Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
Content-Encoding
X-Content-Security-Policy
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Request-ID
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Ua-Compatible
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-Server
X-Proxy-Cache
X-UA-Device
X-Hacker
X-CDN
Request-Context
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Cdn
P3p
Cf-Railgun
X-LiteSpeed-Cache
Server-Timing
Feature-Policy
X-Amz-Version-Id
X-WebKit-CSP
X-Device
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
EagleEye-TraceId
Report-To
X-Cloud-Trace-Context
Request-Id
X-Response-Time
X-Backend-Server
X-Host
Content-Location
X-Node
X-Readtime
X-Origin-Cache
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
X-DataDome
X-Ruxit-JS-Agent
NEL
X-ORACLE-DMS-RID
X-Origin-Upstream-Status
X-Rack-Cache
X-HW
Surrogate-Control
X-Dns-Prefetch-Control
Rating
Allow
X-Country-Code
X-Clacks-Overhead
X-Country
X-Url
X-FTR-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-MS-InvokeApp
X-Instart-Request-ID
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-Goog-Hash
X-TTL
X-TtlSet
X-PC
X-Vname
X-Varnish-TTL
Pinterest-Generated-By
X-Powered-By-Plesk
X-B3-TraceId
Verso
Public-Key-Pins
RTSS
X-Px
X-Mod-Pagespeed
Edge-Control
X-ESI
X-Sol
X-Middleton-Response
Display
X-Middleton-Display
Response
X-Ah-Environment
X-VARITI-CCR
SPRequestGuid
X-Recruiting
X-Exp-Id
X-SharePointHealthScore
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-D2id
Accept-Ch-Lifetime
X-CST
X-Akam-SW-Version
Service-Worker-Allowed
X-Vcap-Request-Id
SPRequestDuration
SPIisLatency
X-Version
X-Server-Name
X-GitHub-Request-Id
X-Powered-CMS
X-Abt-Application-Version
TCN
X-Navigation-Version
MS-Author-Via
X-Trace
X-Shard
Charset
Fastly-Restarts
Nginx-Cache
X-Debug
Realpath
X-Amz-Rid
X-Upstream
X-Aspnetmvc-Version
X-Amz-Server-Side-Encryption
X-RateLimit-Remaining
AR-PoweredBy
AR-CACHE
AR-ATIME
Ar-Sid
Accept-CH
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-Ezoic-Cdn
X-NF-Request-ID
Front-End-Https
X-Cached
X-VCache
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-MSEdge-Ref
Pagespeed
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Shield-Request-Id
AR-Request-ID
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-XRDS-Location
DynaTrace
Content-MD5
MicrosoftSharePointTeamServices
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
Paypal-Debug-Id
X-Id
X-Goog-Storage-Class
X-T
S
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-Varnish-Age
ServerID
X-Ser
Accept-Ch
X-Via-JSL
X-DynaTrace-JS-Agent
X-Client-IP
X-Accel-Expires
