Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Content-Encoding
X-Content-Security-Policy
Status
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Request-ID
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-CDN
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-Server
X-UA-Device
X-Proxy-Cache
X-Hacker
Request-Context
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
P3p
Cf-Railgun
X-LiteSpeed-Cache
Server-Timing
Feature-Policy
X-Amz-Version-Id
X-Device
X-WebKit-CSP
X-Server-Id
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-Ac
EagleEye-TraceId
X-Cnection
Report-To
X-Cloud-Trace-Context
Request-Id
X-Backend-Server
X-Response-Time
X-Host
Content-Location
X-Node
X-Readtime
X-Origin-Cache
X-Vhost
X-Cache-Lookup
X-Application-Context
X-ORACLE-DMS-ECID
X-DataDome
X-Dispatcher
NEL
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Rack-Cache
X-HW
Surrogate-Control
X-Dns-Prefetch-Control
Rating
X-Country-Code
X-Clacks-Overhead
Allow
X-Country
X-Url
X-FTR-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Instart-Request-ID
X-MS-InvokeApp
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
X-Goog-Hash
X-TtlSet
X-Vname
X-TTL
X-PC
X-Varnish-TTL
X-B3-TraceId
Pinterest-Generated-By
Verso
X-Powered-By-Plesk
Public-Key-Pins
X-Px
Accept-Ch-Lifetime
RTSS
Edge-Control
X-Mod-Pagespeed
X-ESI
X-Middleton-Display
X-Middleton-Response
X-Sol
Display
Response
X-Ah-Environment
X-VARITI-CCR
SPRequestGuid
X-Kinja
X-Use-Magma
X-D2id
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-SharePointHealthScore
X-Recruiting
X-Akam-SW-Version
X-CST
Service-Worker-Allowed
X-Vcap-Request-Id
SPIisLatency
SPRequestDuration
X-Version
X-Server-Name
X-GitHub-Request-Id
TCN
X-Navigation-Version
X-Powered-CMS
X-Abt-Application-Version
MS-Author-Via
X-Trace
Charset
X-Shard
X-Debug
Fastly-Restarts
Nginx-Cache
X-Aspnetmvc-Version
Realpath
X-Amz-Server-Side-Encryption
X-Amz-Rid
X-RateLimit-Remaining
X-Upstream
AR-CACHE
Ar-Sid
AR-ATIME
AR-PoweredBy
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Ezoic-Cdn
X-NF-Request-ID
Accept-CH
Front-End-Https
X-Cached
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-MSEdge-Ref
Pagespeed
DynaTrace
Arr-Disable-Session-Affinity
Access-Control-Request-Method
Content-MD5
X-Shield-Request-Id
AR-Request-ID
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-VCache
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
MicrosoftSharePointTeamServices
Accept-Ch
X-XRDS-Location
S
X-T
X-Goog-Storage-Class
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-DynaTrace-JS-Agent
X-Id
Paypal-Debug-Id
