Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Xss-Protection
X-Permitted-Cross-Domain-Policies
X-Cache-Status
Timing-Allow-Origin
X-Template
X-DNS-Prefetch-Control
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-CDN
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Envoy-Upstream-Service-Time
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-Cdn
Feature-Policy
X-WebKit-CSP
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
X-Backend-Server
Content-Location
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
Allow
X-Origin-Upstream-Status
X-Rack-Cache
X-Ruxit-JS-Agent
X-Country
X-HW
X-Url
Rating
X-ORACLE-DMS-RID
X-Country-Code
X-DataDome
X-FTR-Request-ID
X-TTL
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
Fusion-Template-Id
Fusion-Component-Id
X-Instart-Request-ID
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
X-Goog-Hash
X-Varnish-TTL
X-TtlSet
X-PC
X-Vname
X-MS-InvokeApp
X-CST
X-Px
Verso
RTSS
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
X-Ah-Environment
Pinterest-Generated-By
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Kinja
X-D2id
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
Display
X-Sol
X-Middleton-Response
X-Middleton-Display
Response
Accept-Ch-Lifetime
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
MS-Author-Via
X-Akam-SW-Version
X-RateLimit-Remaining
X-B3-TraceId
X-GitHub-Request-Id
TCN
X-Abt-Application-Version
X-Navigation-Version
X-Powered-CMS
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Upstream
Accept-CH
X-Forwarded-Proto
X-Shard
X-Amz-Server-Side-Encryption
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-ATIME
Charset
SPIisLatency
SPRequestDuration
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Fastly-Restarts
X-ESI
X-Aspnetmvc-Version
X-Amz-Rid
Nginx-Cache
Realpath
X-Trace
X-XRDS-Location
X-Debug
X-Server-Name
Front-End-Https
AR-Request-ID
X-Cached
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Shield-Request-Id
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Ezoic-Cdn
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-MSEdge-Ref
Access-Control-Request-Method
X-NF-Request-ID
Paypal-Debug-Id
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
Arr-Disable-Session-Affinity
DynaTrace
ServerID
Content-MD5
X-Id
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-Goog-Storage-Class
Pagespeed
S
MicrosoftSharePointTeamServices
X-T
X-DynaTrace-JS-Agent
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-VCache
X-Via-JSL
X-Content-Type
X-Vcache
X-Varnish-Age
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-N
X-SERVER
Accept-Ch
X-Grace
X-Correlation-Id
X-Forwarded-For
Fastcgi-Cache
X-Frontend
X-FTR-Cache-Host
X-Content-Digest
X-RateLimit-Limit
Powered
Arc-Version
PB-RID
X-Mobile-Rewrite
PB-PID
Server-Name
X-Accel-Expires
X-DIS-Request-ID
X-Ser
X-B3-Traceid
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-Fastcgi-Cache
X-FastCGI-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-Microsite
X-Request-Handler-Origin-Region
TP-Cache
X-Zen-Fury
