Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Xss-Protection
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
Content-Encoding
X-Content-Security-Policy
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Request-ID
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Ua-Compatible
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
X-CDN
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Server
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
X-Amz-Version-Id
Feature-Policy
X-Server-Id
X-Device
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
Report-To
X-Cloud-Trace-Context
EagleEye-TraceId
X-Response-Time
X-Backend-Server
X-Host
Request-Id
X-Node
Content-Location
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-ORACLE-DMS-RID
X-DataDome
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Rack-Cache
Surrogate-Control
X-HW
X-Dns-Prefetch-Control
Allow
Rating
X-Country-Code
X-Clacks-Overhead
X-FTR-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
X-Url
X-DynaTrace
X-Instart-Request-ID
Fusion-Template-Id
X-MS-InvokeApp
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-TTL
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
RTSS
Public-Key-Pins
X-Px
X-Mod-Pagespeed
Edge-Control
X-CST
X-VARITI-CCR
Response
X-Recruiting
X-Sol
Display
X-Middleton-Response
X-Middleton-Display
X-Ah-Environment
X-Kinja-Build
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Revision
X-Use-Magma
X-Cdn-Fetch
X-Exp-Variant
X-B3-TraceId
X-Kinja-Server
X-D2id
Service-Worker-Allowed
X-SharePointHealthScore
SPRequestGuid
X-ESI
X-Vcap-Request-Id
X-Akam-SW-Version
X-Version
X-Server-Name
SPIisLatency
SPRequestDuration
Accept-CH
MS-Author-Via
TCN
X-GitHub-Request-Id
X-Abt-Application-Version
X-Powered-CMS
X-Navigation-Version
Accept-Ch-Lifetime
X-Shard
X-Trace
Charset
X-RateLimit-Remaining
X-Upstream
Fastly-Restarts
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Amz-Server-Side-Encryption
X-Amz-Rid
Realpath
Nginx-Cache
X-Aspnetmvc-Version
X-Debug
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-Ezoic-Cdn
X-Cached
Front-End-Https
X-VCache
X-NF-Request-ID
X-XRDS-Location
AR-Request-ID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-MSEdge-Ref
Pagespeed
X-Shield-Request-Id
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-FTR-Expires
X-Country-Code-Real
X-FTR-Cache-Status
Content-MD5
MicrosoftSharePointTeamServices
Paypal-Debug-Id
X-Id
X-T
X-Goog-Storage-Class
X-Amz-Meta-S3cmd-Attrs
S
X-FTR-Realm
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-Fastly-Request-ID
ServerID
DynaTrace
X-Via-JSL
X-Varnish-Age
X-Client-IP
X-Ser
X-Content-Type
X-Dw-Request-Base-Id
X-DynaTrace-JS-Agent
X-Hits
X-SERVER
X-Accel-Expires
X-Correlation-Id
X-Grace
X-Amzn-Trace-Id
Fastcgi-Cache
X-Content-Digest
Powered
X-Frontend
X-FastCGI-Cache
X-Forwarded-For
X-DIS-Request-ID
Arc-Version
PB-PID
PB-RID
X-N
X-Mobile-Rewrite
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
Edge-Cache-Tag
X-HS-Hub-Id
X-HS-Content-Id
Server-Name
X-Logged-In
Accept-Ch
X-RateLimit-Limit
X-Server-ID
X-Vcache
