Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Id-2
X-Amz-Request-Id
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
Report-To
X-Ac
X-Rq
X-Server-Id
Content-Location
X-OneAgent-JS-Injection
X-Node
X-Request-ID
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Cdn
X-Country
X-DynaTrace
Pinterest-Generated-By
X-Ruxit-JS-Agent
X-Vhost
X-Rack-Cache
X-Clacks-Overhead
X-TTL
X-ORACLE-DMS-RID
X-Origin-Upstream-Status
X-Url
NEL
X-CST
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-TtlSet
X-Px
X-Vname
X-PC
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-MS-InvokeApp
X-Dns-Prefetch-Control
SPRequestGuid
Verso
X-Recruiting
X-DataDome
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja
X-D2id
X-B3-TraceId
X-Vcap-Request-Id
X-Varnish-TTL
X-ESI
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Server-Name
TCN
DynaTrace
X-RateLimit-Remaining
X-Powered-By-Plesk
X-Navigation-Version
X-GitHub-Request-Id
Response
X-SRCache-Fetch-Status
X-Sol
X-Middleton-Response
X-SRCache-Store-Status
X-Middleton-Display
Display
RTSS
Content-MD5
Charset
X-Akam-SW-Version
AR-CACHE
AR-PoweredBy
AR-ATIME
Ar-Sid
MS-Author-Via
Accept-Ch-Lifetime
X-Amz-Rid
X-Shield-Request-Id
ServerID
Realpath
X-Trace
AR-Request-ID
X-Dw-Request-Base-Id
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Powered-CMS
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Server-ID
X-Cached
X-Version
Nginx-Cache
X-Forwarded-Proto
X-Shard
X-DynaTrace-JS-Agent
X-Upstream
SPRequestDuration
SPIisLatency
MRF-Tech
X-B3-TraceId-Primal
Public-Key-Pins
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Goog-Storage-Class
Pinterest-Version
Fastly-Restarts
X-Upstream-Proxy
X-Pinterest-Rid
Pagespeed
Paypal-Debug-Id
X-Client-IP
X-MSEdge-Ref
Access-Control-Request-Method
Accept-CH
S
Accept-Ch
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
X-Ezoic-Cdn
X-Debug
X-Id
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Expires
X-DIS-Request-ID
X-N
X-Fastly-Request-ID
X-T
X-VCache
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Grace
X-Ser
Alternate-Protocol
PB-RID
X-Varnish-Age
X-XRDS-Location
X-Mobile-Rewrite
PB-PID
Arc-Version
X-NF-Request-ID
X-Hits
X-Amzn-Trace-Id
X-Content-Type
X-B3-Sampled
Front-End-Https
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-Frontend
X-FTR-Cache-Host
X-Logged-In
Server-Name
X-Pad
X-Content-Digest
X-Srv
Host
X-Correlation-Id
Nel
X-Vcache
X-FastCGI-Cache
X-Forwarded-For
AMP-Access-Control-Allow-Source-Origin
Powered-By-ChinaCache
X-Node-Name
X-Request-Handler-Origin-Region
X-Fastcgi-Cache
X-Microsite
FilterID
Healthy
TP-L2-Cache
TP-Cache
X-LB-Cache
X-Kinsta-Cache
X-Debug-Info
X-Type
X-Rid
Edge-Cache-Tag
X-IPLB-Instance
X-AOL-HN
X-User-Agent
X-Request-Processing-Time
X-Request-Received
X-Cached-By
X-GUploader-UploadID
X-Cache-2
X-Hostname
X-HS-Content-Id
X-HS-Hub-Id
X-Revision
X-Cache-Rule
X-XRDS-LOCATION
X-F-Cache
X-Cache-Key
