Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
P3p
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
Timing-Allow-Origin
X-FRAME-OPTIONS
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Hacker
X-Proxy-Cache
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Ua-Compatible
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Ac
Report-To
X-Rq
Content-Location
X-OneAgent-JS-Injection
X-Node
X-Server-Id
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
EagleEye-TraceId
X-Cloud-Trace-Context
X-Application-Context
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Url
X-DynaTrace
X-Cdn
X-Ruxit-JS-Agent
X-Vhost
X-Rack-Cache
X-Clacks-Overhead
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-Origin-Upstream-Status
NEL
X-TTL
X-CST
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Country-Code
X-HW
Rating
X-Dns-Prefetch-Control
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
X-Px
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-Vname
X-TtlSet
X-PC
X-VARITI-CCR
Service-Worker-Allowed
X-MS-InvokeApp
X-Mod-Pagespeed
SPRequestGuid
Verso
X-ESI
X-B3-TraceId
X-DataDome
X-Request-ID
X-Recruiting
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Server-Name
X-RateLimit-Remaining
TCN
X-Powered-By-Plesk
DynaTrace
X-Navigation-Version
Display
X-Middleton-Response
X-Middleton-Display
Response
X-Sol
X-GitHub-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Accept-Ch-Lifetime
RTSS
X-Server-ID
Content-MD5
Charset
X-Akam-SW-Version
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
MS-Author-Via
X-Amz-Rid
X-Shield-Request-Id
Realpath
ServerID
AR-Request-ID
X-Trace
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Dw-Request-Base-Id
X-Goog-Stored-Content-Length
X-Cached
X-DynaTrace-JS-Agent
X-Powered-CMS
X-Version
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Nginx-Cache
X-Forwarded-Proto
X-Shard
SPIisLatency
SPRequestDuration
X-Upstream
Pagespeed
X-Goog-Storage-Class
X-Upstream-Proxy
Public-Key-Pins
Pinterest-Version
X-Pinterest-Rid
Accept-CH
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Client-IP
X-MSEdge-Ref
Access-Control-Request-Method
Fastly-Restarts
Paypal-Debug-Id
S
X-VCache
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-Ezoic-Cdn
Accept-Ch
X-Id
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-DC
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Expires
X-DIS-Request-ID
X-T
X-Fastly-Request-ID
X-N
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Ser
Alternate-Protocol
Arc-Version
PB-PID
X-Mobile-Rewrite
PB-RID
Arr-Disable-Session-Affinity
X-Varnish-Age
X-NF-Request-ID
X-Hits
Fastcgi-Cache
Front-End-Https
X-B3-Sampled
X-Content-Type
X-Acc-Meta-Resource-Type
X-Amzn-Trace-Id
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-Grace
Server-Name
X-Content-Digest
X-Pad
X-Srv
Host
X-Forwarded-For
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
Nel
X-Node-Name
X-Request-Handler-Origin-Region
X-Microsite
FilterID
Powered-By-ChinaCache
