Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
X-Request-ID
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Envoy-Upstream-Service-Time
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-CDN
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
X-Backend-Server
Content-Location
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
X-Origin-Upstream-Status
X-Rack-Cache
Allow
X-Ruxit-JS-Agent
X-HW
X-DataDome
X-ORACLE-DMS-RID
Rating
X-Country-Code
X-FTR-Request-ID
X-TTL
X-Url
X-Country
X-Clacks-Overhead
X-DynaTrace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
X-Instart-Request-ID
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-CST
Verso
RTSS
X-Px
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-Recruiting
X-VARITI-CCR
X-Mod-Pagespeed
Pinterest-Generated-By
Service-Worker-Allowed
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-D2id
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Build
Display
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
X-Ah-Environment
X-Vcap-Request-Id
X-Version
SPRequestGuid
Accept-CH
Accept-Ch-Lifetime
X-SharePointHealthScore
X-B3-TraceId
X-Akam-SW-Version
MS-Author-Via
TCN
X-GitHub-Request-Id
X-Abt-Application-Version
X-RateLimit-Remaining
X-Navigation-Version
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Powered-CMS
X-TEC-API-ORIGIN
X-Upstream
X-Shard
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
SPRequestDuration
SPIisLatency
Charset
AR-CACHE
X-XRDS-Location
AR-PoweredBy
AR-ATIME
Fastly-Restarts
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Rid
Nginx-Cache
X-Trace
Realpath
Ar-Sid
X-Debug
X-Aspnetmvc-Version
X-Server-Name
Front-End-Https
AR-Request-ID
X-Cached
X-Ezoic-Cdn
X-Shield-Request-Id
X-Goog-Generation
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Mrf-Section-Lastmod
X-Goog-Stored-Content-Length
X-ESI
X-MSEdge-Ref
Access-Control-Request-Method
Paypal-Debug-Id
X-NF-Request-ID
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
Arr-Disable-Session-Affinity
Pagespeed
Content-MD5
X-Vcache
ServerID
X-Id
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-Goog-Storage-Class
MicrosoftSharePointTeamServices
S
X-DynaTrace-JS-Agent
DynaTrace
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-Via-JSL
X-Client-IP
X-Content-Type
X-Varnish-Age
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-N
X-FastCGI-Cache
X-RateLimit-Limit
X-Correlation-Id
X-Grace
X-Frontend
Fastcgi-Cache
X-VCache
X-FTR-Cache-Host
X-Content-Digest
X-SERVER
Powered
PB-PID
Arc-Version
X-Mobile-Rewrite
PB-RID
X-Esi
X-Accel-Expires
X-DIS-Request-ID
X-Ser
Server-Name
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-Forwarded-For
X-B3-Traceid
X-B3-Sampled
X-GUploader-UploadID
Accept-Ch
X-HS-Hub-Id
X-HS-Content-Id
TP-Cache
TP-L2-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Zen-Fury
X-Kinsta-Cache
X-Request-Processing-Time
X-Cache-Age
X-Request-Received
X-LB-Cache
FilterID
X-Type
X-Rid
Edge-Cache-Tag
X-Activity-Id
Backend-Timing
X-Analytics
