Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
CF-Cache-Status
Link
X-Powered-By
X-XSS-Protection
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Alt-Svc
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Cache-Status
X-Xss-Protection
X-Permitted-Cross-Domain-Policies
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
X-Iinfo
Status
X-Content-Security-Policy
X-AspNetMvc-Version
Content-Encoding
X-Buckets
X-Kinja-Server-Push
Xkey
Upgrade
X-Via
Access-Control-Expose-Headers
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Pass-Why
P3p
X-Age
EagleId
X-Backend
X-Envoy-Upstream-Service-Time
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Ua-Compatible
X-Pingback
X-Server-Powered-By
X-AH-Environment
X-Proxy-Cache
X-CDN
X-UA-Device
X-Hacker
X-Server
Request-Context
X-Nginx-Cache-Status
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Cdn
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
Server-Timing
Feature-Policy
X-WebKit-CSP
X-Device
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Rq
X-Ac
X-Cnection
X-Cloud-Trace-Context
Report-To
EagleEye-TraceId
X-Response-Time
X-Host
X-Backend-Server
Request-Id
X-Node
Content-Location
X-Origin-Cache
X-Readtime
X-Vhost
X-Application-Context
X-Cache-Lookup
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Dispatcher
NEL
X-ORACLE-DMS-RID
X-DataDome
X-Ruxit-JS-Agent
X-Rack-Cache
X-Origin-Upstream-Status
Surrogate-Control
X-HW
Allow
Rating
X-Country-Code
X-FTR-Request-ID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Country
X-Url
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
X-TTL
X-MS-InvokeApp
X-Goog-Hash
X-Varnish-TTL
X-Vname
X-PC
X-TtlSet
X-Powered-By-Plesk
Verso
RTSS
Pinterest-Generated-By
Public-Key-Pins
Edge-Control
X-CST
X-Mod-Pagespeed
X-Px
X-Recruiting
X-VARITI-CCR
Response
X-Sol
X-Middleton-Display
X-Middleton-Response
Display
X-B3-TraceId
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-D2id
Service-Worker-Allowed
Accept-CH
X-Ah-Environment
X-SharePointHealthScore
SPRequestGuid
X-Version
X-Vcap-Request-Id
X-Akam-SW-Version
X-Server-Name
SPIisLatency
X-Abt-Application-Version
TCN
MS-Author-Via
SPRequestDuration
X-Navigation-Version
X-GitHub-Request-Id
X-Powered-CMS
X-ESI
X-Shard
Accept-Ch-Lifetime
X-Upstream
Fastly-Restarts
Charset
X-RateLimit-Remaining
X-Amz-Server-Side-Encryption
X-Trace
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-ATIME
Nginx-Cache
Realpath
X-Amz-Rid
X-Debug
X-Forwarded-Proto
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Aspnetmvc-Version
X-XRDS-Location
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Ezoic-Cdn
Front-End-Https
X-Cached
X-NF-Request-ID
AR-Request-ID
Pagespeed
