Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Request-ID
X-Language
X-Iinfo
Status
Content-Encoding
X-Content-Security-Policy
X-AspNetMvc-Version
X-Buckets
Xkey
X-Kinja-Server-Push
Upgrade
X-Via
X-Ua-Compatible
Access-Control-Expose-Headers
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
EagleId
X-Age
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Server
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
X-Amz-Version-Id
Feature-Policy
X-Server-Id
X-Device
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
EagleEye-TraceId
X-Response-Time
X-Host
Request-Id
X-Backend-Server
X-Node
Content-Location
X-Origin-Cache
X-Readtime
X-Vhost
X-Dns-Prefetch-Control
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
X-ORACLE-DMS-RID
NEL
X-DataDome
X-Origin-Upstream-Status
X-Rack-Cache
X-Ruxit-JS-Agent
Surrogate-Control
X-HW
Allow
Rating
X-Country-Code
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
X-FTR-Request-ID
X-Url
X-DynaTrace
X-Instart-Request-ID
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
X-MS-InvokeApp
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-TTL
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
RTSS
Public-Key-Pins
X-Px
Edge-Control
X-Mod-Pagespeed
X-Middleton-Response
Response
X-VARITI-CCR
X-Sol
Display
X-Middleton-Display
X-CST
X-Recruiting
X-Ah-Environment
X-B3-TraceId
X-D2id
X-Use-Magma
X-Kinja
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Revision
Service-Worker-Allowed
X-SharePointHealthScore
SPRequestGuid
X-ESI
X-Vcap-Request-Id
X-Akam-SW-Version
X-Version
X-Server-Name
SPIisLatency
SPRequestDuration
MS-Author-Via
Accept-CH
X-GitHub-Request-Id
TCN
X-Powered-CMS
X-Navigation-Version
X-Abt-Application-Version
Accept-Ch-Lifetime
X-Shard
Charset
X-Trace
X-RateLimit-Remaining
X-Upstream
Fastly-Restarts
AR-PoweredBy
X-Amz-Server-Side-Encryption
Ar-Sid
AR-ATIME
AR-CACHE
Nginx-Cache
Realpath
X-Amz-Rid
X-Aspnetmvc-Version
X-Debug
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-SRCache-Store-Status
X-XRDS-Location
X-Ezoic-Cdn
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Front-End-Https
X-Cached
X-NF-Request-ID
AR-Request-ID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Pagespeed
X-MSEdge-Ref
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Shield-Request-Id
X-Mrf-Section-Lastmod
MRF-Tech
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-VCache
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
Content-MD5
MicrosoftSharePointTeamServices
Paypal-Debug-Id
X-Id
X-T
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
S
ServerID
X-Fastly-Request-ID
