Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
Content-Encoding
X-Content-Security-Policy
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
X-Request-ID
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Ua-Compatible
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-CDN
X-UA-Device
X-Hacker
X-Server
Request-Context
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
Cf-Railgun
X-LiteSpeed-Cache
Server-Timing
X-Amz-Version-Id
Feature-Policy
X-WebKit-CSP
X-Device
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
Report-To
X-Cloud-Trace-Context
EagleEye-TraceId
X-Response-Time
X-Backend-Server
Request-Id
X-Host
X-Node
Content-Location
X-Readtime
X-Origin-Cache
X-Vhost
X-Application-Context
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-ORACLE-DMS-RID
X-DataDome
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Rack-Cache
Surrogate-Control
X-HW
Allow
Rating
X-Country-Code
X-Dns-Prefetch-Control
X-Clacks-Overhead
X-FTR-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Country
X-Url
X-Instart-Request-ID
X-MS-InvokeApp
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-TTL
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
X-Varnish-TTL
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
RTSS
Public-Key-Pins
X-Px
X-Mod-Pagespeed
Edge-Control
X-VARITI-CCR
X-Middleton-Response
X-Sol
X-Middleton-Display
Display
Response
X-CST
X-Recruiting
X-B3-TraceId
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-D2id
X-SharePointHealthScore
SPRequestGuid
Service-Worker-Allowed
X-Ah-Environment
X-Akam-SW-Version
X-Vcap-Request-Id
X-Version
X-ESI
Accept-CH
SPRequestDuration
SPIisLatency
X-Server-Name
X-GitHub-Request-Id
MS-Author-Via
X-Abt-Application-Version
TCN
X-Navigation-Version
X-Powered-CMS
X-Shard
Accept-Ch-Lifetime
X-Trace
Charset
X-Upstream
Fastly-Restarts
X-RateLimit-Remaining
X-Amz-Server-Side-Encryption
Nginx-Cache
Realpath
X-Amz-Rid
X-Debug
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-ATIME
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-Aspnetmvc-Version
X-Ezoic-Cdn
Front-End-Https
X-Cached
X-XRDS-Location
X-NF-Request-ID
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
Pagespeed
X-MSEdge-Ref
AR-Request-ID
X-VCache
X-Shield-Request-Id
Mrf-Cache-Status
X-Mrf-Item-Lastmod
Access-Control-Request-Method
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Arr-Disable-Session-Affinity
X-FTR-Cache-Status
X-FTR-Expires
Content-MD5
X-Country-Code-Real
MicrosoftSharePointTeamServices
Paypal-Debug-Id
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-T
S
