Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
Timing-Allow-Origin
X-Template
X-DNS-Prefetch-Control
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
P3p
X-Age
X-CDN
EagleId
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Envoy-Upstream-Service-Time
X-Pingback
X-AH-Environment
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-Cdn
Server-Timing
Feature-Policy
X-WebKit-CSP
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Node
X-Response-Time
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
NEL
X-Dispatcher
Surrogate-Control
Allow
X-Rack-Cache
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Country
X-HW
X-Url
Rating
X-Country-Code
X-ORACLE-DMS-RID
X-FTR-Request-ID
X-TTL
X-DynaTrace
X-DataDome
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-CST
X-Px
Verso
RTSS
Edge-Control
X-Powered-By-Plesk
Public-Key-Pins
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
Pinterest-Generated-By
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Server
X-Cdn-Fetch
X-Kinja
X-Use-Magma
X-D2id
X-Sol
Display
X-Middleton-Response
Response
X-Middleton-Display
Accept-CH
X-Vcap-Request-Id
SPRequestGuid
X-Version
X-SharePointHealthScore
MS-Author-Via
X-RateLimit-Remaining
X-Akam-SW-Version
TCN
X-GitHub-Request-Id
X-Navigation-Version
X-Abt-Application-Version
X-Powered-CMS
Accept-Ch-Lifetime
X-Upstream
X-Forwarded-Proto
X-B3-TraceId
SPRequestDuration
X-Shard
SPIisLatency
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
AR-CACHE
Ar-Sid
AR-PoweredBy
X-Amz-Server-Side-Encryption
AR-ATIME
X-XRDS-Location
X-SRCache-Store-Status
Charset
X-SRCache-Fetch-Status
Realpath
X-Ah-Environment
X-Amz-Rid
X-ESI
Fastly-Restarts
X-Aspnetmvc-Version
Nginx-Cache
X-Trace
X-Debug
Front-End-Https
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Shield-Request-Id
X-Cached
AR-Request-ID
X-Server-Name
X-Ezoic-Cdn
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Paypal-Debug-Id
X-MSEdge-Ref
Access-Control-Request-Method
X-NF-Request-ID
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
Arr-Disable-Session-Affinity
DynaTrace
ServerID
Pagespeed
X-Id
Content-MD5
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
MicrosoftSharePointTeamServices
X-Goog-Storage-Class
X-T
S
X-Fastly-Request-ID
X-Client-IP
X-Amz-Meta-S3cmd-Attrs
X-Content-Type
X-VCache
X-Via-JSL
X-Dw-Request-Base-Id
X-DynaTrace-JS-Agent
X-Vcache
X-Varnish-Age
X-Hits
X-B3-Traceid
X-Amzn-Trace-Id
X-RateLimit-Limit
X-N
X-SERVER
X-Frontend
Fastcgi-Cache
X-FTR-Cache-Host
X-Forwarded-For
X-Grace
X-Correlation-Id
X-Mobile-Rewrite
Arc-Version
PB-RID
PB-PID
X-FastCGI-Cache
X-Content-Digest
Powered
Server-Name
X-Logged-In
X-Ser
X-DIS-Request-ID
X-Accel-Expires
X-B3-Sampled
AMP-Access-Control-Allow-Source-Origin
X-HS-Hub-Id
X-HS-Content-Id
X-Zen-Fury
X-GUploader-UploadID
X-Request-Handler-Origin-Region
X-Microsite
TP-Cache
TP-L2-Cache
X-Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
X-Cache-Age
X-Kinsta-Cache
X-Esi
FilterID
X-LB-Cache
X-Revision
