Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-Content-Security-Policy
Content-Encoding
X-AspNetMvc-Version
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Ua-Compatible
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-CDN
X-UA-Device
X-Hacker
X-AH-Environment
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Server
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
X-Amz-Version-Id
Feature-Policy
X-Server-Id
X-WebKit-CSP
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
EagleEye-TraceId
X-Response-Time
X-Host
X-Backend-Server
Request-Id
X-Node
Content-Location
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-DataDome
X-Origin-Upstream-Status
X-Rack-Cache
Surrogate-Control
X-HW
Allow
Rating
X-Country-Code
X-FTR-Request-ID
X-Clacks-Overhead
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Url
X-DynaTrace
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-MS-InvokeApp
X-Goog-Hash
X-TTL
X-Vname
X-PC
X-Varnish-TTL
X-TtlSet
X-Ah-Environment
X-Powered-By-Plesk
Verso
X-Aspnetmvc-Version
RTSS
Pinterest-Generated-By
Public-Key-Pins
Edge-Control
X-Px
X-CST
X-Mod-Pagespeed
X-VARITI-CCR
X-Recruiting
X-B3-TraceId
Display
X-Middleton-Display
X-Sol
X-Middleton-Response
Response
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Kinja-Revision
X-D2id
Service-Worker-Allowed
Accept-CH
X-SharePointHealthScore
SPRequestGuid
X-Vcap-Request-Id
X-Version
X-Akam-SW-Version
X-Server-Name
SPRequestDuration
SPIisLatency
MS-Author-Via
TCN
X-GitHub-Request-Id
X-Abt-Application-Version
X-Powered-CMS
X-Navigation-Version
X-ESI
X-Shard
Accept-Ch-Lifetime
Charset
X-Upstream
Fastly-Restarts
X-Amz-Server-Side-Encryption
X-RateLimit-Remaining
X-Trace
Nginx-Cache
AR-ATIME
AR-CACHE
Ar-Sid
AR-PoweredBy
X-Amz-Rid
Realpath
X-Debug
X-Forwarded-Proto
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-XRDS-Location
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ezoic-Cdn
Front-End-Https
X-Cached
X-NF-Request-ID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
AR-Request-ID
Pagespeed
X-MSEdge-Ref
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Shield-Request-Id
MRF-Tech
X-Mrf-Section-Lastmod
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-SERVER
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
Content-MD5
X-VCache
Paypal-Debug-Id
MicrosoftSharePointTeamServices
X-Id
X-Goog-Storage-Class
X-T
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-Amz-Meta-S3cmd-Attrs
S
X-Fastly-Request-ID
ServerID
DynaTrace
X-Via-JSL
X-Varnish-Age
X-Client-IP
X-Content-Type
X-Ser
X-Dw-Request-Base-Id
X-Hits
X-DynaTrace-JS-Agent
X-Correlation-Id
X-Amzn-Trace-Id
X-Accel-Expires
X-Grace
X-FastCGI-Cache
Fastcgi-Cache
X-Content-Digest
X-Vcache
Powered
X-Frontend
X-N
X-FTR-Cache-Host
X-DIS-Request-ID
AMP-Access-Control-Allow-Source-Origin
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-Forwarded-For
Edge-Cache-Tag
Server-Name
X-Logged-In
X-HS-Hub-Id
X-HS-Content-Id
X-RateLimit-Limit
TP-Cache
X-GUploader-UploadID
TP-L2-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Server-ID
X-B3-Sampled
