Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
X-Request-ID
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-CDN
X-Ua-Compatible
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Server
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Amz-Version-Id
Server-Timing
Feature-Policy
X-WebKit-CSP
X-Server-Id
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
EagleEye-TraceId
X-Host
X-Response-Time
X-Backend-Server
X-Node
Request-Id
Content-Location
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-Origin-Upstream-Status
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-DataDome
X-Rack-Cache
Surrogate-Control
X-HW
Allow
Rating
X-Country-Code
X-FTR-Request-ID
X-Clacks-Overhead
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Url
X-DynaTrace
X-TTL
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
X-Goog-Hash
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
Verso
X-Powered-By-Plesk
RTSS
Public-Key-Pins
X-CST
Pinterest-Generated-By
X-Px
Edge-Control
X-VARITI-CCR
X-Mod-Pagespeed
X-Recruiting
X-Middleton-Response
X-Middleton-Display
Response
Display
X-Sol
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
Service-Worker-Allowed
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-D2id
X-Ah-Environment
X-B3-TraceId
SPRequestGuid
X-SharePointHealthScore
X-Vcap-Request-Id
X-Version
X-Akam-SW-Version
Accept-CH
MS-Author-Via
TCN
X-Abt-Application-Version
X-Navigation-Version
X-GitHub-Request-Id
X-Powered-CMS
Accept-Ch-Lifetime
X-ESI
X-Server-Name
SPIisLatency
SPRequestDuration
X-RateLimit-Remaining
X-Shard
X-Upstream
Charset
Ar-Sid
AR-ATIME
AR-PoweredBy
AR-CACHE
Fastly-Restarts
X-Amz-Server-Side-Encryption
X-XRDS-Location
X-Forwarded-Proto
Nginx-Cache
X-Amz-Rid
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Trace
Realpath
X-TEC-API-ROOT
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Debug
X-Aspnetmvc-Version
X-Ezoic-Cdn
Front-End-Https
X-Cached
AR-Request-ID
X-NF-Request-ID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Shield-Request-Id
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
Pagespeed
X-Mrf-Section-Lastmod
X-MSEdge-Ref
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-FTR-Expires
X-Country-Code-Real
X-FTR-Cache-Status
Paypal-Debug-Id
Content-MD5
X-Id
MicrosoftSharePointTeamServices
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-Goog-Storage-Class
X-FTR-Realm
ServerID
X-VCache
X-Amz-Meta-S3cmd-Attrs
S
DynaTrace
X-Fastly-Request-ID
X-T
X-Via-JSL
X-Varnish-Age
X-Client-IP
X-Content-Type
X-Vcache
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-Ser
X-Correlation-Id
X-Grace
X-Accel-Expires
Fastcgi-Cache
X-DynaTrace-JS-Agent
Powered
X-SERVER
X-Content-Digest
X-Frontend
X-FTR-Cache-Host
X-N
X-DIS-Request-ID
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Limit
X-FastCGI-Cache
X-Logged-In
Server-Name
X-Forwarded-For
X-HS-Hub-Id
X-HS-Content-Id
Edge-Cache-Tag
X-Fastcgi-Cache
X-B3-Sampled
Accept-Ch
X-GUploader-UploadID
TP-L2-Cache
TP-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-Server-ID
X-Zen-Fury
