Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
Content-Encoding
X-Content-Security-Policy
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Buckets
X-Request-ID
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
EagleId
X-Age
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Ua-Compatible
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-Server
X-AH-Environment
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Cdn
P3p
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
Feature-Policy
X-Amz-Version-Id
X-Server-Id
X-Device
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
Report-To
EagleEye-TraceId
X-Cloud-Trace-Context
X-Response-Time
X-Backend-Server
Request-Id
X-Host
X-Node
Content-Location
X-Readtime
X-Origin-Cache
X-Vhost
X-Cache-Lookup
X-Application-Context
X-ORACLE-DMS-ECID
X-Dispatcher
X-DataDome
NEL
X-ORACLE-DMS-RID
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Rack-Cache
Surrogate-Control
X-HW
X-Dns-Prefetch-Control
Allow
Rating
X-Country-Code
X-Clacks-Overhead
X-Country
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-DynaTrace
X-Instart-Request-ID
X-MS-InvokeApp
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
X-Goog-Hash
X-TTL
X-TtlSet
X-Vname
X-PC
X-Varnish-TTL
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
Public-Key-Pins
RTSS
X-Px
X-B3-TraceId
X-Mod-Pagespeed
Edge-Control
X-VARITI-CCR
X-Sol
X-Middleton-Response
X-Middleton-Display
Display
Response
X-ESI
X-Ah-Environment
X-CST
X-Recruiting
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
SPRequestGuid
X-D2id
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-SharePointHealthScore
Service-Worker-Allowed
X-Akam-SW-Version
X-Vcap-Request-Id
Accept-Ch-Lifetime
SPRequestDuration
SPIisLatency
X-Version
X-Server-Name
X-GitHub-Request-Id
X-Abt-Application-Version
MS-Author-Via
TCN
X-Navigation-Version
X-Powered-CMS
X-Shard
Accept-CH
X-Trace
Charset
Fastly-Restarts
X-Upstream
X-Amz-Server-Side-Encryption
X-RateLimit-Remaining
Realpath
X-Aspnetmvc-Version
X-Debug
X-Amz-Rid
Ar-Sid
AR-CACHE
AR-ATIME
AR-PoweredBy
Nginx-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-VCache
X-Ezoic-Cdn
X-NF-Request-ID
Front-End-Https
X-Cached
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-XRDS-Location
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
AR-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
X-Shield-Request-Id
Pagespeed
Arr-Disable-Session-Affinity
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Content-MD5
X-FTR-Expires
MicrosoftSharePointTeamServices
X-FTR-Cache-Status
X-Country-Code-Real
Paypal-Debug-Id
DynaTrace
X-Id
