Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Envoy-Upstream-Service-Time
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-CDN
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
X-Backend-Server
Content-Location
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
Surrogate-Control
X-Origin-Upstream-Status
X-Rack-Cache
Allow
X-Ruxit-JS-Agent
X-HW
X-DataDome
X-ORACLE-DMS-RID
X-Country
Rating
X-Country-Code
X-FTR-Request-ID
X-TTL
X-Url
X-Clacks-Overhead
X-DynaTrace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Fusion-Template-Id
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-Vname
X-TtlSet
X-CST
Verso
RTSS
X-Px
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-Recruiting
X-VARITI-CCR
X-Mod-Pagespeed
Pinterest-Generated-By
Service-Worker-Allowed
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-D2id
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Kinja-Build
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
Display
X-Ah-Environment
X-Vcap-Request-Id
X-Version
SPRequestGuid
Accept-CH
X-SharePointHealthScore
X-Akam-SW-Version
X-B3-TraceId
MS-Author-Via
X-GitHub-Request-Id
X-RateLimit-Remaining
TCN
X-Navigation-Version
X-Abt-Application-Version
Accept-Ch-Lifetime
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Powered-CMS
X-Upstream
X-Shard
X-Forwarded-Proto
AR-ATIME
SPIisLatency
AR-CACHE
SPRequestDuration
X-Amz-Server-Side-Encryption
Ar-Sid
AR-PoweredBy
X-XRDS-Location
Charset
Fastly-Restarts
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Rid
Nginx-Cache
Realpath
X-Trace
X-Debug
X-ESI
X-Aspnetmvc-Version
X-Server-Name
Front-End-Https
AR-Request-ID
X-Cached
X-Shield-Request-Id
X-Ezoic-Cdn
X-Goog-Generation
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Goog-Metageneration
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-MSEdge-Ref
Access-Control-Request-Method
X-NF-Request-ID
Paypal-Debug-Id
X-FTR-Expires
X-Country-Code-Real
X-FTR-Cache-Status
Arr-Disable-Session-Affinity
Pagespeed
X-Vcache
Content-MD5
ServerID
DynaTrace
X-Id
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-Goog-Storage-Class
MicrosoftSharePointTeamServices
S
X-T
X-DynaTrace-JS-Agent
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-Via-JSL
X-Client-IP
X-Content-Type
X-Varnish-Age
X-Dw-Request-Base-Id
X-Hits
X-Amzn-Trace-Id
X-RateLimit-Limit
X-N
X-Correlation-Id
X-Grace
X-VCache
X-Frontend
Fastcgi-Cache
X-FTR-Cache-Host
X-SERVER
X-Content-Digest
Powered
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Accel-Expires
X-Forwarded-For
X-Ser
X-DIS-Request-ID
Server-Name
X-Logged-In
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-B3-Traceid
X-Esi
X-GUploader-UploadID
X-Fastcgi-Cache
Accept-Ch
X-HS-Hub-Id
X-HS-Content-Id
TP-L2-Cache
TP-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Zen-Fury
X-Kinsta-Cache
X-Cache-Age
X-Request-Processing-Time
X-Request-Received
FilterID
X-Type
X-LB-Cache
X-User-Agent
Edge-Cache-Tag
X-Rid
X-Az
X-AppVersion
X-Activity-Id
Backend-Timing
X-Analytics
X-Revision
