Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
P3p
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Ac
Report-To
X-Rq
Content-Location
X-OneAgent-JS-Injection
X-Server-Id
X-Node
X-Request-ID
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
EagleEye-TraceId
X-Application-Context
X-Cloud-Trace-Context
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-Cdn
X-Country
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-Ruxit-JS-Agent
X-DynaTrace
X-Rack-Cache
X-Clacks-Overhead
X-Vhost
X-Origin-Upstream-Status
X-Url
X-CST
NEL
X-TTL
X-Dns-Prefetch-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-HW
X-Country-Code
X-FTR-Request-ID
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
X-Px
X-PC
X-Vname
X-TtlSet
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-MS-InvokeApp
Verso
SPRequestGuid
X-Recruiting
X-ESI
X-B3-TraceId
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-DataDome
X-Kinja-Server
X-Kinja-Revision
X-D2id
X-Server-Name
X-Vcap-Request-Id
X-Varnish-TTL
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Powered-By-Plesk
X-RateLimit-Remaining
TCN
DynaTrace
X-Sol
X-Middleton-Response
Response
X-Middleton-Display
Display
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Content-MD5
RTSS
Accept-Ch-Lifetime
Charset
X-Akam-SW-Version
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-CACHE
MS-Author-Via
X-Amz-Rid
AR-Request-ID
X-Shield-Request-Id
ServerID
Realpath
X-Trace
X-Dw-Request-Base-Id
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Powered-CMS
X-Cached
X-Server-ID
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Version
Nginx-Cache
X-DynaTrace-JS-Agent
X-Forwarded-Proto
X-Shard
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
X-Upstream
X-Goog-Storage-Class
SPIisLatency
SPRequestDuration
Pagespeed
Public-Key-Pins
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Paypal-Debug-Id
X-Client-IP
X-MSEdge-Ref
Fastly-Restarts
Access-Control-Request-Method
S
Accept-Ch
Accept-CH
X-VCache
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
X-DataStream-MidMile-RTT
X-Ezoic-Cdn
X-Debug
X-Id
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-DIS-Request-ID
X-Fastly-Request-ID
X-T
X-N
MicrosoftSharePointTeamServices
X-Ser
Alternate-Protocol
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-Varnish-Age
Arr-Disable-Session-Affinity
X-XRDS-Location
X-NF-Request-ID
Fastcgi-Cache
X-Hits
X-Grace
X-Amzn-Trace-Id
X-Content-Type
Front-End-Https
X-Acc-Meta-Resource-Type
X-B3-Sampled
X-Frontend
X-FTR-Cache-Host
X-Logged-In
Server-Name
X-Content-Digest
X-Pad
X-Srv
Host
Nel
X-FastCGI-Cache
X-Forwarded-For
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
X-Microsite
X-Request-Handler-Origin-Region
X-Fastcgi-Cache
Powered-By-ChinaCache
FilterID
Healthy
TP-L2-Cache
TP-Cache
X-Debug-Info
X-LB-Cache
X-Kinsta-Cache
X-Type
X-Rid
X-Vcache
Edge-Cache-Tag
X-IPLB-Instance
X-AOL-HN
X-Request-Received
X-User-Agent
