Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Backend
X-Server
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Backend-Server
X-Response-Time
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
EagleEye-TraceId
Surrogate-Control
X-ORACLE-DMS-ECID
X-Country
X-DynaTrace
X-Cdn
X-Cache-Lookup
X-Vhost
X-TTL
Pinterest-Generated-By
X-Ua-Compatible
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Url
NEL
X-FTR-Request-ID
X-Dns-Prefetch-Control
X-Ruxit-JS-Agent
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-CST
X-Dispatcher
X-ORACLE-DMS-RID
X-HW
X-Goog-Hash
X-Instart-Request-ID
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-Vname
X-PC
X-TtlSet
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-D2id
SPRequestGuid
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Variant
X-Kinja-Server
X-Kinja-Build
X-Varnish-TTL
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja
X-Exp-Id
RTSS
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
DynaTrace
X-SharePointHealthScore
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-GitHub-Request-Id
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
X-Akam-SW-Version
X-Powered-By-Plesk
X-RateLimit-Remaining
MS-Author-Via
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-B3-TraceId
Charset
X-Shield-Request-Id
ServerID
Content-MD5
X-Amz-Rid
Ar-Sid
AR-PoweredBy
AR-CACHE
X-Forwarded-Proto
AR-ATIME
X-Trace
Realpath
X-Powered-CMS
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Nginx-Cache
X-Goog-Stored-Content-Length
X-Goog-Generation
Accept-Ch-Lifetime
X-Dw-Request-Base-Id
X-Upstream
X-Version
Fastly-Restarts
X-Cached
X-ESI
Public-Key-Pins
AR-Request-ID
X-Shard
X-Server-Name
X-DynaTrace-JS-Agent
Accept-Ch
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Pagespeed
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-Goog-Storage-Class
X-Grace
X-Client-IP
SPRequestDuration
SPIisLatency
X-Vcache
S
X-Debug
Accept-CH
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Ezoic-Cdn
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-N
X-FastCGI-Cache
X-Fastly-Request-ID
X-T
X-DIS-Request-ID
X-Amzn-Trace-Id
Front-End-Https
Arr-Disable-Session-Affinity
X-NF-Request-ID
X-Content-Type
MicrosoftSharePointTeamServices
X-Hits
X-B3-Sampled
X-XRDS-Location
X-FTR-Cache-Host
X-B3-Traceid
X-Ser
X-Varnish-Age
PB-RID
X-Mobile-Rewrite
X-Frontend
PB-PID
Fastcgi-Cache
Arc-Version
X-Acc-Meta-Resource-Type
Alternate-Protocol
X-Content-Digest
Server-Name
X-Logged-In
X-Correlation-Id
X-Srv
X-Pad
Nel
X-Cache-Key
X-Node-Name
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Microsite
Host
FilterID
Powered-By-ChinaCache
X-Forwarded-For
TP-L2-Cache
TP-Cache
X-Type
X-Rid
X-User-Agent
X-Kinsta-Cache
Healthy
X-Esi
X-LB-Cache
X-Request-Received
X-IPLB-Instance
X-Request-Processing-Time
X-F-Cache
Edge-Cache-Tag
X-Debug-Info
X-AOL-HN
X-Cache-2
X-Zen-Fury
X-VCache
Powered