X-Correlation-Id
TP-Cache
TP-L2-Cache
Healthy
X-LB-Cache
X-Debug-Info
X-Fastcgi-Cache
X-Type
Edge-Cache-Tag
X-Rid
X-Kinsta-Cache
X-AOL-HN
X-IPLB-Instance
X-User-Agent
X-Request-Received
X-Request-Processing-Time
X-GUploader-UploadID
X-Vcache
X-Cached-By
X-Cache-2
X-HS-Hub-Id
X-HS-Content-Id
X-Hostname
X-Cache-Rule
X-Revision
X-F-Cache
Surrogate-Key
Powered
X-XRDS-LOCATION
X-Accel-Expires
X-RateLimit-Limit
X-Zen-Fury
X-Cache-Age
Backend-Timing
X-Analytics
X-Page-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-BCube-Filmed-By
X-Cache-Key
X-Content-Options
X-Content-Security-Policy-Report-Only
X-Varnish-Grace
X-Jobs
Source
X-FB-Debug
X-Cluster
Cache-Status
X-Request-Guid
X-Varnish-Backend
X-Content-Powered-By
X-PHP-Backend
X-Amz-Replication-Status
X-Kong-Upstream-Latency
X-Instance
X-Kong-Proxy-Latency
X-TT
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
Cleartype
X-Framework
X-Activity-Id
X-AppVersion
Tracecode
X-Az
X-App-Environment
WPE-Backend
X-Akamai-Edgescape
X-Varnish-Hostname
X-Via-JSL
Server-Node
Host-Header
X-Forwarded-Host
Refresh
X-Cache-TTL
X-Mobile
X-Cache-Operation
X-NWS-LOG-UUID
X-Cache-Control
X-ATG-Version
X-FW-Server
X-FW-Type
X-FW-Static
X-Time
Actual-Object-TTL
X-B-Cache
X-Signature
X-FW-Hash
X-FW-Serve
X-Drupal-Cache-Tags
Accept-Charset
X-Cache-Action
X-B3-Traceid
DC
Liferay-Portal
X-Edge-Location
Access-Control-Allow-Method
Upgrade-Insecure-Requests
X-App-Server
X-Cache-Hit
X-Accel-Buffering
X-Whom
X-TA-CDN-Provider
X-Response-Served-From
Payment
X-Hp-Webp
X-Mobile-URL
X-TX-ID
X-Storage
X-Content-Age
Fastcgi-Useragent
X-UA-Device-Type
X-TT-TIMESTAMP
X-VG-WebCache
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-WebKit-CSP-Report-Only
X-RequestSource
X-GeoIP
X-Cacheable-TTL
X-SS-Set-Cookie
Filters
X-Handled-By
Cache
X-Adobe-Loc
Eomportal-Instance
Server-Info
X-Adobe-Content
X-B
Viewport
Cache-Tv-Group
Xserver
X-ProcessESI
X-Ratelimit-Reset
X-Git-Hash
X-RemovedCookies
X-Tumblr-Pixel-2
X-Geo-Country
X-Tumblr-Pixel-1
X-WA-Info
X-FB-TRIP-ID
Cache-Tag
X-Cache-TTL-Remaining
Datacenter
Webserver
X-Cache-Enabled
X-Status
Retry-After
NGB
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Contextid
X-Seen-By
S-Cnection
X-FW-Dynamic
X-Presslabs-Stats
X-Ratelimit-Limit
X-CF-Powered-By
X-Host-Name
X-APP-VERSION
X-Mode
X-Origin-Server
X-Rendered-As
X-Varnish-Hits
Accept-CH-Lifetime
Country
X-Magnolia-Registration
Machine
Load-Balancing
X-LJ-Flow-ID
X-Cache-Var
X-VCT
X-AWS-Id
X-Daa-Tunnel
X-Path-Route
X-RN-RSRV
Meta-Geo
X-Cache-Config
X-PressLabs-Stats
X-Cache-Var-Map
X-VWS-Id
X-ES-SERVER
MS-CV
Vix-Hermes-Req-Id
X-Labrador-Cache-Channel
X-Human
X-Upstream-HT
Mail-Subject
X-Upstream-CT
X-Cache-Grace
X-Real-IP
We-Hiring
GEO-INFO
DSUID
From-Origin
Release
X-Cache-Host
Cache-Key
X-Loop
X-OCL
ServedBy
Mn-Server-Ip
X-Zipkin-Id
X-Access
X-Section
X-From
X-Web-Node
X-Device-Type
X-PCL
X-Proxied
X-Debug-Cache
X-Cache-NE
X-RCS-CacheZone
Frame-Options
X-TNCMS
X-EIG-Tracking-Id
X-Routing-Service
