Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-XSS-Protection
X-Powered-By
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Xss-Protection
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
X-Content-Security-Policy
Content-Encoding
Status
X-AspNetMvc-Version
X-Buckets
X-Request-ID
X-Kinja-Server-Push
Upgrade
Xkey
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-CDN
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-Server
X-UA-Device
X-Proxy-Cache
X-Hacker
Request-Context
X-Swift-SaveTime
X-Swift-CacheTime
X-Nginx-Cache-Status
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Cdn
P3p
Cf-Railgun
X-LiteSpeed-Cache
Server-Timing
Feature-Policy
X-Ua-Compatible
X-Amz-Version-Id
X-Device
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Rq
X-Ac
EagleEye-TraceId
X-Cnection
Report-To
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Response-Time
X-Node
X-Host
Content-Location
X-Readtime
X-Origin-Cache
X-Vhost
X-Cache-Lookup
X-Application-Context
X-DataDome
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-Rack-Cache
X-HW
X-Origin-Upstream-Status
Surrogate-Control
X-Clacks-Overhead
Rating
X-Country-Code
X-Dns-Prefetch-Control
Allow
X-Country
X-Url
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-EdgeConnect-MidMile-RTT
X-DynaTrace
X-MS-InvokeApp
X-Goog-Hash
X-Instart-Request-ID
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Vname
X-TtlSet
X-PC
X-Varnish-TTL
X-TTL
X-B3-TraceId
Pinterest-Generated-By
Verso
X-Powered-By-Plesk
X-Px
Public-Key-Pins
RTSS
X-ESI
Edge-Control
X-Mod-Pagespeed
SPRequestGuid
X-Middleton-Display
Response
X-Sol
Display
X-Middleton-Response
X-Akam-SW-Version
Accept-Ch-Lifetime
X-VARITI-CCR
X-D2id
X-SharePointHealthScore
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Ah-Environment
X-Recruiting
SPIisLatency
SPRequestDuration
Service-Worker-Allowed
X-Vcap-Request-Id
X-CST
X-Server-Name
X-GitHub-Request-Id
X-Version
MS-Author-Via
X-Navigation-Version
X-Powered-CMS
X-Abt-Application-Version
X-Trace
TCN
X-Debug
Charset
X-Shard
Fastly-Restarts
Nginx-Cache
Realpath
X-Amz-Rid
X-Upstream
X-Amz-Server-Side-Encryption
X-Aspnetmvc-Version
AR-CACHE
AR-ATIME
Ar-Sid
AR-PoweredBy
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Accept-CH
X-Forwarded-Proto
X-NF-Request-ID
X-Ezoic-Cdn
Front-End-Https
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-MSEdge-Ref
DynaTrace
X-Cached
Arr-Disable-Session-Affinity
Access-Control-Request-Method
Pagespeed
X-RateLimit-Remaining
Content-MD5
X-Shield-Request-Id
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MicrosoftSharePointTeamServices
AR-Request-ID
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