X-Request-Processing-Time
X-GUploader-UploadID
X-Cached-By
X-Cache-2
X-HS-Content-Id
X-HS-Hub-Id
X-Hostname
X-XRDS-LOCATION
X-Cache-Rule
X-Revision
X-F-Cache
Powered
Surrogate-Key
X-Accel-Expires
X-Amzn-RequestId
X-Amz-Apigw-Id
X-RateLimit-Limit
X-Page-Id
X-Analytics
Backend-Timing
X-Zen-Fury
X-Cache-Age
X-Cache-Key
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-BCube-Filmed-By
X-Content-Options
X-Varnish-Grace
X-Varnish-Backend
X-Jobs
X-FB-Debug
X-Cluster
Source
X-Instance
Cache-Status
X-Content-Powered-By
X-PHP-Backend
X-Amz-Replication-Status
X-Request-Guid
X-Tumblr-User
X-TT
X-Tumblr-Pixel
X-App-Environment
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-Kong-Proxy-Latency
Cleartype
X-Kong-Upstream-Latency
Tracecode
X-Framework
X-Activity-Id
X-AppVersion
WPE-Backend
X-Az
X-Varnish-Hostname
X-Cache-TTL
Server-Node
Host-Header
Refresh
X-Forwarded-Host
X-Mobile
X-Via-JSL
X-Cache-Operation
X-Cache-Control
X-NWS-LOG-UUID
X-ATG-Version
X-FW-Static
X-FW-Server
X-B3-Traceid
X-FW-Serve
X-FW-Hash
X-FW-Type
Actual-Object-TTL
X-B-Cache
X-Signature
X-Drupal-Cache-Tags
Accept-Charset
X-Time
X-TA-CDN-Provider
X-Cache-Action
X-Edge-Location
DC
Liferay-Portal
Upgrade-Insecure-Requests
X-Accel-Buffering
X-App-Server
Access-Control-Allow-Method
X-Cache-Hit
X-Whom
X-Response-Served-From
X-Storage
X-Hp-Webp
Payment
X-Mobile-URL
X-TX-ID
X-UA-Device-Type
X-Content-Age
X-WebKit-CSP-Report-Only
X-SS-Set-Cookie
X-Handled-By
X-Yottaa-Optimizations
X-VG-WebCache
Fastcgi-Useragent
X-Yottaa-Metrics
X-TT-TIMESTAMP
Filters
X-Cacheable-TTL
Server-Info
X-RequestSource
X-GeoIP
Eomportal-Instance
X-Git-Hash
X-Adobe-Content
X-B
X-Adobe-Loc
Webserver
X-ProcessESI
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RemovedCookies
X-Geo-Country
Cache-Tv-Group
Viewport
X-FB-TRIP-ID
X-WA-Info
Cache-Tag
X-Cache-TTL-Remaining
Cache
X-Cache-Enabled
Datacenter
X-Presslabs-Stats
Xserver
X-Status
Retry-After
X-Ratelimit-Reset
NGB
X-Contextid
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Ratelimit-Limit
X-Seen-By
S-Cnection
X-FW-Dynamic
X-APP-VERSION
X-CF-Powered-By
X-Origin-Server
Accept-CH-Lifetime
X-Mode
X-Host-Name
X-Magnolia-Registration
X-Varnish-Hits
Country
X-Rendered-As
Load-Balancing
X-VCT
X-Path-Route
X-Cache-Var
X-Daa-Tunnel
X-ES-SERVER
Machine
Meta-Geo
X-AWS-Id
X-Cache-Config
X-Esi
X-RN-RSRV
X-Real-IP
X-Cache-Var-Map
X-VWS-Id
X-LJ-Flow-ID
X-Cache-NE
X-Upstream-CT
X-Cache-Grace
X-Labrador-Cache-Channel
From-Origin
X-Routing-Service
Mail-Subject
X-Zipkin-Id
Release
Vix-Hermes-Req-Id
We-Hiring
Cache-Key
X-Proxied
GEO-INFO
X-Upstream-HT
X-Cache-Host
MS-CV
X-Human
DSUID
X-Hit
X-Access
X-PCL
X-Section
X-Debug-Cache
X-Device-Type
Uber-Trace-Id
Mn-Server-Ip
X-RCS-CacheZone
X-Hyper-Cache
ServedBy
X-Web-Node
X-Varnish-Server
X-Loop
X-OCL
X-Varnish-Cache-Hits
X-EIG-Tracking-Id
Frame-Options
X-Guploader-Uploadid
X-Backend-Name
X-Viewer-Country
X-TNCMS
X-From
NGX
X-R9-Blue-Green-Version