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-MSEdge-Ref
X-Goog-Metageneration
X-Goog-Generation
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Shield-Request-Id
Access-Control-Request-Method
Arr-Disable-Session-Affinity
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
X-VCache
Content-MD5
Paypal-Debug-Id
MicrosoftSharePointTeamServices
X-Id
X-T
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-Amz-Meta-S3cmd-Attrs
X-Goog-Storage-Class
X-Fastly-Request-ID
ServerID
S
DynaTrace
X-Via-JSL
X-Varnish-Age
X-Client-IP
X-Content-Type
X-Server-ID
X-Ser
X-Dw-Request-Base-Id
X-Hits
X-DynaTrace-JS-Agent
X-Correlation-Id
X-Amzn-Trace-Id
X-Accel-Expires
X-FastCGI-Cache
Fastcgi-Cache
X-Grace
X-Content-Digest
X-SERVER
Powered
X-Frontend
X-Vcache
X-N
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
PB-RID
PB-PID
Arc-Version
X-DIS-Request-ID
X-Mobile-Rewrite
Edge-Cache-Tag
Server-Name
X-HS-Hub-Id
X-Logged-In
X-HS-Content-Id
X-RateLimit-Limit
X-Forwarded-For
TP-L2-Cache
TP-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-B3-Sampled
X-GUploader-UploadID
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
Pinterest-Version
X-Pinterest-Rid
X-Type
X-Activity-Id
X-AppVersion
X-Az
X-Cache-Age
X-IPLB-Instance
X-Analytics
Backend-Timing
X-Fastcgi-Cache
X-Kinsta-Cache
X-User-Agent
X-Revision
X-Rid
X-Whom
Healthy
X-LB-Cache
FilterID
X-Time
X-Node-Name
Retry-After
X-Cache-Hit
Accept-Ch
X-Srv
X-NWS-LOG-UUID
Server-Node
X-F-Cache
Alternate-Protocol
Accept-Charset
X-Cache-2
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-Rule
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Cache-Status
X-Hp-Webp
X-Amzn-RequestId
X-B3-Traceid
X-Amz-Apigw-Id
Cache-Tag
X-Esi
X-Content-Options
X-Akamai-Edgescape
X-TA-CDN-Provider
Surrogate-Key
DC
Refresh
X-Instance
X-AOL-HN
X-Content-Powered-By
X-Forwarded-Host
X-Webkit-CSP
X-Content-Security-Policy-Report-Only
X-Debug-Info
X-Tumblr-Pixel
VIX-Pulpo-Upstream-Status
Tracecode
VIX-Pulpo-Node
X-Tumblr-User
X-Tumblr-Pixel-0
X-PHP-Backend
X-Varnish-Grace
X-App-Environment
Access-Control-Allow-Method
Fastcgi-Useragent
X-Framework
MS-CV
X-Request-Guid
X-FW-Server
X-FW-Type
X-Jobs
X-FW-Static
X-FW-Hash
X-FW-Serve
Source
X-B
X-Page-Id
X-Cluster
Frame-Options
X-App-Server
X-FB-Debug
X-Cache-Operation
X-Cache-Key
X-Mobile-URL
X-Hostname
Host
X-Cache-TTL
Actual-Object-TTL
X-Seen-By
Accept-CH-Lifetime
X-Geo-Country
X-Cache-Control
X-Acc-Meta-Resource-Type
X-B-Cache
Cleartype
X-Signature
X-BCube-Filmed-By
X-Cached-By
X-Host-Name
X-Pad
NR-ENABLED
X-Git-Hash
X-Amz-Replication-Status
Upgrade-Insecure-Requests
X-Mobile
X-TT
X-Response-Served-From
X-Varnish-Backend
NGB
X-Adobe-Content
X-Adobe-Loc
