Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Rq
Report-To
X-Ac
X-Request-ID
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-Cdn
X-TTL
X-Cache-Lookup
X-Rack-Cache
X-Ua-Compatible
Pinterest-Generated-By
X-Origin-Upstream-Status
X-Url
X-Clacks-Overhead
NEL
X-FTR-Request-ID
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Country-Code
X-Ruxit-JS-Agent
X-Dispatcher
X-ORACLE-DMS-RID
X-CST
X-HW
X-Goog-Hash
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-DataStream-Cache-Status
X-TtlSet
Edge-Control
X-PC
X-Vname
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
RTSS
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-GitHub-Request-Id
X-SharePointHealthScore
X-Navigation-Version
X-B3-TraceId
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Akam-SW-Version
Display
X-Middleton-Response
Response
X-Middleton-Display
X-Sol
DynaTrace
X-Powered-By-Plesk
X-ESI
MS-Author-Via
X-RateLimit-Remaining
Charset
X-Forwarded-Proto
Realpath
X-Shield-Request-Id
X-Powered-CMS
X-Amz-Rid
ServerID
X-Upstream
X-Trace
X-Server-Name
X-Version
AR-CACHE
Public-Key-Pins
AR-PoweredBy
Fastly-Restarts
AR-ATIME
Ar-Sid
Nginx-Cache
Content-MD5
X-Cached
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Dw-Request-Base-Id
X-Shard
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
AR-Request-ID
X-Grace
Accept-Ch-Lifetime
Access-Control-Request-Method
Pagespeed
Accept-CH
Paypal-Debug-Id
X-MSEdge-Ref
X-DynaTrace-JS-Agent
SPIisLatency
X-Client-IP
X-Goog-Storage-Class
SPRequestDuration
Accept-Ch
S
X-Debug
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Id
X-FTR-DC
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-FTR-Expires
X-Country-Code-Real
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-FastCGI-Cache
X-N
X-Fastly-Request-ID
Front-End-Https
X-Amzn-Trace-Id
X-T
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-Pinterest-Rid
Pinterest-Version
X-Content-Type
X-DIS-Request-ID
X-Upstream-Proxy
MicrosoftSharePointTeamServices
X-Hits
X-Vcache
X-B3-Sampled
X-FTR-Cache-Host
X-Frontend
X-Acc-Meta-Resource-Type
X-Ser
Arc-Version
PB-RID
X-Mobile-Rewrite
X-Varnish-Age
PB-PID
Fastcgi-Cache
X-Logged-In
Server-Name
X-XRDS-Location
X-Content-Digest
X-VCache
X-Correlation-Id
X-B3-Traceid
Alternate-Protocol
X-Srv
X-Cache-Key
X-Node-Name
Nel
X-Pad
X-Microsite
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
FilterID
X-User-Agent
TP-Cache
TP-L2-Cache
X-Type
X-Rid
X-Forwarded-For
Host
Healthy
X-LB-Cache
X-XRDS-LOCATION
X-Kinsta-Cache
X-F-Cache
Powered
X-IPLB-Instance
X-Request-Received
X-Zen-Fury
X-Request-Processing-Time
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-2
Powered-By-ChinaCache
X-Revision
Edge-Cache-Tag
X-AOL-HN
X-Debug-Info
X-Cached-By
X-GUploader-UploadID
X-Via-JSL
X-Kong-Proxy-Latency
X-Cache-Age
Backend-Timing
X-Analytics
X-Kong-Upstream-Latency
X-AppVersion
X-Activity-Id
X-HS-Content-Id
X-HS-Hub-Id