X-Varnish-Server
Now
OT-Force-Account-Verify
X-Varnish-Cache-Hits
X-Origin-Response-Time
X-Viewer-Country
X-R9-Blue-Green-Version
X-ProxyCache-Status
X-ProxyCache-Key
X-CCM
X-Proto
X-BYPASS-REASON
X-Akamai-Request-ID
X-Rule
X-MP-GENERATED-AT
X-Backend-Name
X-VG-TLSProxy
X-Upgrade-Enabled
Uber-Trace-Id
Rt-Fastcgi-Cache
X-Esi
X-Hyper-Cache
X-Hit
X-JoinUs
X-Proxy-Build
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
NGX
X-Cluster-Node
X-FC-Vary-Parameters
X-Region
X-Timing-Wait
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Xfnlog-Site
X-Alternate-Cache-Key
X-S
X-Tumblr-Pixel-3
X-L-Path
X-Hosted-By
Decoy-Debug-Key
Decoy-Debug-TTL
X-Guploader-Uploadid
X-Platform-Server
X-Redis-Cache
Decoy-Debug-Status
Akamai-GRN
X-Cache-Remote
Cache-Name
X-UUID
X-Environment-Context
X-NCache
X-Via-Fastly
X-Endurance-Cache-Level
X-Trace-Id
X-Generated-By
X-Nginx-Cache
X-Www-Served-By
X-RTag
X-Site-Version
X-Locale
Ms-Operation-Id
X-Hl-Ver
DB-Nickname
X-MServer
X-ECACHE
X-Vgn-Hpd-Reason
X-Drupal-Cache-Contexts
X-NewRelic-App-Data
Cteonnt-Length
X-ServerID
X-GRACE
X-Rocket-Nginx-Bypass
X-Load-Cache
X-EdgeConnect-Cache-Status
ProcessTime
X-Ttl
X-Request-Time
X-IPS-LoggedIn
X-Wix-Request-Id
X-IP
L5d-Success-Class
Time
X-Litespeed-Cache
X-Time-Microsecs
X-Via-CDN
Version
X-Cache-Backend
X-Dc
X-GEO
Served-By
X-Origin
S-Rt
X-Unique-ID
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
Property-Id
NtCoent-Length
TWC-Connection-Speed
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Privacy
X-Origin-Hint
Origin
X-Microcachable
X-Proxy
X-Distributor
Origin-Cache-Control
Origin-Edge-Control
X-FireWall-Port
Fastcgi-X-Cache-Version
X-No-Session
X-B3-Spanid
Fastly-SSL
X-Oneagent-Js-Injection
X-Datadome
Azure-RegionName
Azure-SlotName
X-FW-Version
Azure-Version
Azure-SiteName
X-Grey
Azure-InstanceId
X-Cache-Category-Id
CACHE
X-Cache-Server
X-Pubstack
Access-Control-Request-Headers
X-RateLimit-Reset
X-Via-NSCOPI
X-BACKEND-TTL
X-Nc
X-Is-Bot
X-UA
X-Detected-As
SRV
Hostname
IBM-Web2-Location
Odigeo-Trace-Id
X-PERF
X-ApacheServer
X-Webkit-Csp
X-Ua
X-HTML-Minification-Powered-By
Cache-Tags
X-Format
X-Powered-By-Defense
X-CS
X-Edge
Proxy-Connection
Backend-Name
X-Cdn-Forward
X-Varnish-Cacheable
X-Akamai-Transformed
Request-Country
Rendered-Blocks
Request-EU
MD5-Digest
Cdn-Request-Time
Cdn-Host
Content-Script-Type
Content-Style-Type
Cross-Origin-Window-Policy
Cache-Prefix
Cache-Cookie-Set-Lfrom
AsisCache
BehaviorPad-Version
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Ec-Rule-Version
Fastly-SIE
Request-Time
Meta-Geo-Continent
Mobile-Detection-Method
Node
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
Fly-Cache
Fly-Request-Id
GEO-REGION-INFO
Proxy-Firewall
X-ARC
X-IN-APIGATEWAY
X-HS-Combine-CSS
X-Instart-Info
X-ND-Cache
X-NX-Host
X-NU-AKA-ACS-Version
X-HS-Cache-Config
X-G
X-Twitter-Response-Tags
X-Developer
X-DPWN-IS-SECURE
X-Edge-Server
X-External-Request-Id
X-Eu-Site
X-Org
X-PAYTM-SRV-ID
X-S-Maxage
X-S-Cookie
X-ScT
