Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Envoy-Upstream-Service-Time
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Ua-Compatible
X-CDN
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Server
X-AH-Environment
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
X-Host
X-Response-Time
X-Node
X-Backend-Server
EagleEye-TraceId
Content-Location
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-Rack-Cache
X-Origin-Upstream-Status
Surrogate-Control
X-Ruxit-JS-Agent
Allow
X-ORACLE-DMS-RID
X-HW
X-DataDome
Rating
X-Country-Code
X-FTR-Request-ID
X-Country
X-Clacks-Overhead
X-Url
X-TTL
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-Vname
X-TtlSet
X-Ah-Environment
X-CST
RTSS
Verso
X-Px
X-Powered-By-Plesk
Public-Key-Pins
Edge-Control
X-Recruiting
X-VARITI-CCR
X-Mod-Pagespeed
Pinterest-Generated-By
Service-Worker-Allowed
X-Sol
X-Middleton-Display
X-Middleton-Response
Response
Display
X-D2id
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Vcap-Request-Id
X-Version
SPRequestGuid
Accept-Ch-Lifetime
X-SharePointHealthScore
X-B3-TraceId
X-Akam-SW-Version
MS-Author-Via
TCN
X-Navigation-Version
X-Abt-Application-Version
X-RateLimit-Remaining
X-GitHub-Request-Id
X-Powered-CMS
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Accept-CH
X-TEC-API-VERSION
X-Shard
X-Upstream
SPRequestDuration
SPIisLatency
X-Forwarded-Proto
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-ATIME
X-Amz-Server-Side-Encryption
Charset
Fastly-Restarts
X-XRDS-Location
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-Amz-Rid
X-Server-Name
Realpath
Nginx-Cache
X-Debug
X-Aspnetmvc-Version
Front-End-Https
AR-Request-ID
X-Ezoic-Cdn
X-Cached
X-Shield-Request-Id
X-ESI
X-Mrf-Item-Lastmod
X-Goog-Stored-Content-Encoding
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-B3-TraceId-Primal
X-NF-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
Pagespeed
Paypal-Debug-Id
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
Arr-Disable-Session-Affinity
Content-MD5
X-Vcache
ServerID
X-Id
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend-Server
X-Goog-Storage-Class
MicrosoftSharePointTeamServices
DynaTrace
X-T
X-Amz-Meta-S3cmd-Attrs
S
X-DynaTrace-JS-Agent
X-Fastly-Request-ID
X-Via-JSL
X-Client-IP
X-Varnish-Age
X-Content-Type
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-Correlation-Id
X-FastCGI-Cache
X-RateLimit-Limit
X-Grace
X-VCache
Fastcgi-Cache
X-N
X-Content-Digest
X-SERVER
X-Frontend
X-FTR-Cache-Host
X-Accel-Expires
Powered
X-Ser
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
Accept-Ch
X-Esi
Server-Name
X-DIS-Request-ID
AMP-Access-Control-Allow-Source-Origin
X-Logged-In
X-Forwarded-For
X-B3-Traceid
X-B3-Sampled
X-HS-Content-Id
X-HS-Hub-Id
X-GUploader-UploadID
TP-L2-Cache
TP-Cache
Edge-Cache-Tag
X-Microsite
X-Request-Handler-Origin-Region
X-Zen-Fury
X-Request-Processing-Time
X-Request-Received
X-Cache-Age
X-Type
Backend-Timing
X-User-Agent
X-Kinsta-Cache
X-Activity-Id
X-IPLB-Instance
X-AppVersion
FilterID
X-Az
X-Analytics
X-Rid
X-Revision
X-Fastcgi-Cache
