Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Xss-Protection
X-Served-By
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Request-ID
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-Host
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-Dns-Prefetch-Control
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-Cache-Lookup
X-TTL
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Url
X-Ua-Compatible
NEL
X-FTR-Request-ID
Rating
X-Ruxit-JS-Agent
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dispatcher
X-ORACLE-DMS-RID
X-CST
X-HW
X-Goog-Hash
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
X-DataStream-Cache-Status
X-DataDome
Edge-Control
X-Vname
X-PC
X-TtlSet
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-Recruiting
X-MS-InvokeApp
X-Varnish-TTL
X-Exp-Id
RTSS
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
X-Navigation-Version
X-GitHub-Request-Id
X-SharePointHealthScore
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Display
Response
X-Middleton-Display
X-Sol
X-Middleton-Response
X-Powered-By-Plesk
X-Akam-SW-Version
MS-Author-Via
X-B3-TraceId
DynaTrace
X-RateLimit-Remaining
Charset
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Forwarded-Proto
X-TEC-API-VERSION
X-Shield-Request-Id
Realpath
X-Amz-Rid
ServerID
X-Powered-CMS
Content-MD5
X-Version
X-Upstream
X-Trace
X-ESI
Public-Key-Pins
Nginx-Cache
AR-ATIME
AR-CACHE
Ar-Sid
Fastly-Restarts
AR-PoweredBy
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Cached
X-Server-Name
X-Shard
X-Dw-Request-Base-Id
Accept-Ch-Lifetime
Accept-CH
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
AR-Request-ID
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-DynaTrace-JS-Agent
X-Grace
X-MSEdge-Ref
X-Goog-Storage-Class
X-Client-IP
SPIisLatency
SPRequestDuration
X-Debug
S
X-FTR-DC
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-Country-Code-Real
X-Id
X-Vcache
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Accept-Ch
X-Ezoic-Cdn
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
Front-End-Https
X-N
Pinterest-Version
X-Amzn-Trace-Id
X-Pinterest-Rid
X-Upstream-Proxy
X-T
X-NF-Request-ID
X-DIS-Request-ID
Arr-Disable-Session-Affinity
X-Content-Type
X-Hits
X-XRDS-Location
MicrosoftSharePointTeamServices
X-B3-Sampled
X-FTR-Cache-Host
X-B3-Traceid
X-Varnish-Age
X-Acc-Meta-Resource-Type
X-Frontend
X-Ser
Fastcgi-Cache
PB-RID
Server-Name
PB-PID
X-Mobile-Rewrite
X-Logged-In
Arc-Version
X-Content-Digest
X-Correlation-Id
Alternate-Protocol
X-Cache-Key
X-Node-Name
X-Srv
Nel
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Microsite
X-Request-Handler-Origin-Region
X-VCache
FilterID
TP-Cache
TP-L2-Cache
X-Type
X-User-Agent
X-Kinsta-Cache
X-Rid
X-LB-Cache
X-F-Cache
Healthy
X-Request-Processing-Time
Powered
X-Request-Received
X-IPLB-Instance
Host
Powered-By-ChinaCache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Esi
X-Zen-Fury
X-Cache-2
X-Forwarded-For
X-AOL-HN
