Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Cdn
X-TTL
Pinterest-Generated-By
X-DynaTrace
X-Url
X-Vhost
X-Clacks-Overhead
X-Ua-Compatible
X-Rack-Cache
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-ORACLE-DMS-RID
NEL
X-CST
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Edge-Control
X-PC
X-Vname
X-TtlSet
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-MS-InvokeApp
X-Mod-Pagespeed
X-Request-ID
X-Dns-Prefetch-Control
SPRequestGuid
Verso
X-Recruiting
X-DataDome
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-Cdn-Fetch
X-D2id
X-Vcap-Request-Id
X-ESI
X-Varnish-TTL
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-B3-TraceId
RTSS
DynaTrace
TCN
X-Powered-By-Plesk
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Response
Display
X-Sol
X-Middleton-Display
X-RateLimit-Remaining
X-Middleton-Response
X-Server-Name
X-Akam-SW-Version
Content-MD5
Charset
MS-Author-Via
AR-ATIME
AR-CACHE
AR-PoweredBy
Ar-Sid
ServerID
X-Amz-Rid
X-Shield-Request-Id
X-Trace
Realpath
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Dw-Request-Base-Id
Accept-Ch-Lifetime
AR-Request-ID
X-Powered-CMS
X-Cached
Nginx-Cache
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Version
X-Forwarded-Proto
X-Shard
X-DynaTrace-JS-Agent
X-Upstream
Fastly-Restarts
SPRequestDuration
SPIisLatency
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
Public-Key-Pins
X-Goog-Storage-Class
Paypal-Debug-Id
X-MSEdge-Ref
Accept-CH
Pagespeed
X-Client-IP
Access-Control-Request-Method
S
X-Server-ID
Accept-Ch
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-Ezoic-Cdn
X-Id
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
X-N
X-DIS-Request-ID
X-T
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-VCache
X-Grace
Arr-Disable-Session-Affinity
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Ser
PB-RID
X-XRDS-Location
Front-End-Https
X-Hits
X-NF-Request-ID
X-Amzn-Trace-Id
X-Varnish-Age
X-B3-Sampled
X-Content-Type
Alternate-Protocol
X-Acc-Meta-Resource-Type
Fastcgi-Cache
X-Frontend
X-FTR-Cache-Host
X-Logged-In
X-Content-Digest
Server-Name
X-Srv
X-Pad
X-Correlation-Id
X-Forwarded-For
X-FastCGI-Cache
X-Vcache
Host
Nel
Powered-By-ChinaCache
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
X-Request-Handler-Origin-Region
X-Fastcgi-Cache
X-Microsite
FilterID
Healthy
X-Rid
X-LB-Cache
TP-L2-Cache
Edge-Cache-Tag
TP-Cache
X-Type
X-IPLB-Instance
X-Kinsta-Cache
X-Debug-Info
X-Request-Processing-Time
X-Request-Received
X-User-Agent
X-AOL-HN
X-Cached-By
X-GUploader-UploadID
X-B3-Traceid
X-Cache-Key
X-Cache-2
X-Revision
X-Hostname
X-HS-Hub-Id
X-HS-Content-Id
X-XRDS-LOCATION
X-Cache-Rule
X-F-Cache
Powered
X-Zen-Fury
X-Amz-Apigw-Id
X-Amzn-RequestId
Surrogate-Key
Backend-Timing
X-Accel-Expires
X-Analytics
X-Cache-Age
X-Page-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-RateLimit-Limit
