Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Xss-Protection
X-Permitted-Cross-Domain-Policies
X-Cache-Status
Timing-Allow-Origin
X-Template
X-DNS-Prefetch-Control
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-CDN
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-Cdn
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
X-Backend-Server
Content-Location
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
Allow
X-Origin-Upstream-Status
X-Rack-Cache
X-Ruxit-JS-Agent
X-Country
X-HW
X-Url
Rating
X-ORACLE-DMS-RID
X-Country-Code
X-DataDome
X-FTR-Request-ID
X-Clacks-Overhead
X-TTL
X-DynaTrace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Fusion-Template-Id
Fusion-Component-Id
X-Instart-Request-ID
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
X-Goog-Hash
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
X-MS-InvokeApp
X-CST
X-Px
Verso
RTSS
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
X-Ah-Environment
Pinterest-Generated-By
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-D2id
X-Kinja-Build
X-Kinja-Revision
X-Cdn-Fetch
X-Use-Magma
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Display
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
Accept-Ch-Lifetime
X-Akam-SW-Version
MS-Author-Via
Accept-CH
X-RateLimit-Remaining
TCN
X-GitHub-Request-Id
X-Navigation-Version
X-Abt-Application-Version
X-Powered-CMS
X-Upstream
X-B3-TraceId
X-Shard
X-Forwarded-Proto
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Amz-Server-Side-Encryption
AR-CACHE
SPIisLatency
Charset
AR-PoweredBy
SPRequestDuration
Ar-Sid
AR-ATIME
X-XRDS-Location
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Fastly-Restarts
X-ESI
X-Amz-Rid
X-Aspnetmvc-Version
Realpath
Nginx-Cache
X-Trace
X-Debug
X-Server-Name
Front-End-Https
AR-Request-ID
X-Shield-Request-Id
X-Cached
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Ezoic-Cdn
MRF-Tech
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-MSEdge-Ref
Access-Control-Request-Method
Paypal-Debug-Id
X-NF-Request-ID
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
Arr-Disable-Session-Affinity
Pagespeed
ServerID
Content-MD5
X-Id
DynaTrace
X-FTR-Balancer
X-FTR-Backend
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Realm
X-Goog-Storage-Class
S
MicrosoftSharePointTeamServices
X-T
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Client-IP
X-Via-JSL
X-VCache
X-Content-Type
X-DynaTrace-JS-Agent
X-Vcache
X-Varnish-Age
X-Dw-Request-Base-Id
X-Hits
X-Amzn-Trace-Id
X-B3-Traceid
X-RateLimit-Limit
X-SERVER
X-N
X-Grace
X-Correlation-Id
X-Forwarded-For
Fastcgi-Cache
X-Frontend
X-FTR-Cache-Host
X-FastCGI-Cache
X-Content-Digest
Powered
PB-RID
Arc-Version
X-Mobile-Rewrite
PB-PID
X-Accel-Expires
Server-Name
X-DIS-Request-ID
X-Ser
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
Accept-Ch
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Content-Id
X-Microsite
X-Zen-Fury
TP-Cache
TP-L2-Cache
X-Request-Handler-Origin-Region
X-Fastcgi-Cache
X-Cache-Age
X-Request-Processing-Time
X-Kinsta-Cache