X-IPLB-Instance
Healthy
X-Node-Name
X-Whom
X-F-Cache
Retry-After
X-Srv
X-Time
X-NWS-LOG-UUID
X-Cache-2
Accept-Charset
Pinterest-Version
X-Kong-Proxy-Latency
X-Pinterest-Rid
X-Kong-Upstream-Latency
X-Amzn-RequestId
X-Cache-Hit
X-Amz-Apigw-Id
X-Acc-Meta-Resource-Type
Alternate-Protocol
X-Cache-Rule
Server-Node
X-AOL-HN
Cache-Status
X-Content-Options
VIX-Pulpo-Upstream-Status
Surrogate-Key
VIX-Pulpo-Node
Access-Control-Allow-Method
DC
Refresh
X-Akamai-Edgescape
X-Content-Powered-By
X-Content-Security-Policy-Report-Only
X-Jobs
X-Cluster
X-Forwarded-Host
X-Page-Id
X-Tumblr-User
X-FW-Type
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-FB-Debug
X-FW-Serve
X-FW-Hash
X-Instance
X-FW-Server
X-Debug-Info
X-FW-Static
X-Framework
X-PHP-Backend
Source
X-Varnish-Grace
X-Hp-Webp
X-B
X-App-Environment
X-Request-Guid
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
MS-CV
X-App-Server
Fastcgi-Useragent
X-Hostname
Frame-Options
Host
Cleartype
Cache-Tag
X-B-Cache
X-Signature
Tracecode
X-Cache-Operation
Actual-Object-TTL
X-Mobile-URL
X-BCube-Filmed-By
X-Geo-Country
X-Cached-By
X-Cache-Key
X-TA-CDN-Provider
X-Varnish-Backend
X-Cache-Control
X-TT
X-Amz-Replication-Status
X-PressLabs-Stats
X-Ratelimit-Reset
X-Seen-By
Liferay-Portal
X-Pad
Xserver
X-Host-Name
X-DataStream-Cache-Status
X-Mobile
X-Response-Served-From
NGB
X-Adobe-Content
Upgrade-Insecure-Requests
X-Git-Hash
Accept-CH-Lifetime
X-ATG-Version
X-Adobe-Loc
Payment
X-TT-TIMESTAMP
X-WA-Info
Webserver
Eomportal-Instance
X-WebKit-CSP-Report-Only
X-Status
X-RemovedCookies
WPE-Backend
X-FW-Dynamic
Filters
Cache-Tv-Group
X-Tumblr-Pixel-1
X-ProcessESI
X-Tumblr-Pixel-2
Ms-Operation-Id
X-Handled-By
X-GeoIP
X-TX-ID
X-RTag
X-Cacheable-TTL
From-Origin
X-Drupal-Cache-Tags
X-UA-Device-Type
X-RequestSource
X-Cache-TTL
X-Cache-TTL-Remaining
GEO-INFO
Datacenter
X-Content-Age
X-Cache-Remote
X-Edge-Location
X-Daa-Tunnel
X-Cache-Action
Viewport
X-Storage
X-Origin-Server
X-Webkit-CSP
X-Varnish-Hostname
Cache
X-Upstream-Proxy
X-Accel-Buffering
X-EdgeConnect-Cache-Status
X-Hyper-Cache
Version
X-Ua
X-Contextid
X-Region
X-CF-Powered-By
Host-Header
NR-ENABLED
X-Wix-Request-Id
X-Yottaa-Optimizations
SRV
X-Yottaa-Metrics
PageSpeed
X-Oracle-Dms-Rid
X-Varnish-Server
X-Akamai-Transformed
X-ES-SERVER
Meta-Geo
Load-Balancing
X-Cache-Var
X-Cache-Var-Map
X-Path-Route
X-RN-RSRV
X-JoinUs
X-Timing-Wait
X-Akamai-Request-ID2
X-Proxy-Build
X-From
S-Cnection
X-IP
Selected-Fe
X-Backend-Name
X-Cache-Config
Vix-Hermes-Req-Id
Now
Cache-Tags
X-CS
X-Goog-Meta-Goog-Reserved-File-Mtime
X-TNCMS
X-Proxy
X-Proto
X-Loop
Cache-Name
X-Generated
X-Akamai-Request-ID
X-Access
X-ApacheServer
X-Cache-Enabled
X-Cluster-Node
Rt-Fastcgi-Cache
Ec-Rule-Version
DB-Nickname
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-FC-Vary-Parameters
X-Hit
X-Tumblr-Pixel-3
X-Time-Microsecs
X-Upgrade-Enabled
X-Via-Fastly
X-Viewer-Country
X-Section
X-Rule
X-NCache
X-Origin
X-Origin-Response-Time
X-PERF
Cache-Hits
X-Labrador-Cache-Channel
Azure-SlotName
Azure-SiteName
