Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Request-ID
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-DynaTrace
X-Vhost
X-Cache-Lookup
X-TTL
X-Country
X-Cdn
X-Rack-Cache
Pinterest-Generated-By
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Ua-Compatible
NEL
X-FTR-Request-ID
X-Url
Rating
X-Ruxit-JS-Agent
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dns-Prefetch-Control
X-ORACLE-DMS-RID
X-Dispatcher
X-CST
X-HW
X-Instart-Request-ID
X-Goog-Hash
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-DataDome
X-Vname
X-PC
X-TtlSet
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
Verso
X-MS-InvokeApp
X-Recruiting
X-Varnish-TTL
RTSS
X-Kinja-Server
X-Exp-Id
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-D2id
X-Cdn-Fetch
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-SharePointHealthScore
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-GitHub-Request-Id
X-Middleton-Display
X-Middleton-Response
Display
Response
X-Sol
X-Powered-By-Plesk
X-Akam-SW-Version
X-RateLimit-Remaining
MS-Author-Via
DynaTrace
Charset
X-Shield-Request-Id
Realpath
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Forwarded-Proto
X-TEC-API-ORIGIN
ServerID
X-Amz-Rid
X-Powered-CMS
X-B3-TraceId
Content-MD5
X-Upstream
X-Trace
AR-ATIME
AR-CACHE
Ar-Sid
AR-PoweredBy
X-Version
Nginx-Cache
X-ESI
Public-Key-Pins
Fastly-Restarts
X-Cached
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Server-Name
X-Shard
X-Dw-Request-Base-Id
Accept-CH
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
AR-Request-ID
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-Grace
Accept-Ch-Lifetime
SPRequestDuration
X-DynaTrace-JS-Agent
SPIisLatency
X-Client-IP
X-Goog-Storage-Class
X-Debug
S
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-FTR-Expires
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-Vcache
X-Id
X-Ezoic-Cdn
Accept-Ch
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
X-FastCGI-Cache
X-N
Front-End-Https
X-Fastly-Request-ID
X-Amzn-Trace-Id
X-T
X-NF-Request-ID
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-DIS-Request-ID
Arr-Disable-Session-Affinity
X-B3-Traceid
X-Content-Type
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-Varnish-Age
X-Acc-Meta-Resource-Type
X-Ser
X-Mobile-Rewrite
Fastcgi-Cache
PB-RID
PB-PID
Arc-Version
X-Frontend
X-Logged-In
X-Content-Digest
Server-Name
X-Correlation-Id
Alternate-Protocol
X-Cache-Key
X-Srv
X-Node-Name
AMP-Access-Control-Allow-Source-Origin
X-Pad
Nel
X-Request-Handler-Origin-Region
X-Microsite
X-VCache
TP-Cache
TP-L2-Cache
FilterID
X-Type
X-Rid
Healthy
X-User-Agent
Host
X-Request-Received
X-Request-Processing-Time
X-IPLB-Instance
X-Kinsta-Cache
X-Zen-Fury
X-F-Cache
X-LB-Cache
Powered
X-Forwarded-For
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-2
Powered-By-ChinaCache
X-Debug-Info
X-AOL-HN
Edge-Cache-Tag
X-Revision
X-Esi
Accept-CH-Lifetime
X-GUploader-UploadID
