Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-CDN
X-Robots-Tag
X-Envoy-Upstream-Service-Time
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-Server
X-UA-Device
X-AH-Environment
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Server-Id
X-Cdn
X-Amz-Version-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
X-Backend-Server
Content-Location
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
X-Origin-Upstream-Status
X-Rack-Cache
Allow
X-Ruxit-JS-Agent
X-HW
X-DataDome
X-Country
Rating
X-Country-Code
X-FTR-Request-ID
X-Url
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Instart-Request-ID
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-Vname
X-TtlSet
X-Ah-Environment
X-CST
Verso
X-Px
RTSS
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-Recruiting
X-VARITI-CCR
X-Mod-Pagespeed
Pinterest-Generated-By
Service-Worker-Allowed
X-GoogleNews-Bot
X-Cdn-Fetch
X-D2id
X-Kinja-Revision
X-Exp-Id
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
Display
X-Vcap-Request-Id
X-Version
SPRequestGuid
Accept-Ch-Lifetime
X-SharePointHealthScore
X-Akam-SW-Version
MS-Author-Via
X-RateLimit-Remaining
X-GitHub-Request-Id
TCN
X-Navigation-Version
X-Abt-Application-Version
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Powered-CMS
X-TEC-API-ORIGIN
Accept-CH
X-B3-TraceId
X-Upstream
X-Shard
X-Forwarded-Proto
SPIisLatency
AR-CACHE
X-Amz-Server-Side-Encryption
Ar-Sid
AR-ATIME
AR-PoweredBy
SPRequestDuration
X-XRDS-Location
Charset
Fastly-Restarts
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Rid
Nginx-Cache
Realpath
X-Trace
X-Debug
X-Aspnetmvc-Version
X-Server-Name
Front-End-Https
AR-Request-ID
X-Ezoic-Cdn
X-Cached
X-Shield-Request-Id
X-Goog-Generation
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Goog-Metageneration
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-ESI
X-MSEdge-Ref
Access-Control-Request-Method
Paypal-Debug-Id
X-NF-Request-ID
X-FTR-Expires
X-Country-Code-Real
X-FTR-Cache-Status
Arr-Disable-Session-Affinity
Pagespeed
X-Vcache
ServerID
Content-MD5
X-Id
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-Goog-Storage-Class
S
MicrosoftSharePointTeamServices
DynaTrace
X-DynaTrace-JS-Agent
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-Client-IP
X-Via-JSL
X-Content-Type
X-Varnish-Age
X-Dw-Request-Base-Id
X-Hits
X-Amzn-Trace-Id
X-RateLimit-Limit
X-FastCGI-Cache
X-N
X-Grace
X-Correlation-Id
X-B3-Traceid
Fastcgi-Cache
X-VCache
X-Frontend
X-FTR-Cache-Host
X-SERVER
X-Content-Digest
Powered
PB-RID
X-Mobile-Rewrite
Arc-Version
PB-PID
X-Esi
Accept-Ch
X-Forwarded-For
X-Accel-Expires
X-DIS-Request-ID
Server-Name
X-Ser
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Content-Id
TP-L2-Cache
TP-Cache
X-Microsite
X-Zen-Fury
X-Request-Handler-Origin-Region
X-Request-Received
X-Request-Processing-Time
X-Cache-Age
X-Kinsta-Cache
X-LB-Cache
X-Type
FilterID
X-Rid
X-User-Agent
Edge-Cache-Tag
X-IPLB-Instance
X-Analytics
X-Activity-Id
Backend-Timing
X-AppVersion
X-Az
X-Revision
X-Fastcgi-Cache
Healthy
