Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-Template
X-Language
X-DNS-Prefetch-Control
X-Request-ID
X-Iinfo
Status
X-Content-Security-Policy
Content-Encoding
X-AspNetMvc-Version
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Envoy-Upstream-Service-Time
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-CDN
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-UA-Device
X-AH-Environment
Request-Context
X-Nginx-Cache-Status
Grace
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
X-Backend-Server
Content-Location
X-Dns-Prefetch-Control
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
X-Origin-Upstream-Status
X-Rack-Cache
Allow
X-Ruxit-JS-Agent
X-HW
X-DataDome
Rating
X-ORACLE-DMS-RID
X-Country
X-Country-Code
X-FTR-Request-ID
X-Url
X-TTL
X-Clacks-Overhead
X-DynaTrace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-TtlSet
X-Vname
X-PC
X-Ah-Environment
X-CST
Verso
X-Px
RTSS
X-Aspnetmvc-Version
X-Powered-By-Plesk
Public-Key-Pins
Edge-Control
X-Recruiting
X-VARITI-CCR
X-Mod-Pagespeed
Pinterest-Generated-By
Service-Worker-Allowed
X-Kinja-Revision
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Middleton-Response
X-Middleton-Display
Response
X-D2id
Display
X-Sol
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
Accept-Ch-Lifetime
X-Akam-SW-Version
X-B3-TraceId
MS-Author-Via
X-RateLimit-Remaining
TCN
X-GitHub-Request-Id
X-Abt-Application-Version
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Powered-CMS
X-TEC-API-ORIGIN
Accept-CH
X-Upstream
X-Shard
X-Forwarded-Proto
SPRequestDuration
AR-PoweredBy
SPIisLatency
X-Amz-Server-Side-Encryption
Ar-Sid
AR-ATIME
AR-CACHE
Charset
Fastly-Restarts
X-XRDS-Location
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Rid
Realpath
X-Trace
Nginx-Cache
X-Debug
X-Server-Name
Front-End-Https
AR-Request-ID
X-Cached
X-Shield-Request-Id
X-Ezoic-Cdn
X-Mrf-Section-Lastmod
X-ESI
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-MSEdge-Ref
Access-Control-Request-Method
X-NF-Request-ID
Paypal-Debug-Id
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
Arr-Disable-Session-Affinity
X-SERVER
ServerID
Content-MD5
X-Id
Pagespeed
DynaTrace
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-Goog-Storage-Class
S
MicrosoftSharePointTeamServices
X-DynaTrace-JS-Agent
X-Amz-Meta-S3cmd-Attrs
X-T
X-Vcache
X-Fastly-Request-ID
X-Via-JSL
X-Client-IP
X-Content-Type
X-Varnish-Age
X-Hits
X-VCache
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-RateLimit-Limit
X-FastCGI-Cache
X-N
X-Grace
X-Correlation-Id
X-Frontend
Fastcgi-Cache
X-FTR-Cache-Host
X-Content-Digest
Powered
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
X-Esi
X-Accel-Expires
Accept-Ch
X-Forwarded-For
X-DIS-Request-ID
X-Ser
Server-Name
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-B3-Sampled
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Hub-Id
TP-L2-Cache
TP-Cache
X-Microsite
X-Zen-Fury
X-Request-Handler-Origin-Region
X-Kinsta-Cache
X-Cache-Age
X-Request-Processing-Time
X-Request-Received
X-LB-Cache
FilterID
X-Type
X-Rid
X-User-Agent
Edge-Cache-Tag