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Backend
X-Varnish-Grace
X-Content-Options
X-Instance
X-Tumblr-User
X-FB-Debug
X-Cluster
X-BCube-Filmed-By
X-Tumblr-Pixel-0
Source
X-Tumblr-Pixel
X-Akamai-Edgescape
X-Az
X-AppVersion
X-Jobs
X-Request-Guid
X-App-Environment
X-Amz-Replication-Status
X-PHP-Backend
X-Activity-Id
X-TT
X-Content-Powered-By
Cleartype
X-Framework
Cache-Status
X-Via-JSL
Tracecode
WPE-Backend
Server-Node
Refresh
X-Varnish-Hostname
X-Forwarded-Host
Host-Header
X-ATG-Version
X-FW-Server
X-FW-Serve
X-FW-Type
X-Mobile
X-FW-Static
X-B-Cache
X-Signature
X-FW-Hash
X-Cache-Operation
X-Cache-Control
Liferay-Portal
X-Cache-TTL
X-Time
X-NWS-LOG-UUID
DC
X-Edge-Location
X-Drupal-Cache-Tags
Accept-Charset
Actual-Object-TTL
X-Cache-Action
Accept-CH-Lifetime
Access-Control-Allow-Method
Fastcgi-Useragent
X-Cache-Hit
X-Response-Served-From
X-Accel-Buffering
X-App-Server
X-Mobile-URL
Upgrade-Insecure-Requests
X-Hp-Webp
X-Storage
Payment
X-Content-Age
X-SS-Set-Cookie
X-WebKit-CSP-Report-Only
X-Whom
X-TX-ID
X-Handled-By
X-TT-TIMESTAMP
X-VG-WebCache
X-Yottaa-Metrics
X-UA-Device-Type
X-Tumblr-Pixel-1
X-RequestSource
X-Git-Hash
X-Tumblr-Pixel-2
X-Yottaa-Optimizations
Filters
X-Cacheable-TTL
X-GeoIP
Cache-Tv-Group
Viewport
Eomportal-Instance
X-B
X-Adobe-Content
X-Adobe-Loc
X-WA-Info
Cache
X-RemovedCookies
X-ProcessESI
X-Geo-Country
X-TA-CDN-Provider
Server-Info
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Status
X-FB-TRIP-ID
Xserver
Webserver
Cache-Tag
NGB
X-Presslabs-Stats
X-Esi
X-Cache-Enabled
X-Ratelimit-Reset
X-Cache-TTL-Remaining
X-APP-VERSION
Retry-After
Datacenter
X-FW-Dynamic
X-Contextid
X-Ratelimit-Limit
X-Seen-By
S-Cnection
X-Origin-Server
X-Host-Name
X-Mode
X-CF-Powered-By
From-Origin
Country
MS-CV
X-VWS-Id
X-Cache-Config
Machine
X-AWS-Id
X-Magnolia-Registration
X-Cache-Var
X-ES-SERVER
X-Path-Route
X-Hyper-Cache
X-RN-RSRV
X-Tumblr-Pixel-3
X-LJ-Flow-ID
Load-Balancing
Meta-Geo
X-Cache-Var-Map
X-Zipkin-Id
DSUID
Frame-Options
X-Varnish-Cache-Hits
X-Upstream-CT
X-Human
X-Proxied
X-Routing-Service
X-Upstream-HT
X-Cache-Grace
Vix-Hermes-Req-Id
X-Backend-Name
X-Hit
Release
Cache-Key
X-Daa-Tunnel
GEO-INFO
X-Labrador-Cache-Channel
X-Device-Type
X-Section
Mn-Server-Ip
X-From
X-TNCMS
X-Web-Node
Mail-Subject
ServedBy
X-Cache-Host
X-Loop
X-MP-GENERATED-AT
X-Varnish-Server
X-Rendered-As
X-Generated-By
X-Access
X-Guploader-Uploadid
We-Hiring
Decoy-Debug-Key
Decoy-Debug-TTL
Now
X-Akamai-Request-ID
X-VG-TLSProxy
X-VCT
X-Cluster-Node
X-Debug-Cache
Uber-Trace-Id
X-Viewer-Country
X-EIG-Tracking-Id
Rt-Fastcgi-Cache
Akamai-GRN
Decoy-Debug-Status
X-PCL
X-Origin-Response-Time
X-Varnish-Hits
X-Rule
X-Proto
X-RCS-CacheZone
X-R9-Blue-Green-Version
X-OCL
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FC-Vary-Parameters
X-L-Path
X-Timing-Wait
X-Region
X-Environment-Context
X-Hosted-By