X-Node-Name
X-F-Cache
X-Whom
X-Srv
Retry-After
X-Time
X-NWS-LOG-UUID
X-Cache-2
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Pinterest-Version
X-Pinterest-Rid
Accept-Charset
X-Amz-Apigw-Id
X-Cache-Hit
X-Amzn-RequestId
X-Acc-Meta-Resource-Type
Alternate-Protocol
Server-Node
X-Cache-Rule
X-AOL-HN
Cache-Status
X-Content-Options
VIX-Pulpo-Upstream-Status
Surrogate-Key
VIX-Pulpo-Node
X-Content-Powered-By
X-Content-Security-Policy-Report-Only
Refresh
X-Akamai-Edgescape
DC
X-Cluster
X-Jobs
X-Forwarded-Host
Access-Control-Allow-Method
X-Tumblr-Pixel-0
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Type
X-Instance
X-Debug-Info
X-FB-Debug
X-Tumblr-User
X-FW-Serve
X-Page-Id
X-Tumblr-Pixel
X-Framework
X-PHP-Backend
Source
X-Varnish-Grace
X-Erf-Bev-Bev
X-B
X-Erf-Bev-Bev-Is-Generated
X-App-Environment
X-Hp-Webp
X-Request-Guid
MS-CV
X-App-Server
Fastcgi-Useragent
Frame-Options
X-Hostname
Host
Cleartype
X-Cache-Key
Cache-Tag
Tracecode
X-Signature
X-B-Cache
X-Cache-Operation
Actual-Object-TTL
X-Mobile-URL
X-BCube-Filmed-By
X-Geo-Country
X-Cached-By
X-TA-CDN-Provider
X-Varnish-Backend
X-Cache-Control
X-Amz-Replication-Status
X-TT
X-Ratelimit-Reset
X-PressLabs-Stats
X-Seen-By
Liferay-Portal
X-Pad
X-Host-Name
X-DataStream-Cache-Status
Xserver
X-Mobile
X-Response-Served-From
NGB
X-Adobe-Content
X-Git-Hash
X-Adobe-Loc
Upgrade-Insecure-Requests
X-ATG-Version
Payment
Webserver
X-Status
X-TT-TIMESTAMP
X-WA-Info
Eomportal-Instance
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
Filters
X-Tumblr-Pixel-2
X-ProcessESI
Cache-Tv-Group
X-FW-Dynamic
X-RemovedCookies
WPE-Backend
X-RTag
X-GeoIP
X-Drupal-Cache-Tags
X-Cacheable-TTL
From-Origin
Ms-Operation-Id
X-Handled-By
X-TX-ID
X-UA-Device-Type
X-RequestSource
GEO-INFO
X-Cache-TTL-Remaining
X-Oracle-Dms-Rid
X-Content-Age
Datacenter
X-Cache-Remote
X-Daa-Tunnel
X-Edge-Location
X-Cache-Action
X-Cache-TTL
Viewport
X-Origin-Server
X-Storage
X-Webkit-CSP
X-Varnish-Hostname
Accept-CH-Lifetime
X-Upstream-Proxy
X-Accel-Buffering
X-EdgeConnect-Cache-Status
X-Hyper-Cache
Version
X-Ua
Cache
X-Contextid
X-Region
X-CF-Powered-By
Host-Header
NR-ENABLED
X-Wix-Request-Id
X-Yottaa-Optimizations
SRV
X-Yottaa-Metrics
PageSpeed
X-Varnish-Server
X-Path-Route
Meta-Geo
Load-Balancing
X-Cache-Var
X-Cache-Var-Map
X-RN-RSRV
X-ES-SERVER
X-Akamai-Transformed
X-JoinUs
X-Timing-Wait
X-Akamai-Request-ID2
X-Proxy-Build
X-From
S-Cnection
X-IP
Selected-Fe
X-Backend-Name
X-Cache-Config
Vix-Hermes-Req-Id
Now
Cache-Tags
X-CS
X-Goog-Meta-Goog-Reserved-File-Mtime
X-TNCMS
X-Proxy
X-Proto
X-Loop
Cache-Name
X-Generated
X-Akamai-Request-ID
X-Access
X-ApacheServer
X-Cache-Enabled
X-Cluster-Node
Rt-Fastcgi-Cache
Ec-Rule-Version
DB-Nickname
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-FC-Vary-Parameters
X-Hit
X-Tumblr-Pixel-3
X-Time-Microsecs
X-Upgrade-Enabled
X-Via-Fastly
X-Viewer-Country
X-Section
X-Rule
X-NCache
X-Origin
X-Origin-Response-Time
X-PERF
Cache-Hits
X-Labrador-Cache-Channel
X-Origin-Hint
S-Rt
Property-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-PCL
