Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Request-Id
Allow
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Cdn
X-TTL
X-Url
X-DynaTrace
X-Vhost
Pinterest-Generated-By
X-Ua-Compatible
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-CST
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-FTR-Request-ID
X-ORACLE-DMS-RID
X-Country-Code
NEL
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
X-Request-ID
X-Dns-Prefetch-Control
SPRequestGuid
Verso
X-Recruiting
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-B3-TraceId
RTSS
TCN
X-Amz-Server-Side-Encryption
X-ESI
DynaTrace
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-RateLimit-Remaining
X-Powered-By-Plesk
X-Middleton-Display
Display
X-Middleton-Response
Response
X-Sol
X-Akam-SW-Version
Accept-Ch-Lifetime
Content-MD5
X-Server-Name
Charset
MS-Author-Via
Ar-Sid
AR-CACHE
AR-ATIME
AR-PoweredBy
ServerID
X-Trace
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Dw-Request-Base-Id
Accept-Ch
AR-Request-ID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Powered-CMS
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-DynaTrace-JS-Agent
X-TEC-API-VERSION
Nginx-Cache
X-Cached
X-Version
X-Forwarded-Proto
X-Upstream
Fastly-Restarts
X-Shard
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Public-Key-Pins
SPRequestDuration
SPIisLatency
Paypal-Debug-Id
Access-Control-Request-Method
X-MSEdge-Ref
X-Goog-Storage-Class
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
X-Client-IP
Pagespeed
S
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Debug
X-Grace
X-Id
X-FTR-Realm
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-Amz-Meta-S3cmd-Attrs
X-Ezoic-Cdn
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
Accept-CH
X-Amzn-Trace-Id
X-Content-Type
Front-End-Https
X-Ser
X-Hits
X-NF-Request-ID
X-Varnish-Age
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-B3-Sampled
Nel
Alternate-Protocol
X-Server-ID
Fastcgi-Cache
X-VCache
X-FTR-Cache-Host
X-Acc-Meta-Resource-Type
X-Frontend
X-Logged-In
X-XRDS-Location
X-Content-Digest
X-Vcache
Server-Name
X-FastCGI-Cache
X-Srv
X-Correlation-Id
X-Pad
X-Forwarded-For
Host
AMP-Access-Control-Allow-Source-Origin
Powered-By-ChinaCache
X-Node-Name
X-Request-Handler-Origin-Region
X-Microsite
FilterID
Healthy
TP-L2-Cache
TP-Cache
X-Rid
X-Type
X-Kinsta-Cache
X-LB-Cache
X-XRDS-LOCATION
Edge-Cache-Tag
X-IPLB-Instance
X-Cache-Key
X-Request-Received
X-Request-Processing-Time
X-AOL-HN
X-Debug-Info
X-User-Agent
X-B3-Traceid
X-Cached-By
X-Fastcgi-Cache
X-Cache-2
X-GUploader-UploadID
X-F-Cache
X-Revision
Powered
X-Hostname
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
X-Zen-Fury
Backend-Timing
X-Analytics
Surrogate-Key
X-Accel-Expires
X-Cache-Age
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Page-Id
X-AppVersion
X-Az
X-Activity-Id
X-Varnish-Backend
X-Content-Options