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Fastly-Request-ID
ServerID
X-Via-JSL
X-Varnish-Age
X-Ser
X-Client-IP
DynaTrace
X-Server-ID
X-Content-Type
X-Dw-Request-Base-Id
X-DynaTrace-JS-Agent
X-Hits
X-Accel-Expires
X-Grace
X-Correlation-Id
X-Amzn-Trace-Id
X-FastCGI-Cache
Fastcgi-Cache
X-Content-Digest
Powered
X-SERVER
X-Frontend
X-DIS-Request-ID
X-N
AMP-Access-Control-Allow-Source-Origin
PB-RID
PB-PID
X-Mobile-Rewrite
Edge-Cache-Tag
X-FTR-Cache-Host
Arc-Version
X-Forwarded-For
X-HS-Hub-Id
X-HS-Content-Id
X-Logged-In
Server-Name
X-Vcache
X-RateLimit-Limit
TP-L2-Cache
Accept-Ch
TP-Cache
X-GUploader-UploadID
X-Pinterest-Rid
Pinterest-Version
X-Request-Handler-Origin-Region
X-Microsite
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-B3-Sampled
X-Kinsta-Cache
X-Cache-Age
X-Time
X-Revision
X-User-Agent
X-Type
X-Rid
X-IPLB-Instance
X-Az
X-AppVersion
X-Activity-Id
X-Analytics
Backend-Timing
Healthy
X-LB-Cache
X-Fastcgi-Cache
X-Whom
X-Cache-Hit
Retry-After
X-Node-Name
X-Srv
FilterID
Server-Node
X-NWS-LOG-UUID
X-F-Cache
Alternate-Protocol
Accept-Charset
X-Cache-2
X-Hp-Webp
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-Rule
Cache-Tag
X-Akamai-Edgescape
Cache-Status
X-Content-Options
X-B3-Traceid
X-Amz-Apigw-Id
X-Amzn-RequestId
Surrogate-Key
X-Content-Security-Policy-Report-Only
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
DC
Refresh
X-Forwarded-Host
X-Instance
VIX-Pulpo-Node
X-Tumblr-User
X-Content-Powered-By
Tracecode
X-Tumblr-Pixel
X-Tumblr-Pixel-0
VIX-Pulpo-Upstream-Status
X-AOL-HN
X-Varnish-Grace
X-Jobs
X-Framework
X-App-Environment
Access-Control-Allow-Method
X-Webkit-CSP
X-Debug-Info
MS-CV
Source
X-Cluster
X-PHP-Backend
X-FB-Debug
X-Request-Guid
X-Page-Id
Fastcgi-Useragent
X-Cache-TTL
X-App-Server
X-FW-Hash
X-B
X-FW-Serve
X-FW-Static
X-FW-Type
X-FW-Server
Frame-Options
X-Cache-Operation
X-Cache-Key
Actual-Object-TTL
Host
X-Mobile-URL
X-TA-CDN-Provider
X-Esi
X-Seen-By
X-Hostname
Accept-CH-Lifetime
X-Geo-Country
X-Cache-Control
Cleartype
NR-ENABLED
X-Signature
X-B-Cache
X-Host-Name
X-BCube-Filmed-By
X-Cached-By
Upgrade-Insecure-Requests
X-Acc-Meta-Resource-Type
X-Mobile
X-Pad
X-Varnish-Backend
X-TT
X-Git-Hash
NGB
X-Amz-Replication-Status
X-Response-Served-From
X-Presslabs-Stats
X-WebKit-CSP-Report-Only
X-Adobe-Content
GEO-INFO
X-Adobe-Loc
X-ATG-Version
WPE-Backend
X-Drupal-Cache-Tags
X-GeoIP
Payment
Ms-Operation-Id
Webserver
X-Handled-By
Filters
Eomportal-Instance
X-UA-Device-Type
X-ProcessESI
X-TT-TIMESTAMP
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-RTag
X-RemovedCookies
Cache-Tv-Group
X-RequestSource
From-Origin
