Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Cacheable
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Xss-Protection
X-Request-ID
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
X-AspNetMvc-Version
Content-Encoding
X-Content-Security-Policy
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
X-Turbo-Charged-By
Access-Control-Expose-Headers
Keep-Alive
Access-Control-Max-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pass-Why
P3p
X-Age
X-CDN
EagleId
X-Backend
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Pingback
X-Ua-Compatible
X-Server-Powered-By
X-Proxy-Cache
X-AH-Environment
X-Hacker
X-Server
X-UA-Device
Request-Context
X-Nginx-Cache-Status
Grace
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Server-Id
Cf-Railgun
X-Amz-Version-Id
X-WebKit-CSP
X-Cdn
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Ac
Report-To
X-Cloud-Trace-Context
X-Host
X-Response-Time
X-Node
Content-Location
X-Backend-Server
EagleEye-TraceId
Request-Id
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
NEL
X-Dispatcher
Surrogate-Control
Allow
X-Rack-Cache
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Country
X-HW
X-Url
Rating
X-Country-Code
X-FTR-Request-ID
X-TTL
X-DataDome
X-ORACLE-DMS-RID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-EdgeConnect-MidMile-RTT
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Instart-Request-ID
Fusion-Content-Id
X-Goog-Hash
X-Varnish-TTL
X-MS-InvokeApp
X-PC
X-TtlSet
X-Vname
X-CST
X-Px
Verso
RTSS
Edge-Control
Public-Key-Pins
X-Powered-By-Plesk
X-VARITI-CCR
X-Recruiting
X-Mod-Pagespeed
Service-Worker-Allowed
X-Cdn-Fetch
X-Exp-Id
X-D2id
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
Pinterest-Generated-By
Response
X-Middleton-Display
X-Middleton-Response
Display
X-Sol
X-Ah-Environment
X-Vcap-Request-Id
X-Version
SPRequestGuid
Accept-Ch-Lifetime
X-SharePointHealthScore
MS-Author-Via
X-Akam-SW-Version
X-RateLimit-Remaining
TCN
X-GitHub-Request-Id
X-Abt-Application-Version
X-Navigation-Version
Accept-CH
X-TEC-API-ROOT
X-Powered-CMS
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-B3-TraceId
X-Upstream
X-Forwarded-Proto
X-Shard
X-Amz-Server-Side-Encryption
SPRequestDuration
SPIisLatency
X-XRDS-Location
Charset
AR-CACHE
Ar-Sid
AR-ATIME
AR-PoweredBy
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Fastly-Restarts
X-Amz-Rid
Nginx-Cache
Realpath
X-Trace
X-ESI
X-Debug
X-Aspnetmvc-Version
Front-End-Https
X-Shield-Request-Id
AR-Request-ID
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Cached
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Server-Name
X-Ezoic-Cdn
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-MSEdge-Ref
