Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
CF-Cache-Status
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
P3p
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Id-2
X-Amz-Request-Id
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Hacker
X-Proxy-Cache
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-Amz-Version-Id
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
X-Ua-Compatible
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Ac
X-Host
Report-To
X-Rq
X-Server-Id
X-OneAgent-JS-Injection
Content-Location
X-Node
X-Backend-Server
X-Response-Time
X-Cnection
EagleEye-TraceId
X-Origin-Cache
X-Application-Context
X-Cloud-Trace-Context
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
Pinterest-Generated-By
X-ORACLE-DMS-RID
X-Url
X-Ruxit-JS-Agent
X-Cdn
X-DynaTrace
X-Rack-Cache
X-Vhost
X-Clacks-Overhead
X-Origin-Upstream-Status
X-CST
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
NEL
X-HW
Rating
X-FTR-Request-ID
X-Country-Code
X-TTL
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
X-Px
Edge-Control
X-Vname
X-PC
X-TtlSet
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-ESI
X-B3-TraceId
X-MS-InvokeApp
Verso
SPRequestGuid
X-Request-ID
X-Recruiting
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-DataDome
X-D2id
X-Server-Name
X-Varnish-TTL
X-Vcap-Request-Id
X-Abt-Application-Version
X-SharePointHealthScore
X-RateLimit-Remaining
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Amz-Server-Side-Encryption
TCN
X-Navigation-Version
X-Middleton-Response
X-Middleton-Display
Response
Display
DynaTrace
X-Sol
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Content-MD5
RTSS
Charset
AR-ATIME
AR-PoweredBy
AR-CACHE
Ar-Sid
X-Akam-SW-Version
MS-Author-Via
X-Trace
AR-Request-ID
ServerID
X-Amz-Rid
Realpath
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Cached
X-DynaTrace-JS-Agent
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Powered-CMS
X-Version
Nginx-Cache
X-Server-ID
X-Forwarded-Proto
X-Shard
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Upstream-Proxy
X-Pinterest-Rid
Pinterest-Version
X-VCache
Pagespeed
SPRequestDuration
X-Upstream
SPIisLatency
Accept-Ch
X-Goog-Storage-Class
Public-Key-Pins
Paypal-Debug-Id
X-Client-IP
X-MSEdge-Ref
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Access-Control-Request-Method
S
Fastly-Restarts
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Amz-Meta-S3cmd-Attrs
X-Ezoic-Cdn
X-Debug
X-FTR-DC
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend
X-Id
X-FTR-Expires
Accept-CH
X-DIS-Request-ID
X-T
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-N
Arc-Version
PB-PID
X-Ser
X-Mobile-Rewrite
Alternate-Protocol
PB-RID
X-Varnish-Age
Arr-Disable-Session-Affinity
Fastcgi-Cache
X-NF-Request-ID
X-Hits
X-Acc-Meta-Resource-Type
X-XRDS-Location
X-Content-Type
X-Amzn-Trace-Id
Front-End-Https
X-B3-Sampled
X-FTR-Cache-Host
X-Grace
Nel
X-Frontend
X-Logged-In
X-Content-Digest
Server-Name
X-Pad
Host
X-Srv
X-Forwarded-For
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