X-Az
X-AppVersion
X-IPLB-Instance
X-User-Agent
X-Revision
X-Fastcgi-Cache
Healthy
X-Node-Name
X-Whom
X-F-Cache
Retry-After
X-Time
X-NWS-LOG-UUID
X-Cache-2
Accept-Charset
X-Pinterest-Rid
Pinterest-Version
X-Kong-Upstream-Latency
X-Srv
X-Cache-Hit
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Kong-Proxy-Latency
X-Acc-Meta-Resource-Type
Alternate-Protocol
X-Cache-Rule
X-AOL-HN
Server-Node
Cache-Status
X-Content-Options
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Surrogate-Key
X-Content-Powered-By
X-Content-Security-Policy-Report-Only
Access-Control-Allow-Method
X-Forwarded-Host
X-Cluster
DC
X-Jobs
Refresh
X-FB-Debug
X-Akamai-Edgescape
X-Debug-Info
X-FW-Serve
X-Page-Id
X-Tumblr-Pixel
X-Tumblr-User
X-Instance
X-FW-Type
X-FW-Server
X-FW-Static
X-FW-Hash
X-Tumblr-Pixel-0
X-Framework
Source
X-Varnish-Grace
X-PHP-Backend
X-Erf-Bev-Bev
X-B
X-App-Environment
X-Hp-Webp
X-Request-Guid
X-Erf-Bev-Bev-Is-Generated
MS-CV
X-App-Server
Fastcgi-Useragent
Frame-Options
X-Hostname
Host
X-Cache-Key
Cleartype
Cache-Tag
Tracecode
X-B-Cache
X-Signature
X-Cache-Operation
Actual-Object-TTL
X-BCube-Filmed-By
X-Mobile-URL
X-Geo-Country
X-Cached-By
X-TA-CDN-Provider
X-Varnish-Backend
X-Cache-Control
X-TT
X-Amz-Replication-Status
X-Seen-By
X-PressLabs-Stats
Liferay-Portal
X-Pad
X-Mobile
X-DataStream-Cache-Status
X-Ratelimit-Reset
X-Host-Name
X-Response-Served-From
NGB
Upgrade-Insecure-Requests
X-Adobe-Content
X-Adobe-Loc
X-Git-Hash
X-ATG-Version
Payment
X-WA-Info
Webserver
X-WebKit-CSP-Report-Only
X-Status
Eomportal-Instance
X-TT-TIMESTAMP
Xserver
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-ProcessESI
Filters
WPE-Backend
Cache-Tv-Group
X-RemovedCookies
X-FW-Dynamic
X-Handled-By
X-TX-ID
X-Cacheable-TTL
X-RTag
Ms-Operation-Id
From-Origin
X-GeoIP
X-Drupal-Cache-Tags
X-RequestSource
X-Cache-TTL
X-UA-Device-Type
X-Cache-TTL-Remaining
GEO-INFO
Datacenter
X-Content-Age
X-Daa-Tunnel
X-Cache-Remote
X-Cache-Action
Viewport
X-Storage
X-Edge-Location
X-Webkit-CSP
X-Origin-Server
X-Upstream-Proxy
Accept-CH-Lifetime
X-Accel-Buffering
X-Varnish-Hostname
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
Cache
X-Contextid
X-Region
X-CF-Powered-By
Host-Header
NR-ENABLED
X-Ua
X-Wix-Request-Id
SRV
X-Yottaa-Metrics
X-Yottaa-Optimizations
PageSpeed
X-Oracle-Dms-Rid
X-Varnish-Server
X-Path-Route
X-Cache-Var
X-Cache-Var-Map
X-RN-RSRV
X-Akamai-Transformed
X-ES-SERVER
Load-Balancing
Meta-Geo
X-JoinUs
X-IP
X-Proxy-Build
Selected-Fe
X-Timing-Wait
S-Cnection
X-From
X-TNCMS
X-CS
X-Proxy
X-Akamai-Request-ID2
X-Proto
X-Loop
Now
Cache-Name
X-Cache-Config
X-Backend-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
Vix-Hermes-Req-Id
Cache-Tags
Ec-Rule-Version
Rt-Fastcgi-Cache
Decoy-Debug-Key
Cache-Hits
DB-Nickname
Decoy-Debug-Status
Decoy-Debug-TTL
X-Access
X-Via-Fastly
X-Labrador-Cache-Channel
X-PERF
X-FC-Vary-Parameters
X-Viewer-Country
X-Hit
X-Upgrade-Enabled
X-NCache
X-Time-Microsecs
X-Cluster-Node
X-Section
X-Rule
X-Tumblr-Pixel-3
X-Cache-Enabled