Powered
Surrogate-Key
X-Zen-Fury
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Accel-Expires
X-Analytics
X-Cache-Age
Backend-Timing
X-Page-Id
X-RateLimit-Limit
X-B3-Traceid
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Backend
X-Content-Options
X-Varnish-Grace
X-BCube-Filmed-By
X-Kong-Proxy-Latency
Source
X-Kong-Upstream-Latency
X-Jobs
X-Cluster
X-FB-Debug
X-Content-Powered-By
Cache-Status
X-Request-Guid
X-Instance
X-PHP-Backend
X-Amz-Replication-Status
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Az
X-AppVersion
X-Activity-Id
X-App-Environment
X-TT
X-Tumblr-User
Cleartype
X-Akamai-Edgescape
X-Framework
Tracecode
Server-Node
X-Via-JSL
X-Varnish-Hostname
WPE-Backend
Refresh
X-Forwarded-Host
Host-Header
X-Cache-TTL
X-Mobile
X-ATG-Version
X-Cache-Operation
X-FW-Hash
X-Signature
X-B-Cache
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-Cache-Control
X-NWS-LOG-UUID
X-Time
Actual-Object-TTL
X-Drupal-Cache-Tags
Accept-Charset
Liferay-Portal
DC
X-Edge-Location
X-Cache-Action
Access-Control-Allow-Method
X-Cache-Hit
Upgrade-Insecure-Requests
X-App-Server
X-Hp-Webp
X-Accel-Buffering
X-Response-Served-From
X-Whom
X-Mobile-URL
X-Storage
X-TX-ID
Payment
Fastcgi-Useragent
X-SS-Set-Cookie
X-Content-Age
X-WebKit-CSP-Report-Only
X-UA-Device-Type
X-VG-WebCache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-TT-TIMESTAMP
X-Handled-By
X-TA-CDN-Provider
X-Cacheable-TTL
Filters
X-GeoIP
X-RequestSource
X-Adobe-Loc
X-Git-Hash
Eomportal-Instance
X-Adobe-Content
X-B
X-RemovedCookies
X-ProcessESI
X-Tumblr-Pixel-2
Server-Info
Cache-Tv-Group
X-Tumblr-Pixel-1
X-Geo-Country
Viewport
X-WA-Info
X-FB-TRIP-ID
Cache-Tag
Accept-CH-Lifetime
Cache
Webserver
X-Status
Xserver
Datacenter
X-Cache-TTL-Remaining
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Cache-Enabled
X-Presslabs-Stats
X-Esi
NGB
X-Ratelimit-Reset
Retry-After
X-Contextid
X-APP-VERSION
X-FW-Dynamic
X-Ratelimit-Limit
X-Seen-By
S-Cnection
X-CF-Powered-By
X-Origin-Server
X-Host-Name
X-Mode
X-Magnolia-Registration
Country
X-LJ-Flow-ID
X-RN-RSRV
X-Cache-Config
Load-Balancing
X-Varnish-Hits
X-AWS-Id
X-Rendered-As
X-Cache-Var
Machine
MS-CV
X-VWS-Id
X-ES-SERVER
X-Path-Route
X-VCT
Meta-Geo
X-Cache-Var-Map
From-Origin
X-Cache-Grace
X-Hit
X-Human
Frame-Options
DSUID
X-Routing-Service
Vix-Hermes-Req-Id
GEO-INFO
X-Labrador-Cache-Channel
X-Daa-Tunnel
X-Upstream-HT
Release
Cache-Key
We-Hiring
Mail-Subject
X-Zipkin-Id
X-Hyper-Cache
X-Proxied
X-Cache-Host
X-Upstream-CT
X-RCS-CacheZone
X-Viewer-Country
X-PCL
X-OCL
X-Varnish-Cache-Hits
X-Section
X-Web-Node
X-Backend-Name
X-From
X-Loop
X-EIG-Tracking-Id
X-TNCMS
X-Device-Type
Mn-Server-Ip
X-Varnish-Server
Uber-Trace-Id
ServedBy
X-Debug-Cache
X-Access
X-Guploader-Uploadid
Now
X-Cluster-Node
X-Origin-Response-Time
X-Upgrade-Enabled
X-CCM
X-VG-TLSProxy
X-Cache-NE
Rt-Fastcgi-Cache
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-Tumblr-Pixel-3
