Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Rq
Report-To
X-Ac
X-Node
X-Request-ID
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-DynaTrace
X-Vhost
X-Cdn
X-TTL
X-Cache-Lookup
X-Rack-Cache
X-Ua-Compatible
X-Origin-Upstream-Status
Pinterest-Generated-By
X-Clacks-Overhead
X-Url
X-FTR-Request-ID
NEL
X-Dns-Prefetch-Control
Rating
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Dispatcher
X-ORACLE-DMS-RID
X-CST
X-HW
X-Goog-Hash
X-Instart-Request-ID
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
X-DataStream-Cache-Status
X-PC
X-TtlSet
X-Vname
X-DataDome
Edge-Control
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
Verso
X-Recruiting
X-MS-InvokeApp
RTSS
X-Varnish-TTL
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
TCN
X-GitHub-Request-Id
X-SharePointHealthScore
X-Navigation-Version
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-B3-TraceId
X-Akam-SW-Version
X-Sol
X-Middleton-Response
Display
Response
X-Middleton-Display
DynaTrace
X-Powered-By-Plesk
MS-Author-Via
X-ESI
Charset
X-RateLimit-Remaining
Realpath
X-Forwarded-Proto
X-Shield-Request-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Amz-Rid
ServerID
X-Powered-CMS
AR-CACHE
AR-PoweredBy
Ar-Sid
X-Server-Name
AR-ATIME
X-Trace
X-Upstream
Content-MD5
Public-Key-Pins
X-Version
Fastly-Restarts
X-Cached
X-Goog-Stored-Content-Length
X-Goog-Generation
Nginx-Cache
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Accept-CH
X-Dw-Request-Base-Id
X-Shard
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
AR-Request-ID
X-B3-TraceId-Primal
X-Grace
Access-Control-Request-Method
Pagespeed
Paypal-Debug-Id
X-MSEdge-Ref
X-DynaTrace-JS-Agent
SPIisLatency
X-Goog-Storage-Class
SPRequestDuration
X-Client-IP
Accept-Ch-Lifetime
X-Debug
S
X-Id
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Expires
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Vcache
X-Fastly-Request-ID
X-N
Front-End-Https
X-T
Accept-Ch
X-Amzn-Trace-Id
X-NF-Request-ID
Pinterest-Version
X-Pinterest-Rid
Arr-Disable-Session-Affinity
X-Content-Type
X-DIS-Request-ID
X-Upstream-Proxy
MicrosoftSharePointTeamServices
X-Hits
X-FastCGI-Cache
X-B3-Sampled
X-FTR-Cache-Host
X-Frontend
X-Ser
X-Mobile-Rewrite
PB-PID
PB-RID
X-Acc-Meta-Resource-Type
X-Logged-In
Arc-Version
Server-Name
X-XRDS-Location
Fastcgi-Cache
X-Varnish-Age
X-Content-Digest
X-B3-Traceid
X-Correlation-Id
Alternate-Protocol
X-Srv
X-Cache-Key
Nel
X-Node-Name
X-VCache
X-Pad
X-Microsite
X-Request-Handler-Origin-Region
FilterID
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
X-Forwarded-For
X-LB-Cache
TP-Cache
X-Rid
TP-L2-Cache
X-Kinsta-Cache
X-Type
Healthy
X-XRDS-LOCATION
X-Request-Received
X-F-Cache
Host
X-Zen-Fury
X-Request-Processing-Time
X-IPLB-Instance
Powered
X-Amz-Apigw-Id
X-Amzn-RequestId
Accept-CH-Lifetime
X-Cache-2
Powered-By-ChinaCache
X-Revision
X-AOL-HN
Edge-Cache-Tag
X-Debug-Info
X-Cached-By
X-Analytics
Backend-Timing
