Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
EagleId
Grace
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Rq
X-Host
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
Surrogate-Control
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Vhost
X-DynaTrace
X-Country
X-TTL
X-Cdn
X-Cache-Lookup
X-Rack-Cache
Pinterest-Generated-By
X-Origin-Upstream-Status
X-Url
X-Clacks-Overhead
X-Ua-Compatible
NEL
X-FTR-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country-Code
X-Ruxit-JS-Agent
X-Dispatcher
X-Dns-Prefetch-Control
X-CST
X-HW
X-ORACLE-DMS-RID
X-Instart-Request-ID
X-Goog-Hash
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
X-DataStream-Cache-Status
X-DataDome
Edge-Control
X-PC
X-Vname
X-TtlSet
X-VARITI-CCR
X-Px
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-Recruiting
X-MS-InvokeApp
RTSS
X-Exp-Id
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Varnish-TTL
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
X-GitHub-Request-Id
X-Navigation-Version
X-SharePointHealthScore
X-SRCache-Store-Status
X-Sol
Display
Response
X-SRCache-Fetch-Status
X-Middleton-Display
X-Middleton-Response
X-Akam-SW-Version
X-Powered-By-Plesk
MS-Author-Via
X-B3-TraceId
X-RateLimit-Remaining
X-ESI
Charset
X-Forwarded-Proto
Realpath
DynaTrace
X-Shield-Request-Id
X-Powered-CMS
X-Amz-Rid
ServerID
X-Server-Name
X-Version
Public-Key-Pins
X-Upstream
Fastly-Restarts
X-Trace
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Nginx-Cache
X-Cached
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Shard
Content-MD5
X-Dw-Request-Base-Id
Accept-CH
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
Pagespeed
X-Grace
AR-Request-ID
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
Accept-Ch-Lifetime
X-Client-IP
X-Goog-Storage-Class
SPIisLatency
SPRequestDuration
X-DynaTrace-JS-Agent
S
X-Debug
X-Country-Code-Real
X-FTR-Realm
X-Id
X-FTR-Expires
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
Accept-Ch
X-Ezoic-Cdn
X-FastCGI-Cache
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Fastly-Request-ID
X-N
X-T
X-Amzn-Trace-Id
X-NF-Request-ID
X-Vcache
Arr-Disable-Session-Affinity
X-DIS-Request-ID
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Content-Type
MicrosoftSharePointTeamServices
X-Hits
X-XRDS-Location
X-B3-Sampled
X-FTR-Cache-Host
X-B3-Traceid
X-Acc-Meta-Resource-Type
X-Frontend
PB-RID
X-Varnish-Age
X-Mobile-Rewrite
Arc-Version
PB-PID
X-Ser
X-Logged-In
X-Content-Digest
Fastcgi-Cache
Server-Name
X-Correlation-Id
X-VCache
Alternate-Protocol
X-Cache-Key
X-Node-Name
X-Srv
Nel
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
X-Pad
FilterID
X-User-Agent
X-Type
TP-L2-Cache
TP-Cache
X-Rid
Powered
X-Kinsta-Cache
X-F-Cache
X-LB-Cache
X-Request-Processing-Time
X-IPLB-Instance
Healthy
Host
X-Request-Received
X-Amzn-RequestId
X-Zen-Fury
X-Cache-2
X-Amz-Apigw-Id
X-Forwarded-For
X-Revision
Powered-By-ChinaCache
X-Debug-Info
X-AOL-HN