X-LB-Cache
Healthy
X-Node-Name
X-Whom
Retry-After
X-Time
X-Srv
X-F-Cache
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-Cache-2
X-NWS-LOG-UUID
Accept-Charset
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Alternate-Protocol
X-Amzn-RequestId
X-Amz-Apigw-Id
Server-Node
X-Cache-Rule
Cache-Status
X-AOL-HN
X-Acc-Meta-Resource-Type
X-Content-Options
X-TA-CDN-Provider
Surrogate-Key
X-Akamai-Edgescape
DC
Refresh
X-FW-Hash
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-FW-Static
X-FW-Server
X-FW-Serve
X-Forwarded-Host
X-Content-Security-Policy-Report-Only
X-Debug-Info
X-Instance
X-Content-Powered-By
X-FW-Type
X-Tumblr-User
X-Jobs
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Hp-Webp
Access-Control-Allow-Method
X-Cluster
X-PHP-Backend
X-Varnish-Grace
X-Page-Id
X-Framework
X-B
X-Request-Guid
X-FB-Debug
Source
X-App-Environment
MS-CV
Frame-Options
Fastcgi-Useragent
X-App-Server
Cache-Tag
X-Hostname
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Host
Tracecode
X-Cache-Key
Cleartype
X-Cache-Operation
Actual-Object-TTL
X-Signature
X-B-Cache
X-Mobile-URL
X-BCube-Filmed-By
X-Geo-Country
X-Cached-By
X-Cache-Control
X-Seen-By
X-Varnish-Backend
X-Amz-Replication-Status
X-TT
X-Host-Name
X-Mobile
X-Pad
Liferay-Portal
X-Git-Hash
NGB
X-Response-Served-From
Upgrade-Insecure-Requests
X-Adobe-Loc
X-Adobe-Content
X-PressLabs-Stats
X-Ratelimit-Reset
X-ATG-Version
X-TT-TIMESTAMP
Payment
X-Status
X-RemovedCookies
X-WebKit-CSP-Report-Only
X-FW-Dynamic
Eomportal-Instance
Cache-Tv-Group
WPE-Backend
Filters
X-ProcessESI
Ms-Operation-Id
X-RTag
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-TX-ID
From-Origin
X-Handled-By
Webserver
X-Cacheable-TTL
X-WA-Info
X-RequestSource
X-GeoIP
X-Drupal-Cache-Tags
X-UA-Device-Type
X-Cache-TTL-Remaining
GEO-INFO
Xserver
X-Cache-TTL
X-Cache-Remote
Datacenter
X-Content-Age
X-Origin-Server
X-DataStream-Cache-Status
X-Server-ID
X-Edge-Location
X-Cache-Action
X-Storage
X-Webkit-CSP
Viewport
X-Daa-Tunnel
Accept-CH-Lifetime
X-Varnish-Hostname
X-Accel-Buffering
NR-ENABLED
X-Hyper-Cache
X-EdgeConnect-Cache-Status
Version
X-Upstream-Proxy
X-Contextid
X-Region
X-CF-Powered-By
X-Wix-Request-Id
X-Ua
Host-Header
Cache
X-Akamai-Transformed
X-Yottaa-Metrics
PageSpeed
X-Yottaa-Optimizations
X-Cache-Var
X-RN-RSRV
X-Path-Route
X-ES-SERVER
Load-Balancing
Meta-Geo
X-Cache-Var-Map
X-Varnish-Server
S-Cnection
X-IP
X-From
X-Akamai-Request-ID2
Cache-Name
Cache-Tags
Decoy-Debug-Key
Ohc-File-Size
X-ApacheServer
X-Akamai-Request-ID
X-Viewer-Country
X-Cache-Config
X-Proto
X-Cache-Enabled
X-Proxy
X-Time-Microsecs
X-TNCMS
Decoy-Debug-TTL
X-Via-Fastly
X-Access
X-Cache-NE
X-Tumblr-Pixel-3
Ec-Rule-Version
X-Upgrade-Enabled
Decoy-Debug-Status
DB-Nickname
X-Origin
X-Origin-Response-Time
X-Section
Vix-Hermes-Req-Id
X-PERF
X-CS
X-Labrador-Cache-Channel
Cache-Hits
X-Loop
X-NCache
Rt-Fastcgi-Cache
Cache-Key
Azure-SiteName
X-Cache-Server
TWC-Locale-Group
TWC-Privacy
Azure-SlotName
Azure-RegionName
TWC-Device-Class
S-Rt
TWC-Connection-Speed
Webcakes-App-Version
Azure-Version
