Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
X-Content-Security-Policy
Content-Encoding
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Request-ID
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-CDN
X-Page-Speed
X-Ua-Compatible
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-Server
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
P3p
Cf-Railgun
Server-Timing
Feature-Policy
X-Amz-Version-Id
X-Server-Id
X-WebKit-CSP
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
EagleEye-TraceId
Report-To
X-Cloud-Trace-Context
X-Response-Time
X-Backend-Server
Request-Id
X-Host
Content-Location
X-Node
X-Readtime
X-Origin-Cache
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
X-DataDome
NEL
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-Origin-Upstream-Status
X-Rack-Cache
Surrogate-Control
X-HW
Rating
Allow
X-Country-Code
X-Clacks-Overhead
X-Dns-Prefetch-Control
X-Country
X-Url
X-FTR-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Instart-Request-ID
X-MS-InvokeApp
Fusion-Content-Source
X-TTL
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
X-B3-TraceId
Public-Key-Pins
RTSS
X-Mod-Pagespeed
X-Px
X-ESI
Edge-Control
X-VARITI-CCR
Display
X-Sol
X-Middleton-Response
Response
X-Middleton-Display
X-CST
X-Exp-Variant
X-Cdn-Fetch
SPRequestGuid
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Recruiting
X-Exp-Id
X-D2id
X-SharePointHealthScore
X-Ah-Environment
Service-Worker-Allowed
X-Akam-SW-Version
X-Vcap-Request-Id
Accept-Ch-Lifetime
X-Version
SPRequestDuration
SPIisLatency
X-Server-Name
X-GitHub-Request-Id
X-Powered-CMS
X-Abt-Application-Version
TCN
X-Navigation-Version
MS-Author-Via
X-Trace
X-Shard
Charset
Fastly-Restarts
Nginx-Cache
X-Upstream
Accept-CH
Realpath
X-Debug
X-Amz-Rid
X-Amz-Server-Side-Encryption
X-RateLimit-Remaining
X-VCache
AR-CACHE
AR-ATIME
Ar-Sid
AR-PoweredBy
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-Aspnetmvc-Version
X-Ezoic-Cdn
X-NF-Request-ID
X-Cached
Front-End-Https
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-MSEdge-Ref
Pagespeed
X-Shield-Request-Id
Arr-Disable-Session-Affinity
Access-Control-Request-Method
AR-Request-ID
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Country-Code-Real
Content-MD5
X-FTR-Expires
X-FTR-Cache-Status
MicrosoftSharePointTeamServices
X-XRDS-Location
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
DynaTrace
Paypal-Debug-Id
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-T
S
X-Fastly-Request-ID
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
ServerID
X-Varnish-Age
X-DynaTrace-JS-Agent