X-TT-TIMESTAMP
WPE-Backend
From-Origin
X-RTag
X-Handled-By
X-RemovedCookies
X-ProcessESI
Ms-Operation-Id
Filters
Eomportal-Instance
GEO-INFO
Cache-Tv-Group
X-TX-ID
Payment
Liferay-Portal
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
X-Cacheable-TTL
X-ATG-Version
X-Tumblr-Pixel-1
X-Cache-Remote
X-UA-Device-Type
X-Status
X-RequestSource
X-Drupal-Cache-Tags
X-GeoIP
Webserver
X-Origin-Server
X-FW-Dynamic
X-Cache-TTL-Remaining
X-Presslabs-Stats
X-EdgeConnect-Cache-Status
X-Daa-Tunnel
X-WA-Info
X-Litespeed-Cache
X-Cache-Action
X-Content-Age
X-Edge-Location
X-Wix-Request-Id
X-Storage
X-Contextid
X-Hyper-Cache
Viewport
Datacenter
Version
X-Region
X-Ratelimit-Reset
X-CF-Powered-By
X-HS-Cache-Config
X-Varnish-Hostname
Xserver
X-Accel-Buffering
X-Element-Page-Cache
Ohc-File-Size
Cache
Host-Header
X-Akamai-Transformed
PageSpeed
X-PressLabs-Stats
X-Cache-NE
X-ES-SERVER
Meta-Geo
X-Cache-Var
X-Path-Route
Load-Balancing
X-RN-RSRV
X-Cache-Server
X-Cache-Var-Map
X-Yottaa-Metrics
X-Varnish-Server
X-Yottaa-Optimizations
S-Cnection
X-IP
Cache-Tags
Cache-Name
Rt-Fastcgi-Cache
Ec-Rule-Version
X-Access
X-Viewer-Country
Decoy-Debug-TTL
X-Akamai-Request-ID
Decoy-Debug-Status
Cache-Hits
X-Time-Microsecs
Decoy-Debug-Key
X-Akamai-Request-ID2
X-ApacheServer
X-Cache-Enabled
X-Via-Fastly
X-PERF
X-Tumblr-Pixel-3
X-R9-Blue-Green-Version
X-Origin-Response-Time
X-NCache
X-Section
X-Xfnlog-Site
X-OCL
X-PCL
X-Origin
X-Trace-Id
Cache-Key
Azure-InstanceId
Country
Mn-Server-Ip
Azure-RegionName
Azure-SiteName
X-TNCMS
Azure-Version
Azure-SlotName
X-Upgrade-Enabled
S-Rt
X-Cluster-Node
X-CCM
X-Cache-Time
X-CS
X-Drupal-Cache-Contexts
X-Human
X-From
X-Format
X-Cache-Grace
X-Cache-Config
X-Upstream-CT
Vix-Hermes-Req-Id
X-Www-Served-By
X-Web-Node
X-Upstream-HT
X-Backend-TTL
Property-Id
X-Loop
X-Labrador-Cache-Channel
DB-Nickname
TWC-GeoIP-LatLong
X-Proto
TWC-Device-Class
X-Proxy
TWC-Locale-Group
TWC-Privacy
Webcakes-Region
X-Origin-Hint
Webcakes-App-Version
Webcakes-App-Name
X-Varnish-Cache-Hits
TWC-GeoIP-Country
TWC-Connection-Speed
X-Locale
X-EIG-Tracking-Id
X-UnsetCookies
X-Rule
X-Upstream-Proxy
X-Cache-Host
Ohc-Cache-HIT
X-FC-Vary-Parameters
X-Site-Version
X-Hit
X-Debug-Cache
Server-Info
X-FireWall-Port
X-Hosted-By
Release
Selected-Fe
X-Device-Type
Time
X-NewRelic-App-Data
X-VCT
X-Timing-Wait
X-Proxy-Build
X-Ttl
X-Generated
X-FW-Version
DSUID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Varnish-Hits
X-Rendered-As
X-JoinUs
X-Backend-Name
X-S
X-Vgn-Hpd-Reason
X-OVcl
X-OVcl-Cache
X-Ua
X-APP-VERSION
Now
X-Real-IP
Hostname
OT-Force-Account-Verify
X-SS-Set-Cookie
X-HS-Combine-CSS
X-NGENIX-Cache
X-Pubstack
Fastcgi-X-Cache-Version
X-Redis-Cache