Accept-Ch
X-Rid
X-User-Agent
X-Type
X-Activity-Id
X-IPLB-Instance
X-Az
X-AppVersion
Healthy
Backend-Timing
X-Analytics
Edge-Cache-Tag
X-Node-Name
X-Acc-Meta-Resource-Type
X-F-Cache
X-Srv
X-Whom
X-Time
X-Cache-2
X-Kong-Proxy-Latency
Retry-After
X-Kong-Upstream-Latency
X-NWS-LOG-UUID
X-Amz-Apigw-Id
X-Amzn-RequestId
Accept-Charset
Alternate-Protocol
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-AOL-HN
X-Cache-Rule
Cache-Status
X-Content-Options
Server-Node
Surrogate-Key
DC
X-Akamai-Edgescape
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
X-Jobs
VIX-Pulpo-Node
X-Forwarded-Host
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Framework
X-Cluster
Refresh
X-Tumblr-User
X-Content-Security-Policy-Report-Only
Access-Control-Allow-Method
X-FW-Type
X-Page-Id
X-Debug-Info
X-FB-Debug
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Static
X-Instance
X-Varnish-Grace
X-PHP-Backend
X-App-Environment
Source
X-Request-Guid
X-B
X-Hostname
MS-CV
X-App-Server
Fastcgi-Useragent
X-Hp-Webp
Cleartype
Host
X-DataStream-Cache-Status
Frame-Options
X-Signature
X-B-Cache
X-Cache-Key
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-BCube-Filmed-By
Actual-Object-TTL
X-Ratelimit-Reset
Tracecode
X-Cache-Operation
X-Cached-By
X-TA-CDN-Provider
X-Mobile-URL
Cache-Tag
X-Varnish-Backend
X-Geo-Country
X-TT
Liferay-Portal
X-Amz-Replication-Status
X-Cache-Control
X-Pad
X-Mobile
X-PressLabs-Stats
Accept-CH-Lifetime
X-Seen-By
Xserver
X-Response-Served-From
NGB
X-ATG-Version
X-Host-Name
X-Git-Hash
X-Adobe-Content
X-Adobe-Loc
Eomportal-Instance
Filters
Payment
WPE-Backend
X-WebKit-CSP-Report-Only
Upgrade-Insecure-Requests
X-GeoIP
X-Status
X-WA-Info
X-TT-TIMESTAMP
X-Cacheable-TTL
Cache-Tv-Group
X-Drupal-Cache-Tags
Ms-Operation-Id
X-FW-Dynamic
X-RequestSource
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-UA-Device-Type
X-RemovedCookies
X-RTag
X-Handled-By
X-ProcessESI
From-Origin
X-TX-ID
X-Content-Age
X-Upstream-Proxy
Webserver
GEO-INFO
X-Cache-TTL-Remaining
X-Cache-TTL
X-Edge-Location
X-Cache-Remote
X-Webkit-CSP
Viewport
X-Daa-Tunnel
X-Storage
Cache
X-Accel-Buffering
Datacenter
X-Cache-Action
X-Varnish-Hostname
X-Origin-Server
X-EdgeConnect-Cache-Status
Version
X-CF-Powered-By
X-Hyper-Cache
X-Ua
X-Oracle-Dms-Rid
X-Contextid
Host-Header
X-Region
PageSpeed
X-Yottaa-Optimizations
X-Yottaa-Metrics
SRV
X-Wix-Request-Id
X-Varnish-Server
X-Akamai-Transformed
X-Akamai-Request-ID2
X-Path-Route
X-ES-SERVER
Selected-Fe
X-Cache-Var
Meta-Geo
Load-Balancing
X-RN-RSRV
X-Proxy-Build
X-Cache-Var-Map
X-Timing-Wait
X-From
Cache-Name
X-Trace-Id
S-Cnection
X-IP
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cache-Enabled
Cache-Hits
X-Cache-Config
X-Proxy
Now
X-Cluster-Node
Vix-Hermes-Req-Id
X-CS
Rt-Fastcgi-Cache
X-Loop
X-Generated
X-TNCMS
X-Backend-Name
X-Proto
X-Locale
X-Site-Version
Cache-Tags
X-ApacheServer
DB-Nickname
Property-Id
X-Rule
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Name
Webcakes-App-Version
X-Access
