Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Request-ID
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-Host
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-Cache-Lookup
X-TTL
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Url
NEL
X-Ua-Compatible
X-FTR-Request-ID
Rating
X-Ruxit-JS-Agent
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dispatcher
X-Dns-Prefetch-Control
X-HW
X-CST
X-Goog-Hash
X-ORACLE-DMS-RID
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
X-DataStream-Cache-Status
X-PC
Edge-Control
X-DataDome
X-TtlSet
X-Vname
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-Varnish-TTL
X-Kinja-Build
RTSS
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Revision
X-Exp-Id
X-Kinja
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-SharePointHealthScore
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
X-Akam-SW-Version
X-Powered-By-Plesk
X-RateLimit-Remaining
X-B3-TraceId
MS-Author-Via
DynaTrace
Charset
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Shield-Request-Id
X-Forwarded-Proto
Realpath
X-Amz-Rid
ServerID
X-Powered-CMS
Content-MD5
X-Upstream
AR-CACHE
AR-ATIME
Ar-Sid
AR-PoweredBy
X-Trace
X-Version
Public-Key-Pins
Nginx-Cache
X-ESI
Fastly-Restarts
X-Goog-Metageneration
X-Goog-Generation
X-Cached
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Shard
X-Server-Name
X-Dw-Request-Base-Id
Accept-Ch-Lifetime
AR-Request-ID
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-DynaTrace-JS-Agent
X-Grace
Accept-Ch
X-MSEdge-Ref
Accept-CH
X-Goog-Storage-Class
SPRequestDuration
X-Client-IP
SPIisLatency
S
X-Debug
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
X-Vcache
X-Id
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Ezoic-Cdn
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
Front-End-Https
X-N
X-Pinterest-Rid
X-T
Pinterest-Version
X-Amzn-Trace-Id
X-NF-Request-ID
X-Upstream-Proxy
X-DIS-Request-ID
Arr-Disable-Session-Affinity
X-Content-Type
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-Varnish-Age
X-B3-Traceid
X-Acc-Meta-Resource-Type
X-Frontend
X-Ser
Arc-Version
PB-PID
Fastcgi-Cache
X-Mobile-Rewrite
PB-RID
X-Logged-In
X-Content-Digest
Server-Name
X-Correlation-Id
Alternate-Protocol
X-Cache-Key
X-Node-Name
X-Srv
Nel
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Microsite
X-Request-Handler-Origin-Region
X-VCache
FilterID
TP-Cache
TP-L2-Cache
X-User-Agent
X-Type
X-Rid
Healthy
X-Kinsta-Cache
X-LB-Cache
Host
X-IPLB-Instance
X-F-Cache
X-Request-Received
X-Request-Processing-Time
Powered
X-Zen-Fury
X-Forwarded-For
X-Cache-2
X-Amzn-RequestId
Powered-By-ChinaCache
X-Esi
X-Amz-Apigw-Id
X-AOL-HN
Edge-Cache-Tag
X-Revision
X-Debug-Info
X-GUploader-UploadID
X-Cached-By
X-Cache-Age
Backend-Timing
X-Analytics
X-Via-JSL
X-HS-Hub-Id
X-Kong-Proxy-Latency
X-HS-Content-Id
X-Hostname
X-Kong-Upstream-Latency
X-Cache-Rule
X-Az