X-Node-Name
X-Correlation-Id
FilterID
Powered-By-ChinaCache
TP-L2-Cache
TP-Cache
Healthy
X-LB-Cache
X-Debug-Info
X-Type
X-Rid
X-Fastcgi-Cache
X-Kinsta-Cache
Edge-Cache-Tag
X-IPLB-Instance
X-AOL-HN
X-Request-Received
X-Request-Processing-Time
X-XRDS-LOCATION
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Content-Id
X-User-Agent
X-Cached-By
X-Cache-2
X-Hostname
X-Cache-Rule
X-Revision
Surrogate-Key
Powered
X-Accel-Expires
X-F-Cache
X-Vcache
X-Page-Id
X-Analytics
Backend-Timing
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Age
X-Zen-Fury
X-RateLimit-Limit
X-Varnish-Backend
X-BCube-Filmed-By
X-Content-Options
X-Cache-Key
X-Varnish-Grace
X-Content-Security-Policy-Report-Only
X-Jobs
VIX-Pulpo-Node
X-FB-Debug
X-Cluster
VIX-Pulpo-Upstream-Status
X-PHP-Backend
Cache-Status
X-Request-Guid
X-Content-Powered-By
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-TT
X-Instance
X-Amz-Replication-Status
Source
Tracecode
X-App-Environment
Cleartype
WPE-Backend
X-Akamai-Edgescape
X-Varnish-Hostname
X-Framework
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Az
X-AppVersion
X-Activity-Id
X-Cache-TTL
Host-Header
Server-Node
X-Mobile
Refresh
X-Forwarded-Host
X-Via-JSL
X-NWS-LOG-UUID
X-Cache-Control
X-Cache-Operation
X-TA-CDN-Provider
Actual-Object-TTL
X-ATG-Version
X-FW-Type
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Hash
Accept-Charset
X-Drupal-Cache-Tags
X-Time
X-B-Cache
X-Signature
DC
Upgrade-Insecure-Requests
X-Accel-Buffering
X-Whom
X-App-Server
X-Edge-Location
Access-Control-Allow-Method
X-Cache-Hit
X-Cache-Action
X-Response-Served-From
Payment
Liferay-Portal
X-TX-ID
X-Hp-Webp
X-Mobile-URL
X-UA-Device-Type
X-Content-Age
X-Storage
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-WebKit-CSP-Report-Only
Server-Info
X-VG-WebCache
X-Handled-By
Fastcgi-Useragent
X-SS-Set-Cookie
X-TT-TIMESTAMP
Filters
X-RequestSource
X-GeoIP
X-Cacheable-TTL
X-Git-Hash
X-B
X-Adobe-Loc
X-Adobe-Content
Eomportal-Instance
Cache-Tv-Group
X-Tumblr-Pixel-1
X-Geo-Country
Viewport
X-RemovedCookies
X-Tumblr-Pixel-2
Webserver
X-ProcessESI
Xserver
X-Litespeed-Cache
X-FB-TRIP-ID
X-WA-Info
Cache-Tag
X-Cache-TTL-Remaining
Cache
Datacenter
X-Ratelimit-Reset
X-Cache-Enabled
Retry-After
X-B3-Traceid
X-Ratelimit-Limit
X-Presslabs-Stats
X-Status
X-Contextid
NGB
X-Seen-By
S-Cnection
X-FW-Dynamic
X-CF-Powered-By
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Ttl
X-Origin-Server
X-APP-VERSION
X-Magnolia-Registration
X-Mode
X-Real-IP
X-Host-Name
X-Varnish-Hits
X-Rendered-As
X-Daa-Tunnel
Country
Meta-Geo
Machine
X-RN-RSRV
X-AWS-Id
Load-Balancing
X-Cache-Var-Map
X-Path-Route
X-LJ-Flow-ID
X-VCT
X-VWS-Id
X-ES-SERVER
X-Cache-Var
X-Cache-NE
X-Upstream-CT
Release
X-Upstream-HT
From-Origin
Mail-Subject
DSUID
X-Routing-Service
GEO-INFO
We-Hiring
X-Zipkin-Id
X-Human
MS-CV
X-Proxied
X-Cache-Config
X-Section
X-From
Vix-Hermes-Req-Id
X-Cache-Host
X-Debug-Cache
X-PCL
X-EIG-Tracking-Id
X-Hit
X-TNCMS
X-Device-Type
Uber-Trace-Id
Frame-Options
X-Access
Mn-Server-Ip
X-OCL