Property-Id
Country
Selected-Fe
Webcakes-App-Name
TWC-GeoIP-Country
Mn-Server-Ip
Webcakes-Region
TWC-GeoIP-LatLong
Azure-InstanceId
X-FW-Version
X-JoinUs
X-R9-Blue-Green-Version
X-Rule
X-Hit
X-Varnish-Cache-Hits
X-Web-Node
X-OCL
X-Cache-Time
X-Xfnlog-Site
X-Proxy-Build
X-PCL
X-Origin-Hint
X-Upstream-HT
X-Upstream-CT
X-Cache-Grace
X-Timing-Wait
X-Cache-Host
X-Cluster-Node
X-EIG-Tracking-Id
X-Trace-Id
X-Format
X-UnsetCookies
X-FC-Vary-Parameters
X-Backend-TTL
X-CCM
X-S
X-Varnish-Hits
X-Www-Served-By
X-Site-Version
X-Locale
X-Presslabs-Stats
X-Drupal-Cache-Contexts
X-Debug-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Hosted-By
X-Backend-Name
X-Human
X-Device-Type
Now
Server-Info
SRV
X-FireWall-Port
X-Rendered-As
Release
X-HS-Cache-Config
DSUID
OT-Force-Account-Verify
Time
X-VCT
X-APP-VERSION
Hostname
Ohc-Cache-HIT
X-NewRelic-App-Data
ServedBy
X-VG-TLSProxy
X-Vgn-Hpd-Reason
X-OVcl
Cteonnt-Length
X-OVcl-Cache
X-Redis-Cache
X-VG-WebCache
Fastcgi-X-Cache-Version
X-Real-IP
X-ShardId
X-FB-TRIP-ID
X-Alternate-Cache-Key
Origin
X-ShopId
X-Shopify-Stage
X-Litespeed-Cache
Accept-Language
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Origin-Edge-Control
X-Pubstack
Origin-Cache-Control
X-Tb
X-CSRF-TOKEN
X-Oracle-Dms-Rid
Access-Control-Request-Headers
X-B3-Spanid
Machine
X-GEO
X-Nginx-Cache
X-NC
L5d-Success-Class
X-Element-Page-Cache
Fastly-SSL
X-DataStream-MidMile-RTT
X-L-Path
X-No-Session
X-Environment-Context
X-DataStream-Origin-MEX-Latency
X-Tt-Trace-Tag
X-SS-Set-Cookie
X-NGENIX-Cache
NtCoent-Length
X-Mode
X-Cluster-Name
X-UUID
X-LJ-Flow-ID
Odigeo-Trace-Id
X-Load-Cache
X-AWS-Id
X-VWS-Id
IBM-Web2-Location
X-Generated-By
X-HS-Combine-CSS
X-App-Version
X-Amzn-Remapped-Content-Length
X-Magnolia-Registration
X-GoCache-CacheStatus
X-Endurance-Cache-Level
X-ECACHE
X-B3-Parentspanid
X-ServerID
Mime-Version
X-Rocket-Nginx-Bypass
X-Request-Time
X-Origin-TTL
Akamai-GRN
We-Hiring
Mail-Subject
Nel
X-Origin-CC
X-Soup
X-Parent-Response-Time
X-XRDS-LOCATION
X-CACHE-KEY
NGX
X-MServer
Cdn-Host
Cache-Prefix
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Transaction
Content-Script-Type
Cdn-Request-Time
X-Worker
Xc-Version
Content-Style-Type
X-SRCache-Key
Arc-Country
Cross-Origin-Window-Policy
X-VG-WebServer
A
X-Trv-Group
X-Twitter-Response-Tags
X-Node-Id
Apple-News-Services-Handled
X-Uri
AsisCache
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
BehaviorPad-Version
X-S-Maxage
X-D
X-Date
X-Destination
X-Detected-As
X-Connection-Hash
X-CF-Lambda-Version
X-Application
X-ARC
X-B-Cookie
X-CF-Lambda-Fn
X-Developer
X-DPWN-IS-SECURE
X-Rewrite-Enabled
X-Request-UUID
X-Org
X-Region-Sid
X-Is-Bot
X-Instart-Info
X-Edge-Server
X-External-Request-Id
X-G
X-Rojux
X-Aed
X-Accel-Expires-Debug
Node
X-Server-Time
X-ScT
Rendered-Blocks
Mobile-Detection-Method
Meta-Geo-Continent
Fly-Request-Id
GEO-REGION-INFO
MD5-Digest
Memcached
X-PAYTM-SRV-ID
X-S-Cookie
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Ccd
X-A
Rt-Proxy-Cache
T-Server
Viewtype
VivaBuild
Fly-Cache
X-AIR-PT
X-DC
Request-Time
