Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Xss-Protection
X-Permitted-Cross-Domain-Policies
X-Cache-Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-CDN
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-Cdn
Feature-Policy
X-WebKit-CSP
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
X-Rack-Cache
Allow
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Country
X-HW
X-Url
Rating
X-ORACLE-DMS-RID
X-Country-Code
X-DataDome
X-FTR-Request-ID
X-Clacks-Overhead
X-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-Goog-Hash
X-Varnish-TTL
X-PC
X-TtlSet
X-Vname
X-MS-InvokeApp
X-CST
Verso
X-Px
RTSS
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
X-Ah-Environment
Service-Worker-Allowed
Pinterest-Generated-By
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-D2id
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Variant
X-Kinja-Server
Display
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
Accept-Ch-Lifetime
X-Akam-SW-Version
MS-Author-Via
Accept-CH
X-GitHub-Request-Id
TCN
X-RateLimit-Remaining
X-Abt-Application-Version
X-Navigation-Version
X-Powered-CMS
X-Upstream
X-B3-TraceId
X-Shard
X-Forwarded-Proto
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Amz-Server-Side-Encryption
SPRequestDuration
SPIisLatency
Charset
AR-ATIME
AR-PoweredBy
AR-CACHE
Ar-Sid
X-XRDS-Location
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Fastly-Restarts
X-ESI
X-Amz-Rid
X-Aspnetmvc-Version
Nginx-Cache
Realpath
X-Trace
X-Debug
X-Server-Name
Front-End-Https
AR-Request-ID
X-Cached
X-Ezoic-Cdn
X-Shield-Request-Id
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Access-Control-Request-Method
X-MSEdge-Ref
Paypal-Debug-Id
X-NF-Request-ID
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
Arr-Disable-Session-Affinity
Pagespeed
ServerID
Content-MD5
DynaTrace
X-Id
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-Goog-Storage-Class
MicrosoftSharePointTeamServices
S
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-Client-IP
X-VCache
X-Via-JSL
X-Content-Type
X-DynaTrace-JS-Agent
X-Vcache
X-Hits
X-Dw-Request-Base-Id
X-Varnish-Age
X-Amzn-Trace-Id
X-B3-Traceid
X-SERVER
X-RateLimit-Limit
X-N
X-Forwarded-For
Fastcgi-Cache
X-Frontend
X-Grace
X-Correlation-Id
X-FTR-Cache-Host
X-Content-Digest
Powered
X-FastCGI-Cache
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-Accel-Expires
X-DIS-Request-ID
X-Ser
Server-Name
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
Accept-Ch
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Hub-Id
X-Microsite
X-Request-Handler-Origin-Region
X-Zen-Fury
X-Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
TP-Cache
TP-L2-Cache
X-Cache-Age
X-Kinsta-Cache
FilterID
X-Esi
X-LB-Cache
X-Rid
X-Type
X-User-Agent
X-Az
X-IPLB-Instance
X-Revision
X-AppVersion
X-Activity-Id
X-Analytics
Backend-Timing
Healthy
Edge-Cache-Tag
X-Node-Name
X-F-Cache
X-Whom
Retry-After
X-Srv
X-Time
X-Acc-Meta-Resource-Type
X-Cache-2
X-NWS-LOG-UUID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Amz-Apigw-Id