X-TX-ID
X-Cache-Remote
X-Cacheable-TTL
Liferay-Portal
X-Origin-Server
X-Status
X-Cache-TTL-Remaining
X-Daa-Tunnel
X-Litespeed-Cache
X-FW-Dynamic
X-EdgeConnect-Cache-Status
X-WA-Info
X-Wix-Request-Id
X-Cache-Action
X-Content-Age
X-Edge-Location
X-Hyper-Cache
X-HS-Cache-Config
X-Contextid
Viewport
X-Element-Page-Cache
Datacenter
X-Region
Xserver
X-Storage
X-CF-Powered-By
Version
X-Ratelimit-Reset
X-Varnish-Hostname
Cache
X-Accel-Buffering
X-Akamai-Transformed
Ohc-File-Size
X-Cache-NE
PageSpeed
Host-Header
X-Varnish-Server
Meta-Geo
Load-Balancing
X-Cache-Var
X-Cache-Server
X-Cache-Var-Map
X-Path-Route
X-RN-RSRV
X-ES-SERVER
X-IP
X-Proto
X-Yottaa-Metrics
S-Cnection
X-Proxy
X-Cache-Enabled
X-Yottaa-Optimizations
Cache-Tags
Cache-Name
X-Akamai-Request-ID
Webcakes-Region
Webcakes-App-Version
X-Access
X-NewRelic-App-Data
X-NCache
X-Loop
X-Varnish-Cache-Hits
X-Viewer-Country
X-Akamai-Request-ID2
Vix-Hermes-Req-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
Rt-Fastcgi-Cache
Country
Cache-Hits
Mn-Server-Ip
TWC-GeoIP-LatLong
Ec-Rule-Version
Webcakes-App-Name
TWC-Privacy
X-Cache-Config
TWC-Locale-Group
Release
X-Via-Fastly
X-CS
X-Section
X-Cluster-Node
X-Origin-Hint
X-Origin-Response-Time
X-TNCMS
Property-Id
X-Tumblr-Pixel-3
X-Device-Type
X-R9-Blue-Green-Version
X-Www-Served-By
DSUID
X-Origin
X-Proxy-Build
X-Human
X-OCL
Decoy-Debug-TTL
X-PERF
Decoy-Debug-Status
X-EIG-Tracking-Id
X-Drupal-Cache-Contexts
X-Debug-Cache
DB-Nickname
Azure-Version
Azure-SlotName
X-Cache-Time
X-FC-Vary-Parameters
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-PCL
X-Labrador-Cache-Channel
X-Upstream-CT
X-Upstream-HT
X-Trace-Id
X-VCT
X-Upgrade-Enabled
X-Cache-Grace
X-Backend-TTL
X-Backend-Name
X-Format
X-UnsetCookies
X-Rule
X-Cache-Host
Selected-Fe
X-Xfnlog-Site
Decoy-Debug-Key
X-Time-Microsecs
X-Web-Node
S-Rt
X-ApacheServer
X-Timing-Wait
X-Hit
X-Hosted-By
X-CCM
X-JoinUs
Cache-Key
X-Site-Version
X-Generated
Ohc-Cache-HIT
X-Locale
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PressLabs-Stats
X-From
X-FireWall-Port
X-Vgn-Hpd-Reason
Server-Info
X-XRDS-LOCATION
Time
X-Ttl
X-HS-Combine-CSS
X-S
X-Rendered-As
X-Varnish-Hits
X-Upstream-Proxy
X-FW-Version
X-OVcl
X-OVcl-Cache
X-Tec-Api-Version
Now
X-Tec-Api-Root
X-Tec-Api-Origin
X-Real-IP
X-NGENIX-Cache
X-SS-Set-Cookie
X-APP-VERSION
L5d-Success-Class
X-Pubstack
Origin-Cache-Control
OT-Force-Account-Verify
Origin-Edge-Control
X-Ua
Fastcgi-X-Cache-Version
X-Redis-Cache
Hostname
Access-Control-Request-Headers
ServedBy
X-FB-TRIP-ID
Cteonnt-Length
X-VG-TLSProxy
Origin
Fastly-SSL
X-VG-WebCache
