Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
X-Content-Security-Policy
Content-Encoding
Status
X-AspNetMvc-Version
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Request-ID
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-CDN
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Ua-Compatible
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-Server
X-UA-Device
X-Proxy-Cache
X-Hacker
Request-Context
X-Swift-CacheTime
X-Swift-SaveTime
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
P3p
Cf-Railgun
Server-Timing
Feature-Policy
X-Amz-Version-Id
X-Device
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-Ac
EagleEye-TraceId
X-Cnection
Report-To
X-Cloud-Trace-Context
Request-Id
X-Response-Time
X-Backend-Server
X-Host
Content-Location
X-Node
X-Readtime
X-Origin-Cache
X-Vhost
X-Cache-Lookup
X-Application-Context
X-ORACLE-DMS-ECID
X-DataDome
X-Dispatcher
X-Ruxit-JS-Agent
NEL
X-ORACLE-DMS-RID
X-Rack-Cache
X-Origin-Upstream-Status
X-HW
Surrogate-Control
Rating
X-Country-Code
X-Clacks-Overhead
X-Dns-Prefetch-Control
Allow
X-Country
X-Url
X-FTR-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-MS-InvokeApp
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-Goog-Hash
X-TTL
X-PC
X-TtlSet
X-Vname
X-Varnish-TTL
X-B3-TraceId
Pinterest-Generated-By
Verso
X-Powered-By-Plesk
Public-Key-Pins
X-Px
RTSS
Edge-Control
X-ESI
X-Mod-Pagespeed
X-VARITI-CCR
SPRequestGuid
X-Middleton-Display
Display
Response
X-Sol
X-Middleton-Response
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-D2id
Accept-Ch-Lifetime
X-Akam-SW-Version
X-SharePointHealthScore
X-Ah-Environment
X-Recruiting
X-CST
Service-Worker-Allowed
X-Vcap-Request-Id
SPIisLatency
SPRequestDuration
X-Server-Name
X-Version
X-GitHub-Request-Id
X-Navigation-Version
TCN
MS-Author-Via
X-Powered-CMS
X-Abt-Application-Version
X-Trace
Charset
X-Debug
X-Shard
Realpath
Nginx-Cache
Fastly-Restarts
X-Amz-Rid
X-Amz-Server-Side-Encryption
X-Upstream
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-ATIME
X-Aspnetmvc-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Forwarded-Proto
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Accept-CH
X-NF-Request-ID
X-RateLimit-Remaining
X-Ezoic-Cdn
Front-End-Https
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-MSEdge-Ref
X-Cached
DynaTrace
Arr-Disable-Session-Affinity
Access-Control-Request-Method
Pagespeed
Content-MD5
X-Shield-Request-Id
AR-Request-ID
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MicrosoftSharePointTeamServices
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
X-VCache
S
X-DynaTrace-JS-Agent
X-Fastly-Request-ID
X-T
X-Goog-Storage-Class
X-Amz-Meta-S3cmd-Attrs
