Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Id
Ali-Swift-Global-Savetime
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Rq
X-Ac
X-Node
X-Request-ID
Content-Location
X-OneAgent-JS-Injection
X-Response-Time
X-Cnection
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Surrogate-Control
Allow
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-Cdn
X-TTL
X-Cache-Lookup
X-Ua-Compatible
X-Rack-Cache
X-Origin-Upstream-Status
Pinterest-Generated-By
X-Url
X-Clacks-Overhead
X-FTR-Request-ID
Rating
X-Dns-Prefetch-Control
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
NEL
X-Dispatcher
X-ORACLE-DMS-RID
X-CST
X-HW
X-Instart-Request-ID
X-Goog-Hash
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
X-DataStream-Cache-Status
X-PC
X-TtlSet
X-Vname
Edge-Control
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-Use-Magma
X-Kinja
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Varnish-TTL
RTSS
X-D2id
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
TCN
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-GitHub-Request-Id
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-B3-TraceId
X-Akam-SW-Version
Response
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
DynaTrace
X-Powered-By-Plesk
X-ESI
X-RateLimit-Remaining
MS-Author-Via
X-Forwarded-Proto
Realpath
Charset
X-Shield-Request-Id
ServerID
X-Amz-Rid
X-Powered-CMS
X-Server-Name
X-Trace
Ar-Sid
AR-PoweredBy
AR-ATIME
X-Upstream
AR-CACHE
X-Version
Nginx-Cache
X-Cached
X-TEC-API-VERSION
X-TEC-API-ROOT
Fastly-Restarts
X-TEC-API-ORIGIN
Content-MD5
Public-Key-Pins
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Dw-Request-Base-Id
X-Goog-Stored-Content-Encoding
X-Shard
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Grace
AR-Request-ID
Accept-Ch-Lifetime
Access-Control-Request-Method
Accept-CH
Pagespeed
Paypal-Debug-Id
X-MSEdge-Ref
X-DynaTrace-JS-Agent
SPRequestDuration
SPIisLatency
X-Client-IP
Accept-Ch
X-Goog-Storage-Class
S
X-Debug
X-FTR-DC
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Balancer
X-Id
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-N
X-Amz-Meta-S3cmd-Attrs
X-Fastly-Request-ID
X-FastCGI-Cache
X-T
Front-End-Https
X-Amzn-Trace-Id
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-Pinterest-Rid
X-DIS-Request-ID
X-Content-Type
Pinterest-Version
X-Upstream-Proxy
MicrosoftSharePointTeamServices
X-Hits
X-Vcache
X-B3-Sampled
X-FTR-Cache-Host
Nel
X-Ser
Arc-Version
X-Varnish-Age
PB-PID
X-Mobile-Rewrite
PB-RID
X-Frontend
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-Logged-In
X-XRDS-Location
X-Content-Digest
Server-Name
X-Correlation-Id
X-B3-Traceid
X-VCache
Alternate-Protocol
X-Cache-Key
X-Srv
X-Node-Name
X-Pad
X-Microsite
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
FilterID
TP-Cache
TP-L2-Cache
X-Forwarded-For
X-Rid
X-Type
X-User-Agent
X-LB-Cache
X-Kinsta-Cache
Healthy
X-XRDS-LOCATION
Host
X-Request-Received
X-Request-Processing-Time
X-IPLB-Instance
X-F-Cache
Powered
X-Zen-Fury
