Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Xss-Protection
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
P3p
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Ua-Compatible
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Ac
Report-To
X-Rq
Content-Location
X-OneAgent-JS-Injection
X-Node
X-Server-Id
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
EagleEye-TraceId
X-Cloud-Trace-Context
X-Application-Context
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cdn
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Url
X-DynaTrace
X-Ruxit-JS-Agent
X-Vhost
X-Rack-Cache
X-Clacks-Overhead
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-Origin-Upstream-Status
NEL
X-CST
X-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-FTR-Request-ID
X-Country-Code
X-HW
X-Dns-Prefetch-Control
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
X-Px
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-Vname
X-TtlSet
X-PC
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-MS-InvokeApp
SPRequestGuid
Verso
X-B3-TraceId
X-ESI
X-Recruiting
X-Request-ID
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-D2id
X-DataDome
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Server-Name
X-RateLimit-Remaining
TCN
X-Powered-By-Plesk
DynaTrace
X-Navigation-Version
X-GitHub-Request-Id
X-Sol
Display
X-Middleton-Display
Response
X-Middleton-Response
X-SRCache-Fetch-Status
RTSS
X-SRCache-Store-Status
X-Server-ID
Content-MD5
Charset
X-Akam-SW-Version
AR-PoweredBy
Ar-Sid
AR-ATIME
AR-CACHE
Accept-Ch-Lifetime
MS-Author-Via
X-Amz-Rid
ServerID
X-Shield-Request-Id
AR-Request-ID
Realpath
X-Trace
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Dw-Request-Base-Id
X-Goog-Metageneration
X-Powered-CMS
X-Cached
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-DynaTrace-JS-Agent
X-TEC-API-VERSION
X-Version
Nginx-Cache
X-Forwarded-Proto
X-Shard
SPIisLatency
SPRequestDuration
X-Upstream
Pagespeed
Pinterest-Version
X-Goog-Storage-Class
X-Pinterest-Rid
X-Upstream-Proxy
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Public-Key-Pins
X-B3-TraceId-Primal
Accept-CH
Mrf-Cache-Status
MRF-Tech
Paypal-Debug-Id
X-Client-IP
X-MSEdge-Ref
Fastly-Restarts
Access-Control-Request-Method
S
X-DataStream-MidMile-RTT
X-Amz-Meta-S3cmd-Attrs
X-DataStream-Origin-MEX-Latency
X-Ezoic-Cdn
Accept-Ch
X-Debug
X-Id
X-FTR-Cache-Status
X-FTR-Realm
X-Country-Code-Real
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-VCache
X-DIS-Request-ID
X-T
X-Fastly-Request-ID
X-N
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Ser
Arr-Disable-Session-Affinity
Alternate-Protocol
X-Mobile-Rewrite
Arc-Version
PB-RID
PB-PID
X-Varnish-Age
X-NF-Request-ID
X-Hits
Fastcgi-Cache
Front-End-Https
X-Amzn-Trace-Id
X-Grace
X-Content-Type
X-B3-Sampled
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
Server-Name
X-Content-Digest
X-Pad
X-Srv
Host
X-Forwarded-For
X-Fastcgi-Cache
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Vcache
Nel
X-Node-Name