Azure-Version
X-FW-Version
Cache-Key
Azure-RegionName
Azure-InstanceId
Webcakes-App-Version
S-Rt
X-Format
TWC-Privacy
TWC-Locale-Group
Country
X-PCL
Mn-Server-Ip
Property-Id
X-Origin-Hint
TWC-Connection-Speed
TWC-Device-Class
X-Web-Node
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
TWC-GeoIP-Country
Webcakes-Region
Webcakes-App-Name
X-EIG-Tracking-Id
X-Cache-Grace
X-Backend-TTL
X-FireWall-Port
X-CCM
X-Upstream-CT
X-Hosted-By
X-Xfnlog-Site
X-Upstream-HT
X-UnsetCookies
X-Cache-Host
X-OCL
X-Varnish-Cache-Hits
X-Trace-Id
X-Site-Version
X-Locale
X-Debug-Cache
X-Drupal-Cache-Contexts
X-Device-Type
X-Www-Served-By
X-Human
X-Cache-Time
X-S
Ohc-File-Size
X-Varnish-Hits
X-Cache-NE
DSUID
Server-Info
X-Cache-Server
Release
X-NewRelic-App-Data
X-Rendered-As
OT-Force-Account-Verify
Time
X-Vgn-Hpd-Reason
Hostname
ServedBy
X-VG-TLSProxy
X-Shopify-Stage
X-HS-Cache-Config
X-Sorting-Hat-PodId
X-Presslabs-Stats
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-VG-WebCache
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Ohc-Cache-HIT
Fastcgi-X-Cache-Version
X-VCT
X-OVcl-Cache
X-Real-IP
X-FB-TRIP-ID
Cteonnt-Length
X-OVcl
X-Redis-Cache
X-APP-VERSION
X-Nginx-Cache
Accept-Language
X-Tb
Machine
Origin
X-Pubstack
Origin-Edge-Control
Origin-Cache-Control
X-Server-ID
L5d-Success-Class
X-GEO
X-NC
X-CSRF-TOKEN
X-Mode
Access-Control-Request-Headers
X-B3-Spanid
X-L-Path
X-No-Session
X-Environment-Context
X-Cluster-Name
NtCoent-Length
X-App-Version
Fastly-SSL
X-Tt-Trace-Tag
X-Magnolia-Registration
X-Generated-By
X-Load-Cache
Odigeo-Trace-Id
X-CACHE-KEY
X-Request-Time
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-Element-Page-Cache
X-UUID
Mime-Version
X-NGENIX-Cache
IBM-Web2-Location
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
X-SS-Set-Cookie
Mail-Subject
X-DC
X-GoCache-CacheStatus
Akamai-GRN
X-Rocket-Nginx-Bypass
X-ServerID
We-Hiring
X-B3-Parentspanid
Nel
X-HS-Combine-CSS
X-ECACHE
Request-Time
X-Origin-TTL
X-Parent-Response-Time
X-XRDS-LOCATION
X-Soup
X-Origin-CC
Mobile-Detection-Method
Rendered-Blocks
VivaBuild
CF-IPCountry
X-ARC
Proxy-Connection
X-B-Cookie
X-Node-Id
X-MServer
T-Server
Viewtype
X-A
X-Urbn-Site-Id
Rt-Proxy-Cache
X-A-Dam
X-A-Dcw
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-Aed
Node
Server-ID
X-Application
X-AIR-PT
X-A-Ccd
Cdn-Host
X-G
AsisCache
BehaviorPad-Version
Content-Style-Type
X-Instart-Info
Content-Script-Type
Arc-Country
X-Vtex-Processado-Em
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-SRCache-Key
X-Vtex-Remote-Cache
X-Is-Bot
X-Org
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-S-Maxage
X-ScT
X-Request-UUID
Cdn-Request-Time
X-Origin-Expires
X-Origin-Date
X-PAYTM-SRV-ID
X-Region-Sid
Cache-Prefix
X-External-Request-Id
Locale
X-D
X-VG-WebServer
X-Date
X-Destination
X-Twitter-Response-Tags
Xc-Version
MD5-Digest
X-Server-Time
Meta-Geo-Continent
X-CF-Lambda-Fn
X-CF-Lambda-Version
Memcached
X-Connection-Hash
X-Detected-As
X-Developer
Cross-Origin-Window-Policy
Fly-Cache
X-DPWN-IS-SECURE
Apple-News-Services-Handled
