Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-Content-Security-Policy
Content-Encoding
X-AspNetMvc-Version
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Envoy-Upstream-Service-Time
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-CDN
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-UA-Device
X-AH-Environment
Request-Context
X-Nginx-Cache-Status
Grace
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
X-Backend-Server
Content-Location
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
X-Origin-Upstream-Status
X-Rack-Cache
Allow
X-Ruxit-JS-Agent
X-HW
X-DataDome
X-ORACLE-DMS-RID
X-Country
Rating
X-Country-Code
X-FTR-Request-ID
X-TTL
X-Url
X-Clacks-Overhead
X-DynaTrace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Fusion-Template-Id
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-Ah-Environment
X-CST
Verso
RTSS
X-Px
X-Aspnetmvc-Version
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-Recruiting
X-VARITI-CCR
X-Mod-Pagespeed
Pinterest-Generated-By
Service-Worker-Allowed
X-Kinja
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Build
X-D2id
X-Use-Magma
X-Exp-Variant
X-Kinja-Revision
X-Exp-Id
X-GoogleNews-Bot
Response
X-Middleton-Response
X-Sol
X-Middleton-Display
Display
X-Vcap-Request-Id
X-Version
SPRequestGuid
Accept-CH
X-SharePointHealthScore
X-B3-TraceId
X-Akam-SW-Version
MS-Author-Via
TCN
X-RateLimit-Remaining
X-GitHub-Request-Id
X-Navigation-Version
X-Abt-Application-Version
Accept-Ch-Lifetime
X-TEC-API-ROOT
X-Powered-CMS
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Upstream
X-Shard
X-Forwarded-Proto
AR-PoweredBy
AR-CACHE
SPRequestDuration
SPIisLatency
Ar-Sid
X-Amz-Server-Side-Encryption
AR-ATIME
Charset
X-XRDS-Location
Fastly-Restarts
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Rid
Nginx-Cache
Realpath
X-Trace
X-Debug
X-Server-Name
Front-End-Https
AR-Request-ID
X-Shield-Request-Id
X-Cached
X-Ezoic-Cdn
X-Goog-Metageneration
X-Goog-Generation
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Goog-Stored-Content-Encoding
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Goog-Stored-Content-Length
X-ESI
X-MSEdge-Ref
X-NF-Request-ID
Access-Control-Request-Method
Paypal-Debug-Id
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
X-SERVER
Arr-Disable-Session-Affinity
ServerID
Content-MD5
DynaTrace
X-Id
Pagespeed
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-Goog-Storage-Class
MicrosoftSharePointTeamServices
S
X-DynaTrace-JS-Agent
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-Vcache
X-Client-IP
X-Via-JSL
X-Content-Type
X-Varnish-Age
X-VCache
X-Dw-Request-Base-Id
X-Hits
X-Amzn-Trace-Id
X-RateLimit-Limit
X-N
X-FastCGI-Cache
X-Correlation-Id
X-Grace
Fastcgi-Cache
X-Frontend
X-FTR-Cache-Host
X-Content-Digest
Powered
PB-RID
X-Mobile-Rewrite
PB-PID
Arc-Version
X-Esi
X-Accel-Expires
X-Forwarded-For
X-DIS-Request-ID
X-Ser
Server-Name
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-B3-Traceid
X-GUploader-UploadID
Accept-Ch
X-HS-Content-Id
X-HS-Hub-Id
TP-L2-Cache
TP-Cache
X-Zen-Fury
X-Request-Handler-Origin-Region
X-Microsite
