Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
CF-RAY
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
CF-Ray
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-DynaTrace
X-Vhost
X-Cdn
X-Cache-Lookup
X-TTL
Pinterest-Generated-By
X-Ua-Compatible
X-Rack-Cache
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Url
X-FTR-Request-ID
Rating
X-Dns-Prefetch-Control
X-Ruxit-JS-Agent
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dispatcher
NEL
X-ORACLE-DMS-RID
X-HW
X-CST
X-Goog-Hash
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-TtlSet
X-PC
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-Recruiting
X-MS-InvokeApp
X-Varnish-TTL
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-D2id
RTSS
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
DynaTrace
X-SharePointHealthScore
X-Navigation-Version
X-GitHub-Request-Id
X-B3-TraceId
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Middleton-Display
X-Akam-SW-Version
X-Middleton-Response
X-Sol
Display
Response
X-Powered-By-Plesk
X-RateLimit-Remaining
MS-Author-Via
Charset
X-Shield-Request-Id
X-ESI
Realpath
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
ServerID
X-Forwarded-Proto
X-Amz-Rid
Content-MD5
X-Powered-CMS
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Trace
X-Upstream
Nginx-Cache
Fastly-Restarts
X-Version
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Public-Key-Pins
Accept-Ch-Lifetime
X-Cached
X-Dw-Request-Base-Id
X-Server-Name
X-Shard
AR-Request-ID
X-DynaTrace-JS-Agent
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Accept-Ch
Access-Control-Request-Method
Pagespeed
Paypal-Debug-Id
X-Grace
X-MSEdge-Ref
X-Goog-Storage-Class
SPRequestDuration
X-Client-IP
SPIisLatency
S
X-Debug
Accept-CH
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Expires
X-DataStream-Origin-MEX-Latency
X-Id
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Vcache
X-FastCGI-Cache
X-Pinterest-Rid
Pinterest-Version
X-N
X-Upstream-Proxy
X-Fastly-Request-ID
X-Amzn-Trace-Id
X-T
Front-End-Https
X-NF-Request-ID
X-DIS-Request-ID
Arr-Disable-Session-Affinity
X-Content-Type
MicrosoftSharePointTeamServices
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
Nel
X-Varnish-Age
X-Ser
X-Acc-Meta-Resource-Type
X-Frontend
PB-PID
X-Mobile-Rewrite
Fastcgi-Cache
Arc-Version
PB-RID
X-Logged-In
X-XRDS-Location
X-Content-Digest
Server-Name
X-Correlation-Id
Alternate-Protocol
X-B3-Traceid
X-Srv
X-Cache-Key
X-Node-Name
X-Pad
X-VCache
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
FilterID
TP-Cache
TP-L2-Cache
X-Forwarded-For
Host
X-User-Agent
X-Type
X-XRDS-LOCATION
X-Rid
X-Kinsta-Cache
Healthy
Powered-By-ChinaCache
X-LB-Cache
X-Request-Processing-Time
X-F-Cache
X-Request-Received
X-IPLB-Instance
X-Zen-Fury
Powered
X-Cache-2
X-Amzn-RequestId
X-Amz-Apigw-Id
Edge-Cache-Tag
X-AOL-HN
X-Debug-Info
X-Revision
X-Cached-By
X-GUploader-UploadID
X-Esi
X-Hostname