X-Request-Received
X-Request-Processing-Time
X-Pinterest-Rid
X-Zen-Fury
Pinterest-Version
X-Cache-Age
X-Kinsta-Cache
X-AppVersion
X-Type
X-Activity-Id
X-Az
Backend-Timing
X-IPLB-Instance
X-Revision
X-Rid
X-Analytics
X-User-Agent
X-LB-Cache
X-Fastcgi-Cache
Healthy
X-Whom
FilterID
Retry-After
X-Node-Name
X-Time
X-Cache-Hit
Accept-Ch
X-Srv
X-NWS-LOG-UUID
Server-Node
X-F-Cache
Alternate-Protocol
Accept-Charset
X-Cache-2
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Esi
X-Cache-Rule
X-Amzn-RequestId
X-Hp-Webp
Cache-Status
X-Amz-Apigw-Id
X-B3-Traceid
X-Akamai-Edgescape
Cache-Tag
X-Content-Options
Surrogate-Key
X-TA-CDN-Provider
X-Content-Security-Policy-Report-Only
DC
Refresh
VIX-Pulpo-Upstream-Status
X-AOL-HN
VIX-Pulpo-Node
X-Forwarded-Host
X-Content-Powered-By
X-Instance
X-Tumblr-User
X-Debug-Info
X-Webkit-CSP
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Tumblr-Pixel-0
X-Varnish-Grace
MS-CV
X-Framework
X-Cluster
Tracecode
X-PHP-Backend
X-Jobs
X-FB-Debug
Fastcgi-Useragent
X-Request-Guid
Source
X-App-Environment
X-Page-Id
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Server
X-App-Server
X-B
Frame-Options
X-Cache-Operation
X-Cache-Key
X-Hostname
X-Mobile-URL
Actual-Object-TTL
Host
X-Cache-TTL
Accept-CH-Lifetime
X-Seen-By
X-Geo-Country
Cleartype
X-Cache-Control
X-B-Cache
X-Signature
X-Acc-Meta-Resource-Type
X-BCube-Filmed-By
X-Cached-By
X-Host-Name
X-Pad
X-Git-Hash
NR-ENABLED
X-Amz-Replication-Status
Upgrade-Insecure-Requests
X-TT
X-Varnish-Backend
X-Mobile
NGB
X-Response-Served-From
X-Adobe-Content
X-Adobe-Loc
X-WebKit-CSP-Report-Only
WPE-Backend
X-TT-TIMESTAMP
Filters
From-Origin
Ms-Operation-Id
Eomportal-Instance
X-Handled-By
GEO-INFO
X-ATG-Version
X-RTag
Cache-Tv-Group
Payment
Liferay-Portal
X-RemovedCookies
X-ProcessESI
Webserver
X-Tumblr-Pixel-2
X-TX-ID
X-Tumblr-Pixel-1
X-Drupal-Cache-Tags
X-UA-Device-Type
X-Cacheable-TTL
X-GeoIP
X-RequestSource
X-Cache-Remote
X-Status
X-FW-Dynamic
X-Cache-TTL-Remaining
X-Origin-Server
X-WA-Info
X-EdgeConnect-Cache-Status
X-Daa-Tunnel
X-Content-Age
X-Cache-Action
X-Presslabs-Stats
X-Edge-Location
X-Wix-Request-Id
X-Storage
X-Hyper-Cache
X-Contextid
Xserver
Datacenter
Viewport
X-Ttl
X-Region
Version
X-CF-Powered-By
X-Ratelimit-Reset
X-Varnish-Hostname
X-HS-Cache-Config
X-PressLabs-Stats
X-Accel-Buffering
X-Element-Page-Cache
Ohc-File-Size
Cache
X-Akamai-Transformed
Host-Header
PageSpeed
X-Cache-NE
X-ES-SERVER
Meta-Geo
X-RN-RSRV
X-Varnish-Server
X-Path-Route
X-Cache-Var
X-Cache-Var-Map
Load-Balancing
X-IP
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Server
S-Cnection
Cache-Tags
Cache-Name
X-CS
X-Cluster-Node
Decoy-Debug-TTL
X-Tumblr-Pixel-3
Decoy-Debug-Status
X-Time-Microsecs
X-Loop
X-Access
X-Origin-Response-Time
Rt-Fastcgi-Cache
X-Proto
X-TNCMS
X-Proxy
X-Cache-Config
Decoy-Debug-Key
X-NCache
X-PERF
Cache-Hits
X-R9-Blue-Green-Version
Vix-Hermes-Req-Id
X-Viewer-Country
X-Akamai-Request-ID
X-Via-Fastly
X-Akamai-Request-ID2
X-Cache-Enabled
X-ApacheServer
Ec-Rule-Version
X-Section
X-Cache-Time
Azure-Version
Azure-InstanceId
X-Cache-Grace
Azure-SlotName
