Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
P3p
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Ac
Report-To
X-Rq
X-Server-Id
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-TTL
X-DynaTrace
X-Url
X-Vhost
X-Cdn
X-Rack-Cache
X-Clacks-Overhead
Pinterest-Generated-By
X-Ruxit-JS-Agent
NEL
X-Origin-Upstream-Status
X-Ua-Compatible
X-CST
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-ORACLE-DMS-RID
Rating
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
X-DataStream-Cache-Status
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Edge-Control
X-Px
X-TtlSet
X-PC
X-Vname
X-VARITI-CCR
Service-Worker-Allowed
X-MS-InvokeApp
X-Mod-Pagespeed
SPRequestGuid
Verso
X-DataDome
X-Recruiting
X-Request-ID
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Dns-Prefetch-Control
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Use-Magma
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
X-B3-TraceId
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-ESI
RTSS
DynaTrace
TCN
X-Navigation-Version
X-Powered-By-Plesk
X-RateLimit-Remaining
X-GitHub-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Middleton-Display
X-Middleton-Response
Display
X-Sol
Response
Accept-Ch-Lifetime
X-Akam-SW-Version
Content-MD5
Charset
X-Server-Name
MS-Author-Via
Ar-Sid
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Amz-Rid
X-Shield-Request-Id
ServerID
Realpath
X-Trace
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Dw-Request-Base-Id
X-Goog-Stored-Content-Encoding
X-Powered-CMS
AR-Request-ID
X-DynaTrace-JS-Agent
X-Cached
Nginx-Cache
X-Version
X-Server-ID
X-Forwarded-Proto
X-Upstream
X-Shard
Fastly-Restarts
Public-Key-Pins
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
SPRequestDuration
SPIisLatency
Accept-Ch
X-Goog-Storage-Class
Access-Control-Request-Method
X-MSEdge-Ref
X-Upstream-Proxy
Pagespeed
X-Pinterest-Rid
Paypal-Debug-Id
Pinterest-Version
X-Client-IP
S
Accept-CH
X-Debug
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend-Server
X-Ezoic-Cdn
X-FTR-Backend
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Expires
X-N
X-T
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Fastly-Request-ID
X-XRDS-Location
X-Grace
Arr-Disable-Session-Affinity
Front-End-Https
X-VCache
X-NF-Request-ID
X-Varnish-Age
Arc-Version
X-Hits
X-Amzn-Trace-Id
X-Ser
X-Content-Type
X-Mobile-Rewrite
PB-PID
PB-RID
X-B3-Sampled
Alternate-Protocol
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-Content-Digest
Server-Name
X-Srv
X-Vcache
X-FastCGI-Cache
X-Pad
X-Forwarded-For
Host
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
Powered-By-ChinaCache
Nel
X-Microsite
X-Request-Handler-Origin-Region
FilterID
Healthy
TP-Cache
TP-L2-Cache
X-Rid
X-LB-Cache
Edge-Cache-Tag
X-Type
X-Fastcgi-Cache
X-Kinsta-Cache
X-Request-Received
X-Debug-Info
X-Request-Processing-Time
X-AOL-HN
X-IPLB-Instance
X-User-Agent
X-GUploader-UploadID
X-Cached-By