TP-L2-Cache
X-Request-Processing-Time
X-Kinsta-Cache
X-Cache-Age
X-Request-Received
FilterID
X-Type
X-LB-Cache
X-Esi
X-User-Agent
X-Rid
X-Az
X-IPLB-Instance
Backend-Timing
X-Revision
X-AppVersion
X-GUploader-UploadID
X-Activity-Id
X-Analytics
Healthy
Edge-Cache-Tag
X-Node-Name
X-F-Cache
X-Whom
Retry-After
X-Srv
X-Time
X-Acc-Meta-Resource-Type
X-Cache-2
X-NWS-LOG-UUID
Accept-Charset
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Amzn-RequestId
X-Amz-Apigw-Id
Alternate-Protocol
X-Cache-Hit
Pinterest-Version
X-Pinterest-Rid
X-Cache-Rule
X-AOL-HN
Cache-Status
Server-Node
X-Content-Options
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Surrogate-Key
X-Content-Security-Policy-Report-Only
X-Jobs
X-Content-Powered-By
X-Forwarded-Host
Access-Control-Allow-Method
X-Cluster
DC
X-Akamai-Edgescape
X-Tumblr-User
X-Page-Id
X-Tumblr-Pixel
X-Instance
X-Tumblr-Pixel-0
X-FW-Server
X-FB-Debug
X-Debug-Info
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Type
Refresh
Source
X-Varnish-Grace
X-PHP-Backend
X-B
X-App-Environment
X-Request-Guid
X-Framework
MS-CV
X-Hp-Webp
Fastcgi-Useragent
X-App-Server
X-Hostname
Frame-Options
Cleartype
Host
X-B-Cache
X-Signature
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Cache-Key
Tracecode
X-TA-CDN-Provider
X-Cache-Operation
Actual-Object-TTL
X-BCube-Filmed-By
Cache-Tag
X-Mobile-URL
X-Cached-By
X-Geo-Country
X-Varnish-Backend
X-Cache-Control
X-Amz-Replication-Status
X-TT
X-Ratelimit-Reset
X-DataStream-Cache-Status
Xserver
Liferay-Portal
X-Seen-By
X-Pad
X-PressLabs-Stats
X-Mobile
X-Host-Name
X-Response-Served-From
NGB
X-Adobe-Loc
X-Adobe-Content
X-ATG-Version
X-Git-Hash
Payment
X-Status
X-TT-TIMESTAMP
Eomportal-Instance
Upgrade-Insecure-Requests
Webserver
X-WA-Info
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
X-ProcessESI
X-FW-Dynamic
Cache-Tv-Group
X-Tumblr-Pixel-2
WPE-Backend
Filters
X-RemovedCookies
X-Cacheable-TTL
Ms-Operation-Id
From-Origin
X-Drupal-Cache-Tags
X-Handled-By
X-GeoIP
X-RTag
X-TX-ID
X-RequestSource
X-UA-Device-Type
GEO-INFO
X-Cache-TTL-Remaining
X-Content-Age
X-Cache-TTL
Datacenter
X-Daa-Tunnel
X-Cache-Remote
X-Webkit-CSP
X-Edge-Location
X-Upstream-Proxy
Cache
X-Storage
PageSpeed
Viewport
X-Cache-Action
X-Origin-Server
X-Accel-Buffering
X-Varnish-Hostname
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
X-CF-Powered-By
X-Ua
X-Contextid
X-Region
Host-Header
X-Oracle-Dms-Rid
X-Wix-Request-Id
X-Yottaa-Metrics
Accept-CH-Lifetime
X-Yottaa-Optimizations
NR-ENABLED
SRV
X-Varnish-Server
X-Akamai-Transformed
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Var
Load-Balancing
Meta-Geo
X-RN-RSRV
X-Path-Route
Selected-Fe
X-Akamai-Request-ID2
X-Timing-Wait
S-Cnection
X-JoinUs
X-IP
X-From
X-Proxy-Build
X-Loop
X-Proxy
Cache-Name
Cache-Tags
X-CS
X-Backend-Name
Vix-Hermes-Req-Id
X-Proto
X-Generated
X-Cache-Config
X-TNCMS
X-Goog-Meta-Goog-Reserved-File-Mtime
Now
X-Labrador-Cache-Channel
X-Tumblr-Pixel-3
X-Cache-Enabled
X-Upgrade-Enabled
X-Via-Fastly
X-Section
Decoy-Debug-TTL
X-Access
X-ApacheServer
X-Time-Microsecs
