Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Request-Id
X-Xss-Protection
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
Report-To
X-Ac
X-Rq
Content-Location
X-Node
X-OneAgent-JS-Injection
X-Backend-Server
X-Cnection
X-Response-Time
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Country
X-Cache-Lookup
X-ORACLE-DMS-ECID
X-TTL
X-DynaTrace
X-Url
X-Vhost
X-Cdn
X-Rack-Cache
Pinterest-Generated-By
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
NEL
X-Ua-Compatible
X-CST
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-ORACLE-DMS-RID
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Dispatcher
X-Instart-Request-ID
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-DataStream-Cache-Status
Edge-Control
X-TtlSet
X-Vname
X-PC
X-Px
X-VARITI-CCR
Service-Worker-Allowed
X-DataDome
X-MS-InvokeApp
X-Mod-Pagespeed
Verso
SPRequestGuid
X-Recruiting
X-Request-ID
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Dns-Prefetch-Control
X-Use-Magma
X-Cdn-Fetch
X-D2id
X-Varnish-TTL
X-Vcap-Request-Id
RTSS
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
TCN
DynaTrace
X-Navigation-Version
X-GitHub-Request-Id
X-RateLimit-Remaining
X-Powered-By-Plesk
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Display
X-Middleton-Display
Response
X-Middleton-Response
X-Sol
X-Akam-SW-Version
Charset
Content-MD5
MS-Author-Via
X-B3-TraceId
X-ESI
X-Trace
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
AR-CACHE
AR-ATIME
AR-PoweredBy
Ar-Sid
ServerID
X-Shield-Request-Id
X-Amz-Rid
Realpath
X-Powered-CMS
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Dw-Request-Base-Id
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
AR-Request-ID
X-DynaTrace-JS-Agent
X-Forwarded-Proto
X-Version
Accept-Ch-Lifetime
Nginx-Cache
X-Cached
X-Server-Name
X-Upstream
Fastly-Restarts
X-Shard
Public-Key-Pins
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
Paypal-Debug-Id
Accept-Ch
X-Goog-Storage-Class
X-MSEdge-Ref
X-Client-IP
Pagespeed
Pinterest-Version
X-Upstream-Proxy
X-Pinterest-Rid
Accept-CH
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Debug
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Country-Code-Real
X-Grace
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Expires
X-Ezoic-Cdn
X-N
X-T
X-DIS-Request-ID
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-Vcache
Arr-Disable-Session-Affinity
X-XRDS-Location
X-Amzn-Trace-Id
Front-End-Https
X-NF-Request-ID
X-Content-Type
X-Hits
X-B3-Sampled
X-Varnish-Age
X-Mobile-Rewrite
X-Ser
PB-RID
PB-PID
Arc-Version
X-FastCGI-Cache
Alternate-Protocol
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-FTR-Cache-Host
X-Frontend
X-Logged-In
X-B3-Traceid
X-Content-Digest
Server-Name
X-Server-ID
X-Srv
X-Correlation-Id
X-Pad
X-Forwarded-For
X-VCache
Host
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
Powered-By-ChinaCache
Nel
X-Microsite
X-Request-Handler-Origin-Region
FilterID
TP-L2-Cache
TP-Cache
Healthy
X-Rid
X-Cache-Key
X-Type
X-LB-Cache
X-Kinsta-Cache