X-T
X-Goog-Storage-Class
X-Amz-Meta-S3cmd-Attrs
S
X-Fastly-Request-ID
ServerID
X-Varnish-Age
X-Via-JSL
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-Ser
X-Client-IP
X-DynaTrace-JS-Agent
X-Content-Type
X-Dw-Request-Base-Id
X-Accel-Expires
X-Correlation-Id
X-Hits
X-Grace
Accept-Ch
Fastcgi-Cache
X-Forwarded-For
X-Amzn-Trace-Id
Powered
X-Content-Digest
X-Frontend
Edge-Cache-Tag
X-N
X-DIS-Request-ID
X-Mobile-Rewrite
PB-PID
PB-RID
Arc-Version
X-HS-Hub-Id
X-HS-Content-Id
AMP-Access-Control-Allow-Source-Origin
X-Logged-In
Server-Name
X-FTR-Cache-Host
X-Fastcgi-Cache
X-FastCGI-Cache
X-Server-ID
TP-Cache
TP-L2-Cache
Pinterest-Version
X-Pinterest-Rid
X-RateLimit-Limit
X-Request-Processing-Time
X-Request-Handler-Origin-Region
X-Microsite
X-Request-Received
X-Zen-Fury
X-Kinsta-Cache
X-Time
X-B3-Sampled
X-User-Agent
X-Rid
X-Type
X-AppVersion
X-Activity-Id
X-Az
X-Cache-Age
X-Revision
X-IPLB-Instance
Backend-Timing
X-Analytics
X-LB-Cache
X-GUploader-UploadID
Healthy
X-Cache-Hit
X-Whom
FilterID
Retry-After
X-Srv
X-Node-Name
X-Vcache
X-NWS-LOG-UUID
Server-Node
X-F-Cache
X-SERVER
Alternate-Protocol
Accept-Charset
X-Hp-Webp
X-Cache-Rule
Cache-Tag
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Akamai-Edgescape
Cache-Status
X-Cache-2
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Content-Options
X-Webkit-CSP
X-Content-Security-Policy-Report-Only
Surrogate-Key
Refresh
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Tumblr-User
X-Tumblr-Pixel-0
X-Content-Powered-By
X-Forwarded-Host
VIX-Pulpo-Node
MS-CV
X-AOL-HN
DC
X-Framework
X-Tumblr-Pixel
VIX-Pulpo-Upstream-Status
X-Jobs
X-Debug-Info
X-Instance
Tracecode
X-App-Environment
Source
Access-Control-Allow-Method
X-FB-Debug
X-Cluster
X-Varnish-Grace
X-App-Server
X-TA-CDN-Provider
X-PHP-Backend
X-Cache-TTL
X-B
X-Page-Id
X-FW-Hash
X-FW-Serve
X-FW-Type
X-Request-Guid
X-FW-Static
X-Cache-Operation
X-FW-Server
Actual-Object-TTL
Host
X-Mobile-URL
Fastcgi-Useragent
Frame-Options
X-B3-Traceid
X-Seen-By
X-Cache-Key
X-Hostname
X-Cache-Control
X-Geo-Country
NR-ENABLED
Cleartype
X-Signature
X-B-Cache
X-Host-Name
X-Cached-By
X-Pad
X-BCube-Filmed-By
Upgrade-Insecure-Requests
X-Mobile
NGB
X-Git-Hash
X-TT
X-Acc-Meta-Resource-Type
X-Varnish-Backend
X-Response-Served-From
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
X-Adobe-Loc
GEO-INFO
X-Adobe-Content
X-ATG-Version
WPE-Backend
X-GeoIP
X-Tumblr-Pixel-1
X-TT-TIMESTAMP
X-Daa-Tunnel
X-Tumblr-Pixel-2
X-Drupal-Cache-Tags
X-RemovedCookies
Cache-Tv-Group
Ms-Operation-Id
X-RTag
Filters
X-UA-Device-Type
X-ProcessESI
Eomportal-Instance
X-RequestSource
Webserver
X-Cache-Remote
