Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
P3P
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
P3p
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
X-FRAME-OPTIONS
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Ua-Compatible
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Ac
Report-To
X-Rq
Content-Location
X-OneAgent-JS-Injection
X-Node
X-Backend-Server
X-Server-Id
X-Response-Time
X-Cnection
EagleEye-TraceId
X-Origin-Cache
X-Application-Context
X-Cloud-Trace-Context
Allow
Request-Id
Surrogate-Control
X-Readtime
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Cdn
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-Url
X-DynaTrace
X-Ruxit-JS-Agent
X-Clacks-Overhead
X-Vhost
X-Rack-Cache
X-Origin-Upstream-Status
X-CST
NEL
X-Dns-Prefetch-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-HW
X-TTL
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
X-Px
X-TtlSet
X-PC
X-Vname
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-ESI
X-MS-InvokeApp
X-Request-ID
Verso
SPRequestGuid
X-Recruiting
X-B3-TraceId
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Id
X-DataDome
X-D2id
X-Vcap-Request-Id
X-Server-Name
X-Varnish-TTL
X-Abt-Application-Version
X-SharePointHealthScore
X-Amz-Server-Side-Encryption
X-Powered-By-Plesk
X-Server-ID
X-RateLimit-Remaining
DynaTrace
TCN
Display
Response
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Navigation-Version
X-GitHub-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Content-MD5
RTSS
Accept-Ch-Lifetime
Charset
X-Akam-SW-Version
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-ATIME
MS-Author-Via
X-Amz-Rid
AR-Request-ID
ServerID
Realpath
X-Trace
X-Shield-Request-Id
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Dw-Request-Base-Id
X-Goog-Stored-Content-Encoding
X-Cached
X-Powered-CMS
X-Version
Nginx-Cache
X-DynaTrace-JS-Agent
X-Forwarded-Proto
X-Shard
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
X-Upstream
X-VCache
SPRequestDuration
X-Goog-Storage-Class
SPIisLatency
Pagespeed
Public-Key-Pins
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
Paypal-Debug-Id
X-Client-IP
X-MSEdge-Ref
Fastly-Restarts
S
Access-Control-Request-Method
Accept-Ch
Accept-CH
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
X-Ezoic-Cdn
X-Debug
X-Id
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Expires
X-DIS-Request-ID
X-Fastly-Request-ID
X-T
X-N
MicrosoftSharePointTeamServices
X-Ser
Alternate-Protocol
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Varnish-Age
X-XRDS-Location
Arr-Disable-Session-Affinity
X-NF-Request-ID
X-Hits
Fastcgi-Cache
X-B3-Sampled
X-Acc-Meta-Resource-Type
X-Amzn-Trace-Id
X-Grace
Front-End-Https
X-Content-Type
X-Frontend
X-FTR-Cache-Host
X-Logged-In
Server-Name
X-Content-Digest
X-Pad
X-Srv
Host
X-Forwarded-For
Nel
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
Powered-By-ChinaCache
X-Correlation-Id
X-Node-Name
X-Request-Handler-Origin-Region
X-Microsite
X-Fastcgi-Cache
FilterID
Healthy
TP-Cache
TP-L2-Cache
