Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
Content-Encoding
X-Content-Security-Policy
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
X-Request-ID
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-CDN
X-Page-Speed
X-Ua-Compatible
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-UA-Device
X-Hacker
X-Server
Request-Context
X-Nginx-Cache-Status
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
X-Amz-Version-Id
Feature-Policy
X-Server-Id
X-Device
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
Report-To
X-Cloud-Trace-Context
EagleEye-TraceId
X-Response-Time
Request-Id
X-Backend-Server
X-Host
X-Node
Content-Location
X-Readtime
X-Origin-Cache
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-ORACLE-DMS-RID
X-DataDome
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Rack-Cache
Surrogate-Control
X-HW
Allow
Rating
X-Country-Code
X-Dns-Prefetch-Control
X-Clacks-Overhead
X-FTR-Request-ID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
X-Url
X-DynaTrace
X-Instart-Request-ID
X-MS-InvokeApp
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-Goog-Hash
X-TTL
X-Vname
X-PC
X-TtlSet
X-Varnish-TTL
X-Powered-By-Plesk
Pinterest-Generated-By
Verso
RTSS
Public-Key-Pins
X-Px
Edge-Control
X-Mod-Pagespeed
X-VARITI-CCR
X-Middleton-Display
Response
Display
X-Sol
X-Middleton-Response
X-CST
X-B3-TraceId
X-Recruiting
X-Kinja
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-D2id
X-SharePointHealthScore
SPRequestGuid
X-ESI
Service-Worker-Allowed
X-Ah-Environment
X-Akam-SW-Version
X-Vcap-Request-Id
X-Version
SPIisLatency
SPRequestDuration
X-Server-Name
X-GitHub-Request-Id
MS-Author-Via
X-Abt-Application-Version
X-Powered-CMS
X-Navigation-Version
TCN
Accept-Ch-Lifetime
Accept-CH
X-Shard
X-Trace
Charset
X-Upstream
Fastly-Restarts
X-Amz-Server-Side-Encryption
Nginx-Cache
Realpath
X-Amz-Rid
AR-ATIME
Ar-Sid
AR-CACHE
X-Debug
AR-PoweredBy
X-RateLimit-Remaining
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Aspnetmvc-Version
X-Ezoic-Cdn
X-VCache
X-Cached
Front-End-Https
X-NF-Request-ID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
Pagespeed
X-MSEdge-Ref
AR-Request-ID
X-Shield-Request-Id
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-XRDS-Location
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
Access-Control-Request-Method
X-FTR-Cache-Status
X-Country-Code-Real
MicrosoftSharePointTeamServices
X-FTR-Expires
Content-MD5
Paypal-Debug-Id
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-T
S
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-Fastly-Request-ID
ServerID
DynaTrace
X-Varnish-Age
