Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Xss-Protection
X-Served-By
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
P3p
X-Template
Status
X-Language
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Id-2
X-Amz-Request-Id
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Ua-Compatible
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Ac
Report-To
X-Rq
Content-Location
X-OneAgent-JS-Injection
X-Node
X-Server-Id
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
X-Cloud-Trace-Context
X-Application-Context
EagleEye-TraceId
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Url
X-DynaTrace
X-Cdn
X-Vhost
Pinterest-Generated-By
X-TTL
X-Ruxit-JS-Agent
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
NEL
X-CST
X-ORACLE-DMS-RID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-FTR-Request-ID
X-Country-Code
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-Vname
X-PC
X-Px
X-TtlSet
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-MS-InvokeApp
SPRequestGuid
Verso
X-DataDome
X-Recruiting
X-Request-ID
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
X-Use-Magma
X-Dns-Prefetch-Control
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja
X-D2id
X-B3-TraceId
X-ESI
X-Varnish-TTL
X-Vcap-Request-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
DynaTrace
TCN
X-Powered-By-Plesk
X-RateLimit-Remaining
X-Navigation-Version
X-GitHub-Request-Id
RTSS
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Response
X-Sol
Display
X-Middleton-Display
X-Middleton-Response
X-Server-ID
X-Server-Name
Content-MD5
Charset
X-Akam-SW-Version
Accept-Ch-Lifetime
MS-Author-Via
AR-ATIME
Ar-Sid
AR-PoweredBy
AR-CACHE
X-Amz-Rid
X-Shield-Request-Id
ServerID
X-Trace
Realpath
AR-Request-ID
X-Dw-Request-Base-Id
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Powered-CMS
X-Cached
X-DynaTrace-JS-Agent
X-Version
Nginx-Cache
X-Forwarded-Proto
X-Shard
X-Upstream
SPIisLatency
SPRequestDuration
Accept-CH
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
Public-Key-Pins
Mrf-Cache-Status
Fastly-Restarts
Pagespeed
X-Goog-Storage-Class
Paypal-Debug-Id
X-MSEdge-Ref
X-Client-IP
Access-Control-Request-Method
X-Upstream-Proxy
Pinterest-Version
X-Pinterest-Rid
S
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Amz-Meta-S3cmd-Attrs
X-Debug
Accept-Ch
X-Ezoic-Cdn
X-Id
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Expires
X-VCache
X-DIS-Request-ID
X-N
X-Fastly-Request-ID
X-T
MicrosoftSharePointTeamServices
X-XRDS-Location
Arr-Disable-Session-Affinity
X-Ser
Alternate-Protocol
X-Varnish-Age
PB-RID
Arc-Version
X-Mobile-Rewrite
PB-PID
X-Amzn-Trace-Id
Front-End-Https
X-NF-Request-ID
X-Hits
X-B3-Sampled
X-Content-Type
X-Grace
Fastcgi-Cache
X-Acc-Meta-Resource-Type
X-Frontend
X-FTR-Cache-Host
X-Logged-In
Server-Name
X-Content-Digest
X-Pad
X-Srv
X-FastCGI-Cache
X-Forwarded-For
Host
AMP-Access-Control-Allow-Source-Origin
X-Correlation-Id
Nel
X-Vcache
X-Node-Name
X-Microsite
X-Request-Handler-Origin-Region
Powered-By-ChinaCache