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
DSUID
Webcakes-Region
Mn-Server-Ip
X-Akamai-Request-ID
X-Cache-Host
X-R9-Blue-Green-Version
X-DataStream-MidMile-RTT
X-PERF
X-UnsetCookies
X-Tumblr-Pixel-3
X-DataStream-Origin-MEX-Latency
X-Upgrade-Enabled
X-Varnish-Cache-Hits
X-Via-Fastly
Country
X-Viewer-Country
X-FC-Vary-Parameters
X-Labrador-Cache-Channel
X-Origin-Hint
X-Origin
X-Time-Microsecs
X-Section
NR-ENABLED
X-Origin-Response-Time
X-Hit
X-EIG-Tracking-Id
X-NCache
X-Hosted-By
X-Upstream-CT
X-FW-Version
X-Format
X-Upstream-HT
X-Www-Served-By
X-Debug-Cache
X-Device-Type
X-CCM
X-Cache-Grace
X-Backend-TTL
X-Human
X-PCL
X-OCL
X-Web-Node
X-Xfnlog-Site
Ec-Rule-Version
X-FireWall-Port
Release
S-Rt
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Cache-Key
Azure-Version
OT-Force-Account-Verify
X-S
X-Varnish-Hits
X-Drupal-Cache-Contexts
Ohc-File-Size
Server-Info
X-Cache-Time
X-Cache-Server
ServedBy
X-Rendered-As
Time
X-NewRelic-App-Data
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Cache-NE
X-VG-WebCache
X-VG-TLSProxy
X-Presslabs-Stats
X-Vgn-Hpd-Reason
X-VCT
Hostname
X-FB-TRIP-ID
X-APP-VERSION
Ohc-Cache-HIT
Accept-Language
X-Mode
X-Server-ID
X-Redis-Cache
Cteonnt-Length
X-Tb
Machine
Fastcgi-X-Cache-Version
X-OVcl
X-Real-IP
X-Nginx-Cache
X-OVcl-Cache
X-No-Session
NtCoent-Length
X-B3-Spanid
Origin
Origin-Cache-Control
X-Pubstack
Origin-Edge-Control
X-Request-Time
X-L-Path
X-Environment-Context
X-Generated-By
X-CSRF-TOKEN
X-NC
L5d-Success-Class
X-GEO
X-VWS-Id
X-AWS-Id
Access-Control-Request-Headers
X-HS-Cache-Config
X-LJ-Flow-ID
Odigeo-Trace-Id
X-Tt-Trace-Tag
X-Magnolia-Registration
X-Load-Cache
X-Cluster-Name
We-Hiring
Fastly-SSL
X-Amzn-Remapped-Content-Length
Mail-Subject
X-App-Version
X-Endurance-Cache-Level
IBM-Web2-Location
X-DC
Mime-Version
X-Parent-Response-Time
Nel
Akamai-GRN
X-B3-Parentspanid
Request-Time
X-UUID
X-CACHE-KEY
X-XRDS-LOCATION
X-ServerID
X-Routing-Service
X-ECACHE
X-Soup
X-NGENIX-Cache
X-GoCache-CacheStatus
X-MServer
Proxy-Connection
X-Proxied
X-Zipkin-Id
X-Rocket-Nginx-Bypass
X-Urbn-Site-Id
X-Via-CDN
Locale
X-Urbn-Context-Path
X-Oneagent-Js-Injection
X-CF-Lambda-Fn
X-CF-Lambda-Version
Rt-Proxy-Cache
X-AIR-PT
Apple-News-Services-Handled
X-Edge-Server
X-DPWN-IS-SECURE
Fly-Cache
X-Date
X-D
Content-Script-Type
Content-Style-Type
Cross-Origin-Window-Policy
Fly-Request-Id
GEO-REGION-INFO
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
X-Destination
X-Detected-As
Node
X-Developer
X-External-Request-Id
Cdn-Request-Time
A
X-Org
Apple-News-Services-Host
Rendered-Blocks
X-IN-APIGATEWAY
X-Is-Bot
X-Instart-Info
X-IN-APIGATEWAYSSL
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-G
Cache-Prefix
Cdn-Host
X-Connection-Hash
BehaviorPad-Version
Arc-Country
AsisCache
X-Node-Id
X-PAYTM-SRV-ID
X-S-Cookie
X-Rojux
X-A-Dam
X-Accel-Expires-Debug
X-S-Maxage
X-Aed
X-Rewrite-Enabled
VivaBuild
Viewtype
X-Request-UUID
X-Application
X-Worker
X-A-Ccd
X-A
X-ARC
X-Transaction
X-SRCache-Key
X-SS-Set-Cookie
X-Thanos
