Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Xss-Protection
X-Permitted-Cross-Domain-Policies
X-Cache-Status
Timing-Allow-Origin
X-Template
X-DNS-Prefetch-Control
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-CDN
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Cdn
X-Server-Id
X-Amz-Version-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
X-Backend-Server
Content-Location
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
X-Origin-Upstream-Status
X-Rack-Cache
Allow
X-Ruxit-JS-Agent
X-HW
Rating
X-Country
X-ORACLE-DMS-RID
X-Country-Code
X-DataDome
X-FTR-Request-ID
X-TTL
X-Url
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
Fusion-Template-Id
Fusion-Content-Source
X-Instart-Request-ID
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-Goog-Hash
X-Varnish-TTL
X-TtlSet
X-PC
X-MS-InvokeApp
X-Vname
X-CST
X-Px
Verso
RTSS
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
X-Ah-Environment
Pinterest-Generated-By
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-D2id
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Revision
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Sol
Display
X-Middleton-Display
Response
X-Middleton-Response
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
Accept-Ch-Lifetime
MS-Author-Via
X-Akam-SW-Version
Accept-CH
X-RateLimit-Remaining
X-B3-TraceId
TCN
X-GitHub-Request-Id
X-Abt-Application-Version
X-Navigation-Version
X-Powered-CMS
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Upstream
X-Forwarded-Proto
X-Shard
X-Amz-Server-Side-Encryption
Ar-Sid
Charset
SPIisLatency
AR-PoweredBy
SPRequestDuration
AR-CACHE
AR-ATIME
X-XRDS-Location
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Fastly-Restarts
X-Amz-Rid
X-Aspnetmvc-Version
Realpath
Nginx-Cache
X-Trace
X-Debug
X-Server-Name
X-ESI
Front-End-Https
AR-Request-ID
X-Cached
X-Shield-Request-Id
Mrf-Cache-Status
X-Ezoic-Cdn
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-MSEdge-Ref
Access-Control-Request-Method
X-NF-Request-ID
Paypal-Debug-Id
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
Arr-Disable-Session-Affinity
Pagespeed
ServerID
Content-MD5
DynaTrace
X-Id
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-Vcache
X-Goog-Storage-Class
MicrosoftSharePointTeamServices
S
X-T
X-DynaTrace-JS-Agent
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-Client-IP
X-Via-JSL
X-Content-Type
X-Varnish-Age
X-Dw-Request-Base-Id
X-Hits
X-Amzn-Trace-Id
X-VCache
X-RateLimit-Limit
X-SERVER
X-N
X-Correlation-Id
X-Grace
Fastcgi-Cache
X-Frontend
X-FTR-Cache-Host
X-Content-Digest
X-FastCGI-Cache
Powered
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Forwarded-For
X-Accel-Expires
Server-Name
X-Logged-In
X-B3-Traceid
X-DIS-Request-ID
X-Ser
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-Esi
Accept-Ch
X-HS-Content-Id
X-GUploader-UploadID
X-HS-Hub-Id
X-Request-Handler-Origin-Region
TP-L2-Cache
X-Zen-Fury
TP-Cache
X-Microsite
X-Fastcgi-Cache
X-Request-Received
X-Kinsta-Cache
X-Cache-Age
X-Request-Processing-Time
FilterID
X-Type
