Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Envoy-Upstream-Service-Time
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-CDN
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
X-Origin-Upstream-Status
X-Rack-Cache
Allow
X-Ruxit-JS-Agent
X-HW
X-DataDome
X-Country
X-ORACLE-DMS-RID
Rating
X-Country-Code
X-FTR-Request-ID
X-TTL
X-Url
X-Clacks-Overhead
X-DynaTrace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
X-Instart-Request-ID
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-TtlSet
X-PC
X-Vname
X-CST
Verso
X-Px
RTSS
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Pinterest-Generated-By
Service-Worker-Allowed
X-Kinja-Server
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Display
X-D2id
X-Ah-Environment
X-Vcap-Request-Id
X-Version
SPRequestGuid
X-SharePointHealthScore
X-Akam-SW-Version
Accept-CH
MS-Author-Via
X-B3-TraceId
X-RateLimit-Remaining
X-GitHub-Request-Id
TCN
X-Abt-Application-Version
Accept-Ch-Lifetime
X-TEC-API-VERSION
X-Navigation-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Powered-CMS
X-Upstream
X-Forwarded-Proto
X-Shard
X-Amz-Server-Side-Encryption
SPIisLatency
SPRequestDuration
X-XRDS-Location
Charset
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
Fastly-Restarts
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Rid
Realpath
Nginx-Cache
X-Trace
X-Debug
X-Aspnetmvc-Version
X-ESI
X-Server-Name
Front-End-Https
X-Cached
X-Shield-Request-Id
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
AR-Request-ID
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Ezoic-Cdn
X-MSEdge-Ref
Access-Control-Request-Method
X-NF-Request-ID
Paypal-Debug-Id
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
Arr-Disable-Session-Affinity
Pagespeed
ServerID
X-Vcache
Content-MD5
DynaTrace
X-Id
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-Goog-Storage-Class
MicrosoftSharePointTeamServices
S
X-T
X-Amz-Meta-S3cmd-Attrs
X-DynaTrace-JS-Agent
X-Fastly-Request-ID
X-Client-IP
X-Via-JSL
X-Content-Type
X-Varnish-Age
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-RateLimit-Limit
X-Grace
X-N
X-Correlation-Id
X-Frontend
X-VCache
X-FTR-Cache-Host
Fastcgi-Cache
X-SERVER
Powered
X-Content-Digest
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-DIS-Request-ID
X-Forwarded-For
X-Accel-Expires
Server-Name
X-Ser
X-Logged-In
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-B3-Traceid
X-Esi
X-GUploader-UploadID
X-Fastcgi-Cache
Accept-Ch
X-HS-Content-Id
X-HS-Hub-Id
TP-L2-Cache
TP-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Zen-Fury
X-Request-Processing-Time
X-Cache-Age
X-Request-Received
X-Kinsta-Cache
X-LB-Cache
FilterID
Edge-Cache-Tag
X-User-Agent
X-Rid
X-Revision
X-Analytics
X-Type
X-IPLB-Instance
Backend-Timing
Healthy
X-Activity-Id
X-AppVersion
X-Az
X-Node-Name
X-F-Cache
X-Whom
X-Srv
Retry-After
X-Time
X-NWS-LOG-UUID
Accept-Charset
X-Pinterest-Rid
Pinterest-Version
X-Cache-2
X-Amzn-RequestId
X-Kong-Proxy-Latency
X-Amz-Apigw-Id
X-Kong-Upstream-Latency