X-Akamai-Request-ID
Ec-Rule-Version
X-Viewer-Country
X-FC-Vary-Parameters
X-Hit
Decoy-Debug-Key
DB-Nickname
Cache-Hits
X-PERF
Decoy-Debug-Status
X-Cluster-Node
X-Rule
X-Origin-Response-Time
X-Origin
X-NCache
Rt-Fastcgi-Cache
Country
X-Hosted-By
X-FW-Version
X-Format
X-EIG-Tracking-Id
X-FireWall-Port
Cache-Key
Webcakes-App-Version
Azure-InstanceId
X-OCL
Azure-RegionName
Azure-SiteName
Azure-SlotName
Mn-Server-Ip
X-CCM
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
TWC-Device-Class
TWC-Connection-Speed
Property-Id
X-Cache-Host
X-Cache-Grace
S-Rt
X-Backend-TTL
X-Origin-Hint
Azure-Version
X-Web-Node
X-Upstream-CT
X-Varnish-Cache-Hits
X-Trace-Id
X-Xfnlog-Site
X-PCL
X-UnsetCookies
X-R9-Blue-Green-Version
X-Upstream-HT
X-Device-Type
Ohc-File-Size
X-Debug-Cache
X-Varnish-Hits
X-Cache-Time
X-Www-Served-By
X-Site-Version
X-Drupal-Cache-Contexts
X-Locale
X-Human
X-S
X-Cache-Server
OT-Force-Account-Verify
DSUID
X-Cache-NE
Server-Info
X-Rendered-As
Release
X-NewRelic-App-Data
Time
X-Presslabs-Stats
X-VG-TLSProxy
X-DataStream-Origin-MEX-Latency
ServedBy
X-DataStream-MidMile-RTT
X-Vgn-Hpd-Reason
X-Alternate-Cache-Key
X-VG-WebCache
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-APP-VERSION
X-FB-TRIP-ID
X-VCT
Fastcgi-X-Cache-Version
Hostname
Ohc-Cache-HIT
X-Mode
X-Redis-Cache
X-Real-IP
Accept-Language
X-OVcl-Cache
X-OVcl
X-Tb
X-XRDS-LOCATION
Machine
Cteonnt-Length
X-Nginx-Cache
Origin
Origin-Cache-Control
X-Pubstack
X-B3-Spanid
Origin-Edge-Control
L5d-Success-Class
X-HS-Cache-Config
NtCoent-Length
Access-Control-Request-Headers
X-Environment-Context
X-L-Path
X-No-Session
X-Request-Time
X-Tt-Trace-Tag
X-Cluster-Name
X-Load-Cache
X-CSRF-TOKEN
X-Magnolia-Registration
Odigeo-Trace-Id
X-Generated-By
Mime-Version
Fastly-SSL
X-VWS-Id
X-LJ-Flow-ID
X-NC
X-GEO
X-App-Version
X-AWS-Id
X-Endurance-Cache-Level
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
X-UUID
X-NGENIX-Cache
X-Guploader-Uploadid
Nel
We-Hiring
X-B3-Parentspanid
Akamai-GRN
Mail-Subject
X-Rocket-Nginx-Bypass
X-CACHE-KEY
X-Parent-Response-Time
X-DC
X-GoCache-CacheStatus
X-SS-Set-Cookie
X-ServerID
X-ECACHE
Request-Time
X-Oneagent-Js-Injection
X-Element-Page-Cache
X-Org
T-Server
X-Trv-Group
X-PAYTM-SRV-ID
X-External-Request-Id
X-G
Server-ID
X-Edge-Server
MD5-Digest
GEO-REGION-INFO
X-Origin-Expires
X-Origin-Date
X-MServer
X-Is-Bot
X-Transaction
Proxy-Connection
X-Node-Id
X-Soup
X-A-Wwc
X-A-Dgt
Cache-Prefix
Viewtype
X-Aed
X-Accel-Expires-Debug
Cdn-Host
Cdn-Request-Time
Content-Style-Type
X-A-Ccd
Content-Script-Type
X-A-Dam
X-A-Dcw
BehaviorPad-Version
AsisCache
X-Instart-Info
A
X-A
X-Application
X-B-Cookie
X-ARC
Cross-Origin-Window-Policy
X-AIR-PT
Apple-News-Services-Request-Url
Arc-Country
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Twitter-Response-Tags
Rendered-Blocks
X-Urbn-Context-Path
X-Date
Meta-Geo-Continent
X-Request-UUID
X-Urbn-Site-Id
Node
Xc-Version
X-Worker
X-ScT
X-Connection-Hash
X-Rewrite-Enabled
X-Origin-TTL
X-S-Maxage
X-Rojux
X-S-Cookie
X-SRCache-Key
Mobile-Detection-Method
Locale