CF-IPCountry
Proxy-Connection
X-Urbn-Site-Id
ServerName
Backend-Name
X-Oneagent-Js-Injection
Locale
X-Urbn-Context-Path
X-Release
X-Cms-Context
Request-EU
X-SIPLIST1
X-SVT-ORM-RULES
Section-Io-Cache
Server-ID
X-Cdn-Srv
Request-Country
Fastly-Soc-X-Request-Id
X-SVT-ORM-VERSION
X-Origin-Date
X-Cache-Bucket
IsBot
X-VC-Cache
N-Cache
Uber-Trace-Id
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Distributor
X-Origin-Expires
X-Developers
X-Hl-Ver
X-Fastly-Cache
X-Up
X-Via-CDN
User-Cache-Control
X-Compress-Hint
Server-Int
RNT-Machine
X-Device-Os
X-Request-URI
X-BYPASS-REASON
X-Distil-CS
X-Request-Start
Platform
X-Core-Mission
X-CUA
RNT-Time
X-Owner
X-Reboot
X-C
X-Block-Status
X-ABtesting
X-Cache-FS-Status
X-ProxyCache-Status
X-ProxyCache-Key
X-Bip
X-Amz-Meta-Cache-Control
X-Backend-Url
X-Backend-Host
X-App-Name
X-Platform-Server
X-BBXSRF
X-Cache-Id
X-RateLimit-Limit-Second
X-Clara-WADP
X-Rebelmouse-Surrogate-Control
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
V-Age
X-Rebelmouse-Cache-Control
X-PHP-Host
X-Cache-Info
X-Cdn-Origin
X-RateLimit-Remaining-Second
W
X-Clientip
X-Wikidot-Static-Cache
X-Thanos
Adler-Geo
X-Thinkindot-L3
X-Level-Front-Cache
X-Li-Fabric
X-TrackingId
AKAMAI
X-Sn-Servicetimems
Magicmarker
CDCHOST
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Skip-Cache
X-Li-Pop
X-LI-Proto
X-MSEdge-Flight
X-MSEdge-Features
X-We-Are-Hiring
X-WADP-Cache
X-VServer
X-Nginx-Cache-Key
X-Variation
X-Old-Content-Length
X-Location
X-LI-UUID
X-Matched-Rule
X-Method
X-WebServer
X-ServiceProvider
X-Hello
X-Flog
Gh-Request-Id
X-GDPR
X-Wikidot-Backend
X-Fetched-On
X-Auto-Login
X-ElasticPress-Search
L
X-Epic-Correlation-Id
Is-Eu
X-Generated-On
X-Gen-Mode
Fastly-SIE
X-Generation-Time
Countrycode
Esi-Enabled
X-Geo-Header
Content-Disposition
Fastly-SWR
X-Microcachable
X-Eu-Site
X-Dispatch
X-Dispatcher-Server
X-Guploader-Uploadid
X-GeoIP-City
X-Backend-State
X-Internal-Host
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-CGP
X-B3-SpanId
X-Generated-In
X-Hash
X-Debug-Log
X-Debug-Cookies
X-Debug-Cache-Store
X-Irp-Debug
X-Routing-Service
X-NX-Host
X-Response-By
SS
Kp-EeAlive
Heartbleed
Wxu-Next-Commit
Web-Mar-Node
Pagetype
Server-Host
X-Webstats-RespID
X-Reqid
Pramga
X-Zipkin-Id
SD-X-WS
Served-By
PFcat
X-Swa-Ws
Wxu-Next-Hostname
X-Say-TTL
X-Say-Cacheable
X-Policy
X-SayCDN-TTL
X-SD-PageType
X-Server-IP
X-User
Wxu-Next-Region
X-Proxy-Cache-Status
X-Proxy-Upstream
HA-Ipaddr
X-Proxied
X-Qloud-Router
Ha-Gx-Prefs
X-Servername
X-IPS-LoggedIn
Memory
Resin-Trace
X-Key
X-Unique-ID
X-Cdn-Forward
Cache-Cookie-Set-From
X-FPC
Cache-Cookie-Set-Idcheck
X-Var-Ttl
Cache-Cookie-Set-Lfrom
X-COUNTRY
X-Service
X-Wa
Country-Code
X-JWT-State
X-Servedbyhost
X-URL
Cache-Provider
X-Page-Type
X-MP-GENERATED-AT
X-Has-Esi
X-Is-Gdpr
X-Ttl
Powered-By-ChinaCache
X-Dc
REQUESTUUID
UCS
CACHE
Srv
X-Nc
X-Lb-Id
X-Geo
X-Info
X-NWS-UUID-VERIFY
X-RateLimit-Reset
ProcessTime
X-VCL-Version
X-Logtrace-Id
Ajk
X-Ratelimit-Limit
X-Cache-Backend
X-HTML-Minification-Powered-By
X-Datadome
X-Cache-URL
X-Svr
X-Processor