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-Varnish-Age
X-Ser
ServerID
X-Server-ID
X-Via-JSL
X-Client-IP
X-Content-Type
X-Accel-Expires
X-Dw-Request-Base-Id
X-Forwarded-For
Edge-Cache-Tag
X-Hits
Fastcgi-Cache
X-Amzn-Trace-Id
X-Grace
X-Correlation-Id
Powered
X-Content-Digest
X-Frontend
X-DIS-Request-ID
X-N
Arc-Version
PB-RID
X-Mobile-Rewrite
X-FTR-Cache-Host
PB-PID
X-HS-Content-Id
X-HS-Hub-Id
X-Vcache
Pinterest-Version
X-Pinterest-Rid
AMP-Access-Control-Allow-Source-Origin
X-Fastcgi-Cache
Server-Name
X-Logged-In
X-FastCGI-Cache
TP-Cache
TP-L2-Cache
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Kinsta-Cache
X-Request-Handler-Origin-Region
X-Cache-Hit
X-GUploader-UploadID
X-Zen-Fury
X-Time
X-Type
X-AppVersion
Healthy
X-IPLB-Instance
X-Activity-Id
X-LB-Cache
X-Rid
X-Az
X-Revision
X-Analytics
Backend-Timing
Retry-After
X-User-Agent
X-Cache-Age
X-Whom
X-Srv
X-Node-Name
X-B3-Sampled
FilterID
Server-Node
X-RateLimit-Limit
X-NWS-LOG-UUID
X-Hp-Webp
Alternate-Protocol
Cache-Tag
X-SERVER
Accept-Charset
X-F-Cache
Cache-Status
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-Content-Options
X-Cache-Rule
X-Webkit-CSP
NR-ENABLED
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
DC
X-Kong-Upstream-Latency
X-Content-Powered-By
X-Cache-2
X-Kong-Proxy-Latency
X-Amz-Apigw-Id
X-Amzn-RequestId
X-AOL-HN
MS-CV
X-Tumblr-User
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Instance
X-Debug-Info
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cluster
X-FB-Debug
Tracecode
X-App-Environment
Access-Control-Allow-Method
Refresh
X-Varnish-Grace
X-Jobs
X-Forwarded-Host
X-B
X-Page-Id
Surrogate-Key
X-PHP-Backend
X-Framework
Fastcgi-Useragent
Source
X-Cache-TTL
Actual-Object-TTL
X-Request-Guid
X-App-Server
Host
X-Seen-By
X-Mobile-URL
X-Cache-Operation
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
Frame-Options
X-Cache-Control
X-Geo-Country
X-TA-CDN-Provider
X-Hostname
X-Cached-By
Cleartype
X-Pad
X-Host-Name
X-Cache-Key
X-Signature
X-B-Cache
Upgrade-Insecure-Requests
X-Git-Hash
X-BCube-Filmed-By
X-Element-Page-Cache
X-Mobile
X-WebKit-CSP-Report-Only
NGB
X-Response-Served-From
Xserver
X-ATG-Version
X-Varnish-Backend
X-RemovedCookies
X-GeoIP
X-ProcessESI
WPE-Backend
X-UA-Device-Type
Webserver
X-Drupal-Cache-Tags
GEO-INFO
X-Daa-Tunnel
X-Amz-Replication-Status
Cache-Tv-Group
Eomportal-Instance
Filters
X-Handled-By
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Ms-Operation-Id
X-RTag
X-HS-Cache-Config
X-TT
X-RequestSource
X-Cacheable-TTL
X-Origin-Server
From-Origin
Payment
X-Adobe-Content
X-Adobe-Loc
X-Litespeed-Cache
X-EdgeConnect-Cache-Status
X-TT-TIMESTAMP
X-TX-ID
X-Cache-Remote