X-Cache-Age
X-Request-Received
X-Type
X-Kinsta-Cache
X-Request-Processing-Time
X-Activity-Id
X-AppVersion
X-User-Agent
Backend-Timing
X-IPLB-Instance
X-Analytics
X-Az
X-Revision
X-Rid
X-LB-Cache
X-Pinterest-Rid
Pinterest-Version
Healthy
FilterID
Retry-After
X-Whom
X-Node-Name
X-B3-Traceid
X-Time
X-Cache-Hit
X-F-Cache
X-NWS-LOG-UUID
Server-Node
X-Cache-2
X-Srv
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Alternate-Protocol
Accept-Charset
X-Cache-Rule
X-Esi
X-Amz-Apigw-Id
X-Amzn-RequestId
Cache-Status
X-Hp-Webp
X-Content-Options
X-Erf-Bev-Bev
X-Akamai-Edgescape
X-Erf-Bev-Bev-Is-Generated
Surrogate-Key
X-Content-Security-Policy-Report-Only
X-AOL-HN
DC
Refresh
X-Content-Powered-By
X-Instance
VIX-Pulpo-Upstream-Status
X-Forwarded-Host
VIX-Pulpo-Node
Cache-Tag
X-Debug-Info
Access-Control-Allow-Method
X-Jobs
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Varnish-Grace
X-Cluster
X-PHP-Backend
X-Framework
MS-CV
X-Request-Guid
X-FW-Server
X-App-Environment
Source
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Static
X-Page-Id
X-FB-Debug
X-App-Server
Tracecode
Fastcgi-Useragent
Frame-Options
X-B
X-TA-CDN-Provider
X-Hostname
X-Cache-Operation
Host
X-Acc-Meta-Resource-Type
X-Mobile-URL
Actual-Object-TTL
Cleartype
X-B-Cache
X-Seen-By
X-Geo-Country
X-Signature
X-Cache-Control
X-Cache-Key
X-Cache-TTL
X-BCube-Filmed-By
X-Cached-By
X-Host-Name
X-Amz-Replication-Status
X-Varnish-Backend
X-TT
X-Git-Hash
Upgrade-Insecure-Requests
X-Pad
X-Mobile
NGB
X-Response-Served-From
X-Adobe-Loc
X-Adobe-Content
Accept-CH-Lifetime
X-TT-TIMESTAMP
X-WebKit-CSP-Report-Only
Liferay-Portal
Eomportal-Instance
Payment
Filters
X-Status
X-ProcessESI
X-RemovedCookies
NR-ENABLED
Webserver
X-RTag
GEO-INFO
WPE-Backend
Ms-Operation-Id
X-TX-ID
Cache-Tv-Group
X-ATG-Version
From-Origin
X-Drupal-Cache-Tags
X-Handled-By
X-GeoIP
X-UA-Device-Type
X-Tumblr-Pixel-2
X-Cacheable-TTL
X-Tumblr-Pixel-1
X-RequestSource
X-FW-Dynamic
X-Cache-Remote
X-Cache-TTL-Remaining
X-WA-Info
X-Origin-Server
X-EdgeConnect-Cache-Status
X-Daa-Tunnel
Xserver
X-Content-Age
X-Cache-Action
X-Webkit-CSP
X-Edge-Location
X-Storage
X-Presslabs-Stats
X-Ratelimit-Reset
Viewport
Datacenter
X-Wix-Request-Id
X-Hyper-Cache
X-Contextid
Version
X-Region
X-CF-Powered-By
X-Accel-Buffering
X-Varnish-Hostname
X-PressLabs-Stats
Cache
Host-Header
X-HS-Cache-Config
X-Akamai-Transformed
PageSpeed
Ohc-File-Size
X-Cache-Var-Map
X-Varnish-Server
X-Cache-Var
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Path-Route
X-Upstream-Proxy
X-RN-RSRV
X-ES-SERVER
Meta-Geo
Load-Balancing
X-Cache-NE
X-IP
S-Cnection
X-From
X-Ua
X-Cache-Server
Cache-Tags
Decoy-Debug-TTL
X-NCache
X-Time-Microsecs
Ec-Rule-Version
Decoy-Debug-Key
X-PERF
Cache-Name
X-Proxy
X-Element-Page-Cache
Decoy-Debug-Status
Rt-Fastcgi-Cache
X-Via-Fastly
X-Section
X-Loop
X-ApacheServer
X-Access
X-TNCMS
X-Origin-Response-Time
X-Cache-Enabled
X-Viewer-Country
X-Akamai-Request-ID2
Vix-Hermes-Req-Id
X-CS
X-Akamai-Request-ID
X-Cache-Config
X-Proto
Azure-RegionName
Azure-Version
Cache-Hits
Cache-Key
Azure-SlotName
