Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Rq
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Request-ID
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Vhost
X-Country
X-DynaTrace
X-TTL
X-Cdn
X-Cache-Lookup
X-Rack-Cache
Pinterest-Generated-By
X-Origin-Upstream-Status
X-Url
X-Clacks-Overhead
NEL
X-Ua-Compatible
X-FTR-Request-ID
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-Ruxit-JS-Agent
X-Dispatcher
X-Dns-Prefetch-Control
X-CST
X-HW
X-ORACLE-DMS-RID
X-Instart-Request-ID
X-Goog-Hash
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
X-DataStream-Cache-Status
X-TtlSet
X-DataDome
X-Vname
X-PC
Edge-Control
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
RTSS
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-SharePointHealthScore
X-GitHub-Request-Id
X-Navigation-Version
Response
Display
X-SRCache-Fetch-Status
X-Middleton-Response
X-Middleton-Display
X-Sol
X-SRCache-Store-Status
X-Akam-SW-Version
X-Powered-By-Plesk
MS-Author-Via
X-RateLimit-Remaining
X-ESI
Charset
X-Forwarded-Proto
Realpath
DynaTrace
X-Shield-Request-Id
X-Powered-CMS
X-Amz-Rid
X-Upstream
X-B3-TraceId
X-Server-Name
ServerID
Public-Key-Pins
X-Version
X-Trace
X-TEC-API-ROOT
X-TEC-API-VERSION
Fastly-Restarts
X-TEC-API-ORIGIN
Nginx-Cache
X-Cached
AR-ATIME
AR-CACHE
Ar-Sid
AR-PoweredBy
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
Content-MD5
X-Shard
X-Dw-Request-Base-Id
Accept-CH
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
AR-Request-ID
Pagespeed
X-Grace
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
Accept-Ch-Lifetime
X-Client-IP
SPRequestDuration
SPIisLatency
X-Goog-Storage-Class
X-DynaTrace-JS-Agent
S
X-Debug
X-Id
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
Accept-Ch
X-Ezoic-Cdn
X-FastCGI-Cache
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Fastly-Request-ID
X-N
X-T
X-B3-Traceid
X-Amzn-Trace-Id
X-NF-Request-ID
X-Vcache
Arr-Disable-Session-Affinity
X-DIS-Request-ID
MicrosoftSharePointTeamServices
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Content-Type
X-XRDS-Location
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-Frontend
X-Acc-Meta-Resource-Type
Arc-Version
PB-PID
X-Mobile-Rewrite
PB-RID
X-Ser
Fastcgi-Cache
X-Varnish-Age
X-Logged-In
X-Content-Digest
Server-Name
X-Correlation-Id
Alternate-Protocol
X-VCache
X-Cache-Key
X-Node-Name
X-Srv
Nel
X-Request-Handler-Origin-Region
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Microsite
FilterID
X-User-Agent
X-Rid
X-Type
TP-Cache
TP-L2-Cache
Powered
Healthy
X-LB-Cache
X-IPLB-Instance
X-F-Cache
X-Kinsta-Cache
X-Request-Received
Host
X-Request-Processing-Time
X-Zen-Fury
X-Cache-2
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Forwarded-For
X-Revision
Edge-Cache-Tag
X-Debug-Info
Powered-By-ChinaCache
Accept-CH-Lifetime
X-AOL-HN
X-GUploader-UploadID
X-Via-JSL
X-Analytics
X-Cached-By
Backend-Timing
X-Kong-Proxy-Latency