X-Via-JSL
DynaTrace
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Backend
X-FTR-DC
X-Varnish-Age
X-Client-IP
X-Ser
X-Content-Type
X-Dw-Request-Base-Id
X-Hits
X-DynaTrace-JS-Agent
X-SERVER
X-Correlation-Id
X-Accel-Expires
X-Grace
X-Amzn-Trace-Id
Fastcgi-Cache
X-Content-Digest
Powered
X-Frontend
X-Forwarded-For
X-DIS-Request-ID
PB-RID
X-Mobile-Rewrite
Arc-Version
PB-PID
X-N
Edge-Cache-Tag
X-Vcache
Server-Name
X-Logged-In
X-HS-Content-Id
X-HS-Hub-Id
X-Fastcgi-Cache
X-FTR-Cache-Host
X-RateLimit-Limit
AMP-Access-Control-Allow-Source-Origin
Accept-Ch
X-FastCGI-Cache
X-Server-ID
TP-Cache
TP-L2-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Request-Processing-Time
X-Request-Received
X-B3-Sampled
X-Zen-Fury
Pinterest-Version
X-Pinterest-Rid
X-Cache-Age
X-Kinsta-Cache
X-Type
X-AppVersion
X-IPLB-Instance
X-Activity-Id
X-Time
X-Az
X-Revision
X-Rid
Backend-Timing
Healthy
X-Analytics
X-User-Agent
X-LB-Cache
X-GUploader-UploadID
X-Whom
Retry-After
FilterID
X-Cache-Hit
X-Srv
X-Node-Name
X-NWS-LOG-UUID
Server-Node
X-F-Cache
Alternate-Protocol
Accept-Charset
X-B3-Traceid
X-Cache-2
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Hp-Webp
X-Cache-Rule
Cache-Status
X-Content-Options
X-Akamai-Edgescape
X-Webkit-CSP
X-Amz-Apigw-Id
Surrogate-Key
X-Amzn-RequestId
Cache-Tag
X-Content-Security-Policy-Report-Only
Refresh
X-TA-CDN-Provider
DC
X-Instance
X-AOL-HN
X-Content-Powered-By
X-Tumblr-User
X-Tumblr-Pixel
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Access-Control-Allow-Method
X-Forwarded-Host
X-Tumblr-Pixel-0
Tracecode
X-Jobs
X-Framework
X-App-Environment
MS-CV
Source
X-Varnish-Grace
X-Debug-Info
X-Cluster
Fastcgi-Useragent
X-Request-Guid
X-PHP-Backend
X-Page-Id
X-FW-Hash
X-FB-Debug
X-FW-Serve
X-FW-Type
X-FW-Server
X-FW-Static
X-App-Server
Frame-Options
X-Cache-TTL
X-B
X-Cache-Operation
Host
Actual-Object-TTL
X-Mobile-URL
X-Cache-Key
X-Hostname
X-Seen-By
X-Geo-Country
Cleartype
X-Cache-Control
X-B-Cache
X-Signature
NR-ENABLED
X-Acc-Meta-Resource-Type
X-BCube-Filmed-By
X-Host-Name
X-Cached-By
X-Esi
X-Mobile
Upgrade-Insecure-Requests
Accept-CH-Lifetime
X-TT
X-Git-Hash
X-Amz-Replication-Status
X-Varnish-Backend
X-Pad
NGB
X-Response-Served-From
X-WebKit-CSP-Report-Only
GEO-INFO
X-Adobe-Loc
X-Adobe-Content
X-TT-TIMESTAMP
WPE-Backend
Webserver
Payment
Ms-Operation-Id
Filters
From-Origin
Eomportal-Instance
Cache-Tv-Group
X-GeoIP
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-UA-Device-Type
X-RTag
X-RequestSource
X-Handled-By
X-ProcessESI
X-RemovedCookies
X-Drupal-Cache-Tags
X-ATG-Version
X-Cache-Remote
Liferay-Portal
X-TX-ID
