Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Rq
Report-To
X-Ac
X-Node
X-Request-ID
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-Cdn
X-TTL
X-Cache-Lookup
X-Rack-Cache
X-Ua-Compatible
X-Origin-Upstream-Status
Pinterest-Generated-By
X-Clacks-Overhead
X-Url
NEL
X-FTR-Request-ID
Rating
X-Dns-Prefetch-Control
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Dispatcher
X-ORACLE-DMS-RID
X-CST
X-HW
X-Goog-Hash
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
X-DataStream-Cache-Status
X-PC
X-TtlSet
Edge-Control
X-Vname
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
RTSS
X-Kinja-Build
X-Exp-Variant
X-Kinja-Revision
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Kinja
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-SharePointHealthScore
X-GitHub-Request-Id
X-Navigation-Version
X-SRCache-Store-Status
X-B3-TraceId
X-SRCache-Fetch-Status
X-Akam-SW-Version
X-Sol
X-Middleton-Display
X-Middleton-Response
Display
Response
DynaTrace
X-Powered-By-Plesk
X-ESI
MS-Author-Via
X-RateLimit-Remaining
Charset
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Forwarded-Proto
X-Shield-Request-Id
Realpath
X-Powered-CMS
X-Amz-Rid
ServerID
X-Upstream
X-Trace
X-Server-Name
AR-ATIME
AR-PoweredBy
AR-CACHE
Fastly-Restarts
X-Version
Public-Key-Pins
Ar-Sid
Nginx-Cache
Content-MD5
X-Cached
X-Goog-Stored-Content-Length
Accept-CH
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Dw-Request-Base-Id
X-Shard
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Grace
AR-Request-ID
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-DynaTrace-JS-Agent
SPIisLatency
SPRequestDuration
X-Client-IP
Pagespeed
X-Goog-Storage-Class
Accept-Ch-Lifetime
S
X-Debug
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-Id
X-FTR-Realm
X-FTR-Expires
X-FTR-DC
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Fastly-Request-ID
X-N
X-Amzn-Trace-Id
Accept-Ch
X-T
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-Pinterest-Rid
Pinterest-Version
X-Content-Type
X-DIS-Request-ID
X-Upstream-Proxy
MicrosoftSharePointTeamServices
X-Hits
X-FastCGI-Cache
X-Vcache
X-B3-Sampled
X-XRDS-Location
X-FTR-Cache-Host
X-Frontend
X-Mobile-Rewrite
X-Varnish-Age
PB-RID
PB-PID
Arc-Version
X-Acc-Meta-Resource-Type
X-Ser
X-Logged-In
Fastcgi-Cache
Server-Name
X-Content-Digest
X-Correlation-Id
X-VCache
X-B3-Traceid
Alternate-Protocol
X-Srv
Nel
X-Node-Name
X-Cache-Key
X-Pad
X-Request-Handler-Origin-Region
AMP-Access-Control-Allow-Source-Origin
X-Microsite
FilterID
TP-L2-Cache
TP-Cache
X-User-Agent
X-Forwarded-For
X-Rid
X-Type
Healthy
X-Kinsta-Cache
X-LB-Cache
X-F-Cache
Host
X-Zen-Fury
X-Request-Received
Powered
X-Request-Processing-Time
X-IPLB-Instance
Accept-CH-Lifetime
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-2
Powered-By-ChinaCache
X-Revision
X-AOL-HN
Edge-Cache-Tag
X-Debug-Info
X-Cached-By
X-GUploader-UploadID
X-Via-JSL
X-XRDS-LOCATION