X-LB-Cache
X-User-Agent
X-Rid
X-Activity-Id
X-Analytics
Backend-Timing
X-IPLB-Instance
X-Revision
X-Az
X-AppVersion
Healthy
Edge-Cache-Tag
X-Node-Name
X-F-Cache
X-Whom
Retry-After
X-Srv
X-Time
X-Acc-Meta-Resource-Type
X-Cache-2
X-NWS-LOG-UUID
Accept-Charset
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Amz-Apigw-Id
X-Amzn-RequestId
Alternate-Protocol
X-Cache-Hit
Pinterest-Version
X-Pinterest-Rid
X-AOL-HN
X-Cache-Rule
Server-Node
Cache-Status
X-Content-Options
Surrogate-Key
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Refresh
DC
Access-Control-Allow-Method
X-Content-Security-Policy-Report-Only
X-Forwarded-Host
X-Jobs
X-Content-Powered-By
X-Akamai-Edgescape
X-Cluster
X-Page-Id
X-Tumblr-Pixel-0
X-Tumblr-User
X-Instance
X-Tumblr-Pixel
X-FW-Serve
X-Debug-Info
X-FB-Debug
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-Framework
Source
X-Varnish-Grace
X-PHP-Backend
X-Request-Guid
X-B
X-App-Environment
X-Hp-Webp
MS-CV
X-Hostname
X-App-Server
Fastcgi-Useragent
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Frame-Options
Host
Cleartype
X-Signature
X-B-Cache
X-Cache-Key
Cache-Tag
X-TA-CDN-Provider
Tracecode
Actual-Object-TTL
X-Cache-Operation
X-BCube-Filmed-By
X-Mobile-URL
X-Cached-By
X-Geo-Country
X-Varnish-Backend
X-Cache-Control
X-Amz-Replication-Status
X-TT
X-DataStream-Cache-Status
X-Ratelimit-Reset
Liferay-Portal
X-Seen-By
X-Pad
X-PressLabs-Stats
X-Mobile
Xserver
X-Host-Name
NGB
X-Response-Served-From
X-ATG-Version
X-Adobe-Loc
X-Adobe-Content
X-Git-Hash
Payment
Upgrade-Insecure-Requests
Eomportal-Instance
X-WA-Info
X-Status
X-WebKit-CSP-Report-Only
Webserver
X-TT-TIMESTAMP
WPE-Backend
Filters
Cache-Tv-Group
X-FW-Dynamic
X-Tumblr-Pixel-2
X-ProcessESI
X-RemovedCookies
X-Tumblr-Pixel-1
Ms-Operation-Id
X-TX-ID
X-Drupal-Cache-Tags
X-GeoIP
From-Origin
X-Cacheable-TTL
X-RTag
X-Handled-By
X-RequestSource
X-UA-Device-Type
GEO-INFO
X-Cache-TTL-Remaining
X-Content-Age
X-Cache-Remote
X-Cache-TTL
Datacenter
X-Webkit-CSP
X-Daa-Tunnel
X-Edge-Location
X-Storage
X-Upstream-Proxy
Viewport
Accept-CH-Lifetime
X-Cache-Action
X-Origin-Server
X-Accel-Buffering
X-Varnish-Hostname
Cache
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
X-Ua
X-CF-Powered-By
X-Contextid
X-Region
Host-Header
X-Oracle-Dms-Rid
PageSpeed
X-Wix-Request-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
NR-ENABLED
SRV
X-Varnish-Server
X-Cache-Var-Map
X-RN-RSRV
Meta-Geo
X-Akamai-Transformed
X-ES-SERVER
X-Path-Route
X-Cache-Var
Load-Balancing
X-Timing-Wait
X-JoinUs
X-IP
S-Cnection
X-From
X-Proxy-Build
Selected-Fe
X-Akamai-Request-ID2
Now
X-Generated
Cache-Tags
X-CS
Cache-Name
X-Proxy
X-Backend-Name
X-Proto
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Loop
Vix-Hermes-Req-Id
X-TNCMS
X-Cache-Config
X-Viewer-Country
Cache-Hits
X-PERF
X-FC-Vary-Parameters
X-ApacheServer
X-Cluster-Node
X-Cache-Enabled
X-Upgrade-Enabled
Decoy-Debug-Status
X-Tumblr-Pixel-3
X-Akamai-Request-ID
Decoy-Debug-TTL
X-Via-Fastly
X-Section
X-Hit
X-Time-Microsecs
X-NCache
Decoy-Debug-Key
X-Origin-Response-Time
