Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
Content-Encoding
X-Content-Security-Policy
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
X-Request-ID
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-CDN
X-Page-Speed
X-Ua-Compatible
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-UA-Device
X-Hacker
X-AH-Environment
X-Server
Request-Context
X-Nginx-Cache-Status
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
X-LiteSpeed-Cache
Cf-Railgun
Server-Timing
X-Amz-Version-Id
Feature-Policy
X-WebKit-CSP
X-Device
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
Report-To
X-Cloud-Trace-Context
EagleEye-TraceId
X-Response-Time
X-Backend-Server
Request-Id
X-Host
X-Node
Content-Location
X-Readtime
X-Origin-Cache
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-DataDome
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-Origin-Upstream-Status
X-Rack-Cache
Surrogate-Control
X-HW
Allow
Rating
X-Country-Code
X-Clacks-Overhead
X-FTR-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
X-Url
X-DynaTrace
X-Instart-Request-ID
X-MS-InvokeApp
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-TTL
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
X-Varnish-TTL
X-Ah-Environment
X-Powered-By-Plesk
Verso
Pinterest-Generated-By
RTSS
Public-Key-Pins
X-Px
Edge-Control
X-Mod-Pagespeed
X-VARITI-CCR
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Display
X-CST
X-Recruiting
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Use-Magma
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-D2id
X-SharePointHealthScore
SPRequestGuid
Service-Worker-Allowed
X-B3-TraceId
X-Akam-SW-Version
X-Vcap-Request-Id
X-Version
X-ESI
Accept-CH
SPIisLatency
SPRequestDuration
X-GitHub-Request-Id
MS-Author-Via
TCN
X-Abt-Application-Version
X-Navigation-Version
X-Powered-CMS
X-Server-Name
X-Shard
Accept-Ch-Lifetime
X-Trace
Charset
X-Upstream
Fastly-Restarts
X-RateLimit-Remaining
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Amz-Rid
Realpath
X-Debug
AR-PoweredBy
AR-CACHE
AR-ATIME
Ar-Sid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Aspnetmvc-Version
X-Ezoic-Cdn
Front-End-Https
X-Cached
X-XRDS-Location
X-NF-Request-ID
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Pagespeed
X-MSEdge-Ref
AR-Request-ID
X-Shield-Request-Id
X-VCache
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
Content-MD5
MicrosoftSharePointTeamServices
Paypal-Debug-Id
X-Id
X-Amz-Meta-S3cmd-Attrs
X-T
X-Goog-Storage-Class
S
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-Fastly-Request-ID
ServerID
X-Via-JSL
X-Varnish-Age
X-Ser
X-Client-IP
DynaTrace
X-Server-ID
X-Content-Type
X-DynaTrace-JS-Agent
X-Dw-Request-Base-Id
X-Hits
X-Correlation-Id
X-Grace
X-Accel-Expires
X-Amzn-Trace-Id
X-FastCGI-Cache
Fastcgi-Cache
Powered
X-Content-Digest
X-SERVER
X-Frontend
X-Forwarded-For
X-DIS-Request-ID
X-N
AMP-Access-Control-Allow-Source-Origin
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
Edge-Cache-Tag
X-FTR-Cache-Host
X-HS-Content-Id
X-HS-Hub-Id
X-Logged-In
Server-Name
X-Vcache
X-RateLimit-Limit
Accept-Ch
TP-Cache
TP-L2-Cache
X-GUploader-UploadID
Pinterest-Version