X-Via-JSL
X-Client-IP
X-Ser
X-Content-Type
X-Dw-Request-Base-Id
X-DynaTrace-JS-Agent
X-Hits
X-Correlation-Id
X-Accel-Expires
X-Grace
X-FastCGI-Cache
X-Amzn-Trace-Id
Fastcgi-Cache
Powered
X-Content-Digest
X-SERVER
X-Frontend
X-DIS-Request-ID
Accept-Ch
AMP-Access-Control-Allow-Source-Origin
X-Forwarded-For
PB-PID
PB-RID
X-N
X-Mobile-Rewrite
Arc-Version
X-FTR-Cache-Host
Edge-Cache-Tag
Server-Name
X-HS-Hub-Id
X-HS-Content-Id
X-Logged-In
TP-L2-Cache
TP-Cache
X-GUploader-UploadID
X-RateLimit-Limit
X-Pinterest-Rid
Pinterest-Version
X-Request-Received
X-Request-Handler-Origin-Region
X-Microsite
X-Request-Processing-Time
X-Server-ID
X-Webkit-CSP
X-Zen-Fury
X-B3-Sampled
X-Vcache
X-Cache-Age
X-Kinsta-Cache
X-Type
X-Rid
X-Revision
X-IPLB-Instance
X-Time
X-Activity-Id
X-AppVersion
X-Az
X-User-Agent
Backend-Timing
Healthy
X-LB-Cache
X-Analytics
X-Fastcgi-Cache
X-Whom
Retry-After
X-Cache-Hit
X-Node-Name
X-Srv
FilterID
Server-Node
X-NWS-LOG-UUID
X-F-Cache
Alternate-Protocol
Accept-Charset
X-Hp-Webp
X-Cache-2
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-Rule
X-Akamai-Edgescape
Cache-Tag
X-Content-Options
Cache-Status
X-Amzn-RequestId
X-B3-Traceid
X-Amz-Apigw-Id
X-Content-Security-Policy-Report-Only
Surrogate-Key
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
DC
Refresh
X-Tumblr-Pixel-0
Tracecode
X-Instance
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
X-Forwarded-Host
X-Tumblr-User
X-AOL-HN
VIX-Pulpo-Node
X-Tumblr-Pixel
X-Varnish-Grace
MS-CV
X-Debug-Info
X-App-Environment
X-Jobs
X-Framework
Access-Control-Allow-Method
Source
X-Cluster
X-PHP-Backend
X-Page-Id
X-FB-Debug
X-Request-Guid
Fastcgi-Useragent
X-Cache-TTL
X-FW-Hash
X-B
X-FW-Serve
X-FW-Static
X-FW-Type
X-App-Server
X-FW-Server
Frame-Options
X-Cache-Operation
Host
Actual-Object-TTL
X-TA-CDN-Provider
X-Cache-Key
X-Mobile-URL
X-Seen-By
X-Hostname
X-Geo-Country
X-Cache-Control
Cleartype
NR-ENABLED
X-B-Cache
X-Signature
X-Host-Name
X-BCube-Filmed-By
X-Cached-By
X-Acc-Meta-Resource-Type
Upgrade-Insecure-Requests
X-Mobile
X-Varnish-Backend
X-Pad
X-TT
X-Git-Hash
NGB
X-Esi
X-Response-Served-From
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
X-Presslabs-Stats
Accept-CH-Lifetime
X-Adobe-Content
GEO-INFO
X-Adobe-Loc
WPE-Backend
X-ATG-Version
X-Handled-By
X-GeoIP
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-Drupal-Cache-Tags
Webserver
X-Tumblr-Pixel-1
Cache-Tv-Group
Payment
X-RequestSource
X-RTag
Ms-Operation-Id
Eomportal-Instance
Filters
From-Origin
X-ProcessESI
X-RemovedCookies
X-Cacheable-TTL
X-Cache-Remote
Liferay-Portal
X-UA-Device-Type
X-TX-ID
X-Status