X-Request-Received
X-LB-Cache
X-Esi
X-Type
FilterID
X-Rid
X-User-Agent
X-Az
Backend-Timing
X-AppVersion
X-Analytics
X-Activity-Id
X-IPLB-Instance
X-Revision
Healthy
Edge-Cache-Tag
X-Node-Name
X-F-Cache
X-Whom
Retry-After
X-Time
X-Srv
X-Acc-Meta-Resource-Type
X-NWS-LOG-UUID
X-Cache-2
X-Kong-Upstream-Latency
Accept-Charset
X-Kong-Proxy-Latency
X-Amzn-RequestId
X-Amz-Apigw-Id
Alternate-Protocol
X-Cache-Hit
X-Pinterest-Rid
Pinterest-Version
X-Cache-Rule
X-AOL-HN
Cache-Status
Server-Node
X-Content-Options
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Surrogate-Key
X-Jobs
X-Forwarded-Host
X-Akamai-Edgescape
Access-Control-Allow-Method
Refresh
X-Cluster
X-Content-Powered-By
X-Content-Security-Policy-Report-Only
DC
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FB-Debug
X-FW-Type
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Page-Id
X-Debug-Info
X-FW-Server
X-Framework
X-Varnish-Grace
Source
X-PHP-Backend
X-Request-Guid
X-B
X-App-Environment
X-Hp-Webp
MS-CV
X-Hostname
Fastcgi-Useragent
X-App-Server
X-Erf-Bev-Bev
Frame-Options
X-Erf-Bev-Bev-Is-Generated
Cleartype
Host
X-B-Cache
X-Signature
X-Cache-Key
Tracecode
Cache-Tag
X-TA-CDN-Provider
Actual-Object-TTL
X-Cache-Operation
X-BCube-Filmed-By
X-Mobile-URL
X-Cached-By
X-Geo-Country
X-Varnish-Backend
X-Cache-Control
X-Amz-Replication-Status
X-DataStream-Cache-Status
X-Ratelimit-Reset
X-TT
Liferay-Portal
X-Seen-By
X-Pad
X-PressLabs-Stats
X-Mobile
X-Host-Name
Xserver
NGB
X-Response-Served-From
X-Adobe-Loc
X-Adobe-Content
X-ATG-Version
X-Git-Hash
Payment
X-WebKit-CSP-Report-Only
Eomportal-Instance
X-WA-Info
Upgrade-Insecure-Requests
X-Status
Webserver
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
WPE-Backend
X-FW-Dynamic
Filters
X-Tumblr-Pixel-1
Cache-Tv-Group
X-ProcessESI
X-RemovedCookies
Ms-Operation-Id
From-Origin
X-Cacheable-TTL
X-Handled-By
X-TX-ID
X-RTag
X-Drupal-Cache-Tags
X-GeoIP
X-UA-Device-Type
X-RequestSource
X-Cache-TTL-Remaining
X-Content-Age
GEO-INFO
X-Daa-Tunnel
X-Cache-Remote
X-Cache-TTL
X-Webkit-CSP
X-Edge-Location
X-Upstream-Proxy
Viewport
X-Storage
Accept-CH-Lifetime
X-Cache-Action
Datacenter
X-Accel-Buffering
X-Origin-Server
X-Varnish-Hostname
Cache
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
X-Ua
X-Contextid
X-CF-Powered-By
X-Region
Host-Header
X-Oracle-Dms-Rid
PageSpeed
X-Wix-Request-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
SRV
NR-ENABLED
X-Varnish-Server
X-Akamai-Transformed
X-Cache-Var-Map
X-ES-SERVER
X-RN-RSRV
X-Cache-Var
Meta-Geo
X-Path-Route
Load-Balancing
Selected-Fe
X-From
S-Cnection
X-JoinUs
X-IP
X-Timing-Wait
X-Proxy-Build
X-Akamai-Request-ID2
X-Proxy
X-Goog-Meta-Goog-Reserved-File-Mtime
Cache-Name
X-Cache-Config
X-Generated
X-Proto
X-TNCMS
Cache-Tags
Vix-Hermes-Req-Id
X-CS
Now
X-Loop
X-Backend-Name
X-Viewer-Country
Decoy-Debug-TTL
X-Labrador-Cache-Channel
X-NCache
Decoy-Debug-Status
X-Cluster-Node
X-Access
X-Origin-Response-Time
X-Akamai-Request-ID
X-Tumblr-Pixel-3
X-Section
Cache-Hits
X-Time-Microsecs
X-ApacheServer
DB-Nickname
X-PERF