X-Cache-Hit
X-Acc-Meta-Resource-Type
Alternate-Protocol
X-Cache-Rule
Cache-Status
Server-Node
X-AOL-HN
X-Content-Options
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Surrogate-Key
X-Content-Powered-By
X-Cluster
X-Forwarded-Host
Access-Control-Allow-Method
Refresh
X-Jobs
DC
X-Akamai-Edgescape
X-Debug-Info
X-Instance
X-FW-Static
X-Page-Id
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-FW-Server
X-FW-Type
X-Content-Security-Policy-Report-Only
X-FW-Hash
X-FW-Serve
X-Framework
X-FB-Debug
X-PHP-Backend
Source
X-Varnish-Grace
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-App-Environment
X-Request-Guid
X-Hp-Webp
X-B
X-App-Server
MS-CV
Fastcgi-Useragent
Frame-Options
X-Hostname
Host
Cleartype
Cache-Tag
X-Signature
X-B-Cache
Tracecode
X-Cache-Operation
Actual-Object-TTL
X-Mobile-URL
X-Geo-Country
X-BCube-Filmed-By
X-Cached-By
X-Cache-Key
X-TA-CDN-Provider
X-Varnish-Backend
X-Cache-Control
X-TT
X-PressLabs-Stats
X-Ratelimit-Reset
X-Amz-Replication-Status
X-Seen-By
Liferay-Portal
X-Pad
Xserver
X-DataStream-Cache-Status
X-Host-Name
X-Response-Served-From
NGB
X-Mobile
Upgrade-Insecure-Requests
X-ATG-Version
X-Adobe-Loc
X-Git-Hash
X-Adobe-Content
Payment
X-Status
Webserver
X-WA-Info
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
Eomportal-Instance
X-FW-Dynamic
WPE-Backend
From-Origin
X-Drupal-Cache-Tags
X-ProcessESI
X-Cacheable-TTL
Accept-CH-Lifetime
X-TX-ID
X-RemovedCookies
X-Handled-By
X-GeoIP
Ms-Operation-Id
X-UA-Device-Type
X-RTag
X-RequestSource
Filters
Cache-Tv-Group
X-Cache-TTL-Remaining
X-Cache-TTL
GEO-INFO
Datacenter
X-Content-Age
X-Cache-Remote
X-Daa-Tunnel
X-Edge-Location
Viewport
X-Storage
X-Cache-Action
X-Origin-Server
X-Webkit-CSP
X-Accel-Buffering
Cache
X-Varnish-Hostname
X-Upstream-Proxy
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
X-Ua
X-Contextid
X-CF-Powered-By
X-Region
Host-Header
NR-ENABLED
X-Wix-Request-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
SRV
X-Oracle-Dms-Rid
PageSpeed
X-Varnish-Server
Meta-Geo
Load-Balancing
X-Path-Route
X-Akamai-Transformed
X-RN-RSRV
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
S-Cnection
X-JoinUs
X-Timing-Wait
X-IP
X-From
X-Proxy-Build
Selected-Fe
X-CS
X-Proto
X-Backend-Name
X-Cache-Config
X-Akamai-Request-ID2
Vix-Hermes-Req-Id
Now
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Loop
X-TNCMS
Cache-Name
X-Generated
X-Cache-Enabled
X-Cluster-Node
X-Akamai-Request-ID
Cache-Tags
DB-Nickname
Ec-Rule-Version
X-ApacheServer
X-Labrador-Cache-Channel
X-Time-Microsecs
X-Rule
X-Tumblr-Pixel-3
X-Via-Fastly
X-Viewer-Country
X-Proxy
X-PERF
Cache-Hits
X-NCache
X-Origin
X-Origin-Response-Time
X-Hit
X-FC-Vary-Parameters
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Hosted-By
Mn-Server-Ip
Property-Id
X-FW-Version
X-OCL
X-Cache-Grace
Azure-InstanceId
X-Origin-Hint
Azure-RegionName
Azure-SiteName
Azure-Version
Azure-SlotName
Rt-Fastcgi-Cache
S-Rt
Webcakes-App-Version
Webcakes-App-Name
Webcakes-Region
X-Access