Azure-RegionName
DB-Nickname
Cache-Key
X-Format
X-FC-Vary-Parameters
X-PCL
X-From
X-Proxy-Build
S-Rt
Azure-SiteName
X-OCL
X-Backend-TTL
X-Origin
X-Human
X-CCM
X-Drupal-Cache-Contexts
X-Rule
Selected-Fe
Webcakes-Region
Country
Mn-Server-Ip
Property-Id
X-NewRelic-App-Data
X-Origin-Hint
X-Xfnlog-Site
X-Varnish-Cache-Hits
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Name
Webcakes-App-Version
X-Labrador-Cache-Channel
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Web-Node
X-Www-Served-By
X-Upstream-CT
X-Trace-Id
X-Timing-Wait
X-Upstream-HT
X-Upgrade-Enabled
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Debug-Cache
X-Cache-Host
X-Site-Version
X-Locale
X-JoinUs
X-Hosted-By
X-Upstream-Proxy
Ohc-Cache-HIT
X-UnsetCookies
X-Backend-Name
X-EIG-Tracking-Id
X-Generated
Release
X-Device-Type
X-Ua
X-FireWall-Port
Server-Info
Time
X-Vgn-Hpd-Reason
DSUID
X-VCT
X-Varnish-Hits
X-S
X-FW-Version
X-Rendered-As
Now
X-OVcl
X-OVcl-Cache
Hostname
X-Real-IP
X-NGENIX-Cache
X-Pubstack
X-SS-Set-Cookie
OT-Force-Account-Verify
X-HS-Combine-CSS
X-Redis-Cache
Origin-Edge-Control
ServedBy
Origin-Cache-Control
Access-Control-Request-Headers
Fastcgi-X-Cache-Version
X-Litespeed-Cache
X-VG-TLSProxy
L5d-Success-Class
X-APP-VERSION
Accept-Language
X-DataStream-Cache-Status
Cteonnt-Length
Origin
X-VG-WebCache
X-ShardId
Fastly-SSL
X-ShopId
X-Sorting-Hat-ShopId
X-FB-TRIP-ID
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Alternate-Cache-Key
X-NC
NtCoent-Length
X-XRDS-LOCATION
X-Tb
X-CSRF-TOKEN
Machine
X-Parent-Response-Time
X-App-Version
X-Origin-CC
X-UUID
X-Origin-TTL
X-Cluster-Name
SRV
X-Tec-Api-Root
X-Tec-Api-Version
X-Tt-Trace-Tag
X-Tec-Api-Origin
X-Load-Cache
X-GoCache-CacheStatus
X-Rocket-Nginx-Bypass
X-No-Session
X-Environment-Context
X-L-Path
X-B3-Spanid
IBM-Web2-Location
X-ECACHE
X-ServerID
X-GEO
X-Soup
NGX
X-Nginx-Cache
X-B3-Parentspanid
X-Uri
Nel
X-Is-Bot
CF-IPCountry
X-Magnolia-Registration
Mime-Version
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
Proxy-Connection
Akamai-GRN
X-CACHE-KEY
ServerName
Fly-Cache
Fly-Request-Id
Memcached
Node
Odigeo-Trace-Id
Rendered-Blocks
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
Cross-Origin-Window-Policy
GEO-REGION-INFO
Cache-Prefix
Rt-Proxy-Cache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
A
Apple-News-Services-Request-Url
Arc-Country
Content-Style-Type
Content-Script-Type
BehaviorPad-Version
AsisCache
X-Node-Id
X-Application
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Region-Sid
X-PAYTM-SRV-ID
X-DPWN-IS-SECURE
X-External-Request-Id
X-Instart-Info
X-ScT
X-Server-Time
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-Twitter-Response-Tags
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Developer
X-Detected-As
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dam
X-A-Ccd
Viewtype
VivaBuild
X-A
X-Aed
X-AIR-PT
X-Connection-Hash
X-D
X-Date
X-Destination
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-MServer
X-ARC
X-B-Cookie
T-Server
X-G
Request-Time
X-Generated-By
Backend-Name
X-Mode
X-Oneagent-Js-Injection
N-Cache
X-Up