X-Kong-Upstream-Latency
X-Cache-Age
Backend-Timing
X-Kong-Proxy-Latency
X-Analytics
X-HS-Content-Id
X-AppVersion
X-Az
X-HS-Hub-Id
X-Hostname
X-Activity-Id
X-Fastcgi-Cache
X-Accel-Expires
X-Cache-Rule
Surrogate-Key
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Page-Id
X-BCube-Filmed-By
X-Instance
X-Content-Options
X-Cluster
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Jobs
X-FB-Debug
X-Varnish-Grace
X-Content-Powered-By
X-Amz-Replication-Status
X-PHP-Backend
Server-Node
X-B-Cache
X-Signature
X-Akamai-Edgescape
Cleartype
X-Request-Guid
X-TT
X-App-Environment
Cache-Status
Refresh
X-Esi
Source
X-Forwarded-Host
X-Framework
X-RateLimit-Limit
Liferay-Portal
X-FW-Server
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Serve
DC
X-Varnish-Hostname
X-ATG-Version
Tracecode
Accept-Charset
Fastcgi-Useragent
Access-Control-Allow-Method
Host-Header
X-Time
X-Mobile
WPE-Backend
X-Cache-Operation
X-Cache-Action
X-Drupal-Cache-Tags
X-Cache-Control
X-Whom
X-Edge-Location
X-B
X-APP-VERSION
X-TA-CDN-Provider
X-Erf-Bev-Bev
X-Accel-Buffering
Actual-Object-TTL
X-WA-Info
Payment
X-App-Server
NGB
X-Erf-Bev-Bev-Is-Generated
X-Cache-Hit
X-Response-Served-From
X-Mobile-URL
X-Hp-Webp
X-TX-ID
X-Storage
X-Git-Hash
X-WebKit-CSP-Report-Only
Filters
X-Content-Age
X-Yottaa-Metrics
X-Yottaa-Optimizations
Upgrade-Insecure-Requests
X-Handled-By
X-Cacheable-TTL
Cache-Tag
X-TT-TIMESTAMP
Cache-Tv-Group
X-RequestSource
Eomportal-Instance
X-GeoIP
Viewport
X-UA-Device-Type
X-NWS-LOG-UUID
X-Tumblr-Pixel-1
X-Cache-TTL
X-Status
X-ProcessESI
X-RemovedCookies
X-Tumblr-Pixel-2
X-SS-Set-Cookie
X-Adobe-Content
X-Presslabs-Stats
X-Adobe-Loc
X-Geo-Country
Retry-After
MS-CV
X-VG-WebCache
X-FW-Dynamic
Webserver
X-Cache-TTL-Remaining
X-Server-ID
Xserver
X-Seen-By
Datacenter
X-FB-TRIP-ID
X-Host-Name
Cache
X-Ratelimit-Limit
X-Oracle-Dms-Rid
X-Cache-Enabled
Ms-Operation-Id
X-RTag
Frame-Options
Server-Info
X-Hyper-Cache
X-Contextid
From-Origin
X-Generated-By
X-Origin-Server
X-Mode
X-Ratelimit-Reset
Country
X-B3-Spanid
S-Cnection
X-CF-Powered-By
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Config
X-Tumblr-Pixel-3
X-Cache-Var
SRV
Machine
X-RN-RSRV
GEO-INFO
Load-Balancing
X-Path-Route
Meta-Geo
Cache-Key
X-Upstream-CT
X-Section
X-Cache-Grace
X-Labrador-Cache-Channel
X-Upstream-HT
X-Proxied
X-MP-GENERATED-AT
X-Drupal-Cache-Contexts
X-Routing-Service
X-Varnish-Server
X-Zipkin-Id
Vix-Hermes-Req-Id
X-Access
X-From
X-TNCMS
X-EIG-Tracking-Id
X-Sorting-Hat-ShopId
X-Hit
X-Cache-Host
X-R9-Blue-Green-Version
X-Human
X-ShardId
Decoy-Debug-Status
X-Alternate-Cache-Key
X-Guploader-Uploadid
X-ShopId
X-OCL
X-PCL
Rt-Fastcgi-Cache
ServedBy
X-Viewer-Country
X-Loop
X-Varnish-Cache-Hits
X-Upgrade-Enabled
X-Web-Node
Decoy-Debug-Key
X-Sorting-Hat-PodId
Decoy-Debug-TTL
Now
X-Backend-Name
X-Shopify-Stage
X-Akamai-Request-ID
X-AWS-Id
X-Debug-Cache
X-CCM
Cache-Name
X-Cluster-Node
