Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
CF-Ray
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Rq
X-Ac
X-Node
X-Request-ID
Content-Location
X-OneAgent-JS-Injection
X-Response-Time
X-Cnection
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-Cdn
X-TTL
X-Cache-Lookup
X-Rack-Cache
X-Ua-Compatible
X-Origin-Upstream-Status
Pinterest-Generated-By
X-Clacks-Overhead
X-Url
NEL
X-FTR-Request-ID
Rating
X-Dns-Prefetch-Control
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Dispatcher
X-ORACLE-DMS-RID
X-CST
X-HW
X-Goog-Hash
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
X-DataStream-Cache-Status
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
RTSS
X-Exp-Variant
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
X-GitHub-Request-Id
X-SharePointHealthScore
X-Navigation-Version
X-B3-TraceId
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Akam-SW-Version
Response
Display
X-Middleton-Display
X-Middleton-Response
X-Sol
DynaTrace
X-Powered-By-Plesk
X-ESI
MS-Author-Via
X-RateLimit-Remaining
Charset
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Forwarded-Proto
X-Shield-Request-Id
Realpath
X-Amz-Rid
X-Powered-CMS
ServerID
X-Upstream
X-Server-Name
X-Trace
AR-ATIME
AR-PoweredBy
Fastly-Restarts
AR-CACHE
Ar-Sid
X-Version
Public-Key-Pins
Nginx-Cache
Content-MD5
X-Cached
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
Accept-CH
X-Dw-Request-Base-Id
X-Shard
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
AR-Request-ID
X-Grace
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-DynaTrace-JS-Agent
SPRequestDuration
Pagespeed
SPIisLatency
X-Goog-Storage-Class
X-Client-IP
Accept-Ch-Lifetime
S
X-Debug
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend
X-FTR-Balancer
X-Id
X-FTR-Expires
X-FTR-Realm
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
Front-End-Https
X-N
X-Amzn-Trace-Id
X-T
Accept-Ch
X-NF-Request-ID
Pinterest-Version
Arr-Disable-Session-Affinity
X-Pinterest-Rid
X-Upstream-Proxy
X-DIS-Request-ID
X-Content-Type
MicrosoftSharePointTeamServices
X-Hits
X-FastCGI-Cache
X-Vcache
X-B3-Sampled
X-XRDS-Location
X-FTR-Cache-Host
X-Frontend
X-Varnish-Age
X-Ser
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Acc-Meta-Resource-Type
PB-RID
X-Logged-In
Fastcgi-Cache
Server-Name
X-Content-Digest
X-Correlation-Id
X-VCache
X-B3-Traceid
Alternate-Protocol
X-Srv
X-Node-Name
Nel
X-Cache-Key
X-Pad
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Microsite
FilterID
TP-L2-Cache
TP-Cache
X-User-Agent
X-Forwarded-For
X-Rid
X-Type
X-LB-Cache
X-Kinsta-Cache
Healthy
Host
X-F-Cache
X-Zen-Fury
Powered
X-Request-Processing-Time
X-IPLB-Instance
X-Request-Received
Accept-CH-Lifetime
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-2
Powered-By-ChinaCache
X-Revision
X-Debug-Info
X-AOL-HN
Edge-Cache-Tag
X-Cached-By
X-GUploader-UploadID
X-XRDS-LOCATION
X-Via-JSL