X-Activity-Id
X-AppVersion
X-Accel-Expires
X-XRDS-LOCATION
Surrogate-Key
Accept-CH-Lifetime
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Page-Id
X-RateLimit-Limit
X-Content-Options
X-BCube-Filmed-By
X-Instance
X-PHP-Backend
X-Content-Powered-By
X-FB-Debug
X-Varnish-Grace
X-Amz-Replication-Status
X-Cluster
X-Tumblr-User
Server-Node
X-Akamai-Edgescape
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Request-Guid
X-Jobs
X-Signature
X-B-Cache
Refresh
Cleartype
Source
Cache-Status
X-Forwarded-Host
X-TT
X-App-Environment
X-Framework
Liferay-Portal
X-FW-Server
X-FW-Serve
X-Fastcgi-Cache
X-FW-Static
X-FW-Hash
X-FW-Type
DC
X-Varnish-Hostname
X-ATG-Version
Tracecode
Accept-Charset
Host-Header
Fastcgi-Useragent
Access-Control-Allow-Method
X-APP-VERSION
X-Mobile
WPE-Backend
X-Cache-Action
X-Cache-Operation
X-Drupal-Cache-Tags
X-Edge-Location
X-Cache-Control
X-Whom
X-B
X-Cache-Hit
Actual-Object-TTL
X-Hp-Webp
X-Time
X-Accel-Buffering
X-Mobile-URL
X-Erf-Bev-Bev-Is-Generated
Payment
X-Response-Served-From
X-Erf-Bev-Bev
X-App-Server
X-Storage
X-TX-ID
X-WA-Info
X-Oracle-Dms-Rid
X-WebKit-CSP-Report-Only
X-Git-Hash
X-Content-Age
NGB
X-NWS-LOG-UUID
Cache-Tv-Group
X-Cacheable-TTL
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
X-Yottaa-Metrics
X-TA-CDN-Provider
X-Yottaa-Optimizations
Filters
X-UA-Device-Type
X-SS-Set-Cookie
Cache-Tag
X-Handled-By
X-ProcessESI
Eomportal-Instance
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Status
X-Adobe-Content
X-GeoIP
X-Adobe-Loc
Viewport
X-RemovedCookies
X-RequestSource
X-Geo-Country
Retry-After
X-Presslabs-Stats
X-VG-WebCache
X-FW-Dynamic
Webserver
X-Cache-TTL-Remaining
MS-CV
X-Cache-TTL
Xserver
X-Seen-By
Datacenter
Cache
X-Server-ID
Server-Info
X-FB-TRIP-ID
X-Host-Name
X-Cache-Enabled
Frame-Options
X-B3-Spanid
X-Ratelimit-Limit
Ms-Operation-Id
X-Contextid
X-RTag
X-Ratelimit-Reset
X-Hyper-Cache
From-Origin
X-Generated-By
X-Origin-Server
X-Mode
Country
S-Cnection
X-CF-Powered-By
X-Path-Route
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Config
X-Cache-Var
X-Tumblr-Pixel-3
Meta-Geo
X-ES-SERVER
SRV
Load-Balancing
Machine
X-MP-GENERATED-AT
X-Cache-Grace
X-Proxied
X-Upstream-CT
Vix-Hermes-Req-Id
Cache-Key
GEO-INFO
X-Zipkin-Id
X-Upstream-HT
X-Routing-Service
X-Section
X-Labrador-Cache-Channel
X-Access
X-Viewer-Country
X-Web-Node
X-Varnish-Server
X-From
X-Varnish-Cache-Hits
X-Backend-Name
X-Drupal-Cache-Contexts
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Now
X-Hit
X-Cache-Host
X-Human
X-OCL
X-PCL
X-Loop
X-TNCMS
X-Upgrade-Enabled
X-R9-Blue-Green-Version
X-ShardId
X-Region
X-Alternate-Cache-Key
Mn-Server-Ip
X-Origin-Response-Time
X-L-Path
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Rule
X-Sorting-Hat-ShopId
ServedBy
X-Trace-Id
X-LJ-Flow-ID
X-Via-Fastly
X-VG-TLSProxy
X-CCM
X-VWS-Id
X-Endurance-Cache-Level
X-Akamai-Request-ID
Rt-Fastcgi-Cache