X-Cache-Age
X-Analytics
Backend-Timing
X-Kong-Upstream-Latency
X-HS-Content-Id
X-Kong-Proxy-Latency
X-HS-Hub-Id
X-Via-JSL
X-Cache-Rule
X-Accel-Expires
X-Az
X-AppVersion
X-Activity-Id
Surrogate-Key
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
X-Content-Options
X-Page-Id
X-Instance
X-BCube-Filmed-By
X-Varnish-Grace
X-Amz-Replication-Status
X-Content-Powered-By
X-FB-Debug
X-PHP-Backend
X-Cluster
Server-Node
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Jobs
X-Request-Guid
X-Akamai-Edgescape
Source
X-B-Cache
X-Signature
Refresh
Cleartype
Cache-Status
X-Fastcgi-Cache
X-Forwarded-Host
X-TT
X-App-Environment
X-Framework
Accept-CH-Lifetime
Liferay-Portal
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
DC
X-Varnish-Hostname
X-RateLimit-Limit
X-ATG-Version
Tracecode
Host-Header
Accept-Charset
Access-Control-Allow-Method
X-Mobile
Fastcgi-Useragent
X-APP-VERSION
WPE-Backend
X-Cache-Operation
X-Cache-Action
X-Drupal-Cache-Tags
X-Cache-Control
X-Edge-Location
X-Time
X-B
Actual-Object-TTL
X-Cache-Hit
X-Whom
Payment
X-Accel-Buffering
X-Erf-Bev-Bev-Is-Generated
X-Hp-Webp
X-Erf-Bev-Bev
X-Mobile-URL
X-Response-Served-From
X-App-Server
X-Storage
X-TX-ID
X-WA-Info
NGB
X-Git-Hash
X-Content-Age
X-SS-Set-Cookie
X-WebKit-CSP-Report-Only
X-Cacheable-TTL
Cache-Tv-Group
X-TT-TIMESTAMP
X-Yottaa-Optimizations
Upgrade-Insecure-Requests
X-NWS-LOG-UUID
X-Yottaa-Metrics
Filters
X-Handled-By
X-UA-Device-Type
X-GeoIP
X-Tumblr-Pixel-1
X-Presslabs-Stats
X-Tumblr-Pixel-2
Cache-Tag
Viewport
X-Status
X-Adobe-Loc
Eomportal-Instance
X-Adobe-Content
X-RemovedCookies
X-ProcessESI
X-RequestSource
X-Geo-Country
X-TA-CDN-Provider
Retry-After
X-VG-WebCache
X-Ratelimit-Limit
X-Cache-TTL
Xserver
X-FW-Dynamic
Datacenter
Webserver
X-Server-ID
X-Cache-TTL-Remaining
MS-CV
X-Seen-By
Cache
Server-Info
X-FB-TRIP-ID
X-Host-Name
X-Cache-Enabled
X-Oracle-Dms-Rid
Frame-Options
X-Contextid
X-RTag
Ms-Operation-Id
X-B3-Spanid
From-Origin
X-Hyper-Cache
X-Generated-By
X-Origin-Server
X-Mode
X-Ratelimit-Reset
S-Cnection
Country
X-RN-RSRV
X-Tumblr-Pixel-3
X-Cache-Var
X-Cache-Config
X-Cache-Var-Map
X-ES-SERVER
Load-Balancing
X-CF-Powered-By
Machine
Meta-Geo
X-Path-Route
X-Cache-Grace
X-Labrador-Cache-Channel
X-MP-GENERATED-AT
X-Section
X-Zipkin-Id
Vix-Hermes-Req-Id
X-Upstream-HT
X-Upstream-CT
X-Routing-Service
Cache-Key
X-Proxied
X-Access
X-Human
X-Hit
SRV
X-Guploader-Uploadid
X-Varnish-Cache-Hits
Decoy-Debug-TTL
X-Loop
X-PCL
Decoy-Debug-Key
Decoy-Debug-Status
X-OCL
X-From
X-Viewer-Country
X-Backend-Name
X-Upgrade-Enabled
X-Cache-Host
GEO-INFO
X-TNCMS
Now
X-Web-Node
X-Drupal-Cache-Contexts
X-Varnish-Server
X-Origin-Response-Time
X-Rule
X-Trace-Id
X-L-Path
X-Akamai-Request-ID
X-AWS-Id
X-CCM
X-Debug-Cache
X-Endurance-Cache-Level
X-LJ-Flow-ID
Mn-Server-Ip
X-Environment-Context
X-Magnolia-Registration
X-Region
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-EIG-Tracking-Id