X-FastCGI-Cache
X-Microsite
X-Request-Handler-Origin-Region
FilterID
Powered-By-ChinaCache
TP-L2-Cache
TP-Cache
Healthy
X-Debug-Info
X-LB-Cache
X-Kinsta-Cache
X-Rid
X-Type
Edge-Cache-Tag
X-IPLB-Instance
X-AOL-HN
X-GUploader-UploadID
X-User-Agent
X-Request-Received
X-Request-Processing-Time
X-Cached-By
X-Cache-2
X-HS-Hub-Id
X-HS-Content-Id
X-Hostname
X-Revision
X-Cache-Rule
Powered
X-F-Cache
Surrogate-Key
X-XRDS-LOCATION
X-Accel-Expires
X-RateLimit-Limit
X-Zen-Fury
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Age
X-Analytics
Backend-Timing
X-Page-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Content-Options
X-BCube-Filmed-By
X-Cache-Key
X-Varnish-Backend
X-Varnish-Grace
Source
X-Cluster
X-Jobs
X-FB-Debug
X-PHP-Backend
X-Instance
X-Content-Powered-By
Cache-Status
X-Amz-Replication-Status
X-Request-Guid
X-Tumblr-Pixel
X-TT
X-Tumblr-Pixel-0
X-Kong-Upstream-Latency
X-App-Environment
X-Tumblr-User
X-Kong-Proxy-Latency
X-Activity-Id
X-AppVersion
Cleartype
X-Akamai-Edgescape
X-Az
X-Framework
Tracecode
WPE-Backend
X-Varnish-Hostname
X-Via-JSL
Server-Node
Host-Header
Refresh
X-Forwarded-Host
X-Cache-TTL
X-Mobile
X-NWS-LOG-UUID
X-ATG-Version
X-Cache-Operation
X-Cache-Control
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Server
X-B-Cache
X-Signature
X-Time
Accept-Charset
Actual-Object-TTL
X-Drupal-Cache-Tags
DC
X-Edge-Location
X-Cache-Action
X-B3-Traceid
Liferay-Portal
Upgrade-Insecure-Requests
Access-Control-Allow-Method
X-Accel-Buffering
X-App-Server
X-Cache-Hit
X-Whom
X-TA-CDN-Provider
X-Response-Served-From
X-TX-ID
Payment
X-Storage
X-Hp-Webp
X-Mobile-URL
Fastcgi-Useragent
X-Content-Age
X-WebKit-CSP-Report-Only
X-UA-Device-Type
X-Yottaa-Optimizations
X-Handled-By
X-VG-WebCache
X-Yottaa-Metrics
X-TT-TIMESTAMP
X-Cacheable-TTL
Filters
X-RequestSource
X-SS-Set-Cookie
Cache
X-GeoIP
Server-Info
Eomportal-Instance
X-Adobe-Loc
X-Git-Hash
X-B
X-Adobe-Content
Xserver
X-RemovedCookies
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-ProcessESI
X-Geo-Country
Cache-Tv-Group
Viewport
X-Ratelimit-Reset
X-WA-Info
X-FB-TRIP-ID
Cache-Tag
X-Cache-TTL-Remaining
Datacenter
X-Status
X-Cache-Enabled
Retry-After
Accept-CH-Lifetime
Webserver
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
NGB
X-Contextid
X-Seen-By
X-FW-Dynamic
S-Cnection
X-Presslabs-Stats
X-Ratelimit-Limit
X-CF-Powered-By
X-Origin-Server
X-Host-Name
X-APP-VERSION
X-Mode
X-Magnolia-Registration
X-PressLabs-Stats
Country
X-Daa-Tunnel
X-Varnish-Hits
X-Rendered-As
Meta-Geo
X-Cache-Var-Map
X-RN-RSRV
X-LJ-Flow-ID
X-Cache-Var
X-Cache-Config
X-AWS-Id
X-ES-SERVER
MS-CV
X-VCT
X-VWS-Id
X-Path-Route
Machine
Load-Balancing
X-Real-IP
GEO-INFO
X-Upstream-HT
From-Origin
DSUID
Cache-Key
Mail-Subject
Release
We-Hiring
Vix-Hermes-Req-Id
X-Zipkin-Id
X-Upstream-CT
X-Cache-Grace
X-Routing-Service
X-Cache-Host
X-Proxied
X-Labrador-Cache-Channel
X-Human
X-Cache-NE
ServedBy
Uber-Trace-Id
X-Debug-Cache
X-PCL
X-From
X-RCS-CacheZone
X-Hyper-Cache
X-Viewer-Country
X-Web-Node