X-Cached-By
Backend-Timing
X-Analytics
X-HS-Hub-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-HS-Content-Id
X-Hostname
X-Via-JSL
X-Cache-Age
X-Cache-Rule
X-Activity-Id
X-AppVersion
X-Az
X-Accel-Expires
X-XRDS-LOCATION
Surrogate-Key
X-RateLimit-Limit
X-Content-Options
X-BCube-Filmed-By
X-Varnish-Backend
X-Instance
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Amz-Replication-Status
X-Varnish-Grace
X-PHP-Backend
X-FB-Debug
X-Akamai-Edgescape
X-Tumblr-User
Server-Node
X-Tumblr-Pixel-0
X-Request-Guid
X-Page-Id
X-Tumblr-Pixel
X-Cluster
X-Content-Powered-By
Source
Refresh
Cache-Status
X-Jobs
X-Signature
X-App-Environment
Cleartype
X-B-Cache
X-Framework
X-TT
X-Forwarded-Host
X-FW-Server
X-Fastcgi-Cache
X-FW-Serve
X-FW-Static
Liferay-Portal
X-FW-Hash
X-FW-Type
DC
X-Varnish-Hostname
X-ATG-Version
Tracecode
Accept-Charset
Fastcgi-Useragent
Host-Header
X-Mobile
Access-Control-Allow-Method
X-APP-VERSION
WPE-Backend
X-Cache-Action
X-Cache-Operation
X-Cache-Control
X-Time
X-Edge-Location
X-Drupal-Cache-Tags
X-Whom
X-B
X-Cache-Hit
Actual-Object-TTL
X-Hp-Webp
X-Erf-Bev-Bev
X-Accel-Buffering
X-Mobile-URL
X-Erf-Bev-Bev-Is-Generated
Payment
X-TX-ID
X-Storage
X-App-Server
NGB
X-Git-Hash
X-WA-Info
X-Presslabs-Stats
X-NWS-LOG-UUID
X-Content-Age
Upgrade-Insecure-Requests
X-TA-CDN-Provider
Cache-Tv-Group
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-WebKit-CSP-Report-Only
X-Cacheable-TTL
X-TT-TIMESTAMP
Cache-Tag
X-Handled-By
X-Response-Served-From
X-SS-Set-Cookie
Filters
X-UA-Device-Type
X-RemovedCookies
X-GeoIP
X-Tumblr-Pixel-2
X-Status
X-Adobe-Content
X-Adobe-Loc
X-ProcessESI
X-Tumblr-Pixel-1
Eomportal-Instance
Viewport
X-RequestSource
X-Geo-Country
Retry-After
X-VG-WebCache
X-Cache-TTL
X-FW-Dynamic
Webserver
X-Cache-TTL-Remaining
MS-CV
X-Seen-By
Datacenter
X-Server-ID
X-FB-TRIP-ID
X-Host-Name
Server-Info
Xserver
X-Cache-Enabled
Frame-Options
Cache
X-B3-Spanid
X-Ratelimit-Limit
X-Contextid
X-Oracle-Dms-Rid
Ms-Operation-Id
X-RTag
From-Origin
X-Origin-Server
X-Hyper-Cache
X-Generated-By
X-Mode
Country
S-Cnection
X-CF-Powered-By
Meta-Geo
X-RN-RSRV
Machine
X-Path-Route
X-Cache-Var-Map
X-Tumblr-Pixel-3
X-Cache-Var
Load-Balancing
X-ES-SERVER
SRV
X-Ratelimit-Reset
X-Zipkin-Id
X-Upstream-CT
X-Upstream-HT
GEO-INFO
X-Labrador-Cache-Channel
X-Cache-Grace
X-Section
X-Proxied
X-Routing-Service
X-MP-GENERATED-AT
X-Cache-Config
Cache-Key
X-Access
X-Human
X-From
X-Upgrade-Enabled
X-Drupal-Cache-Contexts
X-Cache-Host
X-PCL
X-OCL
CACHE
Vix-Hermes-Req-Id
X-Varnish-Cache-Hits
X-Web-Node
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-Viewer-Country
X-Varnish-Server
X-Hit
X-Environment-Context
ServedBy
Now
Mn-Server-Ip
X-Akamai-Request-ID
X-Backend-Name
X-Debug-Cache
X-CCM
X-Endurance-Cache-Level
X-Sorting-Hat-ShopId
X-VG-TLSProxy
X-EIG-Tracking-Id
X-Trace-Id
X-Via-Fastly
X-VWS-Id
Rt-Fastcgi-Cache
X-Alternate-Cache-Key
X-TNCMS
X-R9-Blue-Green-Version