X-Cache-2
X-B3-Traceid
X-Hostname
X-Revision
X-F-Cache
X-HS-Hub-Id
X-Cache-Rule
X-HS-Content-Id
X-Cache-Key
Powered
X-Zen-Fury
X-Amz-Apigw-Id
X-Amzn-RequestId
Surrogate-Key
X-XRDS-LOCATION
X-Cache-Age
X-Analytics
Backend-Timing
X-Accel-Expires
X-RateLimit-Limit
X-Kong-Proxy-Latency
X-Page-Id
X-Kong-Upstream-Latency
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-BCube-Filmed-By
X-Content-Options
X-Content-Security-Policy-Report-Only
X-Activity-Id
Source
X-Varnish-Grace
X-Jobs
X-Instance
X-FB-Debug
X-AppVersion
X-Az
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cluster
Cache-Status
X-Content-Powered-By
X-PHP-Backend
X-Request-Guid
X-Via-JSL
X-Amz-Replication-Status
X-TT
Cleartype
X-Akamai-Edgescape
X-App-Environment
X-Framework
Tracecode
X-Varnish-Hostname
WPE-Backend
Server-Node
X-Forwarded-Host
Refresh
Host-Header
X-Signature
X-B-Cache
X-Mobile
X-ATG-Version
X-FW-Type
X-FW-Serve
X-FW-Server
X-Cache-Operation
X-FW-Static
X-FW-Hash
X-Time
Liferay-Portal
X-Cache-Control
X-NWS-LOG-UUID
DC
Accept-Charset
X-Drupal-Cache-Tags
X-Edge-Location
Actual-Object-TTL
X-Cache-Action
Access-Control-Allow-Method
X-Cache-TTL
Fastcgi-Useragent
X-Cache-Hit
X-App-Server
Upgrade-Insecure-Requests
Cache
X-Hp-Webp
X-Accel-Buffering
X-Mobile-URL
X-Response-Served-From
X-Storage
X-Whom
Payment
X-TX-ID
X-Esi
X-Content-Age
X-UA-Device-Type
X-B
X-WebKit-CSP-Report-Only
X-TT-TIMESTAMP
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-SS-Set-Cookie
X-GeoIP
X-RequestSource
X-Cacheable-TTL
Filters
Xserver
X-Handled-By
X-Adobe-Loc
Cache-Tv-Group
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Git-Hash
X-Adobe-Content
X-VG-WebCache
Eomportal-Instance
X-WA-Info
X-ProcessESI
X-RemovedCookies
Viewport
X-Ratelimit-Reset
X-Geo-Country
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Status
Server-Info
Cache-Tag
X-FB-TRIP-ID
X-TA-CDN-Provider
Datacenter
X-Cache-TTL-Remaining
Webserver
NGB
Accept-CH-Lifetime
X-Cache-Enabled
Retry-After
X-APP-VERSION
X-FW-Dynamic
X-Contextid
X-Seen-By
S-Cnection
X-Ratelimit-Limit
X-Presslabs-Stats
X-Host-Name
X-PressLabs-Stats
MS-CV
Country
From-Origin
X-Mode
X-Origin-Server
X-CF-Powered-By
Frame-Options
X-RN-RSRV
Load-Balancing
X-Varnish-Hits
Machine
X-VWS-Id
X-Path-Route
Meta-Geo
X-LJ-Flow-ID
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
X-Cache-Config
X-AWS-Id
Vix-Hermes-Req-Id
Release
X-Tumblr-Pixel-3
X-Upstream-HT
X-Daa-Tunnel
Cache-Key
X-Backend-Name
X-Cache-Host
X-Varnish-Cache-Hits
We-Hiring
X-Cache-Grace
DSUID
X-Upstream-CT
GEO-INFO
X-Hyper-Cache
X-Labrador-Cache-Channel
Mail-Subject
X-Human
X-Magnolia-Registration
X-Rendered-As
X-Loop
X-Zipkin-Id
X-Debug-Cache
X-Generated-By
X-From
X-OCL
X-MP-GENERATED-AT
X-Access
Now
X-Web-Node
X-Device-Type
X-TNCMS
X-Section
X-PCL
X-Routing-Service
X-Proxied
X-EIG-Tracking-Id
X-Varnish-Server
Mn-Server-Ip
X-RCS-CacheZone
ServedBy
X-Hit
X-ProxyCache-Status
