Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
CF-Ray
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-TTL
X-Cache-Lookup
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Origin-Upstream-Status
X-Clacks-Overhead
X-Url
NEL
X-Ua-Compatible
X-FTR-Request-ID
Rating
X-Ruxit-JS-Agent
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dispatcher
X-ORACLE-DMS-RID
X-Dns-Prefetch-Control
X-CST
X-HW
X-Goog-Hash
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Px
X-VARITI-CCR
X-DataDome
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-Recruiting
X-MS-InvokeApp
X-Varnish-TTL
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Use-Magma
X-D2id
RTSS
SPRequestGuid
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
X-SharePointHealthScore
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Akam-SW-Version
Display
Response
X-Sol
X-Middleton-Display
X-Middleton-Response
X-Powered-By-Plesk
DynaTrace
X-RateLimit-Remaining
X-B3-TraceId
MS-Author-Via
X-ESI
Charset
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Shield-Request-Id
X-Forwarded-Proto
Realpath
X-Amz-Rid
ServerID
X-Powered-CMS
AR-CACHE
Ar-Sid
AR-ATIME
AR-PoweredBy
Content-MD5
X-Trace
X-Upstream
X-Version
Public-Key-Pins
Nginx-Cache
Fastly-Restarts
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Cached
X-Goog-Stored-Content-Length
X-Server-Name
X-Shard
X-Dw-Request-Base-Id
Accept-CH
AR-Request-ID
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
Access-Control-Request-Method
Paypal-Debug-Id
X-Grace
X-DynaTrace-JS-Agent
X-MSEdge-Ref
Accept-Ch-Lifetime
Pagespeed
X-Goog-Storage-Class
SPIisLatency
X-Client-IP
SPRequestDuration
S
X-Debug
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
X-Id
Accept-Ch
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
Front-End-Https
X-N
X-Amzn-Trace-Id
Pinterest-Version
X-Pinterest-Rid
X-T
X-Upstream-Proxy
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-DIS-Request-ID
X-Vcache
X-FastCGI-Cache
X-Content-Type
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Hits
X-B3-Sampled
X-FTR-Cache-Host
X-B3-Traceid
X-Varnish-Age
X-Ser
X-Frontend
X-Acc-Meta-Resource-Type
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
Fastcgi-Cache
X-Logged-In
Server-Name
X-Content-Digest
X-Correlation-Id
Alternate-Protocol
X-VCache
X-Srv
X-Node-Name
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-Pad
Nel
X-Request-Handler-Origin-Region
X-Microsite
FilterID
TP-L2-Cache
TP-Cache
X-Forwarded-For
X-User-Agent
X-Type
X-Kinsta-Cache
X-Rid
Healthy
Host
X-LB-Cache
X-IPLB-Instance
X-Request-Received
X-F-Cache
X-Request-Processing-Time
Powered
X-Zen-Fury
X-Cache-2
Powered-By-ChinaCache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Revision
X-AOL-HN
Edge-Cache-Tag
X-Debug-Info
Accept-CH-Lifetime
X-GUploader-UploadID
X-Cached-By
X-Via-JSL
X-Analytics
Backend-Timing
X-Cache-Age
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Hostname
