Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
Content-Encoding
X-Content-Security-Policy
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Request-ID
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
EagleId
X-Age
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Ua-Compatible
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-Server
X-AH-Environment
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Cdn
P3p
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
Feature-Policy
X-Amz-Version-Id
X-Device
X-WebKit-CSP
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
Report-To
X-Cloud-Trace-Context
EagleEye-TraceId
X-Response-Time
X-Backend-Server
Request-Id
X-Host
X-Node
Content-Location
X-Readtime
X-Origin-Cache
X-Vhost
X-Cache-Lookup
X-Application-Context
X-ORACLE-DMS-ECID
X-Dispatcher
X-DataDome
NEL
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Rack-Cache
Surrogate-Control
X-HW
X-Dns-Prefetch-Control
Rating
Allow
X-Country-Code
X-Clacks-Overhead
X-Country
X-Url
X-FTR-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DynaTrace
X-Instart-Request-ID
X-MS-InvokeApp
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
X-Goog-Hash
X-TTL
X-Vname
X-PC
X-TtlSet
X-Varnish-TTL
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
Public-Key-Pins
RTSS
X-Px
Edge-Control
X-Sol
X-Middleton-Response
X-Mod-Pagespeed
Display
X-Middleton-Display
Response
X-ESI
X-VARITI-CCR
X-Ah-Environment
X-Recruiting
X-CST
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
X-B3-TraceId
X-D2id
SPRequestGuid
X-SharePointHealthScore
Service-Worker-Allowed
X-Akam-SW-Version
X-Vcap-Request-Id
X-Version
Accept-Ch-Lifetime
SPIisLatency
SPRequestDuration
X-Server-Name
X-GitHub-Request-Id
TCN
X-Abt-Application-Version
MS-Author-Via
X-Powered-CMS
X-Navigation-Version
X-Shard
Accept-CH
X-Trace
Charset
Fastly-Restarts
X-Upstream
X-Amz-Server-Side-Encryption
X-RateLimit-Remaining
X-Debug
X-Aspnetmvc-Version
X-Amz-Rid
Nginx-Cache
Realpath
Ar-Sid
AR-PoweredBy
AR-CACHE
AR-ATIME
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Ezoic-Cdn
Front-End-Https
X-NF-Request-ID
X-VCache
X-Cached
X-Goog-Generation
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-MSEdge-Ref
AR-Request-ID
Pagespeed
Access-Control-Request-Method
X-Shield-Request-Id
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Arr-Disable-Session-Affinity
Mrf-Cache-Status
X-B3-TraceId-Primal
X-XRDS-Location
Content-MD5
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
MicrosoftSharePointTeamServices
Paypal-Debug-Id
X-Id
DynaTrace
X-Goog-Storage-Class
X-T
S
X-Amz-Meta-S3cmd-Attrs