X-RCS-CacheZone
X-Varnish-Server
X-Loop
X-Labrador-Cache-Channel
X-Varnish-Cache-Hits
X-Backend-Name
X-R9-Blue-Green-Version
X-Origin-Response-Time
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Rule
X-Akamai-Request-ID
X-ProxyCache-Status
Now
X-ProxyCache-Key
X-BYPASS-REASON
X-Cluster-Node
Rt-Fastcgi-Cache
X-Proto
OT-Force-Account-Verify
X-Upgrade-Enabled
X-Viewer-Country
X-Cache-Remote
X-Redis-Cache
X-VG-TLSProxy
X-Web-Node
X-Proxy-Build
X-Timing-Wait
X-CCM
X-S
X-Generated
Cache-Key
Akamai-GRN
X-FC-Vary-Parameters
X-Xfnlog-Site
X-Platform-Server
X-Hyper-Cache
X-JoinUs
X-Cache-Grace
X-UUID
X-Hosted-By
X-NCache
X-Region
X-ShopId
X-Alternate-Cache-Key
NGX
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-L-Path
X-Environment-Context
ServedBy
X-Guploader-Uploadid
X-Goog-Meta-Goog-Reserved-File-Mtime
Cache-Name
X-Via-Fastly
X-ShardId
X-Endurance-Cache-Level
X-Site-Version
X-Www-Served-By
X-Trace-Id
X-Nginx-Cache
Decoy-Debug-TTL
X-PressLabs-Stats
X-Locale
X-Hl-Ver
Decoy-Debug-Status
Decoy-Debug-Key
DB-Nickname
Ms-Operation-Id
X-Generated-By
X-RTag
X-ECACHE
X-Vgn-Hpd-Reason
X-NewRelic-App-Data
X-GRACE
X-Drupal-Cache-Contexts
X-ServerID
X-Rocket-Nginx-Bypass
X-EdgeConnect-Cache-Status
Cteonnt-Length
X-MServer
X-Dc
X-Load-Cache
ProcessTime
Accept-CH-Lifetime
X-Wix-Request-Id
X-Request-Time
X-IPS-LoggedIn
L5d-Success-Class
Time
CACHE
X-IP
X-RateLimit-Reset
X-Time-Microsecs
Served-By
S-Rt
X-Via-CDN
X-Unique-ID
X-Esi
X-Origin
X-Cache-Backend
X-B3-Spanid
X-GEO
X-Microcachable
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Property-Id
TWC-GeoIP-LatLong
Version
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-Origin-Hint
Origin-Edge-Control
Origin-Cache-Control
NtCoent-Length
X-Nc
Fastcgi-X-Cache-Version
X-FW-Version
Azure-SlotName
Azure-Version
Azure-InstanceId
X-Distributor
Azure-SiteName
Azure-RegionName
Access-Control-Request-Headers
X-BACKEND-TTL
X-Proxy
Fastly-SSL
Origin
X-UA
X-Oneagent-Js-Injection
X-Pubstack
X-Grey
X-Cache-Server
X-Cache-Category-Id
X-No-Session
X-FireWall-Port
X-Datadome
X-Detected-As
X-Is-Bot
X-Via-NSCOPI
IBM-Web2-Location
X-Webkit-Csp
X-Powered-By-Defense
X-PERF
X-Format
X-Cdn-Forward
X-Edge
Cache-Tags
X-ApacheServer
Backend-Name
Hostname
X-Akamai-Transformed
X-HTML-Minification-Powered-By
SRV
X-CF-Lambda-Version
X-CGP
Request-EU
Request-Country
X-Cluster-Name
X-Date
BehaviorPad-Version
Fly-Cache
X-D
X-Connection-Hash
X-CF-Lambda-Fn
Proxy-Connection
A
X-B-Cookie
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A
VivaBuild
Server-ID
ServerName
X-CS
Viewtype
X-A-Wwc
X-Accel-Expires-Debug
X-ARC
Arc-Country
X-Cache-Bucket
AsisCache
X-Application
X-App-Name
X-Destination
X-Aed
X-AIR-PT
Rendered-Blocks
Rt-Proxy-Cache
X-G
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-S-Maxage
X-ScT
X-Request-UUID
X-Region-Sid
X-Processor
X-Developer
MD5-Digest
Cross-Origin-Window-Policy
Ec-Rule-Version
HA-Ipaddr
X-Server-Time
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Fly-Request-Id
X-Worker
Xc-Version
X-VG-WebServer