X-Via-JSL
X-Ser
X-Client-IP
Accept-Ch
X-Content-Type
X-Accel-Expires
X-Grace
X-Dw-Request-Base-Id
X-Correlation-Id
X-FastCGI-Cache
Fastcgi-Cache
X-Forwarded-For
X-Hits
X-Amzn-Trace-Id
X-Content-Digest
Powered
X-N
X-Frontend
X-DIS-Request-ID
AMP-Access-Control-Allow-Source-Origin
Edge-Cache-Tag
X-FTR-Cache-Host
X-Mobile-Rewrite
PB-PID
PB-RID
Arc-Version
X-HS-Content-Id
X-HS-Hub-Id
Server-Name
X-Logged-In
Pinterest-Version
X-Pinterest-Rid
TP-L2-Cache
TP-Cache
X-GUploader-UploadID
X-Request-Received
X-Request-Processing-Time
X-Server-ID
X-Microsite
X-Request-Handler-Origin-Region
X-Kinsta-Cache
X-Zen-Fury
X-Cache-Age
X-Time
X-Rid
X-Revision
X-User-Agent
X-B3-Sampled
X-Type
X-IPLB-Instance
X-Analytics
Backend-Timing
X-Cache-Hit
Healthy
X-Activity-Id
X-Az
X-AppVersion
X-LB-Cache
X-Whom
X-RateLimit-Limit
X-Fastcgi-Cache
Retry-After
X-Node-Name
X-Srv
FilterID
Server-Node
X-Vcache
X-NWS-LOG-UUID
Alternate-Protocol
X-Hp-Webp
X-F-Cache
Accept-Charset
X-Cache-Rule
X-Akamai-Edgescape
Cache-Tag
Cache-Status
X-SERVER
X-Cache-2
X-Content-Security-Policy-Report-Only
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Content-Options
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Surrogate-Key
Tracecode
DC
Refresh
X-Tumblr-Pixel-0
X-AOL-HN
X-Instance
X-Forwarded-Host
X-Framework
X-Amz-Apigw-Id
VIX-Pulpo-Upstream-Status
X-Tumblr-User
X-Tumblr-Pixel
VIX-Pulpo-Node
X-Content-Powered-By
X-Amzn-RequestId
X-Jobs
X-Webkit-CSP
X-App-Environment
X-Varnish-Grace
Source
MS-CV
X-Debug-Info
X-Cluster
Access-Control-Allow-Method
X-PHP-Backend
Fastcgi-Useragent
X-Request-Guid
X-Page-Id
X-Cache-TTL
X-FB-Debug
X-TA-CDN-Provider
X-B
X-App-Server
X-FW-Serve
X-FW-Hash
X-FW-Static
X-Cache-Operation
X-FW-Type
X-FW-Server
Host
Actual-Object-TTL
X-Seen-By
X-Cache-Key
X-Mobile-URL
NR-ENABLED
Frame-Options
X-Geo-Country
X-Cache-Control
X-Hostname
X-B3-Traceid
Cleartype
X-Host-Name
X-Pad
X-Cached-By
X-B-Cache
X-Signature
X-BCube-Filmed-By
Upgrade-Insecure-Requests
X-Mobile
X-Git-Hash
NGB
X-TT
X-Varnish-Backend
X-Response-Served-From
X-WebKit-CSP-Report-Only
X-Presslabs-Stats
GEO-INFO
X-Adobe-Loc
X-ATG-Version
X-Adobe-Content
WPE-Backend
X-Amz-Replication-Status
X-Handled-By
X-Tumblr-Pixel-2
X-GeoIP
X-Drupal-Cache-Tags
X-ProcessESI
Filters
Eomportal-Instance
X-RemovedCookies
Cache-Tv-Group
X-Tumblr-Pixel-1
X-RequestSource
X-Acc-Meta-Resource-Type
Webserver
Payment
Ms-Operation-Id
X-UA-Device-Type
X-RTag
X-TT-TIMESTAMP
From-Origin
X-Daa-Tunnel
X-Origin-Server
X-Cacheable-TTL
Liferay-Portal
X-Status
X-TX-ID
X-EdgeConnect-Cache-Status
X-Element-Page-Cache
