Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
P3p
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Ac
X-Rq
X-Server-Id
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-TTL
X-Url
X-DynaTrace
X-Vhost
X-Cdn
X-Rack-Cache
X-Clacks-Overhead
Pinterest-Generated-By
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
NEL
X-Ua-Compatible
X-CST
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-ORACLE-DMS-RID
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-DataStream-Cache-Status
Fusion-Content-Id
Edge-Control
X-Vname
X-TtlSet
X-PC
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-MS-InvokeApp
X-Mod-Pagespeed
SPRequestGuid
Verso
X-DataDome
X-Recruiting
X-Request-ID
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Dns-Prefetch-Control
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
X-B3-TraceId
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
RTSS
X-ESI
TCN
DynaTrace
X-Navigation-Version
X-Powered-By-Plesk
X-GitHub-Request-Id
X-RateLimit-Remaining
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Middleton-Display
Response
X-Sol
X-Middleton-Response
Display
X-Akam-SW-Version
Accept-Ch-Lifetime
Content-MD5
Charset
X-Server-Name
MS-Author-Via
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-ATIME
ServerID
X-Shield-Request-Id
X-Amz-Rid
X-Trace
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Realpath
X-Dw-Request-Base-Id
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
AR-Request-ID
X-Powered-CMS
X-DynaTrace-JS-Agent
X-Cached
X-Version
Nginx-Cache
X-Forwarded-Proto
X-Server-ID
X-Upstream
X-Shard
Fastly-Restarts
X-B3-TraceId-Primal
Mrf-Cache-Status
Public-Key-Pins
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
SPIisLatency
SPRequestDuration
X-Goog-Storage-Class
Paypal-Debug-Id
Accept-Ch
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-MSEdge-Ref
Access-Control-Request-Method
Pagespeed
X-Client-IP
S
Accept-CH
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Amz-Meta-S3cmd-Attrs
X-Debug
X-Id
X-FTR-Backend-Server
X-FTR-Realm
X-Ezoic-Cdn
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Expires
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Grace
Arr-Disable-Session-Affinity
X-Amzn-Trace-Id
X-NF-Request-ID
Front-End-Https
X-VCache
PB-RID
X-Mobile-Rewrite
X-Ser
PB-PID
Arc-Version
X-Hits
X-Varnish-Age
X-Content-Type
X-B3-Sampled
Alternate-Protocol
X-Acc-Meta-Resource-Type
Fastcgi-Cache
X-FTR-Cache-Host
X-Frontend
X-Logged-In
Server-Name
X-Content-Digest
X-Srv
X-FastCGI-Cache
X-Vcache
X-Pad
X-Forwarded-For
Host
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
Powered-By-ChinaCache
Nel
X-Microsite
X-Request-Handler-Origin-Region
FilterID
TP-Cache
Healthy
TP-L2-Cache
X-Rid
Edge-Cache-Tag
X-Kinsta-Cache
X-LB-Cache
X-Type
X-IPLB-Instance
X-Fastcgi-Cache
X-Request-Processing-Time
X-Debug-Info
X-Request-Received
X-AOL-HN
X-User-Agent
X-GUploader-UploadID
X-Cached-By
X-Cache-2
X-Revision