X-Status
X-Cacheable-TTL
X-Daa-Tunnel
X-EdgeConnect-Cache-Status
X-Origin-Server
X-Cache-TTL-Remaining
X-FW-Dynamic
X-WA-Info
X-Presslabs-Stats
X-Cache-Action
Xserver
X-Content-Age
X-Wix-Request-Id
X-Edge-Location
X-Hyper-Cache
X-Ttl
X-Storage
X-Contextid
Viewport
X-Ratelimit-Reset
Datacenter
X-HS-Cache-Config
X-Region
Version
X-CF-Powered-By
X-Element-Page-Cache
X-Varnish-Hostname
X-Accel-Buffering
Ohc-File-Size
Cache
X-PressLabs-Stats
PageSpeed
X-Oneagent-Js-Injection
X-Akamai-Transformed
X-Cache-NE
Host-Header
Load-Balancing
X-ES-SERVER
X-Cache-Var-Map
Meta-Geo
X-RN-RSRV
X-Path-Route
X-Cache-Var
X-Varnish-Server
X-Cache-Server
X-IP
S-Cnection
Cache-Tags
Cache-Name
Ohc-Cache-HIT
X-Proxy
X-Cache-Enabled
X-Akamai-Request-ID2
X-Proto
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Origin-Hint
Cache-Hits
X-NewRelic-App-Data
X-Origin-Response-Time
TWC-Connection-Speed
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
Vix-Hermes-Req-Id
TWC-Locale-Group
X-Device-Type
TWC-Device-Class
X-CS
Webcakes-Region
TWC-GeoIP-Country
Release
X-Varnish-Cache-Hits
Decoy-Debug-TTL
Ec-Rule-Version
X-Tumblr-Pixel-3
X-R9-Blue-Green-Version
Decoy-Debug-Status
X-PERF
X-Viewer-Country
X-Via-Fastly
Decoy-Debug-Key
Mn-Server-Ip
Country
X-Cluster-Node
Rt-Fastcgi-Cache
X-Access
X-Section
X-NCache
TWC-GeoIP-LatLong
Property-Id
X-Time-Microsecs
X-ApacheServer
X-Akamai-Request-ID
DB-Nickname
DSUID
Selected-Fe
X-FC-Vary-Parameters
X-Upgrade-Enabled
X-Upstream-CT
X-UnsetCookies
X-Cache-Time
X-Cache-Grace
X-Cache-Host
X-Upstream-HT
X-Proxy-Build
X-Xfnlog-Site
X-Origin
X-Www-Served-By
Cache-Key
X-VCT
X-PCL
X-Trace-Id
X-Cache-Config
X-OCL
X-Format
X-CCM
X-EIG-Tracking-Id
X-Debug-Cache
X-Drupal-Cache-Contexts
X-From
X-Human
X-Backend-TTL
X-TNCMS
X-Timing-Wait
X-Backend-Name
X-Labrador-Cache-Channel
X-Loop
X-Rule
S-Rt
Azure-Version
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
X-Site-Version
X-JoinUs
X-Hit
X-Hosted-By
X-Generated
X-Locale
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Web-Node
X-Vgn-Hpd-Reason
X-Upstream-Proxy
Server-Info
X-Ua
X-FireWall-Port
Time
X-Rendered-As
X-FW-Version
X-S
X-Varnish-Hits
X-OVcl-Cache
X-OVcl
Now
X-NGENIX-Cache
X-HS-Combine-CSS
X-Real-IP
Hostname
X-Litespeed-Cache
L5d-Success-Class
OT-Force-Account-Verify
X-Pubstack
X-SS-Set-Cookie
Fastcgi-X-Cache-Version
Origin-Cache-Control
Origin-Edge-Control
X-Redis-Cache
Access-Control-Request-Headers
ServedBy
X-XRDS-LOCATION
X-VG-TLSProxy
X-FB-TRIP-ID
Cteonnt-Length
Accept-Language
Origin
X-Webkit-Csp
Fastly-SSL
X-VG-WebCache
X-APP-VERSION
