FTR-Cache-Host
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Correlation-Id
PB-RID
X-DIS-Request-ID
Server-Name
X-Grace
X-Logged-In
X-Forwarded-For
Accept-Ch
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-HS-Content-Id
X-HS-Hub-Id
TP-Cache
TP-L2-Cache
X-Request-Handler-Origin-Region
Edge-Cache-Tag
X-Microsite
X-Fastcgi-Cache
X-Request-Processing-Time
X-Zen-Fury
X-Request-Received
X-Cache-Age
X-Type
X-User-Agent
X-Az
FilterID
X-Activity-Id
X-AppVersion
X-IPLB-Instance
X-Rid
X-Esi
X-Kinsta-Cache
Backend-Timing
X-GUploader-UploadID
X-Analytics
Healthy
X-Revision
X-LB-Cache
X-Whom
X-Node-Name
Retry-After
X-Time
X-Pinterest-Rid
Pinterest-Version
X-F-Cache
X-Srv
X-Cache-Hit
X-NWS-LOG-UUID
X-B3-Traceid
X-Cache-2
Accept-Charset
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Alternate-Protocol
X-Amzn-RequestId
X-Amz-Apigw-Id
Server-Node
X-TA-CDN-Provider
X-Cache-Rule
Cache-Status
X-AOL-HN
X-Content-Options
Surrogate-Key
X-Server-ID
X-Acc-Meta-Resource-Type
DC
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
X-Hp-Webp
Refresh
X-Forwarded-Host
VIX-Pulpo-Upstream-Status
X-Debug-Info
X-Instance
X-Jobs
X-Content-Powered-By
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
Access-Control-Allow-Method
X-Tumblr-Pixel
X-Tumblr-User
X-PHP-Backend
X-Tumblr-Pixel-0
X-Page-Id
X-Framework
X-Varnish-Grace
X-FB-Debug
X-B
Source
MS-CV
X-Cluster
X-Request-Guid
X-App-Environment
Frame-Options
X-App-Server
Cache-Tag
Fastcgi-Useragent
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Hostname
Tracecode
Host
X-Cache-Operation
Cleartype
Actual-Object-TTL
X-Mobile-URL
X-B-Cache
X-Signature
X-BCube-Filmed-By
X-Seen-By
X-Geo-Country
X-Cached-By
X-Cache-Control
X-Cache-Key
X-Varnish-Backend
X-Amz-Replication-Status
X-TT
X-Host-Name
X-Cache-TTL
X-Git-Hash
X-Mobile
Liferay-Portal
NGB
X-Pad
X-Response-Served-From
X-Adobe-Loc
X-Adobe-Content
Upgrade-Insecure-Requests
X-TT-TIMESTAMP
Payment
X-Ratelimit-Reset
X-WebKit-CSP-Report-Only
Xserver
X-Status
X-RemovedCookies
X-ProcessESI
WPE-Backend
X-ATG-Version
Filters
Cache-Tv-Group
Eomportal-Instance
From-Origin
X-RTag
X-PressLabs-Stats
Ms-Operation-Id
X-TX-ID
X-FW-Dynamic
X-Cacheable-TTL
Webserver
X-GeoIP
X-WA-Info
GEO-INFO
X-Tumblr-Pixel-2
X-Drupal-Cache-Tags
X-UA-Device-Type
X-Tumblr-Pixel-1
X-RequestSource
X-Handled-By
X-Cache-Remote
X-Cache-TTL-Remaining
X-Origin-Server
X-Webkit-CSP
Datacenter
X-Content-Age
Accept-CH-Lifetime
X-Daa-Tunnel
X-Edge-Location
X-Cache-Action
NR-ENABLED
X-Storage
Viewport
X-Varnish-Hostname