X-B3-Traceid
X-F-Cache
X-Hostname
X-HS-Content-Id
X-HS-Hub-Id
X-Cache-Key
Powered
X-Cache-Rule
X-Zen-Fury
X-Amz-Apigw-Id
X-Amzn-RequestId
X-XRDS-LOCATION
Surrogate-Key
X-Accel-Expires
Backend-Timing
X-Analytics
X-Cache-Age
X-RateLimit-Limit
X-Kong-Proxy-Latency
X-Page-Id
X-Kong-Upstream-Latency
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Activity-Id
X-BCube-Filmed-By
X-Az
X-Instance
X-Varnish-Grace
X-AppVersion
X-Content-Options
X-Jobs
X-Cluster
X-FB-Debug
Source
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-App-Environment
Cache-Status
X-Akamai-Edgescape
X-Amz-Replication-Status
X-Content-Powered-By
X-PHP-Backend
X-Request-Guid
X-Via-JSL
X-TT
Cleartype
X-Framework
Tracecode
Server-Node
X-Varnish-Hostname
WPE-Backend
X-Forwarded-Host
Refresh
X-B-Cache
Host-Header
X-Signature
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Hash
X-ATG-Version
X-FW-Serve
X-Mobile
X-Cache-Operation
X-Cache-Control
X-Time
Liferay-Portal
X-NWS-LOG-UUID
Accept-Charset
DC
Actual-Object-TTL
X-Drupal-Cache-Tags
X-Edge-Location
X-Cache-Action
X-Cache-TTL
Access-Control-Allow-Method
Fastcgi-Useragent
X-Cache-Hit
Cache
X-App-Server
Upgrade-Insecure-Requests
X-Accel-Buffering
X-Hp-Webp
X-Response-Served-From
X-Mobile-URL
Payment
X-Whom
X-Storage
X-Esi
X-TX-ID
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-B
X-Content-Age
X-TT-TIMESTAMP
X-Handled-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-SS-Set-Cookie
Xserver
X-Git-Hash
X-RequestSource
X-Cacheable-TTL
X-GeoIP
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Filters
Eomportal-Instance
X-Adobe-Loc
Cache-Tv-Group
X-VG-WebCache
X-Adobe-Content
X-Geo-Country
Viewport
X-ProcessESI
X-RemovedCookies
X-WA-Info
X-Ratelimit-Reset
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Server-Info
X-Status
Cache-Tag
X-TA-CDN-Provider
X-FB-TRIP-ID
Webserver
X-Cache-TTL-Remaining
Datacenter
NGB
X-Cache-Enabled
Retry-After
Accept-CH-Lifetime
X-FW-Dynamic
X-APP-VERSION
X-Contextid
X-Seen-By
S-Cnection
X-Ratelimit-Limit
X-Presslabs-Stats
X-Host-Name
X-Origin-Server
X-PressLabs-Stats
MS-CV
X-Mode
Country
X-CF-Powered-By
From-Origin
Frame-Options
Load-Balancing
X-Path-Route
X-Tumblr-Pixel-3
X-Daa-Tunnel
X-VWS-Id
X-Cache-Config
X-Cache-Var-Map
Meta-Geo
X-Varnish-Hits
X-Magnolia-Registration
X-LJ-Flow-ID
X-Hyper-Cache
X-ES-SERVER
Machine
X-AWS-Id
X-RN-RSRV
X-Cache-Var
X-Upstream-HT
X-Hit
Mail-Subject
Cache-Key
X-Rendered-As
X-Upstream-CT
X-Cache-Host
X-Routing-Service
Vix-Hermes-Req-Id
X-Cache-Grace
We-Hiring
X-Backend-Name
X-Human
X-Labrador-Cache-Channel
X-Generated-By
GEO-INFO
Release
DSUID
X-Varnish-Cache-Hits
X-Proxied
X-Zipkin-Id
Ms-Operation-Id
X-RTag
X-EIG-Tracking-Id
X-RCS-CacheZone
X-Web-Node
X-PCL
X-Viewer-Country
X-Varnish-Server
X-Section
X-TNCMS
X-OCL
X-MP-GENERATED-AT
X-Access
Uber-Trace-Id
Now
X-Debug-Cache
X-Device-Type
X-Loop
X-From
Mn-Server-Ip
ServedBy
X-Alternate-Cache-Key
Akamai-GRN