X-Environment-Context
X-AWS-Id
X-Magnolia-Registration
X-Debug-Cache
X-EIG-Tracking-Id
We-Hiring
X-S
Cache-Name
X-JoinUs
X-Proto
X-Proxy-Build
X-Cluster-Node
Mail-Subject
Akamai-GRN
X-Xfnlog-Site
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Locale
X-Hosted-By
X-Generated
X-FC-Vary-Parameters
X-NCache
X-Site-Version
X-Rendered-As
OT-Force-Account-Verify
X-Timing-Wait
DSUID
DB-Nickname
Version
Release
X-RCS-CacheZone
X-Www-Served-By
X-PressLabs-Stats
X-Device-Type
X-Guploader-Uploadid
X-Varnish-Hits
Uber-Trace-Id
CACHE
X-Request-Time
ProcessTime
X-Load-Cache
X-Time-Microsecs
X-IP
X-Dc
X-VCT
NtCoent-Length
X-Nginx-Cache
Time
X-NewRelic-App-Data
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
NGX
Azure-InstanceId
S-Rt
X-Wix-Request-Id
X-Redis-Cache
Cteonnt-Length
Azure-SlotName
X-Origin
Azure-SiteName
Azure-RegionName
Azure-Version
X-FW-Version
X-UUID
X-RateLimit-Reset
X-Platform-Server
X-Akamai-Request-ID2
X-No-Session
X-CDN-Forward
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
X-Via-CDN
Property-Id
TWC-Connection-Speed
X-EdgeConnect-Cache-Status
Webcakes-App-Name
Webcakes-Region
X-Origin-Hint
X-GEO
X-FireWall-Port
X-Daa-Tunnel
X-Proxy
X-ECACHE
X-Cache-NE
X-MServer
X-Rocket-Nginx-Bypass
X-Hl-Ver
X-UA
X-HTML-Minification-Powered-By
X-Vgn-Hpd-Reason
X-IPS-LoggedIn
Origin
Odigeo-Trace-Id
X-Akamai-Transformed
X-Cache-Remote
X-ServerID
X-ApacheServer
X-PERF
X-Format
X-CS
X-Cache-Server
X-Distributor
LB
X-Oneagent-Js-Injection
Ec-Rule-Version
Access-Control-Request-Headers
Cache-Tags
X-UnsetCookies
Fastly-SSL
Accept-Language
X-Tb
Hostname
L5d-Success-Class
X-NC
X-Microcachable
X-Pubstack
X-Webkit-Csp
X-Unique-ID
X-Real-IP
Origin-Cache-Control
X-SERVER-NAME
Origin-Edge-Control
Fastcgi-X-Cache-Version
X-Amzn-Remapped-Content-Length
X-Varnish-Cacheable
Served-By
Cdn-Host
Cdn-Request-Time
Cache-Prefix
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
BehaviorPad-Version
Cache-Cookie-Set-Idcheck
X-External-Request-Id
Fastly-SWR
Fly-Cache
X-AIR-PT
Fastly-SIE
Cross-Origin-Window-Policy
Content-Style-Type
AsisCache
Content-Script-Type
X-G
X-Instart-Info
X-ARC
X-IN-APIGATEWAY
X-Internal-Host
X-Is-Bot
X-Rojux
X-Rewrite-Enabled
X-Application
X-App-Name
A
AKAMAI
Fly-Request-Id
X-Generated-On
X-Request-UUID
X-Grey
Arc-Country
X-Edge-Server
X-Accel-Expires-Debug
Server-ID
X-CF-Lambda-Version
X-Aed
X-Cluster-Name
Request-Time
REQUESTUUID
Rt-Proxy-Cache
X-CF-Lambda-Fn
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A-Dam
X-A
VivaBuild
X-Cdn-Srv
Viewtype
Request-EU
Request-Country
X-Detected-As
MD5-Digest
X-Level-Front-Cache
X-Developer
X-DPWN-IS-SECURE
X-Cache-Bucket
X-A-Dcw
X-Destination
Meta-Geo-Continent
X-Connection-Hash
Proxy-Firewall
Rendered-Blocks
X-D
X-Date
Mobile-Detection-Method
Node
GEO-REGION-INFO
X-Geo-Header
X-Vtex-Remote-Cache
X-SVT-ORM-RULES
X-Org
X-Vtex-Processado-Em