X-Az
X-Revision
X-Activity-Id
X-AppVersion
Backend-Timing
X-Analytics
X-Fastcgi-Cache
X-IPLB-Instance
Healthy
X-Node-Name
X-F-Cache
X-Whom
X-Srv
Retry-After
X-Time
X-NWS-LOG-UUID
X-Cache-2
Pinterest-Version
X-Kong-Upstream-Latency
X-Pinterest-Rid
X-Kong-Proxy-Latency
Accept-Charset
X-Cache-Hit
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Acc-Meta-Resource-Type
Alternate-Protocol
X-AOL-HN
X-Cache-Rule
Server-Node
Cache-Status
Surrogate-Key
VIX-Pulpo-Node
X-Content-Options
VIX-Pulpo-Upstream-Status
Access-Control-Allow-Method
DC
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-Cluster
X-Jobs
X-Page-Id
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-Forwarded-Host
X-FB-Debug
X-Debug-Info
X-Tumblr-Pixel
X-FW-Type
X-Content-Powered-By
X-FW-Server
X-FW-Static
X-FW-Hash
X-FW-Serve
Refresh
X-Framework
X-Varnish-Grace
Source
X-Erf-Bev-Bev
X-PHP-Backend
X-App-Environment
X-B
X-Erf-Bev-Bev-Is-Generated
X-Request-Guid
X-Hp-Webp
MS-CV
Fastcgi-Useragent
X-App-Server
Frame-Options
Host
X-Hostname
X-Cache-Key
Cache-Tag
X-B-Cache
Cleartype
X-Signature
Tracecode
Actual-Object-TTL
X-Cache-Operation
X-Mobile-URL
X-BCube-Filmed-By
X-Geo-Country
X-Cached-By
X-TA-CDN-Provider
X-Varnish-Backend
X-Cache-Control
X-TT
X-Amz-Replication-Status
X-Seen-By
X-Ratelimit-Reset
X-PressLabs-Stats
Liferay-Portal
X-Pad
Xserver
X-Host-Name
X-DataStream-Cache-Status
X-Mobile
X-Response-Served-From
NGB
X-ATG-Version
X-Git-Hash
X-Adobe-Loc
Upgrade-Insecure-Requests
X-Adobe-Content
Payment
X-TT-TIMESTAMP
X-WebKit-CSP-Report-Only
Eomportal-Instance
X-WA-Info
Webserver
X-Status
Cache-Tv-Group
WPE-Backend
X-FW-Dynamic
X-Tumblr-Pixel-2
Filters
X-Tumblr-Pixel-1
X-GeoIP
X-Drupal-Cache-Tags
X-Cacheable-TTL
Ms-Operation-Id
X-Handled-By
X-TX-ID
X-RTag
From-Origin
X-RemovedCookies
X-RequestSource
X-ProcessESI
X-UA-Device-Type
X-Cache-TTL-Remaining
X-Cache-TTL
GEO-INFO
X-Content-Age
Datacenter
X-Cache-Remote
X-Daa-Tunnel
X-Edge-Location
X-Cache-Action
X-Storage
X-Origin-Server
X-Webkit-CSP
X-Accel-Buffering
X-Varnish-Hostname
Accept-CH-Lifetime
X-Upstream-Proxy
Viewport
PageSpeed
Cache
X-EdgeConnect-Cache-Status
X-Hyper-Cache
Version
X-Ua
X-Contextid
X-Region
X-CF-Powered-By
NR-ENABLED
Host-Header
X-Wix-Request-Id
SRV
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Oracle-Dms-Rid
X-Varnish-Server
Meta-Geo
Load-Balancing
X-Cache-Var-Map
X-RN-RSRV
X-Path-Route
X-Cache-Var
X-Akamai-Transformed
X-ES-SERVER
X-JoinUs
X-Timing-Wait
X-Akamai-Request-ID2
X-Proxy-Build
X-From
S-Cnection
X-IP
Selected-Fe
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Loop
X-Proto
X-Proxy
X-Cache-Config
X-Backend-Name
Cache-Name
Cache-Tags
Now
Vix-Hermes-Req-Id
X-TNCMS
X-CS
X-FC-Vary-Parameters
Ec-Rule-Version
Decoy-Debug-TTL
Decoy-Debug-Status
X-Hit
X-Upgrade-Enabled
X-Cluster-Node
X-Viewer-Country
X-Akamai-Request-ID
X-Access
X-ApacheServer
X-Time-Microsecs
X-Cache-Enabled
Rt-Fastcgi-Cache
DB-Nickname
Decoy-Debug-Key
Cache-Hits
X-Origin-Response-Time
X-Labrador-Cache-Channel
X-PERF
X-Tumblr-Pixel-3
X-Rule
X-Section
X-Origin
TWC-GeoIP-LatLong
