Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Xss-Protection
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
P3p
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-Ua-Compatible
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Ac
Report-To
X-Rq
Content-Location
X-OneAgent-JS-Injection
X-Node
X-Server-Id
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cdn
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Url
X-DynaTrace
X-Vhost
X-TTL
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
NEL
X-Origin-Upstream-Status
X-CST
X-ORACLE-DMS-RID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-TtlSet
X-PC
X-Px
X-Vname
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-MS-InvokeApp
SPRequestGuid
Verso
X-Recruiting
X-Request-ID
X-Kinja-Server
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Dns-Prefetch-Control
X-D2id
X-B3-TraceId
X-ESI
X-Varnish-TTL
X-DataDome
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
DynaTrace
TCN
X-Powered-By-Plesk
X-RateLimit-Remaining
X-Navigation-Version
X-GitHub-Request-Id
RTSS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Display
Response
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Server-ID
X-Server-Name
Content-MD5
Charset
X-Akam-SW-Version
MS-Author-Via
Ar-Sid
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Amz-Rid
X-Shield-Request-Id
ServerID
Realpath
X-Trace
AR-Request-ID
Accept-Ch-Lifetime
X-Dw-Request-Base-Id
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Powered-CMS
X-Cached
X-DynaTrace-JS-Agent
X-Version
Nginx-Cache
X-Forwarded-Proto
X-Shard
X-Upstream
SPIisLatency
SPRequestDuration
Accept-CH
Public-Key-Pins
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
Fastly-Restarts
X-Goog-Storage-Class
Pagespeed
X-MSEdge-Ref
X-Client-IP
Paypal-Debug-Id
X-Upstream-Proxy
Pinterest-Version
Access-Control-Request-Method
X-Pinterest-Rid
S
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Amz-Meta-S3cmd-Attrs
X-Debug
Accept-Ch
X-Ezoic-Cdn
X-Id
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-DIS-Request-ID
X-N
X-Fastly-Request-ID
X-T
MicrosoftSharePointTeamServices
X-XRDS-Location
X-Grace
Arr-Disable-Session-Affinity
X-VCache
X-Ser
X-Varnish-Age
Arc-Version
PB-RID
X-Mobile-Rewrite
PB-PID
Alternate-Protocol
Front-End-Https
X-Amzn-Trace-Id
X-NF-Request-ID
X-Hits
X-Content-Type
X-B3-Sampled
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
Server-Name
X-Content-Digest
X-Pad
X-Srv
X-Vcache
X-Forwarded-For
X-Correlation-Id
Host
X-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
Nel
X-FastCGI-Cache
X-Request-Handler-Origin-Region
X-Microsite
Powered-By-ChinaCache
FilterID
Healthy
TP-Cache
TP-L2-Cache
X-Kinsta-Cache
X-LB-Cache
X-Rid
X-Debug-Info
X-Type
Edge-Cache-Tag
X-IPLB-Instance
X-AOL-HN
X-User-Agent
X-Request-Processing-Time
X-Request-Received
X-GUploader-UploadID
X-Cached-By
X-Cache-2
X-Hostname
X-HS-Hub-Id
X-HS-Content-Id
X-Revision