Frame-Options
X-Access
X-EIG-Tracking-Id
Mn-Server-Ip
X-Varnish-Cache-Hits
X-Hit
X-OCL
X-Loop
X-Section
X-TNCMS
X-Backend-Name
X-Varnish-Server
X-Device-Type
X-Cluster-Node
X-Rule
X-Origin-Response-Time
X-Proto
X-CCM
X-MP-GENERATED-AT
X-Akamai-Request-ID
X-Tumblr-Pixel-3
X-VG-TLSProxy
X-Upgrade-Enabled
X-R9-Blue-Green-Version
X-BYPASS-REASON
X-ProxyCache-Key
Now
OT-Force-Account-Verify
X-ProxyCache-Status
Rt-Fastcgi-Cache
X-Esi
NGX
X-ShardId
X-Generated
X-Proxy-Build
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FC-Vary-Parameters
X-Environment-Context
X-Redis-Cache
X-Timing-Wait
X-Shopify-Stage
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-S
X-ShopId
X-JoinUs
X-Xfnlog-Site
X-Region
Akamai-GRN
X-L-Path
X-NCache
X-Via-Fastly
X-Generated-By
Decoy-Debug-Key
X-Platform-Server
X-UUID
Decoy-Debug-TTL
Cache-Name
Decoy-Debug-Status
X-Guploader-Uploadid
X-Cache-Remote
Ms-Operation-Id
X-Trace-Id
X-RTag
X-Endurance-Cache-Level
X-Www-Served-By
X-Locale
DB-Nickname
X-Nginx-Cache
X-Site-Version
X-Hl-Ver
X-Drupal-Cache-Contexts
X-Datadome
X-MServer
X-ECACHE
X-NewRelic-App-Data
X-Vgn-Hpd-Reason
Cteonnt-Length
X-ServerID
X-Rocket-Nginx-Bypass
X-EdgeConnect-Cache-Status
X-Load-Cache
ProcessTime
X-Ttl
X-Request-Time
X-Wix-Request-Id
Time
X-Time-Microsecs
X-IP
X-IPS-LoggedIn
X-Litespeed-Cache
L5d-Success-Class
X-GRACE
X-Origin
S-Rt
X-Dc
X-Cache-Backend
X-Via-CDN
Version
X-GEO
Webcakes-Region
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-Connection-Speed
Property-Id
Served-By
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
Origin
Azure-RegionName
NtCoent-Length
X-Unique-ID
X-FW-Version
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-SiteName
X-Microcachable
X-Pubstack
SRV
Origin-Cache-Control
X-Proxy
Origin-Edge-Control
X-Distributor
X-B3-Spanid
Fastcgi-X-Cache-Version
X-FireWall-Port
X-Oneagent-Js-Injection
Fastly-SSL
X-No-Session
X-Cache-Category-Id
X-Cache-Server
CACHE
X-Grey
X-Via-NSCOPI
Access-Control-Request-Headers
X-RateLimit-Reset
X-UA
X-Is-Bot
X-BACKEND-TTL
X-Detected-As
X-PERF
X-ApacheServer
IBM-Web2-Location
Hostname
Odigeo-Trace-Id
X-Format
X-HTML-Minification-Powered-By
X-Ua
X-Webkit-Csp
Cache-Tags
X-CS
X-Edge
X-Powered-By-Defense
Proxy-Connection
X-Akamai-Transformed
Backend-Name
X-Nc
X-Varnish-Cacheable
X-Cdn-Forward
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-A
Rt-Proxy-Cache
Cdn-Host
X-DPWN-IS-SECURE
Cache-Prefix
BehaviorPad-Version
Cache-Cookie-Set-Lfrom
AsisCache
Xc-Version
X-HS-Cache-Config
X-A-Dam
X-G
X-External-Request-Id
X-Eu-Site
Server-ID
Arc-Country
A
X-A-Ccd
X-Edge-Server
Content-Script-Type
X-CF-Lambda-Version
MD5-Digest
X-CF-Lambda-Fn
X-CGP
X-Cluster-Name
HA-Ipaddr
X-Connection-Hash
Meta-Geo-Continent
Mobile-Detection-Method
Request-EU
Request-Time
Request-Country
Rendered-Blocks
Node
Proxy-Firewall
Ha-Gx-Prefs
X-D
Fastly-SIE
X-Developer
Ec-Rule-Version
Cross-Origin-Window-Policy
X-HS-Combine-CSS
Content-Style-Type
Fastly-SWR
Fly-Cache
X-Debug-Cookies
X-Date
X-Debug-Log