Akamai-GRN
X-Timing-Wait
X-Rule
X-Region
X-Origin-Response-Time
X-Trace-Id
X-VG-TLSProxy
Mn-Server-Ip
X-VWS-Id
X-Via-Fastly
X-Magnolia-Registration
X-Proxy-Build
X-Environment-Context
X-Endurance-Cache-Level
X-L-Path
X-LJ-Flow-ID
X-FC-Vary-Parameters
X-Generated
X-Www-Served-By
X-Xfnlog-Site
OT-Force-Account-Verify
X-Goog-Meta-Goog-Reserved-File-Mtime
Release
X-S
X-Device-Type
X-Proto
X-NCache
X-JoinUs
X-Rendered-As
X-Locale
We-Hiring
X-Hosted-By
X-Site-Version
Version
DSUID
DB-Nickname
Mail-Subject
CACHE
X-RCS-CacheZone
X-Dc
NtCoent-Length
X-Request-Time
X-Load-Cache
X-Varnish-Hits
ProcessTime
Uber-Trace-Id
X-IP
X-Time-Microsecs
X-PressLabs-Stats
X-Akamai-Request-ID2
X-VCT
Time
X-RateLimit-Reset
X-NewRelic-App-Data
TWC-Privacy
X-ProxyCache-Key
X-Nginx-Cache
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-Wix-Request-Id
X-Origin-Hint
Azure-InstanceId
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-SlotName
Property-Id
Webcakes-App-Name
X-FW-Version
Webcakes-Region
S-Rt
Webcakes-App-Version
X-Origin
X-ProxyCache-Status
X-BYPASS-REASON
X-Redis-Cache
NGX
Cteonnt-Length
X-UUID
X-No-Session
X-Platform-Server
X-Via-CDN
X-EdgeConnect-Cache-Status
X-UA
X-FireWall-Port
X-Proxy
X-GEO
X-ECACHE
X-MServer
X-Rocket-Nginx-Bypass
X-Hl-Ver
X-HTML-Minification-Powered-By
X-Daa-Tunnel
X-Cache-NE
X-Vgn-Hpd-Reason
X-CDN-Forward
X-ApacheServer
X-PERF
X-Akamai-Transformed
X-IPS-LoggedIn
Origin
Odigeo-Trace-Id
X-Format
X-Cache-Server
X-CS
X-ServerID
X-Oneagent-Js-Injection
X-Cache-Remote
X-Distributor
Accept-Language
Ec-Rule-Version
X-UnsetCookies
Cache-Tags
Access-Control-Request-Headers
LB
Fastly-SSL
X-Webkit-Csp
X-Tb
X-Real-IP
Hostname
L5d-Success-Class
X-Amzn-Remapped-Content-Length
X-BACKEND-TTL
X-Pubstack
Selected-Fe
X-Unique-ID
X-Microcachable
Proxy-Connection
PageSpeed
Origin-Cache-Control
Served-By
X-URL
Origin-Edge-Control
X-NC
X-A-Dgt
X-A-Dcw
X-A-Ccd
Cache-Cookie-Set-From
AsisCache
BehaviorPad-Version
VivaBuild
Arc-Country
Cache-Cookie-Set-Idcheck
X-A-Dam
X-A
X-Developer
Cache-Cookie-Set-Lfrom
X-D
X-App-Name
Content-Script-Type
X-AIR-PT
X-Cdn-Srv
X-CF-Lambda-Fn
Cdn-Request-Time
X-Application
X-B-Cookie
X-ARC
Viewtype
Cdn-Host
X-Cache-Bucket
X-Aed
X-Accel-Expires-Debug
X-Destination
A
X-A-Wwc
X-Detected-As
X-B3-Parentspanid
Server-ID
Cross-Origin-Window-Policy
Content-Style-Type
X-CF-Lambda-Version
X-Cluster-Name
X-Connection-Hash
X-Date
AKAMAI
Fly-Request-Id
X-S-Maxage
X-S-Cookie
X-ScT
Rendered-Blocks
Proxy-Firewall
X-Server-Time
X-Rojux
X-Rewrite-Enabled
X-Rebelmouse-Cache-Control
Request-EU
Fastcgi-X-Cache-Version
X-Region-Sid
X-Request-UUID
Request-Country
X-SRCache-Key
X-SVT-ORM-RULES
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
Mobile-Detection-Method
Xc-Version
X-Worker
X-Varnish-Url
X-Varnish-Cacheable
Node
X-SVT-ORM-VERSION
X-Transaction
X-Trv-Group
MD5-Digest
X-Twitter-Response-Tags
Request-Time
