Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
Content-Encoding
X-Content-Security-Policy
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Request-ID
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Ua-Compatible
X-Pingback
X-Server-Powered-By
X-Server
X-CDN
X-Proxy-Cache
X-UA-Device
X-Hacker
X-AH-Environment
Request-Context
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
P3p
Cf-Railgun
Server-Timing
Feature-Policy
X-Amz-Version-Id
X-WebKit-CSP
X-Server-Id
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
EagleEye-TraceId
Report-To
X-Cloud-Trace-Context
X-Response-Time
X-Backend-Server
Request-Id
X-Host
X-Node
Content-Location
X-Readtime
X-Origin-Cache
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
X-DataDome
NEL
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-Origin-Upstream-Status
X-Rack-Cache
Surrogate-Control
X-HW
Allow
Rating
X-Country-Code
X-Clacks-Overhead
X-Dns-Prefetch-Control
X-Country
X-Url
X-FTR-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Instart-Request-ID
X-MS-InvokeApp
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-Goog-Hash
X-TTL
X-TtlSet
X-Vname
X-PC
X-Varnish-TTL
X-Ah-Environment
X-Powered-By-Plesk
Pinterest-Generated-By
Verso
X-Aspnetmvc-Version
Public-Key-Pins
X-B3-TraceId
RTSS
X-Px
X-Mod-Pagespeed
Edge-Control
Response
X-Middleton-Response
X-Sol
Display
X-VARITI-CCR
X-Middleton-Display
SPRequestGuid
X-Kinja-Build
X-CST
X-Cdn-Fetch
X-Exp-Id
X-Use-Magma
X-Exp-Variant
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-Recruiting
X-Kinja-Server
X-SharePointHealthScore
X-D2id
X-ESI
Service-Worker-Allowed
X-Akam-SW-Version
X-Vcap-Request-Id
SPRequestDuration
X-Version
SPIisLatency
X-Server-Name
X-GitHub-Request-Id
X-Powered-CMS
X-Abt-Application-Version
TCN
MS-Author-Via
Accept-Ch-Lifetime
X-Navigation-Version
Accept-CH
X-Trace
X-Shard
Charset
Fastly-Restarts
Nginx-Cache
X-Upstream
X-Debug
Realpath
X-Amz-Rid
X-Amz-Server-Side-Encryption
X-RateLimit-Remaining
AR-PoweredBy
AR-ATIME
Ar-Sid
AR-CACHE
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Ezoic-Cdn
X-VCache
X-Cached
X-NF-Request-ID
Front-End-Https
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
Pagespeed
X-MSEdge-Ref
Arr-Disable-Session-Affinity
Access-Control-Request-Method
X-Shield-Request-Id
X-XRDS-Location
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
AR-Request-ID
X-TEC-API-ORIGIN
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-TEC-API-ROOT
X-TEC-API-VERSION
X-FTR-Cache-Status
Content-MD5
X-FTR-Expires
X-Country-Code-Real
MicrosoftSharePointTeamServices
DynaTrace
Paypal-Debug-Id
X-Id
S
X-Goog-Storage-Class