Accept-Ch
X-Ser
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-Id
X-FTR-Backend-Server
X-FTR-Balancer
Paypal-Debug-Id
X-Varnish-Age
ServerID
X-XRDS-Location
X-Via-JSL
X-Grace
X-Accel-Expires
X-Content-Type
X-Client-IP
X-Fastcgi-Cache
X-Correlation-Id
X-Dw-Request-Base-Id
Edge-Cache-Tag
X-Forwarded-For
X-Amzn-Trace-Id
Fastcgi-Cache
X-Hits
X-Content-Digest
Powered
X-DIS-Request-ID
X-Frontend
AMP-Access-Control-Allow-Source-Origin
X-Vcache
X-N
X-FTR-Cache-Host
PB-PID
X-Pinterest-Rid
PB-RID
Arc-Version
X-Mobile-Rewrite
Pinterest-Version
X-HS-Content-Id
X-HS-Hub-Id
X-Logged-In
Server-Name
TP-Cache
TP-L2-Cache
X-Request-Received
X-Request-Processing-Time
X-Kinsta-Cache
X-Request-Handler-Origin-Region
X-Cache-Hit
X-Microsite
X-Server-ID
X-Zen-Fury
X-Time
X-AppVersion
X-Az
X-Activity-Id
X-LB-Cache
X-IPLB-Instance
X-Rid
X-Revision
X-Type
Healthy
X-Cache-Age
X-User-Agent
Retry-After
X-FastCGI-Cache
X-Whom
X-Srv
Backend-Timing
X-Analytics
X-Node-Name
X-GUploader-UploadID
X-B3-Sampled
FilterID
Server-Node
X-NWS-LOG-UUID
Alternate-Protocol
X-Hp-Webp
Cache-Tag
X-RateLimit-Limit
Accept-Charset
X-F-Cache
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-SERVER
Cache-Status
NR-ENABLED
X-Content-Options
X-Cache-Rule
X-Erf-Bev-Bev
X-Content-Powered-By
DC
X-Erf-Bev-Bev-Is-Generated
X-FB-Debug
X-Cluster
X-Amzn-RequestId
X-Tumblr-User
X-Amz-Apigw-Id
MS-CV
X-AOL-HN
X-Kong-Upstream-Latency
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Kong-Proxy-Latency
Refresh
X-Cache-2
X-Instance
X-App-Environment
X-Webkit-CSP
X-Varnish-Grace
Access-Control-Allow-Method
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Jobs
X-PHP-Backend
X-B
X-Framework
X-Page-Id
X-Debug-Info
Source
X-Seen-By
X-Forwarded-Host
Tracecode
X-Cache-TTL
Actual-Object-TTL
Surrogate-Key
X-Request-Guid
X-Mobile-URL
Host
X-App-Server
Fastcgi-Useragent
X-Cache-Operation
X-Cache-Key
X-Geo-Country
Frame-Options
X-FW-Static
X-Cache-Control
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Cached-By
X-XRDS-LOCATION
X-Pad
X-Hostname
Cleartype
X-TA-CDN-Provider
X-Host-Name
X-Signature
X-Element-Page-Cache
X-B-Cache
X-Git-Hash
X-Mobile
X-BCube-Filmed-By
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
X-Response-Served-From
X-Varnish-Backend
X-ATG-Version
NGB
Xserver
X-HS-Cache-Config
X-GeoIP
X-RemovedCookies
X-ProcessESI
X-UA-Device-Type
X-Amz-Replication-Status
Eomportal-Instance
X-RTag
X-Presslabs-Stats
Filters
Cache-Tv-Group
Ms-Operation-Id
X-Tumblr-Pixel-2
X-TT
X-Handled-By
Webserver
X-Tumblr-Pixel-1
WPE-Backend
X-Daa-Tunnel
X-Adobe-Content
X-EdgeConnect-Cache-Status
GEO-INFO
X-Adobe-Loc
X-Cacheable-TTL
X-Drupal-Cache-Tags