X-Origin-Response-Time
X-Loop
X-LJ-Flow-ID
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-ShopId
X-L-Path
X-AWS-Id
We-Hiring
OT-Force-Account-Verify
DB-Nickname
X-Magnolia-Registration
X-Hosted-By
Cache-Name
X-Xfnlog-Site
Mail-Subject
Akamai-GRN
X-NCache
X-Locale
X-Rule
X-Region
X-Rendered-As
X-S
X-Proto
X-Site-Version
X-Dc
X-Device-Type
X-FC-Vary-Parameters
Version
X-Www-Served-By
X-RCS-CacheZone
Release
X-Cluster-Node
X-Goog-Meta-Goog-Reserved-File-Mtime
DSUID
X-Guploader-Uploadid
X-RateLimit-Reset
X-Varnish-Hits
Uber-Trace-Id
X-JoinUs
X-Proxy-Build
X-Timing-Wait
X-Generated
X-Request-Time
ProcessTime
X-Load-Cache
X-IP
X-VCT
X-Time-Microsecs
X-ProxyCache-Status
X-ProxyCache-Key
Time
NtCoent-Length
X-BYPASS-REASON
Azure-SlotName
Azure-RegionName
Azure-SiteName
Azure-Version
X-Redis-Cache
S-Rt
X-Nginx-Cache
Cteonnt-Length
X-FW-Version
NGX
Azure-InstanceId
X-Wix-Request-Id
X-Origin
X-Akamai-Request-ID2
X-Platform-Server
X-PressLabs-Stats
X-NewRelic-App-Data
X-UUID
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
TWC-Locale-Group
X-UA
X-No-Session
X-EdgeConnect-Cache-Status
X-CDN-Forward
X-Via-CDN
X-Origin-Hint
Webcakes-Region
TWC-Privacy
Webcakes-App-Version
Webcakes-App-Name
X-GEO
X-ECACHE
X-FireWall-Port
X-Daa-Tunnel
X-Proxy
X-URL
X-Cache-NE
X-MServer
X-IPS-LoggedIn
X-HTML-Minification-Powered-By
X-ServerID
Origin
X-Rocket-Nginx-Bypass
X-Hl-Ver
X-Cache-Remote
Odigeo-Trace-Id
X-ApacheServer
X-PERF
X-Akamai-Transformed
X-Format
X-Distributor
X-Cache-Server
X-Vgn-Hpd-Reason
X-CS
X-Oneagent-Js-Injection
Ec-Rule-Version
LB
X-Dynatrace-Js-Agent
Accept-Language
Access-Control-Request-Headers
Cache-Tags
X-UnsetCookies
Fastly-SSL
X-Tb
L5d-Success-Class
Hostname
X-Unique-ID
X-NC
X-Microcachable
X-Webkit-Csp
X-Pubstack
X-SERVER-NAME
Origin-Edge-Control
Origin-Cache-Control
X-Amzn-Remapped-Content-Length
X-Varnish-Cacheable
Fastcgi-X-Cache-Version
Served-By
X-AIR-PT
X-App-Name
X-ARC
X-Aed
X-Worker
X-A-Wwc
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-BACKEND-TTL
X-Trv-Group
X-Transaction
X-SVT-ORM-VERSION
X-D
X-Connection-Hash
X-Cluster-Name
X-Twitter-Response-Tags
X-Cache-Bucket
X-VG-WebServer
X-Varnish-Url
X-Cdn-Srv
X-CF-Lambda-Fn
A
VivaBuild
Fastly-SIE
Rendered-Blocks
Request-Country
Request-EU
REQUESTUUID
Request-Time
Fastly-SWR
Proxy-Firewall
Meta-Geo-Continent
MD5-Digest
Mobile-Detection-Method
Node
GEO-REGION-INFO
Content-Style-Type
Content-Script-Type
Arc-Country
AsisCache
Server-ID
Viewtype
AKAMAI
BehaviorPad-Version
Cache-Cookie-Set-From
Cdn-Host
Cdn-Request-Time
Xc-Version
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-B3-Parentspanid
X-CF-Lambda-Version
X-Real-IP
X-NU-AKA-ACS-Version
X-Detected-As
X-Developer
Proxy-Connection
X-Org
X-Rebelmouse-Surrogate-Control
IBM-Web2-Location
X-Rebelmouse-Cache-Control
X-PAYTM-SRV-ID
X-DPWN-IS-SECURE
X-Grey
X-Geo-Header
X-Edge-Server
X-Generated-On
X-G
