Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
Alt-Svc
X-Adblock-Key
X-Drupal-Cache
X-Check
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
P3p
X-Template
X-Language
Status
Timing-Allow-Origin
X-Iinfo
Content-Encoding
X-Content-Security-Policy
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-CDN
X-Turbo-Charged-By
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
EagleId
X-Server-Powered-By
X-UA-Device
X-Varnish-Cache
Request-Context
X-Nginx-Cache-Status
X-Request-ID
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Server-Id
X-WebKit-CSP
Feature-Policy
Server-Timing
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-Rq
Report-To
X-Ac
X-Node
Content-Location
X-OneAgent-JS-Injection
X-Cnection
X-Response-Time
X-Backend-Server
X-Cloud-Trace-Context
X-Origin-Cache
X-Application-Context
X-Readtime
Request-Id
Allow
EagleEye-TraceId
Surrogate-Control
X-ORACLE-DMS-ECID
X-Country
X-DynaTrace
X-Vhost
X-Cache-Lookup
X-TTL
X-Cdn
Pinterest-Generated-By
X-Rack-Cache
X-Clacks-Overhead
X-Origin-Upstream-Status
X-Url
X-Ua-Compatible
NEL
X-FTR-Request-ID
X-Ruxit-JS-Agent
Rating
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-CST
X-Dns-Prefetch-Control
X-Dispatcher
X-HW
X-Goog-Hash
X-Instart-Request-ID
X-ORACLE-DMS-RID
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
X-DataStream-Cache-Status
Edge-Control
X-PC
X-TtlSet
X-Vname
X-DataDome
X-Px
X-VARITI-CCR
Service-Worker-Allowed
Verso
X-Mod-Pagespeed
X-MS-InvokeApp
X-Recruiting
X-Varnish-TTL
X-D2id
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
SPRequestGuid
RTSS
X-Vcap-Request-Id
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
TCN
X-SharePointHealthScore
X-Navigation-Version
X-SRCache-Store-Status
X-GitHub-Request-Id
X-SRCache-Fetch-Status
DynaTrace
X-Middleton-Response
X-Sol
X-Middleton-Display
Display
Response
X-Akam-SW-Version
X-Powered-By-Plesk
X-RateLimit-Remaining
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
MS-Author-Via
Charset
X-Shield-Request-Id
ServerID
X-Amz-Rid
X-Forwarded-Proto
Content-MD5
AR-PoweredBy
AR-ATIME
AR-CACHE
Ar-Sid
X-B3-TraceId
X-Trace
X-Powered-CMS
Realpath
Accept-Ch-Lifetime
Nginx-Cache
X-Upstream
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Version
X-Cached
Fastly-Restarts
Public-Key-Pins
X-Dw-Request-Base-Id
Accept-Ch
AR-Request-ID
X-Shard
X-DynaTrace-JS-Agent
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-ESI
MRF-Tech
Pagespeed
X-Server-Name
Access-Control-Request-Method
Paypal-Debug-Id
X-MSEdge-Ref
X-Vcache
X-Goog-Storage-Class
X-Grace
X-Client-IP
SPIisLatency
SPRequestDuration
S
X-Debug
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Id
X-Ezoic-Cdn
X-FastCGI-Cache
X-Amz-Meta-S3cmd-Attrs
Accept-CH
X-N
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-Fastly-Request-ID
X-T
Front-End-Https
X-Amzn-Trace-Id
X-DIS-Request-ID
X-NF-Request-ID
Arr-Disable-Session-Affinity
X-Content-Type
X-B3-Traceid
MicrosoftSharePointTeamServices
X-Hits
X-XRDS-Location
X-B3-Sampled
X-FTR-Cache-Host
X-Varnish-Age
X-Ser
X-Mobile-Rewrite
PB-RID
PB-PID