X-Cache-Age
X-Kinsta-Cache
X-Request-Received
X-Request-Processing-Time
X-Type
X-LB-Cache
FilterID
X-Rid
X-User-Agent
Edge-Cache-Tag
X-AppVersion
X-Revision
Backend-Timing
X-Analytics
X-Activity-Id
X-IPLB-Instance
X-Az
X-Fastcgi-Cache
Healthy
X-Node-Name
X-F-Cache
X-Whom
X-Srv
Retry-After
X-Time
X-NWS-LOG-UUID
X-Cache-2
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Pinterest-Rid
Pinterest-Version
Accept-Charset
X-Cache-Hit
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Acc-Meta-Resource-Type
Alternate-Protocol
X-Cache-Rule
Server-Node
X-AOL-HN
Cache-Status
X-Content-Options
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Surrogate-Key
Access-Control-Allow-Method
Refresh
DC
X-Akamai-Edgescape
X-Cluster
X-Content-Powered-By
X-Jobs
X-Content-Security-Policy-Report-Only
X-Forwarded-Host
X-FW-Hash
X-Page-Id
X-FW-Type
X-Tumblr-Pixel-0
X-FW-Serve
X-Tumblr-User
X-Debug-Info
X-FB-Debug
X-FW-Server
X-Instance
X-FW-Static
X-Tumblr-Pixel
X-Framework
X-Varnish-Grace
X-PHP-Backend
Source
X-Request-Guid
X-Hp-Webp
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-App-Environment
X-B
MS-CV
X-App-Server
Fastcgi-Useragent
Frame-Options
X-Hostname
Host
X-Cache-Key
Cleartype
Cache-Tag
X-Signature
Tracecode
X-B-Cache
Actual-Object-TTL
X-Cache-Operation
X-Mobile-URL
X-BCube-Filmed-By
X-Cached-By
X-Geo-Country
X-TA-CDN-Provider
X-Varnish-Backend
X-Cache-Control
X-TT
X-Amz-Replication-Status
X-Seen-By
X-PressLabs-Stats
X-Ratelimit-Reset
Liferay-Portal
X-Pad
X-DataStream-Cache-Status
X-Host-Name
Xserver
X-Mobile
NGB
X-Response-Served-From
X-Adobe-Content
X-Git-Hash
X-Adobe-Loc
Accept-CH-Lifetime
X-ATG-Version
Upgrade-Insecure-Requests
Payment
X-WebKit-CSP-Report-Only
Webserver
Eomportal-Instance
X-TT-TIMESTAMP
X-WA-Info
X-Status
WPE-Backend
Filters
X-FW-Dynamic
X-ProcessESI
X-RemovedCookies
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Tumblr-Pixel-2
X-RTag
Ms-Operation-Id
X-Drupal-Cache-Tags
X-TX-ID
X-Handled-By
X-GeoIP
From-Origin
X-Cacheable-TTL
X-UA-Device-Type
X-RequestSource
X-Cache-TTL
X-Cache-TTL-Remaining
GEO-INFO
Datacenter
X-Content-Age
X-Cache-Remote
X-Daa-Tunnel
X-Edge-Location
Viewport
X-Cache-Action
X-Storage
X-Origin-Server
X-Webkit-CSP
X-Upstream-Proxy
PageSpeed
Cache
X-Varnish-Hostname
X-Accel-Buffering
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
X-Ua
X-Contextid
X-Region
X-CF-Powered-By
Host-Header
NR-ENABLED
X-Wix-Request-Id
X-Yottaa-Metrics
SRV
X-Yottaa-Optimizations
X-Oracle-Dms-Rid
X-Varnish-Server
Meta-Geo
Load-Balancing
X-ES-SERVER
X-Cache-Var
X-Path-Route
X-Akamai-Transformed
X-Cache-Var-Map
X-RN-RSRV
X-JoinUs
X-Timing-Wait
X-Akamai-Request-ID2
X-Proxy-Build
X-From
S-Cnection
X-IP
Selected-Fe
X-Backend-Name
X-Cache-Config
Vix-Hermes-Req-Id
Now
Cache-Tags
X-CS
X-Goog-Meta-Goog-Reserved-File-Mtime
X-TNCMS
X-Proxy
X-Proto
X-Loop
Cache-Name
X-Generated
X-Akamai-Request-ID
X-Access
X-ApacheServer
X-Cache-Enabled
X-Cluster-Node
Rt-Fastcgi-Cache
Ec-Rule-Version
DB-Nickname
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-FC-Vary-Parameters
X-Hit
X-Tumblr-Pixel-3