Payment
X-Handled-By
From-Origin
X-Origin-Server
X-Status
Liferay-Portal
X-EdgeConnect-Cache-Status
X-TX-ID
X-Cacheable-TTL
X-Cache-TTL-Remaining
Xserver
X-FW-Dynamic
X-WA-Info
X-Presslabs-Stats
X-Esi
Accept-CH-Lifetime
X-HS-Cache-Config
X-Cache-Action
X-Hyper-Cache
X-Wix-Request-Id
X-Content-Age
X-Element-Page-Cache
X-Edge-Location
X-Contextid
X-Ratelimit-Reset
Viewport
X-Region
X-Ttl
Datacenter
X-CF-Powered-By
Version
Cache
X-Storage
X-Varnish-Hostname
Ohc-File-Size
PageSpeed
X-PressLabs-Stats
X-Accel-Buffering
X-Cache-NE
X-Akamai-Transformed
X-Oneagent-Js-Injection
X-Cache-Server
X-Path-Route
Meta-Geo
Load-Balancing
X-ES-SERVER
X-Cache-Var-Map
X-RN-RSRV
X-Varnish-Server
X-Cache-Var
S-Cnection
Cache-Name
Cache-Tags
X-Proxy
X-Cache-Enabled
Ohc-Cache-HIT
X-XRDS-LOCATION
X-Section
TWC-Connection-Speed
Release
X-Viewer-Country
X-Cluster-Node
X-Yottaa-Optimizations
X-CS
X-Via-Fastly
Property-Id
X-Tumblr-Pixel-3
Mn-Server-Ip
X-Varnish-Cache-Hits
X-Akamai-Request-ID2
TWC-Device-Class
X-NCache
Cache-Hits
Vix-Hermes-Req-Id
TWC-Privacy
X-R9-Blue-Green-Version
Webcakes-App-Name
Webcakes-App-Version
X-Access
X-Akamai-Request-ID
Webcakes-Region
X-Origin-Response-Time
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-Locale-Group
Host-Header
X-Cache-Config
X-Proto
TWC-GeoIP-Country
X-Yottaa-Metrics
Country
Decoy-Debug-Key
Azure-SiteName
Azure-RegionName
Azure-SlotName
DB-Nickname
X-Xfnlog-Site
Azure-Version
DSUID
Decoy-Debug-TTL
Decoy-Debug-Status
X-Format
X-Labrador-Cache-Channel
X-PCL
X-PERF
X-Proxy-Build
X-Cache-Grace
X-Backend-TTL
X-Loop
X-ApacheServer
X-Www-Served-By
X-Origin
X-OCL
X-Backend-Name
X-Cache-Host
X-Rule
X-UnsetCookies
X-EIG-Tracking-Id
X-Upgrade-Enabled
X-VCT
X-Drupal-Cache-Contexts
Rt-Fastcgi-Cache
X-Trace-Id
X-Time-Microsecs
X-Cache-Time
X-Timing-Wait
Azure-InstanceId
X-TNCMS
X-Device-Type
Selected-Fe
X-IP
X-NewRelic-App-Data
X-CCM
X-FC-Vary-Parameters
S-Rt
X-JoinUs
X-Web-Node
X-Goog-Meta-Goog-Reserved-File-Mtime
X-From
X-Debug-Cache
X-Human
X-Vgn-Hpd-Reason
X-Hit
Cache-Key
X-Hosted-By
X-HS-Combine-CSS
X-Locale
X-Ua
X-Generated
Ec-Rule-Version
Server-Info
X-Site-Version
X-Tec-Api-Version
X-NGENIX-Cache
X-Tec-Api-Origin
X-FireWall-Port
X-Upstream-CT
X-Upstream-HT
X-Tec-Api-Root
X-OVcl
X-OVcl-Cache
X-S
X-Varnish-Hits
X-Real-IP
Time
Now
X-FW-Version
L5d-Success-Class
X-Rendered-As
X-Upstream-Proxy
X-Pubstack
Origin-Cache-Control
Origin-Edge-Control
X-Litespeed-Cache
X-SS-Set-Cookie
Fastcgi-X-Cache-Version
X-Redis-Cache
Hostname
Access-Control-Request-Headers
ServedBy
OT-Force-Account-Verify
X-VG-TLSProxy
Origin
X-FB-TRIP-ID
Cteonnt-Length