X-Amzn-RequestId
Accept-Charset
Alternate-Protocol
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-Cache-Rule
Server-Node
X-AOL-HN
Cache-Status
X-Content-Options
Surrogate-Key
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Forwarded-Host
Access-Control-Allow-Method
Refresh
X-Cluster
X-Akamai-Edgescape
DC
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FB-Debug
X-FW-Type
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-User
X-Content-Powered-By
X-Tumblr-Pixel
X-Jobs
X-Debug-Info
X-Page-Id
X-Framework
Source
X-Varnish-Grace
X-PHP-Backend
X-Request-Guid
X-App-Environment
MS-CV
X-Hp-Webp
X-Hostname
X-App-Server
Fastcgi-Useragent
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-B
Frame-Options
Cleartype
Host
X-B-Cache
X-Signature
X-Cache-Key
Tracecode
Cache-Tag
X-TA-CDN-Provider
X-Cache-Operation
Actual-Object-TTL
X-BCube-Filmed-By
X-Mobile-URL
X-Geo-Country
X-Cached-By
X-Varnish-Backend
X-Cache-Control
X-Amz-Replication-Status
X-DataStream-Cache-Status
X-TT
X-Ratelimit-Reset
Liferay-Portal
X-Pad
X-Seen-By
X-PressLabs-Stats
Xserver
X-Mobile
X-Host-Name
NGB
X-Response-Served-From
X-ATG-Version
X-Git-Hash
X-Adobe-Content
X-Adobe-Loc
Payment
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
X-Status
X-WA-Info
X-WebKit-CSP-Report-Only
Eomportal-Instance
Webserver
WPE-Backend
Cache-Tv-Group
X-Tumblr-Pixel-1
Filters
X-FW-Dynamic
X-Tumblr-Pixel-2
X-Drupal-Cache-Tags
X-RemovedCookies
X-ProcessESI
X-Handled-By
X-GeoIP
X-TX-ID
X-RTag
Ms-Operation-Id
From-Origin
X-Cacheable-TTL
X-RequestSource
X-UA-Device-Type
GEO-INFO
X-Content-Age
X-Cache-TTL
X-Daa-Tunnel
X-Cache-Remote
X-Webkit-CSP
X-Cache-TTL-Remaining
X-Edge-Location
Viewport
X-Storage
X-Upstream-Proxy
Accept-CH-Lifetime
Datacenter
X-Origin-Server
X-Accel-Buffering
X-Cache-Action
Cache
X-EdgeConnect-Cache-Status
X-Varnish-Hostname
X-Hyper-Cache
Version
X-Contextid
X-Ua
X-CF-Powered-By
X-Region
Host-Header
X-Oracle-Dms-Rid
PageSpeed
X-Wix-Request-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
NR-ENABLED
SRV
X-Varnish-Server
X-Akamai-Transformed
Meta-Geo
X-Path-Route
Load-Balancing
X-Cache-Var
X-ES-SERVER
X-RN-RSRV
X-Cache-Var-Map
Selected-Fe
X-From
S-Cnection
X-Timing-Wait
X-IP
X-Proxy-Build
X-Akamai-Request-ID2
X-Generated
X-TNCMS
X-Loop
X-Backend-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proto
Cache-Tags
X-JoinUs
X-Proxy
X-Cache-Config
Cache-Name
Vix-Hermes-Req-Id
X-CS
X-Rule
X-NCache
X-Section
X-Time-Microsecs
X-Tumblr-Pixel-3
X-Akamai-Request-ID
X-Origin-Response-Time
X-FC-Vary-Parameters
X-Cache-Enabled
Cache-Hits
X-PERF
X-Access
Now
X-Hit
X-Cluster-Node
Decoy-Debug-Key
Ec-Rule-Version
X-ApacheServer
Decoy-Debug-TTL
Decoy-Debug-Status
X-Viewer-Country
X-Via-Fastly
Rt-Fastcgi-Cache
X-CCM
Azure-SiteName
X-Cache-Grace
Azure-SlotName
DB-Nickname
X-Format
TWC-Connection-Speed
Azure-Version
X-Backend-TTL
Webcakes-Region
TWC-GeoIP-Country
TWC-Device-Class
Azure-InstanceId