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
ServerID
X-Varnish-Age
X-Via-JSL
X-Ser
X-DynaTrace-JS-Agent
X-Client-IP
X-Content-Type
X-Grace
X-Accel-Expires
X-Correlation-Id
X-Dw-Request-Base-Id
X-Hits
X-Forwarded-For
X-FastCGI-Cache
Fastcgi-Cache
X-Amzn-Trace-Id
X-Content-Digest
Powered
Edge-Cache-Tag
X-Frontend
X-N
X-DIS-Request-ID
AMP-Access-Control-Allow-Source-Origin
Accept-Ch
X-FTR-Cache-Host
PB-PID
Arc-Version
PB-RID
X-Mobile-Rewrite
X-HS-Content-Id
X-HS-Hub-Id
X-Logged-In
Server-Name
X-Pinterest-Rid
Pinterest-Version
TP-L2-Cache
TP-Cache
X-GUploader-UploadID
X-Request-Received
X-Request-Processing-Time
X-Request-Handler-Origin-Region
X-Server-ID
X-Microsite
X-Kinsta-Cache
X-Zen-Fury
X-RateLimit-Limit
X-Time
X-Cache-Age
X-IPLB-Instance
X-Revision
X-Activity-Id
X-User-Agent
X-Rid
X-AppVersion
X-B3-Sampled
X-Az
X-Type
X-Vcache
Backend-Timing
Healthy
X-Analytics
X-Cache-Hit
X-LB-Cache
X-Fastcgi-Cache
X-Whom
Retry-After
X-Node-Name
X-Srv
FilterID
Server-Node
X-NWS-LOG-UUID
Alternate-Protocol
X-F-Cache
X-Hp-Webp
Accept-Charset
Cache-Tag
X-Akamai-Edgescape
X-Cache-Rule
X-Cache-2
Cache-Status
X-SERVER
X-Kong-Upstream-Latency
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kong-Proxy-Latency
X-Content-Options
X-Content-Security-Policy-Report-Only
Tracecode
DC
Refresh
X-Amzn-RequestId
Surrogate-Key
X-Amz-Apigw-Id
X-Content-Powered-By
X-Instance
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Framework
X-Forwarded-Host
MS-CV
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-AOL-HN
X-Varnish-Grace
Source
X-Jobs
Access-Control-Allow-Method
X-App-Environment
X-Debug-Info
X-Webkit-CSP
X-PHP-Backend
X-Cluster
X-Page-Id
X-FB-Debug
X-Request-Guid
Fastcgi-Useragent
X-Cache-TTL
X-TA-CDN-Provider
X-B
X-App-Server
X-FW-Hash
X-FW-Static
X-FW-Serve
X-FW-Type
X-Cache-Operation
X-FW-Server
Host
Actual-Object-TTL
X-Mobile-URL
X-Cache-Key
Frame-Options
X-Seen-By
NR-ENABLED
X-Geo-Country
X-Hostname
X-Cache-Control
X-B3-Traceid
Cleartype
X-Host-Name
X-Pad
X-Signature
X-B-Cache
X-Cached-By
X-BCube-Filmed-By
Upgrade-Insecure-Requests
X-Mobile
X-Git-Hash
X-Response-Served-From
NGB
X-WebKit-CSP-Report-Only
X-TT
X-Varnish-Backend
X-Esi
Accept-CH-Lifetime
X-Amz-Replication-Status
GEO-INFO
X-ATG-Version
X-Adobe-Loc
X-Adobe-Content
WPE-Backend
X-ProcessESI
Webserver
X-RTag
Filters
X-Tumblr-Pixel-2
X-Handled-By
X-GeoIP
X-Drupal-Cache-Tags
X-UA-Device-Type
X-Acc-Meta-Resource-Type
X-Tumblr-Pixel-1
X-RemovedCookies
X-RequestSource
Cache-Tv-Group
Ms-Operation-Id
Eomportal-Instance
Payment
From-Origin
X-TT-TIMESTAMP
X-Origin-Server
X-Cacheable-TTL
X-Daa-Tunnel