X-Server-Time
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Rojux
X-Rebelmouse-Cache-Control
X-Processor
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Rewrite-Enabled
X-Request-UUID
X-Destination
X-Debug-Log
X-Accel-Expires-Debug
X-A-Wwc
X-Aed
Xc-Version
X-App-Name
X-AIR-PT
X-A-Dgt
X-A-Dcw
ServerName
Server-ID
Viewtype
X-A
X-A-Dam
X-A-Ccd
X-Worker
X-Application
X-Connection-Hash
X-Vtex-Processado-Em
X-D
X-VG-WebServer
X-Debug-Cookies
X-Date
Arc-Country
X-Cluster-Name
X-Cache-Bucket
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Vtex-Remote-Cache
X-CGP
Rt-Proxy-Cache
VivaBuild
A
Server-Host
Section-Io-Cache
RNT-Time
X-Request-URI
X-Reqid
Apple-News-Services-Request-Url
X-Qloud-Router
True-Client-Country-4JS
RNT-Machine
Resin-Trace
Mime-Version
X-ServiceProvider
Is-Eu
X-Server-IP
X-B3-Parentspanid
Platform
On-Server
X-PHP-Host
X-Key
X-Clientip
X-Generated-On
X-Geo-Header
X-Core-Mission
X-Fastly-Cache
X-Dispatcher-Server
PageSpeed
X-Epic-Correlation-Id
X-Cdn-Srv
X-Cdn-Origin
X-Backend-State
X-Irp-Debug
X-Sn-Servicetimems
X-Hash
X-GeoIP-Country-Code
X-Cache-Info
X-Cache-Id
X-Level-Front-Cache
Server-Int
X-C
Apple-News-Services-Parsed-Url
X-TH-Server
X-Internal-Host
Apple-News-Services-Host
Apple-News-Services-Handled
Adler-Geo
Country-Code
Countrycode
X-Variation
X-Tb
X-UnsetCookies
X-Compress-Hint
X-Wikidot-Static-Cache
X-CDN-Cache
Wxu-Next-Region
X-Protected-By
V-Age
User-Cache-Control
X-Reboot
Web-Mar-Node
Wxu-Next-Commit
Who
Wxu-Next-Hostname
X-Wikidot-Backend
X-LI-Proto
X-Amz-Meta-Cache-Control
X-Li-Pop
X-Li-Fabric
X-BBXSRF
X-WebServer
X-LI-UUID
X-Location
CDCHOST
X-We-Are-Hiring
X-Hnp-Log
X-Method
X-Block-Status
Content-Disposition
X-Gen-Mode
X-SD-PageType
X-Served-From
X-Crawler
UCS
REQUESTUUID
X-ElasticPress-Search
PFcat
X-SVT-ORM-VERSION
Memcached
X-Servername
X-Swa-Ws
X-Distil-CS
X-Fetched-On
X-Response-By
IsBot
X-B3-SpanId
X-SVT-ORM-RULES
X-Device-Os
X-Request-Start
X-Developers
AKAMAI
SD-X-WS
X-Akamai-Request-ID2
X-Fstrz
X-SIPLIST1
X-Bip
X-GeoIP-City
Pragrma
X-Generation-Time
Powered-By
X-Gannett-Site-Version
X-Cms-Context
Esi-Enabled
X-Thinkindot-L3
X-Parent-Response-Time
X-Via-Edge
X-Dispatch
SS
Fastly-Soc-X-Request-Id
X-Secret
Pramga
X-Skip-Cache
Heartbleed
GW-Server
Gh-Request-Id
X-Thanos
X-Webstats-RespID
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Nginx-Cache-Key
X-Origin-Date
X-Owner
X-Origin-Expires
X-VServer
Thinkindot-Control
X-Via-SSL
X-Release
X-Matched-Rule
X-CDN-Forward
LB
X-VC-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Auto-Login
X-Cache-FS-Status
X-Varnish-Ttl
X-NC
X-Be
X-Phone
W
X-Birta-Cache-Post
X-App-Version
X-OVcl-Cache
X-FPC
X-CLOUD-TRACE-CONTEXT
X-OVcl
X-Birta-Served
X-IN-WAF
X-Core-Value
X-Azure-Ref-OriginShield
X-CUA
X-Azure-Ref
X-Origin-TTL
X-Origin-CC
X-Ratelimit-Remaining
X-CACHE-KEY
X-Varnish-Url
X-Varnish-IP
CF-IPCountry
HitType
Selected-FE
Accept-Language
X-WADP-Cache
Memory
X-Clara-WADP
L
X-LAGOON
X-Info
X-Varnish-Beresp-Ttl
