Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Id-2
X-Amz-Request-Id
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Host
X-Ac
Report-To
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Cdn
X-TTL
X-Url
X-DynaTrace
Pinterest-Generated-By
X-Vhost
X-Rack-Cache
X-Clacks-Overhead
X-Ua-Compatible
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
NEL
X-CST
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-FTR-Request-ID
X-Country-Code
X-ORACLE-DMS-RID
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-MS-InvokeApp
X-Mod-Pagespeed
X-Request-ID
X-Dns-Prefetch-Control
SPRequestGuid
Verso
X-Recruiting
X-DataDome
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-B3-TraceId
RTSS
DynaTrace
TCN
X-ESI
X-Navigation-Version
X-Powered-By-Plesk
X-GitHub-Request-Id
X-RateLimit-Remaining
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Display
X-Sol
X-Middleton-Display
Response
X-Middleton-Response
Content-MD5
X-Akam-SW-Version
Charset
Accept-Ch-Lifetime
X-Server-Name
MS-Author-Via
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-ATIME
ServerID
X-Shield-Request-Id
X-Amz-Rid
X-Trace
X-TEC-API-ROOT
Realpath
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Dw-Request-Base-Id
X-Goog-Stored-Content-Length
X-Goog-Metageneration
AR-Request-ID
X-Powered-CMS
X-Cached
X-DynaTrace-JS-Agent
Nginx-Cache
X-Version
X-Forwarded-Proto
X-Shard
X-Upstream
Accept-Ch
Fastly-Restarts
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
SPRequestDuration
SPIisLatency
Public-Key-Pins
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Goog-Storage-Class
Paypal-Debug-Id
X-MSEdge-Ref
Access-Control-Request-Method
X-Client-IP
Pagespeed
S
X-Server-ID
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-Ezoic-Cdn
X-Id
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
Accept-CH
X-FTR-Expires
X-N
X-DIS-Request-ID
X-T
X-Fastly-Request-ID
X-Grace
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Ser
X-Varnish-Age
X-Mobile-Rewrite
Arc-Version
X-XRDS-Location
X-Amzn-Trace-Id
X-NF-Request-ID
PB-PID
PB-RID
X-Content-Type
Front-End-Https
X-Hits
Alternate-Protocol
X-B3-Sampled
X-VCache
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-Content-Digest
X-Vcache
Server-Name
X-Srv
X-Pad
X-Correlation-Id
X-Forwarded-For
X-FastCGI-Cache
Host
Nel
AMP-Access-Control-Allow-Source-Origin
Powered-By-ChinaCache
X-Node-Name
X-Fastcgi-Cache
X-Request-Handler-Origin-Region
X-Microsite
FilterID
Healthy
TP-L2-Cache
TP-Cache
X-Rid
Edge-Cache-Tag
X-Kinsta-Cache
X-LB-Cache
X-Type
X-Debug-Info
X-IPLB-Instance
X-Request-Processing-Time
X-Request-Received
X-AOL-HN
X-User-Agent
X-Cached-By
X-GUploader-UploadID
X-B3-Traceid
X-Cache-Key
X-Cache-2
X-Hostname
X-Revision
X-HS-Hub-Id
X-F-Cache
X-HS-Content-Id
X-XRDS-LOCATION
X-Cache-Rule
Powered
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Zen-Fury
Surrogate-Key
X-Analytics