FilterID
TP-L2-Cache
Healthy
TP-Cache
X-Kinsta-Cache
X-LB-Cache
X-Type
X-Debug-Info
X-Rid
X-Fastcgi-Cache
Edge-Cache-Tag
X-IPLB-Instance
X-User-Agent
X-AOL-HN
X-Request-Received
X-Request-Processing-Time
X-GUploader-UploadID
X-Cached-By
X-Cache-2
X-Hostname
X-Revision
X-HS-Content-Id
X-HS-Hub-Id
X-Cache-Rule
X-F-Cache
Powered
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Zen-Fury
X-XRDS-LOCATION
Surrogate-Key
X-Accel-Expires
Backend-Timing
X-Analytics
X-Cache-Age
X-Cache-Key
X-RateLimit-Limit
X-Page-Id
VIX-Pulpo-Upstream-Status
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Node
X-Varnish-Grace
X-Content-Options
X-Kong-Proxy-Latency
X-Varnish-Backend
X-Kong-Upstream-Latency
X-BCube-Filmed-By
Source
X-Cluster
X-Jobs
X-FB-Debug
X-Amz-Replication-Status
Cache-Status
X-Az
X-AppVersion
X-Activity-Id
X-Content-Powered-By
X-PHP-Backend
X-Instance
X-Request-Guid
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-TT
X-Tumblr-User
X-App-Environment
X-B3-Traceid
X-Framework
X-Akamai-Edgescape
Cleartype
X-Via-JSL
Server-Node
Tracecode
X-Varnish-Hostname
WPE-Backend
Refresh
X-Forwarded-Host
Host-Header
X-Mobile
X-ATG-Version
X-FW-Hash
X-FW-Serve
X-FW-Static
X-Cache-Operation
X-NWS-LOG-UUID
X-B-Cache
X-Signature
X-FW-Type
X-FW-Server
X-Cache-TTL
X-Cache-Control
X-Time
Accept-Charset
X-Drupal-Cache-Tags
Actual-Object-TTL
DC
Liferay-Portal
X-Edge-Location
X-Cache-Action
Access-Control-Allow-Method
X-Cache-Hit
Upgrade-Insecure-Requests
X-App-Server
Fastcgi-Useragent
X-Accel-Buffering
X-Hp-Webp
X-Mobile-URL
X-Whom
X-Response-Served-From
X-TX-ID
Payment
X-Storage
X-UA-Device-Type
X-WebKit-CSP-Report-Only
X-Content-Age
Cache
X-VG-WebCache
X-TT-TIMESTAMP
X-Yottaa-Optimizations
X-B
X-Yottaa-Metrics
X-TA-CDN-Provider
X-Handled-By
X-RequestSource
Filters
X-Cacheable-TTL
X-SS-Set-Cookie
X-GeoIP
X-Adobe-Content
X-Adobe-Loc
Xserver
X-Git-Hash
Eomportal-Instance
X-ProcessESI
Viewport
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Ratelimit-Reset
X-Geo-Country
X-RemovedCookies
X-WA-Info
Server-Info
Cache-Tag
X-FB-TRIP-ID
Webserver
X-Status
Datacenter
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Cache-TTL-Remaining
X-Cache-Enabled
Retry-After
NGB
Accept-CH-Lifetime
X-Esi
X-Contextid
X-FW-Dynamic
X-Seen-By
S-Cnection
X-APP-VERSION
X-CF-Powered-By
X-Ratelimit-Limit
X-Presslabs-Stats
X-Host-Name
X-Origin-Server
X-Mode
X-PressLabs-Stats
Country
From-Origin
MS-CV
X-Daa-Tunnel
X-Magnolia-Registration
X-AWS-Id
Machine
X-ES-SERVER
X-Cache-Config
X-VWS-Id
X-Path-Route
X-LJ-Flow-ID
X-Cache-Var
X-RN-RSRV
Meta-Geo
Load-Balancing
X-Rendered-As
Frame-Options
X-Varnish-Hits
X-Cache-Var-Map
GEO-INFO
DSUID
Vix-Hermes-Req-Id
X-Upstream-CT
X-Proxied
X-Cache-Host
X-Cache-Grace
X-Routing-Service
X-Hit
X-Human
X-Upstream-HT
Cache-Key
Release
X-Labrador-Cache-Channel
We-Hiring
X-Hyper-Cache
X-Zipkin-Id
Mail-Subject
ServedBy
X-RCS-CacheZone
X-From
X-PCL
X-EIG-Tracking-Id
X-TNCMS
X-Device-Type
X-Section
X-Varnish-Server
X-Viewer-Country