X-Az
X-Hostname
Accept-CH-Lifetime
X-Accel-Expires
X-Cache-Rule
Surrogate-Key
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Instance
X-BCube-Filmed-By
X-Content-Options
X-Page-Id
X-Jobs
X-Content-Powered-By
X-Varnish-Grace
Server-Node
X-Tumblr-User
X-Amz-Replication-Status
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-PHP-Backend
X-FB-Debug
X-Cluster
Cleartype
Cache-Status
X-Signature
X-App-Environment
X-B-Cache
X-Akamai-Edgescape
X-TT
X-Request-Guid
X-Forwarded-Host
X-Esi
Source
Refresh
X-Fastcgi-Cache
X-Framework
Liferay-Portal
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Static
DC
X-RateLimit-Limit
X-ATG-Version
X-Varnish-Hostname
Tracecode
Accept-Charset
Access-Control-Allow-Method
Fastcgi-Useragent
Host-Header
X-Time
X-APP-VERSION
X-Mobile
WPE-Backend
X-Cache-Operation
X-Cache-Action
X-Drupal-Cache-Tags
X-Cache-Control
X-Edge-Location
X-Whom
X-B
X-Presslabs-Stats
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
NGB
X-Mobile-URL
X-Hp-Webp
X-App-Server
X-Accel-Buffering
X-Cache-Hit
Actual-Object-TTL
X-Response-Served-From
X-WA-Info
Payment
X-Storage
X-Content-Age
X-TX-ID
X-WebKit-CSP-Report-Only
Filters
X-Git-Hash
X-TT-TIMESTAMP
Cache-Tv-Group
X-Handled-By
Cache-Tag
X-Cacheable-TTL
Eomportal-Instance
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-GeoIP
X-RequestSource
X-UA-Device-Type
Viewport
Upgrade-Insecure-Requests
X-Tumblr-Pixel-2
X-Status
X-ProcessESI
X-Adobe-Content
X-Tumblr-Pixel-1
X-RemovedCookies
X-Adobe-Loc
X-Cache-TTL
X-NWS-LOG-UUID
X-SS-Set-Cookie
Retry-After
X-TA-CDN-Provider
X-Geo-Country
MS-CV
X-VG-WebCache
X-Ratelimit-Limit
X-FW-Dynamic
Webserver
X-Server-ID
Xserver
X-Cache-TTL-Remaining
X-Seen-By
Datacenter
X-FB-TRIP-ID
X-Host-Name
X-Cache-Enabled
Ms-Operation-Id
X-Oracle-Dms-Rid
X-RTag
Frame-Options
X-B3-Spanid
Server-Info
X-Contextid
From-Origin
Cache
X-Hyper-Cache
X-Origin-Server
X-Generated-By
Country
X-Mode
S-Cnection
CACHE
X-CF-Powered-By
X-RN-RSRV
X-Path-Route
SRV
X-Cache-Config
X-Cache-Var
X-Tumblr-Pixel-3
X-ES-SERVER
GEO-INFO
X-Cache-Var-Map
Load-Balancing
Machine
Meta-Geo
X-Upstream-HT
Cache-Key
X-Section
Vix-Hermes-Req-Id
X-Routing-Service
X-Varnish-Server
X-Labrador-Cache-Channel
X-Cache-Grace
X-Upstream-CT
X-Proxied
X-Access
X-Zipkin-Id
X-Drupal-Cache-Contexts
X-MP-GENERATED-AT
X-Hit
X-EIG-Tracking-Id
X-Alternate-Cache-Key
Decoy-Debug-TTL
X-Human
Decoy-Debug-Key
Decoy-Debug-Status
X-Backend-Name
X-From
X-Cache-Host
X-ShopId
Rt-Fastcgi-Cache
X-Guploader-Uploadid
X-Web-Node
X-Shopify-Stage
X-Dc
X-R9-Blue-Green-Version
X-Upgrade-Enabled
X-Sorting-Hat-ShopId
Now
X-Sorting-Hat-PodId
X-Viewer-Country
ServedBy
X-Varnish-Cache-Hits
X-TNCMS
X-ShardId
X-Loop
X-Proxy-Build
X-CCM
X-Cluster-Node
X-Debug-Cache
Cache-Name
X-VWS-Id
X-Trace-Id
X-AWS-Id
X-Via-Fastly
Akamai-GRN
X-VG-TLSProxy
Mn-Server-Ip
X-Region
X-Akamai-Request-ID
X-L-Path
X-Ratelimit-Reset