X-Amzn-RequestId
X-Amz-Apigw-Id
Powered-By-ChinaCache
X-Cache-2
Edge-Cache-Tag
X-AOL-HN
X-Revision
X-Debug-Info
X-Cached-By
X-Analytics
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Backend-Timing
X-Via-JSL
X-GUploader-UploadID
X-Activity-Id
X-Cache-Age
X-HS-Hub-Id
X-Az
X-HS-Content-Id
X-AppVersion
X-Hostname
Accept-CH-Lifetime
X-Cache-Rule
X-Accel-Expires
Surrogate-Key
X-Varnish-Backend
X-Page-Id
X-BCube-Filmed-By
X-Content-Options
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-PHP-Backend
X-Cluster
VIX-Pulpo-Node
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
X-Tumblr-User
X-FB-Debug
X-Jobs
X-Varnish-Grace
X-Instance
X-Content-Security-Policy-Report-Only
X-App-Environment
X-Amz-Replication-Status
Cache-Status
Cleartype
X-Akamai-Edgescape
X-TT
X-Request-Guid
Server-Node
X-Esi
X-Signature
X-B-Cache
X-Fastcgi-Cache
Refresh
X-Forwarded-Host
Source
X-Framework
X-FW-Type
X-FW-Static
Liferay-Portal
X-FW-Hash
X-FW-Server
X-FW-Serve
DC
X-RateLimit-Limit
X-Varnish-Hostname
Tracecode
X-ATG-Version
Accept-Charset
Fastcgi-Useragent
Access-Control-Allow-Method
Host-Header
X-Time
X-APP-VERSION
X-Mobile
X-Cache-Operation
X-Cache-Action
WPE-Backend
X-Drupal-Cache-Tags
X-Cache-Control
X-Whom
X-Edge-Location
X-B
X-Presslabs-Stats
X-Accel-Buffering
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Hp-Webp
X-WA-Info
X-Response-Served-From
X-App-Server
NGB
X-Mobile-URL
Payment
X-Cache-Hit
Actual-Object-TTL
Filters
X-Content-Age
X-TX-ID
X-Git-Hash
X-Yottaa-Optimizations
X-Cacheable-TTL
Upgrade-Insecure-Requests
X-Yottaa-Metrics
X-WebKit-CSP-Report-Only
X-Storage
X-Handled-By
Cache-Tv-Group
Cache-Tag
X-GeoIP
X-RequestSource
X-UA-Device-Type
X-TT-TIMESTAMP
Viewport
Eomportal-Instance
X-ProcessESI
X-RemovedCookies
X-Tumblr-Pixel-1
X-Cache-TTL
X-Adobe-Content
X-SS-Set-Cookie
X-Adobe-Loc
X-Tumblr-Pixel-2
Retry-After
X-NWS-LOG-UUID
X-Status
X-TA-CDN-Provider
X-Geo-Country
X-VG-WebCache
MS-CV
X-Ratelimit-Limit
X-FW-Dynamic
Webserver
X-Cache-TTL-Remaining
X-Server-ID
X-Seen-By
Xserver
Datacenter
X-FB-TRIP-ID
X-Oracle-Dms-Rid
Ms-Operation-Id
X-Host-Name
X-RTag
X-Cache-Enabled
Server-Info
X-B3-Spanid
Frame-Options
Cache
X-Contextid
From-Origin
X-Hyper-Cache
X-Generated-By
X-Origin-Server
X-Mode
Country
X-CF-Powered-By
S-Cnection
Machine
X-Path-Route
CACHE
X-ES-SERVER
Meta-Geo
X-Tumblr-Pixel-3
GEO-INFO
X-RN-RSRV
X-Cache-Var
Load-Balancing
X-Cache-Var-Map
X-Upstream-CT
X-Access
X-MP-GENERATED-AT
X-Upstream-HT
X-Routing-Service
X-Varnish-Server
X-Zipkin-Id
X-Cache-Config
X-Drupal-Cache-Contexts
X-Proxied
X-Section
X-From
Rt-Fastcgi-Cache
X-EIG-Tracking-Id
Vix-Hermes-Req-Id
X-Hit
X-Human
X-Backend-Name
X-Labrador-Cache-Channel
X-Alternate-Cache-Key
Now
X-Loop
X-Varnish-Cache-Hits
X-ShopId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Guploader-Uploadid
X-R9-Blue-Green-Version
X-TNCMS
X-OCL
X-Upgrade-Enabled
X-PCL
X-Dc
X-Magnolia-Registration
X-Debug-Cache
Mn-Server-Ip
X-Endurance-Cache-Level