X-FTR-Realm
X-Fastly-Request-ID
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
ServerID
X-Via-JSL
X-Varnish-Age
X-Ser
X-Client-IP
X-DynaTrace-JS-Agent
X-Content-Type
X-Dw-Request-Base-Id
X-Accel-Expires
X-Correlation-Id
X-Hits
X-Grace
X-Forwarded-For
Accept-Ch
X-Amzn-Trace-Id
Fastcgi-Cache
Powered
X-Content-Digest
X-Frontend
Edge-Cache-Tag
X-N
X-DIS-Request-ID
X-Mobile-Rewrite
Arc-Version
PB-RID
PB-PID
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-HS-Content-Id
X-HS-Hub-Id
Server-Name
X-Logged-In
X-Fastcgi-Cache
X-FastCGI-Cache
X-Server-ID
TP-Cache
TP-L2-Cache
Pinterest-Version
X-Pinterest-Rid
X-Microsite
X-Request-Processing-Time
X-Request-Handler-Origin-Region
X-Request-Received
X-Vcache
X-RateLimit-Limit
X-Kinsta-Cache
X-Zen-Fury
X-Time
X-Cache-Age
X-IPLB-Instance
X-Rid
X-Revision
X-AppVersion
X-Activity-Id
X-B3-Sampled
X-Az
X-Type
Backend-Timing
Healthy
X-Analytics
X-User-Agent
X-LB-Cache
X-GUploader-UploadID
X-Cache-Hit
X-Whom
Retry-After
X-Node-Name
FilterID
X-Srv
X-NWS-LOG-UUID
Server-Node
X-F-Cache
X-SERVER
Alternate-Protocol
Accept-Charset
X-Hp-Webp
Cache-Tag
X-Cache-2
X-Kong-Proxy-Latency
Cache-Status
X-Akamai-Edgescape
X-Kong-Upstream-Latency
X-B3-Traceid
X-Content-Options
X-Erf-Bev-Bev
X-Cache-Rule
X-Erf-Bev-Bev-Is-Generated
X-Webkit-CSP
X-Content-Security-Policy-Report-Only
Surrogate-Key
X-Amzn-RequestId
X-Amz-Apigw-Id
DC
Refresh
X-Tumblr-User
MS-CV
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel
X-Framework
X-Instance
X-Tumblr-Pixel-0
X-Content-Powered-By
VIX-Pulpo-Node
X-AOL-HN
Tracecode
Source
X-App-Environment
X-Varnish-Grace
X-Forwarded-Host
Access-Control-Allow-Method
X-Debug-Info
X-Jobs
X-Cluster
X-PHP-Backend
Fastcgi-Useragent
X-Page-Id
X-TA-CDN-Provider
X-FB-Debug
X-App-Server
X-Request-Guid
X-Cache-TTL
X-B
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Server
Host
Frame-Options
Actual-Object-TTL
X-Mobile-URL
X-Cache-Operation
X-Seen-By
NR-ENABLED
X-Hostname
X-Cache-Key
X-Geo-Country
X-Cache-Control
Cleartype
X-B-Cache
X-Signature
X-Host-Name
X-Cached-By
X-BCube-Filmed-By
X-Pad
X-Mobile
Upgrade-Insecure-Requests
X-Git-Hash
X-Acc-Meta-Resource-Type
X-Varnish-Backend
NGB
X-TT
X-Response-Served-From
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
GEO-INFO
X-ATG-Version
X-Adobe-Content
X-Adobe-Loc
WPE-Backend
X-TT-TIMESTAMP
X-RTag
Ms-Operation-Id
X-Presslabs-Stats
X-Tumblr-Pixel-1
X-Daa-Tunnel
X-Tumblr-Pixel-2
X-UA-Device-Type
X-ProcessESI
X-Drupal-Cache-Tags
Cache-Tv-Group
Eomportal-Instance
Webserver
X-GeoIP
X-RemovedCookies
Filters
X-Handled-By
X-RequestSource
From-Origin
Payment
