Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-AspNetMvc-Version
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Robots-Tag
X-Envoy-Upstream-Service-Time
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Ua-Compatible
X-Pingback
X-CDN
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-Server
X-UA-Device
X-AH-Environment
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
X-Server-Id
X-Amz-Version-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
X-Host
X-Response-Time
X-Node
X-Backend-Server
Content-Location
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Dns-Prefetch-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-Rack-Cache
X-Origin-Upstream-Status
Surrogate-Control
X-Ruxit-JS-Agent
Allow
X-ORACLE-DMS-RID
X-DataDome
X-HW
Rating
X-Country-Code
X-FTR-Request-ID
X-Country
X-Clacks-Overhead
X-TTL
X-Url
X-DynaTrace
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
X-Instart-Request-ID
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-TtlSet
X-PC
X-Vname
X-Ah-Environment
RTSS
X-CST
Verso
X-Powered-By-Plesk
Public-Key-Pins
X-Px
Edge-Control
X-Recruiting
X-VARITI-CCR
X-Mod-Pagespeed
Service-Worker-Allowed
Pinterest-Generated-By
X-D2id
X-Sol
X-Middleton-Response
X-Middleton-Display
Display
Response
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Vcap-Request-Id
X-Version
Accept-Ch-Lifetime
SPRequestGuid
X-B3-TraceId
X-SharePointHealthScore
X-Akam-SW-Version
MS-Author-Via
X-Navigation-Version
TCN
X-Abt-Application-Version
X-GitHub-Request-Id
X-RateLimit-Remaining
X-Powered-CMS
Accept-CH
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Upstream
X-Shard
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
SPRequestDuration
Fastly-Restarts
SPIisLatency
AR-ATIME
AR-CACHE
AR-PoweredBy
Charset
Ar-Sid
X-XRDS-Location
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-Amz-Rid
Nginx-Cache
X-Server-Name
X-Debug
Realpath
X-Aspnetmvc-Version
Front-End-Https
AR-Request-ID
X-Ezoic-Cdn
X-Cached
X-Shield-Request-Id
X-ESI
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-MSEdge-Ref
X-NF-Request-ID
Access-Control-Request-Method
Pagespeed
Arr-Disable-Session-Affinity
X-FTR-Expires
Paypal-Debug-Id
X-FTR-Cache-Status
X-Country-Code-Real
Content-MD5
X-Vcache
ServerID
X-Id
X-Goog-Storage-Class
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
DynaTrace
X-Amz-Meta-S3cmd-Attrs
X-DynaTrace-JS-Agent
MicrosoftSharePointTeamServices
S
X-Fastly-Request-ID
X-T
X-Via-JSL
X-Client-IP
X-Varnish-Age
X-Content-Type
X-Hits
X-Dw-Request-Base-Id
X-Amzn-Trace-Id
X-FastCGI-Cache
X-Correlation-Id
X-Grace
Fastcgi-Cache
X-VCache
X-RateLimit-Limit
X-N
X-Content-Digest
X-SERVER
X-Frontend
X-FTR-Cache-Host
X-Accel-Expires
X-Ser
Powered
Arc-Version
PB-PID
Accept-Ch
PB-RID
X-Mobile-Rewrite
X-DIS-Request-ID
X-Esi
Server-Name
AMP-Access-Control-Allow-Source-Origin
X-Logged-In
X-Forwarded-For
X-B3-Sampled
X-B3-Traceid
X-HS-Content-Id
X-HS-Hub-Id
X-GUploader-UploadID
TP-Cache
TP-L2-Cache
Edge-Cache-Tag
X-Request-Handler-Origin-Region
X-Microsite
X-Zen-Fury
X-Request-Received