X-Cache-Rule
X-F-Cache
Powered
X-Amz-Apigw-Id
X-Amzn-RequestId
X-XRDS-LOCATION
X-Zen-Fury
Surrogate-Key
X-Accel-Expires
X-Cache-Age
X-Analytics
Backend-Timing
X-Cache-Key
X-RateLimit-Limit
X-Page-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Content-Options
X-Kong-Proxy-Latency
X-Varnish-Backend
X-Kong-Upstream-Latency
X-Varnish-Grace
X-Jobs
X-FB-Debug
X-Cluster
Source
Cache-Status
X-Content-Powered-By
X-Request-Guid
X-Amz-Replication-Status
X-Instance
X-Activity-Id
X-PHP-Backend
X-AppVersion
X-Az
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-B3-Traceid
X-TT
X-App-Environment
Cleartype
X-Framework
X-Akamai-Edgescape
X-Via-JSL
Tracecode
Server-Node
X-Varnish-Hostname
WPE-Backend
X-Forwarded-Host
Refresh
Host-Header
X-Mobile
X-ATG-Version
X-NWS-LOG-UUID
X-Cache-Operation
X-Signature
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-B-Cache
X-FW-Serve
X-Cache-TTL
X-Cache-Control
X-Time
Accept-Charset
Liferay-Portal
DC
Actual-Object-TTL
X-Drupal-Cache-Tags
X-Edge-Location
X-Cache-Action
Access-Control-Allow-Method
X-Cache-Hit
Upgrade-Insecure-Requests
Accept-CH-Lifetime
X-App-Server
X-Whom
Fastcgi-Useragent
X-Accel-Buffering
X-Mobile-URL
X-Hp-Webp
X-Response-Served-From
X-TX-ID
Payment
X-Storage
X-UA-Device-Type
Cache
X-Content-Age
X-WebKit-CSP-Report-Only
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-TT-TIMESTAMP
X-Handled-By
X-VG-WebCache
X-B
X-GeoIP
X-RequestSource
Filters
X-SS-Set-Cookie
X-Cacheable-TTL
Xserver
X-Adobe-Loc
X-Git-Hash
X-Adobe-Content
Eomportal-Instance
Viewport
X-Geo-Country
X-Ratelimit-Reset
X-Tumblr-Pixel-2
X-ProcessESI
Cache-Tv-Group
X-Tumblr-Pixel-1
X-RemovedCookies
Server-Info
X-TA-CDN-Provider
X-WA-Info
Cache-Tag
X-FB-TRIP-ID
X-Status
Webserver
X-Erf-Bev-Bev
Datacenter
X-Erf-Bev-Bev-Is-Generated
X-Cache-Enabled
X-Cache-TTL-Remaining
Retry-After
NGB
X-Esi
X-Contextid
X-FW-Dynamic
S-Cnection
X-Seen-By
X-APP-VERSION
X-CF-Powered-By
X-Presslabs-Stats
X-Ratelimit-Limit
X-Origin-Server
X-Host-Name
X-Mode
X-PressLabs-Stats
MS-CV
X-Magnolia-Registration
From-Origin
X-Daa-Tunnel
Country
Meta-Geo
X-ES-SERVER
X-Rendered-As
X-AWS-Id
X-Path-Route
X-VWS-Id
X-Cache-Config
X-Cache-Var-Map
X-LJ-Flow-ID
X-Varnish-Hits
X-RN-RSRV
Frame-Options
X-Cache-Var
Machine
Load-Balancing
X-Proxied
X-Hit
DSUID
GEO-INFO
Cache-Key
X-Cache-Grace
Mail-Subject
X-Zipkin-Id
X-Cache-Host
Vix-Hermes-Req-Id
Release
X-Routing-Service
X-Upstream-CT
X-Human
X-Hyper-Cache
X-Labrador-Cache-Channel
X-Upstream-HT
We-Hiring
X-Web-Node
X-OCL
X-Device-Type
X-Viewer-Country
X-Varnish-Server
Uber-Trace-Id
X-Debug-Cache
ServedBy
Mn-Server-Ip
X-Backend-Name
X-Section
X-PCL
X-RCS-CacheZone
X-EIG-Tracking-Id
X-From
X-Loop
X-TNCMS
X-Varnish-Cache-Hits
X-Access
X-Proto
X-ProxyCache-Key
X-ProxyCache-Status
X-R9-Blue-Green-Version
X-Origin-Response-Time
X-CCM
Rt-Fastcgi-Cache
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-BYPASS-REASON