X-Origin-CC
X-D
Rt-Proxy-Cache
X-VG-WebServer
X-DPWN-IS-SECURE
X-Destination
Memcached
Fly-Cache
X-Region-Sid
X-Vtex-Processado-Em
Fly-Request-Id
X-Detected-As
VivaBuild
X-Server-Time
X-Vtex-Remote-Cache
X-Developer
X-CF-Lambda-Version
X-CF-Lambda-Fn
ServerName
X-ProxyCache-Status
X-ProxyCache-Key
Uber-Trace-Id
X-BYPASS-REASON
X-Routing-Service
X-Proxied
Backend-Name
X-Zipkin-Id
NGX
CF-IPCountry
X-SVT-ORM-RULES
X-Hl-Ver
X-Distributor
X-Distil-CS
Fastly-Soc-X-Request-Id
Gh-Request-Id
X-SIPLIST1
Request-Country
X-SVT-ORM-VERSION
Request-EU
IsBot
X-Release
X-Via-CDN
Section-Io-Cache
X-TrackingId
X-Cache-Bucket
Countrycode
X-Fastly-Cache
X-Thanos
X-IN-APIGATEWAY
X-Developers
X-Bip
X-Request-Start
X-WebServer
X-Core-Mission
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Auto-Login
N-Cache
X-Cdn-Srv
X-VC-Cache
X-Up
X-IN-APIGATEWAYSSL
X-Clientip
X-Cms-Context
X-ElasticPress-Search
User-Cache-Control
Server-Int
RNT-Machine
X-GeoIP-City
RNT-Time
X-Geo-Header
X-Generation-Time
True-Client-Country-4JS
V-Age
X-Flog
X-Fetched-On
X-CUA
X-Compress-Hint
X-Clara-WADP
X-Cdn-Origin
X-CGP
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Epic-Correlation-Id
X-Eu-Site
X-Device-Os
X-Debug-Log
X-Debug-Cache-Store
X-Debug-Cookies
X-Cache-Info
X-Cache-Id
X-Gen-Mode
X-App-Name
X-Generated-In
X-Amz-Meta-Cache-Control
X-Generated-On
X-ABtesting
X-Backend-Host
X-Backend-Url
X-C
X-Cache-FS-Status
X-Block-Status
X-GDPR
X-BBXSRF
W
X-Location
X-Level-Front-Cache
Content-Disposition
X-Li-Fabric
CDCHOST
X-PHP-Host
X-Platform-Server
Esi-Enabled
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Owner
X-Old-Content-Length
X-Method
X-NX-Host
X-MSEdge-Features
X-Hash
X-Nginx-Cache-Key
X-Uri
X-LI-UUID
AKAMAI
X-Li-Pop
Adler-Geo
X-LI-Proto
Fastly-SIE
Fastly-SWR
X-B3-SpanId
X-Hnp-Log
X-Skip-Cache
X-ServiceProvider
X-HS-Combine-CSS
X-Sn-Servicetimems
PFcat
X-Unique-ID
X-Hello
Platform
X-Variation
Magicmarker
L
HA-Ipaddr
X-Reboot
Ha-Gx-Prefs
X-Rebelmouse-Surrogate-Control
X-Irp-Debug
X-Request-URI
X-Wikidot-Static-Cache
X-WADP-Cache
X-We-Are-Hiring
Is-Eu
X-Wikidot-Backend
X-MSEdge-Flight
X-Microcachable
X-SayCDN-TTL
X-SD-PageType
X-Server-IP
Server-Host
X-Say-TTL
X-Say-Cacheable
X-Backend-State
X-Webstats-RespID
SS
Kp-EeAlive
X-Servername
Served-By
X-Swa-Ws
X-Thinkindot-L3
X-User
Pramga
X-VServer
Pagetype
SD-X-WS
X-Dispatch
X-Dispatcher-Server
Thinkindot-CacheControl
X-Response-By
Country-Code
Thinkindot-CacheControl-Type
Wxu-Next-Hostname
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Matched-Rule
Cache-Cookie-Set-From
X-Qloud-Router
Wxu-Next-Region
Heartbleed
X-Policy
X-Reqid
Thinkindot-Control
Wxu-Next-Commit
X-Internal-Host
X-Key
Web-Mar-Node
X-IPS-LoggedIn
X-MP-GENERATED-AT
X-Cdn-Forward
X-Ratelimit-Limit
X-Page-Type
Resin-Trace
Memory
X-FPC
UCS
X-Nc
X-Geo
X-Wa
REQUESTUUID
X-Service
X-Var-Ttl
ProcessTime
X-Dc
X-Logtrace-Id
X-Servedbyhost
X-JWT-State
Powered-By-ChinaCache
Ajk
X-Has-Esi
Cache-Provider
X-Is-Gdpr
X-Lb-Id
X-HTML-Minification-Powered-By
Proxy-Firewall
X-Datadome
X-RateLimit-Reset