Now
X-Proto
X-Rule
X-Origin-Response-Time
X-Tumblr-Pixel-3
X-CCM
X-Cluster-Node
X-VG-TLSProxy
X-Upgrade-Enabled
X-ProxyCache-Key
X-ProxyCache-Status
X-Akamai-Request-ID
X-BYPASS-REASON
X-MP-GENERATED-AT
OT-Force-Account-Verify
Rt-Fastcgi-Cache
X-JoinUs
X-Xfnlog-Site
X-Platform-Server
X-ShardId
X-Shopify-Stage
X-ShopId
X-L-Path
X-FC-Vary-Parameters
X-Redis-Cache
X-Proxy-Build
X-Region
X-S
X-Timing-Wait
X-UUID
X-Alternate-Cache-Key
X-Hosted-By
Akamai-GRN
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Environment-Context
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Cache-Remote
X-Via-Fastly
Decoy-Debug-Status
X-NCache
Decoy-Debug-TTL
Cache-Name
Decoy-Debug-Key
X-Generated-By
X-Endurance-Cache-Level
X-Trace-Id
X-Hl-Ver
X-MServer
X-Nginx-Cache
X-RTag
X-Www-Served-By
X-ECACHE
Ms-Operation-Id
DB-Nickname
X-Locale
X-Site-Version
X-Drupal-Cache-Contexts
X-Vgn-Hpd-Reason
X-ServerID
X-EdgeConnect-Cache-Status
X-Rocket-Nginx-Bypass
Cteonnt-Length
X-Ttl
X-PressLabs-Stats
X-Load-Cache
X-NewRelic-App-Data
X-Dc
ProcessTime
X-Litespeed-Cache
X-GRACE
CACHE
X-Request-Time
X-IPS-LoggedIn
X-RateLimit-Reset
X-Wix-Request-Id
X-IP
X-Time-Microsecs
Time
L5d-Success-Class
X-Cache-Backend
Served-By
NtCoent-Length
X-Via-CDN
X-UA
S-Rt
Version
X-Origin
Property-Id
X-Unique-ID
X-B3-Spanid
TWC-Locale-Group
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
X-Origin-Hint
TWC-GeoIP-LatLong
X-Oneagent-Js-Injection
TWC-Connection-Speed
Origin
TWC-Privacy
X-Microcachable
TWC-GeoIP-Country
TWC-Device-Class
X-GEO
Azure-Version
Azure-InstanceId
Origin-Edge-Control
Origin-Cache-Control
X-Distributor
X-Datadome
Azure-SiteName
Azure-SlotName
Azure-RegionName
X-Pubstack
X-FW-Version
X-Proxy
Access-Control-Request-Headers
Fastcgi-X-Cache-Version
Fastly-SSL
X-No-Session
X-Grey
X-BACKEND-TTL
X-FireWall-Port
X-Cache-Server
X-Cache-Category-Id
SRV
X-Via-NSCOPI
X-Webkit-Csp
X-Is-Bot
X-Detected-As
IBM-Web2-Location
X-Edge
X-Powered-By-Defense
X-PERF
Hostname
X-HTML-Minification-Powered-By
X-Nc
X-ApacheServer
Proxy-Connection
X-URL
X-CS
X-Format
Cache-Tags
Backend-Name
X-Varnish-Cacheable
X-Akamai-Transformed
Odigeo-Trace-Id
Cdn-Request-Time
X-Eu-Site
Cdn-Host
X-G
AsisCache
Arc-Country
A
X-HS-Cache-Config
X-External-Request-Id
BehaviorPad-Version
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Prefix
Fastly-SIE
Server-ID
Rt-Proxy-Cache
ServerName
X-Cache-Bucket
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
Rendered-Blocks
Request-Country
Request-EU
Request-Time
Viewtype
VivaBuild
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A
X-Aed
X-ARC
X-Application
X-App-Name
X-AIR-PT
Proxy-Firewall
X-CGP
Fly-Request-Id
Fly-Cache
GEO-REGION-INFO
X-Developer
X-Destination
Fastly-SWR
X-DPWN-IS-SECURE
Content-Style-Type
Cross-Origin-Window-Policy
Ec-Rule-Version
X-Edge-Server
X-Debug-Log
X-Debug-Cookies
X-Cluster-Name
Meta-Geo-Continent
Mobile-Detection-Method
Node
MD5-Digest
