Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
X-Content-Security-Policy
Content-Encoding
X-AspNetMvc-Version
X-Request-ID
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
EagleId
X-Age
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Server
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
X-Amz-Version-Id
Feature-Policy
X-WebKit-CSP
X-Device
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
Report-To
X-Cloud-Trace-Context
EagleEye-TraceId
X-Response-Time
X-Backend-Server
X-Host
Request-Id
X-Node
Content-Location
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
X-ORACLE-DMS-RID
NEL
X-DataDome
X-Origin-Upstream-Status
X-Rack-Cache
X-Ruxit-JS-Agent
Surrogate-Control
X-HW
X-Dns-Prefetch-Control
Allow
Rating
X-Country-Code
X-Clacks-Overhead
X-FTR-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
X-DynaTrace
X-Url
X-Instart-Request-ID
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-MS-InvokeApp
X-TTL
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
RTSS
Public-Key-Pins
X-Px
Edge-Control
X-Mod-Pagespeed
X-Middleton-Display
Response
X-VARITI-CCR
X-Sol
Display
X-Middleton-Response
X-Recruiting
X-CST
X-Ah-Environment
X-B3-TraceId
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-D2id
X-SharePointHealthScore
Service-Worker-Allowed
SPRequestGuid
X-ESI
X-Vcap-Request-Id
X-Akam-SW-Version
X-Version
X-Server-Name
SPIisLatency
SPRequestDuration
MS-Author-Via
Accept-CH
X-Abt-Application-Version
TCN
X-GitHub-Request-Id
X-Powered-CMS
X-Navigation-Version
Accept-Ch-Lifetime
X-Shard
Charset
X-RateLimit-Remaining
X-Upstream
Fastly-Restarts
X-Trace
X-Amz-Server-Side-Encryption
AR-PoweredBy
AR-ATIME
AR-CACHE
Ar-Sid
X-Amz-Rid
Nginx-Cache
Realpath
X-Aspnetmvc-Version
X-Debug
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-XRDS-Location
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Ezoic-Cdn
Front-End-Https
X-Cached
X-NF-Request-ID
AR-Request-ID
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Pagespeed
X-MSEdge-Ref
X-Shield-Request-Id
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-VCache
X-FTR-Expires
X-FTR-Cache-Status
Content-MD5
X-Country-Code-Real
MicrosoftSharePointTeamServices
Paypal-Debug-Id
X-Id
X-Amz-Meta-S3cmd-Attrs
X-T
X-Goog-Storage-Class
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
S
X-FTR-Realm
X-FTR-Backend
ServerID
X-Fastly-Request-ID
X-Via-JSL
DynaTrace
X-Varnish-Age
X-Server-ID
X-Client-IP
X-Ser
X-Content-Type
X-Dw-Request-Base-Id
X-Hits
X-DynaTrace-JS-Agent
X-SERVER
X-Accel-Expires
X-Amzn-Trace-Id
Fastcgi-Cache
X-Content-Digest
X-Frontend
Powered
X-FastCGI-Cache
X-Correlation-Id
X-Forwarded-For
X-Grace
PB-RID
PB-PID
Arc-Version
X-N
X-Mobile-Rewrite
X-DIS-Request-ID
X-FTR-Cache-Host
Edge-Cache-Tag
X-Vcache
X-HS-Content-Id
X-HS-Hub-Id
Server-Name
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Limit
Accept-Ch
TP-L2-Cache
TP-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Request-Processing-Time
X-Request-Received
X-Fastcgi-Cache
X-B3-Sampled
X-Zen-Fury
Pinterest-Version