X-Debug-Info
X-LB-Cache
Edge-Cache-Tag
X-Rid
X-Type
X-IPLB-Instance
X-Kinsta-Cache
X-AOL-HN
X-Request-Received
X-User-Agent
X-Request-Processing-Time
X-GUploader-UploadID
X-Cached-By
X-Cache-2
X-HS-Content-Id
X-Hostname
X-HS-Hub-Id
X-XRDS-LOCATION
X-Revision
X-Cache-Rule
X-Vcache
Powered
Surrogate-Key
X-F-Cache
X-Accel-Expires
X-Cache-Age
X-Amz-Apigw-Id
X-Analytics
Backend-Timing
X-Zen-Fury
X-Amzn-RequestId
X-Page-Id
X-RateLimit-Limit
X-Cache-Key
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
X-BCube-Filmed-By
X-Varnish-Backend
X-Content-Options
X-Varnish-Grace
X-Jobs
X-FB-Debug
Source
X-Cluster
X-Request-Guid
X-PHP-Backend
X-Amz-Replication-Status
X-Instance
X-Tumblr-User
X-App-Environment
X-Tumblr-Pixel-0
X-TT
Cache-Status
X-Content-Powered-By
X-Tumblr-Pixel
X-Kong-Upstream-Latency
X-Framework
Cleartype
X-Kong-Proxy-Latency
X-Akamai-Edgescape
Tracecode
WPE-Backend
X-AppVersion
X-Activity-Id
X-Az
X-Cache-TTL
X-Varnish-Hostname
Server-Node
Host-Header
X-Forwarded-Host
Refresh
X-Mobile
X-Via-JSL
X-Cache-Operation
X-Cache-Control
X-NWS-LOG-UUID
X-ATG-Version
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Type
X-FW-Static
Actual-Object-TTL
X-B3-Traceid
X-Time
X-Signature
X-B-Cache
X-Drupal-Cache-Tags
Accept-Charset
DC
X-Edge-Location
X-Cache-Action
X-TA-CDN-Provider
X-App-Server
Access-Control-Allow-Method
X-Accel-Buffering
Upgrade-Insecure-Requests
Liferay-Portal
X-Whom
X-Cache-Hit
X-Response-Served-From
X-Hp-Webp
Payment
X-Storage
X-Mobile-URL
X-WebKit-CSP-Report-Only
X-SS-Set-Cookie
X-Content-Age
X-TX-ID
X-VG-WebCache
Fastcgi-Useragent
X-TT-TIMESTAMP
X-Handled-By
X-GeoIP
Filters
X-RequestSource
X-Yottaa-Optimizations
X-Cacheable-TTL
Server-Info
X-Yottaa-Metrics
X-UA-Device-Type
X-Git-Hash
Eomportal-Instance
Cache-Tv-Group
Viewport
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Webserver
X-Adobe-Loc
X-Adobe-Content
X-B
X-ProcessESI
X-Geo-Country
X-RemovedCookies
X-FB-TRIP-ID
X-WA-Info
Cache-Tag
Cache
X-Cache-Enabled
Datacenter
X-Cache-TTL-Remaining
Xserver
X-Presslabs-Stats
X-Status
X-Ratelimit-Reset
Retry-After
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Contextid
NGB
S-Cnection
X-Ratelimit-Limit
X-Seen-By
X-FW-Dynamic
X-Ttl
X-CF-Powered-By
X-Origin-Server
X-APP-VERSION
X-Host-Name
Accept-CH-Lifetime
X-Mode
X-Magnolia-Registration
X-Path-Route
X-Varnish-Hits
Machine
X-VWS-Id
Load-Balancing
X-RN-RSRV
X-VCT
X-LJ-Flow-ID
X-ES-SERVER
X-Rendered-As
X-AWS-Id
X-Cache-Config
X-Real-IP
X-Daa-Tunnel
X-Cache-Var-Map
Country
Meta-Geo
X-Cache-Var
X-Zipkin-Id
Release
DSUID
X-Upstream-CT
X-Upstream-HT
Cache-Key
X-Routing-Service
X-Human
GEO-INFO
From-Origin
X-Proxied
X-Cache-NE
X-Cache-Host
X-Cache-Grace
Vix-Hermes-Req-Id
ServedBy
X-Access
Mail-Subject
X-Hyper-Cache
X-Hit
Frame-Options
We-Hiring
Mn-Server-Ip
Uber-Trace-Id
X-Labrador-Cache-Channel
X-Varnish-Cache-Hits
X-Loop
X-Section
X-Varnish-Server
X-Guploader-Uploadid
X-Web-Node
X-From
MS-CV
X-Backend-Name
X-TNCMS
X-Device-Type
X-EIG-Tracking-Id
X-RCS-CacheZone
