Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Response-Time
X-Cnection
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
EagleEye-TraceId
Surrogate-Control
Allow
X-ORACLE-DMS-ECID
X-Country
X-DynaTrace
X-Vhost
X-Cdn
X-TTL
X-Cache-Lookup
Pinterest-Generated-By
X-Ua-Compatible
X-Rack-Cache
X-Url
X-Origin-Upstream-Status
X-Clacks-Overhead
NEL
X-FTR-Request-ID
X-Dns-Prefetch-Control
Rating
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-Dispatcher
X-HW
X-CST
X-ORACLE-DMS-RID
X-Goog-Hash
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-TtlSet
X-PC
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
Verso
X-Recruiting
X-MS-InvokeApp
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-D2id
X-Varnish-TTL
RTSS
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
DynaTrace
X-Navigation-Version
X-SharePointHealthScore
X-GitHub-Request-Id
X-B3-TraceId
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Akam-SW-Version
Response
Display
X-Sol
X-Middleton-Display
X-Middleton-Response
X-Powered-By-Plesk
X-RateLimit-Remaining
MS-Author-Via
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Charset
X-Shield-Request-Id
Realpath
X-ESI
X-Forwarded-Proto
X-Amz-Rid
ServerID
Content-MD5
AR-CACHE
AR-ATIME
X-Powered-CMS
Ar-Sid
AR-PoweredBy
X-Trace
X-Upstream
X-Goog-Generation
Nginx-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
Fastly-Restarts
Public-Key-Pins
X-Version
X-Cached
Accept-Ch-Lifetime
X-Dw-Request-Base-Id
X-Server-Name
X-Shard
AR-Request-ID
X-DynaTrace-JS-Agent
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Access-Control-Request-Method
Pagespeed
Accept-CH
X-Grace
Paypal-Debug-Id
X-MSEdge-Ref
X-Goog-Storage-Class
X-Client-IP
SPRequestDuration
SPIisLatency
X-Vcache
Accept-Ch
S
X-Debug
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-FTR-Expires
X-DataStream-MidMile-RTT
X-Id
X-DataStream-Origin-MEX-Latency
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-N
Pinterest-Version
X-Pinterest-Rid
X-Fastly-Request-ID
X-Upstream-Proxy
Front-End-Https
X-Amzn-Trace-Id
X-DIS-Request-ID
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-T
MicrosoftSharePointTeamServices
X-Content-Type
X-Hits
X-FastCGI-Cache
X-XRDS-Location
X-B3-Sampled
X-FTR-Cache-Host
X-Varnish-Age
X-Ser
X-Frontend
X-Acc-Meta-Resource-Type
Fastcgi-Cache
X-Mobile-Rewrite
X-Logged-In
PB-PID
PB-RID
Arc-Version
Server-Name
X-Content-Digest
X-Correlation-Id
Alternate-Protocol
X-B3-Traceid
Nel
X-Node-Name
X-Pad
X-Cache-Key
X-Srv
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
FilterID
TP-L2-Cache
TP-Cache
X-Forwarded-For
Host
X-User-Agent
X-Kinsta-Cache
Healthy
X-Type
Powered-By-ChinaCache
X-Rid
X-LB-Cache
X-F-Cache
X-IPLB-Instance
Powered
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-AOL-HN
X-Debug-Info
X-Cache-2
X-VCache
Edge-Cache-Tag
X-Revision
X-Cached-By
X-GUploader-UploadID
X-XRDS-LOCATION