X-Origin-Response-Time
X-ApacheServer
X-Akamai-Request-ID
X-Origin
X-UnsetCookies
TWC-Privacy
X-Trace-Id
Webcakes-App-Name
Webcakes-App-Version
X-R9-Blue-Green-Version
X-Upstream-CT
Cache-Key
TWC-Locale-Group
TWC-GeoIP-Country
Azure-SlotName
Azure-SiteName
X-CCM
TWC-GeoIP-LatLong
TWC-Connection-Speed
Azure-Version
Webcakes-Region
X-Upstream-HT
X-OCL
X-Hosted-By
Property-Id
X-Backend-TTL
X-Web-Node
X-Xfnlog-Site
X-FW-Version
X-Format
TWC-Device-Class
X-Cache-Grace
X-Origin-Hint
Azure-RegionName
X-PCL
X-EIG-Tracking-Id
Mn-Server-Ip
X-FireWall-Port
X-Cache-Host
S-Rt
Azure-InstanceId
X-Human
X-Cache-Time
X-Locale
Ohc-File-Size
X-Www-Served-By
X-Varnish-Hits
X-Varnish-Cache-Hits
X-Drupal-Cache-Contexts
X-S
X-Site-Version
X-Device-Type
X-Cache-Server
Country
X-Cache-NE
Server-Info
X-Debug-Cache
OT-Force-Account-Verify
X-Rendered-As
X-NewRelic-App-Data
DSUID
Time
X-Vgn-Hpd-Reason
X-APP-VERSION
Release
Hostname
ServedBy
X-VG-TLSProxy
X-ShopId
X-Shopify-Stage
X-VG-WebCache
X-HS-Cache-Config
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Presslabs-Stats
X-DataStream-Origin-MEX-Latency
Fastcgi-X-Cache-Version
Ohc-Cache-HIT
X-DataStream-MidMile-RTT
X-FB-TRIP-ID
X-OVcl-Cache
Cteonnt-Length
X-OVcl
X-Redis-Cache
X-Real-IP
X-Nginx-Cache
Accept-Language
X-Tb
X-VCT
X-B3-Spanid
Machine
X-Pubstack
Origin-Edge-Control
Origin
Origin-Cache-Control
X-Server-ID
X-GEO
X-CSRF-TOKEN
X-NC
L5d-Success-Class
X-Mode
Access-Control-Request-Headers
X-Environment-Context
X-L-Path
X-No-Session
X-Cluster-Name
NtCoent-Length
X-Tt-Trace-Tag
Fastly-SSL
X-Load-Cache
Odigeo-Trace-Id
X-Generated-By
X-Magnolia-Registration
X-LJ-Flow-ID
X-Request-Time
X-AWS-Id
X-Element-Page-Cache
X-VWS-Id
X-SS-Set-Cookie
X-Endurance-Cache-Level
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
X-NGENIX-Cache
X-UUID
X-App-Version
X-B3-Parentspanid
Akamai-GRN
Mail-Subject
X-ServerID
We-Hiring
X-Rocket-Nginx-Bypass
X-GoCache-CacheStatus
Nel
Mime-Version
X-ECACHE
X-HS-Combine-CSS
Request-Time
X-XRDS-LOCATION
X-CACHE-KEY
X-Soup
X-Parent-Response-Time
X-DC
MD5-Digest
GEO-REGION-INFO
Fly-Cache
Fly-Request-Id
Cache-Prefix
Apple-News-Services-Request-Url
Arc-Country
A
X-Node-Id
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
AsisCache
BehaviorPad-Version
Content-Script-Type
Content-Style-Type
NGX
Cdn-Request-Time
Cdn-Host
Memcached
Cross-Origin-Window-Policy
X-B-Cookie
X-PAYTM-SRV-ID
X-Origin-Expires
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-Origin-Date
X-Org
X-External-Request-Id
X-Edge-Server
X-G
X-Instart-Info
X-Is-Bot
X-Rojux
X-S-Cookie
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-ScT
X-S-Maxage
X-Server-Time
X-SRCache-Key
X-Transaction
X-DPWN-IS-SECURE
X-Developer
X-A
VivaBuild
X-A-Ccd
X-A-Dam
X-A-Dcw
Viewtype
T-Server
Node
Mobile-Detection-Method
Rendered-Blocks
Rt-Proxy-Cache
Server-ID
X-A-Dgt
X-A-Wwc
X-D
X-Connection-Hash
X-Date
X-Destination
X-Detected-As
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Accel-Expires-Debug
X-AIR-PT
X-Application
