Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Request-ID
X-Language
X-Iinfo
Status
X-Content-Security-Policy
Content-Encoding
X-AspNetMvc-Version
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
EagleId
X-Age
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Server
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Amz-Version-Id
Server-Timing
Feature-Policy
X-WebKit-CSP
X-Device
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
EagleEye-TraceId
X-Response-Time
X-Host
X-Backend-Server
X-Node
Request-Id
Content-Location
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
X-ORACLE-DMS-RID
NEL
X-Origin-Upstream-Status
X-DataDome
X-Rack-Cache
Surrogate-Control
X-Ruxit-JS-Agent
X-HW
Allow
Rating
X-Country-Code
X-FTR-Request-ID
X-Clacks-Overhead
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-TTL
X-Url
X-Instart-Request-ID
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-MS-InvokeApp
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
X-Varnish-TTL
X-Powered-By-Plesk
Verso
RTSS
Public-Key-Pins
Pinterest-Generated-By
X-CST
X-Px
Edge-Control
X-Mod-Pagespeed
X-Recruiting
X-VARITI-CCR
X-Sol
X-Middleton-Response
Response
Display
X-Middleton-Display
X-Ah-Environment
X-B3-TraceId
X-Exp-Id
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja
X-Exp-Variant
X-D2id
Service-Worker-Allowed
Accept-CH
SPRequestGuid
X-SharePointHealthScore
X-Vcap-Request-Id
X-Version
X-Akam-SW-Version
X-ESI
X-Server-Name
MS-Author-Via
TCN
X-GitHub-Request-Id
X-Abt-Application-Version
X-Navigation-Version
X-Powered-CMS
SPIisLatency
SPRequestDuration
Accept-Ch-Lifetime
X-Shard
X-RateLimit-Remaining
Charset
X-Upstream
AR-CACHE
Ar-Sid
Fastly-Restarts
AR-ATIME
AR-PoweredBy
X-Amz-Server-Side-Encryption
X-Trace
X-Forwarded-Proto
X-Amz-Rid
Realpath
X-Aspnetmvc-Version
Nginx-Cache
X-XRDS-Location
X-Debug
X-TEC-API-ROOT
X-SRCache-Fetch-Status
X-TEC-API-ORIGIN
X-SRCache-Store-Status
X-TEC-API-VERSION
X-Ezoic-Cdn
Front-End-Https
X-Cached
AR-Request-ID
X-NF-Request-ID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Mrf-Cache-Status
X-Shield-Request-Id
X-MSEdge-Ref
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Pagespeed
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-FTR-Expires
X-Country-Code-Real
X-FTR-Cache-Status
Paypal-Debug-Id
Content-MD5
X-VCache
MicrosoftSharePointTeamServices
X-Id
X-Goog-Storage-Class
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend
X-T
X-Amz-Meta-S3cmd-Attrs
ServerID
S
X-Fastly-Request-ID
X-Via-JSL
DynaTrace
X-Server-ID
X-Varnish-Age
X-Client-IP
X-Content-Type