X-NWS-UUID-VERIFY
X-Cache-Backend
X-SERVER-NAME
Srv
X-Grey
X-Oss-Hash-Crc64ecma
X-VCL-Version
Powered-By
X-Tb-Optimization-Total-Bytes-Saved
X-Processor
X-Oss-Object-Type
X-Cache-Category-Id
X-Oss-Server-Time
X-Oss-Request-Id
X-Pjax-Url
X-Oss-Storage-Class
X-Be
X-Info
X-SRV
X-Cache-URL
SN
X-Server-ID
X-Svr
X-Varnish-Beresp-Ttl
X-Ruxit-Js-Agent
X-Instart-Isnd
Fastly-Backend-Name
X-ZONE
X-UA
X-TH-Server
X-CDN-Forward
PICS-Label
X-Zone
X-Tec-Api-Version
X-Tec-Api-Origin
X-Webkit-Csp
X-Tec-Api-Root
X-Scheme
X-SN
X-Ftr-Request-Id
GeoIP-City
X-HS-Status
GeoIP-Country-Code
X-Cache-Ttl
GeoIP-Latitude
X-Dynatrace
X-Ttl
X-RCS-CacheZone
X-NodeID
X-GRACE
X-Varnish-Beresp-Grace
Group
X-Source
X-Varnish-Beresp-Status
CACHE
X-LAGOON
X-Newrelic-Synthetics
X-Pf-Uncompressing
Cdn
GW-Server
X-Bc
X-Varnish-Url
X-Gannett-Site-Version
CF-Cached-On
X-Secret
X-Varnish-Beresp-TTL
X-LiteSpeed-Cache-Control
Dynatrace
X-Check-Cacheable
X-Dynatrace-Js-Agent
Cache-Host
X-PF-Uncompressing
X-Server-W
X-EC-Lua
LB
WZWS-RAY
X-NODE
X-Ftr-Cache-Host
X-CDN-Cache
X-Varnish-Cacheable
Ttl
X-Sucuri-Id
X-APP
On-Server
X-Ratelimit-Remaining
X-Ms-Request-Id
X-GeoIP-Country-Code
User-Agent
X-Via-Ucdn
X-Tt-Trace-Host
X-Ms-Version
X-Edge
GeoIp-Country-Code
Environment
Geoip-Latitude
Inserted-Into-Cache-At
X-BC
Geoip-City
X-COUNTRY
Pics-Label
XServer
X-Cache-Debug
X-BE
X-Akamai-SSL-Client-Sid
WWW
X-Session-Fingerprint
X-URL
X-NU-AKA-ACS-Version
Lfy
X-Fastly-Country-Code
X-CSRF-Token
MIME-Version
X-Ftr-Backend
X-Ftr-Backend-Server
X-Ftr-Realm
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Ftr-Balancer
X-Ftr-Dc
X-Vcl-Version
X-PJAX-URL
X-Agile
Requestid
X-Aicache-OS
X-Agile-Age
X-Agile-Id
X-Crawler
X-Mid
Ohc-Response-Time
X-Render-Time
Who
Cf-Ipcountry
X-Fastly-Backend-Reqs
X-FORWARDED-FOR
M-TraceId
X-MCACHE
SID
X-Varnish-Ttl
Amp-Access-Control-Allow-Source-Origin
X-Logging-Id
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Litespeed-Cache-Control
X-FE
URI
X-Micro-Cache
X-LB-ID
X-UPSTREAM-Address
HostName
Lb
X-Via-SSL
X-WR-MODIFICATION
X-Sedo-Request-Id
X-Cache-Tag
X-Served-From
X-Proxy-Cacherz
X-Via-Edge
Xkeyrz
X-Cache-Miss-From
X-DSS
X-RPS
X-DW
X-RPM
X-DB
X-RSL
X-DI
Host-ID
X-ServedByHost
RequestUuid
X-WA
X-Action
DataCenter
X-Cf-Powered-By
X-Correlation-ID
X-NGINX-Cache
X-Amzn-Remapped-Date
X-Flow-Id
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-Vct
CDN
X-Nananana
X-Fpc
X-Amzn-Remapped-Connection
X-Core-Value
Xkeypdq
X-Fastly-Cache-Hits
X-Newrelic-App-Data
X-Swift-Error
X-SB
X-Protected-By
X-MID
X-VC
X-TIME
Warning
Cneonction
FNAC-ModuleRouting
X-Cdn-Request-ID
X-AK-Request-ID
Cdnsip
Correlation-Id
X-Ecache
X-Vdms-Version
Cdncip
X-Sucuri-ID
X-TT-LOGID
X-Sucuri-Cache
Get-Access-Time
Xet-Cookie
Is-Session-Tracking
TTL
X-Request-Url
X-Apw-Hits
HitType
X-Apw-Access-Token
X-Apw-Access-Object
X-Unique-Id
X-ECache
X-Fe
X-Request-URL
Processtime
X-Bug-Bounty
X-Apw-Access-Action
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-Gdpr
X-ND-Cache
X-Refresh
X-ServerName
X-Via-NSCOPI
X-Serial
V-Cache