Backend-Timing
X-Accel-Expires
X-Cache-Age
X-Page-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-RateLimit-Limit
X-Varnish-Backend
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Varnish-Grace
X-Instance
X-Content-Options
X-Activity-Id
Source
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Jobs
X-Cluster
X-FB-Debug
X-Az
X-AppVersion
X-Amz-Replication-Status
X-Akamai-Edgescape
X-Content-Powered-By
X-PHP-Backend
X-Request-Guid
Cache-Status
X-App-Environment
X-TT
Cleartype
X-Via-JSL
X-Framework
Tracecode
WPE-Backend
Server-Node
X-Varnish-Hostname
X-Forwarded-Host
Refresh
Host-Header
X-B-Cache
X-Signature
X-Mobile
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Server
X-ATG-Version
X-FW-Static
X-Cache-Operation
X-Cache-Control
Liferay-Portal
X-Time
DC
X-NWS-LOG-UUID
Accept-Charset
X-Drupal-Cache-Tags
X-Edge-Location
Actual-Object-TTL
X-Cache-Action
Access-Control-Allow-Method
X-Cache-TTL
X-Esi
X-Cache-Hit
X-App-Server
Upgrade-Insecure-Requests
Fastcgi-Useragent
X-Response-Served-From
X-Hp-Webp
X-Accel-Buffering
X-Mobile-URL
X-TX-ID
Payment
Cache
X-Storage
X-Whom
X-UA-Device-Type
X-SS-Set-Cookie
X-Content-Age
X-WebKit-CSP-Report-Only
X-Yottaa-Metrics
X-Handled-By
X-B
X-Yottaa-Optimizations
X-TT-TIMESTAMP
X-Git-Hash
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-RequestSource
X-GeoIP
X-VG-WebCache
Filters
X-Cacheable-TTL
X-Adobe-Loc
Xserver
Cache-Tv-Group
Eomportal-Instance
X-Adobe-Content
X-Geo-Country
Viewport
X-RemovedCookies
X-ProcessESI
X-WA-Info
X-TA-CDN-Provider
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Ratelimit-Reset
Server-Info
X-Status
Cache-Tag
Accept-CH-Lifetime
X-FB-TRIP-ID
Webserver
NGB
Datacenter
X-Cache-TTL-Remaining
X-Cache-Enabled
X-APP-VERSION
Retry-After
X-FW-Dynamic
X-Contextid
X-Ratelimit-Limit
X-Presslabs-Stats
X-Seen-By
S-Cnection
X-Origin-Server
X-Host-Name
X-Mode
X-CF-Powered-By
Country
MS-CV
From-Origin
X-Magnolia-Registration
X-VWS-Id
Meta-Geo
Load-Balancing
Frame-Options
Machine
X-Hyper-Cache
X-RN-RSRV
X-Tumblr-Pixel-3
X-Varnish-Hits
X-Path-Route
X-AWS-Id
X-PressLabs-Stats
X-Cache-Var
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Config
X-LJ-Flow-ID
X-Upstream-HT
Cache-Key
X-Upstream-CT
GEO-INFO
X-Hit
We-Hiring
X-Routing-Service
Mail-Subject
X-Varnish-Cache-Hits
X-Daa-Tunnel
DSUID
X-Human
X-Cache-Grace
Vix-Hermes-Req-Id
X-Labrador-Cache-Channel
X-Cache-Host
X-Proxied
X-Rendered-As
Release
X-Zipkin-Id
X-Backend-Name
X-EIG-Tracking-Id
X-Generated-By
X-Debug-Cache
X-Access
X-Device-Type
X-From
Uber-Trace-Id
Now
X-PCL
X-OCL
X-MP-GENERATED-AT
X-RCS-CacheZone
X-Web-Node
X-TNCMS
Mn-Server-Ip
X-Loop
X-Varnish-Server
X-Viewer-Country
X-Section
ServedBy
X-Guploader-Uploadid
X-Akamai-Request-ID
Akamai-GRN
X-Proto
X-ProxyCache-Status
X-R9-Blue-Green-Version
X-ShopId
X-ShardId
X-Rule
X-Origin-Response-Time
X-Shopify-Stage
X-Cluster-Node
X-CCM