X-VCache
X-DynaTrace-JS-Agent
X-Goog-Storage-Class
X-Ser
S
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-T
Accept-Ch
X-Id
X-Varnish-Age
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
Paypal-Debug-Id
ServerID
X-XRDS-Location
X-Via-JSL
X-Grace
X-Accel-Expires
X-Correlation-Id
X-Client-IP
X-Fastcgi-Cache
X-Dw-Request-Base-Id
X-Content-Type
Edge-Cache-Tag
X-Forwarded-For
Fastcgi-Cache
X-Amzn-Trace-Id
X-Hits
X-Content-Digest
X-DIS-Request-ID
X-Frontend
Powered
Pinterest-Version
X-Pinterest-Rid
X-N
X-Vcache
X-HS-Content-Id
X-HS-Hub-Id
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Logged-In
Server-Name
TP-L2-Cache
TP-Cache
X-Request-Received
X-Request-Processing-Time
X-Kinsta-Cache
X-Cache-Hit
X-Request-Handler-Origin-Region
X-Server-ID
X-Microsite
X-Zen-Fury
X-Revision
X-LB-Cache
X-Cache-Age
X-Az
X-AppVersion
X-IPLB-Instance
X-Activity-Id
X-Rid
X-Webkit-CSP
Healthy
X-Type
X-User-Agent
Retry-After
X-FastCGI-Cache
X-Whom
X-Srv
X-GUploader-UploadID
X-Analytics
Backend-Timing
Server-Node
X-B3-Sampled
X-Time
X-Node-Name
FilterID
X-NWS-LOG-UUID
X-Hp-Webp
Alternate-Protocol
Cache-Tag
X-RateLimit-Limit
NR-ENABLED
Accept-Charset
X-F-Cache
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-SERVER
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Content-Options
X-Cache-Rule
X-Content-Powered-By
DC
Cache-Status
X-Cluster
X-FB-Debug
X-Amz-Apigw-Id
X-AOL-HN
Refresh
MS-CV
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Framework
X-Tumblr-User
X-Amzn-RequestId
VIX-Pulpo-Upstream-Status
X-Jobs
VIX-Pulpo-Node
Source
X-App-Environment
X-Instance
Access-Control-Allow-Method
X-Varnish-Grace
X-PHP-Backend
X-Debug-Info
X-Kong-Proxy-Latency
X-Cache-2
X-Kong-Upstream-Latency
X-B
Tracecode
X-Page-Id
Actual-Object-TTL
X-Seen-By
X-Request-Guid
X-Mobile-URL
X-Forwarded-Host
Fastcgi-Useragent
Surrogate-Key
Host
X-Cache-TTL
X-Cache-Operation
X-App-Server
X-Cache-Key
Frame-Options
X-Geo-Country
X-Cache-Control
X-FW-Hash
X-Cached-By
X-FW-Serve
X-FW-Type
X-FW-Server
X-FW-Static
X-Element-Page-Cache
X-Pad
X-Host-Name
X-XRDS-LOCATION
X-TA-CDN-Provider
Cleartype
X-Hostname
X-Signature
X-B-Cache
Upgrade-Insecure-Requests
X-Git-Hash
X-WebKit-CSP-Report-Only
X-Mobile
X-ATG-Version
X-HS-Cache-Config
X-Varnish-Backend
X-BCube-Filmed-By
X-Response-Served-From
NGB
X-GeoIP
X-Daa-Tunnel
Cache-Tv-Group
Eomportal-Instance
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Ms-Operation-Id
X-TT
X-Handled-By
X-ProcessESI
X-UA-Device-Type
X-RemovedCookies
X-RTag
Filters
Webserver
X-Origin-Server
WPE-Backend
X-Drupal-Cache-Tags
X-Adobe-Content
X-Adobe-Loc
X-EdgeConnect-Cache-Status
GEO-INFO
Xserver