From-Origin
X-RequestSource
X-Origin-Server
Payment
X-TX-ID
X-Wix-Request-Id
X-TT-TIMESTAMP
X-Cache-TTL-Remaining
Datacenter
X-Cache-Remote
Liferay-Portal
Cache
X-Status
X-B3-Traceid
X-FW-Dynamic
X-WA-Info
X-Hyper-Cache
X-Esi
X-Cache-Action
X-Region
X-Acc-Meta-Resource-Type
X-Edge-Location
X-Contextid
Version
Viewport
X-Ratelimit-Reset
X-Ttl
X-Cache-NE
X-Content-Age
X-Varnish-Hostname
X-Akamai-Transformed
X-CF-Powered-By
X-HS-Combine-CSS
X-Cache-Server
X-Storage
PageSpeed
X-Varnish-Server
X-Cache-Var
Host-Header
X-RN-RSRV
Load-Balancing
X-ES-SERVER
X-Cache-Var-Map
X-Path-Route
Meta-Geo
X-IP
Accept-CH-Lifetime
X-Accel-Buffering
X-Cache-Enabled
Ohc-File-Size
X-Proxy
X-Viewer-Country
X-Xfnlog-Site
Country
X-Via-Fastly
X-CCM
X-NCache
Cache-Name
DB-Nickname
X-Loop
X-UnsetCookies
X-Debug-Cache
X-TNCMS
Release
Rt-Fastcgi-Cache
X-Cache-Config
X-Proto
X-Device-Type
X-Tumblr-Pixel-3
Cache-Tags
X-Cache-Time
Ec-Rule-Version
Property-Id
DSUID
TWC-Locale-Group
X-Origin
X-OCL
X-Backend-TTL
X-FC-Vary-Parameters
X-From
X-PCL
X-Hosted-By
X-Labrador-Cache-Channel
X-Varnish-Cache-Hits
X-Akamai-Request-ID2
Vix-Hermes-Req-Id
Cache-Hits
X-Www-Served-By
X-Cache-Grace
X-Vgn-Hpd-Reason
X-Cache-Host
X-Yottaa-Metrics
X-Yottaa-Optimizations
TWC-GeoIP-LatLong
X-Origin-Hint
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
Selected-Fe
TWC-Connection-Speed
Webcakes-App-Version
Webcakes-Region
X-Timing-Wait
X-Human
X-Upgrade-Enabled
X-JoinUs
X-Backend-Name
X-Proxy-Build
X-Rule
S-Rt
Webcakes-App-Name
X-NewRelic-App-Data
X-Drupal-Cache-Contexts
X-EIG-Tracking-Id
X-Time-Microsecs
X-PressLabs-Stats
X-Cluster-Node
X-Varnish-Hits
X-Trace-Id
X-FireWall-Port
X-CS
X-Generated
Decoy-Debug-Key
X-R9-Blue-Green-Version
X-Site-Version
X-VCT
Decoy-Debug-Status
Decoy-Debug-TTL
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Locale
X-Origin-Response-Time
X-Akamai-Request-ID
X-Web-Node
S-Cnection
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
X-Access
Azure-Version
X-Hit
Mn-Server-Ip
X-ApacheServer
X-Section
X-PERF
X-OVcl
X-OVcl-Cache
X-Format
X-Rendered-As
X-Real-IP
Ohc-Cache-HIT
Origin-Cache-Control
Origin-Edge-Control
X-S
Cache-Key
Time
Server-Info
X-Pubstack
X-NGENIX-Cache
X-Redis-Cache
L5d-Success-Class
X-Trafficlayer-App-Scope
X-APP-VERSION
X-Trafficlayer-App-Name
Now
X-FW-Version
X-Ua
Fastcgi-X-Cache-Version
X-Litespeed-Cache
X-SS-Set-Cookie
OT-Force-Account-Verify
X-Upstream-HT
X-Upstream-CT
Fastly-SSL
X-Origin-TTL
X-Origin-CC
X-Cluster-Name
X-ServerID
Cteonnt-Length
Access-Control-Request-Headers
X-Load-Cache
ServedBy
Mime-Version
X-ShopId
X-ShardId
X-Alternate-Cache-Key
X-FB-TRIP-ID
X-Sorting-Hat-PodId
X-UUID