X-Pinterest-Rid
X-Microsite
X-Request-Processing-Time
X-Request-Received
X-Request-Handler-Origin-Region
X-Zen-Fury
X-B3-Sampled
X-Kinsta-Cache
X-Cache-Age
X-Az
X-Type
X-Rid
X-Revision
X-AppVersion
X-IPLB-Instance
X-Activity-Id
X-User-Agent
X-Time
Healthy
X-LB-Cache
X-Analytics
Backend-Timing
X-Fastcgi-Cache
X-Whom
X-Cache-Hit
Retry-After
X-Node-Name
X-Srv
FilterID
X-B3-Traceid
Server-Node
X-NWS-LOG-UUID
X-F-Cache
Alternate-Protocol
Accept-Charset
X-Hp-Webp
X-Cache-2
Cache-Tag
X-Kong-Proxy-Latency
X-Cache-Rule
X-Kong-Upstream-Latency
X-Akamai-Edgescape
Cache-Status
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Content-Options
Surrogate-Key
X-Content-Security-Policy-Report-Only
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Refresh
DC
X-Tumblr-Pixel-0
X-Tumblr-User
X-Content-Powered-By
X-Instance
X-AOL-HN
X-Forwarded-Host
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel
Tracecode
VIX-Pulpo-Node
X-Varnish-Grace
Source
X-Debug-Info
X-App-Environment
MS-CV
X-Jobs
X-Webkit-CSP
X-Framework
Access-Control-Allow-Method
X-Cluster
X-PHP-Backend
X-Page-Id
X-Request-Guid
Fastcgi-Useragent
X-FB-Debug
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Type
X-B
X-App-Server
X-Cache-Operation
Frame-Options
Host
Actual-Object-TTL
X-Cache-Key
X-Mobile-URL
X-TA-CDN-Provider
X-Esi
X-Cache-TTL
X-Seen-By
X-Hostname
Accept-CH-Lifetime
X-Geo-Country
X-Cache-Control
Cleartype
NR-ENABLED
X-B-Cache
X-Signature
X-Host-Name
X-Cached-By
X-BCube-Filmed-By
X-Acc-Meta-Resource-Type
X-Pad
Upgrade-Insecure-Requests
X-Mobile
X-Varnish-Backend
X-Git-Hash
X-TT
NGB
X-Response-Served-From
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
X-Adobe-Content
GEO-INFO
X-Adobe-Loc
X-ATG-Version
WPE-Backend
Filters
X-ProcessESI
X-RemovedCookies
Cache-Tv-Group
X-GeoIP
X-Drupal-Cache-Tags
X-RequestSource
X-RTag
X-UA-Device-Type
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-TT-TIMESTAMP
Webserver
X-Handled-By
Ms-Operation-Id
Payment
Eomportal-Instance
From-Origin
X-Cache-Remote
X-TX-ID
Liferay-Portal
X-Cacheable-TTL
X-Origin-Server
X-Status
X-Cache-TTL-Remaining
X-Presslabs-Stats
X-Daa-Tunnel
X-EdgeConnect-Cache-Status
X-FW-Dynamic
X-WA-Info
X-Cache-Action
X-Wix-Request-Id
Xserver
X-Content-Age
X-Edge-Location
X-Hyper-Cache
X-HS-Cache-Config
X-Contextid
X-Element-Page-Cache
Viewport
Datacenter
X-Region
Version
X-Storage
X-CF-Powered-By
X-Ratelimit-Reset
X-Varnish-Hostname
Cache
X-Accel-Buffering
X-Akamai-Transformed
Ohc-File-Size
X-Cache-NE
PageSpeed
X-PressLabs-Stats
Host-Header
X-Cache-Server
X-Cache-Var
X-Cache-Var-Map
Meta-Geo
Load-Balancing
X-ES-SERVER
X-RN-RSRV
X-Path-Route
X-Varnish-Server
X-IP
X-Proxy
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Proto
S-Cnection
Cache-Tags
X-Cache-Enabled
Cache-Name
X-Varnish-Cache-Hits
X-Tumblr-Pixel-3
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Device-Class
X-Device-Type
X-CS
Mn-Server-Ip
Ec-Rule-Version
Country
Cache-Hits
Property-Id
X-TNCMS
X-Via-Fastly
X-Viewer-Country
Rt-Fastcgi-Cache
Release
X-Cluster-Node
TWC-GeoIP-Country
X-Origin-Response-Time
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