X-ProxyCache-Key
OT-Force-Account-Verify
X-RTag
X-Rule
X-Proto
X-Origin-Response-Time
Uber-Trace-Id
Rt-Fastcgi-Cache
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-CCM
X-BYPASS-REASON
Ms-Operation-Id
X-R9-Blue-Green-Version
X-Viewer-Country
Decoy-Debug-Status
X-ShardId
Decoy-Debug-Key
X-VG-TLSProxy
Decoy-Debug-TTL
X-Upgrade-Enabled
X-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Cluster-Node
X-Xfnlog-Site
X-Environment-Context
X-Endurance-Cache-Level
X-L-Path
X-Proxy-Build
X-Timing-Wait
X-Region
X-NCache
X-JoinUs
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FC-Vary-Parameters
X-S
Akamai-GRN
Cache-Name
X-Via-Fastly
DB-Nickname
X-Hosted-By
X-Guploader-Uploadid
X-Cache-NE
X-NewRelic-App-Data
X-Trace-Id
NGX
X-Locale
X-Platform-Server
X-Nginx-Cache
X-UUID
X-Www-Served-By
X-Redis-Cache
X-Load-Cache
X-Drupal-Cache-Contexts
X-Site-Version
X-Real-IP
X-VCT
X-MServer
Cteonnt-Length
ProcessTime
X-Hl-Ver
X-Vgn-Hpd-Reason
X-Cache-Remote
X-EdgeConnect-Cache-Status
X-ServerID
X-Rocket-Nginx-Bypass
X-Request-Time
X-Oracle-Dms-Rid
X-ECACHE
X-Time-Microsecs
Time
X-IP
X-GEO
X-B3-Spanid
X-Wix-Request-Id
X-IPS-LoggedIn
X-Via-CDN
Version
S-Rt
X-Origin
NtCoent-Length
X-Origin-Hint
Webcakes-App-Name
Origin
Webcakes-Region
TWC-Device-Class
Property-Id
SRV
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
X-FW-Version
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Proxy
L5d-Success-Class
X-No-Session
X-Cache-Backend
X-FireWall-Port
Served-By
X-Distributor
X-Dc
X-Unique-ID
X-Microcachable
X-Oneagent-Js-Injection
Fastly-SSL
Odigeo-Trace-Id
Origin-Cache-Control
X-Cache-Server
X-Datadome
CACHE
Origin-Edge-Control
X-RateLimit-Reset
X-Pubstack
Fastcgi-X-Cache-Version
X-Cache-Category-Id
X-UA
X-Format
X-PERF
X-ApacheServer
X-Grey
Hostname
X-Akamai-Request-ID2
X-CS
IBM-Web2-Location
Cache-Tags
X-HTML-Minification-Powered-By
X-Webkit-Csp
Ec-Rule-Version
X-Akamai-Transformed
X-Detected-As
X-Is-Bot
X-Via-NSCOPI
X-GRACE
X-UnsetCookies
Proxy-Connection
Access-Control-Request-Headers
X-Edge
X-Powered-By-Defense
Backend-Name
X-Compress-Hint
X-Ua
X-Varnish-Cacheable
Cache-Cookie-Set-Idcheck
BehaviorPad-Version
Cache-Cookie-Set-From
Request-Country
AsisCache
Request-EU
Content-Script-Type
Node
Proxy-Firewall
Fly-Request-Id
GEO-REGION-INFO
Mobile-Detection-Method
HA-Ipaddr
MD5-Digest
Meta-Geo-Continent
Fly-Cache
Fastly-SWR
Cdn-Request-Time
Cdn-Host
Cache-Prefix
Ha-Gx-Prefs
Content-Style-Type
Fastly-SIE
Cross-Origin-Window-Policy
Rendered-Blocks
Cache-Cookie-Set-Lfrom
X-Twitter-Response-Tags
X-Rewrite-Enabled
X-Destination
X-Debug-Log
X-Developer
X-DPWN-IS-SECURE
X-Eu-Site
X-Edge-Server
X-Debug-Cookies
X-Date
X-D
X-Connection-Hash
X-ScT
X-S-Maxage
X-Rojux
X-S-Cookie
X-Request-UUID
X-External-Request-Id
X-PAYTM-SRV-ID
X-Org
X-Processor
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-NX-Host
X-NU-AKA-ACS-Version
X-HS-Cache-Config
X-G
X-HS-Combine-CSS