X-Cache-Bucket
X-Origin-Expires
X-Azure-Ref
X-Azure-Ref-OriginShield
Mail-Subject
X-Cdn-Srv
Locale
X-Fastly-Cache
X-Developers
Fastly-Soc-X-Request-Id
X-B3-SpanId
IsBot
X-Hl-Ver
X-Cms-Context
Request-Country
X-Origin-Date
Request-EU
We-Hiring
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Section-Io-Cache
X-Urbn-Site-Id
X-VC-Cache
X-SIPLIST1
X-S-Maxage
X-Urbn-Context-Path
X-Release
X-VWS-Id
X-LJ-Flow-ID
User-Cache-Control
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-AWS-Id
X-Compress-Hint
Thinkindot-Control
X-Distil-CS
Thinkindot-CacheControl-Type
X-Device-Os
X-App-Name
X-Auto-Login
X-Core-Mission
X-Clientip
X-Backend-Host
X-Block-Status
X-Bip
X-BBXSRF
Thinkindot-CacheControl
X-C
W
True-Client-Country-4JS
X-Cdn-Origin
X-Cache-Info
Uber-Trace-Id
X-Clara-WADP
X-Generation-Time
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-RateLimit-Limit-Second
X-Qloud-Router
X-Nginx-Cache-Key
X-VServer
X-Policy
X-Reboot
X-Server-IP
X-Thanos
X-Thinkindot-L3
X-TrackingId
X-Swa-Ws
X-Sn-Servicetimems
X-Service
X-ServiceProvider
X-Skip-Cache
X-WADP-Cache
X-Method
X-Generated-On
X-CUA
X-Geo-Header
X-Gen-Mode
X-GDPR
X-Dc
X-Edge-Server
X-ElasticPress-Search
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Level-Front-Cache
X-Location
X-Matched-Rule
X-We-Are-Hiring
X-IN-APIGATEWAYSSL
X-Hnp-Log
X-IN-APIGATEWAY
X-Distributor
X-Backend-Url
X-Var-Ttl
Heartbleed
Magicmarker
AKAMAI
Countrycode
Content-Disposition
CDCHOST
Pramga
Cdn-Host
Cdn-Request-Time
Esi-Enabled
L
RNT-Machine
RNT-Time
Gh-Request-Id
Fastly-SWR
Server-Int
Fastly-SIE
X-Request-Time
X-Microcachable
X-Internal-Host
X-Li-Pop
X-NX-Host
X-WebServer
X-Li-Fabric
X-Fetched-On
X-Epic-Correlation-Id
X-Generated-In
X-Eu-Site
X-Hash
X-LI-Proto
X-Debug-Cache-Expiry
X-GeoIP-City
X-Irp-Debug
X-MSEdge-Features
X-JWT-State
X-Request-Start
X-Is-Gdpr
X-Has-Esi
X-Webstats-RespID
X-Request-URI
X-Say-Cacheable
X-Servername
X-Variation
X-SayCDN-TTL
X-Say-TTL
X-User
X-Platform-Server
X-ProxyCache-Status
X-MSEdge-Flight
X-ProxyCache-Key
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Old-Content-Length
Adler-Geo
X-Via-CDN
X-PHP-Host
X-Reqid
X-Owner
X-LI-UUID
Cache-Provider
X-Cache-FS-Status
Server-Host
Served-By
Wxu-Next-Commit
X-Cache-Id
Memory
X-Debug-Cache-Store
X-Guploader-Uploadid
Kp-EeAlive
X-Debug-Log
X-Debug-Cache-Fetch
X-Backend-State
Platform
PFcat
X-Debug-Cookies
Pagetype
X-Amz-Meta-Cache-Control
Ha-Gx-Prefs
HA-Ipaddr
Wxu-Next-Hostname
Srv
X-CGP
X-Dispatch
Is-Eu
V-Age
X-BYPASS-REASON
Web-Mar-Node
Wxu-Next-Region
X-UA
X-Dispatcher-Server
SD-X-WS
X-Org
X-Info
X-SD-PageType
Resin-Trace
Server-ID
X-Key
X-Cdn-Forward
X-Lb-Id
X-ABtesting
X-NWS-UUID-VERIFY
X-Wa
X-FPC
X-Hello
X-COUNTRY
X-Flog
X-Geo
X-URL
SS
X-Servedbyhost
X-DC
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
REQUESTUUID
X-Response-By
X-Unique-ID
X-Svr
X-Cache-URL
X-Ratelimit-Limit
X-IPS-LoggedIn
X-Routing-Service
X-Proxied
X-RateLimit-Reset
X-Be
X-Zipkin-Id
X-Nc
Country-Code
Cache-Cookie-Set-Lfrom
X-Instart-Isnd
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Scheme
X-CDN-Forward