X-Akamai-Request-ID
X-NewRelic-App-Data
X-Access
X-Loop
X-R9-Blue-Green-Version
Vix-Hermes-Req-Id
X-Origin-Hint
Webcakes-App-Name
X-Cache-Config
X-NCache
TWC-Locale-Group
X-Akamai-Request-ID2
X-Section
X-PERF
Decoy-Debug-TTL
DSUID
X-Debug-Cache
X-ApacheServer
X-Backend-TTL
Azure-Version
Azure-SlotName
Azure-SiteName
DB-Nickname
Decoy-Debug-Status
X-Www-Served-By
Decoy-Debug-Key
X-PCL
X-Cache-Host
S-Rt
X-Xfnlog-Site
X-UnsetCookies
X-Proxy-Build
X-Upgrade-Enabled
X-FC-Vary-Parameters
X-Rule
X-Time-Microsecs
X-Trace-Id
X-Format
X-Backend-Name
X-Upstream-CT
X-Upstream-HT
X-Drupal-Cache-Contexts
X-Timing-Wait
X-Cache-Grace
X-OCL
X-EIG-Tracking-Id
X-Web-Node
X-Human
X-VCT
X-Cache-Time
X-Labrador-Cache-Channel
X-Origin
Selected-Fe
Azure-InstanceId
Azure-RegionName
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-From
X-Hit
X-Hosted-By
X-Site-Version
X-Locale
X-JoinUs
Ohc-Cache-HIT
X-CCM
Cache-Key
Server-Info
X-FireWall-Port
X-XRDS-LOCATION
X-Vgn-Hpd-Reason
X-HS-Combine-CSS
Time
X-Ttl
X-Varnish-Hits
X-S
X-Rendered-As
X-FW-Version
X-Upstream-Proxy
X-OVcl-Cache
X-OVcl
X-Ua
X-Real-IP
X-Tec-Api-Root
X-Tec-Api-Origin
Now
X-Tec-Api-Version
X-SS-Set-Cookie
X-NGENIX-Cache
X-APP-VERSION
X-Pubstack
L5d-Success-Class
Origin-Edge-Control
Origin-Cache-Control
OT-Force-Account-Verify
Fastcgi-X-Cache-Version
Hostname
X-Redis-Cache
ServedBy
X-Litespeed-Cache
Access-Control-Request-Headers
X-VG-TLSProxy
Cteonnt-Length
X-FB-TRIP-ID
Origin
Fastly-SSL
X-VG-WebCache
X-ShopId
X-ShardId
X-Shopify-Stage
X-Parent-Response-Time
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
Accept-Language
X-Cluster-Name
X-UUID
X-Origin-TTL
X-Origin-CC
NtCoent-Length
X-Load-Cache
X-B3-Spanid
Machine
X-Tb
X-CSRF-TOKEN
X-ServerID
X-NC
X-GoCache-CacheStatus
X-Rocket-Nginx-Bypass
X-Soup
X-Tt-Trace-Tag
X-Environment-Context
X-L-Path
IBM-Web2-Location
X-ECACHE
X-No-Session
X-Trafficlayer-App-Name
X-App-Version
NGX
X-Trafficlayer-App-Scope
SRV
Mime-Version
X-Is-Bot
Nel
X-B3-Parentspanid
X-Uri
X-MServer
CF-IPCountry
Odigeo-Trace-Id
X-DataStream-Cache-Status
X-CACHE-KEY
X-Magnolia-Registration
X-Endurance-Cache-Level
X-Nginx-Cache
X-Amzn-Remapped-Content-Length
X-GEO
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Node-Id
A
Apple-News-Services-Request-Url
GEO-REGION-INFO
Fly-Request-Id
Fly-Cache
Cross-Origin-Window-Policy
Content-Script-Type
Cache-Prefix
Content-Style-Type
AsisCache
BehaviorPad-Version
Arc-Country
X-A-Dgt
X-PAYTM-SRV-ID
X-Instart-Info
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-Hl-Ver
X-G
X-Detected-As
X-Developer
X-DPWN-IS-SECURE
X-External-Request-Id
X-Rojux
X-S-Cookie
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-Twitter-Response-Tags
X-Trv-Group
X-ScT
X-Server-Time
X-SRCache-Key
X-Transaction
X-Destination
X-Date
T-Server
ServerName
Viewtype
VivaBuild
X-A
Rt-Proxy-Cache
Rendered-Blocks
Memcached
Meta-Geo-Continent
Mobile-Detection-Method
Node
X-A-Ccd
X-A-Dam
X-CF-Lambda-Fn
X-B-Cookie
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-ARC
X-AIR-PT
X-A-Dcw
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
MD5-Digest
X-Application
We-Hiring