X-Trv-Group
X-Twitter-Response-Tags
X-ProxyCache-Status
X-ScT
X-ProxyCache-Key
X-Server-Time
X-Origin-Date
X-Release
Xc-Version
X-Vtex-Processado-Em
X-BYPASS-REASON
X-A-Dcw
T-Server
X-Region-Sid
X-Bip
X-Origin-Expires
Memcached
X-B-Cookie
X-Vtex-Remote-Cache
X-A-Wwc
X-VG-WebServer
Uber-Trace-Id
X-A-Dgt
Backend-Name
CF-IPCountry
ServerName
IsBot
X-Core-Mission
Country-Code
N-Cache
X-Fastly-Cache
X-CUA
X-TrackingId
X-Origin-CC
Fastly-Soc-X-Request-Id
X-Distil-CS
X-VC-Cache
X-Distributor
X-WebServer
Gh-Request-Id
NGX
X-Origin-TTL
X-Up
X-Developers
X-Device-Os
Countrycode
X-Hash
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-SVT-ORM-VERSION
X-Level-Front-Cache
Request-EU
X-Cdn-Srv
X-BBXSRF
X-Cache-Bucket
Server-ID
X-Owner
Section-Io-Cache
Request-Country
X-Request-Start
X-Cms-Context
X-Azure-Ref
X-Hl-Ver
X-SIPLIST1
X-SVT-ORM-RULES
X-Auto-Login
X-Clientip
X-Generated-On
X-Azure-Ref-OriginShield
User-Cache-Control
X-ElasticPress-Search
X-Amz-Meta-Cache-Control
X-Cache-Id
X-Cache-FS-Status
X-Debug-Cache-Expiry
X-Backend-Host
X-CGP
X-Cache-Info
X-Cdn-Origin
X-Block-Status
X-C
X-Backend-Url
X-Compress-Hint
X-Clara-WADP
X-MSEdge-Flight
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Reqid
X-Request-URI
X-Server-IP
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-PHP-Host
X-Old-Content-Length
X-Platform-Server
X-Proxy-Cache-Status
X-Proxy-Upstream
X-ServiceProvider
X-Skip-Cache
X-We-Are-Hiring
X-WADP-Cache
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-Variation
X-Swa-Ws
X-Sn-Servicetimems
X-Thinkindot-L3
X-Unique-ID
X-User
X-NX-Host
X-Nginx-Cache-Key
X-Flog
X-Fetched-On
X-Gen-Mode
X-Generated-In
X-Generation-Time
X-Eu-Site
X-Epic-Correlation-Id
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Log
X-Dispatch
X-Dispatcher-Server
X-Geo-Header
X-GeoIP-City
X-Location
X-LI-UUID
X-Matched-Rule
X-Method
X-MSEdge-Features
X-LI-Proto
X-Li-Pop
X-Hnp-Log
X-Hello
X-HS-Combine-CSS
X-Irp-Debug
X-Li-Fabric
X-Debug-Cache-Fetch
X-App-Name
L
X-B3-SpanId
Kp-EeAlive
Is-Eu
Heartbleed
Magicmarker
Pagetype
RNT-Machine
Pramga
Platform
PFcat
HA-Ipaddr
Ha-Gx-Prefs
AKAMAI
Cache-Cookie-Set-From
Adler-Geo
X-MP-GENERATED-AT
X-Guploader-Uploadid
Cache-Cookie-Set-Idcheck
CDCHOST
Fastly-SWR
Fastly-SIE
Esi-Enabled
Content-Disposition
RNT-Time
Cache-Cookie-Set-Lfrom
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
V-Age
W
X-ABtesting
Wxu-Next-Region
Wxu-Next-Hostname
SS
Wxu-Next-Commit
Server-Host
Server-Int
Served-By
X-IPS-LoggedIn
X-Microcachable
X-Say-Cacheable
X-Servername
X-GDPR
X-Internal-Host
X-Page-Type
SD-X-WS
X-Response-By
X-Key
Web-Mar-Node
X-Say-TTL
X-SD-PageType
Memory
X-SayCDN-TTL
X-Backend-State
X-Uri
X-Element-Page-Cache
X-SERVER-NAME
UCS
Resin-Trace
X-Policy
X-Cdn-Forward
ProcessTime
X-Wa
X-FPC
REQUESTUUID
X-Logtrace-Id
X-Service
Ajk
Powered-By-ChinaCache
X-Var-Ttl
X-Servedbyhost
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-HTML-Minification-Powered-By
X-Dc
Proxy-Firewall
Cache-Provider
X-Nc
X-Lb-Id
