Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
X-Content-Security-Policy
Content-Encoding
Status
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Buckets
X-Request-ID
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-CDN
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-Server
X-UA-Device
X-Proxy-Cache
X-Hacker
Request-Context
X-Swift-SaveTime
X-Swift-CacheTime
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
P3p
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
Feature-Policy
X-Amz-Version-Id
X-Device
X-Server-Id
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
EagleEye-TraceId
Report-To
X-Cloud-Trace-Context
X-Backend-Server
Request-Id
X-Response-Time
X-Host
Content-Location
X-Node
X-Readtime
X-Origin-Cache
X-Vhost
X-Cache-Lookup
X-Application-Context
X-ORACLE-DMS-ECID
X-DataDome
X-Dispatcher
X-ORACLE-DMS-RID
NEL
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Rack-Cache
X-HW
Surrogate-Control
X-Dns-Prefetch-Control
Rating
X-Country-Code
Allow
X-Clacks-Overhead
X-Country
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-DynaTrace
X-Instart-Request-ID
X-MS-InvokeApp
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
X-Varnish-TTL
X-B3-TraceId
X-TTL
Pinterest-Generated-By
Verso
X-Powered-By-Plesk
Public-Key-Pins
X-Px
Accept-Ch-Lifetime
RTSS
Edge-Control
X-Mod-Pagespeed
X-ESI
X-Ah-Environment
X-Sol
X-Middleton-Display
X-Middleton-Response
Response
Display
X-VARITI-CCR
SPRequestGuid
X-D2id
X-SharePointHealthScore
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Use-Magma
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Recruiting
X-Akam-SW-Version
X-CST
Service-Worker-Allowed
SPRequestDuration
X-Vcap-Request-Id
SPIisLatency
X-Server-Name
X-Version
X-GitHub-Request-Id
TCN
X-Navigation-Version
X-Powered-CMS
MS-Author-Via
X-Abt-Application-Version
X-Trace
Charset
X-Shard
X-Debug
Fastly-Restarts
X-Aspnetmvc-Version
Realpath
X-Amz-Server-Side-Encryption
X-Amz-Rid
Nginx-Cache
X-Upstream
X-RateLimit-Remaining
AR-ATIME
Ar-Sid
AR-PoweredBy
AR-CACHE
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Ezoic-Cdn
X-TEC-API-ORIGIN
X-NF-Request-ID
Accept-CH
Front-End-Https
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Cached
X-MSEdge-Ref
DynaTrace
Arr-Disable-Session-Affinity
Access-Control-Request-Method
Pagespeed
Content-MD5
X-Shield-Request-Id
AR-Request-ID
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-VCache
MicrosoftSharePointTeamServices
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
Accept-Ch
X-XRDS-Location
S
X-Goog-Storage-Class
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-DynaTrace-JS-Agent