X-Edge-Server
A
X-Transaction
GEO-REGION-INFO
NGX
X-Trv-Group
Fly-Request-Id
X-Worker
X-Urbn-Context-Path
X-Oneagent-Js-Injection
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
Backend-Name
ServerName
Uber-Trace-Id
X-WebServer
Fastly-Soc-X-Request-Id
X-Distributor
X-Thanos
X-TrackingId
X-SVT-ORM-RULES
X-IN-APIGATEWAYSSL
X-Release
X-Request-Start
X-IN-APIGATEWAY
Countrycode
X-SIPLIST1
X-Fastly-Cache
X-Hl-Ver
X-SVT-ORM-VERSION
Gh-Request-Id
X-Azure-Ref-OriginShield
X-Bip
X-Cache-Bucket
Request-Country
X-Azure-Ref
Section-Io-Cache
X-Auto-Login
N-Cache
X-Cdn-Srv
X-Core-Mission
IsBot
X-Developers
X-Cms-Context
X-Clientip
X-VC-Cache
X-Up
X-Distil-CS
Request-EU
X-B3-SpanId
X-Via-CDN
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-ElasticPress-Search
User-Cache-Control
X-Uri
X-ServiceProvider
W
X-Sn-Servicetimems
X-Debug-Cache-Fetch
X-PHP-Host
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-CUA
X-Skip-Cache
X-Debug-Log
X-Device-Os
Server-Int
X-Thinkindot-L3
X-Unique-ID
X-Owner
Thinkindot-CacheControl
X-Debug-Cookies
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
V-Age
X-Clara-WADP
X-Cache-Id
X-Backend-Url
X-Backend-Host
X-Rebelmouse-Surrogate-Control
X-Reboot
X-BBXSRF
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Cache-FS-Status
X-C
X-Block-Status
X-Cache-Info
X-Request-URI
X-ABtesting
X-CGP
X-Epic-Correlation-Id
X-Platform-Server
X-Proxy-Cache-Status
X-Level-Front-Cache
X-App-Name
X-Cdn-Origin
X-Proxy-Upstream
X-Amz-Meta-Cache-Control
X-Compress-Hint
X-Eu-Site
X-Matched-Rule
X-Method
X-Hash
X-Hello
X-Hnp-Log
X-GeoIP-City
Ha-Gx-Prefs
X-Wikidot-Static-Cache
Is-Eu
X-Geo-Header
HA-Ipaddr
X-Location
Adler-Geo
X-Li-Pop
X-LI-Proto
Content-Disposition
X-Li-Fabric
CDCHOST
X-Irp-Debug
AKAMAI
Fastly-SWR
X-LI-UUID
Fastly-SIE
Esi-Enabled
X-RateLimit-Limit-Second
X-Generation-Time
X-Fetched-On
X-Flog
X-MSEdge-Flight
Platform
X-Nginx-Cache-Key
X-Variation
RNT-Time
RNT-Machine
X-Old-Content-Length
X-NX-Host
L
X-VServer
X-Generated-In
X-Generated-On
Magicmarker
X-Wikidot-Backend
X-We-Are-Hiring
X-WADP-Cache
X-MSEdge-Features
PFcat
X-Gen-Mode
X-Microcachable
X-Dispatch
X-Dispatcher-Server
X-GDPR
X-Qloud-Router
X-Internal-Host
X-Key
X-Say-Cacheable
X-Swa-Ws
SS
Pramga
X-Guploader-Uploadid
X-Cdn-Forward
Wxu-Next-Commit
Web-Mar-Node
Server-Host
Served-By
SD-X-WS
X-User
Heartbleed
X-Policy
X-Webstats-RespID
Kp-EeAlive
Wxu-Next-Hostname
Pagetype
X-Reqid
X-SD-PageType
X-SayCDN-TTL
X-Say-TTL
X-Response-By
X-Backend-State
Wxu-Next-Region
X-Servername
X-Server-IP
X-IPS-LoggedIn
Resin-Trace
Country-Code
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-MP-GENERATED-AT
X-FPC
X-Wa
Memory
X-Page-Type
REQUESTUUID
UCS
X-Servedbyhost
X-Service
X-Var-Ttl
Cache-Provider
X-JWT-State
X-Is-Gdpr
X-Has-Esi
Powered-By-ChinaCache
ProcessTime
X-Dc
Ajk
X-Lb-Id
X-NWS-UUID-VERIFY
X-Logtrace-Id
X-Nc
X-Geo
X-HTML-Minification-Powered-By
Proxy-Firewall
X-Ratelimit-Limit
X-Cache-Backend
X-VCL-Version
X-Datadome
X-Tb-Optimization-Total-Bytes-Saved
