Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
CF-RAY
X-Powered-By
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
CF-Cache-Status
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Alt-Svc
X-Check
X-Cacheable
P3p
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
X-FRAME-OPTIONS
Timing-Allow-Origin
Content-Encoding
X-Content-Security-Policy
X-Iinfo
X-Buckets
Upgrade
X-Kinja-Server-Push
Xkey
X-Via
X-Turbo-Charged-By
X-CDN
Keep-Alive
Access-Control-Max-Age
Access-Control-Expose-Headers
X-Cache-Group
X-Pass-Why
X-Age
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Server
X-Backend
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Robots-Tag
X-Proxy-Cache
X-Hacker
Grace
X-Server-Powered-By
EagleId
X-Varnish-Cache
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Cf-Railgun
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Ua-Compatible
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Feature-Policy
X-Device
Server-Timing
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-Ac
Report-To
X-Rq
Content-Location
X-OneAgent-JS-Injection
X-Server-Id
X-Node
X-Backend-Server
X-Response-Time
X-Cnection
X-Origin-Cache
EagleEye-TraceId
X-Application-Context
X-Cloud-Trace-Context
Allow
Request-Id
X-Readtime
Surrogate-Control
X-Cache-Lookup
X-Country
X-ORACLE-DMS-ECID
X-Cdn
X-Url
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-DynaTrace
X-Rack-Cache
X-Clacks-Overhead
X-Vhost
X-ORACLE-DMS-RID
X-Origin-Upstream-Status
X-CST
NEL
X-TTL
X-Dns-Prefetch-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-HW
X-FTR-Request-ID
X-Country-Code
X-Goog-Hash
X-Instart-Request-ID
X-Dispatcher
X-DataStream-Cache-Status
Edge-Control
X-Px
X-PC
X-Vname
X-TtlSet
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-VARITI-CCR
Service-Worker-Allowed
X-Mod-Pagespeed
X-MS-InvokeApp
X-Request-ID
Verso
SPRequestGuid
X-Recruiting
X-ESI
X-B3-TraceId
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Cdn-Fetch
X-DataDome
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Use-Magma
X-D2id
X-Vcap-Request-Id
X-Varnish-TTL
X-SharePointHealthScore
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Server-Name
X-RateLimit-Remaining
X-Powered-By-Plesk
TCN
DynaTrace
X-Middleton-Display
X-Navigation-Version
X-Sol
Display
Response
X-Middleton-Response
X-GitHub-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Content-MD5
RTSS
Accept-Ch-Lifetime
Charset
X-Akam-SW-Version
Ar-Sid
AR-CACHE
AR-ATIME
AR-PoweredBy
MS-Author-Via
X-Amz-Rid
ServerID
X-Shield-Request-Id
AR-Request-ID
Realpath
X-Trace
X-Goog-Generation
X-Goog-Metageneration
X-Dw-Request-Base-Id
