Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
X-Content-Security-Policy
Content-Encoding
X-AspNetMvc-Version
X-Request-ID
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
EagleId
X-Age
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Ua-Compatible
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Server
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
X-Amz-Version-Id
Feature-Policy
X-Server-Id
X-Device
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
Report-To
X-Cloud-Trace-Context
EagleEye-TraceId
X-Response-Time
X-Backend-Server
X-Host
Request-Id
X-Node
Content-Location
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
X-ORACLE-DMS-RID
NEL
X-DataDome
X-Origin-Upstream-Status
X-Rack-Cache
X-Ruxit-JS-Agent
Surrogate-Control
X-HW
X-Dns-Prefetch-Control
Allow
Rating
X-Country-Code
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
X-FTR-Request-ID
X-Url
X-DynaTrace
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Content-Id
X-MS-InvokeApp
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
X-TTL
X-Varnish-TTL
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
RTSS
Public-Key-Pins
X-Px
Edge-Control
X-Mod-Pagespeed
X-VARITI-CCR
X-CST
X-Recruiting
Response
X-Sol
X-Middleton-Display
X-Middleton-Response
Display
X-Ah-Environment
X-B3-TraceId
X-Exp-Id
X-D2id
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-SharePointHealthScore
SPRequestGuid
Service-Worker-Allowed
X-ESI
X-Akam-SW-Version
X-Vcap-Request-Id
X-Version
SPIisLatency
X-Server-Name
SPRequestDuration
Accept-CH
MS-Author-Via
X-Abt-Application-Version
X-GitHub-Request-Id
TCN
X-Navigation-Version
X-Powered-CMS
Accept-Ch-Lifetime
X-Shard
Charset
X-RateLimit-Remaining
X-Trace
X-Upstream
Fastly-Restarts
X-Amz-Server-Side-Encryption
Ar-Sid
AR-PoweredBy
AR-CACHE
AR-ATIME
Realpath
X-Amz-Rid
X-Aspnetmvc-Version
X-Debug
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Nginx-Cache
X-Forwarded-Proto
X-XRDS-Location
X-Ezoic-Cdn
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Front-End-Https
X-Cached
X-VCache
X-NF-Request-ID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
AR-Request-ID
X-Goog-Generation
X-Goog-Metageneration
X-Shield-Request-Id
X-MSEdge-Ref
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Pagespeed
Mrf-Cache-Status
Access-Control-Request-Method
X-B3-TraceId-Primal
MRF-Tech
Arr-Disable-Session-Affinity
Content-MD5
X-FTR-Cache-Status
MicrosoftSharePointTeamServices
X-Country-Code-Real
X-FTR-Expires
Paypal-Debug-Id
X-Id
X-Amz-Meta-S3cmd-Attrs
X-T
X-Goog-Storage-Class
S
ServerID
X-Fastly-Request-ID
X-Via-JSL
DynaTrace
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-Varnish-Age
X-Client-IP
X-Ser
X-Content-Type
X-Dw-Request-Base-Id
X-Hits
X-DynaTrace-JS-Agent
X-SERVER
X-Accel-Expires
X-Correlation-Id
X-Grace
X-Amzn-Trace-Id
Fastcgi-Cache
Powered
X-Frontend
X-Content-Digest
PB-RID
X-N
X-Mobile-Rewrite
Arc-Version
PB-PID
X-Forwarded-For
X-DIS-Request-ID
Edge-Cache-Tag
X-HS-Hub-Id
X-HS-Content-Id
X-Logged-In
Server-Name
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Limit