X-Rule
X-ShardId
X-Tumblr-Pixel-3
X-VG-TLSProxy
X-MP-GENERATED-AT
Now
X-Upgrade-Enabled
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
OT-Force-Account-Verify
X-Cluster-Node
X-Generated-By
X-JoinUs
X-RTag
X-Proxy-Build
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Environment-Context
X-FC-Vary-Parameters
Ms-Operation-Id
X-Region
X-L-Path
X-Xfnlog-Site
Akamai-GRN
Decoy-Debug-Key
Decoy-Debug-Status
X-S
Decoy-Debug-TTL
X-Timing-Wait
X-Cache-NE
X-Hosted-By
X-Real-IP
Cache-Name
X-Guploader-Uploadid
X-Via-Fastly
X-Endurance-Cache-Level
X-Redis-Cache
X-NCache
NGX
X-UUID
X-Trace-Id
X-Platform-Server
X-VCT
X-Locale
DB-Nickname
X-Www-Served-By
X-EdgeConnect-Cache-Status
X-NewRelic-App-Data
X-Site-Version
X-Drupal-Cache-Contexts
X-Nginx-Cache
X-MServer
X-Load-Cache
X-Datadome
Cteonnt-Length
X-Hl-Ver
X-Vgn-Hpd-Reason
X-ServerID
X-Rocket-Nginx-Bypass
ProcessTime
X-ECACHE
X-Cache-Remote
X-Request-Time
Time
X-Time-Microsecs
X-IP
X-IPS-LoggedIn
NtCoent-Length
X-Via-CDN
Version
X-Origin
S-Rt
X-Wix-Request-Id
X-Origin-Hint
SRV
TWC-GeoIP-Country
Webcakes-App-Name
TWC-Locale-Group
Webcakes-App-Version
X-GEO
TWC-Device-Class
L5d-Success-Class
Webcakes-Region
TWC-Connection-Speed
Property-Id
TWC-GeoIP-LatLong
TWC-Privacy
X-Cache-Backend
Azure-SiteName
Azure-RegionName
Azure-Version
Azure-SlotName
Azure-InstanceId
X-FW-Version
X-Proxy
Served-By
Origin
X-B3-Spanid
X-Microcachable
X-Distributor
X-No-Session
X-Unique-ID
X-FireWall-Port
X-Dc
X-Pubstack
X-Oneagent-Js-Injection
Fastly-SSL
Origin-Edge-Control
Origin-Cache-Control
Fastcgi-X-Cache-Version
CACHE
X-Via-NSCOPI
X-RateLimit-Reset
X-Grey
X-Cache-Server
X-Cache-Category-Id
Odigeo-Trace-Id
X-ApacheServer
X-UA
X-PERF
X-Detected-As
Hostname
X-Is-Bot
X-CS
IBM-Web2-Location
X-Format
X-GRACE
Access-Control-Request-Headers
X-HTML-Minification-Powered-By
X-Webkit-Csp
X-Akamai-Transformed
Proxy-Connection
X-Powered-By-Defense
Ec-Rule-Version
X-Edge
Cache-Tags
X-Ua
X-BACKEND-TTL
X-Varnish-Cacheable
Backend-Name
X-Akamai-Request-ID2
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
BehaviorPad-Version
Cache-Cookie-Set-From
Cache-Prefix
Cdn-Host
Cross-Origin-Window-Policy
X-External-Request-Id
Content-Style-Type
Content-Script-Type
AsisCache
Cdn-Request-Time
X-G
A
X-Internal-Host
X-Instart-Info
X-CF-Lambda-Fn
Viewtype
Xc-Version
VivaBuild
X-Rewrite-Enabled
X-IN-APIGATEWAY
Server-ID
X-Eu-Site
ServerName
X-HS-Cache-Config
X-HS-Combine-CSS
Arc-Country
Fastly-SWR
Mobile-Detection-Method
Node
Meta-Geo-Continent
X-D
X-Date
MD5-Digest
X-Connection-Hash
X-Cluster-Name
Request-EU
Request-Time
Request-Country
Rendered-Blocks
Proxy-Firewall
X-Debug-Cookies
X-Debug-Log
X-Edge-Server
GEO-REGION-INFO
Fly-Request-Id
Fly-Cache
X-Worker
X-DPWN-IS-SECURE
X-CGP
X-Developer
X-Destination
HA-Ipaddr
Ha-Gx-Prefs
Rt-Proxy-Cache
Fastly-SIE
X-CF-Lambda-Version
X-A-Dgt
X-PAYTM-SRV-ID
X-Transaction
X-Region-Sid
X-A-Dam
X-ARC