X-ARC
Meta-Geo-Continent
X-Aed
CF-IPCountry
X-Origin-CC
X-Urbn-Site-Id
X-Origin-TTL
Locale
Proxy-Connection
X-Urbn-Context-Path
ServerName
X-ProxyCache-Key
X-BYPASS-REASON
X-ProxyCache-Status
X-Oneagent-Js-Injection
Uber-Trace-Id
Backend-Name
X-Auto-Login
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Release
Countrycode
X-Request-Start
X-Developers
X-Distributor
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Section-Io-Cache
Request-Country
Request-EU
X-Hl-Ver
N-Cache
Fastly-Soc-X-Request-Id
X-Fastly-Cache
Gh-Request-Id
IsBot
X-Distil-CS
X-Via-CDN
X-WebServer
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Cdn-Srv
X-Thanos
X-TrackingId
X-Up
X-Core-Mission
X-Cache-Bucket
X-Cms-Context
X-VC-Cache
X-Clientip
X-Bip
X-SIPLIST1
X-MServer
X-Zipkin-Id
User-Cache-Control
X-Uri
X-Routing-Service
X-Proxied
X-ElasticPress-Search
W
X-Cache-Info
X-Geo-Header
X-Generation-Time
True-Client-Country-4JS
V-Age
X-GeoIP-City
X-Compress-Hint
Thinkindot-CacheControl
X-Hnp-Log
RNT-Time
X-CGP
RNT-Machine
Server-Int
X-Hello
Thinkindot-CacheControl-Type
X-Cdn-Origin
X-Generated-On
Thinkindot-Control
X-Cache-FS-Status
X-Debug-Log
X-Debug-Cookies
X-App-Name
X-Irp-Debug
X-Device-Os
X-Block-Status
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Backend-Url
X-BBXSRF
X-Amz-Meta-Cache-Control
X-C
X-Cache-Id
X-Flog
X-GDPR
X-Gen-Mode
X-Fetched-On
X-Backend-Host
X-CUA
X-Epic-Correlation-Id
X-ABtesting
X-Eu-Site
X-Generated-In
X-Nginx-Cache-Key
Esi-Enabled
Fastly-SIE
Content-Disposition
X-Request-URI
CDCHOST
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
AKAMAI
Adler-Geo
X-WADP-Cache
X-VServer
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Variation
X-Unique-ID
X-ServiceProvider
X-Skip-Cache
X-Sn-Servicetimems
X-Thinkindot-L3
Ha-Gx-Prefs
X-Reboot
X-LI-Proto
Platform
X-Li-Pop
X-MSEdge-Flight
PFcat
HA-Ipaddr
X-MSEdge-Features
X-Location
X-Matched-Rule
X-LI-UUID
X-Method
X-NX-Host
X-Clara-WADP
X-PHP-Host
X-Li-Fabric
Is-Eu
X-Platform-Server
X-Proxy-Cache-Status
X-Level-Front-Cache
L
X-Owner
Magicmarker
X-Old-Content-Length
X-Microcachable
X-Webstats-RespID
X-Policy
X-Internal-Host
X-User
X-SD-PageType
X-Response-By
X-B3-SpanId
X-Reqid
X-Key
X-Qloud-Router
X-Say-Cacheable
X-Say-TTL
X-Hash
X-Servername
X-Server-IP
X-SayCDN-TTL
X-Swa-Ws
X-Guploader-Uploadid
Heartbleed
X-Backend-State
Pramga
Wxu-Next-Region
Pagetype
Wxu-Next-Commit
Wxu-Next-Hostname
SD-X-WS
SS
Served-By
Web-Mar-Node
X-IPS-LoggedIn
Cache-Cookie-Set-Lfrom
Resin-Trace
Cache-Cookie-Set-From
Country-Code
X-COUNTRY
X-Dispatcher-Server
Server-Host
Kp-EeAlive
Cache-Cookie-Set-Idcheck
X-Dispatch
X-MP-GENERATED-AT
X-Cdn-Forward
X-Page-Type
X-FPC
X-Wa
Memory
X-Var-Ttl
X-Service
UCS
X-Servedbyhost
X-Dc
REQUESTUUID
X-Has-Esi
X-JWT-State
Cache-Provider
X-Is-Gdpr
Powered-By-ChinaCache
ProcessTime
X-Logtrace-Id
X-Nc
Ajk
X-NWS-UUID-VERIFY
X-Geo
Dynatrace
X-HTML-Minification-Powered-By
X-Cache-Backend
X-Ratelimit-Limit
X-VCL-Version
X-SRV
X-Lb-Id
Proxy-Firewall
X-Datadome
