Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Id-2
X-Amz-Request-Id
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-TTL
X-Url
X-DynaTrace
X-Vhost
X-Cdn
X-Rack-Cache
X-Clacks-Overhead
Pinterest-Generated-By
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
NEL
X-Ua-Compatible
X-CST
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-ORACLE-DMS-RID
X-Dispatcher
X-Instart-Request-ID
Fusion-Template-Id
Fusion-Content-Source
X-DataStream-Cache-Status
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-MS-InvokeApp
X-Mod-Pagespeed
SPRequestGuid
Verso
X-DataDome
X-Recruiting
X-Request-ID
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-Kinja
X-Dns-Prefetch-Control
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
RTSS
DynaTrace
TCN
X-Navigation-Version
X-Powered-By-Plesk
X-GitHub-Request-Id
X-RateLimit-Remaining
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-B3-TraceId
X-Middleton-Display
X-Middleton-Response
X-Sol
Response
Display
X-ESI
X-Akam-SW-Version
Accept-Ch-Lifetime
Content-MD5
Charset
MS-Author-Via
AR-PoweredBy
AR-CACHE
AR-ATIME
Ar-Sid
ServerID
X-Amz-Rid
X-Trace
X-Shield-Request-Id
X-TEC-API-ROOT
X-Server-Name
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Realpath
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Dw-Request-Base-Id
AR-Request-ID
X-Powered-CMS
X-Cached
X-DynaTrace-JS-Agent
X-Forwarded-Proto
X-Version
Nginx-Cache
Accept-Ch
X-Shard
X-Upstream
Fastly-Restarts
Public-Key-Pins
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
SPRequestDuration
SPIisLatency
X-Goog-Storage-Class
Paypal-Debug-Id
X-Pinterest-Rid
Pinterest-Version
X-MSEdge-Ref
X-Upstream-Proxy
Access-Control-Request-Method
Pagespeed
X-Client-IP
S
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Server-ID
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-Ezoic-Cdn
X-FTR-Expires
X-N
X-T
X-Grace
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
Accept-CH
X-XRDS-Location
Arr-Disable-Session-Affinity
X-Amzn-Trace-Id
Front-End-Https
X-NF-Request-ID
X-Hits
X-Content-Type
Arc-Version
X-Varnish-Age
X-Ser
PB-RID
PB-PID
X-Mobile-Rewrite
X-B3-Sampled
Alternate-Protocol
X-Acc-Meta-Resource-Type
Fastcgi-Cache
X-Vcache
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-VCache
Server-Name
X-Content-Digest
X-Srv
X-FastCGI-Cache
X-Pad
X-Correlation-Id
X-Forwarded-For
Host
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
X-B3-Traceid
Nel
Powered-By-ChinaCache
X-Request-Handler-Origin-Region
X-Microsite
FilterID
Healthy
TP-Cache
TP-L2-Cache
X-Rid
Edge-Cache-Tag
X-Kinsta-Cache
X-LB-Cache
X-Type
X-IPLB-Instance
X-Fastcgi-Cache
X-Request-Processing-Time
X-Debug-Info
X-Request-Received
X-User-Agent
X-AOL-HN
X-GUploader-UploadID
X-Cached-By
X-Cache-Key
X-Cache-2
X-Revision
X-Hostname
X-F-Cache
X-HS-Content-Id
X-HS-Hub-Id
Powered
X-Cache-Rule
X-Zen-Fury
X-Amz-Apigw-Id
X-Amzn-RequestId