Accept-CH-Lifetime
Edge-Cache-Tag
X-GUploader-UploadID
X-Via-JSL
X-Cached-By
X-Cache-Age
X-Analytics
Backend-Timing
X-AppVersion
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Activity-Id
X-Az
X-Hostname
X-HS-Content-Id
X-HS-Hub-Id
X-XRDS-LOCATION
X-Accel-Expires
X-Esi
X-Cache-Rule
Surrogate-Key
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-Instance
X-BCube-Filmed-By
Server-Node
X-PHP-Backend
X-Amz-Replication-Status
X-Page-Id
X-Content-Options
X-Signature
X-Request-Guid
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-B-Cache
X-Varnish-Grace
X-Content-Powered-By
X-Cluster
X-TT
X-Forwarded-Host
X-Akamai-Edgescape
X-Jobs
Refresh
Cache-Status
Cleartype
X-FB-Debug
X-App-Environment
Source
X-Framework
X-RateLimit-Limit
Liferay-Portal
X-FW-Static
X-FW-Hash
X-FW-Server
X-FW-Type
X-FW-Serve
X-Fastcgi-Cache
DC
Tracecode
X-ATG-Version
Accept-Charset
X-Varnish-Hostname
Access-Control-Allow-Method
Fastcgi-Useragent
Host-Header
X-APP-VERSION
X-Cache-Operation
WPE-Backend
X-Cache-Action
X-Mobile
X-Whom
X-Erf-Bev-Bev
X-Drupal-Cache-Tags
X-Cache-Control
X-Erf-Bev-Bev-Is-Generated
X-Time
X-Edge-Location
X-B
X-Hp-Webp
X-Accel-Buffering
X-App-Server
NGB
X-WA-Info
Payment
X-Mobile-URL
X-Response-Served-From
X-Storage
X-Cache-Hit
Actual-Object-TTL
X-TX-ID
X-WebKit-CSP-Report-Only
X-Git-Hash
X-Content-Age
X-Presslabs-Stats
Cache-Tv-Group
Cache-Tag
X-TT-TIMESTAMP
X-Handled-By
Filters
Retry-After
Upgrade-Insecure-Requests
X-Cacheable-TTL
X-NWS-LOG-UUID
X-Tumblr-Pixel-2
X-Oracle-Dms-Rid
X-Tumblr-Pixel-1
Viewport
Eomportal-Instance
X-RemovedCookies
X-Yottaa-Metrics
X-RequestSource
X-Adobe-Content
X-Adobe-Loc
X-Yottaa-Optimizations
X-Status
X-ProcessESI
X-GeoIP
X-SS-Set-Cookie
X-UA-Device-Type
MS-CV
X-Cache-TTL
X-Geo-Country
X-VG-WebCache
X-TA-CDN-Provider
X-FW-Dynamic
Webserver
X-Seen-By
X-Cache-TTL-Remaining
X-Server-ID
X-Host-Name
Xserver
Ms-Operation-Id
X-RTag
Datacenter
X-B3-Spanid
X-Cache-Enabled
X-FB-TRIP-ID
Frame-Options
Server-Info
Cache
X-Hyper-Cache
X-Ratelimit-Limit
From-Origin
X-Contextid
X-Origin-Server
X-Mode
S-Cnection
X-CF-Powered-By
SRV
X-Generated-By
Country
X-Tumblr-Pixel-3
X-Cache-Config
X-RN-RSRV
GEO-INFO
Machine
X-Cache-Var
X-Path-Route
Meta-Geo
X-ES-SERVER
X-Cache-Var-Map
Load-Balancing
X-Zipkin-Id
X-Access
X-Drupal-Cache-Contexts
Vix-Hermes-Req-Id
Cache-Key
X-Cache-Grace
X-Section
X-Routing-Service
X-Upstream-CT
X-MP-GENERATED-AT
X-Upstream-HT
X-Proxied
X-Backend-Name
CACHE
X-From
X-Hit
X-Human
X-Labrador-Cache-Channel
Decoy-Debug-Status
Decoy-Debug-Key
X-R9-Blue-Green-Version
X-TNCMS
ServedBy
X-Loop
X-Web-Node
Decoy-Debug-TTL
X-Cluster-Node
X-Varnish-Cache-Hits
X-Varnish-Server
X-Rule
X-Trace-Id
X-PCL
X-Origin-Response-Time
Rt-Fastcgi-Cache
X-Akamai-Request-ID
X-Magnolia-Registration
X-Upgrade-Enabled
X-OCL
X-Viewer-Country
X-VG-TLSProxy
Akamai-GRN
X-Region
Now
Cache-Name
X-Proxy-Build
X-Endurance-Cache-Level
X-EIG-Tracking-Id