X-Hits
X-Dw-Request-Base-Id
X-Ser
X-Vcache
X-DynaTrace-JS-Agent
X-SERVER
X-Amzn-Trace-Id
X-Accel-Expires
Fastcgi-Cache
Powered
X-Frontend
X-Content-Digest
X-FastCGI-Cache
X-Correlation-Id
X-N
X-FTR-Cache-Host
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-DIS-Request-ID
X-Grace
X-RateLimit-Limit
X-Forwarded-For
Server-Name
X-Logged-In
X-HS-Hub-Id
X-HS-Content-Id
Edge-Cache-Tag
AMP-Access-Control-Allow-Source-Origin
TP-L2-Cache
TP-Cache
X-B3-Sampled
X-Request-Handler-Origin-Region
X-Microsite
X-Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-Cache-Age
X-Kinsta-Cache
X-Type
X-Az
X-Activity-Id
X-AppVersion
X-Revision
X-Analytics
X-IPLB-Instance
X-User-Agent
Backend-Timing
X-Rid
X-LB-Cache
X-GUploader-UploadID
X-Pinterest-Rid
Pinterest-Version
Accept-Ch
FilterID
Healthy
X-Whom
Retry-After
X-Time
X-Node-Name
X-Cache-Hit
X-Srv
X-NWS-LOG-UUID
X-F-Cache
Server-Node
X-Cache-2
Accept-Charset
Alternate-Protocol
X-Kong-Proxy-Latency
X-B3-Traceid
X-Kong-Upstream-Latency
X-Cache-Rule
Cache-Status
X-Hp-Webp
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Erf-Bev-Bev-Is-Generated
X-Content-Options
X-Erf-Bev-Bev
Surrogate-Key
X-Akamai-Edgescape
Refresh
X-Content-Security-Policy-Report-Only
DC
Cache-Tag
X-AOL-HN
X-Forwarded-Host
X-Instance
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Debug-Info
Access-Control-Allow-Method
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Framework
X-PHP-Backend
X-Jobs
MS-CV
X-Cluster
X-Varnish-Grace
X-FW-Hash
X-FW-Serve
Tracecode
X-FW-Server
X-FB-Debug
Fastcgi-Useragent
X-Page-Id
X-FW-Static
X-App-Server
Source
X-App-Environment
X-Request-Guid
X-FW-Type
X-Esi
Frame-Options
X-B
X-Cache-Operation
X-Hostname
Actual-Object-TTL
X-Mobile-URL
Host
X-Cache-TTL
X-Acc-Meta-Resource-Type
X-TA-CDN-Provider
Cleartype
X-Seen-By
X-Geo-Country
X-Cache-Control
X-Signature
X-B-Cache
X-Cached-By
X-BCube-Filmed-By
X-Cache-Key
X-Host-Name
X-Amz-Replication-Status
Accept-CH-Lifetime
X-Git-Hash
X-TT
Upgrade-Insecure-Requests
X-Mobile
X-Varnish-Backend
X-Pad
X-Response-Served-From
NR-ENABLED
NGB
X-Adobe-Loc
X-Adobe-Content
X-WebKit-CSP-Report-Only
Liferay-Portal
X-TT-TIMESTAMP
WPE-Backend
Payment
Cache-Tv-Group
GEO-INFO
Eomportal-Instance
Filters
From-Origin
Ms-Operation-Id
X-RemovedCookies
X-Handled-By
X-ProcessESI
X-RTag
X-Status
X-Drupal-Cache-Tags
X-Tumblr-Pixel-2
Webserver
X-ATG-Version
X-Cache-Remote
X-TX-ID
X-Tumblr-Pixel-1
X-GeoIP
X-UA-Device-Type
X-Cacheable-TTL
X-RequestSource
X-FW-Dynamic
X-Cache-TTL-Remaining
X-WA-Info
X-Origin-Server
X-Daa-Tunnel
X-Webkit-CSP