GEO-REGION-INFO
Fly-Request-Id
X-Destination
Cdn-Request-Time
X-Worker
X-B-Cookie
X-ND-Cache
X-NU-AKA-ACS-Version
Viewtype
X-S-Maxage
X-ScT
X-Cache-Bucket
X-A-Dgt
X-Instart-Info
X-IN-APIGATEWAY
VivaBuild
X-Server-Time
X-A-Dcw
X-NX-Host
X-S-Cookie
X-ARC
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Processor
X-PAYTM-SRV-ID
X-Application
X-Rewrite-Enabled
X-Rojux
X-App-Name
X-Request-UUID
X-Org
X-AIR-PT
ServerName
X-Aed
X-SRCache-Key
X-Trv-Group
X-Transaction
X-A-Wwc
X-Accel-Expires-Debug
X-VG-WebServer
X-Twitter-Response-Tags
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Cache-Info
X-Core-Mission
X-Hash
PageSpeed
X-PHP-Host
True-Client-Country-4JS
X-Qloud-Router
X-C
X-We-Are-Hiring
X-Geo-Header
X-GeoIP-Country-Code
X-Clientip
Is-Eu
Mime-Version
X-Cdn-Origin
X-Variation
Platform
On-Server
X-Reqid
X-B3-Parentspanid
X-Request-URI
Server-Int
X-Generated-On
Memcached
X-Cdn-Srv
X-TH-Server
X-ServiceProvider
Apple-News-Services-Request-Url
X-Sn-Servicetimems
X-Irp-Debug
X-Fastly-Cache
X-Key
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Tb
X-Epic-Correlation-Id
X-Internal-Host
Adler-Geo
Apple-News-Services-Handled
X-Cache-Id
X-Level-Front-Cache
Section-Io-Cache
RNT-Time
X-Backend-State
RNT-Machine
Resin-Trace
X-UnsetCookies
Countrycode
Country-Code
X-Dispatcher-Server
X-Server-IP
Server-Host
X-Compress-Hint
X-B3-SpanId
X-Akamai-Request-ID2
X-Amz-Meta-Cache-Control
X-CDN-Cache
X-Block-Status
X-BBXSRF
X-Li-Fabric
X-Served-From
X-Servername
X-SIPLIST1
X-SD-PageType
X-Response-By
X-Reboot
X-Request-Start
X-Skip-Cache
X-SVT-ORM-RULES
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Webstats-RespID
X-WebServer
X-SVT-ORM-VERSION
X-Swa-Ws
X-Protected-By
X-Nginx-Cache-Key
X-ElasticPress-Search
X-Fetched-On
X-Distil-CS
X-Dispatch
X-Developers
X-Device-Os
X-Fstrz
X-Gen-Mode
X-Location
X-Method
X-LI-UUID
X-LI-Proto
X-Hnp-Log
X-Li-Pop
X-Crawler
Who
Content-Disposition
CDCHOST
AKAMAI
UCS
Esi-Enabled
REQUESTUUID
Gh-Request-Id
SD-X-WS
SS
User-Cache-Control
Pramga
Wxu-Next-Region
IsBot
Wxu-Next-Hostname
Web-Mar-Node
V-Age
Wxu-Next-Commit
PFcat
X-NC
Heartbleed
X-Cms-Context
GW-Server
X-Thanos
X-Release
X-Matched-Rule
X-Gannett-Site-Version
X-Generation-Time
X-Origin-Date
X-Origin-Expires
Fastly-Soc-X-Request-Id
X-GeoIP-City
X-Owner
X-Secret
X-Thinkindot-L3
Thinkindot-CacheControl
Powered-By
X-Bip
Thinkindot-CacheControl-Type
X-Parent-Response-Time
Pragrma
X-Auto-Login
X-VServer
Thinkindot-Control
X-Via-Edge
X-Cache-FS-Status
X-Via-SSL
X-CDN-Forward
X-OVcl
X-FPC
X-VC-Cache
X-Planisys-CDN-Rules
X-OVcl-Cache
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
LB
X-Varnish-Ttl
X-App-Version
X-Be
X-IN-WAF
W
X-CUA
X-Azure-Ref
X-Phone
X-Birta-Cache-Post
X-Birta-Served
X-Azure-Ref-OriginShield
CF-IPCountry
X-CLOUD-TRACE-CONTEXT
X-Core-Value
X-Origin-CC
X-Origin-TTL
X-WADP-Cache
X-Varnish-IP
X-CACHE-KEY
Memory
Accept-Language
X-Varnish-Url
X-Clara-WADP
X-Ratelimit-Remaining
Selected-FE
HitType
X-LAGOON
L
X-Info
N-Cache