X-Kong-Proxy-Latency
Backend-Timing
X-Analytics
X-Cache-Age
X-Kong-Upstream-Latency
X-Hostname
X-Az
X-HS-Content-Id
X-HS-Hub-Id
X-AppVersion
X-Activity-Id
X-Fastcgi-Cache
X-Accel-Expires
X-Cache-Rule
Surrogate-Key
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
X-Instance
X-Content-Options
X-Page-Id
X-BCube-Filmed-By
X-Jobs
X-Content-Powered-By
X-Amz-Replication-Status
X-Cluster
X-Tumblr-Pixel
X-FB-Debug
X-PHP-Backend
Server-Node
X-Varnish-Grace
X-Tumblr-User
X-Tumblr-Pixel-0
X-App-Environment
X-Signature
X-TT
X-B-Cache
Cleartype
X-Request-Guid
Cache-Status
X-Akamai-Edgescape
X-Esi
Refresh
X-Forwarded-Host
Source
X-Framework
X-RateLimit-Limit
Liferay-Portal
X-FW-Type
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Serve
DC
X-ATG-Version
X-Varnish-Hostname
Tracecode
Accept-Charset
Access-Control-Allow-Method
Fastcgi-Useragent
Host-Header
X-Time
X-Mobile
X-Cache-Action
WPE-Backend
X-Cache-Operation
X-Drupal-Cache-Tags
X-Edge-Location
X-Whom
X-Cache-Control
X-B
X-APP-VERSION
X-TA-CDN-Provider
Payment
X-Hp-Webp
X-Mobile-URL
X-WA-Info
X-Response-Served-From
X-Erf-Bev-Bev-Is-Generated
Actual-Object-TTL
X-App-Server
NGB
X-Erf-Bev-Bev
X-Accel-Buffering
X-Cache-Hit
X-TX-ID
X-Storage
X-WebKit-CSP-Report-Only
Filters
X-Content-Age
X-Git-Hash
Cache-Tag
X-Handled-By
Cache-Tv-Group
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
X-Cacheable-TTL
X-Yottaa-Metrics
X-Yottaa-Optimizations
Eomportal-Instance
X-GeoIP
X-RequestSource
X-NWS-LOG-UUID
Viewport
X-UA-Device-Type
X-Tumblr-Pixel-2
X-Status
X-ProcessESI
X-Adobe-Content
X-RemovedCookies
X-Adobe-Loc
X-Presslabs-Stats
X-SS-Set-Cookie
X-Cache-TTL
X-Tumblr-Pixel-1
X-Geo-Country
Retry-After
X-VG-WebCache
MS-CV
X-FW-Dynamic
Webserver
X-Server-ID
X-Cache-TTL-Remaining
Xserver
X-Seen-By
Datacenter
X-FB-TRIP-ID
Cache
X-Host-Name
X-RTag
X-Oracle-Dms-Rid
X-Cache-Enabled
Ms-Operation-Id
X-Ratelimit-Limit
Frame-Options
Server-Info
X-Generated-By
From-Origin
X-Contextid
X-Hyper-Cache
X-Origin-Server
X-Mode
X-Ratelimit-Reset
Country
X-B3-Spanid
S-Cnection
X-CF-Powered-By
X-Path-Route
Load-Balancing
GEO-INFO
SRV
Machine
X-Cache-Var
X-Cache-Var-Map
X-RN-RSRV
Meta-Geo
X-Tumblr-Pixel-3
X-ES-SERVER
X-Cache-Config
X-Drupal-Cache-Contexts
X-MP-GENERATED-AT
X-Section
X-Varnish-Server
X-Labrador-Cache-Channel
X-Proxied
X-Upstream-CT
X-Upstream-HT
Cache-Key
X-Access
X-Zipkin-Id
X-Cache-Grace
X-Routing-Service
Vix-Hermes-Req-Id
Decoy-Debug-TTL
X-Shopify-Stage
X-Sorting-Hat-PodId
Rt-Fastcgi-Cache
X-Loop
X-Human
X-From
X-Hit
X-Guploader-Uploadid
Decoy-Debug-Key
X-TNCMS
X-Upgrade-Enabled
X-EIG-Tracking-Id
ServedBy
X-Backend-Name
X-Varnish-Cache-Hits
Now
X-Sorting-Hat-ShopId
X-OCL
X-PCL
X-Viewer-Country
X-Cache-Host
X-R9-Blue-Green-Version
X-ShardId
X-ShopId
Decoy-Debug-Status
X-Alternate-Cache-Key
X-Web-Node
X-Endurance-Cache-Level
X-CCM
X-Environment-Context
X-Akamai-Request-ID