X-Cache-TTL-Remaining
X-FW-Dynamic
Xserver
X-WA-Info
X-Cache-Remote
X-Wix-Request-Id
X-HS-Cache-Config
X-XRDS-LOCATION
X-Cache-Action
X-Hyper-Cache
X-Content-Age
X-Esi
X-Contextid
X-Edge-Location
Accept-CH-Lifetime
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Region
Datacenter
Viewport
Cache
Version
X-Ratelimit-Reset
X-CF-Powered-By
X-Varnish-Hostname
X-Cache-NE
X-Akamai-Transformed
Ohc-File-Size
X-Accel-Buffering
X-Storage
PageSpeed
X-Cache-Server
Host-Header
Load-Balancing
X-Cache-Var
X-Cache-Var-Map
X-Varnish-Server
Meta-Geo
X-Path-Route
X-RN-RSRV
X-ES-SERVER
X-IP
Cache-Name
Cache-Tags
X-Cache-Enabled
X-Proto
X-Proxy
Property-Id
Ec-Rule-Version
Mn-Server-Ip
Cache-Hits
Release
TWC-Connection-Speed
X-Yottaa-Optimizations
X-Yottaa-Metrics
Country
Rt-Fastcgi-Cache
X-TNCMS
TWC-Device-Class
X-Section
X-Tumblr-Pixel-3
X-Origin-Hint
X-Loop
X-NCache
X-R9-Blue-Green-Version
X-Device-Type
X-Varnish-Cache-Hits
X-CS
X-Cluster-Node
X-Via-Fastly
X-Viewer-Country
X-Cache-Config
X-Origin-Response-Time
Webcakes-App-Name
Webcakes-Region
X-Access
Vix-Hermes-Req-Id
TWC-Privacy
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Akamai-Request-ID
Webcakes-App-Version
X-Www-Served-By
X-Web-Node
X-Human
X-Rule
X-Xfnlog-Site
DSUID
DB-Nickname
X-OCL
X-Labrador-Cache-Channel
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-Version
S-Rt
X-VCT
X-Backend-Name
X-Debug-Cache
X-From
X-Origin
X-Upgrade-Enabled
Azure-InstanceId
X-Timing-Wait
X-FC-Vary-Parameters
X-UnsetCookies
X-Format
X-PCL
X-Cache-Grace
X-Cache-Host
X-Cache-Time
X-Drupal-Cache-Contexts
X-EIG-Tracking-Id
X-Proxy-Build
X-Backend-TTL
X-Trace-Id
Selected-Fe
S-Cnection
X-NewRelic-App-Data
X-JoinUs
X-Hosted-By
X-Site-Version
Ohc-Cache-HIT
X-Locale
X-Hit
X-PressLabs-Stats
X-Akamai-Request-ID2
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-HS-Combine-CSS
X-Vgn-Hpd-Reason
X-PERF
Server-Info
Decoy-Debug-Status
X-ApacheServer
Decoy-Debug-Key
X-Time-Microsecs
X-FireWall-Port
Decoy-Debug-TTL
X-NGENIX-Cache
Time
Cache-Key
X-CCM
X-Ttl
X-Rendered-As
X-OVcl-Cache
X-S
X-OVcl
X-Real-IP
X-Varnish-Hits
X-Upstream-CT
X-FW-Version
X-Upstream-HT
X-Pubstack
X-Redis-Cache
Now
L5d-Success-Class
X-APP-VERSION
Origin-Edge-Control
Origin-Cache-Control
X-SS-Set-Cookie
Fastcgi-X-Cache-Version
X-Ua
OT-Force-Account-Verify
X-Upstream-Proxy
X-Litespeed-Cache
Access-Control-Request-Headers
ServedBy
Fastly-SSL
X-FB-TRIP-ID
X-VG-TLSProxy
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Origin
Cteonnt-Length
X-Load-Cache
X-UUID
X-VG-WebCache
X-Cluster-Name
NtCoent-Length
X-ShardId
X-ShopId