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cached-By
X-Revision
X-GUploader-UploadID
X-XRDS-LOCATION
X-Hostname
X-Cache-Age
X-Analytics
Backend-Timing
X-HS-Content-Id
X-HS-Hub-Id
X-Cache-Rule
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Accel-Expires
X-Activity-Id
X-AppVersion
X-Via-JSL
X-Az
Surrogate-Key
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-BCube-Filmed-By
X-Page-Id
X-Content-Options
X-Instance
X-Varnish-Grace
X-Amz-Replication-Status
X-Cluster
X-FB-Debug
X-Tumblr-User
X-Tumblr-Pixel
X-Request-Guid
X-Jobs
X-Akamai-Edgescape
X-Tumblr-Pixel-0
X-Content-Powered-By
X-PHP-Backend
Source
Cache-Status
X-Fastcgi-Cache
X-TT
X-App-Environment
X-RateLimit-Limit
Server-Node
X-Signature
X-B-Cache
X-Forwarded-Host
Cleartype
Refresh
Accept-CH-Lifetime
X-Framework
Liferay-Portal
X-FW-Static
X-FW-Serve
X-FW-Type
X-FW-Hash
X-FW-Server
X-Varnish-Hostname
DC
X-ATG-Version
Tracecode
Host-Header
WPE-Backend
Accept-Charset
X-APP-VERSION
Access-Control-Allow-Method
Fastcgi-Useragent
X-Mobile
X-Cache-Operation
X-Cache-Action
X-Cache-Control
X-Edge-Location
X-Drupal-Cache-Tags
X-Time
Actual-Object-TTL
X-Cache-Hit
X-B
X-Response-Served-From
X-Erf-Bev-Bev-Is-Generated
X-Mobile-URL
X-Accel-Buffering
Payment
X-Hp-Webp
X-Erf-Bev-Bev
X-Storage
X-TX-ID
X-Whom
X-SS-Set-Cookie
X-WA-Info
X-App-Server
X-Content-Age
X-NWS-LOG-UUID
X-WebKit-CSP-Report-Only
Cache-Tv-Group
X-Git-Hash
X-Yottaa-Optimizations
Upgrade-Insecure-Requests
X-Yottaa-Metrics
X-TT-TIMESTAMP
X-Cacheable-TTL
NGB
Filters
X-Handled-By
X-UA-Device-Type
X-Status
X-GeoIP
X-Tumblr-Pixel-1
X-Adobe-Loc
Eomportal-Instance
X-Tumblr-Pixel-2
X-Adobe-Content
X-ProcessESI
X-RequestSource
X-RemovedCookies
Viewport
Cache-Tag
X-Geo-Country
X-VG-WebCache
X-Cache-TTL
Xserver
Retry-After
Cache
Datacenter
Webserver
X-Presslabs-Stats
X-Cache-TTL-Remaining
X-FW-Dynamic
X-Server-ID
X-TA-CDN-Provider
Server-Info
X-Seen-By
X-FB-TRIP-ID
X-Cache-Enabled
MS-CV
X-Ratelimit-Limit
X-Oracle-Dms-Rid
X-Ratelimit-Reset
X-Host-Name
X-Contextid
X-B3-Spanid
X-Generated-By
X-Origin-Server
Frame-Options
X-Hyper-Cache
S-Cnection
From-Origin
Ms-Operation-Id
X-RTag
Country
X-Mode
X-CF-Powered-By
Meta-Geo
Load-Balancing
X-Cache-Var
X-Path-Route
X-Cache-Var-Map
X-Cache-Config
Machine
X-Tumblr-Pixel-3
X-ES-SERVER
X-RN-RSRV
Cache-Key
X-Routing-Service
X-Upstream-HT
X-Upstream-CT
X-Zipkin-Id
X-Cache-Grace
X-Access
X-Proxied
X-MP-GENERATED-AT
Vix-Hermes-Req-Id
X-Hit
X-Labrador-Cache-Channel
X-Section
Now
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Backend-Name
X-Cache-Host
X-Varnish-Cache-Hits
X-Guploader-Uploadid
X-Varnish-Server
X-Viewer-Country
X-OCL
X-Web-Node
X-Human
X-Loop
X-Upgrade-Enabled
X-From
X-PCL
X-TNCMS
X-L-Path
X-VWS-Id
X-ShardId
X-Shopify-Stage
GEO-INFO
X-ShopId
X-Rule
X-LJ-Flow-ID
X-Magnolia-Registration
X-Region
ServedBy
X-Sorting-Hat-PodId
X-Origin-Response-Time