X-Proto
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
X-Rule
X-ProxyCache-Key
X-ProxyCache-Status
X-R9-Blue-Green-Version
X-MP-GENERATED-AT
OT-Force-Account-Verify
X-BYPASS-REASON
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-FC-Vary-Parameters
X-Hosted-By
Decoy-Debug-TTL
X-Generated-By
Decoy-Debug-Status
X-JoinUs
X-Proxy-Build
Decoy-Debug-Key
X-Xfnlog-Site
X-Environment-Context
X-Timing-Wait
Akamai-GRN
X-L-Path
X-Region
X-Real-IP
X-S
NGX
X-Endurance-Cache-Level
Cache-Name
X-Platform-Server
X-NCache
Ms-Operation-Id
X-RTag
X-Via-Fastly
X-Redis-Cache
X-UUID
X-Trace-Id
X-Www-Served-By
X-MServer
X-Site-Version
X-Drupal-Cache-Contexts
X-Nginx-Cache
X-Locale
DB-Nickname
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-PressLabs-Stats
X-ECACHE
X-NewRelic-App-Data
X-Load-Cache
X-Cache-Remote
X-Vgn-Hpd-Reason
Cteonnt-Length
X-Rocket-Nginx-Bypass
X-ServerID
ProcessTime
X-Request-Time
CACHE
X-Dc
Time
X-IP
X-RateLimit-Reset
X-Time-Microsecs
X-IPS-LoggedIn
X-Wix-Request-Id
S-Rt
X-Via-CDN
Version
NtCoent-Length
X-B3-Spanid
X-Origin
L5d-Success-Class
Property-Id
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
X-Origin-Hint
Webcakes-App-Name
TWC-Locale-Group
TWC-Privacy
X-UA
X-Cache-Backend
Webcakes-App-Version
Webcakes-Region
TWC-GeoIP-LatLong
Azure-SiteName
X-FW-Version
Azure-Version
Served-By
Azure-SlotName
X-Oneagent-Js-Injection
Origin
Azure-InstanceId
X-GEO
Azure-RegionName
X-Datadome
X-Proxy
X-Microcachable
X-Distributor
X-Unique-ID
SRV
Fastly-SSL
Origin-Edge-Control
X-No-Session
X-FireWall-Port
X-Pubstack
Origin-Cache-Control
Fastcgi-X-Cache-Version
X-Via-NSCOPI
X-Cache-Server
Access-Control-Request-Headers
X-Cache-Category-Id
X-GRACE
X-Grey
X-Webkit-Csp
X-PERF
X-ApacheServer
X-Powered-By-Defense
IBM-Web2-Location
X-Edge
X-BACKEND-TTL
X-Detected-As
X-Is-Bot
Hostname
X-Akamai-Transformed
Odigeo-Trace-Id
X-HTML-Minification-Powered-By
X-Format
X-CS
Proxy-Connection
X-URL
Cache-Tags
Backend-Name
X-Varnish-Cacheable
Ec-Rule-Version
X-Ttl
Proxy-Firewall
Rendered-Blocks
Request-Country
Request-EU
X-Cluster-Name
X-Connection-Hash
X-IN-APIGATEWAY
X-Instart-Info
GEO-REGION-INFO
X-Internal-Host
Request-Time
X-Edge-Server
Content-Style-Type
Xc-Version
X-Worker
X-Rewrite-Enabled
Content-Script-Type
X-CGP
Cdn-Host
Cdn-Request-Time
Fly-Request-Id
Rt-Proxy-Cache
X-HS-Combine-CSS
X-Request-UUID
X-Destination
A
X-Debug-Log
BehaviorPad-Version
X-Developer
HA-Ipaddr
Arc-Country
X-DPWN-IS-SECURE
X-G
Ha-Gx-Prefs
X-Debug-Cookies
X-Date
Node
Cache-Cookie-Set-Lfrom
X-HS-Cache-Config
Cache-Prefix
Mobile-Detection-Method
Cache-Cookie-Set-Idcheck
MD5-Digest
Cache-Cookie-Set-From
X-D
Meta-Geo-Continent
AsisCache
Server-ID
X-Processor
X-ScT
X-Application
X-A
X-A-Ccd
X-ARC
X-AIR-PT
X-NX-Host
X-Org
X-PAYTM-SRV-ID
X-B-Cookie
X-SRCache-Key
PageSpeed
X-Aed
X-Accel-Expires-Debug
X-Region-Sid
X-Server-Time
X-App-Name
X-A-Wwc
X-A-Dgt