Access-Control-Request-Method
Paypal-Debug-Id
X-NF-Request-ID
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
Arr-Disable-Session-Affinity
DynaTrace
Pagespeed
ServerID
X-Vcache
Content-MD5
X-Id
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-Goog-Storage-Class
S
MicrosoftSharePointTeamServices
X-DynaTrace-JS-Agent
X-T
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-Client-IP
X-Via-JSL
X-Content-Type
X-Varnish-Age
X-Dw-Request-Base-Id
X-Hits
X-Amzn-Trace-Id
X-RateLimit-Limit
X-N
X-B3-Traceid
X-Grace
X-Correlation-Id
X-Forwarded-For
X-Frontend
X-VCache
Fastcgi-Cache
X-FTR-Cache-Host
X-Content-Digest
X-SERVER
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
Powered
Accept-Ch
Server-Name
X-Logged-In
X-Accel-Expires
X-DIS-Request-ID
X-Ser
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
X-B3-Sampled
X-Esi
X-Fastcgi-Cache
X-GUploader-UploadID
X-HS-Content-Id
X-HS-Hub-Id
TP-Cache
X-Microsite
TP-L2-Cache
X-Zen-Fury
X-Request-Handler-Origin-Region
X-Cache-Age
X-Request-Received
X-Request-Processing-Time
X-Kinsta-Cache
X-Type
FilterID
X-LB-Cache
X-User-Agent
X-Rid
X-AppVersion
X-Activity-Id
X-IPLB-Instance
X-Revision
X-Az
Backend-Timing
X-Analytics
Healthy
Edge-Cache-Tag
X-Node-Name
X-F-Cache
X-Whom
X-Acc-Meta-Resource-Type
Retry-After
X-Time
X-Cache-2
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-NWS-LOG-UUID
Accept-Charset
X-Srv
Alternate-Protocol
X-Pinterest-Rid
Pinterest-Version
X-Cache-Hit
X-AOL-HN
X-Cache-Rule
Server-Node
Cache-Status
X-Content-Options
VIX-Pulpo-Upstream-Status
Surrogate-Key
VIX-Pulpo-Node
X-Cluster
X-Content-Powered-By
X-Content-Security-Policy-Report-Only
Access-Control-Allow-Method
Refresh
DC
X-Akamai-Edgescape
X-Forwarded-Host
X-Jobs
X-Instance
X-FW-Type
X-FB-Debug
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-FW-Static
X-Page-Id
X-FW-Server
X-Debug-Info
X-FW-Serve
X-FW-Hash
X-Framework
Source
X-Varnish-Grace
X-PHP-Backend
X-Request-Guid
X-App-Environment
X-B
Fastcgi-Useragent
X-Hp-Webp
MS-CV
X-Hostname
X-App-Server
Cleartype
Host
Frame-Options
X-B-Cache
X-Signature
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Tracecode
X-Ratelimit-Reset
X-DataStream-Cache-Status
X-Cached-By
Actual-Object-TTL
X-Cache-Operation
X-BCube-Filmed-By
X-Cache-Key
Cache-Tag
X-Mobile-URL
X-TA-CDN-Provider
X-Varnish-Backend
X-Geo-Country
X-Amz-Replication-Status
X-Cache-Control
X-TT
Xserver
Liferay-Portal
X-Pad
X-PressLabs-Stats
X-Seen-By
X-Mobile
X-Host-Name
NGB
X-ATG-Version
X-Response-Served-From
X-Git-Hash
X-Adobe-Loc
X-Adobe-Content
Payment
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
X-WA-Info