X-Pinterest-Rid
X-Cache-Age
X-Kinsta-Cache
X-Revision
X-AppVersion
X-Az
X-Type
X-User-Agent
X-Time
X-IPLB-Instance
X-Rid
X-Activity-Id
X-LB-Cache
Healthy
Backend-Timing
X-Analytics
X-GUploader-UploadID
X-Whom
Retry-After
FilterID
X-Srv
X-Cache-Hit
X-Node-Name
X-NWS-LOG-UUID
Server-Node
X-F-Cache
Alternate-Protocol
Accept-Charset
X-B3-Traceid
X-Cache-2
X-Erf-Bev-Bev-Is-Generated
X-Kong-Upstream-Latency
X-Erf-Bev-Bev
X-Kong-Proxy-Latency
X-Hp-Webp
X-Cache-Rule
Cache-Status
X-Akamai-Edgescape
X-Content-Options
Cache-Tag
X-Amz-Apigw-Id
X-Webkit-CSP
X-Amzn-RequestId
Surrogate-Key
X-TA-CDN-Provider
X-Content-Security-Policy-Report-Only
Refresh
DC
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Instance
VIX-Pulpo-Node
X-AOL-HN
X-Forwarded-Host
Access-Control-Allow-Method
X-Debug-Info
X-Varnish-Grace
MS-CV
X-Jobs
Tracecode
X-Framework
X-App-Environment
Source
X-PHP-Backend
X-Cluster
X-Page-Id
Fastcgi-Useragent
X-Request-Guid
X-FB-Debug
X-FW-Hash
X-App-Server
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Serve
X-B
Frame-Options
X-Cache-TTL
X-Cache-Operation
Actual-Object-TTL
Host
X-Mobile-URL
X-Hostname
X-Seen-By
X-Geo-Country
Cleartype
X-Cache-Control
X-B-Cache
X-Signature
X-Cache-Key
NR-ENABLED
X-Acc-Meta-Resource-Type
X-Host-Name
X-BCube-Filmed-By
X-Cached-By
X-Esi
X-Git-Hash
Accept-CH-Lifetime
Upgrade-Insecure-Requests
X-Mobile
X-TT
X-Amz-Replication-Status
X-Pad
X-Varnish-Backend
NGB
X-Response-Served-From
X-Adobe-Loc
X-WebKit-CSP-Report-Only
X-Adobe-Content
GEO-INFO
WPE-Backend
X-TT-TIMESTAMP
Eomportal-Instance
X-Tumblr-Pixel-1
Payment
Ms-Operation-Id
X-RequestSource
Webserver
X-RemovedCookies
X-GeoIP
Cache-Tv-Group
Filters
X-Handled-By
X-UA-Device-Type
X-RTag
X-ProcessESI
X-ATG-Version
X-Tumblr-Pixel-2
X-Drupal-Cache-Tags
From-Origin
X-TX-ID
X-Cache-Remote
Liferay-Portal
X-Cacheable-TTL
X-Status
X-Daa-Tunnel
X-EdgeConnect-Cache-Status
X-Origin-Server
X-Cache-TTL-Remaining
X-FW-Dynamic
X-WA-Info
X-Presslabs-Stats
X-Content-Age
X-Cache-Action
Xserver
X-Wix-Request-Id
X-Edge-Location
X-Hyper-Cache
X-Storage
X-Contextid
Viewport
X-Ratelimit-Reset
Datacenter
X-Region
X-HS-Cache-Config
Version
X-CF-Powered-By
X-Element-Page-Cache
X-Varnish-Hostname
X-Accel-Buffering
Ohc-File-Size
Cache
PageSpeed
X-PressLabs-Stats
X-Akamai-Transformed
X-Cache-NE
Host-Header
X-ES-SERVER
Meta-Geo
X-Cache-Server
Load-Balancing
X-RN-RSRV
X-Cache-Var
X-Cache-Var-Map
X-Varnish-Server
X-Path-Route
S-Cnection
X-IP
X-Yottaa-Optimizations
X-Yottaa-Metrics
Cache-Name
Cache-Tags
X-Proxy
Ohc-Cache-HIT
X-Proto
X-Akamai-Request-ID2
X-Cache-Enabled
Decoy-Debug-Key
Decoy-Debug-Status
Webcakes-App-Name
Country
TWC-Locale-Group
Vix-Hermes-Req-Id
TWC-Privacy
TWC-GeoIP-LatLong
Decoy-Debug-TTL
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Release
Mn-Server-Ip
Ec-Rule-Version
Rt-Fastcgi-Cache
Property-Id
X-Cluster-Node
Cache-Hits
X-PERF
X-Origin-Response-Time
Webcakes-App-Version
X-Loop
X-NCache
X-Viewer-Country
X-Via-Fastly
X-Section
X-R9-Blue-Green-Version
X-Time-Microsecs
X-TNCMS