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-FW-Version
X-Hosted-By
X-Upstream-CT
X-Upgrade-Enabled
X-Trace-Id
X-Upstream-HT
X-Varnish-Cache-Hits
X-Xfnlog-Site
Mn-Server-Ip
X-Web-Node
Property-Id
X-R9-Blue-Green-Version
S-Rt
X-Labrador-Cache-Channel
Cache-Key
X-OCL
X-Origin
X-PCL
X-Origin-Hint
Azure-RegionName
X-Drupal-Cache-Contexts
X-Locale
X-Site-Version
X-Www-Served-By
X-Human
X-FireWall-Port
X-Device-Type
X-EIG-Tracking-Id
X-Cache-Host
X-UnsetCookies
Country
Ohc-File-Size
X-Cache-Time
X-Debug-Cache
Server-Info
DSUID
X-Cache-Server
Release
Time
OT-Force-Account-Verify
X-Varnish-Hits
X-S
X-Rendered-As
X-Cache-NE
X-NewRelic-App-Data
X-Presslabs-Stats
X-Vgn-Hpd-Reason
X-VG-TLSProxy
X-DataStream-MidMile-RTT
ServedBy
X-DataStream-Origin-MEX-Latency
X-Alternate-Cache-Key
X-Shopify-Stage
X-VG-WebCache
Hostname
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-FB-TRIP-ID
X-VCT
X-APP-VERSION
Fastcgi-X-Cache-Version
Ohc-Cache-HIT
Accept-Language
X-OVcl
X-Real-IP
X-OVcl-Cache
X-Redis-Cache
X-Tb
Machine
Cteonnt-Length
X-HS-Cache-Config
Origin
X-Nginx-Cache
X-Mode
X-B3-Spanid
X-Server-ID
X-Pubstack
NtCoent-Length
Origin-Edge-Control
Access-Control-Request-Headers
L5d-Success-Class
Origin-Cache-Control
X-Environment-Context
X-No-Session
X-L-Path
X-GEO
X-CSRF-TOKEN
X-NC
X-Request-Time
X-Tt-Trace-Tag
X-Cluster-Name
X-Load-Cache
X-Magnolia-Registration
Odigeo-Trace-Id
X-Generated-By
Fastly-SSL
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
X-App-Version
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
X-UUID
X-NGENIX-Cache
Nel
Mime-Version
X-B3-Parentspanid
X-Endurance-Cache-Level
Akamai-GRN
X-GoCache-CacheStatus
X-DC
X-Parent-Response-Time
X-CACHE-KEY
X-XRDS-LOCATION
X-Rocket-Nginx-Bypass
X-SS-Set-Cookie
Request-Time
X-ServerID
We-Hiring
Mail-Subject
X-ECACHE
X-Oneagent-Js-Injection
X-Element-Page-Cache
X-Soup
X-Instart-Info
X-Developer
BehaviorPad-Version
X-SRCache-Key
Arc-Country
AsisCache
X-G
X-Application
X-Date
X-Trv-Group
X-VG-WebServer
X-Is-Bot
X-D
Cache-Prefix
X-ARC
GEO-REGION-INFO
Apple-News-Services-Handled
Viewtype
Apple-News-Services-Host
MD5-Digest
Locale
X-Destination
X-Transaction
X-MServer
A
Proxy-Connection
Memcached
X-Origin-TTL
Apple-News-Services-Parsed-Url
Cdn-Host
Node
X-Detected-As
X-Region-Sid
X-B-Cookie
Meta-Geo-Continent
Mobile-Detection-Method
Apple-News-Services-Request-Url
X-Aed
X-Request-UUID
X-Origin-Date
X-External-Request-Id
X-Origin-Expires
X-Org
X-Rewrite-Enabled
X-Vtex-Remote-Cache
X-A-Dgt
X-Origin-CC
Rt-Proxy-Cache
X-A-Dcw
X-A-Dam
X-A-Ccd
Fly-Cache
X-A
X-DPWN-IS-SECURE
X-Edge-Server
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-Worker
X-Rojux
VivaBuild
Content-Script-Type
Content-Style-Type
X-Accel-Expires-Debug
X-Urbn-Site-Id
X-Vtex-Processado-Em
X-CF-Lambda-Fn
X-AIR-PT
Fly-Request-Id
Rendered-Blocks
X-Urbn-Context-Path
X-Server-Time
X-Twitter-Response-Tags
X-A-Wwc
X-S-Cookie
X-Connection-Hash
Cdn-Request-Time
T-Server
Xc-Version
X-ScT
Cross-Origin-Window-Policy
NGX
X-Zipkin-Id