X-RateLimit-Reset
X-Oss-Object-Type
X-Processor
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Info
Srv
X-Be
X-SERVER-NAME
X-Litespeed-Cache
X-ZONE
X-Cache-Category-Id
SN
X-Svr
Powered-By
X-Grey
X-Cache-URL
X-Pjax-Url
X-SRV
X-Varnish-Beresp-Ttl
X-Instart-Isnd
X-COUNTRY
X-Ruxit-Js-Agent
Dynatrace
X-HS-Status
PICS-Label
GeoIP-City
X-SN
GeoIP-Latitude
Fastly-Backend-Name
GeoIP-Country-Code
X-UA
X-CDN-Forward
X-Scheme
X-TH-Server
X-Tec-Api-Origin
X-Tec-Api-Version
X-URL
CACHE
X-Tec-Api-Root
X-Webkit-Csp
X-Cache-Ttl
X-NodeID
X-Ftr-Request-Id
X-RCS-CacheZone
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Group
X-Dynatrace
X-Zone
X-Ttl
X-GRACE
X-Source
X-LAGOON
GW-Server
X-Pf-Uncompressing
X-LiteSpeed-Cache-Control
X-EC-Lua
X-Server-W
X-Secret
X-PF-Uncompressing
Ttl
X-Gannett-Site-Version
X-Varnish-Url
X-Bc
X-Check-Cacheable
Cdn
X-Newrelic-Synthetics
Cache-Host
X-Sucuri-Id
X-Varnish-Beresp-TTL
LB
CF-Cached-On
X-APP
X-Dynatrace-Js-Agent
WZWS-RAY
X-NODE
X-Ms-Request-Id
X-Ms-Version
On-Server
X-Varnish-Cacheable
X-CDN-Cache
X-Via-Ucdn
XServer
X-Ftr-Cache-Host
Pics-Label
X-FORWARDED-FOR
X-GeoIP-Country-Code
User-Agent
X-Tt-Trace-Host
X-Ratelimit-Remaining
Geoip-Latitude
X-Cache-Debug
X-Session-Fingerprint
X-Trafficlayer-App-Name
X-Aicache-OS
Inserted-Into-Cache-At
X-BC
Geoip-City
Environment
Lfy
X-Edge
MIME-Version
GeoIp-Country-Code
X-Trafficlayer-App-Scope
X-Fastly-Country-Code
WWW
M-TraceId
X-Akamai-SSL-Client-Sid
X-NU-AKA-ACS-Version
X-PJAX-URL
X-Agile-Age
X-BE
X-Agile
X-Agile-Id
X-Ftr-Balancer
X-Ftr-Realm
X-Ftr-Dc
X-Ftr-Backend-Server
X-Ftr-Backend
X-Render-Time
Ohc-Response-Time
X-Crawler
Requestid
X-Mid
Who
Cf-Ipcountry
X-LB-ID
X-7Graus-Varnish-Cache-Control
X-Logging-Id
X-Varnish-Ttl
X-7Graus-Varnish-XKeys
SID
X-MCACHE
X-CSRF-Token
X-Vcl-Version
X-UPSTREAM-Address
Lb
Amp-Access-Control-Allow-Source-Origin
X-Cache-Miss-From
URI
X-Micro-Cache
X-Litespeed-Cache-Control
X-FE
X-Sedo-Request-Id
X-Cache-Tag
X-Fastly-Backend-Reqs
X-RSL
X-Served-From
X-WR-MODIFICATION
X-Via-Edge
X-RPS
X-DSS
X-DW
X-Action
X-Proxy-Cacherz
X-Via-SSL
X-DB
X-RPM
X-DI
Xkeyrz
HostName
X-Core-Value
CDN
Host-ID
RequestUuid
DataCenter
X-Cf-Powered-By
X-Correlation-ID
X-Amzn-Remapped-Date
X-Page-Impression-Id
X-Nananana
X-Amzn-Remapped-Connection
X-Zalando-Child-Request-Id
X-ServedByHost
Cdnsip
Cdncip
X-WA
X-Vct
Xkeypdq
X-Flow-Id
X-Fastly-Cache-Hits
X-AK-Request-ID
X-Fpc
X-Swift-Error
X-Newrelic-App-Data
X-NGINX-Cache
Get-Access-Time
FNAC-ModuleRouting
Warning
X-Gdpr
Cneonction
X-MID
X-SB
X-Cdn-Request-ID
X-VC
X-TIME
Correlation-Id
X-Rocket-Build-Number
X-Sigma
X-Vdms-Version
X-Ecache
X-Sigma-Backend
X-TT-LOGID
X-Protected-By
Is-Session-Tracking
X-Sucuri-Cache
X-Sucuri-ID
X-Shopify-Generated-Cart-Token
Xet-Cookie
RequestId
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Via-NSCOPI
X-Serial
X-ND-Cache
X-Refresh
X-Request-Url
X-Fe
X-Request-URL
X-ServerName
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-Bug-Bounty
HitType
Processtime
X-ECache
X-Unique-Id
V-Cache