IBM-Web2-Location
X-VG-WebServer
X-NU-AKA-ACS-Version
X-SVT-ORM-VERSION
X-B-Cookie
X-Worker
X-ScT
X-BACKEND-TTL
X-S-Cookie
X-PAYTM-SRV-ID
Xc-Version
X-Transaction
X-Trv-Group
X-SRCache-Key
Selected-Fe
X-Twitter-Response-Tags
X-Rebelmouse-Cache-Control
Proxy-Connection
X-Rebelmouse-Surrogate-Control
X-Cache-Category-Id
X-S-Maxage
X-Region-Sid
X-Server-Time
X-Varnish-Url
X-B3-Parentspanid
X-URL
X-Cache-Backend
Backend-Name
X-ElasticPress-Search
X-Compress-Hint
ServerName
On-Server
X-Developers
X-Debug-Log
Is-Eu
X-Debug-Cookies
Memcached
X-NX-Host
RNT-Machine
X-Cache-Info
W
X-Sn-Servicetimems
X-Cdn-Origin
X-Cache-Id
X-Dynatrace-Js-Agent
X-Backend-State
X-ServiceProvider
X-Skip-Cache
True-Client-Country-4JS
X-CGP
Resin-Trace
X-PHP-Host
Platform
Ha-Gx-Prefs
RNT-Time
X-Clientip
Server-Int
Section-Io-Cache
X-Core-Mission
HA-Ipaddr
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Method
Adler-Geo
X-GeoIP-Country-Code
X-C
X-HS-Combine-CSS
X-Location
X-HS-Cache-Config
X-Fastly-Cache
X-Request-URI
X-Eu-Site
Esi-Enabled
X-Variation
X-Nginx-Cache-Key
X-Epic-Correlation-Id
X-We-Are-Hiring
Countrycode
Gh-Request-Id
Content-Disposition
X-Qloud-Router
X-SIPLIST1
X-Key
X-Server-IP
X-Dispatch
X-CDN-Cache
X-Li-Fabric
X-Hash
X-Hnp-Log
X-SD-PageType
X-Response-By
X-LI-UUID
X-Cache-FS-Status
X-Servername
X-Block-Status
X-Li-Pop
X-Irp-Debug
X-LI-Proto
X-Secret
X-GeoIP-City
X-Reboot
X-Bip
X-Device-Os
X-WADP-Cache
X-Reqid
X-Thanos
X-TH-Server
X-Swa-Ws
X-FPC
X-Request-Start
X-WebServer
X-Wikidot-Backend
X-Fetched-On
X-Wikidot-Static-Cache
X-Cms-Context
UCS
X-Clara-WADP
X-Owner
X-Generation-Time
X-Proxy-Upstream
X-Gen-Mode
X-Gannett-Site-Version
X-TrackingId
X-Dispatcher-Server
X-BBXSRF
X-Proxy-Cache-Status
X-Distil-CS
SD-X-WS
X-Edge
User-Cache-Control
Web-Mar-Node
N-Cache
SS
PFcat
Server-Host
Fastly-Soc-X-Request-Id
L
V-Age
X-Auto-Login
X-Amz-Meta-Cache-Control
CDCHOST
IsBot
Country-Code
X-SERVER
CF-IPCountry
X-Thinkindot-L3
X-Matched-Rule
X-VC-Cache
X-Origin-Expires
X-Pf-Uncompressing
X-Origin-Date
GW-Server
X-Crawler
Wxu-Next-Region
X-Release
X-Webstats-RespID
Kp-EeAlive
Wxu-Next-Hostname
Wxu-Next-Commit
Heartbleed
X-Azure-Ref
Powered-By
Pramga
Who
X-VServer
X-Nc
Thinkindot-CacheControl-Type
X-Azure-Ref-OriginShield
Thinkindot-Control
Thinkindot-CacheControl
Locale
X-Urbn-Context-Path
X-Parent-Response-Time
X-Urbn-Site-Id
X-OVcl-Cache
X-CUA
X-Processor
X-Via-NSCOPI
X-OVcl
X-FE
X-Powered-By-Defense
X-Served-From
X-Varnish-Ttl
X-CLOUD-TRACE-CONTEXT
Magicmarker
X-Via-Edge
User-Agent
X-Via-SSL
X-LAGOON
X-Flog
X-Ratelimit-Remaining
X-Hello
PageSpeed
X-ABtesting
X-Varnish-Beresp-Ttl
X-Ua
Memory
Mime-Version
X-Protected-By
Pagetype
X-ND-Cache
X-Be
X-Newrelic-Synthetics
X-User
X-Generated-In
X-Cache-Ttl
X-Page-Type
X-Backend-Host
X-Backend-Url
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-MSEdge-Flight
X-Fstrz