Fastcgi-Cache
Arc-Version
X-Frontend
X-Acc-Meta-Resource-Type
X-Content-Digest
Server-Name
X-Logged-In
Alternate-Protocol
X-Correlation-Id
X-Srv
X-Cache-Key
X-Node-Name
X-Pad
X-Esi
AMP-Access-Control-Allow-Source-Origin
Nel
X-Microsite
X-Request-Handler-Origin-Region
FilterID
X-Forwarded-For
TP-L2-Cache
TP-Cache
Host
X-Type
X-Kinsta-Cache
Healthy
X-User-Agent
X-Rid
X-LB-Cache
Powered-By-ChinaCache
X-Request-Processing-Time
X-Request-Received
X-IPLB-Instance
X-F-Cache
X-Zen-Fury
Edge-Cache-Tag
Powered
X-Debug-Info
X-AOL-HN
X-Cache-2
X-Amz-Apigw-Id
X-Amzn-RequestId
X-GUploader-UploadID
X-Cached-By
X-Revision
X-VCache
X-Hostname
X-HS-Content-Id
X-HS-Hub-Id
Backend-Timing
X-Analytics
X-Cache-Age
X-Kong-Upstream-Latency
X-Cache-Rule
X-Kong-Proxy-Latency
X-Via-JSL
X-Accel-Expires
X-XRDS-LOCATION
X-AppVersion
X-Activity-Id
X-Az
Surrogate-Key
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Content-Options
X-Page-Id
X-Instance
X-RateLimit-Limit
X-Cluster
X-Varnish-Grace
X-FB-Debug
X-Amz-Replication-Status
X-Tumblr-User
X-Tumblr-Pixel-0
X-Content-Powered-By
X-Akamai-Edgescape
X-PHP-Backend
X-Tumblr-Pixel
X-Request-Guid
X-Jobs
Source
Cache-Status
Server-Node
X-App-Environment
X-TT
X-Forwarded-Host
X-Signature
X-B-Cache
Refresh
Cleartype
X-Framework
Liferay-Portal
X-Fastcgi-Cache
X-FW-Server
X-FW-Type
X-FW-Hash
X-FW-Static
X-FW-Serve
Accept-CH-Lifetime
X-Varnish-Hostname
DC
X-ATG-Version
Tracecode
Host-Header
WPE-Backend
Accept-Charset
Access-Control-Allow-Method
Fastcgi-Useragent
X-APP-VERSION
X-Cache-Operation
X-Mobile
X-Cache-Control
X-Cache-Action
X-Edge-Location
X-Drupal-Cache-Tags
X-Time
X-B
X-Cache-Hit
Actual-Object-TTL
X-Erf-Bev-Bev-Is-Generated
X-Hp-Webp
X-Mobile-URL
X-Accel-Buffering
X-Response-Served-From
X-Erf-Bev-Bev
X-Whom
Payment
X-Storage
X-TX-ID
X-App-Server
X-WebKit-CSP-Report-Only
X-Oracle-Dms-Rid
X-WA-Info
X-Content-Age
X-NWS-LOG-UUID
X-Yottaa-Optimizations
Cache-Tv-Group
X-Yottaa-Metrics
X-TT-TIMESTAMP
Upgrade-Insecure-Requests
X-Git-Hash
X-UA-Device-Type
Filters
X-Handled-By
X-Cacheable-TTL
NGB
X-SS-Set-Cookie
X-GeoIP
X-Adobe-Loc
X-Tumblr-Pixel-2
Eomportal-Instance
X-Tumblr-Pixel-1
X-Status
X-Adobe-Content
X-ProcessESI
Cache-Tag
X-RemovedCookies
X-RequestSource
Viewport
X-Geo-Country
X-VG-WebCache
Retry-After
Cache
Xserver
Webserver
Datacenter
X-Cache-TTL-Remaining
X-FW-Dynamic
X-Cache-TTL
X-Presslabs-Stats
X-Seen-By
X-Server-ID
Server-Info
MS-CV
X-Ratelimit-Reset
X-FB-TRIP-ID
X-TA-CDN-Provider
X-Cache-Enabled
X-Host-Name
X-Ratelimit-Limit
X-B3-Spanid
Frame-Options
X-Contextid
X-Generated-By
From-Origin
X-Origin-Server
Ms-Operation-Id
X-RTag
X-Hyper-Cache
S-Cnection
X-Mode
Country
X-CF-Powered-By
X-PressLabs-Stats
X-Cache-Var
X-Cache-Var-Map
X-Path-Route
X-RN-RSRV
Machine
X-Cache-Config
X-Tumblr-Pixel-3
Load-Balancing
Meta-Geo
X-ES-SERVER
X-Zipkin-Id
Cache-Key
X-Routing-Service
X-Cache-Grace
Vix-Hermes-Req-Id
X-Access
X-Section
X-Upstream-CT
X-Proxied
X-MP-GENERATED-AT
X-Upstream-HT
X-Hit
X-Labrador-Cache-Channel
X-OCL
X-TNCMS
GEO-INFO
X-Cache-Host
X-Varnish-Cache-Hits