Edge-Cache-Tag
X-IPLB-Instance
X-User-Agent
X-Request-Processing-Time
X-Request-Received
X-AOL-HN
X-Debug-Info
X-GUploader-UploadID
X-Cached-By
X-Revision
X-Cache-2
X-F-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Zen-Fury
X-Fastcgi-Cache
X-Hostname
Powered
X-Cache-Rule
X-HS-Content-Id
X-HS-Hub-Id
X-Analytics
X-Cache-Age
X-XRDS-LOCATION
Backend-Timing
X-Accel-Expires
Surrogate-Key
X-Kong-Upstream-Latency
X-RateLimit-Limit
X-Kong-Proxy-Latency
X-Esi
X-Az
X-Page-Id
X-Activity-Id
X-AppVersion
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-Via-JSL
X-BCube-Filmed-By
X-Varnish-Grace
X-Content-Options
X-Instance
X-Tumblr-User
X-Cluster
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Source
X-Jobs
X-FB-Debug
X-Amz-Replication-Status
X-Request-Guid
X-Akamai-Edgescape
X-PHP-Backend
X-Content-Powered-By
Cache-Status
X-App-Environment
X-TT
Cleartype
X-Framework
Refresh
Server-Node
X-Forwarded-Host
Tracecode
X-Varnish-Hostname
WPE-Backend
X-Signature
Accept-CH-Lifetime
X-B-Cache
X-FW-Serve
X-ATG-Version
X-FW-Server
X-FW-Hash
X-FW-Static
X-FW-Type
Liferay-Portal
Host-Header
X-Mobile
X-Cache-Operation
DC
X-Time
Accept-Charset
X-Cache-Control
X-Edge-Location
Actual-Object-TTL
Access-Control-Allow-Method
X-Cache-Action
X-Drupal-Cache-Tags
X-NWS-LOG-UUID
Fastcgi-Useragent
X-Cache-Hit
Cache
Payment
X-Whom
X-Hp-Webp
X-App-Server
X-Accel-Buffering
X-Mobile-URL
Upgrade-Insecure-Requests
X-Response-Served-From
X-Storage
X-B
X-TX-ID
X-UA-Device-Type
X-Content-Age
X-WebKit-CSP-Report-Only
X-Handled-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
Xserver
X-TT-TIMESTAMP
X-SS-Set-Cookie
X-Tumblr-Pixel-1
X-Erf-Bev-Bev
X-GeoIP
Filters
X-Erf-Bev-Bev-Is-Generated
X-Tumblr-Pixel-2
X-Cacheable-TTL
X-RequestSource
X-Git-Hash
X-Adobe-Loc
X-WA-Info
X-Cache-TTL
X-Adobe-Content
Cache-Tv-Group
Eomportal-Instance
Viewport
X-ProcessESI
X-Ratelimit-Reset
X-RemovedCookies
X-VG-WebCache
X-APP-VERSION
X-Status
X-Geo-Country
NGB
Cache-Tag
Webserver
Server-Info
Datacenter
X-FB-TRIP-ID
X-Cache-TTL-Remaining
Retry-After
X-Cache-Enabled
X-FW-Dynamic
X-Seen-By
X-TA-CDN-Provider
X-Contextid
X-Presslabs-Stats
S-Cnection
MS-CV
X-Ratelimit-Limit
X-Host-Name
X-Origin-Server
X-PressLabs-Stats
From-Origin
Country
X-Mode
Frame-Options
X-Generated-By
X-Hyper-Cache
X-RTag
X-Cache-Var
X-ES-SERVER
X-Path-Route
Load-Balancing
Meta-Geo
X-LJ-Flow-ID
X-RN-RSRV
X-Tumblr-Pixel-3
Ms-Operation-Id
Machine
X-Cache-Config
X-VWS-Id
X-AWS-Id
X-Cache-Var-Map
X-Human
Cache-Key
X-Upstream-CT
X-Upstream-HT
X-Routing-Service
X-Proxied
X-Labrador-Cache-Channel
DSUID
X-Varnish-Cache-Hits
X-Cache-Host
X-Backend-Name
Mail-Subject
X-Zipkin-Id
X-Cache-Grace
Vix-Hermes-Req-Id
We-Hiring
X-Hit
Release
X-CF-Powered-By
X-Magnolia-Registration
X-Varnish-Hits
X-PCL
Uber-Trace-Id
ServedBy
X-RCS-CacheZone
GEO-INFO
X-OCL
X-From
X-Debug-Cache
X-Device-Type
X-EIG-Tracking-Id
Mn-Server-Ip
X-Loop
Now
Decoy-Debug-Status
X-Varnish-Server
X-MP-GENERATED-AT
X-Viewer-Country
