Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Envoy-Upstream-Service-Time
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Ua-Compatible
X-CDN
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Server
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Amz-Version-Id
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
X-Host
X-Response-Time
X-Node
X-Backend-Server
EagleEye-TraceId
Content-Location
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-Origin-Upstream-Status
X-Rack-Cache
Surrogate-Control
X-Ruxit-JS-Agent
Allow
X-ORACLE-DMS-RID
X-HW
X-DataDome
Rating
X-Country-Code
X-FTR-Request-ID
X-TTL
X-Country
X-Clacks-Overhead
X-Url
X-DynaTrace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-Vname
X-TtlSet
X-PC
X-CST
RTSS
Verso
X-Powered-By-Plesk
X-Px
Public-Key-Pins
Edge-Control
X-Recruiting
X-VARITI-CCR
X-Mod-Pagespeed
Pinterest-Generated-By
Service-Worker-Allowed
X-Middleton-Response
X-Middleton-Display
X-Sol
Display
Response
X-D2id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
X-Ah-Environment
X-B3-TraceId
X-Vcap-Request-Id
X-Version
SPRequestGuid
Accept-Ch-Lifetime
X-SharePointHealthScore
X-Akam-SW-Version
MS-Author-Via
TCN
X-Navigation-Version
X-Abt-Application-Version
X-GitHub-Request-Id
X-RateLimit-Remaining
X-Powered-CMS
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Accept-CH
X-Upstream
X-Shard
SPRequestDuration
SPIisLatency
X-Forwarded-Proto
AR-ATIME
AR-PoweredBy
AR-CACHE
Ar-Sid
X-Amz-Server-Side-Encryption
Charset
Fastly-Restarts
X-XRDS-Location
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Trace
X-Amz-Rid
X-Server-Name
Nginx-Cache
Realpath
X-Debug
X-ESI
X-Aspnetmvc-Version
Front-End-Https
AR-Request-ID
X-Cached
X-Ezoic-Cdn
X-Shield-Request-Id
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Goog-Stored-Content-Length
X-NF-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
Pagespeed
Paypal-Debug-Id
X-FTR-Expires
Arr-Disable-Session-Affinity
X-FTR-Cache-Status
X-Country-Code-Real
Content-MD5
X-Vcache
ServerID
X-Id
X-FTR-Backend-Server
X-FTR-Realm
DynaTrace
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-Goog-Storage-Class
MicrosoftSharePointTeamServices
X-T
X-DynaTrace-JS-Agent
X-Amz-Meta-S3cmd-Attrs
S
X-Fastly-Request-ID
X-Via-JSL
X-Client-IP
X-Varnish-Age
X-Content-Type
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-Correlation-Id
X-FastCGI-Cache
X-RateLimit-Limit
Fastcgi-Cache
X-VCache
X-N
X-SERVER
X-Content-Digest
X-Frontend
X-FTR-Cache-Host
X-Ser
X-Accel-Expires
Powered
X-Mobile-Rewrite
Arc-Version
Accept-Ch
PB-RID
PB-PID
X-Grace
Server-Name
X-DIS-Request-ID
X-Logged-In
X-Forwarded-For
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-HS-Hub-Id
X-HS-Content-Id
X-GUploader-UploadID
TP-L2-Cache
X-Esi
TP-Cache
X-Microsite
Edge-Cache-Tag
X-Request-Handler-Origin-Region
X-Zen-Fury
X-Request-Processing-Time
X-Request-Received
X-Type
X-Cache-Age
X-Analytics
X-AppVersion
X-Activity-Id
Backend-Timing
FilterID
X-User-Agent
X-Az
X-Rid
X-Kinsta-Cache
X-IPLB-Instance
X-Fastcgi-Cache