X-Backend-Name
X-Varnish-Server
Decoy-Debug-Status
X-Human
X-From
Decoy-Debug-Key
X-PCL
X-Viewer-Country
Now
X-Upgrade-Enabled
Decoy-Debug-TTL
X-Web-Node
X-Loop
SRV
ServedBy
Mn-Server-Ip
X-EIG-Tracking-Id
X-Origin-Response-Time
X-LJ-Flow-ID
X-Region
X-L-Path
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Magnolia-Registration
X-Rule
X-Sorting-Hat-PodId
X-VG-TLSProxy
X-Environment-Context
X-VWS-Id
X-R9-Blue-Green-Version
X-AWS-Id
X-Alternate-Cache-Key
X-CCM
X-Debug-Cache
X-Via-Fastly
X-Endurance-Cache-Level
X-Shopify-Stage
X-Akamai-Request-ID
Rt-Fastcgi-Cache
X-Drupal-Cache-Contexts
X-Rendered-As
DSUID
X-RCS-CacheZone
DB-Nickname
X-Proto
X-Timing-Wait
Mail-Subject
X-Xfnlog-Site
X-FC-Vary-Parameters
X-Proxy-Build
X-S
Cache-Name
X-Hosted-By
We-Hiring
X-Cluster-Node
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-NCache
X-JoinUs
OT-Force-Account-Verify
X-Varnish-Hits
Akamai-GRN
X-Guploader-Uploadid
Release
X-Device-Type
Uber-Trace-Id
Version
X-Trace-Id
X-NewRelic-App-Data
X-Nginx-Cache
X-Site-Version
X-Locale
X-Www-Served-By
Cteonnt-Length
X-ProxyCache-Status
X-BYPASS-REASON
X-Request-Time
X-ProxyCache-Key
ProcessTime
X-VCT
NGX
X-Load-Cache
X-IP
X-Time-Microsecs
X-Platform-Server
Time
X-Redis-Cache
X-UUID
X-Wix-Request-Id
X-Origin
S-Rt
Azure-SiteName
Azure-InstanceId
Azure-RegionName
CACHE
Azure-SlotName
Azure-Version
X-FW-Version
X-Dc
X-Via-CDN
Webcakes-App-Name
TWC-Privacy
X-Origin-Hint
X-ECACHE
TWC-Locale-Group
Webcakes-App-Version
TWC-GeoIP-Country
Property-Id
X-EdgeConnect-Cache-Status
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
Webcakes-Region
X-GEO
X-Cache-NE
NtCoent-Length
X-Akamai-Request-ID2
X-MServer
X-CDN-Forward
X-No-Session
X-Rocket-Nginx-Bypass
X-Proxy
X-FireWall-Port
X-Hl-Ver
X-SERVER-NAME
X-Cache-Remote
X-ServerID
X-Vgn-Hpd-Reason
X-IPS-LoggedIn
X-Daa-Tunnel
X-RateLimit-Reset
X-Akamai-Transformed
Origin
X-HTML-Minification-Powered-By
X-PERF
X-ApacheServer
X-UA
X-Cache-Server
Odigeo-Trace-Id
X-CS
X-Format
X-Distributor
X-Oneagent-Js-Injection
Fastly-SSL
Ec-Rule-Version
Cache-Tags
LB
Access-Control-Request-Headers
L5d-Success-Class
X-UnsetCookies
X-Real-IP
X-Pubstack
X-Tb
Accept-Language
X-Microcachable
X-Unique-ID
Hostname
Origin-Edge-Control
Origin-Cache-Control
X-NC
Served-By
X-Webkit-Csp
X-Cache-Backend
Fastcgi-X-Cache-Version
X-Varnish-Cacheable
IBM-Web2-Location
X-Compress-Hint
X-Grey
X-Cache-Category-Id
Cross-Origin-Window-Policy
Content-Style-Type
Fly-Cache
MD5-Digest
X-G
GEO-REGION-INFO
Fly-Request-Id
Fastly-SIE
Fastly-SWR
X-IN-APIGATEWAY
Cdn-Host
A
Arc-Country
AsisCache
X-Is-Bot
X-NU-AKA-ACS-Version
X-Worker
X-Org
X-Internal-Host
BehaviorPad-Version
Meta-Geo-Continent
Cdn-Request-Time
X-Instart-Info
Cache-Prefix
Cache-Cookie-Set-Lfrom
X-Transaction
Cache-Cookie-Set-Idcheck
Content-Script-Type
Proxy-Firewall
X-Aed
X-Date
X-AIR-PT
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Dgt
X-App-Name
X-Application
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-Cache-Bucket
X-ARC
X-D
X-B-Cookie
X-A-Ccd
X-A
Request-EU
Request-Time