X-R9-Blue-Green-Version
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Country
Cache-Key
TWC-Locale-Group
TWC-Privacy
X-FireWall-Port
X-EIG-Tracking-Id
X-Xfnlog-Site
X-Format
X-Web-Node
X-Hosted-By
X-FW-Version
X-CCM
X-Cache-Host
Webcakes-App-Name
X-OCL
Webcakes-App-Version
Webcakes-Region
X-Cache-Grace
X-Backend-TTL
Azure-InstanceId
Mn-Server-Ip
X-UnsetCookies
X-Trace-Id
X-Upstream-CT
X-Upstream-HT
X-Varnish-Cache-Hits
X-Varnish-Hits
X-Locale
X-Cache-NE
Ohc-File-Size
X-Debug-Cache
X-S
X-Www-Served-By
X-Site-Version
X-Drupal-Cache-Contexts
X-Human
X-Device-Type
X-Cache-Time
X-Cache-Server
Server-Info
DSUID
X-NewRelic-App-Data
X-Rendered-As
OT-Force-Account-Verify
Release
Time
Hostname
X-APP-VERSION
X-Vgn-Hpd-Reason
ServedBy
X-VG-TLSProxy
X-VG-WebCache
X-ShardId
X-Alternate-Cache-Key
X-Presslabs-Stats
X-HS-Cache-Config
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-Sorting-Hat-ShopId
X-DataStream-MidMile-RTT
Fastcgi-X-Cache-Version
Ohc-Cache-HIT
X-VCT
X-DataStream-Origin-MEX-Latency
X-FB-TRIP-ID
X-Redis-Cache
X-OVcl-Cache
X-OVcl
Cteonnt-Length
X-Real-IP
X-Nginx-Cache
Accept-Language
Machine
X-B3-Spanid
X-Tb
X-Pubstack
X-Server-ID
Origin-Cache-Control
Origin-Edge-Control
Origin
X-GEO
L5d-Success-Class
X-NC
X-CSRF-TOKEN
Access-Control-Request-Headers
X-Mode
X-Environment-Context
X-L-Path
X-No-Session
X-Cluster-Name
NtCoent-Length
X-Tt-Trace-Tag
Fastly-SSL
X-Generated-By
X-Magnolia-Registration
Odigeo-Trace-Id
X-Load-Cache
X-Request-Time
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Element-Page-Cache
X-NGENIX-Cache
X-UUID
Mime-Version
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
X-SS-Set-Cookie
X-Endurance-Cache-Level
X-App-Version
We-Hiring
X-Rocket-Nginx-Bypass
X-GoCache-CacheStatus
Akamai-GRN
X-DC
X-ServerID
X-B3-Parentspanid
Mail-Subject
Nel
Request-Time
X-ECACHE
X-HS-Combine-CSS
X-Origin-TTL
X-XRDS-LOCATION
X-Parent-Response-Time
X-CACHE-KEY
X-Origin-CC
X-Soup
VivaBuild
CF-IPCountry
X-A-Ccd
X-A
Rendered-Blocks
X-B-Cookie
X-Node-Id
Mobile-Detection-Method
X-MServer
T-Server
Viewtype
Proxy-Connection
X-VG-WebServer
X-AIR-PT
X-A-Dgt
X-A-Wwc
X-Aed
Rt-Proxy-Cache
X-Application
X-A-Dcw
X-Accel-Expires-Debug
X-ARC
X-Urbn-Site-Id
X-A-Dam
Node
Server-ID
Cdn-Host
X-G
AsisCache
BehaviorPad-Version
Content-Style-Type
X-Instart-Info
Content-Script-Type
Arc-Country
X-Vtex-Processado-Em
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-SRCache-Key
X-Vtex-Remote-Cache
X-Is-Bot
X-Org
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-S-Maxage
X-ScT
X-Request-UUID
Cdn-Request-Time
X-Origin-Expires
X-Origin-Date
X-PAYTM-SRV-ID
X-Region-Sid
Cache-Prefix
X-External-Request-Id
Locale
X-Date
X-D
X-Destination
Xc-Version
X-Twitter-Response-Tags
MD5-Digest
X-Server-Time
Meta-Geo-Continent
X-CF-Lambda-Fn
X-CF-Lambda-Version
Memcached
X-Connection-Hash
X-Detected-As
X-Developer
Cross-Origin-Window-Policy
Fly-Cache
X-DPWN-IS-SECURE
Apple-News-Services-Handled
X-Edge-Server
A
X-Transaction