X-HS-Content-Id
X-HS-Hub-Id
X-Az
X-Activity-Id
X-Cache-Rule
X-XRDS-LOCATION
X-AppVersion
X-Accel-Expires
X-Esi
Surrogate-Key
X-Fastcgi-Cache
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Page-Id
X-RateLimit-Limit
X-Content-Options
X-BCube-Filmed-By
X-Instance
X-Cluster
X-Content-Powered-By
X-FB-Debug
X-Varnish-Grace
X-PHP-Backend
X-Tumblr-Pixel-0
X-Tumblr-User
Server-Node
X-Akamai-Edgescape
X-Tumblr-Pixel
X-Amz-Replication-Status
X-Request-Guid
X-Jobs
X-B-Cache
X-Signature
Source
Cleartype
Refresh
Cache-Status
X-Forwarded-Host
X-TT
X-App-Environment
X-Framework
Liferay-Portal
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Static
X-FW-Type
DC
X-Varnish-Hostname
X-ATG-Version
Tracecode
Accept-Charset
Fastcgi-Useragent
Access-Control-Allow-Method
Host-Header
X-Mobile
WPE-Backend
X-Cache-Action
X-Cache-Operation
X-Cache-Control
X-Drupal-Cache-Tags
X-Edge-Location
X-Time
X-Whom
X-APP-VERSION
X-B
Actual-Object-TTL
X-Cache-Hit
X-App-Server
X-Hp-Webp
X-Accel-Buffering
Payment
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Response-Served-From
X-Mobile-URL
X-TX-ID
X-WA-Info
X-Storage
X-Git-Hash
X-WebKit-CSP-Report-Only
X-NWS-LOG-UUID
NGB
X-Content-Age
X-TA-CDN-Provider
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
X-Cacheable-TTL
X-UA-Device-Type
X-Yottaa-Metrics
Cache-Tv-Group
X-Handled-By
Cache-Tag
X-SS-Set-Cookie
X-Yottaa-Optimizations
Filters
Eomportal-Instance
X-Tumblr-Pixel-1
X-Status
X-ProcessESI
X-Adobe-Content
X-Tumblr-Pixel-2
X-Adobe-Loc
Viewport
X-RemovedCookies
X-GeoIP
X-RequestSource
X-Geo-Country
Retry-After
X-Presslabs-Stats
X-Cache-TTL
X-VG-WebCache
X-FW-Dynamic
Webserver
X-Cache-TTL-Remaining
MS-CV
Xserver
X-Seen-By
Cache
Datacenter
X-Server-ID
X-FB-TRIP-ID
X-Host-Name
Server-Info
X-Cache-Enabled
Frame-Options
Ms-Operation-Id
X-Ratelimit-Limit
X-Oracle-Dms-Rid
X-Contextid
X-RTag
X-Ratelimit-Reset
From-Origin
X-Hyper-Cache
X-Origin-Server
X-Generated-By
X-Mode
Country
X-B3-Spanid
S-Cnection
X-CF-Powered-By
X-RN-RSRV
X-Path-Route
Load-Balancing
Meta-Geo
X-Cache-Config
Machine
SRV
X-Tumblr-Pixel-3
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Var
X-Upstream-CT
X-Section
X-Zipkin-Id
X-Upstream-HT
X-Cache-Grace
X-MP-GENERATED-AT
X-Proxied
GEO-INFO
X-Labrador-Cache-Channel
X-Routing-Service
Cache-Key
Vix-Hermes-Req-Id
X-Access
X-Varnish-Server
Decoy-Debug-TTL
X-From
X-Hit
X-Cache-Host
X-Viewer-Country
X-Drupal-Cache-Contexts
X-Backend-Name
X-Web-Node
Now
X-Human
X-Varnish-Cache-Hits
X-PCL
X-Upgrade-Enabled
X-TNCMS
Decoy-Debug-Key
Decoy-Debug-Status
X-Loop
X-OCL
ServedBy
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Mn-Server-Ip
X-ShopId
Rt-Fastcgi-Cache
X-ShardId
X-R9-Blue-Green-Version
X-Alternate-Cache-Key
X-Shopify-Stage
X-Via-Fastly
X-Trace-Id
X-L-Path
X-LJ-Flow-ID
X-Magnolia-Registration
X-Rule
X-Origin-Response-Time
X-Environment-Context
X-Endurance-Cache-Level
