Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Host
X-Ac
Report-To
X-Rq
Content-Location
X-OneAgent-JS-Injection
X-Node
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Cdn
X-TTL
Pinterest-Generated-By
X-Url
X-DynaTrace
X-Vhost
X-Clacks-Overhead
X-Rack-Cache
X-Ua-Compatible
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-ORACLE-DMS-RID
X-CST
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-FTR-Request-ID
X-Country-Code
NEL
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Edge-Control
X-PC
X-TtlSet
X-Vname
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-MS-InvokeApp
X-Mod-Pagespeed
X-Request-ID
X-Dns-Prefetch-Control
SPRequestGuid
Verso
X-Recruiting
X-DataDome
X-Cdn-Fetch
X-Use-Magma
X-Exp-Id
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-D2id
X-B3-TraceId
X-Varnish-TTL
X-Vcap-Request-Id
X-ESI
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
DynaTrace
RTSS
TCN
X-Navigation-Version
X-Powered-By-Plesk
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-RateLimit-Remaining
X-SRCache-Store-Status
X-Sol
Display
X-Middleton-Response
Response
X-Middleton-Display
X-Server-Name
Content-MD5
X-Akam-SW-Version
Charset
Accept-Ch-Lifetime
MS-Author-Via
Ar-Sid
AR-PoweredBy
AR-CACHE
AR-ATIME
ServerID
X-Amz-Rid
X-Shield-Request-Id
X-Trace
Realpath
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Dw-Request-Base-Id
X-Goog-Generation
AR-Request-ID
X-Powered-CMS
X-Cached
X-DynaTrace-JS-Agent
Nginx-Cache
X-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Forwarded-Proto
X-Shard
X-Upstream
Accept-Ch
Fastly-Restarts
SPIisLatency
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
SPRequestDuration
X-Pinterest-Rid
X-Upstream-Proxy
Public-Key-Pins
Pinterest-Version
X-Goog-Storage-Class
Paypal-Debug-Id
X-MSEdge-Ref
Access-Control-Request-Method
Pagespeed
X-Client-IP
S
X-Server-ID
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-Id
X-Ezoic-Cdn
X-FTR-DC
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-FTR-Expires
Accept-CH
X-N
X-DIS-Request-ID
X-T
X-Fastly-Request-ID
X-Grace
MicrosoftSharePointTeamServices
X-VCache
Arr-Disable-Session-Affinity
X-Ser
PB-PID
X-Varnish-Age
X-Amzn-Trace-Id
Arc-Version
PB-RID
X-Mobile-Rewrite
Front-End-Https
X-Content-Type
X-Hits
X-NF-Request-ID
Alternate-Protocol
X-B3-Sampled
Nel
X-Acc-Meta-Resource-Type
Fastcgi-Cache
X-Frontend
X-FTR-Cache-Host
X-Logged-In
Server-Name
X-XRDS-Location
X-Content-Digest
X-Srv
X-Pad
X-Correlation-Id
X-Forwarded-For
X-FastCGI-Cache
Host
X-Vcache
AMP-Access-Control-Allow-Source-Origin
Powered-By-ChinaCache
X-Node-Name
X-Request-Handler-Origin-Region
X-Fastcgi-Cache
X-Microsite
FilterID
TP-Cache
Healthy
TP-L2-Cache
X-Rid
X-Kinsta-Cache
X-Type
X-XRDS-LOCATION
Edge-Cache-Tag
X-LB-Cache
X-Debug-Info
X-IPLB-Instance
X-Request-Received
X-Request-Processing-Time
X-User-Agent
X-AOL-HN
X-Cached-By
X-GUploader-UploadID
X-Cache-Key
X-Cache-2
X-Revision
X-Hostname
X-F-Cache
X-HS-Hub-Id