X-Cacheable-TTL
X-Amz-Replication-Status
Payment
From-Origin
X-RequestSource
X-TX-ID
X-Ttl
X-Wix-Request-Id
X-TT-TIMESTAMP
Datacenter
X-Presslabs-Stats
X-Cache-TTL-Remaining
X-Cache-Remote
X-Status
Cache
X-WA-Info
X-Hyper-Cache
X-FW-Dynamic
Liferay-Portal
X-Litespeed-Cache
X-Webkit-Csp
X-Region
X-Esi
X-Contextid
X-Cache-Action
Version
X-Edge-Location
X-Ratelimit-Reset
X-Akamai-Transformed
Viewport
X-Cache-NE
X-Content-Age
X-Acc-Meta-Resource-Type
X-HS-Combine-CSS
X-Varnish-Hostname
X-CF-Powered-By
X-Cache-Server
X-B3-Traceid
X-Storage
X-PressLabs-Stats
PageSpeed
X-Varnish-Server
Host-Header
X-RN-RSRV
X-Cache-Var
Meta-Geo
X-ES-SERVER
Load-Balancing
X-Cache-Var-Map
X-Cache-Enabled
X-Path-Route
X-IP
Accept-CH-Lifetime
X-Oneagent-Js-Injection
X-CCM
X-Proxy
X-UnsetCookies
X-Cache-Config
X-Via-Fastly
Release
Rt-Fastcgi-Cache
Country
Cache-Hits
X-Loop
X-Proto
X-NCache
X-Accel-Buffering
X-Cache-Time
X-Cache-Host
X-TNCMS
X-Labrador-Cache-Channel
Cache-Name
Cache-Tags
X-Backend-TTL
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Selected-Fe
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
Vix-Hermes-Req-Id
TWC-Privacy
S-Rt
Property-Id
X-CS
X-Debug-Cache
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-Cache-Grace
DB-Nickname
X-Akamai-Request-ID2
X-Backend-Name
Ec-Rule-Version
DSUID
X-From
X-Varnish-Cache-Hits
X-Origin-Hint
X-Upgrade-Enabled
X-Origin
Webcakes-Region
X-Varnish-Hits
X-PCL
X-Trace-Id
X-R9-Blue-Green-Version
X-Rule
X-Proxy-Build
X-NewRelic-App-Data
X-Timing-Wait
X-Vgn-Hpd-Reason
X-OCL
X-Hosted-By
X-Human
X-JoinUs
X-Www-Served-By
X-Web-Node
X-Viewer-Country
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Site-Version
Azure-RegionName
Azure-Version
Azure-SiteName
X-Time-Microsecs
X-Akamai-Request-ID
X-Generated
X-Yottaa-Metrics
Azure-InstanceId
Decoy-Debug-TTL
Mn-Server-Ip
Decoy-Debug-Status
Decoy-Debug-Key
X-VCT
X-Tumblr-Pixel-3
X-Xfnlog-Site
X-Yottaa-Optimizations
Azure-SlotName
X-Origin-Response-Time
X-FireWall-Port
X-Locale
S-Cnection
Ohc-File-Size
X-Device-Type
X-Drupal-Cache-Contexts
X-Real-IP
X-Access
X-Hit
X-ApacheServer
X-Section
Cache-Key
X-Cluster-Node
X-PERF
X-OVcl
X-Format
Origin-Edge-Control
X-OVcl-Cache
X-Pubstack
Origin-Cache-Control
X-Rendered-As
Server-Info
L5d-Success-Class
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Redis-Cache
X-S
Time
X-Origin-CC
Ohc-Cache-HIT
X-Origin-TTL
X-NGENIX-Cache
X-FW-Version
X-Ua
Fastly-SSL
Fastcgi-X-Cache-Version
OT-Force-Account-Verify
Now
X-SS-Set-Cookie
X-Cluster-Name
X-APP-VERSION
X-ServerID
Hostname
Origin
X-Load-Cache
ServedBy
X-Shopify-Stage
Access-Control-Request-Headers
X-Sorting-Hat-PodId
Cteonnt-Length
X-UUID