X-BCube-Filmed-By
X-Varnish-Grace
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Via-JSL
X-Content-Security-Policy-Report-Only
X-FB-Debug
X-Instance
VIX-Pulpo-Node
X-Jobs
X-Tumblr-User
X-Cluster
VIX-Pulpo-Upstream-Status
X-Akamai-Edgescape
X-Request-Guid
X-PHP-Backend
X-Content-Powered-By
Cache-Status
X-App-Environment
X-Amz-Replication-Status
X-TT
Source
Cleartype
X-Framework
X-RateLimit-Limit
X-Varnish-Hostname
Tracecode
Server-Node
Refresh
X-Forwarded-Host
X-Signature
WPE-Backend
X-B-Cache
Host-Header
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
X-ATG-Version
Liferay-Portal
X-Mobile
X-Cache-Operation
DC
X-Cache-Control
X-Time
Accept-Charset
X-NWS-LOG-UUID
X-Cache-Action
Actual-Object-TTL
X-Drupal-Cache-Tags
X-Edge-Location
Access-Control-Allow-Method
X-Cache-TTL
Fastcgi-Useragent
X-Esi
X-Cache-Hit
X-Accel-Buffering
X-Response-Served-From
X-Mobile-URL
Upgrade-Insecure-Requests
X-Hp-Webp
X-App-Server
Payment
X-Storage
X-TX-ID
X-Whom
X-B
X-SS-Set-Cookie
X-UA-Device-Type
X-Content-Age
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-WebKit-CSP-Report-Only
X-Handled-By
X-GeoIP
Xserver
X-Cacheable-TTL
X-Git-Hash
Filters
X-Erf-Bev-Bev-Is-Generated
X-Tumblr-Pixel-2
X-Erf-Bev-Bev
X-Tumblr-Pixel-1
X-TT-TIMESTAMP
X-RequestSource
X-VG-WebCache
Cache-Tv-Group
X-Adobe-Loc
Eomportal-Instance
X-Adobe-Content
X-WA-Info
X-ProcessESI
Viewport
X-RemovedCookies
Cache
X-Geo-Country
X-Status
X-APP-VERSION
Server-Info
Accept-CH-Lifetime
Cache-Tag
NGB
Webserver
X-Ratelimit-Limit
X-FB-TRIP-ID
X-Presslabs-Stats
Datacenter
X-Cache-TTL-Remaining
Retry-After
X-Cache-Enabled
X-Ratelimit-Reset
X-TA-CDN-Provider
X-FW-Dynamic
X-Seen-By
X-Contextid
S-Cnection
X-Host-Name
X-Origin-Server
MS-CV
Country
X-Mode
From-Origin
Frame-Options
X-Tumblr-Pixel-3
X-AWS-Id
X-Hyper-Cache
X-Cache-Var
X-VWS-Id
X-ES-SERVER
X-Cache-Var-Map
Meta-Geo
X-LJ-Flow-ID
X-RN-RSRV
Machine
Load-Balancing
X-Path-Route
X-CF-Powered-By
X-Routing-Service
X-Varnish-Hits
X-Proxied
X-Hit
X-Zipkin-Id
X-Human
X-Backend-Name
X-Varnish-Cache-Hits
X-Upstream-HT
X-Upstream-CT
DSUID
Mail-Subject
X-Generated-By
We-Hiring
X-RTag
Release
X-Cache-Config
Ms-Operation-Id
X-Magnolia-Registration
GEO-INFO
X-RCS-CacheZone
Cache-Key
Decoy-Debug-Key
X-Labrador-Cache-Channel
X-Access
X-OCL
X-Loop
X-Varnish-Server
Decoy-Debug-Status
Decoy-Debug-TTL
X-Debug-Cache
X-Device-Type
X-EIG-Tracking-Id
X-From
X-Cache-Host
Vix-Hermes-Req-Id
X-TNCMS
Mn-Server-Ip
Now
Uber-Trace-Id
X-MP-GENERATED-AT
X-Upgrade-Enabled
X-Section
X-Rendered-As
X-Guploader-Uploadid
X-PCL
X-VG-TLSProxy
Rt-Fastcgi-Cache
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-Daa-Tunnel
OT-Force-Account-Verify
X-Proto
Akamai-GRN
X-Sorting-Hat-ShopId
X-ProxyCache-Key
X-Viewer-Country
X-Sorting-Hat-PodId
X-Origin-Response-Time
X-Shopify-Stage
X-ProxyCache-Status
X-CCM
X-Cluster-Node
X-Endurance-Cache-Level