Access-Control-Request-Headers
Origin-Cache-Control
Origin-Edge-Control
ServedBy
X-VG-TLSProxy
L5d-Success-Class
Cteonnt-Length
X-VG-WebCache
Accept-Language
Origin
X-DataStream-Cache-Status
Fastly-SSL
X-FB-TRIP-ID
X-NC
X-XRDS-LOCATION
X-Origin-TTL
X-Shopify-Stage
X-ShopId
X-B3-Spanid
X-Parent-Response-Time
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Tb
Machine
NtCoent-Length
X-CSRF-TOKEN
X-ShardId
X-Origin-CC
X-UUID
SRV
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-Load-Cache
X-Environment-Context
X-L-Path
X-Cluster-Name
X-No-Session
X-ECACHE
X-Rocket-Nginx-Bypass
IBM-Web2-Location
X-Soup
X-App-Version
X-COUNTRY
X-GEO
X-ServerID
NGX
X-Uri
X-B3-Parentspanid
X-Is-Bot
Nel
X-URL
X-Amzn-Remapped-Content-Length
X-Endurance-Cache-Level
Proxy-Connection
X-Nginx-Cache
Akamai-GRN
ServerName
X-CACHE-KEY
CF-IPCountry
X-Developer
Cross-Origin-Window-Policy
X-DPWN-IS-SECURE
X-Instart-Info
X-G
X-External-Request-Id
X-PAYTM-SRV-ID
X-Detected-As
X-D
Apple-News-Services-Handled
X-Connection-Hash
X-Date
A
X-Destination
X-Region-Sid
X-CF-Lambda-Version
X-ScT
X-VG-WebServer
X-Twitter-Response-Tags
X-Trv-Group
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Transaction
X-Node-Id
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-CF-Lambda-Fn
X-SRCache-Key
X-Server-Time
X-Request-UUID
Apple-News-Services-Host
Rendered-Blocks
BehaviorPad-Version
Odigeo-Trace-Id
AsisCache
Rt-Proxy-Cache
Viewtype
T-Server
Cache-Prefix
Content-Script-Type
Memcached
MD5-Digest
GEO-REGION-INFO
Meta-Geo-Continent
X-MServer
Node
Mobile-Detection-Method
VivaBuild
X-A
X-AIR-PT
X-Aed
Apple-News-Services-Parsed-Url
Content-Style-Type
Fly-Request-Id
X-ARC
X-Application
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dam
X-A-Ccd
X-A-Dcw
Apple-News-Services-Request-Url
X-A-Dgt
Fly-Cache
X-B-Cookie
Arc-Country
X-Magnolia-Registration
X-Generated-By
Mime-Version
X-Mode
X-Oneagent-Js-Injection
Backend-Name
X-UA
Section-Io-Cache
X-Developers
X-Azure-Ref
X-Hl-Ver
Request-Time
X-SIPLIST1
X-S-Maxage
X-Azure-Ref-OriginShield
Fastly-Soc-X-Request-Id
We-Hiring
N-Cache
X-Cache-Bucket
IsBot
Locale
X-Release
X-Trafficlayer-App-Scope
X-Fastly-Cache
X-Urbn-Site-Id
X-VC-Cache
Request-Country
X-Trafficlayer-App-Name
Request-EU
X-Urbn-Context-Path
X-Up
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Mail-Subject
X-Cdn-Srv
X-Cms-Context
X-Dc
X-VWS-Id
User-Cache-Control
X-AWS-Id
X-LJ-Flow-ID
X-Compress-Hint
True-Client-Country-4JS
X-Clara-WADP
Server-Int
Thinkindot-Control
Thinkindot-CacheControl
Uber-Trace-Id
Thinkindot-CacheControl-Type
X-Cdn-Origin
X-C
X-Block-Status
X-Backend-Url
X-Backend-Host
X-Cache-Info
X-BBXSRF
X-App-Name
W
X-Location
X-ServiceProvider