Azure-SlotName
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Azure-Version
Property-Id
TWC-Locale-Group
Country
X-Web-Node
X-Xfnlog-Site
Mn-Server-Ip
Cache-Key
S-Rt
X-Varnish-Cache-Hits
X-UnsetCookies
X-Hosted-By
X-Upstream-CT
X-Format
X-NCache
X-OCL
X-R9-Blue-Green-Version
X-Trace-Id
X-PCL
X-Origin-Hint
X-FireWall-Port
X-EIG-Tracking-Id
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Via-Fastly
X-Backend-TTL
X-Upstream-HT
Azure-SiteName
X-CCM
X-Cache-Host
TWC-Privacy
X-FW-Version
Azure-RegionName
Azure-InstanceId
X-S
X-Site-Version
X-Varnish-Hits
X-Cache-Grace
X-Human
Ohc-File-Size
X-Cache-NE
X-Device-Type
X-Debug-Cache
X-Drupal-Cache-Contexts
X-Locale
DSUID
Server-Info
X-Cache-Time
X-NewRelic-App-Data
OT-Force-Account-Verify
Release
X-Cache-Server
X-Rendered-As
X-Www-Served-By
Time
Hostname
X-Vgn-Hpd-Reason
X-VG-TLSProxy
ServedBy
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
X-HS-Cache-Config
X-VG-WebCache
X-ShopId
X-Presslabs-Stats
X-Shopify-Stage
X-VCT
X-DataStream-MidMile-RTT
Fastcgi-X-Cache-Version
Ohc-Cache-HIT
X-DataStream-Origin-MEX-Latency
X-OVcl-Cache
X-OVcl
X-FB-TRIP-ID
X-Real-IP
X-Redis-Cache
X-Nginx-Cache
X-APP-VERSION
Accept-Language
Cteonnt-Length
Machine
X-Tb
X-Server-ID
Origin
Origin-Cache-Control
Origin-Edge-Control
X-Pubstack
X-NC
X-GEO
L5d-Success-Class
X-CSRF-TOKEN
Access-Control-Request-Headers
X-Mode
X-B3-Spanid
X-No-Session
X-Environment-Context
X-L-Path
X-Cluster-Name
NtCoent-Length
X-App-Version
Fastly-SSL
X-Tt-Trace-Tag
X-Load-Cache
X-Magnolia-Registration
X-Generated-By
Odigeo-Trace-Id
X-VWS-Id
X-Request-Time
X-LJ-Flow-ID
X-Element-Page-Cache
X-AWS-Id
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
Mime-Version
X-Endurance-Cache-Level
X-SS-Set-Cookie
X-UUID
X-NGENIX-Cache
X-Rocket-Nginx-Bypass
X-DC
Mail-Subject
We-Hiring
X-GoCache-CacheStatus
Akamai-GRN
X-ServerID
Nel
X-ECACHE
Request-Time
X-B3-Parentspanid
X-HS-Combine-CSS
X-Parent-Response-Time
X-Origin-TTL
X-CACHE-KEY
X-Origin-CC
X-Soup
X-XRDS-LOCATION
X-MServer
Locale
X-Is-Bot
X-Node-Id
Server-ID
Rt-Proxy-Cache
X-Org
X-Instart-Info
Proxy-Connection
X-Developer
Viewtype
X-A-Dam
X-CF-Lambda-Version
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-PAYTM-SRV-ID
X-A
X-G
X-Origin-Date
VivaBuild
X-Origin-Expires
T-Server
Mobile-Detection-Method
Apple-News-Services-Handled
Apple-News-Services-Host
Content-Script-Type
Content-Style-Type
A
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cdn-Request-Time
Cdn-Host
BehaviorPad-Version
AsisCache
Arc-Country
Cross-Origin-Window-Policy
NGX
Meta-Geo-Continent
Memcached
X-External-Request-Id
X-Region-Sid
Node
MD5-Digest
X-Edge-Server
Fly-Cache
Fly-Request-Id
GEO-REGION-INFO
X-DPWN-IS-SECURE
Rendered-Blocks
X-A-Ccd
X-B-Cookie
X-VG-WebServer
X-Connection-Hash
X-Date
X-Trv-Group
X-Twitter-Response-Tags
X-S-Maxage
X-Server-Time
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Worker
X-Vtex-Processado-Em
X-ScT
X-Transaction
X-D
Cache-Prefix
Xc-Version
X-Accel-Expires-Debug
X-Vtex-Remote-Cache
X-Destination
X-AIR-PT
CF-IPCountry