GEO-REGION-INFO
Ha-Gx-Prefs
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Org
X-PAYTM-SRV-ID
Cache-Prefix
Cache-Cookie-Set-Lfrom
Request-Time
Node
Mobile-Detection-Method
X-External-Request-Id
X-Eu-Site
Cache-Cookie-Set-From
X-DPWN-IS-SECURE
X-Edge-Server
Cache-Cookie-Set-Idcheck
Cdn-Request-Time
Cdn-Host
Content-Style-Type
X-HS-Cache-Config
X-Ua
Content-Script-Type
Meta-Geo-Continent
X-Instart-Info
X-NU-AKA-ACS-Version
X-ND-Cache
X-HS-Combine-CSS
X-IN-APIGATEWAY
Mime-Version
X-Varnish-Cacheable
Odigeo-Trace-Id
Memcached
Platform
Is-Eu
Proxy-Firewall
X-Debug-Log
X-NX-Host
X-Qloud-Router
X-Level-Front-Cache
X-Key
X-Hash
X-Irp-Debug
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Variation
X-We-Are-Hiring
X-TH-Server
X-Server-IP
X-Reqid
X-GeoIP-Country-Code
X-Geo-Header
X-Backend-State
X-Cdn-Srv
Server-Host
Section-Io-Cache
RNT-Machine
RNT-Time
X-Clientip
X-Debug-Cookies
X-Fstrz
X-Generated-On
X-Fastly-Cache
X-Epic-Correlation-Id
X-Dispatcher-Server
Resin-Trace
X-Core-Mission
X-B3-Parentspanid
X-C
Adler-Geo
Country-Code
Apple-News-Services-Request-Url
Countrycode
Fastly-SWR
PageSpeed
Apple-News-Services-Parsed-Url
Fastly-SIE
Apple-News-Services-Host
Apple-News-Services-Handled
X-UnsetCookies
X-Method
X-Nginx-Cache-Key
Wxu-Next-Region
X-Reboot
User-Cache-Control
UCS
X-Protected-By
Web-Mar-Node
Wxu-Next-Hostname
Wxu-Next-Commit
Who
X-PHP-Host
X-LI-Proto
X-Cache-Info
X-Cache-Id
X-Dispatch
X-Distil-CS
X-Device-Os
X-CDN-Cache
X-Crawler
X-Developers
X-Cdn-Origin
X-Fetched-On
X-Block-Status
X-Li-Pop
X-Amz-Meta-Cache-Control
True-Client-Country-4JS
X-LI-UUID
X-Li-Fabric
X-Hnp-Log
X-Gannett-Site-Version
X-BBXSRF
X-Gen-Mode
X-Location
X-Request-Start
X-SVT-ORM-RULES
CDCHOST
Content-Disposition
On-Server
PFcat
X-Skip-Cache
AKAMAI
Pramga
X-SVT-ORM-VERSION
IsBot
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Internal-Host
X-Webstats-RespID
Gh-Request-Id
X-Tb
Esi-Enabled
X-WebServer
REQUESTUUID
X-Sn-Servicetimems
SS
Server-Int
X-Response-By
X-Served-From
X-Secret
X-SD-PageType
SD-X-WS
X-Servername
X-SIPLIST1
X-ServiceProvider
X-Request-URI
X-Compress-Hint
X-Via-Edge
X-Via-SSL
X-Cms-Context
X-Planisys-CDN-TTL
Pragrma
X-Swa-Ws
X-Planisys-CDN-Cache
X-Release
X-Owner
X-Origin-Expires
X-GeoIP-City
X-Generation-Time
X-Thanos
X-Origin-Date
X-Planisys-CDN-Rules
X-ElasticPress-Search
X-Parent-Response-Time
X-Cache-FS-Status
Heartbleed
X-Bip
V-Age
GW-Server
X-Auto-Login
Fastly-Soc-X-Request-Id
X-Origin-TTL
X-Origin-CC
X-Birta-Served
X-CDN-Forward
X-Birta-Cache-Post
X-Be
X-OVcl-Cache
X-OVcl
X-B3-SpanId
X-IN-WAF
X-Matched-Rule
X-Phone
LB
X-VServer
Powered-By
X-VC-Cache
X-Akamai-Request-ID2
Thinkindot-CacheControl
X-Thinkindot-L3
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Core-Value
X-Varnish-Ttl
X-App-Version
X-Varnish-IP
HitType
X-FPC
X-CLOUD-TRACE-CONTEXT
Selected-FE
X-Azure-Ref
W
Memory
X-Azure-Ref-OriginShield
X-Ratelimit-Remaining
X-LAGOON
X-CUA
X-CACHE-KEY
X-Info
X-NC
CF-IPCountry
X-Varnish-Url
X-WADP-Cache
X-Clara-WADP
Accept-Language
L
X-Geo
X-Source