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Cached
X-Powered-CMS
X-Server-ID
X-DynaTrace-JS-Agent
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Version
Nginx-Cache
X-Shard
X-Forwarded-Proto
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Proxy
X-Goog-Storage-Class
SPIisLatency
SPRequestDuration
X-Upstream
Pagespeed
Public-Key-Pins
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Client-IP
Paypal-Debug-Id
X-MSEdge-Ref
Access-Control-Request-Method
Fastly-Restarts
S
Accept-Ch
Accept-CH
X-VCache
X-DataStream-MidMile-RTT
X-Amz-Meta-S3cmd-Attrs
X-DataStream-Origin-MEX-Latency
X-Ezoic-Cdn
X-Debug
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-DIS-Request-ID
X-Fastly-Request-ID
X-T
X-Id
X-N
MicrosoftSharePointTeamServices
X-Ser
Alternate-Protocol
X-Mobile-Rewrite
Arc-Version
PB-RID
PB-PID
Arr-Disable-Session-Affinity
X-Varnish-Age
X-XRDS-Location
X-NF-Request-ID
Fastcgi-Cache
X-Hits
X-Grace
X-Content-Type
X-Amzn-Trace-Id
X-B3-Sampled
X-Acc-Meta-Resource-Type
Front-End-Https
X-Frontend
X-FTR-Cache-Host
X-Logged-In
Server-Name
X-Content-Digest
X-Pad
X-Srv
Host
X-Forwarded-For
Nel
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
X-Correlation-Id
X-Request-Handler-Origin-Region
X-Node-Name
X-Microsite
X-Fastcgi-Cache
Powered-By-ChinaCache
FilterID
TP-Cache
TP-L2-Cache
Healthy
X-Debug-Info
X-LB-Cache
X-Kinsta-Cache
X-Type
X-Rid
X-Vcache
Edge-Cache-Tag
X-IPLB-Instance
X-AOL-HN
X-User-Agent
X-Request-Processing-Time
X-Request-Received
X-GUploader-UploadID
X-Cached-By
X-Cache-2
X-HS-Content-Id
X-HS-Hub-Id
X-Hostname
X-XRDS-LOCATION
X-Revision
X-Cache-Rule
X-F-Cache
Surrogate-Key
Powered
X-Accel-Expires
X-Zen-Fury
X-Amzn-RequestId
X-RateLimit-Limit
X-Cache-Age
X-Page-Id
X-Amz-Apigw-Id
X-Analytics
X-Cache-Key
Backend-Timing
VIX-Pulpo-Node
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
X-Content-Options
X-Varnish-Grace
X-BCube-Filmed-By
X-Varnish-Backend
X-Cluster
X-Jobs
X-FB-Debug
Source
Cache-Status
X-Content-Powered-By
X-Instance
X-PHP-Backend
X-Request-Guid
X-Amz-Replication-Status
X-Tumblr-User
X-App-Environment
X-TT
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Kong-Upstream-Latency
X-Akamai-Edgescape
X-Framework
Cleartype
X-Kong-Proxy-Latency
Tracecode
X-Activity-Id
X-Az
X-AppVersion
WPE-Backend
X-Varnish-Hostname
Server-Node
Host-Header
X-Via-JSL
Refresh
X-Forwarded-Host
X-Cache-TTL
X-Mobile
X-NWS-LOG-UUID
X-Cache-Operation
X-Cache-Control
X-ATG-Version
X-FW-Type
X-FW-Static
X-B3-Traceid
X-FW-Hash
X-FW-Serve
X-FW-Server
Actual-Object-TTL
X-B-Cache
X-Signature
X-Time
X-Drupal-Cache-Tags
Accept-Charset
DC
X-Edge-Location
X-Cache-Action
X-TA-CDN-Provider