X-TX-ID
X-Presslabs-Stats
X-Status
Liferay-Portal
X-EdgeConnect-Cache-Status
X-FW-Dynamic
Xserver
X-Element-Page-Cache
X-Cache-TTL-Remaining
X-WA-Info
X-HS-Cache-Config
X-Wix-Request-Id
X-Cache-Remote
X-Cache-Action
X-Hyper-Cache
X-Contextid
X-Content-Age
X-Edge-Location
X-Region
Datacenter
Viewport
X-Ttl
Cache
Version
X-CF-Powered-By
X-Ratelimit-Reset
X-XRDS-LOCATION
X-Storage
X-Varnish-Hostname
X-Akamai-Transformed
X-Cache-NE
Ohc-File-Size
X-Accel-Buffering
X-Tec-Api-Origin
X-PressLabs-Stats
PageSpeed
X-Tec-Api-Version
X-Tec-Api-Root
X-Cache-Server
X-RN-RSRV
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
X-Varnish-Server
Load-Balancing
Host-Header
Meta-Geo
X-Path-Route
X-IP
X-Cache-Enabled
Cache-Name
X-Proto
X-Proxy
Cache-Tags
TWC-Device-Class
TWC-GeoIP-Country
X-Varnish-Cache-Hits
X-Section
TWC-Connection-Speed
X-TNCMS
Mn-Server-Ip
Ec-Rule-Version
Country
Cache-Hits
Property-Id
S-Cnection
X-Tumblr-Pixel-3
X-Yottaa-Optimizations
Rt-Fastcgi-Cache
X-Device-Type
Release
X-Yottaa-Metrics
TWC-GeoIP-LatLong
TWC-Privacy
X-Cache-Config
X-HS-Combine-CSS
X-NCache
X-Origin-Response-Time
X-Origin-Hint
X-Akamai-Request-ID
TWC-Locale-Group
Vix-Hermes-Req-Id
X-Cluster-Node
Webcakes-App-Version
Webcakes-Region
X-Access
X-Loop
Webcakes-App-Name
X-Viewer-Country
X-Via-Fastly
X-CS
X-R9-Blue-Green-Version
X-Cache-Time
X-Akamai-Request-ID2
DSUID
X-Cache-Host
Azure-Version
Azure-SlotName
Azure-SiteName
DB-Nickname
X-PCL
X-Origin
X-Trace-Id
X-OCL
X-Backend-TTL
X-Backend-Name
X-Labrador-Cache-Channel
X-FC-Vary-Parameters
X-Web-Node
X-Format
X-Proxy-Build
X-Debug-Cache
X-Cache-Grace
X-Rule
X-VCT
X-Timing-Wait
X-EIG-Tracking-Id
X-From
X-Human
S-Rt
Azure-RegionName
X-UnsetCookies
X-Drupal-Cache-Contexts
X-Upgrade-Enabled
X-Www-Served-By
X-Xfnlog-Site
Selected-Fe
X-NewRelic-App-Data
Azure-InstanceId
X-Locale
Decoy-Debug-TTL
X-Generated
X-Vgn-Hpd-Reason
X-Site-Version
Decoy-Debug-Status
X-Time-Microsecs
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hit
X-PERF
X-Hosted-By
Ohc-Cache-HIT
Decoy-Debug-Key
X-ApacheServer
Server-Info
X-CCM
Cache-Key
X-FireWall-Port
Time
X-NGENIX-Cache
X-OVcl-Cache
X-OVcl
X-S
X-Rendered-As
X-Ua
X-Real-IP
X-Upstream-HT
X-Upstream-CT
X-Varnish-Hits
X-FW-Version
L5d-Success-Class
X-Pubstack
Now
X-Redis-Cache
Origin-Edge-Control
Origin-Cache-Control
X-SS-Set-Cookie
Fastcgi-X-Cache-Version
OT-Force-Account-Verify
X-Upstream-Proxy
X-Litespeed-Cache
X-APP-VERSION
Origin
X-Trafficlayer-App-Scope
ServedBy
X-Trafficlayer-App-Name
Fastly-SSL
Access-Control-Request-Headers
X-VG-TLSProxy
X-FB-TRIP-ID
Hostname
Cteonnt-Length
X-UUID
X-VG-WebCache