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Trv-Group
X-NU-AKA-ACS-Version
X-Processor
X-Server-Time
X-A-Dcw
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-VG-WebServer
X-Twitter-Response-Tags
X-Org
X-A-Wwc
X-S-Maxage
X-ScT
X-SRCache-Key
X-App-Name
X-S-Cookie
X-A-Ccd
X-Rojux
X-AIR-PT
X-NX-Host
X-Request-UUID
X-B-Cookie
X-Application
X-Accel-Expires-Debug
X-Aed
X-A
X-Cache-Bucket
X-Compress-Hint
X-Tb
X-UnsetCookies
X-NC
Platform
RNT-Machine
On-Server
X-Epic-Correlation-Id
X-Core-Mission
X-Clientip
X-ServiceProvider
X-Ttl
Mime-Version
X-Reqid
X-PHP-Host
Is-Eu
X-Server-IP
PageSpeed
RNT-Time
X-Dispatcher-Server
Memcached
X-Qloud-Router
Section-Io-Cache
Resin-Trace
X-Irp-Debug
X-C
X-We-Are-Hiring
Server-Int
X-GeoIP-Country-Code
X-Sn-Servicetimems
X-Key
X-Level-Front-Cache
X-Cache-Info
X-Cache-Id
X-B3-Parentspanid
True-Client-Country-4JS
X-Cdn-Srv
X-Backend-State
X-Cdn-Origin
X-Geo-Header
X-Hash
X-TH-Server
X-ElasticPress-Search
Apple-News-Services-Request-Url
X-ND-Cache
X-Fastly-Cache
Countrycode
Country-Code
Apple-News-Services-Parsed-Url
Server-Host
X-Variation
Apple-News-Services-Host
Adler-Geo
X-Generated-On
X-Request-URI
Apple-News-Services-Handled
X-Oracle-Dms-Rid
X-Cdn-Forward
X-Nc
X-B3-SpanId
X-Block-Status
X-Amz-Meta-Cache-Control
X-CDN-Cache
X-BBXSRF
X-Gen-Mode
X-Swa-Ws
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-WebServer
X-Webstats-RespID
X-Wikidot-Backend
X-Method
X-SIPLIST1
X-Servername
X-SD-PageType
X-Request-Start
X-Response-By
X-Secret
X-Served-From
X-Protected-By
X-Reboot
X-Wikidot-Static-Cache
Esi-Enabled
X-Gannett-Site-Version
X-Skip-Cache
X-Nginx-Cache-Key
X-Fetched-On
X-Distil-CS
X-Developers
X-Device-Os
X-Hnp-Log
X-Location
X-Li-Pop
X-LI-Proto
X-LI-UUID
Gh-Request-Id
SS
X-Dispatch
X-Li-Fabric
X-Crawler
UCS
REQUESTUUID
Pramga
SD-X-WS
User-Cache-Control
V-Age
X-CDN-Forward
PFcat
AKAMAI
CDCHOST
Content-Disposition
IsBot
Web-Mar-Node
Powered-By
Wxu-Next-Hostname
Who
Wxu-Next-Commit
Wxu-Next-Region
Heartbleed
X-Via-SSL
X-Thanos
X-Thinkindot-L3
X-Via-Edge
GW-Server
Fastly-Soc-X-Request-Id
X-Origin-Expires
X-Origin-Date
X-GeoIP-City
X-Fstrz
LB
X-Generation-Time
X-Owner
X-Release
X-VServer
X-FPC
X-Cache-FS-Status
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Cms-Context
X-Bip
Pragrma
X-Matched-Rule
X-Auto-Login
X-Azure-Ref-OriginShield
X-OVcl-Cache
X-OVcl
X-Parent-Response-Time
X-Azure-Ref
X-CUA
W
X-VC-Cache
CF-IPCountry
X-Origin-TTL
X-Origin-CC
X-Varnish-Ttl
Accept-Language
X-Planisys-CDN-TTL
X-CLOUD-TRACE-CONTEXT
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-WADP-Cache
X-Varnish-Url
X-Clara-WADP
X-Be
X-Core-Value
X-Varnish-Beresp-Ttl
L
X-Phone
X-LAGOON
X-Ratelimit-Remaining
Memory
X-IN-WAF
X-DC
X-Birta-Served
X-Birta-Cache-Post
X-App-Version
N-Cache
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Varnish-IP
HitType
Selected-FE
X-Page-Type
X-FE
X-TrackingId
Kp-EeAlive
X-Info
X-Geo