X-HS-Content-Id
X-Cache-Rule
Powered
X-Zen-Fury
X-Amzn-RequestId
X-Amz-Apigw-Id
Surrogate-Key
X-Accel-Expires
Backend-Timing
X-Analytics
X-Cache-Age
X-Page-Id
X-Kong-Upstream-Latency
X-B3-Traceid
X-Kong-Proxy-Latency
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-Content-Options
X-Instance
X-Varnish-Grace
X-BCube-Filmed-By
X-Cluster
Source
X-Activity-Id
X-AppVersion
X-Az
X-FB-Debug
X-Jobs
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-App-Environment
X-Akamai-Edgescape
Cache-Status
X-Amz-Replication-Status
X-PHP-Backend
X-Content-Powered-By
X-Request-Guid
X-TT
Cleartype
X-Framework
X-Via-JSL
X-RateLimit-Limit
Tracecode
Server-Node
X-Varnish-Hostname
WPE-Backend
X-Forwarded-Host
Refresh
Host-Header
X-Signature
X-B-Cache
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Hash
X-ATG-Version
X-FW-Type
X-Mobile
X-Cache-Operation
X-Cache-Control
X-Time
Liferay-Portal
X-Cache-TTL
DC
Accept-Charset
X-NWS-LOG-UUID
Actual-Object-TTL
X-Drupal-Cache-Tags
X-Edge-Location
X-Cache-Action
Access-Control-Allow-Method
X-Cache-Hit
Fastcgi-Useragent
X-App-Server
Upgrade-Insecure-Requests
X-Hp-Webp
X-Response-Served-From
X-Accel-Buffering
X-Mobile-URL
X-Whom
X-TX-ID
X-Storage
Payment
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-SS-Set-Cookie
X-Content-Age
X-Handled-By
X-Yottaa-Metrics
X-TT-TIMESTAMP
X-Yottaa-Optimizations
X-B
X-Cacheable-TTL
X-RequestSource
X-GeoIP
X-Git-Hash
X-VG-WebCache
Filters
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Cache-Tv-Group
Eomportal-Instance
X-Adobe-Content
X-Adobe-Loc
Xserver
X-Geo-Country
X-ProcessESI
X-WA-Info
Viewport
X-RemovedCookies
X-TA-CDN-Provider
Cache
Server-Info
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Status
Accept-CH-Lifetime
Cache-Tag
X-FB-TRIP-ID
X-Ratelimit-Limit
Webserver
Datacenter
NGB
X-Cache-TTL-Remaining
X-Presslabs-Stats
X-APP-VERSION
X-Cache-Enabled
X-Esi
Retry-After
X-Ratelimit-Reset
X-FW-Dynamic
X-Contextid
X-Seen-By
S-Cnection
X-Origin-Server
X-Host-Name
X-Mode
Country
X-CF-Powered-By
MS-CV
From-Origin
X-VWS-Id
X-Cache-Var
X-Tumblr-Pixel-3
X-Cache-Var-Map
X-Hyper-Cache
X-ES-SERVER
X-Varnish-Hits
X-Cache-Config
X-AWS-Id
Machine
X-Magnolia-Registration
Load-Balancing
X-LJ-Flow-ID
X-RN-RSRV
Frame-Options
Meta-Geo
X-Path-Route
Vix-Hermes-Req-Id
We-Hiring
GEO-INFO
Release
Mail-Subject
X-Daa-Tunnel
Cache-Key
DSUID
X-Backend-Name
X-Cache-Grace
X-Upstream-HT
X-Varnish-Cache-Hits
X-Zipkin-Id
X-Upstream-CT
X-Proxied
X-Cache-Host
X-Human
X-Labrador-Cache-Channel
X-Hit
X-Routing-Service
X-Rendered-As
X-From
X-EIG-Tracking-Id
X-Loop
X-MP-GENERATED-AT
X-RCS-CacheZone
X-OCL
X-Device-Type
X-Debug-Cache
ServedBy
Now
Uber-Trace-Id
X-Access
X-Section
X-Generated-By
Mn-Server-Ip
X-PCL
X-Guploader-Uploadid
X-Viewer-Country
X-Web-Node
X-TNCMS
X-Varnish-Server
X-R9-Blue-Green-Version
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-VG-TLSProxy
X-BYPASS-REASON
X-ShardId
Decoy-Debug-Key