X-XRDS-LOCATION
X-Cache-TTL-Remaining
X-Wix-Request-Id
X-Status
Datacenter
X-Presslabs-Stats
X-Esi
Cache
X-FW-Dynamic
Liferay-Portal
X-WA-Info
X-Acc-Meta-Resource-Type
X-Hyper-Cache
X-Region
Version
X-Edge-Location
X-Ratelimit-Reset
X-Contextid
X-Cache-Action
X-Ttl
Viewport
X-Content-Age
X-Cache-NE
X-B3-Traceid
X-CF-Powered-By
X-Varnish-Hostname
X-Akamai-Transformed
X-PressLabs-Stats
PageSpeed
X-Storage
X-Cache-Server
X-HS-Combine-CSS
X-Varnish-Server
Ohc-File-Size
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Var
Load-Balancing
X-Accel-Buffering
X-Path-Route
Meta-Geo
X-ES-SERVER
Host-Header
X-Xfnlog-Site
X-IP
Country
X-Via-Fastly
X-Proxy
X-Viewer-Country
X-Cache-Enabled
Cache-Tags
Rt-Fastcgi-Cache
Release
TWC-Connection-Speed
X-CCM
TWC-GeoIP-Country
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Property-Id
TWC-Device-Class
Webcakes-Region
Cache-Name
X-Cache-Time
X-Debug-Cache
DB-Nickname
X-Access
X-NCache
X-Loop
X-Device-Type
Webcakes-App-Version
X-Cache-Config
X-Origin-Hint
X-TNCMS
X-UnsetCookies
Webcakes-App-Name
X-OCL
X-Varnish-Cache-Hits
X-Section
Vix-Hermes-Req-Id
X-Yottaa-Metrics
X-Origin
X-Yottaa-Optimizations
X-Tumblr-Pixel-3
X-Proto
X-Upgrade-Enabled
X-PCL
X-CS
X-VCT
X-Format
X-R9-Blue-Green-Version
X-FC-Vary-Parameters
X-Drupal-Cache-Contexts
Ec-Rule-Version
X-Akamai-Request-ID
Mn-Server-Ip
S-Rt
Selected-Fe
X-Backend-Name
X-Backend-TTL
X-Rule
DSUID
X-Proxy-Build
X-Cluster-Node
X-EIG-Tracking-Id
X-Cache-Host
X-JoinUs
X-Human
X-Akamai-Request-ID2
X-Timing-Wait
X-Labrador-Cache-Channel
X-NGENIX-Cache
X-Cache-Grace
X-Origin-Response-Time
X-Www-Served-By
X-From
Cache-Hits
S-Cnection
X-Vgn-Hpd-Reason
X-Hosted-By
X-Generated
X-ApacheServer
X-Time-Microsecs
X-PERF
X-FireWall-Port
Decoy-Debug-TTL
X-Web-Node
Decoy-Debug-Status
X-Trace-Id
X-Site-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Locale
Azure-RegionName
Azure-SlotName
Azure-InstanceId
X-Hit
X-Varnish-Hits
Azure-Version
Azure-SiteName
Decoy-Debug-Key
Ohc-Cache-HIT
X-NewRelic-App-Data
X-Ua
X-Rendered-As
X-OVcl
X-OVcl-Cache
X-Real-IP
Cache-Key
X-S
Time
Origin-Cache-Control
Origin-Edge-Control
L5d-Success-Class
X-Pubstack
Server-Info
X-Redis-Cache
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Now
X-FW-Version
Accept-CH-Lifetime
X-SS-Set-Cookie
X-Upstream-HT
X-Upstream-CT
Fastcgi-X-Cache-Version
OT-Force-Account-Verify
Fastly-SSL
X-Origin-TTL
X-Origin-CC
ServedBy
Access-Control-Request-Headers
Mime-Version
X-APP-VERSION
X-ServerID
X-Cluster-Name
X-Alternate-Cache-Key
Cteonnt-Length
X-App-Version
Origin
X-Load-Cache
X-UUID
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-FB-TRIP-ID