X-Request-Processing-Time
X-Cache-Age
X-Type
Backend-Timing
X-Analytics
X-Kinsta-Cache
X-Az
X-Activity-Id
X-IPLB-Instance
FilterID
X-Rid
X-Fastcgi-Cache
X-User-Agent
X-AppVersion
X-LB-Cache
X-Revision
Healthy
X-Node-Name
X-Whom
Retry-After
X-F-Cache
X-Time
X-Srv
X-Cache-Hit
X-Cache-2
Accept-Charset
X-NWS-LOG-UUID
Pinterest-Version
X-Pinterest-Rid
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Amzn-RequestId
X-Amz-Apigw-Id
Alternate-Protocol
Server-Node
X-Cache-Rule
X-AOL-HN
X-Acc-Meta-Resource-Type
Cache-Status
X-Content-Options
X-TA-CDN-Provider
Surrogate-Key
Refresh
X-FW-Server
X-FW-Static
X-FW-Serve
X-Instance
X-FW-Type
X-Akamai-Edgescape
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-Forwarded-Host
X-FW-Hash
X-Debug-Info
X-Content-Powered-By
X-Hp-Webp
DC
Access-Control-Allow-Method
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Jobs
X-Cluster
X-Varnish-Grace
X-Page-Id
X-FB-Debug
X-PHP-Backend
X-Request-Guid
X-Framework
Source
X-B
Fastcgi-Useragent
MS-CV
X-App-Environment
Cache-Tag
Frame-Options
X-Erf-Bev-Bev
X-Hostname
X-Erf-Bev-Bev-Is-Generated
X-App-Server
Tracecode
Host
X-Cache-Key
X-Cache-Operation
Cleartype
X-Signature
X-B-Cache
X-Mobile-URL
Actual-Object-TTL
X-BCube-Filmed-By
X-Geo-Country
X-Cached-By
X-Cache-Control
X-Seen-By
X-Varnish-Backend
X-Amz-Replication-Status
X-Host-Name
X-TT
Liferay-Portal
X-Git-Hash
NGB
X-Response-Served-From
Upgrade-Insecure-Requests
X-Adobe-Content
X-Adobe-Loc
X-Mobile
X-Pad
X-ATG-Version
X-TT-TIMESTAMP
Payment
X-PressLabs-Stats
X-RemovedCookies
X-ProcessESI
X-Ratelimit-Reset
Cache-Tv-Group
X-Status
X-FW-Dynamic
X-WebKit-CSP-Report-Only
Eomportal-Instance
Webserver
WPE-Backend
X-TX-ID
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
From-Origin
X-RTag
X-Cacheable-TTL
X-WA-Info
Ms-Operation-Id
X-Handled-By
Filters
X-Drupal-Cache-Tags
X-Cache-TTL-Remaining
X-UA-Device-Type
Xserver
GEO-INFO
X-Cache-TTL
X-RequestSource
X-GeoIP
X-Cache-Remote
Datacenter
X-Content-Age
X-DataStream-Cache-Status
X-Server-ID
X-Origin-Server
X-Cache-Action
X-Edge-Location
X-Webkit-CSP
X-Storage
Viewport
X-Daa-Tunnel
Accept-CH-Lifetime
X-Varnish-Hostname
X-Accel-Buffering
NR-ENABLED
X-EdgeConnect-Cache-Status
X-Hyper-Cache
Version
X-Contextid
X-Upstream-Proxy
X-Region
X-CF-Powered-By
X-Wix-Request-Id
Host-Header
X-Ua
Cache
X-Akamai-Transformed
PageSpeed
X-Yottaa-Metrics
X-Yottaa-Optimizations
Meta-Geo
X-Cache-Var-Map
X-Path-Route
X-Cache-Var
X-RN-RSRV
Load-Balancing
X-ES-SERVER
X-IP
X-Varnish-Server
S-Cnection
X-From
Cache-Tags
X-Via-Fastly
Vix-Hermes-Req-Id
X-NCache
X-Time-Microsecs
X-Origin
X-Cache-NE
Decoy-Debug-TTL
Decoy-Debug-Status
Ec-Rule-Version
X-Access
X-TNCMS
Decoy-Debug-Key
DB-Nickname
X-Cache-Config
X-Akamai-Request-ID2
X-ApacheServer
X-Akamai-Request-ID
Cache-Name
X-CS
X-Viewer-Country
X-Proxy
X-Loop
X-Tumblr-Pixel-3
X-Labrador-Cache-Channel
X-Origin-Response-Time
X-Upgrade-Enabled
X-PERF
X-Section
X-Proto
Azure-RegionName
X-Backend-TTL
X-Upstream-HT
X-Cache-Time
Azure-InstanceId
X-JoinUs
X-OCL
X-Cache-Grace
X-Hit
Ohc-File-Size
X-CCM