X-Origin-Server
X-Cache-TTL-Remaining
X-Daa-Tunnel
X-EdgeConnect-Cache-Status
X-FW-Dynamic
X-WA-Info
X-Wix-Request-Id
X-Cache-Action
X-Content-Age
X-Edge-Location
X-Hyper-Cache
X-HS-Cache-Config
X-Contextid
Viewport
X-Element-Page-Cache
Datacenter
Xserver
X-Region
X-CF-Powered-By
X-Storage
Version
X-Ttl
X-Ratelimit-Reset
X-Varnish-Hostname
Cache
X-XRDS-LOCATION
Ohc-File-Size
X-Accel-Buffering
X-Akamai-Transformed
X-Cache-NE
X-Tec-Api-Version
PageSpeed
X-Tec-Api-Origin
X-Tec-Api-Root
Host-Header
X-RN-RSRV
X-Path-Route
Meta-Geo
Load-Balancing
X-Varnish-Server
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
X-Cache-Server
X-IP
X-Cache-Enabled
X-Proxy
S-Cnection
X-Proto
Cache-Tags
Cache-Name
Ec-Rule-Version
Cache-Hits
Vix-Hermes-Req-Id
TWC-GeoIP-LatLong
X-Yottaa-Optimizations
X-Yottaa-Metrics
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
Property-Id
Release
Rt-Fastcgi-Cache
TWC-Privacy
Mn-Server-Ip
Webcakes-Region
X-Varnish-Cache-Hits
X-Origin-Hint
X-NCache
Webcakes-App-Name
X-Origin-Response-Time
X-Tumblr-Pixel-3
X-Loop
X-Cluster-Node
X-R9-Blue-Green-Version
X-CS
X-Cache-Config
X-Device-Type
Ohc-Cache-HIT
X-Akamai-Request-ID
X-Access
Webcakes-App-Version
X-Akamai-Request-ID2
X-TNCMS
X-NewRelic-App-Data
X-Section
X-Time-Microsecs
X-Drupal-Cache-Contexts
X-EIG-Tracking-Id
X-Format
X-Cache-Time
X-Rule
X-FC-Vary-Parameters
Decoy-Debug-Status
DB-Nickname
Country
X-Upgrade-Enabled
Decoy-Debug-Key
Decoy-Debug-TTL
X-Upstream-CT
DSUID
X-Upstream-HT
Azure-Version
X-Origin
X-Cache-Grace
X-PERF
X-Timing-Wait
X-Backend-TTL
X-Trace-Id
X-ApacheServer
X-Backend-Name
X-Labrador-Cache-Channel
X-Www-Served-By
X-UnsetCookies
X-Cache-Host
X-Via-Fastly
S-Rt
X-Proxy-Build
X-Web-Node
X-Human
X-Viewer-Country
X-VCT
Selected-Fe
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Azure-SiteName
X-PressLabs-Stats
X-Goog-Meta-Goog-Reserved-File-Mtime
X-From
X-Hosted-By
X-Generated
X-OCL
X-Site-Version
X-PCL
X-Debug-Cache
X-JoinUs
X-Locale
Cache-Key
X-Hit
X-FireWall-Port
X-Vgn-Hpd-Reason
Server-Info
X-Xfnlog-Site
Time
X-Varnish-Hits
X-CCM
X-HS-Combine-CSS
X-Rendered-As
X-S
X-Upstream-Proxy
X-OVcl
X-OVcl-Cache
X-FW-Version
X-SS-Set-Cookie
X-Real-IP
X-NGENIX-Cache
X-APP-VERSION
L5d-Success-Class
X-Pubstack
Now
Origin-Cache-Control
OT-Force-Account-Verify
Origin-Edge-Control
Fastcgi-X-Cache-Version
X-Redis-Cache
X-Ua
X-Litespeed-Cache
Access-Control-Request-Headers
ServedBy
Hostname
X-VG-TLSProxy
X-FB-TRIP-ID
Origin
Cteonnt-Length
Fastly-SSL
X-VG-WebCache
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Parent-Response-Time
X-Sorting-Hat-ShopId