Eomportal-Instance
X-Status
X-TT-TIMESTAMP
Filters
X-Tumblr-Pixel-1
X-FW-Dynamic
X-ProcessESI
Cache-Tv-Group
WPE-Backend
X-Tumblr-Pixel-2
X-RemovedCookies
X-TX-ID
X-Cacheable-TTL
X-GeoIP
X-RTag
Ms-Operation-Id
X-Handled-By
X-Drupal-Cache-Tags
X-RequestSource
X-UA-Device-Type
From-Origin
Webserver
X-Cache-TTL-Remaining
X-Content-Age
X-Cache-Remote
Datacenter
GEO-INFO
Cache
X-Daa-Tunnel
X-Oracle-Dms-Rid
X-Upstream-Proxy
X-Edge-Location
X-Storage
Viewport
X-Cache-TTL
X-Cache-Action
X-Accel-Buffering
X-Webkit-CSP
X-Origin-Server
X-Varnish-Hostname
Accept-CH-Lifetime
X-Ua
X-EdgeConnect-Cache-Status
Version
X-Hyper-Cache
X-Contextid
X-CF-Powered-By
X-Region
Host-Header
X-Yottaa-Optimizations
X-Wix-Request-Id
X-Yottaa-Metrics
PageSpeed
X-Varnish-Server
X-Akamai-Transformed
X-ES-SERVER
Load-Balancing
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
X-Akamai-Request-ID2
X-RN-RSRV
NR-ENABLED
SRV
X-Path-Route
X-Timing-Wait
S-Cnection
X-IP
X-JoinUs
X-Proxy-Build
X-From
Selected-Fe
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Loop
X-Proto
X-Proxy
X-Generated
X-CS
Vix-Hermes-Req-Id
X-Backend-Name
X-Cache-Config
X-TNCMS
Now
Cache-Tags
Cache-Name
Rt-Fastcgi-Cache
X-FC-Vary-Parameters
DB-Nickname
X-Tumblr-Pixel-3
X-Labrador-Cache-Channel
X-Hit
X-Viewer-Country
X-Cluster-Node
X-Akamai-Request-ID
X-Access
X-ApacheServer
Cache-Hits
X-Cache-Enabled
Decoy-Debug-Key
X-Via-Fastly
X-Rule
Decoy-Debug-TTL
X-PERF
Decoy-Debug-Status
X-NCache
X-Upgrade-Enabled
X-Section
X-Origin-Response-Time
X-Origin
X-Time-Microsecs
Cache-Key
TWC-Locale-Group
Azure-Version
TWC-Privacy
TWC-Device-Class
Property-Id
Mn-Server-Ip
Webcakes-App-Name
S-Rt
TWC-Connection-Speed
TWC-GeoIP-Country
Country
TWC-GeoIP-LatLong
X-EIG-Tracking-Id
X-UnsetCookies
X-Trace-Id
X-R9-Blue-Green-Version
X-PCL
X-Upstream-CT
X-Upstream-HT
Ec-Rule-Version
X-Xfnlog-Site
X-Web-Node
X-Varnish-Cache-Hits
X-Origin-Hint
X-OCL
X-Cache-Host
X-Cache-Grace
X-Backend-TTL
Webcakes-Region
X-CCM
Azure-SlotName
X-FW-Version
X-Format
X-FireWall-Port
Webcakes-App-Version
X-Hosted-By
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Drupal-Cache-Contexts
X-Device-Type
X-Locale
X-Human
X-Debug-Cache
X-S
X-Site-Version
X-Www-Served-By
X-Varnish-Hits
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
OT-Force-Account-Verify
DSUID
X-Cache-Time
Server-Info
X-NewRelic-App-Data
Release
Time
X-Cache-Server
X-Cache-NE
X-Rendered-As
Ohc-File-Size
ServedBy
X-VG-WebCache
Hostname
X-VG-TLSProxy
X-Alternate-Cache-Key
X-ShardId
X-Vgn-Hpd-Reason
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
X-Presslabs-Stats
X-FB-TRIP-ID
X-VCT
X-Redis-Cache
X-Mode