X-Labrador-Cache-Channel
X-Rule
X-Access
DB-Nickname
Rt-Fastcgi-Cache
X-Origin
Ec-Rule-Version
Azure-Version
Property-Id
Mn-Server-Ip
Azure-SlotName
Country
Cache-Key
X-Cache-Grace
X-Format
X-FireWall-Port
X-FW-Version
X-CCM
X-Xfnlog-Site
X-Web-Node
X-PCL
X-EIG-Tracking-Id
X-Upstream-HT
X-Varnish-Cache-Hits
X-Upstream-CT
X-UnsetCookies
X-Trace-Id
Azure-SiteName
X-Origin-Hint
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Name
Webcakes-App-Version
X-Hosted-By
X-OCL
X-Cache-Host
X-Backend-TTL
Webcakes-Region
X-R9-Blue-Green-Version
S-Rt
Azure-RegionName
Azure-InstanceId
X-Varnish-Hits
X-Drupal-Cache-Contexts
X-Device-Type
X-Site-Version
X-Locale
X-S
X-Cache-Time
X-Human
X-Www-Served-By
X-Debug-Cache
Ohc-File-Size
DSUID
X-Cache-Server
OT-Force-Account-Verify
Server-Info
X-Cache-NE
X-Rendered-As
Release
Time
X-NewRelic-App-Data
X-Presslabs-Stats
ServedBy
X-Vgn-Hpd-Reason
X-DataStream-Origin-MEX-Latency
Hostname
X-DataStream-MidMile-RTT
X-VG-TLSProxy
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
X-VG-WebCache
X-Shopify-Stage
X-APP-VERSION
Fastcgi-X-Cache-Version
Ohc-Cache-HIT
X-VCT
X-FB-TRIP-ID
X-OVcl-Cache
X-OVcl
X-Real-IP
X-Redis-Cache
X-Server-ID
X-Nginx-Cache
Accept-Language
Machine
X-Tb
Cteonnt-Length
X-Mode
Origin
X-HS-Cache-Config
Origin-Edge-Control
Origin-Cache-Control
X-Pubstack
X-B3-Spanid
NtCoent-Length
X-CSRF-TOKEN
Access-Control-Request-Headers
L5d-Success-Class
X-L-Path
X-GEO
X-NC
X-No-Session
X-Environment-Context
X-Request-Time
X-Tt-Trace-Tag
X-Cluster-Name
X-Magnolia-Registration
X-Generated-By
Odigeo-Trace-Id
X-Load-Cache
Fastly-SSL
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-App-Version
X-Endurance-Cache-Level
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
Mime-Version
X-UUID
Nel
X-NGENIX-Cache
Akamai-GRN
We-Hiring
X-B3-Parentspanid
Mail-Subject
X-ServerID
X-Parent-Response-Time
X-GoCache-CacheStatus
X-Rocket-Nginx-Bypass
X-XRDS-LOCATION
X-DC
X-CACHE-KEY
X-SS-Set-Cookie
X-ECACHE
Request-Time
X-Element-Page-Cache
X-Oneagent-Js-Injection
X-Destination
A
Apple-News-Services-Handled
Apple-News-Services-Host
X-Vtex-Remote-Cache
X-Detected-As
Apple-News-Services-Parsed-Url
X-VG-WebServer
X-Date
Cache-Prefix
X-Vtex-Processado-Em
BehaviorPad-Version
Apple-News-Services-Request-Url
Arc-Country
AsisCache
X-Developer
X-External-Request-Id
X-Origin-Date
X-Org
X-Is-Bot
X-MServer
X-Origin-Expires
X-Request-UUID
X-Region-Sid
X-PAYTM-SRV-ID
Xc-Version
X-Instart-Info
X-S-Cookie
X-Edge-Server
X-Soup
X-Worker
X-Rojux
X-G
X-Node-Id
X-DPWN-IS-SECURE
X-S-Maxage
Server-ID
T-Server
X-B-Cookie
X-ARC
Rt-Proxy-Cache
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Server-Time
X-Rewrite-Enabled
Viewtype
VivaBuild
X-A-Wwc
X-Accel-Expires-Debug
X-Application
X-A-Dgt
X-A-Dcw
X-A
X-A-Ccd
X-A-Dam
X-SRCache-Key
X-Transaction
Cross-Origin-Window-Policy
Fly-Cache
Fly-Request-Id
X-Connection-Hash
Content-Style-Type
Content-Script-Type
X-Aed
Cdn-Request-Time
X-D
GEO-REGION-INFO
MD5-Digest
X-ScT
X-Twitter-Response-Tags
X-Trv-Group
