Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-Template
X-Language
X-Request-ID
X-DNS-Prefetch-Control
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
Xkey
X-Kinja-Server-Push
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Ua-Compatible
X-CDN
X-Envoy-Upstream-Service-Time
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-UA-Device
X-Server
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Cf-Railgun
X-Cdn
X-Server-Id
X-Amz-Version-Id
Feature-Policy
Server-Timing
X-Device
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-OneAgent-JS-Injection
X-Cnection
X-Ac
X-Cloud-Trace-Context
Report-To
X-Dns-Prefetch-Control
X-Host
X-Response-Time
X-Node
X-Backend-Server
Content-Location
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-Origin-Upstream-Status
Surrogate-Control
X-Rack-Cache
Allow
X-ORACLE-DMS-RID
X-HW
X-Ruxit-JS-Agent
X-DataDome
Rating
X-Country
X-Country-Code
X-Url
X-Clacks-Overhead
X-FTR-Request-ID
X-TTL
X-DynaTrace
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-CST
Verso
RTSS
X-Px
Public-Key-Pins
X-Powered-By-Plesk
Edge-Control
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Pinterest-Generated-By
Service-Worker-Allowed
X-Ah-Environment
Display
X-Sol
Response
X-Middleton-Display
X-Middleton-Response
X-D2id
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
Accept-Ch-Lifetime
X-Vcap-Request-Id
X-B3-TraceId
X-Version
SPRequestGuid
X-SharePointHealthScore
X-Akam-SW-Version
MS-Author-Via
X-RateLimit-Remaining
TCN
X-GitHub-Request-Id
X-Navigation-Version
X-Powered-CMS
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Abt-Application-Version
X-Upstream
Accept-CH
X-Shard
X-Forwarded-Proto
SPIisLatency
SPRequestDuration
Ar-Sid
AR-ATIME
AR-CACHE
AR-PoweredBy
Charset
X-Amz-Server-Side-Encryption
Fastly-Restarts
X-XRDS-Location
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-ESI
X-Amz-Rid
X-Aspnetmvc-Version
X-Trace
Realpath
Nginx-Cache
X-Server-Name
X-Debug
Front-End-Https
AR-Request-ID
X-Ezoic-Cdn
X-Cached
X-Shield-Request-Id
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-NF-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
Paypal-Debug-Id
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
Arr-Disable-Session-Affinity
Pagespeed
Content-MD5
ServerID
X-Id
X-Vcache
X-Goog-Storage-Class
DynaTrace
MicrosoftSharePointTeamServices
S
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-DynaTrace-JS-Agent
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-Via-JSL
X-Client-IP
X-Content-Type
X-Varnish-Age
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-VCache
X-SERVER
X-RateLimit-Limit
X-Grace
Accept-Ch
X-Correlation-Id
X-N
X-Frontend
Fastcgi-Cache
X-Content-Digest
Powered
X-Accel-Expires
X-Mobile-Rewrite
PB-PID
Arc-Version
X-Ser
PB-RID
X-Forwarded-For
X-DIS-Request-ID
Server-Name
X-Logged-In
X-FTR-Cache-Host
X-Fastcgi-Cache
X-FastCGI-Cache
X-B3-Sampled
AMP-Access-Control-Allow-Source-Origin
X-HS-Content-Id
X-HS-Hub-Id
TP-Cache
TP-L2-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Zen-Fury
X-B3-Traceid
X-Cache-Age
X-Request-Processing-Time