X-Tb-Optimization-Total-Bytes-Saved
Proxy-Firewall
X-Be
X-CDN-Forward
X-UA
X-Pjax-Url
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Instart-Isnd
X-Oss-Server-Time
X-Oss-Storage-Class
SN
X-SRV
X-Varnish-Beresp-Ttl
X-HS-Status
X-Cache-Category-Id
X-Scheme
PICS-Label
Powered-By
X-Grey
X-Ruxit-Js-Agent
X-Zone
X-NodeID
X-SN
Dynatrace
X-Cache-Ttl
X-Tec-Api-Origin
X-Tec-Api-Version
X-Webkit-Csp
X-ZONE
X-Tec-Api-Root
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
GeoIP-Country-Code
Fastly-Backend-Name
X-Ftr-Request-Id
GeoIP-City
X-TH-Server
GeoIP-Latitude
XServer
X-Dynatrace
Group
X-Pf-Uncompressing
X-GRACE
X-Source
Cache-Host
X-Server-W
X-Newrelic-Synthetics
X-SERVER-NAME
Ttl
X-RCS-CacheZone
X-EC-Lua
X-LiteSpeed-Cache-Control
CF-Cached-On
X-LAGOON
X-APP
X-FORWARDED-FOR
GW-Server
X-Sucuri-Id
X-Varnish-Beresp-TTL
Cdn
X-Via-Ucdn
LB
X-Gannett-Site-Version
X-Dynatrace-Js-Agent
X-Ms-Version
X-PF-Uncompressing
X-Ms-Request-Id
X-Secret
X-Varnish-Url
X-Bc
X-Check-Cacheable
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-NODE
WZWS-RAY
X-Ftr-Cache-Host
MIME-Version
X-Varnish-Cacheable
GeoIp-Country-Code
X-CDN-Cache
X-Fastly-Country-Code
X-Ratelimit-Remaining
X-Session-Fingerprint
On-Server
Geoip-Latitude
X-Tt-Trace-Host
X-Aicache-OS
Lfy
Geoip-City
Pics-Label
X-Edge
X-Cache-Debug
X-Agile
Environment
X-Agile-Id
X-Agile-Age
X-GeoIP-Country-Code
User-Agent
X-BC
X-PJAX-URL
WWW
X-Akamai-SSL-Client-Sid
X-BE
Inserted-Into-Cache-At
X-Ftr-Dc
X-Ftr-Backend
X-Ftr-Balancer
X-Ftr-Realm
X-Ftr-Backend-Server
X-NU-AKA-ACS-Version
M-TraceId
Requestid
Ohc-Response-Time
X-7Graus-Varnish-Cache-Control
X-Logging-Id
X-7Graus-Varnish-XKeys
X-Fastly-Backend-Reqs
X-Mid
Cf-Ipcountry
X-Crawler
X-UPSTREAM-Address
X-CSRF-Token
X-Varnish-Ttl
SID
X-Render-Time
X-Vcl-Version
X-Sedo-Request-Id
X-MCACHE
Who
X-Cache-Miss-From
Lb
Amp-Access-Control-Allow-Source-Origin
URI
X-Litespeed-Cache-Control
X-LB-ID
X-Micro-Cache
X-RPS
X-FE
X-DSS
X-RSL
X-Newrelic-App-Data
X-Core-Value
X-Cache-Tag
X-DW
X-RPM
RequestUuid
X-DB
X-DI
X-Proxy-Cacherz
Xkeyrz
X-Action
HostName
X-Unique-Id
X-WR-MODIFICATION
X-Served-From
Cdncip
X-Via-Edge
X-AK-Request-ID
X-Via-SSL
Host-ID
Cdnsip
CDN
DataCenter
X-Correlation-ID
X-Cf-Powered-By
X-Sucuri-ID
X-Page-Impression-Id
X-Zalando-Child-Request-Id
Is-Session-Tracking
Get-Access-Time
Xkeypdq
X-WA
X-Flow-Id
X-Fastly-Cache-Hits
X-Sucuri-Cache
X-ServedByHost
X-Nananana
X-Fpc
X-TT-LOGID
X-NGINX-Cache
X-Swift-Error
X-MID
X-Vdms-Version
X-SB
X-VC
X-Amzn-Remapped-Connection
Cneonction
X-Fstrz
X-Gen-Id
X-Cdn-Request-ID
Warning
X-TIME
X-Amzn-Remapped-Date
Correlation-Id
X-Rocket-Build-Number
FNAC-ModuleRouting
X-Sigma
X-Sigma-Backend
X-Vct
X-LiteSpeed-Tag
X-Planisys-CDN-TTL
X-Shopify-Generated-Cart-Token
RequestId
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Pragrma
X-Apw-Hits
X-Protected-By
X-Fe
X-Request-URL
X-Ecache
X-Apw-Access-Token
X-Apw-Access-Action
X-Apw-Access-Object
Processtime
X-ECache
X-Dw-Trace-Id
X-Gdpr
V-Cache
X-MiniProfiler-Ids
X-ServerName
HitType
X-Bug-Bounty
Xet-Cookie