X-Accel-Buffering
X-DataStream-Cache-Status
X-EdgeConnect-Cache-Status
X-Hyper-Cache
Version
X-Contextid
X-CF-Powered-By
X-Wix-Request-Id
X-Upstream-Proxy
X-Region
PageSpeed
X-Ua
Host-Header
X-Akamai-Transformed
Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Path-Route
Ohc-File-Size
X-Varnish-Server
Load-Balancing
X-RN-RSRV
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
Meta-Geo
X-IP
X-From
S-Cnection
Cache-Tags
X-Cache-NE
Cache-Name
X-Presslabs-Stats
Ec-Rule-Version
DB-Nickname
Cache-Hits
X-Akamai-Request-ID
X-TNCMS
X-Cache-Time
X-Cache-Config
X-Akamai-Request-ID2
X-Time-Microsecs
X-Upgrade-Enabled
X-Via-Fastly
X-Loop
X-Labrador-Cache-Channel
X-CS
Rt-Fastcgi-Cache
X-Origin
X-Access
X-ApacheServer
X-PERF
X-Proto
Vix-Hermes-Req-Id
X-Section
X-Origin-Response-Time
X-Proxy
Azure-SiteName
X-UnsetCookies
X-NCache
Azure-InstanceId
Decoy-Debug-Status
Azure-RegionName
X-Proxy-Build
X-R9-Blue-Green-Version
X-Timing-Wait
X-JoinUs
Azure-Version
Azure-SlotName
Country
Cache-Key
X-Tumblr-Pixel-3
X-Trace-Id
Decoy-Debug-Key
X-Upstream-HT
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
Mn-Server-Ip
X-Xfnlog-Site
Selected-Fe
S-Rt
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-Region
X-Origin-Hint
X-Viewer-Country
X-Web-Node
X-Varnish-Cache-Hits
X-EIG-Tracking-Id
X-Upstream-CT
X-Cluster-Node
X-CCM
X-Cache-Enabled
X-Backend-TTL
X-Cache-Grace
X-Cache-Host
Decoy-Debug-TTL
X-Format
Property-Id
X-Cache-Server
X-S
X-PCL
X-Debug-Cache
X-Drupal-Cache-Contexts
X-Backend-Name
X-Www-Served-By
X-Varnish-Hits
X-Site-Version
X-FC-Vary-Parameters
X-OCL
X-Hit
X-FireWall-Port
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Human
X-Locale
X-FW-Version
X-Hosted-By
Now
X-HS-Cache-Config
X-Device-Type
Server-Info
X-Rendered-As
Release
X-Rule
X-VCT
DSUID
SRV
Ohc-Cache-HIT
OT-Force-Account-Verify
Time
X-NewRelic-App-Data
Hostname
X-Vgn-Hpd-Reason
X-Litespeed-Cache
X-VG-TLSProxy
ServedBy
Fastcgi-X-Cache-Version
X-OVcl
X-OVcl-Cache
X-Real-IP
Cteonnt-Length
Access-Control-Request-Headers
X-VG-WebCache
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-FB-TRIP-ID
Origin
X-Alternate-Cache-Key
X-Redis-Cache
X-Sorting-Hat-PodId
X-Pubstack
Accept-Language
X-CSRF-TOKEN
Origin-Cache-Control
Origin-Edge-Control
X-Tb
X-Element-Page-Cache
Machine
L5d-Success-Class
X-APP-VERSION
X-Nginx-Cache
X-App-Version
X-NGENIX-Cache
Fastly-SSL
NtCoent-Length
X-GEO
X-CACHE-KEY
X-No-Session
X-Tt-Trace-Tag
X-L-Path
X-SS-Set-Cookie
X-Environment-Context
X-Cluster-Name
X-NC
X-B3-Spanid
X-Mode
X-UUID