X-OCL
X-Loop
Uber-Trace-Id
X-Backend-Name
X-Debug-Cache
X-Varnish-Cache-Hits
X-Web-Node
Mn-Server-Ip
X-Access
Rt-Fastcgi-Cache
X-Shopify-Stage
X-ShopId
X-ShardId
OT-Force-Account-Verify
X-Sorting-Hat-PodId
X-MP-GENERATED-AT
Now
X-VG-TLSProxy
X-Sorting-Hat-ShopId
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-Proto
X-Origin-Response-Time
X-CCM
X-Cluster-Node
X-ProxyCache-Key
X-ProxyCache-Status
X-Rule
X-R9-Blue-Green-Version
X-BYPASS-REASON
X-Tumblr-Pixel-3
X-Upgrade-Enabled
X-Generated-By
X-S
Decoy-Debug-Key
X-RTag
X-Cache-NE
Decoy-Debug-TTL
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Region
X-JoinUs
X-Proxy-Build
X-FC-Vary-Parameters
X-Hosted-By
X-Generated
X-Timing-Wait
Ms-Operation-Id
X-Xfnlog-Site
X-Environment-Context
Akamai-GRN
Decoy-Debug-Status
X-L-Path
X-NCache
X-Endurance-Cache-Level
X-Via-Fastly
Cache-Name
X-Redis-Cache
X-Guploader-Uploadid
NGX
X-Real-IP
X-UUID
X-VCT
X-Trace-Id
X-Platform-Server
X-Nginx-Cache
X-Locale
X-EdgeConnect-Cache-Status
X-NewRelic-App-Data
X-Www-Served-By
X-Drupal-Cache-Contexts
DB-Nickname
X-Site-Version
X-MServer
X-Load-Cache
Cteonnt-Length
X-Hl-Ver
X-Vgn-Hpd-Reason
X-ServerID
X-Rocket-Nginx-Bypass
ProcessTime
X-Cache-Remote
X-ECACHE
X-Request-Time
Time
X-IP
X-Time-Microsecs
NtCoent-Length
X-IPS-LoggedIn
X-Via-CDN
S-Rt
X-Origin
X-Wix-Request-Id
Version
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
X-GRACE
Webcakes-Region
L5d-Success-Class
Property-Id
X-GEO
X-Origin-Hint
TWC-GeoIP-Country
Webcakes-App-Version
TWC-Device-Class
TWC-Connection-Speed
Azure-RegionName
Azure-SiteName
X-Cache-Backend
X-FW-Version
Azure-InstanceId
Azure-SlotName
Azure-Version
Origin
X-B3-Spanid
Served-By
X-Proxy
X-Unique-ID
X-FireWall-Port
X-Microcachable
X-Dc
X-No-Session
X-Distributor
Origin-Cache-Control
Origin-Edge-Control
X-Oneagent-Js-Injection
Fastly-SSL
X-Pubstack
Fastcgi-X-Cache-Version
X-Datadome
SRV
CACHE
X-RateLimit-Reset
X-Grey
X-Cache-Server
X-Cache-Category-Id
X-ApacheServer
X-UA
Odigeo-Trace-Id
X-PERF
X-Detected-As
X-Via-NSCOPI
X-CS
IBM-Web2-Location
X-Format
Access-Control-Request-Headers
X-Is-Bot
Hostname
X-Akamai-Transformed
X-HTML-Minification-Powered-By
X-Webkit-Csp
Cache-Tags
Proxy-Connection
X-Ua
X-Edge
X-Powered-By-Defense
Ec-Rule-Version
X-BACKEND-TTL
X-Varnish-Cacheable
X-Nc
X-Akamai-Request-ID2
Backend-Name
Cdn-Request-Time
Cross-Origin-Window-Policy
X-Connection-Hash
X-Edge-Server
Fastly-SIE
X-Eu-Site
Cdn-Host
X-DPWN-IS-SECURE
X-Cluster-Name
Content-Script-Type
Cache-Prefix
X-External-Request-Id
Cache-Cookie-Set-Lfrom
Content-Style-Type
Cache-Cookie-Set-From
X-Debug-Cookies
X-Debug-Log
X-Date
X-D
X-HS-Cache-Config
HA-Ipaddr
Fly-Request-Id
X-Developer
GEO-REGION-INFO
A
X-Destination
Ha-Gx-Prefs
Fly-Cache
X-HS-Combine-CSS
X-G
BehaviorPad-Version
Cache-Cookie-Set-Idcheck
Meta-Geo-Continent
Mobile-Detection-Method
X-Internal-Host
MD5-Digest
X-IN-APIGATEWAY
Arc-Country
AsisCache
X-Instart-Info
Fastly-SWR
Node
X-Org
ServerName
X-Application
X-ARC
X-B-Cookie