X-Analytics
Backend-Timing
X-Hostname
X-Cache-Age
X-Esi
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-HS-Hub-Id
X-HS-Content-Id
X-Cache-Rule
X-Via-JSL
X-Az
X-Activity-Id
X-Accel-Expires
X-AppVersion
X-Fastcgi-Cache
Surrogate-Key
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Content-Options
X-Instance
X-BCube-Filmed-By
X-Page-Id
X-Varnish-Grace
X-FB-Debug
X-PHP-Backend
X-Amz-Replication-Status
X-Cluster
X-Content-Powered-By
X-Jobs
X-Request-Guid
Server-Node
X-Tumblr-Pixel
Source
Cache-Status
Cleartype
X-Signature
X-Tumblr-Pixel-0
X-B-Cache
X-Akamai-Edgescape
X-Tumblr-User
Refresh
X-App-Environment
X-TT
X-Forwarded-Host
X-RateLimit-Limit
X-Framework
Accept-CH-Lifetime
Liferay-Portal
X-FW-Type
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Hash
DC
X-ATG-Version
X-Varnish-Hostname
Tracecode
Host-Header
Accept-Charset
X-Mobile
Fastcgi-Useragent
Access-Control-Allow-Method
WPE-Backend
X-Cache-Operation
X-Cache-Action
X-Cache-Control
X-Edge-Location
X-Drupal-Cache-Tags
X-Time
X-APP-VERSION
X-B
X-Whom
X-Accel-Buffering
Payment
X-Erf-Bev-Bev
X-Hp-Webp
X-Mobile-URL
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
Actual-Object-TTL
X-Cache-Hit
X-WA-Info
X-TX-ID
X-Storage
X-App-Server
NGB
X-SS-Set-Cookie
X-WebKit-CSP-Report-Only
X-Git-Hash
X-Content-Age
X-Yottaa-Metrics
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
X-Cacheable-TTL
X-Yottaa-Optimizations
X-NWS-LOG-UUID
Filters
X-UA-Device-Type
X-Handled-By
Cache-Tv-Group
X-RemovedCookies
Cache-Tag
X-Adobe-Content
X-Adobe-Loc
X-Status
Viewport
X-GeoIP
Eomportal-Instance
X-ProcessESI
X-RequestSource
X-Presslabs-Stats
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Geo-Country
X-VG-WebCache
Retry-After
X-Cache-TTL
Xserver
Datacenter
Webserver
X-FW-Dynamic
Cache
X-Cache-TTL-Remaining
X-Server-ID
MS-CV
X-TA-CDN-Provider
X-Seen-By
Server-Info
X-FB-TRIP-ID
X-Cache-Enabled
X-Oracle-Dms-Rid
X-Ratelimit-Limit
X-Host-Name
X-Ratelimit-Reset
X-Contextid
Frame-Options
X-RTag
X-Generated-By
Ms-Operation-Id
From-Origin
X-Origin-Server
X-Hyper-Cache
X-Mode
S-Cnection
Country
X-B3-Spanid
X-Cache-Var-Map
X-Cache-Var
Load-Balancing
Machine
X-ES-SERVER
Meta-Geo
X-CF-Powered-By
X-Cache-Config
X-RN-RSRV
X-Path-Route
X-Zipkin-Id
Cache-Key
Vix-Hermes-Req-Id
X-Labrador-Cache-Channel
X-Proxied
X-Cache-Grace
X-Routing-Service
X-Tumblr-Pixel-3
X-Upstream-CT
X-Upstream-HT
Now
X-Cache-Host
Decoy-Debug-Key
X-Backend-Name
Decoy-Debug-TTL
X-Drupal-Cache-Contexts
X-Access
GEO-INFO
Decoy-Debug-Status
X-Viewer-Country
X-Varnish-Cache-Hits
X-Loop
X-OCL
X-Upgrade-Enabled
X-TNCMS
X-PCL
X-Section
X-Guploader-Uploadid
X-Varnish-Server
X-From
X-Web-Node
X-Human
X-Hit
Rt-Fastcgi-Cache
ServedBy
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-VWS-Id
X-EIG-Tracking-Id
X-R9-Blue-Green-Version
X-Alternate-Cache-Key
X-Trace-Id
X-LJ-Flow-ID
X-Magnolia-Registration