X-Time-Microsecs
X-Upgrade-Enabled
X-Via-Fastly
X-Viewer-Country
X-Section
X-Rule
X-NCache
X-Origin
X-Origin-Response-Time
X-PERF
Cache-Hits
X-Labrador-Cache-Channel
Azure-Version
Azure-SlotName
X-FW-Version
Cache-Key
TWC-Locale-Group
Azure-SiteName
Azure-RegionName
S-Rt
X-Format
TWC-Privacy
Azure-InstanceId
Country
X-Web-Node
Mn-Server-Ip
X-Hosted-By
Property-Id
X-Origin-Hint
X-PCL
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
TWC-GeoIP-Country
TWC-Device-Class
Webcakes-App-Version
Webcakes-App-Name
X-FireWall-Port
X-UnsetCookies
X-Trace-Id
X-Xfnlog-Site
X-Backend-TTL
X-Cache-Host
X-CCM
X-Cache-Grace
X-Upstream-CT
X-Varnish-Cache-Hits
X-Upstream-HT
X-EIG-Tracking-Id
Webcakes-Region
X-OCL
X-Locale
X-Www-Served-By
X-Device-Type
X-Drupal-Cache-Contexts
X-Debug-Cache
Ohc-File-Size
X-Human
X-Cache-Time
X-Site-Version
X-Varnish-Hits
X-S
X-Cache-NE
X-Cache-Server
Server-Info
DSUID
Release
X-Rendered-As
OT-Force-Account-Verify
X-NewRelic-App-Data
Time
Hostname
X-Vgn-Hpd-Reason
ServedBy
X-VG-TLSProxy
X-HS-Cache-Config
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Presslabs-Stats
X-ShardId
X-Alternate-Cache-Key
X-VG-WebCache
X-DataStream-Origin-MEX-Latency
Ohc-Cache-HIT
Fastcgi-X-Cache-Version
X-DataStream-MidMile-RTT
X-VCT
X-FB-TRIP-ID
X-Real-IP
Cteonnt-Length
X-OVcl-Cache
X-OVcl
X-Redis-Cache
X-APP-VERSION
Accept-Language
X-Nginx-Cache
X-Tb
Machine
X-Pubstack
Origin-Edge-Control
Origin
Origin-Cache-Control
X-Server-ID
X-NC
X-CSRF-TOKEN
L5d-Success-Class
X-GEO
Access-Control-Request-Headers
X-Mode
X-No-Session
X-B3-Spanid
X-L-Path
X-Environment-Context
X-Cluster-Name
NtCoent-Length
X-App-Version
X-Tt-Trace-Tag
Fastly-SSL
X-Generated-By
X-Load-Cache
X-Magnolia-Registration
Odigeo-Trace-Id
X-Request-Time
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-Element-Page-Cache
X-NGENIX-Cache
X-UUID
X-Amzn-Remapped-Content-Length
IBM-Web2-Location
X-SS-Set-Cookie
Mime-Version
X-Endurance-Cache-Level
We-Hiring
X-Rocket-Nginx-Bypass
X-GoCache-CacheStatus
X-ServerID
X-DC
Akamai-GRN
X-B3-Parentspanid
Mail-Subject
Nel
Request-Time
X-ECACHE
X-HS-Combine-CSS
X-CACHE-KEY
X-Parent-Response-Time
X-Soup
X-XRDS-LOCATION
X-Origin-TTL
X-Origin-CC
CF-IPCountry
Rendered-Blocks
X-A
X-Node-Id
X-MServer
VivaBuild
Proxy-Connection
Viewtype
X-A-Ccd
Mobile-Detection-Method
T-Server
X-B-Cookie
X-ARC
Node
X-AIR-PT
X-Aed
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
X-Application
Rt-Proxy-Cache
X-Urbn-Site-Id
X-A-Dam
X-A-Dcw
Server-ID
Cdn-Host
X-G
AsisCache
BehaviorPad-Version
Content-Style-Type
X-Instart-Info
Content-Script-Type
Arc-Country
X-Vtex-Processado-Em
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-SRCache-Key
X-Vtex-Remote-Cache
X-Is-Bot
X-Org
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-S-Maxage
X-ScT
X-Request-UUID
Cdn-Request-Time
X-Origin-Expires
X-Origin-Date
X-PAYTM-SRV-ID
X-Region-Sid
Cache-Prefix
X-External-Request-Id
Locale
X-D
X-VG-WebServer
X-Date
X-Destination
X-Twitter-Response-Tags
Xc-Version
MD5-Digest
X-Server-Time
Meta-Geo-Continent
X-CF-Lambda-Fn
X-CF-Lambda-Version