Rendered-Blocks
Node
Memcached
Meta-Geo-Continent
Mobile-Detection-Method
Cdn-Host
X-AIR-PT
X-Origin-TTL
X-Origin-CC
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
Proxy-Connection
Uber-Trace-Id
NGX
CF-IPCountry
X-ProxyCache-Key
X-Routing-Service
ServerName
X-BYPASS-REASON
X-Zipkin-Id
Backend-Name
X-ProxyCache-Status
X-Proxied
X-Core-Mission
Countrycode
X-WebServer
Request-EU
X-Cms-Context
X-Clientip
X-HS-Combine-CSS
X-Fastly-Cache
X-TrackingId
X-Via-CDN
Request-Country
Fastly-Soc-X-Request-Id
X-Hl-Ver
X-Developers
X-Distil-CS
X-Distributor
Gh-Request-Id
X-IN-APIGATEWAY
X-Cdn-Srv
N-Cache
X-IN-APIGATEWAYSSL
IsBot
Section-Io-Cache
X-SIPLIST1
X-Up
X-Auto-Login
X-Bip
X-Azure-Ref
X-SVT-ORM-RULES
X-Azure-Ref-OriginShield
X-Thanos
X-SVT-ORM-VERSION
X-Request-Start
X-VC-Cache
X-Cache-Bucket
X-Release
X-ElasticPress-Search
User-Cache-Control
X-Backend-Host
X-Clara-WADP
X-Backend-Url
X-Device-Os
X-Debug-Log
X-Cache-Info
X-Epic-Correlation-Id
X-Eu-Site
X-Cdn-Origin
X-Debug-Cookies
X-ABtesting
X-CGP
X-BBXSRF
X-Amz-Meta-Cache-Control
X-App-Name
X-Block-Status
X-CUA
X-Guploader-Uploadid
X-C
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Compress-Hint
X-Cache-FS-Status
X-Debug-Cache-Fetch
X-Fetched-On
X-Cache-Id
X-Li-Fabric
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Request-URI
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-PHP-Host
X-Platform-Server
X-Proxy-Cache-Status
X-Proxy-Upstream
X-B3-SpanId
X-ServiceProvider
X-WADP-Cache
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-Variation
X-Skip-Cache
X-Sn-Servicetimems
X-Thinkindot-L3
X-Unique-ID
X-Owner
X-Old-Content-Length
X-GeoIP-City
X-Hash
X-Hello
X-Hnp-Log
X-Geo-Header
X-Generation-Time
X-GDPR
X-Gen-Mode
X-Generated-In
X-Generated-On
X-Irp-Debug
X-Li-Pop
X-MSEdge-Features
X-MSEdge-Flight
X-Nginx-Cache-Key
X-NX-Host
X-Method
X-Matched-Rule
X-LI-Proto
X-LI-UUID
X-Location
X-Flog
X-Level-Front-Cache
Adler-Geo
Server-Int
Ha-Gx-Prefs
X-Uri
Thinkindot-CacheControl-Type
HA-Ipaddr
True-Client-Country-4JS
Thinkindot-Control
AKAMAI
RNT-Time
Fastly-SIE
Fastly-SWR
PFcat
Esi-Enabled
Platform
RNT-Machine
CDCHOST
Content-Disposition
V-Age
Thinkindot-CacheControl
Is-Eu
W
L
Magicmarker
X-Microcachable
Cache-Cookie-Set-Lfrom
X-Key
Wxu-Next-Commit
X-Internal-Host
Kp-EeAlive
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Pramga
Wxu-Next-Region
Pagetype
X-Dispatch
Wxu-Next-Hostname
X-Policy
X-User
Country-Code
X-Webstats-RespID
SD-X-WS
X-Servername
X-Say-Cacheable
Web-Mar-Node
X-Server-IP
X-SD-PageType
X-SayCDN-TTL
X-Say-TTL
X-Dispatcher-Server
X-Response-By
Server-Host
Served-By
X-Backend-State
X-Swa-Ws
X-Reqid
SS
Heartbleed
X-Qloud-Router
X-MP-GENERATED-AT
X-IPS-LoggedIn
X-Cdn-Forward
Memory
Resin-Trace
X-Page-Type
X-Wa
UCS
X-FPC
X-Var-Ttl
ProcessTime
X-Service
X-Servedbyhost
REQUESTUUID
X-Dc
X-Logtrace-Id
X-Nc
X-JWT-State
X-Has-Esi
X-Is-Gdpr
Cache-Provider
Ajk
Powered-By-ChinaCache
X-HTML-Minification-Powered-By
X-Geo
X-Ratelimit-Limit
X-Lb-Id
Proxy-Firewall
X-NWS-UUID-VERIFY
X-Datadome
X-Cache-Backend