X-Connection-Hash
Ha-Gx-Prefs
HA-Ipaddr
X-Date
X-D
Content-Script-Type
X-IN-APIGATEWAY
X-VG-WebServer
X-Org
X-NX-Host
X-Request-UUID
X-Worker
X-HS-Combine-CSS
X-SRCache-Key
X-Rebelmouse-Cache-Control
X-NU-AKA-ACS-Version
X-ND-Cache
X-S-Cookie
X-Vtex-Processado-Em
X-Accel-Expires-Debug
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-PAYTM-SRV-ID
X-ScT
X-S-Maxage
X-Rewrite-Enabled
X-Rojux
X-Processor
X-Cdn-Forward
X-Instart-Info
X-Transaction
X-Vtex-Remote-Cache
X-Server-Time
X-Trv-Group
Xc-Version
X-Twitter-Response-Tags
PageSpeed
X-We-Are-Hiring
X-Cache-Id
X-Qloud-Router
X-Cache-Info
X-Cdn-Origin
X-Request-URI
Resin-Trace
X-TH-Server
X-Variation
RNT-Machine
RNT-Time
Section-Io-Cache
X-Cdn-Srv
Platform
X-Clientip
Memcached
X-Reqid
X-Core-Mission
Server-Int
True-Client-Country-4JS
On-Server
Mime-Version
Is-Eu
X-PHP-Host
Adler-Geo
X-Fstrz
X-Key
X-Fastly-Cache
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-Generated-On
X-Irp-Debug
X-C
X-Internal-Host
X-B3-Parentspanid
X-Hash
X-GeoIP-Country-Code
X-ServiceProvider
X-Geo-Header
X-Level-Front-Cache
Apple-News-Services-Parsed-Url
X-Epic-Correlation-Id
X-Server-IP
Server-Host
Countrycode
Country-Code
X-Sn-Servicetimems
X-Backend-State
X-Dispatcher-Server
X-Ua
X-Compress-Hint
X-UnsetCookies
X-Swa-Ws
X-BBXSRF
X-CDN-Cache
X-SD-PageType
X-Served-From
X-Block-Status
X-SVT-ORM-RULES
X-Amz-Meta-Cache-Control
X-Secret
X-Servername
X-Tb
X-SVT-ORM-VERSION
X-SIPLIST1
X-LI-UUID
X-LI-Proto
X-Location
X-Method
X-Nginx-Cache-Key
X-Li-Pop
X-Li-Fabric
Pragrma
X-Hnp-Log
X-Gen-Mode
X-Gannett-Site-Version
X-Fetched-On
X-ElasticPress-Search
X-Wikidot-Static-Cache
X-Protected-By
X-Developers
X-Reboot
X-Crawler
X-Request-Start
X-Device-Os
X-Dispatch
X-Distil-CS
X-Wikidot-Backend
X-Webstats-RespID
X-WebServer
X-Skip-Cache
X-Response-By
Wxu-Next-Commit
Pramga
PFcat
REQUESTUUID
SD-X-WS
SS
IsBot
Gh-Request-Id
Wxu-Next-Region
CDCHOST
Content-Disposition
Esi-Enabled
UCS
AKAMAI
Web-Mar-Node
Who
V-Age
Wxu-Next-Hostname
User-Cache-Control
X-CDN-Forward
X-Akamai-Request-ID2
X-Parent-Response-Time
X-Planisys-CDN-TTL
LB
X-Via-Edge
X-Planisys-CDN-Rules
Fastly-Soc-X-Request-Id
X-Via-SSL
X-B3-SpanId
X-VServer
X-Generation-Time
X-Matched-Rule
X-Origin-Expires
X-Origin-Date
X-Thanos
X-Thinkindot-L3
X-GeoIP-City
X-Owner
X-Release
GW-Server
X-Planisys-CDN-Cache
Thinkindot-CacheControl-Type
X-Cache-FS-Status
Thinkindot-Control
X-Cms-Context
X-Bip
Heartbleed
X-Auto-Login
Thinkindot-CacheControl
Powered-By
X-Varnish-Ttl
X-NC
X-Be
X-Origin-TTL
X-Origin-CC
X-IN-WAF
X-Birta-Served
X-Phone
X-OVcl-Cache
X-Birta-Cache-Post
X-OVcl
X-CLOUD-TRACE-CONTEXT
X-VC-Cache
X-FPC
X-Core-Value
X-Ratelimit-Remaining
W
X-Varnish-IP
X-CUA
X-Dynatrace-Js-Agent
X-Azure-Ref
X-Azure-Ref-OriginShield
HitType
CF-IPCountry
Selected-FE
X-Varnish-Url
Memory
X-Clara-WADP
X-LAGOON
Accept-Language
X-WADP-Cache
X-App-Version
X-Info
L
X-Geo
X-Proxy-Upstream
X-Proxy-Cache-Status