X-Proxy-Upstream
X-Page-Type
X-Proxy-Cache-Status
X-Varnish-Beresp-Ttl
X-DC
X-Geo
Kp-EeAlive
X-TrackingId
X-FE
X-URL
X-Source
User-Agent
X-Amzn-Remapped-Content-Length
Cdn
X-Dynatrace-Js-Agent
Selected-Fe
X-Varnish-Beresp-Status
X-Oracle-Dms-Rid
Locale
Magicmarker
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Varnish-Beresp-Grace
X-Web-Server
X-Pf-Uncompressing
X-Zone
X-Cache-Debug
X-Agile-Age
X-Agile
X-Agile-Id
Pagetype
X-Servedbyhost
X-Hello
X-Flog
X-HS-Status
X-ABtesting
X-Refresh
X-TT-LOGID
X-Backend-TTL
X-Newrelic-Synthetics
X-Generated-In
X-User
GeoIp-Country-Code
Geoip-City
Geoip-Latitude
X-MID
X-Mid
X-Backend-Host
X-Check-Cacheable
X-Aicache-OS
X-Real-Ip
X-Backend-Url
CF-Cached-On
X-ZONE
X-NWS-UUID-VERIFY
SN
X-GoCache-CacheStatus
X-VCL-Version
X-Debug-Cache-Store
X-MSEdge-Flight
X-Soup
X-Up
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Vcl-Version
X-MSEdge-Features
X-Tt-Trace-Tag
Ohc-File-Size
Ohc-Cache-HIT
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
FSS-Cache
X-APP
FSS-Proxy
GeoIP-Country-Code
X-Tb-Optimization-Total-Bytes-Saved
Group
X-Oss-Hash-Crc64ecma
X-ServedByHost
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
HTTPS
GeoIP-Latitude
GeoIP-City
X-UPSTREAM-Address
WZWS-RAY
X-EC-Lua
Server-Cache-Control
Server-Surrogate-Control
X-SN
HostName
X-Varnish-Authentication
RequestId
Backend
Www
X-Contensis-Viewer-Groups
X-BC
X-Cache-ASPX
X-SERVER-NAME
X-COUNTRY
X-Old-Content-Length
X-Say-Cacheable
X-Amzn-Remapped-Date
X-Instart-Isnd
X-Amzn-Remapped-Connection
X-SayCDN-TTL
X-Via-Ucdn
X-Say-TTL
Lb
WebServer
Cf-Ipcountry
Srv
X-CSRF-Token
X-Varnish-Beresp-TTL
X-Bc
Host-ID
X-Akamai-SSL-Client-Sid
X-NGENIX-Cache
X-Cache-Expires
X-Nananana
X-Proxy-Cacherz
X-PF-Uncompressing
X-ECache
Xkeyrz
XServer
Cache-Hits
X-Cache-Ttl
X-Dynatrace
X-Node-Id
Fastly-Backend-Name
Inserted-Into-Cache-At
X-Varnish-Action
Requestid
URI
Epwk-Cache
X-Request-Url
X-Cache-Tag
X-CSRF-TOKEN
X-Fastly-Backend-Reqs
Get-Access-Time
X-FORWARDED-FOR
X-TIME
Ajk
Is-Session-Tracking
Xkeynj
X-IN-APIGATEWAYSSL
X-Logtrace-Id
X-Fastly-Country-Code
X-Unique-Id
X-PAGE-TYPE
Fastcgi-X-Cache
X-WR-MODIFICATION
X-MCACHE
X-AssetVersion
X-Requestid
X-Cache-Miss-From
X-Sedo-Request-Id
X-Cache-Time
X-Edge-IP
Dynatrace
X-LiteSpeed-Cache-Control
X-Sf
Cneonction
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Wa
FNAC-ModuleRouting
X-Pjax-Url
X-Svr
X-Var-Ttl
Pics-Label
Xet-Cookie
DataCenter
X-SRV
X-Lb-Id
Correlation-Id
CDN
X-Fastly-Cache-Hits
Cache-Provider
X-Swift-Error
X-BE
X-Correlation-ID
X-NGINX-Cache
X-Dw-Trace-Id
X-WA
T-Server
X-Fpc
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Access-Token
X-ServerName
X-WPE-Loopback-Upstream-Addr
X-Akamai-ERPolicy
RequestUuid
X-Html-Edge-Cache
X-Akamai-ERRuleID
PICS-Label
X-PJAX-URL
X-Gdpr
X-LB-ID
Lfy
Warning
X-LiteSpeed-Tag
X-Bug-Bounty
X-Flow-Id
X-DB
X-DI
X-App
X-Page-Impression-Id
X-Zalando-Child-Request-Id
Sid
X-DSS
X-DW
X-Policy
X-Alicdn-Da-Ups-Status
X-RSL
X-RPS
X-RPM
Ohc-Response-Time