Cache-Name
X-Generated
X-Proxy-Build
X-Alternate-Cache-Key
Ms-Operation-Id
X-Upgrade-Enabled
X-Sorting-Hat-PodId
X-NCache
X-Sorting-Hat-ShopId
X-RTag
X-Shopify-Stage
X-ShopId
OT-Force-Account-Verify
X-ShardId
X-Via-Fastly
NGX
X-Cache-NE
DB-Nickname
X-Endurance-Cache-Level
X-JoinUs
X-UUID
X-ProxyCache-Key
X-CCM
X-Drupal-Cache-Contexts
X-BYPASS-REASON
X-Trace-Id
X-NewRelic-App-Data
X-Redis-Cache
X-ProxyCache-Status
X-Xfnlog-Site
X-Site-Version
X-PressLabs-Stats
X-Www-Served-By
X-Locale
X-S
X-MServer
X-Real-IP
X-Platform-Server
X-Load-Cache
X-EdgeConnect-Cache-Status
Cteonnt-Length
X-Hl-Ver
ProcessTime
X-Vgn-Hpd-Reason
X-Nginx-Cache
X-Rocket-Nginx-Bypass
X-ECACHE
X-Cache-Remote
X-B3-Spanid
X-ServerID
X-Time-Microsecs
X-IP
CACHE
Time
X-Request-Time
X-IPS-LoggedIn
X-RateLimit-Reset
X-GEO
X-Dc
SRV
Azure-RegionName
Azure-Version
NtCoent-Length
X-Wix-Request-Id
X-FW-Version
Azure-InstanceId
Azure-SlotName
X-Via-CDN
Azure-SiteName
S-Rt
TWC-Privacy
TWC-Device-Class
Property-Id
TWC-Connection-Speed
Webcakes-App-Name
Webcakes-App-Version
X-Origin
Webcakes-Region
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
L5d-Success-Class
X-Oneagent-Js-Injection
Version
Origin
X-Cache-Backend
Served-By
X-UA
X-Proxy
X-Datadome
X-No-Session
X-Microcachable
X-Unique-ID
X-Pubstack
X-FireWall-Port
Fastly-SSL
X-Distributor
Fastcgi-X-Cache-Version
Odigeo-Trace-Id
X-ApacheServer
X-PERF
X-Cache-Server
X-Webkit-Csp
Origin-Cache-Control
Origin-Edge-Control
X-Powered-By-Defense
X-CS
X-Format
IBM-Web2-Location
X-Edge
X-Via-NSCOPI
Access-Control-Request-Headers
X-Cache-Category-Id
X-HTML-Minification-Powered-By
X-Detected-As
X-Akamai-Request-ID2
X-Is-Bot
X-Grey
Hostname
Cache-Tags
Ec-Rule-Version
X-Akamai-Transformed
Proxy-Connection
X-BACKEND-TTL
Backend-Name
X-Varnish-Cacheable
X-Compress-Hint
X-CDN-Forward
MD5-Digest
X-Org
HA-Ipaddr
X-PAYTM-SRV-ID
Ha-Gx-Prefs
Meta-Geo-Continent
Server-ID
Request-EU
Request-Time
X-NX-Host
Rt-Proxy-Cache
Fly-Request-Id
Request-Country
Node
Proxy-Firewall
Rendered-Blocks
Mobile-Detection-Method
Content-Style-Type
AsisCache
BehaviorPad-Version
Cache-Cookie-Set-From
Arc-Country
A
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cross-Origin-Window-Policy
Fastly-SIE
Fastly-SWR
Content-Script-Type
Cdn-Request-Time
Cache-Prefix
X-Processor
Cdn-Host
Fly-Cache
X-A-Ccd
X-Debug-Cookies
X-Debug-Log
X-Destination
X-Developer
X-Date
X-D
X-CGP
X-Cluster-Name
X-Connection-Hash
X-DPWN-IS-SECURE
X-Edge-Server
X-IN-APIGATEWAY
X-Instart-Info
X-Internal-Host
X-HS-Combine-CSS
X-HS-Cache-Config
X-Eu-Site
X-External-Request-Id
X-G
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-A-Dam
X-A-Dcw
X-A-Dgt
X-UnsetCookies
X-A
Viewtype
VivaBuild
X-NU-AKA-ACS-Version
X-A-Wwc
X-Accel-Expires-Debug
X-B-Cookie
X-Cache-Bucket
X-Cdn-Srv
X-ARC
X-Application
X-Aed
X-AIR-PT
X-App-Name
ServerName
GEO-REGION-INFO