X-Request-UUID
Server-ID
X-App-Name
X-Region-Sid
Rt-Proxy-Cache
X-CF-Lambda-Fn
X-A
VivaBuild
X-Rewrite-Enabled
X-VG-WebServer
X-S-Maxage
X-ScT
Viewtype
X-Twitter-Response-Tags
X-Cache-Bucket
X-S-Cookie
X-Transaction
X-Rojux
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Trv-Group
X-A-Ccd
X-PAYTM-SRV-ID
X-Aed
X-Accel-Expires-Debug
Request-EU
X-AIR-PT
X-NX-Host
Request-Country
X-CGP
Proxy-Firewall
Rendered-Blocks
X-NU-AKA-ACS-Version
X-Worker
X-Processor
X-A-Dcw
X-SRCache-Key
X-Server-Time
Xc-Version
X-A-Dam
X-A-Dgt
X-Rebelmouse-Surrogate-Control
Request-Time
X-A-Wwc
X-CF-Lambda-Version
X-Rebelmouse-Cache-Control
X-UnsetCookies
X-Compress-Hint
X-Tb
X-Backend-State
Is-Eu
RNT-Machine
RNT-Time
X-Core-Mission
Resin-Trace
Mime-Version
X-Epic-Correlation-Id
Platform
On-Server
Memcached
Section-Io-Cache
X-Cache-Info
True-Client-Country-4JS
X-Cache-Id
X-Clientip
X-Cdn-Origin
Server-Host
Server-Int
X-Dispatcher-Server
X-B3-Parentspanid
X-Level-Front-Cache
PageSpeed
X-TH-Server
X-We-Are-Hiring
X-Irp-Debug
X-Hash
X-C
X-Cdn-Srv
X-Variation
X-Ttl
X-Reqid
X-Request-URI
X-Qloud-Router
X-PHP-Host
X-ND-Cache
Countrycode
X-GeoIP-Country-Code
X-Key
Apple-News-Services-Request-Url
X-ServiceProvider
Apple-News-Services-Host
Adler-Geo
X-Sn-Servicetimems
X-Geo-Header
Apple-News-Services-Handled
X-Fastly-Cache
Apple-News-Services-Parsed-Url
Country-Code
X-Generated-On
X-Server-IP
X-B3-SpanId
X-ElasticPress-Search
X-Cdn-Forward
X-Oracle-Dms-Rid
X-Response-By
X-Request-Start
X-CDN-Cache
X-SIPLIST1
X-SD-PageType
X-Amz-Meta-Cache-Control
X-SVT-ORM-RULES
X-Served-From
X-SVT-ORM-VERSION
X-Secret
X-BBXSRF
X-Servername
X-Swa-Ws
X-Block-Status
SS
X-Crawler
X-Hnp-Log
X-Li-Fabric
X-Li-Pop
X-Skip-Cache
X-Gen-Mode
X-Gannett-Site-Version
X-Fetched-On
X-Distil-CS
X-Device-Os
X-Developers
X-Nginx-Cache-Key
X-Location
Esi-Enabled
Gh-Request-Id
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Webstats-RespID
X-Reboot
X-Protected-By
X-LI-Proto
X-Dispatch
X-LI-UUID
X-Method
X-WebServer
UCS
Powered-By
Pramga
SD-X-WS
User-Cache-Control
PFcat
IsBot
CDCHOST
Content-Disposition
AKAMAI
X-CDN-Forward
V-Age
REQUESTUUID
Wxu-Next-Hostname
Wxu-Next-Commit
Who
Wxu-Next-Region
Web-Mar-Node
X-NC
GW-Server
X-Origin-Expires
Heartbleed
X-Auto-Login
X-Cache-FS-Status
X-Owner
X-Release
X-Generation-Time
X-Fstrz
X-VServer
Fastly-Soc-X-Request-Id
X-GeoIP-City
X-Matched-Rule
Thinkindot-CacheControl-Type
X-Via-SSL
X-Bip
Thinkindot-Control
X-Via-Edge
Thinkindot-CacheControl
X-Origin-Date
X-Thanos
X-Cms-Context
Pragrma
LB
X-Thinkindot-L3
X-CUA
X-Azure-Ref
X-OVcl
X-OVcl-Cache
X-VC-Cache
X-Azure-Ref-OriginShield
X-FPC
W
X-Parent-Response-Time
X-Origin-CC
X-Origin-TTL
Accept-Language
X-Varnish-Ttl
X-Planisys-CDN-Rules
X-Varnish-Url
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-WADP-Cache
X-Clara-WADP
X-CLOUD-TRACE-CONTEXT
CF-IPCountry
X-Be
X-LAGOON
X-Core-Value
X-Phone
Memory
X-IN-WAF
L
X-Ratelimit-Remaining
X-Varnish-Beresp-Ttl
X-Birta-Served
X-DC
X-Birta-Cache-Post
X-Proxy-Upstream