X-R9-Blue-Green-Version
X-Shopify-Stage
X-ShopId
X-ShardId
Rt-Fastcgi-Cache
ServedBy
X-Via-Fastly
X-VWS-Id
X-VG-TLSProxy
DSUID
X-Proxy-Build
X-S
X-Xfnlog-Site
X-JoinUs
X-Hosted-By
Mail-Subject
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cluster-Node
X-Generated
X-Site-Version
DB-Nickname
OT-Force-Account-Verify
X-Timing-Wait
We-Hiring
Cache-Name
X-Proto
Akamai-GRN
X-NCache
X-RCS-CacheZone
CACHE
X-Rendered-As
X-Locale
X-FC-Vary-Parameters
X-Varnish-Hits
X-Www-Served-By
X-Device-Type
Version
Release
Uber-Trace-Id
X-Dc
X-Nginx-Cache
X-Load-Cache
X-Request-Time
ProcessTime
X-Time-Microsecs
X-IP
X-ProxyCache-Status
X-VCT
X-BYPASS-REASON
X-ProxyCache-Key
X-PressLabs-Stats
X-RateLimit-Reset
X-NewRelic-App-Data
Time
NGX
Cteonnt-Length
X-Redis-Cache
X-FW-Version
X-Wix-Request-Id
X-Platform-Server
Azure-InstanceId
X-Origin
Azure-SlotName
NtCoent-Length
Azure-Version
Azure-SiteName
S-Rt
Azure-RegionName
X-UUID
X-Via-CDN
X-Akamai-Request-ID2
Property-Id
X-No-Session
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-Locale-Group
X-CDN-Forward
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-EdgeConnect-Cache-Status
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-UA
X-ECACHE
X-FireWall-Port
X-Proxy
X-GEO
X-MServer
X-Cache-NE
X-Daa-Tunnel
X-Rocket-Nginx-Bypass
X-Hl-Ver
X-IPS-LoggedIn
Origin
X-ServerID
X-Vgn-Hpd-Reason
Odigeo-Trace-Id
X-HTML-Minification-Powered-By
X-ApacheServer
X-Akamai-Transformed
X-PERF
X-Oneagent-Js-Injection
X-Cache-Remote
X-Cache-Server
X-Distributor
X-Format
X-CS
LB
Ec-Rule-Version
Cache-Tags
Accept-Language
Fastly-SSL
Access-Control-Request-Headers
X-UnsetCookies
X-Webkit-Csp
L5d-Success-Class
X-Tb
X-SERVER-NAME
X-Unique-ID
X-Pubstack
X-Microcachable
Origin-Cache-Control
X-Real-IP
X-BACKEND-TTL
Origin-Edge-Control
X-Compress-Hint
X-URL
X-Varnish-Cacheable
X-Cache-Backend
Served-By
Fastcgi-X-Cache-Version
Request-EU
Rendered-Blocks
Cdn-Host
Cache-Prefix
Cdn-Request-Time
Content-Script-Type
Content-Style-Type
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Arc-Country
AKAMAI
AsisCache
BehaviorPad-Version
Cache-Cookie-Set-From
Cross-Origin-Window-Policy
Fastly-SIE
Proxy-Firewall
Node
Request-Time
Xc-Version
X-Worker
Mobile-Detection-Method
Meta-Geo-Continent
Fly-Cache
Fastly-SWR
Fly-Request-Id
GEO-REGION-INFO
MD5-Digest
Request-Country
X-A-Dam
X-Cdn-Srv
X-NU-AKA-ACS-Version
X-Level-Front-Cache
X-Is-Bot
X-Instart-Info
X-Internal-Host
X-Org
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
A
X-ARC
X-Cache-Bucket
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Date
X-D
X-DPWN-IS-SECURE
X-Destination
X-Developer
X-Detected-As
X-Edge-Server
X-External-Request-Id
X-Geo-Header
X-IN-APIGATEWAY
X-Cluster-Name
X-Generated-On
X-Connection-Hash
X-G
X-Region-Sid
X-Application
X-A-Ccd
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
X-A-Dcw
X-SVT-ORM-VERSION
X-Varnish-Url
X-VG-WebServer