X-Cluster-Name
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
NtCoent-Length
X-Alternate-Cache-Key
X-ShopId
X-Load-Cache
X-ShardId
X-GoCache-CacheStatus
X-Origin-CC
X-Origin-TTL
X-App-Version
X-ServerID
X-Rocket-Nginx-Bypass
X-Soup
Machine
X-Tb
Accept-Language
X-Parent-Response-Time
Mime-Version
IBM-Web2-Location
X-ECACHE
NGX
X-CSRF-TOKEN
X-Tt-Trace-Tag
X-Environment-Context
X-No-Session
X-Is-Bot
X-L-Path
X-NC
X-B3-Spanid
Odigeo-Trace-Id
X-Uri
SRV
CF-IPCountry
Nel
X-B3-Parentspanid
X-MServer
X-CACHE-KEY
X-Node-Id
Content-Script-Type
Apple-News-Services-Request-Url
Apple-News-Services-Host
A
Content-Style-Type
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
BehaviorPad-Version
AsisCache
Arc-Country
Cache-Prefix
X-A-Dgt
X-Instart-Info
X-Hl-Ver
X-PAYTM-SRV-ID
X-Region-Sid
X-Request-UUID
X-G
X-External-Request-Id
X-Destination
X-Date
X-Detected-As
X-Developer
X-DPWN-IS-SECURE
X-Rewrite-Enabled
X-Rojux
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-ScT
X-S-Cookie
X-Server-Time
X-SRCache-Key
X-Transaction
X-D
X-Connection-Hash
Rendered-Blocks
Node
Rt-Proxy-Cache
ServerName
T-Server
Mobile-Detection-Method
Meta-Geo-Continent
Fly-Request-Id
Fly-Cache
GEO-REGION-INFO
MD5-Digest
Memcached
Viewtype
VivaBuild
X-ARC
X-Application
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-AIR-PT
X-Aed
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Wwc
Cross-Origin-Window-Policy
X-Accel-Expires-Debug
X-UA
X-Magnolia-Registration
X-Endurance-Cache-Level
Request-Time
X-Amzn-Remapped-Content-Length
Proxy-Connection
Mail-Subject
Uber-Trace-Id
X-ProxyCache-Status
We-Hiring
Backend-Name
X-ProxyCache-Key
X-BYPASS-REASON
X-Oneagent-Js-Injection
Akamai-GRN
X-Fastly-Cache
N-Cache
X-CUA
X-Azure-Ref-OriginShield
X-Azure-Ref
X-S-Maxage
Section-Io-Cache
X-Release
X-Compress-Hint
X-Origin-Expires
X-JWT-State
X-Is-Gdpr
X-Cdn-Srv
IsBot
X-Has-Esi
X-Origin-Date
X-Cms-Context
X-Cache-Bucket
X-Info
X-B3-SpanId
Request-Country
X-Developers
X-SVT-ORM-RULES
Request-EU
X-Var-Ttl
X-Nginx-Cache
X-Up
X-VC-Cache
X-SVT-ORM-VERSION
Fastly-Soc-X-Request-Id
X-SIPLIST1
X-GEO
User-Cache-Control
X-Generated-By
X-Debug-Cookies
X-Debug-Log
X-Debug-Cache-Store
Srv
X-Clara-WADP
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Core-Mission
X-Clientip
X-Auto-Login
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
W
Thinkindot-Control
Server-Int
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-App-Name
X-Backend-Host
X-C
X-Cache-Info
X-Cdn-Origin
X-Block-Status
X-Bip
X-Backend-Url
X-BBXSRF
X-CGP
X-Hnp-Log
X-Server-IP
X-Service
X-Skip-Cache
X-Sn-Servicetimems
X-Reqid
X-Reboot