X-EdgeConnect-Cache-Status
X-Content-Age
X-Cache-Action
Xserver
X-Edge-Location
X-Storage
Viewport
X-Hyper-Cache
X-Wix-Request-Id
Datacenter
X-Presslabs-Stats
X-Ratelimit-Reset
X-Contextid
X-PressLabs-Stats
Version
X-Region
X-CF-Powered-By
X-Accel-Buffering
X-Varnish-Hostname
PageSpeed
X-HS-Cache-Config
Ohc-File-Size
Cache
Host-Header
X-Akamai-Transformed
X-Cache-Var
X-Cache-NE
X-Path-Route
X-RN-RSRV
X-ES-SERVER
X-Varnish-Server
X-Cache-Var-Map
X-Element-Page-Cache
Load-Balancing
Meta-Geo
X-Cache-Server
S-Cnection
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-IP
Cache-Tags
Cache-Name
X-Upstream-Proxy
X-From
X-PERF
X-R9-Blue-Green-Version
X-NCache
Decoy-Debug-Key
X-Loop
Decoy-Debug-Status
Decoy-Debug-TTL
X-CS
Ec-Rule-Version
X-Section
X-Origin-Response-Time
X-TNCMS
Vix-Hermes-Req-Id
X-Cluster-Node
X-Proto
X-Proxy
X-ApacheServer
X-Cache-Config
X-Cache-Enabled
X-Akamai-Request-ID2
X-Akamai-Request-ID
Rt-Fastcgi-Cache
X-Tumblr-Pixel-3
X-Via-Fastly
X-Viewer-Country
Cache-Hits
X-Time-Microsecs
X-Access
X-NewRelic-App-Data
X-Ua
TWC-Locale-Group
X-Cache-Grace
TWC-Privacy
X-Backend-TTL
X-Cache-Time
TWC-GeoIP-Country
TWC-Connection-Speed
X-Drupal-Cache-Contexts
TWC-Device-Class
X-CCM
Webcakes-App-Name
TWC-GeoIP-LatLong
Webcakes-App-Version
Selected-Fe
X-Upgrade-Enabled
DB-Nickname
S-Rt
X-Varnish-Cache-Hits
Cache-Key
Azure-Version
Azure-InstanceId
Webcakes-Region
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Origin-Hint
Property-Id
Ohc-Cache-HIT
X-Proxy-Build
X-Www-Served-By
X-PCL
X-FC-Vary-Parameters
X-Web-Node
X-Rule
X-Trace-Id
X-Upstream-CT
X-Timing-Wait
X-Upstream-HT
X-Origin
X-Xfnlog-Site
Mn-Server-Ip
X-OCL
X-Human
X-Labrador-Cache-Channel
Country
X-Format
X-Hit
X-Generated
X-EIG-Tracking-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Backend-Name
X-Locale
X-JoinUs
X-Hosted-By
X-Cache-Host
X-Site-Version
X-Debug-Cache
X-UnsetCookies
X-FireWall-Port
Server-Info
Release
X-Device-Type
DSUID
X-Vgn-Hpd-Reason
X-FW-Version
Time
X-VCT
X-S
Now
X-Rendered-As
X-Varnish-Hits
X-OVcl-Cache
X-OVcl
X-Real-IP
Hostname
OT-Force-Account-Verify
X-Litespeed-Cache
Fastcgi-X-Cache-Version
X-NGENIX-Cache
X-Pubstack
Access-Control-Request-Headers
ServedBy
X-VG-TLSProxy
X-DataStream-Cache-Status
Origin-Edge-Control
Origin-Cache-Control
X-Redis-Cache
X-SS-Set-Cookie
L5d-Success-Class
Cteonnt-Length
Accept-Language
X-VG-WebCache
X-HS-Combine-CSS
NtCoent-Length
X-CSRF-TOKEN
Origin
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-FB-TRIP-ID
X-ShopId
X-Shopify-Stage
X-ShardId
Fastly-SSL
X-App-Version
X-APP-VERSION
SRV