X-Via-JSL
X-Cache-Age
X-Kong-Upstream-Latency
X-Activity-Id
X-Kong-Proxy-Latency
X-AppVersion
X-Az
X-HS-Hub-Id
X-HS-Content-Id
X-Fastcgi-Cache
X-GUploader-UploadID
X-Accel-Expires
X-Hostname
X-Cache-Rule
Surrogate-Key
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Page-Id
X-Tumblr-Pixel-0
X-Amz-Replication-Status
X-Jobs
X-Tumblr-Pixel
X-Instance
X-Tumblr-User
X-Content-Powered-By
X-App-Environment
X-Varnish-Grace
Server-Node
X-Akamai-Edgescape
Cache-Status
X-Cluster
X-Content-Options
Cleartype
X-PHP-Backend
X-FB-Debug
X-Request-Guid
X-TT
Refresh
X-B-Cache
X-Esi
Source
X-BCube-Filmed-By
X-Signature
X-Framework
X-Forwarded-Host
Liferay-Portal
X-FW-Hash
DC
X-FW-Serve
X-FW-Static
X-FW-Type
X-FW-Server
X-Varnish-Hostname
X-RateLimit-Limit
X-ATG-Version
Tracecode
Accept-Charset
Access-Control-Allow-Method
Host-Header
X-Mobile
X-Time
X-Cache-Action
WPE-Backend
X-Cache-Control
Fastcgi-Useragent
X-Drupal-Cache-Tags
X-Whom
X-B
X-Edge-Location
X-APP-VERSION
X-Cache-Operation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Mobile-URL
X-Response-Served-From
X-Hp-Webp
X-Accel-Buffering
NGB
X-WA-Info
Actual-Object-TTL
X-Cache-Hit
X-TX-ID
X-WebKit-CSP-Report-Only
X-App-Server
X-Content-Age
Payment
Filters
X-Git-Hash
X-Storage
Upgrade-Insecure-Requests
X-Yottaa-Optimizations
Viewport
X-GeoIP
X-Cacheable-TTL
X-RequestSource
Eomportal-Instance
X-UA-Device-Type
Cache-Tv-Group
X-TT-TIMESTAMP
X-Yottaa-Metrics
X-Adobe-Content
Cache-Tag
X-ProcessESI
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Status
X-Presslabs-Stats
X-Handled-By
X-Adobe-Loc
X-RemovedCookies
X-NWS-LOG-UUID
X-Cache-TTL
X-SS-Set-Cookie
X-TA-CDN-Provider
Retry-After
X-Geo-Country
MS-CV
X-VG-WebCache
X-Ratelimit-Limit
X-FW-Dynamic
X-Cache-TTL-Remaining
X-Server-ID
Xserver
Webserver
Datacenter
X-Seen-By
X-FB-TRIP-ID
X-Host-Name
X-Cache-Enabled
X-RTag
Ms-Operation-Id
X-Oracle-Dms-Rid
Cache
Frame-Options
Server-Info
X-Webkit-Csp
X-Contextid
X-Guploader-Uploadid
X-Generated-By
X-Hyper-Cache
X-Origin-Server
From-Origin
X-Mode
Country
X-Ratelimit-Reset
X-B3-Spanid
S-Cnection
X-Cache-Var
X-ES-SERVER
X-Cache-Var-Map
X-Path-Route
X-Tumblr-Pixel-3
Machine
Meta-Geo
X-RN-RSRV
Load-Balancing
X-Cache-Config
GEO-INFO
X-CF-Powered-By
X-Routing-Service
X-Upstream-HT
X-Proxied
X-Cache-Grace
X-Zipkin-Id
X-Upstream-CT
Now
ServedBy
Vix-Hermes-Req-Id
X-Access
X-Sorting-Hat-PodId
X-From
X-Labrador-Cache-Channel
X-MP-GENERATED-AT
X-Alternate-Cache-Key
X-EIG-Tracking-Id
X-ShardId
X-Sorting-Hat-ShopId
X-Section
X-Dc
X-Shopify-Stage
X-R9-Blue-Green-Version
X-Cache-Host
Decoy-Debug-TTL
Decoy-Debug-Status
X-Backend-Name
Cache-Key
X-Varnish-Server
X-ShopId
X-Viewer-Country
Decoy-Debug-Key
X-Hit
X-Human
X-CCM
X-Cluster-Node
Akamai-GRN
Cache-Name
X-Debug-Cache
X-Endurance-Cache-Level
X-AWS-Id
X-Environment-Context
Rt-Fastcgi-Cache
X-OCL
X-Via-Fastly
X-Trace-Id
X-VWS-Id
X-TNCMS
X-Timing-Wait
X-Proxy-Build