Paypal-Debug-Id
X-Id
X-Varnish-Age
X-Ser
ServerID
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-FTR-Realm
X-Via-JSL
X-Client-IP
X-Grace
X-Content-Type
X-Accel-Expires
X-Correlation-Id
X-Dw-Request-Base-Id
X-Forwarded-For
Edge-Cache-Tag
Fastcgi-Cache
X-Hits
X-Amzn-Trace-Id
Powered
X-Content-Digest
X-Fastcgi-Cache
X-Frontend
X-DIS-Request-ID
X-N
X-HS-Content-Id
PB-PID
X-HS-Hub-Id
PB-RID
X-Mobile-Rewrite
Arc-Version
AMP-Access-Control-Allow-Source-Origin
X-Pinterest-Rid
Pinterest-Version
X-Logged-In
X-Vcache
Server-Name
X-FTR-Cache-Host
X-Server-ID
TP-Cache
TP-L2-Cache
X-Request-Received
X-Request-Processing-Time
X-Request-Handler-Origin-Region
X-Kinsta-Cache
X-Microsite
X-Cache-Hit
X-Zen-Fury
X-FastCGI-Cache
X-Time
X-Type
X-Activity-Id
X-AppVersion
X-Rid
X-Az
Healthy
X-Analytics
X-LB-Cache
X-Revision
X-IPLB-Instance
Backend-Timing
X-User-Agent
X-GUploader-UploadID
X-Cache-Age
Retry-After
X-Whom
X-Srv
X-B3-Sampled
X-Node-Name
Server-Node
FilterID
X-RateLimit-Limit
X-NWS-LOG-UUID
X-Hp-Webp
Alternate-Protocol
Cache-Tag
Accept-Charset
X-SERVER
X-F-Cache
Cache-Status
X-Akamai-Edgescape
X-Webkit-CSP
X-Content-Options
X-Content-Security-Policy-Report-Only
X-Cache-Rule
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
NR-ENABLED
X-Content-Powered-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-AOL-HN
X-Tumblr-Pixel
MS-CV
X-Tumblr-Pixel-0
X-Cache-2
X-FB-Debug
DC
X-Tumblr-User
X-Debug-Info
Tracecode
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cluster
X-Instance
X-Jobs
Refresh
X-B
X-Forwarded-Host
Access-Control-Allow-Method
Surrogate-Key
X-App-Environment
X-Framework
Actual-Object-TTL
X-Page-Id
Source
X-Varnish-Grace
X-PHP-Backend
X-Cache-TTL
X-App-Server
Host
X-Mobile-URL
X-Cache-Operation
X-Seen-By
X-Request-Guid
Fastcgi-Useragent
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
Frame-Options
X-Cache-Key
X-TA-CDN-Provider
X-Cache-Control
X-Geo-Country
X-Hostname
X-Cached-By
Cleartype
X-Pad
X-Host-Name
X-Signature
Upgrade-Insecure-Requests
X-B-Cache
X-BCube-Filmed-By
X-Mobile
X-Element-Page-Cache
X-WebKit-CSP-Report-Only
X-Git-Hash
NGB
X-Response-Served-From
Xserver
X-Varnish-Backend
X-ATG-Version
X-ProcessESI
X-GeoIP
X-RemovedCookies
X-Ttl
WPE-Backend
X-UA-Device-Type
X-Amz-Replication-Status
Ms-Operation-Id
GEO-INFO
Eomportal-Instance
X-Tumblr-Pixel-2
X-HS-Cache-Config
Webserver
X-Drupal-Cache-Tags
X-RequestSource
Cache-Tv-Group
Filters
X-Daa-Tunnel
X-TT
X-RTag
X-Tumblr-Pixel-1
X-Adobe-Loc
X-Adobe-Content
X-Origin-Server
X-Handled-By
From-Origin
X-Cacheable-TTL
X-EdgeConnect-Cache-Status
Payment
X-TT-TIMESTAMP
X-TX-ID
X-XRDS-LOCATION