Surrogate-Key
X-XRDS-LOCATION
X-Accel-Expires
Backend-Timing
X-Cache-Age
X-Analytics
X-RateLimit-Limit
X-Kong-Proxy-Latency
X-Page-Id
X-Kong-Upstream-Latency
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Instance
X-Varnish-Grace
X-Content-Options
X-BCube-Filmed-By
X-Az
X-Activity-Id
X-AppVersion
Source
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-FB-Debug
X-Jobs
X-Cluster
X-Content-Powered-By
X-Via-JSL
X-Amz-Replication-Status
Cache-Status
X-Request-Guid
X-PHP-Backend
X-Akamai-Edgescape
X-App-Environment
X-TT
Cleartype
X-Framework
Tracecode
Server-Node
X-Varnish-Hostname
WPE-Backend
X-Forwarded-Host
Refresh
X-Esi
Host-Header
X-B-Cache
X-Signature
X-FW-Server
X-FW-Serve
X-FW-Static
X-FW-Hash
X-ATG-Version
X-FW-Type
X-Mobile
X-Cache-Operation
Liferay-Portal
X-NWS-LOG-UUID
X-Cache-Control
X-Time
DC
Accept-Charset
X-Edge-Location
X-Drupal-Cache-Tags
Actual-Object-TTL
X-Cache-Action
Access-Control-Allow-Method
X-Cache-Hit
Fastcgi-Useragent
X-App-Server
Cache
Upgrade-Insecure-Requests
X-Hp-Webp
X-Cache-TTL
X-Mobile-URL
X-Response-Served-From
X-Accel-Buffering
Payment
X-TX-ID
X-Whom
X-Storage
X-B
X-Content-Age
X-WebKit-CSP-Report-Only
X-UA-Device-Type
X-Yottaa-Metrics
X-TT-TIMESTAMP
X-Yottaa-Optimizations
X-Handled-By
Xserver
Filters
X-Cacheable-TTL
X-Git-Hash
X-GeoIP
X-SS-Set-Cookie
X-Tumblr-Pixel-1
X-RequestSource
X-Tumblr-Pixel-2
X-VG-WebCache
Cache-Tv-Group
Eomportal-Instance
X-Adobe-Loc
X-Adobe-Content
X-WA-Info
Viewport
X-Ratelimit-Reset
X-ProcessESI
X-RemovedCookies
X-Geo-Country
X-TA-CDN-Provider
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Status
Server-Info
Cache-Tag
X-FB-TRIP-ID
Webserver
Datacenter
X-APP-VERSION
X-Cache-TTL-Remaining
NGB
X-Cache-Enabled
Retry-After
Accept-CH-Lifetime
X-FW-Dynamic
X-Contextid
X-Seen-By
S-Cnection
X-Ratelimit-Limit
X-Presslabs-Stats
X-Host-Name
X-Origin-Server
X-Oracle-Dms-Rid
X-PressLabs-Stats
MS-CV
X-Mode
Country
From-Origin
Frame-Options
X-Varnish-Hits
X-Magnolia-Registration
Load-Balancing
X-Hyper-Cache
Machine
Meta-Geo
X-ES-SERVER
X-Path-Route
X-Cache-Config
X-Daa-Tunnel
X-LJ-Flow-ID
X-Cache-Var
X-RN-RSRV
X-AWS-Id
X-VWS-Id
X-Cache-Var-Map
X-Tumblr-Pixel-3
X-Human
X-Labrador-Cache-Channel
Vix-Hermes-Req-Id
X-Upstream-HT
X-Zipkin-Id
Cache-Key
X-Proxied
X-Upstream-CT
X-Generated-By
X-Rendered-As
X-Routing-Service
X-Backend-Name
GEO-INFO
We-Hiring
X-Varnish-Cache-Hits
X-Cache-Grace
X-Cache-Host
Mail-Subject
DSUID
Release
X-CF-Powered-By
X-Hit
X-RTag
X-Section
X-TNCMS
Ms-Operation-Id
X-RCS-CacheZone
X-OCL
X-EIG-Tracking-Id
X-From
X-Device-Type
X-Debug-Cache
Uber-Trace-Id
X-Access
X-Loop
X-MP-GENERATED-AT
X-Web-Node
X-Viewer-Country
Mn-Server-Ip
Now
X-PCL
X-Varnish-Server
ServedBy
X-Sorting-Hat-ShopId
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
X-VG-TLSProxy
Decoy-Debug-Status
Decoy-Debug-Key
X-Akamai-Request-ID