X-Parent-Response-Time
X-Tec-Api-Origin
X-Tec-Api-Version
Hostname
X-Tec-Api-Root
X-GoCache-CacheStatus
X-Soup
X-Rocket-Nginx-Bypass
X-VG-WebCache
NtCoent-Length
X-CACHE-KEY
X-VG-TLSProxy
X-Upstream-Proxy
Accept-Language
Machine
X-Is-Bot
Nel
X-Uri
X-Tb
X-ECACHE
IBM-Web2-Location
Odigeo-Trace-Id
NGX
X-CSRF-TOKEN
X-No-Session
X-ProxyCache-Status
X-Environment-Context
X-L-Path
X-ProxyCache-Key
X-Info
X-MServer
X-BYPASS-REASON
X-Nc
X-Node-Id
X-Oneagent-Js-Injection
X-Tt-Trace-Tag
X-PAYTM-SRV-ID
Proxy-Connection
X-Rewrite-Enabled
X-Region-Sid
X-Request-UUID
X-Rojux
MD5-Digest
X-External-Request-Id
X-DPWN-IS-SECURE
X-A-Wwc
X-G
X-S-Cookie
GEO-REGION-INFO
X-B3-Parentspanid
Request-Time
Fly-Request-Id
X-A-Dgt
Content-Style-Type
X-A-Dam
Apple-News-Services-Parsed-Url
VivaBuild
Viewtype
X-A
Apple-News-Services-Host
Uber-Trace-Id
A
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Arc-Country
X-Accel-Expires-Debug
Cross-Origin-Window-Policy
Fly-Cache
X-A-Dcw
Content-Script-Type
AsisCache
BehaviorPad-Version
Cache-Prefix
X-Instart-Info
X-Aed
X-Developer
X-A-Ccd
T-Server
X-Transaction
X-Detected-As
X-CF-Lambda-Version
ServerName
X-Destination
Rt-Proxy-Cache
X-Trv-Group
Xc-Version
Request-EU
X-Nginx-Cache
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Worker
Mobile-Detection-Method
X-Twitter-Response-Tags
X-VG-WebServer
X-Cms-Context
X-Hl-Ver
X-Connection-Hash
X-Application
X-ARC
Memcached
X-AIR-PT
Request-Country
X-ScT
X-Server-Time
X-SRCache-Key
X-B3-SpanId
X-Date
Meta-Geo-Continent
X-CF-Lambda-Fn
Rendered-Blocks
Node
X-B-Cookie
X-D
X-Endurance-Cache-Level
CF-IPCountry
Backend-Name
X-WADP-Cache
X-SVT-ORM-VERSION
X-Cache-Bucket
X-SIPLIST1
IsBot
X-Has-Esi
X-Compress-Hint
X-S-Maxage
X-Cdn-Srv
X-Device-Os
N-Cache
X-Clara-WADP
Fastly-Soc-X-Request-Id
X-SVT-ORM-RULES
X-JWT-State
X-Is-Gdpr
X-Developers
We-Hiring
Srv
X-UA
Mail-Subject
X-B3-Spanid
X-Amzn-Remapped-Content-Length
X-Ruxit-Js-Agent
Akamai-GRN
User-Cache-Control
X-PHP-Host
X-Cdn-Forward
X-Geo
X-Old-Content-Length
X-Origin-Date
X-TrackingId
X-Amz-Meta-Cache-Control
X-Location
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Auto-Login
X-LI-Proto
X-Origin-Expires
X-LI-UUID
X-Magnolia-Registration
Wxu-Next-Region
Served-By
X-Reqid
X-Release
X-Request-Start
X-Server-IP
X-Skip-Cache
X-Service
X-Reboot
Section-Io-Cache
Wxu-Next-Hostname
Server-Host
Wxu-Next-Commit
X-NC
X-Eu-Site
X-Platform-Server
X-Owner
X-BBXSRF
X-Debug-Cache-Store
X-Generation-Time
X-Generated-On
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Geo-Header
X-CUA
X-Generated-By
X-Dispatch
X-Fastly-Cache
X-Epic-Correlation-Id