CF-IPCountry
X-Routing-Service
X-Proxied
Uber-Trace-Id
Backend-Name
ServerName
Fastly-Soc-X-Request-Id
X-Cms-Context
X-Clientip
Countrycode
X-Developers
X-Cdn-Srv
Gh-Request-Id
X-Cache-Bucket
X-Distil-CS
X-Core-Mission
X-Up
X-Auto-Login
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Azure-Ref
X-Azure-Ref-OriginShield
X-IN-APIGATEWAY
X-Via-CDN
Request-Country
Section-Io-Cache
Server-ID
X-Release
X-S-Maxage
X-SIPLIST1
Request-EU
X-Hl-Ver
X-IN-APIGATEWAYSSL
X-VC-Cache
X-Bip
IsBot
X-Fastly-Cache
X-TrackingId
X-Node-Id
N-Cache
X-HS-Combine-CSS
X-Thanos
X-ProxyCache-Status
X-BYPASS-REASON
X-ElasticPress-Search
X-ProxyCache-Key
User-Cache-Control
W
X-Block-Status
X-CGP
X-Backend-Host
X-ABtesting
X-Backend-Url
X-App-Name
X-C
X-BBXSRF
X-Cdn-Origin
X-Cache-Info
X-Gen-Mode
X-ServiceProvider
X-MSEdge-Features
X-MSEdge-Flight
X-Nginx-Cache-Key
X-NX-Host
X-Method
X-VServer
X-Location
X-Matched-Rule
X-Sn-Servicetimems
X-Skip-Cache
X-WADP-Cache
X-Request-Start
X-Rebelmouse-Cache-Control
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Rebelmouse-Surrogate-Control
X-WebServer
X-RateLimit-Remaining-Second
X-We-Are-Hiring
X-Proxy-Cache-Status
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Level-Front-Cache
X-Irp-Debug
X-Debug-Log
X-Distributor
X-Eu-Site
X-Flog
X-Debug-Cookies
X-Debug-Cache-Store
X-Compress-Hint
X-CUA
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-GDPR
X-Reboot
X-GeoIP-City
X-Hash
X-Hello
X-Hnp-Log
X-Geo-Header
X-Unique-ID
X-Generated-In
X-Thinkindot-L3
X-Generated-On
X-Generation-Time
X-Clara-WADP
Thinkindot-Control
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
Server-Int
X-B3-SpanId
Magicmarker
L
Fastly-SIE
Esi-Enabled
X-Guploader-Uploadid
Thinkindot-CacheControl-Type
AKAMAI
Thinkindot-CacheControl
CDCHOST
PFcat
Content-Disposition
X-Microcachable
X-Uri
X-Say-Cacheable
X-Internal-Host
X-Say-TTL
SS
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
True-Client-Country-4JS
Country-Code
X-LI-Proto
X-LI-UUID
Wxu-Next-Commit
X-Li-Fabric
Web-Mar-Node
X-Key
Cache-Cookie-Set-From
V-Age
X-Epic-Correlation-Id
X-Servername
X-Webstats-RespID
RNT-Machine
X-Swa-Ws
X-Fetched-On
X-Server-IP
X-Dispatch
Adler-Geo
X-SayCDN-TTL
X-Variation
X-User
X-Device-Os
Wxu-Next-Hostname
X-Li-Pop
RNT-Time
Pagetype
X-Backend-State
Served-By
X-PHP-Host
Platform
X-Qloud-Router
Pramga
X-Amz-Meta-Cache-Control
X-Platform-Server
Server-Host
X-Reqid
X-Old-Content-Length
Heartbleed
X-Cache-FS-Status
Kp-EeAlive
X-Policy
Wxu-Next-Region
X-Request-URI
X-Cache-Id
X-Owner
Is-Eu
X-Cdn-Forward
X-IPS-LoggedIn
X-MP-GENERATED-AT
X-Dispatcher-Server
X-Page-Type
SD-X-WS
X-Response-By
Memory
X-SD-PageType
Resin-Trace
UCS
X-FPC
X-Wa
X-Ttl
X-Servedbyhost
X-Var-Ttl
ProcessTime
REQUESTUUID
X-Service
X-Dc
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Ajk
X-Lb-Id
X-Logtrace-Id
X-Is-Gdpr
Powered-By-ChinaCache
X-Has-Esi
X-Nc
Cache-Provider
X-JWT-State
X-HTML-Minification-Powered-By
X-Geo
Proxy-Firewall
X-Ratelimit-Limit