X-Cache-Host
X-Generated
X-Site-Version
Mn-Server-Ip
X-Environment-Context
X-Via-Fastly
X-L-Path
X-NCache
X-Timing-Wait
X-FC-Vary-Parameters
X-Www-Served-By
X-Locale
X-Guploader-Uploadid
X-Proto
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Rendered-As
X-Debug-Cache
X-Hosted-By
X-NewRelic-App-Data
DB-Nickname
X-JoinUs
X-LJ-Flow-ID
X-Shopify-Stage
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-VWS-Id
X-ShardId
X-ShopId
X-AWS-Id
X-RateLimit-Reset
X-CCM
X-Ratelimit-Reset
X-S
Release
X-Device-Type
X-Xfnlog-Site
Version
X-Dc
DSUID
X-Time-Microsecs
We-Hiring
X-Load-Cache
ProcessTime
Uber-Trace-Id
X-Request-Time
X-RCS-CacheZone
OT-Force-Account-Verify
Mail-Subject
X-IP
X-Varnish-Hits
Time
NtCoent-Length
Azure-SiteName
Azure-InstanceId
Azure-RegionName
S-Rt
X-Akamai-Request-ID2
X-FW-Version
Azure-SlotName
Azure-Version
X-Wix-Request-Id
Webcakes-Region
X-Origin-Hint
TWC-Privacy
Cteonnt-Length
X-Origin
Webcakes-App-Version
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
Property-Id
Webcakes-App-Name
X-EdgeConnect-Cache-Status
X-Redis-Cache
NGX
X-PressLabs-Stats
X-VCT
X-ProxyCache-Status
X-UUID
X-No-Session
X-Nginx-Cache
X-BYPASS-REASON
X-UA
X-ProxyCache-Key
X-GEO
X-CDN-Forward
X-FireWall-Port
X-Via-CDN
X-Platform-Server
X-Proxy
X-ECACHE
X-Vgn-Hpd-Reason
X-Cache-NE
X-Rocket-Nginx-Bypass
X-Hl-Ver
X-PERF
X-ApacheServer
X-CS
X-Daa-Tunnel
X-HTML-Minification-Powered-By
X-Format
X-Cache-Server
Odigeo-Trace-Id
Origin
X-MServer
X-Akamai-Transformed
Ec-Rule-Version
X-IPS-LoggedIn
LB
X-ServerID
Accept-Language
X-Oneagent-Js-Injection
Cache-Tags
X-Distributor
X-UnsetCookies
X-Cache-Remote
X-Tb
X-Dynatrace-Js-Agent
Fastly-SSL
Access-Control-Request-Headers
X-Real-IP
X-Amzn-Remapped-Content-Length
X-Webkit-Csp
Hostname
Proxy-Connection
X-B3-Parentspanid
X-Unique-ID
Selected-Fe
X-Pubstack
X-NC
X-Microcachable
L5d-Success-Class
X-Compress-Hint
BehaviorPad-Version
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Mobile-Detection-Method
Meta-Geo-Continent
AsisCache
Cache-Cookie-Set-Lfrom
MD5-Digest
Arc-Country
Cache-Prefix
Content-Style-Type
Fastly-SWR
Fastly-SIE
Cross-Origin-Window-Policy
Content-Script-Type
Fly-Cache
GEO-REGION-INFO
Fly-Request-Id
Cdn-Host
Cdn-Request-Time
Node
Proxy-Firewall
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-A-Dam
X-Accel-Expires-Debug
X-Aed
X-Application
X-ARC
X-B-Cookie
X-AIR-PT
X-A-Ccd
X-A
REQUESTUUID
Rendered-Blocks
A
X-App-Name
Rt-Proxy-Cache
Server-ID
X-Cache-Bucket
VivaBuild
Viewtype
AKAMAI
X-D
X-Org
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Trv-Group
X-Rebelmouse-Cache-Control
X-Twitter-Response-Tags
X-Varnish-Cacheable
X-Internal-Host
X-Is-Bot
X-Level-Front-Cache
X-Varnish-Url
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-BACKEND-TTL
X-Rojux
X-S-Cookie
X-Server-Time
X-S-Maxage
X-SRCache-Key
X-SVT-ORM-RULES
X-Transaction
X-Request-UUID
X-SVT-ORM-VERSION
X-Rewrite-Enabled