Azure-SiteName
Country
Webcakes-App-Version
X-Web-Node
X-PCL
X-Backend-TTL
X-Origin-Hint
X-Xfnlog-Site
X-Cluster-Node
X-Drupal-Cache-Contexts
Azure-InstanceId
X-CCM
X-Varnish-Cache-Hits
X-Timing-Wait
X-Upgrade-Enabled
X-Tumblr-Pixel-3
X-Upstream-CT
X-Rule
X-Cache-Grace
X-Upstream-HT
X-Cache-Time
X-R9-Blue-Green-Version
X-FC-Vary-Parameters
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Device-Class
TWC-Connection-Speed
Property-Id
X-Proxy-Build
Selected-Fe
TWC-Privacy
Webcakes-App-Name
X-Labrador-Cache-Channel
X-OCL
X-Origin
X-Hit
X-Format
X-Trace-Id
Webcakes-Region
Mn-Server-Ip
S-Rt
X-DataStream-Cache-Status
X-JoinUs
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Locale
X-Site-Version
X-Debug-Cache
X-Www-Served-By
X-Human
DB-Nickname
X-Generated
X-Cache-Host
X-Backend-Name
X-EIG-Tracking-Id
X-Device-Type
X-UnsetCookies
X-NewRelic-App-Data
X-FireWall-Port
Server-Info
X-FW-Version
Ohc-Cache-HIT
X-VCT
Release
DSUID
Time
X-Rendered-As
X-S
Now
X-Varnish-Hits
X-Vgn-Hpd-Reason
X-OVcl
X-OVcl-Cache
Hostname
OT-Force-Account-Verify
X-Real-IP
Access-Control-Request-Headers
ServedBy
X-Redis-Cache
X-VG-TLSProxy
X-Pubstack
Fastcgi-X-Cache-Version
Origin-Cache-Control
Origin-Edge-Control
X-Litespeed-Cache
Cteonnt-Length
L5d-Success-Class
X-APP-VERSION
X-NGENIX-Cache
X-VG-WebCache
SRV
X-ShardId
Accept-Language
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-FB-TRIP-ID
X-Shopify-Stage
X-CSRF-TOKEN
X-Alternate-Cache-Key
Origin
X-HS-Combine-CSS
Fastly-SSL
X-Tb
X-SS-Set-Cookie
Machine
NtCoent-Length
X-App-Version
X-NC
X-UUID
X-Tt-Trace-Tag
X-Cluster-Name
X-GEO
X-CACHE-KEY
X-Origin-CC
X-L-Path
X-B3-Spanid
X-Environment-Context
X-Parent-Response-Time
X-No-Session
X-Origin-TTL
X-Load-Cache
X-Nginx-Cache
X-GoCache-CacheStatus
IBM-Web2-Location
X-Rocket-Nginx-Bypass
X-ECACHE
X-Ttl
X-ServerID
X-Soup
X-B3-Parentspanid
X-Magnolia-Registration
X-Uri
X-Endurance-Cache-Level
Nel
X-Amzn-Remapped-Content-Length
NGX
X-Mode
Odigeo-Trace-Id
X-Generated-By
X-Is-Bot
Mime-Version
X-XRDS-LOCATION
CF-IPCountry
Akamai-GRN
Rt-Proxy-Cache
X-SRCache-Key
Node
X-Edge-Server
X-Node-Id
X-AWS-Id
X-A-Dgt
X-External-Request-Id
X-MServer
Mobile-Detection-Method
Cache-Prefix
X-A-Dam
Cdn-Host
Meta-Geo-Continent
Cross-Origin-Window-Policy
X-VG-WebServer
X-DPWN-IS-SECURE
X-Application
Memcached
Request-Time
X-A-Dcw
X-Date
X-Detected-As
X-Connection-Hash
X-D
X-Developer
Fly-Cache
Fly-Request-Id
X-Destination
X-A-Ccd
X-Vtex-Remote-Cache
MD5-Digest
Proxy-Connection
X-Vtex-Processado-Em
Rendered-Blocks
X-B-Cookie
Apple-News-Services-Handled
Apple-News-Services-Host
X-PAYTM-SRV-ID
A
X-AIR-PT
X-S-Cookie
Content-Script-Type
X-Aed
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Xc-Version
X-Rojux
X-Rewrite-Enabled
X-Region-Sid
BehaviorPad-Version
T-Server
Arc-Country
AsisCache
Cdn-Request-Time
X-Twitter-Response-Tags
X-CF-Lambda-Fn
X-A-Wwc
X-Server-Time
X-Accel-Expires-Debug
X-Request-UUID
X-VWS-Id
GEO-REGION-INFO
X-CF-Lambda-Version
X-A
VivaBuild
Viewtype
X-Trv-Group
X-ARC
X-LJ-Flow-ID
X-ScT
X-Transaction
X-Instart-Info
Content-Style-Type