X-Origin-TTL
Hostname
X-Origin-CC
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-GoCache-CacheStatus
X-ServerID
X-Soup
X-Rocket-Nginx-Bypass
Machine
X-Parent-Response-Time
X-B3-Spanid
X-Tb
Mime-Version
Accept-Language
X-ECACHE
IBM-Web2-Location
NGX
X-No-Session
X-Is-Bot
X-Environment-Context
X-App-Version
X-L-Path
X-UA
Odigeo-Trace-Id
Nel
X-Tt-Trace-Tag
CF-IPCountry
SRV
X-Uri
X-B3-Parentspanid
X-CSRF-TOKEN
X-MServer
X-NC
X-CACHE-KEY
X-Detected-As
X-A-Wwc
X-Worker
X-A-Dgt
X-Accel-Expires-Debug
X-Rojux
X-Application
X-Request-UUID
X-Developer
Request-Time
X-Amzn-Remapped-Content-Length
X-Node-Id
X-AIR-PT
X-Region-Sid
X-Rewrite-Enabled
X-Aed
X-A-Dam
Cross-Origin-Window-Policy
ServerName
Fly-Cache
T-Server
Content-Style-Type
X-Instart-Info
Content-Script-Type
Fly-Request-Id
GEO-REGION-INFO
Meta-Geo-Continent
MD5-Digest
Mobile-Detection-Method
Node
Rt-Proxy-Cache
Rendered-Blocks
Cache-Prefix
Viewtype
A
X-Hl-Ver
X-PAYTM-SRV-ID
X-A
X-Destination
X-A-Ccd
Apple-News-Services-Handled
Apple-News-Services-Host
BehaviorPad-Version
VivaBuild
AsisCache
Arc-Country
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-A-Dcw
X-ARC
X-Server-Time
X-CF-Lambda-Fn
Memcached
X-CF-Lambda-Version
X-ScT
X-SRCache-Key
Xc-Version
X-Connection-Hash
X-D
X-Vtex-Processado-Em
X-External-Request-Id
X-Vtex-Remote-Cache
X-Endurance-Cache-Level
X-Magnolia-Registration
X-Twitter-Response-Tags
X-Trv-Group
X-DPWN-IS-SECURE
X-VG-WebServer
X-G
X-S-Cookie
X-Transaction
X-Date
X-B-Cookie
Backend-Name
Akamai-GRN
X-Oneagent-Js-Injection
Uber-Trace-Id
We-Hiring
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
Mail-Subject
Fastly-Soc-X-Request-Id
X-Origin-Expires
X-SVT-ORM-VERSION
X-CUA
X-VC-Cache
Section-Io-Cache
X-SVT-ORM-RULES
X-Cdn-Srv
X-Origin-Date
X-Has-Esi
X-Azure-Ref-OriginShield
X-JWT-State
X-Cache-Bucket
X-Developers
X-Var-Ttl
X-Azure-Ref
IsBot
N-Cache
X-Fastly-Cache
X-Release
X-Cms-Context
X-S-Maxage
X-SIPLIST1
X-Compress-Hint
X-Info
X-Up
X-Is-Gdpr
Proxy-Connection
X-GEO
X-Dc
X-Generated-By
X-Irp-Debug
Server-Host
X-Core-Mission
Server-Int
RNT-Machine
Pramga
Pagetype
X-Level-Front-Cache
X-ElasticPress-Search
Request-Country
Request-EU
X-Generation-Time
RNT-Time
Thinkindot-CacheControl
Served-By
Wxu-Next-Region
X-Device-Os
X-App-Name
X-Distributor
X-Hash
X-Dispatch
X-Cdn-Origin
X-Cache-Info
X-C
X-Bip
X-Backend-Host
X-Generated-On
X-Backend-Url
X-Debug-Cookies
X-BBXSRF
X-Auto-Login
X-Debug-Cache-Store
X-Distil-CS
W
X-Clara-WADP
X-Clientip
X-IN-APIGATEWAY
Thinkindot-Control
X-IN-APIGATEWAYSSL
X-Debug-Cache-Expiry
X-Geo-Header
X-Eu-Site