X-App-Version
X-Proxy-Cache-Status
N-Cache
X-Varnish-IP
X-Page-Type
Selected-FE
HitType
X-FE
Kp-EeAlive
X-TrackingId
X-Geo
X-Amzn-Remapped-Content-Length
X-Info
X-CACHE-KEY
User-Agent
Selected-Fe
X-Urbn-Site-Id
X-URL
X-Urbn-Context-Path
Locale
X-Pf-Uncompressing
Magicmarker
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Dynatrace-Js-Agent
Cdn
X-Source
X-Zone
X-ABtesting
X-Flog
Pagetype
X-Hello
X-Backend-TTL
X-Web-Server
X-TT-LOGID
X-Agile-Id
X-Cache-Debug
X-Agile-Age
X-Generated-In
X-Agile
X-Servedbyhost
X-User
X-Litespeed-Cache
CF-Cached-On
X-Newrelic-Synthetics
X-HS-Status
X-Backend-Url
X-Check-Cacheable
X-Backend-Host
Geoip-Latitude
GeoIp-Country-Code
X-Refresh
Geoip-City
X-SERVER-NAME
X-MID
X-Mid
X-Debug-Cache-Store
SN
X-ZONE
X-Up
X-MSEdge-Features
X-MSEdge-Flight
X-Tt-Trace-Tag
X-Real-Ip
X-Soup
X-GoCache-CacheStatus
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Aicache-OS
X-Vcl-Version
X-VCL-Version
X-Tb-Optimization-Total-Bytes-Saved
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
GeoIP-Country-Code
X-APP
FSS-Cache
X-NWS-UUID-VERIFY
FSS-Proxy
Ohc-Cache-HIT
Ohc-File-Size
X-ServedByHost
GeoIP-Latitude
Group
GeoIP-City
Srv
X-EC-Lua
X-Say-TTL
X-Say-Cacheable
X-Amzn-Remapped-Connection
HTTPS
X-Varnish-Authentication
X-Bc
X-Amzn-Remapped-Date
X-Contensis-Viewer-Groups
X-Old-Content-Length
X-Cache-ASPX
Server-Cache-Control
WZWS-RAY
Server-Surrogate-Control
HostName
X-SayCDN-TTL
X-UPSTREAM-Address
X-COUNTRY
X-SN
X-Cache-Ttl
Backend
RequestId
X-Via-Ucdn
Www
X-CSRF-Token
X-Akamai-SSL-Client-Sid
X-BC
Cf-Ipcountry
Lb
X-Instart-Isnd
Cache-Hits
X-Nananana
Inserted-Into-Cache-At
Fastly-Backend-Name
X-Varnish-Beresp-TTL
X-Request-Url
X-Proxy-Cacherz
X-Node-Id
X-Cache-Expires
Host-ID
Xkeyrz
X-ECache
X-WR-MODIFICATION
X-NGENIX-Cache
XServer
X-Dynatrace
WebServer
X-PF-Uncompressing
X-Logtrace-Id
X-IN-APIGATEWAYSSL
X-CSRF-TOKEN
X-Cache-Tag
Ajk
Requestid
URI
X-PAGE-TYPE
X-Cache-Time
X-Unique-Id
X-Varnish-Action
Epwk-Cache
Is-Session-Tracking
X-FORWARDED-FOR
X-Fastly-Country-Code
Get-Access-Time
X-TIME
Xkeynj
X-MCACHE
X-Wa
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Requestid
X-Sedo-Request-Id
Fastcgi-X-Cache
X-Edge-IP
X-Fastly-Backend-Reqs
X-Cache-Miss-From
Dynatrace
X-LiteSpeed-Cache-Control
X-AssetVersion
X-Pjax-Url
Cneonction
X-Svr
Pics-Label
X-BE
X-Correlation-ID
DataCenter
Xet-Cookie
X-SRV
X-Lb-Id
X-Vct
T-Server
FNAC-ModuleRouting
X-Var-Ttl
X-Swift-Error
X-Sf
Correlation-Id
CDN
X-Dw-Trace-Id
X-NGINX-Cache
X-Render-Time
X-Serial
X-Micro-Cache
PICS-Label
X-Fpc
X-WA
X-LB-ID
X-PJAX-URL
X-Ecache
X-GDPR
X-Fastly-Cache-Hits
Cache-Provider
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-Html-Edge-Cache
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-WPE-Loopback-Upstream-Addr
Lfy
X-Akamai-ERRuleID
X-Litespeed-Cache-Control
X-Akamai-ERPolicy
X-Alicdn-Da-Ups-Status
X-Bug-Bounty
Warning
X-ServerName
X-DSS
X-RSL
X-RPS
X-RPM
X-DI
X-DB
RequestUuid
X-LiteSpeed-Tag
Ohc-Response-Time
X-Flow-Id
X-DW