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-Alternate-Cache-Key
X-App-Version
X-ShardId
NtCoent-Length
X-Tec-Api-Origin
X-Parent-Response-Time
X-Tec-Api-Root
X-Tec-Api-Version
X-UUID
Machine
X-Cluster-Name
X-Origin-CC
X-Origin-TTL
X-Tb
X-Tt-Trace-Tag
X-ServerID
X-Load-Cache
X-CSRF-TOKEN
X-GoCache-CacheStatus
X-NC
X-Soup
X-Rocket-Nginx-Bypass
SRV
X-Environment-Context
IBM-Web2-Location
X-No-Session
X-ECACHE
X-L-Path
Nel
NGX
Mime-Version
X-B3-Spanid
X-Guploader-Uploadid
X-B3-Parentspanid
X-DataStream-Cache-Status
X-CACHE-KEY
X-GEO
X-Is-Bot
X-Nginx-Cache
X-Uri
Proxy-Connection
X-MServer
X-Endurance-Cache-Level
X-Magnolia-Registration
Cache-Prefix
X-A-Dam
Content-Script-Type
X-A-Ccd
Content-Style-Type
Cross-Origin-Window-Policy
BehaviorPad-Version
A
X-A-Dcw
X-A-Wwc
Apple-News-Services-Request-Url
Arc-Country
X-A-Dgt
Apple-News-Services-Parsed-Url
X-A
Apple-News-Services-Host
Apple-News-Services-Handled
Rt-Proxy-Cache
Rendered-Blocks
Odigeo-Trace-Id
Node
VivaBuild
X-Node-Id
T-Server
Viewtype
Mobile-Detection-Method
Meta-Geo-Continent
Fly-Request-Id
ServerName
Request-Time
GEO-REGION-INFO
Memcached
MD5-Digest
Fly-Cache
X-CF-Lambda-Fn
X-S-Cookie
X-Rojux
X-ScT
X-Server-Time
X-B3-SpanId
X-Rewrite-Enabled
X-Request-UUID
X-G
X-Hl-Ver
X-Instart-Info
X-PAYTM-SRV-ID
X-SRCache-Key
X-Transaction
Mail-Subject
X-Worker
Xc-Version
Akamai-GRN
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
We-Hiring
X-Trv-Group
X-Twitter-Response-Tags
X-VG-WebServer
X-External-Request-Id
X-Region-Sid
X-D
AsisCache
X-Destination
X-Connection-Hash
X-B-Cookie
X-CF-Lambda-Version
X-DPWN-IS-SECURE
X-Detected-As
X-Date
X-ARC
X-Ruxit-Js-Agent
X-Accel-Expires-Debug
X-Aed
X-Developer
X-AIR-PT
X-Application
X-Generated-By
X-VWS-Id
X-Amzn-Remapped-Content-Length
X-LJ-Flow-ID
X-AWS-Id
X-Cache-Bucket
X-Cdn-Srv
X-Urbn-Context-Path
X-Azure-Ref-OriginShield
X-VC-Cache
X-Var-Ttl
X-Urbn-Site-Id
Fastly-Soc-X-Request-Id
Locale
X-Origin-Date
X-Origin-Expires
X-Release
Request-Country
X-Developers
X-Fastly-Cache
Request-EU
Section-Io-Cache
N-Cache
IsBot
X-SVT-ORM-RULES
X-SIPLIST1
X-Cms-Context
X-S-Maxage
X-CUA
X-SVT-ORM-VERSION
X-Azure-Ref
X-Mode
CF-IPCountry
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Cdn-Forward
User-Cache-Control
X-Dc
Backend-Name
X-Skip-Cache
X-Cdn-Origin
X-Sn-Servicetimems
X-Swa-Ws
X-Cache-Info
X-ServiceProvider
X-Clara-WADP
X-Debug-Cache-Expiry
X-Service
X-C
X-Debug-Cache-Fetch
X-Core-Mission
X-CGP
X-Bip
Wxu-Next-Region
X-Up
X-TrackingId
Wxu-Next-Hostname
Wxu-Next-Commit
W
X-User
X-App-Name
X-Thinkindot-L3
X-BBXSRF
X-Debug-Cache-Store
X-Block-Status
X-Backend-Url
X-Backend-Host