X-Varnish-Cache-Hits
X-Rule
X-Region
X-Upgrade-Enabled
Mn-Server-Ip
X-Web-Node
X-PCL
X-LJ-Flow-ID
X-Magnolia-Registration
X-Loop
X-L-Path
X-Locale
X-NCache
X-Drupal-Cache-Contexts
X-Proto
DSUID
Mail-Subject
Release
X-Akamai-Request-ID
CACHE
X-Rendered-As
X-Site-Version
X-Xfnlog-Site
Version
X-Generated
DB-Nickname
X-S
X-Origin-Response-Time
X-Www-Served-By
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
We-Hiring
OT-Force-Account-Verify
X-Device-Type
X-FC-Vary-Parameters
X-Hosted-By
SRV
X-VG-TLSProxy
X-Varnish-Hits
X-RCS-CacheZone
NtCoent-Length
X-Load-Cache
ProcessTime
X-IP
X-Request-Time
X-Time-Microsecs
Uber-Trace-Id
X-RateLimit-Reset
X-NewRelic-App-Data
X-PressLabs-Stats
X-Akamai-Request-ID2
Time
X-Origin-Hint
TWC-Locale-Group
Azure-InstanceId
X-ProxyCache-Key
X-ProxyCache-Status
TWC-Privacy
X-VCT
Webcakes-App-Name
Webcakes-App-Version
Azure-RegionName
Webcakes-Region
X-BYPASS-REASON
Property-Id
Azure-SiteName
Azure-Version
TWC-Connection-Speed
TWC-GeoIP-LatLong
Azure-SlotName
TWC-GeoIP-Country
TWC-Device-Class
X-UA
X-Redis-Cache
X-FW-Version
Cteonnt-Length
X-Origin
X-Nginx-Cache
S-Rt
NGX
X-No-Session
X-Via-CDN
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
X-Proxy
X-UUID
X-Platform-Server
X-FireWall-Port
X-CDN-Forward
X-ECACHE
X-Cache-NE
X-Hl-Ver
X-Vgn-Hpd-Reason
X-Rocket-Nginx-Bypass
X-ApacheServer
X-PERF
X-Daa-Tunnel
X-Akamai-Transformed
Odigeo-Trace-Id
X-IPS-LoggedIn
Origin
X-MServer
X-Oneagent-Js-Injection
X-ServerID
X-CS
X-Cache-Server
X-Cache-Remote
X-GEO
X-Format
X-Distributor
X-HTML-Minification-Powered-By
Accept-Language
X-UnsetCookies
Ec-Rule-Version
Cache-Tags
LB
Access-Control-Request-Headers
Fastly-SSL
X-Real-IP
X-Tb
Hostname
Selected-Fe
X-Pubstack
X-Microcachable
Proxy-Connection
X-BACKEND-TTL
X-Amzn-Remapped-Content-Length
Origin-Cache-Control
Served-By
Origin-Edge-Control
X-URL
L5d-Success-Class
Mobile-Detection-Method
Node
Cache-Prefix
Fly-Request-Id
X-B3-Parentspanid
Cdn-Host
MD5-Digest
Cdn-Request-Time
Meta-Geo-Continent
Content-Script-Type
Cross-Origin-Window-Policy
Fastcgi-X-Cache-Version
GEO-REGION-INFO
Content-Style-Type
X-CF-Lambda-Fn
X-Cdn-Srv
X-AIR-PT
X-A
VivaBuild
Arc-Country
X-A-Ccd
AsisCache
X-A-Dam
Request-Country
Viewtype
A
REQUESTUUID
Request-Time
Request-EU
Server-ID
Rt-Proxy-Cache
X-A-Dcw
Rendered-Blocks
X-Application
Cache-Cookie-Set-From
X-ARC
X-B-Cookie
Cache-Cookie-Set-Idcheck
X-Cache-Bucket
AKAMAI
BehaviorPad-Version
Proxy-Firewall
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
Cache-Cookie-Set-Lfrom
X-D
X-Is-Bot
X-Transaction
X-Level-Front-Cache
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Unique-ID
X-Instart-Info
X-Generated-On
X-Region-Sid
X-Geo-Header
X-IN-APIGATEWAY
X-NU-AKA-ACS-Version
X-SRCache-Key
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
X-S-Maxage
X-ScT
X-CF-Lambda-Version
X-Org
X-PAYTM-SRV-ID
X-Server-Time
X-G
X-Dynatrace-Js-Agent