Upgrade-Insecure-Requests
Liferay-Portal
X-Whom
X-Cache-Hit
X-Accel-Buffering
X-App-Server
Access-Control-Allow-Method
X-Response-Served-From
X-Storage
X-Hp-Webp
X-TX-ID
X-Mobile-URL
Payment
X-WebKit-CSP-Report-Only
X-SS-Set-Cookie
X-Content-Age
X-UA-Device-Type
X-VG-WebCache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Handled-By
Fastcgi-Useragent
X-TT-TIMESTAMP
Server-Info
X-Cacheable-TTL
X-RequestSource
Filters
X-GeoIP
X-Adobe-Loc
X-Adobe-Content
X-Git-Hash
X-B
Eomportal-Instance
Cache-Tv-Group
Cache
X-RemovedCookies
X-ProcessESI
X-Geo-Country
Viewport
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Xserver
X-WA-Info
X-Ratelimit-Reset
X-FB-TRIP-ID
Cache-Tag
Webserver
X-Cache-TTL-Remaining
Datacenter
X-Cache-Enabled
X-Status
Retry-After
X-Erf-Bev-Bev-Is-Generated
NGB
X-Erf-Bev-Bev
X-Contextid
X-Seen-By
X-Presslabs-Stats
S-Cnection
X-Ratelimit-Limit
X-FW-Dynamic
X-CF-Powered-By
X-APP-VERSION
X-Origin-Server
Accept-CH-Lifetime
X-Host-Name
X-Mode
X-Magnolia-Registration
X-Rendered-As
X-Varnish-Hits
Country
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Config
X-AWS-Id
X-Cache-Var
X-ES-SERVER
X-Esi
X-Path-Route
X-LJ-Flow-ID
Meta-Geo
X-Daa-Tunnel
X-VCT
X-VWS-Id
Load-Balancing
X-Real-IP
Machine
X-Zipkin-Id
X-Upstream-CT
X-Routing-Service
X-Upstream-HT
X-Proxied
X-Cache-Host
Mail-Subject
From-Origin
DSUID
Cache-Key
Vix-Hermes-Req-Id
We-Hiring
X-Human
GEO-INFO
X-Cache-Grace
X-Labrador-Cache-Channel
Release
MS-CV
X-Cache-NE
X-Backend-Name
X-Device-Type
X-EIG-Tracking-Id
X-Guploader-Uploadid
Uber-Trace-Id
Frame-Options
Mn-Server-Ip
ServedBy
X-From
X-Access
X-OCL
X-Varnish-Cache-Hits
X-Varnish-Server
X-Viewer-Country
X-Web-Node
X-TNCMS
X-Section
X-Hyper-Cache
X-PCL
X-RCS-CacheZone
X-Loop
X-Debug-Cache
X-Hit
X-ProxyCache-Key
X-ProxyCache-Status
X-R9-Blue-Green-Version
X-Rule
X-PressLabs-Stats
X-MP-GENERATED-AT
X-Origin-Response-Time
X-Proto
X-Tumblr-Pixel-3
X-Cluster-Node
Rt-Fastcgi-Cache
X-Akamai-Request-ID
OT-Force-Account-Verify
Now
NGX
X-Upgrade-Enabled
X-BYPASS-REASON
X-CCM
X-VG-TLSProxy
X-Goog-Meta-Goog-Reserved-File-Mtime
X-JoinUs
X-Generated
X-FC-Vary-Parameters
X-Environment-Context
X-Proxy-Build
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Redis-Cache
X-ShardId
X-Alternate-Cache-Key
X-Region
X-Platform-Server
X-S
X-Timing-Wait
X-Xfnlog-Site
X-L-Path
X-Hosted-By
X-UUID
Akamai-GRN
Decoy-Debug-Key
Decoy-Debug-Status
X-Cache-Remote
X-Via-Fastly
Decoy-Debug-TTL
X-NCache
Cache-Name
X-Generated-By
X-Endurance-Cache-Level
X-Trace-Id
X-Locale
X-Site-Version
Ms-Operation-Id
X-RTag
X-Www-Served-By
X-Hl-Ver
DB-Nickname
X-MServer
X-ECACHE
X-Nginx-Cache
X-Drupal-Cache-Contexts