X-Page-Type
X-VCL-Version
XServer
X-Processor
X-Cache-Backend
X-Datadome
X-Dynatrace-Js-Agent
X-NodeID
UCS
CACHE
X-MP-GENERATED-AT
X-Pjax-Url
X-Varnish-Beresp-Ttl
Group
X-SRV
X-SN
X-Oss-Storage-Class
X-Oss-Server-Time
X-Logtrace-Id
Powered-By-ChinaCache
X-ZONE
Ajk
PICS-Label
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Ruxit-Js-Agent
Dynatrace
X-Server-W
X-HTML-Minification-Powered-By
Cache-Host
Proxy-Firewall
X-Oracle-Dms-Rid
ProcessTime
X-Newrelic-Synthetics
X-Webkit-Csp
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Powered-By
X-Ftr-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
X-HS-Status
X-Dynatrace
SN
X-Cache-Category-Id
Ttl
X-Grey
X-Ms-Request-Id
X-Ms-Version
X-Via-Ucdn
X-EC-Lua
X-Zone
X-Source
X-GRACE
X-Pf-Uncompressing
X-Ratelimit-Remaining
GeoIP-Country-Code
GeoIP-City
X-PF-Uncompressing
X-FORWARDED-FOR
Geoip-Latitude
Fastly-Backend-Name
GeoIP-Latitude
GeoIp-Country-Code
Lfy
X-Session-Fingerprint
X-APP
X-TH-Server
Geoip-City
X-LiteSpeed-Cache-Control
X-Varnish-Beresp-TTL
X-Sucuri-Id
X-Agile-Id
X-Cache-Debug
X-Agile-Age
MIME-Version
X-Agile
X-NODE
X-Check-Cacheable
GW-Server
X-Ftr-Cache-Host
X-Fastly-Country-Code
X-BC
LB
X-Tt-Trace-Host
X-LAGOON
Environment
X-7Graus-Varnish-Cache-Control
X-Logging-Id
Cdn
X-7Graus-Varnish-XKeys
X-Bc
X-RCS-CacheZone
Pics-Label
X-Sedo-Request-Id
CF-Cached-On
X-Cache-Miss-From
X-Edge
X-Aicache-OS
X-Gannett-Site-Version
X-Secret
X-Varnish-Url
WWW
X-PJAX-URL
WZWS-RAY
M-TraceId
X-Ftr-Balancer
X-Ftr-Dc
X-CSRF-Token
X-Ftr-Backend-Server
X-Ftr-Backend
X-Unique-Id
X-Ftr-Realm
X-CDN-Cache
X-Varnish-Cacheable
Requestid
Ohc-Response-Time
X-Mid
On-Server
X-Cache-Tag
X-Core-Value
Cf-Ipcountry
X-Sucuri-ID
X-Akamai-SSL-Client-Sid
X-AK-Request-ID
X-Cache-Ttl
X-UPSTREAM-Address
User-Agent
Cdnsip
X-MCACHE
Cdncip
DataCenter
X-Varnish-Ttl
X-Vcl-Version
X-Fastly-Backend-Reqs
X-GeoIP-Country-Code
X-Litespeed-Cache-Control
Amp-Access-Control-Allow-Source-Origin
Inserted-Into-Cache-At
X-TT-LOGID
X-Sucuri-Cache
X-BE
CDN
X-Vdms-Version
Lb
X-Swift-Error
X-NGINX-Cache
X-DW
X-NU-AKA-ACS-Version
URI
X-Sigma
X-Sigma-Backend
X-Action
X-RPS
X-RPM
X-Fstrz
RequestUuid
X-Rocket-Build-Number
X-Proxy-Cacherz
X-RSL
SID
Xkeyrz
X-DB
X-DSS
X-DI
HostName
X-Planisys-CDN-Rules
X-Shopify-Generated-Cart-Token
Who
Pragrma
X-Render-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Host-ID
X-Crawler
X-Correlation-ID
Is-Session-Tracking
Get-Access-Time
X-WR-MODIFICATION
X-Fastly-Cache-Hits
X-Via-NSCOPI
X-Refresh
Server-Id
X-WA
X-LB-ID
Warning
X-ServedByHost
X-Fpc
Xkeypdq
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-Flow-Id
X-VC
X-FE
X-SB
FNAC-ModuleRouting
X-MID
X-Micro-Cache
X-TIME
Correlation-Id
X-Cdn-Request-ID
X-Nananana
X-Cf-Powered-By
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Akamai-ERRuleID
X-Gen-Id
TTL
X-Trafficlayer-App-Version
X-Akamai-ERPolicy
X-LiteSpeed-Tag
X-ECache
X-Request-URL
Processtime
HitType
X-Fe
X-Via-SSL
X-Served-From
X-Via-Edge
X-Bug-Bounty
X-ServerName
X-Gdpr
V-Cache
Xet-Cookie
X-Dw-Trace-Id
Cneonction
X-Newrelic-App-Data
X-MiniProfiler-Ids
RequestId