X-Request-Received
X-Kinsta-Cache
X-Esi
FilterID
X-Type
Edge-Cache-Tag
X-LB-Cache
X-GUploader-UploadID
X-Rid
X-Analytics
X-Activity-Id
Backend-Timing
X-Revision
X-User-Agent
X-Az
X-AppVersion
X-IPLB-Instance
Healthy
X-Node-Name
X-Whom
Retry-After
X-Time
X-F-Cache
X-Srv
X-NWS-LOG-UUID
X-Cache-2
X-Cache-Hit
Pinterest-Version
X-Pinterest-Rid
Accept-Charset
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Amzn-RequestId
Alternate-Protocol
X-Amz-Apigw-Id
X-Acc-Meta-Resource-Type
X-Cache-Rule
Server-Node
X-AOL-HN
Cache-Status
X-Content-Options
Surrogate-Key
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
DC
X-Jobs
Access-Control-Allow-Method
X-Forwarded-Host
X-Content-Security-Policy-Report-Only
X-Cluster
X-Akamai-Edgescape
X-Content-Powered-By
Refresh
X-FW-Static
X-FW-Server
X-Debug-Info
X-FW-Type
X-FW-Hash
X-FW-Serve
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Page-Id
X-Instance
X-Tumblr-User
X-FB-Debug
X-Framework
X-Hp-Webp
Source
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-B
MS-CV
X-App-Environment
X-PHP-Backend
X-Varnish-Grace
X-Request-Guid
X-App-Server
Frame-Options
Fastcgi-Useragent
X-Hostname
Host
Cleartype
Cache-Tag
Tracecode
X-Cache-Key
Actual-Object-TTL
X-Cache-Operation
X-TA-CDN-Provider
X-Signature
X-B-Cache
X-Mobile-URL
X-Geo-Country
X-BCube-Filmed-By
X-Cached-By
X-Cache-Control
X-Varnish-Backend
X-Seen-By
X-TT
X-Amz-Replication-Status
Liferay-Portal
X-Ratelimit-Reset
X-PressLabs-Stats
X-Host-Name
Xserver
X-Mobile
NGB
X-Pad
X-Response-Served-From
Upgrade-Insecure-Requests
X-Adobe-Content
X-Adobe-Loc
X-Git-Hash
Payment
X-ATG-Version
X-WebKit-CSP-Report-Only
Eomportal-Instance
X-WA-Info
X-TT-TIMESTAMP
X-Cache-TTL
Webserver
X-Status
X-Tumblr-Pixel-1
WPE-Backend
Cache-Tv-Group
X-FW-Dynamic
Filters
X-RemovedCookies
X-ProcessESI
X-Tumblr-Pixel-2
X-Handled-By
X-RTag
X-Cacheable-TTL
Ms-Operation-Id
From-Origin
X-GeoIP
X-TX-ID
X-Drupal-Cache-Tags
X-UA-Device-Type
X-Cache-Remote
X-RequestSource
X-Cache-TTL-Remaining
GEO-INFO
X-DataStream-Cache-Status
X-Content-Age
Datacenter
X-Webkit-CSP
X-Edge-Location
X-Origin-Server
X-Daa-Tunnel
X-Cache-Action
X-Storage
Viewport
X-Accel-Buffering
X-Varnish-Hostname
X-Upstream-Proxy
X-EdgeConnect-Cache-Status
Cache
Version
X-Hyper-Cache
X-Ua
X-Contextid
NR-ENABLED
X-Region
X-CF-Powered-By
X-Wix-Request-Id
Host-Header
PageSpeed
Accept-CH-Lifetime
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Oneagent-Js-Injection
X-Akamai-Transformed
X-Varnish-Server
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
X-Path-Route
Load-Balancing
X-Cache-Var-Map
Meta-Geo
S-Cnection
X-JoinUs
Selected-Fe
X-From
X-IP
X-Timing-Wait
X-Proxy-Build
X-Akamai-Request-ID2
Cache-Name
X-Generated
Vix-Hermes-Req-Id
X-Proto
X-Proxy
X-CS
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Backend-Name
Ohc-File-Size
Cache-Tags
X-Section
X-Loop
Decoy-Debug-Key
X-Rule
X-Labrador-Cache-Channel
X-Origin
X-Origin-Response-Time
Ec-Rule-Version
X-NCache
X-PERF
Decoy-Debug-Status
Decoy-Debug-TTL
X-Time-Microsecs
X-Tumblr-Pixel-3
X-Cache-Enabled
X-Cluster-Node
X-Cache-Config
Cache-Hits