Viewtype
Server-ID
VivaBuild
X-A
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-SVT-ORM-RULES
X-A-Dgt
X-Rojux
X-S-Cookie
X-AIR-PT
X-App-Name
X-Request-UUID
X-Rewrite-Enabled
X-Aed
X-S-Maxage
X-SRCache-Key
X-A-Wwc
X-Server-Time
X-ScT
X-Accel-Expires-Debug
REQUESTUUID
Rt-Proxy-Cache
X-Grey
IBM-Web2-Location
Proxy-Connection
X-B3-Parentspanid
X-Amzn-Remapped-Content-Length
Hostname
X-Cache-Category-Id
X-Nc
ServerName
X-ElasticPress-Search
Selected-Fe
Backend-Name
W
True-Client-Country-4JS
X-Edge
X-Cache-Id
X-Cdn-Origin
X-Cache-Info
Server-Int
X-Backend-State
RNT-Time
Platform
On-Server
X-We-Are-Hiring
X-Variation
Resin-Trace
X-CGP
RNT-Machine
Section-Io-Cache
X-Core-Mission
X-Location
X-Skip-Cache
X-HS-Combine-CSS
X-Method
X-Nginx-Cache-Key
X-Request-URI
X-PHP-Host
X-NX-Host
X-HS-Cache-Config
X-GeoIP-Country-Code
X-Debug-Log
X-Debug-Cookies
X-ServiceProvider
Memcached
X-Developers
X-Sn-Servicetimems
X-Fastly-Cache
X-Eu-Site
X-Clientip
X-Epic-Correlation-Id
Is-Eu
Gh-Request-Id
Countrycode
Ha-Gx-Prefs
HA-Ipaddr
Content-Disposition
X-C
Adler-Geo
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Esi-Enabled
X-SERVER
X-NC
X-Swa-Ws
X-TH-Server
X-SIPLIST1
X-Dispatch
X-Servername
X-WADP-Cache
X-Dispatcher-Server
X-Auto-Login
X-Thanos
X-Clara-WADP
X-Cache-FS-Status
X-Secret
X-Block-Status
Country-Code
Fastly-Soc-X-Request-Id
X-Cms-Context
X-Bip
X-Gannett-Site-Version
X-Irp-Debug
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Reboot
X-Key
X-Li-Fabric
X-Owner
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-Hnp-Log
X-Hash
X-Amz-Meta-Cache-Control
X-FPC
X-Fetched-On
CDCHOST
X-Gen-Mode
X-Response-By
X-Reqid
X-GeoIP-City
X-Request-Start
X-Generation-Time
X-SD-PageType
X-CDN-Cache
Server-Host
SD-X-WS
X-Device-Os
X-BBXSRF
User-Cache-Control
Web-Mar-Node
V-Age
X-Distil-CS
X-Qloud-Router
N-Cache
L
IsBot
X-TrackingId
X-Server-IP
PFcat
UCS
SS
X-WebServer
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-Matched-Rule
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
GW-Server
Thinkindot-Control
X-Served-From
X-Processor
X-Webstats-RespID
X-Via-NSCOPI
X-Release
X-Powered-By-Defense
X-Azure-Ref-OriginShield
X-Crawler
X-VC-Cache
X-Azure-Ref
Heartbleed
X-Origin-Date
X-Thinkindot-L3
X-Origin-Expires
Pramga
Who
Powered-By
Wxu-Next-Commit
X-Pf-Uncompressing
Wxu-Next-Region
Wxu-Next-Hostname
Kp-EeAlive
CF-IPCountry
X-Urbn-Context-Path
X-Varnish-Ttl
X-Parent-Response-Time
Locale
X-Urbn-Site-Id
X-Via-SSL
X-OVcl-Cache
X-OVcl
X-Via-Edge
X-CUA
X-CLOUD-TRACE-CONTEXT
X-FE
Mime-Version
X-Dynatrace-Js-Agent
User-Agent
Magicmarker
PageSpeed
X-Ratelimit-Remaining
X-Hello
X-ND-Cache
X-Flog
X-Protected-By
X-ABtesting
X-LAGOON
X-Be
Pagetype
Memory
X-Varnish-Beresp-Ttl
X-Ua
X-Planisys-CDN-Cache
X-Generated-In
X-User
X-Planisys-CDN-TTL
X-Fstrz
X-Backend-Host
X-Planisys-CDN-Rules
Pragrma
X-Backend-Url
X-Origin-CC
X-Origin-TTL
X-Newrelic-Synthetics