X-Worker
X-G
ServerName
Mail-Subject
We-Hiring
X-Oneagent-Js-Injection
Backend-Name
Request-Country
X-Origin-Expires
X-Request-Time
X-Azure-Ref-OriginShield
X-Urbn-Context-Path
X-Origin-Date
X-Up
Section-Io-Cache
X-SVT-ORM-RULES
X-SIPLIST1
N-Cache
X-S-Maxage
X-Release
Locale
X-Azure-Ref
IsBot
X-Cache-Bucket
X-SVT-ORM-VERSION
X-Hl-Ver
X-Urbn-Site-Id
X-VC-Cache
X-B3-SpanId
X-Fastly-Cache
Request-EU
Fastly-Soc-X-Request-Id
X-Cms-Context
X-Developers
User-Cache-Control
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
Thinkindot-CacheControl-Type
RNT-Time
RNT-Machine
Thinkindot-Control
True-Client-Country-4JS
W
Thinkindot-CacheControl
Server-Int
Uber-Trace-Id
X-App-Name
X-Geo-Header
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reboot
X-ServiceProvider
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Method
X-Nginx-Cache-Key
X-Policy
X-Skip-Cache
X-Sn-Servicetimems
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-WADP-Cache
X-VServer
X-Thanos
X-Thinkindot-L3
X-TrackingId
X-Matched-Rule
X-Level-Front-Cache
X-Cdn-Srv
X-Clara-WADP
X-Clientip
X-Compress-Hint
X-Cdn-Origin
X-Cache-Info
X-Bip
X-Block-Status
X-C
X-Core-Mission
X-CUA
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Generated-On
X-Gen-Mode
X-Device-Os
X-Distil-CS
X-Distributor
X-BBXSRF
X-Auto-Login
L
Magicmarker
AKAMAI
CDCHOST
Content-Disposition
Countrycode
Gh-Request-Id
Fastly-SWR
Fastly-SIE
Esi-Enabled
X-Microcachable
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Oracle-Dms-Rid
X-Via-CDN
X-BYPASS-REASON
X-Say-Cacheable
X-Proxy-Upstream
X-Say-TTL
X-PHP-Host
X-Platform-Server
X-Proxy-Cache-Status
X-Request-URI
X-CGP
X-Owner
X-Cache-FS-Status
X-ProxyCache-Status
X-Reqid
X-Cache-Id
X-ProxyCache-Key
X-Request-Start
X-MSEdge-Flight
X-ElasticPress-Search
X-Epic-Correlation-Id
X-Internal-Host
X-Irp-Debug
X-Li-Fabric
X-Eu-Site
X-Fetched-On
X-GDPR
X-Generation-Time
X-GeoIP-City
X-Hash
X-Dispatch
X-Li-Pop
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-SayCDN-TTL
X-NX-Host
X-Debug-Cookies
X-Debug-Log
X-LI-Proto
X-LI-UUID
X-Location
X-MSEdge-Features
X-Org
Adler-Geo
Is-Eu
Kp-EeAlive
Heartbleed
Pramga
X-Var-Ttl
HA-Ipaddr
X-WebServer
X-Webstats-RespID
Ha-Gx-Prefs
X-Qloud-Router
Server-ID
X-Service
X-Swa-Ws
Platform
PFcat
Pagetype
Server-Host
Served-By
X-Server-IP
Web-Mar-Node
V-Age
X-Servername
Wxu-Next-Region
X-Backend-Host
X-Amz-Meta-Cache-Control
X-Variation
X-Guploader-Uploadid
Wxu-Next-Hostname
X-Generated-In
X-Backend-Url
Wxu-Next-Commit
X-User
X-Backend-State
X-Dc
X-JWT-State
SD-X-WS
X-Flog
Resin-Trace
X-DC
X-Hello
X-Dispatcher-Server
X-Has-Esi
Cache-Provider
X-SD-PageType
X-Is-Gdpr
X-ABtesting
X-Old-Content-Length
X-Key
Memory
Srv
X-Cdn-Forward
X-Dynatrace-Js-Agent
X-Wa
X-COUNTRY
X-FPC
SS
X-UA
X-Info
X-URL
X-Servedbyhost
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-Response-By
X-Lb-Id
REQUESTUUID
X-Unique-ID
X-IPS-LoggedIn
X-NWS-UUID-VERIFY
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Nc
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Country-Code
Cache-Cookie-Set-From