X-Amzn-Remapped-Content-Length
X-CACHE-KEY
User-Agent
Selected-Fe
X-Urbn-Context-Path
Locale
X-URL
X-Urbn-Site-Id
Magicmarker
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Pf-Uncompressing
X-Dynatrace-Js-Agent
Cdn
X-Zone
X-Source
X-Hello
X-Flog
Pagetype
X-Backend-TTL
X-ABtesting
X-Web-Server
X-User
X-Agile-Age
X-Generated-In
X-TT-LOGID
X-Cache-Debug
X-Agile
X-Agile-Id
X-Servedbyhost
CF-Cached-On
X-Newrelic-Synthetics
X-Litespeed-Cache
GeoIp-Country-Code
Geoip-Latitude
Geoip-City
X-Refresh
X-Check-Cacheable
X-Backend-Url
X-Backend-Host
X-SERVER-NAME
X-HS-Status
X-MID
X-Mid
SN
X-Debug-Cache-Store
X-MSEdge-Features
X-VCL-Version
X-Tt-Trace-Tag
X-GoCache-CacheStatus
X-Debug-Cache-Fetch
X-Soup
X-Up
X-ZONE
X-Real-Ip
X-Debug-Cache-Expiry
X-MSEdge-Flight
X-Aicache-OS
X-Tb-Optimization-Total-Bytes-Saved
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
FSS-Proxy
FSS-Cache
X-Vcl-Version
X-APP
X-NWS-UUID-VERIFY
X-Oss-Request-Id
X-Oss-Object-Type
GeoIP-Country-Code
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
Ohc-File-Size
Ohc-Cache-HIT
GeoIP-Latitude
X-ServedByHost
GeoIP-City
Group
X-EC-Lua
X-Say-TTL
X-Contensis-Viewer-Groups
X-SayCDN-TTL
X-Old-Content-Length
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Server-Cache-Control
HostName
X-Say-Cacheable
X-Varnish-Authentication
Server-Surrogate-Control
X-Cache-ASPX
X-Bc
X-UPSTREAM-Address
HTTPS
WZWS-RAY
X-COUNTRY
X-Via-Ucdn
RequestId
Backend
X-SN
X-Cache-Ttl
Www
Srv
X-CSRF-Token
X-BC
Cache-Hits
X-Akamai-SSL-Client-Sid
Lb
X-Instart-Isnd
X-Nananana
Host-ID
Inserted-Into-Cache-At
X-Cache-Expires
X-Varnish-Beresp-TTL
Xkeyrz
X-Node-Id
X-WR-MODIFICATION
X-ECache
X-Proxy-Cacherz
X-Request-Url
Fastly-Backend-Name
Cf-Ipcountry
WebServer
XServer
X-Dynatrace
X-NGENIX-Cache
X-IN-APIGATEWAYSSL
Requestid
X-Cache-Tag
X-Logtrace-Id
Ajk
X-CSRF-TOKEN
X-PF-Uncompressing
URI
X-TIME
X-PAGE-TYPE
Epwk-Cache
X-Varnish-Action
X-Cache-Time
X-FORWARDED-FOR
Get-Access-Time
Is-Session-Tracking
Xkeynj
X-Unique-Id
X-Fastly-Country-Code
X-MCACHE
X-RateLimit-Limit-Second
X-Edge-IP
X-Cache-Miss-From
X-Fastly-Backend-Reqs
Fastcgi-X-Cache
X-RateLimit-Remaining-Second
X-Sedo-Request-Id
X-Requestid
X-Wa
X-AssetVersion
X-LiteSpeed-Cache-Control
Dynatrace
X-Pjax-Url
Pics-Label
Cneonction
X-Svr
X-BE
DataCenter
X-SRV
Xet-Cookie
X-Lb-Id
X-Swift-Error
T-Server
CDN
Correlation-Id
X-Var-Ttl
X-Sf
FNAC-ModuleRouting
X-Vct
X-Dw-Trace-Id
X-NGINX-Cache
X-Apw-Access-Action
X-Serial
Cache-Provider
X-Fastly-Cache-Hits
X-LB-ID
X-WA
X-Apw-Access-Object
X-Apw-Access-Token
X-Ecache
X-Render-Time
PICS-Label
X-Apw-Hits
X-Micro-Cache
X-PJAX-URL
X-ServerName
X-GDPR
X-Fpc
X-DSS
Warning
Lfy
X-Html-Edge-Cache
X-WPE-Loopback-Upstream-Addr
X-Bug-Bounty
X-Akamai-ERPolicy
X-Flow-Id
X-Zalando-Child-Request-Id
X-Akamai-ERRuleID
RequestUuid
X-LiteSpeed-Tag
X-DW
X-RPM
X-RPS
X-Page-Impression-Id
X-DI
X-Alicdn-Da-Ups-Status
Ohc-Response-Time
X-DB
X-RSL