X-NWS-UUID-VERIFY
X-Datadome
X-Cache-Backend
X-VCL-Version
X-RateLimit-Reset
Srv
X-SERVER-NAME
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Category-Id
X-Processor
X-Grey
Powered-By
X-SRV
X-Be
X-Info
X-Cache-URL
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Pjax-Url
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-ZONE
SN
X-Svr
X-Varnish-Beresp-Ttl
X-Ruxit-Js-Agent
X-CDN-Forward
PICS-Label
Fastly-Backend-Name
X-UA
X-Instart-Isnd
X-TH-Server
CACHE
Dynatrace
X-Webkit-Csp
X-Ftr-Request-Id
X-Cache-Ttl
X-SN
GeoIP-City
X-Dynatrace-Js-Agent
X-HS-Status
GeoIP-Latitude
GeoIP-Country-Code
X-Scheme
X-Zone
X-RCS-CacheZone
X-Dynatrace
X-NodeID
X-Varnish-Beresp-Status
X-GRACE
Group
X-Source
X-Varnish-Beresp-Grace
GW-Server
X-Newrelic-Synthetics
X-LAGOON
X-Pf-Uncompressing
X-Secret
X-Gannett-Site-Version
Cdn
X-Bc
X-Varnish-Url
X-Varnish-Beresp-TTL
X-EC-Lua
X-PF-Uncompressing
CF-Cached-On
LB
X-Server-W
WZWS-RAY
X-NODE
X-Sucuri-Id
On-Server
X-CDN-Cache
X-Varnish-Cacheable
Ttl
Cache-Host
X-Ftr-Cache-Host
X-APP
X-LiteSpeed-Cache-Control
X-Check-Cacheable
XServer
X-Ms-Request-Id
X-Ratelimit-Remaining
X-Ms-Version
X-Tt-Trace-Host
X-Via-Ucdn
User-Agent
X-GeoIP-Country-Code
Geoip-City
Inserted-Into-Cache-At
Pics-Label
X-BC
Geoip-Latitude
X-Edge
Environment
X-COUNTRY
GeoIp-Country-Code
MIME-Version
Lfy
X-Session-Fingerprint
X-Fastly-Country-Code
X-Aicache-OS
X-Akamai-SSL-Client-Sid
X-PJAX-URL
X-NU-AKA-ACS-Version
X-BE
WWW
X-URL
X-Ftr-Backend-Server
X-Ftr-Realm
X-Ftr-Dc
X-Ftr-Balancer
X-Ftr-Backend
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Agile
Ohc-Response-Time
X-Crawler
X-Mid
X-Agile-Age
Requestid
Who
X-Agile-Id
X-Cache-Debug
X-Render-Time
Cf-Ipcountry
X-MCACHE
X-FORWARDED-FOR
X-Varnish-Ttl
X-CSRF-Token
SID
M-TraceId
X-Vcl-Version
Amp-Access-Control-Allow-Source-Origin
X-7Graus-Varnish-Cache-Control
X-UPSTREAM-Address
X-LB-ID
X-Micro-Cache
X-Litespeed-Cache-Control
X-Fastly-Backend-Reqs
X-FE
URI
X-Logging-Id
X-7Graus-Varnish-XKeys
Lb
X-Sedo-Request-Id
X-Cache-Miss-From
X-Cache-Tag
DataCenter
X-Proxy-Cacherz
X-Via-SSL
X-Via-Edge
X-Served-From
Xkeyrz
X-WR-MODIFICATION
HostName
X-RPM
RequestUuid
X-DSS
X-DW
X-RSL
X-RPS
X-DB
Host-ID
X-DI
X-NGINX-Cache
X-Cf-Powered-By
X-Correlation-ID
X-Flow-Id
CDN
X-Core-Value
X-Zalando-Child-Request-Id
X-Action
X-Nananana
X-Amzn-Remapped-Connection
X-Page-Impression-Id
X-Amzn-Remapped-Date
X-WA
X-ServedByHost
Xkeypdq
X-Fastly-Cache-Hits
X-Vct
X-Fpc
X-Newrelic-App-Data
X-Swift-Error
X-Protected-By
X-Ecache
X-Vdms-Version
X-Cdn-Request-ID
X-MID
FNAC-ModuleRouting
Cdncip
X-SB
Warning
X-VC
Correlation-Id
X-TIME
X-AK-Request-ID
Cneonction
Cdnsip
X-Sucuri-ID
X-ECache
Processtime
Xet-Cookie
Is-Session-Tracking
X-Sucuri-Cache
Get-Access-Time
X-ND-Cache
X-Refresh
X-TT-LOGID
X-Request-Url
X-Bug-Bounty
X-Via-NSCOPI
X-Apw-Hits
X-Request-URL
X-ServerName
X-Fe
X-Serial
X-MiniProfiler-Ids
X-Apw-Access-Token
X-Apw-Access-Action
HitType
X-Apw-Access-Object
V-Cache
X-Dw-Trace-Id
X-Gdpr
X-Unique-Id