Machine
X-Tb
X-GEO
X-Origin-TTL
X-CACHE-KEY
X-Parent-Response-Time
X-Origin-CC
X-Tt-Trace-Tag
X-Cluster-Name
X-UUID
X-Ttl
X-L-Path
X-No-Session
X-Environment-Context
X-URL
X-GoCache-CacheStatus
X-Load-Cache
X-NC
X-Rocket-Nginx-Bypass
IBM-Web2-Location
X-ECACHE
X-Nginx-Cache
Nel
X-B3-Spanid
X-ServerID
Mime-Version
X-Guploader-Uploadid
X-Soup
X-B3-Parentspanid
X-XRDS-LOCATION
NGX
X-Uri
Proxy-Connection
X-Is-Bot
X-Magnolia-Registration
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
X-Mode
X-Oneagent-Js-Injection
Akamai-GRN
ServerName
X-Developer
A
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-Edge-Server
X-Destination
Apple-News-Services-Host
X-Connection-Hash
Apple-News-Services-Parsed-Url
X-D
X-Date
X-Instart-Info
Apple-News-Services-Handled
X-Detected-As
X-PAYTM-SRV-ID
X-Twitter-Response-Tags
X-Trv-Group
X-Node-Id
X-VG-WebServer
X-Vtex-Processado-Em
Xc-Version
X-Worker
X-Vtex-Remote-Cache
X-Transaction
X-SRCache-Key
X-Rewrite-Enabled
X-Request-UUID
X-Region-Sid
X-Rojux
X-S-Cookie
X-Server-Time
X-ScT
X-CF-Lambda-Version
X-B-Cookie
Cdn-Request-Time
Content-Script-Type
Odigeo-Trace-Id
Rendered-Blocks
Rt-Proxy-Cache
Cdn-Host
T-Server
Node
Mobile-Detection-Method
GEO-REGION-INFO
Fly-Request-Id
Fly-Cache
MD5-Digest
Memcached
Content-Style-Type
Meta-Geo-Continent
Viewtype
Cache-Prefix
Arc-Country
AsisCache
X-AIR-PT
X-Application
X-ARC
Cross-Origin-Window-Policy
Apple-News-Services-Request-Url
X-Aed
BehaviorPad-Version
X-A-Ccd
X-A
VivaBuild
X-A-Dam
X-A-Dcw
X-Accel-Expires-Debug
X-A-Dgt
X-CF-Lambda-Fn
X-A-Wwc
X-Generated-By
X-MServer
Request-Time
X-B3-SpanId
X-Tec-Api-Origin
X-AWS-Id
Backend-Name
X-LJ-Flow-ID
X-Ruxit-Js-Agent
X-VWS-Id
X-Tec-Api-Root
X-Tec-Api-Version
X-Origin-Expires
X-Cache-Bucket
We-Hiring
X-Release
X-Fastly-Cache
Mail-Subject
IsBot
CF-IPCountry
Fastly-Soc-X-Request-Id
Locale
X-Cms-Context
Request-Country
X-Cdn-Srv
X-Developers
N-Cache
X-Origin-Date
X-S-Maxage
X-SIPLIST1
X-Up
X-Azure-Ref
X-Urbn-Site-Id
X-VC-Cache
X-Hl-Ver
X-Dc
Section-Io-Cache
X-Azure-Ref-OriginShield
X-Urbn-Context-Path
X-SVT-ORM-VERSION
Request-EU
X-SVT-ORM-RULES
X-Request-Time
X-Cdn-Forward
User-Cache-Control
W
X-Core-Mission
X-Distributor
X-Device-Os
X-Distil-CS
True-Client-Country-4JS
X-Backend-Url
Uber-Trace-Id
X-BBXSRF
X-App-Name
X-Auto-Login
X-Cdn-Origin
X-Cache-Info
X-C
X-Backend-Host
X-Bip
X-Block-Status
X-Clientip
X-Clara-WADP
X-Compress-Hint
X-Location
X-Sn-Servicetimems
X-Swa-Ws
X-Thanos
X-Skip-Cache
X-ServiceProvider
X-Reboot
X-Server-IP
X-Service
X-Thinkindot-L3
X-TrackingId
X-Wikidot-Static-Cache