Mail-Subject
Request-Time
Akamai-GRN
Proxy-Connection
Backend-Name
X-Oneagent-Js-Injection
X-Generated-By
X-UA
Request-Country
X-ProxyCache-Key
X-BYPASS-REASON
X-ProxyCache-Status
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Azure-Ref
X-SIPLIST1
X-Cdn-Srv
Fastly-Soc-X-Request-Id
X-S-Maxage
Section-Io-Cache
X-Azure-Ref-OriginShield
X-CUA
X-Developers
X-Up
X-Release
Request-EU
Uber-Trace-Id
X-Cms-Context
X-Origin-Date
X-Fastly-Cache
N-Cache
X-Cache-Bucket
X-Origin-Expires
X-VC-Cache
IsBot
X-Var-Ttl
X-AWS-Id
User-Cache-Control
X-VWS-Id
X-LJ-Flow-ID
RNT-Machine
X-C
X-Backend-Url
RNT-Time
Pramga
X-Core-Mission
X-Device-Os
X-BBXSRF
X-Bip
X-Block-Status
X-Method
X-Backend-Host
Pagetype
X-Matched-Rule
X-Location
X-NX-Host
X-Nginx-Cache-Key
Thinkindot-CacheControl
Wxu-Next-Commit
Wxu-Next-Hostname
X-Auto-Login
X-Generated-On
W
Wxu-Next-Region
X-Gen-Mode
X-ElasticPress-Search
X-App-Name
X-Distil-CS
X-Eu-Site
Srv
X-Generation-Time
X-Geo-Header
X-Dispatch
X-Irp-Debug
Server-Int
X-Level-Front-Cache
Server-Host
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Hash
X-Hnp-Log
Thinkindot-Control
Thinkindot-CacheControl-Type
Served-By
X-Debug-Cookies
X-Thanos
X-Swa-Ws
X-Thinkindot-L3
X-TrackingId
X-Urbn-Context-Path
AKAMAI
X-Sn-Servicetimems
X-Server-IP
X-Debug-Cache-Expiry
X-Service
X-CGP
X-Skip-Cache
X-Urbn-Site-Id
X-User
X-Has-Esi
X-Wikidot-Static-Cache
X-Is-Gdpr
X-JWT-State
X-Compress-Hint
X-Wikidot-Backend
X-Webstats-RespID
X-Clientip
X-Clara-WADP
X-VServer
X-WADP-Cache
X-We-Are-Hiring
Magicmarker
CDCHOST
Ha-Gx-Prefs
HA-Ipaddr
X-Qloud-Router
Gh-Request-Id
X-Distributor
Heartbleed
X-Proxy-Upstream
X-Debug-Log
Locale
L
Kp-EeAlive
X-Proxy-Cache-Status
X-Debug-Cache-Fetch
X-Cache-Info
Countrycode
X-Debug-Cache-Store
X-Cdn-Origin
Content-Disposition
X-Mode
X-Rebelmouse-Cache-Control
Esi-Enabled
X-Reboot
X-Rebelmouse-Surrogate-Control
Fastly-SWR
Fastly-SIE
X-Reqid
X-Info
X-Dc
X-Microcachable
X-Dispatcher-Server
X-PHP-Host
X-Request-URI
X-Say-Cacheable
X-Request-Start
X-RateLimit-Remaining-Second
X-Policy
X-RateLimit-Limit-Second
X-Say-TTL
X-SayCDN-TTL
X-Via-CDN
X-WebServer
X-Variation
X-ServiceProvider
X-Servername
X-Platform-Server
X-B3-SpanId
X-Internal-Host
X-Key
X-GeoIP-City
X-Generated-In
X-Epic-Correlation-Id
X-Fetched-On
X-Li-Fabric
X-Li-Pop
X-Old-Content-Length
X-Owner
X-MSEdge-Flight
X-MSEdge-Features
X-LI-Proto
X-Edge-Server
X-LI-UUID
X-Guploader-Uploadid
X-Amz-Meta-Cache-Control
Platform
X-Backend-State
Cache-Provider
Cdn-Host
Web-Mar-Node
True-Client-Country-4JS
X-Oracle-Dms-Rid
Cdn-Request-Time
PFcat
Memory
Adler-Geo
Is-Eu
X-Cache-Id
X-Cache-FS-Status
X-SD-PageType
X-Lb-Id
V-Age
X-GDPR
Server-ID
X-NWS-UUID-VERIFY
X-Request-Time
SD-X-WS
Resin-Trace
X-Geo
X-Cdn-Forward
X-Org
X-FPC
X-COUNTRY
X-URL
X-Nc
X-Svr
X-Ratelimit-Limit
SS
X-Flog
X-Hello
X-DC
X-Cache-URL
X-Wa
X-ABtesting
X-Be
X-Servedbyhost
X-Instart-Isnd
REQUESTUUID
X-Dynatrace
X-RateLimit-Reset
X-IPS-LoggedIn
X-Scheme
Dynatrace
Country-Code
X-Response-By
X-Unique-ID
X-CDN-Forward
Cache-Cookie-Set-Idcheck
X-Proxied
X-Zipkin-Id
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Processor