X-ApacheServer
X-Akamai-Request-ID
X-Access
X-FC-Vary-Parameters
X-Hit
X-TNCMS
Now
X-Upgrade-Enabled
X-Viewer-Country
X-Via-Fastly
DB-Nickname
Rt-Fastcgi-Cache
SRV
Azure-SlotName
Azure-SiteName
Azure-Version
X-Hosted-By
Cache-Key
Azure-RegionName
Azure-InstanceId
X-UnsetCookies
Webcakes-App-Name
X-Trace-Id
X-Format
TWC-Device-Class
TWC-Privacy
X-Cache-Grace
TWC-GeoIP-Country
X-OCL
Property-Id
S-Rt
TWC-Connection-Speed
Mn-Server-Ip
X-Origin-Hint
TWC-Locale-Group
X-Upstream-CT
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
X-PCL
Country
X-FW-Version
Webcakes-Region
Webcakes-App-Version
X-Xfnlog-Site
X-Cache-Time
X-EIG-Tracking-Id
X-Backend-TTL
X-CCM
X-Web-Node
X-Upstream-HT
X-Cache-Host
X-Cache-NE
X-Varnish-Cache-Hits
X-S
X-Device-Type
X-Drupal-Cache-Contexts
X-Varnish-Hits
X-Cache-Server
X-Locale
X-Site-Version
X-Www-Served-By
X-Human
X-FireWall-Port
X-Debug-Cache
DSUID
Server-Info
OT-Force-Account-Verify
X-Rendered-As
Release
Time
X-NewRelic-App-Data
X-Vgn-Hpd-Reason
X-Presslabs-Stats
Ohc-Cache-HIT
Hostname
X-VCT
X-VG-TLSProxy
ServedBy
X-HS-Cache-Config
X-Alternate-Cache-Key
X-ShopId
X-Sorting-Hat-ShopId
Fastcgi-X-Cache-Version
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShardId
X-VG-WebCache
X-OVcl
X-OVcl-Cache
X-Real-IP
X-FB-TRIP-ID
X-Oracle-Dms-Rid
X-Redis-Cache
Cteonnt-Length
X-Server-ID
Accept-Language
X-Nginx-Cache
X-Pubstack
Origin-Edge-Control
X-Webkit-Csp
Access-Control-Request-Headers
Origin-Cache-Control
X-Tb
Machine
Origin
X-APP-VERSION
L5d-Success-Class
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-App-Version
X-Mode
X-Environment-Context
X-L-Path
X-No-Session
X-CSRF-TOKEN
X-Cluster-Name
NtCoent-Length
Fastly-SSL
X-Element-Page-Cache
X-Tt-Trace-Tag
X-NGENIX-Cache
X-B3-Spanid
X-Magnolia-Registration
X-NC
X-GEO
X-LJ-Flow-ID
X-Request-Time
X-Generated-By
X-AWS-Id
IBM-Web2-Location
X-UUID
Mime-Version
Odigeo-Trace-Id
X-Load-Cache
X-SS-Set-Cookie
X-VWS-Id
X-Guploader-Uploadid
Nel
X-Endurance-Cache-Level
X-B3-Parentspanid
X-Rocket-Nginx-Bypass
X-ECACHE
X-GoCache-CacheStatus
X-ServerID
Mail-Subject
X-Parent-Response-Time
Akamai-GRN
X-Amzn-Remapped-Content-Length
We-Hiring
X-XRDS-LOCATION
X-CACHE-KEY
X-HS-Combine-CSS
Request-Time
X-Soup
X-Origin-CC
X-Origin-TTL
X-External-Request-Id
X-Request-UUID
MD5-Digest
X-Rewrite-Enabled
X-Region-Sid
X-Instart-Info
Viewtype
X-Node-Id
X-MServer
Proxy-Connection
X-Origin-Date
Cdn-Host
Cdn-Request-Time
Fly-Cache
Fly-Request-Id
Cache-Prefix
X-Application
GEO-REGION-INFO
X-AIR-PT
Content-Script-Type
X-A-Dcw
X-A-Wwc
X-A-Dgt
Cross-Origin-Window-Policy
X-Accel-Expires-Debug
Content-Style-Type
X-Aed
X-A-Dam
BehaviorPad-Version
NGX
X-Org
X-ARC
Memcached
X-Origin-Expires
X-B-Cookie
X-PAYTM-SRV-ID
A
X-A
Apple-News-Services-Request-Url
Arc-Country
AsisCache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-A-Ccd
Apple-News-Services-Handled
VivaBuild
X-S-Maxage
X-Developer
X-D
X-Date
X-Rojux
X-Worker
X-CF-Lambda-Fn
Rendered-Blocks
X-Is-Bot
X-Vtex-Processado-Em
X-SRCache-Key
Node
X-Vtex-Remote-Cache
X-CF-Lambda-Version
X-ScT
X-B3-SpanId
X-G
X-Edge-Server
T-Server