N-Cache
X-Varnish-Beresp-Ttl
X-Page-Type
X-CACHE-KEY
X-TrackingId
X-Source
X-COUNTRY
Kp-EeAlive
User-Agent
X-Web-Server
X-Pf-Uncompressing
X-FE
X-Zone
X-Amzn-Remapped-Content-Length
Cdn
X-Varnish-Beresp-Status
X-Cache-Debug
Selected-Fe
Magicmarker
X-Agile-Age
X-Agile-Id
X-Varnish-Beresp-Grace
X-Agile
X-Urbn-Site-Id
Locale
X-DC
X-Urbn-Context-Path
X-TT-LOGID
Geoip-City
GeoIp-Country-Code
Geoip-Latitude
X-Servedbyhost
X-ABtesting
X-Refresh
X-HS-Status
X-Hello
X-Flog
Pagetype
X-Newrelic-Synthetics
X-Mid
X-MID
X-Real-Ip
X-Backend-TTL
X-User
X-Generated-In
CF-Cached-On
X-Aicache-OS
X-Backend-Url
X-Vcl-Version
X-Backend-Host
Ohc-File-Size
Ohc-Cache-HIT
Amp-Access-Control-Allow-Source-Origin
X-NWS-UUID-VERIFY
X-Ruxit-Js-Agent
X-ZONE
X-Check-Cacheable
X-MSEdge-Flight
X-Tt-Trace-Tag
Group
X-Up
SN
X-MSEdge-Features
X-Soup
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
FSS-Cache
FSS-Proxy
X-APP
X-GoCache-CacheStatus
X-Debug-Cache-Store
X-VCL-Version
HTTPS
X-UPSTREAM-Address
X-ServedByHost
X-Tb-Optimization-Total-Bytes-Saved
X-EC-Lua
X-Contensis-Viewer-Groups
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Backend
X-Varnish-Authentication
Www
RequestId
GeoIP-Country-Code
HostName
X-Oss-Server-Time
X-SN
X-Cache-ASPX
Server-Cache-Control
Server-Surrogate-Control
WZWS-RAY
XServer
GeoIP-City
X-BC
X-Instart-Isnd
GeoIP-Latitude
X-Via-Ucdn
Srv
X-Oracle-Dms-Rid
Cf-Ipcountry
X-FORWARDED-FOR
X-CSRF-Token
X-Amzn-Remapped-Date
X-SayCDN-TTL
X-Say-TTL
X-Old-Content-Length
X-Say-Cacheable
X-Amzn-Remapped-Connection
X-Varnish-Beresp-TTL
X-Cache-Expires
X-NGENIX-Cache
X-Bc
Lb
X-Akamai-SSL-Client-Sid
Host-ID
X-Nananana
URI
X-ECache
Xkeyrz
X-Proxy-Cacherz
X-Dynatrace
Epwk-Cache
X-Cache-Tag
X-PF-Uncompressing
X-Varnish-Action
Requestid
X-Unique-Id
X-TIME
X-Fastly-Country-Code
Fastcgi-X-Cache
X-PAGE-TYPE
X-WR-MODIFICATION
Cache-Hits
Xkeynj
X-Node-Id
Inserted-Into-Cache-At
Is-Session-Tracking
Get-Access-Time
Fastly-Backend-Name
X-MCACHE
X-AssetVersion
X-IN-APIGATEWAYSSL
X-Logtrace-Id
X-Edge-IP
X-SERVER-NAME
X-CSRF-TOKEN
Ajk
X-Request-Url
WebServer
X-Cache-Miss-From
X-Requestid
X-Cache-Ttl
X-Fastly-Backend-Reqs
X-Sedo-Request-Id
X-LiteSpeed-Cache-Control
Dynatrace
FNAC-ModuleRouting
X-Var-Ttl
Cneonction
X-Cache-Time
CDN
X-Sf
X-Svr
DataCenter
Xet-Cookie
X-SRV
Correlation-Id
X-Swift-Error
X-Pjax-Url
X-Wa
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Pics-Label
X-Dw-Trace-Id
Cache-Provider
X-Fastly-Cache-Hits
X-Correlation-ID
X-NGINX-Cache
X-WA
X-Fpc
X-BE
X-Apw-Access-Object
X-Apw-Access-Token
X-Lb-Id
X-Apw-Hits
X-Apw-Access-Action
RequestUuid
Ohc-Response-Time
X-WPE-Loopback-Upstream-Addr
X-Flow-Id
X-LiteSpeed-Tag
X-Page-Impression-Id
X-LB-ID
X-PJAX-URL
X-Fe
T-Server
PICS-Label
X-ServerName
X-DW
X-Alicdn-Da-Ups-Status
X-App
X-Akamai-ERPolicy
X-Policy
Sid
Warning
Lfy
X-Akamai-ERRuleID
X-Zalando-Child-Request-Id
X-Bug-Bounty
X-RPM
X-RPS
X-DSS
X-DI
X-Html-Edge-Cache
X-DB
X-RSL