X-Up
X-Tt-Trace-Tag
X-Planisys-CDN-Cache
X-MSEdge-Features
X-GoCache-CacheStatus
Pragrma
X-Origin-CC
X-Origin-TTL
X-COUNTRY
X-Geo
X-Debug-Cache-Fetch
X-Ttl
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Soup
X-Backend-TTL
X-Oss-Storage-Class
X-Check-Cacheable
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Zone
X-Core-Value
X-B3-SpanId
X-Phone
Geoip-Latitude
X-IN-WAF
X-ZONE
GeoIp-Country-Code
Cache-Hits
Geoip-City
X-DC
X-Servedbyhost
X-Say-Cacheable
X-Old-Content-Length
X-SayCDN-TTL
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-TT-LOGID
X-Say-TTL
X-Litespeed-Cache
X-Akamai-SSL-Client-Sid
X-FORWARDED-FOR
X-CSRF-TOKEN
X-Cdn-Forward
Cdn
X-Real-Ip
X-VCL-Version
X-Aicache-OS
XServer
X-Birta-Cache-Post
X-Cache-Time
X-Birta-Served
X-Mid
Dynatrace
SN
Inserted-Into-Cache-At
X-Node-Id
Fastly-Backend-Name
X-Datadome
X-HS-Status
WZWS-RAY
X-Varnish-IP
X-MID
Amp-Access-Control-Allow-Source-Origin
X-BC
X-Info
X-Ruxit-Js-Agent
HitType
X-IN-APIGATEWAYSSL
FSS-Proxy
FSS-Cache
X-Vcl-Version
Ajk
X-Logtrace-Id
Selected-FE
X-EC-Lua
X-Refresh
X-Amzn-Remapped-Date
X-UPSTREAM-Address
X-Tb-Optimization-Total-Bytes-Saved
X-ServedByHost
X-Amzn-Remapped-Connection
X-Source
X-Cache-ASPX
CF-Cached-On
Server-Surrogate-Control
Server-Cache-Control
X-Cache-Debug
X-RateLimit-Limit-Second
HostName
X-Agile-Id
X-Agile
X-Agile-Age
X-Wa
X-APP
X-Contensis-Viewer-Groups
X-RateLimit-Remaining-Second
X-Varnish-Authentication
X-TIME
X-Bc
GeoIP-Country-Code
Xkeyrz
X-Proxy-Cacherz
RequestId
X-Nananana
X-CSRF-Token
X-SRV
Srv
X-Via-Ucdn
T-Server
PICS-Label
GeoIP-City
MIME-Version
X-NWS-UUID-VERIFY
X-GRACE
X-PJAX-URL
GeoIP-Latitude
X-App-Version
X-LiteSpeed-Cache-Control
X-Web-Server
Ohc-File-Size
X-ECache
X-LB-ID
X-GDPR
X-Render-Time
X-WR-MODIFICATION
WebServer
Cf-Ipcountry
Ohc-Cache-HIT
X-Varnish-Beresp-TTL
CDN
URI
Get-Access-Time
X-Micro-Cache
X-BE
SID
X-Policy
Xkeynj
Is-Session-Tracking
X-Uri
X-Unique-Id
X-Fastly-Country-Code
X-Cache-Tag
Group
X-PAGE-TYPE
X-CACHE-KEY
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
DataCenter
X-Sedo-Request-Id
X-Cache-Miss-From
X-Requestid
HTTPS
X-MCACHE
X-NGINX-Cache
X-Request-Url
X-SN
X-Fastly-Backend-Reqs
Www
Backend
X-Edge-IP
X-Service
Cache-Provider
Xet-Cookie
X-Instart-Isnd
Lb
X-Vct
X-Pjax-Url
X-Lb-Id
Warning
Cneonction
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Hits
X-Swift-Error
X-Var-Ttl
Pics-Label
X-Dw-Trace-Id
X-Cache-Expires
X-Has-Esi
X-Cf-Powered-By
Ohc-Response-Time
FNAC-ModuleRouting
X-Cdn-Request-ID
Requestid
X-Ecache
X-JWT-State
X-Is-Gdpr
Host-ID
X-WA
Correlation-Id
X-Newrelic-App-Data
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-DB
X-Fastly-Cache-Hits
X-Varnish-Action
X-Page-Impression-Id
X-Flow-Id
X-Zalando-Child-Request-Id
X-DI
X-Fe
X-DSS
X-Fpc
Lfy
X-ServerName
X-PF-Uncompressing
X-Bug-Bounty
X-RSL
X-Serial
X-DW
X-RPM
X-RPS
X-Html-Edge-Cache