X-Akamai-Request-ID
Decoy-Debug-Key
Decoy-Debug-Status
X-Upgrade-Enabled
X-Shopify-Stage
X-Rule
X-VG-TLSProxy
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
OT-Force-Account-Verify
X-ShopId
X-ShardId
Rt-Fastcgi-Cache
X-R9-Blue-Green-Version
Decoy-Debug-TTL
X-Cluster-Node
X-CCM
X-L-Path
X-ProxyCache-Status
X-Environment-Context
X-Origin-Response-Time
X-Proto
X-BYPASS-REASON
X-ProxyCache-Key
X-FC-Vary-Parameters
X-JoinUs
X-Timing-Wait
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
X-S
X-Generated
X-Via-Fastly
X-Proxy-Build
X-Endurance-Cache-Level
X-Region
X-Xfnlog-Site
Cache-Name
X-NCache
DB-Nickname
X-Guploader-Uploadid
X-Cache-NE
X-NewRelic-App-Data
NGX
X-Trace-Id
X-Redis-Cache
X-Drupal-Cache-Contexts
X-Site-Version
X-Load-Cache
X-Platform-Server
X-Nginx-Cache
X-Www-Served-By
X-Locale
X-UUID
X-VCT
Cteonnt-Length
X-MServer
X-Real-IP
X-Hl-Ver
ProcessTime
X-EdgeConnect-Cache-Status
X-Vgn-Hpd-Reason
X-Cache-Remote
X-ServerID
X-Rocket-Nginx-Bypass
X-Request-Time
X-Time-Microsecs
X-GEO
X-IP
X-Oracle-Dms-Rid
X-ECACHE
Time
X-B3-Spanid
X-Origin
Version
X-Wix-Request-Id
X-Via-CDN
Azure-InstanceId
Azure-Version
Azure-RegionName
S-Rt
X-FW-Version
Azure-SlotName
Azure-SiteName
X-IPS-LoggedIn
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
TWC-Locale-Group
Webcakes-App-Version
TWC-GeoIP-LatLong
Property-Id
NtCoent-Length
TWC-Connection-Speed
TWC-GeoIP-Country
X-Origin-Hint
TWC-Device-Class
Origin
SRV
L5d-Success-Class
X-Proxy
X-No-Session
Served-By
X-Cache-Backend
X-FireWall-Port
X-Distributor
X-Dc
Fastly-SSL
X-Oneagent-Js-Injection
X-Pubstack
X-Microcachable
X-Unique-ID
X-Datadome
X-Cache-Server
CACHE
Origin-Cache-Control
Origin-Edge-Control
Odigeo-Trace-Id
X-RateLimit-Reset
X-PERF
Fastcgi-X-Cache-Version
X-ApacheServer
X-CS
X-Format
X-Grey
X-UA
X-Cache-Category-Id
IBM-Web2-Location
X-Akamai-Request-ID2
X-Akamai-Transformed
Hostname
Ec-Rule-Version
Cache-Tags
X-Webkit-Csp
X-GRACE
X-Detected-As
X-HTML-Minification-Powered-By
X-Is-Bot
X-Powered-By-Defense
Proxy-Connection
X-Via-NSCOPI
Access-Control-Request-Headers
X-Edge
X-UnsetCookies
X-Ua
Backend-Name
X-Compress-Hint
X-Varnish-Cacheable
Cdn-Request-Time
Content-Style-Type
X-G
Fastly-SIE
Cross-Origin-Window-Policy
Content-Script-Type
Cache-Prefix
AsisCache
BehaviorPad-Version
X-HS-Cache-Config
A
Fastly-SWR
Arc-Country
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cdn-Host
X-HS-Combine-CSS
X-Internal-Host
X-Tb
Cache-Cookie-Set-Lfrom
X-IN-APIGATEWAY
MD5-Digest
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-Date
X-A-Dgt
X-A-Dcw
X-Debug-Cookies
X-A
X-A-Ccd
X-A-Dam
X-D
X-AIR-PT
X-Cluster-Name
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-Bucket
X-B-Cookie
X-App-Name
X-Application
X-ARC
X-Connection-Hash
X-Debug-Log
VivaBuild
X-Edge-Server
X-DPWN-IS-SECURE
Meta-Geo-Continent
Mobile-Detection-Method
HA-Ipaddr
Ha-Gx-Prefs
Fly-Request-Id
GEO-REGION-INFO
X-External-Request-Id
X-Eu-Site
Node