X-Trv-Group
X-Transaction
X-Twitter-Response-Tags
X-Server-Time
X-Destination
X-S-Cookie
X-DPWN-IS-SECURE
Server-ID
X-Detected-As
X-Connection-Hash
Meta-Geo-Continent
X-VG-WebServer
Mobile-Detection-Method
Xc-Version
Rt-Proxy-Cache
Locale
X-Uri
X-Urbn-Context-Path
X-DC
X-Urbn-Site-Id
ServerName
X-Core-Mission
X-TrackingId
X-VC-Cache
Request-EU
Section-Io-Cache
Gh-Request-Id
X-BYPASS-REASON
X-Thanos
X-ProxyCache-Key
X-SVT-ORM-VERSION
X-Developers
X-SIPLIST1
X-SVT-ORM-RULES
X-Hl-Ver
Request-Country
X-Azure-Ref-OriginShield
X-Bip
X-Distributor
X-WebServer
X-ProxyCache-Status
N-Cache
IsBot
X-Fastly-Cache
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Cdn-Srv
X-Release
X-Cms-Context
X-Request-Start
X-Auto-Login
X-Azure-Ref
Fastly-Soc-X-Request-Id
X-Cache-Bucket
X-Distil-CS
Backend-Name
CF-IPCountry
X-Cdn-Forward
X-Unique-ID
X-Via-CDN
User-Cache-Control
Thinkindot-Control
Thinkindot-CacheControl-Type
True-Client-Country-4JS
RNT-Time
V-Age
W
Thinkindot-CacheControl
Server-Int
X-Generated-In
RNT-Machine
X-CGP
X-Clara-WADP
X-ElasticPress-Search
X-Cdn-Origin
X-Eu-Site
X-Epic-Correlation-Id
X-Gen-Mode
X-Clientip
X-Device-Os
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Cache-Expiry
X-CUA
X-Compress-Hint
X-GDPR
X-Cache-Info
X-Cache-Id
X-GeoIP-City
X-Geo-Header
X-Backend-Host
X-Hash
X-Hello
X-Amz-Meta-Cache-Control
X-Hnp-Log
X-App-Name
X-Backend-Url
X-BBXSRF
X-Generated-On
X-Debug-Log
X-Cache-FS-Status
X-C
X-Fetched-On
X-Generation-Time
X-Block-Status
X-ABtesting
X-RateLimit-Remaining-Second
X-Platform-Server
X-Owner
X-Old-Content-Length
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Flog
X-RateLimit-Limit-Second
X-NX-Host
AKAMAI
Countrycode
Esi-Enabled
Content-Disposition
X-MSEdge-Flight
CDCHOST
X-Nginx-Cache-Key
X-Reboot
X-Request-URI
X-WADP-Cache
Uber-Trace-Id
X-VServer
X-We-Are-Hiring
X-Wikidot-Backend
X-Policy
X-Wikidot-Static-Cache
X-Up
X-Thinkindot-L3
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-ServiceProvider
X-Sn-Servicetimems
X-Skip-Cache
X-MSEdge-Features
X-PHP-Host
L
X-Level-Front-Cache
X-LI-Proto
X-LI-UUID
Magicmarker
X-Li-Fabric
Ha-Gx-Prefs
X-Li-Pop
HA-Ipaddr
X-Method
PFcat
X-Matched-Rule
X-Location
X-Irp-Debug
X-Microcachable
X-Ruxit-Js-Agent
Fastly-SIE
X-Say-TTL
X-SD-PageType
SS
X-Server-IP
Pagetype
X-Variation
SD-X-WS
X-Webstats-RespID
X-Key
Pramga
X-Dispatcher-Server
X-Dispatch
X-User
Server-Host
Served-By
Platform
X-Swa-Ws
X-SayCDN-TTL
Is-Eu
Adler-Geo
Kp-EeAlive
X-Qloud-Router
Web-Mar-Node
Heartbleed
X-Say-Cacheable
Wxu-Next-Commit
Wxu-Next-Hostname
X-Reqid
X-Response-By
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Wxu-Next-Region
X-Backend-State
X-IPS-LoggedIn
Country-Code
X-Servername
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Internal-Host
Memory
Resin-Trace
Cache-Cookie-Set-Idcheck
X-Nc
X-Var-Ttl
X-Service
X-Dc
X-Ftr-Request-Id
X-Page-Type
X-MP-GENERATED-AT
X-Ttl
X-Geo
X-FPC
Cache-Provider
X-Wa
X-Servedbyhost
UCS
REQUESTUUID
X-Is-Gdpr
X-Has-Esi
X-Lb-Id
X-JWT-State
ProcessTime
X-Logtrace-Id
X-Ratelimit-Limit
Ajk
Srv
Powered-By-ChinaCache
X-NWS-UUID-VERIFY