X-Cache-Age
X-Kong-Upstream-Latency
X-AppVersion
X-Az
X-HS-Content-Id
X-Activity-Id
X-HS-Hub-Id
X-Hostname
X-XRDS-LOCATION
X-Accel-Expires
X-Cache-Rule
X-Esi
Surrogate-Key
X-Varnish-Backend
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-Content-Options
X-Instance
X-Tumblr-User
X-Varnish-Grace
Server-Node
X-Tumblr-Pixel-0
X-Page-Id
X-Amz-Replication-Status
X-PHP-Backend
X-Tumblr-Pixel
X-BCube-Filmed-By
X-RateLimit-Limit
X-Content-Powered-By
X-App-Environment
X-Jobs
X-Request-Guid
X-B-Cache
X-Akamai-Edgescape
X-Signature
X-TT
X-Cluster
Refresh
Cleartype
Source
X-Forwarded-Host
Cache-Status
X-Framework
X-FB-Debug
Liferay-Portal
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Server
X-FW-Serve
DC
X-Fastcgi-Cache
Tracecode
X-ATG-Version
Accept-Charset
X-Varnish-Hostname
Access-Control-Allow-Method
Fastcgi-Useragent
Host-Header
X-Mobile
X-APP-VERSION
X-Cache-Action
X-Cache-Operation
WPE-Backend
X-Drupal-Cache-Tags
X-Cache-Control
X-Edge-Location
X-Whom
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Time
X-B
X-Mobile-URL
X-Response-Served-From
X-WA-Info
X-Accel-Buffering
X-App-Server
X-Hp-Webp
Payment
NGB
X-Cache-Hit
X-Storage
Actual-Object-TTL
X-TX-ID
X-Presslabs-Stats
X-Oracle-Dms-Rid
Filters
X-WebKit-CSP-Report-Only
X-Content-Age
X-Git-Hash
Cache-Tv-Group
X-Handled-By
Cache-Tag
X-TT-TIMESTAMP
Viewport
Upgrade-Insecure-Requests
X-Cacheable-TTL
X-RequestSource
Retry-After
Eomportal-Instance
X-UA-Device-Type
X-Tumblr-Pixel-2
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-GeoIP
X-NWS-LOG-UUID
X-Tumblr-Pixel-1
X-Adobe-Content
X-Adobe-Loc
X-ProcessESI
X-Status
X-RemovedCookies
X-SS-Set-Cookie
X-Cache-TTL
MS-CV
X-Geo-Country
X-FW-Dynamic
X-VG-WebCache
X-TA-CDN-Provider
Webserver
X-Cache-TTL-Remaining
X-Seen-By
Xserver
X-Server-ID
X-FB-TRIP-ID
X-Host-Name
X-RTag
Ms-Operation-Id
X-Cache-Enabled
Datacenter
X-B3-Spanid
Frame-Options
Cache
Server-Info
From-Origin
X-Hyper-Cache
X-Ratelimit-Limit
X-Contextid
X-Origin-Server
X-Generated-By
X-Mode
Country
S-Cnection
X-CF-Powered-By
SRV
GEO-INFO
X-ES-SERVER
Machine
X-Cache-Config
X-Tumblr-Pixel-3
X-Cache-Var-Map
Meta-Geo
X-Cache-Var
X-Ratelimit-Reset
X-Path-Route
X-RN-RSRV
Load-Balancing
X-Routing-Service
X-Access
X-MP-GENERATED-AT
X-Section
X-Drupal-Cache-Contexts
X-Zipkin-Id
X-Proxied
X-Cache-Grace
X-Upstream-HT
X-Upstream-CT
Cache-Key
Vix-Hermes-Req-Id
ServedBy
X-Backend-Name
X-From
Rt-Fastcgi-Cache
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Hit
X-Human
X-Varnish-Cache-Hits
X-Varnish-Server
X-TNCMS
X-R9-Blue-Green-Version
X-Labrador-Cache-Channel
X-Loop
CACHE
X-Web-Node
X-Origin-Response-Time
X-OCL
Akamai-GRN
X-Proxy-Build
X-Region
X-Timing-Wait
X-Rule
Cache-Name
X-Magnolia-Registration
X-Cache-Host
X-AWS-Id
X-Akamai-Request-ID
X-Cluster-Node
X-EIG-Tracking-Id
X-LJ-Flow-ID
Now
X-Trace-Id
X-PCL
X-VG-TLSProxy
Mn-Server-Ip
X-VWS-Id
X-Viewer-Country
X-Upgrade-Enabled