X-CUA
X-Var-Ttl
X-Wikidot-Backend
X-We-Are-Hiring
X-VServer
X-WADP-Cache
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Geo-Header
X-Hnp-Log
X-IN-APIGATEWAY
X-Generation-Time
X-Generated-On
X-GDPR
X-Gen-Mode
X-IN-APIGATEWAYSSL
X-Level-Front-Cache
X-Policy
X-Qloud-Router
X-RateLimit-Limit-Second
X-Nginx-Cache-Key
X-Method
Thinkindot-Control
X-Matched-Rule
X-ElasticPress-Search
X-Rebelmouse-Surrogate-Control
Gh-Request-Id
Thinkindot-CacheControl-Type
Heartbleed
L
RNT-Machine
Pramga
Fastly-SWR
Fastly-SIE
CDCHOST
AKAMAI
Content-Disposition
Countrycode
Esi-Enabled
RNT-Time
Magicmarker
Server-Int
Thinkindot-CacheControl
X-Microcachable
X-Is-Gdpr
X-Via-CDN
X-Has-Esi
Server-ID
X-GeoIP-City
X-Variation
Web-Mar-Node
V-Age
X-Fetched-On
Kp-EeAlive
Is-Eu
Pagetype
HA-Ipaddr
Ha-Gx-Prefs
X-WebServer
X-Reqid
X-Webstats-RespID
X-Internal-Host
Adler-Geo
X-Org
X-Old-Content-Length
X-Say-Cacheable
Cache-Provider
X-Owner
X-Platform-Server
X-Request-Start
X-Request-URI
X-Say-TTL
X-MSEdge-Flight
X-Li-Pop
X-Li-Fabric
X-Servername
X-LI-Proto
X-LI-UUID
X-MSEdge-Features
X-SayCDN-TTL
X-JWT-State
X-PHP-Host
X-Epic-Correlation-Id
Served-By
X-Hash
Platform
X-Eu-Site
X-Cache-FS-Status
X-Dispatch
PFcat
X-Cache-Id
X-Irp-Debug
X-NX-Host
X-Amz-Meta-Cache-Control
X-ProxyCache-Key
X-ProxyCache-Status
X-Proxy-Upstream
X-User
X-Backend-State
X-Proxy-Cache-Status
X-Debug-Log
X-Generated-In
Wxu-Next-Region
Wxu-Next-Hostname
X-Debug-Cache-Expiry
Memory
X-CGP
X-BYPASS-REASON
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cookies
Wxu-Next-Commit
Server-Host
Srv
X-COUNTRY
SD-X-WS
X-ABtesting
Resin-Trace
X-SD-PageType
X-Key
X-Flog
X-Hello
X-Dispatcher-Server
X-UA
X-Unique-ID
X-Info
X-Nc
SS
X-Lb-Id
X-Wa
X-NWS-UUID-VERIFY
X-DataStream-MidMile-RTT
X-Trafficlayer-App-Name
X-DataStream-Origin-MEX-Latency
X-Trafficlayer-App-Scope
X-FPC
X-Response-By
X-Servedbyhost
REQUESTUUID
X-RateLimit-Reset
X-DC
X-Be
X-IPS-LoggedIn
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-Cache-URL
Country-Code
Cache-Cookie-Set-From
X-Svr
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Geo
X-Page-Type
X-Ratelimit-Limit
X-Instart-Isnd
X-Datadome
X-Dynatrace-Js-Agent
X-Scheme
UCS
X-Cache-Backend
X-Processor
X-GRACE
X-MP-GENERATED-AT
CACHE
X-Pjax-Url
X-NodeID
X-VCL-Version
XServer
X-SRV
Powered-By-ChinaCache
X-Logtrace-Id
X-SN
Ajk
Group
X-Oss-Storage-Class
X-Oracle-Dms-Rid
X-CDN-Forward
X-Varnish-Beresp-Ttl
Proxy-Firewall
Dynatrace
X-HTML-Minification-Powered-By
ProcessTime
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-Webkit-Csp
Cache-Host
SN