X-Cache-Host
X-CCM
X-EIG-Tracking-Id
X-FireWall-Port
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
X-PCL
Cache-Key
X-Varnish-Cache-Hits
X-Trace-Id
X-Upgrade-Enabled
X-UnsetCookies
X-Section
X-Web-Node
X-Xfnlog-Site
X-Upstream-CT
X-Locale
Country
X-Site-Version
X-Upstream-HT
X-Varnish-Hits
X-Backend-TTL
X-Drupal-Cache-Contexts
X-R9-Blue-Green-Version
Ohc-File-Size
X-Cache-Time
X-Www-Served-By
X-Format
X-S
X-Cache-NE
X-Device-Type
X-Debug-Cache
X-Human
DSUID
Server-Info
Release
X-Rendered-As
OT-Force-Account-Verify
X-Cache-Server
X-NewRelic-App-Data
Time
X-Vgn-Hpd-Reason
Hostname
ServedBy
X-VG-TLSProxy
X-Alternate-Cache-Key
X-VG-WebCache
X-HS-Cache-Config
X-Shopify-Stage
X-ShopId
X-ShardId
X-Presslabs-Stats
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-DataStream-Origin-MEX-Latency
Ohc-Cache-HIT
X-DataStream-MidMile-RTT
Fastcgi-X-Cache-Version
X-VCT
Cteonnt-Length
X-Redis-Cache
X-FB-TRIP-ID
X-OVcl-Cache
X-OVcl
X-Nginx-Cache
X-APP-VERSION
X-Real-IP
X-Tb
Machine
Origin
X-Server-ID
Origin-Cache-Control
Accept-Language
X-Pubstack
Origin-Edge-Control
X-GEO
X-CSRF-TOKEN
X-NC
X-Mode
Access-Control-Request-Headers
L5d-Success-Class
X-Environment-Context
X-L-Path
X-B3-Spanid
X-App-Version
NtCoent-Length
X-Cluster-Name
X-Tt-Trace-Tag
X-No-Session
Odigeo-Trace-Id
Fastly-SSL
X-Magnolia-Registration
X-Generated-By
X-CACHE-KEY
X-Element-Page-Cache
X-Request-Time
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
Mime-Version
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
X-Load-Cache
X-SS-Set-Cookie
X-NGENIX-Cache
X-UUID
Akamai-GRN
We-Hiring
X-Endurance-Cache-Level
X-B3-Parentspanid
X-DC
Mail-Subject
X-ServerID
X-GoCache-CacheStatus
Nel
X-Rocket-Nginx-Bypass
X-HS-Combine-CSS
X-ECACHE
Request-Time
X-Origin-TTL
X-Parent-Response-Time
X-Origin-CC
X-XRDS-LOCATION
X-Soup
NGX
X-A-Dcw
Apple-News-Services-Parsed-Url
Content-Script-Type
Cdn-Request-Time
BehaviorPad-Version
AsisCache
X-A-Wwc
Arc-Country
Apple-News-Services-Handled
CF-IPCountry
X-A-Dgt
Apple-News-Services-Host
Cache-Prefix
A
Cdn-Host
Viewtype
X-Node-Id
Server-ID
Mobile-Detection-Method
T-Server
X-MServer
Rt-Proxy-Cache
X-Accel-Expires-Debug
Rendered-Blocks
Proxy-Connection
Node
Meta-Geo-Continent
VivaBuild
GEO-REGION-INFO
Fly-Request-Id
Fly-Cache
Cross-Origin-Window-Policy
MD5-Digest
X-A-Dam
X-A
X-A-Ccd
Memcached
Content-Style-Type
X-CF-Lambda-Fn
Apple-News-Services-Request-Url
X-Connection-Hash
X-G
X-External-Request-Id
X-Instart-Info
X-CF-Lambda-Version
X-Org
X-VG-WebServer
X-Is-Bot
X-Edge-Server
X-D
X-Detected-As
X-Developer
X-Twitter-Response-Tags
X-Aed
X-Trv-Group
X-Date
X-Destination
X-Transaction
X-Origin-Date
X-Vtex-Processado-Em
X-ScT
Xc-Version
X-B-Cookie
X-Server-Time
X-SRCache-Key
X-AIR-PT
X-Application
X-ARC
X-S-Maxage
X-S-Cookie
X-PAYTM-SRV-ID
X-Origin-Expires
X-Vtex-Remote-Cache
X-Worker
X-Region-Sid
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
X-DPWN-IS-SECURE
Uber-Trace-Id
Backend-Name
ServerName
X-Oneagent-Js-Injection