Hostname
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Parent-Response-Time
X-Rocket-Nginx-Bypass
X-GoCache-CacheStatus
X-Soup
X-Guploader-Uploadid
NtCoent-Length
Origin
X-VG-WebCache
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Webkit-Csp
Accept-Language
X-VG-TLSProxy
Machine
X-Upstream-Proxy
X-Is-Bot
Odigeo-Trace-Id
X-UA
X-App-Version
NGX
X-Uri
IBM-Web2-Location
X-Tb
X-Nc
X-Info
X-No-Session
Nel
X-MServer
X-L-Path
X-BYPASS-REASON
X-ProxyCache-Key
X-Node-Id
X-ProxyCache-Status
X-Environment-Context
X-CACHE-KEY
X-Geo
X-B-Cookie
Cache-Prefix
X-Destination
X-DPWN-IS-SECURE
Request-Time
X-B3-Parentspanid
X-ARC
X-External-Request-Id
X-Detected-As
X-VG-WebServer
MD5-Digest
Memcached
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Date
X-Application
A
Content-Script-Type
X-ECACHE
Fly-Request-Id
Fly-Cache
GEO-REGION-INFO
X-Instart-Info
X-CF-Lambda-Fn
X-Hl-Ver
X-Rojux
X-Cms-Context
Content-Style-Type
Uber-Trace-Id
Proxy-Connection
X-G
X-D
X-Connection-Hash
Cross-Origin-Window-Policy
X-CF-Lambda-Version
X-Developer
Rt-Proxy-Cache
Apple-News-Services-Request-Url
X-Server-Time
VivaBuild
X-Region-Sid
X-SRCache-Key
X-A-Ccd
X-A
Viewtype
T-Server
Arc-Country
AsisCache
X-S-Cookie
X-ScT
ServerName
X-Request-UUID
X-Rewrite-Enabled
Meta-Geo-Continent
Apple-News-Services-Parsed-Url
X-Twitter-Response-Tags
X-Accel-Expires-Debug
X-Trv-Group
X-Aed
X-AIR-PT
Mobile-Detection-Method
Apple-News-Services-Handled
Node
X-A-Wwc
X-A-Dgt
X-A-Dam
Rendered-Blocks
Request-Country
Request-EU
X-Transaction
X-PAYTM-SRV-ID
Apple-News-Services-Host
X-A-Dcw
X-Cdn-Forward
X-Endurance-Cache-Level
Srv
X-Oneagent-Js-Injection
Backend-Name
X-Ratelimit-Limit
X-Tt-Trace-Tag
X-B3-Spanid
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
BehaviorPad-Version
X-WADP-Cache
X-Has-Esi
N-Cache
X-PHP-Host
X-Generated-By
X-Device-Os
X-Worker
X-B3-SpanId
We-Hiring
X-CSRF-TOKEN
X-Amzn-Remapped-Content-Length
X-Is-Gdpr
X-S-Maxage
X-Cache-Bucket
Mail-Subject
X-Clara-WADP
X-Cdn-Srv
Xc-Version
X-JWT-State
X-Dc
CF-IPCountry
User-Cache-Control
X-Via-CDN
X-Amz-Meta-Cache-Control
X-Debug-Cache-Fetch
X-CUA
X-BBXSRF
X-Cache-FS-Status
X-Backend-Url
X-Debug-Cache-Expiry
X-Auto-Login
X-Backend-Host
X-Debug-Cache-Store
X-Clientip
X-Gen-Mode
X-Location
X-LI-UUID
X-Magnolia-Registration
X-Old-Content-Length
Server-Host
X-Up
X-User
X-Var-Ttl
X-We-Are-Hiring
X-WebServer
X-Li-Pop
X-VC-Cache
X-Variation
X-Origin-Date
X-Origin-Expires
X-Release
X-Service
X-Reqid
X-Request-Start
X-Server-IP
X-SIPLIST1
X-Skip-Cache
X-TrackingId
X-Owner
X-Platform-Server
X-Reboot
X-Thanos
X-Webstats-RespID
X-Li-Fabric
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Generated-On