X-Sorting-Hat-PodId
X-R9-Blue-Green-Version
Rt-Fastcgi-Cache
X-Alternate-Cache-Key
X-Rule
X-ShardId
OT-Force-Account-Verify
X-Shopify-Stage
X-ShopId
Decoy-Debug-TTL
Akamai-GRN
X-Origin-Response-Time
X-L-Path
X-Proto
X-CCM
X-Environment-Context
X-Upgrade-Enabled
X-Cluster-Node
X-Timing-Wait
X-Generated
X-FC-Vary-Parameters
X-NCache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Endurance-Cache-Level
DB-Nickname
X-Xfnlog-Site
X-Hosted-By
X-S
X-Region
X-Proxy-Build
X-Via-Fastly
Cache-Name
X-JoinUs
X-Guploader-Uploadid
X-NewRelic-App-Data
X-Load-Cache
X-Cache-NE
X-Drupal-Cache-Contexts
X-Trace-Id
NGX
X-Redis-Cache
X-Nginx-Cache
X-Locale
X-Platform-Server
X-Site-Version
X-UUID
X-Www-Served-By
X-VCT
X-Real-IP
X-MServer
X-EdgeConnect-Cache-Status
X-B3-Spanid
X-Hl-Ver
ProcessTime
Cteonnt-Length
X-Cache-Remote
X-Vgn-Hpd-Reason
X-Rocket-Nginx-Bypass
X-ServerID
X-Request-Time
SRV
X-IP
Time
X-GEO
X-Time-Microsecs
X-ECACHE
X-FW-Version
X-Origin
Azure-Version
Azure-RegionName
Azure-InstanceId
Version
Azure-SlotName
X-Via-CDN
S-Rt
Azure-SiteName
NtCoent-Length
X-IPS-LoggedIn
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
TWC-Connection-Speed
Webcakes-App-Name
TWC-Device-Class
X-Origin-Hint
Webcakes-App-Version
Webcakes-Region
X-Wix-Request-Id
Origin
L5d-Success-Class
X-Proxy
X-Cache-Backend
X-FireWall-Port
Served-By
X-No-Session
X-Dc
X-Distributor
X-Microcachable
X-Unique-ID
X-Oneagent-Js-Injection
X-Pubstack
Fastly-SSL
Origin-Cache-Control
X-Cache-Server
Origin-Edge-Control
X-Datadome
Odigeo-Trace-Id
CACHE
X-RateLimit-Reset
Fastcgi-X-Cache-Version
X-PERF
X-ApacheServer
X-CS
X-Akamai-Request-ID2
X-Format
X-Grey
X-UA
X-Cache-Category-Id
X-Akamai-Transformed
IBM-Web2-Location
Hostname
X-HTML-Minification-Powered-By
Cache-Tags
X-Is-Bot
X-Webkit-Csp
X-Detected-As
X-NC
Ec-Rule-Version
X-Powered-By-Defense
Proxy-Connection
X-UnsetCookies
Access-Control-Request-Headers
X-Edge
X-Via-NSCOPI
X-CDN-Forward
X-Compress-Hint
X-Varnish-Cacheable
Backend-Name
X-Ua
VivaBuild
X-B-Cookie
X-Connection-Hash
X-A-Dam
Cache-Cookie-Set-From
X-Cache-Bucket
Arc-Country
Rt-Proxy-Cache
BehaviorPad-Version
AsisCache
X-AIR-PT
X-App-Name
X-Application
X-ARC
A
Viewtype
X-Cluster-Name
X-CF-Lambda-Version
X-BACKEND-TTL
X-A
X-Debug-Cookies
X-Instart-Info
X-A-Wwc
X-Internal-Host
X-Developer
X-CF-Lambda-Fn
X-Cdn-Srv
X-Tb
Cache-Cookie-Set-Idcheck
X-HS-Cache-Config
X-HS-Combine-CSS
X-A-Ccd
ServerName
Server-ID
Request-Time
Request-Country
X-Date
X-Edge-Server
HA-Ipaddr
Ha-Gx-Prefs
X-External-Request-Id
X-Eu-Site
X-DPWN-IS-SECURE
X-A-Dcw
X-Aed
Mobile-Detection-Method
Node
Meta-Geo-Continent
Rendered-Blocks
MD5-Digest
X-A-Dgt
X-Accel-Expires-Debug
GEO-REGION-INFO
X-D
Content-Script-Type
Content-Style-Type
Cdn-Request-Time
Cdn-Host
Cache-Prefix
Proxy-Firewall
Request-EU
X-Destination
Fly-Cache
X-Debug-Log
Fly-Request-Id
Fastly-SWR
X-G