X-Revision
X-LB-Cache
X-B3-Traceid
Healthy
X-Node-Name
X-Whom
Retry-After
X-Time
X-F-Cache
X-Srv
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-NWS-LOG-UUID
X-Cache-2
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Accept-Charset
X-Amz-Apigw-Id
X-Amzn-RequestId
Alternate-Protocol
Server-Node
X-Cache-Rule
X-AOL-HN
X-TA-CDN-Provider
Cache-Status
X-Acc-Meta-Resource-Type
X-Content-Options
Surrogate-Key
Refresh
X-Akamai-Edgescape
DC
X-Debug-Info
X-Content-Powered-By
X-Server-ID
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Forwarded-Host
X-Instance
X-Content-Security-Policy-Report-Only
Access-Control-Allow-Method
X-FW-Hash
X-Tumblr-Pixel-0
X-Tumblr-User
X-Hp-Webp
X-Tumblr-Pixel
X-FW-Serve
X-Jobs
X-FW-Static
X-FW-Type
X-FW-Server
X-Varnish-Grace
X-Framework
X-PHP-Backend
X-Page-Id
X-Cluster
X-B
X-FB-Debug
X-Request-Guid
Source
X-App-Environment
MS-CV
Frame-Options
Fastcgi-Useragent
Cache-Tag
X-App-Server
X-Hostname
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Host
Tracecode
X-Cache-Operation
Cleartype
X-B-Cache
X-Signature
Actual-Object-TTL
X-Mobile-URL
X-BCube-Filmed-By
X-Cache-Key
X-Cached-By
X-Geo-Country
X-Cache-Control
X-Seen-By
X-Varnish-Backend
X-Amz-Replication-Status
X-TT
X-Host-Name
Liferay-Portal
X-Pad
X-Git-Hash
X-Mobile
X-Response-Served-From
NGB
Upgrade-Insecure-Requests
X-Adobe-Loc
X-Adobe-Content
X-Ratelimit-Reset
X-PressLabs-Stats
X-Cache-TTL
Payment
X-ATG-Version
X-TT-TIMESTAMP
Xserver
X-WebKit-CSP-Report-Only
Eomportal-Instance
Filters
X-Status
WPE-Backend
X-ProcessESI
Cache-Tv-Group
X-RemovedCookies
X-Handled-By
X-Cacheable-TTL
X-RTag
Ms-Operation-Id
X-FW-Dynamic
X-TX-ID
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
From-Origin
Webserver
X-UA-Device-Type
X-RequestSource
X-WA-Info
X-Drupal-Cache-Tags
X-GeoIP
X-Cache-TTL-Remaining
GEO-INFO
X-Cache-Remote
Datacenter
X-Origin-Server
X-Content-Age
X-DataStream-Cache-Status
X-Cache-Action
X-Edge-Location
X-Daa-Tunnel
X-Storage
X-Webkit-CSP
Viewport
Accept-CH-Lifetime
X-Varnish-Hostname
X-Accel-Buffering
NR-ENABLED
Version
X-EdgeConnect-Cache-Status
X-Hyper-Cache
X-Upstream-Proxy
X-Contextid
X-Region
X-Wix-Request-Id
X-CF-Powered-By
X-Ua
Host-Header
Cache
X-Akamai-Transformed
X-Yottaa-Metrics
PageSpeed
X-Yottaa-Optimizations
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
X-Path-Route
X-RN-RSRV
X-Varnish-Server
Load-Balancing
S-Cnection
X-IP
X-From
Cache-Name
X-Akamai-Request-ID2
Cache-Tags
X-ApacheServer
X-Origin
X-Akamai-Request-ID
X-TNCMS
X-NCache
Rt-Fastcgi-Cache
X-Labrador-Cache-Channel
X-Cache-Config
X-Access
X-Origin-Response-Time
X-Proxy
X-Tumblr-Pixel-3
X-Viewer-Country
X-Proto
X-PERF
Vix-Hermes-Req-Id
X-Via-Fastly
X-Cache-NE
X-Upgrade-Enabled
X-Loop
Decoy-Debug-TTL
X-Section
Cache-Hits
X-Time-Microsecs
DB-Nickname
Decoy-Debug-Status
Decoy-Debug-Key
X-Cache-Enabled
Ec-Rule-Version
X-CS
Ohc-File-Size
TWC-Locale-Group
Mn-Server-Ip
X-Upstream-CT
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-UnsetCookies
TWC-Connection-Speed
Country
Azure-RegionName