X-Cache-Remote
X-Cache-TTL-Remaining
X-Presslabs-Stats
Datacenter
X-Status
Cache
X-Esi
Liferay-Portal
X-Wix-Request-Id
X-FW-Dynamic
X-Acc-Meta-Resource-Type
X-WA-Info
X-Hyper-Cache
X-Region
X-Edge-Location
X-Cache-Action
Version
X-Ratelimit-Reset
X-Contextid
Viewport
X-Content-Age
X-Cache-NE
X-B3-Traceid
X-CF-Powered-By
X-Varnish-Hostname
PageSpeed
X-Akamai-Transformed
X-PressLabs-Stats
X-Storage
X-Cache-Server
X-Oneagent-Js-Injection
X-HS-Combine-CSS
X-Varnish-Server
Ohc-File-Size
X-Path-Route
Load-Balancing
X-Cache-Var
X-Accel-Buffering
Meta-Geo
X-ES-SERVER
X-Cache-Var-Map
X-RN-RSRV
X-Xfnlog-Site
X-Proxy
X-Via-Fastly
X-Cache-Enabled
Country
Cache-Tags
X-Viewer-Country
TWC-Connection-Speed
X-NCache
X-OCL
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
X-Access
X-Cache-Time
TWC-Privacy
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Origin
TWC-Device-Class
Property-Id
X-Varnish-Cache-Hits
X-Upgrade-Enabled
X-UnsetCookies
X-Tumblr-Pixel-3
X-Yottaa-Optimizations
DB-Nickname
Cache-Name
X-Cache-Config
Vix-Hermes-Req-Id
X-CCM
X-Section
Release
X-Origin-Hint
X-PCL
X-Yottaa-Metrics
Host-Header
Webcakes-Region
Rt-Fastcgi-Cache
Mn-Server-Ip
Selected-Fe
DSUID
X-From
X-Cache-Host
X-Timing-Wait
X-Rule
X-R9-Blue-Green-Version
X-Proxy-Build
X-VCT
X-Vgn-Hpd-Reason
X-Cache-Grace
X-Akamai-Request-ID2
Cache-Hits
X-Www-Served-By
X-Proto
X-Origin-Response-Time
X-CS
X-Debug-Cache
X-Labrador-Cache-Channel
X-Backend-TTL
X-Backend-Name
X-Device-Type
X-Drupal-Cache-Contexts
X-NGENIX-Cache
X-JoinUs
X-Format
X-EIG-Tracking-Id
X-Akamai-Request-ID
X-Cluster-Node
S-Cnection
X-IP
X-Varnish-Hits
X-ApacheServer
Decoy-Debug-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
Decoy-Debug-TTL
X-Trace-Id
X-FC-Vary-Parameters
X-Hosted-By
X-Human
Ohc-Cache-HIT
S-Rt
X-Hit
X-Time-Microsecs
Decoy-Debug-Key
X-PERF
Azure-Version
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-SiteName
X-Generated
X-Loop
X-TNCMS
X-Locale
X-FireWall-Port
X-NewRelic-App-Data
X-Ua
X-Web-Node
X-Site-Version
X-OVcl
Ec-Rule-Version
Cache-Key
X-OVcl-Cache
X-S
Origin-Edge-Control
Origin-Cache-Control
X-Real-IP
L5d-Success-Class
X-Pubstack
Server-Info
X-Rendered-As
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
Time
X-Redis-Cache
Now
X-Litespeed-Cache
X-SS-Set-Cookie
Accept-CH-Lifetime
X-Upstream-HT
Fastcgi-X-Cache-Version
X-FW-Version
X-Upstream-CT
X-Origin-CC
X-Origin-TTL
Fastly-SSL
OT-Force-Account-Verify
X-APP-VERSION
Cteonnt-Length
ServedBy
Mime-Version
Access-Control-Request-Headers
X-Cluster-Name
X-ServerID
X-FB-TRIP-ID
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Load-Cache
Origin
X-Sorting-Hat-PodId