X-Debug-Cache-Fetch
X-Debug-Log
Wxu-Next-Hostname
Wxu-Next-Commit
X-CGP
Thinkindot-CacheControl-Type
X-Qloud-Router
X-Nginx-Cache
X-Reqid
X-Server-IP
X-Service
X-Skip-Cache
X-Reboot
X-Rebelmouse-Cache-Control
Content-Disposition
Countrycode
X-Nginx-Cache-Key
X-NX-Host
AKAMAI
X-Sn-Servicetimems
X-Swa-Ws
X-Webstats-RespID
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Nc
X-WADP-Cache
X-VServer
X-Thanos
X-Thinkindot-L3
X-TrackingId
X-User
Esi-Enabled
X-Rebelmouse-Surrogate-Control
Magicmarker
Ha-Gx-Prefs
HA-Ipaddr
X-Matched-Rule
X-Location
Gh-Request-Id
Kp-EeAlive
X-Method
Heartbleed
Fastly-SIE
Fastly-SWR
L
X-Microcachable
Srv
X-Geo
User-Cache-Control
X-MSEdge-Features
X-WebServer
X-SayCDN-TTL
X-Block-Status
X-Say-Cacheable
X-VWS-Id
X-Backend-State
X-Say-TTL
X-Servername
X-Lb-Id
X-Key
X-Ratelimit-Limit
X-Via-CDN
X-Variation
X-Guploader-Uploadid
X-LJ-Flow-ID
Platform
X-Li-Pop
X-LI-Proto
X-Cache-Id
X-GeoIP-City
X-Request-URI
Is-Eu
X-Cache-FS-Status
Memory
X-Old-Content-Length
X-Epic-Correlation-Id
X-Hnp-Log
Adler-Geo
X-Owner
Cache-Provider
CDCHOST
X-Internal-Host
X-Gen-Mode
X-MSEdge-Flight
X-Fetched-On
X-NWS-UUID-VERIFY
X-Request-Start
X-PHP-Host
X-Amz-Meta-Cache-Control
X-Li-Fabric
PFcat
X-LI-UUID
X-AWS-Id
X-B3-SpanId
X-Dispatcher-Server
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Platform-Server
X-Mode
X-Generated-In
Locale
X-Edge-Server
X-SD-PageType
Web-Mar-Node
X-Urbn-Site-Id
X-RateLimit-Limit-Second
SD-X-WS
Cdn-Host
Server-ID
Cdn-Request-Time
X-RateLimit-Remaining-Second
X-Policy
Resin-Trace
X-Urbn-Context-Path
X-Cdn-Forward
True-Client-Country-4JS
X-Cache-URL
X-ServiceProvider
X-FPC
X-GDPR
X-Svr
X-DataStream-Cache-Status
X-Request-Time
X-Be
V-Age
REQUESTUUID
X-Instart-Isnd
X-Org
X-Hello
X-Scheme
X-ABtesting
SS
X-Flog
X-DC
X-NODE
X-Cache-Backend
X-Wa
X-CDN-Forward
X-Processor
X-IPS-LoggedIn
Country-Code
X-Response-By
X-Unique-ID
X-Servedbyhost
X-Datadome
Group
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Zipkin-Id
X-Proxied
X-RateLimit-Reset
X-Routing-Service
X-Server-W
Cache-Host
X-Page-Type
X-Pjax-Url
X-NodeID
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
UCS
PICS-Label
X-VCL-Version
X-Oss-Request-Id
X-SN
X-Ruxit-Js-Agent
X-Via-Ucdn
X-Ms-Version
X-Ms-Request-Id
X-Oracle-Dms-Rid
X-Varnish-Beresp-Ttl
X-MP-GENERATED-AT
X-EC-Lua
X-Webkit-Csp
X-Varnish-Beresp-Status
XServer
Ajk
X-SRV
X-Ftr-Request-Id
X-Varnish-Beresp-Grace
X-Dynatrace-Js-Agent
X-HS-Status
X-Tb-Optimization-Total-Bytes-Saved
X-Logtrace-Id
X-Dynatrace
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
ProcessTime
Powered-By-ChinaCache