X-Edge-Server
Request-Country
Rendered-Blocks
Node
X-External-Request-Id
X-PAYTM-SRV-ID
Rt-Proxy-Cache
Server-ID
X-Developer
X-Detected-As
X-Destination
Xc-Version
VivaBuild
X-DPWN-IS-SECURE
Viewtype
Mobile-Detection-Method
Cache-Cookie-Set-From
X-Trv-Group
Backend-Name
X-Twitter-Response-Tags
X-Rebelmouse-Cache-Control
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Rebelmouse-Surrogate-Control
X-B3-Parentspanid
X-Cluster-Name
X-Server-Time
X-ScT
X-BACKEND-TTL
X-Region-Sid
X-Varnish-Url
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-S-Maxage
X-SRCache-Key
X-VG-WebServer
Proxy-Connection
ServerName
X-URL
X-ElasticPress-Search
AKAMAI
Memcached
X-CGP
X-NX-Host
X-Fastly-Cache
X-Developers
X-C
X-Nginx-Cache-Key
X-Cdn-Origin
X-GeoIP-Country-Code
X-Debug-Log
Ha-Gx-Prefs
X-Core-Mission
Is-Eu
X-Cache-Info
On-Server
X-Variation
X-PHP-Host
RNT-Time
RNT-Machine
Section-Io-Cache
Server-Int
True-Client-Country-4JS
X-Clientip
Resin-Trace
X-Level-Front-Cache
X-Epic-Correlation-Id
X-Eu-Site
Platform
W
X-Geo-Header
X-Request-URI
X-Edge
Gh-Request-Id
HA-Ipaddr
Apple-News-Services-Request-Url
Content-Disposition
X-Generated-On
Apple-News-Services-Parsed-Url
Countrycode
REQUESTUUID
X-Debug-Cookies
X-Backend-State
X-Skip-Cache
X-Sn-Servicetimems
X-ServiceProvider
X-We-Are-Hiring
Apple-News-Services-Host
X-Location
X-Amzn-Remapped-Content-Length
X-SVT-ORM-RULES
X-HS-Combine-CSS
X-HS-Cache-Config
Adler-Geo
X-SVT-ORM-VERSION
Esi-Enabled
X-Cache-Id
Apple-News-Services-Handled
Selected-Fe
X-BBXSRF
V-Age
X-Block-Status
User-Cache-Control
UCS
X-Device-Os
X-Servername
X-Amz-Meta-Cache-Control
X-Cache-FS-Status
X-CDN-Cache
X-Dispatch
X-Secret
X-SD-PageType
X-TH-Server
X-Server-IP
Web-Mar-Node
X-SIPLIST1
X-Auto-Login
X-Cms-Context
X-Method
X-Clara-WADP
X-Fetched-On
Country-Code
X-Reboot
CDCHOST
X-WADP-Cache
X-Dispatcher-Server
X-Hnp-Log
X-Generation-Time
X-GeoIP-City
X-Hash
X-Irp-Debug
X-WebServer
X-Wikidot-Backend
X-Qloud-Router
X-Wikidot-Static-Cache
X-LI-UUID
X-LI-Proto
X-Key
X-Li-Fabric
X-Li-Pop
X-Gen-Mode
Fastly-Soc-X-Request-Id
IsBot
PFcat
X-Request-Start
N-Cache
SS
Server-Host
X-FPC
X-Gannett-Site-Version
X-Reqid
X-Distil-CS
SD-X-WS
X-Response-By
X-Powered-By-Defense
X-SERVER
X-Origin-Date
L
X-Thinkindot-L3
X-Webstats-RespID
X-Processor
X-Matched-Rule
X-TrackingId
X-Proxy-Cache-Status
X-Swa-Ws
X-VServer
X-Proxy-Upstream
X-Bip
X-Owner
X-VC-Cache
X-Origin-Expires
X-Thanos
X-Crawler
X-Release
Who
Thinkindot-CacheControl-Type
Heartbleed
Wxu-Next-Commit
Wxu-Next-Hostname
Thinkindot-CacheControl
Pramga
GW-Server
X-Nc
Powered-By
Wxu-Next-Region
Thinkindot-Control
X-Azure-Ref
X-Azure-Ref-OriginShield
X-Via-NSCOPI
CF-IPCountry
X-Via-SSL
X-Ua
X-Served-From
X-OVcl
X-Pf-Uncompressing
X-Via-Edge
X-CUA
X-OVcl-Cache
Kp-EeAlive
Locale
X-Urbn-Context-Path
X-Parent-Response-Time
X-Urbn-Site-Id
X-Varnish-Ttl
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
Magicmarker
X-FE
X-Dynatrace-Js-Agent
X-LAGOON
X-Ratelimit-Remaining
User-Agent
X-ND-Cache
PageSpeed
Mime-Version
X-Protected-By
X-ABtesting