Decoy-Debug-TTL
X-Upgrade-Enabled
OT-Force-Account-Verify
Rt-Fastcgi-Cache
Decoy-Debug-Status
X-CCM
X-Cluster-Node
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-Origin-Response-Time
Akamai-GRN
X-L-Path
X-ProxyCache-Key
X-VCT
X-Rule
X-ProxyCache-Status
X-Environment-Context
X-Proto
X-Sorting-Hat-ShopId
X-RTag
Ms-Operation-Id
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-FC-Vary-Parameters
X-JoinUs
X-Region
X-Xfnlog-Site
X-Endurance-Cache-Level
X-Via-Fastly
X-Timing-Wait
X-S
X-NCache
X-Proxy-Build
Cache-Name
DB-Nickname
X-Cache-NE
NGX
X-Trace-Id
X-Platform-Server
X-UUID
X-Redis-Cache
X-NewRelic-App-Data
X-Drupal-Cache-Contexts
X-Nginx-Cache
X-Locale
X-Site-Version
X-PressLabs-Stats
X-Load-Cache
X-Www-Served-By
X-Real-IP
X-MServer
X-EdgeConnect-Cache-Status
X-Hl-Ver
Cteonnt-Length
ProcessTime
X-Vgn-Hpd-Reason
X-Cache-Remote
X-ServerID
X-ECACHE
X-Rocket-Nginx-Bypass
X-B3-Spanid
X-Request-Time
Time
X-IP
X-Dc
X-Time-Microsecs
CACHE
X-RateLimit-Reset
X-IPS-LoggedIn
SRV
X-GEO
NtCoent-Length
Version
X-FW-Version
X-Wix-Request-Id
X-Origin
S-Rt
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Via-CDN
Azure-InstanceId
Azure-Version
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-Locale-Group
TWC-Privacy
TWC-Connection-Speed
Property-Id
TWC-Device-Class
X-Origin-Hint
TWC-GeoIP-Country
Webcakes-Region
Webcakes-App-Version
L5d-Success-Class
X-UA
X-Cache-Backend
X-Proxy
Served-By
X-Oneagent-Js-Injection
Origin
X-FireWall-Port
X-Datadome
X-Distributor
X-No-Session
Fastly-SSL
X-Unique-ID
X-Pubstack
X-Microcachable
Origin-Cache-Control
Origin-Edge-Control
Fastcgi-X-Cache-Version
X-Webkit-Csp
X-Cache-Category-Id
X-Cache-Server
Odigeo-Trace-Id
X-Grey
X-ApacheServer
X-PERF
X-Via-NSCOPI
X-CS
X-Powered-By-Defense
Access-Control-Request-Headers
IBM-Web2-Location
X-Format
X-Edge
X-HTML-Minification-Powered-By
X-Detected-As
X-Is-Bot
X-Akamai-Request-ID2
Ec-Rule-Version
Proxy-Connection
X-Akamai-Transformed
X-BACKEND-TTL
Cache-Tags
X-Compress-Hint
X-UnsetCookies
Backend-Name
X-CDN-Forward
X-Varnish-Cacheable
X-ScT
HA-Ipaddr
Fastly-SIE
X-NX-Host
Mobile-Detection-Method
Rendered-Blocks
X-PAYTM-SRV-ID
Node
Request-Country
Cdn-Host
Cdn-Request-Time
Request-Time
Request-EU
Fly-Request-Id
Cache-Prefix
BehaviorPad-Version
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Processor
AsisCache
Proxy-Firewall
Fly-Cache
Arc-Country
A
Content-Script-Type
X-Org
X-Rewrite-Enabled
Server-ID
X-Request-UUID
X-Rojux
X-S-Cookie
Ha-Gx-Prefs
ServerName
GEO-REGION-INFO
Cross-Origin-Window-Policy
Rt-Proxy-Cache
Content-Style-Type
X-Rebelmouse-Cache-Control
X-NU-AKA-ACS-Version
X-Rebelmouse-Surrogate-Control
X-Region-Sid
Fastly-SWR
MD5-Digest
Meta-Geo-Continent
X-S-Maxage
X-Debug-Cookies
X-B-Cookie
X-Cdn-Srv
X-Connection-Hash
X-Eu-Site
X-External-Request-Id
X-Vtex-Processado-Em
X-Cache-Bucket
X-Application
X-Edge-Server
X-Destination
X-Worker
X-Cluster-Name
X-IN-APIGATEWAY
X-Instart-Info