X-BYPASS-REASON
Rt-Fastcgi-Cache
X-Environment-Context
X-L-Path
OT-Force-Account-Verify
X-Alternate-Cache-Key
X-ProxyCache-Key
Decoy-Debug-Key
Ms-Operation-Id
Decoy-Debug-Status
Decoy-Debug-TTL
X-Upgrade-Enabled
X-RTag
X-VG-TLSProxy
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Generated
X-Hosted-By
X-FC-Vary-Parameters
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Region
X-Endurance-Cache-Level
X-S
X-Via-Fastly
X-Xfnlog-Site
X-JoinUs
Cache-Name
X-Timing-Wait
DB-Nickname
X-NCache
X-Proxy-Build
NGX
X-Cache-NE
X-VCT
X-Drupal-Cache-Contexts
X-Trace-Id
X-Platform-Server
X-UUID
X-Redis-Cache
X-Locale
X-NewRelic-App-Data
X-Site-Version
X-Nginx-Cache
X-Www-Served-By
X-Load-Cache
X-MServer
X-Real-IP
X-EdgeConnect-Cache-Status
Cteonnt-Length
X-Hl-Ver
X-Vgn-Hpd-Reason
X-Cache-Remote
ProcessTime
X-Oracle-Dms-Rid
X-Rocket-Nginx-Bypass
X-ECACHE
X-ServerID
X-B3-Spanid
X-Request-Time
X-Time-Microsecs
X-IP
Time
X-GEO
X-IPS-LoggedIn
SRV
Azure-InstanceId
Azure-SiteName
Azure-SlotName
X-Via-CDN
Azure-RegionName
X-Wix-Request-Id
X-Origin
X-FW-Version
Azure-Version
Version
NtCoent-Length
S-Rt
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Locale-Group
X-Origin-Hint
Property-Id
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Device-Class
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
X-Dc
L5d-Success-Class
Origin
X-Proxy
X-Cache-Backend
X-Oneagent-Js-Injection
Served-By
CACHE
X-Datadome
X-Distributor
X-FireWall-Port
X-No-Session
X-Microcachable
X-Pubstack
Fastly-SSL
X-RateLimit-Reset
X-Unique-ID
Origin-Cache-Control
X-UA
Origin-Edge-Control
X-Cache-Server
Fastcgi-X-Cache-Version
X-Grey
X-ApacheServer
X-Cache-Category-Id
Odigeo-Trace-Id
X-PERF
X-Webkit-Csp
X-Format
X-Powered-By-Defense
X-CS
IBM-Web2-Location
X-Via-NSCOPI
Access-Control-Request-Headers
X-Edge
X-Detected-As
X-Akamai-Request-ID2
X-HTML-Minification-Powered-By
X-Akamai-Transformed
X-Is-Bot
Hostname
Proxy-Connection
Cache-Tags
Ec-Rule-Version
X-BACKEND-TTL
Backend-Name
X-Compress-Hint
X-Varnish-Cacheable
X-CDN-Forward
X-NC
X-UnsetCookies
X-CF-Lambda-Fn
X-Cluster-Name
X-CF-Lambda-Version
X-CGP
X-Connection-Hash
X-A-Ccd
Rt-Proxy-Cache
Fastly-SIE
Fastly-SWR
Fly-Cache
Cross-Origin-Window-Policy
Server-ID
Cdn-Request-Time
ServerName
Content-Script-Type
Content-Style-Type
Fly-Request-Id
GEO-REGION-INFO
HA-Ipaddr
Node
Mobile-Detection-Method
Meta-Geo-Continent
Ha-Gx-Prefs
Proxy-Firewall
Request-Time
Request-EU
Request-Country
Rendered-Blocks
Cdn-Host
Viewtype
X-Aed
X-Accel-Expires-Debug
A
X-A-Wwc
X-AIR-PT
X-App-Name
X-Cache-Bucket
X-B-Cookie
X-ARC
X-Application
X-A-Dgt
X-A-Dcw
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Prefix
BehaviorPad-Version
VivaBuild
X-A-Dam
X-A
Arc-Country
AsisCache
X-Cdn-Srv
X-Destination
X-IN-APIGATEWAY
X-HS-Combine-CSS
X-Instart-Info
X-Internal-Host
X-Rebelmouse-Surrogate-Control
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