X-VWS-Id
X-AWS-Id
X-VG-TLSProxy
X-CCM
X-Debug-Cache
X-Akamai-Request-ID
X-EIG-Tracking-Id
X-S
Cache-Name
Akamai-GRN
We-Hiring
OT-Force-Account-Verify
X-Region
X-Cluster-Node
Mail-Subject
X-Xfnlog-Site
X-NCache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-JoinUs
X-Hosted-By
X-Generated
X-Locale
X-Site-Version
X-FC-Vary-Parameters
X-Proxy-Build
X-Proto
DB-Nickname
X-Timing-Wait
DSUID
X-Rendered-As
Release
Version
X-RCS-CacheZone
X-Device-Type
X-PressLabs-Stats
X-Guploader-Uploadid
X-Www-Served-By
X-Varnish-Hits
Uber-Trace-Id
CACHE
ProcessTime
X-Load-Cache
X-Request-Time
X-NewRelic-App-Data
X-Dc
X-IP
X-VCT
X-Time-Microsecs
NtCoent-Length
Time
X-Nginx-Cache
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
Azure-Version
Azure-SlotName
X-Wix-Request-Id
Azure-InstanceId
NGX
Cteonnt-Length
X-FW-Version
X-Redis-Cache
Azure-RegionName
X-Origin
Azure-SiteName
S-Rt
X-UUID
X-Platform-Server
X-RateLimit-Reset
X-No-Session
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Device-Class
X-Via-CDN
Property-Id
TWC-Connection-Speed
X-EdgeConnect-Cache-Status
X-Akamai-Request-ID2
X-Origin-Hint
Webcakes-Region
X-GEO
X-ECACHE
X-FireWall-Port
X-Proxy
X-Cache-NE
X-MServer
X-Daa-Tunnel
X-CDN-Forward
X-Hl-Ver
X-UA
X-Rocket-Nginx-Bypass
X-HTML-Minification-Powered-By
X-Vgn-Hpd-Reason
X-IPS-LoggedIn
Origin
Odigeo-Trace-Id
X-Akamai-Transformed
X-Cache-Remote
X-ServerID
X-PERF
X-ApacheServer
X-CS
X-Format
X-Cache-Server
X-Distributor
X-Oneagent-Js-Injection
Ec-Rule-Version
Access-Control-Request-Headers
Cache-Tags
LB
Fastly-SSL
X-UnsetCookies
X-Tb
Hostname
L5d-Success-Class
Accept-Language
X-NC
X-Webkit-Csp
X-Unique-ID
X-Microcachable
X-Pubstack
Origin-Cache-Control
Origin-Edge-Control
X-SERVER-NAME
X-Real-IP
X-Amzn-Remapped-Content-Length
Served-By
Fastcgi-X-Cache-Version
X-Varnish-Cacheable
X-Level-Front-Cache
X-Cluster-Name
Proxy-Firewall
Request-EU
Request-Country
Rendered-Blocks
Request-Time
Server-ID
Rt-Proxy-Cache
Cdn-Request-Time
Fastly-SWR
X-Request-UUID
GEO-REGION-INFO
X-B3-Parentspanid
Cdn-Host
REQUESTUUID
X-S-Maxage
Xc-Version
X-S-Cookie
Selected-Fe
Arc-Country
X-Internal-Host
X-Generated-On
Cache-Cookie-Set-Idcheck
X-Date
X-Geo-Header
Meta-Geo-Continent
MD5-Digest
X-G
X-Destination
X-Detected-As
A
BehaviorPad-Version
Cache-Cookie-Set-From
Mobile-Detection-Method
X-D
AsisCache
X-Rewrite-Enabled
X-External-Request-Id
X-Is-Bot
X-Connection-Hash
X-Worker
X-Instart-Info
Node
Cache-Cookie-Set-Lfrom
Cache-Prefix
X-IN-APIGATEWAY
X-Rojux
X-CF-Lambda-Version
X-Rebelmouse-Cache-Control
IBM-Web2-Location
X-SRCache-Key
X-A-Wwc
X-Rebelmouse-Surrogate-Control
X-A-Dgt
X-SVT-ORM-RULES
X-BACKEND-TTL
X-A
X-A-Dam
X-A-Dcw
X-SVT-ORM-VERSION
X-Accel-Expires-Debug
X-Aed
X-Server-Time
X-App-Name
X-Application
X-ARC
X-Grey
X-B-Cookie
X-Cache-Category-Id
X-Cache-Bucket
X-DPWN-IS-SECURE
X-AIR-PT
X-Region-Sid
Fastly-SIE
X-A-Ccd
X-Varnish-Url