X-Auto-Login
X-Proxy-Cache-Status
X-BYPASS-REASON
X-Debug-Cookies
X-Method
X-Nginx-Cache-Key
X-Reqid
X-Matched-Rule
X-Location
X-IN-APIGATEWAYSSL
X-Irp-Debug
X-Level-Front-Cache
X-NX-Host
X-Reboot
X-ProxyCache-Key
X-Proxy-Upstream
X-Policy
X-ProxyCache-Status
AKAMAI
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Qloud-Router
X-IN-APIGATEWAY
X-Hnp-Log
X-Distributor
X-Server-IP
X-Edge-Server
X-Distil-CS
X-Dispatch
X-Debug-Log
X-UA
X-Device-Os
X-ElasticPress-Search
X-Eu-Site
X-Generation-Time
X-Geo-Header
X-Hash
X-Generated-On
X-Generated-In
Srv
X-Gen-Mode
True-Client-Country-4JS
X-Thanos
Pagetype
X-Wikidot-Backend
X-Wikidot-Static-Cache
Magicmarker
X-Webstats-RespID
Pramga
RNT-Time
RNT-Machine
X-WADP-Cache
CDCHOST
Kp-EeAlive
X-Compress-Hint
Esi-Enabled
Cdn-Request-Time
Cdn-Host
Gh-Request-Id
Ha-Gx-Prefs
Thinkindot-Control
Heartbleed
HA-Ipaddr
X-VServer
L
Server-Host
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Int
Served-By
X-Microcachable
X-Is-Gdpr
X-Li-Fabric
Cache-Provider
X-GeoIP-City
X-Key
Memory
X-LI-Proto
X-Request-URI
X-Li-Pop
X-LI-UUID
X-Has-Esi
X-Dispatcher-Server
X-Say-Cacheable
Fastly-SWR
X-SayCDN-TTL
X-Say-TTL
X-GDPR
X-Fetched-On
V-Age
X-JWT-State
X-PHP-Host
Web-Mar-Node
X-Epic-Correlation-Id
Fastly-SIE
X-Owner
X-Info
X-We-Are-Hiring
X-MSEdge-Features
X-Cache-FS-Status
X-Backend-State
X-Clientip
X-MSEdge-Flight
X-Old-Content-Length
Content-Disposition
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Cache-Id
X-Request-Start
X-Request-Time
X-Amz-Meta-Cache-Control
X-WebServer
PFcat
Countrycode
Uber-Trace-Id
X-Via-CDN
X-SD-PageType
X-Org
SD-X-WS
X-COUNTRY
X-Platform-Server
Is-Eu
Platform
Server-ID
X-Servername
X-Variation
X-NWS-UUID-VERIFY
X-Lb-Id
X-Internal-Host
Adler-Geo
Resin-Trace
X-Geo
SS
X-Nc
X-Flog
X-ABtesting
X-URL
X-Hello
X-Ftr-Request-Id
X-Unique-ID
X-Be
X-Svr
X-Wa
X-FPC
REQUESTUUID
X-Cache-URL
X-DC
X-IPS-LoggedIn
X-Ratelimit-Limit
X-RateLimit-Reset
X-Instart-Isnd
X-Servedbyhost
Country-Code
X-Response-By
X-Zipkin-Id
X-Routing-Service
Cache-Cookie-Set-From
X-Scheme
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Proxied
X-Datadome
X-Dynatrace-Js-Agent
X-Cache-Backend
X-Page-Type
X-NodeID
X-Processor
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Pjax-Url
X-VCL-Version
UCS
Group
XServer
X-SN
X-MP-GENERATED-AT
X-Varnish-Beresp-Ttl
X-CDN-Forward
ProcessTime
Powered-By-ChinaCache
X-Server-W
CACHE
Cache-Host
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Logtrace-Id
Ajk
X-Oracle-Dms-Rid
X-Oss-Object-Type
Dynatrace
X-Oss-Request-Id
X-Oss-Server-Time