TP-L2-Cache
TP-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-GUploader-UploadID
X-Request-Received
X-Request-Processing-Time
X-B3-Sampled
X-Fastcgi-Cache
X-Pinterest-Rid
Pinterest-Version
X-Zen-Fury
X-Cache-Age
X-Kinsta-Cache
X-AppVersion
X-Activity-Id
X-Rid
X-Revision
X-Time
X-User-Agent
X-IPLB-Instance
X-Type
X-Az
Healthy
Backend-Timing
X-Analytics
X-LB-Cache
X-Whom
Retry-After
FilterID
X-Cache-Hit
X-Node-Name
X-Srv
X-NWS-LOG-UUID
Server-Node
X-F-Cache
Alternate-Protocol
Accept-Charset
X-B3-Traceid
X-Cache-2
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-Rule
X-Hp-Webp
Cache-Status
X-Webkit-CSP
X-Content-Options
Cache-Tag
X-Akamai-Edgescape
Surrogate-Key
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Content-Security-Policy-Report-Only
Refresh
DC
X-Tumblr-Pixel-0
X-Tumblr-User
X-Forwarded-Host
X-Content-Powered-By
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-AOL-HN
X-Tumblr-Pixel
X-Instance
X-App-Environment
Source
Access-Control-Allow-Method
X-Framework
X-Debug-Info
MS-CV
X-Jobs
X-Varnish-Grace
Tracecode
X-PHP-Backend
X-Cluster
Fastcgi-Useragent
X-FB-Debug
X-Page-Id
X-Request-Guid
X-FW-Hash
X-App-Server
X-FW-Serve
X-FW-Type
X-FW-Server
X-FW-Static
X-Cache-TTL
X-B
Frame-Options
X-Cache-Operation
X-TA-CDN-Provider
Actual-Object-TTL
Host
X-Mobile-URL
X-Cache-Key
X-Hostname
X-Seen-By
X-Geo-Country
Cleartype
X-Cache-Control
X-Signature
X-B-Cache
X-Acc-Meta-Resource-Type
NR-ENABLED
X-BCube-Filmed-By
X-Cached-By
X-Host-Name
X-Esi
X-Mobile
Upgrade-Insecure-Requests
Accept-CH-Lifetime
X-Pad
X-TT
X-Git-Hash
X-Varnish-Backend
NGB
X-Amz-Replication-Status
X-Response-Served-From
X-Adobe-Content
GEO-INFO
X-Adobe-Loc
X-WebKit-CSP-Report-Only
WPE-Backend
X-Presslabs-Stats
Webserver
X-Tumblr-Pixel-2
X-UA-Device-Type
X-RemovedCookies
X-RTag
X-RequestSource
X-ProcessESI
X-Handled-By
X-Tumblr-Pixel-1
X-GeoIP
X-Drupal-Cache-Tags
Payment
Eomportal-Instance
Filters
Ms-Operation-Id
X-TT-TIMESTAMP
X-ATG-Version
Cache-Tv-Group
X-Cache-Remote
Liferay-Portal
From-Origin
X-Status
X-Cacheable-TTL
X-TX-ID
X-Daa-Tunnel
X-Origin-Server
X-Cache-TTL-Remaining
X-FW-Dynamic
X-EdgeConnect-Cache-Status
X-WA-Info
X-Cache-Action
X-Content-Age
X-Edge-Location
X-Wix-Request-Id
Xserver
X-Hyper-Cache
X-Contextid
Viewport
X-Ratelimit-Reset
Datacenter
X-HS-Cache-Config
X-Region
X-CF-Powered-By
X-Storage
Version
X-Element-Page-Cache
X-Varnish-Hostname
X-Accel-Buffering
Cache
Ohc-File-Size
PageSpeed
X-Akamai-Transformed
X-Cache-NE
Host-Header
Meta-Geo
X-Varnish-Server
X-Path-Route
X-Cache-Server
X-RN-RSRV
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Var
Load-Balancing
X-IP
X-Yottaa-Optimizations
Cache-Tags
X-Yottaa-Metrics
X-PressLabs-Stats
Ohc-Cache-HIT
X-Proxy
S-Cnection
X-Cache-Enabled
Cache-Name
X-Proto
X-Loop
Webcakes-App-Version
Vix-Hermes-Req-Id
Rt-Fastcgi-Cache
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Via-Fastly
TWC-Device-Class
TWC-GeoIP-Country
X-R9-Blue-Green-Version
X-Section
TWC-Locale-Group
X-Device-Type
X-Varnish-Cache-Hits
TWC-Privacy
X-XRDS-LOCATION
Ec-Rule-Version