X-Skip-Cache
X-Sn-Servicetimems
X-Service
X-Server-IP
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Swa-Ws
X-Thinkindot-L3
X-Wikidot-Static-Cache
X-CUA
X-Var-Ttl
X-Wikidot-Backend
X-We-Are-Hiring
X-VServer
X-WADP-Cache
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Gen-Mode
X-Generation-Time
X-Geo-Header
X-GDPR
X-ElasticPress-Search
X-Distributor
X-Edge-Server
X-Hnp-Log
X-Level-Front-Cache
X-Origin-Expires
X-Qloud-Router
X-RateLimit-Limit-Second
X-Origin-Date
X-Nginx-Cache-Key
X-Matched-Rule
X-Method
X-Device-Os
X-Generated-On
CDCHOST
Fastly-SIE
Esi-Enabled
Cdn-Host
AKAMAI
Heartbleed
Magicmarker
Cdn-Request-Time
L
Pramga
Fastly-SWR
RNT-Time
RNT-Machine
Content-Disposition
X-Request-Time
X-Microcachable
Wxu-Next-Commit
X-Clientip
X-MSEdge-Features
X-Old-Content-Length
X-MSEdge-Flight
Server-Host
X-GeoIP-City
X-IN-APIGATEWAY
X-Cache-Id
Pagetype
X-Core-Mission
Served-By
Is-Eu
Cache-Provider
X-Internal-Host
X-LI-Proto
X-Epic-Correlation-Id
X-Li-Pop
X-Li-Fabric
X-Fetched-On
X-LI-UUID
X-IN-APIGATEWAYSSL
Countrycode
Wxu-Next-Hostname
Wxu-Next-Region
X-Dispatch
X-Distil-CS
X-Cache-FS-Status
Gh-Request-Id
X-Owner
X-Guploader-Uploadid
Web-Mar-Node
X-Via-CDN
X-Request-URI
X-JWT-State
Kp-EeAlive
X-Is-Gdpr
X-Say-Cacheable
X-Say-TTL
X-Servername
X-TrackingId
X-Thanos
X-Variation
X-B3-SpanId
V-Age
X-SayCDN-TTL
Adler-Geo
Platform
X-PHP-Host
X-Platform-Server
X-Backend-State
X-Reqid
Memory
X-Bip
X-Webstats-RespID
X-User
Srv
X-Auto-Login
X-Has-Esi
X-Amz-Meta-Cache-Control
X-Policy
X-Debug-Cache-Expiry
HA-Ipaddr
Ha-Gx-Prefs
X-Info
X-BYPASS-REASON
X-WebServer
SD-X-WS
X-Org
X-Request-Start
X-CGP
X-SD-PageType
X-Debug-Cookies
X-Irp-Debug
Resin-Trace
X-Generated-In
X-Eu-Site
X-Dispatcher-Server
X-NX-Host
X-Proxy-Cache-Status
PFcat
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Upstream
Server-ID
X-Hash
X-Debug-Cache-Store
X-Debug-Log
X-Debug-Cache-Fetch
X-Cdn-Forward
X-ABtesting
X-Flog
X-Hello
X-Wa
X-FPC
X-Key
X-NWS-UUID-VERIFY
X-Geo
REQUESTUUID
X-Servedbyhost
X-Lb-Id
SS
X-DataStream-Origin-MEX-Latency
X-Be
XServer
X-DataStream-MidMile-RTT
X-Cache-URL
X-Svr
X-Unique-ID
X-Response-By
X-RateLimit-Reset
X-Routing-Service
X-IPS-LoggedIn
X-Proxied
X-Ratelimit-Limit
X-DC
X-Zipkin-Id
X-Instart-Isnd
X-Nc
Country-Code
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-CDN-Forward
X-Cache-Backend
X-Processor
X-VCL-Version
X-Page-Type
X-Scheme
X-Datadome
X-Dynatrace-Js-Agent
UCS
X-NodeID
CACHE
X-MP-GENERATED-AT
X-Varnish-Beresp-Ttl
X-SRV
X-Logtrace-Id
X-SN
PICS-Label
X-Pjax-Url
X-ZONE
Powered-By-ChinaCache
Ajk
Group
X-Ruxit-Js-Agent
ProcessTime
X-Oracle-Dms-Rid
X-Newrelic-Synthetics
Cache-Host
Dynatrace
X-Oss-Storage-Class