X-ShopId
X-UUID
X-ShardId
X-Shopify-Stage
X-Tec-Api-Origin
X-App-Version
X-Parent-Response-Time
Hostname
X-Tec-Api-Root
X-Tec-Api-Version
X-VG-WebCache
X-Soup
X-VG-TLSProxy
X-GoCache-CacheStatus
X-Rocket-Nginx-Bypass
NtCoent-Length
X-Upstream-Proxy
Accept-Language
X-Webkit-Csp
Machine
X-Tb
X-Uri
Nel
X-ECACHE
NGX
X-Guploader-Uploadid
Odigeo-Trace-Id
X-No-Session
X-CACHE-KEY
X-CSRF-TOKEN
X-Is-Bot
X-ProxyCache-Status
X-MServer
X-ProxyCache-Key
X-Info
X-Environment-Context
X-L-Path
X-BYPASS-REASON
IBM-Web2-Location
X-Nc
X-Tt-Trace-Tag
BehaviorPad-Version
Cache-Prefix
Content-Script-Type
AsisCache
Content-Style-Type
Arc-Country
Apple-News-Services-Handled
A
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cross-Origin-Window-Policy
X-Node-Id
X-Detected-As
GEO-REGION-INFO
X-Date
X-D
MD5-Digest
Request-Time
Fly-Cache
Proxy-Connection
Fly-Request-Id
X-B3-Parentspanid
X-Connection-Hash
X-Vtex-Remote-Cache
X-S-Cookie
X-CF-Lambda-Version
X-G
X-PAYTM-SRV-ID
X-Rojux
X-Hl-Ver
VivaBuild
Viewtype
X-B3-SpanId
ServerName
X-Server-Time
X-External-Request-Id
T-Server
X-ScT
X-Rewrite-Enabled
X-Request-UUID
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Accel-Expires-Debug
X-AIR-PT
X-Aed
X-ARC
X-A-Dam
X-CF-Lambda-Fn
X-Instart-Info
X-A
X-B-Cookie
X-Region-Sid
X-A-Ccd
X-SRCache-Key
X-Destination
X-Cms-Context
X-Worker
Mobile-Detection-Method
Node
Rendered-Blocks
Rt-Proxy-Cache
X-Trv-Group
X-Transaction
Meta-Geo-Continent
X-VG-WebServer
Request-EU
X-DPWN-IS-SECURE
X-Developer
Request-Country
X-Application
X-Vtex-Processado-Em
X-Nginx-Cache
Xc-Version
X-Twitter-Response-Tags
X-Endurance-Cache-Level
Uber-Trace-Id
Backend-Name
CF-IPCountry
X-Geo
Memcached
X-WADP-Cache
X-Compress-Hint
IsBot
X-Clara-WADP
X-S-Maxage
X-Device-Os
X-SIPLIST1
Fastly-Soc-X-Request-Id
X-Developers
N-Cache
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Cdn-Srv
We-Hiring
X-B3-Spanid
X-Amzn-Remapped-Content-Length
Mail-Subject
X-Ruxit-Js-Agent
Srv
X-UA
X-PHP-Host
User-Cache-Control
X-Generated-By
Akamai-GRN
X-Cdn-Forward
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Dispatch
X-CUA
X-Debug-Cache-Expiry
X-Epic-Correlation-Id
X-Fastly-Cache
X-Fetched-On
X-Generated-On
X-Hnp-Log
X-Eu-Site
X-Distil-CS
X-Distributor
X-NX-Host
X-Dispatcher-Server
X-Cache-Bucket
X-NC
X-Auto-Login
X-Azure-Ref
X-Amz-Meta-Cache-Control
X-Request-URI
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Azure-Ref-OriginShield
X-Backend-Host
X-Cache-FS-Status
X-CGP
X-Dc
X-Generation-Time
X-C
X-Backend-Url
X-BBXSRF
X-Bip
X-Proxy-Cache-Status
X-Has-Esi
X-Service
X-Skip-Cache
X-Thanos
X-TrackingId
X-Server-IP
X-Block-Status