X-NX-Host
X-Generation-Time
X-Request-URI
X-Sn-Servicetimems
X-Dispatcher-Server
X-Dispatch
X-Distributor
X-Fastly-Cache
X-Fetched-On
X-Geo-Header
X-Hnp-Log
X-Irp-Debug
X-IN-APIGATEWAYSSL
X-Cache-Info
X-Block-Status
X-Level-Front-Cache
X-Cdn-Origin
X-Debug-Cookies
X-GeoIP-City
X-ElasticPress-Search
X-Debug-Log
X-Hash
X-IN-APIGATEWAY
X-Developers
X-Bip
PFcat
Pagetype
Platform
Pramga
AKAMAI
Countrycode
Fastly-Soc-X-Request-Id
Gh-Request-Id
Heartbleed
Is-Eu
IsBot
Adler-Geo
Content-Disposition
Served-By
X-Nginx-Cache
Section-Io-Cache
Akamai-GRN
X-NWS-UUID-VERIFY
Web-Mar-Node
X-Lb-Id
X-Distil-CS
True-Client-Country-4JS
X-CGP
X-Key
X-Wikidot-Static-Cache
Kp-EeAlive
X-Cache-Id
X-SD-PageType
X-Compress-Hint
Thinkindot-CacheControl
X-Epic-Correlation-Id
Locale
X-Generated-In
X-Eu-Site
Thinkindot-CacheControl-Type
Esi-Enabled
Thinkindot-Control
CDCHOST
X-Wikidot-Backend
Ha-Gx-Prefs
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
RNT-Machine
X-SayCDN-TTL
X-NC
X-Thinkindot-L3
X-Urbn-Context-Path
X-VServer
X-Svr
X-Urbn-Site-Id
SD-X-WS
RNT-Time
X-Say-TTL
X-Swa-Ws
X-Say-Cacheable
X-Azure-Ref-OriginShield
X-Azure-Ref
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-C
X-Policy
L
HA-Ipaddr
X-Matched-Rule
X-Microcachable
SRV
X-LI-Proto
X-Instart-Isnd
X-Method
X-Qloud-Router
X-Nginx-Cache-Key
X-Servername
V-Age
Server-Int
X-ServiceProvider
Resin-Trace
X-Rebelmouse-Surrogate-Control
Fastly-SIE
Server-ID
X-Rebelmouse-Cache-Control
Fastly-SWR
Magicmarker
Memory
X-Core-Mission
X-Backend-State
X-App-Name
X-FPC
W
X-MSEdge-Flight
X-Cache-URL
X-Cache-Backend
Cache-Provider
X-Scheme
X-MSEdge-Features
X-Internal-Host
X-GEO
X-Be
REQUESTUUID
Cdn-Request-Time
X-LJ-Flow-ID
X-Processor
X-Edge-Server
Cdn-Host
X-AWS-Id
X-VWS-Id
X-GDPR
X-DC
X-Mode
Group
X-Pjax-Url
X-Request-Time
X-Org
X-NodeID
X-Ratelimit-Remaining
Cache-Host
X-ABtesting
X-Hello
SS
X-Flog
X-Datadome
X-Wa
X-Server-W
X-Response-By
X-Servedbyhost
X-IPS-LoggedIn
X-Ms-Version
X-Ms-Request-Id
X-Unique-ID
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
Country-Code
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Page-Type
X-SN
X-CDN-Forward
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Webapp-Samesite-None-Activated-N
X-Varnish-Beresp-Grace
X-Zone
X-Ruxit-Js-Agent
X-EC-Lua
Lfy
X-Oracle-Dms-Rid
X-VCL-Version
PICS-Label
X-Session-Fingerprint
X-Routing-Service
X-Zipkin-Id
X-Proxied
UCS
X-SRV
X-Cache-Debug
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Ucdn
X-Ftr-Request-Id
X-HS-Status
X-Dynatrace
X-Agile-Age
X-COUNTRY
Powered-By-ChinaCache
X-URL
X-Agile-Id
X-CSRF-Token
Geoip-Latitude
X-Pf-Uncompressing
X-Agile