X-Oss-Server-Time
X-Server-W
X-Oss-Object-Type
Proxy-Firewall
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-HTML-Minification-Powered-By
X-Webkit-Csp
Powered-By
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Beresp-Status
X-HS-Status
X-Ftr-Request-Id
X-FORWARDED-FOR
X-Varnish-Beresp-Grace
X-EC-Lua
X-Dynatrace
X-Pf-Uncompressing
X-Cache-Category-Id
X-Ms-Version
X-Ms-Request-Id
X-Via-Ucdn
X-Grey
SN
Ttl
X-Zone
X-GRACE
X-Source
GeoIp-Country-Code
Geoip-City
Geoip-Latitude
X-Ratelimit-Remaining
MIME-Version
X-Session-Fingerprint
Lfy
Fastly-Backend-Name
X-APP
X-TH-Server
X-Varnish-Beresp-TTL
X-LiteSpeed-Cache-Control
X-Agile-Id
X-Agile-Age
X-PF-Uncompressing
X-Agile
GeoIP-Country-Code
GeoIP-City
GeoIP-Latitude
X-NODE
X-Cache-Debug
GW-Server
X-Sucuri-Id
X-Ftr-Cache-Host
X-BC
X-Check-Cacheable
X-7Graus-Varnish-Cache-Control
LB
Environment
Cdn
X-7Graus-Varnish-XKeys
X-Fastly-Country-Code
X-Tt-Trace-Host
X-LAGOON
X-Logging-Id
X-Bc
X-RCS-CacheZone
X-Cache-Miss-From
X-PJAX-URL
CF-Cached-On
X-Sedo-Request-Id
X-Secret
X-Gannett-Site-Version
Pics-Label
X-Aicache-OS
X-Varnish-Url
X-Edge
WWW
WZWS-RAY
M-TraceId
X-Sucuri-ID
X-Ftr-Backend-Server
X-CSRF-Token
X-Unique-Id
X-Ftr-Balancer
X-Ftr-Backend
X-Ftr-Realm
X-Ftr-Dc
X-Varnish-Cacheable
X-Core-Value
X-Mid
X-CDN-Cache
On-Server
Requestid
Ohc-Response-Time
X-Cache-Tag
X-Akamai-SSL-Client-Sid
Cf-Ipcountry
DataCenter
X-MCACHE
Cdncip
X-Varnish-Ttl
CDN
X-GeoIP-Country-Code
User-Agent
X-Cache-Ttl
Cdnsip
X-UPSTREAM-Address
X-Fastly-Backend-Reqs
X-Vcl-Version
X-AK-Request-ID
Amp-Access-Control-Allow-Source-Origin
X-Sucuri-Cache
X-Vdms-Version
Inserted-Into-Cache-At
X-TT-LOGID
X-Litespeed-Cache-Control
Lb
X-NGINX-Cache
X-Swift-Error
X-NU-AKA-ACS-Version
X-DB
X-DI
X-Fstrz
X-BE
SID
X-Action
X-DSS
X-RSL
X-DW
X-RPM
URI
X-Proxy-Cacherz
Xkeyrz
X-RPS
HostName
RequestUuid
X-Sigma
Host-ID
X-Rocket-Build-Number
X-Sigma-Backend
X-Planisys-CDN-Cache
Pragrma
X-Planisys-CDN-TTL
X-Render-Time
Who
X-Planisys-CDN-Rules
X-Crawler
X-Correlation-ID
Get-Access-Time
Is-Session-Tracking
X-Page-Impression-Id
X-Via-NSCOPI
X-Fastly-Cache-Hits
X-LB-ID
X-Fpc
X-Shopify-Generated-Cart-Token
Warning
X-Refresh
X-Flow-Id
X-WR-MODIFICATION
Server-Id
X-ServedByHost
X-Zalando-Child-Request-Id
Xkeypdq
X-WA
X-Nananana
X-FE
X-Trafficlayer-App-Version
FNAC-ModuleRouting
X-MID
X-TIME
X-Cdn-Request-ID
X-SB
X-VC
X-Micro-Cache
Correlation-Id
X-Cf-Powered-By
X-LiteSpeed-Tag
X-Akamai-ERPolicy
TTL
X-Gen-Id
X-Akamai-ERRuleID
X-MiniProfiler-Ids
X-Bug-Bounty
X-ServerName
X-Fe
HitType
X-Request-URL
Processtime
X-ECache
X-Via-SSL
X-Via-Edge
X-Gdpr
V-Cache
Xet-Cookie
X-Dw-Trace-Id
Cneonction
X-Served-From
X-Newrelic-App-Data
RequestId