X-Ftr-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
Powered-By
X-ZONE
X-Server-W
PICS-Label
X-HS-Status
X-Dynatrace
X-Zone
X-Cache-Category-Id
X-Newrelic-Synthetics
X-Grey
X-Source
X-EC-Lua
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Ms-Request-Id
X-Ms-Version
Ttl
X-Via-Ucdn
X-PF-Uncompressing
Fastly-Backend-Name
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
X-APP
X-FORWARDED-FOR
X-TH-Server
X-Pf-Uncompressing
X-Varnish-Beresp-TTL
X-Sucuri-Id
X-LiteSpeed-Cache-Control
X-Session-Fingerprint
GeoIp-Country-Code
Lfy
Geoip-Latitude
Geoip-City
X-NODE
X-Agile-Id
X-Cache-Debug
X-Agile-Age
X-Agile
GW-Server
X-Ftr-Cache-Host
Cdn
MIME-Version
X-Check-Cacheable
X-Fastly-Country-Code
LB
Pics-Label
X-Tt-Trace-Host
X-LAGOON
X-Ratelimit-Remaining
Environment
X-Bc
X-RCS-CacheZone
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Url
CF-Cached-On
X-Aicache-OS
X-Secret
X-7Graus-Varnish-XKeys
X-Gannett-Site-Version
X-Edge
X-7Graus-Varnish-Cache-Control
X-Logging-Id
X-BC
M-TraceId
WWW
X-Cache-Miss-From
Cf-Ipcountry
WZWS-RAY
X-Sedo-Request-Id
X-Ftr-Backend-Server
X-Ftr-Dc
X-Ftr-Realm
X-Ftr-Backend
X-Ftr-Balancer
Requestid
X-Vcl-Version
X-Mid
On-Server
X-Varnish-Cacheable
Ohc-Response-Time
X-CDN-Cache
X-PJAX-URL
X-Correlation-ID
X-Akamai-SSL-Client-Sid
X-Core-Value
X-MCACHE
X-Varnish-Ttl
X-CSRF-Token
DataCenter
User-Agent
X-GeoIP-Country-Code
X-Cache-Ttl
X-Fastly-Backend-Reqs
X-UPSTREAM-Address
X-Cache-Tag
Cdnsip
X-AK-Request-ID
Inserted-Into-Cache-At
X-Litespeed-Cache-Control
Cdncip
X-Sucuri-ID
Lb
X-Unique-Id
CDN
X-TT-LOGID
X-DI
X-DB
X-NU-AKA-ACS-Version
X-Sucuri-Cache
X-Action
X-BE
X-Proxy-Cacherz
X-DW
X-RPS
X-RSL
X-Vdms-Version
Xkeyrz
SID
X-RPM
X-DSS
URI
X-NGINX-Cache
HostName
X-Rocket-Build-Number
RequestUuid
Host-ID
X-Sigma
X-Crawler
Who
X-Fstrz
X-Render-Time
X-Fpc
X-Sigma-Backend
X-Swift-Error
Is-Session-Tracking
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-Cache
Pragrma
Get-Access-Time
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Warning
X-Fastly-Cache-Hits
X-Flow-Id
Xkeypdq
X-ServedByHost
X-LB-ID
X-WR-MODIFICATION
X-Page-Impression-Id
X-WA
X-Zalando-Child-Request-Id
FNAC-ModuleRouting
X-Micro-Cache
X-TIME
X-FE
Server-Id
X-MID
X-SB
X-Refresh
Correlation-Id
X-VC
X-Nananana
X-Cdn-Request-ID
X-Via-NSCOPI
X-Cf-Powered-By
X-Via-SSL
X-Gen-Id
X-Served-From
X-Trafficlayer-App-Version
TTL
X-Gdpr
X-LiteSpeed-Tag
X-Via-Edge
RequestId
HitType
X-ECache
X-Bug-Bounty
X-ServerName
X-Newrelic-App-Data
Xet-Cookie
Processtime
X-Dw-Trace-Id
X-Request-URL
Cneonction
V-Cache
X-MiniProfiler-Ids
X-Fe