Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Request-ID
Timing-Allow-Origin
X-Template
X-DNS-Prefetch-Control
X-Language
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Ua-Compatible
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-CDN
X-Envoy-Upstream-Service-Time
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Cdn
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
X-Cloud-Trace-Context
Report-To
X-Response-Time
X-Host
X-Node
X-Backend-Server
Content-Location
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
X-Origin-Upstream-Status
X-Rack-Cache
X-Ruxit-JS-Agent
Allow
X-ORACLE-DMS-RID
X-HW
X-DataDome
Rating
X-Country
X-Country-Code
X-FTR-Request-ID
X-Url
X-TTL
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
X-Instart-Request-ID
X-Goog-Hash
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
X-MS-InvokeApp
X-CST
RTSS
Verso
X-Px
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-Recruiting
X-VARITI-CCR
Pinterest-Generated-By
X-Mod-Pagespeed
X-Ah-Environment
Service-Worker-Allowed
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Exp-Id
X-Kinja-Revision
X-Exp-Variant
X-D2id
X-Cdn-Fetch
X-Kinja-Server
X-Sol
X-Middleton-Display
Response
Display
X-Middleton-Response
Accept-Ch-Lifetime
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
X-Akam-SW-Version
MS-Author-Via
X-B3-TraceId
X-GitHub-Request-Id
X-RateLimit-Remaining
TCN
X-Navigation-Version
X-Abt-Application-Version
X-Powered-CMS
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Accept-CH
X-Upstream
X-Shard
X-Forwarded-Proto
Ar-Sid
AR-CACHE
AR-PoweredBy
AR-ATIME
SPRequestDuration
SPIisLatency
Charset
X-Amz-Server-Side-Encryption
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Fastly-Restarts
X-Amz-Rid
X-Aspnetmvc-Version
X-Trace
Realpath
X-Server-Name
X-ESI
Nginx-Cache
X-XRDS-Location
X-Debug
Front-End-Https
AR-Request-ID
X-Shield-Request-Id
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Ezoic-Cdn
X-Cached
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-NF-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
Paypal-Debug-Id
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
Arr-Disable-Session-Affinity
Content-MD5
ServerID
Pagespeed
X-Id
X-Goog-Storage-Class
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
MicrosoftSharePointTeamServices
DynaTrace
X-T
S
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-DynaTrace-JS-Agent
X-Via-JSL
X-VCache
X-Vcache
X-Content-Type
X-Client-IP
X-Varnish-Age
X-Dw-Request-Base-Id
X-Hits
X-Amzn-Trace-Id
X-SERVER
X-Grace
X-N
X-Frontend
X-Correlation-Id
Accept-Ch
Fastcgi-Cache
X-Content-Digest
X-RateLimit-Limit
Powered
X-FTR-Cache-Host
PB-RID
Arc-Version
X-Mobile-Rewrite
PB-PID
X-Ser
X-Forwarded-For
X-Accel-Expires
X-DIS-Request-ID
Server-Name
X-Logged-In
X-ASPNET-VERSION
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-Fastcgi-Cache
X-FastCGI-Cache
X-B3-Sampled
X-HS-Content-Id
X-HS-Hub-Id
X-Microsite
X-Request-Handler-Origin-Region
TP-Cache
TP-L2-Cache
X-Zen-Fury
X-Request-Processing-Time
X-Request-Received