X-Release
X-Reqid
X-Request-Start
X-Up
X-User
X-Wikidot-Backend
X-Wikidot-Static-Cache
CDCHOST
X-Webstats-RespID
X-WebServer
X-Var-Ttl
X-VC-Cache
X-We-Are-Hiring
X-Cache-Info
X-Platform-Server
X-IN-APIGATEWAYSSL
X-Irp-Debug
X-Is-Gdpr
X-JWT-State
X-IN-APIGATEWAY
X-Hash
X-GeoIP-City
X-Gen-Mode
X-Sn-Servicetimems
X-Level-Front-Cache
X-ElasticPress-Search
X-Owner
X-Debug-Cookies
X-Cdn-Origin
X-Origin-Expires
X-Origin-Date
X-Magnolia-Registration
X-Debug-Log
X-Old-Content-Length
X-Geo-Header
X-Proxy-Upstream
AKAMAI
L
Pagetype
PFcat
RNT-Machine
RNT-Time
Heartbleed
Server-Host
Content-Disposition
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
Pramga
X-Ratelimit-Limit
X-Microcachable
X-NWS-UUID-VERIFY
SRV
X-Via-CDN
Is-Eu
Kp-EeAlive
Fastly-SWR
X-Generated-In
X-Thinkindot-L3
X-Matched-Rule
True-Client-Country-4JS
Thinkindot-CacheControl
Adler-Geo
X-Urbn-Context-Path
Thinkindot-CacheControl-Type
X-App-Name
Thinkindot-Control
X-Cache-Id
X-Qloud-Router
Countrycode
X-LI-UUID
X-Location
W
X-Nginx-Cache-Key
X-Method
X-LI-Proto
X-Li-Pop
X-Swa-Ws
X-Variation
Esi-Enabled
X-Lb-Id
X-Li-Fabric
X-Reboot
Magicmarker
Fastly-SIE
Server-Int
Section-Io-Cache
X-Clientip
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Served-By
Platform
X-Urbn-Site-Id
X-Svr
X-Policy
Locale
X-Core-Mission
Resin-Trace
X-Key
X-Backend-State
Cache-Provider
X-Internal-Host
X-ServiceProvider
X-MSEdge-Flight
Server-ID
X-Say-Cacheable
X-VServer
X-Cache-URL
X-Say-TTL
SD-X-WS
X-SD-PageType
X-MSEdge-Features
X-Instart-Isnd
X-Servername
X-SayCDN-TTL
V-Age
Web-Mar-Node
X-GEO
X-Edge-Server
Cdn-Host
Cdn-Request-Time
X-Scheme
X-VWS-Id
Memory
X-LJ-Flow-ID
X-AWS-Id
X-Be
X-Cache-Backend
X-Processor
X-FPC
X-GDPR
REQUESTUUID
X-DC
X-Mode
X-Org
X-Request-Time
X-Ftr-Request-Id
Group
X-ABtesting
X-Flog
X-NodeID
X-Hello
X-Servedbyhost
SS
X-Pjax-Url
X-Datadome
X-Unique-ID
Cache-Host
X-Server-W
X-Wa
X-Response-By
X-IPS-LoggedIn
Country-Code
X-Page-Type
X-Ms-Request-Id
Cache-Cookie-Set-From
X-CDN-Forward
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Ms-Version
X-SN
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Oss-Hash-Crc64ecma
X-Varnish-Beresp-Status
X-Oracle-Dms-Rid
X-VCL-Version
X-Varnish-Beresp-Grace
X-HS-Status
X-Varnish-Beresp-Ttl
X-EC-Lua
X-Proxied
X-Routing-Service
X-Zone
X-Zipkin-Id
Lfy
UCS
X-Session-Fingerprint
PICS-Label
X-Via-Ucdn
X-Tb-Optimization-Total-Bytes-Saved
X-SRV
X-Dynatrace
X-URL
X-Agile-Age
X-Agile
X-Agile-Id
X-COUNTRY
X-Cache-Debug
X-GRACE
X-DataStream-Cache-Status
X-Ftr-Cache-Host
X-Logtrace-Id
Ajk
SN
Ttl
Powered-By-ChinaCache
X-RateLimit-Reset
X-MP-GENERATED-AT
X-Ratelimit-Remaining