GEO-REGION-INFO
NGX
X-Trv-Group
Fly-Request-Id
X-Worker
X-Urbn-Context-Path
X-Oneagent-Js-Injection
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
Backend-Name
ServerName
Uber-Trace-Id
X-WebServer
Fastly-Soc-X-Request-Id
X-Distributor
X-Thanos
X-TrackingId
X-SVT-ORM-RULES
X-IN-APIGATEWAYSSL
X-Release
X-Request-Start
X-IN-APIGATEWAY
Countrycode
X-SIPLIST1
X-Fastly-Cache
X-Hl-Ver
X-SVT-ORM-VERSION
Gh-Request-Id
X-Azure-Ref-OriginShield
X-Bip
X-Cache-Bucket
Request-Country
X-Azure-Ref
Section-Io-Cache
X-Auto-Login
N-Cache
X-Cdn-Srv
X-Core-Mission
IsBot
X-Developers
X-Cms-Context
X-Clientip
X-VC-Cache
X-Up
X-Distil-CS
Request-EU
X-Via-CDN
X-Routing-Service
X-Zipkin-Id
User-Cache-Control
X-Uri
X-Proxied
X-ElasticPress-Search
V-Age
X-PHP-Host
X-Debug-Cache-Expiry
X-CUA
X-Platform-Server
X-Skip-Cache
True-Client-Country-4JS
W
X-Sn-Servicetimems
Thinkindot-CacheControl
X-Thinkindot-L3
X-Debug-Cookies
X-Debug-Log
X-Unique-ID
Server-Int
X-LI-UUID
Thinkindot-CacheControl-Type
X-Compress-Hint
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Thinkindot-Control
X-Clara-WADP
X-Backend-Host
X-RateLimit-Remaining-Second
X-Reboot
X-Cache-FS-Status
X-Cache-Id
X-Backend-Url
X-BBXSRF
X-Location
X-C
X-Block-Status
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Cache-Info
X-Method
X-ABtesting
X-CGP
X-Owner
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Cdn-Origin
X-App-Name
X-RateLimit-Limit-Second
X-LI-Proto
X-Amz-Meta-Cache-Control
X-ServiceProvider
RNT-Time
X-Generated-On
X-Generated-In
X-Generation-Time
X-Geo-Header
Adler-Geo
X-Gen-Mode
X-GDPR
X-Old-Content-Length
X-Flog
HA-Ipaddr
Ha-Gx-Prefs
X-NX-Host
Fastly-SWR
X-GeoIP-City
X-MSEdge-Features
X-Hello
Content-Disposition
X-Hnp-Log
CDCHOST
X-Hash
X-MSEdge-Flight
Fastly-SIE
X-Nginx-Cache-Key
Esi-Enabled
AKAMAI
X-Rebelmouse-Cache-Control
Is-Eu
X-Li-Pop
Platform
X-VServer
PFcat
X-Li-Fabric
X-Level-Front-Cache
RNT-Machine
X-Irp-Debug
X-Device-Os
X-Variation
X-Wikidot-Static-Cache
X-Matched-Rule
Magicmarker
X-Wikidot-Backend
L
X-Fetched-On
X-Epic-Correlation-Id
X-Eu-Site
X-WADP-Cache
X-We-Are-Hiring
X-Microcachable
X-Internal-Host
X-Key
X-Qloud-Router
X-Dispatch
X-Dispatcher-Server
X-SayCDN-TTL
Served-By
SD-X-WS
X-User
SS
X-Swa-Ws
X-Cdn-Forward
X-Guploader-Uploadid
X-Backend-State
Pramga
Heartbleed
X-Policy
X-B3-SpanId
Kp-EeAlive
Pagetype
X-Webstats-RespID
Web-Mar-Node
Server-Host
X-Response-By
X-Servername
X-Say-Cacheable
X-SD-PageType
X-Say-TTL
X-Reqid
X-Server-IP
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-IPS-LoggedIn
Country-Code
Resin-Trace
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-MP-GENERATED-AT
X-FPC
Memory
X-Wa
X-Page-Type
X-Service
X-Servedbyhost
X-Var-Ttl
X-Ttl
UCS
X-Dynatrace
Cache-Provider
X-JWT-State
X-Is-Gdpr
X-Has-Esi
REQUESTUUID
Powered-By-ChinaCache
ProcessTime
X-Dc
X-Lb-Id
X-Nc
X-Logtrace-Id
X-NWS-UUID-VERIFY
Ajk
X-HTML-Minification-Powered-By
Dynatrace
X-Geo
X-Ratelimit-Limit
X-Cache-Backend
Proxy-Firewall
X-VCL-Version
X-Datadome
X-Tb-Optimization-Total-Bytes-Saved