X-Cache-Backend
X-Routing-Service
X-Datadome
X-Dynatrace-Js-Agent
X-VCL-Version
X-Page-Type
X-NodeID
Group
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Pjax-Url
UCS
XServer
Cache-Host
PICS-Label
X-SN
X-Server-W
X-MP-GENERATED-AT
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Varnish-Beresp-Ttl
X-Ruxit-Js-Agent
Ajk
X-Tb-Optimization-Total-Bytes-Saved
CACHE
X-Logtrace-Id
ProcessTime
Powered-By-ChinaCache
X-Webkit-Csp
X-HS-Status
X-Ms-Request-Id
X-SRV
Proxy-Firewall
X-Varnish-Beresp-Status
X-Ms-Version
X-Varnish-Beresp-Grace
X-Ftr-Request-Id
X-Via-Ucdn
X-HTML-Minification-Powered-By
X-EC-Lua
X-Zone
X-ZONE
X-Newrelic-Synthetics
Powered-By
X-Pf-Uncompressing
SN
Ttl
X-Source
X-GRACE
Geoip-City
X-Cache-Category-Id
Geoip-Latitude
X-Session-Fingerprint
Lfy
GeoIp-Country-Code
X-Grey
X-Varnish-Beresp-TTL
X-Ratelimit-Remaining
GeoIP-Latitude
X-Agile
X-Cache-Debug
GeoIP-Country-Code
GeoIP-City
X-Agile-Age
X-APP
X-Agile-Id
X-TH-Server
X-Sucuri-Id
X-PF-Uncompressing
Fastly-Backend-Name
X-Fastly-Country-Code
X-LiteSpeed-Cache-Control
X-NODE
X-Check-Cacheable
X-Logging-Id
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Ftr-Cache-Host
X-Bc
MIME-Version
X-Tt-Trace-Host
X-Aicache-OS
X-Cache-Miss-From
X-Sedo-Request-Id
Cdn
GW-Server
Environment
X-FORWARDED-FOR
Pics-Label
X-Edge
X-Unique-Id
LB
X-CSRF-Token
CF-Cached-On
X-LAGOON
X-Core-Value
M-TraceId
X-RCS-CacheZone
X-Gannett-Site-Version
X-Varnish-Url
WWW
X-Secret
X-Sucuri-ID
X-BC
X-Ftr-Backend
X-Ftr-Realm
X-Ftr-Dc
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Vcl-Version
X-PJAX-URL
X-Cache-Ttl
WZWS-RAY
Ohc-Response-Time
X-UPSTREAM-Address
Requestid
X-Fastly-Backend-Reqs
X-Mid
Cf-Ipcountry
X-Vdms-Version
Cdnsip
Cdncip
X-AK-Request-ID
X-CDN-Cache
X-TT-LOGID
X-Sucuri-Cache
X-MCACHE
X-Cache-Tag
DataCenter
X-Varnish-Cacheable
On-Server
X-Varnish-Ttl
X-Swift-Error
Amp-Access-Control-Allow-Source-Origin
X-NGINX-Cache
User-Agent
X-GeoIP-Country-Code
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache-Control
X-BE
X-Fstrz
X-Sigma-Backend
X-Rocket-Build-Number
HostName
X-Sigma
Lb
X-SERVER-NAME
X-Proxy-Cacherz
X-Action
CDN
URI
Xkeyrz
X-DB
X-DI
X-Shopify-Generated-Cart-Token
X-RPS
Inserted-Into-Cache-At
X-RSL
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-RPM
Pragrma
X-DW
X-DSS
X-NU-AKA-ACS-Version
X-ServedByHost
X-Via-NSCOPI
RequestUuid
Who
X-Crawler
SID
Host-ID
X-Correlation-ID
X-Page-Impression-Id
X-WR-MODIFICATION
X-Flow-Id
X-Render-Time
X-WA
Xkeypdq
Server-Id
X-Fpc
Get-Access-Time
X-Fastly-Cache-Hits
X-Webapp-Samesite-None-Activated-N
Is-Session-Tracking
X-Zalando-Child-Request-Id
Warning
TTL
X-Amzn-Remapped-Date
X-Refresh
X-ND-Cache
X-Amzn-Remapped-Connection
Correlation-Id
FNAC-ModuleRouting
X-FE
X-Nananana
X-LB-ID
X-VC
X-MID
X-SB
X-SaId
X-Cf-Powered-By
X-Request-URL
X-Micro-Cache
Processtime
X-ECache
X-Akamai-ERPolicy
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Akamai-ERRuleID
HitType
X-Trafficlayer-App-Version
X-Bug-Bounty
X-Dw-Trace-Id
Cneonction
RequestId
X-Gdpr
V-Cache
X-MiniProfiler-Ids
X-Newrelic-App-Data
Xet-Cookie
X-LiteSpeed-Tag
X-Gen-Id
X-ServerName
X-Fe
X-Cdn-Request-ID