Proxy-Firewall
ServerName
X-Developer
X-Destination
Viewtype
Server-ID
Rt-Proxy-Cache
Rendered-Blocks
Request-Country
Request-EU
Request-Time
Fly-Cache
X-Instart-Info
X-Rebelmouse-Cache-Control
X-Processor
X-Rebelmouse-Surrogate-Control
X-Vtex-Remote-Cache
X-Region-Sid
X-PAYTM-SRV-ID
X-Org
X-Worker
X-CGP
X-NU-AKA-ACS-Version
X-NX-Host
X-Request-UUID
X-Rewrite-Enabled
X-Trv-Group
X-Transaction
X-Server-Time
X-SRCache-Key
X-Twitter-Response-Tags
X-VG-WebServer
X-Rojux
X-S-Cookie
X-S-Maxage
X-ScT
Xc-Version
X-Vtex-Processado-Em
X-BACKEND-TTL
Mime-Version
X-NC
X-CDN-Forward
X-ElasticPress-Search
RNT-Time
X-Dispatcher-Server
RNT-Machine
Is-Eu
Section-Io-Cache
Server-Int
Server-Host
Resin-Trace
X-Reqid
X-B3-Parentspanid
X-C
X-Dispatch
On-Server
SS
X-Nc
Platform
Memcached
X-Location
X-Clientip
X-Backend-State
X-Core-Mission
X-Cache-Id
X-Cache-Info
X-Sn-Servicetimems
X-ServiceProvider
X-Cdn-Origin
X-Server-IP
X-TH-Server
X-Irp-Debug
True-Client-Country-4JS
X-Qloud-Router
X-Key
X-Variation
PageSpeed
X-Level-Front-Cache
X-Skip-Cache
X-Request-URI
X-We-Are-Hiring
X-Nginx-Cache-Key
Countrycode
X-PHP-Host
X-Hash
X-Generated-On
X-GeoIP-Country-Code
X-Geo-Header
Country-Code
Adler-Geo
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Esi-Enabled
X-Fastly-Cache
X-Epic-Correlation-Id
Apple-News-Services-Request-Url
Gh-Request-Id
Apple-News-Services-Handled
X-SD-PageType
X-Webstats-RespID
X-Secret
X-Generation-Time
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-Served-From
X-LI-UUID
CDCHOST
X-LI-Proto
X-Swa-Ws
X-SVT-ORM-RULES
X-Block-Status
X-BBXSRF
X-Li-Pop
X-Cache-FS-Status
X-SIPLIST1
X-CDN-Cache
X-Servername
X-SVT-ORM-VERSION
X-Crawler
X-Amz-Meta-Cache-Control
Who
X-Li-Fabric
X-Wikidot-Static-Cache
X-Auto-Login
X-Wikidot-Backend
Content-Disposition
Pramga
X-Device-Os
X-Request-Start
Web-Mar-Node
REQUESTUUID
X-Developers
Powered-By
PFcat
X-Reboot
LB
X-Distil-CS
X-Protected-By
X-Fetched-On
IsBot
X-Gannett-Site-Version
AKAMAI
UCS
X-Hnp-Log
User-Cache-Control
V-Age
X-WebServer
X-Response-By
X-Method
X-Gen-Mode
SD-X-WS
X-ND-Cache
Accept-Language
W
X-Thinkindot-L3
X-Via-Edge
X-Thanos
X-FPC
X-Release
X-Origin-Expires
X-Origin-Date
X-VServer
X-GeoIP-City
X-CUA
X-Matched-Rule
X-Owner
X-Cms-Context
X-Via-SSL
Thinkindot-CacheControl
Fastly-Soc-X-Request-Id
Thinkindot-Control
Thinkindot-CacheControl-Type
GW-Server
Heartbleed
X-Azure-Ref-OriginShield
X-Azure-Ref
X-Bip
X-Cdn-Forward
X-B3-SpanId
X-OVcl
X-Varnish-Url
X-Parent-Response-Time
X-OVcl-Cache
X-VC-Cache
X-Fstrz
X-WADP-Cache
X-Clara-WADP
Pragrma
CF-IPCountry
X-Varnish-Ttl
X-CLOUD-TRACE-CONTEXT
L
X-LAGOON
Memory
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Ratelimit-Remaining
X-Proxy-Upstream
X-Proxy-Cache-Status
N-Cache
X-Planisys-CDN-Cache
X-Origin-CC
X-Be
X-Origin-TTL
X-DC
X-Amzn-Remapped-Content-Length
Kp-EeAlive
X-IN-WAF
X-Phone
X-TrackingId
X-Core-Value
X-FE
Selected-Fe
X-Varnish-Beresp-Ttl
X-Page-Type