X-Nginx-Cache
Fastcgi-X-Cache-Version
Accept-Language
X-Tb
X-OVcl-Cache
X-Real-IP
X-APP-VERSION
X-OVcl
Machine
Ohc-Cache-HIT
Cteonnt-Length
NtCoent-Length
Origin
Origin-Edge-Control
X-Pubstack
Origin-Cache-Control
X-L-Path
X-Environment-Context
X-No-Session
X-B3-Spanid
X-CSRF-TOKEN
L5d-Success-Class
X-HS-Cache-Config
X-App-Version
X-Request-Time
Odigeo-Trace-Id
X-Generated-By
Access-Control-Request-Headers
X-Load-Cache
X-Magnolia-Registration
X-Tt-Trace-Tag
X-NC
X-Cluster-Name
X-GEO
Mime-Version
X-LJ-Flow-ID
X-AWS-Id
X-CACHE-KEY
X-VWS-Id
X-DC
Fastly-SSL
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
IBM-Web2-Location
X-Parent-Response-Time
Akamai-GRN
Mail-Subject
X-UUID
We-Hiring
X-B3-Parentspanid
X-ServerID
X-NGENIX-Cache
X-GoCache-CacheStatus
X-SS-Set-Cookie
Nel
X-Rocket-Nginx-Bypass
X-ECACHE
Request-Time
Locale
X-XRDS-LOCATION
X-Urbn-Site-Id
X-Urbn-Context-Path
X-A-Dcw
X-Accel-Expires-Debug
X-AIR-PT
X-Application
X-ARC
Cdn-Request-Time
Content-Script-Type
X-Aed
Content-Style-Type
X-A-Wwc
Cache-Prefix
Cross-Origin-Window-Policy
X-A-Dgt
AsisCache
Server-ID
GEO-REGION-INFO
T-Server
A
X-Node-Id
Fly-Request-Id
Rt-Proxy-Cache
Rendered-Blocks
Meta-Geo-Continent
MD5-Digest
X-Soup
Mobile-Detection-Method
Node
Fly-Cache
X-B-Cookie
Memcached
VivaBuild
Proxy-Connection
X-A
X-A-Ccd
BehaviorPad-Version
Arc-Country
Apple-News-Services-Request-Url
X-MServer
Apple-News-Services-Handled
Viewtype
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-A-Dam
CF-IPCountry
X-Proxied
X-Twitter-Response-Tags
X-G
X-Trv-Group
X-Connection-Hash
X-ProxyCache-Key
X-ProxyCache-Status
X-Routing-Service
X-ScT
X-Rewrite-Enabled
X-Destination
X-Transaction
X-Rojux
X-S-Maxage
X-Date
X-Server-Time
X-Origin-Expires
X-SRCache-Key
Cdn-Host
X-S-Cookie
X-Is-Bot
X-Instart-Info
X-D
X-Developer
X-Detected-As
X-PAYTM-SRV-ID
X-Edge-Server
X-Vtex-Remote-Cache
X-CF-Lambda-Fn
X-DPWN-IS-SECURE
Xc-Version
X-Worker
X-Org
X-Zipkin-Id
X-Vtex-Processado-Em
Uber-Trace-Id
X-External-Request-Id
X-Request-UUID
X-BYPASS-REASON
X-CF-Lambda-Version
X-Origin-Date
X-VG-WebServer
X-Region-Sid
NGX
X-Element-Page-Cache
X-Via-CDN
Backend-Name
X-Oneagent-Js-Injection
ServerName
X-Request-Start
Fastly-Soc-X-Request-Id
X-Release
IsBot
Gh-Request-Id
Countrycode
X-IN-APIGATEWAYSSL
X-Thanos
X-Up
X-VC-Cache
X-Fastly-Cache
X-Distributor
X-Clientip
X-WebServer
X-Auto-Login
X-Cache-Bucket
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Cdn-Srv
X-Distil-CS
X-Cms-Context
Request-Country
X-IN-APIGATEWAY
X-SVT-ORM-RULES
N-Cache
X-SIPLIST1
Section-Io-Cache
X-Hl-Ver
X-TrackingId
X-Bip
X-Core-Mission
X-SVT-ORM-VERSION
X-Developers
Request-EU
X-B3-SpanId