X-L-Path
X-CCM
X-Environment-Context
X-Origin-Response-Time
X-Region
Mn-Server-Ip
X-VG-TLSProxy
X-Debug-Cache
X-AWS-Id
X-Rule
X-Via-Fastly
X-Akamai-Request-ID
X-Proto
OT-Force-Account-Verify
X-NCache
Mail-Subject
X-RCS-CacheZone
X-Endurance-Cache-Level
X-Rendered-As
We-Hiring
X-MP-GENERATED-AT
X-Generated
X-FC-Vary-Parameters
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
X-Locale
X-JoinUs
X-Site-Version
X-S
X-Cluster-Node
X-Timing-Wait
X-Proxy-Build
Akamai-GRN
DSUID
X-Xfnlog-Site
Version
X-Device-Type
DB-Nickname
Release
Cache-Name
X-Www-Served-By
X-Varnish-Hits
Uber-Trace-Id
X-Nginx-Cache
SRV
X-Request-Time
X-NewRelic-App-Data
ProcessTime
X-Time-Microsecs
X-IP
X-PressLabs-Stats
X-ProxyCache-Status
X-ProxyCache-Key
CACHE
X-VCT
X-BYPASS-REASON
X-Load-Cache
X-Dc
Time
NGX
X-Redis-Cache
Cteonnt-Length
NtCoent-Length
Azure-SiteName
X-UUID
X-Platform-Server
Azure-Version
Azure-SlotName
S-Rt
Azure-RegionName
Azure-InstanceId
X-FW-Version
X-Origin
X-Via-CDN
X-Akamai-Request-ID2
X-Wix-Request-Id
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-No-Session
TWC-Locale-Group
TWC-Device-Class
TWC-Connection-Speed
Property-Id
Webcakes-App-Version
TWC-Privacy
X-Origin-Hint
Webcakes-App-Name
Webcakes-Region
X-ECACHE
X-EdgeConnect-Cache-Status
X-Cache-NE
X-RateLimit-Reset
X-MServer
X-CDN-Forward
X-Rocket-Nginx-Bypass
X-FireWall-Port
X-Proxy
X-Hl-Ver
X-IPS-LoggedIn
Odigeo-Trace-Id
X-ServerID
X-HTML-Minification-Powered-By
X-Daa-Tunnel
X-Vgn-Hpd-Reason
Origin
X-UA
X-Akamai-Transformed
X-ApacheServer
X-GEO
X-PERF
X-Cache-Remote
X-Oneagent-Js-Injection
X-Distributor
X-CS
X-Format
X-Cache-Server
Ec-Rule-Version
Access-Control-Request-Headers
LB
Fastly-SSL
Accept-Language
X-Webkit-Csp
Cache-Tags
X-SERVER-NAME
X-UnsetCookies
X-Tb
L5d-Success-Class
X-Pubstack
Hostname
X-Microcachable
X-Unique-ID
Origin-Edge-Control
Origin-Cache-Control
X-BACKEND-TTL
X-Real-IP
X-Cache-Backend
Served-By
X-Compress-Hint
X-URL
X-Varnish-Cacheable
Fastcgi-X-Cache-Version
Fly-Cache
Cdn-Host
Cache-Prefix
Cdn-Request-Time
Content-Script-Type
Content-Style-Type
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Arc-Country
AKAMAI
AsisCache
BehaviorPad-Version
Cache-Cookie-Set-From
Cross-Origin-Window-Policy
Fastly-SIE
Proxy-Firewall
Node
Rendered-Blocks
Request-Country
Xc-Version
Mobile-Detection-Method
Meta-Geo-Continent
Fastly-SWR
Fly-Request-Id
GEO-REGION-INFO
MD5-Digest
Request-EU
X-Aed
X-Generated-On
X-Transaction
X-Geo-Header
X-SRCache-Key
X-ScT
X-Server-Time
X-G
X-External-Request-Id
X-Destination
A
X-Detected-As
X-Developer
X-Edge-Server
X-DPWN-IS-SECURE
X-IN-APIGATEWAY
X-Instart-Info
X-S-Cookie
X-Rebelmouse-Cache-Control
X-Rojux
X-Rewrite-Enabled
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-PAYTM-SRV-ID
X-Org
X-S-Maxage
X-Internal-Host
X-Is-Bot
X-Level-Front-Cache
X-NU-AKA-ACS-Version
X-Date
X-D
X-A-Dcw