X-Origin-Response-Time
X-Cluster-Node
Release
X-Origin-Hint
X-Cache-Config
Country
X-NCache
X-Viewer-Country
X-Akamai-Request-ID2
X-NewRelic-App-Data
X-Akamai-Request-ID
Mn-Server-Ip
Property-Id
X-Tumblr-Pixel-3
Cache-Hits
Webcakes-Region
X-CS
X-Access
X-TNCMS
DB-Nickname
S-Rt
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
DSUID
X-FC-Vary-Parameters
X-Backend-Name
X-Backend-TTL
X-Xfnlog-Site
X-ApacheServer
X-Time-Microsecs
X-Www-Served-By
X-From
X-Origin
X-Labrador-Cache-Channel
X-Cache-Time
X-Human
X-OCL
X-Cache-Grace
X-Cache-Host
X-Rule
X-Timing-Wait
X-Upstream-HT
X-Upstream-CT
X-EIG-Tracking-Id
X-Proxy-Build
X-VCT
X-PERF
X-Format
X-Upgrade-Enabled
X-Web-Node
X-Debug-Cache
X-Trace-Id
X-PCL
X-UnsetCookies
X-Drupal-Cache-Contexts
Selected-Fe
Azure-RegionName
X-Ttl
Azure-SiteName
Azure-InstanceId
Azure-SlotName
Azure-Version
X-Hit
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Hosted-By
X-CCM
X-Site-Version
Cache-Key
X-JoinUs
X-Locale
X-Upstream-Proxy
Server-Info
X-FireWall-Port
X-Vgn-Hpd-Reason
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Time
X-FW-Version
X-S
X-Rendered-As
X-Varnish-Hits
X-OVcl-Cache
X-OVcl
Now
X-HS-Combine-CSS
X-Real-IP
X-NGENIX-Cache
X-Ua
X-Pubstack
L5d-Success-Class
X-SS-Set-Cookie
X-Litespeed-Cache
OT-Force-Account-Verify
X-APP-VERSION
Origin-Cache-Control
Fastcgi-X-Cache-Version
Origin-Edge-Control
X-Redis-Cache
Access-Control-Request-Headers
Hostname
ServedBy
X-VG-TLSProxy
X-FB-TRIP-ID
Cteonnt-Length
Origin
X-VG-WebCache
Fastly-SSL
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-ShardId
Accept-Language
X-Sorting-Hat-ShopId
NtCoent-Length
X-Parent-Response-Time
X-Tb
X-Cluster-Name
X-Origin-CC
X-Origin-TTL
X-UUID
Machine
X-Load-Cache
X-GoCache-CacheStatus
X-CSRF-TOKEN
X-B3-Spanid
X-ServerID
X-NC
X-Soup
X-Tt-Trace-Tag
SRV
X-Rocket-Nginx-Bypass
X-App-Version
X-ECACHE
IBM-Web2-Location
X-L-Path
X-No-Session
X-Environment-Context
Nel
NGX
Mime-Version
X-CACHE-KEY
X-Is-Bot
X-B3-Parentspanid
X-GEO
X-Uri
X-DataStream-Cache-Status
X-MServer
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
CF-IPCountry
X-UA
X-Magnolia-Registration
X-Nginx-Cache
X-Oneagent-Js-Injection
Memcached
Cross-Origin-Window-Policy
X-Instart-Info
Fly-Cache
Arc-Country
Xc-Version
Mobile-Detection-Method
Apple-News-Services-Request-Url
X-Developer
Apple-News-Services-Parsed-Url
BehaviorPad-Version
Meta-Geo-Continent
X-B-Cookie
X-D
Fly-Request-Id
X-Node-Id
AsisCache
X-Detected-As
X-Destination
X-Hl-Ver
X-DPWN-IS-SECURE
Cache-Prefix
Node
X-External-Request-Id
X-G
GEO-REGION-INFO
Content-Script-Type
A
X-CF-Lambda-Fn
X-CF-Lambda-Version
Apple-News-Services-Handled
X-Date
Request-Time
Proxy-Connection
Content-Style-Type
MD5-Digest
Apple-News-Services-Host
X-ARC
X-Server-Time
X-A-Dam
Rendered-Blocks
X-Aed
X-ScT
X-VG-WebServer
X-A
X-A-Ccd
X-Twitter-Response-Tags
X-Trv-Group
Odigeo-Trace-Id
X-Accel-Expires-Debug
X-A-Dgt
X-A-Dcw
Rt-Proxy-Cache
Mail-Subject
X-SRCache-Key
X-Transaction
X-Vtex-Processado-Em
X-S-Cookie
We-Hiring
Akamai-GRN
ServerName
VivaBuild
T-Server
Viewtype
X-Worker