X-Cacheable-TTL
X-Cache-Remote
X-TX-ID
X-EdgeConnect-Cache-Status
X-Origin-Server
Liferay-Portal
X-Status
Xserver
X-Cache-TTL-Remaining
X-FW-Dynamic
X-WA-Info
X-Esi
Accept-CH-Lifetime
X-Wix-Request-Id
X-Element-Page-Cache
X-HS-Cache-Config
X-Cache-Action
X-Hyper-Cache
X-Edge-Location
X-Contextid
X-Region
X-Ratelimit-Reset
X-Content-Age
Viewport
Datacenter
Version
Cache
X-XRDS-LOCATION
X-Storage
X-CF-Powered-By
Ohc-File-Size
X-Varnish-Hostname
PageSpeed
X-Cache-NE
X-Accel-Buffering
X-Akamai-Transformed
X-Cache-Server
X-ES-SERVER
X-Path-Route
X-RN-RSRV
Meta-Geo
X-Cache-Var-Map
Load-Balancing
X-Varnish-Server
X-Cache-Var
Host-Header
X-IP
X-Proto
X-Proxy
X-PressLabs-Stats
S-Cnection
Cache-Name
Cache-Tags
Ohc-Cache-HIT
X-NCache
TWC-Connection-Speed
X-Section
X-Viewer-Country
X-TNCMS
X-Varnish-Cache-Hits
Ec-Rule-Version
X-Via-Fastly
X-Cluster-Node
Country
Property-Id
Release
X-Device-Type
X-Yottaa-Metrics
X-Yottaa-Optimizations
Rt-Fastcgi-Cache
X-Tumblr-Pixel-3
TWC-Device-Class
Vix-Hermes-Req-Id
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Cache-Hits
X-Cache-Config
X-Origin-Hint
X-Akamai-Request-ID
X-Akamai-Request-ID2
X-Loop
X-Access
Webcakes-App-Version
Webcakes-Region
X-Cache-Enabled
X-Origin-Response-Time
TWC-GeoIP-Country
X-Origin
X-Labrador-Cache-Channel
X-Time-Microsecs
X-Cache-Time
X-Human
X-Backend-TTL
X-R9-Blue-Green-Version
DSUID
X-Rule
X-Backend-Name
X-Xfnlog-Site
X-ApacheServer
DB-Nickname
Decoy-Debug-Key
X-Format
Decoy-Debug-TTL
Decoy-Debug-Status
X-OCL
X-VCT
X-PCL
X-Www-Served-By
X-Web-Node
X-Debug-Cache
X-PERF
X-Upgrade-Enabled
X-UnsetCookies
X-Cache-Grace
X-CS
X-Proxy-Build
X-Timing-Wait
Mn-Server-Ip
X-Cache-Host
S-Rt
X-FC-Vary-Parameters
X-Trace-Id
X-Drupal-Cache-Contexts
Selected-Fe
X-Ttl
Azure-InstanceId
X-Generated
X-EIG-Tracking-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-CCM
X-Hosted-By
X-Vgn-Hpd-Reason
X-Site-Version
X-Locale
X-NewRelic-App-Data
X-Hit
X-JoinUs
Azure-SiteName
Cache-Key
Azure-RegionName
Azure-Version
Azure-SlotName
X-HS-Combine-CSS
Server-Info
X-FireWall-Port
Time
X-Upstream-HT
X-Tec-Api-Root
X-NGENIX-Cache
X-Tec-Api-Origin
X-Upstream-CT
X-From
X-Tec-Api-Version
X-OVcl-Cache
X-S
X-OVcl
X-Rendered-As
X-Varnish-Hits
X-Real-IP
X-FW-Version
Now
X-Pubstack
L5d-Success-Class
X-Upstream-Proxy
X-Ua
X-Litespeed-Cache
X-SS-Set-Cookie
Origin-Cache-Control
Origin-Edge-Control
Fastcgi-X-Cache-Version
X-APP-VERSION
OT-Force-Account-Verify
X-Redis-Cache
Hostname
ServedBy
Access-Control-Request-Headers
X-FB-TRIP-ID
X-VG-TLSProxy
Cteonnt-Length
Fastly-SSL
Origin
X-VG-WebCache
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