X-Web-Node
X-Access
X-Upgrade-Enabled
X-Rendered-As
X-Section
Decoy-Debug-Key
X-TNCMS
Decoy-Debug-TTL
X-BYPASS-REASON
X-Akamai-Request-ID
X-CCM
OT-Force-Account-Verify
Rt-Fastcgi-Cache
X-B3-Spanid
X-Alternate-Cache-Key
X-Origin-Response-Time
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-R9-Blue-Green-Version
X-VG-TLSProxy
X-ShardId
X-Rule
X-Environment-Context
X-Endurance-Cache-Level
X-L-Path
Akamai-GRN
X-ProxyCache-Status
X-ProxyCache-Key
X-Cluster-Node
X-Proto
X-NCache
X-JoinUs
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-Proxy-Build
X-Region
X-Xfnlog-Site
X-Via-Fastly
X-Timing-Wait
X-S
X-FC-Vary-Parameters
X-Hosted-By
DB-Nickname
Cache-Name
X-Daa-Tunnel
X-Guploader-Uploadid
X-VCT
X-Redis-Cache
X-Trace-Id
X-Www-Served-By
X-Locale
Cteonnt-Length
NGX
X-Drupal-Cache-Contexts
X-Nginx-Cache
X-Site-Version
X-Platform-Server
X-UUID
X-Cache-NE
X-Load-Cache
ProcessTime
X-NewRelic-App-Data
X-MServer
SRV
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-ECACHE
X-Vgn-Hpd-Reason
X-Request-Time
X-Cache-Remote
X-IP
X-Rocket-Nginx-Bypass
X-Real-IP
Time
X-Time-Microsecs
X-ServerID
X-GEO
X-Oracle-Dms-Rid
Azure-Version
X-Origin
Azure-SlotName
S-Rt
X-FW-Version
Azure-InstanceId
X-Via-CDN
Azure-SiteName
X-Wix-Request-Id
Version
Azure-RegionName
X-Origin-Hint
X-IPS-LoggedIn
Webcakes-Region
TWC-Locale-Group
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Device-Class
Property-Id
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-Country
Origin
X-Proxy
X-FireWall-Port
X-No-Session
L5d-Success-Class
X-Cache-Backend
Served-By
Odigeo-Trace-Id
X-Akamai-Transformed
NtCoent-Length
X-Distributor
X-Dc
X-Oneagent-Js-Injection
Fastly-SSL
X-PERF
CACHE
X-ApacheServer
X-Unique-ID
X-Pubstack
X-Akamai-Request-ID2
X-Microcachable
X-Cache-Server
X-Format
X-CS
X-RateLimit-Reset
Origin-Cache-Control
Origin-Edge-Control
X-UA
Fastcgi-X-Cache-Version
X-CDN-Forward
Ec-Rule-Version
X-Cache-Category-Id
IBM-Web2-Location
Hostname
X-Grey
X-Webkit-Csp
X-HTML-Minification-Powered-By
X-UnsetCookies
Cache-Tags
X-Compress-Hint
X-SERVER-NAME
X-NC
Proxy-Connection
X-Is-Bot
X-Detected-As
X-Edge
X-Powered-By-Defense
X-Tb
X-Varnish-Cacheable
Backend-Name
Rendered-Blocks
MD5-Digest
Cdn-Host
Cache-Prefix
Cdn-Request-Time
Content-Script-Type
Content-Style-Type
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Arc-Country
AsisCache
BehaviorPad-Version
Cache-Cookie-Set-From
Cross-Origin-Window-Policy
Fastly-SIE
Request-Country
Meta-Geo-Continent
Mobile-Detection-Method
Node
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
Fly-Cache
Fly-Request-Id
GEO-REGION-INFO
Proxy-Firewall
X-Vtex-Processado-Em
X-Debug-Cookies
X-Rewrite-Enabled
X-Rojux
X-Debug-Log
X-Destination
X-Developer
X-Request-UUID
X-S-Cookie
X-Date
X-CGP
X-CF-Lambda-Version
X-Cluster-Name
X-Connection-Hash
X-S-Maxage
X-D
X-DPWN-IS-SECURE
X-Edge-Server
X-IN-APIGATEWAY
X-PAYTM-SRV-ID
X-HS-Combine-CSS
X-Instart-Info
X-Org
X-NU-AKA-ACS-Version
X-Internal-Host
X-HS-Cache-Config