X-RateLimit-Reset
X-LJ-Flow-ID
X-Timing-Wait
X-Magnolia-Registration
X-Endurance-Cache-Level
X-PCL
X-OCL
X-Environment-Context
X-Origin-Response-Time
X-Rule
Release
OT-Force-Account-Verify
We-Hiring
X-Locale
X-Xfnlog-Site
X-NCache
X-Www-Served-By
X-Rendered-As
X-Proto
X-Site-Version
X-S
X-Generated
X-FC-Vary-Parameters
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
X-JoinUs
X-Device-Type
Version
DSUID
Mail-Subject
DB-Nickname
X-RCS-CacheZone
X-Varnish-Hits
X-NewRelic-App-Data
Uber-Trace-Id
ProcessTime
X-Load-Cache
X-Request-Time
NtCoent-Length
X-IP
X-Time-Microsecs
Time
X-Akamai-Request-ID2
X-VCT
X-ProxyCache-Key
Azure-SiteName
Azure-SlotName
Property-Id
Azure-RegionName
Cteonnt-Length
X-ProxyCache-Status
X-Nginx-Cache
X-UA
Azure-InstanceId
Azure-Version
S-Rt
Webcakes-App-Name
TWC-Privacy
Webcakes-Region
X-FW-Version
X-Wix-Request-Id
X-Origin-Hint
X-Origin
TWC-Locale-Group
Webcakes-App-Version
TWC-GeoIP-Country
X-BYPASS-REASON
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Device-Class
X-Redis-Cache
NGX
X-No-Session
X-UUID
X-EdgeConnect-Cache-Status
X-Platform-Server
X-Via-CDN
X-CLOUD-TRACE-CONTEXT
X-Proxy
X-FireWall-Port
X-CDN-Forward
X-ECACHE
X-PressLabs-Stats
X-GEO
X-MServer
X-Rocket-Nginx-Bypass
X-Cache-NE
X-Vgn-Hpd-Reason
X-Hl-Ver
X-PERF
Origin
X-HTML-Minification-Powered-By
X-Akamai-Transformed
Odigeo-Trace-Id
X-IPS-LoggedIn
X-ApacheServer
X-Daa-Tunnel
X-CS
X-Oneagent-Js-Injection
X-Cache-Server
X-ServerID
X-Format
X-Cache-Remote
X-Distributor
Accept-Language
X-UnsetCookies
LB
Ec-Rule-Version
Cache-Tags
Access-Control-Request-Headers
X-Tb
Fastly-SSL
X-Webkit-Csp
X-Real-IP
L5d-Success-Class
X-Amzn-Remapped-Content-Length
X-Microcachable
X-Pubstack
Selected-Fe
X-BACKEND-TTL
X-Unique-ID
Proxy-Connection
X-Compress-Hint
Origin-Edge-Control
X-URL
Served-By
Origin-Cache-Control
X-B3-Parentspanid
X-Worker
Arc-Country
REQUESTUUID
AKAMAI
X-ARC
AsisCache
X-Application
X-App-Name
Hostname
Xc-Version
Cdn-Request-Time
Request-Time
Cdn-Host
X-Level-Front-Cache
Mobile-Detection-Method
X-Generated-On
X-Geo-Header
X-Date
Cache-Prefix
Node
BehaviorPad-Version
A
Cache-Cookie-Set-Idcheck
MD5-Digest
X-G
Cache-Cookie-Set-Lfrom
Meta-Geo-Continent
X-D
X-IN-APIGATEWAY
X-Destination
X-Detected-As
Cache-Cookie-Set-From
Rendered-Blocks
Request-Country
Proxy-Firewall
X-Is-Bot
X-Developer
X-Instart-Info
X-Internal-Host
X-AIR-PT
X-Connection-Hash
Request-EU
X-Vtex-Processado-Em
X-S-Maxage
X-Dynatrace-Js-Agent
X-ScT
GEO-REGION-INFO
Viewtype
Fastcgi-X-Cache-Version
X-S-Cookie
X-Rojux
X-B-Cookie
X-CF-Lambda-Fn
X-Request-UUID
Cross-Origin-Window-Policy
X-Rewrite-Enabled
X-Server-Time
VivaBuild
X-A-Dam
X-A-Dcw
X-SRCache-Key
X-SVT-ORM-RULES
X-A
X-SVT-ORM-VERSION
Fastly-SWR
X-A-Dgt
X-DPWN-IS-SECURE
Fastly-SIE
X-Trv-Group
X-Cache-Bucket
X-Transaction
X-CF-Lambda-Version
X-Cdn-Srv
X-A-Wwc
X-Varnish-Cacheable
X-Twitter-Response-Tags