Accept-Language
X-Sorting-Hat-ShopId
X-Shopify-Stage
NtCoent-Length
X-Cluster-Name
X-Alternate-Cache-Key
X-Parent-Response-Time
X-Origin-CC
X-Origin-TTL
X-UUID
X-Load-Cache
X-ServerID
Machine
X-Tb
X-Soup
X-GoCache-CacheStatus
X-Rocket-Nginx-Bypass
X-Trafficlayer-App-Scope
X-Tt-Trace-Tag
Mime-Version
X-App-Version
X-Trafficlayer-App-Name
X-B3-Spanid
X-No-Session
Nel
X-Environment-Context
X-L-Path
X-CSRF-TOKEN
NGX
X-ECACHE
X-Is-Bot
X-Guploader-Uploadid
IBM-Web2-Location
X-B3-Parentspanid
X-CACHE-KEY
X-NC
X-Uri
X-UA
SRV
Odigeo-Trace-Id
X-MServer
X-Oneagent-Js-Injection
Content-Script-Type
Cache-Prefix
BehaviorPad-Version
AsisCache
X-Node-Id
A
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Cross-Origin-Window-Policy
Apple-News-Services-Parsed-Url
Arc-Country
Apple-News-Services-Host
Content-Style-Type
X-A-Ccd
X-DPWN-IS-SECURE
X-Developer
X-External-Request-Id
X-G
X-Hl-Ver
X-Detected-As
X-Destination
X-Connection-Hash
X-Vtex-Remote-Cache
X-D
X-Vtex-Processado-Em
X-Date
X-Instart-Info
X-PAYTM-SRV-ID
X-Transaction
X-SRCache-Key
X-Trv-Group
X-Twitter-Response-Tags
X-VG-WebServer
X-Server-Time
X-ScT
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-CF-Lambda-Version
X-CF-Lambda-Fn
Rt-Proxy-Cache
Rendered-Blocks
ServerName
T-Server
Viewtype
Node
Mobile-Detection-Method
GEO-REGION-INFO
Fly-Request-Id
MD5-Digest
Memcached
Meta-Geo-Continent
VivaBuild
X-A
X-Application
X-AIR-PT
X-ARC
X-Worker
X-B-Cookie
X-Aed
Xc-Version
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
Fly-Cache
X-Accel-Expires-Debug
X-Magnolia-Registration
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
Request-Time
Proxy-Connection
X-GEO
Mail-Subject
Backend-Name
CF-IPCountry
We-Hiring
Akamai-GRN
Srv
X-Origin-Date
X-ProxyCache-Status
X-ProxyCache-Key
Uber-Trace-Id
X-Cms-Context
X-BYPASS-REASON
X-S-Maxage
X-Origin-Expires
X-Azure-Ref-OriginShield
X-CUA
X-Cache-Bucket
X-Release
N-Cache
X-Cdn-Srv
X-JWT-State
X-Is-Gdpr
X-SVT-ORM-VERSION
X-Var-Ttl
X-VC-Cache
X-Developers
Fastly-Soc-X-Request-Id
Request-EU
Request-Country
X-Has-Esi
X-Azure-Ref
X-SVT-ORM-RULES
X-Nginx-Cache
User-Cache-Control
X-Generated-By
X-Device-Os
X-Debug-Cache-Fetch
X-Dispatch
X-Distil-CS
X-Clientip
X-AWS-Id
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Log
X-Debug-Cache-Expiry
X-Backend-Url
Wxu-Next-Hostname
Wxu-Next-Region
X-LJ-Flow-ID
Wxu-Next-Commit
Thinkindot-Control
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Auto-Login
X-Backend-Host
X-Cache-Info
X-Cdn-Origin
X-CGP
X-C
X-Block-Status
X-BBXSRF
X-Bip
X-Clara-WADP
X-B3-SpanId
X-Swa-Ws
X-Thanos
X-Thinkindot-L3
X-TrackingId