X-Geo
X-Is-Gdpr
X-Has-Esi
X-Ratelimit-Limit
X-Cache-Backend
X-JWT-State
X-Datadome
X-RateLimit-Reset
X-VCL-Version
X-NWS-UUID-VERIFY
X-Grey
Powered-By
X-Cache-Category-Id
Srv
X-Oss-Storage-Class
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Processor
X-SRV
X-ZONE
X-Be
X-Varnish-Beresp-Ttl
X-CDN-Forward
X-Pjax-Url
X-TH-Server
Fastly-Backend-Name
X-Ruxit-Js-Agent
SN
X-Cache-URL
GeoIP-City
GeoIP-Latitude
PICS-Label
X-UA
GeoIP-Country-Code
X-Instart-Isnd
X-Svr
X-RCS-CacheZone
X-HS-Status
X-Info
X-Dynatrace-Js-Agent
X-Webkit-Csp
X-Cache-Ttl
X-Ttl
X-Ftr-Request-Id
X-Zone
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-NodeID
GW-Server
X-Scheme
X-SN
Group
X-GRACE
X-Source
Cdn
CACHE
X-Pf-Uncompressing
X-Newrelic-Synthetics
X-Varnish-Url
X-LAGOON
WZWS-RAY
LB
X-Gannett-Site-Version
X-Secret
X-EC-Lua
X-Bc
Dynatrace
X-Varnish-Beresp-TTL
X-Check-Cacheable
X-Varnish-Cacheable
Cache-Host
On-Server
CF-Cached-On
X-CDN-Cache
X-PF-Uncompressing
X-NODE
User-Agent
X-GeoIP-Country-Code
XServer
Ttl
X-Server-W
X-Sucuri-Id
X-LiteSpeed-Cache-Control
X-Ftr-Cache-Host
X-BC
X-Ms-Version
X-APP
X-Ms-Request-Id
X-Via-Ucdn
Inserted-Into-Cache-At
X-Tt-Trace-Host
X-Ratelimit-Remaining
Environment
X-BE
X-COUNTRY
X-Edge
Pics-Label
X-Fastly-Country-Code
X-NU-AKA-ACS-Version
X-PJAX-URL
MIME-Version
Geoip-Latitude
Geoip-City
GeoIp-Country-Code
Lfy
Who
WWW
X-Akamai-SSL-Client-Sid
X-Crawler
X-Dynatrace
X-Aicache-OS
X-URL
X-Ftr-Backend-Server
X-Ftr-Dc
X-Ftr-Balancer
X-Ftr-Realm
X-Ftr-Backend
X-Agile-Id
X-Cache-Debug
X-Agile-Age
X-Mid
X-Session-Fingerprint
Ohc-Response-Time
X-Agile
Requestid
X-Render-Time
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
Cf-Ipcountry
X-Varnish-Ttl
X-FORWARDED-FOR
X-MCACHE
X-CSRF-Token
X-LB-ID
M-TraceId
X-Vcl-Version
X-Fastly-Backend-Reqs
SID
X-FE
Amp-Access-Control-Allow-Source-Origin
X-Served-From
X-Litespeed-Cache-Control
X-Via-SSL
X-Logging-Id
X-UPSTREAM-Address
URI
X-Micro-Cache
X-Via-Edge
DataCenter
Lb
X-WR-MODIFICATION
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
Xkeyrz
X-Proxy-Cacherz
HostName
X-Cache-Tag
Host-ID
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
RequestUuid
X-Cache-Miss-From
X-Sedo-Request-Id
X-NGINX-Cache
X-Cf-Powered-By
X-Correlation-ID
X-DB
X-Fpc
X-Action
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
Correlation-Id
Xkeypdq
X-RPS
X-ServedByHost
X-RSL
X-Protected-By
CDN
X-Nananana
X-RPM
X-WA
X-Vct
X-DI
X-DW
X-DSS
X-Fastly-Cache-Hits
WebServer
X-Newrelic-App-Data
Cneonction
X-Core-Value
X-Via-NSCOPI
X-Ecache
X-Cdn-Request-ID
X-TIME
X-SB
X-Dw-Trace-Id
FNAC-ModuleRouting
X-MID
X-Refresh
X-Vdms-Version
X-Request-Url
X-ND-Cache
Warning
X-VC
X-Swift-Error
X-AK-Request-ID
Cdncip
Xet-Cookie
Cdnsip
Server-Id
HitType
X-Fe
X-Request-URL
X-Planisys-CDN-TTL
X-Apw-Hits
X-Apw-Access-Token
X-Serial
X-Apw-Access-Action
X-Apw-Access-Object
X-Planisys-CDN-Rules
Processtime
Pragrma
X-MiniProfiler-Ids
X-Gdpr
X-ServerName
X-Bug-Bounty
X-ECache
X-Planisys-CDN-Cache
X-Unique-Id
V-Cache