Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
CF-Cache-Status
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Id
Ali-Swift-Global-Savetime
X-WebKit-CSP
Server-Timing
Feature-Policy
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Report-To
X-Host
X-Rq
X-Ac
X-Node
X-Request-ID
Content-Location
X-OneAgent-JS-Injection
X-Response-Time
X-Cnection
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Surrogate-Control
Allow
EagleEye-TraceId
X-ORACLE-DMS-ECID
X-Country
X-Vhost
X-DynaTrace
X-Cdn
X-TTL
X-Cache-Lookup
X-Ua-Compatible
X-Rack-Cache
X-Origin-Upstream-Status
Pinterest-Generated-By
X-Url
X-Clacks-Overhead
X-FTR-Request-ID
Rating
X-Dns-Prefetch-Control
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
NEL
X-Dispatcher
X-ORACLE-DMS-RID
X-CST
X-HW
X-Instart-Request-ID
X-Goog-Hash
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
X-DataStream-Cache-Status
X-PC
X-TtlSet
X-Vname
Edge-Control
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Id
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
RTSS
X-D2id
X-Varnish-TTL
SPRequestGuid
X-Vcap-Request-Id
X-Abt-Application-Version
TCN
X-Amz-Server-Side-Encryption
X-GitHub-Request-Id
X-Navigation-Version
X-SharePointHealthScore
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-B3-TraceId
X-Akam-SW-Version
Display
X-Sol
Response
X-Middleton-Display
X-Middleton-Response
DynaTrace
X-ESI
X-Powered-By-Plesk
X-RateLimit-Remaining
MS-Author-Via
Charset
X-Forwarded-Proto
Realpath
X-Shield-Request-Id
ServerID
X-Powered-CMS
X-Trace
X-Amz-Rid
X-Server-Name
AR-CACHE
Ar-Sid
AR-ATIME
AR-PoweredBy
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Public-Key-Pins
X-Upstream
Content-MD5
Nginx-Cache
X-Version
Fastly-Restarts
X-Cached
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Dw-Request-Base-Id
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Shard
AR-Request-ID
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Grace
Accept-Ch-Lifetime
Access-Control-Request-Method
Paypal-Debug-Id
Accept-CH
Pagespeed
X-MSEdge-Ref
X-DynaTrace-JS-Agent
X-Goog-Storage-Class
Accept-Ch
SPIisLatency
SPRequestDuration
S
X-Client-IP
X-Debug
X-Country-Code-Real
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Id
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Ezoic-Cdn
X-N
X-Fastly-Request-ID
X-Amz-Meta-S3cmd-Attrs
X-FastCGI-Cache
Front-End-Https
X-Amzn-Trace-Id
X-T
X-NF-Request-ID
X-Pinterest-Rid
Pinterest-Version
X-Content-Type
Arr-Disable-Session-Affinity
X-Upstream-Proxy
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Vcache
X-Hits
X-FTR-Cache-Host
X-B3-Sampled
Nel
PB-PID
Arc-Version
X-Varnish-Age
PB-RID
X-Ser
X-Mobile-Rewrite
X-Frontend
X-Acc-Meta-Resource-Type
X-Logged-In
Fastcgi-Cache
X-XRDS-Location
X-Content-Digest
Server-Name
X-B3-Traceid
X-VCache
X-Correlation-Id
Alternate-Protocol
X-Cache-Key
X-Srv
X-Node-Name
X-Pad
X-Microsite
X-Request-Handler-Origin-Region
AMP-Access-Control-Allow-Source-Origin
FilterID
X-Forwarded-For
X-Rid