X-Content-Type
X-Grace
X-Correlation-Id
X-Dw-Request-Base-Id
X-Forwarded-For
X-Hits
Fastcgi-Cache
Edge-Cache-Tag
X-Amzn-Trace-Id
Powered
X-Content-Digest
X-Frontend
X-DIS-Request-ID
AMP-Access-Control-Allow-Source-Origin
X-N
X-Mobile-Rewrite
PB-RID
Arc-Version
PB-PID
X-FTR-Cache-Host
X-HS-Hub-Id
X-HS-Content-Id
X-Fastcgi-Cache
X-Logged-In
Server-Name
X-FastCGI-Cache
X-Pinterest-Rid
Pinterest-Version
X-Server-ID
TP-L2-Cache
TP-Cache
X-Request-Received
X-Request-Processing-Time
X-Microsite
X-GUploader-UploadID
X-Vcache
X-Request-Handler-Origin-Region
X-Kinsta-Cache
X-Time
X-Cache-Hit
X-Cache-Age
X-Zen-Fury
X-User-Agent
X-Revision
X-IPLB-Instance
X-Az
X-Activity-Id
X-AppVersion
X-Rid
X-Type
X-LB-Cache
X-Analytics
Backend-Timing
Healthy
Retry-After
X-RateLimit-Limit
X-Whom
X-B3-Sampled
X-Node-Name
FilterID
Server-Node
X-NWS-LOG-UUID
X-Srv
X-Hp-Webp
X-SERVER
Alternate-Protocol
X-F-Cache
Accept-Charset
Cache-Tag
X-Akamai-Edgescape
X-Cache-Rule
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Cache-Status
X-Content-Security-Policy-Report-Only
X-Content-Options
X-Cache-2
X-Webkit-CSP
Tracecode
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Refresh
DC
Surrogate-Key
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Powered-By
X-Tumblr-User
X-AOL-HN
X-Amzn-RequestId
X-Amz-Apigw-Id
MS-CV
X-Forwarded-Host
X-Instance
X-Framework
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Jobs
X-Debug-Info
Access-Control-Allow-Method
X-Varnish-Grace
X-App-Environment
Source
X-Cluster
X-PHP-Backend
X-Page-Id
X-Request-Guid
Fastcgi-Useragent
X-FB-Debug
X-Cache-TTL
NR-ENABLED
X-Cache-Operation
X-B
X-App-Server
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
Host
Actual-Object-TTL
X-FW-Type
X-Mobile-URL
X-Seen-By
X-TA-CDN-Provider
Frame-Options
X-Geo-Country
X-Cache-Control
X-Hostname
Cleartype
X-Cache-Key
X-Host-Name
X-Cached-By
X-Pad
X-Signature
X-B-Cache
X-BCube-Filmed-By
Upgrade-Insecure-Requests
X-Mobile
X-Git-Hash
NGB
X-Response-Served-From
X-WebKit-CSP-Report-Only
X-TT
X-Varnish-Backend
X-ATG-Version
X-Adobe-Content
GEO-INFO
X-Adobe-Loc
X-Amz-Replication-Status
WPE-Backend
Filters
X-RequestSource
Cache-Tv-Group
Webserver
X-B3-Traceid
X-Drupal-Cache-Tags
X-Presslabs-Stats
X-Handled-By
Payment
Ms-Operation-Id
X-UA-Device-Type
X-RemovedCookies
X-ProcessESI
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-GeoIP
Eomportal-Instance
X-RTag
X-Litespeed-Cache
X-Origin-Server
X-TT-TIMESTAMP
From-Origin
X-Cacheable-TTL
Xserver
X-Element-Page-Cache
X-Daa-Tunnel
X-TX-ID
X-Acc-Meta-Resource-Type
X-Status
X-EdgeConnect-Cache-Status
Liferay-Portal