X-GoCache-CacheStatus
X-Ttl
X-MSEdge-Features
X-MSEdge-Flight
X-COUNTRY
X-Up
X-Tt-Trace-Tag
X-Page-Type
X-Geo
X-Cache-Ttl
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Soup
X-Debug-Cache-Store
X-Check-Cacheable
X-Zone
X-Phone
X-Core-Value
X-Oss-Hash-Crc64ecma
Geoip-City
X-Oss-Storage-Class
GeoIp-Country-Code
Geoip-Latitude
X-Backend-TTL
X-IN-WAF
X-Oss-Server-Time
X-B3-SpanId
X-Oss-Object-Type
X-Oss-Request-Id
X-Varnish-Beresp-Grace
X-TT-LOGID
X-Varnish-Beresp-Status
X-Litespeed-Cache
X-ZONE
Cache-Hits
X-Old-Content-Length
Cdn
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
X-Cdn-Forward
X-DC
X-Real-Ip
X-Birta-Served
X-Akamai-SSL-Client-Sid
X-Birta-Cache-Post
X-Servedbyhost
X-Mid
X-HS-Status
X-Vcl-Version
X-Datadome
SN
X-Varnish-IP
X-Cache-Time
X-MID
Amp-Access-Control-Allow-Source-Origin
X-Info
X-Ruxit-Js-Agent
FSS-Cache
FSS-Proxy
Inserted-Into-Cache-At
X-ServedByHost
X-Node-Id
X-Aicache-OS
Fastly-Backend-Name
X-VCL-Version
HitType
Selected-FE
X-FORWARDED-FOR
HostName
X-CSRF-TOKEN
XServer
WZWS-RAY
X-Tb-Optimization-Total-Bytes-Saved
X-Logtrace-Id
Ajk
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-BC
X-IN-APIGATEWAYSSL
X-Refresh
X-EC-Lua
X-UPSTREAM-Address
X-Cache-ASPX
X-CSRF-Token
X-Varnish-Authentication
X-Agile-Age
X-Cache-Debug
Server-Cache-Control
CF-Cached-On
X-Contensis-Viewer-Groups
Server-Surrogate-Control
X-Agile
X-Agile-Id
X-Bc
X-APP
RequestId
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Wa
Srv
X-Nananana
X-Source
X-GRACE
X-Via-Ucdn
Xkeyrz
GeoIP-Country-Code
X-Proxy-Cacherz
X-App-Version
X-Web-Server
X-TIME
X-WR-MODIFICATION
PICS-Label
X-PJAX-URL
GeoIP-Latitude
T-Server
X-ECache
GeoIP-City
X-Varnish-Beresp-TTL
WebServer
X-NWS-UUID-VERIFY
X-LiteSpeed-Cache-Control
X-PAGE-TYPE
Ohc-File-Size
Cf-Ipcountry
X-GDPR
X-LB-ID
X-Render-Time
URI
X-CACHE-KEY
X-Tec-Api-Origin
MIME-Version
Group
X-Fastly-Country-Code
X-Unique-Id
Xkeynj
X-SRV
X-Tec-Api-Root
Ohc-Cache-HIT
X-Micro-Cache
X-Tec-Api-Version
Get-Access-Time
Is-Session-Tracking
X-Cache-Tag
CDN
X-Cache-Miss-From
X-BE
X-Uri
Dynatrace
SID
X-Policy
X-Requestid
HTTPS
X-Sedo-Request-Id
X-MCACHE
X-Fastly-Backend-Reqs
X-Edge-IP
X-SN
Www
X-Request-Url
Backend
DataCenter
Xet-Cookie
Cache-Provider
X-Service
Lb
X-Vct
Pics-Label
X-Lb-Id
X-Pjax-Url
X-Apw-Access-Token
X-Apw-Access-Action
Cneonction
X-Apw-Access-Object
X-Swift-Error
X-Instart-Isnd
X-Apw-Hits
X-NGINX-Cache
X-Dw-Trace-Id
Correlation-Id
Requestid
X-Cf-Powered-By
Warning
FNAC-ModuleRouting
X-Var-Ttl
X-Cdn-Request-ID
X-Cache-Expires
X-Ecache
Host-ID
X-WA
X-Newrelic-App-Data
X-DSS
X-Bug-Bounty
Lfy
X-DW
X-Html-Edge-Cache
X-DI
X-Fe
X-Is-Gdpr
X-JWT-State
X-Has-Esi
Ohc-Response-Time
X-DB
X-RPM
X-Serial
X-Zalando-Child-Request-Id
X-Fastly-Cache-Hits
X-Page-Impression-Id
X-ServerName
X-Flow-Id
X-Varnish-Action
X-Fpc
X-RPS
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-RSL
X-PF-Uncompressing