TP-Cache
TP-L2-Cache
X-Kinsta-Cache
X-Type
X-XRDS-LOCATION
X-LB-Cache
Healthy
Host
X-User-Agent
X-IPLB-Instance
Powered
X-F-Cache
X-Zen-Fury
X-Request-Received
X-Request-Processing-Time
X-Amz-Apigw-Id
X-Amzn-RequestId
Powered-By-ChinaCache
X-Revision
Edge-Cache-Tag
X-Cache-2
X-Debug-Info
X-AOL-HN
X-Cached-By
X-Via-JSL
X-GUploader-UploadID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Az
X-AppVersion
X-HS-Hub-Id
X-HS-Content-Id
X-Activity-Id
X-Cache-Age
X-Hostname
Accept-CH-Lifetime
X-Accel-Expires
Backend-Timing
X-Analytics
X-Cache-Rule
Surrogate-Key
X-Varnish-Backend
X-Page-Id
X-Content-Options
X-BCube-Filmed-By
X-Content-Powered-By
X-Varnish-Grace
VIX-Pulpo-Node
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Instance
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-FB-Debug
X-PHP-Backend
X-Cluster
Cleartype
X-Jobs
X-App-Environment
X-Amz-Replication-Status
Server-Node
X-Akamai-Edgescape
X-Signature
X-Request-Guid
X-Esi
X-B-Cache
Cache-Status
X-TT
X-Fastcgi-Cache
Source
Refresh
X-Forwarded-Host
X-Framework
Liferay-Portal
DC
X-FW-Hash
X-FW-Static
X-FW-Serve
X-FW-Server
X-FW-Type
X-RateLimit-Limit
X-Varnish-Hostname
X-ATG-Version
Tracecode
Accept-Charset
Fastcgi-Useragent
Host-Header
Access-Control-Allow-Method
X-Time
X-Mobile
X-Cache-Action
X-APP-VERSION
WPE-Backend
X-Cache-Operation
X-Drupal-Cache-Tags
X-B
X-Cache-Control
X-Edge-Location
X-Whom
X-Cache-Hit
Actual-Object-TTL
NGB
X-Accel-Buffering
X-Response-Served-From
X-Mobile-URL
X-Hp-Webp
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-App-Server
X-Presslabs-Stats
X-WA-Info
Payment
X-Git-Hash
Filters
Cache-Tv-Group
Cache-Tag
X-Cacheable-TTL
X-Storage
X-Handled-By
X-WebKit-CSP-Report-Only
X-TX-ID
X-Yottaa-Optimizations
X-Yottaa-Metrics
Viewport
X-GeoIP
X-UA-Device-Type
X-ProcessESI
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-RemovedCookies
X-Cache-TTL
Upgrade-Insecure-Requests
Eomportal-Instance
X-Content-Age
X-RequestSource
X-NWS-LOG-UUID
Retry-After
X-TA-CDN-Provider
X-SS-Set-Cookie
X-TT-TIMESTAMP
X-Geo-Country
X-Adobe-Loc
X-Status
X-Adobe-Content
X-VG-WebCache
MS-CV
X-Ratelimit-Limit
Webserver
X-FW-Dynamic
X-Server-ID
X-Seen-By
X-Cache-TTL-Remaining
Xserver
X-FB-TRIP-ID
Datacenter
X-RTag
X-Host-Name
Ms-Operation-Id
X-Oracle-Dms-Rid
X-Cache-Enabled
Frame-Options
Server-Info
Cache
X-B3-Spanid
From-Origin
X-Hyper-Cache
X-Generated-By
X-Origin-Server
X-Contextid
Country
X-Tumblr-Pixel-3
CACHE
X-RN-RSRV
X-CF-Powered-By
X-ES-SERVER
X-Path-Route
Load-Balancing
Meta-Geo
X-Cache-Var
Machine
X-Cache-Var-Map
X-Mode
X-Drupal-Cache-Contexts
X-MP-GENERATED-AT
X-Cache-Config
S-Cnection
X-Varnish-Server
X-Section
X-ShardId
X-ShopId
X-Shopify-Stage
GEO-INFO
X-Access
Vix-Hermes-Req-Id
X-Backend-Name
X-From
X-Hit
X-Alternate-Cache-Key
Rt-Fastcgi-Cache
X-Human
X-Labrador-Cache-Channel
X-Dc
X-Upgrade-Enabled
X-Guploader-Uploadid
X-TNCMS
X-PCL
X-Varnish-Cache-Hits
X-Loop
X-OCL
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Now
X-EIG-Tracking-Id