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
X-Request-Start
X-Release
X-Auto-Login
X-Cdn-Srv
X-Thanos
X-Cache-Bucket
X-Azure-Ref-OriginShield
X-Bip
X-WebServer
X-SIPLIST1
X-Azure-Ref
X-TrackingId
X-Fastly-Cache
X-VC-Cache
Request-Country
X-Core-Mission
X-Distil-CS
X-Up
IsBot
Gh-Request-Id
Section-Io-Cache
X-Distributor
X-Clientip
X-IN-APIGATEWAYSSL
X-Hl-Ver
X-IN-APIGATEWAY
Countrycode
Request-EU
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-B3-SpanId
X-Via-CDN
X-Routing-Service
X-Zipkin-Id
X-Uri
X-Proxied
User-Cache-Control
X-ElasticPress-Search
True-Client-Country-4JS
X-Debug-Cache-Fetch
X-Proxy-Cache-Status
X-Debug-Cache-Expiry
X-Sn-Servicetimems
X-CUA
X-Skip-Cache
V-Age
X-Proxy-Upstream
X-Debug-Cache-Store
X-Device-Os
X-Developers
RNT-Time
RNT-Machine
X-PHP-Host
X-Platform-Server
X-Debug-Log
W
X-SVT-ORM-VERSION
Server-Int
X-Debug-Cookies
X-SVT-ORM-RULES
X-Cms-Context
X-Rebelmouse-Surrogate-Control
X-App-Name
X-Cache-FS-Status
X-Cache-Id
X-Request-URI
Adler-Geo
X-BBXSRF
X-Backend-Url
X-Block-Status
X-Backend-Host
X-Amz-Meta-Cache-Control
X-Method
X-CGP
X-Clara-WADP
X-Owner
X-Compress-Hint
X-RateLimit-Remaining-Second
X-Cdn-Origin
X-Cache-Info
X-ABtesting
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
X-Unique-ID
X-Hnp-Log
X-Hello
X-NX-Host
X-Nginx-Cache-Key
Fastly-SWR
X-Hash
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Epic-Correlation-Id
HA-Ipaddr
Ha-Gx-Prefs
Fastly-Soc-X-Request-Id
Fastly-SIE
X-LI-Proto
X-LI-UUID
X-Location
CDCHOST
X-Li-Pop
X-Li-Fabric
X-Irp-Debug
Esi-Enabled
X-MSEdge-Flight
X-MSEdge-Features
Is-Eu
X-Old-Content-Length
X-GeoIP-City
X-VServer
N-Cache
PFcat
X-Variation
Platform
X-Flog
X-Generated-In
X-Gen-Mode
X-Eu-Site
L
X-We-Are-Hiring
Magicmarker
X-WADP-Cache
X-Matched-Rule
X-Reboot
X-Reqid
X-Fetched-On
X-Dispatcher-Server
X-C
X-Dispatch
X-GDPR
X-Generation-Time
X-Geo-Header
X-Qloud-Router
X-Generated-On
X-Internal-Host
X-Key
AKAMAI
X-Level-Front-Cache
X-Say-Cacheable
Thinkindot-CacheControl
SS
X-Swa-Ws
Thinkindot-CacheControl-Type
Thinkindot-Control
X-ServiceProvider
Web-Mar-Node
X-Guploader-Uploadid
Served-By
SD-X-WS
Kp-EeAlive
X-Policy
Content-Disposition
X-Webstats-RespID
Pagetype
X-Thinkindot-L3
X-Cdn-Forward
Pramga
Wxu-Next-Commit
X-User
X-SayCDN-TTL
X-SD-PageType
X-Response-By
X-Backend-State
Wxu-Next-Hostname
X-Server-IP
X-Say-TTL
X-Servername
Wxu-Next-Region
X-IPS-LoggedIn
X-Microcachable
Resin-Trace
Country-Code
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Server-Host
Heartbleed
X-MP-GENERATED-AT
X-FPC
X-Wa
Memory
X-Page-Type
UCS
X-Servedbyhost
X-Var-Ttl
X-Service
ProcessTime
REQUESTUUID
Cache-Provider
Powered-By-ChinaCache
X-Dc
X-NWS-UUID-VERIFY
X-Nc
X-Logtrace-Id
X-Has-Esi
X-Lb-Id
X-Is-Gdpr
Ajk
X-JWT-State
X-HTML-Minification-Powered-By
X-Geo
Proxy-Firewall
X-Ratelimit-Limit
X-VCL-Version
X-Cache-Backend
X-Datadome
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Tb-Optimization-Total-Bytes-Saved
X-Processor