Memcached
X-Connection-Hash
X-Detected-As
X-Developer
Cross-Origin-Window-Policy
Fly-Cache
X-DPWN-IS-SECURE
Apple-News-Services-Handled
X-Edge-Server
A
X-Transaction
GEO-REGION-INFO
NGX
X-Trv-Group
Fly-Request-Id
X-Worker
X-Urbn-Context-Path
X-Oneagent-Js-Injection
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
Backend-Name
ServerName
Uber-Trace-Id
X-WebServer
Fastly-Soc-X-Request-Id
X-Distributor
X-Thanos
X-TrackingId
X-SVT-ORM-RULES
X-IN-APIGATEWAYSSL
X-Release
X-Request-Start
X-IN-APIGATEWAY
Countrycode
X-SIPLIST1
X-Fastly-Cache
X-Hl-Ver
X-SVT-ORM-VERSION
Gh-Request-Id
X-Azure-Ref-OriginShield
X-Bip
X-Cache-Bucket
Request-Country
X-Azure-Ref
Section-Io-Cache
X-Auto-Login
N-Cache
X-Cdn-Srv
X-Core-Mission
IsBot
X-Developers
X-Cms-Context
X-Clientip
X-VC-Cache
X-Up
X-Distil-CS
Request-EU
X-B3-SpanId
X-Via-CDN
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-ElasticPress-Search
User-Cache-Control
X-Uri
X-ServiceProvider
W
X-Sn-Servicetimems
X-Debug-Cache-Fetch
X-PHP-Host
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-CUA
X-Skip-Cache
X-Debug-Log
X-Device-Os
Server-Int
X-Thinkindot-L3
X-Unique-ID
X-Owner
Thinkindot-CacheControl
X-Debug-Cookies
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
V-Age
X-Clara-WADP
X-Cache-Id
X-Backend-Url
X-Backend-Host
X-Rebelmouse-Surrogate-Control
X-Reboot
X-BBXSRF
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Cache-FS-Status
X-C
X-Block-Status
X-Cache-Info
X-Request-URI
X-ABtesting
X-CGP
X-Epic-Correlation-Id
X-Platform-Server
X-Proxy-Cache-Status
X-Level-Front-Cache
X-App-Name
X-Cdn-Origin
X-Proxy-Upstream
X-Amz-Meta-Cache-Control
X-Compress-Hint
X-Eu-Site
X-Matched-Rule
X-Method
X-Hash
X-Hello
X-Hnp-Log
X-GeoIP-City
Ha-Gx-Prefs
X-Wikidot-Static-Cache
Is-Eu
X-Geo-Header
HA-Ipaddr
X-Location
Adler-Geo
X-Li-Pop
X-LI-Proto
Content-Disposition
X-Li-Fabric
CDCHOST
X-Irp-Debug
AKAMAI
Fastly-SWR
X-LI-UUID
Fastly-SIE
Esi-Enabled
X-RateLimit-Limit-Second
X-Generation-Time
X-Fetched-On
X-Flog
X-MSEdge-Flight
Platform
X-Nginx-Cache-Key
X-Variation
RNT-Time
RNT-Machine
X-Old-Content-Length
X-NX-Host
L
X-VServer
X-Generated-In
X-Generated-On
Magicmarker
X-Wikidot-Backend
X-We-Are-Hiring
X-WADP-Cache
X-MSEdge-Features
PFcat
X-Gen-Mode
X-GDPR
X-Microcachable
X-Qloud-Router
X-Dispatcher-Server
X-Dispatch
X-Internal-Host
X-Key
X-Say-Cacheable
SS
Server-Host
Served-By
X-Swa-Ws
X-Cdn-Forward
Wxu-Next-Commit
Web-Mar-Node
X-Policy
Heartbleed
Pramga
Pagetype
X-Webstats-RespID
Kp-EeAlive
SD-X-WS
X-User
Wxu-Next-Hostname
X-Guploader-Uploadid
X-SD-PageType
X-Response-By
X-SayCDN-TTL
X-Say-TTL
X-Server-IP
X-Reqid
X-Servername
Wxu-Next-Region
X-Backend-State
X-IPS-LoggedIn
Country-Code
Resin-Trace
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-MP-GENERATED-AT
X-Wa
X-FPC
Memory
X-Page-Type
X-Service
X-Var-Ttl
X-Servedbyhost
UCS
X-JWT-State
X-Has-Esi
Cache-Provider
Powered-By-ChinaCache
X-Is-Gdpr
ProcessTime
REQUESTUUID
X-Dc
Ajk
X-Lb-Id
X-NWS-UUID-VERIFY
X-Logtrace-Id
X-Nc
X-Geo
X-HTML-Minification-Powered-By
Proxy-Firewall
X-Ratelimit-Limit
X-Cache-Backend