X-EIG-Tracking-Id
X-Debug-Cache
X-CCM
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-VG-TLSProxy
X-AWS-Id
X-Sorting-Hat-ShopId
X-Via-Fastly
X-Environment-Context
X-Akamai-Request-ID
X-Endurance-Cache-Level
X-Alternate-Cache-Key
Mn-Server-Ip
Rt-Fastcgi-Cache
X-Drupal-Cache-Contexts
X-PressLabs-Stats
X-Rendered-As
We-Hiring
X-S
OT-Force-Account-Verify
X-FC-Vary-Parameters
X-Timing-Wait
X-Proxy-Build
X-Proto
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Cluster-Node
X-JoinUs
X-NCache
X-Varnish-Hits
SRV
Mail-Subject
X-Xfnlog-Site
Cache-Name
Akamai-GRN
DSUID
DB-Nickname
Release
Uber-Trace-Id
X-Device-Type
X-Trace-Id
Version
X-Locale
X-Site-Version
X-Nginx-Cache
X-ProxyCache-Key
X-Www-Served-By
X-BYPASS-REASON
X-NewRelic-App-Data
Cteonnt-Length
X-ProxyCache-Status
X-Request-Time
ProcessTime
X-VCT
X-Load-Cache
CACHE
NGX
X-Dc
X-IP
X-Time-Microsecs
X-UUID
X-Platform-Server
X-Redis-Cache
Time
X-Wix-Request-Id
X-FW-Version
Azure-RegionName
Azure-InstanceId
X-Via-CDN
Azure-SiteName
Azure-SlotName
Azure-Version
S-Rt
X-Origin
X-Cache-NE
X-ECACHE
X-EdgeConnect-Cache-Status
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
X-MServer
TWC-Locale-Group
Webcakes-App-Version
NtCoent-Length
X-RateLimit-Reset
X-GEO
X-Hl-Ver
X-Akamai-Request-ID2
X-Daa-Tunnel
X-Rocket-Nginx-Bypass
X-Proxy
X-FireWall-Port
X-No-Session
X-CDN-Forward
X-Vgn-Hpd-Reason
X-IPS-LoggedIn
X-ServerID
Origin
X-Cache-Remote
X-UA
X-Oneagent-Js-Injection
X-Akamai-Transformed
X-HTML-Minification-Powered-By
X-Cache-Server
X-Distributor
X-ApacheServer
X-PERF
Odigeo-Trace-Id
X-Format
X-CS
Fastly-SSL
Ec-Rule-Version
LB
L5d-Success-Class
Cache-Tags
X-Webkit-Csp
Access-Control-Request-Headers
X-Real-IP
X-Unique-ID
X-Pubstack
X-UnsetCookies
X-Microcachable
X-Cache-Backend
X-SERVER-NAME
Accept-Language
Origin-Cache-Control
X-Compress-Hint
Hostname
X-Tb
Origin-Edge-Control
Served-By
Fastcgi-X-Cache-Version
X-BACKEND-TTL
X-Grey
X-NC
IBM-Web2-Location
X-Varnish-Cacheable
X-Cache-Category-Id
X-URL
Request-Time
X-PAYTM-SRV-ID
Proxy-Firewall
Request-EU
Rendered-Blocks
Request-Country
X-Org
Xc-Version
X-Worker
Viewtype
GEO-REGION-INFO
VivaBuild
X-B3-Parentspanid
X-DPWN-IS-SECURE
X-External-Request-Id
X-Region-Sid
X-NU-AKA-ACS-Version
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Server-ID
Rt-Proxy-Cache
Mobile-Detection-Method
X-IN-APIGATEWAY
X-Instart-Info
Content-Style-Type
Content-Script-Type
Cdn-Request-Time
Cross-Origin-Window-Policy
X-Internal-Host
Fly-Cache
Fly-Request-Id
Fastly-SWR
X-Is-Bot
Fastly-SIE
Cdn-Host
Cache-Prefix
Meta-Geo-Continent
MD5-Digest
A
X-A
Node
Arc-Country
AsisCache
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
BehaviorPad-Version
X-G
X-Edge-Server
X-Rojux
X-Rewrite-Enabled
X-Date
X-S-Cookie
X-Twitter-Response-Tags
X-A-Ccd
X-Cache-Bucket
X-B-Cookie
X-Destination
Proxy-Connection
X-Request-UUID
X-VG-WebServer
X-S-Maxage
X-ScT