X-IN-APIGATEWAY
X-Instart-Info
X-Level-Front-Cache
X-Is-Bot
X-Internal-Host
X-Region-Sid
X-Cache-Category-Id
X-SRCache-Key
X-Rewrite-Enabled
X-SVT-ORM-RULES
X-Rojux
X-Request-UUID
X-S-Maxage
X-ScT
X-Server-Time
X-Cache-Backend
X-Compress-Hint
ServerName
Backend-Name
X-ElasticPress-Search
X-External-Request-Id
X-Date
X-ServiceProvider
X-CGP
Resin-Trace
Memcached
X-Eu-Site
X-HS-Combine-CSS
RNT-Machine
X-HS-Cache-Config
Platform
Is-Eu
X-Epic-Correlation-Id
RNT-Time
X-Sn-Servicetimems
X-GeoIP-Country-Code
X-Skip-Cache
X-Fastly-Cache
On-Server
Section-Io-Cache
X-Cache-Id
X-Debug-Cookies
X-S-Cookie
W
X-Backend-State
X-Accel-Expires-Debug
X-Application
X-We-Are-Hiring
X-B-Cookie
X-PHP-Host
X-NX-Host
X-Debug-Log
X-Request-URI
X-Nginx-Cache-Key
X-Developers
X-Method
X-Cdn-Origin
X-Cache-Info
X-Variation
True-Client-Country-4JS
Server-Int
X-Destination
X-Location
Rt-Proxy-Cache
Content-Disposition
Apple-News-Services-Request-Url
Cross-Origin-Window-Policy
Esi-Enabled
Fly-Cache
Apple-News-Services-Parsed-Url
X-COUNTRY
X-C
Adler-Geo
Apple-News-Services-Handled
Apple-News-Services-Host
Fly-Request-Id
Cache-Prefix
HA-Ipaddr
Ha-Gx-Prefs
Selected-Fe
X-FPC
X-Qloud-Router
X-Server-IP
X-Gannett-Site-Version
X-Gen-Mode
X-Hnp-Log
X-GeoIP-City
X-Generation-Time
X-Device-Os
X-Fetched-On
X-Dispatcher-Server
X-CDN-Cache
X-Cache-FS-Status
X-Block-Status
X-Clara-WADP
X-Clientip
X-Dispatch
X-Core-Mission
X-Cms-Context
X-Edge
X-Irp-Debug
X-Reboot
X-WADP-Cache
X-Wikidot-Backend
X-Proxy-Upstream
X-TH-Server
X-Reqid
X-Secret
X-SD-PageType
X-Response-By
X-Swa-Ws
X-Proxy-Cache-Status
X-Owner
X-Li-Fabric
X-Key
UCS
X-BBXSRF
X-Li-Pop
X-Amz-Meta-Cache-Control
X-Wikidot-Static-Cache
X-LI-UUID
X-LI-Proto
X-Servername
X-SIPLIST1
User-Cache-Control
Server-Host
V-Age
L
IsBot
SD-X-WS
CDCHOST
PFcat
N-Cache
Fastly-Soc-X-Request-Id
Countrycode
Gh-Request-Id
Web-Mar-Node
SS
X-SERVER
X-Azure-Ref-OriginShield
Wxu-Next-Region
Wxu-Next-Commit
Who
X-Azure-Ref
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Bip
X-Release
X-Distil-CS
Thinkindot-Control
X-Auto-Login
X-Hash
X-Matched-Rule
X-VC-Cache
X-Request-Start
X-Nc
X-Thinkindot-L3
X-Thanos
X-VServer
X-WebServer
Heartbleed
Pramga
GW-Server
Country-Code
X-Pf-Uncompressing
X-TrackingId
Wxu-Next-Hostname
X-Webstats-RespID
Kp-EeAlive
Locale
CF-IPCountry
X-Parent-Response-Time
X-Urbn-Site-Id
X-Urbn-Context-Path
X-OVcl
X-Origin-Date
X-Processor
X-Powered-By-Defense
X-OVcl-Cache
X-Via-NSCOPI
X-Crawler
X-Served-From
X-CUA
Powered-By
X-Origin-Expires
X-Varnish-Ttl
Magicmarker
X-FE
X-Via-Edge
X-CLOUD-TRACE-CONTEXT
X-Via-SSL
User-Agent
X-Ratelimit-Remaining
X-LAGOON
X-Varnish-Beresp-Ttl
PageSpeed
X-ABtesting
X-Hello
X-Flog
X-Be
X-Protected-By
Pagetype
X-ND-Cache
Mime-Version
Memory
X-Backend-Host
X-Page-Type
X-Generated-In
X-User
X-Backend-Url
X-Newrelic-Synthetics
X-Ua
X-Planisys-CDN-Rules
Pragrma
X-Up
X-Fstrz
X-Tt-Trace-Tag
X-Planisys-CDN-Cache