X-VG-WebServer
X-Edge-Server
X-Twitter-Response-Tags
Fly-Cache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Content-Style-Type
Content-Script-Type
X-Developer
X-CF-Lambda-Fn
X-Cdn-Srv
Fly-Request-Id
Proxy-Connection
Viewtype
X-Org
X-PAYTM-SRV-ID
X-Transaction
VivaBuild
X-NU-AKA-ACS-Version
X-ScT
Cross-Origin-Window-Policy
X-Trv-Group
X-Compress-Hint
X-URL
ServerName
X-ElasticPress-Search
X-Cache-Backend
PageSpeed
Backend-Name
X-Developers
Gh-Request-Id
Section-Io-Cache
True-Client-Country-4JS
X-CGP
Server-Int
X-Clientip
X-Cdn-Origin
X-Cache-Info
X-Backend-State
X-Cache-Id
W
RNT-Time
RNT-Machine
X-Debug-Cookies
X-Debug-Log
Is-Eu
HA-Ipaddr
Memcached
On-Server
Resin-Trace
Platform
X-Core-Mission
Ha-Gx-Prefs
X-GeoIP-Country-Code
X-C
X-Location
X-Sn-Servicetimems
X-Dynatrace-Js-Agent
X-HS-Cache-Config
X-We-Are-Hiring
X-Method
Esi-Enabled
X-Request-URI
X-Variation
X-Nginx-Cache-Key
X-NX-Host
X-PHP-Host
X-Skip-Cache
X-HS-Combine-CSS
X-Eu-Site
Apple-News-Services-Handled
Apple-News-Services-Host
X-Fastly-Cache
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Adler-Geo
AKAMAI
X-Epic-Correlation-Id
X-ServiceProvider
Countrycode
X-WADP-Cache
X-Proxy-Cache-Status
X-CDN-Cache
X-Reqid
X-Secret
X-Owner
X-SD-PageType
X-Thanos
X-Request-Start
X-Block-Status
X-Bip
X-SIPLIST1
X-Servername
X-Proxy-Upstream
X-Auto-Login
X-Reboot
X-TH-Server
X-Swa-Ws
X-Cache-FS-Status
X-Device-Os
X-Hash
X-GeoIP-City
X-Hnp-Log
X-Response-By
X-Irp-Debug
X-Generation-Time
X-Gen-Mode
X-Dispatch
X-Dispatcher-Server
X-Fetched-On
X-FPC
X-Gannett-Site-Version
X-Key
X-Li-Fabric
UCS
X-BBXSRF
X-Wikidot-Static-Cache
X-Clara-WADP
X-Wikidot-Backend
X-TrackingId
X-Distil-CS
X-LI-Proto
X-Li-Pop
X-LI-UUID
X-Server-IP
X-Qloud-Router
X-WebServer
SD-X-WS
X-Edge
PFcat
Server-Host
User-Cache-Control
L
IsBot
Country-Code
Content-Disposition
CDCHOST
V-Age
SS
Web-Mar-Node
X-Amz-Meta-Cache-Control
X-SERVER
X-Origin-Expires
Wxu-Next-Region
X-Crawler
X-Origin-Date
Kp-EeAlive
X-Webstats-RespID
X-Matched-Rule
CF-IPCountry
X-Release
Wxu-Next-Hostname
GW-Server
Powered-By
Pramga
Who
Fastly-Soc-X-Request-Id
X-Azure-Ref
X-VC-Cache
X-VServer
Wxu-Next-Commit
X-Thinkindot-L3
X-Nc
Thinkindot-CacheControl-Type
X-Cms-Context
N-Cache
Thinkindot-Control
Thinkindot-CacheControl
X-Azure-Ref-OriginShield
X-Parent-Response-Time
X-Processor
X-OVcl-Cache
X-OVcl
X-Pf-Uncompressing
X-Powered-By-Defense
Heartbleed
X-Via-NSCOPI
X-FE
X-Served-From
X-CUA
X-Urbn-Site-Id
X-Varnish-Ttl
X-Urbn-Context-Path
Locale
X-Via-SSL
X-CLOUD-TRACE-CONTEXT
User-Agent
Magicmarker
X-Via-Edge
Mime-Version
X-Hello
X-LAGOON
X-Flog
X-Ratelimit-Remaining
X-ABtesting
X-Ua
Memory
X-ND-Cache
Pagetype
X-Varnish-Beresp-Ttl
X-Protected-By
X-Be
X-Datadome
X-Newrelic-Synthetics
X-Backend-Host
X-User
X-Backend-Url
X-Generated-In
X-Page-Type
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Fstrz
Pragrma
X-Planisys-CDN-TTL
X-Up