X-ShardId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
Accept-Language
X-Parent-Response-Time
X-Cluster-Name
X-UUID
X-B3-Spanid
X-Tb
X-Load-Cache
Machine
X-Origin-TTL
X-Origin-CC
X-CSRF-TOKEN
X-NC
X-GoCache-CacheStatus
NtCoent-Length
X-ServerID
X-Rocket-Nginx-Bypass
X-Soup
X-Tt-Trace-Tag
X-COUNTRY
X-ECACHE
X-No-Session
IBM-Web2-Location
X-Environment-Context
X-L-Path
X-URL
NGX
X-Trafficlayer-App-Scope
X-App-Version
SRV
X-Trafficlayer-App-Name
X-UA
X-Is-Bot
X-B3-Parentspanid
X-Uri
Nel
CF-IPCountry
Mime-Version
X-MServer
X-DataStream-Cache-Status
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
X-Magnolia-Registration
X-CACHE-KEY
X-GEO
X-Nginx-Cache
X-Application
MD5-Digest
AsisCache
X-Node-Id
Arc-Country
X-B-Cookie
X-Hl-Ver
X-PAYTM-SRV-ID
X-AIR-PT
BehaviorPad-Version
X-G
A
X-DPWN-IS-SECURE
Mail-Subject
X-Vtex-Remote-Cache
Apple-News-Services-Host
Akamai-GRN
Meta-Geo-Continent
X-Instart-Info
Request-Time
X-Aed
Mobile-Detection-Method
Apple-News-Services-Handled
X-CF-Lambda-Fn
Apple-News-Services-Request-Url
Fly-Cache
Proxy-Connection
Apple-News-Services-Parsed-Url
Memcached
Node
Odigeo-Trace-Id
X-ARC
X-Region-Sid
Content-Style-Type
X-Date
Cross-Origin-Window-Policy
ServerName
X-SRCache-Key
Content-Script-Type
X-Server-Time
X-Destination
GEO-REGION-INFO
X-A
X-D
X-Transaction
Viewtype
T-Server
X-External-Request-Id
X-Connection-Hash
X-Worker
VivaBuild
X-Trv-Group
X-Twitter-Response-Tags
Fly-Request-Id
X-A-Ccd
X-ScT
X-Request-UUID
We-Hiring
Rendered-Blocks
X-A-Dcw
X-A-Dgt
X-Developer
X-A-Wwc
Cache-Prefix
X-A-Dam
X-Accel-Expires-Debug
X-Rojux
X-S-Cookie
X-Detected-As
Xc-Version
X-Rewrite-Enabled
X-Vtex-Processado-Em
Rt-Proxy-Cache
X-VG-WebServer
X-CF-Lambda-Version
Backend-Name
X-Generated-By
X-Oneagent-Js-Injection
X-Cache-Bucket
X-Developers
X-Cms-Context
X-CUA
Fastly-Soc-X-Request-Id
X-Cdn-Srv
X-ProxyCache-Status
X-BYPASS-REASON
X-ProxyCache-Key
Uber-Trace-Id
X-Dc
N-Cache
X-Azure-Ref-OriginShield
X-Release
X-Azure-Ref
Request-EU
X-Origin-Expires
Request-Country
X-Origin-Date
X-S-Maxage
Section-Io-Cache
IsBot
X-Up
X-VC-Cache
X-Fastly-Cache
X-SVT-ORM-VERSION
X-Var-Ttl
X-SIPLIST1
X-SVT-ORM-RULES
X-LJ-Flow-ID
X-VWS-Id
User-Cache-Control
X-AWS-Id
Wxu-Next-Commit
X-BBXSRF
Wxu-Next-Hostname
W
X-Block-Status
X-Cache-Info
Thinkindot-Control
X-Bip
Wxu-Next-Region
X-Cdn-Origin
X-Backend-Host
X-Auto-Login
X-CGP
X-Clara-WADP
X-Backend-Url
X-Clientip
X-App-Name
X-Hash
X-Rebelmouse-Surrogate-Control
X-Wikidot-Backend
X-Reboot
X-Reqid
X-Is-Gdpr
X-Rebelmouse-Cache-Control
X-Qloud-Router
X-NX-Host
X-Nginx-Cache-Key
X-JWT-State