X-VCL-Version
X-Datadome
X-Tb-Optimization-Total-Bytes-Saved
X-RateLimit-Reset
X-Oss-Object-Type
X-Processor
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Info
Srv
X-SERVER-NAME
X-Litespeed-Cache
X-Cache-Category-Id
X-Svr
Powered-By
X-ZONE
SN
X-Grey
X-Cache-URL
X-Pjax-Url
X-Be
X-Varnish-Beresp-Ttl
X-SRV
X-Instart-Isnd
PICS-Label
X-Ruxit-Js-Agent
X-COUNTRY
X-Scheme
X-UA
Dynatrace
X-SN
GeoIP-Country-Code
X-TH-Server
Fastly-Backend-Name
X-CDN-Forward
GeoIP-Latitude
X-HS-Status
GeoIP-City
X-Tec-Api-Root
X-URL
X-Tec-Api-Origin
X-Tec-Api-Version
CACHE
X-Webkit-Csp
X-Cache-Ttl
X-NodeID
X-Ftr-Request-Id
X-Zone
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Group
X-Dynatrace
X-Ttl
X-RCS-CacheZone
X-GRACE
X-Source
X-LAGOON
GW-Server
X-LiteSpeed-Cache-Control
X-Pf-Uncompressing
X-EC-Lua
X-Server-W
X-Gannett-Site-Version
Ttl
X-Secret
X-Varnish-Url
X-PF-Uncompressing
Cache-Host
X-Bc
X-Check-Cacheable
X-Newrelic-Synthetics
Cdn
X-Varnish-Beresp-TTL
X-Sucuri-Id
LB
CF-Cached-On
X-APP
X-Dynatrace-Js-Agent
WZWS-RAY
X-NODE
X-Ms-Request-Id
X-Ms-Version
On-Server
X-Ftr-Cache-Host
X-CDN-Cache
XServer
X-Via-Ucdn
X-Varnish-Cacheable
X-FORWARDED-FOR
X-Tt-Trace-Host
User-Agent
X-Ratelimit-Remaining
X-GeoIP-Country-Code
Geoip-Latitude
Inserted-Into-Cache-At
X-Cache-Debug
Pics-Label
X-Session-Fingerprint
X-Trafficlayer-App-Name
X-Aicache-OS
X-BC
MIME-Version
Geoip-City
Lfy
X-Edge
Environment
GeoIp-Country-Code
X-Trafficlayer-App-Scope
X-Fastly-Country-Code
X-BE
WWW
M-TraceId
X-NU-AKA-ACS-Version
X-PJAX-URL
X-Agile-Age
X-Agile
X-Agile-Id
X-Akamai-SSL-Client-Sid
X-Ftr-Balancer
X-Ftr-Realm
X-Ftr-Dc
X-Ftr-Backend-Server
X-Ftr-Backend
X-Render-Time
Ohc-Response-Time
X-Crawler
Requestid
X-Mid
Who
Cf-Ipcountry
X-LB-ID
X-7Graus-Varnish-Cache-Control
X-Logging-Id
X-Varnish-Ttl
X-7Graus-Varnish-XKeys
SID
X-MCACHE
X-CSRF-Token
X-Vcl-Version
X-UPSTREAM-Address
Lb
Amp-Access-Control-Allow-Source-Origin
X-Litespeed-Cache-Control
X-FE
URI
X-Cache-Tag
X-Fastly-Backend-Reqs
X-Cache-Miss-From
X-Sedo-Request-Id
X-Micro-Cache
X-WR-MODIFICATION
X-RSL
X-DI
X-Served-From
X-Via-SSL
X-DSS
X-Action
X-DB
RequestUuid
X-DW
X-RPM
X-RPS
X-Via-Edge
X-Proxy-Cacherz
Xkeyrz
HostName
X-Core-Value
CDN
Host-ID
X-Correlation-ID
DataCenter
X-Cf-Powered-By
X-Zalando-Child-Request-Id
X-Vct
X-Amzn-Remapped-Date
X-Flow-Id
X-Fastly-Cache-Hits
X-Amzn-Remapped-Connection
X-WA
X-AK-Request-ID
X-ServedByHost
X-Fpc
Cdnsip
X-Nananana
Cdncip
X-Page-Impression-Id
Xkeypdq
X-Swift-Error
X-Newrelic-App-Data
X-NGINX-Cache
X-VC
Get-Access-Time
Warning
FNAC-ModuleRouting
X-Cdn-Request-ID
X-MID
X-SB
Cneonction
X-TIME
X-Ecache
X-Sucuri-Cache
X-Rocket-Build-Number
X-Sigma-Backend
X-Vdms-Version
X-TT-LOGID
Is-Session-Tracking
X-Sigma
X-Protected-By
Correlation-Id
X-Sucuri-ID
Xet-Cookie
RequestId
X-Shopify-Generated-Cart-Token
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Fe
X-Via-NSCOPI
X-Serial
X-ND-Cache
X-Refresh
X-Request-Url
X-Request-URL
Processtime
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-Gdpr
X-ServerName
X-Bug-Bounty
X-ECache
X-Unique-Id
HitType
V-Cache