DSUID
X-NCache
X-Via-Fastly
X-L-Path
X-FC-Vary-Parameters
Release
X-Debug-Cache
X-Device-Type
X-Endurance-Cache-Level
X-Environment-Context
X-Generated
X-Locale
X-Proto
X-Site-Version
X-ShardId
Mail-Subject
X-Alternate-Cache-Key
X-Hosted-By
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-JoinUs
We-Hiring
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Rendered-As
DB-Nickname
X-NewRelic-App-Data
X-Guploader-Uploadid
X-Www-Served-By
X-RateLimit-Reset
X-CCM
OT-Force-Account-Verify
X-Xfnlog-Site
Version
ProcessTime
X-Dc
X-S
Uber-Trace-Id
X-Request-Time
X-IP
X-Time-Microsecs
X-RCS-CacheZone
X-Load-Cache
X-Varnish-Hits
X-VCT
Time
X-Akamai-Request-ID2
NtCoent-Length
Property-Id
S-Rt
TWC-Connection-Speed
Azure-Version
Azure-RegionName
Azure-InstanceId
TWC-Device-Class
Azure-SiteName
TWC-GeoIP-Country
Webcakes-Region
X-FW-Version
X-Origin-Hint
X-Wix-Request-Id
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Cteonnt-Length
Azure-SlotName
X-PressLabs-Stats
X-Origin
X-No-Session
NGX
X-EdgeConnect-Cache-Status
X-Redis-Cache
X-Nginx-Cache
X-UA
X-ProxyCache-Status
X-UUID
X-ProxyCache-Key
X-Via-CDN
X-BYPASS-REASON
X-GEO
X-CDN-Forward
X-Proxy
X-FireWall-Port
X-Platform-Server
X-ECACHE
X-MServer
X-Vgn-Hpd-Reason
X-Hl-Ver
X-ApacheServer
X-Rocket-Nginx-Bypass
X-Cache-NE
X-PERF
X-Cache-Server
Odigeo-Trace-Id
X-IPS-LoggedIn
Origin
X-Daa-Tunnel
X-HTML-Minification-Powered-By
X-Format
X-CS
X-Akamai-Transformed
Ec-Rule-Version
Accept-Language
Cache-Tags
X-ServerID
X-UnsetCookies
Access-Control-Request-Headers
LB
X-Oneagent-Js-Injection
X-Distributor
X-Cache-Remote
X-Tb
Fastly-SSL
X-Dynatrace-Js-Agent
X-Real-IP
X-Amzn-Remapped-Content-Length
X-Webkit-Csp
Selected-Fe
Hostname
L5d-Success-Class
X-NC
X-B3-Parentspanid
Proxy-Connection
X-Unique-ID
X-Microcachable
X-Pubstack
X-Compress-Hint
Served-By
X-Generated-On
Fly-Request-Id
Request-Time
GEO-REGION-INFO
Fly-Cache
X-Cluster-Name
Fastly-SIE
X-G
X-CF-Lambda-Version
Fastly-SWR
X-Geo-Header
X-B-Cookie
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Node
X-Cache-Bucket
X-ARC
Fastcgi-X-Cache-Version
REQUESTUUID
X-CF-Lambda-Fn
X-Cdn-Srv
X-AIR-PT
Cross-Origin-Window-Policy
A
Cache-Cookie-Set-Idcheck
X-Destination
X-Detected-As
X-Developer
Cache-Cookie-Set-From
X-Date
X-D
X-ScT
Arc-Country
AKAMAI
BehaviorPad-Version
X-App-Name
Cache-Cookie-Set-Lfrom
Cdn-Request-Time
Cdn-Host
Content-Script-Type
Content-Style-Type
X-Connection-Hash
X-External-Request-Id
Rendered-Blocks
X-DPWN-IS-SECURE
Proxy-Firewall
Cache-Prefix
X-Edge-Server
X-Application
AsisCache
X-Rojux
X-Is-Bot
Rt-Proxy-Cache
X-Level-Front-Cache
X-Accel-Expires-Debug
X-A
X-S-Maxage
X-Instart-Info
X-Internal-Host
X-Aed
X-PAYTM-SRV-ID
X-NU-AKA-ACS-Version
X-BACKEND-TTL
X-A-Ccd
X-VG-WebServer
X-A-Dam
X-SRCache-Key
X-SVT-ORM-RULES
X-Varnish-Cacheable
X-Varnish-Url
X-Vtex-Remote-Cache
X-SVT-ORM-VERSION
X-A-Wwc
Server-ID
X-Rewrite-Enabled