X-Origin-CC
X-Origin-TTL
X-ElasticPress-Search
User-Cache-Control
X-Cache-Info
X-Reboot
X-Level-Front-Cache
W
X-Hnp-Log
X-Cache-Id
X-Rebelmouse-Surrogate-Control
X-Hello
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Epic-Correlation-Id
X-Cache-FS-Status
V-Age
Thinkindot-CacheControl
X-Irp-Debug
Server-Int
X-CGP
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Clara-WADP
X-RateLimit-Limit-Second
X-Request-URI
True-Client-Country-4JS
X-Cdn-Origin
X-Proxy-Upstream
X-Location
X-Backend-Host
X-Matched-Rule
X-Method
X-MSEdge-Features
X-Backend-Url
X-BBXSRF
X-C
X-Block-Status
X-LI-Proto
X-LI-UUID
X-MSEdge-Flight
X-Nginx-Cache-Key
X-Platform-Server
X-Proxy-Cache-Status
X-ABtesting
X-Compress-Hint
X-PHP-Host
X-Owner
X-App-Name
X-NX-Host
X-Old-Content-Length
X-Amz-Meta-Cache-Control
X-Li-Fabric
RNT-Time
HA-Ipaddr
X-Generated-In
Ha-Gx-Prefs
X-Gen-Mode
X-Wikidot-Backend
X-We-Are-Hiring
Is-Eu
X-Hash
L
X-Generated-On
X-WADP-Cache
X-Wikidot-Static-Cache
Adler-Geo
X-Fetched-On
X-Eu-Site
CDCHOST
Content-Disposition
Esi-Enabled
X-Device-Os
X-Flog
Fastly-SWR
AKAMAI
Fastly-SIE
X-VServer
Magicmarker
X-ServiceProvider
X-Generation-Time
X-Skip-Cache
X-Debug-Log
X-Geo-Header
X-CUA
X-Li-Pop
RNT-Machine
X-GeoIP-City
Platform
X-Sn-Servicetimems
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Variation
X-Debug-Cookies
X-Thinkindot-L3
X-Unique-ID
PFcat
X-Debug-Cache-Fetch
X-Microcachable
X-HS-Combine-CSS
X-MP-GENERATED-AT
X-Key
X-Dispatcher-Server
X-Internal-Host
X-Dispatch
X-Cdn-Forward
X-User
Memory
X-Uri
Pagetype
X-Swa-Ws
X-Servername
Pramga
Kp-EeAlive
Heartbleed
Country-Code
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Webstats-RespID
X-GDPR
X-Backend-State
X-Guploader-Uploadid
Web-Mar-Node
X-Reqid
X-Response-By
Wxu-Next-Commit
Wxu-Next-Hostname
X-Qloud-Router
Wxu-Next-Region
X-Say-Cacheable
SS
X-SayCDN-TTL
SD-X-WS
X-Server-IP
Served-By
X-Say-TTL
Server-Host
X-SD-PageType
X-IPS-LoggedIn
X-Policy
X-Page-Type
Resin-Trace
X-SERVER-NAME
X-FPC
X-Wa
UCS
ProcessTime
X-Nc
X-Servedbyhost
REQUESTUUID
Powered-By-ChinaCache
X-Geo
X-Var-Ttl
X-Logtrace-Id
X-Service
Ajk
X-HTML-Minification-Powered-By
X-JWT-State
X-Is-Gdpr
Cache-Provider
Proxy-Firewall
X-Has-Esi
X-SRV
X-Lb-Id
Srv
X-Cache-Backend
X-Dc
X-Ratelimit-Limit
X-VCL-Version
X-Datadome
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Cache-Category-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Processor
X-Grey
Powered-By
X-NWS-UUID-VERIFY
X-Pjax-Url
X-Be
X-Varnish-Beresp-Ttl
X-Cache-Ttl
X-Info
X-ZONE
X-TH-Server
GeoIP-City
Fastly-Backend-Name
X-Server-ID
X-Cache-URL
SN
X-Svr
GeoIP-Latitude
GeoIP-Country-Code
X-Ruxit-Js-Agent