X-Debug-Info
X-Revision
X-GUploader-UploadID
Edge-Cache-Tag
X-Cached-By
Backend-Timing
X-Analytics
X-Cache-Age
X-Via-JSL
X-Hostname
X-HS-Hub-Id
X-HS-Content-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-Rule
X-Accel-Expires
X-Activity-Id
X-XRDS-LOCATION
X-AppVersion
X-Az
Surrogate-Key
Accept-CH-Lifetime
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
VIX-Pulpo-Node
X-Page-Id
X-Instance
X-BCube-Filmed-By
X-Amz-Replication-Status
X-Content-Powered-By
X-Content-Options
X-Cluster
X-PHP-Backend
X-FB-Debug
X-Request-Guid
X-Varnish-Grace
Server-Node
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-B-Cache
Refresh
X-Akamai-Edgescape
X-Jobs
X-Signature
Cache-Status
Cleartype
X-TT
X-Forwarded-Host
X-RateLimit-Limit
Source
X-Framework
X-App-Environment
Liferay-Portal
X-FW-Static
X-FW-Hash
X-FW-Type
X-FW-Serve
X-FW-Server
X-Fastcgi-Cache
DC
X-Varnish-Hostname
X-ATG-Version
Tracecode
Accept-Charset
Host-Header
Fastcgi-Useragent
Access-Control-Allow-Method
X-APP-VERSION
WPE-Backend
X-Mobile
X-Cache-Action
X-Cache-Operation
X-Cache-Control
X-Drupal-Cache-Tags
X-Edge-Location
X-Whom
X-B
X-Cache-Hit
X-App-Server
X-Response-Served-From
Actual-Object-TTL
X-Accel-Buffering
X-Erf-Bev-Bev
X-Hp-Webp
X-Time
X-Erf-Bev-Bev-Is-Generated
X-Mobile-URL
Payment
X-Storage
X-WA-Info
X-TX-ID
X-Content-Age
X-NWS-LOG-UUID
NGB
X-Git-Hash
X-WebKit-CSP-Report-Only
X-Cacheable-TTL
Upgrade-Insecure-Requests
X-Yottaa-Metrics
Cache-Tv-Group
X-TT-TIMESTAMP
X-TA-CDN-Provider
X-Yottaa-Optimizations
Filters
X-SS-Set-Cookie
X-Handled-By
Cache-Tag
X-RemovedCookies
X-Status
X-Adobe-Loc
Eomportal-Instance
X-Adobe-Content
X-ProcessESI
X-Tumblr-Pixel-2
Viewport
X-UA-Device-Type
X-Tumblr-Pixel-1
X-GeoIP
X-Geo-Country
Retry-After
X-RequestSource
X-Presslabs-Stats
X-VG-WebCache
X-FW-Dynamic
Webserver
X-Cache-TTL-Remaining
X-Cache-TTL
X-Seen-By
MS-CV
Xserver
Datacenter
Cache
X-Server-ID
X-Host-Name
Server-Info
X-Cache-Enabled
Frame-Options
X-FB-TRIP-ID
X-RTag
Ms-Operation-Id
X-Contextid
X-Oracle-Dms-Rid
X-Ratelimit-Limit
X-B3-Spanid
From-Origin
X-Hyper-Cache
X-Origin-Server
X-Mode
X-Generated-By
S-Cnection
Country
X-CF-Powered-By
X-Path-Route
X-ES-SERVER
X-Ratelimit-Reset
X-RN-RSRV
X-Cache-Var-Map
SRV
X-Cache-Var
Machine
Meta-Geo
X-Tumblr-Pixel-3
Load-Balancing
X-Cache-Config
Cache-Key
X-Section
X-Routing-Service
X-Proxied
X-Cache-Grace
X-Upstream-CT
X-Upstream-HT
X-MP-GENERATED-AT
Vix-Hermes-Req-Id
X-Zipkin-Id
X-Labrador-Cache-Channel
X-Access
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-PCL
X-TNCMS
GEO-INFO
X-Web-Node
X-Drupal-Cache-Contexts
X-Viewer-Country
X-Upgrade-Enabled
X-OCL
Now
X-Hit
X-From
X-Loop
X-Human
X-Environment-Context
X-Via-Fastly
X-VG-TLSProxy
X-Origin-Response-Time
X-Backend-Name
ServedBy
Rt-Fastcgi-Cache
X-Endurance-Cache-Level
X-Trace-Id
X-Magnolia-Registration
X-Rule
X-Region
X-L-Path
X-Cache-Host
X-CCM
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-Varnish-Cache-Hits