X-Flog
Memory
X-Hello
X-Page-Type
Pagetype
Pragrma
X-Fstrz
X-Cache-Ttl
X-Origin-TTL
X-Be
X-Origin-CC
X-Backend-Host
X-Backend-Url
X-User
X-Generated-In
X-Newrelic-Synthetics
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-COUNTRY
X-Ttl
X-MSEdge-Flight
X-MSEdge-Features
X-GoCache-CacheStatus
X-Up
X-Tt-Trace-Tag
X-Geo
X-Backend-TTL
X-Zone
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-DC
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Core-Value
X-Soup
X-Debug-Cache-Fetch
X-IN-WAF
X-Phone
X-Check-Cacheable
X-Oss-Request-Id
X-Oss-Server-Time
X-B3-SpanId
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
Geoip-City
X-TT-LOGID
X-Cdn-Forward
Geoip-Latitude
GeoIp-Country-Code
X-Servedbyhost
X-ZONE
Cache-Hits
X-Litespeed-Cache
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Old-Content-Length
SN
Cdn
X-Birta-Served
X-Birta-Cache-Post
X-Info
X-Real-Ip
X-Varnish-IP
X-Akamai-SSL-Client-Sid
X-VCL-Version
X-MID
Selected-FE
X-Mid
HitType
X-Datadome
X-CSRF-TOKEN
X-HS-Status
X-Cache-Time
Amp-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-GRACE
Fastly-Backend-Name
X-FORWARDED-FOR
FSS-Cache
FSS-Proxy
X-Aicache-OS
X-Node-Id
Inserted-Into-Cache-At
X-Vcl-Version
XServer
X-ServedByHost
X-Agile
X-BC
X-Agile-Age
X-Logtrace-Id
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Ajk
WZWS-RAY
X-Agile-Id
X-IN-APIGATEWAYSSL
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Debug
CF-Cached-On
X-Refresh
X-EC-Lua
X-Bc
Server-Surrogate-Control
GeoIP-Country-Code
X-UPSTREAM-Address
Server-Cache-Control
X-Varnish-Authentication
X-Contensis-Viewer-Groups
HostName
X-Cache-ASPX
X-Source
X-RateLimit-Limit-Second
RequestId
X-Web-Server
GeoIP-Latitude
X-Via-Ucdn
X-Wa
X-RateLimit-Remaining-Second
GeoIP-City
Dynatrace
X-CSRF-Token
X-Nananana
Srv
X-APP
X-App-Version
X-WR-MODIFICATION
T-Server
PICS-Label
X-LB-ID
X-PJAX-URL
X-Proxy-Cacherz
Xkeyrz
X-NWS-UUID-VERIFY
X-TIME
X-ECache
Ohc-File-Size
X-LiteSpeed-Cache-Control
WebServer
MIME-Version
Ohc-Cache-HIT
X-Render-Time
URI
Cf-Ipcountry
Group
X-GDPR
X-Micro-Cache
X-BE
X-Varnish-Beresp-TTL
X-Fastly-Country-Code
X-Cache-Tag
X-SRV
Get-Access-Time
HTTPS
X-CACHE-KEY
X-Unique-Id
Is-Session-Tracking
Xkeynj
X-PAGE-TYPE
CDN
X-SN
X-Edge-IP
Www
X-Uri
X-Requestid
X-Sedo-Request-Id
SID
X-Cache-Miss-From
X-Policy
Backend
X-MCACHE
X-Request-Url
X-Fastly-Backend-Reqs
X-Instart-Isnd
DataCenter
Xet-Cookie
X-Cache-Expires
X-Cdn-Request-ID
X-Pjax-Url
Requestid
Cache-Provider
Pics-Label
Lb
X-Swift-Error
X-Vct
Cneonction
X-Apw-Access-Action
X-Service
Host-ID
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Token
X-Dw-Trace-Id
X-NGINX-Cache
X-Cf-Powered-By
X-Lb-Id
X-WA
X-Ecache
X-Var-Ttl
Correlation-Id
FNAC-ModuleRouting
X-Newrelic-App-Data
X-Serial
X-Fe
Ohc-Response-Time
X-Zalando-Child-Request-Id
X-Akamai-ERRuleID
X-Fastly-Cache-Hits
Epwk-Cache
X-Flow-Id
X-Akamai-ERPolicy
X-Bug-Bounty
X-Varnish-Action
X-Html-Edge-Cache
Lfy
Warning
X-Page-Impression-Id
X-WPE-Loopback-Upstream-Addr
X-RPS
X-RSL
X-Fpc
X-ServerName
X-RPM
X-DW
X-DB
X-DI
X-DSS
X-PF-Uncompressing