X-IN-APIGATEWAY
X-Internal-Host
X-Instart-Info
X-Server-Time
A
Xc-Version
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-Worker
X-Aed
X-Vtex-Remote-Cache
X-A-Dcw
X-A-Dam
Server-ID
Rt-Proxy-Cache
Viewtype
VivaBuild
X-A-Ccd
X-A
X-AIR-PT
X-Vtex-Processado-Em
X-CGP
X-CF-Lambda-Version
X-Trv-Group
X-Transaction
X-Cluster-Name
X-SRCache-Key
X-CF-Lambda-Fn
X-Cdn-Srv
X-Application
X-App-Name
X-VG-WebServer
X-ARC
X-Cache-Bucket
X-B-Cookie
Request-Time
ServerName
X-Tb
X-BACKEND-TTL
Mime-Version
X-ElasticPress-Search
X-CDN-Forward
X-NC
X-Cdn-Origin
On-Server
X-TH-Server
X-Cache-Id
X-Cache-Info
Adler-Geo
X-Core-Mission
PageSpeed
X-Irp-Debug
X-Clientip
Platform
Is-Eu
X-PHP-Host
X-Qloud-Router
Server-Host
Section-Io-Cache
X-Request-URI
Server-Int
True-Client-Country-4JS
X-Server-IP
X-ServiceProvider
RNT-Time
Gh-Request-Id
X-B3-Parentspanid
X-Sn-Servicetimems
X-Reqid
RNT-Machine
Resin-Trace
X-Backend-State
X-Variation
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Country-Code
Countrycode
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Arc-Country
X-Geo-Header
X-Hash
X-Generated-On
X-Level-Front-Cache
X-GeoIP-Country-Code
X-Fastly-Cache
X-C
X-Dispatcher-Server
X-Key
X-Nc
X-Location
X-Epic-Correlation-Id
X-Li-Pop
X-Hnp-Log
Who
X-Secret
X-Li-Fabric
Wxu-Next-Commit
X-SD-PageType
Wxu-Next-Region
Wxu-Next-Hostname
X-Response-By
X-Request-Start
X-Auto-Login
X-ND-Cache
X-Method
X-LI-UUID
X-CDN-Cache
X-Distil-CS
X-Dispatch
X-Developers
X-Nginx-Cache-Key
X-Crawler
X-Fetched-On
X-Block-Status
X-Device-Os
X-Generation-Time
X-Amz-Meta-Cache-Control
X-Protected-By
X-Gen-Mode
X-LI-Proto
X-BBXSRF
X-Gannett-Site-Version
X-Reboot
Web-Mar-Node
X-Wikidot-Static-Cache
X-Wikidot-Backend
IsBot
X-Skip-Cache
REQUESTUUID
X-SIPLIST1
X-SVT-ORM-VERSION
X-WebServer
LB
Memcached
X-Swa-Ws
PFcat
X-We-Are-Hiring
Powered-By
Esi-Enabled
X-SVT-ORM-RULES
X-Served-From
UCS
AKAMAI
V-Age
Content-Disposition
SD-X-WS
User-Cache-Control
X-Servername
SS
CDCHOST
Accept-Language
X-Origin-Expires
GW-Server
X-Owner
X-Cms-Context
X-Origin-Date
X-CUA
X-VServer
W
X-FPC
X-Matched-Rule
Fastly-Soc-X-Request-Id
X-Webstats-RespID
X-Via-SSL
X-GeoIP-City
X-Via-Edge
Heartbleed
X-Azure-Ref
X-Azure-Ref-OriginShield
Pramga
X-Release
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Cache-FS-Status
X-Bip
X-Thinkindot-L3
Thinkindot-Control
X-Thanos
X-Cdn-Forward
X-Fstrz
Pragrma
X-B3-SpanId
X-Parent-Response-Time
X-Varnish-Url
X-VC-Cache
CF-IPCountry
X-Varnish-Ttl
X-OVcl-Cache
L
X-WADP-Cache
X-OVcl
X-CLOUD-TRACE-CONTEXT
X-Clara-WADP
X-Ratelimit-Remaining
X-Proxy-Upstream
X-LAGOON
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Proxy-Cache-Status
X-Origin-CC
X-DC
X-Be
X-Origin-TTL
X-TrackingId
Kp-EeAlive
X-IN-WAF
X-FE
X-Core-Value
Memory
N-Cache
X-Phone
Selected-Fe
X-Varnish-Beresp-Ttl
User-Agent
X-Page-Type
X-Birta-Cache-Post
X-Birta-Served
X-SERVER-NAME
X-Urbn-Site-Id
Locale