X-Upstream-CT
X-Upstream-HT
X-Sorting-Hat-ShopId
X-Soup
X-GoCache-CacheStatus
X-Alternate-Cache-Key
X-ShopId
X-ShardId
X-Rocket-Nginx-Bypass
X-FB-TRIP-ID
X-App-Version
X-Guploader-Uploadid
Mime-Version
X-Parent-Response-Time
NtCoent-Length
X-Tec-Api-Root
X-Tec-Api-Version
X-VG-WebCache
X-Tec-Api-Origin
Odigeo-Trace-Id
NGX
X-UA
X-Is-Bot
X-VG-TLSProxy
Accept-Language
X-Info
Machine
X-Uri
IBM-Web2-Location
X-Upstream-Proxy
Nel
X-Geo
X-ProxyCache-Status
X-MServer
X-B3-SpanId
X-ProxyCache-Key
X-No-Session
X-ECACHE
X-BYPASS-REASON
X-Tb
X-Environment-Context
X-L-Path
X-CACHE-KEY
Uber-Trace-Id
X-PHP-Host
Srv
Rt-Proxy-Cache
Fly-Cache
Fly-Request-Id
X-Vtex-Remote-Cache
X-Accel-Expires-Debug
X-Node-Id
X-Vtex-Processado-Em
X-AIR-PT
X-G
X-B-Cookie
X-B3-Parentspanid
X-ARC
X-Hl-Ver
Arc-Country
X-Instart-Info
X-Application
GEO-REGION-INFO
X-Aed
X-CF-Lambda-Fn
X-Date
BehaviorPad-Version
A
X-Connection-Hash
X-D
AsisCache
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Cache-Prefix
X-Destination
Content-Script-Type
Content-Style-Type
X-DPWN-IS-SECURE
Cross-Origin-Window-Policy
Xc-Version
X-VG-WebServer
X-Detected-As
X-Developer
X-CF-Lambda-Version
X-External-Request-Id
Request-Time
T-Server
Node
Viewtype
Mobile-Detection-Method
X-PAYTM-SRV-ID
X-Request-UUID
X-Transaction
X-Twitter-Response-Tags
X-Region-Sid
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-ScT
X-A-Wwc
X-Server-Time
Rendered-Blocks
Meta-Geo-Continent
VivaBuild
X-A
ServerName
X-A-Ccd
X-A-Dam
X-Trv-Group
X-A-Dcw
MD5-Digest
Request-EU
Memcached
Request-Country
X-SRCache-Key
X-A-Dgt
Backend-Name
X-Cdn-Forward
X-Nc
X-Generated-By
X-Tt-Trace-Tag
X-Cdn-Srv
X-Cms-Context
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-CSRF-TOKEN
X-SIPLIST1
X-Via-CDN
X-S-Maxage
X-Amzn-Remapped-Content-Length
X-Has-Esi
X-Is-Gdpr
Proxy-Connection
N-Cache
CF-IPCountry
X-JWT-State
IsBot
X-Cache-Bucket
X-Dc
X-NC
X-Endurance-Cache-Level
User-Cache-Control
Section-Io-Cache
Served-By
X-Compress-Hint
X-Auto-Login
X-Backend-Host
X-Amz-Meta-Cache-Control
Server-Host
Thinkindot-CacheControl-Type
X-Bip
X-Block-Status
X-Cache-FS-Status
X-Cache-Id
X-Cache-Info
X-BBXSRF
X-Backend-Url
Thinkindot-Control
Thinkindot-CacheControl
Server-Int
X-Clientip
X-Clara-WADP
True-Client-Country-4JS
X-WADP-Cache
X-Origin-Date
X-Old-Content-Length
X-Origin-Expires
X-Owner
X-Platform-Server
X-Var-Ttl
X-Variation
X-VC-Cache
X-VServer
X-LI-UUID
X-Location
X-Magnolia-Registration
X-NX-Host
X-Matched-Rule
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Skip-Cache
X-Service
X-Sn-Servicetimems
X-Swa-Ws
X-Thinkindot-L3
X-Thanos
X-Server-IP
X-Request-URI
X-User
X-Reboot
X-Up
X-Release
X-Request-Start