X-Processor
X-Tb-Optimization-Total-Bytes-Saved
X-Info
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-RateLimit-Reset
X-UA
X-Be
X-SERVER-NAME
X-Litespeed-Cache
Srv
CACHE
Powered-By
X-Cache-Category-Id
X-Grey
X-Cache-URL
X-Svr
SN
X-ZONE
X-CDN-Forward
X-Varnish-Beresp-Ttl
PICS-Label
X-Pjax-Url
X-Ruxit-Js-Agent
X-HS-Status
X-Instart-Isnd
X-TH-Server
X-Scheme
Fastly-Backend-Name
X-SN
X-Webkit-Csp
X-URL
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
GeoIP-City
X-Cache-Ttl
X-NodeID
GeoIP-Country-Code
GeoIP-Latitude
X-Ftr-Request-Id
X-Ttl
X-Zone
X-Varnish-Beresp-Grace
Group
X-Dynatrace
X-RCS-CacheZone
X-Varnish-Beresp-Status
X-Pf-Uncompressing
X-GRACE
X-Source
X-FORWARDED-FOR
X-LiteSpeed-Cache-Control
X-LAGOON
GW-Server
XServer
X-EC-Lua
X-Gannett-Site-Version
X-Newrelic-Synthetics
X-Varnish-Url
X-Bc
X-Server-W
Ttl
X-Check-Cacheable
LB
Cache-Host
X-Secret
Cdn
X-Varnish-Beresp-TTL
X-APP
CF-Cached-On
X-Dynatrace-Js-Agent
WZWS-RAY
X-PF-Uncompressing
X-NODE
X-Varnish-Cacheable
X-CDN-Cache
X-Ftr-Cache-Host
X-Ms-Version
X-Via-Ucdn
X-Ms-Request-Id
On-Server
X-Sucuri-Id
MIME-Version
User-Agent
X-GeoIP-Country-Code
Geoip-Latitude
X-Ratelimit-Remaining
X-Tt-Trace-Host
Geoip-City
GeoIp-Country-Code
X-Cache-Debug
X-Session-Fingerprint
X-Aicache-OS
X-PJAX-URL
Inserted-Into-Cache-At
Environment
X-Edge
X-BC
Pics-Label
Lfy
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-NU-AKA-ACS-Version
X-Agile
X-BE
X-Agile-Age
X-Akamai-SSL-Client-Sid
X-Fastly-Country-Code
X-Agile-Id
WWW
M-TraceId
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Dc
X-Ftr-Realm
X-Ftr-Backend
Requestid
Ohc-Response-Time
X-Mid
X-LB-ID
Who
X-Render-Time
X-Crawler
Cf-Ipcountry
X-7Graus-Varnish-Cache-Control
X-Vcl-Version
X-CSRF-Token
X-7Graus-Varnish-XKeys
X-Logging-Id
X-Varnish-Ttl
X-MCACHE
SID
Amp-Access-Control-Allow-Source-Origin
X-Cache-Tag
X-Fastly-Backend-Reqs
X-Litespeed-Cache-Control
X-Micro-Cache
X-FE
X-UPSTREAM-Address
X-Sedo-Request-Id
X-Cache-Miss-From
URI
Lb
X-Served-From
Xkeyrz
X-DW
X-DSS
X-RPM
X-RPS
CDN
X-RSL
X-DI
X-DB
X-Proxy-Cacherz
X-Via-SSL
X-WR-MODIFICATION
X-Action
X-Via-Edge
HostName
AR-SID
X-Core-Value
Host-ID
RequestUuid
X-Swift-Error
X-Correlation-ID
X-Cf-Powered-By
DataCenter
X-Flow-Id
X-Page-Impression-Id
X-Vct
X-Zalando-Child-Request-Id
X-WA
Cdncip
Cdnsip
X-ServedByHost
X-AK-Request-ID
Xkeypdq
X-Sucuri-ID
X-Nananana
X-Fastly-Cache-Hits
X-Amzn-Remapped-Connection
X-Fpc
X-Amzn-Remapped-Date
X-NGINX-Cache
X-Newrelic-App-Data
Warning
FNAC-ModuleRouting
X-Vdms-Version
X-TT-LOGID
X-VC
X-Cdn-Request-ID
X-TIME
X-Protected-By
Cneonction
X-MID
X-SB
X-Sigma-Backend
Is-Session-Tracking
Get-Access-Time
X-Ecache
X-Rocket-Build-Number
X-Sigma
Correlation-Id
X-Sucuri-Cache
X-Apw-Hits
RequestId
Xet-Cookie
X-Fe
X-Dw-Trace-Id
X-Unique-Id
X-Serial
X-ECache
X-Request-Url
X-ServerName
X-Bug-Bounty
HitType
X-ND-Cache
Processtime
X-MiniProfiler-Ids
X-Via-NSCOPI
X-Apw-Access-Action
X-Apw-Access-Object
X-Request-URL
V-Cache
X-Refresh
X-Gdpr
X-Apw-Access-Token