Lfy
X-APP
X-Session-Fingerprint
Geoip-City
GeoIp-Country-Code
X-Pf-Uncompressing
Proxy-Firewall
X-COUNTRY
X-URL
Geoip-Latitude
X-Newrelic-Synthetics
X-GRACE
X-Source
X-Zone
CACHE
Ttl
X-HTML-Minification-Powered-By
SN
X-Agile-Age
X-Cache-Debug
X-Agile-Id
Powered-By
X-Agile
X-ZONE
X-Ratelimit-Remaining
X-Varnish-Beresp-TTL
X-Grey
X-Fastly-Country-Code
X-Cache-Category-Id
Dynatrace
X-7Graus-Varnish-Cache-Control
GeoIP-City
X-7Graus-Varnish-XKeys
X-PF-Uncompressing
X-Logging-Id
X-TH-Server
GeoIP-Latitude
Environment
GeoIP-Country-Code
X-CSRF-Token
X-Ftr-Cache-Host
X-Sedo-Request-Id
X-Cache-Miss-From
X-Sucuri-Id
Fastly-Backend-Name
X-Check-Cacheable
X-Sucuri-ID
X-Aicache-OS
X-LiteSpeed-Cache-Control
X-Unique-Id
Cdn
X-Tt-Trace-Host
X-Bc
X-Edge
GW-Server
X-Vcl-Version
Pics-Label
CF-Cached-On
X-Core-Value
MIME-Version
WWW
M-TraceId
HostName
X-UPSTREAM-Address
LB
X-LAGOON
X-Ftr-Dc
X-NGINX-Cache
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Backend
X-Ftr-Realm
X-Webapp-Samesite-None-Activated-N
X-Fastly-Backend-Reqs
Ohc-Response-Time
X-Vdms-Version
X-Sucuri-Cache
X-RCS-CacheZone
X-Gannett-Site-Version
Requestid
X-Mid
X-Varnish-Url
X-Secret
X-BC
Cf-Ipcountry
X-Sigma-Backend
X-Fstrz
X-Rocket-Build-Number
X-MCACHE
X-Cache-Tag
X-Sigma
WZWS-RAY
X-FORWARDED-FOR
DataCenter
X-PJAX-URL
X-Varnish-Ttl
Amp-Access-Control-Allow-Source-Origin
X-Shopify-Generated-Cart-Token
X-Litespeed-Cache-Control
Pragrma
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Cdnsip
Cdncip
X-Planisys-CDN-Cache
X-Varnish-Cacheable
X-ServedByHost
X-CDN-Cache
On-Server
X-TT-LOGID
X-AK-Request-ID
X-Swift-Error
Lb
X-RPM
X-RPS
X-DI
X-Via-NSCOPI
X-Action
X-DB
X-RSL
X-DSS
X-DW
User-Agent
X-BE
Xkeyrz
X-Cache-Ttl
URI
X-Proxy-Cacherz
X-GeoIP-Country-Code
X-Akamai-SSL-Client-Sid
CDN
Host-ID
Inserted-Into-Cache-At
RequestUuid
TTL
X-WA
X-Correlation-ID
Warning
Who
X-Crawler
Server-Id
Is-Session-Tracking
Get-Access-Time
SID
X-NU-AKA-ACS-Version
X-ORACLE-APMCS-REQUEST-ID
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-WR-MODIFICATION
Xkeypdq
X-Fpc
X-ORACLE-APMCS-TAG
X-Flow-Id
X-SaId
X-Fastly-Cache-Hits
X-Upstream-Ht
X-Upstream-Ct
X-Nananana
X-FE
X-ND-Cache
X-SB
X-VC
X-Refresh
X-Render-Time
X-MID
Correlation-Id
X-Cf-Powered-By
X-Akamai-ERPolicy
X-Amzn-Remapped-Date
X-Akamai-ERRuleID
X-Trafficlayer-App-Version
X-LiteSpeed-Tag
X-Amzn-Remapped-Connection
FNAC-ModuleRouting
X-ServerName
X-Request-URL
X-Newrelic-App-Data
X-Bug-Bounty
Processtime
HitType
X-ECache
X-MiniProfiler-Ids
Cneonction
RequestId
X-LB-ID
Xet-Cookie
V-Cache
X-Dw-Trace-Id
X-Gdpr
X-Gen-Id