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Has-Esi
X-VServer
X-Urbn-Context-Path
X-TrackingId
X-Urbn-Site-Id
X-User
X-Wikidot-Static-Cache
X-Thinkindot-L3
X-Thanos
X-Service
X-Server-IP
X-Skip-Cache
X-Sn-Servicetimems
X-Swa-Ws
X-Method
X-Matched-Rule
X-Distributor
X-Distil-CS
X-ElasticPress-Search
X-Eu-Site
X-Gen-Mode
X-Dispatch
X-Device-Os
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Generated-On
X-Generation-Time
X-Irp-Debug
X-WADP-Cache
X-Level-Front-Cache
X-Location
Thinkindot-CacheControl-Type
X-We-Are-Hiring
X-IN-APIGATEWAYSSL
X-Geo-Header
X-Webstats-RespID
X-Hnp-Log
X-IN-APIGATEWAY
X-Compress-Hint
X-Core-Mission
X-C
L
Kp-EeAlive
Thinkindot-CacheControl
Locale
Magicmarker
Pramga
Pagetype
Srv
Heartbleed
HA-Ipaddr
Content-Disposition
CDCHOST
AKAMAI
Countrycode
Esi-Enabled
Gh-Request-Id
Fastly-SWR
Fastly-SIE
X-Mode
Ha-Gx-Prefs
Server-Int
RNT-Machine
Served-By
RNT-Time
Server-Host
X-Microcachable
X-Info
True-Client-Country-4JS
X-Dispatcher-Server
Adler-Geo
X-Owner
X-Platform-Server
Cdn-Request-Time
X-RateLimit-Limit-Second
Cdn-Host
X-Policy
X-Old-Content-Length
Cache-Provider
X-PHP-Host
X-MSEdge-Features
X-Key
X-Li-Fabric
X-Internal-Host
X-Generated-In
X-GeoIP-City
X-Fetched-On
X-Li-Pop
X-Epic-Correlation-Id
X-MSEdge-Flight
X-Request-Start
X-LI-UUID
X-LI-Proto
X-Edge-Server
X-RateLimit-Remaining-Second
X-Variation
X-Backend-State
Is-Eu
X-Guploader-Uploadid
X-Cache-Id
X-ServiceProvider
Memory
PFcat
X-Via-CDN
X-WebServer
X-Amz-Meta-Cache-Control
Platform
X-B3-SpanId
X-Servername
X-Cache-FS-Status
X-SayCDN-TTL
Web-Mar-Node
X-Say-TTL
X-Say-Cacheable
X-Request-URI
X-Geo
X-Request-Time
V-Age
Resin-Trace
X-GDPR
SD-X-WS
Server-ID
X-SD-PageType
X-NWS-UUID-VERIFY
X-Cdn-Forward
X-FPC
X-Lb-Id
X-Org
X-Be
X-Wa
X-Hello
X-Svr
X-Cache-URL
X-Nc
X-Ratelimit-Limit
REQUESTUUID
X-Flog
X-ABtesting
SS
X-Servedbyhost
X-Instart-Isnd
X-RateLimit-Reset
X-IPS-LoggedIn
X-DC
Country-Code
X-Response-By
X-Scheme
X-Unique-ID
Dynatrace
X-CDN-Forward
X-Proxied
X-Cache-Backend
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Processor
X-Zipkin-Id
XServer
X-Routing-Service
X-Datadome
X-Dynatrace-Js-Agent
X-NodeID
X-Page-Type
X-VCL-Version
X-DataStream-Origin-MEX-Latency
Group
X-DataStream-MidMile-RTT
UCS
X-Pjax-Url
X-SN
Cache-Host
X-Oss-Storage-Class
PICS-Label
X-Oss-Server-Time
X-MP-GENERATED-AT
X-Server-W
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Ruxit-Js-Agent
X-Varnish-Beresp-Ttl
Powered-By-ChinaCache
X-Logtrace-Id
CACHE
X-Oracle-Dms-Rid
X-Tb-Optimization-Total-Bytes-Saved
Ajk
ProcessTime
X-Webkit-Csp
X-SRV
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Proxy-Firewall