X-HS-Cache-Config
X-Cache-TTL-Remaining
X-FW-Dynamic
X-Cache-Remote
X-Wix-Request-Id
X-WA-Info
X-Esi
Datacenter
X-Cache-Action
X-Contextid
X-Hyper-Cache
Cache
X-Content-Age
X-Edge-Location
X-Region
X-Ratelimit-Reset
Viewport
Version
X-XRDS-LOCATION
X-CF-Powered-By
X-Cache-NE
PageSpeed
X-Storage
X-Akamai-Transformed
X-Varnish-Hostname
Ohc-File-Size
X-Cache-Server
Accept-CH-Lifetime
X-Accel-Buffering
X-RN-RSRV
X-Varnish-Server
X-Path-Route
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
Load-Balancing
Meta-Geo
Host-Header
X-IP
X-Cache-Enabled
X-Proto
X-Proxy
Cache-Tags
X-PressLabs-Stats
Cache-Name
Ohc-Cache-HIT
X-HS-Combine-CSS
X-Viewer-Country
X-Access
X-Tumblr-Pixel-3
TWC-Locale-Group
Country
TWC-GeoIP-Country
X-TNCMS
Vix-Hermes-Req-Id
Webcakes-App-Name
TWC-GeoIP-LatLong
Webcakes-Region
X-Varnish-Cache-Hits
Webcakes-App-Version
TWC-Device-Class
Mn-Server-Ip
X-Device-Type
X-Loop
X-NCache
X-CS
X-Cluster-Node
X-Via-Fastly
Ec-Rule-Version
Cache-Hits
X-Origin-Hint
X-Origin-Response-Time
TWC-Connection-Speed
X-R9-Blue-Green-Version
X-Section
Rt-Fastcgi-Cache
Release
S-Cnection
X-Cache-Config
Property-Id
X-Akamai-Request-ID
TWC-Privacy
X-NewRelic-App-Data
X-Human
X-From
X-NGENIX-Cache
X-Format
X-Ttl
X-Rule
X-Proxy-Build
X-FC-Vary-Parameters
X-Cache-Grace
Selected-Fe
S-Rt
DSUID
X-Akamai-Request-ID2
X-Backend-Name
X-Timing-Wait
X-Backend-TTL
X-Drupal-Cache-Contexts
X-Trace-Id
X-Xfnlog-Site
X-Upgrade-Enabled
X-UnsetCookies
X-Cache-Host
X-Labrador-Cache-Channel
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-PCL
X-Origin
X-EIG-Tracking-Id
X-Web-Node
X-Vgn-Hpd-Reason
X-VCT
X-Www-Served-By
DB-Nickname
X-Debug-Cache
X-Cache-Time
Azure-Version
X-OCL
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-InstanceId
X-Hit
X-Generated
X-Time-Microsecs
X-Site-Version
X-ApacheServer
X-PERF
X-Locale
X-Hosted-By
Decoy-Debug-Status
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
Decoy-Debug-TTL
Decoy-Debug-Key
X-Ua
Cache-Key
X-CCM
Server-Info
X-FireWall-Port
X-Tec-Api-Version
X-OVcl-Cache
X-Tec-Api-Root
X-Tec-Api-Origin
X-OVcl
Time
X-S
X-Varnish-Hits
X-Real-IP
X-Rendered-As
X-Upstream-CT
X-FW-Version
X-Upstream-HT
X-Redis-Cache
L5d-Success-Class
X-Pubstack
Now
Origin-Edge-Control
Origin-Cache-Control
X-Trafficlayer-App-Scope
X-SS-Set-Cookie
X-Trafficlayer-App-Name
Fastcgi-X-Cache-Version
OT-Force-Account-Verify
Origin
Fastly-SSL
ServedBy
X-Upstream-Proxy
Access-Control-Request-Headers
Cteonnt-Length
Hostname
X-FB-TRIP-ID
X-VG-TLSProxy
X-Cluster-Name
X-APP-VERSION
X-Origin-TTL
X-App-Version
X-UUID
X-Origin-CC
X-VG-WebCache
X-Alternate-Cache-Key