X-PAYTM-SRV-ID
X-A-Wwc
X-Connection-Hash
X-AIR-PT
X-Request-UUID
X-Application
X-Region-Sid
X-Vtex-Remote-Cache
X-Rojux
X-Rewrite-Enabled
X-AWS-Id
X-Generated-By
X-LJ-Flow-ID
Backend-Name
X-VWS-Id
X-Cms-Context
Section-Io-Cache
X-Developers
X-Azure-Ref
IsBot
X-Cdn-Srv
X-S-Maxage
X-VC-Cache
X-Mode
X-Var-Ttl
X-Release
X-Trafficlayer-App-Scope
X-Up
Fastly-Soc-X-Request-Id
X-Origin-Expires
X-SVT-ORM-VERSION
X-CUA
X-Fastly-Cache
X-Origin-Date
X-Cache-Bucket
X-SVT-ORM-RULES
X-SIPLIST1
X-Trafficlayer-App-Name
N-Cache
Request-Country
Request-EU
X-Azure-Ref-OriginShield
X-Dc
X-BYPASS-REASON
Uber-Trace-Id
User-Cache-Control
X-ProxyCache-Key
X-ProxyCache-Status
W
X-Clara-WADP
X-Clientip
Wxu-Next-Region
X-BBXSRF
X-Cache-Info
X-Bip
X-Block-Status
X-C
X-Cdn-Origin
X-Backend-Url
X-App-Name
X-CGP
Wxu-Next-Hostname
X-Backend-Host
Wxu-Next-Commit
X-Level-Front-Cache
X-Skip-Cache
X-Service
X-Sn-Servicetimems
X-Swa-Ws
X-Compress-Hint
X-Thanos
X-Server-IP
X-Reqid
X-Qloud-Router
X-Proxy-Upstream
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Thinkindot-L3
X-TrackingId
X-Webstats-RespID
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Has-Esi
X-WADP-Cache
X-VServer
X-Urbn-Context-Path
X-JWT-State
X-Is-Gdpr
X-Urbn-Site-Id
X-User
X-Proxy-Cache-Status
X-NX-Host
X-Distributor
X-Distil-CS
X-Edge-Server
X-ElasticPress-Search
X-Eu-Site
X-Dispatch
X-Device-Os
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Gen-Mode
X-Generated-On
X-Matched-Rule
X-Location
X-Method
Thinkindot-Control
X-Nginx-Cache-Key
X-Irp-Debug
X-IN-APIGATEWAYSSL
X-Geo-Header
X-Generation-Time
X-Hash
X-Hnp-Log
X-IN-APIGATEWAY
X-Core-Mission
X-Auto-Login
Heartbleed
HA-Ipaddr
Ha-Gx-Prefs
Kp-EeAlive
L
Pagetype
CDCHOST
Locale
Gh-Request-Id
Fastly-SWR
Content-Disposition
Cdn-Request-Time
Cdn-Host
AKAMAI
Countrycode
Fastly-SIE
Esi-Enabled
Pramga
Magicmarker
RNT-Time
Server-Int
Thinkindot-CacheControl-Type
Served-By
Server-Host
RNT-Machine
X-Guploader-Uploadid
X-B3-SpanId
Thinkindot-CacheControl
X-Microcachable
Srv
X-GDPR
X-Info
X-Servername
X-SayCDN-TTL
X-Generated-In
Cache-Provider
X-Fetched-On
Adler-Geo
X-Dispatcher-Server
X-Via-CDN
X-Epic-Correlation-Id
X-Variation
X-WebServer
X-Internal-Host
X-Platform-Server
X-PHP-Host
X-Owner
X-Old-Content-Length
X-Policy
X-RateLimit-Limit-Second
X-Request-Start
X-RateLimit-Remaining-Second
X-Request-Time
X-MSEdge-Flight
X-MSEdge-Features
X-Key
X-Request-URI
X-Say-TTL
X-Li-Fabric
X-Li-Pop
X-Say-Cacheable
X-LI-UUID
X-LI-Proto
X-GeoIP-City
X-ServiceProvider
X-Amz-Meta-Cache-Control
Web-Mar-Node
X-Cache-FS-Status
PFcat
True-Client-Country-4JS
Platform
Is-Eu
X-Cache-Id
X-Backend-State
Memory
X-Cdn-Forward
X-SD-PageType
X-Lb-Id
SD-X-WS
Server-ID
X-Org
Resin-Trace
X-NWS-UUID-VERIFY
X-COUNTRY
V-Age
X-Geo
X-Hello
X-Nc
X-FPC
X-Ratelimit-Limit
X-ABtesting
SS
X-Flog
X-URL
X-Be
X-Wa
X-Cache-URL
REQUESTUUID
X-Svr
X-IPS-LoggedIn
X-RateLimit-Reset
X-DC
X-Unique-ID
X-Response-By
X-Instart-Isnd
X-Servedbyhost
Country-Code
X-Proxied
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Scheme
X-Zipkin-Id
X-Routing-Service