X-Fastcgi-Cache
Accept-Ch
X-FastCGI-Cache
X-Server-ID
TP-Cache
TP-L2-Cache
X-Vcache
X-Request-Handler-Origin-Region
X-Microsite
X-Request-Received
X-Request-Processing-Time
X-B3-Sampled
Pinterest-Version
X-Pinterest-Rid
X-Zen-Fury
X-Kinsta-Cache
X-Rid
X-Az
X-Type
X-Revision
X-User-Agent
X-AppVersion
X-Time
X-Activity-Id
X-Cache-Age
Backend-Timing
X-Analytics
X-IPLB-Instance
Healthy
X-LB-Cache
X-GUploader-UploadID
FilterID
X-Whom
X-Srv
X-Cache-Hit
X-Node-Name
Retry-After
X-NWS-LOG-UUID
Server-Node
X-F-Cache
Accept-Charset
X-B3-Traceid
Alternate-Protocol
X-Kong-Upstream-Latency
X-Erf-Bev-Bev-Is-Generated
X-Kong-Proxy-Latency
X-Erf-Bev-Bev
X-Cache-2
X-Hp-Webp
X-Cache-Rule
Cache-Status
X-Webkit-CSP
Cache-Tag
X-Akamai-Edgescape
X-Content-Options
X-Amzn-RequestId
X-Amz-Apigw-Id
Surrogate-Key
X-Content-Security-Policy-Report-Only
Refresh
X-TA-CDN-Provider
X-Content-Powered-By
X-Tumblr-Pixel
VIX-Pulpo-Node
X-Tumblr-User
X-Tumblr-Pixel-0
DC
X-Forwarded-Host
X-AOL-HN
VIX-Pulpo-Upstream-Status
MS-CV
X-Debug-Info
X-Instance
X-Jobs
X-Framework
Access-Control-Allow-Method
Source
X-App-Environment
Tracecode
X-FB-Debug
X-Varnish-Grace
X-Cluster
X-PHP-Backend
X-App-Server
X-B
X-FW-Hash
X-FW-Type
X-FW-Serve
X-FW-Static
X-Page-Id
X-FW-Server
X-Cache-TTL
X-Request-Guid
Frame-Options
X-Cache-Operation
Host
Actual-Object-TTL
Fastcgi-Useragent
X-Mobile-URL
X-Hostname
X-Cache-Key
X-Geo-Country
Cleartype
X-Seen-By
X-Cache-Control
X-B-Cache
X-Signature
X-Acc-Meta-Resource-Type
NR-ENABLED
X-BCube-Filmed-By
X-Cached-By
X-Host-Name
X-Esi
X-Mobile
Upgrade-Insecure-Requests
Accept-CH-Lifetime
X-Git-Hash
X-TT
X-Amz-Replication-Status
X-Pad
X-Varnish-Backend
X-Response-Served-From
NGB
X-Adobe-Content
X-Adobe-Loc
X-WebKit-CSP-Report-Only
GEO-INFO
X-TT-TIMESTAMP
WPE-Backend
X-Tumblr-Pixel-2
Filters
Eomportal-Instance
Ms-Operation-Id
X-RemovedCookies
X-RequestSource
X-RTag
X-Tumblr-Pixel-1
Webserver
X-UA-Device-Type
X-ProcessESI
X-GeoIP
X-ATG-Version
Cache-Tv-Group
X-Drupal-Cache-Tags
X-Cache-Remote
Liferay-Portal
From-Origin
Payment
X-Handled-By
X-Status
X-TX-ID
X-Cacheable-TTL
X-EdgeConnect-Cache-Status
X-Daa-Tunnel
X-Origin-Server
X-Cache-TTL-Remaining
X-FW-Dynamic
X-WA-Info
X-Presslabs-Stats
Xserver
X-Cache-Action
X-Content-Age
X-Edge-Location
X-Hyper-Cache
X-Wix-Request-Id
X-Storage
Viewport
Datacenter
X-Contextid
X-Ratelimit-Reset
X-Ttl
X-Region
X-HS-Cache-Config
Version
X-CF-Powered-By
X-Element-Page-Cache
X-Varnish-Hostname
X-Accel-Buffering
Ohc-File-Size
Cache
X-PressLabs-Stats
PageSpeed
X-Oneagent-Js-Injection
X-Akamai-Transformed
X-Cache-NE
X-RN-RSRV
Meta-Geo
X-ES-SERVER
X-Path-Route
X-Cache-Var
X-Cache-Server
X-Varnish-Server
X-Cache-Var-Map
Load-Balancing
S-Cnection
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Enabled
Host-Header
X-Proxy
Cache-Tags
Ohc-Cache-HIT
Cache-Name
X-Akamai-Request-ID2
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
Mn-Server-Ip
Release
Property-Id
X-Section
X-Time-Microsecs
TWC-Connection-Speed
X-NCache
X-NewRelic-App-Data
X-Tumblr-Pixel-3
X-Origin-Response-Time
X-Origin-Hint
X-R9-Blue-Green-Version