Cross-Origin-Window-Policy
Fastly-SIE
Cache-Cookie-Set-Lfrom
X-IN-APIGATEWAY
X-Vtex-Processado-Em
X-Processor
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-PAYTM-SRV-ID
X-Org
X-CGP
X-Vtex-Remote-Cache
X-NU-AKA-ACS-Version
X-NX-Host
X-Request-UUID
X-Rewrite-Enabled
X-Trv-Group
X-Transaction
X-Server-Time
X-SRCache-Key
X-Twitter-Response-Tags
X-ScT
X-Rojux
X-S-Cookie
X-S-Maxage
X-VG-WebServer
X-Worker
X-Region-Sid
Xc-Version
Mime-Version
X-ElasticPress-Search
X-Dispatch
Memcached
X-Key
Platform
X-TH-Server
On-Server
X-Dispatcher-Server
X-PHP-Host
Gh-Request-Id
X-Epic-Correlation-Id
X-Location
Is-Eu
X-Server-IP
PageSpeed
X-Irp-Debug
Server-Int
LB
Server-Host
SS
X-B3-Parentspanid
True-Client-Country-4JS
X-Variation
Section-Io-Cache
X-Request-URI
X-Reqid
X-C
Apple-News-Services-Parsed-Url
Resin-Trace
RNT-Time
RNT-Machine
X-Hash
X-Qloud-Router
X-Generated-On
Adler-Geo
Country-Code
Countrycode
X-Cdn-Origin
X-ServiceProvider
X-Level-Front-Cache
X-Fastly-Cache
X-We-Are-Hiring
X-Geo-Header
X-Cache-Info
X-Nginx-Cache-Key
X-Clientip
X-Cache-Id
Apple-News-Services-Handled
Esi-Enabled
Apple-News-Services-Request-Url
X-Core-Mission
X-GeoIP-Country-Code
X-Backend-State
X-Sn-Servicetimems
X-Skip-Cache
Apple-News-Services-Host
X-SIPLIST1
X-LI-UUID
Wxu-Next-Commit
Web-Mar-Node
Who
X-CDN-Cache
Wxu-Next-Hostname
X-SD-PageType
X-SVT-ORM-RULES
X-Crawler
X-BBXSRF
X-Li-Fabric
X-Servername
X-Auto-Login
X-SVT-ORM-VERSION
X-Amz-Meta-Cache-Control
X-Block-Status
X-LI-Proto
Wxu-Next-Region
X-Li-Pop
X-Secret
X-Swa-Ws
X-Served-From
X-Cache-FS-Status
X-Developers
Accept-Language
X-Gannett-Site-Version
X-Gen-Mode
X-FPC
X-Fetched-On
X-Distil-CS
X-Hnp-Log
X-Protected-By
AKAMAI
Content-Disposition
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-ND-Cache
X-Webstats-RespID
X-WebServer
X-Generation-Time
CDCHOST
V-Age
IsBot
SD-X-WS
REQUESTUUID
X-Request-Start
X-Response-By
X-Method
User-Cache-Control
UCS
X-Device-Os
Pramga
PFcat
X-Reboot
Powered-By
X-Thanos
W
X-VServer
X-GeoIP-City
X-Matched-Rule
X-Via-Edge
X-CUA
X-Origin-Date
X-Origin-Expires
X-Cms-Context
X-Via-SSL
X-Thinkindot-L3
X-Release
X-Owner
Thinkindot-CacheControl-Type
Heartbleed
Thinkindot-CacheControl
GW-Server
Fastly-Soc-X-Request-Id
X-Nc
X-GRACE
Thinkindot-Control
X-SERVER-NAME
X-Bip
X-Azure-Ref-OriginShield
X-Azure-Ref
CF-IPCountry
X-Fstrz
X-WADP-Cache
X-OVcl-Cache
X-OVcl
X-Varnish-Url
X-Clara-WADP
X-VC-Cache
Pragrma
X-Parent-Response-Time
X-Varnish-Ttl
L
X-CLOUD-TRACE-CONTEXT
X-Cdn-Forward
X-B3-SpanId
N-Cache
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-LAGOON
X-Planisys-CDN-TTL
Memory
X-Ratelimit-Remaining
X-DC
X-Origin-CC
X-Origin-TTL
X-IN-WAF
X-Core-Value
X-FE
X-Amzn-Remapped-Content-Length
X-TrackingId
Kp-EeAlive
X-Phone
Selected-Fe
X-Varnish-Beresp-Ttl
X-Be
User-Agent
Locale
X-Page-Type
X-Birta-Served
X-Pf-Uncompressing
X-Birta-Cache-Post