X-Application
X-Request-UUID
X-Aed
X-SRCache-Key
X-CF-Lambda-Fn
X-Rewrite-Enabled
X-ARC
X-S-Cookie
X-Detected-As
X-Rojux
ServerName
X-Oneagent-Js-Injection
Uber-Trace-Id
Backend-Name
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-Thanos
X-Clientip
X-Core-Mission
X-Cdn-Srv
X-Up
X-Cms-Context
X-Cache-Bucket
X-TrackingId
Countrycode
Fastly-Soc-X-Request-Id
Request-Country
X-Azure-Ref-OriginShield
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Section-Io-Cache
X-Azure-Ref
X-Release
X-Request-Start
X-Auto-Login
X-Developers
X-Hl-Ver
X-Bip
IsBot
Gh-Request-Id
X-WebServer
N-Cache
X-Distil-CS
X-Distributor
X-Fastly-Cache
X-SIPLIST1
Request-EU
X-Via-CDN
User-Cache-Control
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-B3-SpanId
X-ElasticPress-Search
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Debug-Cache-Expiry
X-PHP-Host
X-Skip-Cache
X-ServiceProvider
V-Age
W
X-SVT-ORM-RULES
X-Owner
X-Debug-Log
X-Device-Os
RNT-Time
RNT-Machine
X-Debug-Cookies
X-Debug-Cache-Store
X-CUA
X-Debug-Cache-Fetch
X-SVT-ORM-VERSION
Server-Int
Thinkindot-CacheControl
X-Clara-WADP
X-Reboot
X-C
X-App-Name
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Backend-Host
X-Rebelmouse-Cache-Control
X-BBXSRF
X-Backend-Url
X-Block-Status
X-RateLimit-Limit-Second
X-Amz-Meta-Cache-Control
X-Proxy-Cache-Status
X-CGP
X-RateLimit-Remaining-Second
X-Compress-Hint
X-Proxy-Upstream
X-Cache-Info
X-Cache-FS-Status
X-Level-Front-Cache
X-Cache-Id
X-Platform-Server
X-Old-Content-Length
X-Uri
X-Matched-Rule
X-Hash
Fastly-SWR
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Generated-On
X-Thinkindot-L3
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SIE
X-Location
X-LI-Proto
X-Li-Pop
X-Li-Fabric
CDCHOST
Content-Disposition
X-Irp-Debug
Esi-Enabled
X-Hnp-Log
Adler-Geo
X-LI-UUID
Is-Eu
X-Generation-Time
X-MSEdge-Flight
X-Variation
X-MSEdge-Features
X-VC-Cache
X-We-Are-Hiring
Platform
X-Nginx-Cache-Key
X-Unique-ID
X-NX-Host
X-Epic-Correlation-Id
X-Eu-Site
X-VServer
X-Fetched-On
X-WADP-Cache
X-Gen-Mode
X-Generated-In
Magicmarker
X-GDPR
X-Microcachable
X-Key
X-Hello
X-Method
X-Dispatch
X-Dispatcher-Server
X-Cdn-Origin
X-Geo-Header
X-Flog
X-Internal-Host
X-GeoIP-City
X-Qloud-Router
X-Say-Cacheable
L
Pagetype
SS
X-Sn-Servicetimems
Web-Mar-Node
Wxu-Next-Commit
X-Servername
X-Swa-Ws
Server-Host
Pramga
SD-X-WS
X-Backend-State
X-User
PFcat
Served-By
X-Cdn-Forward
Kp-EeAlive
Wxu-Next-Hostname
X-Say-TTL
X-ABtesting
X-Response-By
AKAMAI
X-Reqid
X-SayCDN-TTL
X-SD-PageType
Wxu-Next-Region
Heartbleed
X-Webstats-RespID
X-Guploader-Uploadid
X-Server-IP
X-Policy
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Country-Code
Resin-Trace
Cache-Cookie-Set-Lfrom
X-IPS-LoggedIn
X-MP-GENERATED-AT
X-FPC
X-Page-Type
X-Wa
Memory
X-Servedbyhost
UCS
X-Var-Ttl
X-Is-Gdpr
Powered-By-ChinaCache
Cache-Provider
X-Service
REQUESTUUID
X-Has-Esi
ProcessTime
X-JWT-State
X-Dc
X-Logtrace-Id
X-NWS-UUID-VERIFY
X-Nc
X-Lb-Id
Ajk
X-Geo
X-HTML-Minification-Powered-By
X-Ratelimit-Limit
X-Cache-Backend
Proxy-Firewall
X-VCL-Version
X-Datadome
X-Processor