X-Oss-Object-Type
X-Oss-Request-Id
X-RateLimit-Reset
X-Info
Srv
X-SERVER-NAME
X-Litespeed-Cache
X-Svr
X-Cache-URL
X-Pjax-Url
X-Grey
Powered-By
X-Cache-Category-Id
X-ZONE
X-Be
X-SRV
X-Varnish-Beresp-Ttl
X-Instart-Isnd
SN
X-COUNTRY
X-Ruxit-Js-Agent
GeoIP-City
X-TH-Server
PICS-Label
X-HS-Status
GeoIP-Country-Code
X-UA
GeoIP-Latitude
X-CDN-Forward
Fastly-Backend-Name
Dynatrace
X-Tec-Api-Version
X-Webkit-Csp
X-Tec-Api-Origin
CACHE
X-Tec-Api-Root
X-URL
X-Scheme
X-Cache-Ttl
X-SN
X-NodeID
X-Ftr-Request-Id
X-Varnish-Beresp-Grace
X-RCS-CacheZone
X-Varnish-Beresp-Status
X-Zone
Group
X-Dynatrace
X-Ttl
X-Source
X-GRACE
X-LAGOON
X-Pf-Uncompressing
GW-Server
X-LiteSpeed-Cache-Control
X-EC-Lua
X-Bc
X-Secret
X-Check-Cacheable
Cache-Host
X-Gannett-Site-Version
X-PF-Uncompressing
X-Varnish-Url
Cdn
X-Server-W
X-Newrelic-Synthetics
Ttl
X-Sucuri-Id
X-Varnish-Beresp-TTL
X-Dynatrace-Js-Agent
LB
CF-Cached-On
X-APP
WZWS-RAY
X-NODE
XServer
On-Server
X-Via-Ucdn
X-Ms-Request-Id
X-Ms-Version
X-Varnish-Cacheable
X-CDN-Cache
X-Ftr-Cache-Host
X-Tt-Trace-Host
X-GeoIP-Country-Code
X-Ratelimit-Remaining
User-Agent
X-FORWARDED-FOR
Pics-Label
Inserted-Into-Cache-At
Geoip-Latitude
X-Trafficlayer-App-Scope
X-Fastly-Country-Code
X-Edge
X-Trafficlayer-App-Name
X-Aicache-OS
Geoip-City
GeoIp-Country-Code
Environment
Lfy
X-Cache-Debug
X-BC
MIME-Version
X-Session-Fingerprint
X-Akamai-SSL-Client-Sid
X-Agile
M-TraceId
WWW
X-NU-AKA-ACS-Version
X-Agile-Age
X-PJAX-URL
X-Agile-Id
X-BE
X-Ftr-Realm
X-Ftr-Backend
X-Ftr-Dc
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Crawler
X-Mid
Ohc-Response-Time
X-Render-Time
Who
Requestid
Cf-Ipcountry
X-CSRF-Token
X-Vcl-Version
X-Logging-Id
X-Varnish-Ttl
X-7Graus-Varnish-XKeys
X-MCACHE
SID
X-UPSTREAM-Address
X-7Graus-Varnish-Cache-Control
X-LB-ID
Lb
Amp-Access-Control-Allow-Source-Origin
URI
X-Cache-Miss-From
X-FE
X-Sedo-Request-Id
X-Cache-Tag
X-Litespeed-Cache-Control
X-Micro-Cache
X-Fastly-Backend-Reqs
X-RPS
X-DW
X-RPM
X-Served-From
X-Via-SSL
X-DI
X-Via-Edge
X-WR-MODIFICATION
X-DSS
Xkeyrz
X-DB
X-Action
X-Proxy-Cacherz
X-RSL
HostName
RequestUuid
CDN
Host-ID
DataCenter
X-Cf-Powered-By
X-Correlation-ID
X-AK-Request-ID
X-Amzn-Remapped-Date
X-Page-Impression-Id
X-Nananana
Cdnsip
Cdncip
X-Vct
X-Core-Value
X-Flow-Id
X-Amzn-Remapped-Connection
X-Zalando-Child-Request-Id
X-ServedByHost
X-Fpc
X-Fastly-Cache-Hits
X-WA
Xkeypdq
X-NGINX-Cache
X-Newrelic-App-Data
X-Swift-Error
X-TIME
X-MID
X-Ecache
X-VC
X-SB
X-Protected-By
X-Vdms-Version
X-TT-LOGID
X-Rocket-Build-Number
Cneonction
X-Cdn-Request-ID
Correlation-Id
FNAC-ModuleRouting
Get-Access-Time
Is-Session-Tracking
Warning
X-Sigma-Backend
X-Sucuri-Cache
X-Sigma
X-Sucuri-ID
X-Shopify-Generated-Cart-Token
Xet-Cookie
RequestId
V-Cache
X-Request-URL
X-Fe
X-Apw-Hits
X-Apw-Access-Token
Processtime
X-ECache
HitType
X-Unique-Id
X-ServerName
X-Apw-Access-Object
X-Apw-Access-Action
X-Bug-Bounty
X-Request-Url
X-Refresh
X-Gdpr
X-Dw-Trace-Id
X-Via-NSCOPI
X-MiniProfiler-Ids
X-Serial
X-ND-Cache