Fastly-SSL
X-VG-WebCache
X-APP-VERSION
X-Parent-Response-Time
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-App-Version
Accept-Language
X-Shopify-Stage
X-Cluster-Name
X-ShardId
NtCoent-Length
X-UUID
X-ShopId
X-Origin-CC
X-Load-Cache
X-Origin-TTL
X-ServerID
Machine
X-Tb
X-Soup
X-CSRF-TOKEN
X-GoCache-CacheStatus
X-Webkit-Csp
Mime-Version
X-Tt-Trace-Tag
X-Rocket-Nginx-Bypass
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-ECACHE
X-No-Session
NGX
Nel
X-Environment-Context
X-L-Path
X-Guploader-Uploadid
IBM-Web2-Location
X-B3-Spanid
X-Uri
X-B3-Parentspanid
X-NC
X-CACHE-KEY
X-MServer
SRV
Odigeo-Trace-Id
X-Is-Bot
Apple-News-Services-Handled
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
AsisCache
BehaviorPad-Version
Apple-News-Services-Host
Content-Script-Type
Cache-Prefix
A
X-A-Dcw
X-Instart-Info
X-Hl-Ver
X-PAYTM-SRV-ID
X-Region-Sid
X-Request-UUID
X-G
X-External-Request-Id
X-Destination
X-Date
X-Detected-As
X-Developer
X-DPWN-IS-SECURE
X-Rewrite-Enabled
X-Rojux
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-ScT
X-S-Cookie
X-Server-Time
X-SRCache-Key
X-Transaction
X-D
X-Connection-Hash
Rendered-Blocks
Node
Rt-Proxy-Cache
ServerName
T-Server
Mobile-Detection-Method
Meta-Geo-Continent
Fly-Cache
Cross-Origin-Window-Policy
Fly-Request-Id
GEO-REGION-INFO
MD5-Digest
Viewtype
VivaBuild
X-ARC
X-Application
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-AIR-PT
X-Aed
X-A-Ccd
X-A
X-A-Dam
X-A-Wwc
X-Accel-Expires-Debug
Content-Style-Type
X-A-Dgt
X-Nginx-Cache
Proxy-Connection
X-B3-SpanId
X-Magnolia-Registration
X-Endurance-Cache-Level
Request-Time
X-Amzn-Remapped-Content-Length
CF-IPCountry
We-Hiring
Mail-Subject
X-GEO
Akamai-GRN
X-Origin-Expires
X-Origin-Date
X-Release
X-ProxyCache-Key
X-ProxyCache-Status
X-S-Maxage
X-Azure-Ref-OriginShield
Memcached
Srv
X-Fastly-Cache
X-CUA
Fastly-Soc-X-Request-Id
X-Developers
IsBot
X-Cms-Context
X-JWT-State
X-BYPASS-REASON
X-Is-Gdpr
X-Cdn-Srv
X-Has-Esi
N-Cache
X-Azure-Ref
X-Var-Ttl
X-VC-Cache
Uber-Trace-Id
Request-Country
Request-EU
X-Up
X-SVT-ORM-VERSION
X-Compress-Hint
X-SVT-ORM-RULES
X-SIPLIST1
X-Node-Id
X-UA
X-Cdn-Forward
Backend-Name
User-Cache-Control
X-Info
X-Generated-By
Thinkindot-CacheControl-Type
Thinkindot-Control
X-AWS-Id
W
X-Core-Mission
Thinkindot-CacheControl
X-Debug-Cache-Expiry
X-Auto-Login
X-App-Name
X-Debug-Log
X-Debug-Cookies
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Wxu-Next-Commit
X-Clientip
X-Bip
X-BBXSRF
X-Block-Status
X-Cache-Info
X-C
X-Cache-Bucket
X-Cdn-Origin
Wxu-Next-Region
X-Clara-WADP
X-Backend-Host
X-CGP
X-Backend-Url
Wxu-Next-Hostname
X-LJ-Flow-ID
X-Hnp-Log