X-ShopId
Accept-Language
X-Alternate-Cache-Key
X-ShardId
X-UUID
X-Cluster-Name
X-Origin-TTL
X-B3-Spanid
X-Origin-CC
X-Tb
Machine
X-GoCache-CacheStatus
X-Load-Cache
X-ServerID
NtCoent-Length
X-Soup
X-NC
X-Rocket-Nginx-Bypass
X-Tt-Trace-Tag
X-L-Path
X-No-Session
X-Environment-Context
IBM-Web2-Location
X-ECACHE
X-CSRF-TOKEN
SRV
X-App-Version
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
NGX
X-Is-Bot
X-UA
Nel
X-B3-Parentspanid
X-Uri
CF-IPCountry
Mime-Version
X-MServer
X-Amzn-Remapped-Content-Length
X-Magnolia-Registration
X-GEO
X-DataStream-Cache-Status
X-CACHE-KEY
GEO-REGION-INFO
Fly-Request-Id
Cache-Prefix
Apple-News-Services-Request-Url
Arc-Country
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
AsisCache
MD5-Digest
Content-Style-Type
Cross-Origin-Window-Policy
Content-Script-Type
A
BehaviorPad-Version
Fly-Cache
X-A-Dam
X-DPWN-IS-SECURE
X-Detected-As
X-External-Request-Id
X-G
X-Hl-Ver
X-Destination
X-Date
X-CF-Lambda-Version
X-Connection-Hash
X-Vtex-Processado-Em
X-D
X-Instart-Info
X-PAYTM-SRV-ID
X-SRCache-Key
X-Server-Time
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-ScT
X-S-Cookie
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-CF-Lambda-Fn
X-B-Cookie
T-Server
ServerName
Viewtype
Xc-Version
VivaBuild
Rt-Proxy-Cache
Rendered-Blocks
Meta-Geo-Continent
Mobile-Detection-Method
Node
Odigeo-Trace-Id
X-A
X-A-Ccd
X-AIR-PT
X-Application
X-Worker
X-Vtex-Remote-Cache
X-Aed
X-Accel-Expires-Debug
X-VG-WebServer
X-A-Dcw
X-A-Dgt
X-A-Wwc
Memcached
X-ARC
Mail-Subject
Akamai-GRN
Request-Time
We-Hiring
Proxy-Connection
X-Endurance-Cache-Level
X-Nginx-Cache
Backend-Name
X-Generated-By
X-Oneagent-Js-Injection
X-Var-Ttl
X-VC-Cache
X-Cdn-Srv
X-Release
X-Azure-Ref
X-SVT-ORM-RULES
X-Up
X-Cache-Bucket
Uber-Trace-Id
X-SIPLIST1
X-Developers
N-Cache
Fastly-Soc-X-Request-Id
X-Dc
X-Developer
Section-Io-Cache
X-Node-Id
X-CUA
X-Origin-Expires
X-SVT-ORM-VERSION
X-Azure-Ref-OriginShield
X-Fastly-Cache
IsBot
X-S-Maxage
X-Origin-Date
X-VWS-Id
X-BYPASS-REASON
User-Cache-Control
X-AWS-Id
X-ProxyCache-Key
X-ProxyCache-Status
X-LJ-Flow-ID
X-Backend-Host
Pagetype
X-Block-Status
X-Core-Mission
X-NX-Host
X-Level-Front-Cache
X-C
X-Nginx-Cache-Key
X-Method
X-Matched-Rule
Request-Country
Pramga
X-BBXSRF
Request-EU
X-Location
X-Bip
X-Backend-Url
Thinkindot-CacheControl
Wxu-Next-Commit
Wxu-Next-Hostname
X-Gen-Mode
W
X-Dispatch
Wxu-Next-Region
X-Eu-Site
Srv
X-Distil-CS
X-ElasticPress-Search
X-App-Name
X-Generated-On
X-Generation-Time
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Server-Int
X-Irp-Debug
Server-Host
X-Hnp-Log