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-RateLimit-Reset
X-Oss-Server-Time
X-Oss-Storage-Class
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Request-Id
X-Info
X-Litespeed-Cache
Srv
X-SERVER-NAME
X-ZONE
X-Pjax-Url
Powered-By
X-Cache-Category-Id
SN
X-Cache-URL
X-Svr
X-Grey
X-SRV
X-Varnish-Beresp-Ttl
X-Be
X-Instart-Isnd
PICS-Label
X-Ruxit-Js-Agent
X-COUNTRY
X-SN
X-HS-Status
X-UA
X-TH-Server
X-CDN-Forward
Dynatrace
GeoIP-Country-Code
GeoIP-City
Fastly-Backend-Name
GeoIP-Latitude
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Webkit-Csp
CACHE
X-URL
X-Ftr-Request-Id
X-Scheme
X-NodeID
X-Cache-Ttl
X-Zone
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Group
X-Dynatrace
X-Ttl
X-RCS-CacheZone
X-Source
X-GRACE
X-Pf-Uncompressing
GW-Server
X-LAGOON
X-LiteSpeed-Cache-Control
X-EC-Lua
X-Secret
X-Newrelic-Synthetics
X-Server-W
Ttl
X-Varnish-Url
Cache-Host
X-Bc
X-Check-Cacheable
X-Gannett-Site-Version
Cdn
X-Varnish-Beresp-TTL
X-Sucuri-Id
LB
CF-Cached-On
X-PF-Uncompressing
X-APP
X-Dynatrace-Js-Agent
WZWS-RAY
X-NODE
X-Varnish-Cacheable
X-Ftr-Cache-Host
On-Server
XServer
X-Ms-Request-Id
X-Via-Ucdn
X-CDN-Cache
X-Ms-Version
User-Agent
X-Tt-Trace-Host
X-GeoIP-Country-Code
X-Ratelimit-Remaining
X-FORWARDED-FOR
X-Edge
Environment
X-Session-Fingerprint
X-Aicache-OS
Geoip-Latitude
GeoIp-Country-Code
Lfy
X-Fastly-Country-Code
Geoip-City
Pics-Label
X-Cache-Debug
Inserted-Into-Cache-At
MIME-Version
X-BC
X-BE
X-Akamai-SSL-Client-Sid
X-Agile
X-Agile-Age
WWW
M-TraceId
X-PJAX-URL
X-NU-AKA-ACS-Version
X-Agile-Id
X-Ftr-Realm
X-Ftr-Backend
X-Ftr-Dc
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Who
Ohc-Response-Time
Requestid
X-Render-Time
X-Mid
X-Crawler
Cf-Ipcountry
X-7Graus-Varnish-Cache-Control
X-CSRF-Token
X-LB-ID
X-7Graus-Varnish-XKeys
X-Varnish-Ttl
SID
X-UPSTREAM-Address
X-Logging-Id
X-Vcl-Version
X-MCACHE
Lb
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Backend-Reqs
URI
X-Litespeed-Cache-Control
X-Micro-Cache
X-Sedo-Request-Id
X-Cache-Tag
X-FE
X-Cache-Miss-From
X-Via-SSL
X-RSL
X-DB
X-Action
X-DI
X-Via-Edge
X-Proxy-Cacherz
X-DSS
X-DW
X-RPS
X-Served-From
X-RPM
RequestUuid
Xkeyrz
X-WR-MODIFICATION
HostName
X-Core-Value
CDN
Host-ID
X-Cf-Powered-By
DataCenter
X-Correlation-ID
X-Zalando-Child-Request-Id
X-Flow-Id
X-Page-Impression-Id
Cdnsip
X-WA
Xkeypdq
Cdncip
X-ServedByHost
X-Amzn-Remapped-Connection
X-Nananana
X-Vct
X-Amzn-Remapped-Date
X-AK-Request-ID
X-Fastly-Cache-Hits
X-Fpc
X-NGINX-Cache
X-Swift-Error
X-Newrelic-App-Data
X-Cdn-Request-ID
FNAC-ModuleRouting
Cneonction
X-Protected-By
Is-Session-Tracking
X-Sigma
X-VC
X-Rocket-Build-Number
X-SB
X-MID
Get-Access-Time
X-Ecache
Correlation-Id
X-Sucuri-Cache
X-Sigma-Backend
X-Vdms-Version
Warning
X-TT-LOGID
X-TIME
X-Sucuri-ID
X-Shopify-Generated-Cart-Token
RequestId
Xet-Cookie
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Fe
X-Via-NSCOPI
X-Serial
X-ND-Cache
X-Refresh
X-Request-Url
X-Request-URL
Processtime
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-Gdpr
X-ServerName
X-Bug-Bounty
X-ECache
X-Unique-Id
HitType
V-Cache