X-Cluster-Name
X-Server-Time
X-SRCache-Key
X-Connection-Hash
X-D
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Edge
X-Trv-Group
X-Transaction
X-Cdn-Srv
Backend-Name
X-Varnish-Url
X-Aed
X-Vtex-Remote-Cache
X-Developer
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Dgt
X-AIR-PT
X-Vtex-Processado-Em
X-Application
X-ARC
X-Detected-As
X-App-Name
X-ElasticPress-Search
ServerName
RNT-Time
X-CGP
True-Client-Country-4JS
Ha-Gx-Prefs
HA-Ipaddr
RNT-Machine
X-Epic-Correlation-Id
Gh-Request-Id
X-Core-Mission
On-Server
W
X-Backend-State
X-Clientip
X-Debug-Cookies
X-Cdn-Origin
X-Cache-Info
Is-Eu
Server-Int
X-Developers
Memcached
Section-Io-Cache
X-GeoIP-Country-Code
Resin-Trace
X-HS-Cache-Config
Platform
X-Cache-Id
X-Eu-Site
X-Debug-Log
X-Fastly-Cache
X-HS-Combine-CSS
Content-Disposition
X-Request-URI
X-Location
X-Geo-Header
X-C
X-Variation
REQUESTUUID
X-Generated-On
X-Level-Front-Cache
X-SVT-ORM-RULES
AKAMAI
X-PHP-Host
X-We-Are-Hiring
X-NX-Host
X-Nginx-Cache-Key
X-SVT-ORM-VERSION
Apple-News-Services-Handled
Adler-Geo
Apple-News-Services-Host
X-Sn-Servicetimems
X-ServiceProvider
Countrycode
Apple-News-Services-Request-Url
Esi-Enabled
X-Skip-Cache
Apple-News-Services-Parsed-Url
X-Amzn-Remapped-Content-Length
X-SERVER
X-Powered-By-Defense
X-WADP-Cache
X-Device-Os
X-WebServer
X-Dispatcher-Server
X-Dispatch
X-Distil-CS
Web-Mar-Node
X-Request-Start
X-BBXSRF
X-Server-IP
X-Secret
X-SD-PageType
X-Clara-WADP
X-TH-Server
X-Cms-Context
X-Servername
X-CDN-Cache
X-Cache-FS-Status
X-Auto-Login
X-Amz-Meta-Cache-Control
X-Nc
Selected-Fe
X-Block-Status
X-Via-NSCOPI
X-Response-By
X-Method
User-Cache-Control
IsBot
X-Hash
X-GeoIP-City
X-Hnp-Log
X-Li-Pop
X-LI-UUID
X-Fetched-On
V-Age
X-FPC
X-Gen-Mode
X-Generation-Time
PFcat
N-Cache
X-Gannett-Site-Version
X-LI-Proto
X-Qloud-Router
X-Processor
X-Wikidot-Backend
X-Reqid
X-Wikidot-Static-Cache
X-Key
X-Irp-Debug
Fastly-Soc-X-Request-Id
UCS
SD-X-WS
SS
Country-Code
X-Reboot
CDCHOST
X-Li-Fabric
X-SIPLIST1
Server-Host
X-Proxy-Cache-Status
X-Owner
X-Thinkindot-L3
L
X-Thanos
X-Bip
X-VServer
X-Release
X-Crawler
X-Webstats-RespID
X-TrackingId
X-Origin-Expires
X-Origin-Date
X-Proxy-Upstream
X-Matched-Rule
X-Served-From
X-Via-Edge
X-Swa-Ws
X-Via-SSL
X-VC-Cache
Who
Thinkindot-Control
Wxu-Next-Commit
Wxu-Next-Hostname
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
GW-Server
Heartbleed
Pramga
Wxu-Next-Region
Powered-By
X-Azure-Ref
X-Azure-Ref-OriginShield
CF-IPCountry
X-Varnish-Ttl
X-CUA
Kp-EeAlive
X-CLOUD-TRACE-CONTEXT
X-OVcl
X-OVcl-Cache
X-Pf-Uncompressing
X-Urbn-Context-Path
Locale
X-Parent-Response-Time
X-Urbn-Site-Id
X-ND-Cache
Mime-Version
Magicmarker
X-FE
PageSpeed
X-Dynatrace-Js-Agent
X-Ua
X-Ratelimit-Remaining
X-Varnish-Beresp-Ttl
X-LAGOON
User-Agent
X-Protected-By
X-Flog
X-ABtesting
X-Fstrz
Memory
Pragrma
X-Hello
X-Origin-TTL
X-Be
X-Origin-CC
X-Page-Type
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Pagetype