X-Rule
X-Web-Node
X-ShopId
X-R9-Blue-Green-Version
X-ShardId
X-BYPASS-REASON
X-Environment-Context
X-FC-Vary-Parameters
X-Generated
X-S
DB-Nickname
X-Cache-Grace
X-Proxy-Build
X-Hosted-By
X-Timing-Wait
X-Via-Fastly
X-L-Path
X-JoinUs
X-NCache
Cache-Name
X-Xfnlog-Site
X-Region
ServedBy
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Drupal-Cache-Contexts
X-VCT
X-PressLabs-Stats
X-Redis-Cache
X-Cache-NE
X-Trace-Id
X-Nginx-Cache
X-UUID
X-Site-Version
X-Load-Cache
X-Www-Served-By
X-Platform-Server
X-B3-Spanid
X-Locale
X-NewRelic-App-Data
Cteonnt-Length
NGX
X-MServer
ProcessTime
X-Hl-Ver
X-EdgeConnect-Cache-Status
X-Vgn-Hpd-Reason
X-Oracle-Dms-Rid
X-ECACHE
X-Real-IP
X-ServerID
X-Rocket-Nginx-Bypass
X-Request-Time
X-Cache-Remote
X-IP
Time
X-Time-Microsecs
X-Dc
X-IPS-LoggedIn
Azure-SlotName
X-Via-CDN
Azure-Version
S-Rt
Azure-InstanceId
X-FW-Version
X-RateLimit-Reset
Azure-RegionName
X-Wix-Request-Id
Azure-SiteName
CACHE
X-Origin
Property-Id
Version
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-App-Version
TWC-Device-Class
X-Origin-Hint
TWC-Locale-Group
TWC-Connection-Speed
X-GEO
TWC-Privacy
TWC-GeoIP-Country
Webcakes-Region
SRV
NtCoent-Length
X-Proxy
Origin
X-UA
L5d-Success-Class
X-FireWall-Port
X-No-Session
X-Oneagent-Js-Injection
X-Distributor
Served-By
Fastly-SSL
X-Cache-Server
X-Akamai-Transformed
X-Microcachable
X-Cache-Backend
Origin-Edge-Control
Origin-Cache-Control
X-Akamai-Request-ID2
X-CS
Fastcgi-X-Cache-Version
X-Unique-ID
Odigeo-Trace-Id
X-Webkit-Csp
X-Pubstack
X-Format
X-ApacheServer
X-PERF
X-CDN-Forward
X-Grey
X-Cache-Category-Id
X-Powered-By-Defense
IBM-Web2-Location
X-Edge
X-Compress-Hint
X-HTML-Minification-Powered-By
Ec-Rule-Version
X-Via-NSCOPI
Access-Control-Request-Headers
X-Is-Bot
X-Detected-As
X-UnsetCookies
X-BACKEND-TTL
Proxy-Connection
Cache-Tags
Backend-Name
X-Varnish-Cacheable
Request-Country
Request-Time
Rt-Proxy-Cache
Request-EU
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
Rendered-Blocks
X-A
ServerName
Viewtype
VivaBuild
Server-ID
Fly-Cache
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Prefix
Cdn-Host
Cache-Cookie-Set-From
BehaviorPad-Version
X-Tb
A
Arc-Country
AsisCache
Cdn-Request-Time
Content-Script-Type
HA-Ipaddr
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Ha-Gx-Prefs
GEO-REGION-INFO
Content-Style-Type
Cross-Origin-Window-Policy
X-Accel-Expires-Debug
Fly-Request-Id
Node
X-Cdn-Srv
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Region-Sid
X-Processor
X-Internal-Host
X-NU-AKA-ACS-Version
X-Org
X-PAYTM-SRV-ID
X-S-Maxage
X-ScT
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-Twitter-Response-Tags
X-Server-Time
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Instart-Info
X-IN-APIGATEWAY
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-CGP
X-Cluster-Name
X-Cache-Bucket
X-B-Cookie
X-AIR-PT
X-App-Name
X-Application