Thinkindot-CacheControl-Type
X-Geo-Header
X-Auto-Login
X-Hash
Thinkindot-Control
Served-By
Gh-Request-Id
X-Thinkindot-L3
AKAMAI
X-TrackingId
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Thanos
X-Swa-Ws
X-Service
X-Server-IP
X-Debug-Cache-Expiry
X-Skip-Cache
X-Sn-Servicetimems
X-User
X-CGP
X-Has-Esi
X-Wikidot-Static-Cache
X-Is-Gdpr
X-JWT-State
X-Compress-Hint
X-Wikidot-Backend
X-Webstats-RespID
X-VServer
X-Clientip
X-We-Are-Hiring
X-Cms-Context
X-Proxy-Cache-Status
X-Debug-Cache-Fetch
HA-Ipaddr
Heartbleed
Ha-Gx-Prefs
X-Debug-Cookies
X-Cdn-Origin
X-Debug-Log
X-Qloud-Router
Locale
Magicmarker
X-Proxy-Upstream
L
Kp-EeAlive
X-Rebelmouse-Cache-Control
X-Distributor
Esi-Enabled
Fastly-SIE
Countrycode
X-Mode
Content-Disposition
X-Rebelmouse-Surrogate-Control
Fastly-SWR
X-Reboot
X-Reqid
X-Cache-Info
X-Debug-Cache-Store
X-Info
X-Microcachable
X-Device-Os
X-Dispatcher-Server
X-PHP-Host
X-Request-URI
X-Say-Cacheable
X-Request-Start
X-RateLimit-Remaining-Second
X-Policy
X-RateLimit-Limit-Second
X-Say-TTL
X-SayCDN-TTL
X-WADP-Cache
X-WebServer
X-Via-CDN
X-Variation
X-Servername
X-ServiceProvider
X-Platform-Server
X-Owner
X-B3-SpanId
X-Internal-Host
X-GeoIP-City
X-Generated-In
X-Epic-Correlation-Id
X-Fetched-On
X-Key
X-Li-Fabric
X-MSEdge-Flight
X-Old-Content-Length
X-MSEdge-Features
X-LI-Proto
X-Li-Pop
X-Edge-Server
X-LI-UUID
Cache-Provider
CDCHOST
X-Guploader-Uploadid
X-Amz-Meta-Cache-Control
Adler-Geo
Cdn-Host
RNT-Time
Platform
PFcat
Memory
Is-Eu
RNT-Machine
X-Backend-State
Cdn-Request-Time
X-Cache-FS-Status
X-Clara-WADP
X-Cache-Id
X-NWS-UUID-VERIFY
X-SD-PageType
True-Client-Country-4JS
X-GDPR
Web-Mar-Node
X-Lb-Id
X-Geo
V-Age
SD-X-WS
X-Request-Time
Resin-Trace
X-Ratelimit-Limit
X-Cdn-Forward
X-COUNTRY
X-Org
Server-ID
X-FPC
X-Be
X-URL
X-Hello
REQUESTUUID
X-Wa
X-Cache-URL
X-Svr
SS
X-ABtesting
X-Flog
X-Nc
X-Instart-Isnd
X-RateLimit-Reset
X-IPS-LoggedIn
X-DC
Country-Code
X-Scheme
X-Unique-ID
X-Response-By
X-Servedbyhost
X-CDN-Forward
X-Cache-Backend
Cache-Cookie-Set-Lfrom
X-Proxied
X-Routing-Service
X-Processor
X-Zipkin-Id
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Dynatrace-Js-Agent
XServer
X-Datadome
X-NodeID
X-Page-Type
Group
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
UCS
X-VCL-Version
X-Pjax-Url
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-SN
X-Oss-Server-Time
X-MP-GENERATED-AT
PICS-Label
X-Server-W
X-Oss-Request-Id
X-Oss-Object-Type
X-Ruxit-Js-Agent
ProcessTime
CACHE
Powered-By-ChinaCache
Cache-Host
Ajk
X-Tb-Optimization-Total-Bytes-Saved
X-Oracle-Dms-Rid
X-Logtrace-Id
Dynatrace
X-Ratelimit-Remaining
X-Varnish-Beresp-Ttl