X-Viewer-Country
X-Rule
X-Tumblr-Pixel-3
X-Upgrade-Enabled
X-VG-TLSProxy
NGX
X-MP-GENERATED-AT
Rt-Fastcgi-Cache
X-Debug-Cache
X-Cluster-Node
X-OCL
X-Origin-Response-Time
X-Proto
X-Akamai-Request-ID
X-PCL
X-R9-Blue-Green-Version
OT-Force-Account-Verify
X-Generated
X-FC-Vary-Parameters
X-Redis-Cache
Now
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
X-Timing-Wait
X-Region
X-Proxy-Build
Akamai-GRN
X-JoinUs
X-UUID
X-Environment-Context
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-ShardId
Cache-Name
X-Sorting-Hat-PodId
Decoy-Debug-Status
X-NCache
Decoy-Debug-Key
X-L-Path
Decoy-Debug-TTL
X-ProxyCache-Status
X-BYPASS-REASON
X-CCM
X-Cache-Remote
X-Via-Fastly
X-Platform-Server
X-Generated-By
X-ProxyCache-Key
X-Trace-Id
X-MServer
X-Site-Version
X-S
X-Xfnlog-Site
X-Hl-Ver
X-Locale
X-Www-Served-By
X-ECACHE
X-Endurance-Cache-Level
DB-Nickname
X-Vgn-Hpd-Reason
X-RTag
Ms-Operation-Id
X-Drupal-Cache-Contexts
X-EdgeConnect-Cache-Status
X-Rocket-Nginx-Bypass
Cteonnt-Length
X-PressLabs-Stats
X-Nginx-Cache
X-NewRelic-App-Data
X-Load-Cache
X-ServerID
ProcessTime
X-Dc
CACHE
X-Litespeed-Cache
X-GRACE
X-RateLimit-Reset
X-IPS-LoggedIn
X-Wix-Request-Id
X-Request-Time
X-Time-Microsecs
Time
X-IP
L5d-Success-Class
X-Esi
X-Cache-Backend
Version
Served-By
NtCoent-Length
X-Via-CDN
S-Rt
TWC-Privacy
X-Oneagent-Js-Injection
Origin
TWC-Connection-Speed
Property-Id
TWC-Device-Class
X-Unique-ID
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
X-Microcachable
X-Origin-Hint
X-UA
X-GEO
X-B3-Spanid
Webcakes-Region
Webcakes-App-Name
X-Origin
Webcakes-App-Version
Azure-Version
Azure-SlotName
Azure-InstanceId
Origin-Cache-Control
Origin-Edge-Control
X-Datadome
Azure-RegionName
Azure-SiteName
X-Distributor
X-Pubstack
X-FW-Version
Fastly-SSL
X-Proxy
Fastcgi-X-Cache-Version
Access-Control-Request-Headers
X-No-Session
X-BACKEND-TTL
X-Cache-Server
X-Via-NSCOPI
X-FireWall-Port
SRV
X-Cache-Category-Id
X-Is-Bot
X-Webkit-Csp
X-Grey
X-Detected-As
X-Powered-By-Defense
IBM-Web2-Location
X-Edge
X-PERF
X-HTML-Minification-Powered-By
X-Nc
X-ApacheServer
Hostname
X-Format
Cache-Tags
X-CS
Proxy-Connection
Backend-Name
X-Varnish-Cacheable
Odigeo-Trace-Id
Cache-Cookie-Set-Idcheck
AsisCache
Mobile-Detection-Method
Cache-Cookie-Set-From
Node
Cache-Cookie-Set-Lfrom
Fly-Cache
Rendered-Blocks
Proxy-Firewall
Fastly-SWR
Arc-Country
Meta-Geo-Continent
Cdn-Request-Time
MD5-Digest
Fastly-SIE
Content-Script-Type
Cross-Origin-Window-Policy
Content-Style-Type
Cdn-Host
Fly-Request-Id
HA-Ipaddr
Ec-Rule-Version
GEO-REGION-INFO
Ha-Gx-Prefs
Cache-Prefix
BehaviorPad-Version
X-Cache-Bucket
X-Org
X-NX-Host
X-NU-AKA-ACS-Version
X-PAYTM-SRV-ID
X-Processor
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-ND-Cache
X-Instart-Info
X-External-Request-Id
X-Eu-Site
X-G
X-HS-Cache-Config
X-IN-APIGATEWAY
X-HS-Combine-CSS
X-Region-Sid
X-Request-UUID
X-VG-WebServer
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Trv-Group
X-Transaction
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-ScT