X-Sn-Servicetimems
X-Skip-Cache
X-Server-IP
X-Service
X-SIPLIST1
X-Up
X-Urbn-Context-Path
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Compress-Hint
X-We-Are-Hiring
X-WADP-Cache
X-Urbn-Site-Id
X-User
X-VServer
X-Dc
X-Reqid
X-Geo-Header
X-Hash
X-Hnp-Log
X-IN-APIGATEWAY
X-Generation-Time
X-Generated-On
X-Eu-Site
X-Fastly-Cache
X-Gen-Mode
X-IN-APIGATEWAYSSL
Served-By
X-Proxy-Upstream
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Proxy-Cache-Status
X-NX-Host
X-Level-Front-Cache
X-Location
X-Matched-Rule
X-ElasticPress-Search
X-Irp-Debug
Countrycode
Pagetype
Fastly-SIE
Content-Disposition
CDCHOST
X-VWS-Id
L
Fastly-SWR
Gh-Request-Id
Locale
Kp-EeAlive
IsBot
Heartbleed
Ha-Gx-Prefs
HA-Ipaddr
AKAMAI
Pramga
X-Info
Section-Io-Cache
X-Microcachable
X-Geo
X-Servername
X-Fetched-On
X-Generated-In
X-SayCDN-TTL
X-GeoIP-City
X-Nc
Esi-Enabled
X-Epic-Correlation-Id
X-Distributor
X-Variation
X-Core-Mission
X-Via-CDN
X-WebServer
Is-Eu
X-NWS-UUID-VERIFY
X-Say-TTL
X-Dispatcher-Server
X-ServiceProvider
X-Edge-Server
Cdn-Host
X-Platform-Server
X-PHP-Host
X-Owner
X-Old-Content-Length
X-Policy
X-Qloud-Router
X-Request-URI
Adler-Geo
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Nginx-Cache-Key
X-Method
X-Say-Cacheable
X-Lb-Id
X-Key
X-Request-Start
X-Li-Fabric
X-Li-Pop
Cache-Provider
X-LI-UUID
X-LI-Proto
Cdn-Request-Time
X-Mode
PFcat
Web-Mar-Node
X-Cache-FS-Status
True-Client-Country-4JS
X-Cache-Id
Memory
RNT-Machine
X-Backend-State
Platform
X-App-Name
X-Amz-Meta-Cache-Control
RNT-Time
W
Server-Int
Magicmarker
X-Cdn-Forward
Resin-Trace
X-GDPR
X-MSEdge-Features
X-MSEdge-Flight
X-Ratelimit-Limit
Server-ID
X-Internal-Host
X-SD-PageType
V-Age
SD-X-WS
X-DataStream-Cache-Status
X-Request-Time
X-Svr
X-FPC
X-Org
X-Be
SS
X-Hello
X-ABtesting
X-Flog
REQUESTUUID
X-Cache-URL
X-Instart-Isnd
X-DC
X-Wa
X-Scheme
X-IPS-LoggedIn
X-Processor
X-Cache-Backend
X-Servedbyhost
Country-Code
X-Response-By
X-Unique-ID
X-Datadome
X-NodeID
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Group
X-RateLimit-Reset
X-Routing-Service
X-Proxied
X-Zipkin-Id
X-Pjax-Url
X-CDN-Forward
X-Page-Type
X-Server-W
Cache-Host
UCS
X-VCL-Version
X-SN
X-Ruxit-Js-Agent
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
PICS-Label
X-Oracle-Dms-Rid
X-Oss-Storage-Class
X-Oss-Server-Time
X-MP-GENERATED-AT
X-Webkit-Csp
Ajk
X-Logtrace-Id
X-Ftr-Request-Id
X-Dynatrace-Js-Agent
X-Varnish-Beresp-Ttl
X-Ms-Request-Id
X-HS-Status
XServer
X-SRV
X-Ms-Version
X-Tb-Optimization-Total-Bytes-Saved
X-DataStream-MidMile-RTT
X-Zone
X-DataStream-Origin-MEX-Latency
X-EC-Lua
ProcessTime
X-Dynatrace
X-URL