X-Amzn-Remapped-Content-Length
X-Urbn-Context-Path
X-Pf-Uncompressing
X-Varnish-IP
X-Info
X-URL
HitType
Selected-FE
X-Ttl
X-App-Version
Magicmarker
X-Geo
X-Dynatrace-Js-Agent
X-ABtesting
X-Hello
Cdn
X-Varnish-Beresp-Status
X-Backend-TTL
X-Varnish-Beresp-Grace
X-Flog
X-Zone
X-CACHE-KEY
X-Newrelic-Synthetics
X-Generated-In
X-User
Pagetype
X-TT-LOGID
X-Servedbyhost
X-Source
X-Litespeed-Cache
Geoip-Latitude
GeoIp-Country-Code
Geoip-City
X-Soup
X-Agile-Id
SN
X-Cache-Debug
X-GoCache-CacheStatus
X-Agile
CF-Cached-On
X-Refresh
X-Backend-Url
X-Agile-Age
X-Backend-Host
X-Web-Server
X-Up
X-ZONE
X-Mid
X-Check-Cacheable
X-MID
X-Real-Ip
X-Tt-Trace-Tag
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-MSEdge-Features
X-Debug-Cache-Store
X-MSEdge-Flight
X-HS-Status
X-Aicache-OS
X-VCL-Version
X-Oss-Storage-Class
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Object-Type
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
GeoIP-Country-Code
FSS-Proxy
X-Vcl-Version
FSS-Cache
X-UPSTREAM-Address
X-Cache-Ttl
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-ServedByHost
X-Old-Content-Length
X-APP
Srv
GeoIP-Latitude
GeoIP-City
Ohc-Cache-HIT
Ohc-File-Size
X-Amzn-Remapped-Date
WZWS-RAY
X-Varnish-Authentication
X-Amzn-Remapped-Connection
X-BC
Server-Surrogate-Control
X-Cache-ASPX
HostName
X-NWS-UUID-VERIFY
Group
X-Contensis-Viewer-Groups
Server-Cache-Control
Cache-Hits
X-EC-Lua
X-Bc
X-COUNTRY
HTTPS
X-Via-Ucdn
RequestId
X-CSRF-Token
X-Node-Id
Fastly-Backend-Name
X-SN
Www
X-Akamai-SSL-Client-Sid
X-Varnish-Beresp-TTL
Backend
X-Nananana
X-Proxy-Cacherz
Cf-Ipcountry
Ajk
Xkeyrz
X-ECache
X-CSRF-TOKEN
Lb
Inserted-Into-Cache-At
X-Instart-Isnd
X-Logtrace-Id
URI
X-IN-APIGATEWAYSSL
X-Dynatrace
WebServer
XServer
X-Cache-Expires
X-Cache-Time
X-WR-MODIFICATION
X-Cache-Tag
Host-ID
Requestid
X-Request-Url
Is-Session-Tracking
X-NGENIX-Cache
X-PF-Uncompressing
X-FORWARDED-FOR
X-RateLimit-Limit-Second
X-Wa
X-RateLimit-Remaining-Second
X-PAGE-TYPE
X-Unique-Id
X-Fastly-Country-Code
X-TIME
Get-Access-Time
Xkeynj
X-MCACHE
X-LiteSpeed-Cache-Control
X-Requestid
X-Edge-IP
X-Cache-Miss-From
Epwk-Cache
X-BE
X-Sedo-Request-Id
X-Varnish-Action
X-Fastly-Backend-Reqs
X-Vct
Dynatrace
X-Apw-Access-Token
Cneonction
X-Apw-Hits
Fastcgi-X-Cache
X-Pjax-Url
Pics-Label
X-Apw-Access-Action
T-Server
X-Apw-Access-Object
DataCenter
X-SRV
Xet-Cookie
X-Correlation-ID
PICS-Label
X-Swift-Error
X-Lb-Id
X-Svr
X-AssetVersion
X-PJAX-URL
X-LB-ID
X-Micro-Cache
X-GDPR
CDN
X-Ecache
Correlation-Id
X-NGINX-Cache
X-Dw-Trace-Id
X-Cf-Powered-By
X-Render-Time
X-Sf
X-WA
X-Var-Ttl
FNAC-ModuleRouting
X-Akamai-ERPolicy
X-Flow-Id
X-Page-Impression-Id
X-Html-Edge-Cache
X-Akamai-ERRuleID
X-Zalando-Child-Request-Id
X-Serial
Sid
RequestUuid
X-WPE-Loopback-Upstream-Addr
Ohc-Response-Time
Cache-Provider
X-ServerName
X-LiteSpeed-Tag
X-DSS
X-RSL
X-RPS
X-RPM
Lfy
X-DI
Warning
X-Bug-Bounty
X-Fastly-Cache-Hits
X-Fpc
X-DB
X-DW