GeoIp-Country-Code
Geoip-City
X-DataStream-Cache-Status
X-GRACE
X-Logtrace-Id
SN
X-7Graus-Varnish-XKeys
X-7Graus-Varnish-Cache-Control
Ttl
Ajk
X-Varnish-Beresp-TTL
X-RateLimit-Reset
X-MP-GENERATED-AT
X-Sedo-Request-Id
X-Logging-Id
Proxy-Firewall
X-Fastly-Country-Code
Environment
X-Cache-Miss-From
ProcessTime
X-Bc
X-Unique-Id
X-Source
X-Sucuri-ID
GeoIP-Latitude
X-PF-Uncompressing
Powered-By
Cdn
X-Cache-Category-Id
GeoIP-Country-Code
GeoIP-City
X-APP
X-Grey
X-NODE
X-HTML-Minification-Powered-By
XServer
X-ZONE
X-Sucuri-Id
X-Newrelic-Synthetics
X-Ftr-Cache-Host
X-Vcl-Version
X-CLOUD-TRACE-CONTEXT
X-TH-Server
X-Tt-Trace-Host
X-Core-Value
Cf-Ipcountry
X-DataStream-MidMile-RTT
X-Check-Cacheable
X-Vdms-Version
CF-Cached-On
CACHE
Fastly-Backend-Name
Pics-Label
X-Edge
X-DataStream-Origin-MEX-Latency
M-TraceId
X-LiteSpeed-Cache-Control
Cdnsip
X-Sucuri-Cache
X-Aicache-OS
Cdncip
WWW
X-AK-Request-ID
X-Ftr-Realm
X-Dynatrace-Js-Agent
X-Ftr-Backend-Server
X-Ftr-Backend
X-Swift-Error
HostName
X-Ftr-Dc
X-Ftr-Balancer
X-Fastly-Backend-Reqs
X-Shopify-Generated-Cart-Token
Requestid
X-Planisys-CDN-TTL
X-Mid
X-Planisys-CDN-Cache
X-Sigma
X-Rocket-Build-Number
X-ServedByHost
GW-Server
X-Planisys-CDN-Rules
X-Sigma-Backend
Pragrma
X-Fstrz
MIME-Version
LB
X-Varnish-Ttl
X-LAGOON
X-MCACHE
X-WA
X-NGINX-Cache
X-Cache-Tag
X-FORWARDED-FOR
X-Via-NSCOPI
X-RCS-CacheZone
Amp-Access-Control-Allow-Source-Origin
X-Gannett-Site-Version
X-SaId
TTL
X-Varnish-Url
X-ORACLE-APMCS-REQUEST-ID
X-UPSTREAM-Address
X-Litespeed-Cache-Control
X-ORACLE-APMCS-TAG
X-Secret
X-TT-LOGID
Ohc-Response-Time
Lb
URI
X-BC
X-RSL
X-CDN-Cache
X-Cache-Ttl
X-PJAX-URL
X-BE
X-RPS
X-Action
X-RPM
X-DSS
X-DW
X-ND-Cache
X-DB
X-DI
Dynatrace
X-Varnish-Cacheable
RequestUuid
X-GeoIP-Country-Code
WZWS-RAY
X-Upstream-Ct
X-Refresh
X-Trafficlayer-App-Version
X-WR-MODIFICATION
X-Upstream-Ht
Host-ID
On-Server
DataCenter
X-Correlation-ID
X-Served-From
X-Via-Edge
X-Via-SSL
Get-Access-Time
Is-Session-Tracking
X-Proxy-Cacherz
CDN
Server-Id
User-Agent
Inserted-Into-Cache-At
X-Zalando-Child-Request-Id
Xkeyrz
X-Page-Impression-Id
X-Fpc
X-Flow-Id
Xkeypdq
X-Fastly-Cache-Hits
Locid
X-Nananana
Warning
X-VC
Correlation-Id
X-MID
Gannett-Cam-Experience-Id
X-ECache
Thinkindot-Cache-Type
X-Pod
X-SB
X-Li-Proto
X-Gamma-Serve
X-Dw-Trace-Id
X-Akamai-SSL-Client-Sid
X-Cf-Powered-By
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Amzn-Remapped-Connection
Xet-Cookie
X-ServerName
X-Newrelic-App-Data
X-Amzn-Remapped-Date
X-Req
Who
Cneonction
X-Crawler
X-Gdpr
X-LB-ID
V-Cache
RequestId
X-MiniProfiler-Ids
Processtime
X-Bug-Bounty
X-Request-URL
HitType
X-LiteSpeed-Tag
X-Gen-Id
SID
X-NU-AKA-ACS-Version