PICS-Label
X-HS-Status
X-RCS-CacheZone
X-Instart-Isnd
X-RateLimit-Reset
X-CDN-Forward
X-Tec-Api-Origin
X-Webkit-Csp
X-Tec-Api-Version
X-Zone
X-Tec-Api-Root
X-SN
X-Scheme
X-Ftr-Request-Id
X-Dynatrace
X-Ttl
X-Varnish-Beresp-Grace
X-Newrelic-Synthetics
X-Varnish-Beresp-Status
GW-Server
X-NodeID
Cdn
Group
X-Source
X-GRACE
X-UA
X-Pf-Uncompressing
X-LAGOON
CACHE
X-Varnish-Url
X-Secret
WZWS-RAY
X-PF-Uncompressing
X-Bc
X-Gannett-Site-Version
CF-Cached-On
X-EC-Lua
X-Check-Cacheable
X-LiteSpeed-Cache-Control
X-Varnish-Beresp-TTL
Dynatrace
X-Sucuri-Id
On-Server
Ttl
Cache-Host
X-Dynatrace-Js-Agent
LB
X-Server-W
X-CDN-Cache
X-Varnish-Cacheable
X-NODE
X-Ftr-Cache-Host
X-GeoIP-Country-Code
User-Agent
X-BC
X-Ratelimit-Remaining
X-Via-Ucdn
Environment
Pics-Label
X-Tt-Trace-Host
Inserted-Into-Cache-At
X-Ms-Version
X-Ms-Request-Id
X-APP
X-BE
X-Edge
X-NU-AKA-ACS-Version
X-COUNTRY
XServer
GeoIp-Country-Code
X-Fastly-Country-Code
X-Session-Fingerprint
X-URL
X-Crawler
X-Akamai-SSL-Client-Sid
Lfy
X-Cache-Debug
X-Aicache-OS
Who
X-PJAX-URL
Geoip-Latitude
WWW
Geoip-City
X-Ftr-Backend-Server
MIME-Version
X-Ftr-Dc
X-Trafficlayer-App-Name
X-Ftr-Backend
X-Ftr-Realm
X-Ftr-Balancer
X-Trafficlayer-App-Scope
Ohc-Response-Time
X-Fastly-Backend-Reqs
X-Mid
Requestid
X-Agile
X-Agile-Age
X-Render-Time
X-Agile-Id
Cf-Ipcountry
X-Vcl-Version
X-FE
M-TraceId
X-Varnish-Ttl
X-MCACHE
X-LB-ID
SID
X-CSRF-Token
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
Lb
X-7Graus-Varnish-Cache-Control
X-7Graus-Varnish-XKeys
X-Via-Edge
X-Litespeed-Cache-Control
URI
X-Served-From
X-Via-SSL
X-Micro-Cache
X-UPSTREAM-Address
X-Logging-Id
X-Proxy-Cacherz
Xkeyrz
X-Sedo-Request-Id
X-Cache-Miss-From
X-WR-MODIFICATION
HostName
X-Amzn-Remapped-Date
X-RPM
X-Amzn-Remapped-Connection
X-RPS
X-RSL
X-Cache-Tag
X-Action
X-DW
X-DB
Host-ID
X-DI
X-DSS
RequestUuid
DataCenter
X-Cf-Powered-By
X-Correlation-ID
X-Zalando-Child-Request-Id
X-Protected-By
X-Flow-Id
X-Core-Value
Xkeypdq
X-WA
X-Vct
X-Nananana
X-ServedByHost
CDN
X-Page-Impression-Id
X-Fpc
X-Fastly-Cache-Hits
X-NGINX-Cache
X-Newrelic-App-Data
WebServer
X-ND-Cache
X-Cdn-Request-ID
X-Request-Url
X-Via-NSCOPI
X-Ecache
Cneonction
X-VC
X-SB
X-MID
X-TIME
FNAC-ModuleRouting
X-Refresh
Cdncip
Correlation-Id
Warning
X-Vdms-Version
X-Dw-Trace-Id
Cdnsip
X-AK-Request-ID
X-Swift-Error
Xet-Cookie
X-Apw-Hits
X-Fe
X-TT-LOGID
X-Sucuri-Cache
Get-Access-Time
Is-Session-Tracking
X-MiniProfiler-Ids
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-ServerName
X-Unique-Id
HitType
X-Bug-Bounty
X-ECache
Processtime
X-Serial
X-Apw-Access-Action
X-Apw-Access-Object
X-Request-URL
V-Cache
Pragrma
X-Gdpr
X-Apw-Access-Token