X-Reqid
X-Li-Pop
X-Li-Fabric
X-Dispatcher-Server
X-Dispatch
X-Distributor
X-Worker
X-We-Are-Hiring
X-Webstats-RespID
X-Svr
X-Device-Os
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cookies
X-Developers
X-Debug-Log
X-TrackingId
X-ElasticPress-Search
X-Hnp-Log
X-Hash
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Level-Front-Cache
X-Irp-Debug
X-GeoIP-City
X-Geo-Header
X-Fetched-On
X-Fastly-Cache
X-Gen-Mode
X-Generated-On
X-Generation-Time
X-CUA
X-Cdn-Origin
AKAMAI
Pagetype
X-B3-Spanid
Platform
Adler-Geo
Heartbleed
Kp-EeAlive
Is-Eu
Fastly-Soc-X-Request-Id
X-NWS-UUID-VERIFY
PFcat
Gh-Request-Id
Countrycode
Pramga
Content-Disposition
Mail-Subject
We-Hiring
Esi-Enabled
X-Epic-Correlation-Id
X-C
X-Eu-Site
X-Distil-CS
X-Cache-URL
CDCHOST
X-Core-Mission
Akamai-GRN
X-Generated-In
X-CGP
X-Nginx-Cache-Key
X-Urbn-Context-Path
X-SD-PageType
RNT-Time
X-Urbn-Site-Id
X-WebServer
X-Instart-Isnd
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Say-TTL
X-Say-Cacheable
X-Method
X-LI-Proto
X-Lb-Id
X-Policy
X-Qloud-Router
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Key
X-SayCDN-TTL
Resin-Trace
SD-X-WS
Wxu-Next-Commit
Web-Mar-Node
L
HA-Ipaddr
Ha-Gx-Prefs
X-Azure-Ref
RNT-Machine
Magicmarker
Wxu-Next-Hostname
Wxu-Next-Region
Locale
X-Azure-Ref-OriginShield
X-Ruxit-Js-Agent
X-Microcachable
X-Ratelimit-Limit
X-Cache-Backend
X-Nginx-Cache
V-Age
X-Internal-Host
X-ServiceProvider
Fastly-SWR
W
X-Rebelmouse-Cache-Control
X-App-Name
Fastly-SIE
X-Backend-State
X-MSEdge-Features
X-Scheme
Cache-Provider
X-MSEdge-Flight
X-Rebelmouse-Surrogate-Control
SRV
X-FPC
X-Servername
X-Processor
Server-ID
X-Ratelimit-Remaining
X-Be
REQUESTUUID
X-CACHE-GROUP
Memory
Group
Cdn-Request-Time
Cdn-Host
X-Edge-Server
X-GEO
X-Webapp-Samesite-None-Activated-N
X-VWS-Id
X-AWS-Id
X-DC
X-LJ-Flow-ID
X-NodeID
X-Pjax-Url
X-GDPR
Cache-Host
X-Hello
X-Flog
X-Mode
X-ABtesting
X-Org
X-Datadome
X-Request-Time
X-Server-W
X-Wa
X-Servedbyhost
SS
X-Unique-ID
X-Varnish-Beresp-Grace
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Varnish-Beresp-Status
X-Ms-Request-Id
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Response-By
X-Varnish-Beresp-Ttl
X-Ms-Version
X-IPS-LoggedIn
X-CDN-Forward
Country-Code
X-Via-Ucdn
Lfy
X-SN
X-Session-Fingerprint
X-Page-Type
Cache-Cookie-Set-From
X-VCL-Version
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Oracle-Dms-Rid
X-Zone
X-EC-Lua
PICS-Label
X-Agile-Id
X-Cache-Debug
X-SRV
X-Agile
X-Agile-Age
X-Ftr-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Dynatrace
UCS
X-Zipkin-Id
X-COUNTRY
X-Proxied
X-URL
X-7Graus-Varnish-Cache-Control
Geoip-Latitude
Powered-By-ChinaCache
X-CSRF-Token
X-Routing-Service