X-Processor
X-Region-Sid
X-Eu-Site
X-Rebelmouse-Surrogate-Control
X-External-Request-Id
X-Rebelmouse-Cache-Control
X-G
X-ScT
X-Server-Time
X-A-Dgt
Xc-Version
X-A-Dcw
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-Worker
X-A-Dam
X-A-Ccd
Server-ID
Rt-Proxy-Cache
ServerName
Viewtype
X-A
VivaBuild
X-Vtex-Remote-Cache
X-AIR-PT
X-Transaction
X-Cache-Bucket
X-Cdn-Srv
A
X-CF-Lambda-Fn
X-SRCache-Key
X-Trv-Group
X-Twitter-Response-Tags
X-Application
X-App-Name
X-NX-Host
X-ARC
X-VG-WebServer
X-B-Cookie
Request-EU
Request-Time
X-Via-NSCOPI
X-Ua
LB
Access-Control-Request-Headers
X-BACKEND-TTL
X-B3-Parentspanid
X-ElasticPress-Search
SS
True-Client-Country-4JS
X-Skip-Cache
X-ServiceProvider
Server-Int
X-Server-IP
X-Key
RNT-Time
On-Server
X-Variation
Memcached
Platform
X-TH-Server
Section-Io-Cache
RNT-Machine
Resin-Trace
Server-Host
X-Reqid
X-Generated-On
X-Fastly-Cache
X-Epic-Correlation-Id
X-Nginx-Cache-Key
X-Geo-Header
X-GeoIP-Country-Code
X-Irp-Debug
X-Level-Front-Cache
X-Location
X-Hash
X-Dispatcher-Server
X-Dispatch
X-Cache-Info
X-Cache-Id
X-Backend-State
Is-Eu
X-Cdn-Origin
X-Qloud-Router
PageSpeed
X-Core-Mission
X-Clientip
X-PHP-Host
X-Request-URI
X-Sn-Servicetimems
X-We-Are-Hiring
Adler-Geo
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Apple-News-Services-Host
Country-Code
Gh-Request-Id
X-C
Countrycode
Esi-Enabled
Apple-News-Services-Parsed-Url
Mime-Version
Content-Disposition
X-Reboot
X-Block-Status
X-BBXSRF
X-Developers
X-Response-By
W
X-Servername
Wxu-Next-Region
X-Served-From
X-Secret
X-Amz-Meta-Cache-Control
Accept-Language
X-SD-PageType
X-Request-Start
X-Device-Os
AKAMAI
X-Generation-Time
X-Gen-Mode
X-Hnp-Log
X-LI-UUID
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Gannett-Site-Version
X-FPC
X-Crawler
CDCHOST
X-CDN-Cache
Wxu-Next-Hostname
X-Distil-CS
X-Fetched-On
X-Method
X-Cache-FS-Status
X-Auto-Login
REQUESTUUID
X-Webstats-RespID
X-SVT-ORM-RULES
X-WebServer
Powered-By
X-SVT-ORM-VERSION
SD-X-WS
Wxu-Next-Commit
X-Wikidot-Static-Cache
X-Swa-Ws
X-Wikidot-Backend
PFcat
Pramga
Web-Mar-Node
V-Age
IsBot
Who
X-SIPLIST1
UCS
User-Cache-Control
CF-IPCountry
X-Owner
X-Matched-Rule
X-VServer
X-Varnish-Url
X-GeoIP-City
GW-Server
X-CUA
X-Origin-Expires
X-Origin-Date
X-Thinkindot-L3
X-ND-Cache
X-WADP-Cache
X-Clara-WADP
X-Via-SSL
Heartbleed
X-Thanos
X-Cms-Context
X-Via-Edge
X-Azure-Ref
X-Nc
X-Release
Thinkindot-CacheControl
Fastly-Soc-X-Request-Id
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Bip
X-Azure-Ref-OriginShield
X-Datadome
X-Parent-Response-Time
X-Protected-By
X-VC-Cache
X-OVcl
L
X-OVcl-Cache
X-Varnish-Ttl
N-Cache
X-CLOUD-TRACE-CONTEXT
Pragrma
X-Fstrz
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Amzn-Remapped-Content-Length
X-FE
Kp-EeAlive
X-Ratelimit-Remaining
Selected-Fe
Memory
X-TrackingId
X-LAGOON
X-DC
X-Varnish-Beresp-Ttl
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Cdn-Forward
X-Pf-Uncompressing
User-Agent
X-Planisys-CDN-Rules
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Origin-TTL