X-ScT
X-Rojux
X-NC
X-S-Maxage
X-Vtex-Remote-Cache
X-Twitter-Response-Tags
X-Server-Time
X-Transaction
X-S-Cookie
X-Vtex-Processado-Em
X-Trv-Group
X-Rewrite-Enabled
Xc-Version
X-SRCache-Key
X-VG-WebServer
X-Worker
PageSpeed
X-Request-UUID
X-Oracle-Dms-Rid
X-ElasticPress-Search
X-Tb
Esi-Enabled
X-Fastly-Cache
Gh-Request-Id
X-TH-Server
X-Generated-On
X-Dispatch
Resin-Trace
Memcached
X-Core-Mission
On-Server
LB
X-Sn-Servicetimems
X-Cdn-Origin
Server-Int
SS
Countrycode
Server-Host
Section-Io-Cache
X-Cache-Info
Country-Code
Apple-News-Services-Handled
X-ND-Cache
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-ServiceProvider
X-Clientip
X-Qloud-Router
X-C
X-Reqid
X-Key
X-Irp-Debug
X-Location
X-Level-Front-Cache
X-Backend-State
X-Server-IP
Apple-News-Services-Request-Url
X-B3-Parentspanid
X-Hash
X-Nginx-Cache-Key
X-Geo-Header
X-We-Are-Hiring
X-Skip-Cache
REQUESTUUID
X-SIPLIST1
Wxu-Next-Commit
X-Servername
Wxu-Next-Hostname
X-Auto-Login
X-SVT-ORM-RULES
Wxu-Next-Region
X-Served-From
X-Method
X-Secret
X-BBXSRF
X-Cache-Id
Who
True-Client-Country-4JS
RNT-Machine
RNT-Time
UCS
Is-Eu
X-Generation-Time
Content-Disposition
X-GeoIP-Country-Code
X-PHP-Host
X-Gannett-Site-Version
X-GRACE
Pramga
X-Wikidot-Static-Cache
X-Protected-By
X-Webstats-RespID
X-Request-URI
X-Wikidot-Backend
X-Reboot
AKAMAI
Adler-Geo
X-Epic-Correlation-Id
X-FPC
Mime-Version
X-Dispatcher-Server
X-Distil-CS
X-Nc
IsBot
X-Developers
X-Crawler
Platform
PFcat
X-SVT-ORM-VERSION
X-Variation
Powered-By
X-Swa-Ws
X-Ua
X-Azure-Ref-OriginShield
X-Li-Fabric
X-Thinkindot-L3
X-Azure-Ref
X-CUA
X-Device-Os
X-Cache-FS-Status
X-Fetched-On
X-Li-Pop
X-CDN-Cache
X-LI-Proto
X-LI-UUID
X-Hnp-Log
X-Block-Status
X-Gen-Mode
X-Fstrz
X-Bip
Thinkindot-CacheControl-Type
X-Response-By
Pragrma
X-Release
X-Thanos
Thinkindot-CacheControl
GW-Server
Heartbleed
W
X-Via-Edge
X-Origin-Date
CDCHOST
X-Origin-Expires
Thinkindot-Control
SD-X-WS
User-Cache-Control
Fastly-Soc-X-Request-Id
X-WebServer
X-VServer
X-Via-SSL
X-Amz-Meta-Cache-Control
X-Matched-Rule
X-Request-Start
V-Age
X-SD-PageType
Web-Mar-Node
X-Parent-Response-Time
X-Varnish-Ttl
Accept-Language
CF-IPCountry
X-OVcl
X-Owner
X-OVcl-Cache
X-Cdn-Forward
X-Varnish-Url
X-CLOUD-TRACE-CONTEXT
X-GeoIP-City
X-Cms-Context
X-VC-Cache
X-Origin-TTL
X-Origin-CC
X-Planisys-CDN-Cache
L
X-Planisys-CDN-Rules
X-B3-SpanId
X-Clara-WADP
X-Planisys-CDN-TTL
X-WADP-Cache
X-Ratelimit-Remaining
X-Be
X-Dynatrace-Js-Agent
X-IN-WAF
X-LAGOON
N-Cache
X-Core-Value
X-Phone
Memory
X-Varnish-Beresp-Ttl
X-Proxy-Cache-Status
X-FE
X-TrackingId
X-Birta-Served
X-Proxy-Upstream
X-Birta-Cache-Post
Kp-EeAlive
X-Amzn-Remapped-Content-Length
User-Agent
X-Varnish-IP
Selected-Fe
X-Pf-Uncompressing
Selected-FE
HitType
X-Info
X-Urbn-Site-Id
Locale
X-URL
X-Urbn-Context-Path
X-Page-Type
Magicmarker
X-Geo
X-Ttl
X-DC
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Zone