X-Fetched-On
X-Distributor
X-Dispatcher-Server
X-Distil-CS
X-GeoIP-City
X-Hash
X-C
X-Li-Fabric
X-Bip
RNT-Time
X-Li-Pop
X-Backend-Url
X-Level-Front-Cache
X-Cache-FS-Status
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Clientip
X-Irp-Debug
X-Guploader-Uploadid
X-CGP
X-Backend-Host
X-Thanos
Ha-Gx-Prefs
Gh-Request-Id
Adler-Geo
Content-Disposition
HA-Ipaddr
Heartbleed
X-Hnp-Log
Is-Eu
X-Sn-Servicetimems
AKAMAI
X-Block-Status
Countrycode
X-ElasticPress-Search
X-Gen-Mode
X-Request-URI
X-Debug-Log
X-Debug-Cookies
RNT-Machine
X-Cache-Info
X-Cdn-Origin
X-Via-CDN
L
X-Proxy-Upstream
Platform
PFcat
Pagetype
X-VC-Cache
Pramga
X-Up
X-User
X-Var-Ttl
X-Variation
X-We-Are-Hiring
X-WebServer
CDCHOST
X-NX-Host
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Proxy-Cache-Status
X-Webstats-RespID
X-Ratelimit-Limit
SRV
X-Microcachable
X-NWS-UUID-VERIFY
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Say-TTL
X-Urbn-Site-Id
X-VServer
X-Svr
X-Urbn-Context-Path
X-Thinkindot-L3
X-SayCDN-TTL
X-Swa-Ws
X-Say-Cacheable
X-Cache-Id
Locale
Server-Int
X-Nginx-Cache-Key
Kp-EeAlive
Fastly-SWR
X-Servername
X-Qloud-Router
Fastly-SIE
X-Method
Thinkindot-CacheControl
X-Key
X-Generated-In
X-Matched-Rule
X-Lb-Id
Web-Mar-Node
Thinkindot-CacheControl-Type
Thinkindot-Control
True-Client-Country-4JS
X-Policy
X-SD-PageType
X-GEO
Esi-Enabled
X-App-Name
X-Backend-State
Magicmarker
X-Core-Mission
W
SD-X-WS
X-Dc
Cache-Provider
X-Internal-Host
X-ServiceProvider
Server-ID
X-MSEdge-Features
X-Instart-Isnd
Memory
Resin-Trace
V-Age
X-MSEdge-Flight
X-Cache-URL
X-AWS-Id
X-LJ-Flow-ID
Cdn-Host
X-VWS-Id
Cdn-Request-Time
X-DC
X-Scheme
X-Edge-Server
X-Cache-Backend
X-Be
X-Processor
REQUESTUUID
X-FPC
X-GDPR
X-Mode
X-Org
X-Request-Time
Group
SS
X-Wa
X-Pjax-Url
X-ABtesting
X-Servedbyhost
X-Flog
X-Hello
X-NodeID
X-Unique-ID
X-Datadome
X-Server-W
X-Response-By
Cache-Host
X-IPS-LoggedIn
X-GRACE
Country-Code
X-Ms-Version
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-SN
X-Ms-Request-Id
X-Page-Type
Cache-Cookie-Set-Lfrom
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-CDN-Forward
X-Varnish-Beresp-Status
X-VCL-Version
X-Varnish-Beresp-Grace
X-HS-Status
X-Oracle-Dms-Rid
X-Varnish-Beresp-Ttl
X-Proxied
X-Webkit-Csp
X-Zipkin-Id
X-EC-Lua
X-Routing-Service
X-Ftr-Request-Id
UCS
X-SRV
X-Tb-Optimization-Total-Bytes-Saved
X-Session-Fingerprint
X-Via-Ucdn
Lfy
PICS-Label
X-Zone
X-Dynatrace
X-Agile-Id
X-Agile-Age
X-Agile
X-URL
X-Cache-Debug
X-COUNTRY
X-DataStream-Cache-Status
X-Logtrace-Id
SN
Ttl
Powered-By-ChinaCache
Ajk
X-Varnish-Beresp-TTL
X-RateLimit-Reset
X-Ratelimit-Remaining
X-MP-GENERATED-AT