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Swa-Ws
X-Thanos
X-We-Are-Hiring
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-WADP-Cache
X-VServer
X-Thinkindot-L3
X-TrackingId
X-User
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Gen-Mode
X-Generated-On
X-Generation-Time
X-Geo-Header
X-Eu-Site
X-ElasticPress-Search
X-Dispatch
X-Distil-CS
X-Distributor
X-Hash
Server-Host
X-Method
X-Nginx-Cache-Key
X-NX-Host
X-Matched-Rule
X-Location
X-IN-APIGATEWAY
X-Irp-Debug
X-Level-Front-Cache
X-Device-Os
X-IN-APIGATEWAYSSL
Heartbleed
HA-Ipaddr
Ha-Gx-Prefs
Kp-EeAlive
L
Pagetype
Magicmarker
Gh-Request-Id
Fastly-SWR
CDCHOST
Served-By
Content-Disposition
Countrycode
Fastly-SIE
Esi-Enabled
Pramga
AKAMAI
RNT-Time
RNT-Machine
X-Geo
X-Microcachable
X-Via-CDN
X-Owner
X-MSEdge-Flight
Is-Eu
X-MSEdge-Features
X-Old-Content-Length
Locale
X-Cache-FS-Status
X-Policy
X-Cache-Id
X-Fetched-On
X-LI-UUID
X-Platform-Server
X-PHP-Host
X-Li-Fabric
X-GeoIP-City
X-Generated-In
X-Dispatcher-Server
X-Epic-Correlation-Id
X-AWS-Id
Cache-Provider
X-Internal-Host
Memory
X-Li-Pop
X-Lb-Id
X-WebServer
X-Key
X-LI-Proto
Adler-Geo
X-VWS-Id
X-Guploader-Uploadid
X-SayCDN-TTL
X-Say-Cacheable
X-Amz-Meta-Cache-Control
X-LJ-Flow-ID
X-NWS-UUID-VERIFY
Web-Mar-Node
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Servername
Platform
X-Say-TTL
X-Request-Start
X-Request-URI
X-Backend-State
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
PFcat
X-Variation
X-Dc
X-Nc
True-Client-Country-4JS
Cdn-Host
Server-ID
SD-X-WS
X-Edge-Server
X-SD-PageType
Resin-Trace
Cdn-Request-Time
X-Mode
X-ServiceProvider
X-Ratelimit-Limit
X-Cdn-Forward
X-Cache-URL
X-GDPR
X-FPC
V-Age
X-Svr
X-DataStream-Cache-Status
X-Request-Time
X-DC
X-Org
X-Instart-Isnd
X-Be
REQUESTUUID
X-Hello
SS
X-Wa
X-Scheme
X-Flog
X-ABtesting
X-CDN-Forward
X-Processor
X-Cache-Backend
X-Servedbyhost
X-IPS-LoggedIn
X-Unique-ID
Country-Code
X-Response-By
X-Datadome
Group
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Pjax-Url
X-NodeID
Cache-Cookie-Set-From
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-RateLimit-Reset
X-VCL-Version
X-Page-Type
X-Server-W
Cache-Host
X-Oss-Hash-Crc64ecma
PICS-Label
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Storage-Class
X-SN
UCS
X-Ruxit-Js-Agent
X-EC-Lua
X-Ms-Version
X-Via-Ucdn
X-Ms-Request-Id
X-Varnish-Beresp-Ttl
X-Oracle-Dms-Rid
X-Webkit-Csp
X-MP-GENERATED-AT
X-HS-Status
X-Ftr-Request-Id
X-Dynatrace-Js-Agent
X-Varnish-Beresp-Status
X-Logtrace-Id
Ajk
X-Varnish-Beresp-Grace
X-Tb-Optimization-Total-Bytes-Saved
X-SRV
XServer
X-Dynatrace
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