Cache-Name
Akamai-GRN
X-AWS-Id
X-Debug-Cache
X-Cluster-Node
X-Trace-Id
X-Region
X-Proxy-Build
X-Origin-Response-Time
X-Timing-Wait
X-VG-TLSProxy
Mn-Server-Ip
X-VWS-Id
X-Via-Fastly
X-Magnolia-Registration
X-Rule
X-LJ-Flow-ID
X-L-Path
Mail-Subject
X-Www-Served-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
X-Device-Type
X-Xfnlog-Site
X-Generated
OT-Force-Account-Verify
Release
We-Hiring
X-NCache
Version
CACHE
X-Rendered-As
X-Proto
X-Locale
X-FC-Vary-Parameters
DB-Nickname
X-JoinUs
X-S
DSUID
X-Site-Version
X-RCS-CacheZone
X-Dc
X-Request-Time
ProcessTime
X-Varnish-Hits
Uber-Trace-Id
NtCoent-Length
X-Load-Cache
X-Time-Microsecs
X-PressLabs-Stats
X-IP
Time
X-NewRelic-App-Data
X-RateLimit-Reset
X-Akamai-Request-ID2
X-VCT
Property-Id
S-Rt
X-Nginx-Cache
Azure-Version
Azure-InstanceId
X-ProxyCache-Status
X-ProxyCache-Key
TWC-Connection-Speed
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-BYPASS-REASON
Webcakes-Region
X-FW-Version
X-Origin
X-Wix-Request-Id
TWC-Device-Class
Webcakes-App-Version
X-Origin-Hint
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
TWC-Privacy
Cteonnt-Length
X-Redis-Cache
NGX
X-Platform-Server
X-Via-CDN
X-UUID
X-No-Session
X-EdgeConnect-Cache-Status
X-Proxy
X-UA
X-FireWall-Port
X-GEO
X-ECACHE
X-MServer
X-Vgn-Hpd-Reason
X-CDN-Forward
X-Daa-Tunnel
X-Cache-NE
X-Rocket-Nginx-Bypass
X-HTML-Minification-Powered-By
X-Hl-Ver
Odigeo-Trace-Id
X-ApacheServer
Origin
X-Akamai-Transformed
X-PERF
X-IPS-LoggedIn
X-CS
X-ServerID
X-Format
X-Oneagent-Js-Injection
X-Cache-Server
X-Cache-Remote
X-Distributor
X-UnsetCookies
Accept-Language
Ec-Rule-Version
Access-Control-Request-Headers
Cache-Tags
LB
Fastly-SSL
X-Webkit-Csp
X-Tb
X-Real-IP
X-Amzn-Remapped-Content-Length
Hostname
L5d-Success-Class
PageSpeed
X-Pubstack
X-Microcachable
Selected-Fe
X-BACKEND-TTL
X-Unique-ID
Proxy-Connection
X-NC
Served-By
Origin-Edge-Control
Origin-Cache-Control
X-URL
X-Internal-Host
X-Instart-Info
Request-Country
REQUESTUUID
X-Application
X-B3-Parentspanid
Request-Time
Request-EU
X-Is-Bot
Rendered-Blocks
X-Level-Front-Cache
Proxy-Firewall
X-Generated-On
Cdn-Host
Cdn-Request-Time
Content-Script-Type
X-External-Request-Id
Cache-Prefix
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Content-Style-Type
Cross-Origin-Window-Policy
Fly-Cache
Fly-Request-Id
GEO-REGION-INFO
Fastly-SWR
Fastly-SIE
X-DPWN-IS-SECURE
Fastcgi-X-Cache-Version
Cache-Cookie-Set-From
BehaviorPad-Version
Mobile-Detection-Method
X-G
Meta-Geo-Continent
Node
X-Geo-Header
X-D
X-Date
A
X-Destination
Arc-Country
AsisCache
X-Developer
X-Detected-As
AKAMAI
MD5-Digest
X-IN-APIGATEWAY
X-NU-AKA-ACS-Version
X-Rebelmouse-Cache-Control
Viewtype
X-S-Maxage
X-Rebelmouse-Surrogate-Control
VivaBuild
X-ScT
X-Server-Time
X-A-Dam
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
X-Cdn-Srv
X-Region-Sid
X-Dynatrace-Js-Agent
X-Aed
X-Cache-Bucket
X-A