X-Rebelmouse-Surrogate-Control
X-IN-APIGATEWAY
Rt-Proxy-Cache
X-PAYTM-SRV-ID
X-Instart-Info
Fastly-SWR
GEO-REGION-INFO
Cache-Prefix
Fly-Cache
X-External-Request-Id
X-G
X-Generated-On
X-Geo-Header
X-Is-Bot
X-Internal-Host
Fastly-SIE
X-Level-Front-Cache
Meta-Geo-Continent
X-NU-AKA-ACS-Version
X-DPWN-IS-SECURE
X-Edge-Server
X-Org
REQUESTUUID
X-Dynatrace-Js-Agent
IBM-Web2-Location
X-Cache-Category-Id
X-ElasticPress-Search
ServerName
X-Compress-Hint
X-Grey
Section-Io-Cache
Platform
Resin-Trace
True-Client-Country-4JS
Server-Int
UCS
RNT-Time
RNT-Machine
On-Server
X-Device-Os
X-NX-Host
X-PHP-Host
X-Qloud-Router
X-Nginx-Cache-Key
X-Method
X-HS-Combine-CSS
X-Location
X-Request-URI
X-Server-IP
X-Variation
X-We-Are-Hiring
X-TrackingId
X-Sn-Servicetimems
X-ServiceProvider
X-Skip-Cache
X-HS-Cache-Config
X-GeoIP-Country-Code
X-Cdn-Origin
X-CGP
X-Clientip
X-Cache-Info
X-Cache-Id
X-Backend-State
X-BBXSRF
X-Core-Mission
X-Debug-Cookies
X-Eu-Site
X-Fastly-Cache
X-Epic-Correlation-Id
X-Distil-CS
X-Debug-Log
X-Developers
W
Is-Eu
Gh-Request-Id
Apple-News-Services-Host
Ha-Gx-Prefs
Adler-Geo
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Content-Disposition
Backend-Name
Countrycode
Esi-Enabled
HA-Ipaddr
Apple-News-Services-Handled
Memcached
X-C
X-Cache-Backend
X-SERVER
X-GeoIP-City
X-Generation-Time
X-Hash
X-Gannett-Site-Version
X-Bip
X-Irp-Debug
X-Block-Status
X-Key
X-Hnp-Log
X-FPC
X-Li-Fabric
X-Crawler
X-Dispatch
X-Cms-Context
X-Clara-WADP
X-Dispatcher-Server
X-Fetched-On
X-CDN-Cache
X-Cache-FS-Status
X-Owner
X-Swa-Ws
X-TH-Server
X-Edge
X-Nc
X-SIPLIST1
X-Thanos
X-WADP-Cache
X-Wikidot-Static-Cache
Kp-EeAlive
X-Wikidot-Backend
X-Webstats-RespID
X-WebServer
X-Servername
X-Secret
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Auto-Login
X-LI-UUID
X-LI-Proto
X-Reboot
X-Release
X-SD-PageType
X-Response-By
X-Request-Start
X-Reqid
X-Li-Pop
X-Gen-Mode
User-Cache-Control
X-Amz-Meta-Cache-Control
Pramga
Server-Host
IsBot
PFcat
Country-Code
L
Powered-By
GW-Server
Fastly-Soc-X-Request-Id
SS
Heartbleed
Wxu-Next-Region
V-Age
CDCHOST
Wxu-Next-Hostname
Wxu-Next-Commit
N-Cache
Who
SD-X-WS
Web-Mar-Node
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-SERVER-NAME
X-Matched-Rule
X-VC-Cache
X-Origin-Date
X-FE
Thinkindot-CacheControl
X-Thinkindot-L3
X-Azure-Ref-OriginShield
X-Azure-Ref
Thinkindot-CacheControl-Type
Thinkindot-Control
X-CUA
X-Origin-Expires
X-VServer
X-Varnish-Ttl
CF-IPCountry
X-OVcl
X-Pf-Uncompressing
X-Processor
X-OVcl-Cache
X-CLOUD-TRACE-CONTEXT
X-Parent-Response-Time
X-Served-From
X-Via-NSCOPI
X-Powered-By-Defense
X-Flog
X-Via-Edge
X-Hello
User-Agent
X-Ratelimit-Remaining
X-ABtesting
X-Via-SSL
Magicmarker
Mime-Version
X-LAGOON
Pagetype
X-Be
X-Newrelic-Synthetics
X-User
X-Varnish-Beresp-Ttl
Memory
X-Generated-In
X-Protected-By
X-ND-Cache
X-Backend-Host
X-Datadome
X-Backend-Url
X-Ua
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-MSEdge-Flight