X-Hello
Pagetype
X-App-Version
X-ABtesting
X-Backend-TTL
X-Flog
Geoip-City
X-TT-LOGID
X-Generated-In
GeoIp-Country-Code
Geoip-Latitude
X-Source
X-Newrelic-Synthetics
X-User
Cdn
X-Litespeed-Cache
X-SERVER-NAME
X-HS-Status
X-Web-Server
X-Backend-Url
X-Backend-Host
X-Agile
X-Refresh
X-Agile-Age
X-Cache-Debug
X-Agile-Id
X-Mid
X-MID
X-GoCache-CacheStatus
X-Up
X-Real-Ip
X-Servedbyhost
X-Soup
X-Tt-Trace-Tag
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-MSEdge-Flight
X-Debug-Cache-Expiry
X-MSEdge-Features
X-CACHE-KEY
SN
X-ZONE
CF-Cached-On
X-Aicache-OS
X-Check-Cacheable
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
FSS-Cache
FSS-Proxy
X-VCL-Version
X-Vcl-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Oss-Storage-Class
X-Oss-Request-Id
X-APP
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-ServedByHost
X-Oss-Server-Time
Ohc-Cache-HIT
Ohc-File-Size
X-Say-TTL
X-Contensis-Viewer-Groups
X-SayCDN-TTL
X-NWS-UUID-VERIFY
X-Amzn-Remapped-Connection
X-Varnish-Authentication
Group
GeoIP-Country-Code
Server-Surrogate-Control
Server-Cache-Control
X-Cache-ASPX
HostName
X-Say-Cacheable
X-UPSTREAM-Address
X-Amzn-Remapped-Date
X-EC-Lua
RequestId
X-Old-Content-Length
X-COUNTRY
X-Via-Ucdn
GeoIP-City
X-Bc
GeoIP-Latitude
HTTPS
X-Cache-Ttl
Srv
XServer
X-CSRF-Token
X-BC
WZWS-RAY
Www
Cache-Hits
X-SN
X-Akamai-SSL-Client-Sid
Backend
X-Nananana
X-Instart-Isnd
Xkeyrz
Fastly-Backend-Name
X-ECache
X-Proxy-Cacherz
WebServer
X-Dynatrace
Host-ID
X-Cache-Expires
X-Request-Url
X-Cache-Tag
Requestid
Cf-Ipcountry
X-WR-MODIFICATION
X-Varnish-Beresp-TTL
Lb
X-Node-Id
Inserted-Into-Cache-At
Ajk
X-Logtrace-Id
X-IN-APIGATEWAYSSL
Xkeynj
URI
X-TIME
X-Unique-Id
X-CSRF-TOKEN
X-FORWARDED-FOR
Is-Session-Tracking
X-NGENIX-Cache
X-PAGE-TYPE
X-Fastly-Country-Code
Get-Access-Time
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-MCACHE
X-Wa
Epwk-Cache
X-RateLimit-Remaining-Second
X-Fastly-Backend-Reqs
X-Varnish-Action
X-Edge-IP
DataCenter
X-Cache-Time
X-Cache-Miss-From
X-Sedo-Request-Id
X-RateLimit-Limit-Second
X-PF-Uncompressing
X-Requestid
Dynatrace
X-LiteSpeed-Cache-Control
Cneonction
X-BE
Fastcgi-X-Cache
X-SRV
X-NGINX-Cache
Xet-Cookie
X-Lb-Id
X-Svr
X-PJAX-URL
X-AssetVersion
T-Server
Pics-Label
Correlation-Id
PICS-Label
X-Swift-Error
CDN
X-Pjax-Url
X-Dw-Trace-Id
FNAC-ModuleRouting
X-Cf-Powered-By
X-LB-ID
X-Var-Ttl
X-WA
X-Apw-Access-Action
X-Micro-Cache
X-Apw-Access-Object
X-Ecache
X-Sf
X-GDPR
X-Apw-Access-Token
X-Apw-Hits
X-Vct
X-Request-URL
X-Render-Time
X-ServerName
X-Serial
X-Fpc
X-Zalando-Child-Request-Id
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
RequestUuid
X-LiteSpeed-Tag
X-Akamai-ERPolicy
X-Bug-Bounty
X-Html-Edge-Cache
Lfy
Warning
X-Flow-Id
Cache-Provider
X-DSS
X-DW
X-RPM
X-RPS
X-DI
X-DB
X-Page-Impression-Id
Ohc-Response-Time
X-WPE-Loopback-Upstream-Addr
X-RSL