X-ECACHE
X-HS-Combine-CSS
IBM-Web2-Location
X-VWS-Id
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-GoCache-CacheStatus
X-URL
Nel
X-LJ-Flow-ID
X-Origin-CC
X-Origin-TTL
X-AWS-Id
X-Rocket-Nginx-Bypass
Odigeo-Trace-Id
X-Amzn-Remapped-Content-Length
X-B3-Parentspanid
X-Endurance-Cache-Level
X-Generated-By
Mime-Version
X-Magnolia-Registration
X-Load-Cache
X-Guploader-Uploadid
X-ServerID
X-Request-Time
X-XRDS-LOCATION
X-Parent-Response-Time
Akamai-GRN
X-Soup
Mail-Subject
X-Uri
We-Hiring
NGX
X-Oneagent-Js-Injection
X-S-Maxage
Apple-News-Services-Handled
A
X-ScT
X-A-Wwc
Apple-News-Services-Host
X-D
Apple-News-Services-Request-Url
X-Rojux
BehaviorPad-Version
Cache-Prefix
AsisCache
X-S-Cookie
X-Connection-Hash
Arc-Country
Apple-News-Services-Parsed-Url
X-Accel-Expires-Debug
X-Vtex-Processado-Em
X-VG-WebServer
X-Node-Id
X-CF-Lambda-Fn
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-B-Cookie
X-Twitter-Response-Tags
X-Trv-Group
X-AIR-PT
X-Aed
X-CF-Lambda-Version
X-Application
X-Server-Time
X-Transaction
X-SRCache-Key
X-Date
X-Destination
X-A
X-G
X-External-Request-Id
X-A-Ccd
X-Instart-Info
X-Is-Bot
X-A-Dam
VivaBuild
X-Edge-Server
X-Developer
X-Detected-As
Rt-Proxy-Cache
Viewtype
Rendered-Blocks
X-DPWN-IS-SECURE
Node
Mobile-Detection-Method
Meta-Geo-Continent
X-Rewrite-Enabled
X-Request-UUID
X-Region-Sid
Content-Script-Type
Cdn-Request-Time
Cdn-Host
X-A-Dcw
X-PAYTM-SRV-ID
Content-Style-Type
X-Org
GEO-REGION-INFO
MD5-Digest
Fly-Request-Id
Fly-Cache
X-ARC
Cross-Origin-Window-Policy
T-Server
X-A-Dgt
Request-Time
X-MServer
Proxy-Connection
X-B3-SpanId
Backend-Name
ServerName
X-SVT-ORM-VERSION
Request-EU
Section-Io-Cache
X-SVT-ORM-RULES
X-SIPLIST1
Server-ID
Request-Country
X-Release
Memcached
Locale
IsBot
N-Cache
X-Origin-Expires
X-Azure-Ref-OriginShield
Fastly-Soc-X-Request-Id
X-Origin-Date
X-Cms-Context
X-Hl-Ver
X-Up
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Azure-Ref
X-Distributor
X-Developers
X-VC-Cache
X-Cdn-Forward
X-Oracle-Dms-Rid
CF-IPCountry
X-Old-Content-Length
X-Li-Fabric
X-ABtesting
X-Bip
W
X-Owner
Platform
X-Platform-Server
Magicmarker
X-Backend-Url
X-Level-Front-Cache
X-Cdn-Srv
X-Cdn-Origin
X-Policy
X-GDPR
X-PHP-Host
X-Cache-Id
X-Generated-On
X-Li-Pop
Server-Int
L
X-Backend-Host
X-Cache-Bucket
X-Matched-Rule
X-Location
Thinkindot-CacheControl
Thinkindot-Control
X-LI-UUID
X-C
True-Client-Country-4JS
X-IN-APIGATEWAYSSL
X-LI-Proto
Thinkindot-CacheControl-Type
X-Nginx-Cache-Key
X-Cache-FS-Status
X-MSEdge-Flight
X-MSEdge-Features
X-Method
RNT-Time