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-A-Dam
X-A-Dcw
Fastly-SIE
X-NU-AKA-ACS-Version
Cross-Origin-Window-Policy
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-VG-WebServer
Fastly-SWR
X-CF-Lambda-Fn
X-S-Cookie
Fly-Cache
ServerName
X-CF-Lambda-Version
X-External-Request-Id
X-S-Maxage
Viewtype
VivaBuild
X-Cache-Bucket
X-ND-Cache
X-Rojux
X-Transaction
X-Twitter-Response-Tags
X-Eu-Site
X-Trv-Group
X-Nc
X-Akamai-Request-ID2
X-Compress-Hint
RNT-Machine
Server-Int
Server-Host
Section-Io-Cache
X-Cdn-Origin
True-Client-Country-4JS
X-Backend-State
X-Cache-Id
X-Cache-Info
RNT-Time
X-Epic-Correlation-Id
Mime-Version
Memcached
Is-Eu
On-Server
Platform
Resin-Trace
X-Clientip
X-Core-Mission
X-Dispatcher-Server
Apple-News-Services-Parsed-Url
X-Key
X-Level-Front-Cache
Countrycode
X-CDN-Forward
X-Irp-Debug
X-C
X-GeoIP-Country-Code
X-Hash
X-Request-URI
X-Cdn-Srv
X-Reqid
X-Sn-Servicetimems
X-ServiceProvider
X-Server-IP
X-Qloud-Router
X-PHP-Host
X-We-Are-Hiring
X-Variation
X-TH-Server
X-UnsetCookies
X-B3-Parentspanid
X-Tb
X-Fastly-Cache
Adler-Geo
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Country-Code
X-Geo-Header
Apple-News-Services-Host
X-Generated-On
X-NC
X-ElasticPress-Search
X-SVT-ORM-VERSION
X-LI-UUID
X-Served-From
X-BBXSRF
X-Block-Status
X-Method
X-Swa-Ws
X-Distil-CS
X-SD-PageType
X-SIPLIST1
X-Secret
X-Servername
X-Amz-Meta-Cache-Control
X-Fetched-On
X-Reboot
X-Protected-By
X-Fstrz
X-CDN-Cache
X-SVT-ORM-RULES
X-Webstats-RespID
X-Location
X-Response-By
X-Li-Fabric
X-Li-Pop
X-Gen-Mode
X-Request-Start
X-Nginx-Cache-Key
X-Hnp-Log
X-Crawler
X-Gannett-Site-Version
X-Dispatch
X-Wikidot-Backend
X-Skip-Cache
X-Developers
X-WebServer
X-Wikidot-Static-Cache
X-LI-Proto
SS
Gh-Request-Id
Esi-Enabled
X-Device-Os
User-Cache-Control
Pramga
Pragrma
REQUESTUUID
SD-X-WS
UCS
Powered-By
PFcat
LB
X-Cdn-Forward
AKAMAI
Content-Disposition
IsBot
V-Age
CDCHOST
Who
Wxu-Next-Commit
Wxu-Next-Region
Web-Mar-Node
Wxu-Next-Hostname
X-Ua
X-Via-Edge
X-FPC
X-VServer
Fastly-Soc-X-Request-Id
X-Thanos
X-Generation-Time
X-Auto-Login
X-Owner
X-B3-SpanId
X-Via-SSL
X-Origin-Expires
X-Origin-Date
GW-Server
X-Matched-Rule
X-Release
X-Cache-FS-Status
X-GeoIP-City
Thinkindot-CacheControl
X-Bip
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Parent-Response-Time
X-Thinkindot-L3
X-Cms-Context
Heartbleed
X-Varnish-Ttl
X-OVcl
X-Azure-Ref-OriginShield
X-Planisys-CDN-TTL
X-CUA
X-CLOUD-TRACE-CONTEXT
X-Planisys-CDN-Rules
X-Azure-Ref
X-Planisys-CDN-Cache
X-VC-Cache
X-OVcl-Cache
W
CF-IPCountry
X-Be
X-Dynatrace-Js-Agent
X-Phone
Accept-Language
X-Core-Value
X-IN-WAF
X-Varnish-Url
X-Ratelimit-Remaining
X-Clara-WADP
X-WADP-Cache
X-Birta-Cache-Post
X-Origin-TTL
X-Origin-CC
X-Birta-Served
Memory
X-LAGOON
L
X-Varnish-Beresp-Ttl
X-Varnish-IP
X-Proxy-Upstream
X-Proxy-Cache-Status
Selected-FE
HitType
N-Cache
X-Geo
X-Info
X-TrackingId
X-Page-Type
Kp-EeAlive
X-App-Version