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Varnish-IP
Magicmarker
HitType
X-Info
Selected-FE
X-URL
X-Geo
X-Ttl
X-Dynatrace-Js-Agent
X-Backend-TTL
X-Varnish-Beresp-Status
X-Flog
X-ABtesting
Cdn
X-Varnish-Beresp-Grace
X-Hello
Pagetype
X-Zone
X-Newrelic-Synthetics
X-Generated-In
X-User
X-App-Version
X-Backend-Url
X-Servedbyhost
X-Backend-Host
X-TT-LOGID
X-Source
X-Litespeed-Cache
X-GoCache-CacheStatus
X-Agile-Age
X-Debug-Cache-Store
X-MSEdge-Flight
GeoIp-Country-Code
Geoip-Latitude
X-Agile-Id
X-Cache-Debug
SN
CF-Cached-On
X-Soup
Geoip-City
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Refresh
X-Web-Server
X-Agile
X-MSEdge-Features
X-Up
X-Tt-Trace-Tag
X-Check-Cacheable
X-ZONE
X-MID
X-Mid
X-Cache-Ttl
X-VCL-Version
X-HS-Status
X-Real-Ip
X-CACHE-KEY
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Tb-Optimization-Total-Bytes-Saved
X-Aicache-OS
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
FSS-Cache
X-Vcl-Version
GeoIP-Country-Code
X-UPSTREAM-Address
FSS-Proxy
X-ServedByHost
X-SayCDN-TTL
GeoIP-City
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Say-Cacheable
X-NWS-UUID-VERIFY
X-Say-TTL
GeoIP-Latitude
X-Old-Content-Length
X-APP
Ohc-Cache-HIT
Ohc-File-Size
X-Varnish-Authentication
Group
WZWS-RAY
X-BC
Server-Cache-Control
Server-Surrogate-Control
X-Contensis-Viewer-Groups
X-Cache-ASPX
HostName
X-EC-Lua
Cache-Hits
X-Via-Ucdn
HTTPS
RequestId
X-Bc
X-COUNTRY
X-CSRF-Token
Srv
X-SN
X-Node-Id
X-Akamai-SSL-Client-Sid
Backend
X-Varnish-Beresp-TTL
Inserted-Into-Cache-At
Www
Fastly-Backend-Name
X-Nananana
URI
X-IN-APIGATEWAYSSL
X-Logtrace-Id
X-CSRF-TOKEN
X-Instart-Isnd
X-Proxy-Cacherz
Xkeyrz
X-ECache
Ajk
WebServer
XServer
X-Dynatrace
Lb
X-Cache-Expires
Requestid
Cf-Ipcountry
X-WR-MODIFICATION
X-Cache-Tag
Host-ID
X-Cache-Time
X-Request-Url
X-LiteSpeed-Cache-Control
Is-Session-Tracking
X-RateLimit-Limit-Second
Get-Access-Time
Xkeynj
X-Wa
X-RateLimit-Remaining-Second
X-TIME
X-BE
X-FORWARDED-FOR
X-Unique-Id
X-Fastly-Country-Code
X-NGENIX-Cache
X-PAGE-TYPE
X-MCACHE
X-Varnish-Action
X-Cache-Miss-From
Epwk-Cache
X-Fastly-Backend-Reqs
X-PF-Uncompressing
X-Requestid
X-Sedo-Request-Id
X-Edge-IP
X-Vct
Dynatrace
X-Cf-Powered-By
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Token
T-Server
X-LB-ID
X-PJAX-URL
X-Apw-Access-Object
PICS-Label
Cneonction
Fastcgi-X-Cache
X-SRV
DataCenter
Xet-Cookie
X-Ecache
X-GDPR
X-Render-Time
X-Swift-Error
X-Micro-Cache
CDN
X-Svr
X-Pjax-Url
Correlation-Id
X-AssetVersion
Pics-Label
X-Dw-Trace-Id
X-NGINX-Cache
X-Sf
X-Lb-Id
FNAC-ModuleRouting
X-WA
X-Var-Ttl
RequestUuid
X-WPE-Loopback-Upstream-Addr
X-Page-Impression-Id
X-LiteSpeed-Tag
X-DB
X-Html-Edge-Cache
Lfy
X-Serial
X-Bug-Bounty
Warning
X-Flow-Id
Ohc-Response-Time
X-DI
X-Fastly-Cache-Hits
X-DSS
X-DW
X-RPM
X-RSL
Cache-Provider
X-Fpc
X-ServerName
X-Zalando-Child-Request-Id
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-RPS