X-RateLimit-Reset
X-VCL-Version
Srv
X-SERVER-NAME
X-Litespeed-Cache
X-Cache-Category-Id
Powered-By
X-Tb-Optimization-Total-Bytes-Saved
X-Processor
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Grey
X-Be
X-SRV
X-Info
SN
X-ZONE
X-Svr
X-Pjax-Url
X-Cache-URL
X-COUNTRY
X-Ruxit-Js-Agent
X-Varnish-Beresp-Ttl
X-UA
PICS-Label
Fastly-Backend-Name
X-Instart-Isnd
X-TH-Server
Dynatrace
X-CDN-Forward
X-Tec-Api-Root
CACHE
X-URL
X-Tec-Api-Origin
X-Webkit-Csp
X-Tec-Api-Version
X-Ftr-Request-Id
GeoIP-Country-Code
X-Cache-Ttl
GeoIP-City
GeoIP-Latitude
X-HS-Status
X-Scheme
X-SN
X-RCS-CacheZone
X-Zone
X-Dynatrace
X-Ttl
X-NodeID
Group
X-Source
X-GRACE
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-LAGOON
GW-Server
X-Pf-Uncompressing
X-Secret
X-Gannett-Site-Version
Cdn
X-Varnish-Url
X-Bc
X-Newrelic-Synthetics
X-Varnish-Beresp-TTL
X-LiteSpeed-Cache-Control
Cache-Host
X-EC-Lua
X-Dynatrace-Js-Agent
X-PF-Uncompressing
WZWS-RAY
X-Server-W
Ttl
X-Check-Cacheable
LB
CF-Cached-On
X-NODE
XServer
X-Sucuri-Id
On-Server
X-APP
X-Ftr-Cache-Host
X-Varnish-Cacheable
X-CDN-Cache
X-Tt-Trace-Host
X-Ratelimit-Remaining
X-FORWARDED-FOR
User-Agent
X-Ms-Version
X-GeoIP-Country-Code
X-Via-Ucdn
X-Ms-Request-Id
X-Edge
Geoip-City
X-BC
Geoip-Latitude
MIME-Version
GeoIp-Country-Code
Inserted-Into-Cache-At
Pics-Label
Environment
X-Cache-Debug
X-Aicache-OS
Lfy
X-Session-Fingerprint
X-Fastly-Country-Code
X-NU-AKA-ACS-Version
X-PJAX-URL
X-Akamai-SSL-Client-Sid
X-BE
WWW
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Ftr-Backend-Server
X-Ftr-Dc
X-Ftr-Balancer
X-Ftr-Backend
X-Ftr-Realm
X-Agile-Id
Who
Ohc-Response-Time
X-Mid
X-Agile
M-TraceId
X-Render-Time
X-Crawler
X-Agile-Age
Cf-Ipcountry
Requestid
X-Vcl-Version
X-MCACHE
X-CSRF-Token
X-LB-ID
X-Varnish-Ttl
SID
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Backend-Reqs
X-Litespeed-Cache-Control
X-Logging-Id
X-Micro-Cache
URI
X-7Graus-Varnish-XKeys
X-FE
X-7Graus-Varnish-Cache-Control
X-UPSTREAM-Address
Lb
X-WR-MODIFICATION
X-Via-Edge
X-Via-SSL
X-Sedo-Request-Id
X-Cache-Tag
X-Proxy-Cacherz
X-Served-From
X-Cache-Miss-From
Xkeyrz
HostName
X-DSS
RequestUuid
X-DB
X-DI
Host-ID
X-DW
X-Action
X-RPS
X-RPM
CDN
X-RSL
X-Correlation-ID
DataCenter
X-Cf-Powered-By
X-Zalando-Child-Request-Id
X-Vct
X-Page-Impression-Id
X-Flow-Id
X-Amzn-Remapped-Connection
X-WA
X-Fastly-Cache-Hits
X-ServedByHost
X-Core-Value
X-Nananana
X-Fpc
Xkeypdq
X-Amzn-Remapped-Date
X-Swift-Error
X-Newrelic-App-Data
X-NGINX-Cache
X-MID
X-Ecache
FNAC-ModuleRouting
Warning
X-AK-Request-ID
X-Cdn-Request-ID
Cneonction
Cdnsip
Correlation-Id
X-Protected-By
X-TIME
X-Vdms-Version
Cdncip
X-SB
X-VC
X-Sucuri-ID
X-Apw-Hits
X-Fe
X-Apw-Access-Token
X-Apw-Access-Object
X-Request-URL
Xet-Cookie
Get-Access-Time
Is-Session-Tracking
X-Sucuri-Cache
X-TT-LOGID
X-Sigma-Backend
X-Sigma
RequestId
X-Rocket-Build-Number
X-Apw-Access-Action
Processtime
X-Refresh
X-Request-Url
X-ND-Cache
X-MiniProfiler-Ids
X-Gdpr
X-Dw-Trace-Id
X-Serial
X-ServerName
X-Unique-Id
X-ECache
X-Via-NSCOPI
HitType
X-Bug-Bounty
V-Cache