X-GoCache-CacheStatus
Mime-Version
X-ShardId
X-ShopId
X-ServerID
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-CACHE-KEY
X-Load-Cache
NtCoent-Length
X-Parent-Response-Time
X-Soup
X-Rocket-Nginx-Bypass
Accept-Language
Machine
X-Tb
IBM-Web2-Location
X-ECACHE
NGX
Nel
X-CSRF-TOKEN
X-Is-Bot
X-Tt-Trace-Tag
Odigeo-Trace-Id
X-L-Path
X-Environment-Context
X-No-Session
X-Uri
CF-IPCountry
X-B3-Parentspanid
X-B3-Spanid
X-MServer
X-Oneagent-Js-Injection
X-Vtex-Processado-Em
X-Rojux
Cache-Prefix
AsisCache
X-VG-WebServer
Request-Time
VivaBuild
BehaviorPad-Version
X-Vtex-Remote-Cache
X-D
X-Destination
X-Trv-Group
X-S-Cookie
X-Date
X-CF-Lambda-Fn
T-Server
Viewtype
ServerName
X-Accel-Expires-Debug
Arc-Country
Rendered-Blocks
Apple-News-Services-Parsed-Url
X-Node-Id
Apple-News-Services-Host
Apple-News-Services-Handled
X-Info
X-B-Cookie
X-SRCache-Key
X-Request-UUID
X-Twitter-Response-Tags
X-Aed
SRV
Content-Script-Type
X-AIR-PT
X-Application
X-Rewrite-Enabled
Apple-News-Services-Request-Url
X-ARC
Proxy-Connection
Node
GEO-REGION-INFO
X-A-Dcw
Rt-Proxy-Cache
X-ScT
X-A-Dgt
Fly-Request-Id
Meta-Geo-Continent
X-A
X-A-Ccd
X-Connection-Hash
Memcached
MD5-Digest
X-B3-SpanId
X-External-Request-Id
X-Compress-Hint
X-Transaction
X-Worker
Xc-Version
X-Developer
Fly-Cache
Mobile-Detection-Method
X-PAYTM-SRV-ID
X-Region-Sid
X-A-Dam
X-Hl-Ver
X-Server-Time
X-DPWN-IS-SECURE
Content-Style-Type
X-CF-Lambda-Version
Cross-Origin-Window-Policy
X-A-Wwc
A
X-Nginx-Cache
X-Instart-Info
X-Detected-As
X-G
X-ProxyCache-Status
X-Endurance-Cache-Level
X-ProxyCache-Key
X-BYPASS-REASON
Backend-Name
Uber-Trace-Id
X-Amzn-Remapped-Content-Length
X-NC
X-Magnolia-Registration
X-S-Maxage
X-Release
X-Cdn-Srv
Section-Io-Cache
N-Cache
IsBot
Fastly-Soc-X-Request-Id
X-SVT-ORM-RULES
X-SIPLIST1
X-SVT-ORM-VERSION
X-Azure-Ref-OriginShield
X-CUA
X-Azure-Ref
X-Cache-Bucket
X-Var-Ttl
Srv
X-VC-Cache
X-Origin-Expires
X-Fastly-Cache
X-Is-Gdpr
X-Nc
X-JWT-State
X-Cms-Context
Akamai-GRN
X-Has-Esi
X-Developers
Request-EU
X-Origin-Date
Request-Country
We-Hiring
Mail-Subject
X-UA
X-Up
X-Geo
User-Cache-Control
X-WADP-Cache
X-Reboot
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
X-IN-APIGATEWAY
Served-By
X-ElasticPress-Search
X-Reqid
Pramga
RNT-Time
X-CGP
X-Eu-Site
Server-Host
X-Rebelmouse-Surrogate-Control
X-Clara-WADP
Server-Int
Wxu-Next-Hostname
X-Geo-Header
X-Hash
X-Auto-Login
X-Generation-Time
X-Generated-On
X-Backend-Host
X-Guploader-Uploadid
X-Bip
X-Block-Status
X-Qloud-Router
X-BBXSRF
X-Backend-Url
X-App-Name
X-Cache-Info
Pagetype
Wxu-Next-Region
Wxu-Next-Commit
X-Rebelmouse-Cache-Control