TWC-Device-Class
X-Proto
Webcakes-Region
Webcakes-App-Version
Country
Vix-Hermes-Req-Id
X-Access
X-Akamai-Request-ID
X-CS
Cache-Hits
X-ApacheServer
X-Cache-Config
X-PERF
Decoy-Debug-Key
Decoy-Debug-Status
X-Varnish-Cache-Hits
Decoy-Debug-TTL
X-Cluster-Node
Webcakes-App-Name
X-Via-Fastly
X-Viewer-Country
DSUID
Azure-Version
X-Xfnlog-Site
X-TNCMS
X-Timing-Wait
DB-Nickname
X-Trace-Id
Cache-Key
X-Labrador-Cache-Channel
X-PCL
Azure-SlotName
X-Www-Served-By
X-VCT
X-Upstream-HT
X-Cache-Grace
X-EIG-Tracking-Id
X-Backend-Name
X-Drupal-Cache-Contexts
X-CCM
X-Device-Type
X-Upstream-CT
X-Format
X-Origin
X-Backend-TTL
X-OCL
X-Rule
X-Loop
X-Cache-Time
X-Proxy-Build
X-Upgrade-Enabled
X-UnsetCookies
X-Cache-Host
X-From
Selected-Fe
Rt-Fastcgi-Cache
X-IP
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Debug-Cache
S-Rt
X-JoinUs
X-Web-Node
X-Human
X-FC-Vary-Parameters
X-Ua
X-Upstream-Proxy
X-Hosted-By
X-Vgn-Hpd-Reason
X-Site-Version
X-Generated
X-Locale
Server-Info
Ec-Rule-Version
X-FireWall-Port
X-Varnish-Hits
X-OVcl
X-OVcl-Cache
X-S
Now
X-NGENIX-Cache
X-HS-Combine-CSS
Time
X-FW-Version
Hostname
X-Real-IP
X-Rendered-As
X-SS-Set-Cookie
X-Pubstack
L5d-Success-Class
X-Litespeed-Cache
Origin-Edge-Control
Origin-Cache-Control
Fastcgi-X-Cache-Version
ServedBy
Access-Control-Request-Headers
OT-Force-Account-Verify
X-XRDS-LOCATION
X-Redis-Cache
X-VG-TLSProxy
X-FB-TRIP-ID
Accept-Language
Cteonnt-Length
Origin
X-VG-WebCache
X-Sorting-Hat-PodId
Fastly-SSL
X-ShardId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-APP-VERSION
X-Alternate-Cache-Key
X-CSRF-TOKEN
NtCoent-Length
X-App-Version
X-Webkit-Csp
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Parent-Response-Time
Machine
X-UUID
X-Tb
X-Cluster-Name
X-Origin-CC
X-Origin-TTL
X-Tt-Trace-Tag
X-Load-Cache
X-ServerID
X-NC
X-GoCache-CacheStatus
X-Soup
SRV
X-No-Session
X-ECACHE
X-L-Path
X-Environment-Context
X-Rocket-Nginx-Bypass
Nel
X-B3-Spanid
NGX
IBM-Web2-Location
Mime-Version
X-Guploader-Uploadid
X-B3-Parentspanid
X-DataStream-Cache-Status
X-Nginx-Cache
X-CACHE-KEY
X-Uri
X-GEO
Proxy-Connection
X-MServer
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
X-Magnolia-Registration
Xc-Version
GEO-REGION-INFO
Fly-Request-Id
Content-Script-Type
Arc-Country
AsisCache
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
A
Content-Style-Type
Cross-Origin-Window-Policy
Cache-Prefix
X-Is-Bot
BehaviorPad-Version
Fly-Cache
X-A-Ccd
X-Developer
X-Detected-As
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-Destination
X-Date
X-CF-Lambda-Version
X-Twitter-Response-Tags
X-Connection-Hash
X-D
X-Hl-Ver
X-Instart-Info
X-Trv-Group
X-ScT
X-Server-Time
X-SRCache-Key
X-Transaction
X-S-Cookie
X-Rojux
X-PAYTM-SRV-ID
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-CF-Lambda-Fn
X-B-Cookie
T-Server
ServerName
Viewtype
VivaBuild
X-A
Rt-Proxy-Cache
Rendered-Blocks
Meta-Geo-Continent
Mobile-Detection-Method
Node
Odigeo-Trace-Id
X-A-Dam
X-A-Dcw
X-AIR-PT
X-Vtex-Processado-Em
X-ARC
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
MD5-Digest
X-Application
Mail-Subject
We-Hiring