X-Origin
Ec-Rule-Version
X-FC-Vary-Parameters
X-Via-Fastly
X-Rule
X-Upgrade-Enabled
X-Hit
X-Cache-Enabled
Decoy-Debug-Key
Rt-Fastcgi-Cache
Webcakes-App-Name
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Webcakes-App-Version
Webcakes-Region
X-CCM
X-Cache-Host
X-Cache-Grace
X-Backend-TTL
Azure-SlotName
Azure-Version
TWC-Device-Class
TWC-Connection-Speed
S-Rt
Property-Id
TWC-GeoIP-Country
Country
TWC-Privacy
Cache-Key
TWC-Locale-Group
TWC-GeoIP-LatLong
Mn-Server-Ip
X-EIG-Tracking-Id
X-UnsetCookies
X-Trace-Id
X-PCL
X-Upstream-CT
X-Upstream-HT
X-Xfnlog-Site
X-Web-Node
X-Varnish-Cache-Hits
X-Origin-Hint
X-R9-Blue-Green-Version
X-FW-Version
X-Format
X-FireWall-Port
X-OCL
X-Hosted-By
X-Www-Served-By
X-Debug-Cache
X-Cache-Time
X-Device-Type
X-Varnish-Hits
X-Locale
X-Site-Version
X-S
X-Human
X-Drupal-Cache-Contexts
Ohc-File-Size
OT-Force-Account-Verify
X-Cache-Server
Server-Info
DSUID
X-Cache-NE
X-Rendered-As
Release
Time
X-NewRelic-App-Data
X-Presslabs-Stats
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
ServedBy
X-Vgn-Hpd-Reason
Hostname
X-VG-TLSProxy
X-Alternate-Cache-Key
X-VG-WebCache
X-Sorting-Hat-ShopId
X-ShardId
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-APP-VERSION
Ohc-Cache-HIT
X-VCT
X-FB-TRIP-ID
Fastcgi-X-Cache-Version
X-Redis-Cache
Accept-Language
X-Server-ID
X-OVcl-Cache
X-Real-IP
X-OVcl
Machine
X-Tb
Cteonnt-Length
X-Mode
X-Nginx-Cache
X-HS-Cache-Config
Origin
Origin-Cache-Control
X-B3-Spanid
Origin-Edge-Control
X-Pubstack
NtCoent-Length
Access-Control-Request-Headers
L5d-Success-Class
X-CSRF-TOKEN
X-No-Session
X-L-Path
X-GEO
X-Environment-Context
X-NC
X-Cluster-Name
X-Request-Time
X-Tt-Trace-Tag
Odigeo-Trace-Id
X-Magnolia-Registration
X-Generated-By
X-Load-Cache
Fastly-SSL
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-App-Version
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
X-Endurance-Cache-Level
X-NGENIX-Cache
Nel
X-UUID
Mime-Version
Akamai-GRN
We-Hiring
X-B3-Parentspanid
Mail-Subject
X-DC
X-XRDS-LOCATION
X-Rocket-Nginx-Bypass
X-GoCache-CacheStatus
X-Parent-Response-Time
X-SS-Set-Cookie
X-ServerID
X-CACHE-KEY
X-ECACHE
Request-Time
X-Element-Page-Cache
X-Oneagent-Js-Injection
X-MServer
X-Org
X-Origin-Expires
X-Edge-Server
X-External-Request-Id
Proxy-Connection
X-DPWN-IS-SECURE
X-Node-Id
X-Origin-Date
Content-Script-Type
Rt-Proxy-Cache
Rendered-Blocks
T-Server
Viewtype
VivaBuild
Node
Mobile-Detection-Method
MD5-Digest
X-CF-Lambda-Fn
Memcached
Meta-Geo-Continent
X-G
X-A
X-A-Dcw
X-Aed
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dam
X-AIR-PT
X-A-Ccd
X-B-Cookie
X-ARC
X-Application
X-Instart-Info
X-Is-Bot
Arc-Country
Apple-News-Services-Request-Url
AsisCache
BehaviorPad-Version
Cache-Prefix
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Soup
A
X-Detected-As
Apple-News-Services-Handled
X-Destination
Cdn-Host
Fly-Request-Id
GEO-REGION-INFO
X-Connection-Hash
X-CF-Lambda-Version
Fly-Cache
Cross-Origin-Window-Policy
X-Date
Cdn-Request-Time
Content-Style-Type
X-D
X-Developer
X-PAYTM-SRV-ID
X-Vtex-Remote-Cache