Webcakes-App-Name
S-Rt
Azure-InstanceId
Property-Id
X-Timing-Wait
Azure-SiteName
X-Cache-Server
Cache-Key
Azure-Version
Selected-Fe
Azure-SlotName
X-Trace-Id
X-R9-Blue-Green-Version
X-EIG-Tracking-Id
X-OCL
X-Origin-Hint
X-PCL
X-Cache-Grace
X-Backend-TTL
Webcakes-App-Version
X-Hit
X-Format
X-JoinUs
X-FC-Vary-Parameters
X-Cache-Time
X-Proxy-Build
X-Rule
X-Varnish-Cache-Hits
Webcakes-Region
X-Upstream-HT
X-Xfnlog-Site
X-CCM
X-Cache-Host
X-Web-Node
X-Cluster-Node
X-FW-Version
X-Debug-Cache
X-Drupal-Cache-Contexts
X-Site-Version
X-FireWall-Port
X-Locale
X-Generated
X-S
X-Www-Served-By
X-Varnish-Hits
X-Presslabs-Stats
X-Backend-Name
X-Human
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
Now
X-Device-Type
Server-Info
SRV
X-Rendered-As
Release
X-HS-Cache-Config
DSUID
X-NewRelic-App-Data
Time
OT-Force-Account-Verify
X-VCT
Ohc-Cache-HIT
Hostname
X-Vgn-Hpd-Reason
X-VG-TLSProxy
ServedBy
X-OVcl-Cache
X-OVcl
X-Redis-Cache
Cteonnt-Length
X-VG-WebCache
X-Real-IP
Fastcgi-X-Cache-Version
Origin
X-Alternate-Cache-Key
X-APP-VERSION
X-FB-TRIP-ID
Accept-Language
X-Litespeed-Cache
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
Origin-Cache-Control
Origin-Edge-Control
X-Pubstack
X-Oracle-Dms-Rid
X-CSRF-TOKEN
Access-Control-Request-Headers
X-Tb
Machine
X-Nginx-Cache
L5d-Success-Class
X-Element-Page-Cache
NtCoent-Length
Fastly-SSL
X-L-Path
X-B3-Spanid
X-Environment-Context
X-App-Version
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-No-Session
X-SS-Set-Cookie
X-GEO
X-NC
X-NGENIX-Cache
X-Tt-Trace-Tag
X-Mode
X-CACHE-KEY
X-Cluster-Name
X-UUID
X-LJ-Flow-ID
Odigeo-Trace-Id
IBM-Web2-Location
X-Load-Cache
X-AWS-Id
X-Generated-By
X-HS-Combine-CSS
X-VWS-Id
X-Magnolia-Registration
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
X-GoCache-CacheStatus
X-Rocket-Nginx-Bypass
X-B3-Parentspanid
X-Request-Time
X-ServerID
Mime-Version
X-ECACHE
We-Hiring
Mail-Subject
Nel
X-Origin-CC
Akamai-GRN
X-Origin-TTL
X-Soup
X-XRDS-LOCATION
X-Parent-Response-Time
NGX
X-Transaction
BehaviorPad-Version
AsisCache
Content-Style-Type
Content-Script-Type
X-SRCache-Key
Cdn-Host
Cache-Prefix
Cdn-Request-Time
X-Trv-Group
X-Worker
Cross-Origin-Window-Policy
X-Uri
X-MServer
X-Vtex-Remote-Cache
X-Node-Id
X-Vtex-Processado-Em
X-VG-WebServer
X-Twitter-Response-Tags
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
A
Xc-Version
Arc-Country
X-S-Maxage
X-Date
X-Destination
X-Detected-As
X-Developer
X-D
X-Connection-Hash
X-ARC
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-DPWN-IS-SECURE
X-Edge-Server
X-PAYTM-SRV-ID
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
X-Org
X-Is-Bot
X-External-Request-Id
X-G
X-S-Cookie
X-Instart-Info
X-Application
X-AIR-PT
Node
X-Server-Time
Rendered-Blocks
X-ScT
Mobile-Detection-Method
Meta-Geo-Continent
Fly-Request-Id
GEO-REGION-INFO
MD5-Digest
Memcached
X-Region-Sid
Rt-Proxy-Cache
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dam
X-A-Ccd
T-Server
Viewtype
VivaBuild
X-A
Fly-Cache
X-Aed
Request-Time
X-DC
Proxy-Connection
X-Urbn-Site-Id
ServerName