X-FW-Version
Azure-SiteName
X-Upstream-CT
Azure-SlotName
Rt-Fastcgi-Cache
X-Cache-Enabled
X-Rule
X-Xfnlog-Site
X-FC-Vary-Parameters
S-Rt
X-Format
Cache-Key
X-Web-Node
Azure-Version
X-PCL
Cache-Hits
Country
Mn-Server-Ip
Property-Id
X-UnsetCookies
X-Cache-Server
Webcakes-App-Version
X-Backend-Name
X-Proxy-Build
Webcakes-Region
X-Hosted-By
X-R9-Blue-Green-Version
X-Cache-Host
X-Presslabs-Stats
TWC-GeoIP-Country
TWC-Device-Class
X-Timing-Wait
TWC-GeoIP-LatLong
X-Varnish-Hits
X-EIG-Tracking-Id
X-Drupal-Cache-Contexts
TWC-Locale-Group
TWC-Privacy
TWC-Connection-Speed
X-Varnish-Cache-Hits
X-Cluster-Node
Webcakes-App-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
Selected-Fe
X-Generated
X-S
X-Origin-Hint
X-FireWall-Port
Server-Info
Now
SRV
X-Debug-Cache
X-Www-Served-By
X-Human
X-Trace-Id
Release
X-Rendered-As
X-Device-Type
X-HS-Cache-Config
Time
OT-Force-Account-Verify
X-Site-Version
X-Locale
DSUID
X-APP-VERSION
Hostname
Ohc-Cache-HIT
X-NewRelic-App-Data
X-VG-TLSProxy
X-OVcl
X-Vgn-Hpd-Reason
X-VCT
X-OVcl-Cache
Fastcgi-X-Cache-Version
X-VG-WebCache
X-Redis-Cache
ServedBy
X-Real-IP
Cteonnt-Length
X-FB-TRIP-ID
Origin
X-Litespeed-Cache
Accept-Language
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShardId
X-B3-Spanid
X-Sorting-Hat-ShopId
X-ShopId
X-Tb
Origin-Edge-Control
X-Pubstack
Machine
Origin-Cache-Control
X-Alternate-Cache-Key
X-Oracle-Dms-Rid
Access-Control-Request-Headers
X-GEO
X-Nginx-Cache
X-NC
X-CSRF-TOKEN
L5d-Success-Class
X-Element-Page-Cache
X-Environment-Context
X-L-Path
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Fastly-SSL
X-Tt-Trace-Tag
X-NGENIX-Cache
X-SS-Set-Cookie
NtCoent-Length
X-No-Session
X-Cluster-Name
X-Mode
X-UUID
X-HS-Combine-CSS
X-Load-Cache
IBM-Web2-Location
Odigeo-Trace-Id
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
X-Magnolia-Registration
X-App-Version
X-GoCache-CacheStatus
X-Rocket-Nginx-Bypass
X-Generated-By
X-VWS-Id
X-B3-Parentspanid
X-LJ-Flow-ID
X-Request-Time
X-ServerID
X-ECACHE
X-AWS-Id
Nel
Mime-Version
Mail-Subject
We-Hiring
Akamai-GRN
X-Origin-TTL
X-Origin-CC
X-Parent-Response-Time
NGX
X-XRDS-LOCATION
X-Soup
X-CACHE-KEY
Content-Script-Type
Content-Style-Type
Cdn-Request-Time
X-G
Cache-Prefix
Cross-Origin-Window-Policy
Cdn-Host
Fly-Cache
X-Edge-Server
X-DPWN-IS-SECURE
X-External-Request-Id
GEO-REGION-INFO
Fly-Request-Id
BehaviorPad-Version
AsisCache
X-Node-Id
X-Instart-Info
X-Twitter-Response-Tags
X-Is-Bot
Request-Time
X-Trv-Group
X-Vtex-Processado-Em
X-Uri
Apple-News-Services-Parsed-Url
Arc-Country
Apple-News-Services-Host
Apple-News-Services-Handled
A
MD5-Digest
Memcached
X-A-Dcw
X-A-Dgt
X-A-Dam
X-A-Ccd
X-CF-Lambda-Fn
X-A
X-A-Wwc
X-Accel-Expires-Debug
X-ARC
X-B-Cookie
X-Application
X-AIR-PT
X-Aed
X-CF-Lambda-Version
VivaBuild
X-Detected-As
X-Destination
Node
Mobile-Detection-Method
X-Developer
Meta-Geo-Continent
Rendered-Blocks
X-Date
T-Server
Viewtype
X-Connection-Hash
Rt-Proxy-Cache
X-D
X-Transaction
Apple-News-Services-Request-Url
X-Org
X-Request-UUID
X-PAYTM-SRV-ID
X-S-Maxage
X-Server-Time
X-S-Cookie
X-Worker
X-Rojux