X-Instart-Info
X-IN-APIGATEWAY
Fastcgi-X-Cache-Version
X-Date
X-Destination
X-ScT
Xc-Version
X-Connection-Hash
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cluster-Name
X-Developer
X-Detected-As
X-VG-WebServer
X-G
X-Generated-On
X-Geo-Header
X-Worker
X-External-Request-Id
X-Vtex-Remote-Cache
X-Edge-Server
X-Vtex-Processado-Em
X-DPWN-IS-SECURE
IBM-Web2-Location
Origin-Cache-Control
Origin-Edge-Control
X-ElasticPress-Search
X-URL
Served-By
X-Fastly-Cache
X-Location
X-Method
X-Qloud-Router
X-Nginx-Cache-Key
X-Backend-State
X-Distil-CS
X-Clientip
X-Cache-Info
X-Core-Mission
X-Developers
X-We-Are-Hiring
X-Cdn-Origin
X-TrackingId
Resin-Trace
Section-Io-Cache
X-Server-IP
Request-Time
Request-Country
On-Server
X-ServiceProvider
W
Gh-Request-Id
Server-Int
X-Sn-Servicetimems
X-Skip-Cache
Request-EU
Memcached
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-C
Backend-Name
Esi-Enabled
Countrycode
Apple-News-Services-Request-Url
Content-Disposition
X-Grey
ServerName
X-Cache-Category-Id
X-Request-URI
X-Auto-Login
X-Generation-Time
X-Reboot
User-Cache-Control
X-Swa-Ws
X-Thanos
True-Client-Country-4JS
UCS
X-Servername
X-SIPLIST1
Web-Mar-Node
X-Block-Status
X-Epic-Correlation-Id
X-Hnp-Log
X-HS-Cache-Config
X-Eu-Site
X-FPC
X-Gen-Mode
X-Gannett-Site-Version
X-GeoIP-Country-Code
X-HS-Combine-CSS
X-Irp-Debug
X-PHP-Host
X-Variation
X-Bip
X-Cache-Id
X-NX-Host
X-Debug-Log
X-Debug-Cookies
X-CGP
X-BBXSRF
X-Secret
X-Wikidot-Static-Cache
L
IsBot
N-Cache
Platform
Pramga
Powered-By
Is-Eu
Heartbleed
Country-Code
Fastly-Soc-X-Request-Id
CDCHOST
GW-Server
HA-Ipaddr
Ha-Gx-Prefs
Adler-Geo
X-Wikidot-Backend
RNT-Machine
X-Cache-Backend
RNT-Time
X-Urbn-Site-Id
X-SERVER
X-Urbn-Context-Path
Locale
X-LI-UUID
X-Matched-Rule
X-Cms-Context
X-LI-Proto
X-Li-Pop
X-Clara-WADP
Thinkindot-Control
X-VServer
X-Cache-FS-Status
X-Origin-Expires
X-Origin-Date
X-Thinkindot-L3
X-Li-Fabric
X-Crawler
X-Dispatch
X-Device-Os
Thinkindot-CacheControl
SS
X-Hash
X-Fetched-On
X-GeoIP-City
Thinkindot-CacheControl-Type
Server-Host
X-Key
X-Owner
Kp-EeAlive
X-TH-Server
X-CDN-Cache
X-WADP-Cache
X-Release
PFcat
X-Proxy-Upstream
X-Edge
X-Amz-Meta-Cache-Control
X-SD-PageType
X-Pf-Uncompressing
X-Request-Start
X-Response-By
X-Reqid
X-Azure-Ref
X-Azure-Ref-OriginShield
Wxu-Next-Commit
X-Nc
Who
X-VC-Cache
SD-X-WS
X-Webstats-RespID
X-Proxy-Cache-Status
Wxu-Next-Region
Wxu-Next-Hostname
X-WebServer
V-Age
CF-IPCountry
X-OVcl
X-FE
X-CUA
X-Dispatcher-Server
X-OVcl-Cache
X-SERVER-NAME
X-Varnish-Ttl
Magicmarker
X-Processor
X-Via-NSCOPI
X-ABtesting
X-Flog
User-Agent
X-Hello
X-Served-From
X-CLOUD-TRACE-CONTEXT
X-Powered-By-Defense
X-Via-SSL
PageSpeed
X-Parent-Response-Time
X-Via-Edge
X-LAGOON
X-Ratelimit-Remaining
X-Be
Memory
X-Backend-Host
X-Backend-Url
X-Varnish-Beresp-Ttl
X-Generated-In
Pagetype
X-ND-Cache
X-User
X-Up
Mime-Version
X-MSEdge-Features
X-Protected-By
X-GoCache-CacheStatus
X-Tt-Trace-Tag
X-MSEdge-Flight