X-CF-Lambda-Fn
X-Internal-Host
X-ARC
X-Nc
X-Vtex-Remote-Cache
X-VG-WebServer
X-CGP
X-Developer
X-G
Viewtype
X-DPWN-IS-SECURE
Xc-Version
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-SRCache-Key
X-A-Ccd
X-A
VivaBuild
X-HS-Cache-Config
X-Server-Time
X-Transaction
Hostname
X-Accel-Expires-Debug
X-Date
X-D
X-App-Name
X-Twitter-Response-Tags
X-AIR-PT
PageSpeed
X-Debug-Log
X-Aed
X-HS-Combine-CSS
X-Trv-Group
X-CF-Lambda-Version
X-Tb
X-Oracle-Dms-Rid
X-ElasticPress-Search
X-Cache-Id
X-Generated-On
Is-Eu
X-Cache-Info
Server-Int
Memcached
SS
X-Irp-Debug
X-Level-Front-Cache
X-ND-Cache
X-Nginx-Cache-Key
X-Dispatch
True-Client-Country-4JS
X-Cdn-Origin
X-Dispatcher-Server
X-Location
Mime-Version
X-Hash
RNT-Machine
X-Clientip
X-GeoIP-Country-Code
Platform
X-Fastly-Cache
Resin-Trace
X-Geo-Header
RNT-Time
X-Epic-Correlation-Id
Server-Host
X-Core-Mission
X-Backend-State
Section-Io-Cache
On-Server
Gh-Request-Id
X-Server-IP
X-Variation
X-Qloud-Router
Adler-Geo
LB
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Reqid
X-Request-URI
X-Skip-Cache
X-ServiceProvider
X-Sn-Servicetimems
X-B3-Parentspanid
X-C
X-TH-Server
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Key
Countrycode
X-PHP-Host
Esi-Enabled
X-We-Are-Hiring
Country-Code
X-NC
X-LI-UUID
Wxu-Next-Region
X-Wikidot-Backend
X-Auto-Login
X-BBXSRF
X-Hnp-Log
X-Swa-Ws
X-SVT-ORM-VERSION
X-Method
X-SVT-ORM-RULES
X-Wikidot-Static-Cache
X-WebServer
X-SIPLIST1
X-Servername
X-Webstats-RespID
X-Generation-Time
X-Device-Os
X-Developers
X-Crawler
X-GRACE
X-Distil-CS
X-Fetched-On
X-Li-Fabric
X-Gannett-Site-Version
Wxu-Next-Hostname
X-FPC
X-LI-Proto
X-Li-Pop
X-Cache-FS-Status
X-Gen-Mode
X-CDN-Cache
X-Block-Status
X-Amz-Meta-Cache-Control
REQUESTUUID
X-Protected-By
X-Reboot
SD-X-WS
X-Request-Start
Wxu-Next-Commit
Pramga
Content-Disposition
IsBot
CDCHOST
PFcat
Powered-By
X-Response-By
AKAMAI
UCS
X-Served-From
X-SD-PageType
Web-Mar-Node
User-Cache-Control
V-Age
Who
X-Secret
X-Ua
X-Via-Edge
X-Parent-Response-Time
X-VServer
X-Cms-Context
X-CUA
W
Fastly-Soc-X-Request-Id
X-Fstrz
Pragrma
X-GeoIP-City
Heartbleed
GW-Server
X-Owner
Thinkindot-CacheControl-Type
X-Via-SSL
X-Azure-Ref
Thinkindot-Control
X-Origin-Date
X-Thanos
Thinkindot-CacheControl
X-Origin-Expires
X-Bip
X-Azure-Ref-OriginShield
X-Release
X-Thinkindot-L3
X-Matched-Rule
Accept-Language
X-Varnish-Ttl
CF-IPCountry
X-CLOUD-TRACE-CONTEXT
X-Varnish-Url
X-WADP-Cache
X-OVcl-Cache
X-Clara-WADP
X-OVcl
X-Cdn-Forward
X-VC-Cache
X-Origin-TTL
X-Origin-CC
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-B3-SpanId
X-Ratelimit-Remaining
L
X-Planisys-CDN-TTL
X-Be
X-Phone
X-Core-Value
X-IN-WAF
X-LAGOON
X-Proxy-Upstream
X-Proxy-Cache-Status
Memory
N-Cache
X-Varnish-Beresp-Ttl
Kp-EeAlive
X-Birta-Served
X-TrackingId
X-Birta-Cache-Post
X-FE
X-Amzn-Remapped-Content-Length
X-Varnish-IP
Selected-Fe
X-Pf-Uncompressing
User-Agent
Selected-FE
HitType
X-Info
X-Urbn-Site-Id
Locale
X-URL
X-Urbn-Context-Path