X-Request-UUID
X-Region-Sid
Xc-Version
X-IN-APIGATEWAY
X-Server-Time
X-S-Cookie
X-A-Dgt
X-Transaction
VivaBuild
X-Twitter-Response-Tags
X-Rebelmouse-Cache-Control
X-A-Dcw
X-Trv-Group
X-Worker
X-Org
X-Rebelmouse-Surrogate-Control
Viewtype
X-Vtex-Processado-Em
X-URL
X-ElasticPress-Search
Origin-Cache-Control
IBM-Web2-Location
Origin-Edge-Control
X-Cache-Info
X-Cdn-Origin
Memcached
X-Backend-State
Content-Disposition
X-BBXSRF
UCS
X-ServiceProvider
HA-Ipaddr
X-Clientip
X-Qloud-Router
X-Skip-Cache
Gh-Request-Id
X-CGP
Countrycode
Esi-Enabled
Ha-Gx-Prefs
X-Sn-Servicetimems
Apple-News-Services-Handled
Request-EU
On-Server
Request-Country
X-Fastly-Cache
X-Location
X-Core-Mission
X-Server-IP
X-C
X-HS-Combine-CSS
X-We-Are-Hiring
X-HS-Cache-Config
W
Resin-Trace
X-Method
X-Eu-Site
Apple-News-Services-Request-Url
X-Distil-CS
X-NX-Host
Backend-Name
Server-Int
X-TrackingId
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Developers
X-Nginx-Cache-Key
X-Debug-Log
Section-Io-Cache
X-Debug-Cookies
X-Cache-Category-Id
ServerName
X-Grey
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
Who
X-Auto-Login
X-Webstats-RespID
X-PHP-Host
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Swa-Ws
X-TH-Server
X-Variation
X-Thanos
X-SIPLIST1
X-Reboot
X-Reqid
X-Request-URI
X-Secret
X-Wikidot-Static-Cache
X-Release
Kp-EeAlive
X-Servername
Web-Mar-Node
X-Wikidot-Backend
X-Dispatch
X-Epic-Correlation-Id
X-FPC
X-Device-Os
X-Crawler
X-Block-Status
X-Cache-Id
X-Gannett-Site-Version
X-Gen-Mode
X-Irp-Debug
X-Key
X-Hnp-Log
X-Hash
X-Generation-Time
X-GeoIP-Country-Code
X-Bip
RNT-Machine
L
IsBot
N-Cache
Platform
Powered-By
Is-Eu
Heartbleed
Adler-Geo
X-Cache-Backend
CDCHOST
Fastly-Soc-X-Request-Id
GW-Server
Pramga
Country-Code
User-Cache-Control
SS
True-Client-Country-4JS
RNT-Time
Server-Host
X-Urbn-Site-Id
X-SERVER
Locale
X-Urbn-Context-Path
X-Edge
X-CUA
X-Nc
X-VServer
X-Cms-Context
X-WebServer
X-WADP-Cache
X-Fetched-On
X-Owner
X-VC-Cache
X-Dispatcher-Server
X-SD-PageType
X-Request-Start
X-Pf-Uncompressing
V-Age
X-Response-By
X-Thinkindot-L3
Thinkindot-Control
X-GeoIP-City
X-Clara-WADP
X-Azure-Ref
SD-X-WS
X-Azure-Ref-OriginShield
Thinkindot-CacheControl-Type
X-Origin-Date
X-Matched-Rule
X-LI-UUID
X-Li-Fabric
X-Li-Pop
X-Amz-Meta-Cache-Control
X-LI-Proto
X-Origin-Expires
PFcat
X-CDN-Cache
X-Cache-FS-Status
Thinkindot-CacheControl
CF-IPCountry
X-OVcl-Cache
X-FE
X-SERVER-NAME
X-OVcl
X-Varnish-Ttl
X-Via-NSCOPI
X-Processor
X-ABtesting
User-Agent
X-Served-From
X-Hello
X-CLOUD-TRACE-CONTEXT
Magicmarker
X-Flog
X-Powered-By-Defense
X-Via-Edge
X-Via-SSL
X-LAGOON
X-Parent-Response-Time
PageSpeed
Pagetype
X-Ratelimit-Remaining
X-Be
Memory
X-Generated-In
X-User
X-Backend-Host
X-Backend-Url
X-Varnish-Beresp-Ttl
X-GoCache-CacheStatus
X-MSEdge-Flight
Mime-Version
X-Up
X-MSEdge-Features
X-Protected-By
X-Tt-Trace-Tag
X-ND-Cache
X-Newrelic-Synthetics
X-Ua