X-Viewer-Country
X-Ratelimit-Reset
X-Via-Fastly
X-Endurance-Cache-Level
X-Rule
Decoy-Debug-TTL
X-R9-Blue-Green-Version
Decoy-Debug-Status
Decoy-Debug-Key
X-Cache-Host
X-Debug-Cache
X-Cluster-Node
X-Proxy-Build
X-Web-Node
X-Timing-Wait
Cache-Key
Cache-Name
We-Hiring
Akamai-GRN
X-Rendered-As
X-LJ-Flow-ID
X-Upstream-HT
X-Upstream-CT
DB-Nickname
X-L-Path
X-Routing-Service
Mail-Subject
X-Proxied
OT-Force-Account-Verify
X-Region
Release
X-S
DSUID
X-Zipkin-Id
X-AWS-Id
X-Environment-Context
X-Generated
X-Site-Version
X-Magnolia-Registration
X-NCache
X-VWS-Id
X-FC-Vary-Parameters
X-RateLimit-Reset
X-Device-Type
X-Hosted-By
X-Www-Served-By
X-Cache-Grace
X-JoinUs
X-VG-TLSProxy
X-CCM
X-Trace-Id
X-Locale
X-Xfnlog-Site
ServedBy
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proto
X-RCS-CacheZone
Version
SRV
X-Akamai-Request-ID
X-Origin-Response-Time
Mn-Server-Ip
X-Varnish-Hits
Uber-Trace-Id
ProcessTime
X-Load-Cache
X-Request-Time
X-IP
X-Time-Microsecs
NtCoent-Length
Time
X-VCT
X-Origin
Cteonnt-Length
X-Wix-Request-Id
X-ProxyCache-Status
S-Rt
X-NewRelic-App-Data
X-Akamai-Request-ID2
X-ProxyCache-Key
X-FW-Version
X-Nginx-Cache
X-BYPASS-REASON
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-UA
TWC-GeoIP-Country
TWC-Device-Class
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
TWC-Connection-Speed
Property-Id
X-Redis-Cache
X-Origin-Hint
X-Platform-Server
X-Via-CDN
X-No-Session
NGX
X-EdgeConnect-Cache-Status
X-UUID
X-FireWall-Port
X-Proxy
X-PressLabs-Stats
X-MServer
X-GEO
X-Cache-NE
X-Hl-Ver
X-Rocket-Nginx-Bypass
X-CDN-Forward
X-Vgn-Hpd-Reason
X-ECACHE
X-IPS-LoggedIn
X-HTML-Minification-Powered-By
Odigeo-Trace-Id
X-Akamai-Transformed
X-Oneagent-Js-Injection
X-ServerID
X-Cache-Server
X-Format
X-CS
Origin
X-Daa-Tunnel
LB
X-UnsetCookies
X-ApacheServer
X-PERF
X-Cache-Remote
Ec-Rule-Version
X-Distributor
Access-Control-Request-Headers
Accept-Language
X-Webkit-Csp
Cache-Tags
X-Real-IP
X-Tb
L5d-Success-Class
X-Amzn-Remapped-Content-Length
Fastly-SSL
Selected-Fe
X-BACKEND-TTL
Origin-Cache-Control
Served-By
Origin-Edge-Control
X-URL
GEO-REGION-INFO
Meta-Geo-Continent
Fly-Request-Id
Node
Rendered-Blocks
Mobile-Detection-Method
Fastcgi-X-Cache-Version
Cdn-Request-Time
Content-Script-Type
Content-Style-Type
Cdn-Host
Cache-Prefix
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cross-Origin-Window-Policy
BehaviorPad-Version
Cache-Cookie-Set-From
A
AKAMAI
Arc-Country
AsisCache
Request-Country
Fly-Cache
X-Application
X-PAYTM-SRV-ID
X-Org
X-Region-Sid
X-Request-UUID
X-Rojux
X-Rewrite-Enabled
X-NU-AKA-ACS-Version
X-Level-Front-Cache
X-Generated-On
X-G
X-Geo-Header
X-IN-APIGATEWAY
X-Is-Bot
X-Instart-Info
X-S-Cookie
X-S-Maxage
X-VG-WebServer
X-Varnish-Url
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Twitter-Response-Tags
X-Trv-Group
X-Server-Time
X-ScT
X-SRCache-Key
X-SVT-ORM-RULES
X-Transaction
X-SVT-ORM-VERSION
X-External-Request-Id
X-Edge-Server
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Aed