X-Varnish-Cache-Hits
X-Tumblr-Pixel-3
X-Device-Type
X-Origin-Hint
X-ApacheServer
X-Cache-Config
X-NewRelic-App-Data
X-CS
X-Akamai-Request-ID
X-Access
Webcakes-Region
X-Upstream-CT
X-Upgrade-Enabled
X-VCT
X-Proxy-Build
X-UnsetCookies
X-Backend-TTL
X-Upstream-HT
DSUID
X-Rule
Cache-Key
DB-Nickname
X-Timing-Wait
X-Trace-Id
X-Backend-Name
X-Cache-Host
X-Labrador-Cache-Channel
X-Debug-Cache
X-OCL
X-Human
X-From
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-Format
X-Origin
X-CCM
X-Web-Node
X-PCL
X-Drupal-Cache-Contexts
X-Cache-Time
X-Www-Served-By
Selected-Fe
X-Xfnlog-Site
X-Cache-Grace
S-Rt
X-Ttl
Azure-Version
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
X-Locale
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Site-Version
X-Hit
X-Generated
X-JoinUs
X-Hosted-By
X-Ua
X-Vgn-Hpd-Reason
Server-Info
X-FireWall-Port
X-Upstream-Proxy
Time
X-Rendered-As
X-S
X-Varnish-Hits
X-FW-Version
Now
X-OVcl-Cache
X-OVcl
X-Real-IP
X-HS-Combine-CSS
X-NGENIX-Cache
Hostname
X-Pubstack
L5d-Success-Class
OT-Force-Account-Verify
X-Litespeed-Cache
X-SS-Set-Cookie
Fastcgi-X-Cache-Version
Origin-Cache-Control
Origin-Edge-Control
Access-Control-Request-Headers
X-Redis-Cache
ServedBy
X-FB-TRIP-ID
X-VG-TLSProxy
X-XRDS-LOCATION
Cteonnt-Length
Accept-Language
Origin
X-VG-WebCache
Fastly-SSL
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-APP-VERSION
X-App-Version
X-ShardId
X-Alternate-Cache-Key
X-Parent-Response-Time
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
NtCoent-Length
X-CSRF-TOKEN
Machine
X-Cluster-Name
X-Origin-TTL
X-Tb
X-UUID
X-Origin-CC
X-CACHE-KEY
X-Tt-Trace-Tag
X-Load-Cache
X-GoCache-CacheStatus
X-ServerID
X-NC
X-URL
X-Rocket-Nginx-Bypass
SRV
X-Soup
IBM-Web2-Location
X-No-Session
X-GEO
X-ECACHE
X-Environment-Context
X-L-Path
Nel
Mime-Version
X-B3-Spanid
NGX
X-Guploader-Uploadid
X-DataStream-Cache-Status
X-Uri
X-B3-Parentspanid
X-Nginx-Cache
X-Is-Bot
Proxy-Connection
X-MServer
X-Magnolia-Registration
X-Oneagent-Js-Injection
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
X-A
X-A-Ccd
VivaBuild
X-VG-WebServer
Request-Time
ServerName
T-Server
X-Vtex-Processado-Em
Viewtype
X-Vtex-Remote-Cache
Mail-Subject
Odigeo-Trace-Id
Content-Style-Type
Content-Script-Type
Cross-Origin-Window-Policy
A
Fly-Cache
Apple-News-Services-Handled
Apple-News-Services-Host
AsisCache
BehaviorPad-Version
Arc-Country
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Fly-Request-Id
GEO-REGION-INFO
Rendered-Blocks
Akamai-GRN
X-Node-Id
Xc-Version
X-Worker
X-A-Dam
Node
MD5-Digest
Memcached
Meta-Geo-Continent
Mobile-Detection-Method
Rt-Proxy-Cache
X-Aed
X-CF-Lambda-Version
X-A-Dcw
X-B3-SpanId
X-Connection-Hash
Cache-Prefix
X-CF-Lambda-Fn
X-Server-Time
X-G
X-Transaction
X-SRCache-Key
X-D
X-DPWN-IS-SECURE
X-Hl-Ver
X-External-Request-Id
X-Instart-Info
X-Developer
X-Date
X-Destination
X-Detected-As
We-Hiring
X-Trv-Group
X-Rewrite-Enabled
X-S-Cookie
X-AIR-PT
X-ScT
X-Rojux
X-Accel-Expires-Debug
X-A-Dgt
X-A-Wwc
X-Request-UUID
X-Region-Sid
X-Application
X-PAYTM-SRV-ID
X-ARC
X-B-Cookie