X-Rewrite-Enabled
X-Vtex-Processado-Em
X-Twitter-Response-Tags
X-VG-WebServer
X-Region-Sid
X-Urbn-Context-Path
X-Request-UUID
X-Origin-CC
Locale
X-Urbn-Site-Id
X-S-Maxage
X-S-Cookie
Xc-Version
X-Transaction
X-ScT
X-Server-Time
X-Rojux
X-SRCache-Key
X-Worker
X-Origin-TTL
X-Trv-Group
NGX
X-Zipkin-Id
CF-IPCountry
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxied
ServerName
Backend-Name
X-BYPASS-REASON
X-Routing-Service
Uber-Trace-Id
X-Bip
X-Azure-Ref-OriginShield
Countrycode
X-Auto-Login
X-Azure-Ref
X-SIPLIST1
X-SVT-ORM-VERSION
X-IN-APIGATEWAY
X-TrackingId
N-Cache
X-Hl-Ver
Request-Country
Server-ID
Request-EU
X-Thanos
X-Up
X-HS-Combine-CSS
Gh-Request-Id
X-SVT-ORM-RULES
Section-Io-Cache
X-VC-Cache
X-IN-APIGATEWAYSSL
IsBot
Fastly-Soc-X-Request-Id
X-Cache-Bucket
X-Request-Start
X-Core-Mission
X-Cms-Context
X-Clientip
X-Via-CDN
X-Release
X-Fastly-Cache
X-Distributor
X-Distil-CS
X-Developers
X-Cdn-Srv
X-WebServer
User-Cache-Control
X-ElasticPress-Search
V-Age
X-Block-Status
X-Geo-Header
X-Wikidot-Static-Cache
X-Wikidot-Backend
W
X-Generation-Time
X-Cache-Id
X-Unique-ID
X-Debug-Log
X-Device-Os
X-C
X-GeoIP-City
Server-Int
X-Epic-Correlation-Id
X-Eu-Site
X-Cache-FS-Status
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
X-GDPR
X-Fetched-On
True-Client-Country-4JS
X-Cache-Info
X-Generated-In
X-App-Name
X-Generated-On
X-BBXSRF
X-Amz-Meta-Cache-Control
X-Compress-Hint
X-Backend-Url
X-WADP-Cache
X-CGP
X-Clara-WADP
X-Backend-Host
X-Flog
X-VServer
X-Debug-Cache-Store
X-Variation
X-Gen-Mode
X-Cdn-Origin
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-CUA
X-We-Are-Hiring
X-ABtesting
X-B3-SpanId
X-Debug-Cookies
X-Hnp-Log
X-LI-Proto
AKAMAI
CDCHOST
Adler-Geo
X-LI-UUID
X-Matched-Rule
X-Location
X-Li-Pop
Content-Disposition
Fastly-SWR
X-Skip-Cache
Fastly-SIE
X-Level-Front-Cache
X-ServiceProvider
Esi-Enabled
X-Uri
X-Method
X-Owner
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Proxy-Cache-Status
X-PHP-Host
X-Rebelmouse-Surrogate-Control
X-Reboot
X-MSEdge-Flight
X-MSEdge-Features
X-Nginx-Cache-Key
X-NX-Host
X-Request-URI
X-Old-Content-Length
X-Sn-Servicetimems
X-Li-Fabric
Platform
X-Hello
X-Guploader-Uploadid
X-Platform-Server
L
X-Thinkindot-L3
PFcat
Magicmarker
Is-Eu
X-Hash
HA-Ipaddr
RNT-Time
RNT-Machine
X-Irp-Debug
Ha-Gx-Prefs
X-Microcachable
Server-Host
X-Policy
Pagetype
X-Response-By
Pramga
X-Dispatch
X-Dispatcher-Server
SS
Web-Mar-Node
X-Qloud-Router
X-Reqid
X-Webstats-RespID
SD-X-WS
Wxu-Next-Commit
Kp-EeAlive
X-User
X-Server-IP
X-Swa-Ws
X-Servername
Served-By
X-Internal-Host
Country-Code
Heartbleed
X-Backend-State
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Say-Cacheable
Wxu-Next-Hostname
X-Key
Cache-Cookie-Set-From
Wxu-Next-Region
X-SayCDN-TTL
X-SD-PageType
X-Say-TTL
X-MP-GENERATED-AT
X-Cdn-Forward
X-IPS-LoggedIn
X-Page-Type
Resin-Trace
Memory
X-Wa
X-FPC
UCS
X-Ttl
X-Var-Ttl
ProcessTime
REQUESTUUID
X-Servedbyhost
X-Service
X-Dc
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Has-Esi
Powered-By-ChinaCache
X-Nc
X-Lb-Id
X-Logtrace-Id