X-Accel-Expires-Debug
X-A-Ccd
X-A
REQUESTUUID
Request-Time
Rt-Proxy-Cache
Server-ID
VivaBuild
Viewtype
X-AIR-PT
X-ARC
X-Date
X-D
X-Destination
X-Detected-As
X-DPWN-IS-SECURE
X-Developer
X-Connection-Hash
X-Cluster-Name
X-Cache-Bucket
X-B-Cookie
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
Request-EU
MD5-Digest
X-Nc
X-Unique-ID
X-Dynatrace-Js-Agent
X-Microcachable
X-Pubstack
Proxy-Connection
Hostname
X-Grey
ServerName
X-Cache-Category-Id
X-Compress-Hint
W
X-BBXSRF
X-Backend-State
UCS
X-App-Name
Proxy-Firewall
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Is-Eu
Memcached
X-CGP
Platform
Resin-Trace
X-Eu-Site
X-TrackingId
X-Skip-Cache
X-Server-IP
X-Cache-Backend
X-Variation
X-We-Are-Hiring
X-Varnish-Cacheable
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-GeoIP-Country-Code
Fastly-SWR
X-Epic-Correlation-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Location
X-Internal-Host
X-Device-Os
X-Clientip
Countrycode
Backend-Name
Adler-Geo
Content-Disposition
Fastly-SIE
X-B3-Parentspanid
X-SERVER
X-NC
IBM-Web2-Location
X-ElasticPress-Search
X-Cache-FS-Status
X-Clara-WADP
X-Hash
X-Distil-CS
Web-Mar-Node
X-Reboot
X-Dispatch
X-Qloud-Router
X-Webstats-RespID
X-Hnp-Log
X-Debug-Cookies
X-Bip
X-Block-Status
X-SIPLIST1
X-Sn-Servicetimems
True-Client-Country-4JS
User-Cache-Control
Apple-News-Services-Handled
X-Proxy-Upstream
X-WebServer
Apple-News-Services-Request-Url
X-Amz-Meta-Cache-Control
X-Dispatcher-Server
X-Gen-Mode
X-FPC
X-Fetched-On
X-Auto-Login
X-Cache-Id
X-Cache-Info
X-PHP-Host
X-Generation-Time
X-CDN-Cache
X-WADP-Cache
X-Cdn-Origin
Apple-News-Services-Host
SS
Apple-News-Services-Parsed-Url
X-C
X-GeoIP-City
X-Fastly-Cache
Server-Host
X-Developers
X-Method
X-Crawler
IsBot
X-Core-Mission
X-Owner
N-Cache
X-LI-Proto
X-LI-UUID
X-Nginx-Cache-Key
X-Servername
X-Thanos
Esi-Enabled
X-Debug-Log
X-SD-PageType
X-TH-Server
GW-Server
X-NX-Host
Heartbleed
Country-Code
X-Edge
X-Li-Pop
RNT-Machine
X-Request-Start
X-Cms-Context
X-Irp-Debug
RNT-Time
X-Reqid
Server-Int
Section-Io-Cache
SD-X-WS
X-Proxy-Cache-Status
X-Request-URI
PFcat
On-Server
X-Li-Fabric
Powered-By
X-ServiceProvider
X-Key
X-Response-By
Pramga
X-Secret
X-Swa-Ws
V-Age
CDCHOST
Fastly-Soc-X-Request-Id
Wxu-Next-Commit
X-Pf-Uncompressing
X-Wikidot-Backend
L
Kp-EeAlive
X-Wikidot-Static-Cache
Wxu-Next-Hostname
Who
X-FE
Wxu-Next-Region
X-SERVER-NAME
X-Gannett-Site-Version
X-Release
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Varnish-Ttl
X-OVcl
X-Origin-Expires
X-Origin-Date
X-Matched-Rule
X-Azure-Ref-OriginShield
X-Served-From
X-Processor
X-OVcl-Cache
X-Azure-Ref
X-VServer
CF-IPCountry
Thinkindot-Control
X-VC-Cache
X-CLOUD-TRACE-CONTEXT
X-CUA
Thinkindot-CacheControl
X-Thinkindot-L3
Thinkindot-CacheControl-Type
X-Via-NSCOPI
X-Powered-By-Defense
X-Parent-Response-Time
X-Ratelimit-Remaining
X-Via-SSL
PageSpeed
X-Via-Edge
X-Be
Mime-Version
Magicmarker
Pagetype
X-Hello
X-Flog
User-Agent
X-ABtesting
X-Protected-By
X-ND-Cache
X-Backend-Host
X-LAGOON