RNT-Machine
V-Age
X-Rebelmouse-Surrogate-Control
X-ServiceProvider
X-Skip-Cache
AKAMAI
X-Sn-Servicetimems
X-ElasticPress-Search
X-Epic-Correlation-Id
CDCHOST
X-Core-Mission
X-Flog
X-CUA
Adler-Geo
X-Thanos
X-WebServer
X-Distil-CS
X-Device-Os
X-Auto-Login
X-App-Name
X-VServer
X-Thinkindot-L3
X-Hello
X-Variation
X-Fastly-Cache
X-Generation-Time
X-RateLimit-Limit-Second
Gh-Request-Id
X-RateLimit-Remaining-Second
X-Compress-Hint
X-Clientip
X-IN-APIGATEWAY
Is-Eu
X-Fetched-On
X-Geo-Header
X-Reboot
X-Rebelmouse-Cache-Control
Countrycode
X-Via-CDN
Content-Disposition
X-Request-URI
Esi-Enabled
X-Request-Start
Fastly-SWR
Fastly-SIE
X-DC
X-Unique-ID
X-BYPASS-REASON
Uber-Trace-Id
User-Cache-Control
X-Ruxit-Js-Agent
X-ProxyCache-Status
X-ProxyCache-Key
X-Microcachable
X-Backend-State
X-CGP
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cookies
X-Debug-Log
X-Dispatch
X-Debug-Cache-Expiry
X-Eu-Site
X-Generated-In
X-Block-Status
X-Gen-Mode
X-Cache-Info
X-Clara-WADP
X-BBXSRF
X-NX-Host
X-Response-By
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
Ha-Gx-Prefs
HA-Ipaddr
Kp-EeAlive
X-GeoIP-City
Heartbleed
X-SD-PageType
X-Server-IP
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-WADP-Cache
X-User
X-Servername
X-Swa-Ws
X-TrackingId
X-Proxy-Upstream
X-Qloud-Router
Wxu-Next-Hostname
Wxu-Next-Commit
X-Proxy-Cache-Status
Wxu-Next-Region
X-Internal-Host
X-Hash
X-Amz-Meta-Cache-Control
X-Hnp-Log
SS
Web-Mar-Node
Pramga
X-Dispatcher-Server
SD-X-WS
Served-By
PFcat
Server-Host
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-Var-Ttl
X-Service
X-Irp-Debug
X-Reqid
X-Webstats-RespID
X-Key
X-COUNTRY
Resin-Trace
Pagetype
X-Dc
X-IPS-LoggedIn
Memory
X-Nc
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Country-Code
X-Wa
X-JWT-State
X-Is-Gdpr
X-Has-Esi
Cache-Provider
REQUESTUUID
X-Page-Type
X-Servedbyhost
X-FPC
Srv
X-MP-GENERATED-AT
UCS
X-Lb-Id
X-NWS-UUID-VERIFY
CACHE
X-RateLimit-Reset
X-Geo
Powered-By-ChinaCache
X-Info
X-Ratelimit-Limit
X-Datadome
X-Be
X-Logtrace-Id
X-Svr
Ajk
ProcessTime
X-Cache-Backend
X-HTML-Minification-Powered-By
X-UA
X-VCL-Version
Proxy-Firewall
X-Processor
X-GRACE
X-Pjax-Url
X-Instart-Isnd
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-URL
X-SRV
X-Varnish-Beresp-Ttl
X-Oss-Request-Id
X-Oss-Object-Type
X-Scheme
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-HS-Status
X-Oss-Server-Time
X-Cache-Category-Id
X-SN
X-Grey
Powered-By
SN
X-NodeID
Dynatrace
X-Webkit-Csp
X-Tec-Api-Root
X-Tec-Api-Origin
X-Zone
X-Tec-Api-Version
X-Ftr-Request-Id