X-Vgn-Hpd-Reason
X-Rocket-Nginx-Bypass
X-EdgeConnect-Cache-Status
Cteonnt-Length
X-ServerID
X-Ttl
X-NewRelic-App-Data
X-Load-Cache
ProcessTime
X-Litespeed-Cache
X-GRACE
X-IPS-LoggedIn
X-Wix-Request-Id
X-Request-Time
X-Dc
L5d-Success-Class
X-IP
Time
X-Time-Microsecs
X-Cache-Backend
Version
X-Origin
S-Rt
X-Via-CDN
Served-By
X-Microcachable
TWC-Connection-Speed
NtCoent-Length
X-Oneagent-Js-Injection
X-GEO
X-Unique-ID
Origin
Property-Id
TWC-Device-Class
TWC-GeoIP-LatLong
Webcakes-Region
X-Origin-Hint
Webcakes-App-Name
TWC-Locale-Group
TWC-Privacy
X-B3-Spanid
TWC-GeoIP-Country
Webcakes-App-Version
X-Pubstack
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-Version
X-FW-Version
Azure-SlotName
X-Distributor
Origin-Cache-Control
Origin-Edge-Control
CACHE
X-Datadome
X-Proxy
Access-Control-Request-Headers
Fastcgi-X-Cache-Version
X-RateLimit-Reset
Fastly-SSL
X-FireWall-Port
X-BACKEND-TTL
X-Cache-Server
X-UA
X-Cache-Category-Id
X-No-Session
X-Grey
SRV
X-Via-NSCOPI
X-Webkit-Csp
X-Is-Bot
X-Detected-As
IBM-Web2-Location
X-Powered-By-Defense
X-Edge
X-PERF
X-Nc
X-HTML-Minification-Powered-By
X-ApacheServer
Hostname
Proxy-Connection
Cache-Tags
X-Format
X-CS
Backend-Name
Odigeo-Trace-Id
X-Akamai-Transformed
X-Ua
X-Varnish-Cacheable
Request-EU
Meta-Geo-Continent
Request-Country
HA-Ipaddr
GEO-REGION-INFO
MD5-Digest
Rendered-Blocks
Proxy-Firewall
Fly-Cache
Ha-Gx-Prefs
Fastly-SIE
Cross-Origin-Window-Policy
Mobile-Detection-Method
Ec-Rule-Version
BehaviorPad-Version
AsisCache
Cache-Cookie-Set-Idcheck
Fastly-SWR
Cache-Prefix
Content-Script-Type
Node
Fly-Request-Id
Content-Style-Type
Cache-Cookie-Set-Lfrom
Cdn-Host
Cache-Cookie-Set-From
Cdn-Request-Time
X-Cache-Bucket
X-PAYTM-SRV-ID
X-Org
X-NX-Host
X-Processor
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-NU-AKA-ACS-Version
X-ND-Cache
X-G
X-External-Request-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Instart-Info
X-IN-APIGATEWAY
X-Request-UUID
X-Rewrite-Enabled
X-VG-WebServer
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Worker
X-Trv-Group
X-Transaction
X-S-Cookie
X-Rojux
X-S-Maxage
X-ScT
X-SRCache-Key
X-Server-Time
X-Eu-Site
X-Edge-Server
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-Aed
X-App-Name
X-AIR-PT
X-A-Dcw
X-A-Dam
ServerName
Server-ID
Viewtype
VivaBuild
X-A-Ccd
X-A
X-Application
X-ARC
X-Debug-Cookies
X-Date
X-Debug-Log
X-Destination
X-DPWN-IS-SECURE
X-Developer
X-D
X-Connection-Hash
Arc-Country
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cluster-Name
X-CGP
Request-Time
Rt-Proxy-Cache
X-Cdn-Forward
PageSpeed
A
X-Hash
Memcached
X-B3-Parentspanid
On-Server
X-Irp-Debug
Mime-Version
X-Geo-Header