X-Vtex-Remote-Cache
X-Rewrite-Enabled
X-SRCache-Key
Xc-Version
X-ScT
X-Region-Sid
CF-IPCountry
X-VG-WebServer
ServerName
X-Oneagent-Js-Injection
Backend-Name
X-DC
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
Uber-Trace-Id
X-VC-Cache
X-Azure-Ref
X-SVT-ORM-RULES
X-Fastly-Cache
X-Azure-Ref-OriginShield
X-Origin-Date
Request-EU
Request-Country
X-Distributor
X-Cache-Bucket
IsBot
X-Cdn-Srv
X-SVT-ORM-VERSION
X-Developers
X-Origin-Expires
Section-Io-Cache
X-SIPLIST1
X-MServer
X-Up
Fastly-Soc-X-Request-Id
Proxy-Connection
Server-ID
X-Cms-Context
N-Cache
X-Hl-Ver
User-Cache-Control
X-Via-CDN
X-Request-URI
X-Release
Magicmarker
L
X-Request-Start
X-Core-Mission
RNT-Machine
X-Sn-Servicetimems
Platform
RNT-Time
X-Clara-WADP
X-Cache-Id
X-Cache-FS-Status
X-Amz-Meta-Cache-Control
X-ABtesting
X-BYPASS-REASON
X-App-Name
X-C
X-ProxyCache-Status
X-Backend-Host
X-Auto-Login
X-ServiceProvider
X-Block-Status
X-Cache-Info
X-Cdn-Origin
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
X-Skip-Cache
X-Compress-Hint
True-Client-Country-4JS
X-Clientip
X-Wikidot-Static-Cache
X-Wikidot-Backend
W
V-Age
Is-Eu
Server-Int
X-ElasticPress-Search
X-Variation
X-WADP-Cache
X-We-Are-Hiring
X-Hello
X-IN-APIGATEWAY
X-Hnp-Log
X-Geo-Header
X-Generation-Time
X-Gen-Mode
X-GDPR
X-ProxyCache-Key
AKAMAI
X-WebServer
X-Distil-CS
X-IN-APIGATEWAYSSL
X-Old-Content-Length
X-LI-UUID
X-LI-Proto
X-Location
X-TrackingId
X-Thinkindot-L3
X-Matched-Rule
X-MSEdge-Features
X-Li-Pop
X-Backend-Url
X-VServer
X-Nginx-Cache-Key
X-MSEdge-Flight
X-Li-Fabric
CDCHOST
Adler-Geo
Countrycode
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Esi-Enabled
Fastly-SWR
Fastly-SIE
X-PHP-Host
Content-Disposition
X-Fetched-On
X-Reboot
Gh-Request-Id
X-Method
X-Flog
X-Platform-Server
X-Epic-Correlation-Id
X-Microcachable
X-Response-By
X-SD-PageType
X-Device-Os
X-NX-Host
X-RateLimit-Remaining-Second
X-Bip
X-Eu-Site
X-Reqid
X-Debug-Log
X-Servername
X-Level-Front-Cache
X-Policy
X-Internal-Host
X-Generated-On
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Proxy-Cache-Status
X-Thanos
X-CUA
X-Generated-In
X-Owner
X-CGP
X-User
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Debug-Cookies
X-Debug-Cache-Store
X-GeoIP-City
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Irp-Debug
X-BBXSRF
SD-X-WS
PFcat
X-Guploader-Uploadid
X-B3-SpanId
Web-Mar-Node
X-Routing-Service
HA-Ipaddr
X-Backend-State
X-Proxied
X-Zipkin-Id
Ha-Gx-Prefs
X-IPS-LoggedIn
Resin-Trace
Pagetype
Memory
X-Server-IP
X-Dispatch
X-Key
X-Hash
X-Qloud-Router
Heartbleed
X-Dispatcher-Server
Kp-EeAlive
Pramga
SS
X-Swa-Ws
Wxu-Next-Commit
Wxu-Next-Hostname
X-Webstats-RespID
Served-By
X-Unique-ID
Wxu-Next-Region
Server-Host
X-Cdn-Forward
Country-Code
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-FPC
X-COUNTRY
X-Wa
Cache-Cookie-Set-From
X-Has-Esi
X-MP-GENERATED-AT
X-JWT-State
X-Var-Ttl
X-Is-Gdpr
X-Page-Type
X-URL
Powered-By-ChinaCache
X-Servedbyhost
X-Service
X-Ttl
X-Dc
REQUESTUUID
Cache-Provider
UCS
Srv
CACHE
X-Nc
X-Geo
ProcessTime
X-RateLimit-Reset
X-Info
Ajk
X-Ratelimit-Limit
X-Logtrace-Id