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-HS-Status
PICS-Label
X-SRV
Proxy-Firewall
X-ZONE
X-Zone
X-HTML-Minification-Powered-By
X-Dynatrace
X-Ms-Version
X-Ms-Request-Id
SN
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Ucdn
Powered-By
X-Source
X-EC-Lua
X-Ftr-Cache-Host
X-Newrelic-Synthetics
X-GRACE
GeoIp-Country-Code
X-Pf-Uncompressing
X-Cache-Category-Id
Ttl
Geoip-Latitude
X-Grey
Geoip-City
X-Ratelimit-Remaining
X-Session-Fingerprint
X-APP
Lfy
X-TH-Server
X-Sucuri-Id
X-Varnish-Beresp-TTL
GeoIP-City
GeoIP-Country-Code
X-Agile-Id
Fastly-Backend-Name
GeoIP-Latitude
X-Agile-Age
X-Agile
X-PF-Uncompressing
X-Cache-Debug
X-Ftr-Dc
X-LiteSpeed-Cache-Control
X-Ftr-Backend
X-Ftr-Balancer
X-Ftr-Realm
X-Ftr-Backend-Server
X-NODE
X-Fastly-Country-Code
MIME-Version
X-Bc
X-Check-Cacheable
Environment
Cdn
X-Logging-Id
GW-Server
Pics-Label
X-Tt-Trace-Host
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
LB
X-Aicache-OS
X-Cache-Miss-From
X-Sedo-Request-Id
X-7Graus-Varnish-Cache-Control
X-LAGOON
X-7Graus-Varnish-XKeys
CF-Cached-On
X-Edge
X-CSRF-Token
X-RCS-CacheZone
X-Secret
X-Gannett-Site-Version
X-BC
WWW
Cf-Ipcountry
M-TraceId
X-Varnish-Url
Requestid
X-Core-Value
X-Mid
X-PJAX-URL
Ohc-Response-Time
X-Vcl-Version
WZWS-RAY
X-Sucuri-ID
X-Unique-Id
X-Varnish-Ttl
X-CDN-Cache
X-Cache-Tag
X-AK-Request-ID
X-UPSTREAM-Address
Cdncip
X-Varnish-Cacheable
Cdnsip
X-MCACHE
DataCenter
X-Fastly-Backend-Reqs
On-Server
User-Agent
X-Akamai-SSL-Client-Sid
X-GeoIP-Country-Code
X-Vdms-Version
X-Litespeed-Cache-Control
X-Sucuri-Cache
X-TT-LOGID
X-NGINX-Cache
Lb
X-Swift-Error
X-Cache-Ttl
X-Fstrz
X-BE
CDN
URI
Xkeyrz
X-DI
X-DW
X-RPM
X-RSL
X-RPS
X-DB
X-DSS
X-Rocket-Build-Number
X-Proxy-Cacherz
X-Sigma-Backend
Inserted-Into-Cache-At
X-Sigma
X-Action
HostName
X-Planisys-CDN-TTL
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-Rules
Pragrma
RequestUuid
X-Planisys-CDN-Cache
Host-ID
X-Crawler
SID
X-WA
X-NU-AKA-ACS-Version
Who
X-Correlation-ID
X-ServedByHost
X-Via-NSCOPI
Xkeypdq
Get-Access-Time
Warning
X-Render-Time
X-Fastly-Cache-Hits
Server-Id
Is-Session-Tracking
X-WR-MODIFICATION
X-Fpc
X-Zalando-Child-Request-Id
X-Flow-Id
X-Page-Impression-Id
X-ServerName
X-MID
X-LB-ID
X-Refresh
Correlation-Id
X-FE
TTL
X-VC
X-SB
FNAC-ModuleRouting
X-Nananana
X-Cf-Powered-By
X-Dw-Trace-Id
X-Gdpr
X-Micro-Cache
X-Amzn-Remapped-Date
X-LiteSpeed-Tag
X-Akamai-ERRuleID
X-Amzn-Remapped-Connection
X-Trafficlayer-App-Version
X-Akamai-ERPolicy
Cneonction
X-Newrelic-App-Data
Xet-Cookie
X-MiniProfiler-Ids
Processtime
X-ECache
HitType
X-Request-URL
RequestId
X-Gen-Id
X-Fe
X-Cdn-Request-ID
X-Bug-Bounty
V-Cache