X-Service
X-Skip-Cache
X-Sn-Servicetimems
X-Swa-Ws
X-Server-IP
X-Dc
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reqid
X-Thanos
X-Thinkindot-L3
X-We-Are-Hiring
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-WADP-Cache
X-User
X-TrackingId
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Qloud-Router
X-Proxy-Upstream
X-Gen-Mode
X-Generated-On
X-Generation-Time
X-Geo-Header
X-Eu-Site
X-ElasticPress-Search
X-Dispatch
X-Distil-CS
X-Distributor
X-Hash
Server-Int
X-Nginx-Cache-Key
X-NX-Host
X-Proxy-Cache-Status
X-Method
X-Matched-Rule
X-IN-APIGATEWAYSSL
X-Irp-Debug
X-Level-Front-Cache
X-Device-Os
X-IN-APIGATEWAY
CDCHOST
Kp-EeAlive
RNT-Machine
Content-Disposition
X-VWS-Id
Heartbleed
L
Locale
Pagetype
X-Ruxit-Js-Agent
Pramga
AKAMAI
Magicmarker
Section-Io-Cache
RNT-Time
Esi-Enabled
Gh-Request-Id
HA-Ipaddr
Countrycode
Fastly-SIE
Server-Host
Ha-Gx-Prefs
Fastly-SWR
X-Microcachable
X-Dispatcher-Server
X-MSEdge-Features
X-Epic-Correlation-Id
X-Old-Content-Length
X-MSEdge-Flight
X-Cache-FS-Status
X-Location
X-Internal-Host
Cdn-Request-Time
X-Generated-In
X-GeoIP-City
X-Edge-Server
Cdn-Host
X-Lb-Id
X-Fetched-On
Is-Eu
X-Cache-Id
PFcat
X-Request-URI
X-ServiceProvider
X-Request-Start
X-Reboot
X-RateLimit-Remaining-Second
X-NWS-UUID-VERIFY
X-Variation
X-WebServer
X-VServer
Served-By
True-Client-Country-4JS
X-RateLimit-Limit-Second
X-Mode
X-Amz-Meta-Cache-Control
X-Platform-Server
X-Policy
Adler-Geo
X-PHP-Host
Platform
X-Owner
X-Geo
X-Nc
V-Age
X-LI-UUID
X-GDPR
X-Via-CDN
X-LI-Proto
Server-ID
X-Servername
X-Backend-State
Cache-Provider
Memory
X-Key
X-Say-Cacheable
Web-Mar-Node
X-Li-Fabric
X-SayCDN-TTL
X-Say-TTL
Resin-Trace
X-Li-Pop
X-Request-Time
X-DataStream-Cache-Status
X-SD-PageType
SD-X-WS
X-Ratelimit-Limit
X-Cache-URL
X-Org
X-Svr
X-Be
SS
X-ABtesting
X-Instart-Isnd
X-Hello
REQUESTUUID
X-Flog
X-FPC
X-Unique-ID
X-DC
X-Scheme
X-Servedbyhost
X-Ftr-Request-Id
X-Wa
X-IPS-LoggedIn
Country-Code
X-Processor
X-Response-By
X-Cache-Backend
X-Datadome
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-NodeID
Cache-Cookie-Set-From
X-Routing-Service
X-RateLimit-Reset
X-Zipkin-Id
Group
X-Proxied
X-Page-Type
X-Pjax-Url
Cache-Host
X-SN
X-CDN-Forward
X-Server-W
X-VCL-Version
UCS
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oracle-Dms-Rid
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
X-MP-GENERATED-AT
PICS-Label
X-Dynatrace-Js-Agent
X-Ms-Request-Id
X-HS-Status
X-Varnish-Beresp-Ttl
X-Ms-Version
X-SRV
Ajk
X-Via-Ucdn
X-Logtrace-Id
XServer
X-DataStream-MidMile-RTT
ProcessTime
X-Zone
X-DataStream-Origin-MEX-Latency
X-EC-Lua
X-Dynatrace
Powered-By-ChinaCache