X-VCL-Version
X-Lb-Id
X-NWS-UUID-VERIFY
X-Datadome
X-HTML-Minification-Powered-By
Proxy-Firewall
X-Svr
X-Processor
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Backend
X-Cache-URL
X-Be
X-UA
X-Oss-Server-Time
SN
X-CDN-Forward
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Instart-Isnd
X-SRV
PICS-Label
X-HS-Status
Powered-By
X-Pjax-Url
X-Scheme
X-Cache-Category-Id
X-Varnish-Beresp-Ttl
X-Grey
X-Ruxit-Js-Agent
X-Zone
X-SN
Dynatrace
X-ZONE
X-Webkit-Csp
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Ftr-Request-Id
X-Cache-Ttl
Fastly-Backend-Name
X-TH-Server
X-NodeID
X-Varnish-Beresp-Status
X-Dynatrace
XServer
X-Varnish-Beresp-Grace
GeoIP-Latitude
GeoIP-Country-Code
X-Pf-Uncompressing
GeoIP-City
X-GRACE
X-Source
Group
X-RCS-CacheZone
X-SERVER-NAME
Ttl
X-Server-W
X-LiteSpeed-Cache-Control
X-EC-Lua
X-APP
X-FORWARDED-FOR
GW-Server
Cache-Host
CF-Cached-On
X-Newrelic-Synthetics
X-LAGOON
X-Varnish-Beresp-TTL
Cdn
X-Varnish-Url
X-PF-Uncompressing
X-Sucuri-Id
X-Bc
X-Gannett-Site-Version
X-Dynatrace-Js-Agent
LB
X-Secret
X-Trafficlayer-App-Scope
X-Check-Cacheable
X-NODE
X-Trafficlayer-App-Name
X-Ms-Version
X-Ftr-Cache-Host
X-Via-Ucdn
WZWS-RAY
X-Ms-Request-Id
MIME-Version
X-Aicache-OS
X-Varnish-Cacheable
X-Session-Fingerprint
Geoip-City
X-Tt-Trace-Host
GeoIp-Country-Code
X-CDN-Cache
Geoip-Latitude
X-Ratelimit-Remaining
On-Server
Lfy
X-Edge
X-Cache-Debug
User-Agent
Environment
X-Fastly-Country-Code
X-GeoIP-Country-Code
X-BC
Pics-Label
X-Agile
X-Akamai-SSL-Client-Sid
WWW
Inserted-Into-Cache-At
X-Agile-Age
X-PJAX-URL
X-Agile-Id
X-Ftr-Realm
X-Ftr-Backend
X-Ftr-Dc
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Fastly-Backend-Reqs
X-NU-AKA-ACS-Version
X-UPSTREAM-Address
X-7Graus-Varnish-Cache-Control
Ohc-Response-Time
Requestid
M-TraceId
X-BE
X-7Graus-Varnish-XKeys
X-Mid
Cf-Ipcountry
X-Sedo-Request-Id
Who
X-Cache-Miss-From
X-Logging-Id
X-Vcl-Version
X-CSRF-Token
SID
X-Render-Time
X-Varnish-Ttl
X-Crawler
X-MCACHE
Amp-Access-Control-Allow-Source-Origin
X-Litespeed-Cache-Control
URI
X-LB-ID
Lb
X-Action
X-Proxy-Cacherz
X-DB
X-Micro-Cache
X-Cache-Tag
X-FE
X-Core-Value
X-DI
X-Newrelic-App-Data
X-RSL
X-RPS
X-DSS
Xkeyrz
X-DW
X-RPM
HostName
X-Served-From
X-Via-SSL
X-WR-MODIFICATION
CDN
X-AK-Request-ID
Cdnsip
Host-ID
X-Via-Edge
X-Unique-Id
Cdncip
RequestUuid
X-Cf-Powered-By
X-Correlation-ID
DataCenter
X-Nananana
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-Flow-Id
X-Fpc
X-Sucuri-ID
X-Fastly-Cache-Hits
Is-Session-Tracking
Xkeypdq
X-TT-LOGID
Get-Access-Time
X-ServedByHost
X-WA
X-Swift-Error
X-NGINX-Cache
X-Amzn-Remapped-Connection
X-MID
X-SB
X-Vdms-Version
X-Sigma
X-Rocket-Build-Number
X-Sucuri-Cache
X-VC
X-TIME
FNAC-ModuleRouting
X-Cdn-Request-ID
Cneonction
Correlation-Id
X-Sigma-Backend
X-Amzn-Remapped-Date
Warning
X-Gen-Id
X-Fstrz
X-Vct
X-LiteSpeed-Tag
RequestId
Xet-Cookie
X-Bug-Bounty
X-Apw-Hits
X-Request-URL
Processtime
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Fe
X-ECache
HitType
X-Dw-Trace-Id
X-Gdpr
X-MiniProfiler-Ids
X-Protected-By
X-ServerName
X-Ecache
V-Cache