X-Pf-Uncompressing
X-7Graus-Varnish-XKeys
Geoip-Latitude
GeoIp-Country-Code
X-Webapp-Samesite-None-Activated-N
Geoip-City
X-Fastly-Country-Code
GeoIP-Latitude
Proxy-Firewall
X-PF-Uncompressing
X-7Graus-Varnish-Cache-Control
GeoIP-Country-Code
GeoIP-City
X-Sucuri-Id
X-Source
ProcessTime
X-Sedo-Request-Id
X-Cache-Miss-From
X-APP
X-Logging-Id
X-ZONE
Environment
X-Grey
X-Cache-Category-Id
X-CSRF-Token
Powered-By
X-NODE
X-HTML-Minification-Powered-By
XServer
X-Newrelic-Synthetics
X-Ftr-Cache-Host
Cdn
X-CLOUD-TRACE-CONTEXT
X-Sucuri-ID
X-Bc
X-TH-Server
X-Unique-Id
X-Tt-Trace-Host
Pics-Label
X-Vcl-Version
Amp-Access-Control-Allow-Source-Origin
X-DataStream-MidMile-RTT
Fastly-Backend-Name
X-DataStream-Origin-MEX-Latency
M-TraceId
X-Core-Value
CF-Cached-On
X-Edge
CACHE
X-Check-Cacheable
X-LiteSpeed-Cache-Control
X-Aicache-OS
X-Vdms-Version
X-Sucuri-Cache
WWW
Cf-Ipcountry
X-Ftr-Dc
X-Ftr-Backend
X-Ftr-Realm
X-Ftr-Balancer
X-Dynatrace-Js-Agent
X-Ftr-Backend-Server
HostName
X-RCS-CacheZone
X-Mid
X-Fastly-Backend-Reqs
Cdnsip
X-Sigma
Requestid
GW-Server
X-Rocket-Build-Number
X-Sigma-Backend
X-AK-Request-ID
Cdncip
X-Correlation-ID
MIME-Version
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-Rules
X-FORWARDED-FOR
LB
X-LAGOON
X-MCACHE
X-Cache-Tag
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Fstrz
X-Varnish-Ttl
X-Swift-Error
Pragrma
X-Gannett-Site-Version
X-Varnish-Url
X-TT-LOGID
Ohc-Response-Time
X-Secret
X-ServedByHost
X-Litespeed-Cache-Control
X-Via-NSCOPI
X-BC
X-NGINX-Cache
X-UPSTREAM-Address
Lb
X-BE
X-RPM
X-PJAX-URL
X-WA
X-Cache-Ttl
X-CDN-Cache
TTL
X-RSL
X-RPS
URI
X-DB
X-DI
X-DSS
X-DW
X-Action
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Dynatrace
X-SaId
X-Fpc
X-GeoIP-Country-Code
RequestUuid
X-Varnish-Cacheable
On-Server
X-ND-Cache
WZWS-RAY
X-WR-MODIFICATION
Host-ID
DataCenter
CDN
Get-Access-Time
Xkeypdq
X-Upstream-Ct
X-Proxy-Cacherz
Server-Id
X-Refresh
X-Trafficlayer-App-Version
Inserted-Into-Cache-At
User-Agent
X-Upstream-Ht
Xkeyrz
X-Zalando-Child-Request-Id
Is-Session-Tracking
X-Page-Impression-Id
X-Flow-Id
X-Nananana
X-Fastly-Cache-Hits
Correlation-Id
X-MID
X-Via-SSL
X-Via-Edge
Locid
X-Served-From
X-Dw-Trace-Id
Warning
X-SB
X-VC
X-Akamai-SSL-Client-Sid
X-Cf-Powered-By
X-Amzn-Remapped-Date
X-Bug-Bounty
X-Amzn-Remapped-Connection
X-Akamai-ERPolicy
X-Akamai-ERRuleID
HitType
X-ECache
X-Pod
X-Req
X-Gamma-Serve
Thinkindot-Cache-Type
Xet-Cookie
Gannett-Cam-Experience-Id
X-Newrelic-App-Data
X-MiniProfiler-Ids
X-Gen-Id
V-Cache
X-NU-AKA-ACS-Version
X-ServerName
RequestId
X-Crawler
X-Gdpr
X-LiteSpeed-Tag
SID
X-LB-ID
Who
Cneonction
Processtime
X-Request-URL