X-Birta-Cache-Post
X-Birta-Served
User-Agent
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-SERVER-NAME
X-Varnish-IP
X-Pf-Uncompressing
Magicmarker
X-URL
Selected-FE
X-Info
X-App-Version
HitType
X-Ttl
X-Geo
X-Backend-TTL
X-Dynatrace-Js-Agent
X-ABtesting
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Hello
Cdn
X-Flog
Pagetype
X-Zone
X-Newrelic-Synthetics
X-User
X-Generated-In
X-CACHE-KEY
X-Servedbyhost
X-Backend-Url
X-Source
X-TT-LOGID
X-Backend-Host
X-Litespeed-Cache
GeoIp-Country-Code
X-Debug-Cache-Store
X-Debug-Cache-Expiry
SN
X-Debug-Cache-Fetch
X-GoCache-CacheStatus
X-MSEdge-Flight
X-MSEdge-Features
Geoip-Latitude
X-Web-Server
X-Agile-Age
X-Agile-Id
X-Tt-Trace-Tag
X-Soup
X-Up
X-Refresh
X-Agile
Geoip-City
X-Cache-Debug
CF-Cached-On
X-MID
X-Mid
X-Check-Cacheable
X-ZONE
X-HS-Status
X-Real-Ip
X-Tb-Optimization-Total-Bytes-Saved
X-Vcl-Version
X-VCL-Version
X-Oss-Request-Id
X-Aicache-OS
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
FSS-Proxy
FSS-Cache
GeoIP-Country-Code
X-UPSTREAM-Address
X-Cache-Ttl
X-Old-Content-Length
X-Say-Cacheable
GeoIP-Latitude
X-APP
GeoIP-City
X-ServedByHost
X-SayCDN-TTL
X-Say-TTL
X-Amzn-Remapped-Date
X-NWS-UUID-VERIFY
Srv
X-Amzn-Remapped-Connection
Ohc-File-Size
Ohc-Cache-HIT
X-Varnish-Authentication
Group
WZWS-RAY
X-Cache-ASPX
HostName
X-Contensis-Viewer-Groups
Server-Cache-Control
Server-Surrogate-Control
X-BC
X-EC-Lua
Cache-Hits
X-Via-Ucdn
RequestId
HTTPS
X-Bc
X-COUNTRY
X-CSRF-Token
X-Varnish-Beresp-TTL
X-SN
Fastly-Backend-Name
Www
X-Node-Id
Backend
X-Akamai-SSL-Client-Sid
Inserted-Into-Cache-At
X-Nananana
Ajk
Xkeyrz
X-CSRF-TOKEN
X-IN-APIGATEWAYSSL
X-Proxy-Cacherz
X-Logtrace-Id
X-ECache
Cf-Ipcountry
Lb
URI
X-Instart-Isnd
X-Dynatrace
X-Cache-Time
WebServer
XServer
X-Cache-Tag
X-Request-Url
X-Cache-Expires
X-WR-MODIFICATION
Requestid
Host-ID
X-FORWARDED-FOR
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Wa
X-NGENIX-Cache
X-TIME
Is-Session-Tracking
X-PF-Uncompressing
Get-Access-Time
X-Unique-Id
Xkeynj
X-PAGE-TYPE
X-Fastly-Country-Code
X-MCACHE
X-LiteSpeed-Cache-Control
X-Fastly-Backend-Reqs
X-Varnish-Action
Epwk-Cache
X-Edge-IP
X-BE
X-Cache-Miss-From
X-Requestid
X-Sedo-Request-Id
Dynatrace
X-Vct
X-Apw-Hits
X-Apw-Access-Action
Fastcgi-X-Cache
Pics-Label
X-Apw-Access-Object
T-Server
X-Apw-Access-Token
X-Pjax-Url
Cneonction
X-Correlation-ID
Xet-Cookie
DataCenter
X-SRV
X-Micro-Cache
X-Ecache
X-GDPR
X-Render-Time
X-Lb-Id
PICS-Label
X-LB-ID
X-PJAX-URL
Correlation-Id
CDN
X-Svr
X-AssetVersion
X-Swift-Error
X-Dw-Trace-Id
X-NGINX-Cache
X-Sf
X-Cf-Powered-By
X-Var-Ttl
X-WA
X-Fpc
FNAC-ModuleRouting
X-Flow-Id
X-DB
Ohc-Response-Time
Warning
X-LiteSpeed-Tag
X-Fastly-Cache-Hits
Sid
X-Uri
X-Serial
RequestUuid
Lfy
X-Bug-Bounty
X-Akamai-ERRuleID
X-Zalando-Child-Request-Id
X-DSS
X-DW
X-RSL
X-RPS
X-DI
Cache-Provider
X-ServerName
X-Akamai-ERPolicy
X-WPE-Loopback-Upstream-Addr
X-Page-Impression-Id
X-Html-Edge-Cache
X-RPM