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Trv-Group
X-Detected-As
X-Date
X-Worker
X-Cluster-Name
X-Connection-Hash
Xc-Version
Fly-Cache
X-Developer
X-Destination
X-Edge-Server
X-DPWN-IS-SECURE
X-VG-WebServer
X-Twitter-Response-Tags
X-Ratelimit-Remaining
X-Varnish-Url
X-External-Request-Id
X-ElasticPress-Search
X-Compress-Hint
ServerName
X-Request-URI
X-Varnish-Cacheable
X-TrackingId
Memcached
Gh-Request-Id
X-Sn-Servicetimems
X-ServiceProvider
W
X-Distil-CS
X-Device-Os
X-BBXSRF
X-Fastly-Cache
X-Internal-Host
X-Cache-Id
X-Developers
X-Cdn-Origin
X-Core-Mission
X-Debug-Cookies
X-Cache-Info
X-Debug-Log
X-Location
X-Method
RNT-Time
X-Qloud-Router
RNT-Machine
X-Rebelmouse-Cache-Control
Resin-Trace
Section-Io-Cache
X-PHP-Host
X-NX-Host
X-Nginx-Cache-Key
UCS
True-Client-Country-4JS
Server-Int
X-Rebelmouse-Surrogate-Control
X-App-Name
X-Nc
Fastly-SWR
Esi-Enabled
X-Cache-Backend
X-C
Fastly-SIE
X-Cache-Category-Id
X-NC
X-Grey
X-SERVER
IBM-Web2-Location
X-Gen-Mode
X-Fetched-On
X-HS-Combine-CSS
X-Eu-Site
X-Generation-Time
X-GeoIP-City
X-Hash
X-Hnp-Log
X-Irp-Debug
X-HS-Cache-Config
X-GeoIP-Country-Code
X-Crawler
X-Cache-FS-Status
X-CDN-Cache
X-Block-Status
X-Bip
X-Auto-Login
X-Backend-State
X-CGP
X-Clara-WADP
X-Dispatch
X-Dispatcher-Server
X-Key
X-Cms-Context
X-Clientip
X-Epic-Correlation-Id
X-Owner
X-Edge
X-Variation
X-Thanos
X-TH-Server
X-Swa-Ws
X-WADP-Cache
X-We-Are-Hiring
X-Wikidot-Static-Cache
Kp-EeAlive
X-Wikidot-Backend
X-Webstats-RespID
X-WebServer
X-Skip-Cache
X-SIPLIST1
X-Amz-Meta-Cache-Control
X-Proxy-Cache-Status
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-Reboot
X-Release
X-SD-PageType
X-Server-IP
X-Response-By
X-Request-Start
X-Reqid
X-Li-Fabric
X-Proxy-Upstream
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Backend-Name
Pramga
Platform
Powered-By
Apple-News-Services-Host
Apple-News-Services-Handled
SS
User-Cache-Control
Server-Host
SD-X-WS
Adler-Geo
On-Server
CDCHOST
HA-Ipaddr
Heartbleed
Ha-Gx-Prefs
GW-Server
Fastly-Soc-X-Request-Id
Is-Eu
IsBot
Content-Disposition
N-Cache
Country-Code
Countrycode
L
V-Age
PFcat
Wxu-Next-Region
Web-Mar-Node
Who
Wxu-Next-Commit
Wxu-Next-Hostname
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
Thinkindot-CacheControl-Type
X-FPC
X-SERVER-NAME
X-Gannett-Site-Version
X-FE
Thinkindot-CacheControl
X-Azure-Ref-OriginShield
X-Thinkindot-L3
X-VC-Cache
X-VServer
X-Secret
X-Azure-Ref
X-Origin-Date
X-Origin-Expires
Thinkindot-Control
X-Matched-Rule
X-Servername
X-CUA
X-Varnish-Ttl
X-Processor
X-Via-NSCOPI
X-Pf-Uncompressing
X-CLOUD-TRACE-CONTEXT
X-OVcl-Cache
X-Parent-Response-Time
X-OVcl
X-Served-From
X-Powered-By-Defense
User-Agent
X-Hello
X-Flog
X-Via-SSL
CF-IPCountry
X-Via-Edge
X-ABtesting
Magicmarker
PageSpeed
X-Be
Mime-Version
Pagetype
X-Generated-In
X-Backend-Host
X-Protected-By
X-ND-Cache
X-LAGOON
X-Backend-Url
X-Varnish-Beresp-Ttl
Memory
X-Geo
X-GoCache-CacheStatus
X-User
X-Tt-Trace-Tag
X-Page-Type