MD5-Digest
X-Org
X-HS-Cache-Config
X-Twitter-Response-Tags
X-Rebelmouse-Cache-Control
X-PAYTM-SRV-ID
X-Server-Time
X-NU-AKA-ACS-Version
X-NX-Host
PageSpeed
X-Processor
X-D
X-Trv-Group
X-Transaction
X-SRCache-Key
X-ScT
X-Region-Sid
X-DPWN-IS-SECURE
X-Edge-Server
X-Eu-Site
X-External-Request-Id
X-S-Cookie
X-Rojux
X-Date
X-Debug-Cookies
X-Debug-Log
X-Developer
X-Request-UUID
X-Rewrite-Enabled
X-G
Xc-Version
X-S-Maxage
X-Worker
X-Tb
X-ElasticPress-Search
X-Ua
X-PHP-Host
X-Server-IP
Section-Io-Cache
Memcached
X-Request-URI
Server-Host
RNT-Machine
Platform
On-Server
Resin-Trace
X-Reqid
Mime-Version
X-Qloud-Router
RNT-Time
X-Level-Front-Cache
X-Cache-Id
X-Cache-Info
X-Backend-State
X-We-Are-Hiring
X-Generated-On
X-Cdn-Origin
X-Fastly-Cache
X-Clientip
X-Core-Mission
X-Dispatch
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Geo-Header
X-GeoIP-Country-Code
True-Client-Country-4JS
X-ND-Cache
X-Skip-Cache
X-ServiceProvider
X-Nginx-Cache-Key
X-Location
X-Sn-Servicetimems
X-Variation
X-Hash
X-Irp-Debug
X-Key
X-TH-Server
Server-Int
SS
Gh-Request-Id
Apple-News-Services-Handled
LB
Adler-Geo
Country-Code
Esi-Enabled
X-B3-Parentspanid
Countrycode
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-C
Apple-News-Services-Request-Url
Is-Eu
X-Amz-Meta-Cache-Control
Who
X-Developers
X-Crawler
Wxu-Next-Region
AKAMAI
Wxu-Next-Hostname
Wxu-Next-Commit
X-Swa-Ws
X-Secret
X-Served-From
X-Block-Status
X-SD-PageType
X-Cache-FS-Status
X-CDN-Cache
X-Response-By
X-BBXSRF
X-Servername
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Web-Mar-Node
X-Auto-Login
X-Protected-By
X-SIPLIST1
X-Reboot
X-Hnp-Log
X-Device-Os
X-Li-Pop
X-Li-Fabric
X-Fetched-On
X-LI-Proto
X-LI-UUID
X-Nc
REQUESTUUID
Pramga
X-FPC
X-Generation-Time
IsBot
X-Gen-Mode
X-Gannett-Site-Version
Powered-By
PFcat
X-Request-Start
SD-X-WS
CDCHOST
X-GRACE
X-Method
UCS
User-Cache-Control
X-WebServer
V-Age
X-Webstats-RespID
X-Distil-CS
Content-Disposition
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-GeoIP-City
X-CUA
X-Matched-Rule
X-Fstrz
X-Cms-Context
X-Origin-Expires
X-Release
X-Owner
X-Origin-Date
Accept-Language
Thinkindot-CacheControl-Type
Thinkindot-Control
X-VServer
X-Via-SSL
Thinkindot-CacheControl
Fastly-Soc-X-Request-Id
Heartbleed
GW-Server
Pragrma
W
X-Via-Edge
X-Parent-Response-Time
X-Azure-Ref
X-Thanos
X-Azure-Ref-OriginShield
X-Bip
X-Thinkindot-L3
CF-IPCountry
X-Varnish-Ttl
X-WADP-Cache
X-Clara-WADP
X-Cdn-Forward
X-Varnish-Url
X-OVcl
X-OVcl-Cache
X-VC-Cache
X-CLOUD-TRACE-CONTEXT
X-Planisys-CDN-Cache
X-B3-SpanId
X-Ratelimit-Remaining
X-Planisys-CDN-Rules
L
X-Planisys-CDN-TTL
X-Origin-CC
X-Origin-TTL
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Phone
N-Cache
X-LAGOON
X-IN-WAF
X-Core-Value
Memory
X-Varnish-Beresp-Ttl
X-Be
X-Birta-Cache-Post
Kp-EeAlive
X-Birta-Served
X-TrackingId
X-FE
X-Amzn-Remapped-Content-Length
X-DC