Powered-By-ChinaCache
X-Varnish-Beresp-Grace
X-COUNTRY
X-Varnish-Beresp-Status
X-Via-Ucdn
Proxy-Firewall
X-GRACE
X-Source
GeoIp-Country-Code
SN
X-ZONE
Geoip-Latitude
CACHE
Geoip-City
Lfy
X-Pf-Uncompressing
X-APP
Ttl
X-HTML-Minification-Powered-By
Powered-By
X-Session-Fingerprint
X-Ratelimit-Remaining
X-Varnish-Beresp-TTL
X-Grey
X-Cache-Category-Id
X-Agile
X-Agile-Age
X-Cache-Debug
X-Agile-Id
X-Newrelic-Synthetics
X-PF-Uncompressing
X-Fastly-Country-Code
GeoIP-City
GeoIP-Country-Code
X-TH-Server
Dynatrace
GeoIP-Latitude
X-NODE
X-Sucuri-Id
Fastly-Backend-Name
X-7Graus-Varnish-XKeys
X-Logging-Id
X-Ftr-Cache-Host
X-7Graus-Varnish-Cache-Control
X-LiteSpeed-Cache-Control
X-CSRF-Token
X-Bc
X-Cache-Miss-From
Cdn
Environment
X-Aicache-OS
X-Sedo-Request-Id
X-Tt-Trace-Host
X-Check-Cacheable
MIME-Version
CF-Cached-On
X-Unique-Id
X-Sucuri-ID
X-Edge
GW-Server
Pics-Label
M-TraceId
X-LAGOON
Cf-Ipcountry
LB
WWW
X-Vcl-Version
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Dc
X-Ftr-Realm
X-Ftr-Backend
X-Secret
X-Gannett-Site-Version
X-Mid
X-RCS-CacheZone
X-Core-Value
Ohc-Response-Time
Requestid
X-Varnish-Url
X-UPSTREAM-Address
X-Fastly-Backend-Reqs
X-NGINX-Cache
X-BC
X-Varnish-Ttl
X-FORWARDED-FOR
X-Vdms-Version
WZWS-RAY
X-PJAX-URL
Cdncip
DataCenter
X-AK-Request-ID
X-Cache-Tag
Cdnsip
X-MCACHE
X-Sucuri-Cache
Amp-Access-Control-Allow-Source-Origin
HostName
X-Sigma
X-Rocket-Build-Number
X-Varnish-Cacheable
X-Litespeed-Cache-Control
X-Sigma-Backend
On-Server
X-CDN-Cache
X-Fstrz
X-TT-LOGID
X-Swift-Error
Lb
X-Planisys-CDN-Cache
Pragrma
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Shopify-Generated-Cart-Token
X-Action
X-DB
X-DI
X-RSL
X-BE
X-RPM
X-DW
X-DSS
X-RPS
Xkeyrz
X-GeoIP-Country-Code
X-ServedByHost
X-Cache-Ttl
X-Proxy-Cacherz
User-Agent
URI
X-Akamai-SSL-Client-Sid
CDN
Inserted-Into-Cache-At
X-WA
RequestUuid
Host-ID
X-Via-NSCOPI
X-Webapp-Samesite-None-Activated-N
X-Correlation-ID
X-Crawler
X-Fastly-Cache-Hits
Who
X-WR-MODIFICATION
X-NU-AKA-ACS-Version
SID
X-Fpc
X-Zalando-Child-Request-Id
Xkeypdq
X-Flow-Id
X-Page-Impression-Id
Get-Access-Time
TTL
Server-Id
Warning
Is-Session-Tracking
Correlation-Id
X-Render-Time
X-Nananana
X-FE
X-Refresh
X-ECache
X-MID
X-VC
X-SB
X-ND-Cache
X-Cf-Powered-By
X-ORACLE-APMCS-TAG
X-SaId
X-ORACLE-APMCS-REQUEST-ID
X-Bug-Bounty
HitType
X-MiniProfiler-Ids
Cneonction
X-Trafficlayer-App-Version
X-Akamai-ERPolicy
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Dw-Trace-Id
X-Akamai-ERRuleID
X-ServerName
V-Cache
X-Newrelic-App-Data
FNAC-ModuleRouting
Xet-Cookie
X-LB-ID
X-Gen-Id
X-Request-URL
RequestId
X-LiteSpeed-Tag
Processtime
X-Gdpr