X-Geo
X-Be
X-RateLimit-Reset
X-Cache-URL
X-Page-Type
X-Svr
X-SRV
X-VCL-Version
X-Instart-Isnd
X-MP-GENERATED-AT
X-Cache-Backend
UCS
X-Ratelimit-Limit
X-CDN-Forward
X-Datadome
X-Processor
X-Scheme
CACHE
Ajk
X-Pjax-Url
X-NodeID
Powered-By-ChinaCache
X-Logtrace-Id
ProcessTime
X-HTML-Minification-Powered-By
XServer
X-SN
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Varnish-Beresp-Ttl
Proxy-Firewall
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Request-Id
X-Ruxit-Js-Agent
Group
X-Zone
SN
Dynatrace
PICS-Label
X-Tb-Optimization-Total-Bytes-Saved
X-HS-Status
X-Webkit-Csp
Cache-Host
X-Grey
X-ZONE
X-Server-W
X-Ftr-Request-Id
X-Cache-Category-Id
Powered-By
X-Varnish-Beresp-Status
X-Dynatrace
X-Varnish-Beresp-Grace
X-Newrelic-Synthetics
Ttl
X-EC-Lua
X-Source
X-GRACE
X-APP
X-TH-Server
X-Via-Ucdn
Fastly-Backend-Name
X-Pf-Uncompressing
X-Ms-Request-Id
GeoIP-City
X-Ms-Version
GeoIP-Country-Code
GeoIP-Latitude
X-PF-Uncompressing
X-FORWARDED-FOR
X-Varnish-Beresp-TTL
X-LiteSpeed-Cache-Control
X-Sucuri-Id
MIME-Version
Lfy
X-Session-Fingerprint
GeoIp-Country-Code
Geoip-City
Geoip-Latitude
X-Check-Cacheable
X-NODE
GW-Server
LB
Cdn
X-Agile-Id
X-Agile-Age
X-LAGOON
X-RCS-CacheZone
X-Ftr-Cache-Host
X-Agile
X-Cache-Debug
X-Bc
Pics-Label
X-Ratelimit-Remaining
X-Gannett-Site-Version
Environment
X-Tt-Trace-Host
X-Varnish-Url
X-Fastly-Country-Code
X-Secret
CF-Cached-On
X-Edge
X-7Graus-Varnish-XKeys
WZWS-RAY
X-7Graus-Varnish-Cache-Control
X-Aicache-OS
X-Logging-Id
X-Cache-Ttl
X-BC
On-Server
M-TraceId
X-CDN-Cache
WWW
X-Akamai-SSL-Client-Sid
X-PJAX-URL
X-Varnish-Cacheable
X-Ftr-Backend
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Ftr-Dc
X-Ftr-Realm
Requestid
X-Mid
X-Sedo-Request-Id
User-Agent
X-Cache-Miss-From
Ohc-Response-Time
X-GeoIP-Country-Code
Cf-Ipcountry
Inserted-Into-Cache-At
X-Varnish-Ttl
X-Core-Value
X-Vcl-Version
X-UPSTREAM-Address
DataCenter
X-Unique-Id
X-MCACHE
X-Fastly-Backend-Reqs
X-CSRF-Token
Amp-Access-Control-Allow-Source-Origin
SID
X-Cache-Tag
X-NU-AKA-ACS-Version
Cdnsip
X-AK-Request-ID
X-BE
X-Sucuri-ID
X-Litespeed-Cache-Control
Cdncip
Lb
X-Crawler
Who
X-Action
X-DW
X-Proxy-Cacherz
X-Vdms-Version
X-Sucuri-Cache
URI
CDN
X-RSL
Xkeyrz
X-DB
X-DI
X-Render-Time
X-DSS
X-RPM
X-RPS
HostName
X-NGINX-Cache
X-SERVER-NAME
X-TT-LOGID
X-Fstrz
X-Sigma
X-Rocket-Build-Number
RequestUuid
X-Sigma-Backend
X-Swift-Error
X-LB-ID
Host-ID
X-Correlation-ID
X-ServedByHost
X-WR-MODIFICATION
X-Zalando-Child-Request-Id
X-Fastly-Cache-Hits
X-WA
Get-Access-Time
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-Cache
Pragrma
Is-Session-Tracking
Warning
X-Nananana
Xkeypdq
X-Micro-Cache
X-Fpc
X-FE
X-Page-Impression-Id
X-Flow-Id
X-Newrelic-App-Data
Correlation-Id
X-SB
Cneonction
X-TIME
X-Via-SSL
X-Via-Edge
Server-Id
FNAC-ModuleRouting
X-VC
X-MID
X-Refresh
X-Served-From
X-Cdn-Request-ID
X-Cf-Powered-By
X-Trafficlayer-App-Version
X-LiteSpeed-Tag
X-Via-NSCOPI
X-Gen-Id
X-MiniProfiler-Ids
Processtime
X-ServerName
X-ECache
HitType
X-Bug-Bounty
V-Cache
Xet-Cookie
RequestId
X-Dw-Trace-Id
X-Request-URL
X-Gdpr
X-Fe