X-Timing-Wait
Decoy-Debug-Status
X-Cluster-Node
Decoy-Debug-Key
Cache-Name
X-VG-TLSProxy
X-AWS-Id
X-Cache-Host
X-Origin-Response-Time
X-LJ-Flow-ID
Decoy-Debug-TTL
SRV
X-Via-Fastly
X-Rule
X-Ratelimit-Reset
X-Proxy-Build
X-Viewer-Country
X-RateLimit-Reset
X-Web-Node
X-Akamai-Request-ID
X-VWS-Id
Akamai-GRN
X-S
Cache-Key
Mail-Subject
OT-Force-Account-Verify
DSUID
DB-Nickname
We-Hiring
X-Device-Type
X-JoinUs
X-Hosted-By
X-Site-Version
X-L-Path
X-Proto
X-NCache
X-Locale
X-Trace-Id
X-Region
X-Generated
X-CCM
Release
X-Cache-Grace
X-Rendered-As
X-FC-Vary-Parameters
X-Environment-Context
X-Xfnlog-Site
X-Www-Served-By
X-RCS-CacheZone
X-Goog-Meta-Goog-Reserved-File-Mtime
ServedBy
Version
X-Varnish-Hits
X-Request-Time
X-Load-Cache
ProcessTime
Uber-Trace-Id
X-NewRelic-App-Data
X-IP
X-Time-Microsecs
Time
X-VCT
NtCoent-Length
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Cteonnt-Length
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
S-Rt
Property-Id
X-ProxyCache-Key
X-ProxyCache-Status
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Nginx-Cache
Azure-Version
Azure-SlotName
X-FW-Version
TWC-Device-Class
X-Wix-Request-Id
X-BYPASS-REASON
X-Akamai-Request-ID2
X-Origin-Hint
X-Origin
X-Redis-Cache
X-UA
X-Platform-Server
X-No-Session
X-Via-CDN
X-UUID
X-EdgeConnect-Cache-Status
NGX
X-FireWall-Port
X-CDN-Forward
X-Proxy
X-ECACHE
X-PressLabs-Stats
X-GEO
X-MServer
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
X-Cache-NE
X-Hl-Ver
X-IPS-LoggedIn
X-HTML-Minification-Powered-By
X-Akamai-Transformed
Odigeo-Trace-Id
X-ServerID
X-Oneagent-Js-Injection
X-Cache-Server
X-Format
X-PERF
X-CS
X-ApacheServer
Origin
X-Distributor
X-Daa-Tunnel
X-Cache-Remote
Ec-Rule-Version
LB
X-UnsetCookies
Access-Control-Request-Headers
Cache-Tags
Accept-Language
X-Webkit-Csp
Fastly-SSL
X-Tb
X-Real-IP
X-Amzn-Remapped-Content-Length
L5d-Success-Class
Selected-Fe
X-Unique-ID
X-BACKEND-TTL
X-Microcachable
Origin-Edge-Control
X-URL
X-Compress-Hint
Served-By
Origin-Cache-Control
X-Server-Time
X-NU-AKA-ACS-Version
X-Level-Front-Cache
Cross-Origin-Window-Policy
X-Instart-Info
X-Is-Bot
Content-Script-Type
X-Internal-Host
X-Generated-On
X-Edge-Server
X-DPWN-IS-SECURE
X-Developer
X-Detected-As
X-External-Request-Id
Fastcgi-X-Cache-Version
X-Geo-Header
X-Org
X-G
X-IN-APIGATEWAY
X-PAYTM-SRV-ID
X-Rojux
A
X-Rewrite-Enabled
AKAMAI
X-S-Cookie
X-Varnish-Url
X-Vtex-Processado-Em
X-ScT
X-S-Maxage
X-VG-WebServer
Arc-Country
AsisCache
Cache-Cookie-Set-Lfrom
Cache-Prefix
Cdn-Host
X-Destination
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Request-UUID
X-Region-Sid
BehaviorPad-Version
Cdn-Request-Time
X-D
Request-Time
REQUESTUUID
X-SVT-ORM-VERSION
Rt-Proxy-Cache
Request-EU
Request-Country
Node
X-AIR-PT
Rendered-Blocks
X-Aed
Server-ID
X-A-Dam
X-Vtex-Remote-Cache
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-A
Viewtype
X-Accel-Expires-Debug
VivaBuild
Mobile-Detection-Method
X-SVT-ORM-RULES
X-Cdn-Srv
X-SRCache-Key
Fly-Cache
X-Cache-Bucket