X-Cache-Age
X-Kinsta-Cache
X-Esi
X-LB-Cache
X-GUploader-UploadID
Edge-Cache-Tag
X-Rid
FilterID
X-User-Agent
X-AppVersion
X-Activity-Id
X-IPLB-Instance
X-Type
X-Revision
X-Az
Healthy
X-Analytics
Backend-Timing
X-Node-Name
X-Whom
Retry-After
X-F-Cache
X-Time
X-Srv
X-NWS-LOG-UUID
Pinterest-Version
X-Pinterest-Rid
X-Cache-2
Accept-Charset
X-Cache-Hit
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Amz-Apigw-Id
X-Amzn-RequestId
Alternate-Protocol
X-Acc-Meta-Resource-Type
X-AOL-HN
Server-Node
Cache-Status
X-Cache-Rule
X-Content-Options
X-Content-Powered-By
X-Cluster
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
DC
Refresh
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
Access-Control-Allow-Method
X-Page-Id
Surrogate-Key
X-FB-Debug
X-Tumblr-Pixel
X-Jobs
X-Tumblr-User
X-Tumblr-Pixel-0
X-Framework
X-Instance
X-Forwarded-Host
X-Hp-Webp
X-Debug-Info
Source
X-TA-CDN-Provider
X-Erf-Bev-Bev
X-FW-Static
X-PHP-Backend
X-Varnish-Grace
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Erf-Bev-Bev-Is-Generated
X-B
MS-CV
X-App-Environment
X-App-Server
X-Request-Guid
Fastcgi-Useragent
Frame-Options
X-Hostname
Host
Cleartype
Cache-Tag
X-Cache-Key
X-Signature
X-B-Cache
Actual-Object-TTL
Tracecode
X-Mobile-URL
X-BCube-Filmed-By
X-Cache-Operation
X-Geo-Country
X-Cached-By
X-Cache-Control
X-Varnish-Backend
X-Seen-By
X-TT
X-Amz-Replication-Status
X-Host-Name
Liferay-Portal
X-Mobile
X-Ratelimit-Reset
NGB
X-Response-Served-From
X-Pad
Xserver
X-Git-Hash
X-Adobe-Content
X-ATG-Version
X-Adobe-Loc
Webserver
X-WebKit-CSP-Report-Only
Eomportal-Instance
X-Cache-TTL
X-Status
Cache-Tv-Group
X-WA-Info
X-RemovedCookies
Payment
Filters
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-ProcessESI
X-RTag
X-FW-Dynamic
Ms-Operation-Id
WPE-Backend
X-GeoIP
X-Handled-By
X-PressLabs-Stats
X-Cacheable-TTL
X-TX-ID
From-Origin
X-Drupal-Cache-Tags
X-UA-Device-Type
X-Cache-Remote
GEO-INFO
X-DataStream-Cache-Status
X-RequestSource
X-Cache-TTL-Remaining
Datacenter
X-Webkit-CSP
X-Content-Age
X-Edge-Location
X-Daa-Tunnel
X-Cache-Action
X-Storage
Viewport
X-Origin-Server
PageSpeed
X-Varnish-Hostname
X-Accel-Buffering
X-Upstream-Proxy
X-EdgeConnect-Cache-Status
X-Hyper-Cache
Cache
Version
X-Contextid
NR-ENABLED
X-Region
X-Wix-Request-Id
X-CF-Powered-By
Host-Header
X-Ua
Accept-CH-Lifetime
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-Server
X-RN-RSRV
X-Akamai-Transformed
X-Cache-Var
X-Cache-Var-Map
Load-Balancing
Meta-Geo
X-Path-Route
X-ES-SERVER
X-Timing-Wait
X-JoinUs
X-IP
Selected-Fe
X-Proxy-Build
X-Akamai-Request-ID2
X-Generated
Ohc-File-Size
X-Backend-Name
X-Cache-Config
X-TNCMS
X-Loop
X-Goog-Meta-Goog-Reserved-File-Mtime
S-Cnection
X-Proto
Cache-Name
X-Proxy
X-Labrador-Cache-Channel
X-CS
X-Viewer-Country
Decoy-Debug-Status
Cache-Tags
X-Tumblr-Pixel-3
X-NCache
X-Via-Fastly
Decoy-Debug-Key
Decoy-Debug-TTL
Now
X-Rule
DB-Nickname
X-Time-Microsecs
Vix-Hermes-Req-Id
X-FC-Vary-Parameters
Ec-Rule-Version
Cache-Hits
X-Cluster-Node
Rt-Fastcgi-Cache
SRV
X-From
X-Cache-Enabled
X-FW-Version