X-MSEdge-Flight
X-Planisys-CDN-TTL
X-MSEdge-Features
X-GoCache-CacheStatus
X-Origin-CC
X-Origin-TTL
X-Soup
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Ttl
X-Geo
X-Cache-Ttl
X-Backend-TTL
X-Oss-Hash-Crc64ecma
GeoIp-Country-Code
Geoip-City
X-Oss-Request-Id
X-Check-Cacheable
Geoip-Latitude
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Storage-Class
X-Zone
X-Core-Value
X-B3-SpanId
X-IN-WAF
X-ZONE
Cache-Hits
X-Phone
XServer
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-TT-LOGID
X-Servedbyhost
X-SayCDN-TTL
X-Old-Content-Length
X-Say-Cacheable
X-Say-TTL
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache
X-FORWARDED-FOR
X-DC
X-Cdn-Forward
X-CSRF-TOKEN
X-VCL-Version
X-Cache-Time
X-Aicache-OS
X-Birta-Served
X-Real-Ip
X-Birta-Cache-Post
Cdn
X-Mid
X-Datadome
SN
X-Node-Id
Dynatrace
Inserted-Into-Cache-At
Fastly-Backend-Name
X-HS-Status
X-BC
WZWS-RAY
X-Info
X-Varnish-IP
X-Ruxit-Js-Agent
X-MID
Amp-Access-Control-Allow-Source-Origin
Ajk
FSS-Cache
X-Logtrace-Id
X-Vcl-Version
HitType
Selected-FE
FSS-Proxy
X-IN-APIGATEWAYSSL
X-EC-Lua
X-Refresh
X-Tb-Optimization-Total-Bytes-Saved
X-UPSTREAM-Address
X-ServedByHost
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Source
X-Agile-Age
X-Cache-Debug
X-RateLimit-Remaining-Second
X-Varnish-Authentication
HostName
X-Agile-Id
X-Wa
X-APP
Server-Cache-Control
Server-Surrogate-Control
X-Contensis-Viewer-Groups
CF-Cached-On
X-Cache-ASPX
X-Agile
X-RateLimit-Limit-Second
X-Bc
X-Proxy-Cacherz
Xkeyrz
RequestId
X-CSRF-Token
X-Nananana
Srv
X-GRACE
PICS-Label
MIME-Version
T-Server
GeoIP-Country-Code
X-NWS-UUID-VERIFY
X-Via-Ucdn
X-PJAX-URL
X-Web-Server
X-LiteSpeed-Cache-Control
X-App-Version
X-TIME
GeoIP-Latitude
X-ECache
X-Render-Time
GeoIP-City
Ohc-File-Size
X-WR-MODIFICATION
X-GDPR
WebServer
Cf-Ipcountry
CDN
X-LB-ID
URI
X-Varnish-Beresp-TTL
SID
X-Uri
Xkeynj
Get-Access-Time
Is-Session-Tracking
X-Micro-Cache
X-PAGE-TYPE
X-Tec-Api-Root
X-Tec-Api-Version
X-SRV
X-Tec-Api-Origin
Group
X-Cache-Tag
X-Unique-Id
Ohc-Cache-HIT
X-Fastly-Country-Code
X-CACHE-KEY
DataCenter
HTTPS
X-Requestid
X-Policy
X-Cache-Miss-From
X-BE
X-Sedo-Request-Id
X-MCACHE
X-SN
Www
X-Fastly-Backend-Reqs
X-Edge-IP
Backend
X-Request-Url
X-Service
X-NGINX-Cache
Cache-Provider
Xet-Cookie
Lb
X-Pjax-Url
X-Apw-Hits
Warning
X-Apw-Access-Action
Cneonction
X-Var-Ttl
X-Vct
X-Instart-Isnd
X-Apw-Access-Object
X-Swift-Error
X-Apw-Access-Token
X-Lb-Id
Pics-Label
X-Dw-Trace-Id
X-JWT-State
X-Is-Gdpr
Ohc-Response-Time
FNAC-ModuleRouting
Correlation-Id
X-Cdn-Request-ID
X-Has-Esi
X-Cache-Expires
X-WA
Requestid
X-Ecache
Host-ID
X-Cf-Powered-By
X-Newrelic-App-Data
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
X-Flow-Id
X-Page-Impression-Id
X-Fe
X-Akamai-ERPolicy
X-Varnish-Action
X-Html-Edge-Cache
Lfy
X-Bug-Bounty
X-Zalando-Child-Request-Id
X-DB
X-RPS
X-RSL
X-Fpc
X-ServerName
X-RPM
X-DW
X-DI
X-Serial
X-DSS
X-PF-Uncompressing