X-SRCache-Key
X-Server-Time
X-Edge-Server
X-DPWN-IS-SECURE
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Accel-Expires-Debug
X-AIR-PT
X-Aed
X-A-Dam
X-A-Ccd
Request-Time
Request-EU
Rt-Proxy-Cache
ServerName
X-A
Viewtype
X-App-Name
X-Application
X-Date
X-D
X-Debug-Cookies
X-Debug-Log
X-Developer
X-Destination
X-Connection-Hash
X-Cluster-Name
X-B-Cookie
X-ARC
A
X-CF-Lambda-Fn
X-CGP
X-CF-Lambda-Version
Request-Country
VivaBuild
X-Akamai-Transformed
PageSpeed
X-Cdn-Forward
X-Geo-Header
Memcached
X-Fstrz
X-GeoIP-Country-Code
X-Generated-On
X-Hash
X-Reqid
X-B3-Parentspanid
X-Qloud-Router
X-Level-Front-Cache
X-Irp-Debug
X-Fastly-Cache
On-Server
Server-Host
Section-Io-Cache
Server-ID
Server-Int
X-Backend-State
X-Cache-Info
Resin-Trace
X-Core-Mission
X-S-Maxage
X-Clientip
X-Cdn-Srv
X-Cdn-Origin
X-Epic-Correlation-Id
X-Key
Apple-News-Services-Handled
X-C
X-ServiceProvider
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Country-Code
X-Internal-Host
X-Sn-Servicetimems
X-TH-Server
X-Server-IP
Countrycode
Apple-News-Services-Request-Url
X-We-Are-Hiring
X-UnsetCookies
X-Ua
X-Compress-Hint
X-Webstats-RespID
X-Wikidot-Backend
Who
X-Variation
X-Crawler
Wxu-Next-Commit
V-Age
X-CDN-Cache
Pragrma
X-BBXSRF
Wxu-Next-Region
X-Cache-Id
X-Developers
Wxu-Next-Hostname
X-Wikidot-Static-Cache
X-ElasticPress-Search
X-Nginx-Cache-Key
X-Method
X-Location
UCS
X-Protected-By
X-Servername
X-Request-URI
X-Served-From
X-Reboot
X-SIPLIST1
X-Skip-Cache
X-Tb
X-Secret
X-Distil-CS
X-Dispatcher-Server
X-Swa-Ws
X-Fetched-On
X-Gannett-Site-Version
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Dispatch
X-PHP-Host
Adler-Geo
Mime-Version
AKAMAI
Esi-Enabled
IsBot
RNT-Time
Gh-Request-Id
RNT-Machine
True-Client-Country-4JS
REQUESTUUID
SS
Content-Disposition
Platform
Is-Eu
PFcat
Pramga
X-Akamai-Request-ID2
X-CDN-Forward
X-Block-Status
X-GeoIP-City
CDCHOST
X-Hnp-Log
X-Thinkindot-L3
Powered-By
X-Via-SSL
X-WebServer
X-VServer
X-Via-Edge
X-B3-SpanId
X-Gen-Mode
X-Thanos
X-Bip
X-Generation-Time
Heartbleed
X-Release
Thinkindot-CacheControl
X-Request-Start
X-Response-By
X-Origin-Expires
X-Owner
X-Planisys-CDN-Cache
Thinkindot-CacheControl-Type
Thinkindot-Control
User-Cache-Control
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Web-Mar-Node
X-Origin-Date
X-Parent-Response-Time
GW-Server
X-Li-Fabric
X-Auto-Login
X-Device-Os
SD-X-WS
X-Li-Pop
X-Amz-Meta-Cache-Control
X-SD-PageType
Fastly-Soc-X-Request-Id
X-Matched-Rule
X-LI-UUID
X-LI-Proto
LB
X-Be
X-Origin-CC
X-Origin-TTL
X-Varnish-Ttl
X-CLOUD-TRACE-CONTEXT
X-Cms-Context
X-NC
X-OVcl-Cache
X-FPC
X-OVcl
X-VC-Cache
X-Birta-Served
X-Birta-Cache-Post
X-IN-WAF
X-Core-Value
X-Cache-FS-Status
X-Phone
W
X-Ratelimit-Remaining
X-Varnish-IP
X-Azure-Ref
X-Azure-Ref-OriginShield
X-CUA
Selected-FE
X-Dynatrace-Js-Agent
HitType
Accept-Language
X-Varnish-Url
CF-IPCountry
Memory
X-App-Version
X-LAGOON
X-Info
X-Clara-WADP
X-WADP-Cache
L
X-Geo
X-Varnish-Beresp-Ttl
N-Cache
X-CACHE-KEY
X-URL
X-Proxy-Upstream
X-Source
Kp-EeAlive