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-Trv-Group
X-S-Cookie
Rt-Proxy-Cache
X-Twitter-Response-Tags
X-Org
X-Accel-Expires-Debug
X-ARC
X-Worker
Server-ID
X-AIR-PT
X-B-Cookie
X-A-Dcw
X-App-Name
Xc-Version
X-A-Dgt
X-Edge-Server
X-Connection-Hash
X-Cluster-Name
X-A-Wwc
X-Varnish-Url
X-Varnish-Cacheable
X-CF-Lambda-Version
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Transaction
X-Vtex-Remote-Cache
X-A-Ccd
X-Grey
X-Cache-Category-Id
IBM-Web2-Location
X-Compress-Hint
X-ElasticPress-Search
ServerName
Gh-Request-Id
X-Device-Os
HA-Ipaddr
X-Distil-CS
X-BBXSRF
Ha-Gx-Prefs
X-Backend-State
W
X-Clientip
X-Core-Mission
X-CGP
True-Client-Country-4JS
Resin-Trace
RNT-Machine
RNT-Time
Section-Io-Cache
Server-Int
UCS
X-Cdn-Origin
X-Debug-Log
Memcached
X-Developers
X-Cache-Id
X-Cache-Info
Platform
X-Debug-Cookies
On-Server
Is-Eu
X-HS-Cache-Config
X-HS-Combine-CSS
X-We-Are-Hiring
X-ServiceProvider
X-GeoIP-Country-Code
X-Sn-Servicetimems
X-Epic-Correlation-Id
X-Server-IP
X-Request-URI
X-Variation
X-Cache-Backend
X-Nginx-Cache-Key
X-Method
X-C
X-Location
X-TrackingId
X-Skip-Cache
Backend-Name
X-NX-Host
X-Eu-Site
Content-Disposition
X-Qloud-Router
X-Fastly-Cache
X-PHP-Host
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Adler-Geo
Esi-Enabled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Countrycode
X-SERVER
X-CDN-Cache
X-Reboot
X-Release
X-Reqid
X-Request-Start
X-Cache-FS-Status
X-Servername
X-Thanos
X-Auto-Login
X-Swa-Ws
X-TH-Server
X-Bip
X-SIPLIST1
X-Response-By
X-SD-PageType
X-Secret
X-Proxy-Upstream
X-Block-Status
X-Wikidot-Static-Cache
X-Hash
X-GeoIP-City
X-Hnp-Log
X-Crawler
X-Irp-Debug
X-Generation-Time
X-Gen-Mode
X-Dispatch
X-Dispatcher-Server
X-Fetched-On
X-FPC
X-Gannett-Site-Version
X-Key
X-Li-Fabric
X-WebServer
X-Webstats-RespID
X-Clara-WADP
X-WADP-Cache
X-Owner
X-Wikidot-Backend
X-Cms-Context
X-Li-Pop
X-LI-Proto
X-LI-UUID
Kp-EeAlive
X-Proxy-Cache-Status
X-Amz-Meta-Cache-Control
V-Age
User-Cache-Control
Web-Mar-Node
L
Who
N-Cache
PFcat
SD-X-WS
SS
Pramga
Powered-By
IsBot
Wxu-Next-Commit
Country-Code
CDCHOST
X-Nc
X-Edge
Server-Host
Fastly-Soc-X-Request-Id
Heartbleed
Wxu-Next-Region
Wxu-Next-Hostname
GW-Server
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Matched-Rule
X-Azure-Ref-OriginShield
X-VServer
X-Origin-Expires
X-SERVER-NAME
X-VC-Cache
X-Azure-Ref
X-Thinkindot-L3
X-FE
X-Origin-Date
X-CUA
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
CF-IPCountry
X-Varnish-Ttl
X-Processor
X-Via-NSCOPI
X-OVcl-Cache
X-OVcl
X-Pf-Uncompressing
X-CLOUD-TRACE-CONTEXT
X-Served-From
X-Parent-Response-Time
X-Powered-By-Defense
X-Via-Edge
X-ABtesting
Magicmarker
X-Via-SSL
X-Hello
X-Ratelimit-Remaining
X-Flog
User-Agent
Mime-Version
Pagetype
X-LAGOON
X-Be
X-User
X-ND-Cache
X-Backend-Url
X-Backend-Host
X-Newrelic-Synthetics
X-Datadome
X-Protected-By
X-Generated-In
X-Varnish-Beresp-Ttl
Memory
X-Ua
X-Page-Type