X-MSEdge-Features
X-MSEdge-Flight
X-B3-SpanId
X-Newrelic-Synthetics
X-Debug-Cache-Store
X-Fstrz
X-Planisys-CDN-Cache
X-Ttl
X-COUNTRY
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Pragrma
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Up
X-Origin-TTL
X-Origin-CC
X-Ua
X-Check-Cacheable
Geoip-City
X-Oss-Object-Type
X-Soup
GeoIp-Country-Code
X-Zone
X-Oss-Server-Time
Geoip-Latitude
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
Cache-Hits
X-Backend-TTL
X-Old-Content-Length
X-Cdn-Forward
X-Say-Cacheable
X-SayCDN-TTL
X-Cache-Ttl
X-Phone
X-Say-TTL
X-Core-Value
X-IN-WAF
X-ZONE
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-TT-LOGID
X-Cache-Time
Cdn
XServer
X-Servedbyhost
X-HS-Status
X-Vcl-Version
X-CSRF-TOKEN
X-Aicache-OS
Fastly-Backend-Name
X-Datadome
X-DC
SN
Inserted-Into-Cache-At
WZWS-RAY
X-Ruxit-Js-Agent
X-Birta-Cache-Post
X-Birta-Served
X-MID
Amp-Access-Control-Allow-Source-Origin
X-Mid
X-VCL-Version
Ajk
X-IN-APIGATEWAYSSL
X-Logtrace-Id
X-FORWARDED-FOR
X-Node-Id
FSS-Cache
FSS-Proxy
X-EC-Lua
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Tb-Optimization-Total-Bytes-Saved
X-ServedByHost
X-UPSTREAM-Address
X-BC
X-Real-Ip
Srv
X-Info
X-Varnish-IP
Selected-FE
X-RateLimit-Remaining-Second
HostName
X-RateLimit-Limit-Second
X-App-Version
CF-Cached-On
X-APP
Server-Surrogate-Control
Server-Cache-Control
HitType
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Refresh
X-Bc
X-Varnish-Authentication
X-CSRF-Token
X-Agile-Id
RequestId
X-Cache-Debug
Xkeyrz
X-Wa
X-Agile-Age
X-Agile
X-Proxy-Cacherz
Dynatrace
X-Source
T-Server
X-Nananana
X-LiteSpeed-Cache-Control
Cf-Ipcountry
X-Render-Time
X-TIME
X-Via-Ucdn
X-PJAX-URL
PICS-Label
X-WR-MODIFICATION
X-GDPR
GeoIP-Country-Code
X-ECache
X-Varnish-Beresp-TTL
WebServer
X-NWS-UUID-VERIFY
Ohc-File-Size
MIME-Version
GeoIP-Latitude
X-Fastly-Country-Code
X-LB-ID
X-Web-Server
GeoIP-City
Ohc-Cache-HIT
X-CACHE-KEY
Get-Access-Time
Is-Session-Tracking
X-Tec-Api-Version
X-SRV
Xkeynj
SID
X-Cache-Tag
X-Policy
X-Micro-Cache
X-Unique-Id
X-Tec-Api-Root
URI
X-Tec-Api-Origin
X-Uri
X-PAGE-TYPE
DataCenter
X-Requestid
Group
X-Cache-Miss-From
X-BE
X-Sedo-Request-Id
CDN
X-GRACE
X-MCACHE
X-Lb-Id
HTTPS
X-Service
X-Pjax-Url
X-Request-Url
X-Fastly-Backend-Reqs
X-NGINX-Cache
Cache-Provider
Xet-Cookie
Lb
Pics-Label
X-Var-Ttl
X-Swift-Error
X-Apw-Hits
Cneonction
X-Apw-Access-Action
X-SN
Backend
Www
X-Vct
X-Edge-IP
X-Apw-Access-Object
Warning
X-Apw-Access-Token
X-Dw-Trace-Id
Host-ID
X-Instart-Isnd
X-HostName
X-Ecache
X-WA
X-Cf-Powered-By
Correlation-Id
X-Cdn-Request-ID
X-Cache-Expires
FNAC-ModuleRouting
Ohc-Response-Time
X-Newrelic-App-Data
X-Is-Gdpr
X-Html-Edge-Cache
X-JWT-State
X-Has-Esi
X-Serial
X-DB
X-DI
X-Fe
X-DW
X-Page-Impression-Id
X-Flow-Id
X-Fastly-Cache-Hits
X-Zalando-Child-Request-Id
X-Fpc
X-RSL
X-RPS
X-ServerName
X-Akamai-ERRuleID
Lfy
X-DSS
X-RPM
X-Bug-Bounty
X-Akamai-ERPolicy
X-PF-Uncompressing
Requestid