X-Varnish-Beresp-Grace
Proxy-Firewall
X-COUNTRY
X-Varnish-Beresp-Status
X-URL
X-Source
X-GRACE
X-ZONE
Powered-By
X-HTML-Minification-Powered-By
X-Ftr-Cache-Host
Ttl
SN
X-Session-Fingerprint
CACHE
Lfy
X-Varnish-Beresp-TTL
X-Newrelic-Synthetics
X-Ratelimit-Remaining
X-APP
X-Agile-Id
X-Agile-Age
Geoip-City
X-Agile
X-Grey
Geoip-Latitude
X-Cache-Debug
X-Cache-Category-Id
GeoIp-Country-Code
X-Pf-Uncompressing
X-Sucuri-Id
X-TH-Server
GeoIP-Latitude
GeoIP-City
Dynatrace
GeoIP-Country-Code
X-PF-Uncompressing
X-Fastly-Country-Code
X-NODE
Fastly-Backend-Name
X-7Graus-Varnish-XKeys
X-Logging-Id
X-7Graus-Varnish-Cache-Control
X-Bc
X-Ftr-Balancer
X-LiteSpeed-Cache-Control
X-Ftr-Realm
X-Ftr-Dc
X-Ftr-Backend-Server
X-Ftr-Backend
X-Tt-Trace-Host
Cdn
X-Sedo-Request-Id
Pics-Label
X-Check-Cacheable
X-Aicache-OS
X-Cache-Miss-From
Environment
GW-Server
X-CSRF-Token
CF-Cached-On
MIME-Version
X-Edge
Amp-Access-Control-Allow-Source-Origin
M-TraceId
X-Vcl-Version
Cf-Ipcountry
X-Sucuri-ID
X-LAGOON
LB
X-Core-Value
WWW
X-Unique-Id
X-Cache-Tag
X-Mid
Requestid
X-RCS-CacheZone
X-UPSTREAM-Address
X-Secret
Ohc-Response-Time
X-Varnish-Url
X-Gannett-Site-Version
X-Fastly-Backend-Reqs
X-BC
X-Sucuri-Cache
DataCenter
X-MCACHE
WZWS-RAY
Cdnsip
X-Vdms-Version
X-PJAX-URL
Cdncip
X-AK-Request-ID
X-FORWARDED-FOR
X-Varnish-Ttl
X-NGINX-Cache
X-TT-LOGID
X-Fstrz
X-Litespeed-Cache-Control
X-Rocket-Build-Number
X-Sigma-Backend
X-Varnish-Cacheable
HostName
X-CDN-Cache
On-Server
X-Sigma
Lb
X-Swift-Error
X-DB
X-GeoIP-Country-Code
User-Agent
URI
Xkeyrz
X-Action
X-Planisys-CDN-Rules
X-Proxy-Cacherz
X-RPS
X-RPM
Pragrma
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-RSL
X-DW
X-Shopify-Generated-Cart-Token
X-BE
X-DI
X-DSS
X-Cache-Ttl
X-Akamai-SSL-Client-Sid
Inserted-Into-Cache-At
X-Fpc
X-ServedByHost
CDN
RequestUuid
X-Via-NSCOPI
Host-ID
X-Correlation-ID
Who
Warning
SID
X-Flow-Id
Get-Access-Time
Server-Id
X-Fastly-Cache-Hits
X-NU-AKA-ACS-Version
TTL
Xkeypdq
X-WA
X-Crawler
Is-Session-Tracking
X-Zalando-Child-Request-Id
X-Webapp-Samesite-None-Activated-N
X-Page-Impression-Id
X-WR-MODIFICATION
X-Refresh
X-Nananana
X-FE
X-SB
X-MID
X-ND-Cache
X-VC
Correlation-Id
X-Render-Time
X-ORACLE-APMCS-TAG
X-SaId
X-Upstream-Ct
X-ORACLE-APMCS-REQUEST-ID
X-Cf-Powered-By
X-Upstream-Ht
Processtime
X-Request-URL
X-Trafficlayer-App-Version
X-Amzn-Remapped-Date
FNAC-ModuleRouting
X-Amzn-Remapped-Connection
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-LiteSpeed-Tag
X-ECache
X-LB-ID
X-Dw-Trace-Id
RequestId
X-Gdpr
V-Cache
Cneonction
X-MiniProfiler-Ids
X-Gen-Id
HitType
X-Bug-Bounty
X-ServerName
X-Newrelic-App-Data
Xet-Cookie