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Org
X-Varnish-Url
X-VG-WebServer
X-Aed
Fly-Cache
X-Accel-Expires-Debug
X-Vtex-Remote-Cache
X-A-Ccd
X-Cluster-Name
Rt-Proxy-Cache
X-Nc
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Edge-Server
X-Region-Sid
X-External-Request-Id
Fly-Request-Id
Content-Style-Type
Content-Script-Type
Server-ID
X-Grey
X-Cache-Category-Id
ServerName
X-ElasticPress-Search
IBM-Web2-Location
HA-Ipaddr
X-Device-Os
Gh-Request-Id
X-Distil-CS
Ha-Gx-Prefs
Section-Io-Cache
UCS
True-Client-Country-4JS
X-CGP
Server-Int
X-Cdn-Origin
X-Cache-Info
X-Backend-State
X-BBXSRF
X-Cache-Id
W
X-Clientip
RNT-Time
X-Debug-Cookies
Memcached
X-Debug-Log
Is-Eu
On-Server
Platform
RNT-Machine
Resin-Trace
X-Core-Mission
X-Developers
X-Method
X-NX-Host
Esi-Enabled
X-Qloud-Router
X-Nginx-Cache-Key
X-Location
X-HS-Cache-Config
X-HS-Combine-CSS
X-C
X-Request-URI
X-Server-IP
X-Variation
X-We-Are-Hiring
X-Cache-Backend
X-TrackingId
X-Sn-Servicetimems
X-ServiceProvider
X-Skip-Cache
X-GeoIP-Country-Code
X-PHP-Host
Content-Disposition
Apple-News-Services-Handled
X-Eu-Site
Apple-News-Services-Host
X-Fastly-Cache
Countrycode
X-Epic-Correlation-Id
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Adler-Geo
Backend-Name
X-NC
X-SERVER
X-Bip
X-Cache-FS-Status
X-Secret
X-Servername
X-SIPLIST1
X-Block-Status
X-Swa-Ws
X-Auto-Login
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
Kp-EeAlive
X-WebServer
X-WADP-Cache
X-TH-Server
X-Thanos
X-Dispatch
X-Dispatcher-Server
X-CDN-Cache
X-Request-Start
X-Key
X-Irp-Debug
X-Li-Fabric
X-Li-Pop
X-FPC
X-Gannett-Site-Version
X-Crawler
X-Generation-Time
X-Hash
X-Hnp-Log
X-Gen-Mode
X-LI-Proto
X-Cms-Context
X-Release
X-Reboot
X-Reqid
X-GeoIP-City
X-Response-By
X-Clara-WADP
X-Proxy-Upstream
X-LI-UUID
X-Fetched-On
X-Owner
X-Proxy-Cache-Status
X-SD-PageType
L
Pramga
Powered-By
SD-X-WS
Server-Host
User-Cache-Control
SS
PFcat
N-Cache
Country-Code
CDCHOST
Fastly-Soc-X-Request-Id
GW-Server
IsBot
Heartbleed
V-Age
X-Edge
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Amz-Meta-Cache-Control
Web-Mar-Node
Who
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Azure-Ref-OriginShield
X-Thinkindot-L3
X-Origin-Expires
X-Matched-Rule
X-VServer
X-SERVER-NAME
X-VC-Cache
X-FE
X-Origin-Date
X-Azure-Ref
X-CUA
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
X-Pf-Uncompressing
CF-IPCountry
X-Varnish-Ttl
X-Served-From
X-Via-NSCOPI
X-OVcl
X-Processor
X-OVcl-Cache
X-Powered-By-Defense
X-Parent-Response-Time
X-Ratelimit-Remaining
X-Hello
X-Via-Edge
Magicmarker
PageSpeed
X-Via-SSL
X-Flog
X-ABtesting
User-Agent
X-Be
Mime-Version
Pagetype
X-LAGOON
X-Protected-By
Memory
X-Backend-Url
X-Backend-Host
X-Generated-In
X-ND-Cache
X-User
X-Varnish-Beresp-Ttl
X-Newrelic-Synthetics
X-Up
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-MSEdge-Flight
X-MSEdge-Features
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Planisys-CDN-Rules