X-Ruxit-Js-Agent
X-Twitter-Response-Tags
X-VWS-Id
X-Generated-By
Backend-Name
X-LJ-Flow-ID
X-AWS-Id
X-SIPLIST1
IsBot
X-Release
X-S-Maxage
X-Origin-Expires
Fastly-Soc-X-Request-Id
X-Origin-Date
Request-Country
X-Azure-Ref-OriginShield
Section-Io-Cache
X-Cache-Bucket
X-Up
X-VC-Cache
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Var-Ttl
X-Cdn-Srv
X-SVT-ORM-VERSION
N-Cache
X-Developers
Locale
X-CUA
X-Cms-Context
X-SVT-ORM-RULES
Request-EU
X-Fastly-Cache
X-Azure-Ref
X-Trafficlayer-App-Name
CF-IPCountry
X-Mode
X-Trafficlayer-App-Scope
X-Cdn-Forward
User-Cache-Control
X-Dc
X-Location
X-Auto-Login
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Hnp-Log
X-IN-APIGATEWAY
X-Level-Front-Cache
X-Matched-Rule
X-IN-APIGATEWAYSSL
X-App-Name
X-Irp-Debug
W
X-Device-Os
X-Policy
X-Proxy-Upstream
Server-Int
Server-Host
X-ProxyCache-Key
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Nginx-Cache-Key
X-Hash
X-NX-Host
Uber-Trace-Id
Thinkindot-Control
True-Client-Country-4JS
X-Method
X-Generation-Time
X-Distributor
X-Core-Mission
X-Clientip
X-Clara-WADP
X-Edge-Server
X-CGP
X-Distil-CS
X-Dispatch
X-Debug-Cookies
X-Debug-Log
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-ElasticPress-Search
X-Eu-Site
X-Bip
X-Block-Status
X-BBXSRF
X-Backend-Url
X-Backend-Host
Served-By
X-BYPASS-REASON
X-C
X-Cache-Info
X-Cdn-Origin
X-Gen-Mode
X-Generated-In
X-Generated-On
X-Geo-Header
X-Proxy-Cache-Status
Ha-Gx-Prefs
HA-Ipaddr
Heartbleed
Gh-Request-Id
X-User
X-WADP-Cache
X-VServer
X-TrackingId
X-Thinkindot-L3
X-ProxyCache-Status
Magicmarker
X-Skip-Cache
X-Swa-Ws
L
X-Thanos
Kp-EeAlive
X-We-Are-Hiring
Fastly-SWR
X-Has-Esi
Cdn-Host
Cdn-Request-Time
CDCHOST
X-Is-Gdpr
X-Compress-Hint
X-JWT-State
Content-Disposition
AKAMAI
X-Webstats-RespID
Fastly-SIE
Esi-Enabled
X-Wikidot-Backend
X-Wikidot-Static-Cache
Countrycode
X-UA
X-Sn-Servicetimems
X-Rebelmouse-Cache-Control
Pagetype
X-Server-IP
X-Rebelmouse-Surrogate-Control
X-Reboot
Pramga
X-Reqid
X-Service
Srv
X-RateLimit-Limit-Second
X-Qloud-Router
X-ServiceProvider
RNT-Machine
RNT-Time
X-RateLimit-Remaining-Second
X-Microcachable
X-Dispatcher-Server
X-Old-Content-Length
X-Request-URI
X-WebServer
X-Platform-Server
X-PHP-Host
X-Request-Start
X-Fetched-On
X-LI-Proto
X-LI-UUID
X-Servername
X-Li-Pop
X-GeoIP-City
X-Key
X-Li-Fabric
X-SayCDN-TTL
X-Variation
X-Internal-Host
X-MSEdge-Features
X-MSEdge-Flight
X-Say-Cacheable
X-GDPR
X-Via-CDN
X-Say-TTL
X-Epic-Correlation-Id
X-Owner
Web-Mar-Node
V-Age
PFcat
X-Cache-Id
X-Cache-FS-Status
X-Backend-State
X-Amz-Meta-Cache-Control
X-Request-Time
Platform
Adler-Geo
Is-Eu
X-Info
Cache-Provider
Memory
X-Lb-Id
X-NWS-UUID-VERIFY
X-Org
X-COUNTRY
X-SD-PageType
Resin-Trace
SD-X-WS
Server-ID
X-Hello
X-Nc
X-ABtesting
SS
X-Wa
X-Flog
X-Be
X-Unique-ID
X-Geo
X-Svr
X-Servedbyhost
REQUESTUUID
X-FPC
X-Cache-URL
X-DC
X-IPS-LoggedIn
X-RateLimit-Reset
X-Ratelimit-Limit
X-Response-By
X-Instart-Isnd
Country-Code
X-Routing-Service
Cache-Cookie-Set-From
X-Scheme
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Proxied