X-Trace-Id
X-Hosted-By
X-Hit
X-Cache-Grace
X-Cache-Host
X-Upgrade-Enabled
X-UnsetCookies
Country
X-CCM
X-Backend-TTL
X-Cache-Time
X-ApacheServer
X-Web-Node
X-PERF
X-Origin
S-Rt
X-Origin-Response-Time
X-Akamai-Request-ID
Webcakes-App-Version
X-Presslabs-Stats
Cache-Key
Azure-SiteName
Azure-InstanceId
Azure-SlotName
Azure-Version
Webcakes-App-Name
Webcakes-Region
TWC-Privacy
TWC-Device-Class
Property-Id
TWC-Connection-Speed
X-R9-Blue-Green-Version
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Xfnlog-Site
X-Www-Served-By
X-Varnish-Cache-Hits
X-Varnish-Hits
Azure-RegionName
X-Debug-Cache
X-FireWall-Port
X-S
X-Site-Version
X-Human
X-Origin-Hint
X-OCL
X-Locale
X-EIG-Tracking-Id
X-PCL
X-Cache-Server
X-Device-Type
X-Cache-NE
X-Access
DSUID
X-Drupal-Cache-Contexts
Server-Info
X-Section
Mn-Server-Ip
Release
X-Format
X-Upstream-CT
X-Upstream-HT
X-Rendered-As
OT-Force-Account-Verify
Time
X-Vgn-Hpd-Reason
X-NewRelic-App-Data
Hostname
Ohc-Cache-HIT
ServedBy
X-VCT
X-HS-Cache-Config
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
X-Alternate-Cache-Key
X-VG-TLSProxy
X-Real-IP
X-OVcl
Fastcgi-X-Cache-Version
X-VG-WebCache
X-OVcl-Cache
X-APP-VERSION
X-Redis-Cache
X-Oracle-Dms-Rid
X-FB-TRIP-ID
X-Server-ID
X-XRDS-LOCATION
Cteonnt-Length
Accept-Language
Access-Control-Request-Headers
Origin-Cache-Control
X-Pubstack
Machine
Origin-Edge-Control
X-Nginx-Cache
X-Tb
X-DataStream-Origin-MEX-Latency
L5d-Success-Class
Origin
X-DataStream-MidMile-RTT
X-B3-Spanid
X-Environment-Context
X-L-Path
X-Mode
X-Cluster-Name
X-No-Session
X-CSRF-TOKEN
NtCoent-Length
X-Tt-Trace-Tag
Fastly-SSL
X-Element-Page-Cache
X-Magnolia-Registration
X-App-Version
X-NC
X-GEO
X-Generated-By
X-Request-Time
Odigeo-Trace-Id
Mime-Version
X-Guploader-Uploadid
X-NGENIX-Cache
X-SS-Set-Cookie
Nel
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
X-Rocket-Nginx-Bypass
X-AWS-Id
X-Load-Cache
X-VWS-Id
IBM-Web2-Location
X-ServerID
X-LJ-Flow-ID
X-B3-Parentspanid
X-UUID
X-CACHE-KEY
X-Parent-Response-Time
X-GoCache-CacheStatus
We-Hiring
Mail-Subject
Request-Time
X-ECACHE
X-HS-Combine-CSS
X-Soup
X-Oneagent-Js-Injection
X-Origin-TTL
Akamai-GRN
X-Origin-CC
AsisCache
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
BehaviorPad-Version
X-Detected-As
Content-Script-Type
Content-Style-Type
Cdn-Request-Time
Cdn-Host
X-Destination
Cache-Prefix
Apple-News-Services-Handled
X-DPWN-IS-SECURE
X-MServer
X-Vtex-Processado-Em
X-VG-WebServer
Proxy-Connection
X-Trv-Group
X-Twitter-Response-Tags
X-Vtex-Remote-Cache
X-Node-Id
X-Date
A
Xc-Version
X-Edge-Server
X-G
X-Developer
Cross-Origin-Window-Policy
X-A-Wwc
X-A-Dgt
Rt-Proxy-Cache
X-Accel-Expires-Debug
X-AIR-PT
X-Aed
X-A-Dcw
Server-ID
VivaBuild
Viewtype
T-Server
X-A
X-A-Dam
X-A-Ccd
Rendered-Blocks
X-Application
GEO-REGION-INFO
X-CF-Lambda-Version
Fly-Request-Id
Fly-Cache
X-D
X-Connection-Hash
X-CF-Lambda-Fn
MD5-Digest
X-B-Cookie
X-ARC
Node
Mobile-Detection-Method
Memcached
Meta-Geo-Continent
X-Transaction
X-External-Request-Id
X-S-Cookie
X-Rojux
X-S-Maxage
X-ScT
X-Is-Bot
X-SRCache-Key