X-HS-Status
X-Ftr-Request-Id
X-Ms-Request-Id
X-Ms-Version
X-Via-Ucdn
X-Zone
X-ZONE
X-HTML-Minification-Powered-By
X-Dynatrace
Geoip-City
X-Pf-Uncompressing
Geoip-Latitude
GeoIp-Country-Code
Powered-By
SN
Ttl
X-EC-Lua
X-Newrelic-Synthetics
X-Source
X-GRACE
Lfy
X-Session-Fingerprint
X-Grey
X-Cache-Category-Id
X-Varnish-Beresp-TTL
X-Ratelimit-Remaining
X-Agile-Id
X-FORWARDED-FOR
X-Cache-Debug
X-APP
X-Agile-Age
X-Agile
X-TH-Server
X-LiteSpeed-Cache-Control
GeoIP-Latitude
MIME-Version
X-PF-Uncompressing
GeoIP-City
GeoIP-Country-Code
X-Fastly-Country-Code
Fastly-Backend-Name
X-Check-Cacheable
X-NODE
X-Logging-Id
X-Ftr-Cache-Host
X-Sucuri-Id
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Bc
GW-Server
X-Tt-Trace-Host
X-Aicache-OS
Cdn
Environment
X-Cache-Miss-From
X-Sedo-Request-Id
X-Sucuri-ID
LB
CF-Cached-On
Pics-Label
X-CSRF-Token
X-LAGOON
X-Unique-Id
X-Edge
X-Gannett-Site-Version
X-Varnish-Url
X-Secret
X-PJAX-URL
WWW
X-Core-Value
X-BC
M-TraceId
X-RCS-CacheZone
X-Ftr-Backend
X-Ftr-Realm
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Ftr-Dc
Requestid
WZWS-RAY
X-Mid
X-Fastly-Backend-Reqs
Ohc-Response-Time
X-Vcl-Version
Cf-Ipcountry
On-Server
X-Vdms-Version
X-CDN-Cache
X-Cache-Tag
DataCenter
X-MCACHE
X-UPSTREAM-Address
X-Varnish-Ttl
X-Swift-Error
X-Varnish-Cacheable
X-TT-LOGID
Cdncip
X-AK-Request-ID
Cdnsip
X-Sucuri-Cache
Amp-Access-Control-Allow-Source-Origin
X-NGINX-Cache
X-Fstrz
User-Agent
HostName
X-Sigma
X-Litespeed-Cache-Control
X-GeoIP-Country-Code
X-Rocket-Build-Number
X-Sigma-Backend
X-Akamai-SSL-Client-Sid
Lb
X-DSS
X-DW
X-DI
CDN
X-Cache-Ttl
X-Action
X-RPM
X-RPS
X-Planisys-CDN-TTL
X-Shopify-Generated-Cart-Token
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-RSL
Pragrma
X-BE
X-DB
X-Proxy-Cacherz
Inserted-Into-Cache-At
Xkeyrz
URI
RequestUuid
SID
Host-ID
X-NU-AKA-ACS-Version
X-Via-NSCOPI
Who
X-ServedByHost
X-Crawler
X-Correlation-ID
X-Fastly-Cache-Hits
X-Flow-Id
X-Zalando-Child-Request-Id
Xkeypdq
X-Fpc
Warning
Server-Id
X-Render-Time
X-WR-MODIFICATION
Is-Session-Tracking
X-LB-ID
X-Page-Impression-Id
Get-Access-Time
X-WA
X-Refresh
X-FE
X-SB
X-Amzn-Remapped-Date
X-ND-Cache
X-Nananana
X-Amzn-Remapped-Connection
X-MID
TTL
Correlation-Id
X-VC
FNAC-ModuleRouting
X-Cf-Powered-By
X-SaId
X-Trafficlayer-App-Version
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-LiteSpeed-Tag
Xet-Cookie
X-Gdpr
V-Cache
X-Bug-Bounty
X-Dw-Trace-Id
Cneonction
X-Micro-Cache
X-MiniProfiler-Ids
X-Newrelic-App-Data
X-ServerName
RequestId
X-ECache
Processtime
X-Request-URL
HitType
X-Fe
X-Cdn-Request-ID
X-Gen-Id