X-Dynatrace-Js-Agent
X-Datadome
X-Page-Type
X-Processor
X-Cache-Backend
X-CDN-Forward
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
UCS
X-VCL-Version
X-NodeID
XServer
Group
X-Pjax-Url
X-MP-GENERATED-AT
X-SN
X-Ruxit-Js-Agent
Cache-Host
X-Server-W
CACHE
Powered-By-ChinaCache
ProcessTime
X-Oracle-Dms-Rid
Dynatrace
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
PICS-Label
X-Logtrace-Id
Ajk
X-Oss-Storage-Class
X-Varnish-Beresp-Ttl
X-Webkit-Csp
X-SRV
X-HS-Status
X-Ftr-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
Proxy-Firewall
X-ZONE
X-HTML-Minification-Powered-By
X-Dynatrace
X-Varnish-Beresp-Status
X-Ms-Version
X-Via-Ucdn
X-Varnish-Beresp-Grace
Powered-By
SN
X-Ms-Request-Id
X-Zone
X-Source
X-EC-Lua
X-Newrelic-Synthetics
X-GRACE
X-Cache-Category-Id
Ttl
X-Grey
X-Pf-Uncompressing
Geoip-Latitude
Geoip-City
GeoIp-Country-Code
X-Ratelimit-Remaining
X-Varnish-Beresp-TTL
X-TH-Server
X-Session-Fingerprint
Lfy
X-APP
GeoIP-Country-Code
GeoIP-Latitude
GeoIP-City
X-Agile
X-Agile-Age
Fastly-Backend-Name
X-Agile-Id
X-Cache-Debug
X-PF-Uncompressing
X-LiteSpeed-Cache-Control
X-NODE
X-Sucuri-Id
X-Fastly-Country-Code
X-Ftr-Cache-Host
X-Check-Cacheable
MIME-Version
X-7Graus-Varnish-Cache-Control
X-Logging-Id
Cdn
X-Tt-Trace-Host
Environment
GW-Server
X-7Graus-Varnish-XKeys
X-FORWARDED-FOR
X-Bc
CF-Cached-On
X-Aicache-OS
X-LAGOON
X-Cache-Miss-From
Pics-Label
X-Edge
X-Sedo-Request-Id
LB
X-CSRF-Token
X-Sucuri-ID
X-RCS-CacheZone
M-TraceId
X-Varnish-Url
X-Secret
X-Gannett-Site-Version
X-BC
WWW
X-Ftr-Realm
X-Ftr-Backend-Server
X-Ftr-Backend
X-Ftr-Dc
X-Ftr-Balancer
X-Unique-Id
X-PJAX-URL
Ohc-Response-Time
Requestid
WZWS-RAY
X-Core-Value
X-Mid
X-Fastly-Backend-Reqs
X-Vcl-Version
Cf-Ipcountry
X-Varnish-Cacheable
On-Server
X-Cache-Tag
X-Varnish-Ttl
X-CDN-Cache
DataCenter
X-MCACHE
X-UPSTREAM-Address
Amp-Access-Control-Allow-Source-Origin
X-NGINX-Cache
Cdncip
Cdnsip
X-Sucuri-Cache
X-AK-Request-ID
X-TT-LOGID
X-Vdms-Version
X-Akamai-SSL-Client-Sid
HostName
X-GeoIP-Country-Code
X-Litespeed-Cache-Control
User-Agent
Lb
X-Swift-Error
X-Sigma
X-Rocket-Build-Number
X-BE
URI
X-Sigma-Backend
X-Fstrz
X-RSL
X-Cache-Ttl
CDN
X-Proxy-Cacherz
Xkeyrz
X-DW
X-RPM
X-RPS
X-DSS
X-DI
X-DB
X-Action
Inserted-Into-Cache-At
RequestUuid
X-NU-AKA-ACS-Version
X-Crawler
SID
Who
X-ServedByHost
Host-ID
X-Planisys-CDN-TTL
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Pragrma
X-Correlation-ID
X-WA
X-Page-Impression-Id
X-WR-MODIFICATION
Xkeypdq
X-Zalando-Child-Request-Id
X-Fastly-Cache-Hits
X-Render-Time
X-Fpc
Warning
Is-Session-Tracking
X-Flow-Id
Get-Access-Time
Server-Id
X-Via-NSCOPI
X-Refresh
FNAC-ModuleRouting
TTL
X-MID
X-Nananana
Correlation-Id
X-SB
X-LB-ID
X-VC
X-FE
X-Cf-Powered-By
X-Bug-Bounty
HitType
Processtime
X-ECache
X-Request-URL
X-Akamai-ERPolicy
X-Amzn-Remapped-Date
X-ND-Cache
X-Amzn-Remapped-Connection
X-Akamai-ERRuleID
X-Trafficlayer-App-Version
X-ServerName
X-Gen-Id
RequestId
V-Cache
X-Micro-Cache
X-Fe
Xet-Cookie
X-Gdpr
X-Dw-Trace-Id
X-Newrelic-App-Data
X-Cdn-Request-ID
X-MiniProfiler-Ids
Cneonction
X-LiteSpeed-Tag