X-RateLimit-Reset
X-Processor
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Info
X-Litespeed-Cache
X-SERVER-NAME
Srv
X-Cache-URL
X-Svr
X-Cache-Ttl
Powered-By
X-Pjax-Url
X-Cache-Category-Id
SN
X-Grey
CACHE
X-ZONE
X-Be
X-SRV
X-Varnish-Beresp-Ttl
PICS-Label
X-Instart-Isnd
X-COUNTRY
X-Ruxit-Js-Agent
GeoIP-Latitude
X-SN
Fastly-Backend-Name
X-HS-Status
X-TH-Server
X-CDN-Forward
X-Scheme
X-UA
GeoIP-City
GeoIP-Country-Code
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Webkit-Csp
X-URL
X-Ftr-Request-Id
X-NodeID
X-RCS-CacheZone
X-Zone
Group
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Pf-Uncompressing
X-GRACE
X-Source
X-LiteSpeed-Cache-Control
X-LAGOON
GW-Server
X-EC-Lua
X-Secret
Ttl
X-Varnish-Url
Cache-Host
X-Gannett-Site-Version
X-Newrelic-Synthetics
X-Check-Cacheable
Cdn
X-Bc
X-Server-W
X-Varnish-Beresp-TTL
X-Sucuri-Id
LB
CF-Cached-On
X-APP
X-Dynatrace-Js-Agent
WZWS-RAY
X-PF-Uncompressing
X-NODE
X-Ms-Version
X-Via-Ucdn
X-Varnish-Cacheable
On-Server
XServer
X-CDN-Cache
X-Ftr-Cache-Host
X-Ms-Request-Id
X-Tt-Trace-Host
User-Agent
X-GeoIP-Country-Code
X-FORWARDED-FOR
X-Ratelimit-Remaining
Geoip-Latitude
X-Aicache-OS
X-Cache-Debug
GeoIp-Country-Code
X-Edge
Pics-Label
Geoip-City
Inserted-Into-Cache-At
Environment
MIME-Version
X-BC
X-Session-Fingerprint
X-BE
X-Fastly-Country-Code
Lfy
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-NU-AKA-ACS-Version
WWW
X-Agile-Age
X-Agile-Id
X-Agile
X-Akamai-SSL-Client-Sid
X-PJAX-URL
M-TraceId
X-Ftr-Dc
X-Ftr-Balancer
X-Ftr-Realm
X-Ftr-Backend
X-Ftr-Backend-Server
Ohc-Response-Time
Requestid
Who
X-Crawler
X-Render-Time
X-Mid
Cf-Ipcountry
X-Logging-Id
X-Vcl-Version
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-MCACHE
SID
X-Varnish-Ttl
X-UPSTREAM-Address
X-CSRF-Token
X-LB-ID
Lb
Amp-Access-Control-Allow-Source-Origin
X-Litespeed-Cache-Control
X-Cache-Miss-From
X-Sedo-Request-Id
X-Cache-Tag
X-Fastly-Backend-Reqs
X-Micro-Cache
X-FE
URI
X-Action
X-WR-MODIFICATION
X-DB
RequestUuid
X-RPM
X-RPS
X-RSL
X-Via-Edge
X-Served-From
X-DI
X-Proxy-Cacherz
X-DSS
Xkeyrz
X-DW
X-Via-SSL
HostName
Host-ID
CDN
X-Core-Value
DataCenter
X-Correlation-ID
X-Cf-Powered-By
Cdncip
Cdnsip
X-AK-Request-ID
X-Flow-Id
X-Page-Impression-Id
X-Vct
X-Zalando-Child-Request-Id
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Fpc
X-Nananana
X-Fastly-Cache-Hits
X-WA
Xkeypdq
X-ServedByHost
X-Swift-Error
X-NGINX-Cache
X-Newrelic-App-Data
X-Cdn-Request-ID
Warning
X-Vdms-Version
X-MID
X-VC
Cneonction
FNAC-ModuleRouting
X-SB
Correlation-Id
Get-Access-Time
X-Sigma
X-Sigma-Backend
X-Sucuri-Cache
X-TT-LOGID
X-Rocket-Build-Number
X-TIME
Is-Session-Tracking
X-Ecache
X-Protected-By
X-Sucuri-ID
X-Shopify-Generated-Cart-Token
X-Request-URL
Xet-Cookie
X-Apw-Hits
RequestId
Processtime
X-Bug-Bounty
X-Refresh
HitType
X-Request-Url
X-Via-NSCOPI
X-Fe
X-Serial
X-ServerName
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-ND-Cache
X-ECache
X-Apw-Access-Object
X-Apw-Access-Action
X-Unique-Id
X-Gdpr
V-Cache
X-Apw-Access-Token