X-Newrelic-Synthetics
X-Ua
X-Page-Type
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Debug-Cache-Store
X-Planisys-CDN-TTL
X-Soup
Pragrma
X-Debug-Cache-Expiry
X-Ttl
X-COUNTRY
X-Debug-Cache-Fetch
X-Fstrz
X-Geo
X-Origin-TTL
X-Backend-TTL
X-ZONE
X-Origin-CC
Cache-Hits
Geoip-Latitude
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
Geoip-City
X-Oss-Server-Time
X-Check-Cacheable
X-Oss-Object-Type
X-Cache-Ttl
X-Oss-Request-Id
GeoIp-Country-Code
X-Akamai-SSL-Client-Sid
Dynatrace
X-SayCDN-TTL
X-B3-SpanId
X-Say-TTL
X-Say-Cacheable
X-Zone
X-Core-Value
X-Phone
X-IN-WAF
X-Old-Content-Length
XServer
X-Litespeed-Cache
X-FORWARDED-FOR
X-Servedbyhost
X-Cache-Time
X-Varnish-Beresp-Grace
X-CSRF-TOKEN
X-TT-LOGID
X-Varnish-Beresp-Status
X-Cdn-Forward
X-DC
WZWS-RAY
Cdn
Fastly-Backend-Name
X-HS-Status
SN
Ajk
X-Logtrace-Id
X-VCL-Version
X-Aicache-OS
X-BC
X-Datadome
X-IN-APIGATEWAYSSL
Inserted-Into-Cache-At
X-Node-Id
X-Ruxit-Js-Agent
X-Birta-Served
X-MID
X-Birta-Cache-Post
Amp-Access-Control-Allow-Source-Origin
X-Mid
X-UPSTREAM-Address
FSS-Cache
X-Vcl-Version
FSS-Proxy
X-EC-Lua
Selected-FE
X-ServedByHost
X-Tb-Optimization-Total-Bytes-Saved
X-Amzn-Remapped-Connection
X-Tec-Api-Version
X-Varnish-IP
X-APP
X-Amzn-Remapped-Date
X-Info
X-Wa
X-Tec-Api-Origin
X-Tec-Api-Root
X-Real-Ip
X-Refresh
CF-Cached-On
Server-Surrogate-Control
X-RateLimit-Limit-Second
X-Source
HostName
X-Cache-ASPX
Xkeyrz
X-Varnish-Authentication
Server-Cache-Control
HitType
X-Proxy-Cacherz
X-Contensis-Viewer-Groups
X-RateLimit-Remaining-Second
X-TIME
T-Server
X-PJAX-URL
PICS-Label
X-Agile-Age
X-Agile
MIME-Version
X-Cache-Debug
X-Agile-Id
RequestId
X-Bc
Srv
X-CSRF-Token
X-GDPR
X-Render-Time
Ohc-File-Size
X-Nananana
X-SRV
X-App-Version
X-LiteSpeed-Cache-Control
Ohc-Cache-HIT
X-WR-MODIFICATION
X-Via-Ucdn
GeoIP-Country-Code
X-LB-ID
X-ECache
WebServer
X-NWS-UUID-VERIFY
GeoIP-City
X-Policy
SID
DataCenter
GeoIP-Latitude
X-Web-Server
Cf-Ipcountry
X-Varnish-Beresp-TTL
X-Fastly-Country-Code
Xkeynj
X-Uri
URI
Get-Access-Time
X-Unique-Id
X-PAGE-TYPE
X-Cache-Tag
X-Micro-Cache
Is-Session-Tracking
X-CACHE-KEY
X-Sedo-Request-Id
X-BE
X-Cache-Miss-From
X-Service
X-NGINX-Cache
X-Requestid
X-Fastly-Backend-Reqs
CDN
Group
X-GRACE
X-MCACHE
HTTPS
Cache-Provider
X-Request-Url
X-Lb-Id
Xet-Cookie
X-NGENIX-Cache
Backend
X-Has-Esi
X-Is-Gdpr
Pics-Label
Lb
X-Pjax-Url
X-Edge-IP
X-SN
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Vct
Cneonction
X-Swift-Error
Ohc-Response-Time
X-JWT-State
X-Var-Ttl
Www
X-Dw-Trace-Id
Warning
X-Ecache
Correlation-Id
Host-ID
X-Instart-Isnd
FNAC-ModuleRouting
X-Cf-Powered-By
X-Cdn-Request-ID
X-WA
X-Cache-Expires
X-Newrelic-App-Data
X-Bug-Bounty
X-Serial
X-Fe
X-RPS
X-DB
X-DI
X-DSS
X-Html-Edge-Cache
X-Zalando-Child-Request-Id
X-Flow-Id
X-Page-Impression-Id
Requestid
X-DW
X-RPM
X-PF-Uncompressing
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-ServerName
X-Fastly-Cache-Hits
X-RSL
X-Fpc
Lfy