X-Page-Type
Magicmarker
X-Geo
X-Ttl
X-Dynatrace-Js-Agent
X-DC
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Zone
Cdn
X-ABtesting
X-App-Version
Pagetype
X-Backend-TTL
X-Flog
X-Hello
Geoip-City
X-TT-LOGID
GeoIp-Country-Code
X-Newrelic-Synthetics
X-Source
X-Generated-In
Geoip-Latitude
X-User
X-Litespeed-Cache
X-Agile-Age
X-Backend-Url
X-Backend-Host
X-Web-Server
X-Agile-Id
X-Agile
X-SERVER-NAME
X-HS-Status
X-Cache-Debug
X-Refresh
X-Mid
X-MID
CF-Cached-On
X-Real-Ip
X-Soup
SN
X-Servedbyhost
X-Up
X-Tt-Trace-Tag
X-MSEdge-Flight
X-GoCache-CacheStatus
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-MSEdge-Features
X-Check-Cacheable
X-CACHE-KEY
X-Aicache-OS
X-ZONE
X-Vcl-Version
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
X-VCL-Version
X-Oss-Object-Type
X-Tb-Optimization-Total-Bytes-Saved
X-ServedByHost
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
FSS-Cache
X-Oss-Server-Time
FSS-Proxy
X-Oss-Storage-Class
HostName
X-APP
Ohc-Cache-HIT
Ohc-File-Size
X-NWS-UUID-VERIFY
X-Contensis-Viewer-Groups
X-SayCDN-TTL
X-Say-TTL
X-UPSTREAM-Address
Group
Server-Surrogate-Control
X-Varnish-Authentication
GeoIP-Country-Code
Server-Cache-Control
X-Cache-ASPX
X-Amzn-Remapped-Connection
X-Say-Cacheable
X-Amzn-Remapped-Date
X-Old-Content-Length
X-EC-Lua
X-CSRF-Token
X-COUNTRY
RequestId
X-Via-Ucdn
X-Cache-Ttl
HTTPS
WZWS-RAY
GeoIP-City
GeoIP-Latitude
X-Bc
X-BC
Srv
Backend
Cache-Hits
X-Akamai-SSL-Client-Sid
X-SN
Www
X-Nananana
X-Proxy-Cacherz
Xkeyrz
X-ECache
Inserted-Into-Cache-At
X-Node-Id
Fastly-Backend-Name
X-Varnish-Beresp-TTL
X-Instart-Isnd
XServer
X-Dynatrace
WebServer
X-Logtrace-Id
X-IN-APIGATEWAYSSL
Ajk
X-PAGE-TYPE
X-Request-Url
X-Cache-Expires
Host-ID
X-WR-MODIFICATION
Lb
Requestid
Cf-Ipcountry
X-Cache-Tag
Xkeynj
X-FORWARDED-FOR
X-Unique-Id
Get-Access-Time
Is-Session-Tracking
X-CSRF-TOKEN
URI
X-Cache-Time
X-TIME
X-Fastly-Country-Code
X-NGENIX-Cache
X-Tec-Api-Root
X-MCACHE
X-Tec-Api-Version
X-Tec-Api-Origin
X-RateLimit-Limit-Second
X-PF-Uncompressing
X-Varnish-Action
X-Sedo-Request-Id
X-Fastly-Backend-Reqs
X-RateLimit-Remaining-Second
X-Cache-Miss-From
X-Edge-IP
Epwk-Cache
X-Requestid
X-LiteSpeed-Cache-Control
Dynatrace
X-BE
Fastcgi-X-Cache
X-Pjax-Url
Cneonction
X-Wa
X-SRV
Xet-Cookie
DataCenter
X-WA
X-Svr
PICS-Label
T-Server
Pics-Label
CDN
X-Swift-Error
X-Lb-Id
Correlation-Id
X-AssetVersion
X-NGINX-Cache
X-Dw-Trace-Id
X-Cf-Powered-By
X-LB-ID
X-GDPR
X-Var-Ttl
X-Ecache
X-Sf
X-PJAX-URL
X-Micro-Cache
FNAC-ModuleRouting
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Render-Time
X-Apw-Access-Action
X-Vct
X-Serial
X-Request-URL
X-ServerName
X-Litespeed-Cache-Control
X-Fpc
Cache-Provider
Lfy
Warning
X-Bug-Bounty
X-Akamai-ERPolicy
X-Html-Edge-Cache
X-WPE-Loopback-Upstream-Addr
Ohc-Response-Time
X-LiteSpeed-Tag
RequestUuid
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
X-DSS
X-DW
X-RPM
X-RPS
X-DI
X-DB
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-RSL