X-Generated-On
X-Sn-Servicetimems
X-ServiceProvider
X-Server-IP
X-Key
Is-Eu
X-GeoIP-Country-Code
X-Request-URI
X-Qloud-Router
Server-Host
Server-Int
Apple-News-Services-Parsed-Url
True-Client-Country-4JS
X-PHP-Host
Section-Io-Cache
RNT-Time
X-Fstrz
X-Level-Front-Cache
X-Reqid
Resin-Trace
RNT-Machine
Platform
X-Backend-State
X-Cdn-Srv
X-Cdn-Origin
X-Core-Mission
X-Variation
X-Epic-Correlation-Id
X-Clientip
Countrycode
X-Dispatcher-Server
X-We-Are-Hiring
Country-Code
X-Cache-Info
X-TH-Server
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Internal-Host
X-Fastly-Cache
Adler-Geo
X-C
X-Cache-Id
X-UnsetCookies
X-Compress-Hint
X-Nginx-Cache-Key
Wxu-Next-Region
X-BBXSRF
V-Age
X-CDN-Cache
Wxu-Next-Hostname
X-Fetched-On
Who
Web-Mar-Node
X-Block-Status
X-Gen-Mode
Wxu-Next-Commit
X-Developers
X-Method
X-Li-Pop
X-Amz-Meta-Cache-Control
X-ElasticPress-Search
X-Li-Fabric
X-Gannett-Site-Version
X-LI-Proto
X-LI-UUID
X-Location
X-Device-Os
X-Hnp-Log
X-Dispatch
X-Distil-CS
X-Reboot
X-Served-From
User-Cache-Control
IsBot
X-Secret
X-SD-PageType
PFcat
X-WebServer
Esi-Enabled
X-Servername
X-SVT-ORM-VERSION
X-Swa-Ws
X-Tb
Gh-Request-Id
X-SVT-ORM-RULES
X-SIPLIST1
X-Skip-Cache
X-Response-By
Pramga
SS
X-Wikidot-Static-Cache
CDCHOST
UCS
AKAMAI
Pragrma
X-Protected-By
Content-Disposition
REQUESTUUID
SD-X-WS
X-Crawler
X-Wikidot-Backend
X-Request-Start
X-Webstats-RespID
X-Akamai-Request-ID2
X-CDN-Forward
X-Via-Edge
X-Via-SSL
Powered-By
X-VServer
X-GeoIP-City
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Owner
X-Origin-Date
X-Origin-Expires
X-B3-SpanId
X-Matched-Rule
X-Generation-Time
X-Thanos
X-Parent-Response-Time
LB
X-Release
X-Thinkindot-L3
X-Planisys-CDN-Rules
X-Auto-Login
Heartbleed
X-Bip
Thinkindot-Control
X-Cache-FS-Status
GW-Server
X-Cms-Context
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Fastly-Soc-X-Request-Id
X-NC
X-Varnish-Ttl
X-CLOUD-TRACE-CONTEXT
X-IN-WAF
X-Phone
X-Core-Value
X-FPC
X-VC-Cache
X-Birta-Served
X-OVcl-Cache
X-OVcl
X-Birta-Cache-Post
X-Origin-CC
X-Be
X-Origin-TTL
X-Ratelimit-Remaining
X-Azure-Ref
W
X-Azure-Ref-OriginShield
X-Varnish-IP
X-CUA
CF-IPCountry
Selected-FE
HitType
X-App-Version
X-Clara-WADP
Memory
X-Varnish-Url
X-LAGOON
X-WADP-Cache
X-Info
Accept-Language
L
X-Geo
N-Cache
X-Page-Type
X-Varnish-Beresp-Ttl
X-Proxy-Cache-Status
X-Proxy-Upstream
X-CACHE-KEY
X-URL
X-Source
Kp-EeAlive
X-FE
X-TrackingId
X-Dynatrace-Js-Agent
X-DC
User-Agent
Cdn
X-Web-Server
X-Pf-Uncompressing
X-Oracle-Dms-Rid
X-Zone
X-Amzn-Remapped-Content-Length
Selected-Fe
X-Agile-Id
X-Varnish-Beresp-Status
X-Cache-Debug
X-Agile-Age
Magicmarker
X-Varnish-Beresp-Grace
X-Agile