X-Page-Type
X-FE
X-Proxy-Cache-Status
X-TrackingId
X-Web-Server
X-Pf-Uncompressing
User-Agent
X-Zone
X-Amzn-Remapped-Content-Length
Cdn
X-Cache-Debug
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Selected-Fe
Magicmarker
X-Agile
X-Agile-Id
X-Agile-Age
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-DC
Geoip-City
Geoip-Latitude
GeoIp-Country-Code
X-TT-LOGID
X-HS-Status
X-Hello
X-Refresh
X-ABtesting
Pagetype
X-Flog
X-MID
X-Mid
X-User
X-Servedbyhost
X-Backend-TTL
X-Real-Ip
X-Generated-In
CF-Cached-On
X-Newrelic-Synthetics
X-Backend-Host
X-Backend-Url
X-Aicache-OS
X-Vcl-Version
Ohc-Cache-HIT
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-NWS-UUID-VERIFY
Ohc-File-Size
X-GoCache-CacheStatus
FSS-Cache
Group
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Up
SN
X-Check-Cacheable
X-MSEdge-Flight
X-APP
X-Debug-Cache-Fetch
X-MSEdge-Features
FSS-Proxy
X-Tt-Trace-Tag
X-Soup
X-ZONE
X-Tb-Optimization-Total-Bytes-Saved
HTTPS
X-VCL-Version
X-ServedByHost
X-UPSTREAM-Address
X-EC-Lua
Www
X-Varnish-Authentication
X-SN
Server-Cache-Control
Server-Surrogate-Control
X-Cache-ASPX
Backend
HostName
X-Contensis-Viewer-Groups
RequestId
GeoIP-Country-Code
WZWS-RAY
X-COUNTRY
X-Oss-Storage-Class
X-BC
X-Oss-Object-Type
X-Via-Ucdn
X-Instart-Isnd
X-Oss-Request-Id
X-Oss-Server-Time
GeoIP-Latitude
GeoIP-City
X-Oss-Hash-Crc64ecma
Cf-Ipcountry
Srv
XServer
X-CSRF-Token
X-Oracle-Dms-Rid
X-Cache-Expires
X-Amzn-Remapped-Connection
Lb
X-SayCDN-TTL
Host-ID
X-Say-TTL
X-Akamai-SSL-Client-Sid
X-Varnish-Beresp-TTL
X-Bc
X-Amzn-Remapped-Date
X-NGENIX-Cache
X-Say-Cacheable
X-Nananana
URI
X-Old-Content-Length
X-ECache
Xkeyrz
X-Proxy-Cacherz
X-Dynatrace
Epwk-Cache
X-Varnish-Action
X-Cache-Tag
Requestid
X-PF-Uncompressing
Xkeynj
X-TIME
X-Unique-Id
X-Fastly-Country-Code
X-WR-MODIFICATION
Fastcgi-X-Cache
Cache-Hits
X-FORWARDED-FOR
Fastly-Backend-Name
Get-Access-Time
Is-Session-Tracking
X-PAGE-TYPE
X-MCACHE
X-Tec-Api-Origin
X-AssetVersion
X-Tec-Api-Version
X-Tec-Api-Root
X-Request-Url
X-Sedo-Request-Id
X-IN-APIGATEWAYSSL
X-Logtrace-Id
X-Cache-Ttl
WebServer
Ajk
X-SERVER-NAME
X-Node-Id
X-Cache-Miss-From
X-Requestid
X-Edge-IP
Inserted-Into-Cache-At
Dynatrace
X-LiteSpeed-Cache-Control
X-Var-Ttl
FNAC-ModuleRouting
Cneonction
X-Sf
X-Fastly-Backend-Reqs
X-Svr
X-CSRF-TOKEN
DataCenter
X-NGINX-Cache
Xet-Cookie
X-SRV
X-Cache-Time
Pics-Label
X-Wa
X-Pjax-Url
X-RateLimit-Remaining-Second
X-Lb-Id
X-RateLimit-Limit-Second
CDN
X-Swift-Error
Cache-Provider
X-Fastly-Cache-Hits
Correlation-Id
X-Dw-Trace-Id
X-Correlation-ID
X-Apw-Access-Object
X-Apw-Access-Token
X-Fpc
X-Apw-Hits
X-Apw-Access-Action
X-WA
X-BE
X-PJAX-URL
Ohc-Response-Time
RequestUuid
X-LiteSpeed-Tag
X-Alicdn-Da-Ups-Status
X-ServerName
T-Server
PICS-Label
X-Policy
X-RSL
X-Litespeed-Cache-Control
X-DSS
X-Bug-Bounty
Warning
Lfy
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Page-Impression-Id
X-Flow-Id
X-Html-Edge-Cache
Sid
X-Zalando-Child-Request-Id
X-DW
X-RPM
X-DI
X-DB
X-WPE-Loopback-Upstream-Addr
X-App
X-RPS