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Varnish-Server
X-R9-Blue-Green-Version
X-Shopify-Stage
X-Site-Version
X-Hosted-By
Mn-Server-Ip
X-S
DB-Nickname
X-FC-Vary-Parameters
X-Cluster-Node
X-Debug-Cache
Cache-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NCache
X-Locale
X-Xfnlog-Site
Akamai-GRN
X-JoinUs
X-EIG-Tracking-Id
X-Rendered-As
X-Generated
X-Dc
X-Proto
OT-Force-Account-Verify
X-Guploader-Uploadid
X-RCS-CacheZone
X-Proxy-Build
X-Timing-Wait
Version
X-Www-Served-By
X-LJ-Flow-ID
X-VWS-Id
X-Varnish-Hits
X-AWS-Id
X-PressLabs-Stats
We-Hiring
DSUID
CACHE
Uber-Trace-Id
Mail-Subject
Release
X-Load-Cache
X-Device-Type
X-Request-Time
X-IP
X-Time-Microsecs
X-Nginx-Cache
Time
X-NewRelic-App-Data
X-FW-Version
NtCoent-Length
X-Wix-Request-Id
X-Redis-Cache
Cteonnt-Length
X-Origin
S-Rt
NGX
Azure-InstanceId
Azure-SlotName
ProcessTime
Azure-Version
Azure-RegionName
Azure-SiteName
X-ProxyCache-Status
X-VCT
X-Platform-Server
X-ProxyCache-Key
X-RateLimit-Reset
X-BYPASS-REASON
X-UUID
X-No-Session
X-EdgeConnect-Cache-Status
X-CDN-Forward
X-Akamai-Request-ID2
Property-Id
Webcakes-Region
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Connection-Speed
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
TWC-Device-Class
X-Origin-Hint
X-GEO
X-ECACHE
X-Daa-Tunnel
X-Via-CDN
X-FireWall-Port
X-Cache-NE
X-Proxy
X-Rocket-Nginx-Bypass
X-UA
X-HTML-Minification-Powered-By
X-MServer
Origin
X-Hl-Ver
Odigeo-Trace-Id
X-Cache-Remote
X-Akamai-Transformed
X-PERF
X-Vgn-Hpd-Reason
X-ApacheServer
X-CS
X-Format
X-IPS-LoggedIn
X-ServerID
X-Cache-Server
X-Distributor
X-Oneagent-Js-Injection
Ec-Rule-Version
LB
Cache-Tags
Access-Control-Request-Headers
Accept-Language
Fastly-SSL
X-UnsetCookies
X-Tb
Hostname
X-NC
X-Webkit-Csp
X-Pubstack
X-Unique-ID
X-Microcachable
L5d-Success-Class
Origin-Edge-Control
X-Real-IP
X-SERVER-NAME
Origin-Cache-Control
X-Amzn-Remapped-Content-Length
X-Varnish-Cacheable
Fastcgi-X-Cache-Version
X-Vtex-Remote-Cache
Cache-Cookie-Set-Lfrom
X-Vtex-Processado-Em
Cache-Cookie-Set-From
AKAMAI
Proxy-Firewall
X-Varnish-Url
Rendered-Blocks
Arc-Country
X-VG-WebServer
Cache-Prefix
BehaviorPad-Version
AsisCache
Cache-Cookie-Set-Idcheck
Content-Script-Type
GEO-REGION-INFO
Fly-Request-Id
X-Worker
MD5-Digest
Meta-Geo-Continent
Xc-Version
Node
Fly-Cache
Mobile-Detection-Method
Cdn-Request-Time
Content-Style-Type
Cross-Origin-Window-Policy
Fastly-SWR
Fastly-SIE
Cdn-Host
X-SVT-ORM-RULES
X-Geo-Header
X-App-Name
A
X-Application
X-ARC
X-Generated-On
X-AIR-PT
X-IN-APIGATEWAY
X-Is-Bot
X-Level-Front-Cache
X-Internal-Host
X-Accel-Expires-Debug
X-Aed
X-Instart-Info
X-G
X-B-Cookie
X-Date
X-Destination
X-CF-Lambda-Fn
X-D
X-Cluster-Name
X-Connection-Hash
X-Cdn-Srv
X-Detected-As
X-Edge-Server
X-External-Request-Id
X-Cache-Bucket
X-DPWN-IS-SECURE
X-Developer
X-A-Wwc
X-A-Dgt
X-CF-Lambda-Version
X-SVT-ORM-VERSION
X-SRCache-Key
X-Server-Time
VivaBuild
X-ScT
X-Transaction
X-Trv-Group