X-Amzn-Remapped-Content-Length
X-COUNTRY
User-Agent
X-Pf-Uncompressing
X-FE
Selected-Fe
X-DC
X-Oracle-Dms-Rid
Locale
Magicmarker
X-Varnish-Beresp-Grace
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Varnish-Beresp-Status
X-Source
X-Zone
Cdn
X-Web-Server
X-CACHE-KEY
X-ABtesting
X-Agile
X-Flog
X-Agile-Age
Pagetype
X-Hello
X-TT-LOGID
X-Agile-Id
Geoip-City
GeoIp-Country-Code
Geoip-Latitude
X-Cache-Debug
X-Backend-TTL
X-Litespeed-Cache
X-Servedbyhost
X-HS-Status
X-User
X-Refresh
X-Generated-In
X-Mid
CF-Cached-On
X-Newrelic-Synthetics
X-MID
X-Backend-Host
X-Backend-Url
X-Real-Ip
X-Check-Cacheable
SN
X-VCL-Version
X-Aicache-OS
X-Soup
X-Tt-Trace-Tag
X-Up
X-MSEdge-Features
X-MSEdge-Flight
X-GoCache-CacheStatus
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-ZONE
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
FSS-Cache
X-NWS-UUID-VERIFY
X-APP
FSS-Proxy
X-Vcl-Version
X-Tb-Optimization-Total-Bytes-Saved
Ohc-Cache-HIT
Ohc-File-Size
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-ServedByHost
X-Oss-Hash-Crc64ecma
Group
X-EC-Lua
GeoIP-Country-Code
HostName
X-Varnish-Authentication
X-Contensis-Viewer-Groups
HTTPS
Server-Cache-Control
Server-Surrogate-Control
X-UPSTREAM-Address
X-Cache-ASPX
X-SERVER-NAME
X-Amzn-Remapped-Date
X-Old-Content-Length
GeoIP-Latitude
X-Amzn-Remapped-Connection
X-Via-Ucdn
XServer
RequestId
WZWS-RAY
Www
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
GeoIP-City
Backend
X-SN
X-Bc
X-FORWARDED-FOR
Srv
X-CSRF-Token
X-BC
X-Akamai-SSL-Client-Sid
X-Instart-Isnd
X-Nananana
X-ECache
Lb
X-Cache-Expires
Host-ID
Xkeyrz
X-Varnish-Beresp-TTL
X-Proxy-Cacherz
Cf-Ipcountry
X-Dynatrace
X-Cache-Ttl
WebServer
X-NGENIX-Cache
Cache-Hits
X-WR-MODIFICATION
Requestid
X-Cache-Tag
X-Node-Id
Fastly-Backend-Name
Inserted-Into-Cache-At
Get-Access-Time
X-Varnish-Action
X-PF-Uncompressing
Xkeynj
Is-Session-Tracking
X-Fastly-Country-Code
Ajk
URI
X-Logtrace-Id
X-CSRF-TOKEN
Epwk-Cache
X-IN-APIGATEWAYSSL
X-Unique-Id
X-Request-Url
X-TIME
X-PAGE-TYPE
X-MCACHE
X-Sedo-Request-Id
X-Fastly-Backend-Reqs
X-Cache-Miss-From
X-Edge-IP
X-Requestid
X-Cache-Time
Fastcgi-X-Cache
X-LiteSpeed-Cache-Control
Dynatrace
X-AssetVersion
Cneonction
X-RateLimit-Limit-Second
CDN
X-Wa
X-Svr
X-RateLimit-Remaining-Second
Xet-Cookie
X-SRV
DataCenter
X-Pjax-Url
Correlation-Id
X-Swift-Error
X-Sf
X-BE
Pics-Label
X-Var-Ttl
FNAC-ModuleRouting
X-Dw-Trace-Id
X-NGINX-Cache
X-Lb-Id
X-WA
T-Server
X-Apw-Hits
Cache-Provider
X-Fastly-Cache-Hits
X-PJAX-URL
X-LB-ID
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
PICS-Label
X-Request-URL
X-Serial
X-Render-Time
X-ServerName
X-Ecache
X-Fe
X-GDPR
X-Fpc
Warning
Lfy
X-Bug-Bounty
X-Alicdn-Da-Ups-Status
X-Akamai-ERPolicy
X-Html-Edge-Cache
X-WPE-Loopback-Upstream-Addr
Ohc-Response-Time
X-LiteSpeed-Tag
RequestUuid
X-Akamai-ERRuleID
X-Flow-Id
X-DW
X-RPM
X-RPS
X-DSS
X-DI
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-DB
X-RSL