W
X-Hnp-Log
X-Device-Os
X-Generated-By
X-Cdn-Origin
X-Gen-Mode
X-Distributor
X-Proxy-Cache-Status
X-Level-Front-Cache
X-Distil-CS
X-Swa-Ws
Content-Disposition
X-C
X-Debug-Cache-Store
X-We-Are-Hiring
Countrycode
X-Skip-Cache
X-Server-IP
Esi-Enabled
RNT-Machine
CDCHOST
X-NX-Host
X-Debug-Cookies
X-User
AKAMAI
X-Nginx-Cache-Key
X-Debug-Log
X-VServer
X-Debug-Cache-Expiry
X-Service
X-Sn-Servicetimems
X-Debug-Cache-Fetch
X-TrackingId
Fastly-SIE
X-Matched-Rule
X-Location
L
Kp-EeAlive
X-Method
Magicmarker
X-Dispatch
X-IN-APIGATEWAYSSL
X-Thanos
X-Thinkindot-L3
X-Clientip
X-Irp-Debug
Heartbleed
X-Core-Mission
X-Proxy-Upstream
X-Wikidot-Backend
X-Webstats-RespID
HA-Ipaddr
Gh-Request-Id
Ha-Gx-Prefs
X-Wikidot-Static-Cache
Fastly-SWR
X-Via-CDN
X-GEO
X-Microcachable
X-MSEdge-Features
X-Lb-Id
X-Internal-Host
X-Key
X-MSEdge-Flight
X-Policy
X-Generated-In
X-Urbn-Site-Id
X-Fetched-On
X-GeoIP-City
X-Li-Fabric
X-Li-Pop
X-Backend-State
X-Dispatcher-Server
PFcat
Platform
X-Amz-Meta-Cache-Control
X-Cache-FS-Status
X-LI-Proto
X-LI-UUID
X-WebServer
X-Cache-Id
X-PHP-Host
X-Request-URI
X-Variation
X-Request-Start
X-Old-Content-Length
X-Owner
X-Platform-Server
Is-Eu
X-Epic-Correlation-Id
X-Say-TTL
X-SayCDN-TTL
Cache-Provider
Locale
Memory
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Web-Mar-Node
X-Servername
X-Say-Cacheable
Adler-Geo
X-Urbn-Context-Path
X-Ratelimit-Limit
X-Cdn-Forward
X-VWS-Id
X-LJ-Flow-ID
X-NWS-UUID-VERIFY
X-AWS-Id
X-ServiceProvider
True-Client-Country-4JS
Server-ID
X-Svr
X-Dc
X-SD-PageType
X-Cache-URL
Resin-Trace
Cdn-Request-Time
Cdn-Host
SD-X-WS
X-Edge-Server
X-DC
X-FPC
X-Mode
X-GDPR
X-Instart-Isnd
V-Age
X-Be
X-Scheme
X-Request-Time
REQUESTUUID
X-Org
X-Wa
X-Cache-Backend
X-Processor
X-ABtesting
SS
X-Hello
X-Flog
X-Servedbyhost
X-Datadome
Group
X-IPS-LoggedIn
X-CDN-Forward
X-Response-By
Country-Code
X-NodeID
X-Pjax-Url
X-Unique-ID
X-SRV
X-DataStream-Cache-Status
X-Server-W
Cache-Cookie-Set-Lfrom
Cache-Host
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Page-Type
X-Proxied
X-SN
X-Zipkin-Id
X-VCL-Version
X-Routing-Service
X-Ruxit-Js-Agent
X-Oracle-Dms-Rid
X-Oss-Storage-Class
X-Oss-Server-Time
X-Ms-Version
UCS
X-Ms-Request-Id
X-Oss-Request-Id
X-Via-Ucdn
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Webkit-Csp
X-RateLimit-Reset
X-EC-Lua
X-Tb-Optimization-Total-Bytes-Saved
X-Ftr-Request-Id
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-HS-Status
X-Varnish-Beresp-Ttl
X-Dynatrace-Js-Agent
PICS-Label
X-Dynatrace
Ttl
Ajk
X-Session-Fingerprint
X-Logtrace-Id
Lfy
X-COUNTRY
X-URL
X-MP-GENERATED-AT
X-Zone
X-GRACE
X-APP
X-Agile-Id