X-Rewrite-Enabled
X-Request-UUID
X-Origin-Expires
X-PAYTM-SRV-ID
X-Region-Sid
X-Origin-Date
X-Org
X-Instart-Info
X-Server-Time
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
ServerName
Backend-Name
X-DC
NGX
X-Uri
X-Auto-Login
N-Cache
X-SVT-ORM-RULES
Request-EU
Request-Country
X-Request-Start
X-Hl-Ver
X-Cache-Bucket
Gh-Request-Id
X-BYPASS-REASON
X-Cdn-Srv
X-Clientip
X-Cms-Context
Countrycode
X-TrackingId
X-VC-Cache
X-Bip
Uber-Trace-Id
X-Release
X-ProxyCache-Key
X-Thanos
X-Worker
X-ProxyCache-Status
X-IN-APIGATEWAYSSL
X-WebServer
X-IN-APIGATEWAY
X-SVT-ORM-VERSION
User-Cache-Control
CF-IPCountry
X-Via-CDN
X-Generation-Time
X-Cache-Id
X-BBXSRF
X-Platform-Server
X-Backend-Url
X-PHP-Host
X-Hash
W
X-GeoIP-City
X-Cache-FS-Status
X-Block-Status
X-Owner
X-Old-Content-Length
X-Cache-Info
X-App-Name
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-ABtesting
X-Rebelmouse-Surrogate-Control
X-Amz-Meta-Cache-Control
X-Rebelmouse-Cache-Control
X-Hello
X-Proxy-Upstream
V-Age
X-Proxy-Cache-Status
X-Request-URI
X-Backend-Host
X-Geo-Header
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Reboot
X-Core-Mission
X-Distil-CS
X-Distributor
X-Policy
X-Level-Front-Cache
X-Li-Fabric
X-Device-Os
X-Li-Pop
X-VServer
X-Developers
X-Generated-On
X-Irp-Debug
X-Gen-Mode
X-Generated-In
X-We-Are-Hiring
X-WADP-Cache
X-GDPR
X-Flog
X-ElasticPress-Search
X-Fastly-Cache
X-Fetched-On
X-LI-Proto
X-LI-UUID
X-CUA
X-NX-Host
X-Thinkindot-L3
X-Debug-Cache-Expiry
X-Hnp-Log
X-Compress-Hint
X-Up
X-Clara-WADP
X-Variation
X-Debug-Cache-Fetch
X-Matched-Rule
X-Skip-Cache
X-Sn-Servicetimems
X-Location
X-Debug-Log
X-SIPLIST1
X-ServiceProvider
X-Debug-Cache-Store
X-Debug-Cookies
X-Cdn-Origin
Thinkindot-CacheControl
PFcat
Fastly-Soc-X-Request-Id
AKAMAI
IsBot
Content-Disposition
Is-Eu
Platform
Section-Io-Cache
X-Zipkin-Id
Adler-Geo
Thinkindot-Control
True-Client-Country-4JS
X-Proxied
Fastly-SIE
Thinkindot-CacheControl-Type
Fastly-SWR
X-B3-SpanId
X-Routing-Service
Heartbleed
X-Response-By
X-C
X-Eu-Site
X-Say-Cacheable
Kp-EeAlive
HA-Ipaddr
X-Reqid
X-Nginx-Cache-Key
X-Dispatch
CDCHOST
X-Dispatcher-Server
X-Key
X-Epic-Correlation-Id
X-Method
X-MSEdge-Features
X-CGP
X-Say-TTL
X-MSEdge-Flight
Esi-Enabled
Ha-Gx-Prefs
L
RNT-Time
SD-X-WS
X-SayCDN-TTL
X-Wikidot-Backend
X-Webstats-RespID
Served-By
Server-Host
Web-Mar-Node
SS
X-Wikidot-Static-Cache
Server-Int
Pramga
RNT-Machine
X-Server-IP
X-Unique-ID
X-SD-PageType
Pagetype
X-User
X-Swa-Ws
Magicmarker
X-Cdn-Forward
X-Microcachable
X-IPS-LoggedIn
Cache-Cookie-Set-From
Memory
Wxu-Next-Commit
X-Internal-Host
Cache-Cookie-Set-Idcheck
Wxu-Next-Hostname
Wxu-Next-Region
X-Backend-State
Cache-Cookie-Set-Lfrom
Resin-Trace
X-Servername
X-Qloud-Router
Country-Code
X-Page-Type
X-Var-Ttl
X-FPC
X-Service
X-Dc
X-MP-GENERATED-AT
X-Geo
X-Nc
X-Ratelimit-Limit
UCS
Cache-Provider
X-Has-Esi
X-Is-Gdpr
X-JWT-State
REQUESTUUID
X-Wa
Powered-By-ChinaCache
X-Lb-Id
X-Servedbyhost
ProcessTime
Ajk
X-Logtrace-Id
X-RateLimit-Reset
Srv
X-NWS-UUID-VERIFY
X-HTML-Minification-Powered-By
X-Datadome
X-Info