X-Webkit-Csp
X-Ftr-Request-Id
X-HS-Status
X-SRV
Proxy-Firewall
X-Via-Ucdn
X-ZONE
X-HTML-Minification-Powered-By
X-Zone
X-Dynatrace
X-Pf-Uncompressing
X-Ms-Request-Id
X-Ms-Version
Powered-By
X-Varnish-Beresp-Grace
Geoip-Latitude
X-Varnish-Beresp-Status
Geoip-City
GeoIp-Country-Code
SN
X-EC-Lua
X-Varnish-Beresp-TTL
X-GRACE
X-Source
X-Newrelic-Synthetics
Ttl
X-Session-Fingerprint
X-Cache-Category-Id
X-Grey
Lfy
X-Agile
X-APP
X-Agile-Age
X-Agile-Id
X-TH-Server
GeoIP-City
X-PF-Uncompressing
GeoIP-Country-Code
X-Fastly-Country-Code
X-Cache-Debug
GeoIP-Latitude
Fastly-Backend-Name
MIME-Version
X-NODE
X-Check-Cacheable
X-LiteSpeed-Cache-Control
X-7Graus-Varnish-XKeys
X-Sucuri-Id
X-Ftr-Cache-Host
X-Logging-Id
X-7Graus-Varnish-Cache-Control
X-Bc
X-CSRF-Token
GW-Server
X-Tt-Trace-Host
Cdn
X-Cache-Miss-From
Environment
X-Sedo-Request-Id
X-FORWARDED-FOR
X-Sucuri-ID
X-Edge
Pics-Label
X-LAGOON
CF-Cached-On
X-Aicache-OS
LB
X-Unique-Id
X-Varnish-Url
X-RCS-CacheZone
WWW
M-TraceId
X-PJAX-URL
X-Secret
X-Gannett-Site-Version
X-BC
X-Core-Value
X-Ftr-Realm
X-Ftr-Balancer
X-Ftr-Backend
X-Ftr-Dc
X-Ftr-Backend-Server
Requestid
Ohc-Response-Time
X-Vcl-Version
X-Fastly-Backend-Reqs
WZWS-RAY
X-Mid
Cf-Ipcountry
X-NGINX-Cache
X-Cache-Tag
X-MCACHE
DataCenter
On-Server
X-Varnish-Ttl
Cdnsip
X-AK-Request-ID
X-Sucuri-Cache
X-TT-LOGID
Cdncip
X-Varnish-Cacheable
X-CDN-Cache
X-Swift-Error
X-Vdms-Version
X-UPSTREAM-Address
Amp-Access-Control-Allow-Source-Origin
X-Fstrz
X-Akamai-SSL-Client-Sid
User-Agent
HostName
X-Sigma-Backend
X-GeoIP-Country-Code
X-Sigma
X-Litespeed-Cache-Control
X-Rocket-Build-Number
Lb
Inserted-Into-Cache-At
X-Planisys-CDN-Rules
X-Action
URI
X-Cache-Ttl
Pragrma
X-Planisys-CDN-Cache
X-BE
X-Planisys-CDN-TTL
X-DB
X-RPM
Xkeyrz
CDN
X-Proxy-Cacherz
X-RSL
X-DW
X-RPS
X-DI
X-DSS
X-Shopify-Generated-Cart-Token
X-NU-AKA-ACS-Version
RequestUuid
X-Crawler
X-ServedByHost
Host-ID
Who
SID
X-Via-NSCOPI
X-Correlation-ID
Get-Access-Time
Xkeypdq
Is-Session-Tracking
X-WA
X-Render-Time
X-WR-MODIFICATION
TTL
X-Fpc
X-Flow-Id
Warning
Server-Id
X-Zalando-Child-Request-Id
X-Fastly-Cache-Hits
X-Page-Impression-Id
X-Amzn-Remapped-Date
X-ND-Cache
X-Amzn-Remapped-Connection
X-Refresh
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-MID
Correlation-Id
FNAC-ModuleRouting
X-FE
X-LB-ID
X-Nananana
X-VC
X-SB
X-Cf-Powered-By
HitType
X-Newrelic-App-Data
X-Trafficlayer-App-Version
X-Micro-Cache
X-Fe
X-Bug-Bounty
X-ServerName
X-MiniProfiler-Ids
X-Gdpr
X-Request-URL
V-Cache
X-Cdn-Request-ID
RequestId
X-Dw-Trace-Id
Cneonction
X-LiteSpeed-Tag
Xet-Cookie
Processtime
X-Gen-Id
X-ECache