Akamai-GRN
X-B3-SpanId
Request-Time
X-Ruxit-Js-Agent
X-AWS-Id
X-LJ-Flow-ID
X-Generated-By
X-VWS-Id
X-Release
IsBot
Locale
Fastly-Soc-X-Request-Id
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SIPLIST1
X-S-Maxage
X-Mode
X-Trafficlayer-App-Scope
X-Cms-Context
X-Cdn-Srv
X-CUA
X-Fastly-Cache
X-Developers
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Trafficlayer-App-Name
N-Cache
Request-Country
X-Origin-Expires
X-Origin-Date
Memcached
Request-EU
CF-IPCountry
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Node-Id
X-Var-Ttl
X-Up
X-VC-Cache
User-Cache-Control
X-Cdn-Forward
X-Dc
Backend-Name
X-Auto-Login
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-App-Name
X-Bip
X-BBXSRF
X-Hnp-Log
X-Backend-Host
X-Hash
X-Backend-Url
X-Irp-Debug
Wxu-Next-Region
Thinkindot-CacheControl-Type
Thinkindot-Control
True-Client-Country-4JS
X-TrackingId
X-Wikidot-Static-Cache
Server-Int
X-Wikidot-Backend
Uber-Trace-Id
X-NX-Host
Wxu-Next-Hostname
X-Block-Status
X-Matched-Rule
Wxu-Next-Commit
X-Method
X-Nginx-Cache-Key
W
X-Level-Front-Cache
X-Cache-Info
X-Debug-Log
Srv
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-UA
X-Compress-Hint
X-Edge-Server
X-ElasticPress-Search
X-Distributor
X-Distil-CS
X-Device-Os
X-Dispatch
X-JWT-State
X-Is-Gdpr
X-Cdn-Origin
X-Generation-Time
X-Geo-Header
Server-Host
X-C
X-Cache-Bucket
X-Generated-On
X-Generated-In
X-Gen-Mode
X-Core-Mission
X-Has-Esi
X-Clientip
X-CGP
X-Clara-WADP
X-BYPASS-REASON
Thinkindot-CacheControl
X-Reqid
Kp-EeAlive
Heartbleed
HA-Ipaddr
Ha-Gx-Prefs
L
Magicmarker
X-Rebelmouse-Cache-Control
Pagetype
X-We-Are-Hiring
Cdn-Request-Time
X-Rebelmouse-Surrogate-Control
Gh-Request-Id
X-Sn-Servicetimems
X-Service
CDCHOST
X-ServiceProvider
Content-Disposition
Cdn-Host
Countrycode
X-Server-IP
X-User
Fastly-SWR
Fastly-SIE
X-Skip-Cache
Esi-Enabled
X-Swa-Ws
X-WADP-Cache
RNT-Machine
X-Qloud-Router
Pramga
RNT-Time
X-Proxy-Upstream
X-ProxyCache-Status
X-Webstats-RespID
X-Eu-Site
X-ProxyCache-Key
X-Proxy-Cache-Status
X-RateLimit-Limit-Second
Section-Io-Cache
X-Thanos
AKAMAI
X-RateLimit-Remaining-Second
X-Thinkindot-L3
X-Policy
X-Microcachable
X-Dispatcher-Server
X-Fetched-On
X-Variation
X-Request-URI
X-Old-Content-Length
X-GDPR
X-Owner
X-Epic-Correlation-Id
X-PHP-Host
Served-By
X-Info
X-Cache-FS-Status
Platform
X-Reboot
X-VServer
X-Request-Time
X-Location
X-Internal-Host
X-Amz-Meta-Cache-Control
X-WebServer
X-Platform-Server
Adler-Geo
X-Cache-Id
X-MSEdge-Flight
X-Request-Start
PFcat
X-GeoIP-City
Is-Eu
X-MSEdge-Features
V-Age
X-Via-CDN
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Org
X-Key
X-NWS-UUID-VERIFY
X-Servername
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Lb-Id
X-LI-Proto
X-Backend-State
X-COUNTRY
Cache-Provider
Web-Mar-Node
Memory
Resin-Trace
Server-ID
X-Hello
X-ABtesting
X-URL
SS
X-SD-PageType
SD-X-WS
X-Geo
X-Flog
X-Nc
X-Unique-ID
X-Be
X-Svr
X-FPC
X-Cache-URL
REQUESTUUID
X-Servedbyhost
X-Wa
X-DC
X-Ratelimit-Limit
X-IPS-LoggedIn
X-RateLimit-Reset
X-Response-By
Country-Code
X-Ftr-Request-Id
X-Instart-Isnd
X-Proxied
Cache-Cookie-Set-Lfrom
X-Routing-Service