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-A-Wwc
X-Connection-Hash
X-Cluster-Name
Fly-Request-Id
X-B-Cookie
X-Transaction
MD5-Digest
X-App-Name
Meta-Geo-Continent
X-Trv-Group
X-Twitter-Response-Tags
X-ARC
GEO-REGION-INFO
X-Application
X-Date
Content-Style-Type
Proxy-Connection
X-Worker
X-Pubstack
Hostname
X-B3-Parentspanid
Xc-Version
X-Dynatrace-Js-Agent
X-Nc
X-Cache-Category-Id
IBM-Web2-Location
X-Grey
ServerName
X-Backend-State
X-BBXSRF
Ha-Gx-Prefs
HA-Ipaddr
Section-Io-Cache
Esi-Enabled
Fastly-SIE
Fastly-SWR
X-HS-Cache-Config
Gh-Request-Id
Is-Eu
X-Eu-Site
X-Qloud-Router
X-Distil-CS
Platform
X-GeoIP-Country-Code
Proxy-Firewall
X-Rebelmouse-Surrogate-Control
X-TrackingId
X-Cache-Backend
RNT-Time
X-HS-Combine-CSS
RNT-Machine
X-Fastly-Cache
Memcached
Resin-Trace
X-Device-Os
X-Server-IP
Adler-Geo
X-Clientip
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
Countrycode
X-Developers
X-Core-Mission
X-We-Are-Hiring
X-Location
W
X-Method
X-Nginx-Cache-Key
UCS
X-CGP
Apple-News-Services-Parsed-Url
X-Varnish-Cacheable
X-Rebelmouse-Cache-Control
Content-Disposition
X-C
X-Variation
Backend-Name
X-Epic-Correlation-Id
X-Skip-Cache
X-SERVER
X-NC
X-ElasticPress-Search
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Hash
X-Hnp-Log
X-Thanos
Who
X-Proxy-Cache-Status
Web-Mar-Node
X-Block-Status
X-NX-Host
X-Cdn-Origin
X-CDN-Cache
X-Cache-Info
X-Clara-WADP
X-Cms-Context
X-Debug-Log
X-Debug-Cookies
X-Li-Fabric
X-Crawler
X-Cache-Id
X-Cache-FS-Status
X-Amz-Meta-Cache-Control
X-PHP-Host
X-Dispatcher-Server
X-TH-Server
X-Owner
X-Generation-Time
X-Sn-Servicetimems
X-Bip
X-Auto-Login
X-Dispatch
X-GeoIP-City
X-ServiceProvider
X-Request-URI
Fastly-Soc-X-Request-Id
X-Response-By
Country-Code
X-Request-Start
GW-Server
L
IsBot
X-Release
Heartbleed
X-Irp-Debug
CDCHOST
X-LI-Proto
X-Li-Pop
X-WADP-Cache
X-WebServer
X-FPC
X-Fetched-On
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Webstats-RespID
X-SD-PageType
X-Reboot
X-Reqid
SD-X-WS
Server-Host
X-Key
Pramga
Powered-By
Server-Int
X-Gen-Mode
X-Edge
User-Cache-Control
True-Client-Country-4JS
X-SIPLIST1
SS
PFcat
X-Proxy-Upstream
N-Cache
On-Server
X-LI-UUID
X-Servername
X-Azure-Ref-OriginShield
V-Age
X-Azure-Ref
X-Pf-Uncompressing
X-Secret
X-VC-Cache
X-CUA
X-Gannett-Site-Version
X-Swa-Ws
X-SERVER-NAME
X-Origin-Expires
X-Origin-Date
Kp-EeAlive
X-FE
CF-IPCountry
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Varnish-Ttl
X-Matched-Rule
X-Thinkindot-L3
X-CLOUD-TRACE-CONTEXT
Thinkindot-CacheControl-Type
X-Via-NSCOPI
X-VServer
X-Served-From
Thinkindot-Control
Thinkindot-CacheControl
X-Processor
X-OVcl-Cache
X-OVcl
X-Powered-By-Defense
X-Via-Edge
X-Via-SSL
Magicmarker
PageSpeed
X-Ratelimit-Remaining
X-Parent-Response-Time
X-Be
Mime-Version
User-Agent
X-Flog
X-Hello
X-ABtesting
Pagetype
Memory
X-ND-Cache
X-Protected-By
X-Varnish-Beresp-Ttl
X-LAGOON
X-Backend-Url
X-User
X-Backend-Host
X-Newrelic-Synthetics
X-MSEdge-Flight
X-MSEdge-Features
X-Up
X-Generated-In