X-Oneagent-Js-Injection
Locale
X-Urbn-Context-Path
Backend-Name
X-Developers
Section-Io-Cache
X-Cms-Context
Uber-Trace-Id
X-Cdn-Srv
X-Origin-Date
X-SVT-ORM-VERSION
X-Distributor
X-Fastly-Cache
X-SVT-ORM-RULES
X-SIPLIST1
Server-ID
X-Origin-Expires
Request-Country
X-Azure-Ref
X-Azure-Ref-OriginShield
IsBot
X-VC-Cache
X-Release
X-Cache-Bucket
Fastly-Soc-X-Request-Id
X-Up
N-Cache
X-Hl-Ver
X-B3-SpanId
Request-EU
CF-IPCountry
X-Via-CDN
User-Cache-Control
X-ABtesting
X-Platform-Server
X-Li-Fabric
X-Li-Pop
W
X-ProxyCache-Status
X-ProxyCache-Key
X-Level-Front-Cache
X-Nginx-Cache-Key
X-Old-Content-Length
X-Auto-Login
X-PHP-Host
X-Amz-Meta-Cache-Control
X-App-Name
X-RateLimit-Limit-Second
X-MSEdge-Features
X-LI-UUID
Server-Int
X-Reboot
X-Location
X-Matched-Rule
X-MSEdge-Flight
X-Method
X-Rebelmouse-Surrogate-Control
Thinkindot-CacheControl
X-RateLimit-Remaining-Second
X-LI-Proto
X-Rebelmouse-Cache-Control
True-Client-Country-4JS
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Backend-Host
X-Backend-Url
X-Owner
X-Core-Mission
X-Compress-Hint
X-Generated-On
X-Generation-Time
RNT-Time
X-CUA
X-Gen-Mode
X-Fetched-On
X-Epic-Correlation-Id
X-Distil-CS
X-Flog
X-Device-Os
X-GDPR
X-Clientip
X-Clara-WADP
X-IN-APIGATEWAYSSL
X-WADP-Cache
X-C
X-Block-Status
X-BBXSRF
X-Bip
X-Cache-FS-Status
X-Cache-Id
X-Hello
X-Geo-Header
X-Cdn-Origin
X-Hnp-Log
X-Cache-Info
X-IN-APIGATEWAY
X-ElasticPress-Search
V-Age
Magicmarker
L
X-ServiceProvider
X-BYPASS-REASON
X-Skip-Cache
X-Thanos
Adler-Geo
X-Sn-Servicetimems
Is-Eu
CDCHOST
Fastly-SWR
Gh-Request-Id
X-Wikidot-Static-Cache
Fastly-SIE
Esi-Enabled
Content-Disposition
RNT-Machine
Countrycode
X-Thinkindot-L3
AKAMAI
X-Wikidot-Backend
X-Request-Start
X-WebServer
X-Variation
Platform
X-VServer
X-We-Are-Hiring
X-TrackingId
X-Request-URI
X-Cdn-Forward
X-Microcachable
X-Unique-ID
X-Server-IP
X-Servername
X-Irp-Debug
X-Internal-Host
X-Debug-Cache-Expiry
X-User
X-NX-Host
X-SD-PageType
X-Debug-Log
X-GeoIP-City
X-Hash
X-SayCDN-TTL
X-Eu-Site
X-Swa-Ws
X-Zipkin-Id
X-Dispatcher-Server
X-Debug-Cookies
X-Debug-Cache-Store
X-Webstats-RespID
X-Generated-In
X-Dispatch
X-Debug-Cache-Fetch
X-CGP
Wxu-Next-Region
X-Response-By
Web-Mar-Node
X-Qloud-Router
Wxu-Next-Hostname
Served-By
PFcat
Kp-EeAlive
Pramga
X-Reqid
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Proxied
SS
X-Policy
Heartbleed
Server-Host
X-Guploader-Uploadid
X-Say-Cacheable
X-Backend-State
X-Routing-Service
X-Say-TTL
Wxu-Next-Commit
HA-Ipaddr
Ha-Gx-Prefs
Pagetype
SD-X-WS
Memory
Resin-Trace
X-Key
X-IPS-LoggedIn
X-Wa
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Service
X-COUNTRY
X-Var-Ttl
Country-Code
Cache-Cookie-Set-Idcheck
X-Is-Gdpr
X-Nc
REQUESTUUID
X-Page-Type
X-Servedbyhost
X-URL
X-JWT-State
X-Has-Esi
Cache-Provider
X-MP-GENERATED-AT
X-FPC
X-Dc
X-Geo
Powered-By-ChinaCache
UCS
Srv
X-NWS-UUID-VERIFY
CACHE
X-Lb-Id
X-RateLimit-Reset
X-Info
ProcessTime
X-VCL-Version
X-Logtrace-Id
X-Ratelimit-Limit
X-Cache-Backend
Ajk
X-Be
X-HTML-Minification-Powered-By
X-Datadome
X-Svr
Proxy-Firewall
X-Cache-URL