X-Scheme
Cache-Cookie-Set-Idcheck
X-Zipkin-Id
Cache-Cookie-Set-From
X-Dynatrace-Js-Agent
X-Datadome
X-Page-Type
X-Processor
X-Cache-Backend
X-NodeID
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-VCL-Version
X-Pjax-Url
UCS
Group
XServer
X-SN
X-Varnish-Beresp-Ttl
X-MP-GENERATED-AT
X-CDN-Forward
X-Server-W
X-Logtrace-Id
Cache-Host
X-Oracle-Dms-Rid
ProcessTime
Dynatrace
X-Oss-Storage-Class
X-Oss-Object-Type
Powered-By-ChinaCache
X-Oss-Request-Id
X-Oss-Server-Time
CACHE
X-Oss-Hash-Crc64ecma
Ajk
X-Varnish-Beresp-Status
X-HS-Status
Proxy-Firewall
X-Varnish-Beresp-Grace
PICS-Label
X-SRV
X-HTML-Minification-Powered-By
X-ZONE
X-Zone
X-Dynatrace
X-Ms-Version
X-Via-Ucdn
SN
X-Tb-Optimization-Total-Bytes-Saved
X-Ms-Request-Id
Powered-By
X-Newrelic-Synthetics
X-Source
X-EC-Lua
X-GRACE
X-Ftr-Cache-Host
X-Grey
X-Cache-Category-Id
Ttl
X-Ratelimit-Remaining
X-Session-Fingerprint
Geoip-City
X-TH-Server
Lfy
GeoIp-Country-Code
X-APP
Geoip-Latitude
X-Pf-Uncompressing
X-Sucuri-Id
X-Varnish-Beresp-TTL
X-Cache-Debug
X-Agile
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
Fastly-Backend-Name
X-PF-Uncompressing
X-Agile-Age
X-Agile-Id
X-NODE
X-LiteSpeed-Cache-Control
X-Fastly-Country-Code
X-Bc
X-Ftr-Dc
X-Ftr-Backend-Server
X-Ftr-Backend
X-Ftr-Realm
X-Ftr-Balancer
X-Check-Cacheable
MIME-Version
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
X-Logging-Id
Environment
Pics-Label
X-Tt-Trace-Host
Cdn
GW-Server
X-FORWARDED-FOR
CF-Cached-On
LB
X-Aicache-OS
X-Sedo-Request-Id
X-LAGOON
X-Cache-Miss-From
X-Edge
Amp-Access-Control-Allow-Source-Origin
Cf-Ipcountry
X-Varnish-Url
X-Secret
WWW
M-TraceId
X-Gannett-Site-Version
X-RCS-CacheZone
X-BC
X-CSRF-Token
X-Vcl-Version
X-Core-Value
Requestid
WZWS-RAY
X-Mid
X-PJAX-URL
Ohc-Response-Time
X-Sucuri-ID
X-AK-Request-ID
DataCenter
On-Server
X-Varnish-Ttl
Cdncip
X-MCACHE
Cdnsip
X-Cache-Tag
X-UPSTREAM-Address
X-Varnish-Cacheable
X-Fastly-Backend-Reqs
X-CDN-Cache
X-Unique-Id
X-Vdms-Version
X-Akamai-SSL-Client-Sid
X-GeoIP-Country-Code
User-Agent
X-TT-LOGID
X-Litespeed-Cache-Control
X-Sucuri-Cache
X-NGINX-Cache
Lb
X-Swift-Error
X-DW
X-Proxy-Cacherz
X-RPS
X-RSL
Inserted-Into-Cache-At
Xkeyrz
X-DI
X-BE
URI
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-Action
X-Fstrz
CDN
X-Cache-Ttl
X-RPM
X-DB
X-DSS
HostName
Host-ID
Pragrma
X-Fpc
RequestUuid
SID
X-Crawler
X-NU-AKA-ACS-Version
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Shopify-Generated-Cart-Token
Who
X-Correlation-ID
X-Via-NSCOPI
Server-Id
Get-Access-Time
Is-Session-Tracking
X-Flow-Id
X-Zalando-Child-Request-Id
Xkeypdq
X-Render-Time
X-Page-Impression-Id
X-Fastly-Cache-Hits
X-ServedByHost
X-WA
Warning
X-WR-MODIFICATION
X-MID
X-LB-ID
TTL
X-Refresh
X-FE
Correlation-Id
X-Nananana
X-VC
FNAC-ModuleRouting
X-SB
X-Cf-Powered-By
X-Dw-Trace-Id
X-LiteSpeed-Tag
X-Request-URL
X-Gdpr
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Trafficlayer-App-Version
V-Cache
Cneonction
X-Gen-Id
X-Cdn-Request-ID
RequestId
X-Fe
X-ServerName
Xet-Cookie
X-Bug-Bounty
HitType
X-Micro-Cache
Processtime
X-ECache
X-Newrelic-App-Data
X-MiniProfiler-Ids