ProcessTime
Powered-By-ChinaCache
Proxy-Firewall
X-URL
X-COUNTRY
X-Session-Fingerprint
Lfy
X-APP
Ttl
X-ZONE
X-GRACE
X-Source
X-Zone
X-Newrelic-Synthetics
X-HTML-Minification-Powered-By
CACHE
Powered-By
Geoip-Latitude
X-Pf-Uncompressing
X-Cache-Debug
X-Agile-Id
GeoIp-Country-Code
X-Agile-Age
Geoip-City
X-Agile
SN
X-Ratelimit-Remaining
X-Varnish-Beresp-TTL
GeoIP-Latitude
X-PF-Uncompressing
GeoIP-City
GeoIP-Country-Code
X-Fastly-Country-Code
X-Cache-Category-Id
X-Grey
X-Sucuri-Id
X-TH-Server
X-7Graus-Varnish-Cache-Control
Dynatrace
X-7Graus-Varnish-XKeys
X-Logging-Id
Environment
X-NODE
X-Sedo-Request-Id
X-Cache-Miss-From
X-Ftr-Cache-Host
Fastly-Backend-Name
X-Unique-Id
X-LiteSpeed-Cache-Control
X-CSRF-Token
Cdn
X-Check-Cacheable
X-Tt-Trace-Host
X-Aicache-OS
X-Sucuri-ID
X-Bc
X-Core-Value
MIME-Version
M-TraceId
Pics-Label
X-Edge
CF-Cached-On
GW-Server
X-Vcl-Version
X-Webapp-Samesite-None-Activated-N
LB
WWW
X-LAGOON
X-BC
X-Ftr-Backend
X-Ftr-Balancer
X-Ftr-Realm
X-Ftr-Dc
X-Ftr-Backend-Server
Ohc-Response-Time
X-Varnish-Url
X-Mid
X-UPSTREAM-Address
Requestid
X-Gannett-Site-Version
X-Fastly-Backend-Reqs
X-Secret
X-Vdms-Version
X-RCS-CacheZone
X-Sucuri-Cache
X-NGINX-Cache
HostName
Cf-Ipcountry
X-Sigma-Backend
X-MCACHE
X-Fstrz
DataCenter
Cdncip
X-Cache-Tag
X-AK-Request-ID
X-Rocket-Build-Number
X-Varnish-Ttl
WZWS-RAY
X-Sigma
X-PJAX-URL
X-FORWARDED-FOR
Cdnsip
Amp-Access-Control-Allow-Source-Origin
X-Shopify-Generated-Cart-Token
X-BE
X-Varnish-Cacheable
X-TT-LOGID
URI
X-Planisys-CDN-TTL
On-Server
X-Planisys-CDN-Rules
Pragrma
X-Litespeed-Cache-Control
X-CDN-Cache
X-Planisys-CDN-Cache
Lb
X-Swift-Error
X-Via-NSCOPI
RequestUuid
X-DSS
X-DB
X-Action
X-DI
X-RPS
Xkeyrz
X-GeoIP-Country-Code
X-ServedByHost
X-Proxy-Cacherz
X-RSL
X-Cache-Ttl
X-DW
X-RPM
User-Agent
X-Akamai-SSL-Client-Sid
CDN
X-WA
Inserted-Into-Cache-At
Host-ID
X-Correlation-ID
Is-Session-Tracking
Server-Id
Get-Access-Time
TTL
X-ORACLE-APMCS-REQUEST-ID
Warning
X-Flow-Id
X-Upstream-Ct
SID
X-Fastly-Cache-Hits
X-SaId
X-Fpc
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-Crawler
X-Upstream-Ht
Who
X-ORACLE-APMCS-TAG
Xkeypdq
X-WR-MODIFICATION
X-NU-AKA-ACS-Version
X-Refresh
X-Render-Time
X-ND-Cache
X-SB
X-MID
X-FE
X-VC
Correlation-Id
X-Nananana
X-Cf-Powered-By
FNAC-ModuleRouting
X-Akamai-ERPolicy
X-Via-Edge
X-Via-SSL
Locid
X-Amzn-Remapped-Date
X-Akamai-ERRuleID
X-Amzn-Remapped-Connection
X-Trafficlayer-App-Version
X-LB-ID
X-Newrelic-App-Data
X-ServerName
X-Bug-Bounty
X-MiniProfiler-Ids
Cneonction
X-Gdpr
X-Dw-Trace-Id
Xet-Cookie
HitType
X-Request-URL
X-Gen-Id
V-Cache
RequestId
X-ECache
Processtime
X-LiteSpeed-Tag