X-Up
X-Page-Type
X-MSEdge-Features
X-B3-SpanId
X-COUNTRY
X-Fstrz
X-Planisys-CDN-Rules
X-Ttl
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Debug-Cache-Expiry
X-Geo
X-Debug-Cache-Store
X-Soup
X-Debug-Cache-Fetch
Pragrma
X-Origin-TTL
X-Origin-CC
X-Check-Cacheable
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-ZONE
Cache-Hits
GeoIp-Country-Code
Geoip-Latitude
Geoip-City
X-Backend-TTL
X-Zone
X-IN-WAF
X-Phone
X-Old-Content-Length
X-Say-Cacheable
X-Cdn-Forward
X-Say-TTL
X-Core-Value
X-Cache-Ttl
X-SayCDN-TTL
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache
X-DC
X-Servedbyhost
X-Varnish-Beresp-Status
X-TT-LOGID
X-Varnish-Beresp-Grace
X-CSRF-TOKEN
Cdn
XServer
X-Cache-Time
X-VCL-Version
Fastly-Backend-Name
X-Node-Id
Inserted-Into-Cache-At
X-HS-Status
SN
X-Aicache-OS
WZWS-RAY
X-Mid
X-BC
Amp-Access-Control-Allow-Source-Origin
X-Birta-Served
X-MID
X-Ruxit-Js-Agent
X-Birta-Cache-Post
X-Vcl-Version
X-Logtrace-Id
FSS-Proxy
FSS-Cache
X-FORWARDED-FOR
X-IN-APIGATEWAYSSL
Ajk
X-EC-Lua
X-UPSTREAM-Address
X-Tb-Optimization-Total-Bytes-Saved
Selected-FE
X-Amzn-Remapped-Connection
X-ServedByHost
X-Info
X-Amzn-Remapped-Date
X-Real-Ip
X-Varnish-IP
HitType
X-APP
X-RateLimit-Limit-Second
X-Refresh
Server-Cache-Control
Server-Surrogate-Control
X-Cache-ASPX
X-RateLimit-Remaining-Second
X-Contensis-Viewer-Groups
X-Wa
HostName
X-Varnish-Authentication
CF-Cached-On
X-App-Version
Xkeyrz
X-Proxy-Cacherz
X-Agile
X-Agile-Id
RequestId
X-Cache-Debug
X-Source
X-Agile-Age
X-CSRF-Token
X-Bc
Srv
Dynatrace
X-CACHE-KEY
T-Server
GeoIP-Country-Code
X-NWS-UUID-VERIFY
X-LiteSpeed-Cache-Control
X-Nananana
X-WR-MODIFICATION
X-Varnish-Beresp-TTL
X-Via-Ucdn
PICS-Label
X-TIME
GeoIP-City
GeoIP-Latitude
X-GDPR
X-Render-Time
X-PJAX-URL
X-ECache
WebServer
MIME-Version
Ohc-File-Size
X-Fastly-Country-Code
X-Web-Server
X-LB-ID
Cf-Ipcountry
Ohc-Cache-HIT
Xkeynj
X-Unique-Id
URI
SID
X-PAGE-TYPE
X-Uri
X-Policy
X-Micro-Cache
X-Tec-Api-Origin
Get-Access-Time
Is-Session-Tracking
X-Tec-Api-Version
X-Tec-Api-Root
X-Cache-Tag
X-BE
X-SRV
DataCenter
X-Cache-Miss-From
X-Sedo-Request-Id
CDN
X-Requestid
Group
X-GRACE
X-MCACHE
Cache-Provider
X-Request-Url
X-Fastly-Backend-Reqs
X-NGINX-Cache
X-Pjax-Url
X-Service
Pics-Label
Lb
X-Lb-Id
HTTPS
Xet-Cookie
X-Var-Ttl
X-Apw-Hits
Cneonction
X-Apw-Access-Action
X-Apw-Access-Token
X-Edge-IP
X-Vct
Backend
Www
X-SN
X-Apw-Access-Object
X-Swift-Error
Warning
X-Dw-Trace-Id
X-Cache-Expires
X-Cf-Powered-By
X-JWT-State
X-Has-Esi
X-Is-Gdpr
Ohc-Response-Time
X-Cdn-Request-ID
X-Instart-Isnd
FNAC-ModuleRouting
X-Ecache
Correlation-Id
Host-ID
X-WA
X-PF-Uncompressing
X-Newrelic-App-Data
X-RPS
Lfy
X-RSL
X-Fe
X-RPM
X-DB
X-DI
X-DSS
X-DW
X-Bug-Bounty
X-Html-Edge-Cache
X-ServerName
X-Fastly-Cache-Hits
X-Flow-Id
Requestid
X-Page-Impression-Id
X-Akamai-ERRuleID
X-Serial
X-Zalando-Child-Request-Id
X-Akamai-ERPolicy
X-Fpc