X-Varnish-Beresp-TTL
X-7Graus-Varnish-XKeys
Proxy-Firewall
X-7Graus-Varnish-Cache-Control
X-Webapp-Samesite-None-Activated-N
X-Fastly-Country-Code
Geoip-Latitude
Geoip-City
X-Pf-Uncompressing
GeoIp-Country-Code
ProcessTime
X-Source
X-Sucuri-Id
Powered-By
X-Logging-Id
X-Grey
X-Cache-Miss-From
X-Cache-Category-Id
X-APP
X-CSRF-Token
X-PF-Uncompressing
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
X-Sedo-Request-Id
Environment
XServer
X-HTML-Minification-Powered-By
X-Bc
X-NODE
Cdn
X-Newrelic-Synthetics
X-ZONE
X-Ftr-Backend-Server
X-Ftr-Backend
X-CLOUD-TRACE-CONTEXT
X-Ftr-Balancer
X-Ftr-Realm
X-Sucuri-ID
X-Ftr-Dc
X-Unique-Id
X-Tt-Trace-Host
Pics-Label
X-Vcl-Version
X-TH-Server
X-Core-Value
X-DataStream-Origin-MEX-Latency
Fastly-Backend-Name
X-Edge
X-Check-Cacheable
CACHE
CF-Cached-On
X-DataStream-MidMile-RTT
M-TraceId
Amp-Access-Control-Allow-Source-Origin
X-LiteSpeed-Cache-Control
WWW
X-Sucuri-Cache
X-Vdms-Version
X-Aicache-OS
Cf-Ipcountry
X-Dynatrace-Js-Agent
HostName
X-Sigma
Cdncip
Cdnsip
X-Rocket-Build-Number
Requestid
X-Sigma-Backend
X-AK-Request-ID
GW-Server
X-Mid
X-Fastly-Backend-Reqs
X-RCS-CacheZone
MIME-Version
X-Fstrz
LB
X-Varnish-Ttl
X-MCACHE
Pragrma
X-Swift-Error
X-Cache-Tag
X-Shopify-Generated-Cart-Token
X-LAGOON
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-FORWARDED-FOR
X-Planisys-CDN-Cache
X-ServedByHost
Ohc-Response-Time
X-Gannett-Site-Version
X-Litespeed-Cache-Control
X-Secret
X-NGINX-Cache
X-Via-NSCOPI
X-TT-LOGID
X-Varnish-Url
X-UPSTREAM-Address
Lb
X-Action
X-BE
X-WA
X-DI
URI
X-BC
TTL
X-DB
X-RPS
X-RSL
X-PJAX-URL
X-RPM
X-CDN-Cache
X-DW
X-DSS
X-Cache-Ttl
X-ORACLE-APMCS-TAG
X-SaId
X-ORACLE-APMCS-REQUEST-ID
Dynatrace
X-ND-Cache
RequestUuid
X-GeoIP-Country-Code
On-Server
X-WR-MODIFICATION
X-Fpc
WZWS-RAY
Host-ID
X-Varnish-Cacheable
X-Correlation-ID
DataCenter
Get-Access-Time
X-Flow-Id
User-Agent
X-Refresh
X-Proxy-Cacherz
Is-Session-Tracking
Inserted-Into-Cache-At
X-Page-Impression-Id
X-Upstream-Ct
X-Trafficlayer-App-Version
Xkeyrz
X-Fastly-Cache-Hits
CDN
X-Upstream-Ht
Xkeypdq
X-Nananana
X-Zalando-Child-Request-Id
Server-Id
Warning
X-Served-From
X-MID
Locid
X-VC
X-SB
Correlation-Id
X-Dw-Trace-Id
X-Akamai-SSL-Client-Sid
X-Cf-Powered-By
X-Req
X-Pod
X-Gamma-Serve
X-ECache
X-Akamai-ERRuleID
X-Via-SSL
X-Via-Edge
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Thinkindot-Cache-Type
Gannett-Cam-Experience-Id
X-Akamai-ERPolicy
X-Request-URL
Who
Xet-Cookie
X-NU-AKA-ACS-Version
X-Crawler
X-Newrelic-App-Data
V-Cache
Cneonction
X-MiniProfiler-Ids
SID
RequestId
X-LiteSpeed-Tag
X-Bug-Bounty
HitType
X-Gen-Id
X-ServerName
X-LB-ID
X-Gdpr
Processtime