X-Cache-Debug
X-Agile-Age
X-Agile
ProcessTime
Powered-By-ChinaCache
SN
Proxy-Firewall
X-Source
X-Ratelimit-Remaining
X-Varnish-Beresp-TTL
XServer
X-ZONE
X-Newrelic-Synthetics
GeoIP-City
GeoIP-Country-Code
Geoip-Latitude
X-Fastly-Country-Code
X-Pf-Uncompressing
Powered-By
X-PF-Uncompressing
GeoIP-Latitude
Geoip-City
GeoIp-Country-Code
X-Sucuri-Id
X-HTML-Minification-Powered-By
X-Logging-Id
Environment
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Grey
X-Cache-Category-Id
X-DataStream-MidMile-RTT
CACHE
X-NODE
X-DataStream-Origin-MEX-Latency
X-TH-Server
X-Cache-Miss-From
X-Ftr-Cache-Host
X-Sedo-Request-Id
X-CSRF-Token
X-Unique-Id
X-Tt-Trace-Host
Pics-Label
Fastly-Backend-Name
Cdn
X-Sucuri-ID
X-LiteSpeed-Cache-Control
X-Bc
X-Core-Value
X-Aicache-OS
M-TraceId
X-Check-Cacheable
CF-Cached-On
X-Edge
WWW
X-Webapp-Samesite-None-Activated-N
X-Vcl-Version
GW-Server
X-Ftr-Balancer
X-Ftr-Backend
X-Ftr-Backend-Server
X-Ftr-Realm
Dynatrace
MIME-Version
X-Ftr-Dc
X-Vdms-Version
X-Sucuri-Cache
X-Mid
X-LAGOON
X-Fastly-Backend-Reqs
Requestid
LB
Cf-Ipcountry
HostName
X-Fstrz
X-Sigma-Backend
X-FORWARDED-FOR
X-Varnish-Ttl
Cdncip
X-Cache-Tag
X-Rocket-Build-Number
X-Secret
Cdnsip
X-AK-Request-ID
Ohc-Response-Time
X-UPSTREAM-Address
X-RCS-CacheZone
X-Varnish-Url
X-MCACHE
X-Gannett-Site-Version
X-Sigma
X-BC
Amp-Access-Control-Allow-Source-Origin
X-PJAX-URL
X-NGINX-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-TT-LOGID
X-Litespeed-Cache-Control
Pragrma
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-TTL
WZWS-RAY
Lb
X-Swift-Error
On-Server
X-Via-NSCOPI
X-DI
X-Action
X-BE
X-CDN-Cache
X-Varnish-Cacheable
URI
X-DB
X-DW
X-RSL
DataCenter
X-RPM
X-DSS
X-Cache-Ttl
X-ServedByHost
X-RPS
Xkeyrz
X-Proxy-Cacherz
X-GeoIP-Country-Code
X-WA
Host-ID
RequestUuid
User-Agent
X-Correlation-ID
CDN
Is-Session-Tracking
X-Akamai-SSL-Client-Sid
X-WR-MODIFICATION
X-Fastly-Cache-Hits
Xkeypdq
Inserted-Into-Cache-At
X-ORACLE-APMCS-REQUEST-ID
Server-Id
TTL
X-Upstream-Ht
X-Upstream-Ct
X-ORACLE-APMCS-TAG
X-SaId
X-Fpc
Get-Access-Time
X-Page-Impression-Id
X-Flow-Id
X-Zalando-Child-Request-Id
X-Dw-Trace-Id
X-Trafficlayer-App-Version
X-Nananana
Warning
X-Refresh
SID
Who
X-Crawler
Correlation-Id
X-MID
X-SB
X-NU-AKA-ACS-Version
X-ND-Cache
X-VC
X-Cf-Powered-By
X-Via-SSL
Locid
X-Via-Edge
X-Amzn-Remapped-Date
X-Render-Time
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Amzn-Remapped-Connection
X-FE
X-MiniProfiler-Ids
X-Request-URL
Cneonction
X-ServerName
Xet-Cookie
X-ECache
Processtime
RequestId
X-LB-ID
V-Cache
X-Gdpr
X-Gen-Id
X-Bug-Bounty
X-Newrelic-App-Data
HitType
X-LiteSpeed-Tag