X-Varnish-Beresp-Ttl
X-Proxy-Cache-Status
N-Cache
X-Proxy-Upstream
X-Page-Type
X-Web-Server
Cdn
X-URL
X-FE
X-TrackingId
X-Dynatrace-Js-Agent
X-Cache-Debug
X-Agile
X-Agile-Age
X-Agile-Id
X-Pf-Uncompressing
Kp-EeAlive
X-Zone
X-Amzn-Remapped-Content-Length
Magicmarker
X-Varnish-Beresp-Status
Selected-Fe
X-Varnish-Beresp-Grace
User-Agent
X-DC
X-Urbn-Site-Id
X-Urbn-Context-Path
X-TT-LOGID
GeoIp-Country-Code
Geoip-City
Geoip-Latitude
Locale
X-Refresh
CF-Cached-On
X-HS-Status
X-Vcl-Version
Pagetype
X-Servedbyhost
X-Mid
X-NWS-UUID-VERIFY
X-MID
X-Real-Ip
X-User
X-Backend-TTL
X-Hello
X-ABtesting
X-Flog
Ohc-Cache-HIT
X-Newrelic-Synthetics
Ohc-File-Size
X-Check-Cacheable
X-Generated-In
X-Backend-Host
Group
SN
X-Backend-Url
X-Aicache-OS
Amp-Access-Control-Allow-Source-Origin
X-ZONE
X-Ruxit-Js-Agent
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-ServedByHost
FSS-Cache
X-Debug-Cache-Expiry
FSS-Proxy
X-MSEdge-Flight
X-GoCache-CacheStatus
X-Up
X-Soup
HTTPS
X-MSEdge-Features
X-APP
HostName
X-VCL-Version
X-UPSTREAM-Address
X-Tb-Optimization-Total-Bytes-Saved
GeoIP-Country-Code
WZWS-RAY
X-Tt-Trace-Tag
Backend
X-SN
Www
RequestId
X-EC-Lua
Srv
X-Oss-Object-Type
GeoIP-City
X-Instart-Isnd
X-Varnish-Authentication
X-Oss-Hash-Crc64ecma
Server-Surrogate-Control
X-Contensis-Viewer-Groups
Server-Cache-Control
X-Oss-Request-Id
X-Oss-Storage-Class
GeoIP-Latitude
X-Cache-ASPX
X-Oss-Server-Time
X-CSRF-Token
X-NGENIX-Cache
Cf-Ipcountry
X-Akamai-SSL-Client-Sid
X-Varnish-Beresp-TTL
X-Via-Ucdn
X-Cache-Expires
X-COUNTRY
X-Oracle-Dms-Rid
X-Old-Content-Length
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Lb
X-BC
Host-ID
X-Bc
X-Nananana
X-Say-Cacheable
Xkeyrz
X-Proxy-Cacherz
X-Varnish-Action
X-ECache
X-PF-Uncompressing
Epwk-Cache
X-Say-TTL
X-Cache-Tag
URI
X-SayCDN-TTL
XServer
X-Dynatrace
Requestid
Fastcgi-X-Cache
X-AssetVersion
X-FORWARDED-FOR
X-LiteSpeed-Cache-Control
X-Fastly-Country-Code
Inserted-Into-Cache-At
Get-Access-Time
X-Node-Id
X-Unique-Id
X-TIME
X-PAGE-TYPE
Is-Session-Tracking
Xkeynj
X-WR-MODIFICATION
X-MCACHE
Cache-Hits
X-Logtrace-Id
X-IN-APIGATEWAYSSL
X-Correlation-ID
X-Tec-Api-Version
X-SERVER-NAME
X-Requestid
Fastly-Backend-Name
WebServer
X-Tec-Api-Root
Ajk
X-Cache-Ttl
X-Request-Url
X-Sedo-Request-Id
X-Edge-IP
X-Tec-Api-Origin
FNAC-ModuleRouting
X-Var-Ttl
X-Cache-Miss-From
X-Sf
Dynatrace
X-Svr
X-Pjax-Url
X-Fastly-Backend-Reqs
X-Cache-Time
X-CSRF-TOKEN
Cache-Provider
Cneonction
X-SRV
DataCenter
Xet-Cookie
X-RateLimit-Remaining-Second
CDN
X-WA
Pics-Label
X-Lb-Id
X-RateLimit-Limit-Second
Correlation-Id
X-Fastly-Cache-Hits
X-Swift-Error
X-Fpc
X-Dw-Trace-Id
X-NGINX-Cache
X-Apw-Hits
Sid
X-BE
X-Apw-Access-Object
X-Apw-Access-Token
X-Policy
X-Apw-Access-Action
X-Wa
Warning
X-Bug-Bounty
X-LiteSpeed-Tag
Ohc-Response-Time
X-Akamai-ERPolicy
PICS-Label
T-Server
X-Akamai-ERRuleID
RequestUuid
X-ServerName
X-Flow-Id
X-DW
X-WPE-Loopback-Upstream-Addr
X-Zalando-Child-Request-Id
X-App
X-Alicdn-Da-Ups-Status
X-Html-Edge-Cache
Lfy
X-DB
X-RPS
X-RSL
X-RPM
X-DSS
X-DI
X-Page-Impression-Id