X-Debug-Cache-Expiry
X-Page-Type
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Geo
Pragrma
X-Fstrz
X-COUNTRY
X-Ttl
X-Soup
X-Ua
X-Origin-CC
X-Origin-TTL
X-Oss-Storage-Class
GeoIp-Country-Code
Geoip-City
X-Check-Cacheable
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
Geoip-Latitude
X-Oss-Hash-Crc64ecma
X-B3-SpanId
Cache-Hits
X-ZONE
X-Backend-TTL
X-Zone
X-Say-Cacheable
X-Phone
X-Say-TTL
X-SayCDN-TTL
X-Old-Content-Length
X-Cache-Ttl
X-Core-Value
X-IN-WAF
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache
X-TT-LOGID
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Cdn-Forward
X-Servedbyhost
Cdn
X-Cache-Time
XServer
WZWS-RAY
Inserted-Into-Cache-At
X-Aicache-OS
X-Node-Id
SN
X-CSRF-TOKEN
Fastly-Backend-Name
X-Vcl-Version
X-DC
X-Datadome
X-HS-Status
X-Ruxit-Js-Agent
X-Mid
X-Birta-Served
X-MID
X-Birta-Cache-Post
Amp-Access-Control-Allow-Source-Origin
X-NODE
X-Logtrace-Id
X-VCL-Version
FSS-Cache
X-FORWARDED-FOR
X-BC
Ajk
X-IN-APIGATEWAYSSL
FSS-Proxy
HostName
X-EC-Lua
X-Amzn-Remapped-Date
X-Tb-Optimization-Total-Bytes-Saved
X-Amzn-Remapped-Connection
X-Varnish-IP
X-UPSTREAM-Address
Selected-FE
X-Tec-Api-Origin
X-Info
X-ServedByHost
X-Real-Ip
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-ASPX
X-Contensis-Viewer-Groups
Server-Cache-Control
CF-Cached-On
Server-Surrogate-Control
X-Refresh
X-CSRF-Token
X-RateLimit-Limit-Second
X-APP
HitType
X-Wa
X-Varnish-Authentication
X-RateLimit-Remaining-Second
Xkeyrz
X-Proxy-Cacherz
X-Agile-Age
X-Source
X-Cache-Debug
X-Agile
X-Agile-Id
RequestId
X-Bc
Dynatrace
Srv
X-PJAX-URL
T-Server
PICS-Label
X-App-Version
X-Nananana
X-LiteSpeed-Cache-Control
X-WR-MODIFICATION
X-ECache
X-GDPR
X-Render-Time
GeoIP-Country-Code
X-Via-Ucdn
X-Varnish-Beresp-TTL
X-TIME
X-NWS-UUID-VERIFY
MIME-Version
WebServer
Ohc-File-Size
X-LB-ID
GeoIP-Latitude
GeoIP-City
Cf-Ipcountry
X-Fastly-Country-Code
X-Web-Server
X-PAGE-TYPE
Ohc-Cache-HIT
X-SRV
Is-Session-Tracking
X-Cache-Tag
Xkeynj
X-CACHE-KEY
X-Policy
URI
X-Micro-Cache
SID
X-Unique-Id
X-Uri
Get-Access-Time
DataCenter
CDN
Group
X-Requestid
X-Cache-Miss-From
X-Sedo-Request-Id
X-BE
X-Fastly-Backend-Reqs
X-MCACHE
X-GRACE
HTTPS
Cache-Provider
X-Request-Url
X-Lb-Id
X-Service
X-NGINX-Cache
Xet-Cookie
X-SN
X-Apw-Access-Action
Backend
X-Edge-IP
Pics-Label
X-Pjax-Url
X-Var-Ttl
X-Apw-Access-Object
Lb
Www
X-Apw-Hits
X-Vct
Cneonction
X-Swift-Error
X-Apw-Access-Token
X-Dw-Trace-Id
X-Instart-Isnd
Ohc-Response-Time
X-Ecache
X-JWT-State
X-Cf-Powered-By
Warning
X-Has-Esi
Host-ID
X-Is-Gdpr
Correlation-Id
FNAC-ModuleRouting
X-Cdn-Request-ID
X-Cache-Expires
X-WA
X-Newrelic-App-Data
X-NGENIX-Cache
X-Fe
X-Serial
X-RPM
X-Html-Edge-Cache
X-DB
X-DI
X-Fastly-Cache-Hits
X-Zalando-Child-Request-Id
X-Flow-Id
X-Page-Impression-Id
Requestid
X-DSS
X-DW
X-ServerName
X-PF-Uncompressing
Lfy
X-Akamai-ERPolicy
X-Fpc
X-RPS
X-RSL
X-Akamai-ERRuleID
X-Bug-Bounty