X-A-Dam
X-A-Wwc
X-Accel-Expires-Debug
X-Request-UUID
X-Vtex-Remote-Cache
X-Worker
X-A-Ccd
Rt-Proxy-Cache
REQUESTUUID
Server-ID
Viewtype
X-A
VivaBuild
X-AIR-PT
X-App-Name
X-Trv-Group
X-Twitter-Response-Tags
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-Cluster-Name
X-Cache-Bucket
X-B-Cookie
X-VG-WebServer
X-Vtex-Processado-Em
X-Application
X-Varnish-Url
X-ARC
Request-Time
X-A-Dgt
X-B3-Parentspanid
Proxy-Connection
X-Amzn-Remapped-Content-Length
X-Grey
X-Cache-Category-Id
IBM-Web2-Location
Selected-Fe
Backend-Name
ServerName
X-Nc
RNT-Machine
Server-Int
Resin-Trace
X-Fastly-Cache
RNT-Time
X-Sn-Servicetimems
On-Server
X-SVT-ORM-VERSION
Memcached
Platform
X-SVT-ORM-RULES
X-Skip-Cache
True-Client-Country-4JS
X-ServiceProvider
W
X-Core-Mission
X-HS-Combine-CSS
X-Clientip
X-CGP
X-HS-Cache-Config
X-Debug-Cookies
X-Eu-Site
X-Epic-Correlation-Id
X-GeoIP-Country-Code
X-Debug-Log
X-Cdn-Srv
X-Cdn-Origin
X-Nginx-Cache-Key
X-NX-Host
X-PHP-Host
X-Variation
X-Edge
X-Method
X-Cache-Info
X-Cache-Id
X-Backend-State
X-Request-URI
Section-Io-Cache
Esi-Enabled
X-C
X-We-Are-Hiring
Gh-Request-Id
Countrycode
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Adler-Geo
Ha-Gx-Prefs
Content-Disposition
HA-Ipaddr
Is-Eu
X-NC
X-ElasticPress-Search
X-SERVER
X-LI-UUID
X-Hash
X-Server-IP
X-Auto-Login
X-Location
X-TH-Server
X-Owner
L
X-GeoIP-City
X-TrackingId
CDCHOST
X-LI-Proto
X-Amz-Meta-Cache-Control
X-Bip
X-Irp-Debug
X-Key
X-Qloud-Router
X-Thanos
X-Clara-WADP
X-Cms-Context
IsBot
X-Distil-CS
X-CDN-Cache
X-Li-Pop
X-Block-Status
X-Gen-Mode
X-Li-Fabric
X-Cache-FS-Status
X-Device-Os
X-Hnp-Log
X-BBXSRF
X-Proxy-Upstream
SD-X-WS
X-Servername
X-Swa-Ws
Server-Host
X-Dispatcher-Server
X-Gannett-Site-Version
X-FPC
Fastly-Soc-X-Request-Id
X-WADP-Cache
PFcat
X-WebServer
X-SIPLIST1
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Proxy-Cache-Status
X-Secret
Web-Mar-Node
N-Cache
X-Reqid
X-Reboot
X-Fetched-On
X-Developers
SS
X-Request-Start
Country-Code
X-SD-PageType
UCS
X-Dispatch
X-Response-By
V-Age
User-Cache-Control
Kp-EeAlive
X-Webstats-RespID
Wxu-Next-Commit
X-Served-From
Powered-By
Pramga
Heartbleed
X-VServer
X-Thinkindot-L3
X-VC-Cache
Who
X-Processor
X-Matched-Rule
X-Crawler
X-Release
Wxu-Next-Region
Wxu-Next-Hostname
X-Origin-Expires
X-Origin-Date
X-Powered-By-Defense
X-Generation-Time
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Via-NSCOPI
X-Azure-Ref-OriginShield
X-Azure-Ref
Thinkindot-Control
X-Urbn-Context-Path
X-Urbn-Site-Id
CF-IPCountry
X-Varnish-Ttl
X-Parent-Response-Time
Locale
X-Via-Edge
X-CLOUD-TRACE-CONTEXT
X-Via-SSL
X-FE
X-OVcl
X-OVcl-Cache
X-CUA
GW-Server
X-Pf-Uncompressing
Mime-Version
PageSpeed
User-Agent
X-Dynatrace-Js-Agent
X-Ratelimit-Remaining
Magicmarker
X-Ua
X-Varnish-Beresp-Ttl
X-ND-Cache
X-LAGOON
X-Protected-By
X-ABtesting
X-Flog
X-Hello
Memory
Pagetype
X-Geo
X-Be
X-Generated-In