X-GoCache-CacheStatus
X-Tt-Trace-Tag
X-MSEdge-Features
X-Up
X-MSEdge-Flight
X-B3-SpanId
X-Ttl
X-COUNTRY
Pragrma
X-Planisys-CDN-TTL
X-Fstrz
X-Planisys-CDN-Rules
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Planisys-CDN-Cache
X-Geo
X-Soup
X-Origin-TTL
X-Origin-CC
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Check-Cacheable
Geoip-City
X-ZONE
GeoIp-Country-Code
Geoip-Latitude
Cache-Hits
X-Backend-TTL
X-Zone
X-Say-Cacheable
X-SayCDN-TTL
X-Core-Value
X-Old-Content-Length
X-Cache-Ttl
X-Cdn-Forward
X-IN-WAF
X-Say-TTL
X-Phone
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache
X-Servedbyhost
X-DC
X-Varnish-Beresp-Grace
X-TT-LOGID
X-Varnish-Beresp-Status
X-CSRF-TOKEN
Cdn
X-Cache-Time
XServer
X-Aicache-OS
X-HS-Status
SN
X-VCL-Version
X-Node-Id
Inserted-Into-Cache-At
Fastly-Backend-Name
WZWS-RAY
X-Mid
X-Birta-Served
X-Ruxit-Js-Agent
X-MID
X-Birta-Cache-Post
Amp-Access-Control-Allow-Source-Origin
X-BC
X-Logtrace-Id
X-IN-APIGATEWAYSSL
X-FORWARDED-FOR
X-Vcl-Version
FSS-Cache
FSS-Proxy
Ajk
X-EC-Lua
X-UPSTREAM-Address
X-Tb-Optimization-Total-Bytes-Saved
X-ServedByHost
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Info
X-Varnish-IP
Selected-FE
X-Real-Ip
X-Contensis-Viewer-Groups
X-Refresh
X-APP
X-Cache-ASPX
Server-Surrogate-Control
HostName
CF-Cached-On
Server-Cache-Control
X-Wa
X-Varnish-Authentication
X-App-Version
HitType
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Agile-Age
X-Agile-Id
X-Agile
X-Cache-Debug
RequestId
X-Source
Xkeyrz
X-Proxy-Cacherz
X-CSRF-Token
X-Bc
X-CACHE-KEY
Dynatrace
Srv
GeoIP-Country-Code
T-Server
X-Nananana
X-LiteSpeed-Cache-Control
X-NWS-UUID-VERIFY
X-PJAX-URL
X-ECache
GeoIP-City
GeoIP-Latitude
PICS-Label
X-Varnish-Beresp-TTL
X-WR-MODIFICATION
X-Via-Ucdn
X-TIME
X-Render-Time
X-GDPR
Ohc-File-Size
WebServer
MIME-Version
Cf-Ipcountry
X-LB-ID
X-Fastly-Country-Code
X-Web-Server
Ohc-Cache-HIT
X-Micro-Cache
Xkeynj
X-Tec-Api-Origin
X-Unique-Id
X-Tec-Api-Version
X-Tec-Api-Root
SID
Get-Access-Time
Is-Session-Tracking
X-Uri
X-Cache-Tag
X-Policy
X-SRV
X-PAGE-TYPE
URI
X-BE
DataCenter
X-Sedo-Request-Id
CDN
Group
X-Requestid
X-Cache-Miss-From
X-MCACHE
X-GRACE
X-Fastly-Backend-Reqs
X-Lb-Id
HTTPS
X-Request-Url
Lb
X-NGINX-Cache
Cache-Provider
X-Service
Pics-Label
X-Pjax-Url
Xet-Cookie
X-Swift-Error
X-Edge-IP
Cneonction
X-Apw-Access-Action
X-SN
X-Vct
X-Var-Ttl
Warning
X-Apw-Access-Object
Backend
Www
X-Apw-Access-Token
X-Apw-Hits
X-Dw-Trace-Id
X-Is-Gdpr
X-PF-Uncompressing
X-Cache-Expires
Ohc-Response-Time
X-Has-Esi
X-Instart-Isnd
Correlation-Id
FNAC-ModuleRouting
X-Cf-Powered-By
Host-ID
X-Cdn-Request-ID
X-Ecache
X-WA
X-JWT-State
X-Newrelic-App-Data
X-Fe
X-Serial
X-Zalando-Child-Request-Id
X-Html-Edge-Cache
X-Flow-Id
X-Page-Impression-Id
X-Fastly-Cache-Hits
X-Akamai-ERRuleID
Lfy
X-Bug-Bounty
X-Akamai-ERPolicy
Requestid
X-DB
X-RPS
X-RSL
X-Fpc
X-RPM
X-DW
X-DI
X-DSS
X-ServerName