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-TT-LOGID
Pagetype
X-Hello
X-Servedbyhost
X-HS-Status
X-Flog
X-ABtesting
Geoip-City
X-Refresh
Geoip-Latitude
GeoIp-Country-Code
X-MID
X-Mid
X-Newrelic-Synthetics
X-Backend-TTL
X-Generated-In
X-User
X-Real-Ip
CF-Cached-On
X-Aicache-OS
X-Backend-Url
X-Backend-Host
X-Check-Cacheable
X-Vcl-Version
X-NWS-UUID-VERIFY
X-Ruxit-Js-Agent
Amp-Access-Control-Allow-Source-Origin
Ohc-Cache-HIT
Ohc-File-Size
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-MSEdge-Features
SN
X-GoCache-CacheStatus
X-ZONE
X-VCL-Version
X-APP
X-MSEdge-Flight
FSS-Cache
FSS-Proxy
X-Debug-Cache-Expiry
X-Up
Group
X-Soup
X-Tt-Trace-Tag
X-Tb-Optimization-Total-Bytes-Saved
GeoIP-Country-Code
HTTPS
X-ServedByHost
X-UPSTREAM-Address
X-EC-Lua
GeoIP-City
X-SN
Backend
X-Oss-Storage-Class
Www
RequestId
X-Oss-Object-Type
GeoIP-Latitude
X-Contensis-Viewer-Groups
HostName
X-Oss-Request-Id
X-Cache-ASPX
Server-Surrogate-Control
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Varnish-Authentication
Server-Cache-Control
WZWS-RAY
X-SERVER-NAME
X-BC
X-COUNTRY
X-Via-Ucdn
X-Instart-Isnd
Srv
Cf-Ipcountry
X-CSRF-Token
X-Old-Content-Length
X-Say-Cacheable
X-Amzn-Remapped-Connection
X-Akamai-SSL-Client-Sid
X-Cache-Expires
X-Say-TTL
X-Amzn-Remapped-Date
X-SayCDN-TTL
X-Bc
X-NGENIX-Cache
Lb
Host-ID
X-Varnish-Beresp-TTL
X-Nananana
Xkeyrz
X-Proxy-Cacherz
X-ECache
X-Cache-Ttl
XServer
WebServer
X-Dynatrace
X-Varnish-Action
URI
X-PF-Uncompressing
Epwk-Cache
X-Cache-Tag
Requestid
X-PAGE-TYPE
X-WR-MODIFICATION
X-TIME
X-Unique-Id
Fastcgi-X-Cache
Is-Session-Tracking
Get-Access-Time
Cache-Hits
X-Node-Id
Inserted-Into-Cache-At
X-Request-Url
X-FORWARDED-FOR
Fastly-Backend-Name
Xkeynj
X-Fastly-Country-Code
X-MCACHE
X-AssetVersion
Ajk
X-Requestid
X-CSRF-TOKEN
X-Logtrace-Id
X-Cache-Miss-From
X-Sedo-Request-Id
X-IN-APIGATEWAYSSL
X-Fastly-Backend-Reqs
X-Edge-IP
X-ID
X-LiteSpeed-Cache-Control
Dynatrace
Cneonction
FNAC-ModuleRouting
X-Var-Ttl
X-Sf
X-Svr
X-Cache-Time
DataCenter
Xet-Cookie
X-SRV
X-RateLimit-Limit-Second
CDN
X-RateLimit-Remaining-Second
X-BE
X-Wa
Correlation-Id
X-Fastly-Cache-Hits
Pics-Label
X-Pjax-Url
X-Swift-Error
Cache-Provider
X-Dw-Trace-Id
X-NGINX-Cache
X-Correlation-ID
X-WA
X-Fpc
X-Lb-Id
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-RSL
X-RPS
X-PJAX-URL
X-RPM
T-Server
X-LB-ID
PICS-Label
X-ServerName
X-Alicdn-Da-Ups-Status
RequestUuid
X-WPE-Loopback-Upstream-Addr
X-Html-Edge-Cache
Lfy
X-LiteSpeed-Tag
Ohc-Response-Time
X-App
Sid
X-Policy
Warning
X-Bug-Bounty
X-DB
X-DI
X-DSS
X-Zalando-Child-Request-Id
X-Page-Impression-Id
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Flow-Id
X-DW