Cache-Provider
X-Is-Gdpr
Ajk
X-JWT-State
X-Geo
X-HTML-Minification-Powered-By
X-Ratelimit-Limit
Proxy-Firewall
X-NWS-UUID-VERIFY
X-Datadome
X-VCL-Version
X-RateLimit-Reset
X-Cache-Backend
X-SERVER-NAME
Srv
X-Processor
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Grey
Powered-By
X-Cache-Category-Id
X-Be
X-Info
X-SRV
X-Cache-URL
X-Pjax-Url
SN
X-ZONE
X-Svr
X-Varnish-Beresp-Ttl
X-Ruxit-Js-Agent
X-UA
PICS-Label
Fastly-Backend-Name
X-TH-Server
Dynatrace
X-CDN-Forward
X-Instart-Isnd
CACHE
X-Dynatrace-Js-Agent
X-Webkit-Csp
X-Scheme
X-Cache-Ttl
X-HS-Status
X-SN
GeoIP-Latitude
GeoIP-City
GeoIP-Country-Code
X-Ftr-Request-Id
X-Dynatrace
X-RCS-CacheZone
X-Zone
X-NodeID
X-Varnish-Beresp-Status
Group
X-Varnish-Beresp-Grace
X-Source
X-GRACE
GW-Server
X-LAGOON
X-Pf-Uncompressing
X-Newrelic-Synthetics
X-Gannett-Site-Version
X-Secret
Cdn
X-Varnish-Url
X-Bc
X-Varnish-Beresp-TTL
Ttl
WZWS-RAY
X-Server-W
X-Check-Cacheable
X-EC-Lua
X-LiteSpeed-Cache-Control
Cache-Host
LB
CF-Cached-On
X-PF-Uncompressing
X-NODE
X-Sucuri-Id
X-Varnish-Cacheable
X-APP
X-Ftr-Cache-Host
XServer
On-Server
X-CDN-Cache
User-Agent
X-Ms-Request-Id
X-Ms-Version
X-Via-Ucdn
X-GeoIP-Country-Code
X-Ratelimit-Remaining
X-Tt-Trace-Host
Pics-Label
Geoip-Latitude
Environment
MIME-Version
Inserted-Into-Cache-At
X-BC
X-Edge
GeoIp-Country-Code
X-COUNTRY
Geoip-City
X-Fastly-Country-Code
WWW
Lfy
X-Session-Fingerprint
X-PJAX-URL
X-Aicache-OS
X-Akamai-SSL-Client-Sid
X-NU-AKA-ACS-Version
X-Cache-Debug
X-URL
X-BE
X-Ftr-Balancer
X-Trafficlayer-App-Scope
X-Ftr-Dc
X-Ftr-Backend
X-Ftr-Realm
X-Trafficlayer-App-Name
X-Ftr-Backend-Server
Who
X-Render-Time
X-Mid
X-Agile-Id
Ohc-Response-Time
X-Crawler
X-Agile-Age
X-Agile
M-TraceId
Requestid
Cf-Ipcountry
X-Vcl-Version
X-FORWARDED-FOR
SID
X-MCACHE
X-Varnish-Ttl
X-CSRF-Token
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Backend-Reqs
X-Litespeed-Cache-Control
X-LB-ID
X-Logging-Id
X-7Graus-Varnish-XKeys
X-UPSTREAM-Address
URI
X-FE
X-Micro-Cache
X-7Graus-Varnish-Cache-Control
Lb
DataCenter
X-Served-From
X-Via-SSL
X-Cache-Tag
X-WR-MODIFICATION
X-Sedo-Request-Id
X-Proxy-Cacherz
X-Via-Edge
Xkeyrz
X-Cache-Miss-From
HostName
X-DW
X-RSL
X-RPS
X-DSS
X-RPM
Host-ID
RequestUuid
X-Action
X-DB
X-DI
CDN
X-Cf-Powered-By
X-Correlation-ID
X-NGINX-Cache
X-Core-Value
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-Flow-Id
Xkeypdq
X-WA
X-ServedByHost
X-Amzn-Remapped-Date
X-Vct
X-Fastly-Cache-Hits
X-Nananana
X-Fpc
X-Amzn-Remapped-Connection
X-Swift-Error
X-Newrelic-App-Data
X-SB
X-Ecache
Cneonction
X-VC
X-Protected-By
Cdnsip
X-AK-Request-ID
Cdncip
X-Vdms-Version
X-Cdn-Request-ID
X-TIME
X-MID
Warning
FNAC-ModuleRouting
Correlation-Id
X-Sucuri-ID
X-Unique-Id
X-Serial
Xet-Cookie
X-Request-Url
X-ECache
X-Bug-Bounty
X-Sucuri-Cache
X-TT-LOGID
Server-Id
Is-Session-Tracking
HitType
Get-Access-Time
X-ServerName
Processtime
X-MiniProfiler-Ids
X-Apw-Hits
X-ND-Cache
V-Cache
X-Gdpr
X-Fe
X-Apw-Access-Token
X-Dw-Trace-Id
X-Refresh
X-Request-URL
X-Apw-Access-Action
X-Apw-Access-Object
X-Via-NSCOPI