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-CDN-Forward
PICS-Label
X-Ttl
X-Dynatrace
Group
X-TH-Server
X-ZONE
Fastly-Backend-Name
GeoIP-Country-Code
GeoIP-Latitude
GeoIP-City
X-Source
X-Trafficlayer-App-Scope
X-Server-W
Cache-Host
X-Trafficlayer-App-Name
XServer
X-EC-Lua
Ttl
X-PF-Uncompressing
X-FORWARDED-FOR
X-Pf-Uncompressing
X-Newrelic-Synthetics
X-Sucuri-Id
X-LiteSpeed-Cache-Control
X-RCS-CacheZone
CF-Cached-On
X-Ms-Request-Id
X-Ms-Version
X-LAGOON
GW-Server
X-Via-Ucdn
X-Dynatrace-Js-Agent
X-Bc
X-APP
X-Varnish-Beresp-TTL
X-NODE
X-Secret
LB
X-Varnish-Url
X-Gannett-Site-Version
X-Cache-Ttl
X-Ftr-Cache-Host
Cdn
X-Check-Cacheable
MIME-Version
Pics-Label
Geoip-City
X-Aicache-OS
Lfy
X-Session-Fingerprint
GeoIp-Country-Code
Geoip-Latitude
WZWS-RAY
X-Ratelimit-Remaining
X-Fastly-Country-Code
X-Tt-Trace-Host
Amp-Access-Control-Allow-Source-Origin
X-Cache-Debug
X-Agile
X-Agile-Age
X-Agile-Id
Environment
X-Edge
On-Server
X-CDN-Cache
X-Varnish-Cacheable
X-SERVER-NAME
User-Agent
Cf-Ipcountry
WWW
X-Akamai-SSL-Client-Sid
X-GeoIP-Country-Code
X-Ftr-Balancer
X-Ftr-Backend
X-Ftr-Dc
X-Ftr-Realm
X-Ftr-Backend-Server
X-BC
M-TraceId
Inserted-Into-Cache-At
X-Mid
X-Fastly-Backend-Reqs
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
Ohc-Response-Time
X-Logging-Id
X-PJAX-URL
Requestid
X-MCACHE
X-NU-AKA-ACS-Version
X-Varnish-Ttl
X-BE
X-CSRF-Token
X-Vcl-Version
SID
X-Cache-Miss-From
X-Sedo-Request-Id
X-Correlation-ID
Lb
Who
X-Render-Time
X-Crawler
X-UPSTREAM-Address
X-Litespeed-Cache-Control
X-DB
X-Cache-Tag
X-Core-Value
X-Action
X-RSL
X-DI
X-DW
X-RPM
X-RPS
X-DSS
Xkeyrz
X-Proxy-Cacherz
URI
X-LB-ID
HostName
Cdncip
X-FE
CDN
Host-ID
Cdnsip
X-WR-MODIFICATION
X-Micro-Cache
RequestUuid
X-AK-Request-ID
X-Fpc
DataCenter
X-Nananana
X-Sucuri-ID
X-Sucuri-Cache
X-TT-LOGID
Is-Session-Tracking
Get-Access-Time
X-Served-From
X-Via-Edge
X-Via-SSL
X-WA
X-Zalando-Child-Request-Id
X-Page-Impression-Id
Xkeypdq
X-Flow-Id
X-Fastly-Cache-Hits
X-ServedByHost
X-Newrelic-App-Data
X-NGINX-Cache
X-Unique-Id
X-Swift-Error
Correlation-Id
X-Vdms-Version
X-Fstrz
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-Cdn-Request-ID
X-TIME
Warning
FNAC-ModuleRouting
X-MID
X-SB
X-VC
Cneonction
X-Cf-Powered-By
X-Gen-Id
X-Fe
Pragrma
HitType
X-Planisys-CDN-Rules
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-LiteSpeed-Tag
TTL
X-ECache
X-Gdpr
X-Dw-Trace-Id
Xet-Cookie
V-Cache
X-Bug-Bounty
Processtime
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
RequestId
X-Request-URL
X-ServerName
X-MiniProfiler-Ids