X-ARC
X-D
X-Date
X-External-Request-Id
X-G
X-HS-Cache-Config
X-HS-Combine-CSS
X-Eu-Site
X-Edge-Server
X-Destination
X-Developer
X-DPWN-IS-SECURE
X-Aed
X-Connection-Hash
X-Nc
Hostname
LB
PageSpeed
Mime-Version
X-Qloud-Router
Is-Eu
X-NX-Host
Memcached
X-GeoIP-Country-Code
X-Rebelmouse-Cache-Control
X-Geo-Header
X-Fastly-Cache
Fastly-SIE
X-Server-IP
Fastly-SWR
X-Generated-On
X-Reqid
Gh-Request-Id
X-Rebelmouse-Surrogate-Control
Platform
RNT-Time
RNT-Machine
SS
X-Level-Front-Cache
Server-Host
Section-Io-Cache
Resin-Trace
X-Key
X-Nginx-Cache-Key
Esi-Enabled
Proxy-Firewall
True-Client-Country-4JS
X-Irp-Debug
X-Location
X-Hash
X-B3-Parentspanid
X-TH-Server
X-Backend-State
Adler-Geo
X-Debug-Cookies
Apple-News-Services-Request-Url
X-Debug-Log
X-C
X-Epic-Correlation-Id
Apple-News-Services-Parsed-Url
X-Core-Mission
Apple-News-Services-Host
X-Variation
Apple-News-Services-Handled
X-Clientip
X-We-Are-Hiring
Countrycode
Country-Code
X-Skip-Cache
X-Dispatcher-Server
X-Dispatch
Accept-Language
X-ElasticPress-Search
X-NC
X-Li-Fabric
X-Cache-Id
UCS
X-Cdn-Origin
X-BBXSRF
X-Block-Status
X-CDN-Cache
X-Cache-FS-Status
Web-Mar-Node
X-Gen-Mode
X-Generation-Time
X-Amz-Meta-Cache-Control
X-FPC
Server-Int
X-Distil-CS
X-Fetched-On
Wxu-Next-Region
X-Device-Os
X-Crawler
X-Hnp-Log
V-Age
X-Auto-Login
Who
Wxu-Next-Hostname
Wxu-Next-Commit
User-Cache-Control
Powered-By
X-ServiceProvider
X-SIPLIST1
Content-Disposition
X-Sn-Servicetimems
X-Servername
X-Served-From
X-Request-URI
X-Response-By
X-Li-Pop
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Wikidot-Static-Cache
W
X-Developers
X-Wikidot-Backend
X-Webstats-RespID
CDCHOST
AKAMAI
X-WebServer
X-Request-Start
X-SD-PageType
On-Server
Pramga
PFcat
X-Cache-Info
X-ND-Cache
X-Method
X-PHP-Host
X-LI-UUID
X-Reboot
X-LI-Proto
SD-X-WS
IsBot
REQUESTUUID
X-Protected-By
X-Datadome
X-WADP-Cache
X-Clara-WADP
X-Cms-Context
X-Swa-Ws
X-Owner
X-Secret
X-Gannett-Site-Version
X-GeoIP-City
X-Origin-Expires
X-Release
X-Via-Edge
X-CUA
X-Thanos
X-Via-SSL
X-Origin-Date
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Ua
GW-Server
Fastly-Soc-X-Request-Id
X-Bip
Heartbleed
X-Varnish-Ttl
CF-IPCountry
X-Parent-Response-Time
L
X-Matched-Rule
Thinkindot-CacheControl-Type
Thinkindot-Control
Pragrma
X-VServer
X-Thinkindot-L3
X-CLOUD-TRACE-CONTEXT
X-OVcl-Cache
X-OVcl
X-VC-Cache
X-Fstrz
Thinkindot-CacheControl
X-Varnish-Url
X-Proxy-Cache-Status
X-Ratelimit-Remaining
X-Proxy-Upstream
N-Cache
Memory
X-Cdn-Forward
X-LAGOON
X-TrackingId
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Amzn-Remapped-Content-Length
X-FE
Selected-Fe
X-Origin-CC
X-Be
X-Origin-TTL
X-GRACE
X-IN-WAF
X-Phone
X-B3-SpanId
X-Pf-Uncompressing
Kp-EeAlive
X-Core-Value
X-Urbn-Context-Path
X-Varnish-Beresp-Ttl
X-SERVER-NAME
Locale
X-Urbn-Site-Id
Magicmarker
User-Agent
X-URL
X-Birta-Cache-Post
X-Birta-Served
X-Ttl
X-Page-Type