X-User
X-Backend-Host
X-Backend-Url
X-Geo
X-Generated-In
X-Ttl
X-COUNTRY
X-Zone
X-Cache-Ttl
X-Core-Value
X-MSEdge-Features
X-MSEdge-Flight
X-Tt-Trace-Tag
X-Up
X-GoCache-CacheStatus
X-IN-WAF
X-Newrelic-Synthetics
X-Phone
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-B3-SpanId
X-Debug-Cache-Fetch
X-Soup
X-Backend-TTL
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-DC
GeoIp-Country-Code
Geoip-City
X-Oss-Object-Type
Geoip-Latitude
X-TT-LOGID
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Cdn-Forward
X-Check-Cacheable
X-Litespeed-Cache
X-Birta-Served
X-Servedbyhost
X-Birta-Cache-Post
X-Say-TTL
Cdn
X-Old-Content-Length
X-ZONE
X-Varnish-IP
X-SayCDN-TTL
Cache-Hits
X-Say-Cacheable
SN
X-Real-Ip
X-Info
X-Mid
HitType
Selected-FE
X-MID
X-VCL-Version
X-Datadome
X-HS-Status
X-GRACE
X-Ruxit-Js-Agent
X-Akamai-SSL-Client-Sid
Amp-Access-Control-Allow-Source-Origin
X-Aicache-OS
FSS-Proxy
X-FORWARDED-FOR
FSS-Cache
X-Vcl-Version
XServer
X-CSRF-TOKEN
X-Refresh
X-ServedByHost
X-Cache-Time
CF-Cached-On
X-Tb-Optimization-Total-Bytes-Saved
X-Amzn-Remapped-Connection
X-Agile
Fastly-Backend-Name
Inserted-Into-Cache-At
X-Node-Id
X-Cache-Debug
X-Amzn-Remapped-Date
X-Agile-Age
X-Agile-Id
X-Bc
X-Varnish-Authentication
Ajk
WZWS-RAY
X-IN-APIGATEWAYSSL
X-Cache-ASPX
X-Source
X-Logtrace-Id
Server-Cache-Control
X-Contensis-Viewer-Groups
HostName
Server-Surrogate-Control
X-EC-Lua
X-BC
RequestId
X-UPSTREAM-Address
GeoIP-Country-Code
X-Via-Ucdn
X-Web-Server
X-CSRF-Token
Srv
X-Nananana
X-Wa
X-APP
GeoIP-Latitude
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
GeoIP-City
X-App-Version
X-Proxy-Cacherz
X-NWS-UUID-VERIFY
X-WR-MODIFICATION
Xkeyrz
X-TIME
X-ECache
WebServer
T-Server
Group
Ohc-Cache-HIT
X-PJAX-URL
X-LB-ID
X-Varnish-Beresp-TTL
PICS-Label
Ohc-File-Size
Cf-Ipcountry
X-LiteSpeed-Cache-Control
URI
X-Render-Time
X-SRV
X-CACHE-KEY
X-GDPR
Is-Session-Tracking
Get-Access-Time
Xkeynj
X-Unique-Id
X-Micro-Cache
X-BE
X-Fastly-Country-Code
X-Cache-Tag
X-PAGE-TYPE
HTTPS
MIME-Version
X-Requestid
X-SN
Dynatrace
X-Cache-Miss-From
Www
X-Edge-IP
X-Sedo-Request-Id
CDN
Backend
X-MCACHE
SID
X-Policy
X-Uri
X-Fastly-Backend-Reqs
X-Request-Url
X-Instart-Isnd
DataCenter
Xet-Cookie
X-Swift-Error
Lb
Pics-Label
X-Apw-Access-Token
X-Cache-Expires
X-Apw-Access-Action
Cneonction
X-Vct
Host-ID
Requestid
X-Apw-Access-Object
X-Pjax-Url
X-Apw-Hits
X-NGINX-Cache
X-Dw-Trace-Id
X-Lb-Id
X-WA
X-Cdn-Request-ID
Correlation-Id
X-Service
X-Cf-Powered-By
Cache-Provider
X-Ecache
X-Newrelic-App-Data
X-Serial
X-Var-Ttl
X-PF-Uncompressing
X-Fe
FNAC-ModuleRouting
X-Fastly-Cache-Hits
X-Bug-Bounty
Epwk-Cache
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Warning
Lfy
X-WPE-Loopback-Upstream-Addr
X-Varnish-Action
X-Html-Edge-Cache
X-Flow-Id
X-Page-Impression-Id
X-RPM
X-RPS
X-RSL
X-Fpc
X-DW
X-DSS
X-Zalando-Child-Request-Id
X-DB
X-DI
X-ServerName