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Page-Type
X-Soup
X-Debug-Cache-Fetch
X-Ttl
X-Geo
X-Fstrz
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Pragrma
X-Planisys-CDN-Cache
X-COUNTRY
Cache-Hits
X-Cache-Ttl
X-Origin-TTL
X-ZONE
X-Backend-TTL
X-Origin-CC
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
Geoip-Latitude
X-Check-Cacheable
Geoip-City
X-Oss-Hash-Crc64ecma
GeoIp-Country-Code
X-SayCDN-TTL
Dynatrace
X-Say-TTL
X-Say-Cacheable
X-B3-SpanId
X-Akamai-SSL-Client-Sid
X-Zone
XServer
X-Phone
X-Core-Value
X-Old-Content-Length
X-IN-WAF
X-FORWARDED-FOR
X-CSRF-TOKEN
X-Litespeed-Cache
X-TT-LOGID
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Cache-Time
X-Servedbyhost
X-DC
WZWS-RAY
X-Cdn-Forward
Fastly-Backend-Name
Cdn
X-HS-Status
X-Aicache-OS
X-Node-Id
SN
Inserted-Into-Cache-At
X-IN-APIGATEWAYSSL
X-VCL-Version
X-Datadome
Ajk
X-BC
X-Logtrace-Id
X-MID
X-Mid
X-Birta-Cache-Post
Amp-Access-Control-Allow-Source-Origin
X-Birta-Served
X-Ruxit-Js-Agent
X-Vcl-Version
FSS-Cache
X-UPSTREAM-Address
FSS-Proxy
X-EC-Lua
X-APP
X-Tb-Optimization-Total-Bytes-Saved
X-Amzn-Remapped-Date
X-ServedByHost
X-Amzn-Remapped-Connection
X-Real-Ip
Selected-FE
X-RateLimit-Limit-Second
X-Wa
X-Varnish-IP
X-RateLimit-Remaining-Second
X-Tec-Api-Version
X-Tec-Api-Origin
X-Info
X-Tec-Api-Root
X-Contensis-Viewer-Groups
CF-Cached-On
X-Cache-ASPX
Server-Surrogate-Control
X-TIME
Xkeyrz
Server-Cache-Control
X-Source
X-Varnish-Authentication
X-Proxy-Cacherz
HitType
X-Refresh
HostName
X-Cache-Debug
X-Agile-Id
X-Agile-Age
X-PJAX-URL
X-Agile
MIME-Version
RequestId
PICS-Label
T-Server
X-CSRF-Token
Srv
X-Bc
X-SRV
X-GDPR
X-Render-Time
GeoIP-Country-Code
Ohc-File-Size
X-App-Version
X-LiteSpeed-Cache-Control
X-Nananana
X-LB-ID
X-ECache
GeoIP-Latitude
GeoIP-City
X-Via-Ucdn
X-WR-MODIFICATION
X-NWS-UUID-VERIFY
WebServer
Ohc-Cache-HIT
SID
X-Policy
X-Web-Server
DataCenter
X-Varnish-Beresp-TTL
X-Fastly-Country-Code
Cf-Ipcountry
X-Micro-Cache
X-Uri
Get-Access-Time
Is-Session-Tracking
Xkeynj
X-BE
X-Cache-Tag
URI
X-CACHE-KEY
X-Unique-Id
X-PAGE-TYPE
CDN
X-Cache-Miss-From
X-Requestid
X-Request-Url
X-Fastly-Backend-Reqs
X-NGINX-Cache
Group
X-Sedo-Request-Id
X-Service
Cache-Provider
X-GRACE
X-MCACHE
X-Var-Ttl
X-Lb-Id
HTTPS
Xet-Cookie
X-NGENIX-Cache
X-Pjax-Url
X-JWT-State
Backend
X-SN
X-Is-Gdpr
Ohc-Response-Time
X-Vct
X-Edge-IP
X-Has-Esi
Lb
X-Swift-Error
Pics-Label
X-Apw-Hits
Www
X-Apw-Access-Token
Cneonction
X-Apw-Access-Action
X-Apw-Access-Object
X-Dw-Trace-Id
X-Instart-Isnd
X-Cf-Powered-By
X-Cache-Expires
Warning
X-WA
X-Ecache
Correlation-Id
X-Cdn-Request-ID
FNAC-ModuleRouting
Host-ID
X-Newrelic-App-Data
X-Flow-Id
X-Litespeed-Cache-Control
X-Zalando-Child-Request-Id
X-Fe
X-Serial
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
Requestid
X-Akamai-ERPolicy
X-RPM
X-DW
X-RPS
X-Fpc
X-RSL
X-Page-Impression-Id
X-DSS
X-ServerName
X-PF-Uncompressing
X-Bug-Bounty
Lfy
X-DB
X-DI
X-Html-Edge-Cache