X-Geo
X-Varnish-IP
X-DC
X-Zone
X-Dynatrace-Js-Agent
X-Info
HitType
Selected-FE
Pagetype
X-ABtesting
X-Hello
X-Generated-In
X-Flog
X-Varnish-Beresp-Grace
X-User
X-Backend-TTL
X-Varnish-Beresp-Status
Cdn
GeoIp-Country-Code
X-Backend-Url
Geoip-City
X-Newrelic-Synthetics
Geoip-Latitude
X-TT-LOGID
X-Backend-Host
X-Litespeed-Cache
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-MSEdge-Features
X-Up
X-Soup
SN
X-Debug-Cache-Store
X-MSEdge-Flight
X-GoCache-CacheStatus
X-Check-Cacheable
X-App-Version
X-Mid
X-MID
X-Source
CF-Cached-On
X-Refresh
X-Tt-Trace-Tag
X-Agile-Age
X-Agile-Id
X-Agile
X-Real-Ip
X-Servedbyhost
X-Cache-Debug
X-Web-Server
X-Aicache-OS
X-Vcl-Version
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-HS-Status
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-ServedByHost
X-ZONE
FSS-Cache
X-VCL-Version
FSS-Proxy
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Ttl
HostName
X-UPSTREAM-Address
X-Old-Content-Length
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Srv
X-CACHE-KEY
X-Say-Cacheable
X-Bc
X-Contensis-Viewer-Groups
X-Varnish-Authentication
GeoIP-Country-Code
X-Cache-ASPX
X-Say-TTL
Server-Surrogate-Control
X-SayCDN-TTL
Server-Cache-Control
X-APP
X-NWS-UUID-VERIFY
X-CSRF-Token
Ohc-File-Size
X-EC-Lua
Ohc-Cache-HIT
Group
GeoIP-Latitude
GeoIP-City
X-COUNTRY
X-Via-Ucdn
WZWS-RAY
Cache-Hits
RequestId
X-Varnish-Beresp-TTL
Inserted-Into-Cache-At
HTTPS
X-Akamai-SSL-Client-Sid
X-Node-Id
X-BC
X-Nananana
X-Proxy-Cacherz
Www
X-WR-MODIFICATION
X-Logtrace-Id
X-IN-APIGATEWAYSSL
Backend
Fastly-Backend-Name
X-SN
X-ECache
URI
Xkeyrz
Ajk
X-Dynatrace
X-Cache-Time
WebServer
XServer
X-CSRF-TOKEN
X-Cache-Tag
X-Instart-Isnd
Cf-Ipcountry
Get-Access-Time
Requestid
X-Request-Url
Lb
X-Unique-Id
X-FORWARDED-FOR
X-PAGE-TYPE
X-Fastly-Country-Code
X-TIME
Host-ID
X-RateLimit-Remaining-Second
X-Cache-Expires
X-RateLimit-Limit-Second
Xkeynj
Is-Session-Tracking
X-Tec-Api-Root
X-LiteSpeed-Cache-Control
X-Tec-Api-Origin
X-MCACHE
X-Tec-Api-Version
X-Requestid
X-Wa
X-BE
X-Edge-IP
X-Cache-Miss-From
X-Sedo-Request-Id
X-NGENIX-Cache
Dynatrace
PICS-Label
X-Apw-Access-Object
Cneonction
X-Apw-Access-Action
Epwk-Cache
X-PF-Uncompressing
X-Fastly-Backend-Reqs
T-Server
X-Pjax-Url
X-Apw-Hits
X-Varnish-Action
X-Apw-Access-Token
X-SRV
DataCenter
Xet-Cookie
CDN
Fastcgi-X-Cache
Pics-Label
X-Render-Time
X-Swift-Error
X-GDPR
X-Vct
X-Lb-Id
X-Micro-Cache
X-WA
X-LB-ID
X-PJAX-URL
X-NGINX-Cache
X-Dw-Trace-Id
X-Cf-Powered-By
Correlation-Id
X-Ecache
X-Svr
X-AssetVersion
SID
X-Uri
X-Fpc
X-ServerName
X-Serial
X-Page-Impression-Id
X-Bug-Bounty
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Var-Ttl
Warning
Lfy
RequestUuid
X-LiteSpeed-Tag
X-Html-Edge-Cache
Ohc-Response-Time
X-Fastly-Cache-Hits
X-Sf
X-DSS
X-DW
X-RPM
X-RPS
X-DI
X-DB
FNAC-ModuleRouting
X-Flow-Id
X-WPE-Loopback-Upstream-Addr
X-Zalando-Child-Request-Id
X-RSL