X-Cache-Backend
Proxy-Firewall
X-Litespeed-Cache
X-UA
X-Be
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Svr
X-Processor
X-Pjax-Url
X-Oss-Object-Type
X-Oss-Request-Id
X-VCL-Version
X-SRV
X-Instart-Isnd
X-Cache-URL
Powered-By
X-Tb-Optimization-Total-Bytes-Saved
SN
X-Cache-Category-Id
X-Grey
X-COUNTRY
X-Ruxit-Js-Agent
X-Scheme
X-HS-Status
Dynatrace
X-SN
X-Varnish-Beresp-Ttl
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-URL
X-ZONE
X-CDN-Forward
CACHE
X-Zone
X-Webkit-Csp
X-NodeID
PICS-Label
X-Ftr-Request-Id
X-TH-Server
Fastly-Backend-Name
Group
X-Ttl
X-Dynatrace
GeoIP-Country-Code
GeoIP-City
GeoIP-Latitude
X-Varnish-Beresp-Status
X-Source
X-GRACE
X-Varnish-Beresp-Grace
X-RCS-CacheZone
X-SERVER-NAME
X-Pf-Uncompressing
X-LiteSpeed-Cache-Control
X-EC-Lua
X-Cache-Ttl
Cache-Host
X-Newrelic-Synthetics
X-LAGOON
GW-Server
X-Varnish-Beresp-TTL
X-Varnish-Url
X-Server-W
X-Bc
Ttl
X-Gannett-Site-Version
X-Secret
Cdn
X-APP
X-PF-Uncompressing
LB
X-Dynatrace-Js-Agent
X-NODE
X-Check-Cacheable
WZWS-RAY
X-Ftr-Cache-Host
X-Sucuri-Id
XServer
X-Ms-Version
X-Ms-Request-Id
CF-Cached-On
X-Varnish-Cacheable
X-Ratelimit-Remaining
X-CDN-Cache
Geoip-City
X-FORWARDED-FOR
Geoip-Latitude
On-Server
GeoIp-Country-Code
X-Via-Ucdn
X-Tt-Trace-Host
User-Agent
X-GeoIP-Country-Code
MIME-Version
X-Fastly-Country-Code
X-Trafficlayer-App-Scope
Environment
X-Session-Fingerprint
X-Edge
Lfy
X-Trafficlayer-App-Name
X-Cache-Debug
X-Aicache-OS
Pics-Label
X-BC
WWW
Cf-Ipcountry
M-TraceId
Inserted-Into-Cache-At
X-Akamai-SSL-Client-Sid
X-Ftr-Balancer
X-Ftr-Dc
X-Ftr-Backend
X-CSRF-Token
X-Ftr-Realm
X-Ftr-Backend-Server
Ohc-Response-Time
X-Mid
X-PJAX-URL
X-NU-AKA-ACS-Version
X-Vcl-Version
Requestid
X-BE
X-Agile
X-Agile-Id
X-Agile-Age
X-MCACHE
X-UPSTREAM-Address
X-Crawler
SID
X-Varnish-Ttl
X-Render-Time
Who
X-7Graus-Varnish-Cache-Control
X-Logging-Id
X-7Graus-Varnish-XKeys
Amp-Access-Control-Allow-Source-Origin
X-LB-ID
X-Litespeed-Cache-Control
X-Fastly-Backend-Reqs
X-Sedo-Request-Id
URI
X-Cache-Miss-From
X-Cache-Tag
Lb
X-DB
X-DW
X-DSS
X-Action
X-DI
X-Micro-Cache
X-RPM
X-RPS
X-RSL
Xkeyrz
X-Proxy-Cacherz
X-FE
HostName
X-Served-From
X-Via-Edge
Host-ID
X-ServedByHost
CDN
X-WR-MODIFICATION
X-Via-SSL
RequestUuid
X-WA
X-Cf-Powered-By
DataCenter
X-Correlation-ID
Xkeypdq
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
Cdncip
X-Nananana
X-Core-Value
Cdnsip
X-Fastly-Cache-Hits
X-Fpc
X-AK-Request-ID
X-Newrelic-App-Data
X-NGINX-Cache
X-Swift-Error
X-TIME
X-Amzn-Remapped-Date
X-SB
X-TT-LOGID
X-Vdms-Version
Is-Session-Tracking
X-VC
Get-Access-Time
X-MID
Cneonction
FNAC-ModuleRouting
X-Cdn-Request-ID
Warning
Correlation-Id
X-Amzn-Remapped-Connection
X-Unique-Id
X-Vct
X-Sucuri-ID
RequestId
HitType
X-Rocket-Build-Number
X-Sigma
X-Fstrz
X-Gen-Id
X-Shopify-Generated-Cart-Token
TTL
X-Bug-Bounty
X-Sigma-Backend
X-Sucuri-Cache
X-ECache
X-Fe
X-Apw-Access-Action
X-Apw-Access-Object
X-ServerName
X-MiniProfiler-Ids
X-Gdpr
X-Dw-Trace-Id
X-Ecache
X-Apw-Access-Token
Xet-Cookie
X-Request-URL
V-Cache
X-Protected-By
X-Apw-Hits
Processtime