X-GoCache-CacheStatus
X-Debug-Cache-Fetch
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Ttl
X-Page-Type
X-Debug-Cache-Store
X-Tt-Trace-Tag
Pragrma
X-Geo
X-COUNTRY
X-Soup
X-Debug-Cache-Expiry
X-Fstrz
X-Planisys-CDN-TTL
X-Ua
X-Origin-TTL
X-Origin-CC
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Check-Cacheable
Geoip-City
GeoIp-Country-Code
Geoip-Latitude
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-B3-SpanId
X-Backend-TTL
X-Zone
Cache-Hits
X-ZONE
X-Phone
X-Core-Value
X-IN-WAF
X-Cache-Ttl
X-Old-Content-Length
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache
X-Say-TTL
X-Say-Cacheable
X-TT-LOGID
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-SayCDN-TTL
X-Cdn-Forward
X-Cache-Time
X-Servedbyhost
Cdn
XServer
Inserted-Into-Cache-At
X-Vcl-Version
X-Node-Id
X-Aicache-OS
X-DC
SN
X-CSRF-TOKEN
X-HS-Status
WZWS-RAY
X-Datadome
X-MID
X-Mid
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
X-Birta-Served
X-Birta-Cache-Post
Ajk
X-IN-APIGATEWAYSSL
X-Logtrace-Id
X-BC
Fastly-Backend-Name
FSS-Proxy
FSS-Cache
X-ServedByHost
X-VCL-Version
X-FORWARDED-FOR
X-EC-Lua
HostName
Selected-FE
X-Info
X-Real-Ip
X-Varnish-IP
X-Tb-Optimization-Total-Bytes-Saved
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-UPSTREAM-Address
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-CSRF-Token
X-Refresh
X-Contensis-Viewer-Groups
CF-Cached-On
Server-Cache-Control
Server-Surrogate-Control
HitType
X-Varnish-Authentication
X-APP
X-Cache-ASPX
X-Agile-Id
X-Agile
X-Agile-Age
X-Source
RequestId
X-RateLimit-Limit-Second
X-Wa
X-Cache-Debug
X-RateLimit-Remaining-Second
X-Bc
Dynatrace
Srv
PICS-Label
T-Server
X-Proxy-Cacherz
Xkeyrz
X-App-Version
X-LiteSpeed-Cache-Control
X-Nananana
X-TIME
X-Render-Time
X-PJAX-URL
GeoIP-Country-Code
X-Via-Ucdn
X-Varnish-Beresp-TTL
X-WR-MODIFICATION
X-ECache
X-GDPR
X-NWS-UUID-VERIFY
MIME-Version
WebServer
Ohc-File-Size
X-LB-ID
X-Web-Server
Cf-Ipcountry
X-Fastly-Country-Code
GeoIP-Latitude
GeoIP-City
Ohc-Cache-HIT
Xkeynj
Get-Access-Time
Is-Session-Tracking
X-Cache-Tag
X-Micro-Cache
X-CACHE-KEY
URI
X-Unique-Id
SID
X-PAGE-TYPE
X-SRV
X-Uri
DataCenter
X-Sedo-Request-Id
X-Cache-Miss-From
X-Requestid
X-BE
X-Policy
CDN
Group
X-MCACHE
X-GRACE
Cache-Provider
X-Request-Url
X-Lb-Id
X-Fastly-Backend-Reqs
X-NGINX-Cache
X-Service
HTTPS
Xet-Cookie
X-Edge-IP
X-Apw-Access-Token
X-Swift-Error
X-Var-Ttl
Lb
Www
X-Apw-Hits
X-Pjax-Url
Warning
X-Apw-Access-Object
Cneonction
X-Apw-Access-Action
X-Vct
X-SN
Backend
Pics-Label
X-Dw-Trace-Id
X-Is-Gdpr
X-JWT-State
Host-ID
X-Ecache
X-WA
X-Cdn-Request-ID
FNAC-ModuleRouting
X-Cache-Expires
X-Cf-Powered-By
X-Has-Esi
X-Instart-Isnd
Ohc-Response-Time
Correlation-Id
X-NGENIX-Cache
X-Newrelic-App-Data
X-Serial
X-Fe
X-Page-Impression-Id
X-Fastly-Cache-Hits
X-Flow-Id
X-Zalando-Child-Request-Id
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Lfy
X-Bug-Bounty
Requestid
X-DB
X-DI
X-Fpc
X-Html-Edge-Cache
X-ServerName
X-RSL
X-RPS
X-DSS
X-DW
X-RPM
X-PF-Uncompressing