X-Pf-Uncompressing
Geoip-City
GeoIp-Country-Code
X-7Graus-Varnish-XKeys
X-HS-Status
X-GRACE
SN
X-Cache-Miss-From
Environment
X-Fastly-Country-Code
Ttl
X-Sedo-Request-Id
X-Logging-Id
X-APP
Proxy-Firewall
XServer
X-Sucuri-ID
X-Logtrace-Id
Ajk
X-Sucuri-Id
X-Source
X-Varnish-Beresp-TTL
X-Unique-Id
X-MP-GENERATED-AT
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
X-PF-Uncompressing
X-Bc
X-Core-Value
Cdn
Powered-By
X-ZONE
M-TraceId
X-Newrelic-Synthetics
ProcessTime
X-Grey
X-Ftr-Cache-Host
X-Cache-Category-Id
X-RateLimit-Reset
X-LiteSpeed-Cache-Control
X-CLOUD-TRACE-CONTEXT
X-Vdms-Version
Pics-Label
X-Aicache-OS
X-Tt-Trace-Host
X-Vcl-Version
X-HTML-Minification-Powered-By
Cf-Ipcountry
CACHE
Amp-Access-Control-Allow-Source-Origin
X-TH-Server
X-Edge
CF-Cached-On
X-Sucuri-Cache
X-Check-Cacheable
Fastly-Backend-Name
Cdnsip
X-AK-Request-ID
WWW
Cdncip
X-Fstrz
X-Sigma-Backend
X-Sigma
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-DataStream-Cache-Status
X-Shopify-Generated-Cart-Token
Pragrma
X-Rocket-Build-Number
X-Ftr-Backend
X-Ftr-Backend-Server
X-Ftr-Realm
MIME-Version
X-Dynatrace-Js-Agent
X-Ftr-Dc
X-Ftr-Balancer
X-Cache-Tag
X-Via-NSCOPI
X-Mid
Requestid
X-ServedByHost
X-NGINX-Cache
X-RCS-CacheZone
X-SaId
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-MCACHE
HostName
X-Swift-Error
X-FORWARDED-FOR
GW-Server
X-WA
X-Varnish-Ttl
X-Fastly-Backend-Reqs
X-LAGOON
TTL
X-Edge-O15-RID
X-Secret
X-UPSTREAM-Address
X-Upstream-Ct
X-Upstream-Ht
X-ND-Cache
X-Gannett-Site-Version
X-TT-LOGID
LB
URI
Lb
Tcn
X-Cache-Ttl
X-BC
X-DataStream-Origin-MEX-Latency
Ohc-Response-Time
X-TIME
X-BE
X-DW
X-Refresh
X-RPS
X-RSL
X-Litespeed-Cache-Control
X-PJAX-URL
X-Trafficlayer-App-Version
X-Action
X-RPM
X-DI
X-DB
X-Varnish-Url
X-DSS
X-DataStream-MidMile-RTT
Dynatrace
X-WR-MODIFICATION
On-Server
RequestUuid
X-Cf-Powered-By
Host-ID
X-Varnish-Cacheable
X-Via-Edge
X-Via-SSL
X-CDN-Cache
X-Served-From
X-Correlation-ID
DataCenter
Get-Access-Time
X-Fpc
X-Fastly-Cache-Hits
Is-Session-Tracking
CDN
X-GeoIP-Country-Code
Gannett-Cam-Experience-Id
User-Agent
X-Proxy-Cacherz
X-Pod
Server-Id
X-Zalando-Child-Request-Id
X-Gamma-Serve
Xkeypdq
X-Flow-Id
X-Page-Impression-Id
Xkeyrz
WZWS-RAY
X-ATS-Timestamp
Locid
X-ServerName
Correlation-Id
Warning
X-HostName
X-Req
Inserted-Into-Cache-At
X-Dw-Trace-Id
X-Nananana
X-MID
X-SB
X-VC
X-ECache
X-Gen-Id
FNAC-ModuleRouting
Processtime
RequestId
X-Li-Proto
HitType
Thinkindot-Cache-Type
Xet-Cookie
X-Amzn-Remapped-Date
X-LiteSpeed-Tag
X-Newrelic-App-Data
X-MiniProfiler-Ids
Cneonction
V-Cache
X-LB-ID
X-Amzn-Remapped-Connection
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Bug-Bounty
X-Gdpr