X-Page-Type
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Geo
X-DC
Kp-EeAlive
X-TrackingId
X-FE
N-Cache
X-URL
X-Source
Cdn
User-Agent
X-Dynatrace-Js-Agent
Selected-Fe
X-Varnish-Beresp-Status
X-Pf-Uncompressing
X-Varnish-Beresp-Grace
X-Oracle-Dms-Rid
X-Web-Server
X-Urbn-Context-Path
X-Amzn-Remapped-Content-Length
Locale
X-Zone
X-Urbn-Site-Id
X-Agile
X-Agile-Id
Magicmarker
X-Agile-Age
X-Cache-Debug
X-HS-Status
X-TT-LOGID
X-Servedbyhost
X-ABtesting
X-Refresh
X-Hello
X-Flog
X-Newrelic-Synthetics
X-User
Pagetype
X-Backend-TTL
X-Generated-In
GeoIp-Country-Code
Geoip-Latitude
Geoip-City
X-MID
X-Mid
X-Aicache-OS
X-Real-Ip
X-Check-Cacheable
X-ZONE
CF-Cached-On
SN
X-GoCache-CacheStatus
X-Vcl-Version
X-Backend-Host
X-Soup
X-Up
X-Backend-Url
Amp-Access-Control-Allow-Source-Origin
Ohc-File-Size
Ohc-Cache-HIT
X-NWS-UUID-VERIFY
X-Ruxit-Js-Agent
X-Debug-Cache-Expiry
X-Tt-Trace-Tag
FSS-Cache
FSS-Proxy
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-APP
X-MSEdge-Features
X-VCL-Version
X-MSEdge-Flight
X-Tb-Optimization-Total-Bytes-Saved
Group
GeoIP-Country-Code
HTTPS
X-UPSTREAM-Address
X-ServedByHost
Srv
GeoIP-City
GeoIP-Latitude
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
WZWS-RAY
X-EC-Lua
HostName
X-SN
Server-Surrogate-Control
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-ASPX
X-BC
Server-Cache-Control
RequestId
Www
Backend
Cf-Ipcountry
X-SERVER-NAME
X-Say-TTL
X-Say-Cacheable
X-Old-Content-Length
X-Via-Ucdn
X-SayCDN-TTL
Lb
X-Instart-Isnd
X-COUNTRY
X-CSRF-Token
X-Akamai-SSL-Client-Sid
X-Bc
X-NGENIX-Cache
X-Cache-Expires
X-Varnish-Beresp-TTL
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Host-ID
X-Nananana
X-Proxy-Cacherz
Xkeyrz
X-ECache
X-PF-Uncompressing
Cache-Hits
X-Dynatrace
XServer
X-Cache-Ttl
WebServer
Requestid
X-Cache-Tag
X-Node-Id
Epwk-Cache
X-Request-Url
URI
Fastly-Backend-Name
X-Varnish-Action
Fastcgi-X-Cache
X-CSRF-TOKEN
X-WR-MODIFICATION
Xkeynj
X-FORWARDED-FOR
Get-Access-Time
Is-Session-Tracking
X-IN-APIGATEWAYSSL
X-Logtrace-Id
X-TIME
Inserted-Into-Cache-At
X-PAGE-TYPE
Ajk
X-Fastly-Backend-Reqs
X-Unique-Id
X-Fastly-Country-Code
X-MCACHE
X-AssetVersion
X-Correlation-ID
X-Requestid
X-Sedo-Request-Id
X-Cache-Time
X-Edge-IP
X-Cache-Miss-From
X-LiteSpeed-Cache-Control
Dynatrace
X-Svr
X-RateLimit-Limit-Second
FNAC-ModuleRouting
X-Var-Ttl
Pics-Label
X-Wa
X-Pjax-Url
X-Sf
Cneonction
X-RateLimit-Remaining-Second
DataCenter
Xet-Cookie
X-SRV
X-Swift-Error
Cache-Provider
X-Fastly-Cache-Hits
Correlation-Id
X-BE
CDN
X-Lb-Id
X-NGINX-Cache
X-Dw-Trace-Id
X-Fpc
X-Apw-Access-Object
X-WA
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Action
T-Server
X-RSL
X-RPS
X-ServerName
X-GDPR
X-PJAX-URL
X-LB-ID
PICS-Label
X-RPM
X-Akamai-ERRuleID
X-Html-Edge-Cache
Sid
Lfy
Warning
X-WPE-Loopback-Upstream-Addr
RequestUuid
X-Alicdn-Da-Ups-Status
Ohc-Response-Time
X-LiteSpeed-Tag
X-Bug-Bounty
X-Policy
X-DB
X-DI
X-DSS
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-Akamai-ERPolicy
X-App
X-Flow-Id
X-DW