X-Processor
X-Tb-Optimization-Total-Bytes-Saved
X-UA
X-GRACE
X-Pjax-Url
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-Instart-Isnd
X-Oss-Request-Id
X-SRV
X-Varnish-Beresp-Ttl
X-HS-Status
X-Cache-Category-Id
Powered-By
SN
X-Scheme
X-Grey
X-Ruxit-Js-Agent
X-Zone
X-CDN-Forward
X-SN
Dynatrace
PICS-Label
X-NodeID
X-ZONE
X-Webkit-Csp
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
GeoIP-Latitude
X-Varnish-Beresp-Grace
GeoIP-Country-Code
X-Ftr-Request-Id
GeoIP-City
X-Varnish-Beresp-Status
Fastly-Backend-Name
X-TH-Server
Group
X-Dynatrace
X-Ttl
X-Source
Cache-Host
X-SERVER-NAME
X-Pf-Uncompressing
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Server-W
X-RCS-CacheZone
X-Newrelic-Synthetics
X-Cache-Ttl
X-EC-Lua
X-LiteSpeed-Cache-Control
XServer
CF-Cached-On
GW-Server
Ttl
X-APP
X-LAGOON
X-PF-Uncompressing
X-FORWARDED-FOR
X-Varnish-Beresp-TTL
X-Sucuri-Id
X-Ms-Version
X-Ms-Request-Id
X-Secret
X-Varnish-Url
LB
X-Gannett-Site-Version
X-Bc
X-Via-Ucdn
Cdn
X-Dynatrace-Js-Agent
X-NODE
X-Check-Cacheable
WZWS-RAY
X-Ftr-Cache-Host
MIME-Version
X-Aicache-OS
On-Server
X-Varnish-Cacheable
X-Tt-Trace-Host
Geoip-City
Geoip-Latitude
X-Ratelimit-Remaining
X-Fastly-Country-Code
X-Session-Fingerprint
Lfy
X-CDN-Cache
GeoIp-Country-Code
Pics-Label
Amp-Access-Control-Allow-Source-Origin
X-Cache-Debug
X-Edge
Environment
X-Agile
X-Agile-Age
X-Agile-Id
X-GeoIP-Country-Code
User-Agent
X-BC
WWW
X-PJAX-URL
Inserted-Into-Cache-At
Cf-Ipcountry
X-Akamai-SSL-Client-Sid
X-Ftr-Backend
X-Ftr-Balancer
X-Ftr-Dc
X-Ftr-Realm
X-Ftr-Backend-Server
X-Logging-Id
X-Mid
X-7Graus-Varnish-Cache-Control
X-BE
X-Fastly-Backend-Reqs
X-7Graus-Varnish-XKeys
M-TraceId
Ohc-Response-Time
X-NU-AKA-ACS-Version
Requestid
X-Cache-Miss-From
X-Sedo-Request-Id
X-UPSTREAM-Address
Who
X-Varnish-Ttl
X-Crawler
SID
X-MCACHE
X-CSRF-Token
X-Vcl-Version
X-Render-Time
Lb
URI
X-Litespeed-Cache-Control
X-LB-ID
X-RPM
X-FE
X-Micro-Cache
X-DB
X-Core-Value
X-RSL
X-Cache-Tag
X-DW
X-RPS
X-Proxy-Cacherz
Xkeyrz
X-DSS
X-DI
X-Action
HostName
Cdncip
X-WR-MODIFICATION
Cdnsip
X-Served-From
X-Via-Edge
CDN
X-Via-SSL
Host-ID
X-AK-Request-ID
RequestUuid
X-Fpc
DataCenter
X-Correlation-ID
X-Cf-Powered-By
X-Page-Impression-Id
X-Zalando-Child-Request-Id
Get-Access-Time
Is-Session-Tracking
X-Sucuri-ID
X-Sucuri-Cache
Xkeypdq
X-Fastly-Cache-Hits
X-Flow-Id
X-ServedByHost
X-Nananana
X-TT-LOGID
X-WA
X-Unique-Id
X-Newrelic-App-Data
X-NGINX-Cache
X-Swift-Error
Warning
X-VC
FNAC-ModuleRouting
X-Vdms-Version
X-TIME
Cneonction
X-MID
X-Cdn-Request-ID
X-SB
X-Rocket-Build-Number
X-Sigma-Backend
X-Sigma
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Fstrz
Correlation-Id
X-Vct
X-LiteSpeed-Tag
X-Gen-Id
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-TTL
RequestId
X-Planisys-CDN-Cache
TTL
Pragrma
X-Planisys-CDN-Rules
X-Apw-Access-Token
X-Protected-By
X-Fe
X-Request-URL
X-Ecache
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Object
Processtime
X-ECache
X-Dw-Trace-Id
X-Gdpr
V-Cache
X-MiniProfiler-Ids
X-ServerName
HitType
X-Bug-Bounty
Xet-Cookie