X-Datadome
X-HTML-Minification-Powered-By
Proxy-Firewall
X-Info
X-RateLimit-Reset
X-Cache-Backend
X-Be
X-Litespeed-Cache
X-Oss-Hash-Crc64ecma
X-VCL-Version
X-Oss-Request-Id
X-Oss-Storage-Class
X-Processor
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-URL
X-Oss-Server-Time
X-Oss-Object-Type
X-Svr
X-Pjax-Url
X-SRV
Powered-By
SN
X-Instart-Isnd
X-Cache-Category-Id
X-Grey
X-COUNTRY
X-Scheme
X-SN
X-HS-Status
X-UA
Dynatrace
X-Varnish-Beresp-Ttl
X-Zone
CACHE
X-ZONE
X-URL
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-TH-Server
Fastly-Backend-Name
X-NodeID
PICS-Label
X-Dynatrace
Group
X-CDN-Forward
GeoIP-Country-Code
GeoIP-Latitude
GeoIP-City
X-GRACE
X-Varnish-Beresp-Status
X-Ftr-Cache-Host
X-Varnish-Beresp-Grace
X-Source
X-SERVER-NAME
X-RCS-CacheZone
X-Pf-Uncompressing
X-LiteSpeed-Cache-Control
X-EC-Lua
X-Cache-Ttl
Cache-Host
X-Server-W
X-Newrelic-Synthetics
X-LAGOON
GW-Server
X-Varnish-Beresp-TTL
X-Sucuri-Id
X-Dynatrace-Js-Agent
Ttl
X-PF-Uncompressing
X-Varnish-Url
X-Gannett-Site-Version
X-APP
Cdn
X-Bc
X-Secret
X-NODE
X-Ftr-Backend
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Dc
X-Check-Cacheable
X-Ftr-Realm
X-Ms-Version
X-Via-Ucdn
CF-Cached-On
X-Ms-Request-Id
WZWS-RAY
LB
XServer
On-Server
X-CDN-Cache
GeoIp-Country-Code
Geoip-Latitude
X-FORWARDED-FOR
X-Varnish-Cacheable
Geoip-City
X-Ratelimit-Remaining
Pics-Label
X-Tt-Trace-Host
Amp-Access-Control-Allow-Source-Origin
X-Cache-Debug
X-Edge
Environment
Lfy
User-Agent
X-Aicache-OS
X-Session-Fingerprint
X-Fastly-Country-Code
MIME-Version
X-GeoIP-Country-Code
X-BC
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Agile
X-Agile-Age
X-Agile-Id
X-Akamai-SSL-Client-Sid
M-TraceId
WWW
Inserted-Into-Cache-At
Cf-Ipcountry
X-NU-AKA-ACS-Version
Requestid
X-Vcl-Version
X-PJAX-URL
X-CSRF-Token
Ohc-Response-Time
X-BE
X-Mid
X-7Graus-Varnish-XKeys
X-Varnish-Ttl
X-7Graus-Varnish-Cache-Control
X-Logging-Id
X-Crawler
X-UPSTREAM-Address
SID
X-Render-Time
X-MCACHE
Who
Lb
X-Cache-Tag
X-Litespeed-Cache-Control
X-Sedo-Request-Id
X-Fastly-Backend-Reqs
X-Cache-Miss-From
X-LB-ID
URI
X-RSL
X-RPS
X-RPM
X-DSS
Xkeyrz
X-DW
X-Proxy-Cacherz
X-Micro-Cache
X-DI
X-FE
X-DB
X-Action
HostName
X-Fpc
X-Core-Value
RequestUuid
CDN
X-Served-From
X-WR-MODIFICATION
X-WA
X-Via-Edge
Host-ID
X-Via-SSL
X-Cf-Powered-By
DataCenter
X-Correlation-ID
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-Flow-Id
X-Fastly-Cache-Hits
Cdnsip
X-AK-Request-ID
X-Nananana
X-ServedByHost
Cdncip
Xkeypdq
X-Swift-Error
X-Newrelic-App-Data
X-NGINX-Cache
X-MID
X-Sigma-Backend
X-TT-LOGID
X-Sigma
X-Sucuri-Cache
Get-Access-Time
X-VC
X-Vdms-Version
Is-Session-Tracking
X-Rocket-Build-Number
X-SB
Correlation-Id
X-Amzn-Remapped-Date
X-Cdn-Request-ID
FNAC-ModuleRouting
Cneonction
Warning
X-Amzn-Remapped-Connection
X-ServerName
X-TIME
X-Sucuri-ID
X-Vct
X-Fe
X-Ecache
X-Shopify-Generated-Cart-Token
RequestId
X-Fstrz
X-Request-URL
TTL
X-Gen-Id
Xet-Cookie
X-Apw-Access-Object
X-Apw-Access-Token
X-Protected-By
X-MiniProfiler-Ids
X-Gdpr
X-Dw-Trace-Id
X-Bug-Bounty
HitType
V-Cache
X-Apw-Hits
Processtime
X-ECache
X-Unique-Id
X-Apw-Access-Action