X-Zipkin-Id
X-Datadome
X-Dynatrace-Js-Agent
X-Cache-Backend
X-Page-Type
X-NodeID
X-Processor
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Pjax-Url
X-VCL-Version
X-GRACE
UCS
Group
XServer
X-SN
X-Varnish-Beresp-Ttl
X-MP-GENERATED-AT
X-CDN-Forward
X-Oracle-Dms-Rid
CACHE
Ajk
X-Oss-Object-Type
ProcessTime
Cache-Host
Dynatrace
X-Server-W
X-Oss-Hash-Crc64ecma
X-Logtrace-Id
X-Oss-Request-Id
Powered-By-ChinaCache
X-Oss-Server-Time
X-Oss-Storage-Class
X-Webkit-Csp
X-Varnish-Beresp-Status
Proxy-Firewall
PICS-Label
X-HS-Status
X-Ftr-Request-Id
X-Varnish-Beresp-Grace
X-SRV
X-Zone
X-ZONE
X-Dynatrace
X-HTML-Minification-Powered-By
X-Ms-Request-Id
Powered-By
X-Ms-Version
X-Via-Ucdn
SN
X-Tb-Optimization-Total-Bytes-Saved
X-EC-Lua
X-Source
X-Newrelic-Synthetics
Ttl
X-Grey
X-Cache-Category-Id
X-Ratelimit-Remaining
GeoIp-Country-Code
Lfy
Geoip-Latitude
X-Session-Fingerprint
X-PF-Uncompressing
GeoIP-Country-Code
GeoIP-City
Geoip-City
GeoIP-Latitude
X-APP
X-TH-Server
X-Pf-Uncompressing
X-Varnish-Beresp-TTL
X-Sucuri-Id
X-Agile-Id
X-Agile-Age
X-Agile
Fastly-Backend-Name
X-Cache-Debug
X-LiteSpeed-Cache-Control
X-NODE
X-Ftr-Cache-Host
X-Fastly-Country-Code
X-Check-Cacheable
X-Bc
MIME-Version
Cdn
X-Tt-Trace-Host
Pics-Label
GW-Server
X-7Graus-Varnish-Cache-Control
X-Logging-Id
Environment
X-7Graus-Varnish-XKeys
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
X-Sedo-Request-Id
X-Aicache-OS
X-LAGOON
X-Edge
CF-Cached-On
LB
X-Cache-Miss-From
M-TraceId
WWW
Cf-Ipcountry
X-Gannett-Site-Version
X-BC
X-Varnish-Url
X-Secret
X-RCS-CacheZone
X-CSRF-Token
X-Ftr-Realm
X-Ftr-Dc
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Backend
X-Mid
WZWS-RAY
Ohc-Response-Time
Requestid
X-PJAX-URL
X-Core-Value
X-Vcl-Version
X-Correlation-ID
X-Sucuri-ID
X-Varnish-Cacheable
On-Server
X-Unique-Id
X-Varnish-Ttl
X-Cache-Tag
X-Fastly-Backend-Reqs
DataCenter
Cdnsip
X-UPSTREAM-Address
Cdncip
X-MCACHE
X-AK-Request-ID
X-CDN-Cache
X-GeoIP-Country-Code
X-Sucuri-Cache
X-TT-LOGID
X-Vdms-Version
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache-Control
User-Agent
Lb
X-NGINX-Cache
X-Swift-Error
X-RPS
X-RSL
X-Proxy-Cacherz
Xkeyrz
X-RPM
X-DW
X-DB
X-DI
X-DSS
X-Rocket-Build-Number
X-Sigma
Inserted-Into-Cache-At
X-Cache-Ttl
X-BE
CDN
URI
X-Action
X-Sigma-Backend
X-Fstrz
HostName
RequestUuid
Host-ID
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Pragrma
X-Crawler
Who
SID
X-NU-AKA-ACS-Version
X-Fpc
X-WA
Xkeypdq
X-Page-Impression-Id
X-Flow-Id
Get-Access-Time
X-WR-MODIFICATION
X-Render-Time
X-Via-NSCOPI
Server-Id
Warning
X-Zalando-Child-Request-Id
Is-Session-Tracking
X-ServedByHost
X-Fastly-Cache-Hits
X-VC
Correlation-Id
X-Nananana
X-SB
X-MID
TTL
X-Refresh
FNAC-ModuleRouting
X-LB-ID
X-FE
X-Cf-Powered-By
X-ServerName
X-Micro-Cache
X-Gdpr
V-Cache
X-LiteSpeed-Tag
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Trafficlayer-App-Version
X-Dw-Trace-Id
X-ECache
Cneonction
RequestId
Xet-Cookie
HitType
X-Newrelic-App-Data
X-Cdn-Request-ID
Processtime
X-Fe
X-Gen-Id
X-Request-URL
X-Bug-Bounty
X-MiniProfiler-Ids