X-Backend-Url
X-Varnish-Beresp-Ttl
Memory
X-User
X-Newrelic-Synthetics
X-Generated-In
X-Up
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
Pragrma
X-Soup
X-COUNTRY
X-Geo
X-Fstrz
X-Planisys-CDN-Rules
X-MSEdge-Flight
X-Planisys-CDN-TTL
X-GoCache-CacheStatus
X-Tt-Trace-Tag
X-Planisys-CDN-Cache
X-Ttl
X-Debug-Cache-Store
X-Page-Type
X-MSEdge-Features
X-Origin-CC
X-Origin-TTL
X-Ua
X-Oss-Request-Id
GeoIp-Country-Code
Geoip-City
X-Oss-Object-Type
Geoip-Latitude
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Check-Cacheable
X-Backend-TTL
X-B3-SpanId
X-ZONE
Cache-Hits
X-Zone
X-Old-Content-Length
X-Core-Value
X-Phone
X-IN-WAF
X-Cache-Ttl
X-Akamai-SSL-Client-Sid
X-Litespeed-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-SayCDN-TTL
X-TT-LOGID
X-Say-Cacheable
X-Say-TTL
X-Cdn-Forward
X-Cache-Time
X-Servedbyhost
Cdn
XServer
X-Vcl-Version
X-Aicache-OS
X-DC
X-Node-Id
Inserted-Into-Cache-At
X-Datadome
X-HS-Status
X-CSRF-TOKEN
WZWS-RAY
SN
X-Birta-Cache-Post
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-Mid
X-MID
X-Birta-Served
X-FORWARDED-FOR
X-VCL-Version
FSS-Proxy
FSS-Cache
X-Logtrace-Id
X-ServedByHost
X-IN-APIGATEWAYSSL
X-BC
Fastly-Backend-Name
Ajk
X-EC-Lua
Selected-FE
X-Varnish-IP
X-Info
X-Amzn-Remapped-Connection
X-Real-Ip
X-UPSTREAM-Address
HostName
X-Tb-Optimization-Total-Bytes-Saved
X-Amzn-Remapped-Date
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-ASPX
X-Refresh
HitType
X-APP
Server-Surrogate-Control
X-CSRF-Token
Server-Cache-Control
CF-Cached-On
X-Wa
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Agile-Id
X-Source
X-Cache-Debug
X-Agile-Age
RequestId
X-Agile
X-Bc
Srv
Dynatrace
X-Proxy-Cacherz
T-Server
Xkeyrz
PICS-Label
X-Nananana
X-App-Version
X-LiteSpeed-Cache-Control
X-Render-Time
X-GDPR
X-ECache
X-Varnish-Beresp-TTL
X-WR-MODIFICATION
X-PJAX-URL
GeoIP-Country-Code
X-TIME
X-Via-Ucdn
WebServer
X-NWS-UUID-VERIFY
MIME-Version
X-Web-Server
GeoIP-City
Cf-Ipcountry
Ohc-File-Size
X-Fastly-Country-Code
X-LB-ID
GeoIP-Latitude
X-Micro-Cache
X-PAGE-TYPE
X-Unique-Id
X-Uri
Is-Session-Tracking
SID
Xkeynj
URI
X-SRV
X-CACHE-KEY
Ohc-Cache-HIT
Get-Access-Time
X-Cache-Tag
DataCenter
X-Requestid
X-Cache-Miss-From
CDN
X-Policy
X-Sedo-Request-Id
X-BE
Group
X-MCACHE
X-GRACE
Cache-Provider
X-Service
X-NGINX-Cache
HTTPS
X-Request-Url
X-Lb-Id
X-Fastly-Backend-Reqs
Xet-Cookie
X-Pjax-Url
Pics-Label
Lb
X-Apw-Hits
X-Vct
Cneonction
X-Apw-Access-Action
Backend
X-Edge-IP
Warning
X-Swift-Error
X-SN
X-Apw-Access-Object
Www
X-Apw-Access-Token
X-Dw-Trace-Id
X-Instart-Isnd
X-Cf-Powered-By
X-Cache-Expires
X-Ecache
X-WA
Correlation-Id
X-Cdn-Request-ID
Host-ID
X-JWT-State
X-Has-Esi
X-Is-Gdpr
FNAC-ModuleRouting
X-Var-Ttl
X-Newrelic-App-Data
X-Serial
X-DI
X-DB
Lfy
X-Fe
X-Bug-Bounty
Ohc-Response-Time
X-DSS
X-Page-Impression-Id
X-RPM
X-Zalando-Child-Request-Id
X-Fpc
X-RSL
X-RPS
X-ServerName
X-DW
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Fastly-Cache-Hits
Requestid
X-Flow-Id
X-PF-Uncompressing
X-Html-Edge-Cache