X-Origin-CC
X-GRACE
Locale
X-Phone
Magicmarker
X-Page-Type
X-Core-Value
X-IN-WAF
X-B3-SpanId
X-Zone
X-Be
X-Birta-Cache-Post
X-URL
X-Birta-Served
X-Varnish-Beresp-Status
Pagetype
X-ABtesting
X-Ttl
X-Geo
X-Flog
X-Varnish-Beresp-Grace
X-Hello
X-Info
X-Varnish-IP
X-Backend-TTL
X-Dynatrace-Js-Agent
Selected-FE
X-User
Cdn
HitType
X-Generated-In
X-Backend-Url
X-Backend-Host
X-Cache-Ttl
X-Newrelic-Synthetics
X-Up
X-Tt-Trace-Tag
X-Servedbyhost
X-Soup
X-Debug-Cache-Store
X-MSEdge-Flight
SN
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-TT-LOGID
X-GoCache-CacheStatus
X-MSEdge-Features
X-Litespeed-Cache
Geoip-City
CF-Cached-On
X-HS-Status
Geoip-Latitude
GeoIp-Country-Code
X-Mid
X-App-Version
X-MID
X-Source
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-VCL-Version
X-Real-Ip
X-Agile-Age
X-Refresh
X-Agile-Id
X-Agile
X-Cache-Debug
X-Web-Server
X-Check-Cacheable
X-Tb-Optimization-Total-Bytes-Saved
X-Aicache-OS
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-Bc
X-Vcl-Version
FSS-Proxy
FSS-Cache
GeoIP-Country-Code
X-ZONE
X-SayCDN-TTL
X-Say-TTL
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Old-Content-Length
X-Say-Cacheable
Cache-Hits
GeoIP-Latitude
GeoIP-City
X-ServedByHost
WZWS-RAY
X-CACHE-KEY
X-Contensis-Viewer-Groups
X-APP
X-Varnish-Authentication
X-Cache-ASPX
Server-Cache-Control
Server-Surrogate-Control
HostName
X-UPSTREAM-Address
X-EC-Lua
X-NWS-UUID-VERIFY
Ohc-Cache-HIT
Ohc-File-Size
X-COUNTRY
RequestId
Inserted-Into-Cache-At
X-Node-Id
Fastly-Backend-Name
X-Via-Ucdn
Group
X-CSRF-TOKEN
Srv
X-CSRF-Token
X-Logtrace-Id
X-Akamai-SSL-Client-Sid
X-WR-MODIFICATION
X-IN-APIGATEWAYSSL
X-Cache-Time
Ajk
HTTPS
X-BC
X-Nananana
Xkeyrz
X-SN
X-Proxy-Cacherz
Www
X-ECache
X-Varnish-Beresp-TTL
Backend
WebServer
XServer
X-Dynatrace
X-Wa
X-RateLimit-Limit-Second
URI
Cf-Ipcountry
X-BE
X-Cache-Tag
X-RateLimit-Remaining-Second
X-Instart-Isnd
Host-ID
Is-Session-Tracking
X-TIME
Requestid
Lb
X-Unique-Id
Xkeynj
Get-Access-Time
X-PAGE-TYPE
X-Request-Url
X-FORWARDED-FOR
X-Fastly-Country-Code
X-Cache-Expires
X-MCACHE
X-LiteSpeed-Cache-Control
X-Requestid
X-Edge-IP
X-LB-ID
X-PJAX-URL
PICS-Label
X-Sedo-Request-Id
X-Cache-Miss-From
T-Server
X-NGENIX-Cache
Dynatrace
X-PF-Uncompressing
X-Render-Time
Epwk-Cache
X-Varnish-Action
Cneonction
X-GDPR
X-Micro-Cache
X-Fastly-Backend-Reqs
Xet-Cookie
X-SRV
DataCenter
X-Vct
X-Swift-Error
Fastcgi-X-Cache
CDN
X-Apw-Hits
X-Apw-Access-Token
Pics-Label
X-Pjax-Url
X-Apw-Access-Action
X-Apw-Access-Object
X-NGINX-Cache
X-Dw-Trace-Id
X-WA
Correlation-Id
SID
X-Cf-Powered-By
X-Ecache
X-Policy
X-Svr
X-Uri
X-Lb-Id
X-AssetVersion
MIME-Version
X-Serial
X-ServerName
X-Fpc
X-WPE-Loopback-Upstream-Addr
X-Html-Edge-Cache
Lfy
Warning
X-Bug-Bounty
RequestUuid
X-LiteSpeed-Tag
X-Sf
X-Var-Ttl
FNAC-ModuleRouting
Ohc-Response-Time
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-DSS
X-DW
X-RPM
X-RPS
X-DI
X-DB
X-Fastly-Cache-Hits
X-Flow-Id
X-Page-Impression-Id
X-Zalando-Child-Request-Id
X-RSL