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-MSEdge-Flight
X-MSEdge-Features
X-Origin-CC
X-Origin-TTL
X-B3-SpanId
X-Debug-Cache-Fetch
X-COUNTRY
X-Ttl
X-Soup
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Geo
X-Cache-Ttl
X-Backend-TTL
X-Check-Cacheable
X-Zone
GeoIp-Country-Code
Geoip-Latitude
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
Geoip-City
X-Oss-Object-Type
X-Core-Value
X-Oss-Server-Time
X-Oss-Request-Id
X-Phone
X-ZONE
Cache-Hits
X-IN-WAF
X-DC
X-Servedbyhost
X-TT-LOGID
X-Varnish-Beresp-Grace
X-Old-Content-Length
X-Say-TTL
X-SayCDN-TTL
X-Cdn-Forward
X-Varnish-Beresp-Status
X-Say-Cacheable
X-Litespeed-Cache
X-Akamai-SSL-Client-Sid
X-CSRF-TOKEN
X-Cache-Time
X-Aicache-OS
XServer
Cdn
X-VCL-Version
X-Real-Ip
SN
X-Birta-Cache-Post
X-Birta-Served
X-Mid
X-Node-Id
Fastly-Backend-Name
Inserted-Into-Cache-At
X-HS-Status
WZWS-RAY
Amp-Access-Control-Allow-Source-Origin
X-BC
X-Ruxit-Js-Agent
X-MID
X-Varnish-IP
X-Info
Selected-FE
X-IN-APIGATEWAYSSL
X-Vcl-Version
X-Logtrace-Id
HitType
FSS-Proxy
Ajk
FSS-Cache
X-FORWARDED-FOR
X-EC-Lua
X-ServedByHost
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Refresh
X-Tb-Optimization-Total-Bytes-Saved
X-UPSTREAM-Address
X-Source
X-RateLimit-Remaining-Second
X-Wa
X-RateLimit-Limit-Second
X-Agile-Id
X-APP
X-Cache-Debug
X-Cache-ASPX
X-Contensis-Viewer-Groups
HostName
X-App-Version
X-Agile
X-Varnish-Authentication
Server-Cache-Control
CF-Cached-On
Server-Surrogate-Control
X-Agile-Age
X-Bc
Xkeyrz
RequestId
GeoIP-Country-Code
X-Proxy-Cacherz
X-CSRF-Token
Srv
X-Nananana
Dynatrace
X-GRACE
X-Via-Ucdn
X-CACHE-KEY
GeoIP-City
GeoIP-Latitude
T-Server
Ohc-File-Size
X-NWS-UUID-VERIFY
X-LiteSpeed-Cache-Control
X-Web-Server
X-TIME
X-Varnish-Beresp-TTL
X-WR-MODIFICATION
X-GDPR
X-PJAX-URL
X-ECache
X-Render-Time
PICS-Label
Ohc-Cache-HIT
MIME-Version
WebServer
X-LB-ID
X-Fastly-Country-Code
Cf-Ipcountry
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Group
Is-Session-Tracking
Get-Access-Time
X-Unique-Id
Xkeynj
X-Uri
X-Policy
X-Micro-Cache
X-BE
X-Cache-Tag
SID
CDN
URI
X-PAGE-TYPE
X-SRV
DataCenter
X-Cache-Miss-From
X-Sedo-Request-Id
X-Requestid
HTTPS
X-MCACHE
X-Service
X-Fastly-Backend-Reqs
X-Lb-Id
X-SN
X-Request-Url
X-Pjax-Url
Backend
Pics-Label
X-NGINX-Cache
Lb
Cache-Provider
Www
X-Edge-IP
Xet-Cookie
X-Var-Ttl
X-Swift-Error
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-Instart-Isnd
Warning
X-Apw-Hits
Cneonction
X-Vct
X-Dw-Trace-Id
X-PF-Uncompressing
X-Cache-Expires
X-Cf-Powered-By
Correlation-Id
X-JWT-State
Host-ID
X-WA
X-Cdn-Request-ID
FNAC-ModuleRouting
Ohc-Response-Time
X-Has-Esi
X-Ecache
X-Is-Gdpr
Requestid
X-Newrelic-App-Data
X-Fe
X-Varnish-Action
X-Serial
X-Akamai-ERPolicy
X-RPS
X-RSL
X-Fpc
X-RPM
X-DW
X-DI
X-DSS
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-DB
X-Bug-Bounty
Lfy
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
X-ServerName
X-Flow-Id
X-Html-Edge-Cache