X-SERVER-NAME
Selected-Fe
X-Pf-Uncompressing
X-Varnish-IP
User-Agent
X-Page-Type
X-Urbn-Context-Path
X-Urbn-Site-Id
Selected-FE
Locale
HitType
X-URL
X-Info
Magicmarker
X-Ttl
X-Geo
X-Dynatrace-Js-Agent
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Zone
X-ABtesting
X-Flog
Cdn
X-Hello
X-Backend-TTL
X-App-Version
Pagetype
X-Source
X-Newrelic-Synthetics
X-TT-LOGID
X-User
X-Generated-In
X-Litespeed-Cache
X-Agile-Age
X-Servedbyhost
X-Web-Server
Geoip-Latitude
GeoIp-Country-Code
X-Agile
X-Cache-Debug
X-Backend-Url
X-Agile-Id
X-Backend-Host
X-Refresh
Geoip-City
X-Mid
X-MID
SN
X-Up
X-Debug-Cache-Store
X-MSEdge-Flight
X-Real-Ip
X-HS-Status
X-GoCache-CacheStatus
X-Tt-Trace-Tag
X-Debug-Cache-Fetch
CF-Cached-On
X-MSEdge-Features
X-Debug-Cache-Expiry
X-Soup
X-Check-Cacheable
X-CACHE-KEY
X-Aicache-OS
X-VCL-Version
X-ZONE
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
FSS-Cache
X-Vcl-Version
FSS-Proxy
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-Cache-Ttl
X-ServedByHost
GeoIP-Country-Code
X-APP
X-UPSTREAM-Address
Ohc-File-Size
Ohc-Cache-HIT
X-NWS-UUID-VERIFY
Group
HostName
X-SayCDN-TTL
X-Varnish-Authentication
GeoIP-Latitude
GeoIP-City
X-Contensis-Viewer-Groups
X-Old-Content-Length
X-Cache-ASPX
X-Amzn-Remapped-Date
X-Say-TTL
X-Say-Cacheable
X-Amzn-Remapped-Connection
Server-Cache-Control
Server-Surrogate-Control
X-EC-Lua
X-Via-Ucdn
WZWS-RAY
RequestId
HTTPS
X-Bc
X-COUNTRY
X-BC
X-CSRF-Token
Srv
X-Akamai-SSL-Client-Sid
Backend
X-SN
Www
Cache-Hits
X-Nananana
X-Proxy-Cacherz
X-Instart-Isnd
Fastly-Backend-Name
X-ECache
Inserted-Into-Cache-At
X-Node-Id
X-Varnish-Beresp-TTL
Xkeyrz
WebServer
X-Dynatrace
XServer
Cf-Ipcountry
X-Request-Url
Lb
URI
X-WR-MODIFICATION
Requestid
X-IN-APIGATEWAYSSL
X-Logtrace-Id
X-CSRF-TOKEN
Ajk
Host-ID
X-Cache-Tag
X-Cache-Expires
X-Unique-Id
X-Fastly-Country-Code
X-NGENIX-Cache
X-FORWARDED-FOR
X-TIME
Xkeynj
X-Cache-Time
Is-Session-Tracking
Get-Access-Time
X-PAGE-TYPE
X-MCACHE
X-LiteSpeed-Cache-Control
X-Sedo-Request-Id
X-Varnish-Action
X-PF-Uncompressing
X-Wa
X-Requestid
X-Cache-Miss-From
Epwk-Cache
X-RateLimit-Remaining-Second
X-Fastly-Backend-Reqs
X-BE
X-RateLimit-Limit-Second
X-Edge-IP
Dynatrace
Cneonction
Fastcgi-X-Cache
Xet-Cookie
X-SRV
DataCenter
Correlation-Id
X-Vct
X-LB-ID
Pics-Label
T-Server
X-PJAX-URL
X-Pjax-Url
PICS-Label
X-Svr
CDN
X-Apw-Access-Action
X-Apw-Hits
X-AssetVersion
X-Swift-Error
X-Apw-Access-Token
X-Apw-Access-Object
X-Dw-Trace-Id
X-NGINX-Cache
X-Sf
X-WA
X-Lb-Id
X-Var-Ttl
X-Cf-Powered-By
X-Render-Time
X-Micro-Cache
X-Ecache
FNAC-ModuleRouting
X-GDPR
X-WPE-Loopback-Upstream-Addr
X-Fpc
X-Html-Edge-Cache
X-ServerName
X-Serial
X-Akamai-ERRuleID
Ohc-Response-Time
Cache-Provider
X-Akamai-ERPolicy
X-Fastly-Cache-Hits
X-Zalando-Child-Request-Id
X-Flow-Id
X-Page-Impression-Id
RequestUuid
X-Bug-Bounty
Warning
X-RPS
X-RSL
Lfy
X-RPM
X-DW
X-DB
X-DI
X-DSS
X-LiteSpeed-Tag