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-User
Pragrma
X-Page-Type
X-Fstrz
X-Origin-TTL
X-B3-SpanId
X-Origin-CC
X-Newrelic-Synthetics
X-Backend-Host
X-Ttl
X-Up
X-COUNTRY
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-MSEdge-Flight
X-Backend-Url
X-MSEdge-Features
X-Cache-Ttl
X-Soup
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Zone
X-Check-Cacheable
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Phone
X-Backend-TTL
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Core-Value
X-IN-WAF
X-DC
Geoip-City
Geoip-Latitude
GeoIp-Country-Code
X-TT-LOGID
X-Cdn-Forward
X-ZONE
X-Litespeed-Cache
X-Say-TTL
X-Servedbyhost
Cdn
Cache-Hits
X-SayCDN-TTL
X-Say-Cacheable
X-Birta-Served
X-Old-Content-Length
X-Birta-Cache-Post
X-Akamai-SSL-Client-Sid
X-Real-Ip
X-Mid
X-Datadome
X-HS-Status
SN
X-CSRF-TOKEN
X-VCL-Version
X-Varnish-IP
X-Info
Amp-Access-Control-Allow-Source-Origin
X-Cache-Time
X-MID
X-Ruxit-Js-Agent
X-FORWARDED-FOR
Selected-FE
Inserted-Into-Cache-At
X-Aicache-OS
FSS-Cache
FSS-Proxy
HitType
X-Node-Id
Fastly-Backend-Name
X-Vcl-Version
XServer
WZWS-RAY
X-BC
X-Tb-Optimization-Total-Bytes-Saved
Ajk
X-ServedByHost
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Logtrace-Id
X-IN-APIGATEWAYSSL
X-Refresh
X-EC-Lua
Srv
X-Agile
X-Varnish-Authentication
X-Cache-ASPX
Server-Surrogate-Control
X-UPSTREAM-Address
X-Agile-Age
X-Cache-Debug
HostName
CF-Cached-On
Server-Cache-Control
X-App-Version
X-Contensis-Viewer-Groups
X-Agile-Id
X-Bc
RequestId
X-RateLimit-Limit-Second
GeoIP-Country-Code
X-RateLimit-Remaining-Second
X-Wa
X-CSRF-Token
X-CACHE-KEY
X-Source
X-Nananana
X-GRACE
X-Via-Ucdn
GeoIP-Latitude
GeoIP-City
X-APP
X-SRV
X-Web-Server
X-WR-MODIFICATION
X-Proxy-Cacherz
Xkeyrz
T-Server
X-TIME
X-ECache
WebServer
X-LiteSpeed-Cache-Control
X-NWS-UUID-VERIFY
X-GDPR
X-Micro-Cache
Cf-Ipcountry
Ohc-File-Size
PICS-Label
X-Varnish-Beresp-TTL
X-Render-Time
X-PJAX-URL
X-LB-ID
Xkeynj
Group
MIME-Version
X-Unique-Id
Get-Access-Time
Ohc-Cache-HIT
Is-Session-Tracking
X-Fastly-Country-Code
X-Cache-Tag
X-PAGE-TYPE
URI
X-Uri
HTTPS
X-Policy
CDN
X-BE
X-Sedo-Request-Id
Dynatrace
X-Cache-Miss-From
X-Requestid
X-MCACHE
Pics-Label
X-Edge-IP
Lb
X-Pjax-Url
X-SN
Backend
X-Request-Url
X-Fastly-Backend-Reqs
SID
Www
DataCenter
Xet-Cookie
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Lb-Id
Cache-Provider
Cneonction
X-Swift-Error
X-Vct
X-Service
X-Cdn-Request-ID
X-Instart-Isnd
X-Dw-Trace-Id
X-NGINX-Cache
X-PF-Uncompressing
X-Ecache
X-Cache-Expires
Host-ID
X-Var-Ttl
Correlation-Id
FNAC-ModuleRouting
Requestid
X-Cf-Powered-By
X-WA
X-Newrelic-App-Data
X-Fe
Ohc-Response-Time
X-Akamai-ERRuleID
X-Serial
X-Fastly-Cache-Hits
X-Akamai-ERPolicy
NnCoection
X-RPS
X-Flow-Id
Lfy
Warning
X-Html-Edge-Cache
X-Zalando-Child-Request-Id
X-Varnish-Action
X-Page-Impression-Id
X-DB
X-DI
X-Bug-Bounty
X-Fpc
X-RSL
X-RPM
X-DSS
X-DW
X-ServerName