Request-EU
X-Twitter-Response-Tags
Request-Time
REQUESTUUID
Viewtype
Server-ID
X-A
X-S-Maxage
X-Rebelmouse-Cache-Control
X-A-Dam
X-A-Dcw
X-PAYTM-SRV-ID
X-NU-AKA-ACS-Version
X-Org
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Rojux
X-S-Cookie
X-Rewrite-Enabled
X-A-Ccd
X-Request-UUID
Request-Country
Rt-Proxy-Cache
X-Grey
IBM-Web2-Location
X-B3-Parentspanid
Proxy-Connection
X-Cache-Category-Id
X-BACKEND-TTL
X-URL
X-ElasticPress-Search
Backend-Name
Selected-Fe
X-Compress-Hint
Served-By
ServerName
X-Cache-Backend
X-Developers
X-Clientip
RNT-Machine
RNT-Time
Platform
Resin-Trace
X-Request-URI
X-ServiceProvider
Is-Eu
X-Core-Mission
Memcached
Section-Io-Cache
On-Server
Server-Int
X-Cdn-Origin
X-GeoIP-Country-Code
X-Cache-Info
X-Cache-Id
X-Backend-State
X-Fastly-Cache
X-Epic-Correlation-Id
X-Skip-Cache
X-Method
X-Nginx-Cache-Key
X-Location
True-Client-Country-4JS
W
X-Dynatrace-Js-Agent
X-PHP-Host
Apple-News-Services-Parsed-Url
X-C
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-Variation
Gh-Request-Id
X-We-Are-Hiring
Content-Disposition
Countrycode
Adler-Geo
Esi-Enabled
X-Sn-Servicetimems
X-GeoIP-City
X-Hnp-Log
X-Amz-Meta-Cache-Control
X-Generation-Time
X-Gannett-Site-Version
X-Gen-Mode
X-HS-Cache-Config
X-TrackingId
X-Li-Fabric
X-Debug-Log
X-Wikidot-Static-Cache
Web-Mar-Node
X-HS-Combine-CSS
X-Edge
X-Server-IP
X-Auto-Login
X-Cache-FS-Status
X-Eu-Site
X-Distil-CS
X-Clara-WADP
X-CGP
X-CDN-Cache
X-Device-Os
X-Block-Status
X-Bip
X-Fetched-On
X-FPC
UCS
X-Qloud-Router
V-Age
X-Cms-Context
X-BBXSRF
X-Li-Pop
X-Owner
User-Cache-Control
X-Secret
X-Servername
X-Swa-Ws
SD-X-WS
X-Debug-Cookies
X-SD-PageType
Fastly-Soc-X-Request-Id
X-Request-Start
PFcat
N-Cache
X-Reboot
X-Thanos
X-Response-By
X-WADP-Cache
IsBot
X-Wikidot-Backend
X-SIPLIST1
HA-Ipaddr
X-WebServer
X-LI-UUID
X-LI-Proto
CDCHOST
L
X-NX-Host
Ha-Gx-Prefs
X-SERVER
X-Release
X-Dispatch
X-TH-Server
X-Dispatcher-Server
X-Nc
X-Pf-Uncompressing
CF-IPCountry
X-Origin-Date
X-Hash
GW-Server
X-Irp-Debug
X-Key
X-Matched-Rule
Heartbleed
Powered-By
X-Proxy-Cache-Status
X-Reqid
X-VC-Cache
X-VServer
Pramga
X-Origin-Expires
X-Thinkindot-L3
X-Proxy-Upstream
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Azure-Ref
Country-Code
Server-Host
X-Azure-Ref-OriginShield
Thinkindot-Control
SS
X-Parent-Response-Time
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-OVcl
X-Processor
X-OVcl-Cache
X-Webstats-RespID
Wxu-Next-Commit
Who
Wxu-Next-Hostname
Wxu-Next-Region
X-Served-From
X-Crawler
Kp-EeAlive
X-Via-NSCOPI
X-Powered-By-Defense
X-Varnish-Ttl
User-Agent
X-Via-SSL
X-FE
Magicmarker
X-CUA
X-Via-Edge
X-CLOUD-TRACE-CONTEXT
X-LAGOON
X-ABtesting
X-Varnish-Beresp-Ttl
X-Flog
PageSpeed
X-Hello
X-Ratelimit-Remaining
X-ND-Cache
Memory
Mime-Version
X-Protected-By
X-Ua
X-Be
Pagetype
X-Newrelic-Synthetics
X-Page-Type
X-Backend-Host
X-Backend-Url
X-Cache-Ttl
X-Planisys-CDN-Rules
X-Fstrz
X-Generated-In
X-User
Pragrma
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-MSEdge-Features
X-Up
X-MSEdge-Flight
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-Origin-TTL
X-Origin-CC
X-Geo
X-COUNTRY
X-Ttl
X-Backend-TTL
X-Oss-Object-Type
X-Debug-Cache-Fetch
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Debug-Cache-Expiry
X-Oss-Request-Id
X-Check-Cacheable
X-Debug-Cache-Store
X-Soup
X-Oss-Server-Time
X-Zone
X-IN-WAF
X-B3-SpanId
Geoip-City
Geoip-Latitude
X-Core-Value
X-Phone
GeoIp-Country-Code
Cache-Hits
X-ZONE
X-SayCDN-TTL
X-Old-Content-Length
X-TT-LOGID
X-Say-Cacheable
X-Servedbyhost
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Say-TTL
X-Akamai-SSL-Client-Sid
X-FORWARDED-FOR
X-Litespeed-Cache
X-Cdn-Forward
X-DC
X-Birta-Cache-Post
X-VCL-Version
X-Aicache-OS
X-Real-Ip
Cdn
XServer
X-Birta-Served
X-CSRF-TOKEN
X-Cache-Time
X-Mid
SN
X-Node-Id
Inserted-Into-Cache-At
X-HS-Status
WZWS-RAY
Fastly-Backend-Name
X-Datadome
Dynatrace
X-BC
X-MID
Amp-Access-Control-Allow-Source-Origin
X-Info
X-Ruxit-Js-Agent
X-Varnish-IP
FSS-Cache
Selected-FE
X-Vcl-Version
X-Logtrace-Id
FSS-Proxy
X-IN-APIGATEWAYSSL
Ajk
HitType
X-EC-Lua
X-UPSTREAM-Address
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Refresh
X-ServedByHost
X-Tb-Optimization-Total-Bytes-Saved
X-Source
Server-Cache-Control
Server-Surrogate-Control
CF-Cached-On
X-Varnish-Authentication
X-Wa
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Cache-Debug
X-Agile-Id
X-Contensis-Viewer-Groups
X-Agile
X-Agile-Age
X-Cache-ASPX
HostName
X-APP
X-Bc
X-TIME
RequestId
X-Proxy-Cacherz
Xkeyrz
X-Nananana
X-CSRF-Token
Srv
MIME-Version
GeoIP-Country-Code
X-NWS-UUID-VERIFY
X-GRACE
X-Via-Ucdn
PICS-Label
T-Server
X-PJAX-URL
X-App-Version
X-LiteSpeed-Cache-Control
X-Web-Server
X-SRV
X-Render-Time
GeoIP-City
X-WR-MODIFICATION
X-ECache
X-GDPR
GeoIP-Latitude
X-LB-ID
WebServer
Ohc-File-Size
CDN
X-Varnish-Beresp-TTL
Cf-Ipcountry
URI
X-Tec-Api-Root
X-Fastly-Country-Code
X-Unique-Id
X-Tec-Api-Origin
Is-Session-Tracking
Ohc-Cache-HIT
Get-Access-Time
Xkeynj
X-Cache-Tag
X-Tec-Api-Version
X-Uri
X-Policy
X-CACHE-KEY
X-Micro-Cache
X-PAGE-TYPE
SID
Group
DataCenter
X-Requestid
X-BE
X-Cache-Miss-From
X-Sedo-Request-Id
HTTPS
X-MCACHE
Cache-Provider
Www
X-Edge-IP
X-Service
X-Fastly-Backend-Reqs
X-SN
X-NGINX-Cache
X-Request-Url
Backend
Xet-Cookie
Warning
X-Pjax-Url
X-Lb-Id
Pics-Label
Lb
X-Swift-Error
X-Vct
X-Apw-Access-Action
Cneonction
X-Instart-Isnd
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
X-Dw-Trace-Id
X-Has-Esi
FNAC-ModuleRouting
X-Ecache
X-Is-Gdpr
X-Var-Ttl
X-JWT-State
X-Cdn-Request-ID
X-Cf-Powered-By
X-Cache-Expires
Host-ID
Correlation-Id
Requestid
X-WA
X-Newrelic-App-Data
Lfy
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Bug-Bounty
X-Html-Edge-Cache
X-Fpc
X-Varnish-Action
X-PF-Uncompressing
Ohc-Response-Time
X-Fe
X-Fastly-Cache-Hits
X-DSS
X-DI
X-DW
X-RPM
X-RPS
X-DB
X-Zalando-Child-Request-Id
X-Serial
X-ServerName
X-Flow-Id
X-Page-Impression-Id
X-RSL